How to enable large page memory for the JVM? - jboss

In the document(jbossperformancetuning.pdf), it suggest us to enable large page memory for the JVM.
But actually after I added the following to our command-line / script start-up:
"-XX:+UseLargePages"
It didn't work, so I investigated more, enabled the large page memory on OS first, then added "-XX:+UseLargePages -XX:LargePageSizeInBytes=2m" to start-up script.
But unfortunately, it didn't work neither, so could someone give us some suggestions of how to enable the large page memory for the JVM successfully?
Here are some details of our server:
[root#localhost ~]# cat /proc/meminfo
MemTotal: 37033340 kB
MemFree: 318108 kB
Buffers: 179452 kB
Cached: 5934940 kB
SwapCached: 0 kB
...
HugePages_Total: 10251
HugePages_Free: 10251
HugePages_Rsvd: 0
Hugepagesize: 2048 kB
[root#localhost ~]# ps aux | grep java
root 22525 0.2 20.3 28801756 7552420 ? Sl Nov03 31:54 java -Dprogram.name=run.sh -server -Xms1303m -Xmx24g -XX:MaxPermSize=512m -XX:+UseLargePages -XX:LargePageSizeInBytes=2m -Dorg.jboss.resolver.warning=true -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Dsun.lang.ClassLoader.allowArraySyntax=true -verbose:gc -Xloggc:/tmp/gc.log -XX:+PrintGCDetails -XX:+PrintGCDateStamps -Djava.net.preferIPv4Stack=true -Djava.endorsed.dirs=/opt/jboss-as/lib/endorsed -classpath /opt/jboss-as/bin/run.jar org.jboss.Main -c default -b 0.0.0.0
root 31962 0.0 0.0 61200 768 pts/2 S+ 22:46 0:00 grep java
[root#localhost ~]# cat /etc/sysctl.conf
...
# JBoss is running as root, so the group id is 0
vm.hugetlb_shm_group = 0
# The pages number
vm.nr_hugepages = 12288

Finally I fixed this issue, at first set the large pages memory bigger than JVM heap size, then just reboot the server, because there is no way to make it work unless you upgrade the kernel to the newer one - in RHEL 6.0.

Related

is there the way to get environment variable in HP-UX by pid

I want to know the method the way to get environment variable in HPUX from pid
by ps command, file, or programming.
it is possible to get variable
# /proc/$pid/environ in environ or ps e -ww -p $pid in linux
# ps ewww pid in aix
# pargs in solaris
HP-UX : use gdb to track but there is no gdb on a server(HPUX) and it's impossible to install it.
let me know that.
If you can install software onto this host, the latest HP-UX Linker, Libraries and Tools patch should give you the pargs(1) command:
[ hp-ux_ia64 sw ] $ /usr/ccs/bin/pargs -v
HP pstack/pldd/pargs version B.12.67 for HP Itanium(R) Systems.
[ hp-ux_ia64 sw ] $ /usr/ccs/bin/pargs -h
usage: pargs [-h] [-v] {-a pid | -e pid}
Given the pid of a running process, pargs prints process arguments and all
environment variables and its values.
pargs works by attaching to the process to read its memory.
[ hp-ux_ia64 sw ] $ ps -fu ranga
UID PID PPID C STIME TTY TIME COMMAND
ranga 9949 9923 0 Mar 17 pts/3 0:00 /usr/bin/sh /home/ranga/bin/tmux
ranga 16795 10007 0 10:40:06 pts/7 0:00 ssh hp-ux_ia64
ranga 9952 9949 0 Mar 17 pts/3 0:00 tmux
ranga 16538 16376 1 21:35:16 pts/4 0:00 ps -fu ranga
ranga 9918 9916 0 Mar 17 ? 0:04 sshd: ranga#pts/3
ranga 9954 1 2 Mar 17 ? 1:15 tmux
[ hp-ux_ia64 sw ] $ PHSS_44731/C-MIN/usr/ccs/bin/pargs -e 9949
SOCKS_CONF=/home/ranga/etc/socks.conf
MAIL=/var/mail/ranga
PATH=/usr/bin:/usr/ccs/bin:/usr/contrib/bin:/opt/langtools/bin:/usr/local/bin
PWD=/home/ranga
EDITOR=vim
TZ=IST-5:30
ERASE=^H
PS1=[ \h \W ] \$
SHLVL=1
SHELL=/usr/bin/bash
SFTP_PERMIT_CHMOD=1
HOME=/home/ranga
TERMINFO=/home/ranga/lib/terminfo
LOGNAME=ranga
SSH_CONNECTION=1.4.5.1 44584 1.2.2.2 22
SSH_CLIENT=1.1.0.6 44584 22
SHLIB_PATH=/home/ranga/local/lib
SFTP_UMASK=
_=/home/ranga/bin/tmux
USER=ranga
TERM=rxvt-256color
SOCKS5_SERVER=socks-server.ranga.com
LINES=70
Even if you can't install the patch, the pargs executable can be extracted from it and used.
If you can copy files out of this host, you could
use gcore(1) to generate a core file of the process
copy this core file along with the executable and the appropriate version of
libc (32-bit or 64-bit, use pldd(1) to confirm) to an environment
where gdb is available
use gdb to hack into the __envp string table
[ hp-ux-ia64 ~ ] $ ps -f
UID PID PPID C STIME TTY TIME COMMAND
ranga 5779 4411 0 13:12:47 pts/0 0:00 ps -f
ranga 4411 4403 0 12:45:42 pts/0 0:00 -bash
[ hp-ux-ia64 ~ ] $ pldd 4411
4411: /usr/bin/bash
/usr/bin/bash
/usr/lib/hpux32/dld.so
/usr/local/lib/hpux32/libtermcap.so
/usr/local/lib/hpux32/libintl.so
/usr/local/lib/hpux32/libiconv.so
/usr/lib/hpux32/libdl.so.1
/usr/lib/hpux32/libc.so.1
[ hp-ux-ia64 ~ ] $ gcore 4411
[ hp-ux-ia64 ~ ] $ gdb -q /usr/bin/bash core.4411
warning: Load module /usr/bin/bash has been stripped.
Debugging information is not available.
(no debugging symbols found)...Core was generated by `bash'.
(no debugging symbols found)...
warning: Load module /usr/local/lib/hpux32/libtermcap.so has been stripped.
Debugging information is not available.
(no debugging symbols found)...
#0 0x60000000c05660f0:0 in _waitpid_sys+0x30 () from /usr/lib/hpux32/libc.so.1
(gdb) x/s *(char**)__envp
0x200000007ffffeae: "USER=ranga"
(gdb)
:
0x200000007fffff45: "SSH_CLIENT=3.3.3.3 50072 22"
:
0x200000007fffffe4: "SFTP_PERMIT_CHOWN=1"
(gdb)
0x200000007ffffff8: ""

why host process contains kubernetes pod process

when I am list process of host using this command:
[root#fat001 ~]# ps -o user,pid,pidns,%cpu,%mem,vsz,rss,tty,stat,start,time,args ax|grep "room"
root 3488 4026531836 0.0 0.0 107992 644 pts/11 S+ 20:06:01 00:00:00 tail -n 200 -f /data/logs/soa-room/spring.log
root 18114 4026534329 8.5 2.2 5721560 370032 ? Sl 23:17:51 00:01:53 java -jar /root/soa-room-service-1.0.0-SNAPSHOT.jar
root 19107 4026531836 0.0 0.0 107992 616 pts/8 S+ 19:14:10 00:00:00 tail -f -n 200 /data/logs/soa-room/spring.log
root 23264 4026531836 0.0 0.0 112684 1000 pts/13 S+ 23:39:57 00:00:00 grep --color=auto room
root 30416 4026531836 3.4 3.4 4122552 567232 ? Sl 19:52:03 00:07:53 /opt/dabai/tools/jdk1.8.0_211/bin/java -Xmx256M -Xms128M -jar -Xdebug -Xrunjdwp:transport=dt_socket,suspend=n,server=y,address=5011 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/data/dump /data/jenkins/soa-room-service/soa-room-service-1.0.0-SNAPSHOT.jar
I am very sure this process is kubernetes pod's process:
root 18114 4026534329 8.5 2.2 5721560 370032 ? Sl 23:17:51 00:01:53 java -jar /root/soa-room-service-1.0.0-SNAPSHOT.jar
Why the kubernetes container's process show on host?It should be in the docker's container!!!!!
This is perfectly normal. Containers are not VM.
Every process run by Docker is run on the host Kernel. There is no isolation in term of Kernel.
Of course, there is an isolation in terms of process between containers, as each container's process are run in an isolated process namespace.
In summary : container A can't see container B process (well, not by default), however as all the containers process are run inside your host, you'll always be able to see the process from your host.

LiClipse as potential security attack endpoint

From time to time I have to connect to the Internet in public workspaces and wifi zones, that is why I am trying to keep an eye on what ports are reachable on my laptop from outside.
Here is my finding regarding LiClipse:
$ nmap -T4 -p1-65535 192.168.1.4
Starting Nmap 7.01 ( https://nmap.org ) at 2016-07-22 12:34 EEST
Nmap scan report for 192.168.1.4
Host is up (0.00010s latency).
Not shown: 65533 closed ports
PORT STATE SERVICE
22/tcp open ssh
45594/tcp open unknown
$ sudo netstat -tulnp | grep -w -e 45594
tcp6 0 0 :::45594 :::* LISTEN 1637/java
$ ps -f 1637 | cat
UID PID PPID C STIME TTY STAT TIME CMD
oleksiy 1637 4764 23 12:31 ? Sl 2:26 /opt/liclipse/jre/bin/java -Xms40m -Xmx512m -Declipse.p2.unsignedPolicy=allow -Declipse.log.size.max=10000 -Declipse.log.backup.max=5 -Dpydev.funding.hide=1 -Dliclipsetext.funding.hide=1 -Dfile.encoding=UTF-8 -Djava.awt.headless=true -jar /opt/liclipse//plugins/org.eclipse.equinox.launcher_1.3.200.v20160318-1642.jar -data file:/home/oleksiy/Private/workspace/ -os linux -ws gtk -arch x86_64 -showsplash -launcher /opt/liclipse/LiClipse -name LiClipse --launcher.library /opt/liclipse//plugins/org.eclipse.equinox.launcher.gtk.linux.x86_64_1.1.400.v20160518-1444/eclipse_1617.so -startup /opt/liclipse//plugins/org.eclipse.equinox.launcher_1.3.200.v20160318-1642.jar --launcher.overrideVmargs -exitdata 11a800a -vm /opt/liclipse/jre/bin/java -vmargs -Xms40m -Xmx512m -Declipse.p2.unsignedPolicy=allow -Declipse.log.size.max=10000 -Declipse.log.backup.max=5 -Dpydev.funding.hide=1 -Dliclipsetext.funding.hide=1 -Dfile.encoding=UTF-8 -Djava.awt.headless=true -jar /opt/liclipse//plugins/org.eclipse.equinox.launcher_1.3.200.v20160318-1642.jar
To doublecheck that the reason is pure LiClipse I removed extra plugins (Vrapper, Colorer), but the port is still open, not 45594 all times, but a random one each time LiClipse restarts. I tried to connect to and send random data and got no response.
Can someone come up with a guess regarding which part of LiClipse functionality this open TCP port relates to, and why it shouldn't be closed by default as a potential security attack endpoint?
PyDev (which LiClipse includes) creates a port which is used to communicate with a spawned Python shell used to get code-completion information. You can see its code at: https://github.com/fabioz/Pydev/blob/bbe7874a527a583c5214ade594f45d4cc35d3ab7/plugins/org.python.pydev/src_completions/org/python/pydev/editor/codecompletion/shell/AbstractShell.java

Sphinx search doesn't stop nor correctly update

I have problems running sphinx search on my debian Wheezy server.
Currently, there are 2 searchd ports running
root#ns243216:~# netstat -tlpn | grep search
tcp 0 0 0.0.0.0:9306 0.0.0.0:* LISTEN 11266/searchd
tcp 0 0 0.0.0.0:9312 0.0.0.0:* LISTEN 11266/searchd
First Problem
When I want to execute this
sudo /usr/bin/indexer -c /etc/sphinxsearch/sphinx.conf beta_jobs --rotate
It gives me this :
Sphinx 2.2.10-id64-release (2c212e0)
Copyright (c) 2001-2015, Andrew Aksyonoff
Copyright (c) 2008-2015, Sphinx Technologies Inc (http://sphinxsearch.com)
using config file '/etc/sphinxsearch/sphinx.conf'...
indexing index 'beta_jobs'...
collected 6 docs, 0.0 MB
collected 0 attr values
sorted 0.0 Mvalues, 100.0% done
sorted 0.0 Mhits, 100.0% done
total 6 docs, 867 bytes
total 0.046 sec, 18747 bytes/sec, 129.73 docs/sec
total 6 reads, 0.000 sec, 0.4 kb/call avg, 0.0 msec/call avg
total 12 writes, 0.000 sec, 0.9 kb/call avg, 0.0 msec/call avg
WARNING: failed to scanf pid from pid_file '/usr/local/sphinx/var/log/searchd/searchd.pid'.
WARNING: indices NOT rotated.
2 warnings I can't remove...
Second Problem: And when I want to stop my searchd with searchd --stop, it tells me this :
Sphinx 2.2.10-id64-release (2c212e0)
Copyright (c) 2001-2015, Andrew Aksyonoff
Copyright (c) 2008-2015, Sphinx Technologies Inc (http://sphinxsearch.com)
using config file '/etc/sphinxsearch/sphinx.conf'...
FATAL: stop: failed to read valid pid from '/usr/local/sphinx/var/log/searchd/searchd.pid'
I tried setting chmod 755 to everything inside /usr/local/sphinx/var/log/searchd/, still doesn't work.
My sphinx.conf is here Sphinx.conf on gist
EDIT (answer to #aeryaguzov comment)
root#ns213646:~# sudo cat /usr/local/sphinx/var/log/searchd/searchd.pid
root#ns213646:~# ps aux | grep searchd
root 11265 0.0 0.0 79692 1228 ? S Nov30 0:00 /usr/bin/searchd
root 11266 0.1 0.0 91404 4696 ? Sl Nov30 26:54 /usr/bin/searchd
root 22783 0.0 0.0 8292 632 pts/1 S+ 15:32 0:00 grep searchd
Okay it appears that for some unknown reasons the searchd.pid was badly created by searchd (which is running). So I decided to delete the search.pid and to kill searchd. Then I re-indexed and started searchd with no problems.

Correct way to start mysqld_safe

I've been searching around a lot but could not figure out how to start mysqld in "safe mode".
This is what I got so far:
[root#localhost bin]# service mysqld_safe start
mysqld_safe: unrecognized service
I'm running CentOS, this is my mysql version:
[root#localhost ~]# mysql --version
mysql Ver 14.12 Distrib 5.0.95, for redhat-linux-gnu (i686) using readline 5.1
Any help would be appreciated!
Starting mysqld should do the trick:
[root#green-penny ~]# service mysqld start
Starting mysqld: [ OK ]
[root#green-penny ~]# ps axu | grep mysql
root 7540 0.8 0.0 5112 1380 pts/0 S 09:29 0:00 /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql
mysql 7642 1.5 0.7 135480 15344 pts/0 Sl 09:29 0:00 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock
root 7660 0.0 0.0 4352 724 pts/0 S+ 09:29 0:00 grep mysql
(Note that mysqld_safe is running.)