October 12, 2010

grep on Solaris

Today I was asked by a colleague how to match a regex in a text file and return a specific number of lines both before and after the match. GNU grep has a very easy solution for this; the -A/B/C flags, as shown on my Mac

warwick egg$ grep --help
Usage: grep [OPTION]... PATTERN [FILE] ...
Search for PATTERN in each FILE or standard input.
Example: grep -i 'hello world' menu.h main.c

Regexp selection and interpretation:
  -E, --extended-regexp     PATTERN is an extended regular expression
  -F, --fixed-strings       PATTERN is a set of newline-separated strings
  -G, --basic-regexp        PATTERN is a basic regular expression
  -P, --perl-regexp         PATTERN is a Perl regular expression
  -e, --regexp=PATTERN      use PATTERN as a regular expression
  -f, --file=FILE           obtain PATTERN from FILE
  -i, --ignore-case         ignore case distinctions
  -w, --word-regexp         force PATTERN to match only whole words
  -x, --line-regexp         force PATTERN to match only whole lines
  -z, --null-data           a data line ends in 0 byte, not newline

Miscellaneous:
  -s, --no-messages         suppress error messages
  -v, --invert-match        select non-matching lines
  -V, --version             print version information and exit
      --help                display this help and exit
      --mmap                use memory-mapped input if possible

Output control:
  -m, --max-count=NUM       stop after NUM matches
  -b, --byte-offset         print the byte offset with output lines
  -n, --line-number         print line number with output lines
      --line-buffered       flush output on every line
  -H, --with-filename       print the filename for each match
  -h, --no-filename         suppress the prefixing filename on output
      --label=LABEL         print LABEL as filename for standard input
  -o, --only-matching       show only the part of a line matching PATTERN
  -q, --quiet, --silent     suppress all normal output
      --binary-files=TYPE   assume that binary files are TYPE
                            TYPE is 'binary', 'text', or 'without-match'
  -a, --text                equivalent to --binary-files=text
  -I                        equivalent to --binary-files=without-match
  -d, --directories=ACTION  how to handle directories
                            ACTION is 'read', 'recurse', or 'skip'
  -D, --devices=ACTION      how to handle devices, FIFOs and sockets
                            ACTION is 'read' or 'skip'
  -R, -r, --recursive       equivalent to --directories=recurse
      --include=PATTERN     files that match PATTERN will be examined
      --exclude=PATTERN     files that match PATTERN will be skipped.
      --exclude-from=FILE   files that match PATTERN in FILE will be skipped.
  -L, --files-without-match only print FILE names containing no match
  -l, --files-with-matches  only print FILE names containing matches
  -c, --count               only print a count of matching lines per FILE
  -Z, --null                print 0 byte after FILE name

Context control:
  -B, --before-context=NUM  print NUM lines of leading context
  -A, --after-context=NUM   print NUM lines of trailing context
  -C, --context=NUM         print NUM lines of output context
  -NUM                      same as --context=NUM
      --color[=WHEN],
      --colour[=WHEN]       use markers to distinguish the matching string
                            WHEN may be `always', `never' or `auto'.
  -U, --binary              do not strip CR characters at EOL (MSDOS)
  -u, --unix-byte-offsets   report offsets as if CRs were not there (MSDOS)

`egrep' means `grep -E'.  `fgrep' means `grep -F'.
With no FILE, or when FILE is -, read standard input.  If less than
two FILEs given, assume -h.  Exit status is 0 if match, 1 if no match,
and 2 if trouble.

Report bugs to <bug-gnu-utils@gnu.org>.

Unfortunately, Solaris grep, egrep or fgrep are not quite as advanced:

Usage: grep -hblcnsviw pattern file . . .

usage: egrep [ -bchilnsv ] [ -e exp ] [ -f file ] [ strings ] [ file ] ...

usage: fgrep [ -bchilnsvx ] [ -e exp ] [ -f file ] [ strings ] [ file ] ...

There is a script available written in perl called wgrep which is freely available from the internet somewhere (ask google). This wgrep does quite a good job of this with the -wB:A syntax, where B is a number of lines Before the match, and A is the number of line After the match:

Usage: wgrep [-n] [-w[B][:A] | -W] [-d] [-p] [-s] [-m] regexp file(s)
       -n = number lines
       -s = mark matched lines with asterisks
       -wB:A = display B lines before and A lines after
               each matched line [both default to 3]
       -W = suppress window; equivalent to -w0:0
       -d = suppress separation lines between sections
       -m = suppress file name header lines
       -p = plain mode: equivalent to -W -d
       -h = print this help message and exit
Note: If present, -h prevails; otherwise, the rightmost
      option wins in the case of contradictions.

-bash-3.00$ ./wgrep -w4:3 -n ^fish$ /usr/dict/words
********** /usr/dict/words **********
8756 firsthand
8757 fiscal
8758 Fischbein
8759 Fischer
8760 fish
8761 fisherman
8762 fishermen
8763 fishery

However, if you know where to look, and you had the foresight to include them on install, in Solaris 10, there is quite a nice collection of freeware tools under /usr/sfw and if you look hard enough (not that hard actually), you can find GNU grep:

-bash-3.00$ /usr/sfw/bin/ggrep --help
Usage: ggrep [OPTION]... PATTERN [FILE] ...
Search for PATTERN in each FILE or standard input.
Example: ggrep -i 'hello world' menu.h main.c

Regexp selection and interpretation:
  -E, --extended-regexp     PATTERN is an extended regular expression
  -F, --fixed-strings       PATTERN is a set of newline-separated strings
  -G, --basic-regexp        PATTERN is a basic regular expression
  -P, --perl-regexp         PATTERN is a Perl regular expression
  -e, --regexp=PATTERN      use PATTERN as a regular expression
  -f, --file=FILE           obtain PATTERN from FILE
  -i, --ignore-case         ignore case distinctions
  -w, --word-regexp         force PATTERN to match only whole words
  -x, --line-regexp         force PATTERN to match only whole lines
  -z, --null-data           a data line ends in 0 byte, not newline

Miscellaneous:
  -s, --no-messages         suppress error messages
  -v, --invert-match        select non-matching lines
  -V, --version             print version information and exit
      --help                display this help and exit
      --mmap                use memory-mapped input if possible

Output control:
  -m, --max-count=NUM       stop after NUM matches
  -b, --byte-offset         print the byte offset with output lines
  -n, --line-number         print line number with output lines
      --line-buffered       flush output on every line
  -H, --with-filename       print the filename for each match
  -h, --no-filename         suppress the prefixing filename on output
      --label=LABEL         print LABEL as filename for standard input
  -o, --only-matching       show only the part of a line matching PATTERN
  -q, --quiet, --silent     suppress all normal output
      --binary-files=TYPE   assume that binary files are TYPE
                            TYPE is 'binary', 'text', or 'without-match'
  -a, --text                equivalent to --binary-files=text
  -I                        equivalent to --binary-files=without-match
  -d, --directories=ACTION  how to handle directories
                            ACTION is 'read', 'recurse', or 'skip'
  -D, --devices=ACTION      how to handle devices, FIFOs and sockets
                            ACTION is 'read' or 'skip'
  -R, -r, --recursive       equivalent to --directories=recurse
      --include=PATTERN     files that match PATTERN will be examined
      --exclude=PATTERN     files that match PATTERN will be skipped.
      --exclude-from=FILE   files that match PATTERN in FILE will be skipped.
  -L, --files-without-match only print FILE names containing no match
  -l, --files-with-matches  only print FILE names containing matches
  -c, --count               only print a count of matching lines per FILE
  -Z, --null                print 0 byte after FILE name

Context control:
  -B, --before-context=NUM  print NUM lines of leading context
  -A, --after-context=NUM   print NUM lines of trailing context
  -C, --context=NUM         print NUM lines of output context
  -NUM                      same as --context=NUM
      --color[=WHEN],
      --colour[=WHEN]       use markers to distinguish the matching string
                            WHEN may be `always', `never' or `auto'.
  -U, --binary              do not strip CR characters at EOL (MSDOS)
  -u, --unix-byte-offsets   report offsets as if CRs were not there (MSDOS)

`egrep' means `grep -E'.  `fgrep' means `grep -F'.
With no FILE, or when FILE is -, read standard input.  If less than
two FILEs given, assume -h.  Exit status is 0 if match, 1 if no match,
and 2 if trouble.

Report bugs to <bug-gnu-utils@gnu.org>.

-bash-3.00$ /usr/sfw/bin/ggrep -B4 -A4 ^fish$ /usr/dict/words
firsthand
fiscal
Fischbein
Fischer
fish
fisherman
fishermen
fishery
fishmonger

Next time I promise to write about something less dull, but this nugget of useful information may really save you some time.

Paul.


September 20, 2010

SSL certifcates, CSR generation and the openssl batch command

This entry covers a recent discovery I made that has helped part automate our process of SSL CSR generation. I’m sure many of you, if you support ssl based websites are familiar with the openssl process of generating a CSR in order to submit to Verisign, Comodo or other CA and receive a shiny new certificate for installation under apache or similar.

This has been for me up until recently, a manual process, looking something like the following under openssl

1. Generate a key;

# /usr/sfw/bin/openssl
OpenSSL> genrsa -out my.website.com.key 2048
Generating RSA private key, 2048 bit long modulus
...................................+++
..........+++
e is 65537 (0x10001)

2. Generate the CSR:

OpenSSL> req -new -key my.website.com.key -out my.website.com.csr
  You are about to be asked to enter information that will be incorporated
  into your certificate request.
  What you are about to enter is what is called a Distinguished Name or a DN.
  There are quite a few fields but you can leave some blank
  For some fields there will be a default value,
  If you enter '.', the field will be left blank.
  -----
  Country Name (2 letter code) [US]:GB
  State or Province Name (full name) [Some-State]: Gloucestershire
  Locality Name (eg, city) []:Chipping Sodbury
  Organization Name (eg, company) [Unconfigured OpenSSL Installation]:The Donkey Sanctuary
  Organizational Unit Name (eg, section) []:WebSupport
  Common Name (eg, YOUR name) []:my.website.com
  Email Address []:
   
  Please enter the following 'extra' attributes
  to be sent with your certificate request
  A challenge password []:
  An optional company name []:
  OpenSSL> quit

3. Send the file my.website.com.csr to your SSL Certificate Authority and wait for your new certificate.

Given that most of us will support many sites, and the data to be input for each CSR will change only very slightly (often, just the website name) I knew there had to be a better way, and there is. There is a -batch parameter that when combined with the -config option allows you to provide a config file as input for the command and avoid having to type the parameters each time. The command will look something like:

/usr/sfw/bin/openssl req -batch -new -key my.website.com.key -out my.website.com.csr -config config-file.txt
 

The config file format isn’t too hard to get right either, here is an example:

 RANDFILE               = $ENV::HOME/.rnd

 [ req ]
 default_bits           = 1024
 default_keyfile        = keyfile.pem
 distinguished_name     = req_distinguished_name
 attributes             = req_attributes
 prompt                 = no
 output_password        = mypass

 [ req_distinguished_name ]
 C                      = GB
 ST                     = Test State or Province
 L                      = Test Locality
 O                      = Organization Name
 OU                     = Organizational Unit Name
 CN                     = Common Name
 emailAddress           = test@email.address

 [ req_attributes ]
 challengePassword              = A challenge password

I hope you find this useful.

Paul.


September 17, 2010

automated zfs snapshot of zone test

Writing about web page http://wikis.sun.com/display/OpenSolarisInfo/How+to+Manage+the+Automatic+ZFS+Snapshot+Service

While I was working on a perl script for automating ZFS snapshots I happened to discover the automatic ZFS snapshot service for opensolaris by Tim Foster.

http://wikis.sun.com/display/OpenSolarisInfo/How+to+Manage+the+Automatic+ZFS+Snapshot+Service

Which is, of course, exactly what I need – the problem is that I need it to run on Solaris 10, for which it is not currently available. However, this thread on Tim’s blog (especially the comments) suggest that it is possible to get the service working, without the time slider element on Solaris 10:

http://blogs.sun.com/timf/entry/zfs_automatic_snapshots_0_12

So, I attempted yesterday to get this installed, compiled into an SVR4 package with pkgmk and pktrans and install it on Solaris 10. It was remarkably straightforward and early testing shows it to work very well.

First, get the ‘bits’ and make the pkg as described on Tim’s blog, using hg to clone and make to create the pkg tree.

$ hg clone ssh://anon@hg.opensolaris.org/hg/jds/zfs-snapshot

Before actually creating the package, there are 3 changes as detailed by Eli Kleinamm, again on the blog comment : http://blogs.sun.com/timf/entry/zfs_automatic_snapshots_0_12

These changes are made in
~/auto-snapshot/zfs-snapshot/src/lib/svc/method

# vi zfs-auto-snapshot

Change:

1) The shell to run in /usr/dt/bin/dtksh

2) Remove on line 511 and 517 the -o com.sun:auto-snapshot-desc=”$EVENT”,

and

3)Remove the space/tab on line 970 between $SWAPVOLS and
$(echo
 SWAPVOLS=”$SWAPVOLS$(echo $swap | sed -e ’s#/dev/zvol/dsk/##’)”

Once done, run make – it should create a pkg format file tree for you in the current working directory – read the Makefile, its not long.

Next, create the pkg datastream for portability

$ pkgtrans -s . /var/spool/pkg/SUNWzfs-auto-snapshot.pkg SUNWzfs-auto-snapshot
Transferring <SUNWzfs-auto-snapshot> package instance

This will now simply pkgadd to a Solaris 10 system. I can’t help but think this is particularly awesome, but as a colleague pointed out – this now really has to go through some very extensive testing before any rollout. I still think its a lot better than my dangerous perl scripting attempts.

This will now (if I can get agreement internally) be added as a package to the standard build for all Solaris 10 hosts using ZFS within our control.

The service provides 5 SMF services for managing automatic snapshots. These are:

svc:/system/filesystem/zfs/auto-snapshot:monthly
svc:/system/filesystem/zfs/auto-snapshot:weekly
svc:/system/filesystem/zfs/auto-snapshot:daily
svc:/system/filesystem/zfs/auto-snapshot:hourly
svc:/system/filesystem/zfs/auto-snapshot:frequent

Enable these to have snapshots taken at a regularity as suggested by the name. Each has properties to tune, the most notable being how many snapshots to retain;

-bash-3.00$ svccfg -s auto-snapshot:daily listprop zfs/keep
zfs/keep  astring  31

-bash-3.00$ svccfg -s auto-snapshot:frequent listprop zfs/keep
zfs/keep  astring  4

-bash-3.00$ svccfg -s auto-snapshot:frequent listprop zfs/period
zfs/period  astring  15

The defaults for daily and frequent being 1 months worth of dailies and 4 frequents. Frequent is defined initially as once every 15 mins as shown by the zfs/period property.

Whether a ZFS dataset is snapshot’ed or not is controlled by a user level ZFS property com.sun:auto-snapshot which can be true or false for a dataset and com.sun:auto-snapshot:frequent, com.sun:auto-snapshot:daily, etc, etc properties for each periodicity as required. These are inherited, so it is probably a good idea to set com.sun:auto-snapshot to false at the root of a pool and then change the required sub-datasets to true as needed. Perhaps an example would help;

-bash-3.00$ pfexec zfs set com.sun:auto-snapshot=true datapool/zfstestz1_ds
-bash-3.00$
-bash-3.00$ pfexec zfs set com.sun:auto-snapshot=false rpool              
-bash-3.00$ pfexec zfs set com.sun:auto-snapshot=true rpool/export
-bash-3.00$ pfexec zfs set com.sun:auto-snapshot:frequent=true rpool/export
-bash-3.00$ pfexec zfs set com.sun:auto-snapshot:frequent=true datapool/zfstestz1_ds
-bash-3.00$

<getting bored with pfexec for each cmd>
-bash-3.00$ pfexec bash
bash-3.00# zfs set com.sun:auto-snapshot=false rpool/dump
bash-3.00# zfs set com.sun:auto-snapshot=false rpool/swap

bash-3.00# cat /etc/release
                       Solaris 10 10/09 s10x_u8wos_08a X86
           Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
                        Use is subject to license terms.
                           Assembled 16 September 2009
bash-3.00#
bash-3.00# svcs -a |grep snapshot
disabled       17:59:54 svc:/system/filesystem/zfs/auto-snapshot:monthly
disabled       17:59:54 svc:/system/filesystem/zfs/auto-snapshot:weekly
disabled       17:59:54 svc:/system/filesystem/zfs/auto-snapshot:daily
disabled       17:59:54 svc:/system/filesystem/zfs/auto-snapshot:hourly
online         18:00:44 svc:/system/filesystem/zfs/auto-snapshot:event
online         18:09:18 svc:/system/filesystem/zfs/auto-snapshot:frequent
bash-3.00#

bash-3.00#
bash-3.00# zfs list -t snapshot | grep frequent
datapool@zfs-auto-snap_frequent-2010-09-23-1809                   0      -  28.0K  -
datapool/zfstestz1_ds@zfs-auto-snap_frequent-2010-09-23-1809      0      -  28.0K  -
rpool/export@zfs-auto-snap_frequent-2010-09-23-1809               0      -    23K  -
rpool/export/home@zfs-auto-snap_frequent-2010-09-23-1809          0      -   954K  -

bash-3.00#
bash-3.00# pkginfo SUNWzfs-auto-snapshot
application SUNWzfs-auto-snapshot ZFS Automatic Snapshot Service
bash-3.00#

bash-3.00# date
Thursday, 23 September 2010 18:15:48 BST

bash-3.00# zfs list -t snapshot | grep frequent
datapool@zfs-auto-snap_frequent-2010-09-23-1809                   0      -  28.0K  -
datapool@zfs-auto-snap_frequent-2010-09-23-1815                   0      -  28.0K  -
datapool/zfstestz1_ds@zfs-auto-snap_frequent-2010-09-23-1809      0      -  28.0K  -
datapool/zfstestz1_ds@zfs-auto-snap_frequent-2010-09-23-1815      0      -  28.0K  -
rpool/export@zfs-auto-snap_frequent-2010-09-23-1809               0      -    23K  -
rpool/export@zfs-auto-snap_frequent-2010-09-23-1815               0      -    23K  -
rpool/export/home@zfs-auto-snap_frequent-2010-09-23-1809          0      -   954K  -
rpool/export/home@zfs-auto-snap_frequent-2010-09-23-1815          0      -   954K  -

I think this should prove to be very useful for us, I would be very interested, as usual in hearing your comments.

Paul.


September 15, 2010

Analysis of zone capacity on an x4170

This blog entry, wasn’t intended to be published. It was simple a place for me to collect my thoughts on the state of one of our servers and its remaining capacity for extra zones.

The server is an X4170 with 2 Quad-Core AMD Opterons and 64gb of ram. It is currently running 11 zones, each running an instance of apache and an instance of tomcat. The load currently looks reasonably light, certainly from a CPU viewpoint:

ZONEID    NPROC  SWAP   RSS MEMORY      TIME  CPU ZONE
     0       61 1314M 1308M   2.0% 804:24:29 2.9% global
    13       58 1381M  936M   1.4%  35:16:01 0.5% zoneA
    16       45 1238M  496M   0.8%  11:20:16 0.2% zoneB
    29       55 1378M  576M   0.9%   4:30:13 0.1% zoneC
     9       47 1286M  496M   0.8%  21:08:49 0.1% zoneD
     2       60 1290M  464M   0.7%   7:35:19 0.0% zoneE
     7       51 1298M  460M   0.7%   6:50:11 0.0% zoneF
    24       57  835M  896M   1.4%  17:14:18 0.0% zoneG
    27       45  138M  191M   0.3%   7:52:47 0.0% zoneH
     4       47  345M  408M   0.6%  11:26:22 0.0% zoneI
Total: 573 processes, 2649 lwps, load averages: 0.38, 0.29, 0.27

Note that each zone is consuming several hundred meg of ram (see RSS column), this consumption will almost certainly be due to the java heap settings / sizings of the various tomcat instances.

Lets take a look at one of the zones

>  zlogin zoneA ps -futomcat
     UID   PID  PPID   C    STIME TTY         TIME CMD
  tomcat 29407 29406   0   Jun 07 ?        1294:57 /usr/java/bin/java -Djava.util.logging.config.file=/usr/local/tomcat/conf/loggi
  tomcat 29406 20781   0   Jun 07 ?           0:47 /usr/local/sbin/cronolog /usr/local/tomcat/logs/catalina.out.%Y-%m-%d

How to interrogate this process to find the resident set size? Well, there are a few options; hunt down the config entries that lauch this tomcat server (usually set as a var CATALINA_OPTS), take the easy route and use prstat or the ‘process tools’ such as pmap. Ever used pmap? pmap -x will show more detail about the address space mapping of a process than you ever wanted to know; shown below, we can see that the tomcat process in zoneA is using >700mb of ram.

bash-3.00# pmap -x 29407
29407:  /usr/java/bin/java -Djava.util.logging.config.file=/usr/local/tomcat/c
 Address  Kbytes     RSS    Anon  Locked Mode   Mapped File
08008000      12       -       -       - -----    [ anon ]
0803D000      44      44      44       - rwx--    [ stack ]
<... truncated ...>
FEFF0000       4       4       4       - rwx--    [ anon ]
FEFFB000       8       8       8       - rwx--  ld.so.1
FEFFD000       4       4       4       - rwx--  ld.so.1
-------- ------- ------- ------- -------
total Kb 1349932  780360  744800       -

Thought 1, there is only 6gb of free memory (as defined as actually on the freelist). Where is it all? I would expect that the ZFS arc cache will be consuming the lions share, and this blog entry will show you how to check. As applications use more ram, ZFS should behave and reluinquish the previously “unused” ram; but remember that reducing ZFS’s available allocation (by default 7/8ths of RAM) will in theory impact read performance as we will likely see more cache misses. ZFS should be pretty good at reducing the arc size as the system requests more and more ram. Let’s check the numbers, both of ram used for arc and the cache efficiency statistics.

Here is the mdb memstat that shows the memory usage detail:

bash-3.00# echo "::memstat" | mdb -k
Page Summary                Pages                MB  %Tot
------------     ----------------  ----------------  ----
Kernel                   13015620             50842   78%
Anon                      1416662              5533    8%
Exec and libs               42400               165    0%
Page cache                 695383              2716    4%
Free (cachelist)            27757               108    0%
Free (freelist)           1577146              6160    9%

Total                    16774968             65527
Physical                 16327309             63778
bash-3.00#

Rather a lot used by the kernel (indicative of ZFS arc usage), rather than anon, exec and libs, note also a currently a rather small freelist as a percentage of total physical ram, but as mentioned I suspect ZFS will be consuming a lot (perhaps 40g plus?) of the othewise unused ram.

The free memory values and zfs arc stats can conveniently be confirmed with a quick look at the kstats via arc_summary, which is an incredibly useful tool written by Ben Rockwood (thanks Ben) which saves us all an immense amount of time both remember how, where and which kstats to interrogate for memory and zfs statistics.

Get it here: http://cuddletech.com/arc_summary/

System Memory:
         Physical RAM:  65527 MB
         Free Memory :  4369 MB
         LotsFree:      996 MB

The arcsize, as suspected is large; at over 45gb

ARC Size:
         Current Size:             46054 MB (arcsize)

The ARC cache, is however doing a good job with that 45gb, a hit ratio of 96% isn’t bad.

ARC Efficency:
         Cache Access Total:             4384785832
         Cache Hit Ratio:      96%       4242292557     [Defined State for buffer]
         Cache Miss Ratio:      3%       142493275      [Undefined State for Buffer]
         REAL Hit Ratio:       92%       4060875546     [MRU/MFU Hits Only]

Notice also that the ARC is doing a fairly reasonable job of correctly predicting our prefetch requirements, 36% isn’t too bad compared to a directly demanded cache hit rate of 72%.

         Data Demand   Efficiency:    72%
         Data Prefetch Efficiency:    36%

OK, so in theory if we keep adding zones we have to be very careful about the available ram allocations given that these zones are running some reasonably memory-hungry (tomcat) java instances. As more and more memory is allocated to apache/tomcat and java within new zones, less and less ram will be available for the zfs arc. This will need some careful monitoring.

Currently the cpu usage on this server is also fairly light, but I have no view of the future levels of usage or traffic intended to run through these services. I’ll park this one for now.

Thought 2, disk space. Currently the zones have a zfs dataset allocated in the root pool for each zone root:

rpool/ROOT/s10x10-08/zones/zoneB                      6.23G  5.77G  6.23G  /zones/zoneB

Each of which has a 12gb quota, the output above (from zfs list) is typical of the usage for the zones, around 50% of the 12g quota. There are 11 zones, each with this 12gb quota, giving a potential total usage of 132gb. The entire root pool is only 136gb and already has just 32.5 gb available as shown by zfs list:

root > zpool list
NAME       SIZE   USED  AVAIL    CAP  HEALTH  ALTROOT
datapool   816G  31.2G   785G     3%  ONLINE  -
rpool      136G   104G  32.5G    76%  ONLINE  -

It seems, then, rather than concerning myself about memory or cpu usage on this server, unless we find elsewhere for the zone root filesystems, we are likely to run out of local storage space way before we stretch the capabilities of this server.

Soon a blog entry on increasing the size of your root pool with some mirror juggling, I’ve done this successfully on a VM, I just need a test server to perfect the process.

Comments welcome.

Paul


September 13, 2010

Installation of rsync on Solaris 10

I recently needed to synchronise a web server I look after to a remote backup. Here are my notes on the installation of rsync, the prerequisite packages and a brief note on the usage I implemented for the rsync command.

You can obtain rsync from www.sunfreeware.com, along with the pre-requisites to run it. It is also available from www.blastwave.org if you prefer.

The packages required before you install rsync are:

- libgcc-3.4.6-sol10-sparc-local.gz
- popt-1.14-sol10-sparc-local.gz
- libiconv-1.13.1-sol10-sparc-local.gz
- libintl-3.4.0-sol10-sparc-local.gz

Download each from www.sunfreeware.com, unzip and pkgadd. Below is an example for the gcc libraries, output omitted. It is worth noting that you will have these libraries if you have gcc installed, which this particular server didn’t.

# /usr/sfw/bin/wget ftp://ftp.sunfreeware.com/pub/freeware/sparc/10/libgcc-3.4.6-sol10-sparc-local.gz

# gunzip libgcc-3.4.6-sol10-sparc-local.gz 

# pkgadd -G -d libgcc-3.4.6-sol10-sparc-local 

The rsync syntax I used to actually perform the synchronisation was

 /usr/local/bin/rsync -avz --delete -e ssh <username>@<host>:/source-dir/source-subdir/  /local-destination-dir/local-dest-subdir

This is explained thus:

-a : archive mode : this ensures that all symbolic links, devices, attributes, permissions and ownerships are preserved in the transfer.
-v : verbose mode : this lists the file sync list as well as statistics about the transfer time and data volume
-z : compression : this trades transfer data volume for cpu cycles by compressing the data before sending over the wire

—delete : this option will remove files in the destination directory if they no longer exist in the source tree
-s ssh : this is the transport option, advantages of using ssh are obviously encryption and secure no-password logins with RSA keys

Another point of worthy note is the trailing slash on the source directory path. This is significant because it tells rsync to copy the contents of the directory, rather than the directory itself, omit this and you will likely end up with the source directory being (re)-created inside the destination/target directory. Just be aware, so you can choose the behaviour you need.

The output will look something like below (which is just a test run on an apache logs directory to show the operation).

syncing /opt/coolstack/apache2/logs/ /backups/webserv/opt/coolstack/apache2/logs
receiving incremental file list
access_log
error_log
ssl_request_log

sent 244123 bytes  received 72351 bytes  3313.86 bytes/sec
total size is 589183260  speedup is 1861.71

As usual, this is mostly for my benefit, but I hope it helps you too.


Installation of jvmstat on Solaris

Writing about web page http://java.sun.com/performance/jvmstat/

The installation of jvmstat on Solaris really is very straightforward. These notes are more a quick reminder for myself rather than anything else, but perhaps it will be of benefit to others to find the information in one place.

First step; I downloaded jvmstat from http://java.sun.com/performance/jvmstat/

The installation is very simple, just unzip the file into /usr/local :

# cd -
/usr/local
# cp /var/spool/pkg/jvmstat-2.0_b11.zip .
# unzip jvmstat-2.0_b11.zip
Archive:  jvmstat-2.0_b11.zip
   creating: jvmstat/
   creating: jvmstat/policies/
< ... truncated ... >
  inflating: jvmstat/docs/install/windows.html
  inflating: jvmstat/docs/install/solaris.html

I chose to install jvmstat 2.0, although 3.0 is available because 3.0 requires Java 1.5.0. At the time of install, I didn’t realise that 1.5.0 was available in /usr/local/jdk1.5.0_16/. I may upgrade later.

The environment variable of worthy note that you would need to set are:

# echo $PATH
/usr/sbin:/usr/bin:/usr/local/jvmstat/bin:/usr/java/bin
# echo $JAVA_HOME
/usr/java

Once this is all done, the Java VMs running on the system can be found with jvmps (jps in version 3.0) and a quick command line test can be run with jvmstat (jstat in version 3.0):

# jvmps
6803 jvmps.jar
1928 org.apache.catalina.startup.Bootstrap

# jvmstat -gcutil 1928 1000 3
  S0     S1     E      O      P     YGC     YGCT    FGC    FGCT     GCT
  0.00  47.48  83.34   6.96  99.40     85    0.881     4    2.204    3.085
  0.00  47.48  83.34   6.96  99.40     85    0.881     4    2.204    3.085
  0.00  47.48  83.34   6.96  99.40     85    0.881     4    2.204    3.085

The GUI can be run with ‘visualgc ’ which I tested and works fine, you will need to have an Xserver to display the output on though.


September 10, 2010

Fun with tomcat and jvmstat on Mac OS


Today I needed to install visualgc for tomcat on Solaris.  Now, GC analysis and configuration of the tools required to do so is something I've not done in a number of years. So, as a small exercise designed to re-familiarise myself with the foibles of tomcat, garbage collection, java command line configuration options and so on I ventured on a brief excursion into the world of tomcat, java and jvmstat on Mac OS X.  It is Unix, afterall, so what could be so hard - right?

First task, download and install tomcat. This really couldn't be simpler, a zipped tar file to install pretty much wherever you choose. A typical, popular location is /usr/local. I have chosen /usr/local/tomcat.

I downloaded apache-tomcat-5.5.30.tar.gz (there are later versions available depending on your requirements, but this is the version I will be monitoring at work) from http://tomcat.apache.org/

Copy the file into /usr/local and extract

$ gnutar -xzvf apache-tomcat-5.5.30.tar.gz


Change the ownership to your local user and group:

$ chown -R egg:staff apache-tomcat-5.5.30


In order to start and stop tomcat with the correct details for CATALINA_HOME etc, you'll need tomcat stop and start scripts.  I used the following, fairly standard looking scripts that I placed into $HOME/bin, please note that the variables will of course vary depending on your configuration.  Worthy of note here is that I *did not* eventually use JAVA_HOME set to /usr - more on that later.

start_tomcat

#!/bin/sh
export CATALINA_HOME=/usr/local/apache-tomcat-5.5.30
export JAVA_HOME=/usr
$CATALINA_HOME/bin/startup.sh


stop_tomcat

#!/bin/sh
export CATALINA_HOME=/usr/local/apache-tomcat-5.5.30
export JAVA_HOME=/usr
$CATALINA_HOME/bin/shutdown.sh


As mentioned, a good place for these are in your local home directory, but this may vary depending on your environment. I put them in ~/bin/start_tomcat and ~/bin/stop_tomcat. Don't forget to make them executable.

For my purposes, I created a tomcat-env.sh script that can be used to  some CATALINA_OPTS, I was only really interested in changing the java min and max heap sizes for now:

$ cat tomcat-env.sh
CATALINA_OPTS=$CATALINA_OPTS" -Xms512m -Xmx512m"
export CATALINA_OPTS


You should now be able to run ~/bin/start_tomcat and connect to http://localhost:8080 to be greeted with your tomcat installation home page. 

Next, download jvmstart from http://java.sun.com/performance/jvmstat/

I chose to put this in /usr/local/jvmstat, again, this is local site install dependent.

$ cp /Users/egg/Downloads/jvmstat-3_0.zip /usr/local
$ unzip jvmstat-3_0.zip


I created a ~/jvmstat-env.sh to set required variables for jvmstat:

export JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home
PATH=JVMSTAT_HOME/bin:JAVA_HOME/bin:$PATH
export PATH
export JVMSTAT_JAVA_HOME=$JAVA_HOME


This is where I should say something about the madness of JDKs on MacOS. Under most OSes, the Java JDK has a ~/lib/tools.jar that the jvmstat tools rely on. In fact, jvmstat (more specificailly visualgc) looks for this file to determine whether you have pointed your java home at a jre or a jdk.  If visualgc thinks you don't have a complete jdk you get the following rather helpful error:

$ /usr/local/jvmstat/bin/visualgc 8650
The java.exe found at:
/System/Library/Frameworks/JavaVM.framework/Versions/1.5.0/Home
is not in a JDK directory. Please set and export your
JVMSTAT_JAVA_HOME environment variable to refer to a
directory containing the Sun J2SE 1.5.0 JDK (not a JRE)


Yes, this is Mac OS, and yes it does bizarrely refer to 'java.exe'.  A little investigation shows that visualgc is indeed looking for the tools.jar on start:

# check that we are dealing with a JDK, not a JRE or installed JDK
if [ ! -f "${JVMSTAT_JAVA_HOME}/lib/tools.jar" ] ; then
jreerror
fi


Under MacOS, however, the equivalent to tools.jar is classes.jar. I am yet to establish why this should be different. The Java home isn't to be found in /usr either, that directory just contain a /usr/bin/java symlink to the latest runtimes for Java applications on your Mac, instead I found I had to set a java home to:

export JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home

Or, if you are lucky, the following may work :

export JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Home

However, classes.jar only seemed to exist in /System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Classes/classes.jar

So, with JAVA_HOME set to /System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home

I created a symbolic link from /System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/lib/tools.jar to /System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Classes/classes.jar, now visualgc would finally start without the error.

Once you have tomcat installed, the jvmstat installed, the jvmstat-env.sh set correctly and the java home set with a valid tools.jar / classes.jar you should be able to start tomcat, test jvmstat using gcutil at the command line and finally launch visualgc with some success:

$ . tomcat-env.sh
$ . jvmstat-env.sh
$ bin/start_tomcat
Using CATALINA_BASE: /usr/local/apache-tomcat-5.5.30
Using CATALINA_HOME: /usr/local/apache-tomcat-5.5.30
Using CATALINA_TMPDIR: /usr/local/apache-tomcat-5.5.30/temp
Using JRE_HOME:       /System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home
Using CLASSPATH:     /usr/local/apache-tomcat-5.5.30/bin/bootstrap.jar


Lets check tomcat is running:

$ ps -ef |grep java
501 86749   1 0 0:00.24 ttys002   0:03.39 /System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/bin/java
-Djava.util.logging.config.file=/usr/local/apache-tomcat-5.5.30/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Xms512m -Xmx512m -Xms512m -Xmx512m -Xms512m -Xmx512m
-Djava.endorsed.dirs=/usr/local/apache-tomcat-5.5.30/common/endorsed
-classpath /usr/local/apache-tomcat-5.5.30/bin/bootstrap.jar
-Dcatalina.base=/usr/local/apache-tomcat-5.5.30
-Dcatalina.home=/usr/local/apache-tomcat-5.5.30
-Djava.io.tmpdir=/usr/local/apache-tomcat-5.5.30/temp
org.apache.catalina.startup.Bootstrap start

Marvellous.

Now find the process id of interest, the easy way:

$ jps
86749 Bootstrap
86754 Jps


We are interested in 'Bootstrap' (org.apache.catalina.startup.Bootstrap)

Let's test the jvmstat with gcutil on the command line, using the process number (86749) gleaned from jps:

$ jstat -gcutil 86749 1000 3
S0   S1   E     O     P   YGC   YGCT   FGC   FGCT   GCT  
0.00 97.05 66.06 0.00 67.34     1   0.020   0   0.000   0.020
0.00 97.05 66.06 0.00 67.34     1   0.020   0   0.000   0.020
0.00 97.05 66.06 0.00 67.34     1   0.020   0   0.000   0.020


Looks good, and as long as we have the java home, and the link from tools.jar to classes.jar as described above, we should be able to lauch visualgc:

$ /usr/local/jvmstat/bin/visualgc 86749


visualgc screenshot


Voila! All the Garbage Collection information you could wish for, or nearly :)  Start here for more information http://java.sun.com/performance/jvmstat/visualgc.html.  I'd be interested to know if others have ventured into the world of GC analysis using jvmstat on Mac OSX or equally, any further comments on the classes.jar / tools.jar saga.



September 2020

Mo Tu We Th Fr Sa Su
Aug |  Today  |
   1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30            

Search this blog

Tags

Galleries

Most recent comments

  • Started sorting out new vers for sparc: http://blogs.warwick.ac.uk/mariamaccallum/entry/apache_249_i… by Maria MacCallum on this entry
  • Solaris 11.1 is slightly different, I only had to do this before starting ipfilter: svccfg –s setpro… by Maria MacCallum on this entry
  • Really useful information, thanks a lot! I do a NAT using IPFILTER and all was working good, until I… by Nilton on this entry
  • Paul, Thanks for your information. It got me started quickly. I have discovered , thought I've not s… by Tom C on this entry
  • Are you familiar with the Monty Python sketch? by Ian Eiloart on this entry

Blog archive

Loading…
RSS2.0 Atom
Not signed in
Sign in

Powered by BlogBuilder
© MMXX