implementing a simple smf service lessons learned
play

Implementing a Simple SMF Service: Lessons Learned OSDevCon09, - PowerPoint PPT Presentation

Aug 16, 2023 •176 likes •582 views

Implementing a Simple SMF Service: Lessons Learned OSDevCon09, October 30th, 2009 Constantin Gonzalez Principal Field Technologist Sun Microsystems Germany Goals Make ZFS pool hygiene a 1-click experience Implement a simple SMF

  1. Implementing a Simple SMF Service: Lessons Learned OSDevCon09, October 30th, 2009 Constantin Gonzalez Principal Field Technologist Sun Microsystems Germany

  2. Goals Make „ZFS pool hygiene“ a 1-click experience Implement a simple SMF service that periodically scrubs pools. Learn about SMF and other Solaris features: ksh93, ZFS, SMF, RBAC, IPKG, Visual Panels. Motivate more users to use SMF more often Have some fun, too!

  3. ZFS Self Healing Application Application Application ZFS Mirror ZFS Mirror ZFS Mirror Detect broken data Fetch good data from mirror Repair broken half •You only can repair errors that you see. • zpool scrub <pool> checks all blocks systematically. •Recommendation: Scrub all your pools periodically. •Even if you don't use mirroring or RAID-Z.

  4. Can this be done automatically?

  5. A Simple Idea Periodic cron(1M) job Start per pool Fetch time of last scrub zpool scrub >1 period pool ago? End

  6. There's Already Something Similar ZFS Auto-Snapshot Service Shipped with OpenSolaris Basis for the popular ZFS Time-Slider feature Let's help ourselves here :).

  7. Service Management Facility Since Solaris 10 Manages all Services of the System (and more) Controls boot process and replaces run-levels Comfortable framework for: Start/Stop scripts Dependencies Configuration of multiple instances Status/Error messages and resolutions Most important commands: svcs(1), svcadm(1M), svccfg(1M)

  8. Our Service Therefore Needs A start/stop script } Can be done as one A script for cron(1M) A manifest for SMF (XML-file) … and we can just borrow, then adapt them from the ZFS Auto-Snapshot Service!

  9. Lesson #1: It's ok to steal borrow stuff!

  10. What if someone hacks into our script?

  11. Making Our Service More Secure Role-based Access Control (RBAC) New role zfsscrub : Allowed to administer ZFS Pools (not file systems) Allowed to administer the ZFS Auto-Scrub Service Allowed to use normal commands (like a user) Nothing else A hacker would only be able to: Destroy/manipulate pools, but not take over the system!

  12. Our Service Therefore Needs An SMF service “ zfs/auto-scrub ”: } A start/stop Script Combined into one single script A script for cron(1M) A manifest for SMF A new zfsscrub role

  13. Lesson #2: RBAC makes establishing a least-privilege model easy!

  14. How do we want to install our new service?

  15. Scriptless Installation, pkg(1) -style We may only: Copy files Activate SMF services We may not: Directly start scripts Why? Less complexity, less errors during installation No special treatment for VMs, zones, hands-off, etc. Simplified installtion More secure Better serviceable

  16. Can't Start Scripts Directly? But we may install and activate SMF-Services! Therefore: Let's do a new SMF-Service for Creating the new role upon activation, Deactivating itself when done.

  17. Our Service Therefore Needs An SMF service “ zfs/auto-scrub ”: } A start/stop script, Combined into one script A script for cron(1M) , A manifest for SMF. Another SMF service “ zfsscrub-roleadd ”: A start/stop script, creates the role zfsscrub , then deactivates itself, A manifest for SMF.

  18. Lesson #3: We can cheat around IPKG by packing our install scripts Into SMF services.

  19. Let's Get Started, Then!

  20. Wait, when did that last scrub happen, BTW?

  21. zpool(1M) status constant@fridolin:~$ zpool status testpool pool: testpool state: ONLINE scrub: scrub completed after 0h0m with 0 errors on Wed Sep 16 09:33:42 2009 config: NAME STATE READ WRITE CKSUM testpool ONLINE 0 0 0 /export/stuff/disk1 ONLINE 0 0 0 errors: No known data errors

  22. After Reboot or zpool export : constant@fridolin:~$ zpool status testpool pool: testpool state: ONLINE scrub: none requested config: NAME STATE READ WRITE CKSUM testpool ONLINE 0 0 0 /export/stuff/disk1 ONLINE 0 0 0 errors: No known data errors New CR 6878281 opened: “zpool should store the time of last scrub/resilver and other zpool status info in pool properties.”

  23. What do we do now?

  24. Add Another SMF Service zfs/scrub-track Runs once per hour (through cron(1M) ) Until zpool scrub is finished Stores finish time in a ZFS property in the topmost ZFS filesystem of the pool Needs „ZFS Filesystem Mgmt“ profile for zfsscrub and deactivates itself zfs/auto-scrub checks zpool status and the new property. Activates zfs/scrub-track at every scrub

  25. BTW Zpool supports properties: constant@fridolin:~$ zpool get all testpool NAME PROPERTY VALUE SOURCE testpool size 504M - testpool used 243M - testpool available 261M - testpool capacity 48% - testpool altroot - default testpool health ONLINE - testpool guid 4748598414767023039 default testpool version 18 default testpool bootfs - default testpool delegation on default testpool autoreplace off default ... But no user-defined ones! Workaround: Use the top-level ZFS filesystem Bug? RFE? Not an issue?

  26. Our Service Therefore Needs An SMF service “ zfs/auto-scrub ” A start/stop/cron script A manifest for SMF Another SMF service “ zfsscrub-roleadd ” A start/stop script for creating zfsscrub ZFS Storage Management, ZFS File System Management A Manifest for SMF Yet another SMF-Service “ zfs/scrub-track ” A start/stop/cron script, similar to zfs/auto-scrub A manifest for SMF

  27. Lesson #4: Bugs and RFEs show up in unexpected places...

  28. Lesson #5: If in doubt, do it in SMF!

  29. Now, let's take a look!

  30. Final touches: A GUI!

  31. OpenSolaris Visual Panels Project New framework for central management of system configurations Based on Java Management Extensions (JMX) Interacts with Service Configuration Framework (SCF), a part of SMF, and others JMX Agent Visual Panel Visual Panel Network MBeans Service Other Configuration Configuration Facility (SCF) Tools Managed System Management Node

  32. Visual Panel Components Java-Classes in a .jar-file Panel Descriptor Describes the panel to the system Pivot point for the panel Controller Connects the GUI with management-beans Panel Presents the actual GUI Other classes (optional) Depending on the complexity of your panel XML file, describing the panel

  33. Our Service Therefore Needs An SMF service “ zfs/auto-scrub ” A start/stop/cron script and a manifest for SMF Another SMF service “ zfsscrub-roleadd ” A start/stop script for creating the zfsscrub user and a manifest for SMF Yet another SMF service “ zfs/scrub-track ” A start/stop/cron script, similar to zfs/auto-scrub A manifest for SMF A visual panel A .jar-File with Java classes etc. An XML file with a description

  34. Done!

  35. Lesson #6: Little things (like GUIs) please little minds...

  36. Future Features Black/White lists for scrub times Expand the GUI Current scrub status and statistics User-defined instances Pool specific With different scrubbing intervals Simple/complex view Store scrub preferences in ZFS Properties instead of SMF properties Will travel with the pool Publish as IPKG through a repository

  37. Lessons Learned SMF ist easy to program, if you steal re-use from examples. /lib/svc/method svccfg export <service> When in doubt, use SMF Easy ideas can become surprisingly complex, if you try to implement them right. But you learn a lot about the rest of the system. GUIs with Visual Panels are still kinda wonky, but they seem to work.

  38. Links Tim Foster's ZFS Auto-Snapshot Service http://blogs.sun.com/timf SMF man smf http://opensolaris.org/os/community/smf/ Visual Panels http://opensolaris.org/os/project/vpanels/ Download from my Blog http://blogs.sun.com/constantin

  39. THANK YOU! Constantin Gonzalez constantin@sun.com blogs.sun.com/constantin twitter.com/zalez

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lessons learned implementing the C2Sim standard in a practical exercise E.M. Bearss 1 , K.G.

Lessons learned implementing the C2Sim standard in a practical exercise E.M. Bearss 1 , K.G.

Lessons learned implementing the C2Sim standard in a practical exercise Lessons learned implementing the C2Sim standard in a practical exercise E.M. Bearss 1 , K.G. LeSueur 2 , M.J. OConnor 3 and R.F. Zinser 4 1 Software Engineer, Trideum,

176 views • 3 slides
Lessons Learned Lessons Learned From From Lessons Learned Lessons Learned From From

Lessons Learned Lessons Learned From From Lessons Learned Lessons Learned From From

Protg 2006, July 26th, Stanford I R I S A C 1 R E C Saint-Cyr Lessons Learned Lessons Learned From From Lessons Learned Lessons Learned From From Ontology Ontology Design Design Ontology Ontology Design Design Jean Andr B

371 views • 12 slides
Best practices and lessons learned in preparing and implementing an effective public communication

Best practices and lessons learned in preparing and implementing an effective public communication

Zentralanstalt fr Meteorologie und Geodynamik Best practices and lessons learned in preparing and implementing an effective public communication strategy during a nuclear emergency Dr. Gerhard Wotawa, M.A. (Intern. Rel.) ZAMG/Division Data,

232 views • 10 slides
TLS 1.3 Lessons Learned from Implementing and Deploying the Latest Protocol Nick Sullivan

TLS 1.3 Lessons Learned from Implementing and Deploying the Latest Protocol Nick Sullivan

TLS 1.3 Lessons Learned from Implementing and Deploying the Latest Protocol Nick Sullivan @grittygrease November 11, 2016 PLAY SP 0:00:00 - MENU - PAST PRESENT FUTURE Transport Layer Security Point-to-point secure

721 views • 61 slides
Lessons Learned from Implementing a Web-Based Tool for Brief Alcohol Interventions in a Large

Lessons Learned from Implementing a Web-Based Tool for Brief Alcohol Interventions in a Large

Lessons Learned from Implementing a Web-Based Tool for Brief Alcohol Interventions in a Large Integrated Health Care System Ken Weingardt, Ph.D., Michael A. Cucciare, PhD Paula Wilbourne, PhD, John S. Baer, PhD Veterans Health Administration

418 views • 27 slides
Meeting Orientation Slide If you are having any technical problems with the webinar please

Meeting Orientation Slide If you are having any technical problems with the webinar please

Implementing Project Lazarus in North Carolina: Lessons Learned From the Project Lazarus Model A Two Part Webinar on Lessons Learned from Implementing Project Lazarus in North Carolina A Clinical and Community Based Intervention to Prevent

426 views • 15 slides
Lessons Learned from Implementing Privacy- Preserving Protocols for Smart Meters Benessa Defend

Lessons Learned from Implementing Privacy- Preserving Protocols for Smart Meters Benessa Defend

Lessons Learned from Implementing Privacy- Preserving Protocols for Smart Meters Benessa Defend Real World Crypto, London January 9, 2015 - Confidential - 1 In Collaboration with Klaus Kursawe George Danezis Markulf

570 views • 23 slides
Native or External? Lessons learned implementing cryptography for VisualWorks Martin Kobetic

Native or External? Lessons learned implementing cryptography for VisualWorks Martin Kobetic

Native or External? Lessons learned implementing cryptography for VisualWorks Martin Kobetic Cincom Smalltalk Engineering ESUG 2011 Let's implement SSL! DES, MD5, SHA, RSA, DSA, RC4, X.509, ASN.1, DER, ... * SSL 3.0, RSA, DES, RC4, basic

369 views • 17 slides
Lessons learned implementing ChatOps (DevOps + messaging) Corey Hulen / Co-founder and CTO,

Lessons learned implementing ChatOps (DevOps + messaging) Corey Hulen / Co-founder and CTO,

Lessons learned implementing ChatOps (DevOps + messaging) Corey Hulen / Co-founder and CTO, Mattermost, Inc. March 2020 What is ChatOps? ChatOps is a collaborative, conversation- centric way of working that brings people, discussions, bots,

390 views • 27 slides
Implementing CertPath Validation: Lessons Learned Steve Hanna Sun Microsystems, Inc.

Implementing CertPath Validation: Lessons Learned Steve Hanna Sun Microsystems, Inc.

Implementing CertPath Validation: Lessons Learned Steve Hanna Sun Microsystems, Inc. steve.hanna@sun.com Cert Path Validation &amp; Building Widely needed S/MIME, TLS, IPsec, ... Very complex sonof2459 includes 18

155 views • 11 slides
Construction Manager Perspective: Lessons Learned Implementing the EPA Superfund Job Training

Construction Manager Perspective: Lessons Learned Implementing the EPA Superfund Job Training

Construction Manager Perspective: Lessons Learned Implementing the EPA Superfund Job Training Initiative (SJTI) Tommy Jordan, P.G. Project Manager AGENDA SJTI Program Overview Implementation

659 views • 27 slides
Lessons Learned from Implementing Response Propensity Models in the 2013 Census Test Gina

Lessons Learned from Implementing Response Propensity Models in the 2013 Census Test Gina

Lessons Learned from Implementing Response Propensity Models in the 2013 Census Test Gina Walejko, PhD U.S. Census Bureau, Center for Survey Measurement The views expressed on statistical, methodological, technical, or operational issues are

226 views • 18 slides
National Council for Behavioral Health Prep for Success: Lessons Learned in Implementing Models

National Council for Behavioral Health Prep for Success: Lessons Learned in Implementing Models

National Council for Behavioral Health Prep for Success: Lessons Learned in Implementing Models for Early Intervention in Psychosis In partnership with the National Alliance on Mental Illness Thursday, June 5, 2014 2:00 3:30pm EST

569 views • 55 slides
Implementing Bike Share Lessons Learned, Challenges, and Successes Bren Hall, Room 1424

Implementing Bike Share Lessons Learned, Challenges, and Successes Bren Hall, Room 1424

Implementing Bike Share Lessons Learned, Challenges, and Successes Bren Hall, Room 1424 Tuesday, July 9th, 10:05am 11:20am Mo Lovegreen, Director, Campus Sustainability, UC Santa Barbara Partnerships and Process Partnering Agencies on the

718 views • 34 slides
Lessons Learned in Developing and Implementing a Quality Rating System in New York State

Lessons Learned in Developing and Implementing a Quality Rating System in New York State

Lessons Learned in Developing and Implementing a Quality Rating System in New York State Medicaid Managed Care Lindsay Cogan, PhD, MS Director, Division of Quality Measurement Office of Quality and Patient Safety New York State Department of

176 views • 16 slides
Developing and implementing provincial Alzheimer Strategies Lessons learned from the Quebec

Developing and implementing provincial Alzheimer Strategies Lessons learned from the Quebec

Developing and implementing provincial Alzheimer Strategies Lessons learned from the Quebec Alzheimer Plan Howard Bergman, MD, FCFP, FRCPC Chair, Department of Family Medicine Professor of Family Medicine, Medicine and Oncology The Dr. Joseph

710 views • 31 slides
ASSENT COMPLIANCE Building a Conflict Minerals Program 2015/16 info@assentcompliance.com |

ASSENT COMPLIANCE Building a Conflict Minerals Program 2015/16 info@assentcompliance.com |

ASSENT COMPLIANCE Building a Conflict Minerals Program 2015/16 info@assentcompliance.com | www.assentcompliance.com | TEL: 1(866)964.6931 1 About Assent: Your Partner For info@assentcompliance.com |

347 views • 16 slides
1 CephFS fsck: Distributed Filesystem Checking Hi, Im Greg Greg Farnum CephFS Tech Lead,

1 CephFS fsck: Distributed Filesystem Checking Hi, Im Greg Greg Farnum CephFS Tech Lead,

1 CephFS fsck: Distributed Filesystem Checking Hi, Im Greg Greg Farnum CephFS Tech Lead, Red Hat gfarnum@redhat.com Been working as a core Ceph developer since June 2009 3 4 What is Ceph? An awesome, software-based, scalable,

1.01k views • 83 slides
using Amazon Key Management Service Jan Lindstrm, Principal Engineer, MariaDB Corporation

using Amazon Key Management Service Jan Lindstrm, Principal Engineer, MariaDB Corporation

Transparent tablespace and log encryption on MariaDB 10.1 using Amazon Key Management Service Jan Lindstrm, Principal Engineer, MariaDB Corporation Amsterdam, Netherlands | October 5, 2016 Agenda 1. Introduction 2. Concepts 3.

795 views • 32 slides
STAT 113: FINAL EXAM PRACTICE PROBLEMS COLIN REIMER DAWSON, FALL 2015 Research Design /

STAT 113: FINAL EXAM PRACTICE PROBLEMS COLIN REIMER DAWSON, FALL 2015 Research Design /

STAT 113: FINAL EXAM PRACTICE PROBLEMS COLIN REIMER DAWSON, FALL 2015 Research Design / Describing Samples. (1) The following measures can be used to describe distributions (either population or sample distributions). For each one describe

239 views • 8 slides
Copy On Write (COW) allows for atomic transactions without a separate journal Snapshots

Copy On Write (COW) allows for atomic transactions without a separate journal Snapshots

So, why am I talking about Btrfs? I've been using linux and its different filesystems since 1993 I've have been using ext2/ext3/ext4 for 20 years. But I worked at Network Appliance in 1997, and I've grown hooked to snapshots. LVM

478 views • 45 slides
DRAM RELIABILITY Mahdi Nazm Bojnordi Assistant Professor School of Computing University of Utah

DRAM RELIABILITY Mahdi Nazm Bojnordi Assistant Professor School of Computing University of Utah

DRAM RELIABILITY Mahdi Nazm Bojnordi Assistant Professor School of Computing University of Utah CS/ECE 7810: Advanced Computer Architecture Overview Upcoming deadline March 4 th (11:59PM): homework Late submission = NO submission

207 views • 17 slides
FaultSim: A Fast, Configurable Memory-Reliability Simulator for Conventional and 3D-Stacked

FaultSim: A Fast, Configurable Memory-Reliability Simulator for Conventional and 3D-Stacked

FaultSim: A Fast, Configurable Memory-Reliability Simulator for Conventional and 3D-Stacked Systems 19 th Jan 2016 Prague, Czech Republic Prashant Nair - Georgia Tech David Roberts - AMD Research Moinuddin Qureshi- Georgia Tech In both

288 views • 28 slides
BitRot detection in GlusterFS Venky Shankar Gaurav Garg We are, Gluster developers at Red Hat

BitRot detection in GlusterFS Venky Shankar Gaurav Garg We are, Gluster developers at Red Hat

BitRot detection in GlusterFS Venky Shankar Gaurav Garg We are, Gluster developers at Red Hat ... participate in meetups, open source events ... hang out on #freenode: gluster, gluster-dev nick: overclk, ggarg ... interact with community:

245 views • 23 slides

More recommend