msgbartop
Blog di Dino Ciuffetti (Bernardino in realtà)
msgbarbottom

10 Ago 16 Shared memory and huge pages

This script can be used to determine how many shared memory is used by “oracle” user’s processes, and how many huge page memory is used:

t=0; for i in `ipcs -m  | grep oracle | awk ‘{print $5}’`; do echo “Oracle consumed other $i bytes”; let t=t+$i; done

echo
echo “Consumed by oracle as shared memory segments: $t bytes”
let t=t/1024
let g=t/1024/1024;
echo “Memory conversions: ~ $t kbytes | ~ $g GB”

hugepagetot=`cat /proc/meminfo | grep HugePages_Total | awk -F’:’ ‘{print $2}’`
hugepagefree=`cat /proc/meminfo | grep HugePages_Free | awk -F’:’ ‘{print $2}’`
let usedhugepages=hugepagetot-hugepagefree
let totkbinhigepage=usedhugepages*2048

echo “Total hugepage usage in kb: $totkbinhigepage”

04 Ago 16 Change date format to tomcat log catalina.out

If you need to change your catalina.out date and time format, you can add this line to your tomcat/conf/logging.properties:

1catalina.java.util.logging.SimpleFormatter.format=[%1$td.%1$tm.%1$tY %1$tH:%1$tM:%1$tS,%1$tL] %4$s [%2$s] %5$s %6$s %n

 

06 Mag 16 How to convert URI to query string parameters with mod_rewrite

You may need to convert URI levels to query string parameters, for example if want to be RESTful compliant with PHP.

Try this one:

RewriteEngine on
RewriteRule ^/(\w+)/(\w+)$ /path_of_index.php?lev1=$1&lev2=$2 [QSA,L]

In this case the first URI level will be converted to a query string parameter called lev1, while the second will be converted to a query string parameter called lev2, each one with the respective values.

For example, the uri /user/list will be passed to index.php and will become index.php?lev1=user&lev2=list

An eventual query string will be passed, eventually overriding lev1 and lev2 parameters.

16 Apr 16 How to check if JCE Unlimited Strength policy is installed

JCE Unlimited Strength policy files are two files distributed by Oracle (this is for jdk8: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html) that must be installed inside your JDK/jre/lib/security path if you want to unlock high strength cryptographic security for you java environment.

You need it for sure in a server environment outside USA.

If you don’t have this stuff installed, your jboss, tomcat, or any other server or client with a keylength higher than 1024 will not work.
To enable JCE Unlimited Strength you simply need to unzip the file downloaded from Oracle and copy US_export_policy.jar and local_policy.jar files in <JDK>/jre/lib/security.

You can check if JCE is unlimited using this command:

jrunscript -e ‘exit (javax.crypto.Cipher.getMaxAllowedKeyLength(“RC5”) >= 256);’; if [ $? -eq 1 ]; then echo “JCE Unlimited OK”; else echo “JCE NOT Unlimited”; fi

The jrunsctipt command is installed inside your JDK/bin path.

 

09 Apr 16 Getting in love with Docker Machine!!

Docker is becoming the “today standard” of lxs linux containers.
I think I will avoid learning Kubernetes to handle dockerized hosts, and I will study Docker Engine, Docker Swarm and Docker Machine and its REST APIs instead.

I started from here: https://docs.docker.com/machine/overview/

24 Nov 15 HTTP request header from a query string parameter on apache reverse proxy

Suppose you have a apache httpd server working as a reverse proxy. Now suppose that this server has to set a HTTP request header called “token” to be attached to every request made to the backends, and that the header’s value must be copied from a query string parameter called “querytoken”.

This can be simply done with the help of mod_headers + mod_rewrite.

RewriteEngine On
RewriteCond %{QUERY_STRING} (?:^|&)querytoken=([^&]+)
RewriteRule (.*) - [E=QS_TOKEN:%1]

RequestHeader set token %{QS_TOKEN}e env=QS_TOKEN
ProxyPass / http://your_backend/

Will your external client make a request like this:

GET /?querytoken=somestuff HTTP/1.0
Host: example

The request header that apache will do to the backend will be something like this:

GET /?token=somestuff HTTP/1.1
Host: 127.0.0.1:1234
token: somestuff
X-Forwarded-For: 127.0.0.1
X-Forwarded-Host: example
X-Forwarded-Server: myserver.linux
Connection: Keep-Alive

The request header “token” with value “somestuff” is added to the request made to the backend.

04 Nov 15 Rescan iSCSI volume after resize on linux

If you need to resize a iSCSI volume you need to:

  1. resize the volume on the iSCSI target (ietd)
  2. rescan the volume on the iSCSI initiator (open-iscsi)
  3. resize the fs, if any

I’ll skip the resize procedure on the target, because it depends on how it’s made (lvresize, dd, etc).

The procedure to rescan the volume on the initiator (open-iscsi) is very simple and can be accomplished online.

iscsiadm -m node -R

Then, you can grow the filesystem, if any (xfs_grofs, resize_reiserfs, resize2fs, depending on your fs type).

30 Ott 15 How to check SSL/TLS protocol for a given server

If you need to check which SSL/TLS protocol version is implemented by your webserver, you can issue the following command:

dino@dam2knb:~$ echo | openssl s_client -connect 10.38.46.137:8443 2>&1 | grep Protocol
Protocol : TLSv1.2

30 Set 15 apache [error] (13)Permission denied: Cannot create SSLMutex

On one of the servers of one of my clients, a Solaris 5.8 sparc host, apache did not want to start.
It wrote the following error message on the error_log file:
cojo1@myserver $ cat error_log
[Wed Sep 30 12:24:11 2015] [error] (13)Permission denied: Cannot create SSLMutex

The problem, in my case, was about the permissions on /tmp.
Since these machines can be accessed by hundred people, someone thought well to change /tmp permissions to 0775. Everybody knows that if whould be 1777 instead.
The lack of both the sticky bit and write permissions to other did not make apache starting for non root users.

Hope this help someone.
Ciao, Dino.

27 Gen 15 How to get the device mapper name associated to LVM logical volumes

This is how to get the device mapper name (dm-1, dm-2, etc) associated to each LVM logical volume:

lvdisplay|awk '/LV Name/{n=$3} /Block device/{d=$3; sub(".*:","dm-",d); print d,n;}'