Testing out Oracle’s Unbreakable Enterprise Kernel 2
Mar 27, 2012 / By Marc Fielding
As announced a few days ago, Oracle’s core database product is now supported on Oracle Linux 6. Coming a full 13 months after Oracle Linux 6′s launch, and 16 months after Red Hat Enterprise Linux 6, it’s a much anticipated announcement.
Update 28-Mar-12: the official certification information has come out on My Oracle Support. So far it’s only certified for Oracle Linux 6 Unbreakable Enterprise Kernel version 1, and only for version 11.2.0.3 under Linux x86-64. It also means that a certified combination should be possible using the Oracle-supplied OEL 6 EC2 AMI, though it’s frozen at the original 6.2 release kernel. Unfortunately Oracle 11.2.0.3 is not currently available on OTN but rather requires an active license to download from My Oracle Support.
Oracle’s UEK2 (and Red Hat Enterprise Linux 6) add some very interesting features like:
- btrfs, a big break in filesystem organization from traditional ext2/3, with the promise of lightweight copy-on-write snapshot support
- transparent hugepages, dynamically allocating hugepages as needed and performing background memory defragmentation to attempt to free up contiguous space
- transmit packet steering, allowing multiple CPUs to load-balance outgoing network traffic
Although the press release states it’s available “immediately”, I couldn’t find any notes on Oracle’s My Oracle Support support portal relating to the product support; in fact, it still lists Oracle Enterprise 6 as being uncertified as of this writing. So I’m not sure how it will pass the pre-installation operating system checks.
No matter, I’m going to test this out, and an obvious way to do this would be using Amazon EC2, providing high-capacity instances on demand.
After some blind allies getting the Oracle Linux UEK2 kernel working with Amazon EC2 and Oracle VM I found that I could make it work without Oracle VM, with with Amazon’s default Xen hypervisor. Here are the steps I used:
- Sign up for an Amazon EC2 account and set up the EC2 API tools on your client machine. There are lots of tutorials on how to do this online
- Create a new EC2 instance using a “builder” AMI; I chose a 64-bit CentOS 6 image “CentOS 6 PVGrub EBS AMI”, AMI ID ami-1f66b276
[marc@shakybox2 tmp]$ ec2-run-instances -k marc-aws -n 1 -t m1.medium -z us-east-1d ami-1f66b276 RESERVATION r-d18f28b2 462281317311 default INSTANCE i-22d8f846 ami-1f66b276 pending marc-aws 0 m1.medium 2012-03-24T21:25:11+0000 us-east-1d aki-427d952b monitoring-disabled ebs paravirtual xen sg-5fc61437 default
- Assign a name to the instance
[marc@shakybox2 tmp]$ ec2-create-tags i-22d8f846 --tag 'Name=Instance Builder' TAG instance i-22d8f846 Name Instance Builder
- Authorize incoming SSH
[marc@shakybox2 ~]$ ec2-authorize default -p 22 -s $(ip addr list dev eth0 | awk '/inet / {print $2}')
- Create a new 20G EBS volume; this will be the “golden image” root disk. Attach it to the builder instance
[marc@shakybox2 tmp]$ ec2-create-volume -s 20 -z us-east-1d VOLUME vol-d7340cbb 20 us-east-1d creating 2012-03-24T21:31:39+0000 [marc@shakybox2 tmp]$ ec2-attach-volume -i i-22d8f846 -d /dev/sdd vol-d7340cbb ATTACHMENT vol-d7340cbb i-22d8f846 /dev/sdd attaching 2012-03-24T21:33:26+0000
- Get the IP address to connect to (substituting the correct image ID and hostname):
[marc@shakybox2 tmp]$ ec2-describe-instances i-22d8f846 RESERVATION r-d18f28b2 462281317311 default INSTANCE i-22d8f846 ami-1f66b276 ec2-50-19-45-24.compute-1.amazonaws.com ip-10-116-237-78.ec2.internal running marc-aws 0 m1.medium 2012-03-24T21:25:11+0000 us-east-1d aki-427d952b monitoring-disabled 50.19.45.24 10.116.237.78 ebs paravirtual xen sg-5fc61437 default BLOCKDEVICE /dev/sda1 vol-39310955 2012-03-24T21:25:28.000Z true TAG instance i-22d8f846 Name Instance Builder [marc@shakybox2 tmp]$ ssh -i marc-aws.pem root@ec2-50-19-45-24.compute-1.amazonaws.com
- Finding the volume inside our AMI, which just got hotplugged:
[root@ip-10-116-237-78 ~]# dmesg | tail -2 blkfront: xvdh: barriers disabled xvdh: unknown partition table
- Creating a filesystem and mounting. Note I’m not creating a partition table, but rather a raw filesystem. This will make things much easier if the volume ever needs to be resized.
[root@ip-10-116-237-78 ~]# mke2fs -j -L / /dev/xvdh mke2fs 1.41.12 (17-May-2010) Filesystem label=/ OS type: Linux ... This filesystem will be automatically checked every 35 mounts or 180 days, whichever comes first. Use tune2fs -c or -i to override. [root@ip-10-116-237-78 ~]# mkdir /mnt/ec2-fs [root@ip-10-116-237-78 ~]# mount /dev/xvdh /mnt/ec2-fs
- Creating the base directories, as per Jonathan Hui’s excellent blog post
mkdir /mnt/ec2-fs/dev /sbin/MAKEDEV -d /mnt/ec2-fs/dev/ -x console /sbin/MAKEDEV -d /mnt/ec2-fs/dev/ -x null /sbin/MAKEDEV -d /mnt/ec2-fs/dev/ -x zero mkdir /mnt/ec2-fs/etc mkdir /mnt/ec2-fs/proc
- Creating /etc/fstab
cat > /mnt/ec2-fs/etc/fstab <<EOF LABEL=/ / ext3 defaults 1 1 none /proc proc defaults 0 0 none /sys sysfs defaults 0 0 EOF
- Mounting /proc
mount -t proc none /mnt/ec2-fs/proc
- Grabbing the OEL 6 yum config file
[root@ip-10-116-237-78 ~]# cd /root [root@ip-10-116-237-78 ~]# wget http://public-yum.oracle.com/public-yum-ol6.repo --2012-03-24 22:42:54-- http://public-yum.oracle.com/public-yum-ol6.repo Resolving public-yum.oracle.com... 141.146.44.34 Connecting to public-yum.oracle.com|141.146.44.34|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 1461 (1.4K) 1 Saving to: âpublic-yum-ol6.repoâ 100%[======================================>] 1,461 --.-K/s in 0s 2012-03-24 22:42:55 (106 MB/s) - âpublic-yum-ol6.repoâ cat <<-EOF >> public-yum-ol6.repo [main] cachedir=/var/cache/yum debuglevel=2 logfile=/var/log/yum.log exclude=*-debuginfo gpgcheck=0 obsoletes=1 pkgpolicy=newest distroverpkg=redhat-release tolerant=1 exactarch=1 reposdir=/dev/null metadata_expire=1800 EOF
- Installing the base OS
[root@ip-10-116-237-78 ~]# yum -c /root/public-yum-ol6.repo --installroot=/mnt/ec2-fs -y groupinstall Core ol6_latest | 1.1 kB 00:00 ...
- Installing the latest UEK2 kernel
yum -c /root/public-yum-ol6.repo --enablerepo=ol6_UEK_latest --installroot=/mnt/ec2-fs -y install kernel-uek
(not small: 200m+ for the kernel alone)
- Setting up base networking scripts
cat > /mnt/ec2-fs/etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes TYPE=Ethernet USERCTL=yes PEERDNS=yes IPV6INIT=no EOF echo "NETWORKING=yes" > /mnt/ec2-fs/etc/sysconfig/network echo "nameserver 172.16.0.23" > /mnt/ec2-fs/etc/resolv.conf echo "UseDNS no" >> /mnt/ec2-fs/etc/ssh/sshd_config echo "PermitRootLogin without-password" >> /mnt/ec2-fs/etc/ssh/sshd_config echo "hwcap 0 nosegneg" > /mnt/ec2-fs/etc/ld.so.conf.d/libc6-xen.conf
- Script download of SSH private key on startup in case it’s missing (though with EBS-backed storage this shouldn’t be necessary)
cat > /mnt/ec2-fs/usr/local/sbin/get-sshkey.sh <<EOF #!/bin/sh if [ ! -d /root/.ssh ] ; then mkdir -p /root/.ssh chmod 700 /root/.ssh fi # Fetch public key using HTTP /usr/bin/curl -f http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /tmp/my-key if [ $? -eq 0 ] ; then cat /tmp/my-key >> /root/.ssh/authorized_keys chmod 600 /root/.ssh/authorized_keys rm -f /tmp/my-key fi EOF chmod u+x /mnt/ec2-fs/usr/local/sbin/get-sshkey.sh echo "/usr/local/sbin/get-sshkey.sh" >> /mnt/ec2-fs/etc/rc.d/rc.local
- Clean up temporary files from the installs (mostly the RPM packages)
yum -c /root/public-yum-ol6.repo --installroot=/mnt/ec2-fs clean all
- Set up GRUB boot files (note the kernel version here should
chroot /mnt/ec2-fs
cd /boot/grub
cat > grub.conf <<EOF
default=0
fallback=1
timeout=1
title Oracle Linux UEK
root (hd0)
kernel $(echo /boot/vmlinuz*uek.x86_64) ro root=LABEL=/ ro console=hvc0 crashkernel=auto LANG=en_US.UTF8 selinux=0
initrd $(echo /boot/initramfs*uek.x86_64.img)
title Oracle Linux Compatibility Kernel
root (hd0)
kernel $(echo /boot/vmlinuz*el6.x86_64) ro root=LABEL=/ ro console=hvc0 crashkernel=auto LANG=en_US.UTF8 selinux=0
initrd $(echo /boot/initramfs*el6.x86_64.img)
EOF
ln -s grub.conf menu.lst
exit
- Set up swap. There’s no need to put this on expensive EBS storage when ephemeral storage will do)
cat > /mnt/ec2-fs/usr/local/sbin/add-swap.sh <<EOF
#!/bin/bash
VOL=\${1-/dev/xvdb}
SIZE=\${1-2097152}
dd if=/dev/zero of=\$VOL bs=\${SIZE}k count=1 && mkswap \$VOL \$SIZE && swapon \$VOL
EOF
chmod +x /mnt/ec2-fs//usr/local/sbin/add-swap.sh
echo "/usr/local/sbin/add-swap.sh /dev/xvdb 2097152" >> /mnt/ec2-fs//etc/rc.d/rc.local
- Unmount our root disk
umount /mnt/ec2-fs/proc umount /mnt/ec2-fs
- Log out of the builder instance; our work there is done
exit
- Create a snapshot of the root volume. Use the volume ID originally used to create the volume
[marc@shakybox2 tmp]$ ec2-create-snapshot -d "UEK2 AMI creation point" vol-d7340cbb SNAPSHOT snap-b94519c3 vol-d7340cbb pending 2012-03-25T02:05:43+0000 462281317311 20 UEK2 AMI creation point
- Check when it’s completed
[marc@shakybox2 tmp]$ ec2-describe-snapshots snap-b94519c3 SNAPSHOT snap-b94519c3 vol-d7340cbb completed 2012-03-25T02:05:43+0000 100% 462281317311 20 UEK2 AMI creation point
- Register the snapshot, effectively creating an AMI image. This is a long command and cannot be changed once created, so it deserves some explanation
-n: user-provided unique name
-a: architecture, which must match the 64-bit kernel
-d: description, a text description
–root-device-name: this maps to the “root” parameter given to the PVGRUB bootloader
-b: block mapping. There are two here: one pointing to the root volume snapshot we just created, and one on non-permanent storage we’ll use for swap
–kernel: This kernel is actually a stub kernel running PVGRUB, a bootloader that loads the UEK2 kernel from the root drive. This particular kernel is for a 64-bit unpartitioned image in the us-east region.
The kernel ID is a generic 64-bit AMazon PVGRUB kernel for the US-East region
[marc@shakybox2 tmp]$ ec2-register -n UEK2-AMI -a x86_64 -d "AMI using the Oracle Linux UEK2 kernel" --root-device-name /dev/sda -b /dev/sda=snap-b94519c3 -b /dev/sdb=ephemeral0 --kernel aki-427d952b IMAGE ami-c39f41aa
- Now for the moment of truth: launch a VM based on the newly-created AMI
[marc@shakybox2 tmp]$ ec2-run-instances -k marc-aws -n 1 -t m1.medium ami-c39f41aa RESERVATION r-19b0167a 462281317311 default INSTANCE i-5688ab32 ami-c39f41aa pending marc-aws 0 m1.medium 2012-03-25T00:08:10+0000 us-east-1d aki-427d952b monitoring-disabled ebs paravirtual xen sg-5fc61437 default [marc@shakybox2 tmp]$ ec2-describe-instances i-5688ab32 RESERVATION r-19b0167a 462281317311 default INSTANCE i-5688ab32 ami-c39f41aa ec2-23-20-123-219.compute-1.amazonaws.com ip-10-62-98-125.ec2.internal running marc-aws 0 m1.medium 2012-03-25T02:08:10+0000 us-east-1d aki-427d952b monitoring-disabled 23.20.123.219 10.62.98.125 ebs paravirtual xen sg-5fc61437 default BLOCKDEVICE /dev/sda vol-d59aa2b9 2012-03-25T00:08:28.000Z true [marc@shakybox2 tmp]$ ec2-create-tags --tag="Name=UEK2 Test Instance" i-5688ab32 TAG instance i-5688ab32 Name UEK2 Test Instance
ssh’ing into the machine, we can confirm it’s running the UEK:
[root@ip-10-62-98-125 ~]# uname -a Linux ip-10-62-98-125 2.6.39-100.5.1.el6uek.x86_64 #1 SMP Tue Mar 6 20:26:00 EST 2012 x86_64 x86_64 x86_64 GNU/Linux
Adding swap
Oracle’s pre-installation steps require swap space. Since Amazon EBS charges for storage by the GB, it makes little sense to pay for persistent storage for swap. The alternative is to use transient storage for this. Since at boot time we can’t be guaranteed of a state it’s safest to zero it out and to create swap at that point. We set aside some space on /dev/sdb (which maps to /dev/xvdb since the Oracle UEK kernel doesn’t to the drive mapping that the Amazon kernel does).
We’ll create a startup script to run in rc.local, the last point in the startup. It will take a while to run, but since sshd and other system services will already be running, it shouldn’t slow down the startup of any other processes.
cat > /usr/local/sbin/add-swap.sh <<EOF
#!/bin/bash
VOL=\${1-/dev/xvdb}
SIZE=\${1-2097152}
dd if=/dev/zero of=\$VOL bs=\${SIZE}k count=1 && mkswap \$VOL \$SIZE && swapon \$VOL
EOF
chmod +x /usr/local/sbin/add-swap.sh
echo "/usr/local/sbin/add-swap.sh /dev/xvdb 2097152" >> /etc/rc.d/rc.local
Troubleshooting
There aren’t a whole lot of troubleshooting tools in EC2, especially compared to something like Oracle databases. There is one invaluable tool to debug AMI builds though: the console output. It usually takes several minutes to appear, but it can help determine what went wrong when an instance is inaccessible.
[marc@shakybox2 tmp]$ ec2-get-console-output i-76634012
It was particularly frustrating to get GRUB to find the root devices; when it can’t find them it just displays a grubdom> prompt without error message. The official documentation recommends a –rootdevice of /dev/sda1 (rather than /dev/sda) and hd00 kernel aki-4e7d9527 but I couldn’t get these to work. It might be because there is no partition table on the root disk, but without access to the interactive grub interface or more diagnostic output I can’t know for sure.
References
Amazon docs for use specified kernels
Jonathan Hui’s blog post about creating CentOS images from scratch
Amazon docs on how to launch images from snapshots
Wim Coakearts’ blog post on using public-yum.oracle.com
Coming up: the actual Oracle database software install
Hi Mark,
I think there is an error in the bullet points at the top. Transmit Packet Steering (XPS) is for outbound traffic rather than “incoming network traffic”, which is handled by Receive Packet Steering (RPS) introduced in UEK release 1.
Martin
Sorry for the incorrect spelling of your name!
@Martin, oops, I did mean to say outgoing. Fixed.
Marc
Pingback: Using Oracle VM with Amazon EC2 | The Pythian Blog
Hi Mark,
I’m just curious, but given Oracle’s cautious certification policy, are you sure that UEK 2 is supported for Oracle 11.2? The way I read it was supported on “UEK”, which in my opinion relates to the kernel shipped, installed and booted on by default on OL 6 by default based on 2.6.32.
Martin
Hi Martin,
I checked on MOS and the cert docs are up, and it looks like you’re right: currently supported for UEK version 1 only. Thanks! I’ve added an update to the post.
Marc
Hi Mark,
shortly after I posted my comment, I saw that Oracle have used UEK2 for another tpc-c benchmark on a x4800 M2. Obviously it’s faster than the one with UEK 1 :) See https://blogs.oracle.com/wim/entry/4_8m_wasn_t_enough for more
Makes me hope we get UEK 2 soon.
Martin
I got this to mostly work for OL5.x but ran into a couple gotchas. But the one that got me the worst was the fstab step doesn’t have /dev/pts (which should break 6.x ssh as well).
I also had to mkinitrd and add xenblk and xennet as well.
Thanks Chad. I’m sure other readers encountering the same issues will appreciate the input.
Marc
I just cannot seem to get this to work – all the steps run fine, I create the snapshot and the ami from this but when i launch it the system log is just black and it fails the startup check – I used kernel ‘aki-4feec43b ec2-public-images-eu/pv-grub-hd0-V1.01-x86_64.gz.manifest.xml’ which is the EU version of the pygrub you use. Are the steps Chard refers to above needed? thanks
im wrong it booted fine – i just cannot connect to it… i assume the xennet stuff Chad was refering to was only for OEL5?
Hi Martin,
One of the drawbacks of AWS is that there’s no local console, so if networking config is messed up you need to attach the EBS volume to a working instance in the same zone, and troubleshoot from there. Just a shot in the dark though: have you set up the security groups? The default security group, unless modified, won’t allow any incoming connections, including SSH.
Marc