Month: January 2014

Recurring Conversations – Incremental Statistics (Part 1)

When I first started blogging, most of the material came from issues that I’d run into and how they were solved but, as I’ve spent most of the last 7 months not logging in to anything much ;-), it occurred to me that another area which I haven’t used for a long time is what I’ll call recurring conversations.

Even though my blogging has slowed to a crawl, I still spend a lot of time having similar conversations with multiple people and on work chat channels on the same topics which indicates to me that those topics are not well understood. Because I work with a lot of smart people, it’s typically not the details that they struggle with. They’ve read detailed technical blog posts and have performed multiple web searches so have read the most detailed material available and yet somehow they’re missing the *point*. Maybe that’s the problem with learning everything via blogs and white papers? That it’s no substitute for someone explaining the fundamental concepts and design of features? I could probably rephrase that as, maybe there’s no substitute for actually reading a book or attending a course occasionally? I appreciate how out-of-date that view might be though.

I’m sure some will have already realised that Recurring Conversations could probably be called Frequently Asked Questions, so let me begin this first post with

‘Why are my Global Statistics taking longer to gather when I use Oracle’s snazzy 11g Incremental Global Statistics feature than when I don’t?’

This has baffled a lot of people I know because I’m not sure they understand fully why the feature was introduced. They want to convert one of their existing partitioned tables to use Incremental Global Statistics and so they test the performance by doing something like this.

1) Delete all of the stats on a large partitioned table.
2) Set INCREMENTAL to FALSE and then gather table stats using GRANULARITY =>’GLOBAL ‘
3) Set INCREMENTAL to TRUE and then gather table stats using GRANULARITY =>’GLOBAL ‘

When they time this they find that 3 takes just as long as 2 and, in fact, it takes a little longer! This is useless? What is the point of this new feature if it doesn’t speed up the gathering of Global stats?

First I want to look at what we asked Oracle to do in steps 2) and 3) above.

2) Visited all of the partitions of the table to gather information and then update the Global stats on the table.
3) Visited all of the partitions of the table to gather information, update the Global stats on the table and generate synopses for future use.

On that basis, why *wouldn’t* option 3 take longer than option 2? They do more or less the same thing but 3) has to do a little additional work.

So if it isn’t quicker to gather Global Stats using Incremental Global Statistics, why would you use it?

The benefits don’t come from the initial gathering of Global Stats but when you gather stats on new Partitions and *don’t* need to gather Global Stats any more. Instead Oracle uses those handy synopses to update them which is a much quicker operation! The Real World cycle of use then looks like this.

1) Delete all of your existing table stats.
2) Set INCREMENTAL to TRUE.
3) Gather table stats using GRANULARITY =>’GLOBAL  AND PARTITION’ without supplying  a PARTNAME. This will re-gather all of your Global and Partition stats across the table and build the initial synopses. Note that at this stage you have achieved no reductions in stats collection times.
4) As you load partitions with new data or the data changes and you need to update your stats, use one of a number of options but the one I tend to use is to gather the stats on each specific partition using GRANULARITY=>’ GLOBAL AND PARTITION’  with PARTNAME set to the name of the partition we’ve just loaded. Oracle will now gather Partition stats on just the one Partition and update the Global Stats and the synopses based on the new data that’s been introduced.

Bingo – you’ve just maintained accurate Global Stats without having to trawl through the entire table again!

That’s the point.

It’s about *not* gathering Global Stats but also not letting them drift hopelessly out of whack with the contents of the table. Measuring the performance of a full Global Stats gathering operation doesn’t illustrate the performance benefits.

Ksplice SNMP Plugin

The Ksplice team is happy to announce the release of an SNMP plugin for Ksplice, available today on the Unbreakable Linux Network. The plugin will let you use Oracle Enterprise Manager to monitor the status of Ksplice on all of your systems, but it will also work with any monitoring solution that is SNMP compatible.

Installation

You’ll find the plugin on Ksplice channel for your distribution and architecture. For Oracle Linux 6 on x86_64 that’s ol6_x86_64_ksplice. Install the plugin by running (as root):

yum install ksplice-snmp-plugin Configuration

If you haven’t set up SNMP before, you’ll need to do a little bit of configuration. Included below is a sample /etc/snmp/snmpd.conf file to try out the plugin:

# Setting up permissions# ======================com2sec local localhost publiccom2sec mynet 10.10.10.0/24 publicgroup local v1 localgroup local v2c localgroup local usm localgroup mynet v1 mynetgroup mynet v2c mynetgroup mynet usm mynetview all included .1 80access mynet “” any noauth exact all none noneaccess local “” any noauth exact all all nonesyslocation Oracle Linux 6syscontact sysadmin <root@localhost># Load the plugin# ===============dlmod kspliceUptrack /usr/lib64/ksplice-snmp/kspliceUptrack.so

You’ll want to replace the IP address next to com2sec with the address of your local network, or the address of your SNMP monitoring software. If you are running on a 32 bit architecture x86), replace lib64 in the dlmod path with lib. The above configuration is an example, intended only for testing purposes. For more information about configuring SNMP, check out the SNMP documentation, including the man pages for snmpd and snmpd.conf.

Examples

You can test out your configuration by using the snmpwalk command and verifying the responses. Some examples:

Displaying the installed version of Ksplice:

$ snmpwalk -v 1 -c public -O e localhost KSPLICE-UPTRACK-MIB::kspliceVersionKSPLICE-UPTRACK-MIB::kspliceVersion.0 = STRING: 1.2.12

Checking if a kernel has all available updates installed:

$ snmpwalk -v 1 -c public -O e localhost KSPLICE-UPTRACK-MIB::kspliceStatusKSPLICE-UPTRACK-MIB::kspliceStatus.0 = STRING: outofdate

Displaying and comparing the kernel installed on disk with the Ksplice effective version:

$ snmpwalk -v 1 -c public -O e localhost KSPLICE-UPTRACK-MIB::kspliceBaseKernelKSPLICE-UPTRACK-MIB::kspliceBaseKernel.0 = STRING: 2.6.18-274.3.1.el5$ snmpwalk -v 1 -c public -O e localhost KSPLICE-UPTRACK-MIB::kspliceEffectiveKernelKSPLICE-UPTRACK-MIB::kspliceEffectiveKernel.0 = STRING: 2.6.18-274.3.1.el5

Displaying a list of all installed updates:

$ snmpwalk -v 1 -c public -O e localhost KSPLICE-UPTRACK-MIB::ksplicePatchTable

In this case, there are none. This is why the base kernel version and effective kernel version are the same, and why this kernel is out of date.

Displaying a list of updates that can be installed right now, including their description:

$ snmpwalk -v 1 -c public -O e localhost KSPLICE-UPTRACK-MIB::kspliceAvailTableKSPLICE-UPTRACK-MIB::kspliceavailIndex.0 = INTEGER: 0KSPLICE-UPTRACK-MIB::kspliceavailIndex.1 = INTEGER: 1KSPLICE-UPTRACK-MIB::kspliceavailIndex.2 = INTEGER: 2KSPLICE-UPTRACK-MIB::kspliceavailIndex.3 = INTEGER: 3KSPLICE-UPTRACK-MIB::kspliceavailIndex.4 = INTEGER: 4KSPLICE-UPTRACK-MIB::kspliceavailIndex.5 = INTEGER: 5KSPLICE-UPTRACK-MIB::kspliceavailIndex.6 = INTEGER: 6KSPLICE-UPTRACK-MIB::kspliceavailIndex.7 = INTEGER: 7KSPLICE-UPTRACK-MIB::kspliceavailIndex.8 = INTEGER: 8KSPLICE-UPTRACK-MIB::kspliceavailIndex.9 = INTEGER: 9KSPLICE-UPTRACK-MIB::kspliceavailIndex.10 = INTEGER: 10KSPLICE-UPTRACK-MIB::kspliceavailIndex.11 = INTEGER: 11KSPLICE-UPTRACK-MIB::kspliceavailIndex.12 = INTEGER: 12KSPLICE-UPTRACK-MIB::kspliceavailIndex.13 = INTEGER: 13KSPLICE-UPTRACK-MIB::kspliceavailIndex.14 = INTEGER: 14KSPLICE-UPTRACK-MIB::kspliceavailIndex.15 = INTEGER: 15KSPLICE-UPTRACK-MIB::kspliceavailIndex.16 = INTEGER: 16KSPLICE-UPTRACK-MIB::kspliceavailIndex.17 = INTEGER: 17KSPLICE-UPTRACK-MIB::kspliceavailIndex.18 = INTEGER: 18KSPLICE-UPTRACK-MIB::kspliceavailIndex.19 = INTEGER: 19KSPLICE-UPTRACK-MIB::kspliceavailIndex.20 = INTEGER: 20KSPLICE-UPTRACK-MIB::kspliceavailIndex.21 = INTEGER: 21KSPLICE-UPTRACK-MIB::kspliceavailIndex.22 = INTEGER: 22KSPLICE-UPTRACK-MIB::kspliceavailIndex.23 = INTEGER: 23KSPLICE-UPTRACK-MIB::kspliceavailIndex.24 = INTEGER: 24KSPLICE-UPTRACK-MIB::kspliceavailIndex.25 = INTEGER: 25KSPLICE-UPTRACK-MIB::kspliceavailName.0 = STRING: [urvt04qt]KSPLICE-UPTRACK-MIB::kspliceavailName.1 = STRING: [7jb2jb4r]KSPLICE-UPTRACK-MIB::kspliceavailName.2 = STRING: [ot8lfoya]KSPLICE-UPTRACK-MIB::kspliceavailName.3 = STRING: [f7pwmkto]KSPLICE-UPTRACK-MIB::kspliceavailName.4 = STRING: [nxs9cwnt]KSPLICE-UPTRACK-MIB::kspliceavailName.5 = STRING: [i8j4bdkr]KSPLICE-UPTRACK-MIB::kspliceavailName.6 = STRING: [5jr9aom4]KSPLICE-UPTRACK-MIB::kspliceavailName.7 = STRING: [iifdtqom]KSPLICE-UPTRACK-MIB::kspliceavailName.8 = STRING: [6yagfyh1]KSPLICE-UPTRACK-MIB::kspliceavailName.9 = STRING: [bqc6pn0b]KSPLICE-UPTRACK-MIB::kspliceavailName.10 = STRING: [sy14t1rw]KSPLICE-UPTRACK-MIB::kspliceavailName.11 = STRING: [ayo20d8s]KSPLICE-UPTRACK-MIB::kspliceavailName.12 = STRING: [ur5of4nd]KSPLICE-UPTRACK-MIB::kspliceavailName.13 = STRING: [ue4dtk2k]KSPLICE-UPTRACK-MIB::kspliceavailName.14 = STRING: [wy52x339]KSPLICE-UPTRACK-MIB::kspliceavailName.15 = STRING: [qsajn0ce]KSPLICE-UPTRACK-MIB::kspliceavailName.16 = STRING: [5tx9tboo]KSPLICE-UPTRACK-MIB::kspliceavailName.17 = STRING: [2nve5xek]KSPLICE-UPTRACK-MIB::kspliceavailName.18 = STRING: [w7ik1ka8]KSPLICE-UPTRACK-MIB::kspliceavailName.19 = STRING: [9ky2kan5]KSPLICE-UPTRACK-MIB::kspliceavailName.20 = STRING: [zjr4ahvv]KSPLICE-UPTRACK-MIB::kspliceavailName.21 = STRING: [j0mkxnwg]KSPLICE-UPTRACK-MIB::kspliceavailName.22 = STRING: [mvu2clnk]KSPLICE-UPTRACK-MIB::kspliceavailName.23 = STRING: [rc8yh417]KSPLICE-UPTRACK-MIB::kspliceavailName.24 = STRING: [0zfhziax]KSPLICE-UPTRACK-MIB::kspliceavailName.25 = STRING: [ns82h58y]KSPLICE-UPTRACK-MIB::kspliceavailDesc.0 = STRING: Clear garbage data on the kernel stack when handling signals.KSPLICE-UPTRACK-MIB::kspliceavailDesc.1 = STRING: CVE-2011-1160: Information leak in tpm driver.KSPLICE-UPTRACK-MIB::kspliceavailDesc.2 = STRING: CVE-2011-1585: Authentication bypass in CIFS.KSPLICE-UPTRACK-MIB::kspliceavailDesc.3 = STRING: CVE-2011-2484: Denial of service in taskstats subsystem.KSPLICE-UPTRACK-MIB::kspliceavailDesc.4 = STRING: CVE-2011-2496: Local denial of service in mremap().KSPLICE-UPTRACK-MIB::kspliceavailDesc.5 = STRING: CVE-2009-4067: Buffer overflow in Auerswald usb driver.KSPLICE-UPTRACK-MIB::kspliceavailDesc.6 = STRING: CVE-2011-2695: Off-by-one errors in the ext4 filesystem.KSPLICE-UPTRACK-MIB::kspliceavailDesc.7 = STRING: CVE-2011-2699: Predictable IPv6 fragment identification numbers.KSPLICE-UPTRACK-MIB::kspliceavailDesc.8 = STRING: CVE-2011-2723: Remote denial of service vulnerability in gro.KSPLICE-UPTRACK-MIB::kspliceavailDesc.9 = STRING: CVE-2011-2942: Regression in bridged ethernet devices.KSPLICE-UPTRACK-MIB::kspliceavailDesc.10 = STRING: CVE-2011-1833: Information disclosure in eCryptfs.KSPLICE-UPTRACK-MIB::kspliceavailDesc.11 = STRING: CVE-2011-3191: Memory corruption in CIFSFindNext.KSPLICE-UPTRACK-MIB::kspliceavailDesc.12 = STRING: CVE-2011-3209: Denial of Service in clock implementation.KSPLICE-UPTRACK-MIB::kspliceavailDesc.13 = STRING: CVE-2011-3188: Weak TCP sequence number generation.KSPLICE-UPTRACK-MIB::kspliceavailDesc.14 = STRING: CVE-2011-3363: Remote denial of service in cifs_mount.KSPLICE-UPTRACK-MIB::kspliceavailDesc.15 = STRING: CVE-2011-4110: Null pointer dereference in key subsystem.KSPLICE-UPTRACK-MIB::kspliceavailDesc.16 = STRING: CVE-2011-1162: Information leak in TPM driver.KSPLICE-UPTRACK-MIB::kspliceavailDesc.17 = STRING: CVE-2011-2494: Information leak in task/process statistics.KSPLICE-UPTRACK-MIB::kspliceavailDesc.18 = STRING: CVE-2011-2203: Null pointer dereference mounting HFS filesystems.KSPLICE-UPTRACK-MIB::kspliceavailDesc.19 = STRING: CVE-2011-4077: Buffer overflow in xfs_readlink.KSPLICE-UPTRACK-MIB::kspliceavailDesc.20 = STRING: CVE-2011-4132: Denial of service in Journaling Block Device layer.KSPLICE-UPTRACK-MIB::kspliceavailDesc.21 = STRING: CVE-2011-4330: Buffer overflow in HFS file name translation logic.KSPLICE-UPTRACK-MIB::kspliceavailDesc.22 = STRING: CVE-2011-4324: Denial of service vulnerability in NFSv4.KSPLICE-UPTRACK-MIB::kspliceavailDesc.23 = STRING: CVE-2011-4325: Denial of service in NFS direct-io.KSPLICE-UPTRACK-MIB::kspliceavailDesc.24 = STRING: CVE-2011-4348: Socking locking race in SCTP.KSPLICE-UPTRACK-MIB::kspliceavailDesc.25 = STRING: CVE-2011-1020, CVE-2011-3637: Information leak, DoS in /proc.

And here’s what happens after you run uptrack-upgrade -y, using Ksplice to fully upgrade your kernel:

$ snmpwalk -v 1 -c public -O e localhost KSPLICE-UPTRACK-MIB::kspliceStatusKSPLICE-UPTRACK-MIB::kspliceStatus.0 = STRING: uptodate$ snmpwalk -v 1 -c public -O e localhost KSPLICE-UPTRACK-MIB::kspliceAvailTable$ snmpwalk -v 1 -c public -O e localhost KSPLICE-UPTRACK-MIB::ksplicePatchTableKSPLICE-UPTRACK-MIB::ksplicepatchIndex.0 = INTEGER: 0KSPLICE-UPTRACK-MIB::ksplicepatchIndex.1 = INTEGER: 1KSPLICE-UPTRACK-MIB::ksplicepatchIndex.2 = INTEGER: 2KSPLICE-UPTRACK-MIB::ksplicepatchIndex.3 = INTEGER: 3[ . . . ]

The plugin displays that the kernel is now up-to-date.

SNMP and Enterprise Manager

Once the plugin is up and running, you can monitor your system using Oracle Enterprise Manager. Specifically, you can create an SNMP Adapter to allow Enterprise Manager Management Agents to query the status of Ksplice on each system with the plugin installed. Check out our documentation on SNMP support in Enterprise Manager to get started, including section 22.6, “About Metric Extensions”.

This plugin represents the first step in greater functionality between Ksplice and Enterprise Manager and we’re excited about what is coming up. If you have any questions about the plugin or suggestions for future development, leave a comment below or drop us a line at ksplice-support_ww@oracle.com.

[Update]

Notes about Enterprise Manager 12c

When connecting Enterprise Manager 12c (EM) as an SNMP client to the target Ksplice interface, there is an extra step required to fix a known issue where EM is not able to query an SNMP property, e.g:

If your target is “ksplice.example.com”, run the following command on your OMS:

 $ emcli modify_target -name=ksplice.example.com -type=”host” -properties=”SNMPHostname:ksplice.example.com” -on_agent 

That command will populate the missing value of the SNMPHostname property. Then stop and re-start your OMS to make sure the changes take effect.

Ksplice SNMP Plugin

The Ksplice team is happy to announce the release of an SNMP plugin for Ksplice, available today on the Unbreakable Linux Network. The plugin will let you use Oracle Enterprise Manager to monitor the status of Ksplice on all of your systems, but it will also work with any monitoring solution that is SNMP compatible.

Installation

You’ll find the plugin on Ksplice channel for your distribution and architecture. For Oracle Linux 6 on x86_64 that’s ol6_x86_64_ksplice. Install the plugin by running (as root):

yum install ksplice-snmp-plugin

Configuration

If you haven’t set up SNMP before, you’ll need to do a little bit of configuration. Included below is a sample /etc/snmp/snmpd.conf file to try out the plugin:


# Setting up permissions
# ======================
com2sec local localhost public
com2sec mynet 10.10.10.0/24 public

group local v1 local
group local v2c local
group local usm local
group mynet v1  mynet
group mynet v2c mynet
group mynet usm mynet

view all included .1 80

access mynet "" any noauth exact all none none
access local "" any noauth exact all all none

syslocation Oracle Linux 6
syscontact sysadmin <root@localhost>

# Load the plugin
# ===============
dlmod kspliceUptrack /usr/lib64/ksplice-snmp/kspliceUptrack.so

 

You’ll want to replace the IP address next to com2sec with the address of your local network, or the address of your SNMP monitoring software. If you are running on a 32 bit architecture x86), replace lib64 in the dlmod path with lib. The above configuration is an example, intended only for testing purposes. For more information about configuring SNMP, check out the SNMP documentation, including the man pages for snmpd and snmpd.conf.

Examples

You can test out your configuration by using the snmpwalk command and verifying the responses. Some examples:

Displaying the installed version of Ksplice:

$ snmpwalk -v 1 -c public -O e localhost KSPLICE-UPTRACK-MIB::kspliceVersion
KSPLICE-UPTRACK-MIB::kspliceVersion.0 = STRING: 1.2.12

Checking if a kernel has all available updates installed:

$ snmpwalk -v 1 -c public -O e localhost KSPLICE-UPTRACK-MIB::kspliceStatus
KSPLICE-UPTRACK-MIB::kspliceStatus.0 = STRING: outofdate

Displaying and comparing the kernel installed on disk with the Ksplice effective version:

$ snmpwalk -v 1 -c public -O e localhost KSPLICE-UPTRACK-MIB::kspliceBaseKernel
KSPLICE-UPTRACK-MIB::kspliceBaseKernel.0 = STRING: 2.6.18-274.3.1.el5

$ snmpwalk -v 1 -c public -O e localhost KSPLICE-UPTRACK-MIB::kspliceEffectiveKernel
KSPLICE-UPTRACK-MIB::kspliceEffectiveKernel.0 = STRING: 2.6.18-274.3.1.el5

Displaying a list of all installed updates:

$ snmpwalk -v 1 -c public -O e localhost KSPLICE-UPTRACK-MIB::ksplicePatchTable

In this case, there are none. This is why the base kernel version and effective kernel version are the same, and why this kernel is out of date.

Displaying a list of updates that can be installed right now, including their description:

$ snmpwalk -v 1 -c public -O e localhost KSPLICE-UPTRACK-MIB::kspliceAvailTable
KSPLICE-UPTRACK-MIB::kspliceavailIndex.0 = INTEGER: 0
KSPLICE-UPTRACK-MIB::kspliceavailIndex.1 = INTEGER: 1
KSPLICE-UPTRACK-MIB::kspliceavailIndex.2 = INTEGER: 2
KSPLICE-UPTRACK-MIB::kspliceavailIndex.3 = INTEGER: 3
KSPLICE-UPTRACK-MIB::kspliceavailIndex.4 = INTEGER: 4
KSPLICE-UPTRACK-MIB::kspliceavailIndex.5 = INTEGER: 5
KSPLICE-UPTRACK-MIB::kspliceavailIndex.6 = INTEGER: 6
KSPLICE-UPTRACK-MIB::kspliceavailIndex.7 = INTEGER: 7
KSPLICE-UPTRACK-MIB::kspliceavailIndex.8 = INTEGER: 8
KSPLICE-UPTRACK-MIB::kspliceavailIndex.9 = INTEGER: 9
KSPLICE-UPTRACK-MIB::kspliceavailIndex.10 = INTEGER: 10
KSPLICE-UPTRACK-MIB::kspliceavailIndex.11 = INTEGER: 11
KSPLICE-UPTRACK-MIB::kspliceavailIndex.12 = INTEGER: 12
KSPLICE-UPTRACK-MIB::kspliceavailIndex.13 = INTEGER: 13
KSPLICE-UPTRACK-MIB::kspliceavailIndex.14 = INTEGER: 14
KSPLICE-UPTRACK-MIB::kspliceavailIndex.15 = INTEGER: 15
KSPLICE-UPTRACK-MIB::kspliceavailIndex.16 = INTEGER: 16
KSPLICE-UPTRACK-MIB::kspliceavailIndex.17 = INTEGER: 17
KSPLICE-UPTRACK-MIB::kspliceavailIndex.18 = INTEGER: 18
KSPLICE-UPTRACK-MIB::kspliceavailIndex.19 = INTEGER: 19
KSPLICE-UPTRACK-MIB::kspliceavailIndex.20 = INTEGER: 20
KSPLICE-UPTRACK-MIB::kspliceavailIndex.21 = INTEGER: 21
KSPLICE-UPTRACK-MIB::kspliceavailIndex.22 = INTEGER: 22
KSPLICE-UPTRACK-MIB::kspliceavailIndex.23 = INTEGER: 23
KSPLICE-UPTRACK-MIB::kspliceavailIndex.24 = INTEGER: 24
KSPLICE-UPTRACK-MIB::kspliceavailIndex.25 = INTEGER: 25
KSPLICE-UPTRACK-MIB::kspliceavailName.0 = STRING: [urvt04qt]
KSPLICE-UPTRACK-MIB::kspliceavailName.1 = STRING: [7jb2jb4r]
KSPLICE-UPTRACK-MIB::kspliceavailName.2 = STRING: [ot8lfoya]
KSPLICE-UPTRACK-MIB::kspliceavailName.3 = STRING: [f7pwmkto]
KSPLICE-UPTRACK-MIB::kspliceavailName.4 = STRING: [nxs9cwnt]
KSPLICE-UPTRACK-MIB::kspliceavailName.5 = STRING: [i8j4bdkr]
KSPLICE-UPTRACK-MIB::kspliceavailName.6 = STRING: [5jr9aom4]
KSPLICE-UPTRACK-MIB::kspliceavailName.7 = STRING: [iifdtqom]
KSPLICE-UPTRACK-MIB::kspliceavailName.8 = STRING: [6yagfyh1]
KSPLICE-UPTRACK-MIB::kspliceavailName.9 = STRING: [bqc6pn0b]
KSPLICE-UPTRACK-MIB::kspliceavailName.10 = STRING: [sy14t1rw]
KSPLICE-UPTRACK-MIB::kspliceavailName.11 = STRING: [ayo20d8s]
KSPLICE-UPTRACK-MIB::kspliceavailName.12 = STRING: [ur5of4nd]
KSPLICE-UPTRACK-MIB::kspliceavailName.13 = STRING: [ue4dtk2k]
KSPLICE-UPTRACK-MIB::kspliceavailName.14 = STRING: [wy52x339]
KSPLICE-UPTRACK-MIB::kspliceavailName.15 = STRING: [qsajn0ce]
KSPLICE-UPTRACK-MIB::kspliceavailName.16 = STRING: [5tx9tboo]
KSPLICE-UPTRACK-MIB::kspliceavailName.17 = STRING: [2nve5xek]
KSPLICE-UPTRACK-MIB::kspliceavailName.18 = STRING: [w7ik1ka8]
KSPLICE-UPTRACK-MIB::kspliceavailName.19 = STRING: [9ky2kan5]
KSPLICE-UPTRACK-MIB::kspliceavailName.20 = STRING: [zjr4ahvv]
KSPLICE-UPTRACK-MIB::kspliceavailName.21 = STRING: [j0mkxnwg]
KSPLICE-UPTRACK-MIB::kspliceavailName.22 = STRING: [mvu2clnk]
KSPLICE-UPTRACK-MIB::kspliceavailName.23 = STRING: [rc8yh417]
KSPLICE-UPTRACK-MIB::kspliceavailName.24 = STRING: [0zfhziax]
KSPLICE-UPTRACK-MIB::kspliceavailName.25 = STRING: [ns82h58y]
KSPLICE-UPTRACK-MIB::kspliceavailDesc.0 = STRING: Clear garbage data on the kernel stack when handling signals.
KSPLICE-UPTRACK-MIB::kspliceavailDesc.1 = STRING: CVE-2011-1160: Information leak in tpm driver.
KSPLICE-UPTRACK-MIB::kspliceavailDesc.2 = STRING: CVE-2011-1585: Authentication bypass in CIFS.
KSPLICE-UPTRACK-MIB::kspliceavailDesc.3 = STRING: CVE-2011-2484: Denial of service in taskstats subsystem.
KSPLICE-UPTRACK-MIB::kspliceavailDesc.4 = STRING: CVE-2011-2496: Local denial of service in mremap().
KSPLICE-UPTRACK-MIB::kspliceavailDesc.5 = STRING: CVE-2009-4067: Buffer overflow in Auerswald usb driver.
KSPLICE-UPTRACK-MIB::kspliceavailDesc.6 = STRING: CVE-2011-2695: Off-by-one errors in the ext4 filesystem.
KSPLICE-UPTRACK-MIB::kspliceavailDesc.7 = STRING: CVE-2011-2699: Predictable IPv6 fragment identification numbers.
KSPLICE-UPTRACK-MIB::kspliceavailDesc.8 = STRING: CVE-2011-2723: Remote denial of service vulnerability in gro.
KSPLICE-UPTRACK-MIB::kspliceavailDesc.9 = STRING: CVE-2011-2942: Regression in bridged ethernet devices.
KSPLICE-UPTRACK-MIB::kspliceavailDesc.10 = STRING: CVE-2011-1833: Information disclosure in eCryptfs.
KSPLICE-UPTRACK-MIB::kspliceavailDesc.11 = STRING: CVE-2011-3191: Memory corruption in CIFSFindNext.
KSPLICE-UPTRACK-MIB::kspliceavailDesc.12 = STRING: CVE-2011-3209: Denial of Service in clock implementation.
KSPLICE-UPTRACK-MIB::kspliceavailDesc.13 = STRING: CVE-2011-3188: Weak TCP sequence number generation.
KSPLICE-UPTRACK-MIB::kspliceavailDesc.14 = STRING: CVE-2011-3363: Remote denial of service in cifs_mount.
KSPLICE-UPTRACK-MIB::kspliceavailDesc.15 = STRING: CVE-2011-4110: Null pointer dereference in key subsystem.
KSPLICE-UPTRACK-MIB::kspliceavailDesc.16 = STRING: CVE-2011-1162: Information leak in TPM driver.
KSPLICE-UPTRACK-MIB::kspliceavailDesc.17 = STRING: CVE-2011-2494: Information leak in task/process statistics.
KSPLICE-UPTRACK-MIB::kspliceavailDesc.18 = STRING: CVE-2011-2203: Null pointer dereference mounting HFS filesystems.
KSPLICE-UPTRACK-MIB::kspliceavailDesc.19 = STRING: CVE-2011-4077: Buffer overflow in xfs_readlink.
KSPLICE-UPTRACK-MIB::kspliceavailDesc.20 = STRING: CVE-2011-4132: Denial of service in Journaling Block Device layer.
KSPLICE-UPTRACK-MIB::kspliceavailDesc.21 = STRING: CVE-2011-4330: Buffer overflow in HFS file name translation logic.
KSPLICE-UPTRACK-MIB::kspliceavailDesc.22 = STRING: CVE-2011-4324: Denial of service vulnerability in NFSv4.
KSPLICE-UPTRACK-MIB::kspliceavailDesc.23 = STRING: CVE-2011-4325: Denial of service in NFS direct-io.
KSPLICE-UPTRACK-MIB::kspliceavailDesc.24 = STRING: CVE-2011-4348: Socking locking race in SCTP.
KSPLICE-UPTRACK-MIB::kspliceavailDesc.25 = STRING: CVE-2011-1020, CVE-2011-3637: Information leak, DoS in /proc.

And here’s what happens after you run uptrack-upgrade -y, using Ksplice to fully upgrade your kernel:

$ snmpwalk -v 1 -c public -O e localhost KSPLICE-UPTRACK-MIB::kspliceStatus
KSPLICE-UPTRACK-MIB::kspliceStatus.0 = STRING: uptodate

$ snmpwalk -v 1 -c public -O e localhost KSPLICE-UPTRACK-MIB::kspliceAvailTable

$ snmpwalk -v 1 -c public -O e localhost KSPLICE-UPTRACK-MIB::ksplicePatchTable
KSPLICE-UPTRACK-MIB::ksplicepatchIndex.0 = INTEGER: 0
KSPLICE-UPTRACK-MIB::ksplicepatchIndex.1 = INTEGER: 1
KSPLICE-UPTRACK-MIB::ksplicepatchIndex.2 = INTEGER: 2
KSPLICE-UPTRACK-MIB::ksplicepatchIndex.3 = INTEGER: 3
[ . . . ]

The plugin displays that the kernel is now up-to-date.

SNMP and Enterprise Manager

Once the plugin is up and running, you can monitor your system using Oracle Enterprise Manager. Specifically, you can create an SNMP Adapter to allow Enterprise Manager Management Agents to query the status of Ksplice on each system with the plugin installed. Check out our documentation on SNMP support in Enterprise Manager to get started, including section 22.6, “About Metric Extensions”.

This plugin represents the first step in greater functionality between Ksplice and Enterprise Manager and we’re excited about what is coming up. If you have any questions about the plugin or suggestions for future development, leave a comment below or drop us a line at ksplice-support_ww@oracle.com.

[Update]

Notes about Enterprise Manager 12c

When connecting Enterprise Manager 12c (EM) as an SNMP client to the target Ksplice interface, there is an extra step required to fix a known issue where EM is not able to query an SNMP property, e.g:

If your target is “ksplice.example.com”, run the following command on your OMS:

 $ emcli modify_target -name=ksplice.example.com -type=”host” -properties=”SNMPHostname:ksplice.example.com” -on_agent 

That command will populate the missing value of the SNMPHostname property. Then stop and re-start your OMS to make sure the changes take effect.

Revolutionizing Server Economics: Terabyte-Scale Computing Without the Premium

Large-scale servers offer significant advantages in the areas of application performance, simplified data center operations, and higher server utilization for large, complex workloads or for consolidating smaller servers. Historically, large-scale servers have had a higher cost per unit of performance, therefore limiting large servers to specialized workloads. Oracle has re-engineered server economics, enabling near-linear pricing from two-processor SPARC T5 servers to the terabyte-scale SPARC M6-32 server. Oracle customers can deploy any workload onto a larger scale server, obtaining better performance, better efficiency, and less complexity without a price premium over small servers.

Video: Revolutionizing Server Economics

Terabyte-Scale Computing Advantages
“Scaling up” with large servers—generally SMP servers hosting eight or more processors—provides significant advantages over “scaling out” with many small servers. Higher system performance is available from larger pools of compute resources due to higher bandwidth system interconnects and lower latencies, versus conventional networking across clusters of small servers. Additionally, large-scale servers can be configured with terabytes of system memory, allowing entire databases and applications to be cached in-memory for unprecedented performance levels. Oracle’s SPARC M6-32 server offers up to 32 terabytes of system memory—twice the memory per processor of any other large-scale enterprise-class server—and more than a terabyte/sec of memory or I/O system bandwidth. The system provides terabyte-scale computing without the price premium found on large-scale servers from other vendors.

The New Wisdom of Near-Linear Pricing—What Does This Mean?
For a few decades now, conventional wisdom has said that vendors charge a significant premium for larger multiprocessor servers, thereby delivering price/performance that is worse relative to smaller severs. These price premiums have limited big-scale servers to specific workloads for which large compute resources, memory footprint, high availability, or other large-scale server capabilities are required. This trend has led IT organizations to build larger-scale deployments with increasing quantities of smaller networked servers, resulting in challenges to achieve performance, increased complexity, higher costs for high-speed networks, and lower server utilization.

Oracle has created new wisdom with the introduction of the SPARC T5 and M6 servers. Near-linear pricing means that the price/performance of the terabyte-scale SPARC M6-32 server is nearly the same as the price/performance of the SPARC T5-2 server. In fact, the price/performance for all SPARC T5 servers, which scale from two to eight processors, is nearly the same. Oracle customers can now deploy any workload onto larger-scale servers obtaining the advantages of terabyte-scale computing including higher performance, higher efficiency, higher system availability, and less complexity for nearly the same price/performance as smaller servers.

This chart above illustrates how price/performance across Oracle’s SPARC T5 and SPARC-M6 servers is nearly constant. The lines show the price/performance for servers configured with the same amount of memory per processor, but different maximum processor (socket) counts, while the numbers indicate list prices. Other vendors charge high premiums for large servers—regardless of the processor (x86, POWER, Itanium, etc.) on which they are based. As shown in the example above, IBM’s POWER servers still follow conventional wisdom, with a high price premium for larger servers. The revolutionary price/performance introduced by Oracle is made possible by breakthrough engineering, such as the creation of a highly efficient processor interconnect design and the utilization of non-proprietary memory components.

The comparison table above shows that, for about the same price, a single SPARC M6-32 server offers a dramatically simpler deployment, while providing much better performance, than a network of smaller servers. The architecture using SPARC T5-2 servers needs to factor in the cost of expensive, complex, high-performance networking that is necessary to make a cluster of small servers perform like a single high-end system. However, even the most sophisticated conventional technologies available today for networking cannot match the speed and efficiency of the SPARC M6-32 internal system interconnect. A similar argument can be made when comparing an architecture with one SPARC T5-8 server with a cluster consisting of a few smaller servers.

Oracle’s new large-scale servers—SPARC M6-32 and SPARC T5-8—are ideal consolidation platforms, delivering the scalability, high availability, virtualization, and system management capabilities to support hundreds of diverse workloads of varying sizes. Oracle customers can benefit from the significant advantages of Oracle’s large servers in terms of higher performance, system availability, and reduced management complexity when compared to many smaller networked systems.

For more information, download the product brief on Revolutionizing Server Economics:
 Terabyte-Scale Computing with the Premium.

Result Cache (Part 1)

First, solve the problem. Then, write the code. – John Johnson We are always looking for ways to do things faster. Sure you can use more CPU power or more memory in the database server, but there’s a limit to that approach. Be it the amount of money being spent, the limits of the [current] CPU power or other limits…. Continue Reading →

TEL/電話+86 13764045638
Email service@parnassusdata.com
QQ 47079569