Archive for 9月 17, 2011

linux下如何实时查看mysql当前连接数??命令是啥?

mysqadmin -uroot -p processlist
可以看出连接的详细资料.

如果只是想看连接数.
直接打mysqladmin status
Threads就是连接数

评论

服务器安全计划

To ensure that my CentOS machines run as efficiently and securely as possible, I disable a number of services after each installation. The end result is a system that accepts ssh connections on TCP port 22, and on one or more service ports that are in use by the applications hosted on the platform. To get to this state, I go through and disable numerous services that come enabled by default. Here is the default list of services that are enabled after a CentOS 4.4 installation:

chkconfig –list | grep on

atd             0:off   1:off   2:off   3:on    4:on    5:on    6:off
messagebus      0:off   1:off   2:off   3:on    4:on    5:on    6:off
smartd          0:off   1:off   2:on    3:on    4:on    5:on    6:off
portmap         0:off   1:off   2:off   3:on    4:on    5:on    6:off
sendmail        0:off   1:off   2:on    3:on    4:on    5:on    6:off
netfs           0:off   1:off   2:off   3:on    4:on    5:on    6:off
cups            0:off   1:off   2:on    3:on    4:on    5:on    6:off
irqbalance      0:off   1:off   2:off   3:on    4:on    5:on    6:off
rpcgssd         0:off   1:off   2:off   3:on    4:on    5:on    6:off
xfs             0:off   1:off   2:on    3:on    4:on    5:on    6:off
isdn            0:off   1:off   2:on    3:on    4:on    5:on    6:off
autofs          0:off   1:off   2:off   3:on    4:on    5:on    6:off
gpm             0:off   1:off   2:on    3:on    4:on    5:on    6:off
apmd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
acpid           0:off   1:off   2:off   3:on    4:on    5:on    6:off
microcode_ctl   0:off   1:off   2:on    3:on    4:on    5:on    6:off
pcmcia          0:off   1:off   2:on    3:on    4:on    5:on    6:off
cpuspeed        0:off   1:on    2:on    3:on    4:on    5:on    6:off
xinetd          0:off   1:off   2:off   3:on    4:on    5:on    6:off
rpcidmapd       0:off   1:off   2:off   3:on    4:on    5:on    6:off
readahead_early 0:off   1:off   2:off   3:off   4:off   5:on    6:off
readahead       0:off   1:off   2:off   3:off   4:off   5:on    6:off
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
anacron         0:off   1:off   2:on    3:on    4:on    5:on    6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
kudzu           0:off   1:off   2:off   3:on    4:on    5:on    6:off
syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off
nfslock         0:off   1:off   2:off   3:on    4:on    5:on    6:off
rawdevices      0:off   1:off   2:off   3:on    4:on    5:on    6:off
mdmonitor       0:off   1:off   2:on    3:on    4:on    5:on    6:off
haldaemon       0:off   1:off   2:off   3:on    4:on    5:on    6:off

Several of these services are required, but several others serve no purpose in my environment, and use CPU and memory resources that would be better allocated to my applications. Since I don’t use RPC services, autofs or NFS, those are the first to get disabled:

$ /sbin/chkconfig –level 0123456 portmap off
$ /sbin/chkconfig –level 0123456 nfslock off
$ /sbin/chkconfig –level 0123456 netfs off
$ /sbin/chkconfig –level 0123456 rpcgssd off
$ /sbin/chkconfig –level 0123456 rpcidmapd off
$ /sbin/chkconfig –level 0123456 autofs off

I also don’t allow individual hosts to receive mail from the outside world, so sendmail gets nixed next:

$ /sbin/chkconfig –level 0123456 sendmail off

On server platforms, who needs printing?:

$ /sbin/chkconfig –level 0123456 cups off

Now we get to the font server, isdn capabilities, console mouse and pcmcia support. I don’t use these services on my servers, so they get disabled as well:

$ /sbin/chkconfig –level 0123456 xfs off
$ /sbin/chkconfig –level 0123456 isdn off
$ /sbin/chkconfig –level 0123456 gpm off
$ /sbin/chkconfig –level 0123456 pcmcia off

Once these services are disabled (and optionally stopped with the service command or a reboot), my netstat output looks nice and clean:

netstat –tcp –udp –listening

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 *:ssh                       *:*                         LISTEN

This has served me well over the years, since it reduces boot time (less rc scripts to run), and frees up additional resources for my applications (while this isn’t substantial, every page of memory helps!).

评论

CentOS 5 中OpenSSL和OpenSSH升级

CentOS 5 中OpenSSL和OpenSSH升级

2010-10-24 23:44

把OpenSSL和OpenSSH升级了。CentOS 5.2所带的OpenSSL是0.9.8b,OpenSSH是4.0p1。升级方法如下:

 

openssh 最新版本(http://www.openssh.com/portable.html)

 

wget http://www.openssl.org/source/openssl-0.9.8j.tar.gz

 

tar zxvf openssl-0.9.8j.tar.gz

 

cd openssl-0.9.8j

 

./config –prefix=/usr

 

make

 

make test

 

make install

 

wget http://openbsd.noc.jgm.gov.ar/pub/OpenBSD/OpenSSH/portable/openssh-5.2p1.tar.gz

 

tar zxvf openssh-5.2p1.tar.gz

 

cd openssh-5.2p1

 

./configure –prefix=/usr –with-pam –with-zlib –sysconfdir=/etc/ssh –with-ssl-dir=/usr –with-md5-passwords

 

make

 

make install

评论

管理OpenVZ资源-CPU share篇

 

继续昨天的内容,今日描述的是OpenVZ中如何控制VE可使用的CPU资源。OpenVZ资源管理器允许通过保证VE可使用的CPU time来实现QoS。在

 

没有设定cpulimit,以及没有其他VE竞争CPU资源的情况下,VE在获得设置的最小设定保证值外,还可以超过该值,以充分利用HW的CPU资源。

 

一、可设定参数
OpenVZ使用特定的运算规则计算CPU time,而设定值的单位就是CPU time。这就能避免单CPU和多CPU负载不平均,不能充分利用资源的问题。
可设定参数有:

引用
ve0cpuunits:该参数在全局配置文件中设置,定义VPS 0可使用的最少CPU time,也就是HW可获得保证的最少资源值。建议设置为HW CPU time总值的5~10%;
cpuunits:VE可获得保证的最少CPU time资源;
cpulimit:该VE不允许超过的CPU time百分比。

正如开头提到的,cpuunits不是固定值,只要资源许可,在没有超过cpulimit百分比的情况下,VE可充分获取CPU资源。

二、设置CPU share
1、计算HW总的CPU time
第一步,当然是需要计算当前VPS 0(HW)有多少CPU time可以支配。

引用
# vzcpucheck
Current CPU utilization: 1000 #已由HW和启动的VE占用的CPU time
Power of the node: 85105 #HW的CPU time总数

2、HW可用CPU time

引用
# grep ‘VE0CPUUNITS=1000’ /etc/vz/vz.conf
VE0CPUUNITS=1000

这是默认值,也等于没启动VE前,运行vzcpucheck得到的结果。

3、设置VE的CPU time

# vzctl set 115 –cpuunits 2500 –cpulimit 5 –save

或者

引用
# vi /etc/vz/conf/115.conf
CPUUNITS=”2500″
CPULIMIT=”5″

意思就是:

引用
1)即使在HW的CPU满负荷,或者讲,the current CPU utilization等于the power of the Node的情况下,115 VE都可以得到约3%(2500/85105)的CPU time资源;
2)但在CPU空闲的情况下,115 VE并不能得到超过5%的CPU time资源;
3)也就是讲,正常情况下,115 VE可用的CPU time资源在3%~5%之间;
4)若不设置cpulimit,那么115 VE在没有其他VE竞争,而资源又允许的情况下,就可以超过3%,但只要不超过HW的负荷就可以了。

启动VE,结果:

引用
# vzctl start 115
# vzcpucheck
Current CPU utilization: 3500
Power of the node: 85105

该设置还是动态有效的:

引用
# vzctl set 115 –cpuunits 4000 –cpulimit 5 –save
Setting CPU limit: 5
Setting CPU units: 4000
Configure meminfo: 49152
Saved parameters for VE 115
# vzcpucheck
Current CPU utilization: 5000
Power of the node: 85105

4、问题
从上面的描述可以知道,OpenVZ通常用最少保证值来让VE可充分的利用系统资源,这是其设计原理之一。但由此会带来一个问题,就是:

引用
# vzctl set 112 –cpuunits 85000 –cpulimit 5 –save
# vzctl start 112
# vzcpucheck
Current CPU utilization: 105000
Power of the node: 85105
Warning: hardware node is overcommited

万一,你为所有VE设定的其最少保证可用CPU time资源总值大于HW实际的CPU time。那么,就可能会发生CPU过载的问题。当真正发生此情况的时候,115 VE就不能获得其原来保证可获得的3%的CPU time资源,由此可能会导致整个虚拟系统出错。
当然,这只会发生在112 VE完全使用CPU time,HW超负荷的情况下。而大部分情况下,VE占用CPU的高峰并非同时的,根据OpenVZ的动态分配原则,CPU time都可以获得比较充分的利用,所以,仅是Warning,而不是Error。但为了避免问题,建议还是让current CPU utilization等于power of the Node比较好。


评论

Xen server 挂接本地新硬盘

1、进入XenCenter服务器端的控制台
2、[root@szwj-xenvm01 ~]# fdisk -l    查找新硬盘的设备号(如:/dev/sdb)
3、[root@szwj-xenvm01 ~]# xe sr-create name-label=”新硬盘的设备名” shared=false device-config-device=/dev/sdb type=lvm  (/dev/sdb是新硬盘的设备号)

评论