Minimizing downtime using NanoBSD, ZFS and jails

With more and more services and applications running on your average server, upgrading the operating system and application software becomes trickier and larger service windows are needed performing these upgrades.

Over the last four years Paul Schenkeveld (PSconsult) has searched for means and methods to keep software up to date with minimum downtime and inconvenience for users and maximum consistency. The result is a model which combines the strength of NanoBSD, ZFS and jails to build servers where application upgrades result in downtime of only a few seconds and kernel upgrades only need the time to reboot without installing in (tampering with) the running system. This system is in production now for several months on 6 to 8 servers at four different sites.

LWN.net has an article explaining Paul’s approach:

On May 6, NLUUG held its Spring Conference with the theme System Administration. There were a lot of talks about very specific tools or case studies, but one struck your author because it married conceptual simplicity with a useful goal: Minimizing service windows on servers using NanoBSD + ZFS + jails by Paul Schenkeveld. Over the last four years, Paul has searched for methods to upgrade applications on a server with minimal downtime. The system he implemented is in production now on various servers, which require only a few seconds downtime for an application upgrade and the same amount of time for a rollback if the upgrade fails.

[…]

Combining these three technologies (NanoBSD, ZFS, and jails), Paul reached his goal of setting up a FreeBSD server that can be upgraded with minimal downtime. All user-visible applications run in jails. Underneath the jails, a minimal FreeBSD operating system runs, built using the NanoBSD script. This holds the kernel, some low-level services, and the tools for building a new system image for upgrading the operating system. The NanoBSD system image can be put on a partition of a regular disk drive, but Paul prefers to put it on a separate flash drive, because NanoBSD is specifically designed for it and using a separate drive for the operating system makes it easier for the system administrator when the hard drives with the jails fail.

Read the whole article:
NLUUG: Minimizing downtime on servers using NanoBSD, ZFS, and jails

Paul presented the above also in Tokio at AsiaBSDCon 2010:


BSDCan 2010 videos and photos

BSDCan 2010 is over. Time to glean pictures, videos and presentations:

FreeBSD Dev Summit

Videos (link)

Introducing SecurityBSD

Matthew Hughes, a student of Ethical Hacking in the UK, has always had an interest in FreeBSD and computer security, and now he has decided to combine these two interests by introduding SecurityBSD, a distribution of BSD aimed at security professionals.

SecurityBSD is a bundling of the FreeBSD operating system with open source security tools aimed at computer security profesionals and enthusiasts, and intends to be a serious contender to the more popular security Linux distributions such as Backtrack Linux, Weaknet Linux and SamuraiWTF.

SecurityBSD can be used on your old beige-box or on the latest computer hardware, it really doesn’t matter. One of the advantages of SecurityBSD is that it is lightweight, and can be used on legacy machines, which will be ideal for enterprises with a small IT security budget, especially in the developing world.

Version 0.01 (pre-alpha) is now available: SecurityBSD 0.01 – Kevin Federline pre-alpha released

We wish Matthew much success and are looking forward to see this become an established project.

Linux vs BSD with a little focus on OpenBSD

Juraj Sipos, the founder of MaheshaBSD, has published an article listing the difference between Linux and BSD:

“This article is not about the history of Unix; however, Unix is such a complex issue that it deserves few words in this respect: BSD family of Unix systems is based upon the source code of real Unix developed in Bell Labs, which was later purchased by the University of California. Thus, the name of the family of Unix systems called BSD is derived from “Berkeley Software Distribution”. The contemporary BSD systems stand on the source code that was released in the beginning of 1990’s (Net/2 Lite and 386/BSD release).

No one person or any entity owns BSD. Enthusiastic developers create it and many of its components are open-sourced.

BSD is behind the philosophy of TCP/IP networking and the Internet thereof; it is a developed Unix system with advanced features. Except for proprietary BSD/OS, the development of which was discontinued, there are currently four BSD systems available: FreeBSD, NetBSD, OpenBSD and Mac OS X, which is derived from FreeBSD. There are also various forks of these, like PC-BSD – a FreeBSD clone, or MirOS, an OpenBSD clone. The intention of such forks is to include various characteristics missing in the above BSD systems, on which these (forks), no matter how well they are designed, only strongly depend. PC-BSD, for example, has more graphical features than FreeBSD, but there are no substantial differences between these two. PC-BSD cannot breathe without FreeBSD; FreeBSD or OpenBSD are independent of one another.”

Continues (linuxmagazines.com): Linux vs BSD with a little focus on OpenBSD

Pfsense – With out doubt a very good software firewall

An account from a happy user of pfSense:

“I had been reviewing pfsense firewall recently. After using an outdated Watchguard firebox for long, we wanted to replace it with something reliable and easy to manage remotely. Previously our NOC team was looking at Endian for a lot of customers but it ended up as a wrong choice of technology with many of the stuff not working as expected and some of the crucial features missing or not working no matter repeated attempts.

Installation of Pfsense is straight forward but can be a little confusing for a novice user especially assigning the WAN and LAN interfaces. But there are lots of step by step installation videos in youtube to rescue. Once you have got the web based GUI, then configuring everything is a breeze. I liked the PPTP feature which many of the s/w firewalls were missing.

Since we liked it a lot we are moving our internal office n/w also under pfsense which means ‘RIP’ for the pretty old watchguard or serve me at my home.”

Source (confiance.com): Pfsense – With out doubt a very good Software firewall

pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.

Chris Buechler has created a list of pfSense 2.0 New Features and Changes.

A work in progress list of 2.0 new features and changes is available. I think that has most of the changes, but it’s definitely missing some. If you notice anything that was missed, please leave a comment. We’ll be adding to it as we review the list more in the coming days. (source)

HOWTO: Create a FreeBSD 8 i386 Xen PV domU

Aprogas has put together a very useful howto showing how you can create a FreeBSD Xen PV domU.

Xen is virtualization software, which lets you run multiple operating systems on the same physical machine. The goal of this guide is to show you how to create a FreeBSD 8 installation that will run as a guest OS, without the need for a processor that supports hardware-assisted virtualization. It would go beyond the scope of this guide to explain how exactly Xen works or what the differences between PV and HVM are, suffice to say dom0 is the host OS and domU the guest OS. Although FreeBSD fully supports being a Xen domU, it is not yet very well documented and not suited for novice Xen users. Especially the lack of a Xen-aware installer or pre-built Xen-aware images make things more difficult. If you are a Xen novice, I recommend starting first with pre-built Linux images, and then trying a NetBSD domU installation, before proceeding with FreeBSD.”

Continues (FreeBSD forums)

Minimizing service windows on servers using NanoBSD + ZFS + jails


Paul Schenkeveld: Minimizing service windows on servers using NanoBSD + ZFS + jails

AsiaBSDCon 2010 paper session.

Abstract:

With more and more services and applications running on your average server, upgrading the operating system and application software becomes trickier and larger service windows are needed performing these upgrades.

Over the last four years the author has searched for means and methods to keep software up to date with minimum downtime and inconvenience for users and maximum consistency. The result is a model which combines the strength of NanoBSD, ZFS and jails to build servers where application upgrades result in downtime of only a few seconds and kernel upgrades only need the time to reboot without installing in (tampering with) the running system. This system is in production now for several months on about 10 servers at five different sites.

Hardware Performance Monitoring Counters (video)


George Neville-Neil: Hardware Performance Monitoring Counters on non-X86 Architectures

AsiaBSDCon 2010 paper session.

Abstract:

Hardware Performance Monitoring Counters provide programmers and systems integrators with the ability to gather accurate, low level, information about the performance of their code, both at the user and kernel levels. Until recently these counters were only available on Intel and AMD chips but they have now been made available on alternate, embedded, architectures such as MIPS and ARM.

This paper discusses the motivation, design and implementation of counters using the hwpmc(4) driver in the FreeBSD operating system with an eye towards easing future porting efforts.