IBM AIX Continuous Availability Features - IBM Redbooks

More documents

Recommendations

Info

The PowerPC hardware gives software a mechanism to efficiently change storage accessibility. Storage-keys are exploited in both kernel-mode and user-mode APIs. In kernel-mode, storage-key support is known as kernel keys. The APIs that manage hardware keys in user mode refer to the functionality as user keys. User key support is primarily being provided as a reliability, availability and serviceability (RAS) feature for applications. The first major application software to implement user keys is DB2. In DB2, user keys are used for two purposes. Their primary purpose is to protect the DB2 core from errors in user-defined functions (UDFs). The second use is as a debug tool to prevent and diagnose internal memory overlay errors. But this functionality is available to any application. DB2 provides a UDF facility where customers can add extra code to the database. There are two modes that UDFs can run under, fenced and unfenced, as explained here: ► In fenced mode, UDFs are isolated from the database by execution under a separate process. Shared memory is used to communicate between the database and UDF process. Fenced mode does have a significant performance penalty, because a context switch is required to execute the UDF. ► An unfenced mode is also provided, where the UDF is loaded directly into the DB2 address space. Unfenced mode greatly improves performance, but introduces a significant RAS exposure. Although DB2 recommends fenced mode, many customers use unfenced mode for improved performance. Use of user keys must provide significant isolation between the database and UDFs with low overhead. User keys work with application programs. They are a virtualization of the PowerPC storage key hardware. User keys can be added and removed from a user space AMR, and a single user key can be assigned to an application’s memory pages. Management and abstraction of user keys is left to application developers. The storage protection keys application programming interface (API) for user space applications is available in AIX V5.3 TL6 and is supported on all IBM System p POWER6 processor-based servers running this technology level. Kernel keys are added to AIX as an important Reliability, Availability, and Serviceability (RAS) function. They provide a Reliability function by limiting the damage that one software component can do to other parts of the system. They will prevent kernel extensions from damaging core kernel components, and provide isolation between kernel extension classes. Kernel keys will also help to provide significant Availability function by helping prevent error propagation—and this will be a key feature as AIX starts to implement kernel error recovery handlers. Serviceability is enhanced by detecting memory addressing errors closer to their origin. Kernel keys allow many random overlays to be detected when the error occurs, rather than when the corrupted memory is used. With kernel key support, the AIX kernel introduces the concept of kernel domains and private memory access. Kernel domains are component data groups that are created to segregate sections of the kernel and kernel extensions from each other. Hardware protection of kernel memory domains is provided and enforced. Also, global storage heaps are separated and protected. This keeps heap corruption errors within kernel domains. There are also private memory keys that allow memory objects to be accessed only by authorized components. Besides the Reliability, Availability and Serviceability benefits, private memory keys are a tool to enforce data encapsulation. 22 IBM AIX Continuous Availability Features
Kernel keys are provided in AIX V6.1. Kernel keys will be a differentiator in the UNIX market place. It is expected that AIX will be the only UNIX operating system exploiting this type of memory protection. 2.3 System serviceability IBM has implemented system serviceability in AIX to make it easier to perform problem determination, corrective maintenance, or preventive maintenance on a system. 2.3.1 Advanced First Failure Data Capture features First Failure Data Capture (FFDC) is a serviceability technique whereby a program that detects an error preserves all the data required for subsequent analysis and resolution of the problem. The intent is to eliminate the need to wait for or to force a second occurrence of the error to allow specially-applied traps or traces to gather the data required to diagnose the problem. The AIX V5.3 TL3 package introduced these new First Failure Data Capture (FFDC) capabilities. The set of FFDC features is further expanded in AIX V5.3 TL5 and AIX V6.1. These features are described in the sections that follow, and include: ► Lightweight Memory Trace (LMT) ► Run-Time Error Checking (RTEC) ► Component Trace (CT) ► Live Dump These features are enabled by default at levels that provide valuable FFDC information with minimal performance impacts. The advanced FFDC features can be individually manipulated. Additionally, a SMIT dialog has been provided as a convenient way to persistently (across reboots) disable or enable the features through a single command. To enable or disable all four advanced FFDC features, enter the following command: smitty ffdc This specifies whether the advanced memory tracing, live dump, and error checking facilities are enabled or disabled. Note that disabling these features reduces system Reliability, Availability, and Serviceability. Note: You must run the /usr/sbin/bosboot command after changing the state of the Advanced First Failure Data Capture Features, and then reboot the operating system in order for the changes to become fully active. Some changes will not fully take effect until the next boot. 2.3.2 Traditional system dump The system dump facility provides a mechanism to capture a snapshot of the operating system state. A system dump collects the system's memory contents and provides information about the AIX kernel that can be used later for expert analysis. After the preserved image is written to the dump device, the system will be booted and can be returned to production if desired. The system generates a system dump when a severe error occurs, that is, at the time of the system crash. Chapter 2. AIX continuous availability features 23
Page 1: Front cover IBM AIX Continuous Avai
Page 4 and 5: Note: Before using this information
Page 6 and 7: 2.3.7 Minidump . . . . . . . . . .
Page 8 and 9: vi IBM AIX Continuous Availability
Page 10 and 11: Trademarks The following terms are
Page 12 and 13: Engineering degree in Computer Scie
Page 14 and 15: Find out more about the residency p
Page 16 and 17: 1.1 Overview In May 2007, IBM intro
Page 18 and 19: 1.5 Continuous operations Continuou
Page 20 and 21: 1.6.2 Availability 1.6.3 Serviceabi
Page 22 and 23: IBM has tried to enhance FFDC featu
Page 24 and 25: 10 IBM AIX Continuous Availability
Page 26 and 27: 2.1 System availability AIX is buil
Page 28 and 29: On AIX 5.3, the only way to persist
Page 30 and 31: When used on a standalone server (s
Page 32 and 33: mirrored volume group on the client
Page 34 and 35: 2.2.1 Error checking Run-Time Error
Page 38 and 39: System dumps can also be user-initi
Page 40 and 41: Live dumps are small dumps that do
Page 42 and 43: Trace is a valuable tool for observ
Page 44 and 45: Component Trace uses mechanisms sim
Page 46 and 47: 2.3.14 syslog To display the boot l
Page 48 and 49: Logging can be added to many of the
Page 50 and 51: compression: on path specification:
Page 52 and 53: 2.4.4 EtherChannel network traffic
Page 54 and 55: 2.4.6 2-Port Adapter-based Ethernet
Page 56 and 57: operations) without affecting produ
Page 58 and 59: Quorum A quorum is a vote of the nu
Page 60 and 61: 2.5.8 Journaled File System-related
Page 62 and 63: Fast I/O failure is controlled by a
Page 64 and 65: display its output in a format suit
Page 66 and 67: For more detailed information about
Page 68 and 69: 54 IBM AIX Continuous Availability
Page 70 and 71: 3.1 AIX Reliability, Availability,
Page 72 and 73: This means that traditional AIX sys
Page 74 and 75: used by IBM service personnel, so t
Page 76 and 77: also be used to obtain a snapshot o
Page 78 and 79: 3.5 Live dump and component dump Li
Page 80 and 81: lfs filesystem ._0 | NO | ON/3 | OF
Page 82 and 83: .vmker | YES | ON/3 | OFF/3 .vmpool
Page 84 and 85: The output of Start a Live Dump is
Page 86 and 87:
Table 3-3 Concurrent update termino
Page 88 and 89:
We tested the installation of an ef
Page 90 and 91:
Setting efix state to: STABLE +----
Page 92 and 93:
mode, storage keys are called user
Page 94 and 95:
Example 3-19 shows the SMIT menu fo
Page 96 and 97:
might share a given hardware key. M
Page 98 and 99:
KKEY_UPUBLIC, KKEY_FILE_DATA KKEY_U
Page 100 and 101:
Note: Kernel keys and keysets, whic
Page 102 and 103:
extension key-aware is determining
Page 104 and 105:
added a protection gate for the int
Page 106 and 107:
} printf("hardware keyset after KER
Page 108 and 109:
} param=atoi(*(argv+1)); printf("Te
Page 110 and 111:
Load the kernel extension so that a
Page 112 and 113:
3 : 000000000000000A r4 : F10006C00
Page 114 and 115:
3.7.7 User mode protection keys Use
Page 116 and 117:
► The APIs provided by the system
Page 118 and 119:
if (!strcmp(*(argv+1),"read")){ if
Page 120 and 121:
strlen() at 0xd010da00 _doprnt(??,
Page 122 and 123:
int pthread_attr_setukeyset_np (pth
Page 124 and 125:
Machine State Save Area iar : 00000
Page 126 and 127:
As a consequence, determining the r
Page 128 and 129:
A Vue script or Vue program is a pr
Page 130 and 131:
► An optional predicate The predi
Page 132 and 133:
3. Interval probe manager The inter
Page 134 and 135:
{ int count; count = count +1; prin
Page 136 and 137:
► Errno names ► Signal names
Page 138 and 139:
* will result in error out of read(
Page 140 and 141:
This places a large part of the bur
Page 142 and 143:
Note: The frequency of checks made
Page 144 and 145:
Non-fragments 00000066 Promotions 0
Page 146 and 147:
immediately after the returned stor
Page 148 and 149:
This option should be used with car
Page 150 and 151:
3.9.6 KDB commands for XMDBG ► xm
Page 152 and 153:
138 IBM AIX Continuous Availability
Page 154 and 155:
Name AIX version Hardware required
Page 156 and 157:
Page 158 and 159:
Page 160 and 161:
Online resources These Web sites ar
Page 162 and 163:
sysdumpdev 27 tprof 28 trace 28 trc
Page 164:
subsequent reboot 71, 133 SUE 18 Sy
show all

IBM AIX Continuous Availability Features - IBM Redbooks

Create successful ePaper yourself

Delete template?

Save as template?