I’ve been at Joyent for a week now and its been pretty overwhelming. There are so many new things to learn. I know thats normal when you start at a new job, but I had been at Sun for so long, and learned all of the ins and outs, that I had kind of forgotten how much there is to learn when you start a new job. One of the things I’m so happy about is the excitement here at Joyent. Its a real startup atmosphere with tons of work to do, talented engineers who are busy on a ten different projects at once, and a real feeling that we’re out to make a difference. I’m sure I’ll have more to post once I get unburied, but for now, all I can say is that its great to be here!
I have worked at Sun, and now Oracle, for longer than I really want to admit,
but I have reached
a point in my career where I feel that I need to try something new.
Today, September 13th, 2010, is my last day at Oracle. For the past 5 years
I’ve worked on zones. The zones team is such an outstanding group of engineers
and I’m going to miss working with them. I’ve learned a lot from them, as well
as all of the other engineers at Sun that I have been privileged to work with over
Now, I’m moving on to something new. Tomorrow I start work at
Joyent. Hopefully I’ll have a chance to
blog more than I’ve done recently. My blog is moving to
dtrace.org. I’ll continue to work
on zones, and Solaris in general, at Joyent, and I’m excited about the new
new challenges ahead. There are obviously a lot of changes going on with
Solaris right now, so its going to interesting. And fun!
For the past 9 or 10 months I’ve been pretty much heads down working with
Solaris 10 branded zone
project. Yesterday we
the first phase of this project into OpenSolaris.
This brand allows you to run the
Solaris 10 10/09
release, or later, inside of a zone running on
We see this brand as one of the tools which will help people as they
transition from running Solaris 10 to OpenSolaris.
We’ve divided this project into two phases. For this initial integration
we have the following features:
- basic brand emulation
The brand emulation works for running the latest version of Solaris 10
(Solaris 10 10/09) on OpenSolaris.
A zone running this brand is intended to be functionally equivalent to a
native zone on Solaris 10 10/09 with the same configuration.
A physical-to-virtual capability to install an archive of a system running
Solaris 10 10/09 into the branded zone
A virtual-to-virtual capability to install an archive of a native zone from
a system running Solaris 10 10/09 into the branded zone
- multiple architecture support
This brand runs on all sun4u, sun4v and x86 architecture machines that
OpenSolaris has defined as supported platforms
There are a few limitations with this initial version of the code which
we’ll work on in the second phase of the project. We’ll be adding support
- Exclusive IP stack zones
- Delegated ZFS datasets
- The ability to run these branded zones on a system running xVM
- The ability to upgrade the version of Solaris 10 running inside the
zone to a later release of Solaris 10
We’ve done extensive testing of the brand using our internal Solaris 10
test suites and a variety of 3rd party applications.
Now that the code has integrated, we’re looking forward to getting
feedback from more people about their real-world experiences running
their own Solaris 10 application stacks inside the zone. If you give this
branded zone a try, let us hear about your experiences on the OpenSolaris
I’ll be delivering two presentations at
this year. My slides are posted on the
in case you want to download them. I like to use my slides
as an outline instead of just reading them, so hopefully people
who are attending will
actually get some value from hearing me speak.
Don’t forget that the Tuesday Deep Dive is free if you
register with the OSDDT code.
There a several ways to get into the deep dives if you
are planning on attending. All of these are on the
The Deploying OpenSolaris Deep Dive on Tuesday at
is free if you register using the promotional code OSDDT. The session doesn’t start until
11:00 am so that people can still attend the JaveOne key note.
Chris Armes will start with an overview
of deploying OpenSolaris in the data center. After lunch
will be delivering a two hour presentation on ZFS. This promises to be the highlight
of the session.
Nick, one of my co-authors on the
will then talk about high availability and I’ll wrap up with a talk on how to use zones
Jordan just posted a nice
about the work we’ve been doing for
Solaris 10 branded zones
His post also has a link to a Flash demo we put together
showing the process of migrating a standalone Solaris 10 system into a zone
on OpenSolaris. Both of us will be at
Community One West
and we’ll be running the branded zone in the virtualization pod. If you’re there and interested, stop
by to check it out. I’ll also be talking about this project as part of my presentations.
I’ll be delivering two presentations at
Community One West
at the beginning of June. The first presentation is on Monday June 1st and I’ll be covering
“Built-in Virtualization for the OpenSolaris Operating System”. It will be an overview
of some basic virtualization concepts and the various solutions available in
OpenSolaris. I’ll also be discussing the trade-offs of one vs. the other. The second
presentation is on Tuesday as part of the deep dives. I’ll be discussing application consolidation
using zones. I’ll also be hanging around the virtualization demo pod when I’m not presenting.
In addition, I think there is going to be a book signing for the
Dave are also going to be attending.
This will be the first (and only?) time the three of us have actually been together
at the same time.
I happened to be looking at google book search today and I
thought I’d see if the book I co-authored, the
was there. It is and you can see it
Although the table of contents and some sample chapters are available elsewhere, this provides
a nice way to browse more material in the book. I think google will let you see up to 20% of the book.
About two years ago the zones team sat down and began to create the
for zones. This brand allows you to run your existing
Solaris 8 system images inside of a branded zone on Solaris 10. One
of the key goals for this project was to easily enable migration of Solaris 8
based systems into a zone on Solaris 10. To accomplish this, as part of the project we
built support for a “physical to virtual” capability, or p2v for short.
The idea with p2v is that you can create an image of an existing system
using a flash archive, cpio archive, a UFS dump, or even just a file system image
that is accessible over NFS, then install the zone using that image.
There is no explicit p2v tool you have to run; behind the scenes the zone installation process
does all of the work to make sure the Solaris 8 image runs correctly inside
of the zone.
Once we finished the solaris8 brand we followed that with the
which has this same p2v capability. Of course, while we were doing
this work, we understood that having a similar feature for native zones would
be useful as well. This would greatly simplify consolidation using zones,
since you could deploy onto bare metal, then later consolidate that application
stack into a zone with very little work.
The problem for p2v with native zones is that there is no brand module
that mediates between the user-level code running in the zone and the
kernel code, as we have with the solaris8 and solaris9 brands. Thus, the
native zones must be running user-level code that is in sync with the kernel.
This includes things like libc, which has a close relationship with the kernel.
Every time a patch is applied which impacts both kernel code and user-level
library code, all of the native zones must be kept in sync or unpredictable
bugs will occur.
Just doing native p2v, as we did for the solaris8 and solaris9 brands, doesn’t make
sense since the odds that the system image you want
to install in the zone will be exactly in sync with the kernel are pretty low.
Most deployed systems are at different patch levels or even running different minor releases (e.g.
Solaris 10 05/08 vs. 11/08), so there is no clean way to reliably p2v those images.
We really felt that native p2v was important, but we couldn’t make any progress
until we solved the problem of syncing up the system image to match the
global zone. Fortunately I was able to find some time to add this capability,
which we call
update on attach.
This was added into our zone migration
subcommands, ‘detach’ and ‘attach’, which can be used to move zones from
one system to another. Since zone migration has a similar problem as p2v,
where the source and target systems can be out of sync, we do a lot of
validation to make sure that the new host can properly run the zone. Of
course this validation made zone migration pretty restrictive. Now that we
have “update on attach”, we can automatically update the zone software when you
move it to the new host.
While “update on attach” is a valuable feature in its own right, we also built this
with an eye on p2v, since it is the enabling capability needed for p2v. In addition,
we leveraged all of the work
did on the installers for the solaris8 and solaris9 brands and were able to reuse much of that.
As with the solaris8 and solaris9 brands, the native brand installer accepts a variety of
image inputs; flar, cpio, compressed cpio, pax xustar,
UFS dump or a directly accessible root image (e.g. over NFS). It was also
enhanced to accept a pre-existing image in the zone root path. This is
useful if you use ZFS send and receive to set up the zone root and want
to then p2v that as a fully installed zone.
I integrated the
feature into NV build 109 this morning. The
from the code review is still available if anyone is interested in seeing the scope of the
changes. At over 2000 lines of new code this is a pretty substantial addition
to zones which should greatly improve future zone consolidation projects.
A comment on my last post noted that there were no
sample chapters available for the book, however I just
noticed that Wiley has posted some samples on the
The index and TOC are probably the best sections for getting a feel for the
material in the book. This is actually the first time I’ve seen the index myself,
since it was produced after we finished writing and the final pages were nailed
down. I haven’t reviewed it closely yet, but at first glance it looks to be
pretty comprehensive at 35 pages. I’ve always thought that the index was
critical for a book like this. The detailed TOC is also useful for getting a sense of
the topics covered in each chapter.