Linux Performance Analysis useful resources

• Linux Performance Analysis in 60,000 Milliseconds
• Thinking Methodically about Performance
• The USE Method

WARN[0000] Conmon at /usr/bin/conmon invalid: outdated conmon version

 Çözüm:

 yum update conmon -y

 

Red Hat: nmcli kullanım notları

 

Aşağıdaki testler Red Hat Enterprise Linux 8.2 üzerinde gerçekleştirilmiştir.

nmcli linux sistemler üzerinde NetworkManager servisi üzerinden ağ ayarlarını komut satırı kullanarak kontrol edebileceğiniz kullanabileceğiniz bir araçtır.

Aktif profili görüntüle:

#nmcli con show

Yeni bir profil tanımla:
Profil tanımlarken kullanabileceğiniz parametrelerden bazıları: con-name,ifname,type,ipv4.address,ipv4.gateway

#nmcli con add con-name lab ifname eth0 type ethernet ipv4.method manual ipv4.address 172.25.250.11/24 ipv4.gateway

Profil güncelle:
Profil güncellerken kullanabileceğiniz parametrelerden bazıları:
connection.autoconnect,ipv4.dns,+ipv4.addresses

#nmcli con mod lab ipv4.dns 4.2.2.4
#nmcli con mod lab connection.autoconnect
#nmcli con mod lab +ipv4.addresses 10.1.1.1/24

kafkaserver installation on Red Hat 8.4

 yum install java -y
wget https://ftp.itu.edu.tr/Mirror/Apache/kafka/2.8.0/kafka_2.13-2.8.0.tgz
mv kafka_2.13-2.8.0.tgz /opt/
cd /opt/
tar -zxf kafka_2.13-2.8.0.tgz
ln -s /opt/kafka_2.13-2.8.0 /opt/kafka
useradd kafka
chown -R kafka:kafka /opt/kafka*

Edit: /etc/systemd/system/zookeeper.service
[Unit]
Description=zookeeper
After=syslog.target network.target

[Service]
Type=simple

User=kafka
Group=kafka

ExecStart=/opt/kafka/bin/zookeeper-server-start.sh /opt/kafka/config/zookeeper.properties
ExecStop=/opt/kafka/bin/zookeeper-server-stop.sh

[Install]
WantedBy=multi-user.target

Edit: /etc/systemd/system/kafka.service
[Unit]
Description=Apache Kafka
Requires=zookeeper.service
After=zookeeper.service

[Service]
Type=simple

User=kafka
Group=kafka

ExecStart=/opt/kafka/bin/kafka-server-start.sh /opt/kafka/config/server.properties
ExecStop=/opt/kafka/bin/kafka-server-stop.sh

[Install]
WantedBy=multi-user.target




systemctl start zookeeper
systemctl start kafka

jq installation on Red Hat 7.8

 [root@resilient domain1]# rpm -ivh https://download-ib01.fedoraproject.org/pub/epel/7/x86_64/Packages/j/jq-1.6-2.el7.x86_64.rpm https://download-ib01.fedoraproject.org/pub/epel/7/x86_64/Packages/o/oniguruma-6.8.2-1.el7.x86_64.rpm

vim Tips for Editing YAML Files

 vim Tips for Editing YAML Files# 

:set cursorcolumn 

:set nocursorcolumn 

:set ai ts=2 sw=2 et 

:set colorcolumn=3,5,7

 

press lower case v: VISUAL mode 

press capital v: VISUAL LINE mode 

press ctrl + v: VISUAL BLOCK mode

Red Hat Ansible installation

You can find source code and rpm files on this link:

https://access.redhat.com/articles/3174981

Containers without daemons: Podman and Buildah available in RHEL 7.6 and RHEL 8

When to use Buildah and when to use Podman

Buildah and Podman are two complementary open-source projects that  reside on GitHub: Buildah (containers/buildah) and Podman (containers/libpod). Both Buildah and Podman are command line tools that work on OCI images and containers. The two projects are related, but differ in their specialization.

Buildah specializes in building OCI images. Buildah’s commands replicate all of the commands that are found in a Dockerfile. Buildah’s goal is also to provide a lower level coreutils interface to build container images, allowing people to build containers without requiring a Dockerfile. Buildah’s other goal is to allow you to use other scripting languages to build container images without requiring a daemon.

Podman specializes in all of the commands and functions that help you to maintain and modify those OCI container images, such as pulling and tagging. It also allows you to create, run, and maintain those containers. If you can do a command in the Docker CLI, you can do the same command in the Podman CLI. In fact you can just alias podman for docker on your machine and you can then build, create and maintain container images and containers without a daemon being present, just as you always have.

Although Podman uses Buildah’s build functionality under the covers to create a container image, the two projects have differences. The major difference between Podman and Buildah is their concept of a container. Podman allows users to create traditional containers and the intent of these containers is to be controlled through the entirety of a container life cycle (pause, checkpoint/restore, etc). While Buildah containers are really created just to allow content to be added to the container image. Each project has a separate internal representation of a container that is not shared. Because of this you cannot see Podman containers from within Buildah or vice versa. However the internal representation of a container image is the same between Buildah and Podman. Given this, any container image that has been created, pulled or modified by one can be seen and used by the other.

Some of the commands between the two projects overlap significantly but in some cases have slightly different behaviors. The following table illustrates the commands with some overlap between the projects.

 Reference:

https://developers.redhat.com/blog/2018/11/20/buildah-podman-containers-without-daemons/

Additional Resources

• Intro to Podman in Red Hat Enterprise Linux 7.6
• Podman—The next generation of Linux container tools
• Managing containerized system services with Podman
• Podman: Managing pods and containers in a local container runtime
• CRICTL vs Podman
• Building, running, and managing containers – Red Hat Enterprise Linux 8 documentation
• Upstream community sites: buildah.io and podman.io
• GitHub: Buildah (containers/buildah)  and Podman (containers/libpod)

How to scan new FC LUNS and SCSI disks in Red Hat

Red Hat kullanılan sistemde multipath lun'ları taramak için uyguladığımız adımlar:

Aşağıdaki script'teki host0, host1, host2, host3 olarak belirttiğim ve tarama yaptığım aygıtlarını ihtiyacınıza göre düzenlemelisiniz. Örneğin, eğer sisteminizde host4 aygıtı bulunuyorsa bunu da eklemelisiniz.

Platform:

RHEL 6.5 x86_64

Code:

#!/bin/bash

##
# e-mail: aokany[at]gmail.com
##

mpathconf --disable
rm -fr /etc/multipath.conf
rm -fr /etc/multipath/bindings

service multipathd stop
sleep 3
echo "- - -" > /sys/class/scsi_host/host0/scan
echo "1" > /sys/class/fc_host/host0/issue_lip

echo "- - -" > /sys/class/scsi_host/host1/scan
echo "1" > /sys/class/fc_host/host1/issue_lip

echo "- - -" > /sys/class/scsi_host/host2/scan
echo "1" > /sys/class/fc_host/host2/issue_lip

echo "- - -" > /sys/class/scsi_host/host3/scan
echo "1" > /sys/class/fc_host/host3/issue_lip

mpathconf --enable

service multipathd start

fdisk -l |grep Disk |grep -v ident

epel and remi repo installation on centos 6

• Command to install the EPEL repository configuration package:    yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
• Command to install the Remi repository configuration package:    yum install http://rpms.remirepo.net/enterprise/remi-release-6.rpm

Multilib Protection warning for i686 package installation on Red Hat x86_64

To bypass this warning you need to edit /etc/yum.conf and add protected_multilib=0 line in the [main] section of the config

ssmtp ile konsoldan mail gonderimi

#!/bin/bash

from="root@egearge.com"
fromname="Ali Okan Yuksel"
to="aokan@egearge.com"
subject="deneme"
msg="bu bir deneme mailidir"

echo -e "to: ${to}\nsubject: deneme\n\n ${msg}" | ssmtp -f "${from}" -F "${fromname}" ${to}

radius performance testing with radperf tool

RADPERF

Authentication, Authorization, and Accounting. Performance, scalability, load testing, and validation.
One of the most critical steps when building a RADIUS system is performance characterisation. This means testing the system to see if both authentication (i.e., read-only) and accounting (i.e., read-write) behavior is acceptable.

In many cases, the performance will be good enough for normal loads. However, high loads are commonly seen when a NAS reboots and many users flood the network at the same time. If the system cannot handle this load, then it will be unsuitable for a production environment.

RadPerf helps you make this determination. It can send both authentication and accounting packets at varying rates. Even better, you do not need to know anything about RADIUS in order to use RadPerf.

Starting with a list of users and passwords in a CSV file, RadPerf can generate both authentication and accounting packets. It can simulate spikes in traffic, long-lived user sessions, and end-to-end user behavior.

Once RadPerf has finished testing, it produces a set of reports that summarize offered load versus accepted load. Total accepted packets per second can quickly be determined. These reports gives you the data that you need to make an informed decision about placing a system into production.

http://networkradius.com/radius-performance-testing/

radperf-u14.04# ./radperf -A1,5 -c 1 -p 100 -s -f test.csv 192.168.5.174:1812 auth mysecretkey

-A1,5 parametresi ile 1 saniye sonra CREATE accounting request 5 SANIYE sonra ise  DELETE request gonderilmesini sagliyoruz.
-p paralel 100 gonderim yapildigini anlamina geliyor.


radperf - Performance testing tool for RADIUS systems.
          Copyright (C) 2012 Network RADIUS SARL.  All rights reserved.
Usage: radperf [options] server[:port] <command> [<secret>]
  <command>    One of auth, acct, status, coa, or disconnect.
  -a type     Use authentication method <type> (pap, chap, none)
  -A d,l      After Access-Accept, send accounting packets.
  -c count    Send each packet 'count' times.
  -d raddb    Set dictionary directory.
  -D file     Print packet statistics to file
  -f file     Read packets from file, not stdin.
  -F          Update Framed-IP-Address, too.
  -n num      Send a maximum of 'num' packets per second
  -p num      Send a maximum of 'num' packets in parallel.
  -q          Do not print anything out.
  -r retries  If timeout, retry sending the packet 'retries' times.
  -R realm    Realm name to append to the User-Name
  -s          Print out summary information of auth results.
  -S file     read secret from file, not command line.
  -t timeout  Wait 'timeout' seconds before retrying (may be a floating point number).
  -T template Use template file with every request
  -u number   Generate requests for 'number' users.
  -v          Show program version information.
  -x          Debugging mode.
  -4          Use IPv4 address of server
  -6          Use IPv6 address of server.

freeradius installation, configuration and replication notlar

amac tek bir makinaya gelen radius trafigini birden fazla sayida makinaya cogullamak.
kullandigim modul:

mod-enabled/replicate
#  Replicate packet(s) to a home server.
#
#  This module will open a new socket for each packet, and "clone"
#  the incoming packet to the destination realm (i.e. home server).


kurulum:
--

yum install libtalloc-devel openssl-devel gcc
mkdir -p /opt/freeradius
cd freeradius-server-3.0.11
./configure --prefix=/opt/freeradius
make
make install


files:
--
-/etc/raddb/sites-enabled/default  bu dosyada authorize, preacct bolumlerine ekleme yaptim, loglarin detayli loglanmasi icin detail ifadelerini ekledim
-/etc/raddb/mods-enabled/detail bu dosyada detail loglarin yazilacagi lokasyonu degistirdim
-/etc/raddb/clients.conf bu dosyaya client ip ve secretkey bilgileri ile alakali duzenleme yaptim
-/etc/raddb/proxy.conf bu dosyaya realm, home server ve home server pool tanimlari ekledim
-/etc/raddb/radiusd.conf bu dosyada ssl guvenlik uyarisini bypass etmek icin duzenleme yaptim
-/etc/raddb/users bu dosyaya manuel valid user ekledim

config:
--

add to authorize, preacct

        update control {
                &Replicate-To-Realm := server1
                &Replicate-To-Realm += server2
                &Replicate-To-Realm += server3
        }
        replicate


add to authorize, preacct /etc/raddb/sites-enabled/default:

        update control {
                &Replicate-To-Realm := server1
                &Replicate-To-Realm += server2
        }
        replicate
--

add to: /etc/raddb/proxy.conf

client 0.0.0.0/0 {
    secret = mysecretkey
    require_message_authenticator=no
}
--

add to: /etc/raddb/proxy.conf

home_server remote_server_1 {
        ipaddr = 192.168.5.171
        port = 1812
        type = auth+acct
        secret = mysecretkey
}
home_server remote_server_2 {
        ipaddr = 192.168.5.172
        port = 1812
        type = auth+acct
        secret = mysecretkey
}
home_server remote_server_3 {
        ipaddr = 192.168.5.173
        port = 1812
        type = auth+acct
        secret = mysecretkey
}

home_server_pool remote_pool_1 {
        type = fail-over
        home_server = remote_server_1
}
home_server_pool remote_pool_2 {
        type = fail-over
        home_server = remote_server_2
}
home_server_pool remote_pool_3 {
        type = fail-over
        home_server = remote_server_3
}

realm server1 {
      auth_pool = remote_pool_1
      acct_pool = remote_pool_1
}
realm server2 {
      auth_pool = remote_pool_2
      acct_pool = remote_pool_2
}
realm server3 {
      auth_pool = remote_pool_2
      acct_pool = remote_pool_2
}


kullanici tanimlama:
--

add to: /etc/raddb/users

testuser        Cleartext-Password := "password"




test:
$ for i in $(seq 1 100); do radtest testuser password 192.168.5.174 0 mysecretkey; done

linux: how to detect which application, command or pid deleted files

Sysdig is open source, system-level exploration: capture system state and activity from a running Linux instance, then save, filter and analyze.Sysdig is scriptable in Lua and includes a command line interface and a powerful interactive UI, csysdig, that runs in your terminal. Think of sysdig as strace + tcpdump + htop + iftop + lsof + awesome sauce.
With state of the art container visibility on top.

installation:
http://www.sysdig.org/install/





command:
sysdig -p '%12evt.type %12user.name %6proc.pid %12proc.name %12proc.args- %proc.cmdline --- %evt.args' '(evt.type=unlinkat or evt.type=unlink) and evt.args contains /usr/local/app/db'


https://github.com/draios/sysdig/wiki/Sysdig%20Chisel%20API%20Reference%20Manual

http://www.sysdig.org/wiki/sysdig-quick-reference-guide/

Setting the default JDK with the /usr/sbin/alternatives Utility

alternatives  creates, removes, maintains and displays information about the symbolic links comprising the alternatives system. The alternatives system is a reim-
       plementation of the Debian alternatives system. It was rewritten primarily to remove the dependence on perl; it is intended  to  be  a  drop  in  replacement  for
       Debian’s update-dependencies script.

1. Become the root user.
   /usr/sbin/alternatives needs to be run with root privileges. Use the su command or other mechanism to gain these privileges.
2. Set java.
   Input this command: /usr/sbin/alternatives --config java
   Set javac.
3. Enter this command: /usr/sbin/alternatives --config javac
   
   

Kaynak: https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Web_Platform/5/html/Installation_Guide/sect-use_alternatives_to_set_default_JDK.html

linux: how to get timezone information

timezone bilgisi /etc/localtime dosyasinda saklanir.
bu dosya binary formattadir. binary dosyalar icerisindeki degiskenler strings komutu ile analiz edilebilir.

$ strings /etc/localtime | more


timezone dosya boyutunu mevcut timezone dosyalari ile kiyaslayarak time zone bilgisi ogrenme:
$ cd /usr/share/zoneinfo
$ find * -type f -exec sh -c "diff -q /etc/localtime '{}' > /dev/null && echo {}" \;


datetime komutu ile timezone bilgisi ogrenme:
$ date +'%:z %Z'

Linux: how to optimize an ethernet adapter settings

 Platform:

Red Hat Enterprise Linux Server release 6.5 (Santiago)
how to learn ethernet device driver details



ethtool -i eth1

# ethtool -i eth1
driver: igb
version: 5.2.5
firmware-version: 2.1.0
bus-info: 0000:01:00.1
supports-statistics: yes
supports-test: yes
supports-eeprom-access: yes
supports-register-dump: yes
supports-priv-flags: no


# lspci -v | grep -A 14 '01:00.1'
01:00.1 Ethernet controller: Intel Corporation 82575EB Gigabit Network Connection (rev 02)
Subsystem: Intel Corporation Device 34de
Flags: bus master, fast devsel, latency 0, IRQ 28
Memory at b1a00000 (32-bit, non-prefetchable) [size=128K]
I/O ports at 1000 [size=32]
Memory at b1a40000 (32-bit, non-prefetchable) [size=16K]
Capabilities: [40] Power Management version 2
Capabilities: [50] MSI: Enable- Count=1/1 Maskable- 64bit+
Capabilities: [60] MSI-X: Enable+ Count=10 Masked-
Capabilities: [a0] Express Endpoint, MSI 00
Capabilities: [100] Advanced Error Reporting
Capabilities: [140] Device Serial Number 00-1e-67-ff-ff-0c-9a-29
Kernel driver in use: igb
Kernel modules: igb

how to list ethernet adapter list

[root@server~]# lspci | grep Ethernet
01:00.0 Ethernet controller: Intel Corporation 82575EB Gigabit Network Connection (rev 02)
01:00.1 Ethernet controller: Intel Corporation 82575EB Gigabit Network Connection (rev 02)
02:00.0 Ethernet controller: Intel Corporation I350 Gigabit Network Connection (rev 01)
02:00.1 Ethernet controller: Intel Corporation I350 Gigabit Network Connection (rev 01)

how to learn supported RX / TX ring buffer settings of an ethernet adapter

# ethtool -g eth1
Ring parameters for eth1:
Pre-set maximums:
RX: 4096
RX Mini: 0
RX Jumbo: 0
TX: 4096
Current hardware settings:
RX: 256
RX Mini: 0
RX Jumbo: 0
TX: 256

how to change ethernet adapter rx tx ring buffer settings

# ethtool -G eth1 rx 4096 tx 4096
# ethtool -g eth1
Ring parameters for eth1:
Pre-set maximums:
RX: 4096
RX Mini: 0
RX Jumbo: 0
TX: 4096
Current hardware settings:
RX: 4096
RX Mini: 0
RX Jumbo: 0
TX: 4096

how to change ethernet features for increase ids/ips packet processing performance

disable RX checksumming :
# ethtool -K eth1 rx off


disable TX checksumming
# ethtool -K eth1 tx off

disable TCP segmentation offload
# ethtool -K eth1 tso off

disable generic receive offload
# ethtool -K eth1 gro off

disable generic segmentation offload
# ethtool -K eth1 gso off


disable scatter-gather
# ethtool -K eth1 sg off

how to show features of ethernet adapter



# ethtool -k eth1
Features for eth1:
rx-checksumming: on
tx-checksumming: on
tx-checksum-ipv4: on
tx-checksum-ip-generic: off [fixed]
tx-checksum-ipv6: on
tx-checksum-fcoe-crc: off [fixed]
tx-checksum-sctp: off [fixed]
scatter-gather: on
tx-scatter-gather: on
tx-scatter-gather-fraglist: off [fixed]
tcp-segmentation-offload: on
tx-tcp-segmentation: on
tx-tcp-ecn-segmentation: off [fixed]
tx-tcp6-segmentation: on
udp-fragmentation-offload: off [fixed]
generic-segmentation-offload: on
generic-receive-offload: on
large-receive-offload: off
rx-vlan-offload: on
tx-vlan-offload: on
ntuple-filters: off [fixed]
receive-hashing: on
highdma: on [fixed]
rx-vlan-filter: on [fixed]
vlan-challenged: off [fixed]
tx-lockless: off [fixed]
netns-local: off [fixed]
tx-gso-robust: off [fixed]
tx-fcoe-segmentation: off [fixed]
fcoe-mtu: off [fixed]
tx-nocache-copy: on
loopback: off [fixed]
rx-fcs: off [fixed]
rx-all: off [fixed]


Keywords: eth0 overrun problem, eth0 drop problem, packet processsing, ips, ids, suricata, snort, bro network security monitor, packet drop


2015-10-08 - Ali Okan Yuksel - yukselao@yandex.com

redhat sistemlerde kurulu rpm'leri kurulum zaman bilgileri beraber listeleme

rpm -qa  --queryformat '%{installtime} (%{installtime:date}) %{name}\n'

How to extract the contents of an RPM File

# rpm2cpio kmod-staging-3.8.11-200.fc18.x86_64-3.8.1-3.fc18.7.x86_64.rpm | cpio -idmv