Archive for September 17, 2011

How to view real-time under linux mysql current number of connections? ? Command is what?

By tort ( September 17, 2011 at pm 12:04) · Filed under Virtual server technology

mysqadmin -uroot -p processlist
Details can be seen in connection.

If you just want to see the number of connections.
Direct hit mysqladmin status
Threads is the number of connections

Comments

Server security plan

By tort ( September 17, 2011 at pm 12:03) · Filed under Virtual server technology

To ensure that my CentOS machines run as efficiently and securely as possible, I disable a number of services after each installation. The end result is a system that accepts ssh connections on TCP port 22, and on one or more service ports that are in use by the applications hosted on the platform. To get to this state, I go through and disable numerous services that come enabled by default. Here is the default list of services that are enabled after a CentOS 4.4 installation:

$ chkconfig –list | grep on

etc             0:off   1:off   2:off   3:on    4:on    5:on    6:off
messagebus      0:off   1:off   2:off   3:on    4:on    5:on    6:off
smartd          0:off   1:off   2:on    3:on    4:on    5:on    6:off
portmap         0:off   1:off   2:off   3:on    4:on    5:on    6:off
sendmail        0:off   1:off   2:on    3:on    4:on    5:on    6:off
netfs           0:off   1:off   2:off   3:on    4:on    5:on    6:off
cups            0:off   1:off   2:on    3:on    4:on    5:on    6:off
irqbalance      0:off   1:off   2:off   3:on    4:on    5:on    6:off
rpcgssd         0:off   1:off   2:off   3:on    4:on    5:on    6:off
xfs             0:off   1:off   2:on    3:on    4:on    5:on    6:off
isdn            0:off   1:off   2:on    3:on    4:on    5:on    6:off
autofs          0:off   1:off   2:off   3:on    4:on    5:on    6:off
gpm             0:off   1:off   2:on    3:on    4:on    5:on    6:off
apmd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
acpid           0:off   1:off   2:off   3:on    4:on    5:on    6:off
microcode_ctl   0:off   1:off   2:on    3:on    4:on    5:on    6:off
pcmcia          0:off   1:off   2:on    3:on    4:on    5:on    6:off
cpuspeed        0:off   1:on    2:on    3:on    4:on    5:on    6:off
xinetd          0:off   1:off   2:off   3:on    4:on    5:on    6:off
rpcidmapd       0:off   1:off   2:off   3:on    4:on    5:on    6:off
readahead_early 0:off   1:off   2:off   3:off   4:off   5:on    6:off
readahead       0:off   1:off   2:off   3:off   4:off   5:on    6:off
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
anacron         0:off   1:off   2:on    3:on    4:on    5:on    6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
kudzu           0:off   1:off   2:off   3:on    4:on    5:on    6:off
syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off
nfslock         0:off   1:off   2:off   3:on    4:on    5:on    6:off
rawdevices      0:off   1:off   2:off   3:on    4:on    5:on    6:off
mdmonitor       0:off   1:off   2:on    3:on    4:on    5:on    6:off
haldaemon       0:off   1:off   2:off   3:on    4:on    5:on    6:off

Several of these services are required, but several others serve no purpose in my environment, and use CPU and memory resources that would be better allocated to my applications. Since I don’t use RPC services, autofs or NFS, those are the first to get disabled:

$ /sbin/chkconfig –level 0123456 portmap off
$ /sbin/chkconfig –level 0123456 nfslock off
$ /sbin/chkconfig –level 0123456 netfs off
$ /sbin/chkconfig –level 0123456 rpcgssd off
$ /sbin/chkconfig –level 0123456 rpcidmapd off
$ /sbin/chkconfig –level 0123456 autofs off

I also don’t allow individual hosts to receive mail from the outside world, so sendmail gets nixed next:

$ /sbin/chkconfig –level 0123456 sendmail off

On server platforms, who needs printing?:

$ /sbin/chkconfig –level 0123456 cups off

Now we get to the font server, isdn capabilities, console mouse and pcmcia support. I don’t use these services on my servers, so they get disabled as well:

$ /sbin/chkconfig –level 0123456 xfs off
$ /sbin/chkconfig –level 0123456 isdn off
$ /sbin/chkconfig –level 0123456 gpm off
$ /sbin/chkconfig –level 0123456 pcmcia off

Once these services are disabled (and optionally stopped with the service command or a reboot), my netstat output looks nice and clean:

$ netstat –tcp –udp –listening

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 *:ssh                       *:*                         LISTEN

This has served me well over the years, since it reduces boot time (less rc scripts to run), and frees up additional resources for my applications (while this isn’t substantial, every page of memory helps!).

Comments

CentOS 5 The OpenSSL and OpenSSH upgrade

By tort ( September 17, 2011 at pm 12:02) · Filed under Virtual server technology

CentOS 5 The OpenSSL and OpenSSH upgrade

2010-10-24 23:44

The OpenSSL and OpenSSH upgraded。CentOS 5.2 is brought OpenSSL 0.9.8b,OpenSSH is 4.0p1。Upgrade follows:

 

openssh latest version (http://www.openssh.com/portable.html)

 

wget http://www.openssl.org/source/openssl-0.9.8j.tar.gz

 

tar zxvf openssl-0.9.8j.tar.gz

 

cd openssl-0.9.8j

 

./config –prefix=/usr

 

make

 

make test

 

make install

 

wget http://openbsd.noc.jgm.gov.ar/pub/OpenBSD/OpenSSH/portable/openssh-5.2p1.tar.gz

 

tar zxvf openssh-5.2p1.tar.gz

 

cd openssh-5.2p1

 

./configure –prefix=/usr –with-pam –with-zlib –sysconfdir=/etc/ssh –with-ssl-dir=/usr –with-md5-passwords

 

make

 

make install

Comments

OpenVZ resource management -CPU share articles

By tort ( September 17, 2011 at pm 12:01) · Filed under Virtual server technology

 

Continued yesterday content,OpenVZ today describes how to control CPU resources that can be used VE。OpenVZ resource manager allows VE guarantee of CPU time can be used to implement QoS。in

 

Not set cpulimit,And the absence of other VE competitive CPU resources available,VE obtained outside the setting of minimum guaranteed value,You can also exceed this value,To take advantage of HW CPU resources。

 

one、You can set parameters
OpenVZ using specific arithmetic calculation rules CPU time,The unit of the setpoint is CPU time。This makes it possible to avoid a single CPU and multi-CPU load does not mean,Problems not make full use of resources。
You can set parameters:

Quote
ve0cpuunits:This parameter setting is global configuration file,CPU time defined minimum usable VPS 0,That is the least resources available to ensure that the value of HW。The recommended setting is HW gross CPU time of 5 to 10%;
cpuunits:VE available resources to ensure the minimum CPU time;
cpulimit:The percentage of CPU time must not exceed the VE。

As I mentioned at the beginning,cpuunits not a fixed value,As long as resources permit,In the case does not exceed the percentage of cpulimit,VE can have full access to CPU resources。

two、Setting CPU share
1、The total CPU time calculating HW
first step,Of course, we need to calculate the current VPS 0 (HW) how much CPU time can dominate。

Quote
# vzcpucheck
Current CPU utilization: 1000 #HW start and has been occupied by the CPU time of VE
Power of the node: 85105 #The total number of CPU time HW

2、HW可用CPU time

Quote
# grep ‘VE0CPUUNITS=1000’ /etc/vz/vz.conf
VE0CPUUNITS = 1000

This is the default value,Also did not mean to start before VE,The results obtained running vzcpucheck。

3、VE set of CPU time

# vzctl set 115 –cpuunits 2500 –cpulimit 5 –save

or

Quote
# vi /etc/vz/conf/115.conf
CPUUNITS =”2500″
CPULIMIT =”5″

it means:

Quote
1) CPU full load even in the HW,Or speak,the current CPU utilization等于the power of the Node的情况下,115 VE can get about 3% (2500/85105) of the CPU time resources;
2) But in the case of CPU idle,115 VE and can not get more than 5 percent of the CPU time resources;
3) Is speaking,Under normal circumstances,115 VE resources available CPU time between 3% to 5%;
4) If set cpulimit,So in the absence of other VE 115 VE competition,The lower resource and allow the situation,It can be more than 3%,But as long as no more than HW load on it。

Start VE,result:

Quote
# vzctl start 115
# vzcpucheck
Current CPU utilization: 3500
Power of the node: 85105

This setting is effective or dynamic:

Quote
# vzctl set 115 –cpuunits 4000 –cpulimit 5 –save
Setting CPU limit: 5
Setting CPU units: 4000
Configure meminfo: 49152
Saved parameters for VE 115
# vzcpucheck
Current CPU utilization: 5000
Power of the node: 85105

4、problem
From the above description may know,OpenVZ usually with a minimum guarantee value VE can make full use of system resources,This is one of the design principles。But the result will bring a problem,It is:

Quote
# vzctl set 112 –cpuunits 85000 –cpulimit 5 –save
# vzctl start 112
# vzcpucheck
Current CPU utilization: 105000
Power of the node: 85105
Warning: hardware node is overcommited

just in case,You set a minimum guarantee for all its VE gross CPU time resources available HW greater than the actual CPU time。Then,On issues of CPU overload may occur。When this happens in real,115 VE can not get 3% of the CPU time resources available to its original guarantee,This may cause the entire virtual system error。
of course,This will only happen 112 VE full use of CPU time in,HW case of overload。And in most cases,VE CPU-peak is not at the same time,Dynamically allocated on the OpenVZ,CPU time can get more fully utilized,and so,Only Warning,Instead of Error。But in order to avoid problems,Recommendations or make current CPU utilization equal to the power of the Node better。


Comments

Xen server mount new local hard disk

By tort ( September 17, 2011 at pm 12:00) · Filed under Virtual server technology,

1、XenCenter console into the server
2、[root@szwj-xenvm01 ~]# fdisk -l to find new hard disk device number (such as:/dev / sdb)
3、[root@szwj-xenvm01 ~]# xe sr-create name-label=”The new hard disk device name” shared = false device-config-device = / dev / sdb type = lvm (/ dev / sdb device number of the new hard disk)

Comments