Friday 14 March 2014

Quick and Easy Way to Monitor Process Memory Usage

Whether you are a GNU/Linux sysadmin or desktop user, you might suspect a process of leaking memory, or be curious about just how much memory your biggest running processes are using. Most people know about the 'top' command, which gives a continuously updating display of all system processes, along with memory, swap and load usage. But sometimes you want to be able to see targeted process data, without a cluttered display. Here is a quick way to display process memory usage, sorted and limited to the top ten, using the 'ps' command:

ps ax -o rss,command | sort -nr | head -n 10 
 
Here is what the output looks like:

serenity:~# ps ax -o rss,command | sort -nr | head -n 10 35936 spamd child 24556 SCREEN -dRRaAU 16340 emacs -nw 13568 /usr/sbin/apache2 -k start 13208 /usr/sbin/apache2 -k start 13176 /usr/sbin/apache2 -k start 13112 /usr/sbin/apache2 -k start 13108 /usr/sbin/apache2 -k start 13076 /usr/sbin/apache2 -k start 13016 /usr/sbin/apache2 -k start serenity:~# 
 
This will show just the command name and resident set size (rss) in KB of a subset of system processes. The resident set size is the non-swapped physical memory used by each process, minus a small amount of overhead. So it will give you a decent idea of actual memory usage. The 'sort -nr' sorts the ps output numerically in reverse order (so the biggest memory hogs are at the top), and we limit the display to just the top ten.

If you are maintaining a multi-user system, you can add the process owner data to the display:
ps ax -o rss,user,command | sort -nr | head -n 10 
 
Which now looks like this:
serenity:~# ps ax -o rss,user,command | sort -nr | head -n 10 35936 root spamd child 24556 dmaxwell SCREEN -dRRaAU 16340 dmaxwell emacs -nw 13568 www-data /usr/sbin/apache2 -k start 13208 www-data /usr/sbin/apache2 -k start 13176 www-data /usr/sbin/apache2 -k start 13112 www-data /usr/sbin/apache2 -k start 13108 www-data /usr/sbin/apache2 -k start 13076 root /usr/sbin/apache2 -k start 13016 www-data /usr/sbin/apache2 -k start serenity:~# 
 
To get a constantly updating display, use the 'watch' command and specify how often you would like it to update, in this case every 10 seconds:

watch -n 10 'ps ax -o rss,user,command | sort -nr | head -n 10'
This will clear your terminal and add a header line with the time interval, command name and a timestamp. Note that this works on any flavor of GNU/Linux as well as the various BSDs.
Every 10.0s: ps ax -o rss,user,command | sort -nr | head -n 10 Fri Mar 2 11:08:40 2012 35936 root spamd child 24556 dmaxwell SCREEN -dRRaAU 16340 dmaxwell emacs -nw 13568 www-data /usr/sbin/apache2 -k start 13208 www-data /usr/sbin/apache2 -k start 13176 www-data /usr/sbin/apache2 -k start 13112 www-data /usr/sbin/apache2 -k start 13108 www-data /usr/sbin/apache2 -k start 13076 root /usr/sbin/apache2 -k start 13016 www-data /usr/sbin/apache2 -k start
Posted by at No comments:

Jailshell virtfs :cPanel

NEVER DELETE ANY FILES FROM /home/virtfs/

/home/virtfs is used to chroot the user into jailed shell. Cpanel will hard link files into this directory so deleting files in /home/virtfs will also delete the files on the server in the actual location. (example: rm /home/virtfs/user/etc/exim.pl will delete /etc/exim.pl)


If a user is reporting double the quota and it is from /home/virtfs then we need to umount or kill and hanging jailshell process. To do this run

ps aufx |grep user |grep jailshell

If there are no jailshell processes then run

cat /proc/mounts

It will show,
/dev/root /home/virtfs/user/lib ext3 rw,data=ordered,usrquota 0 0
/dev/sda2 /home/virtfs/user/usr/lib ext3 rw,data=ordered,usrquota 0 0
/dev/sda2 /home/virtfs/user/usr/sbin ext3 rw,data=ordered,usrquota 0 0
/dev/sda2 /home/virtfs/user/usr/share ext3 rw,data=ordered,usrquota 0 0
/dev/sda2 /home/virtfs/user/usr/bin ext3 rw,data=ordered,usrquota 0 0
/dev/sda2 /home/virtfs/user/usr/man ext3 rw,data=ordered,usrquota 0 0
/dev/sda2 /home/virtfs/user/usr/X11R6 ext3 rw,data=ordered,usrquota 0 0
/dev/sda2 /home/virtfs/user/usr/kerberos ext3 rw,data=ordered,usrquota 0 0
/dev/sda2 /home/virtfs/user/usr/libexec ext3 rw,data=ordered,usrquota 0 0
/dev/sda2 /home/virtfs/user/usr/local/bin ext3 rw,data=ordered,usrquota 0 0
/dev/sda2 /home/virtfs/user/usr/local/share ext3 rw,data=ordered,usrquota 0 0
/dev/sda2 /home/virtfs/user/usr/local/Zend ext3 rw,data=ordered,usrquota 0 0
/dev/sda2 /home/virtfs/user/usr/include ext3 rw,data=ordered,usrquota 0 0
/dev/sda2 /home/virtfs/user/usr/local/lib ext3 rw,data=ordered,usrquota 0 0
/dev/sda3 /home/virtfs/user/var/spool ext3 rw,noatime,nodiratime,data=ordered,usrquota 0 0
/dev/sda3 /home/virtfs/user/var/lib ext3 rw,noatime,nodiratime,data=ordered,usrquota 0 0
/dev/sda3 /home/virtfs/user/var/run ext3 rw,noatime,nodiratime,data=ordered,usrquota 0 0
/dev/sda3 /home/virtfs/user/var/log ext3 rw,noatime,nodiratime,data=ordered,usrquota 0 0
/dev/sda6 /home/virtfs/user/tmp ext3 rw,nosuid,nodev,noexec,data=ordered 0 0
/dev/root /home/virtfs/userbin ext3 rw,data=ordered,usrquota 0 0

You will need to unmount each of these by running
umount /home/virtfs/user/tmp and so on

You can also run
for i in `cat /proc/mounts |grep virtfs |grep user |awk ‘{print$2}’`; do umount $i; done

Make sure to replace user with the cpanel username in the above command. This will then clear up the files in /home/virtfs and the quota should return to norma
Posted by at 1 comment:

MySQL : Altering Huge Tables

Say you have a huge mysql table - maybe 500 GB. And you need to run alter on it - to either add an index, drop an index, add a column or drop a column. If you run the simple mysql "alter table" command, you will end up spending ages to bring the table back into production.

Here is a simple hack to get the thing done. The benefit of the hack is that the alter runs quite fast. But since this is a hack, you will need to take care of the backups - in case anything goes wrong. Ihis hack work effectively with both MyISAM and InnoDB tables.

Here I have created a simple table to show this hack process. You can assume that this table has billions of rows and is more than 500GB in size.

CREATE TABLE `testhack` (
`id` int(11) NOT NULL DEFAULT '0',
`unq` varchar(100) DEFAULT NULL,
`keyword` varchar(250) DEFAULT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `unq` (`unq`)
) ENGINE=MyISAM

I need to drop the unique key. So, i have create a new table 'testhack_new' with the following schema

CREATE TABLE `testhack_new` (
`id` int(11) NOT NULL DEFAULT '0',
`unq` varchar(100) DEFAULT NULL,
`keyword` varchar(250) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM

Flush both tables with read lock

mysql> Flush tables with read lock;

Open another terminal. And go to the mysql/data/ directory. Do the following:

mysql/data/test $ mv testhack.frm testhack_old.frm; mv testhack_new.frm testhack.frm; mv testhack_old.frm testhack_new.frm; mv testhack.MYI testhack_old.MYI; mv testhack_new.MYI testhack.MYI; mv testhack_old.MYI testhack_new.MYI;

So, what is happening here is that the index, table definitions are being switched. After this process, the table definition of testhack will not contain the unique key. Now unlock the tables in the main window. And run repair tables to remove any issues.

mysql> unlock tables;
mysql> repair tables testhack;

+---------------+--------+----------+-------------------------------------------+
| Table | Op | Msg_type | Msg_text |
+---------------+--------+----------+-------------------------------------------+
| test.testhack | repair | warning | Number of rows changed from 0 to 20000000 |
| test.testhack | repair | status | OK |
+---------------+--------+----------+-------------------------------------------+

The repair table rebuilds the indexes. It is faster since it skips the use of key_cache for rebuilding the index which is used in a normal alter table scenario.
Posted by at No comments:

ReSize Disk Partition in Linux

I have been in a situation where /tmp partition of disk has to be resized. My disk was of 350 cylinder and partition was as follows.

start Cylinder| End Cylinder | Partition
0             | 10           | /dev/sda1
11            | 200          | /dev/sda2
201           | 299          | /dev/sdb3
300           | 330          | /dev/sda4

Here /tmp partition is /dev/sda4 (cylinder 300 to 330), so here cylinder 331 to 349 was unused and I had to allocate same to /dev/sda4.
To resize /dev/sda4, I rebooted system in single user mode and edited partition table with sfdisk command as follows
+++++++++++++++++++++++++++++
sfdisk /dev/sda -N4 <<EOF
300,50,L
EOF
+++++++++++++++++++++++++++++
Remember that here I changed end cylinder, Never think to change start cylinder (sector) as it will overwrite superblock and resulted in corruption of partition.
After resizing /dev/sda4, I resized file system using below command
++++++++++++++++++++
resize2fs /dev/sda4
++++++++++++++++++++++
Apply fsck
++++++++++++
fsck -y /dev/sda4
+++++++++++++++++++++++
Go for a  reboot now.
Posted by at No comments:

Apache Web server status codes and error codes


Successful Client Requests
200 OK
201 Created
202 Accepted
203 Non-Authorative Information
204 No Content
205 Reset Content
206 Partial Content

Client Request Redirected
300 Multiple Choices
301 Moved Permanently
302 Moved Temporarily
303 See Other
304 Not Modified
305 Use Proxy

Client Request Errors
400 Bad Request
401 Authorization Required
402 Payment Required (not used yet)
403 Forbidden
404 Not Found
405 Method Not Allowed
406 Not Acceptable (encoding)
407 Proxy Authentication Required
408 Request Timed Out
409 Conflicting Request
410 Gone
411 Content Length Required
412 Precondition Failed
413 Request Entity Too Long
414 Request URI Too Long
415 Unsupported Media Type

Server Errors
500 Internal Server Error
501 Not Implemented
502 Bad Gateway
503 Service Unavailable
504 Gateway Timeout
505 HTTP Version Not Supported
Posted by at No comments:

Updating SPF IP in cPanel server

The /usr/local/cpanel/Cpanel/SPF.pm file handles the SPF installation script that runs "/usr/local/cpanel/bin/spf_installer username" and is also
used in cPanel > Email Authentication area for setting the IP for the SPF record.

First, make a backup of the file:

cp /usr/local/cpanel/Cpanel/SPF.pm /usr/local/cpanel/Cpanel/SPF.pm.bak

Now revise the lines that have this:

my $mainip = Cpanel::DIp::getmainserverip();

To have this instead:

my $mainip = '192.12.12.12';

This will then use the hard-coded IP when installing the SPF records. This will occur for all parked, addon, and subdomains on the account for the SPF
installation. Whenever the user in cPanel > Email Authentication area enables SPF records, the hard-coded IP will be used.

Please note that the code entry occurs thrice in the file, so you would need to revise all the entries. If you only revise the initial entry, only
the main domain will be changed to that new hard-coded IP, while parked, addon, and subdomains will not be.

You may also want to put that file into the exclude list for cPanel so it does not get overwritten on cPanel updates:

echo "/usr/local/cpanel/Cpanel/SPF.pm" >> /etc/cpanelsync.exclude

Script to update SPF for all accounts

=================================================================
#!/bin/bash
IFS="$"
cd /var/named
/bin/ls -- /var/cpanel/users | grep -v
"root\|system\|passwd\|cpanel\|nobody\|mysql\|\`\|\-\|\." | while read
CPUSER; do
echo "Installing SPF for '${CPUSER}'";
/usr/local/cpanel/bin/spf_installer "${CPUSER}" > /dev/null
done
=================================================================
Posted by at No comments:

Certificate Installation: Nginx

Installing a certificate using NGINX

You should have received your certificate , a file typically named 'your_domain_com.crt' as well as the 'CA bundle' file containing the intermediate certificates, typically named 'your_domain_com.ca-bundle'.

The following is an example configuration, to reduce the CPU load it is recommended to run one worker process only and to enable keep-alive connections:

worker_processes 1;
http {
server {
listen 443;
ssl on;
ssl_certificate /usr/local/nginx/conf/cert.pem;
ssl_certificate_key /usr/local/nginx/conf/cert.key;
keepalive_timeout 70;
}
}

Important note
When using chain certificates (CA Bundle), just append the extra certificates into your .crt file (cert.pem in the example). Your own certificate needs to be on top of the file, otherwise key get a mismatch with the key.
Posted by at No comments:
Subscribe to: Posts (Atom)