The event, held on 11th December 2018, was a technical presentation about running MS SQL Server 2017 on Linux. We started off by using containers and proceeded in looking at High Availability and Data Protection, more specifically:
- Supported features & Linux differences
- Installing SQL Server on a Linux Container
- Accessing SMB 3.0 shared storage using Samba
- Setting up a Fail over Cluster using Pacemaker
- Setting up AlwaysOn Availability Groups using Pacemaker
- Authenticating to SQL Server using AD Authentication
- Setting up Read-Scale Cross-Platform Availability Groups
https://techspark.mt/sql-server-on-linux-11th-december-2018/
2. Agenda
• Supported features & Linux differences
• Installing SQL Server on a Linux Container
• Accessing SMB 3.0 shared storage using Samba
• Setting up a Failover Cluster using Pacemaker
• Setting up Availability Groups using Pacemaker
• Authenticating to SQL Server using AD Authentication
• Setting up Read-Scale Cross-Platform Availability Groups
3. SQL Server on the platform of your choice
• Windows Server / Windows 10
• Docker: Windows and Linux
containers
• Linux distributions: Red Hat
Enterprise Linux (RHEL), Ubuntu, and
SUSE Linux Enterprise Server (SLES)
Linux
Docker Container
Windows
4. 1TB TPC-H non-clustered world record
benchmark
Great performance
Great value
$0.64
$0.47
SQL Server 2016
on Windows
SQL Server 2017 on SUSE
Linux Enterprise Server
678,492
1,009,065
SQL Server 2016
on Windows
SQL Server 2017 on SUSE
Linux Enterprise Server
Read the performance brief at hpe.com/servers/benchmarks.
Microsoft and Windows are U.S. registered trademarks of Microsoft Corporation. Red Hat, Red Hat Enterprise Linux, and the Shadowman logo are registered trademarks of Red Hat, Inc. Linux is a registered trademark of
Linus Torvalds. Intel and Xeon are trademarks of Intel Corporation in the U.S. and other countries. TPC and TPC-H are trademarks of the Transaction Processing Performance Council. TPC-H results show the HPE
ProLiant DL380 Gen10 with a result of 1,009,065 QphH @ 1000GB and $0.47/QphH USD with system availability as of 02-28-18 (results published 11-17-2017; see www.tpc.org/3331); the HPE ProLiant DL380 Gen9 with a
result of 678,492 QphH @1000GB and $0.64/QphH @ 1000GB with system availability as of 07-31-2016 (results published 03-24-2016; see tpc.org/3320). The TPC believes that comparisons of TPC-H results published
with different scale factors are misleading and discourages such comparisons. Please see tpc.org for up-to-date information. Competitive claims valid as of 04-19-2017.
$/Query per hour ($/QPHH)
Query per hour (QPHH)
6. Making SQL Server run on Linux
Introducing SQL PAL - Platform Abstraction Layer
7. SQLOS + Drawbridge = SQLPAL
• Drawbridge a research prototype kicked off in 2011 intended to reduce
virtualization resource overhead of hosting multiple Virtual Machines.
• Library OS implemented host Application Binary Interface (ABI) for
address space & memory management, host synchronization, and IO.
• Capable of hosting other Windows components such as CLR & MSXML.
https://cloudblogs.microsoft.com/sqlserver/2016/12/16/sql-server-on-linux-how-introduction/
• SQLOS introduced in SQL Server 2005 as a layer between the SQL
Server and Windows.
• Handled user mode thread scheduling, memory management,
synchronization.
• Provided: Dynamic Management Views & Extended Events.
8. SQL Platform Abstraction Layer (SQLPAL)
a Cross-platform architecture
https://www.slideshare.net/TravisWright4/sql-server-2017-overview-and-partner-opportunities
9. What is it about?
Supported Platforms
Un/Supported Features
System Requirements
10. Supported platforms
Unofficially: CentOS 7, Debian 8+, Fedora 24+ and possibly others.
https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-setup?view=sql-server-2017
Platform Supported versions Supported file systems
Red Hat Enterprise Linux 7.3 or 7.4 XFS or Ext4
SUSE Linux Enterprise Server v12 SP2 Ext4
Ubuntu 16.04 Ext4
Docker Engine (on Windows, Mac,
or Linux)
1.8+ N/A
12. Unsupported Features on Linux
https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-release-notes?view=sql-server-2017#Unsupported
• AD Authentication for Linked Servers
• AD Authentication for AGs
13. SQL Server on Linux investment roadmap
• SQL Server Agent transaction replication*
• Machine Learning Services in R & Python*
• PolyBase on Linux
• HA on Containers and Kubernetes*
• AD authentication for Linked Servers
• AD authentication for AGs
• Distributed Transactions (DTC)*
• 3rd party AD tools like Centrify*
* Supported in SQL Server 2019 Preview
https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-container-ha-overview?view=sql-server-ver15
14. System minimum requirements
• Memory 2 GB
• File System XFS or EXT4
• Disk space 6 GB
• Processor speed 2 GHz
• Processor cores 2 cores
• Processor type x64-compatible only
https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-setup?view=sql-server-2017
16. Install SQL Server in a Docker Container
# Download Image
docker pull mcr.microsoft.com/mssql/server:2017-latest
# Run Container
docker run --name sql1 `
-e "ACCEPT_EULA=Y" `
-e "SA_PASSWORD=Pa55.wrd" `
-e "MSSQL_PID=Developer" `
-p 1433:1433 `
-d mcr.microsoft.com/mssql/server:2017-latest
NB: SQL Server on Linux container images are based on Ubuntu 16.04 LTS and SQL Server for Linux.
https://hub.docker.com/r/microsoft/mssql-server/
21. Memory requirements & Usage
• My lab runs on 2210 MB of RAM.
• SQL Server uses 1532 MB of RAM.
22. Installation folders & basic commands
• SQL Server runtime and associated
libraries:
• /opt/mssql/bin/
• /opt/mssql/lib/
• Data files SQL Server databases:
• /var/opt/mssql/data/
• Log files
• /var/opt/mssql/log/
• systemctl is used to manage services:
• status
• start
• stop
• restart
• mssql-conf is a configuration script
that installs with SQL Server 2017.
24. mssql-conf
# Change default directories
/opt/mssql/bin/mssql-conf set filelocation.defaultdatadir /var/opt/mssql/userdata
/opt/mssql/bin/mssql-conf set filelocation.defaultlogdir /var/opt/mssql/userdata
# Enable Availability Groups
/opt/mssql/bin/mssql-conf set hadr.hadrenabled 1
# Reset SA password
/opt/mssql/bin/mssql-conf set-sa-password
# Change Server Collation – It also rebuild system database objects!
/opt/mssql/bin/mssql-conf set-collation
NB: Some settings can only be set whilst the service is switched off
https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-configure-mssql-conf?view=sql-server-2017
25. Install SQL Server Agent
• For Versions 2017 CU3 and below – Install Package
• yum install –y mssql-server-agent
• For Versions 2017 CU4 and above – Enable Setting
• /opt/mssql/bin/mssql-conf set sqlagent.enabled true
https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-setup-sql-agent?view=sql-server-2017
29. AG & FCI Configurations : Linux vs Windows
https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-ha-basics?view=sql-server-2017
30. HA Differences – Clustering Layer
• WSFC – Windows Server Failover Cluster
• Highly integrated with SQL Server – Separate SQL Installation Option.
• SQL FCI created as a clustered resource.
• SQL Server knows WSFC state information.
• SQL AG Failover done from SQL.
• External – Pacemaker
• Not coupled as WSFC.
• SQL installed per node, FCI managed as a single instance.
• SQL Server not aware about clustering layer.
• SQL AG Failover done from PCS.
31. HA Requirements - Pacemaker
• All of the currently supported distributions ship a high availability add-
on/extension, which is based on the Pacemaker clustering stack.
• This stack incorporates two key components: Pacemaker and Corosync. All the
components of the stack are:
• Pacemaker – A cluster resource manager that coordinates cluster resources and services.
• Corosync – A set of APIs that provides cluster membership and messaging capabilities.
• pcs – The Pacemaker Configuration System.
• libQB – A library that provides high performance logging, tracing, ipc, and poll.
• Resource agent – Support application integration through Open Cluster Framework.
• Fence agent – Assist in isolating nodes and deal with them if they are having issues.
https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-ha-basics?view=sql-server-2017#ha-add-onextension-basics
32. HA Requirements - Resource Agents
https://github.com/Microsoft/mssql-server-ha
33. HA Requirements - STONITH
• Pacemaker requires STONITH (Shoot The Other Node In The Head) to
automatically power down a node that is not working correctly.
• Hyper-V does not have a solution for STONITH. This also impacts Azure-based
Pacemaker deployments using certain distributions such as RHEL.
• Thus, might be forced to disable it.
https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-ha-basics?view=sql-server-2017#quorum-fence-agents-and-stonith
34. Pacemaker Configuration
• migration-threshold=N
• resource will be banned from the original node after N failures.
• failure-timeout=Xs
• resource can move back after X seconds.
• start-failure-is-fatal=true
• Default is true. A START failure sets fail count to INFINITY and forces a move.
• Set to false to retry a start on the same node.
• stonith-enabled=true
• When true, a STOP error will fence the node to bring it down.
• When false, a STOP command fails, a STOP will be retired on failure-timeout.
https://clusterlabs.org/pacemaker/doc/en-US/Pacemaker/1.1/html/Pacemaker_Explained/_failure_response.html
35. Pacemaker Commands
• pcs cluster auth Authenticate nodes
• pcs cluster setup Link nodes together
• pcs cluster start/stop Control nodes
• pcs property set Configure pcs settings
• pcs resource show Show configured resources
• pcs resource create Add new resources to pcs
• pcs status Show cluster status
• pcs resource move Failover resources between nodes
• pcs cluster destroy Remove cluster
36. HA Differences – AG Listener
• The listener is an optional functionality for an AG. It provides a single point of entry for all connections:
• read/write to the primary replica.
• read-only to secondary replicas.
• In a WSFC, this is the combination of a network name resource and an IP resource:
• Creates a Computer object in AD DS.
• Registers DNS record automatically.
• The listener under Linux is configured differently, but its functionality is the same:
• Pacemaker has no concept of a “network name resource”.
• No object is created in AD DS.
• DNS needs to be registered manually.
• Based on AG cluster type the listener’s IP should
• External – match the IP assigned to the pacemaker resource.
• None – be that assigned to the primary replica.
https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-availability-group-overview?view=sql-server-2017#the-listener-under-linux
38. FCI & Shared Storage
• A Failover Cluster Instance requires storage
that can be accessed by all cluster nodes.
• You can use:
• iSCSI – configurable using iscsiadm
• NFS – mount using nfs4
• SMB 3.0 – mount using smbclient
• Configuring shared storage:
1. Install and configure a stand-alone SQL Server
2. Mount shared storage
3. Move system databases to shared storage
https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-shared-disk-cluster-configure?view=sql-server-2017
39. Smbclient & Scale-Out File Server
• Force SMB3.0 by specifying client minimum protocol.
• Use Scale-Out File Server (SOFS) Shared Folders with a minimum of 2-Node Windows
Server 2016 Cluster with shared storage mounted in an Active-Active manner as Cluster
Shared Volume (CSV) to benefit from RDMA, Multichannel, and Transparent Failover.
https://www.petri.com/windows-server-2012-smb-3-scale-out-file-server/sofs
40. Configuring Failover Clusters on Linux
• Linux prerequisites
• Create a pacemaker SQL login
• Create shared storage
• Configure Linux
• Configure samba client
• Mount shared storage
• Move system databases
• Copy machine key
• Create pacemaker password file
• Install pacemaker & dependencies
• Set hacluster password
• Install MSSQL HA
• Configure Firewall
• Configure Pacemaker
• Authenticate Cluster Nodes
• Create Cluster
• Disable STONITH
• Enable Services
• Create storage resource
• Create ip resource
• Create cluster resource
46. Configuring Availability Groups on Linux
Network subnet Network subnet
Storage
Node NodeNodeNodeNode
SQL Server
instance
SQL Server
instance
SQL Server
instance
Always On SQL Server
failover cluster instance
Always On availability group
Instance
network name
Pacemaker
configuration
Pacemaker
configuration
Pacemaker
configuration
Pacemaker
configuration
Pacemaker
configuration
Instance
network name
Instance
network name
Instance
network name
Pacemaker cluster virtual IP
Storage Storage Shared storage
Secondary
replica
DNS name (manual registration)
Secondary
replica
Secondary
replica
Primary
replica
47. New Cluster Types
New to SQL Server 2017 (14.x) is
the introduction of a cluster type
for AGs:
• WSFC – Windows Server Failover
Cluster.
• External – Pacemaker will be used
underneath the AG on Linux.
• None – No cluster manager:
• Only supports manual failover.
• Used for the read-scale scenarios.
https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-availability-group-overview?view=sql-server-2017#cluster-type-and-failover-mode
48. Configuration-only replica and quorum
• A two-node setup is not enough for Availability Groups.
• For an FCI, the quorum mechanisms provided by Pacemaker can be fine because all FCI failover arbitration
happens at the cluster layer.
• For an AG, arbitration under Linux happens in SQL Server, where all the metadata is stored.
• External Availability Groups can maintain quorum and enable automatic failovers by using:
• Three synchronous replicas (SQL Server Enterprise only); or
• Two replicas (primary and secondary) + a configuration only replica.
• A configuration-only replica
• Stores the AG configuration in the master database, same as the other replicas in the AG.
• Does not have the user databases participating in the AG.
• Configuration data is sent synchronously from the primary.
• Can be SQL Server Express to minimize licensing costs and support AGs on 2-node Standard Edition.
https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-availability-group-overview?view=sql-server-2017#configuration-only-replica-and-quorum
49. required_synchronized_secondaries_to_commit
• New to SQL Server 2017 (14.x), this tells the AG the number of secondary replicas
that must be in lockstep with the primary.
• Enables automatic failover when integrated with Pacemaker and a cluster type of
External.
• The behaviour is as follows under Linux:
• 0 - No automatic failover is possible since no synchronized secondary replica is required.
• 1 - One secondary replica must be in a synchronized state; automatic failover is possible. The
primary database is unavailable until a secondary synchronous replica is available.
• 2 - Both secondary replicas in a three or more node AG configuration must be synchronized
with the primary; automatic failover is possible.
https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-availability-group-overview?view=sql-server-2017#configuration-only-replica-and-quorum
50. required_synchronized_secondaries_to_commit
# [centos4]
pcs resource update sqlag required_synchronized_secondaries_to_commit=1
# [centos3]
shutdown now
# [centos4]
Msg 988, Level 14, State 1, Line 11
Unable to access database 'testdb' because it lacks a quorum of nodes for high availability. Try the operation again later.
# [centos4]
pcs resource update sqlag required_synchronized_secondaries_to_commit=0
# [centos4]
Works!
51. Configuring Availability Groups on Linux
• Linux prerequisites
• Configure hosts file
• Enable MSSQL
• Enable MSSQL HA
• Configure Firewall
• Configure SQL Server
• Create Master Key
• Create Login & User per node
• Create, Copy, Restore Certificates
• Create HADR endpoint
• Create & Backup database
• Enable Event Sessions
• Create Availability Group
• Create pacemaker login
• Configure Linux
• Create pacemaker password file
• Install pacemaker & dependencies
• Set hacluster password
• Install MSSQL HA
• Configure Firewall
• Configure Pacemaker
• Authenticate Cluster Nodes
• Create Cluster
• Disable STONITH
• Enable Services
• Create ag resource
• Create ip resource
• Set resource dependencies
55. Setting Active Directory Authentication
• Linux prerequisites
• Install realmd, kerberos, &
dependencies
• Confirm AD is set as DNS Server
• Set hosts file with FQDN
• Configure AD
• Create AD user
• Set Service Principal Name (SPN)
• Add DNS records
• Configure Linux
• Join the AD Domain
• Test user info retrieval from AD
• Get Kerberos ticket for the AD account
• Check Key Version Number (kvno) for
SPN
• Configure SQL Server keytab
• Create keytab file for SPNs
• Add machine account
• Secure keytab file
• Set SQL Server for kerberos
authentication with keytab file
• Optimise AD connectivity
• Disable Kerberos UDP connections
• Disable SSSD calls to use LDAP directly
https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-active-directory-authentication?view=sql-server-2017
58. Register Service Principal Names (SPN)
# AES256-CTS-HMAC-SHA1-96
256-bit AES key with ciphertext stealing and an SHA-1 HMAC truncated at 96 bits.
#RC4-HMAC
RC4 encryption with an MD5 HMAC.
60. Cross-Platform Availability Groups
• Usually used for read-scale scenarios. It is not a high
availability setup and only manual failover are allowed!
• Up to 17 readable secondary replicas
• Only an AG with a cluster type of NONE can have its replicas
cross OS boundaries.
• E.g. a Windows-based primary replica and Linux-based
secondary.
• A Distributed AG can also cross OS boundaries and provide
geographic read-scale. Each AG must obey it’s platform rules:
• WSFC – Windows only
• External – Linux only
• Drive and folder structure for user databases in an AG should
be identical; However cross-platform paths are different:
• X:MSSQLDATAtestdb.mdf – Windows
• /var/opt/mssql/data/testdb.mdf – Linux
https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-availability-group-cross-platform?view=sql-server-2017
65. Glossary
• STONITH (Shoot The Other Node In The Head) maintains the integrity of a high-availability
clusters by shutting down malfunctioning nodes.
• REALM is a command line tool that can be used to manage enrolment in kerberos realms, like
Active Directory domains or IPA domains.
• SSSD (System Security Services Daemon) provides a set of daemons to manage access to remote
directories and authentication mechanisms.
• SPN (Service Principal Name) is the name by which a Kerberos client uniquely identifies an
instance of a service for a given Kerberos server.
• kinit command obtains and caches an initial ticket-granting ticket for principal.
• kvno command acquires a service ticket for the specified Kerberos principals and prints out the
key version numbers of each.
• keytab files allow server applications to accept authentications from clients, but can also be used
to obtain initial credentials for client applications.
• ktutil command invokes a command interface from which an administrator can read, write, or
edit entries in a keytab or Kerberos srvtab file.
68. Also happening this month
SQL Server 2019: More intelligent than ever
by Malta Microsoft Data Platform User Group
A webcast on December 20th at 7PM.
More info: https://malta.pass.org
Registration: https://www.eventbrite.com/e/sql-server-2019-more-
intelligent-than-ever-tickets-53216519041
69. Call for speakers
• We are working on our 2019 calendar of events and thus looking for speakers on
a variety of subjects, including:
o AI & Machine Learning
o Azure & Cloud Computing *
o Containerisation and Orchestration
o IOT
o Micro Services & Event Sourcing
o Real-time Data warehousing
• The Global Azure Bootcamp 2019 happening on April 27! *
• http://tech-spark.com/become-a-speaker/
• http://tech-spark.com/sponsorships/