jeudi août 14, 2008

tiny zone to run apache

Even if communities around Solaris Zones and available documentation are great

I had difficulties to answer this simple question :
How to create a zone a small as possible to run only Apache/MySQL in it ?


I've just needed a web server (and MySQL) to run a site with very limited activity.

All this contained in a zone. So I needed a zone with a minimum footprint which won't disturb me

on my host which is not a beast.


After trying to aggregate all I've read, I am not pretending that this is the perfect answer but

here what I've done : (I used a ZFS pool present on my host)

#zfs create tank/tinyzone
#zfs set mountpoint=/tinyzone
#zfs set quota=500M tank/tinyzone
...
#dispadmin -d FSS   (need a reboot/init 6)
...
#zonecfg -z tinyzone
zonecfg:tinyzone> create
zonecfg:tinyzone> set zonepath=/tinyzone
zonecfg:tinyzone> set autoboot=true
zonecfg:tinyzone> set scheduling-class=FSS
zonecfg:tinyzone> set ip-type=shared
(on my host /opt contains lots of packages)
zonecfg:tinyzone> add inherit-pkg-dir
zonecfg:tinyzone:inherit-pkg-dir> set dir=/opt
zonecfg:tinyzone:inherit-pkg-dir> end
zonecfg:tinyzone> add net
zonecfg:tinyzone:net> set address=x.x.x.x
zonecfg:tinyzone:net> set physical=bge0
zonecfg:tinyzone:net> set defrouter=x.x.x.x
zonecfg:tinyzone:net> end
(global zone will receive a lot more shares)
zonecfg:tinyzone> set cpu-shares=1
zonecfg:tinyzone> add capped-memory
zonecfg:tinyzone:capped-memory> set physical=512M
zonecfg:tinyzone:capped-memory> set swap=512M
zonecfg:tinyzone:capped-memory> end
zonecfg:tinyzone> verify
zonecfg:tinyzone> commit
zonecfg:tinyzone> exit
...
#chmod 700 /tinyzone
#zonecfg -z tinyzone info
zonename: tinyzone
zonepath: /tinyzone
brand: native
autoboot: true
bootargs:
pool:
limitpriv:
scheduling-class: FSS
ip-type: shared
[cpu-shares: 1]
inherit-pkg-dir:
        dir: /lib
inherit-pkg-dir:
        dir: /platform
inherit-pkg-dir:
       dir: /sbin
inherit-pkg-dir:
        dir: /usr
inherit-pkg-dir:
        dir: /opt
net:
        address: 1.2.3.4
        physical: bge0
        defrouter: 1.2.3.1
capped-memory:
        physical: 512M
        [swap: 512M]
rctl:
        name: zone.cpu-shares
        value: (priv=privileged,limit=1,action=none)
rctl:
        name: zone.max-swap
        value: (priv=privileged,limit=536870912,action=deny

Once the zone is installed we can see that disk space is quite small

zfs  get available,used tank/tinyzone
NAME            PROPERTY   VALUE           SOURCE
tank/tinyzone  available  381M            -
tank/tinyzone  used       119M            -

Now use a SMF profile to disable all unused service (i.e in my case all but apache and MySQL)

#svccfg extract > /tmp/tinyprofile
... go through the list inside /tmp/tinyprofile to disable everything not needed
#cp /tmp/tinyprofile /tinyzone/root/var/svc/profile/site.xm

Once zone is booted and configured (using sysidcfg) check Apache and MySQL web site

for performance tuning et voila :-)

prstat -Z
-----------------------------------------------------------
ZONEID    NPROC  SWAP   RSS MEMORY      TIME  CPU ZONE                       
     0      131  704M  847M    33%   1:42:30  15% global                     
     4       32  126M   85M   3.3%   0:00:18 0.1%
tinyzone

 

mercredi août 08, 2007

Who is stealing my port ?

I often had to deal with problems about port already in use. The main question
was why my server cannot bind on port xxx ? On Linux the --program
option of netstat show you the id of the process currently owning a specific socket connection.

Solaris's netstat command does not have this option. Tired to scan the
/proc  with pfiles I've made a small script. I hope it can be useful to somebody else.




#!/bin/sh
if [ $# -ne 1 ]
then
echo "usage $0 <port number>"
exit 1
fi

PORT=$1
echo "looking for process consuming port $PORT"

old=`pwd`
cd /proc
for pid in \*
do
/usr/bin/pfiles $pid 2>/dev/null | /usr/bin/nawk -v port_num=$PORT '
$0 ~ /\^[0-9]\*:/ {
pid=$1
program=$2
}
$1 ~ /\^[\\t ]\*sockname/ && $5 == port_num {
printf ("program [%d:%s] is bounded on %s:%d\\n",pid,program,$3,port_num)
}'
done
cd $old


 


 

get stack trace of a detached jvm

To get the stack trace of a running java process the usual way is to hit Ctrl-\\ on the terminal.

The jvm then print out its current state and threads'stacks.


This become a problem when the Java program is detached from the terminal as all the outputs are then discarded.

Starting to JDK5, the jstack tool is here to help or when you own the code running into the jvm and/or you can change

the way the jvm is launched an easy way is to redirect the standard streams to log file and then to send the

QUIT signal to the jvm pid.


I had to deal with another situation in which jvm was running on jdk 4 and It was not possible to change anything about it.


The trick I then used was to write a small script which catch all the write calls on  stderr on the jvm .

The script use strace(1) on Linux and truss(1) on Solaris to catch what is passed to write calls on file descriptor 1.


This script is available here : catch_vm_dump.tcl


Here is an example of how to use it. Outputs are a little ugly but it works :-)
Once the script is launched, I send QUIT to the pid 1103.

oups


About

Emmanuel Jannetti blog

Search

Archives
« avril 2014
lun.mar.mer.jeu.ven.sam.dim.
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today