Tuesday Nov 25, 2008

Solaris 10 - Increasing Number of Processes Per User

We came across this problem when working with one of the ISV application. We were simulating workload for performance tests and realized that the load simulation tool was generating 30000+ processes/LWP. The load siluation tools was running on UltraSPARC T2 based system with Solaris 10 and 32 GB RAM.
Looked up the resources on the web for increasing the number of processes on Solaris 10 system on PER UID. Came across couple of blog entries (Giri Mandalika, Spiralbound.net) which provided good starting point but were not complete solution to our problem. We needed to increase the number of processesper user to more than current setting of 30000


bash-3.00# ulimit -a
core file size        (blocks, -c) unlimited
data seg size         (kbytes, -d) unlimited
file size             (blocks, -f) unlimited
open files                    (-n) 260000
pipe size          (512 bytes, -p) 10
stack size            (kbytes, -s) 8192
cpu time             (seconds, -t) unlimited
max user processes            (-u) 29995
virtual memory        (kbytes, -v) unlimited


Trying to increase the "max user processes" would fail with the following error:

bash-3.00# ulimit -u 50000
bash: ulimit: max user processes: cannot modify limit: Invalid argument
bash-3.00#


After going through the Solaris 10 Tunable Guide for Process sizing  learned that there are 5 related parameters related to process sizing.

maxusers - The maximum number of processes on the system, The number of quota structures held in the system. The size of the directory name look-up cache (DNLC)
reserved_procs - Specifies the number of system process slots to be reserved in the process table for processes with a UID of root
pidmax -  Specifies the value of the largest possible process ID. Specifies the value of the largest possible process ID. Valid for Solaris 8 and later releases.
max_nprocs  - Specifies the maximum number of processes that can be created on a system. Includes system processes and user processes. Any value specified in /etc/system is used in the computation of maxuprc.
maxuprc - Specifies the maximum number of processes that can be created on a system by any one user

Looked at the current values for these parameter:

bash-3.00# echo reserved_procs/D | mdb -k
reserved_procs:
reserved_procs: 5

bash-3.00# echo pidmax/D | mdb -k
pidmax:
pidmax:         30000

bash-3.00# echo maxusers/D | mdb -k
maxusers:
maxusers:       2048
bash-3.00#

bash-3.00# echo max_nprocs/D | mdb -k
max_nprocs:
max_nprocs:     30000
bash-3.00#

bash-3.00# echo maxuprc/D | mdb -k
maxuprc:
maxuprc:        29995


So, in order to set the max per user processes in this scenario, we were required to make the changes to "pidmax" (upper cap), maxusers, max_nprocs & maxuprc
Sample entries in  /etc/system & reboot


set pidmax=60000
set maxusers = 4096
set maxuprc = 50000
set max_nprocs = 50000


After making the above entries, we were able to increase the max user processes to  50000.

bash-3.00# ulimit -a
core file size        (blocks, -c) unlimited
data seg size         (kbytes, -d) unlimited
file size             (blocks, -f) unlimited
open files                    (-n) 260000
pipe size          (512 bytes, -p) 10
stack size            (kbytes, -s) 8192
cpu time             (seconds, -t) unlimited
max user processes            (-u) 49995
virtual memory        (kbytes, -v) unlimited
bash-3.00#


bash-3.00# echo reserved_procs/D | mdb -k
reserved_procs:
reserved_procs: 5
bash-3.00# echo pidmax/D | mdb -k
pidmax:
pidmax:         60000
bash-3.00# echo max_nprocs/D | mdb -k
max_nprocs:
max_nprocs:     50000
bash-3.00# echo maxuprc/D | mdb -k
maxuprc:
maxuprc:        50000
bash-3.00#


Note: If you are operating within the 30000 limit (default pidmax setting) the blog entry referred above seems to work fine. If you are looking at increasing the processes beyond 30000, it we need to make adjustment to other dependent parameters stated in this blog entry.

Friday Aug 22, 2008

OpenSolaris 2008.05 - X Display Redirect Problem

I am using OpenSolaris 2008.05 on my desktop and needed to run installer on remote UNIX system on regular basis. OpenSolaris settings by default weren't allowing me to redirect the X display to my work station when I use program like “rlogin” or “telnet”(Which by the way are NOT secure programs BUT some times you don't have choice). I could get around this problem using "ssh -X" and worked for me in most cases. But some cases, I needed telnet/rlogin and “X” Display redirect going.

Problem:

Hasham@hasham-pc:~$ hostname
hasham-pc
Hasham@hasham-pc:~$ xhost +
access control disabled, clients can connect from any host
Hasham@hasham-pc:~$ telnet 10.12.161.36
Trying 10.12.161.36...
Connected to 10.12.161.36.
Escape character is '\^]'.
login: root
Password:
Last login: Fri Aug 22 08:42:11 from hasham-pc.India
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
You have new mail.

-bash-3.00# echo $DISPLAY
hasham-pc:0.0
-bash-3.00# hostname
aa002
-bash-3.00# ping hasham-pc
hasham-pc is alive

-bash-3.00# /usr/openwin/bin/xclock
Error: Can't open display: hasham-pc:0.0
-bash-3.00#

Tried looking up in OpenSolaris forum and didn't fine any solution. This forum entry(http://forums.opensolaris.com/thread.jspa?threadID=350) was good starting point for me to troubleshoot. Verified that the service "x11-server" configuration is set to allow TCP_LISTEN (OpenSolaris 2008.05 has it enabled by default)

Hasham@hasham-pc:~$ svccfg -s x11-server listprop options/tcp_listen
options/tcp_listen boolean true

Started looking at the “Xorg” settings. Noticed that the “Xorg” process is starting with "nolisten tcp" option. See the argv[8] & argv[9] in the below output.

Hasham@hasham-pc:~# ps -ef|grep Xorg
root 13103 435 2 Aug 19 ? 8:25 /usr/X11/bin/Xorg :0 -depth 24 -audit 0 -auth /var/lib/gdm/:0.Xauth -nolisten t
Hasham@hasham-pc:~# pargs 13103
13103: /usr/X11/bin/Xorg :0 -depth 24 -audit 0 -auth /var/lib/gdm/:0.Xauth -nolisten t
argv[0]: /usr/X11/bin/Xorg
argv[1]: :0
argv[2]: -depth
argv[3]: 24
argv[4]: -audit
argv[5]: 0
argv[6]: -auth
argv[7]: /var/lib/gdm/:0.Xauth
argv[8]: -nolisten
argv[9]: tcp

After looking at the man page for “Xorg” & later “Xserver”, learnt that Xserver script is responsible for passings some of these arguments. I was hoping for Happy ending! Looked the Xserver script("/usr/X11/bin/Xserver) and everything appeared in order. The “Xserver script” is using "SMF" property(options/tcp_listen) to pass value. In this case, it was set to "true". No problem with “Xserver script” - No happy ending!

Are there any other SMF services related Xorg? The first thing to find out which service is responsible for starting Xorg process?

Hasham@hasham-pc:~$ svcs -p

...
online 10:03:36 svc:/application/graphical-login/gdm:default
10:03:36 471 gdm-binary
10:38:35 1959 gdm-binary
10:40:51 2136 Xorg
10:40:51 2160 fbconsole
10:42:49 2170 ctrun
...

"gdm" it is! Man "gdm" reveled the another set of configurations files involved - /usr/share/gdm/defaults.conf, /etc/X11/gdm/custom.conf ? After reading through these file, learned that you could change the run time options for Xserver using these files. Noted that you could use "gdmsetup" to alter the configuration instead of editing the files manually.

Hasham@hasham-pc:~# gdmsetup

Changed the setting under Security Tab
Before the Change:

Before

After the Change:

After

It adds the following entry to /etc/X11/gdm/custom.conf (Under security Section)
DisallowTCP=false

Restart X Server.(Logout and Login will do) We are good to go! X Display Redirect works fine now!

Summary of changes that were needed:


1. "options/tcp_listen" Setting for "x11-server" set to true (See below for listing and setting the value)
    List the Property Value:
    Hasham@hasham-pc:~$ svccfg -s x11-server listprop options/tcp_listen
    options/tcp_listen boolean true

    Changethe Property Value:(You need to be "root" for to change the settings)
    root@hasham-pc:~# svccfg -s x11-server setprop options/tcp_listen = true
2. Use "gdmsetup" and Uncheck "Deny TCP Connection to X Server" under Security Tab
3. Restart X Server (Logout and Login will do)

Tuesday Jul 29, 2008

GUI Installer Requirement - Solaris Zones

Folks who work with Zones may find this useful. Let's say you have created Zones on Solaris workstation. If you are in global zone, you end up accessing these zones using "zlogin" command. It's a special interface that let's you "login" to zone from the Global zone without supplying the root password. Of course you need to be "root" in Global zone to use this command.  This access method is sufficient in most of the cases except when you need GUI.  For example, if you are installing third party application that requires GUI access.  There are various ways to initiate a GUI session(VNC Server, Use of Reflection etc) to the Zone or System. 

The below given steps are quick way to get GUI access to the Zone - especially if you working on your workstation. I find this convenient. The same steps apply for any Solaris system and not restricted to Zones alone.Note, that we are using "ssh" capability of display forwarding.

First Step is to enable "ssh" access for "root" user on the Zone. Default configuration of "ssh" doesn't allow, "root" user to login to the system. You enable the access by editing the "ssh" configuration file "/etc/ssh/sshd_config" and modify the entry that control "root" access. Then restart the "ssh" service.
root@zone1:[/] # vi /etc/ssh/sshd_config      - "Change
PermitRootLogin no" to "PermitRootLogin yes"
root@zone1:[/] # svcadm restart ssh

Now from the Global zone, you can login to Zone using "ssh" with "-X" option.  Note that you need your /etc/hosts file up to date with IP address to host mapping. Otherwise you may use the IP address of the Zone.
bash-3.00# ssh -X zone1
The authenticity of host 'zone1 (10.12.161.101)' can't be established.
RSA key fingerprint is d2:cf:ec:f3:89:7e:da:74:1f:27:b2:25:88:0e:f5:44.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'zone1,10.12.161.101' (RSA) to the list of known hosts.
Password:
Last login: Mon Jul 28 09:08:29 2008 from 10.12.161.35
Sun Microsystems Inc.   SunOS 5.10      Generic January 2005
root@zone1:[/] #

Test the ability to launch the GUI application.

root@zone1:[/] #/usr/openwin/bin/xclock
\^C

You are good to go!

About

Hashamkha Pathan

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today