[nycbug-talk] First Look At Solaris 10

Inker, Evan EInker
Fri Feb 25 11:56:03 EST 2005

First Look At Solaris 10 	

Last update:  02-25-2005	
Sun Microsystems has recently released Solaris 10. It is currently free, as
in beer, and most of it is promised to be released under an OSI approved
license in the second quarter of 2005. Most everyone reading this probably
knows all of that. The release and subsequent open sourcing of Solaris 10
has caused quite an uproar in the Open Source community and the IT industry
as a whole. Linux advocates have been fighting Solaris advocates on forums
across the Internet. The zealotry and misrepresentation from both sides has
been really quite impressive. However, I am a BSD user. I am not on either
side and will do my best to allow neither zealotry nor misrepresentation
into this review. 

Please continue reading after you have stopped laughing. 

All political issues aside, Solaris 10 is a very impressive OS. It has some
features no other operating system can claim and some that are not
necessarily new, but have been implemented in an excellent way. This is not
to say it is perfect. There are definitely things I dislike and areas that
seem quite unpolished.

One of those aforementioned unpolished areas is the installation routine. It
can be assumed that Solaris will not be installed by a novice. Even so, the
Solaris install is painful and brings with it memories of Windows 2000
installs of old. This is not because its difficult, it is not. The
installation is simply unwieldy. My main complaints are the following: 

*	You must partition, install a small base system and reboot to finish
the install. I expect an OS to be installable without a reboot. 

*	For the first section of the install there is a web browser in the
background, but for unknown reasons there is no browser in the second

*	You have to switch CD's during the install, which is fine, but you
can't just switch and walk away. You have to wait for it to read the CD and
display another screen and then press next. There is probably a reason for
this, but I just find it annoying. 

Issues like these make the installation routine seem unfinished and just
don't fit with the overall quality of the OS.

Upon booting Solaris for the first time, you are greeted by dtlogin. This is
the default graphical login manager for Solaris and plainly has CDE roots.
At this point, there is a drop-down menu in which you can choose to go back
to a console login or choose which wm/dm to enter, both CDE and JDS3 are
options. I am sure CDE has many great features and I know that some people
love it. However, I am not one of them. JDS3 on the other hand is a nicely
polished GNOME desktop. The theme and general feel is much improved over
Sun's earlier versions. Nothing is very remarkable about JDS3, except
network browsing. I have never seen any GNOME desktop do as well with
windows and NIX network browsing.

There are things I dislike about JDS. As a media player, Sun has chosen the
"Java Media Player." This program has no redeeming factors. XMMS or
Rhythmbox would be much better choices. They also tapped Mozilla to be the
web browser, not Firefox. With FF gaining more and more attention, this
choice makes very little sense to me. However, those are my only complaints
about JDS3 and they are small ones.

Nobody is considering Solaris 10 because of JDS3 or its installation
routine. They are looking at it because of new features like DTrace, Zones
and the new Service Management Framework. Indeed, it has been quite awhile
since we have seen a release of any OS with as many large features as
Solaris 10.


One of the main new features in Solaris 10 is DTrace, a dynamic
instrumentation system. DTrace consists of a scripting language, named D
(not to be confused with the fledgling  <http://www.digitalmars.com/d/> D
Programming Language), and loadable kernel modules named "providers." When
called upon, these "providers" track and report system information. DTrace
has several features that separate it from other similar systems: 

*	It is dynamic. DTrace has no effect on system performance when not
in use. Only those providers that are needed by a particular command are
loaded and used. This means if you want to collect data on the scheduler,
DTrace will not be collecting data on the IO system as well. This greatly
improves performance over those systems that collect a huge amount of
unneeded data. 

*	It can instrument both the kernel-level and user-level. 

*	It is safe. DTrace will not allow you to damage the system through
its use. Some may find the idea of anything being "totally safe" rather
amusing. However, this appears to be true. Time will tell if it holds up,
but for the moment I have no evidence to the contrary. 

*	It is adaptable. DTrace really is more a scripting language then it
is a tool like truss or top. This has its downside and upside. The
disadvantage is that it is not a small thing to learn. Most will probably
never use DTrace directly, but instead use programs written in D. There are
already some of these and there will eventually be many more. The advantage
to this is that its not limited like top or truss. Supposedly the test of a
well-designed program is that people use it for things the author never
thought of. DTrace passes this test with flying colors.

DTrace will inevitably be compared to similar systems. These include The
Linux Trace Toolkit (LTT) and Dprobes. These systems may grow into something
equivalent to DTrace, but at the moment they are not even close. LTT is not
dynamic and has only around 45 points of instrumentation to avoid a large
performance penalty. Comparing that to Dtrace: 

	# DTrace -l | wc -l

Dprobes is much more advanced, but has problems as well. It is dynamic, but
lacks some of the advanced features of the D language and is not safe. You
can definitely bring down a machine with a badly written Dprobes script. It
also supposedly performs poorly on multiple CPUs. 

One interesting DTrace script I found is seeksize.d. This script tracks the
offset value of seek requests to the discs, per process. I have never been
able to see this information before and it is really quite interesting,
although somewhat shocking. The script was written by Brendan Gregg, who has
produced many DTrace scripts that review system information from shell use
to socket statistics. [ <http://users.tpg.com.au/adsln4yb/dtrace.html>


If you have used FreeBSD Jails, Solaris Zones are going to sound very
familiar. They are based on the same basic concept. Both can be considered
somewhat like a heavy-duty chroot. Each Zone or Jail is a virtual OS,
complete with IP address, separate configuration and even a separate package
DB (zones can also share a DB). Now, this may seem like exactly what
UserModeLinux or Xen do, but it isn't. The difference is that all the
Zones/Jails share one kernel. 

In Xen or UML, the sub-machines are full OS's, kernel and all. They run on
vm-like layer over the actual kernel. The advantage to this is security; it
is very difficult to break out of a virtual server setup in this way. The
disadvantage is speed; running all these different kernels has a large
performance hit. This is why FreeBSD Jails were thought of in the first
place and Sun has gone that direction with Zones. 

It is theoretically possible to break out of a Jail or Zone. In fact, there
have been security vulnerabilities in the past that allow processes to do
just that. It is of course up to the System Administrator to balance these
issues. Personally, I would rather be able to run a large number of
Jails/Zones and take the minimal security risk.

Service Management Framework

SMF (The Service Management Framework) is Solaris 10's replacement for the
aged sysV init. I have mixed feelings about SMF. It is definitely a step
forward, but it adds a level of complexity that was not there before. The
idea behind it is fairly simple and SMF can be logically split into several

*	Startups scripts. These are very like the normal scripts you see in
every UNIX implementation 

*	XML manifests. This is where things get different. Every service has
an XML file that holds information about the service. What other services
does it depend on? What services does it not depend on, but are recommended?
All these relationships and more are stored in the manifests. 

*	svcs. The svcs command is one of the main interfaces to SMF. It can
tell you what services are started, which are stopped and even what services
failed to start and why. For example, if service A depends on service B and
you have stopped service B, svcs might tell you that service A has failed
because service B is stopped. 

*	svcadm. This is the administrative tool for SMF. You can add,
delete, stop and start services here. 

*	init. The init systems works a bit differently on Solaris 10 because
of all this. If a service fails to start or crashes, it will be restarted.
Also, if you stop a service that another service depends on, that service
will also be stopped. Likewise, if you start a service that depends on
several others, they will all be started. Also, the dependency system allows
init to start multiple services in parallel.

My concern about SMF is that its not as transparent as a system like rc.d on
NetBSD/FreeBSD or even the old sysV init. It is still fairly easy to
understand, but there is a level of "magic" that wasn't there before. Maybe
my concerns are baseless? I don't know. It will be interesting to watch how
users react to the new system.

Along with new features, there have been improvements made to the general
OS, many having to do with speed. Solaris has been given the nickname
"Slowlaris" in the past. With Solaris 10, Sun has worked hard to make that
name no longer applicable. 

One of the areas where Solaris needed improvement was the network stack. I
have no experience with it personally, but apparently the old version was
not a great performer, especially on multiple CPUs. Sun has decided to fix
this Old-Testament style. Solaris 10 features an entirely new stack named
FireEngine. Built to improve performance and prepare for future networking
technology (faster Ethernet), FireEngine includes some very interesting
threading technology that should reduce resource contention. [3]

Another improvement to Solaris is the X86 support. Solaris has supported
this architecture before, but both speed and stability were sorely lacking.
This has changed with Solaris 10. All the machines I installed Solaris 10 on
were X86 and, besides the obvious sparse driver support, it worked very
well. With Sun committing to the AMD Opteron (an X86-like platform), the
opening of Solaris and the energy Sun has appeared to expend on making X86 a
"tier 1" platform, it can be safely assumed that support for this
architecture isn't going to be disappearing.

The experience of actually using Solaris 10 as a day-to-day OS is rather
interesting. I installed and used 3 versions of Solaris 10, two betas and
the final. I tested them on my laptop, but mostly used them on my desktop
machine. The features of Solaris 10 make it sound like the long lost brother
of sliced bread and, to some extent, I found this to be correct. Solaris 10
can do things no other OS can and its very fast. However, there are some
significant hurdles to using Solaris when you come from Linux or BSD. It is
very different. This cannot be repeated enough. If you have ever made the
switch from Linux to BSD or the other way, you know how little differences
can really make it difficult. In Solaris, the differences are not little.

The first time I booted Solaris, I was a bit worried. It was quite a slow
boot. I had to use this thing while reviewing it and as I watched the login
prompt finally appear, I was starting to wonder if I was going to need a
book while Mozilla started. They have fixed this in the final release, but I
needn't have worried at the time either. The Solaris boot may have been
slow, but thats the only element of the system were that word applied.

I have yet to see a set of benchmarks that everyone likes and I don't have
any skill in that area to begin with. Therefore, I won't be attempting to
give the good reader numbers on Solaris 10's speed. Suffice to say that you
cannot use the OS as a desktop without noticing it. Mozilla starts fast,
GNOME is snappy and and I had at least 5 things compiling while listening to
music with no skipping.

This does not mean all users will find Solaris 10 the gift from god it is
sometimes portrayed as. There are many differences when coming from other
NIX. Some are very minor and some are very not. These differences range from
the purely personally unsettling to build breaking, linker error making
monsters from hell.

The first difference you will notice is that the default shell is the Bourne
shell. Not bash, but the POSIX Bourne shell. Coming from BSD, this wasn't so
shocking. The total lack of a /root directory was rather shocking, but even
that could be understood fairly readily. What I kept coming up against
though, was how many places things were installed. The BSD tools are
installed in /usr/ucb, the GNU tools in /usr/sfw, Solaris development tools
in /usr/ccs, /usr/X11 contains Xorg and /usr/X contains openwin. These are
just examples, there are many more. I am not saying this is a bad thing, but
balancing your PATH that much takes getting used to.

Something else you may notice, is an almost total lack of audio drivers.
While I am willing to forgive Solaris for not having a lot of drivers for
X86 because of its youth, the total lack of support in this area is too
glaring to not mention. The Open Sound System supports Solaris and works
very well, but this must be addressed at some point. X86 Solaris users
should not be forced to go to 4Front to get audio support.

While I am on the subject of drivers, I should mention that hardware support
on X86 is not great. I am convinced this will improve, but for the moment I
would only use Solaris 10 on very common hardware. As for laptops, its not
ready yet. The version of Solaris released to the public does not include
wireless support. However, I gather from the Sun blogs that an internal
build now does include wireless drivers, so this should not be a permanent

A developer will notice other differences with Solaris. While some Open
Source software will choke on BSD or even some Linux distributions, a large
number will blow a fuse on Solaris. Some just require little tweaks to get
working, while others require trench warfare. Both NetBSD's pkgsrc and the
Blastwave ( <http://www.blastwave.org/> www.blastwave.org) software
distribution help to make this tolerable. With the coming OpenSolaris, I
expect this to improve as they attract more developers.

Speaking of developers, there are many goodies hidden in Solaris 10 that may
lure them over. Obviously, DTrace has the potential to greatly help
developers, but there are other utilities that are also very useful. One
thing I found while looking for a Solaris alternative to valgrind was mdb
and libumem. Mdb is the Solaris Modular Debugger and is exactly what it
sounds like. Libumem is a user-land slab allocator[4] introduced in Solaris
9. What is interesting is that these two tools work together. [5]

This is how it works. The developer compiles his/her code like normal, but
instead of executing it with a debugger s/he sets some environment


then executes the code. The developer tests it out like normal, but then
opens up another terminal, uses gcore to to get a core dump of the program
and uses MDB to examine the core dump. MDB will then let you find memory
leaks, browse stacks, find corrupt buffers and even double frees. More info
about libumem and MDB is available here:

There are many little tools like this hidden all over Solaris. The pTools
are another prime example of this. These are a set of utilities that extract
information from the /proc file system. Among other things, these tools

*	prstat: a replacement for top 

*	pldd: prints the dynamic libs linked into running processes
(including those added with dlopen) 

*	pwdx: prints the cwd of the given process 

*	pstop: stops the given process 

*	prun: the reverse of pstop

There is also the Solaris Management Console, a "toolbox" of administration
utilities such as user management, patch management and performance
monitoring. There are too many of these little utilities and small features
hidden throughout the system to mention or simply find. 

In conclusion...

Solaris 10 is a rather amazing OS. I learn quickly, but I was hard pressed
to even tap the surface of Solaris. It is very fast, has new features that
are revolutionary and old features that are not very well known, but deserve
to be. Its hardware support could, and I think will, be improved, some
software will be difficult to compile and it can be difficult to use at
times when coming from other NIX. However, any relatively knowledgeable user
should give it a shot. You may be impressed. 


	1.  <http://www.sun.com/bigadmin/content/dtrace/dtrace_usenix.pdf>
2.  <http://www.opersys.com/LTT/documentation.html>
3.  <http://www.sun.com/bigadmin/xperts/sessions/11_fireengine/>
4.  <http://srl.cs.jhu.edu/courses/600.418/SlabAllocator.pdf>
5.  <http://access1.sun.com/techarticles/libumem.html>

Certain sites really helped in writing this. In no particular order these

	BigAdmin:  <http://www.bigadmin.com/> www.bigadmin.com
The Blog of Ben Rockwood:  <http://www.cuddletech.com/blog/index.php>
PlanetSolaris:  <http://www.planetsolaris.org/> www.planetsolaris.org
BlastWave:  <http://www.blastwave.org/> www.blastwave.org

Written by  <mailto:narayannewton at _NOSPAM_madpenguin.org> Narayan Newton -
Mad Penguin(tm) Systems Administrator

Sun, Sun Microsystems and Solaris are Registered Trademarks of Sun
Microsystems, Inc. Linux is a Registered Trademark of Linus Torvalds. 


Evan M. Inker  

This message contains confidential information and is intended only 
for the individual or entity named.  If you are not the named addressee
you should not disseminate, distribute or copy this e-mail.  
Please notify the sender immediately by e-mail if you have received 
this e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed, arrive
late or incomplete, or contain viruses.  The sender therefore does not
accept liability for any errors or omissions in the contents of this 
message which arise as a result of e-mail transmission.  
If verification is required please request a hard-copy version.
This message is provided for informational purposes and should not
be construed as an invitation or offer to buy or sell any securities or
related financial instruments.
GAM operates in many jurisdictions and is 
regulated or licensed in those jurisdictions as required.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.nycbug.org/pipermail/talk/attachments/20050225/9e4b85c5/attachment.html 

More information about the talk mailing list