Eric
mardi sept. 13, 2011
Glassfish 2.1.1 on Linux: Performance Tuning Essentials
Glassfish may be the best J2EE Application Server out there. It is stable, it is fully j2ee 1.5 compatible, it runs all technologies and it is open source! I love this application server. Here are some tips that will make it respond faster and increase its capacity in requests per second. 1. Disable application auto-deployment and dynamic class reloading : Stand-Alone Instances > server (Admin Server) > Advanced tab -> Auto Deploy --> uncheck -> Reload --> uncheck 2 Disable dynamic JSP reloading : Edit "default-web.xml" inside the config directory of each instance and change the init-param development to false for the org.apache.jasper.servlet.JspServlet (instance restart is required): 3. Minimize logging. Logger writes to disk and that is very expensive. So you can rearrange logging levels to "SEVERE" for all the loggers (since this setting is dynamic and you can change it to diagnose without restarts, Cool!). Admin Console > Logger Settings page > Log Levels tab Further log minimizing: Tail your server.log at peak hours and watch carefully at the messages. Catch the loggers that print unnecessary messages and either speak to the programmer to minimize the messages of their applications or you can immediately adjust the logging level for that logger subsystem! Add a new property with the logger name and set the level to SEVERE or even OFF!!! 4. Tuning HTTP File Caching in memory for faster response to static resources: Configurations > config-name > HTTP Service (HTTP File Cache) Globbally : true Max Files Count : 128 - 512 (is a good start for small applications but it really depends on the applications static resources) Max Age : 86400 (1 day) - 604800 (7 days) is a good start for non dynamic reloading applications (see tip No 3) 5. JVM Parameters: Configurations > config-name > JVM Settings (JVM Options). -server [maximum program execution speed by advanced optimized compilation] -XX:+UseConcMarkSweepGC [using the Concurrent Mark Sweep garbage collector can cause a drop in throughput for heavily utilized systems, because it is running more or less constantly, but it prevents long pauses, so it is best for real time applications] -XX:+DisableExplicitGC [Disable explicit full gc collections (System.gc() calls) since it would only interfere with the garbage collection algorithms and create big pause times] -Xms=-Xmx [having the same starting and maximum heap memory will avoid spending time on any kind of unnecessary resizing of the heap memory] -Xmn [Set at most half of the heap memory, since the garbage collection here should faster, more often and contains short lived objects. A good start is 1/5 of the heap size.] -Xss128k [128k Stack Size is a very good start. If you get Stack Overflow error increase it by 128k at a time until you reach a point where you no longer get the error. You might even lower it to 64k (or lower) if your application is really lightweight, and then you will be able to serve more concurrent clients ] -XX:SurvivorRatio=8 [survivor space and eden ratio will be 1:8. If survivor spaces are too small, copying collection overflows directly into the old generation. If survivor spaces are too large, they will be empty.] -XX:MaxPermSize=-XX:PermSize [If you get an "java.lang.OutOfMemoryError: PermGen space", you need to increase this value, since the default is 64MB. If you set the initial size and maximum size to equal values you may be able to avoid some full garbage collections that may occur if/when the permanent generation needs to be resized.] -XX:+CMSClassUnloadingEnabled [Enables the CMS Garbage collector (if you use it) to cleanup the PermGen space too. ] -XX:+UseParNewGC [this parallel young generation collector can be used with the concurrent low pause collector that collects the tenured generation.] -XX:ParallelGCThreads [If number of cpus is less than 8 then put the number of cpus else add (3 + (5/8) * (number of cpus)) ] -XX:TargetSurvivorRatio=90 [Allows 90% of the survivor spaces to be occupied instead of the default 50%, allowing better utilization of the survivor space memory. ] -XX:MaxTenuringThreshold=30 -Djava.awt.headless=true -Dcom.sun.enterprise.server.ss.ASQuickStartup=false JVM Parameters example: -server -Xmx2g -Xms2g -Xmn800m -Xss128k -XX:SurvivorRatio=8 -XX:+UseConcMarkSweepGC -XX:+DisableExplicitGC -XX:+UseParNewGC -XX:TargetSurvivorRatio=90 -XX:MaxTenuringThreshold=30 -Djava.awt.headless=true -Dcom.sun.enterprise.server.ss.ASQuickStartup=false 6. Tuning Linux : Start by checking system limits for file descriptors with this command: $ cat /proc/sys/fs/file-max 8192 The current limit shown is 8192. To increase it to 65535, use the following command (as root): $ echo "65535" > /proc/sys/fs/file-max To make this value to survive a system reboot, add it to /etc/sysctl.conf and specify the maximum number of open files permitted: fs.file-max = 65535 Note: The parameter is not proc.sys.fs.file-max, as one might expect. To list the available parameters that can be modified using sysctl: $ sysctl -a To load new values from the sysctl.conf file: $ sysctl -p /etc/sysctl.conf To check and modify limits per shell, use the following command: $ limit The output will look something like this: cputime unlimited filesize unlimited datasize unlimited stacksize 8192 kbytes coredumpsize 0 kbytes memoryuse unlimited descriptors 1024 memorylocked unlimited maxproc 8146 openfiles 1024 The openfiles and descriptors show a limit of 1024. To increase the limit to 65535 for all users, edit /etc/security/limits.conf as root, and modify or add the nofile setting (number of file) entries: * soft nofile 65535 * hard nofile 65535 The character “*” is a wildcard that identifies all users. You could also specify a user ID instead. Then edit /etc/pam.d/login and add the line: session required /lib/security/pam_limits.so On Red Hat, you also need to edit /etc/pam.d/sshd and add the following line: session required /lib/security/pam_limits.so On many systems, this procedure will be sufficient. Log in as a regular user and try it before doing the remaining steps. The remaining steps might not be required, depending on how pluggable authentication modules (PAM) and secure shell (SSH) are configured. Tune the TCP/IP settings : Add the following entry to /etc/rc.local echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout echo 60000 > /proc/sys/net/ipv4/tcp_keepalive_time echo 15000 > /proc/sys/net/ipv4/tcp_keepalive_intvl echo 0 > /proc/sys/net/ipv4/tcp_window_scaling Add the following to /etc/sysctl.conf # Disables packet forwarding net.ipv4.ip_forward = 0 # Enables source route verification net.ipv4.conf.default.rp_filter = 1 # Disables the magic-sysrq key kernel.sysrq = 0 net.ipv4.ip_local_port_range = 1204 65000 net.core.rmem_max = 262140 net.core.rmem_default = 262140 net.ipv4.tcp_rmem = 4096 131072 262140 net.ipv4.tcp_wmem = 4096 131072 262140 net.ipv4.tcp_sack = 0 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_window_scaling = 0 net.ipv4.tcp_keepalive_time = 60000 net.ipv4.tcp_keepalive_intvl = 15000 net.ipv4.tcp_fin_timeout = 30 Add the following as the last entry in /etc/rc.local sysctl -p /etc/sysctl.conf Reboot the system. Use this command to increase the size of the transmit buffer: tcp_recv_hiwat ndd /dev/tcp 8129 32768 Make the OS to use swap file only on emergencies: swappiness=0 swap off; swap on 7. Disable the Security Manager only if your application server is inside an intranet or inside a very well protected environment (If you are sure that no malicious code will be run on the server and you do not use authentication within your application, then you can disable the security manager). It is generally not recommended but it could provide a significant performance boost (since the security manager has expensive calls). Configurations > config-name > JVM Settings (JVM Options) delete the option that contains the following text: -Djava.security.manager 8. Performance monitoring tools: jconsole : jmx instance monitoring jvisualvm : will give you a clear view of the cpu utilization, the garbage collections, perm gen size and jvm options. It can also profile and create thread dumps. Applications Manager : is a nice commercial monitoring tool. Has good support for GlassFish (There is a Free Licence for up to 5 Glassfish instances through jmx). nmon : nice open source linux monitoring command line gui. 9. Disable monitoring if you have no problems to detect and resolve. Configurations > config-name > Monitoring Change all levels to Low if you still need a little monitoring, or Off if your applications are running smoothly. 10. Update your software as often as your infrastructure availability/downtime permits. Update your jdk, since bug fixes and optimizations may increase the performance of your application server and make some weird errors go away! The same goes for the operating system, as well as the jdbc drivers or any other libraries your applications use. 11. Patch Glassfish 2.1.x with the latest Grizzly 1.0.x releases. The Grizzly thread manager library is the heart of GlassFish. Since oracle is not planning to release another v2 release, this kind of patch is significant and relatively easy. Unless you decide to move on to v3 release! First Check the current Grizzly version by setting the JVM property: "-Dcom.sun.enterprise.web.connector.grizzly.displayConfiguration=true". Make sure the web-container log level is INFO. Restart Glassfish instance and check server.log. You should see an output like this : Grizzly 1.0.30 running on Mac OS X-10.5.8 under JDK version: 1.6.0_15-Apple Inc. port: 8080 maxThreads: 5 ByteBuffer size: 4096 useDirectByteBuffer: 8192 maxKeepAliveRequests: 250 keepAliveTimeoutInSeconds: 30 Static File Cache enabled: false Pipeline : com.sun.enterprise.web.portunif.PortUnificationPipeline Round Robin Selector Algorithm enabled: false Round Robin Selector pool size: 1 Asynchronous Request Processing enabled: true|#] where Grizzly version is 1.0.30. Please note, that if you'll see a similar output, but without Grizzly version in it, it means that your version is older than 1.0.30, so a Grizzly upgrade is recommended. Download latest Grizzly 1.0.x binary file from: http://download.java.net/maven/2/com/sun/grizzly/grizzly-framework-http/ and save it to a directory, for example : /home/gfuser/grizzly/grizzly-framework-http-1.0.30.jar Then set Glassfish prefix-classpath to "/home/gfuser/grizzly/grizzly-framework-http-1.0.30.jar" to force Glassfish use the latest Grizzly classes instead of the embedded ones. Restart Glassfish and check the server.log again to confirm the success of the patch. Reset the web-container log level to SEVERE. Further reading. Java Tuning White Paper : http://java.sun.com/performance/reference/whitepapers/tuning.html Frequently Asked Questions about Garbage Collection : http://www.oracle.com/technetwork/java/faq-140837.html Tuning Garbage Collection : http://www.oracle.com/technetwork/java/gc-tuning-5-138395.html Java HotSpot VM Options : http://www.oracle.com/technetwork/java/javase/tech/vmoptions-jsp-140102.html Sun Java System Application Server 9.1 Performance Tuning Guide : http://download.oracle.com/docs/cd/E19159-01/819-3681/ Any comments, suggestions, problems or requests will be warmly welcomed.
Posted at 10:10PM sept. 13, 2011 by Éric in Glassfish |
mercredi août 10, 2011
Comment détruire un fichier qui est sous protection en Linux
Pour détruire un fichier, il faut en être propriétaire. Avec ls -l vous pouvez vérifier le proprio:
$ ls -l file.txt |
Devenez root, puis supprimer le fichier.
# su - |
Vérifier la protection sur le ficher.
$ lsattr file.txt
----i------------ file.txt |
Changer la protection et puis le détruire.
# chattr -i file.txt |
Posted at 02:18PM août 10, 2011 by Éric in Linux |
mercredi févr. 03, 2010
OpenDS 2.2.0 installation
### ### http://developers.sun.com/identity/reference/techart/opends-namesvcs.html ### http://developers.sun.com/identity/reference/techart/opends-namesvcs2.html ### ### préparation du répertoire de l'usager # mkdir /exprt/home1/daemons/opendsd # chown -R 905:1 /exprt/home1/daemons/opendsd ### ajout d'un role opendsd # roleadd -c "OpenDS role" -s /bin/bash -K defaultpriv=basic,net_privaddr,sys_resource opendsd ### definisstion du mot de passe # passwd opendsd ### modification de l'usager opendsd # vi /etc/passwd opendsd:x:905:1:OpenDS role:/export/home1/daemons/opendsd:/bin/bash ### ajout du role opendsd # usermod -R opendsd usager1 # vi /etc/user_attr usager1::::type=normal;roles=root,opendsd ### creation d'un cert $ su - opendsd $ mkdir certs $ cd certs $ /usr/sfw/bin/certutil -N -d ./certs -P "amalthe.cants.org" $ /usr/sfw/bin/64/certutil -S -x -n "amalthe.cants.org" -s "cn=amalthe.cants.org,ou=Directory Services,o=cants.org,c=CA" -t CTPu -v 12 -d ./certs -P "amalthe.cants.org" -5 $ /usr/sfw/bin/certutil -L -d ./certs -P "amalthe.cants.org" -n "amalthe.cants.org" -a > mycert.pem $ /usr/sfw/bin/pk12util -o mypk12 -d /opt/certs -P "amalthe.cants.org" -n "amalthe.cants.org" ### installation openDS $ unzip OpenDS-2.2.0.zip $ setup ### configuration openDS $ ~/OpenDS-2.2.0/bin/import-ldif -a -b dc=cants,dc=org -l ~/schema/install/myskel.ldif $ ~/OpenDS-2.2.0/bin/import-ldif -a -b dc=cants,dc=org -l ~/schema/install/myproxy.ldif $ ~/OpenDS-2.2.0/bin/import-ldif -a -b dc=cants,dc=org -l ~/schema/install/myprofile.ldif $ ~/OpenDS-2.2.0/bin/import-ldif -a -b dc=cants,dc=org -l ~/schema/install/myusers.ldif $ ~/OpenDS-2.2.0/bin/import-ldif -a -b dc=cants,dc=org -l ~/schema/install/mygroups.ldif ### Démarrer openDS $ b~/OpenDS-2.2.0/in/start-ds ### Config suplémentaire $ vi ~/.dmp### Grant the Proxy user permission to retrieve user account status so that pam_ldap enables users to log in with the rsh, rlogin, rcp, or ssh ~/OpenDS-2.2.0/bin/dsconfig -h amalthe -p 4444 -D "cn=directory manager" -j ~/.dmp -n \ set-access-control-handler-prop --add global-aci:'(targetcontrol="1.3.6.1.4.1.42.2.27.9.5.8" ) \ (version 3.0; acl "Allow Account Status control for Proxy"; allow(read,proxy) \ userdn="ldap:///cn=solaris,ou=LDAPauth,dc=cants,dc=org";)' ### Store the user's password in clear text in OpenDS. ~/OpenDS-2.2.0/bin/dsconfig -h amalthe -p 4444 -D "cn=directory manager" -j ~/.dmp -n \ set-password-policy-prop --policy-name "Default Password Policy" \ --set default-password-storage-scheme:CLEAR ### Configure the Identity mappers. ~/OpenDS-2.2.0/bin/dsconfig -h amalthe -p 4444 -D "cn=directory manager" -j ~/.dmp -n \ set-identity-mapper-prop \ --mapper-name 'Regular Expression' \ --add match-attribute:cn \ --set match-pattern:'cn=(.*),ou=LDAPauth.*|uid=(.*),ou=People.*' \ --set replace-pattern:'$1$2' ### Configure Simple Authentication and Security Layer (SASL) ~/OpenDS-2.2.0/bin/dsconfig -h amalthe -p 4444 -D "cn=directory manager" -j ~/.dmp -n \ set-sasl-mechanism-handler-prop \ --handler-name CRAM-MD5 \ --set identity-mapper:Regular Expression
Posted at 10:54PM févr. 03, 2010 by Éric in Java |
jeudi janv. 07, 2010
OpenDS changement du type encription pour les mots de passe
[root@ldap]:/opt/OpenDS-2.0.0/bin# dsconfig --advanced -p 4444 -h localhost -D "cn=directory manager" -X
>>>> OpenDS configuration console main menu
What do you want to configure?
1) Access Control Handler 23) Matching Rule
2) Account Status Notification Handler 24) Monitor Provider
3) Administration Connector 25) Network Group
4) Alert Handler 26) Network Group QOS Policy
5) Attribute Syntax 27) Password Generator
6) Backend 28) Password Policy
7) Certificate Mapper 29) Password Storage Scheme
8) Connection Handler 30) Password Validator
9) Crypto Manager 31) Plugin
10) Debug Target 32) Plugin Root
11) Entry Cache 33) Replication Domain
12) Extended Operation Handler 34) Replication Server
13) Extension 35) Root DN
14) Global Configuration 36) Root DSE Backend
15) Group Implementation 37) SASL Mechanism Handler
16) Identity Mapper 38) Synchronization Provider
17) Key Manager Provider 39) Trust Manager Provider
18) Local DB Index 40) Virtual Attribute
19) Local DB VLV Index 41) Work Queue
20) Log Publisher 42) Workflow
21) Log Retention Policy 43) Workflow Element
22) Log Rotation Policy
q) quit
28 Password Policy
>>>> Password Policy management menu
What would you like to do?
1) List existing Password Policies
2) Create a new Password Policy
3) View and edit an existing Password Policy
4) Delete an existing Password Policy
b) back
q) quit
Enter choice [b]: 3
>>>> Configure the properties of the Password Policy
Property Value(s)
--------------------------------------------------------------------
1) account-status-notification-handler -
2) allow-expired-password-changes false
3) allow-multiple-password-values false
4) allow-pre-encoded-passwords true
5) allow-user-password-changes true
6) default-password-storage-scheme Salted SHA-512
7) deprecated-password-storage-scheme -
8) expire-passwords-without-warning false
9) force-change-on-add false
10) force-change-on-reset false
11) grace-login-count 0
12) idle-lockout-interval 0 s
13) last-login-time-attribute -
14) last-login-time-format -
15) lockout-duration 0 s
16) lockout-failure-count 0
17) lockout-failure-expiration-interval 0 s
18) max-password-age 0 s
19) max-password-reset-age 0 s
20) min-password-age 0 s
21) password-attribute userpassword
22) password-change-requires-current-password false
23) password-expiration-warning-interval 5 d
24) password-generator Random Password Generator
25) password-history-count 0
26) password-history-duration 0 s
27) password-validator -
28) previous-last-login-time-format -
29) require-change-by-time -
30) require-secure-authentication false
31) require-secure-password-changes false
32) skip-validation-for-administrators false
33) state-update-failure-policy reactive
?) help
f) finish - apply any changes to the Password Policy
c) cancel
q) quit
Enter choice [f]: 6
Posted at 11:43PM janv. 07, 2010 by Éric in Java |
vendredi déc. 11, 2009
Antoine joue un mini-match au Remparts
Pour la première fois de sa Vie Antoine joue un mini-match au Remparts de Québec.
Ce fut une expérience des plus amusante pour les petits comme les grands de voir nos petits bonshommes sur la glace du colisée Pepsi.
pour voir les photo.
Posted at 11:04PM déc. 11, 2009 by Éric in Familial |
lundi nov. 16, 2009
Solaris 10 fails to install on EFI labeled disks
I recently came across the following error when jumpstarting a system that has 4 disks, 2 of which were previously in a zpool and were EFI labeled:
Checking rules.ok file...
awk: division by zero
record number 17
awk: division by zero
record number 15
expr: syntax error
awk: division by zero
record number 17
The error seemed harmless enough in that it didn't affect the installation.
Even still I tracked it down to the /usr/sbin/install.d/chkprobe script in the Solaris 10 mini-root.
I opened a case with Sun and they informed me it was a known issue (BugID 6457349: chkprobe cannot handle disks with EFI labels).
Sun provided me with a work-around patch to chkprobe which produced the following output:
Checking rules.ok file...
c0t8d0 doesn't have a VTOC label
c0t9d0 doesn't have a VTOC label
This was fine in a system that had at least one VTOC labeled disk as the jumpstart installation could still proceed.
When the all of the disks are EFI labeled then the installation fails with the message:
ERROR: One or more disks are found, but one of the following problems exists:
- Hardware failure
- The disk(s) available on this system cannot be used to install Solaris Software. They do not have a valid label.
If you want to use the disk(s) for the install, use format(1M) to label the disk and restart the installation.
Solaris installation program exited.
To solve this you need to run the format -e command and re-label the disks.
Note the "-e" (expert mode) option to format is required otherwise you won't be given the choice of label types.
# format -e
Searching for disks...done
AVAILABLE DISK SELECTIONS:
0. c0t0d0
/pci@1c,600000/scsi@2/sd@0,0
1. c0t1d0
/pci@1c,600000/scsi@2/sd@1,0
Specify disk (enter its number): 0
selecting c0t0d0
[disk formatted]
FORMAT MENU:
disk - select a disk
type - select (define) a disk type
partition - select (define) a partition table
current - describe the current disk
format - format and analyze the disk
repair - repair a defective sector
label - write label to the disk
analyze - surface analysis
defect - defect list management
backup - search for backup labels
verify - read and display labels
inquiry - show vendor, product and revision
scsi - independent SCSI mode selects
cache - enable, disable or query SCSI disk cache
volname - set 8-character volume name
! - execute , then return
quit
format> label
[0] SMI Label
[1] EFI Label
Specify Label type[1]: 0
Warning: This disk has an EFI label. Changing to SMI label will erase all
current partitions.
Continue? y
Auto configuration via format.dat[no]? y
format> quit
The fix Sun provided should make it into a future Solaris 10 update and I suspect once ZFS boot is released this problem will be resolved for good.
Posted at 11:44PM nov. 16, 2009 by Éric in Solaris |
jeudi sept. 17, 2009
Rotation des logs sous apache
Créer les entrées sous logadm.
# logadm -C 14 -c -p 1d -t '$file-%Y-%m-%d' -z 0 -w /opt/coolstack/apache2/logs/access_log # logadm -C 14 -c -p 1d -t '$file-%Y-%m-%d' -z 0 -w /opt/coolstack/apache2/logs/error_log # logadm -C 14 -c -p 1d -t '$file-%Y-%m-%d' -z 0 -w /opt/coolstack/apache2/logs/ssl_request_log
# vi /etc/logadm.conf ### apache rotation log /opt/coolstack/apache2/logs/access_log -C 14 -c -p 1d -t '$file-%Y-%m-%d' -z 0 /opt/coolstack/apache2/logs/error_log -C 14 -c -p 1d -t '$file-%Y-%m-%d' -z 0 /opt/coolstack/apache2/logs/ssl_request_log -C 14 -c -p 1d -t '$file-%Y-%m-%d' -z 0
Posted at 05:12PM sept. 17, 2009 by Éric in Solaris |
lundi sept. 14, 2009
Log sshd actif
Ajouter sous syslog.conf auth.info
# vi /etc/syslog.conf auth.info ifdef(`LOGHOST', /var/log/ssh.log, @loghost)
# vi /etc/ssh/sshd_config SyslogFacility AUTH LogLevel INFO
# touch /var/log/ssh.log
# svcadm restart svc:/system/system-log:default
Posted at 11:54AM sept. 14, 2009 by Éric in Solaris |
mardi sept. 08, 2009
2004 Jeep Liberty Rock Krawler Suspension Install - Lifted Liberty
A voir un super lift sur un Jeep Liberty 2004
Posted at 10:13PM sept. 08, 2009 by Éric in 4x4 |
lundi sept. 07, 2009
Antoine au hockey magh-1
Ce fut une expérience des plus amusante, pour une première pratique de hockey. Antoine a du travailler très fort car c`était plus dur que juste patiner derrière la maison ou au parc. Quand on ajoute avec tout l`équipement, c`est plaisant mais on est moins libre de c`est mouvement.Les photos vont suivre dans les prochains jours.
Pour suivre son équipe les éclaireurs magh-1 grp3
Posted at 11:48AM sept. 07, 2009 by Éric in Familial |
jeudi août 27, 2009
OpenDS 1.2 SMF (service management facility)
Comment faire pour ajouter OpenDS au service SMF.
# ./opends-smf.bash -a enable -n ds1 -i /opt/OpenDS-1.2.0 # ./opends-smf.bash -a list STATE STIME FMRI offline* 13:45:12 svc:/network/opends/server:ds1
# ./opends-smf.bash -a disable -n ds1 # ./opends-smf.bash -a list STATE STIME FMRI disabled 13:47:02 svc:/network/opends/server:ds1
# svcs -x ds1 svc:/network/opends/server:ds1 (OpenDS LDAP directory server) State: disabled since August 27, 2009 1:47:02 PM EDT Reason: Disabled by an administrator. See: http://sun.com/msg/SMF-8000-05 See: /var/svc/log/network-opends-server:ds1.log Impact: This service is not running.
# svcadm enable ds1 # svcs -x ds1 svc:/network/opends/server:ds1 (OpenDS LDAP directory server) State: online since August 27, 2009 1:48:40 PM EDT See: /var/svc/log/network-opends-server:ds1.log Impact: None.
# ./opends-smf.bash -a unconfigure -n ds1 # ./opends-smf.bash -a list STATE STIME FMRI
Code:
# vi opends-smf.bash # chmod +x opends-smf.bash
#!/bin/bash
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License"). You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE
# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
# add the following below this CDDL HEADER, with the fields enclosed
# by brackets "[]" replaced with your own identifying information:
# Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
# Copyright 2006-2008 Sun Microsystems, Inc.
##############################################################################
#
# The purpose of this script is to provide a single script to provide the
# following Solaris 10 Service Management Facility (SMF) capabilities to
# OpenDS 2.0.0:
# * Configure a specific OpenDS instance for SMF
# * [Enable|Start] a specific OpenDS instance via SMF
# * [Disable|Stop] a specific OpenDS instance via SMF
# * Unconfigure an OpenDS instance from SMF
# * List OpenDS instances
#
##############################################################################
#
# Define global default variables
#
manifest="$HOME/.opends_manifest.$$"
##############################################################################
#
# Find pager
#
findpager() {
#
# Set the page command
#
pgcmd='cat - '
ck4less=`which less 2>&1 | /usr/bin/grep -v "no less"`
if [ -n "${ck4less}" ]
then
pgcmd='less'
else
ck4more=`which more 2>&1 | /usr/bin/grep -v "no more"`
if [ -n "${ck4more}" ]
then
pgcmd='more'
fi
fi
}
##############################################################################
#
# Define appropriate usage
#
usage() {
errmsg=${1}
findpager
cat <
System Administration Commands opends-smf(1M)
NAME
opends-smf - set up and manage OpenDS SMF instances
SYNOPSIS
Normal usage:
opends-smf -a [options]
See proper usage:
opends-smf -h
DESCRIPTION
The purpose of opends-smf is to simplify Solaris 10 zones
management. There are many pre-defined actions that can be
applied to one or more zones depending on the action.
The purpose of opends-smf is to provide a single script to
provide simplified integration of OpenDS instances into the
Solaris 10 Service Management Facility (SMF).
OPTIONS
The following options are supported:
-a Specify the action to be performed
-n SMF Instance Name
-i Directory of the OpenDS instance.
-u Specify the run-time user of the OpenDS instance.
-g Specify the run-time group of the OpenDS instance.
-h See this usage information
ACTIONS
The following actions are supported:
list: List SMF enabled OpenDS instances
configure: Create an SMF manifest and import it for a particular OpenDS instance.
unconfigure: Export the SMF configuration for a particular OpenDS instance.
enable|start: Enable or start a particular OpenDS instance
disable|stop: Disable or stop a particular OpenDS instance
restart: Disable or stop a particular OpenDS instance followed by Enable or starting
of the same OpenDSinstance.
EXIT STATUS
The following exit values are returned:
0 Successful completion.
1 An error occurred.
2 Invalid usage.
SEE ALSO
smf(5), pfexec(1)
EOF
if [ -n "${errmsg}" ]; then echo "${errmsg}";fi
exit 2
}
############################################################################
#
# Define exit level error message routine
#
error_message() {
if [ -f "${manifest}" ]; then rm -f "${manifest}"; fi
errmsg=${1}
if [ -n "${errmsg}" ]
then
echo -e "Error: ${errmsg}"
exit 1
fi
}
##############################################################################
#
# Validate the user and group existence and OpenDS ownership
#
validate_ownership() {
ck4user=`/usr/bin/grep "^$user:" /etc/passwd`
if [ -z "${ck4user}" ]; then error_message "The operating system user ($user) must exist."; fi
ck4uowner=`/usr/bin/ls -ald $inst_dir | /usr/bin/awk '{ print $3 }'`
if [ "$ck4uowner" != "$user" ]; then error_message "The specified user ($user) does not match the OpenDS instance user ownership ($ck4uowner)."; fi
ck4group=`/usr/bin/grep "^$group:" /etc/group`
if [ -z "${ck4group}" ]; then error_message "The operating system group ($group) must exist."; fi
ck4gowner=`/usr/bin/ls -ald $inst_dir | /usr/bin/awk '{ print $4 }'`
if [ "$ck4gowner" != "$group" ]; then error_message "The specified group ($group) does not match the OpenDS instance group ownership ($ck4gowner)."; fi
}
##############################################################################
#
# Make and import manifest
#
configure_smf() {
# Qualify the import request
if [ -z "${inst_name}" ]; then error_message "Must provide instance name via -n "; fi
ck4smf=`/usr/bin/svcs -a svc:/network/opends/server:$inst_name 2>&1 | /usr/bin/grep "svc:/network/opends/server:$inst_name$"`
if [ -n "$ck4smf" ]; then error_message "OpenDS instance \"$inst_name\" already exists."; fi
if [ -z "${inst_dir}" ]; then error_message "Must provide instance path via -i "; fi
if [ -d "${inst_dir}" ]; then true; else error_message "OpenDS Instance directory \"${inst_dir}\" does not exist."; fi
validate_ownership;
cat << EOF > "$manifest"
OpenDS LDAP directory server
EOF
/usr/sbin/svccfg import "$manifest"
if [ "$?" -ne 0 ]
then
error_message "SMF Import Failed!"
fi
}
enable_smf() {
validate_ownership
ck4smf=`/usr/bin/svcs -a svc:/network/opends/server:$inst_name 2>&1 | /usr/bin/grep "doesn't match any instances"`
if [ -n "$ck4smf" ]; then configure_smf; fi
if [ -z "${inst_name}" ]; then error_message "Must provide instance name via -n "; fi
/usr/sbin/svcadm enable $inst_name
}
disable_smf() {
if [ -z "${inst_name}" ]; then error_message "Must provide instance name via -n "; fi
# Don't exit until the service finishes shutting down
ck4state=`/usr/bin/svcs -aH svc:/network/opends/server:$inst_name 2> /dev/null | awk '{ print $1 }'`
if [ -n "$ck4state" ]
then
/usr/sbin/svcadm disable svc:/network/opends/server:$inst_name
while [ "$ck4state" != 'disabled' ]
do
sleep 3
/usr/sbin/svcadm disable svc:/network/opends/server:$inst_name
ck4state=`/usr/bin/svcs -aH svc:/network/opends/server:$inst_name 2> /dev/null | awk '{ print $1 }'`
done
fi
}
unconfigure_smf() {
if [ -z "${inst_name}" ]; then error_message "Must provide instance name via -n "; fi
disable_smf
/usr/sbin/svccfg delete $inst_name
}
list_smf() {
/usr/bin/svcs -a | /usr/bin/egrep "FMRI|svc:/network/opends/server:$inst_name"
}
##############################################################################
#
# Ensure this program is run as the root user
#
ck4root=`id | cut -d'(' -f2 | cut -d ')' -f1`
if [ "$ck4root" != 'root' ];then error_message "Must run as root user."; fi
##############################################################################
#
# If any parameters were passed evaluate their usage...
#
while getopts ha:n:i:u:g: OPT
do
case ${OPT} in
h|+h) usage;;
a|+a) if [ -z "${OPTARG}" ];then error_message "Must provide a valid action with the -a flag";fi
action="${OPTARG}"
;;
n|+n) if [ -z "${OPTARG}" ];then error_message "Must provide a valid OpenDS instance name with the -n flag";fi
inst_name="${OPTARG}"
;;
i|+i) if [ -z "${OPTARG}" ];then error_message "Must provide a valid OpenDS instance directory with the -i flag";fi
inst_dir="${OPTARG}"
;;
u|+u) if [ -z "${OPTARG}" ];then error_message "Must provide a valid and unused user name with the -u flag";fi
user="${OPTARG}"
;;
g|+g) if [ -z "${OPTARG}" ];then error_message "Must provide a valid and unused group name with the -g flag";fi
group="${OPTARG}"
;;
*) usage;;
esac
done
shift `expr ${OPTIND} - 1`
##############################################################################
#
# Test usage
#
if [ -z "${action}" ]; then error_message "Must provide action via -a "; fi
##############################################################################
#
# Set user and group info
#
if [ -z "$user" ]
then
user=`/usr/bin/svcprop -p start/user svc:/network/opends/server:$inst_name 2> /dev/null`
if [ -z "$user" ]
then
if [ -n "$inst_dir" ]
then
user=`/usr/bin/ls -ald $inst_dir | /usr/bin/awk '{ print $3 }'`
fi
fi
if [ -z "$user" ]; then user='ldap'; fi
fi
if [ -z "$group" ]
then
group=`/usr/bin/svcprop -p start/group svc:/network/opends/server:$inst_name 2> /dev/null`
if [ -z "$group" ]
then
if [ -n "$inst_dir" ]
then
group=`/usr/bin/ls -ald $inst_dir | /usr/bin/awk '{ print $4 }'`
fi
fi
if [ -z "$group" ]; then group='ldap'; fi
fi
case ${action} in
'configure') configure_smf;;
'unconfigure') unconfigure_smf;;
'enable') enable_smf;;
'start') enable_smf;;
'disable') disable_smf;;
'stop') disable_smf;;
'restart') disable_smf; enable_smf;;
'list') list_smf;;
*) usage;;
esac
Posted at 02:07PM août 27, 2009 by Éric in Java |
mercredi août 26, 2009
Solaris ufsrestore fichier et ruban
# cd /tmp # mkdir rst # cd rst # ufsrestore rf /export/home1/securite/adraste/adraste-bkp-20090826.dmp
# cd /tmp # mkdir rst # cd rst # ufsrestore ivf /dev/rmt/0
Posted at 10:08AM août 26, 2009 by Éric in Solaris |
lundi août 24, 2009
La cache (arc) de ZFS mange toute la ram.
C'est la mémoire que ZFS utilise comme aire de cache. Le mécanisme par défaut c'est que la cache peut utiliser jusqu'à la mémoire physique - 1GB. Le problème c'est que bien que l'ARC peut rapetisser automatiquement quand les applications ont besoin de mémoire, en pratique, ça ne se fait pas assez rapidement.. Comme ZFS utilise trop de mémoire il faut le limiter.
Voici comment faire.
- Voir son utilisation.
- sous mdb
- ce qui est à vérifier
- c_min = minimum allouer
- c_max = maximum allouer
- sous mdb
# mdb -kw Loading modules: [ unix krtld genunix specfs dtrace cpu.generic uppc pcplusmp ufs ip hook neti sctp arp usba uhci fcp fctl emlxs qlc nca lofs zfs mpt md cpc random crypto fcip logindmux ptm sppp nfs ] > ::arc hits = 13475080 misses = 278175 demand_data_hits = 9197806 demand_data_misses = 19961 demand_metadata_hits = 3884809 demand_metadata_misses = 35538 prefetch_data_hits = 298657 prefetch_data_misses = 209763 prefetch_metadata_hits = 93808 prefetch_metadata_misses = 12913 mru_hits = 1093121 mru_ghost_hits = 4717 mfu_hits = 11993694 mfu_ghost_hits = 20071 deleted = 481527 recycle_miss = 8459 mutex_miss = 756 evict_skip = 12755 hash_elements = 304229 hash_elements_max = 305404 hash_collisions = 290303 hash_chains = 61527 hash_chain_max = 6 p = 15817 MB c = 15817 MB c_min = 3966 MB c_max = 31730 MB size = 15760 MB hdr_size = 51362304 l2_hits = 0 l2_misses = 0 l2_feeds = 0 l2_rw_clash = 0 l2_writes_sent = 0 l2_writes_done = 0 l2_writes_error = 0 l2_writes_hdr_miss = 0 l2_evict_lock_retry = 0 l2_evict_reading = 0 l2_free_on_write = 0 l2_abort_lowmem = 0 l2_cksum_bad = 0 l2_io_error = 0 l2_size = 0 l2_hdr_size = 0 memory_throttle_count = 0 arc_no_grow = 0 arc_tempreserve = 0 MB arc_meta_used = 366 MB arc_meta_limit = 7932 MB arc_meta_max = 366 MB
- kstat
- utilisation actuel.
# kstat zfs:0:arcstats:size module: zfs instance: 0 name: arcstats class: misc size 16526777664
- utilisation actuel.
Pour le limiter, il est conseillé de ne pas toucher à la valeur c_min. Mais on peut limiter la valeur c_max.
Dans mon cas j'ai limité a env 30% de la mémoire du système 36Go total et le ZFS arc 10Go = 10000000000 ocets = 0x2540BE400.
- Limiter le c_max sous /etc/system
- ajouter à la fin du fichier.
- Après le changement sous /etc/system un redémarrage s'impose.
- ajouter à la fin du fichier.
# vi /etc/system * zfs arc maximun utilisation 10Go set zfs:zfs_arc_max=10000000000
Posted at 04:42PM août 24, 2009 by Éric in Solaris |
mercredi août 19, 2009
vim-7.2 installation sous Solaris 10 sparc
Installation de vim 7.2 sous Solaris 10 sparc avec gcc en 64 bit.
$ wget ftp://ftp.vim.org/pub/vim/unix/vim-7.2.tar.bz2 $ bunzip2 vim-7.2.tar.bz2 $ tar xvf vim-7.2.tar $ cd vim72/ $ CC="gcc -m64" ./configure --prefix=/opt/vim72 $ make $ su # make install
$ vi ~/.vimrc
set nocp " :-) " turn these ON: set digraph ek hidden ruler sc vb wmnu " turn these OFF: set noeb noet nosol " non-toggles: set bs=2 fo=cqrt ls=2 shm=at tw=0 ww=<,>,h,l set comments=b:#,:%,fb:-,n:>,n:) set list listchars=tab:»·,trail:· set viminfo=%,'50,\"100,:100,n~/.viminfo " settings which are the default " (at least with "nocompatible" anyway): " set smd sw=8 ts=8 " mappings: map Kmap :shell map ,F :view $VIMRUNTIME/filetype.vim map ,SO :source $VIMRUNTIME/syntax/ map ,V :view $VIMRUNTIME/syntax/ " autocommands: au FileType mail set tw=70 " some colors: "white on black" hi normal ctermfg=white ctermbg=black guifg=white guibg=black hi nontext ctermfg=blue ctermbg=black guifg=blue guibg=black " syntax coloring!! :-) set encoding=utf-8 syn on
$ /opt/vim72/bin/vim
Posted at 11:04AM août 19, 2009 by Éric in Solaris |
vendredi août 14, 2009
mrtg sous Solaris avec mrtg pme
J'ai installé les packages de coolstack avant.
# cd /opt # wget http://oss.oetiker.ch/mrtg/pub/mrtg-2.16.2.tar.gz # gzip -dc mrtg-2.16.2.tar.gz | tar xvf - # cd mrtg-2.16.2 # ./configure --prefix=/opt/mrtg-2 --with-gd-inc=/opt/coolstack/include --with-gd-lib=/opt/coolstack/lib # make # make install
# cd /opt/mrtg-2 # wget http://prdownloads.sourceforge.net/mrtg-pme/mrtgpme-1.0.2.tar.gz # gunzip mrtgpme-1.0.2.tar.gz # tar xvf mrtgpme-1.0.2.tar
# cd /opt/mrtg-2/mrtgpme-1.0.2/solaris/ # vi *-solaris.pl il faut virer dans le path local #!/usr/local/bin/perl #!/usr/bin/perl `/usr/local/bin/ssh `/usr/bin/ssh
# vi solaris-*.cfg WorkDir: /export/home1/daemons/apache/mrtg #IconDir: /usr/local/mrtg/images changer les HOST par le bon hostname sur toutes les lignes. :%s/HOST/hostname/g Target[HOST-*]: `/opt/mrtg-2/mrtgpme-1.0.2/solaris/*-solaris.pl HOST`
# vi /opt/mrtg-2/mrtg.ksh
----
#!/bin/ksh
#
# cants.org
# Eric Cantin
# version 20090814
# ce script lance mrtg
LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/opt/coolstack/lib
export LD_LIBRARY_PATH
/opt/mrtg-2/bin/mrtg /opt/mrtg-2/mrtgpme-1.0.2/solaris/solaris-cpu.cfg
/opt/mrtg-2/bin/mrtg /opt/mrtg-2/mrtgpme-1.0.2/solaris/solaris-mem.cfg
/opt/mrtg-2/bin/mrtg /opt/mrtg-2/mrtgpme-1.0.2/solaris/solaris-root.cfg
----
# chmod +x /opt/mrtg-2/mrtg.ksh
# vi index.php
----
<?php
function DirTri($rep,$tri)
{
$Array = array(); $dir = opendir($rep);
$i=0;
while ($File = readdir($dir)){
// liste des fichiers qui ne sont pas affich?
if($File != "." && $File != ".." && substr(strtolower($File), -3) != "log" && substr(strtolower($File), -3) != "png" && subst
r(strtolower($File), -3) != "old" && $File != "index.php" && $File != "index.html")
{
$Array[] = "$File";
}
$i++;
}
// message du top
echo "<html>";
echo "<head>";
echo "<title>Stats mrtg - Cants.org</title>";
echo "</head>";
echo 'Les stats sont produites avec <a href="http://mrtg-pme.sourceforge.net">MRTG Performance Monitoring Extensions</a>.<br>';
echo 'Et <a href="http://oss.oetiker.ch/mrtg/">MRTG</a>.<br>';
echo "<body TEXT=#000000 BGCOLOR=#CACADE LINK=#0000EF VLINK=#55188A ALINK=#FF0000>";
echo "<b>Liste des serveurs mrtg :</b><br><br>";
closedir($dir);
if($tri == 'DESC'){
rsort($Array);
}else{
sort($Array);
}
$Max = count($Array);
for($i = 0; $i != $Max; $i++){
echo "<a href=\"$Array[$i]\">$Array[$i]</a><br>";
}
// affiche le nombre de fichiers dans le répertoire
// echo "<br><br>".$Max." fichier(s)" ;
}
// utilisation de la fonction
// param.1 : chemin du répertoire ("." si il s'agit du rép. courant)
// param.2 : ASC ou DESC (A-Z ou Z-A)
DirTri(".","ASC");
// message en bas
echo '<FONT face="Cosmic" size="-3">';
echo "<!-- Champ de Copyright -->";
echo '<center>Copyright © 2004-2005, Eric Cantin (www.cants.org), tous droits réservés.<br>';
echo 'Protégé par les lois du copyright des États-Unis et du Canada et par des traités internationaux
.<br>';
echo 'Cants, Lévis, Québec 12 novembre 2005.<br></center>';
echo "<!-- Copyright -->";
echo "</FONT>";
echo "</body>";
echo "</html>";
?>
Posted at 02:33PM août 14, 2009 by Éric in Solaris |
