Linux Tuning Parameters September 28th, 2010
KernelTo successfully run enterprise applications, such as a database server, on your Linux distribution, you may be required to update some of the default kernel parameter settings. For example, the 2.4.x series kernel message queue parameter msgmni has a default value (for example, shared memory, or shmmax is only 33,554,432 bytes on Red Hat Linux by default) that allows only a limited number of simultaneous connections to a database. Here are some recommended values (by the IBM DB2 Support Web site) for database servers to run optimally:
| - kernel.shmmax=268435456 for 32-bit- kernel.shmmax=1073741824 for 64-bit- kernel.msgmni=1024- fs.file-max=8192- kernel.sem=”250 32000 32 1024″ |
Shared Memory
| To view current settings, run command:# more /proc/sys/kernel/shmmaxTo set it to a new value for this running session, which takes effect immediately, run command:# echo 268435456 > /proc/sys/kernel/shmmaxTo set it to a new value permanently (so it survives reboots), modify the sysctl.conf file:…kernel.shmmax = 268435456… |
Semaphores
| To view current settings, run command:# more /proc/sys/kernel/sem 250 32000 32 1024 To set it to a new value for this running session, which takes effect immediately, run command:# echo 500 512000 64 2048 > /proc/sys/kernel/semParameters meaning:SEMMSL – semaphores per IDSEMMNS – (SEMMNI*SEMMSL) max semaphores in systemSEMOPM – max operations per semop callSEMMNI – max semaphore identifiers |
ulimits
| To view current settings, run command:# ulimit -aTo set it to a new value for this running session, which takes effect immediately, run command:# ulimit -n 8800# ulimit -n -1 // for unlimited; recommended if server isn’t shared Alternatively, if you want the changes to survive reboot, do the following: - Exit all shell sessions for the user you want to change limits on.- As root, edit the file /etc/security/limits.conf and add these two lines toward the end: user1 soft nofile 16000 user1 hard nofile 20000 ** the two lines above changes the max number of file handles – nofile – to new settings.- Save the file.- Login as the user1 again. The new changes will be in effect. |
Message queues Read the rest of this entry »
Posted in CentOS, debian, fedora, feebsd, linux, Networking, ubuntu | No Comments »
FreeBSD Vs Linux Who is Best ? June 4th, 2010
Both FreeBSD & Linux are reliable and Servers running either software often stay up for years. But disk I/O of linux is non-synchronous by default which corrupts filesystem after system crash.
Freebsd’s disk I/O is high performance for transactions based applications for example databases. It is observerd that under heavy network load, the network performance of linux is 20-30% below of Freebsd under same hardware.
Being open source Linux allows anyone to change security code due to which code is modified rapidly and there is no formal code review policy. On other hand FreeBSD security components are checked for errors. Freebsd includes very robust packet filtering firewall system. Linux ext2/ext3 has several new journaling filesystems which fix data loss due to system crash. While FreeBSD uses UFS(Unix File System) which is more complex than ext2/ext3. UFS has many flags to use for performance and security for example schg flag does not allow to change file & directory unless you remove it.
Device Driver support of Freebsd is better than Linux. FreeBSD boot loader allows to load drivers at boot-time. Some time it becomes very difficult for linux users to use vendor’s drivers. Freebsd can run programs compiled for linux, SCO Unix and BSD systems. But Linux can only run binaries that are compiled for linux. Freebsd has many GBs of free packages to install via ports (Package management system of Freebsd). Linux has also free available software but Linux has not a central location like ports collection. of Freebsd.
Several organizations give professional support for both Freebsd & Linux. All the major Linux vendors offer some level of support, and several offer full 24/7 service. There are many forums where Linux questions are answered for free.
Both FreeBSD & Linux can be installed on as many systems as you like for no additional cost. Both Linux & Freebsd’s total cost of ownership is very low.
So if you are planning to deploy a transactional applications then for the best performance Deploy FreeBSD for example Email services & Database applications.
Please give your opinion, reviews & comments to select between 2 open source Operating systems FreeBsd & Linux so that we may focus to post more information about OS you like.
source here
Posted in CentOS, debian, fedora, feebsd, linux, ubuntu | No Comments »
how to compile kernel for transparent squid and pf & install latest squid on freebsd 8 February 12th, 2010
First we will compile kernal
proxy # cd / usr/src/sys/i386/conf /
backup your kernel configuration file used to it:
Proxy # cp GENERIC GENERIC-BAK
edit GENERIC file with your favorite editor
Proxy#nano GENERIC
and add these below options
its is optional for telling your kernal about cpu
cpu I686_CPU
#For optimizing squid #
options SYSVMSG
options MSGMNB=32768
options MSGMNI=164
options MSGSEG=8196
options MSGSSZ=512
options MSGTQL=2048
Add these lines below device
# For PF #
device pf
device pflog
device pfsync
options ALTQ
options ALTQ_CBQ # Class Bases Queuing (CBQ)
options ALTQ_RED # Random Early Detection (RED)
options ALTQ_RIO # RED In / Out
options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC)
options ALTQ_PRIQ # Priority Queuing (PRIQ)
options ALTQ_NOPCC # Required for SMP build
after that
Proxy # config GENERIC
proxy # cd .. / .. / compile / GENERIC
or some times if you have installed standard installation then
proxy # cd .. / compile / GENERIC
proxy # make & & make depend
proxy # make & & make install
Install Squid
we need perl
proxy# cd /usr/ports/lang/perl5.10/
proxy# make install clean
Create group and user that will be used to run the squid:
proxy# pw group add squid -g 100
proxy# pw user add squid -u 100 -g squid -s /usr/sbin/nologin -d /usr/local/squid
proxy# chown -Rv squid:squid /cache
proxy# cd /usr/local/
proxy# fetch http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE23.tar.bz2
proxy# tar -zxvf squid-3.0.STABLE23.tar.bz2
proxy# cd squid-3.0.STABLE23
proxy# ./configure -prefix=/usr/local/squid \
–enable-gnuregex \
–enable-async-io=24 –with-pthreads –with-aio –with-dl –with-aufs-threads=24 –with-pthreads \
-enable-pf-transparent \
–enable-ipfw-transparent \
-enable-storeio=aufs \
-enable-removal-policies=heap \
-enable-delay-pools \
-enable-underscores \
–enable-http-violations \
–enable-unlinkd \
-enable-snmp \
-enable-useragent-log \
-enable-htcp \
-enable-ssl \
-enable-icmp \
–enable-poll \
-enable-arp-acl \
-enable-cache-digests \
-enable-kill-parent-hack \
-enable-large-cache-files \
-enable-follow-x-forwarded-for \
-enable-default-err-languages=English \
-enable-err-languages=English \
-disable-ident-lookups \
-disable-hostname-checks \
-disable-wccpv2 \
-disable-wccp && “Successful Done”proxy# make && make install
After that edit the squid.conf is in accordance with the needs
proxy# ee /usr/local/squid/etc/squid.conf
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 192.168.10.0/27
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 8080 transparent
hierarchy_stoplist cgi-bin ?cache_mem 6 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap LFUDAcache_replacement_policy heap GDSF
cache_dir aufs /cache 10000 24 256
maximum_object_size 128 MB
cache_swap_low 90
cache_swap_high 95access_log /var/log/squid/logs/access.log
cache_log /var/log/squid/logs/cache.logcoredump_dir /cache
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320cache_mgr webmaster@domainku.com-(0752-xxxxxx)
cachemgr_passwd squid-cache password
cache_effective_user squid
cache_effective_group squid
proxy# squid -z
2009/05/10 16:38:37| Creating Swap Directories
first lets check the configuration with the command:
proxy # / usr / local / squid / sbin / squid-k parse
proxy # / usr / local / squid / sbin / squid-NCd1
once considered sufficient, a squid path:
proxy # / usr / local / squid / sbin / squid
and to run the config change, can be a command
proxy # / usr / local / squid / sbin / squid-k reconfigure
let me restart the streets every time the input parameters to the / etc / rc.conf
squid_enable = “YES”
pf_enable = “YES”
or enter the command /usr/local/squid/sbin/squid to /etc/rc.local
then add in / etc/ rc.local
chgrp squid /dev/pf & & chmod g+rw /dev/ pf
Posted in feebsd, Networking | No Comments »
