Sysadmin

How to Munin Graph JVM Memory Usage with Ubuntu tomcat

The following description works when using the Ubuntu "tomcat7" package:

Grab the "java/jstat__heap" plugin from munin-contrib @ github and place it into "/usr/share/munin/plugins/jstat__heap".

Link the plugin into /etc/munin/plugins

ln -s /usr/share/munin/plugins/jstat__heap /etc/munin/plugins/jstat_myname_heap

Choose some useful name instead of "myname". This allows to monitor multiple JVM setups.

Configure each link you created in for example a new plugin config file named "/etc/munin/plugin-conf.d/jstat" which should contain one section per JVM looking like this

[jstat_myname_heap]
user tomcat7
env.pidfilepath /var/run/tomcat7.pid
env.javahome /usr/

Website Technology Changes in January 2014

As in the last four months I'm looking into changes visible at the frontend pages of the biggest websites. The last month saw a lot of version upgrades and hiding server versions.

The detailed results can be found here:

What Changed?

DNS-Prefetching The HTML header based DNS prefetching is expanding once more and for the first time used on adult site: xnxx.com
IPv6 An AAAA record was sigthed for the first time for yandex.ru
Version Upgrades
  • bildblog.de upgrades from Gentoo PHP 5.4.13 to 5.5.7
  • flipkart.com upgraded nginx 1.4.1 to 1.4.4
  • gomez.com switched OS and upgraded Apache 2.2.13 (Win32) to 2.2.15 (Red Hat)
  • jquery.com upgraded PHP 5.3.27 to 5.3.28
  • kickass.to upgraded Gentoo nginx 1.5.1 to bleeding edge 1.5.10 same for PHP 5.5.5 to 5.5.9
  • taz.de upgraded Apache 2.2.16 to 2.2.22
  • wetteronline.de upgraded Apache 2.4.2 to 2.4.7
  • xhamster.com upgraded nginx 1.4.1 to 1.4.4 and PHP 5.3.15 to 5.3.21
Hiding Server Version Additional sites are now hiding the webserver version

Note: the website links lead to a history page for the different sites were you can see the change details.

Caution!

All the results listed above are based on a simple scanning script. The results present a snapshot of the websites and a single response only. This is of course not necessarily an indicating for what techniques the site uses in daily operations!

Sharing Screen With Multiple Users

How to detect screen sessions of other users:

screen -ls <user name>/

How to open screen to other users:

  1. Ctrl-A :multiuser on
  2. Ctrl-A :acladd <user to grant access>

Attach to other users screen session:

With session name

screen -x <user name>/<session name>

With PID and tty

screen -x <user name>/<pid>.<ptty>.<host>

Website Technology Changes in December 2013

As in the last three months I'm looking into changes visible at the frontend pages of the biggest websites. As to be expected changes during December are a bit limited as probably everyone favours stability over the holidays.

The detailed results can be found here:

What Changed?

DNS-Prefetching The HTML header based DNS prefetching is still there and gained yet another site: flipkart.com
IPv6 No change in AAAA records.
Version Upgrades fu-berlin.de upgrades from Apache 2.2.17 to 2.2.22
conduit.com upgrades from IIS 7.5 to 8.5
microsoft.com upgrades from IIS 8.0 to 8.5
Webserver Change Documentation site w3schools.com now shows nginx 1.2.6 instead IIS 7.5 as user facing webserver
Hiding Server Version One more site hostgator.com stopped reporting the Apache version

Note: the website links lead to a history page for the measurements.

Caution!

All the results listed above are based on a simple scanning script. The results present a snapshot of the websites and a single response only. This is of course not necessarily an indicating for what techniques the site uses in daily operations!

How to dry-run with chef-client

The answer is simple: do not "dry-run", do "why-run"!

chef-client --why-run
chef-client -W

And the output looks nicer when using "-Fmin"

chef-client -Fmin -W

As with all other automation tools, the dry-run mode is not very predictive. Still it might indicate some of the things that will happen.

Large Website Technology Changes in November 2013

As in the last two months I performed another a indexing of the information reported by major websites. It covers mostly request header, HTML and DNS based information of the top 200 sites listed by Alexa and the top 100 German websites. All the information is freely available and only extracted from the website responses!

The detailed results can be found here:

What Changed?

DNS-Prefetching The HTML header based DNS prefetching is still there and gained another site: German job portal stepstone.de
IPv6 IPv6 support did not spread in the last month. Several sites have flapping visibility of their AAAA records.
Version Upgrades adf.ly upgrades from PHP 5.3.8 to 5.4.21.
rtl.de upgrades from Apache 2.2.21 to 2.4.6.
Webserver Change German health portal imedo.de switched from Mongrel to Apache
Hiding Server Version Porn site xnxx.com stopped reporting usage of PHP 5.3.6
CDN In 11/2013 conduit.com switched from Cotendo to Akamai CDN.
Hoster German couples portal parship.de seems to have changed hoster and is using BigIP F5 load balancers now.

Note: the website links lead to a history page for the measurements.

Caution!

All the results listed above are based on a simple scanning script. The results present a snapshot of the websites and a single response only. This is of course not necessarily an indicating for what techniques the site uses in daily operations!

Website Technology Crawl 12/2013

I've update the What Large Sites Use page with the results crawled in December 2013. Check it out to see who is using what! New column for HTML DOCTYPE was added. I'll soon post the followup on the changes compared to November.

What Job Offers Tell About Architectures #5

Part 5 of the Unix/Linux system administrator job offer and technologies survey. Here are several new companies. This time watch out for "or's" in the table and the order of the alternative which might give an indication what the employer uses and what knowledge he deems equivalent. Also keep in mind that such "or's" indicate once more that each position might describe only wishes, but not that actual architecture the company uses. It depends on how open they want to be...

If you want to check for yourself click the "[src]" for the original reference, but know that it might be already offline.

Todays List

Company Sector Reference OS Languages Databases Software Hardware Monitoring Virtualization Automation
allesklar meinestadt.de Internet: Web [src] Linux MySQL, Postgres, Cassandra DB HA and Loadbalancing
Xing Social [src] Java, Scala ElasticSearch or (Lucene or Solr) Haadop, HBase, Cassandra
Hanwha Q Cells Industry [src] AIX System P, Storages, Tape
buch.de Online Store: Books [src] Redhat Apache, Tomcat, Redhat Satellite SAN yes
goodgame Studios Gaming [src] Debian, Redhat Shell MySQL Apache, Postfix Nagios, Munin, Icinga
International Algorithmic Trading GmbH Finance [src] Redhat, CentOS, Scientific Linux Bash, Perl yes
Lidl Online Store: Food [src] Redhat Shell MySQL VMWare
EOS UPTRADE GmbH Internet [src] Debian, CentOS PHP MySQL Cisco FW, Watchguard Icinga XenServer, VMWare Cloud Puppet

The Interesting Things

Well this is the first time I see someone using Scientific Linux. As with the previous posts automation doesn't seem to play a big role as only 2 out of 8 mentioned it. Also no startupish devops style offers here as the scripting languages seem to indicate. It seems to be just good old robust Unix administration :-)

And look at Q Cells, no wonder they went bankrupt using IBM hardware...

Note: You can find the complete index of all companies I checked so far here:
What Job Offers Tell About Architectures.

Nagios Plugin for dmesg Monitoring

So far I found no easy solution to monitor for Linux kernel messages. So here is a simple Nagios plugin to scan dmesg output for interesting stuff:

#!/bin/bash

SEVERITIES="err,alert,emerg,crit"
WHITELIST="microcode: |\
Firmware Bug|\
i8042: No controller|\
Odd, counter constraints enabled but no core perfctrs detected|\
Failed to access perfctr msr|\
echo 0 > /proc/sys"

# Check for critical dmesg lines from this day
date=$(date "+%a %b %e")
output=$(dmesg -T -l "$SEVERITIES" | egrep -v "$WHITELIST" | grep "$date" | tail -5)

if [ "$output" == "" ]; then
	echo "All is fine."
	exit 0
fi

echo "$output" | xargs
exit 1

"Features" of the script above:

  • It gives you the 5 most recent messages from today
  • It allows to whitelist common but useless errors in $WHITELIST
  • It uses "dmesg" to work when you already have disk I/O errors and to be faster than syslog parsing

This script helped a lot to early on detect I/O errors, recoverable as well as corruptions. It even worked when entire root partition wasn't readable anymore, because then the Nagios check failed with "NRPE: unable to read output" which indicated that dmesg didn't work anymore. By always showing all errors from the entire day one cannot miss recovered errors that happened in non-office hours.

Another good thing about the check is detecting OOM kills or fast spawning of processes.

Chef Gets Push in Q1/2014

Sysadvent features a puppetlabs sponsered article (yes, honestly, check the bottom of the page!) about chef enterprise getting push support. It is supposed to be included in the open source release in Q1/2014.

With this change you can use a push jobs cookbook to define jobs and an extended "knife" with new commands to start and query about jobs:

knife job start ...
knife job list

and

knife node status ...

will tell about job execution status on the remote node.

At a first glance it seems nice. Then again I feel worried when this is intened to get rid of SSH keys. Why do we need to get rid of them exactly? And in exchange for what?

Syndicate content