Testing disk speeds on a linux server using hdparm

Getting more info on the throughput of a disk( or partition) on a Linux server, you might want to compare the outcome of this command against another well preforming disk ( or partition) :

xxx:~ # hdparm -tT /dev/hda

/dev/hda:
Timing cached reads: 18296 MB in 2.00 seconds = 9154.93 MB/sec
Timing buffered disk reads: 114 MB in 3.03 seconds = 37.58 MB/sec
xxx:~ #

( The -T means to test the cache system (Memory, CPU and buffer cache). The -t means reading data that is not in the cache. )

I did use this to see a difference in disk preformance of a couple of RAID sets where one was configured as WriteThrough and the other was configured as WriteBack. The Write Back option gave us an enormous preformance boost !

Easy Listener configuration

Here is my default database listener setup which has proven to be working just fine !
Offcourse you could also setup your listener as default and let the database register itself at the listener.

When you like to force this registration of database information you could use this command to force the register ;
SQL> alter system register;

Else you could control this yourself and manually add the database to the listener.ora like this :

Here is the content of my LISTERNER.ora

SID_LIST_LISTENER =
  (SID_LIST =
    (SID_DESC =
      (SID_NAME = PLSExtProc)
      (ORACLE_HOME = /u00/oracle/product/11.1.0/db)
      (PROGRAM = extproc)
    )
    (SID_DESC =
      (GLOBAL_DBNAME = P001)
      (ORACLE_HOME = /u00/oracle/product/11.1.0/db)
      (SID_NAME = P001)
    )
  ) 

LISTENER =
  (DESCRIPTION_LIST =
    (DESCRIPTION =
      (ADDRESS_LIST =
        (ADDRESS = (PROTOCOL = TCP)(HOST = db.example.com)(PORT = 1521))
      )
      (ADDRESS_LIST =
        (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC))
      )
    )
  ) 

LOG_DIRECTORY_LISTENER = /u00/oracle/network/log
LOG_FILE_LISTENER = LISTENER.log

Content of my SQLNET.ora

NAMES.DIRECTORY_PATH= (TNSNAMES)
NAMES.DEFAULT_DOMAIN = example.com 

## TRACING
# TRACE_LEVEL_SERVER=16
# TRACE_DIRECTORY_SERVER=/u00/oracle/network/trace
# TRACE_FILE_SERVER=server_db
# TRACE_TIMESTAMP_SERVER=ON

Content of my TNSNAMES.ora

P001.example.com =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = db.example.com)(PORT = 1521))
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = P001.example.com)
    )
  )

Integrate Jboss in Apache virtualhost using jk_module

Some time ago i had to integrate a JBOSS server in an apache configuration using a virtualhost setup.
This was due the fact that the server was hosting more configurations and there for needed to be adjusted in using virtual host setup as this is the best way of organizing your site.

First create a configuration file called /etc/apache2/mod-jk.conf :

LoadModule jk_module /usr/lib/apache2/mod_jk.so
JkWorkersFile /etc/apache2/workers.properties
JkLogFile /var/log/apache2/mod_jk.log
JkLogLevel info
JkLogStampFormat  "[%a %b %d %H:%M:%S %Y]"
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
JkRequestLogFormat "%w %V %T"
JkShmFile logs/jk.shm

<Location /jkstatus/>
    JkMount status
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
</Location>

After this we need to create a /etc/apache2/worker.properties file:

worker.list= production,status
workder.production.type=ajp13
workder.production.host=apps01
workder.production.port=8009
workder.production.socket_timeout=120

worker.status.type=status

When these configuration files are in place , we can implement them by including the mod-jk-conf in the httpd.conf confguration file.
( when not already done so )

# Include jboss
Include /etc/apache2/mod-jk.conf
# Include virtualhosts
Include /etc/apache2/vhosts.d/*.conf

Now we can call our jkMount from within our Virtualhost configuration vhost_443.conf

<Virtualhost *:443>

  ServerName   support.example.com
  ServerAdmin  webmaster@example.com

  ##############################################
  #   SSL Config
  ##############################################
  SSLEngine On
  AddType application/x-x509-ca-cert .crt
  AddType application/x-pkcs7-crl    .crl

  SSLProtocol -all +TLSv1 +SSLv3
  SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM

  SSLVerifyClient none
  SSLProxyEngine off

  ##############################################
  # Orginal Certificate for support.example.com
  ##############################################

  SSLCertificateFile /etc/apache2/ssl.crt/support_example_com.crt
  SSLCACertificateFile /etc/apache2/ssl.crt/support_example_com.ca-bundle
  SSLCertificateKeyFile /etc/apache2/ssl.key/support_example_server.key.nopassword

  ##############################################

  ErrorLog     /var/log/apache2/support_example_ssl_.error.log
  CustomLog    /var/log/apache2/support_example_ssl_.access.log  combined

  ###################################################
  # "Unknown" Error in IE -&gt; SSL closed #
  ###################################################
  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
  ###################################################

  ###################################################
  # jboss integration virtualhost
  ###################################################
  JkMount /* production

</Virtualhost>

For redirecting http traffic to use the https for the requested domain , simply add another virtualhost config containing :

##################################################################
# http://support.example.com
##################################################################
<VirtualHost *:80>
 ServerAdmin  webmaster@example.com
 ServerName   support.example.com

 ErrorLog     /var/log/apache2/support.example.com_redirect_error.log
 CustomLog    /var/log/apache2/support.example.com_redirect_access.log  combined

 RedirectPermanent /   https://support.example.com/
</VirtualHost>

Don’t forget to restart your apache configuration !

How to recall system reboot history

One easy way to get some reboot history of a system is running the following script :

for wtmp in `ls -t /var/log/wtmp*`; do last reboot -f $wtmp; done

Here is an example of it :

xxx:~ # for wtmp in `ls -t /var/log/wtmp*`; do last reboot -f $wtmp; done
reboot system boot 2.6.16.60-0.21-s Sun Apr 19 23:43 (3+11:51)
reboot system boot 2.6.16.60-0.21-s Fri Apr 17 11:38 (2+11:41)
reboot system boot 2.6.16.60-0.21-s Thu Apr 16 12:28 (21:19)
reboot system boot 2.6.16.60-0.21-s Thu Apr 16 11:01 (00:-32)

wtmp begins Thu Apr 16 11:01:27 2009
xxx:~ #

Public Yum Server for Enterprise Linux

Today i was challenged with a package installation on a Enterprise Linux server from which the registered Yum configuration was not valid anymore.
As this is the preferred way of maintaining your system i was searching for a quick way to get Yum working again without allot of impact.

As it seemed oracle recently opened up its doors by publicly share there Package repository !

New Public Yum Server for Enterprise Linux and Oracle VM
This new yum server offers a free and convenient way to install packages from the Enterprise Linux and Oracle VM installation media via a yum client.
posted Thu, 19 Mar 2009 22:18:40 +0000

( reference : http://www.oracle.com/technology/tech/linux/index.html )
By browsing here , you are able to look through the package list :

http://public-yum.oracle.com/

You could easily add this repository by ;

Oracle Enterprise Linux 4, Update 6 or Newer

# cd /etc/yum.repos.d
# mv Oracle-Base.repo Oracle-Base.repo.disabled
# wget http://public-yum.oracle.com/public-yum-el4.repo

Oracle Enterprise Linux 5

# cd /etc/yum.repos.d
# wget http://public-yum.oracle.com/public-yum-el5.repo

After this you are again up and running , yum search your way to your missing package !

UI-62009 when using silent install response file em_using_existing_db.rsp on an Oracle Database 11g

When installing a new Enterprise manager Grid Control in an existing 11g Database using the provided reponse file em_using_existing_db.rsp.
You are challenged with a lot of variables which need to match the OS perfectly.

Earlier i provided a solution for adjusting the oraparam.ini file to overcome compatibility problems for OS certification.
However , when using a response file method like here :

./runInstaller -noconfig -ignoreSysPrereqs -silent -responseFile response/em_using_existing_db.rsp use_prereq_checker=false

The silent installer uses the the /etc/SuSE-release file to pass OS information to a file called /usr/bin/lsb_release.
When this SuSE-release file still contains the 10 release version number, your silent install will stop and fail.
In the silent install log ( found under your oraInventory/logs/* ) you might find a very global error warning stating ;

UI-62009:

Some requirement checks failed. You must fulfill these requirements before

continuing with the installation, at which time they will be rechecked.

For solving this we need to backup the /etc/SuSE-release file and adjust the parameter to fake a 9 version OS.

SUSE Linux Enterprise Server 9 (x86_64)
VERSION = 9
PATCHLEVEL = 2

After a restart of the installation , your silent install will pass this test and continue the journey.

Hint : Also be sure to unset ENV as this is the next problem to face when set :)
SEVERE:Install has detected that the environment variable ENV has been set. Please unset this variable and restart the install.

Adjust oraparam.ini file for OS Certified versions problems

In order to be able to install Oracle 10g R2 or what other Oracle products on SLES 10, we need to trick the Oracle Installer into thinking that we are sitting on top of a supported OS.
The most applied trick is to alter the /etc/SuSE-release file and change the distribution and release value.
From

SUSE Linux Enterprise Server 10 (x86_64)
VERSION = 10
PATCHLEVEL = 1

To

SUSE Linux Enterprise Server 9 (x86_64)
VERSION = 9
PATCHLEVEL = 1

But when doing so you need root privileges to adjust this silly file. Why adjust the OS release file while you actually can adjust the installer in accepting this version ?
As this is mostly owned by the user oracle , you can adjust that file without additional privileges.
Just open the file oraparam.ini , you can find this parameter file from Disk1/install/oraparam.ini , and add your OS version to the following tag :

[Certified Versions]
Linux=redhat-2.1,UnitedLinux-1.0,redhat-3,SuSE-9

To

[Certified Versions]
Linux=redhat-2.1,UnitedLinux-1.0,redhat-3,SuSE-9, SuSE-10

This should be sufficient for running your Oracle Installer on this platform.

Error while running root.sh from database home

When installing a brand new Oracle 11G database i ran into a problem which was a result of sloppy parameter settings. While you prep you system for a Database installation you need to set certain Kernel Parameters which mostly matches your system hardware specifications.

When adding a lines in /etc/sysctl.conf like :

kernel.shmmax = 2147483648 # (Half the size of the physical memory)

or

fs.file-max = 65536 # 512 * PROCESSES

You might see no problem in putting some comments there, but as it seems we are creating a problem while loading these settings into our system by executing

xxx:/u00/oracle/product/11.1.0/db # sysctl -p
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.conf.all.rp_filter = 1
kernel.shmall = 2097152
error: “Invalid argument” setting key “kernel.shmmax”
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
error: “Invalid argument” setting key “fs.file-max”
net.ipv4.ip_local_port_range = 1024 65000
net.core.rmem_default = 4194304
net.core.rmem_max = 4194304
net.core.wmem_default = 262144
net.core.wmem_max = 262144

When overlooked, you might run into this problem while running your root.sh script later :

xxx:/u00/oracle/product/11.1.0/db # ./root.sh
Running Oracle 11g root.sh script…

The following environment variables are set as:
ORACLE_OWNER= oracle
ORACLE_HOME= /u00/oracle/product/11.1.0/db

Enter the full pathname of the local bin directory: [/usr/local/bin]:
The file “dbhome” already exists in /usr/local/bin. Overwrite it? (y/n)
[n]:
The file “oraenv” already exists in /usr/local/bin. Overwrite it? (y/n)
[n]:
The file “coraenv” already exists in /usr/local/bin. Overwrite it? (y/n)
[n]:

Entries will be added to the /etc/oratab file as needed by
Database Configuration Assistant when a database is created
Finished running generic part of root.sh script.
Now product-specific root actions will be performed.
Finished product-specific root actions.
/u00/oracle/product/11.1.0/db/rdbms/install/rootadd_rdbms.sh: line 88: [: 6553601#512OPatchapexassistantsbinccrcdatacfgtoollogscloneconfigcrscsmigcssctxdbsdemodiagnosticshashsinstallinstall.platforminstantclientinventoryj2eejavavmjdbcjdkjlibldapliblib32logmdmesgmgwnetworknlsoc4jodbcolapopmnoraInst.locoracoreordouiowbowmperlplsqlprecompracgrdbmsrelnotesroot.shschedulerslaxsqldevelopersqljsqlplussrvmsysmantg4ifmxtg4ingrtg4sybstg4terauixultrasearchwwgxdkPROCESSES: integer expression expected

As the embedded script rootadd_rdbms.sh reads these parameters and expects a integer , not a integer followed by comments.
The main root.sh script will fail. Correct the kernel parameters and reload them again:

xxx:/u00/oracle/product/11.1.0/db # sysctl -p
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.conf.all.rp_filter = 1
kernel.shmall = 2097152
kernel.shmmax = 2147483648
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
fs.file-max = 6553600
net.ipv4.ip_local_port_range = 1024 65000
net.core.rmem_default = 4194304
net.core.rmem_max = 4194304
net.core.wmem_default = 262144
net.core.wmem_max = 262144

After this your system will run the root.sh script successfully

Convert a ssl certificate from IIS to Apache

When you want to move a certificate from Windows to Linux you could try this procedure as it worked perfectly for me.

You first want to export your windows certificate so that you would have a lets say webmail.pfx file.
Then transport this file to your Linux server and make sure openssl is installed on that server.

What we want to do now is create a PEM file which holds the server certificates (plus intermediate certificates) and the private key.

openssl -in webmail.pfx -out webmail.pem

If you want to create a private key which is encrypted, you should use :

openssl pkcs12 -in webmail.pfx -out webmail.pem

( Consider when using this option, you need to provide the password everytime the certificate is used NOT HANDY for webservers ! )

Now open de created webmail.pem file and select your information from this file so that you would save the part :

—-BEGIN RSA PRIVATE KEY—–
….
….
—–END RSA PRIVATE KEY—–

to a file called webmail.key and save the part

—–BEGIN CERTIFICATE—–
…..
…..
—–END CERTIFICATE—–

to a file called webmail.crt

Now the certificate is ready to be used in your apache configuration by adding these lines,

SSLCertificateFile /etc/apache2/certs/webmail.crt
SSLCertificateKeyFile /etc/apache2/certs/webmail.key