Mohan WebSite

2012 SERVER (64)
2016 windows (9)
AIX (13)
Amazon (40)
Ansibile (19)
Apache (135)
Asterisk (2)
cassandra (2)
Centos (230)
- ftp (5)
- IPTABLES (15)
- SFTP (1)
- swap (3)
Centos RHEL 7 (270)
centos8 (3)
chef (3)
cloud (2)
cluster (3)
Coherence (1)
DB2 (5)
DISK (25)
DNS (9)
Docker (31)
Eassy (11)
ELKS (1)
EXCHANGE (3)
Fedora (6)
GIT (3)
GOD (2)
Grub (1)
Hacking (10)
Hadoop (6)
health (2)
horoscope (23)
Hyper-V (10)
IIS (15)
JAVA (7)
JBOSS (32)
jenkins (1)
Kubernetes (9)
Ldap (5)
Linux (189)
Linux Commands (166)
Load balancer (5)
mariadb (14)
Mongodb (4)
MQ Server (24)
MYSQL (84)
Nagios (5)
NaturalOil (13)
Nginx (36)
Ngix (1)
openldap (1)
Openstack (6)
Oracle (35)
Perl (3)
Postfix (19)
Postgresql (1)
PowerShell (2)
Python (3)
qmail (36)
Redis (12)
RHCE (28)
SCALEIO (1)
Security on Centos (29)
Shell (64)
Solaris (58)
Sql Server 2012 (4)
squid (3)
SSH (10)
SSL (14)
Storage (1)
TIPS on Linux (28)
tomcat (62)
Ubuntu (1)
Uncategorized (30)
Veritas (2)
vfabric (1)
VMware (28)
Weblogic (38)
Websphere (71)
Windows (19)
Windows Software (2)
wordpress (1)
ZIMBRA (17)

Setting Java garbage collection policies

Navigate to the JVM which you want to set gc policy as mentioned in below figure.

Enter the gc policy which you want to set in the text field “Generic JVM arguments “
other gc policies which you can set for JDK 5 are:-
-Xgcpolicy:optthruput
-Xgcpolicy:optavgpause
-Xgcpolicy:subpool

Save and synchronize the change and then restart the JVM (server1).
If you take JVM process status in unix/linux you will be able to see an entry similar to below. Below screen is from a windows javacore dump file.

MQ messaging

This example is a simple demonstration for understanding how MQ transfer messages between two queue managers and the minimum required MQ components for the same.
Kindly Share/Like/Follow the page if you like this article.

Below are the steps involved in this example.Source queue manager
——————————
1.) Create source queue manager.
2.) Start source queue manager.
3.) Connect to source queue manager using runmqsc command.
4.) Create a listener in source queue manager.
5.) Create transmission queue in source queue manager.
6.) Create a remote queue in source queue manager.
7.) Create a sender channel in source queue manager.
8.) Quit MQSC

Destination queue manager
————————————-
1.) Create destination queue manager.
2.) Start destination queue manager.
3.) Connect to destination queue manager using runmqsc command.
4.) Create a listener in destination queue manager.
5.) Create a receiver channel in destination queue manager.
6.) Create a local queue in destination queue manager.
7.) Quit MQSC.

Restart Source & Destination Queue Managers.
————————————————————-
1.) Stop source queue manager.
2.) Stop destination queue manager.
3.) Start source queue manager.
3.a.) Make sure that the listener started for source queue manager , if not start the listener.
4.) start destination queue manager.
4.a.) Make sure that the listener started for destination queue manager, if not start the listener.
5.) Connect to source queue manager using runmqsc command.
6.) Start sender channel on source queue manager.
7.) Check the channel status of both queue managers and make sure that both channels are running..
8.) Quit MQSC.

Testing
———-
1.) Put a message in remote queue of source queue manager.
2.) browse/get messages from local queue of destination queue manager.

Now let us implement above steps in a test server.

A.) Source queue manager (MqM1)
———————————————

1.) Create source queue manager MqM1

[root@myhost mqm]# crtmqm MqM1
WebSphere MQ queue manager created.
Directory ‘/var/mqm/qmgrs/MqM1’ created.
Creating or replacing default objects for MqM1.
Default objects statistics : 65 created. 0 replaced. 0 failed.
Completing setup.
Setup completed.

2.) Start source queue manager MqM1
[root@myhost mqm]# strmqm MqM1
WebSphere MQ queue manager ‘MqM1’ starting.
5 log records accessed on queue manager ‘MqM1’ during the log replay phase.
Log replay for queue manager ‘MqM1’ complete.
Transaction manager state recovered for queue manager ‘MqM1’.
WebSphere MQ queue manager ‘MqM1’ started.

3.) Connect to source queue manager MqM1 using runmqsc command.
[root@myhost mqm]# runmqsc MqM1
5724-H72 (C) Copyright IBM Corp. 1994, 2009. ALL RIGHTS RESERVED.
Starting MQSC for queue manager MqM1.

4.) Create a listener in source queue manager MqM1.

define listener (‘MqM1.LSNR’) TRPTYPE( TCP ) PORT (1486)
1 : define listener (‘MqM1.LSNR’) TRPTYPE( TCP ) PORT (1486)
AMQ8626: WebSphere MQ listener created.

5.) Create transmition queue in source queue manager.
define qlocal (‘TR1.MqM1.Q1’) USAGE (XMITQ)
2 : define qlocal (‘TR1.MqM1.Q1’) USAGE (XMITQ)
AMQ8006: WebSphere MQ queue created.

6.) Create a remote queue in source queue manager.

define qremote (‘RMT.MqM1.Q1’) XMITQ (‘TR1.MqM1.Q1’) RQMNAME(‘MqM2’) RNAME(‘LOC.MqM2.Q1’)
3 : define qremote (‘RMT.MqM1.Q1’) XMITQ (‘TR1.MqM1.Q1’) RQMNAME(MqM2) RNAME(‘LOC.MqM2.Q1’)
AMQ8006: WebSphere MQ queue created.

Points to be noted:-
XMITQ :- Should be the same name mentioned while creating transmission queue in step A.5
RQMNAME :- Specify the same name mentioned while creating destination queue manager B.1

7.) Create a sender channel in source queue manager.
define channel (‘MqM1.SNDR’) CHLTYPE(SDR) CONNAME(‘localhost(1487)’) XMITQ(‘TR1.MqM1.Q1’)
4 : define channel (‘MqM1.SNDR’) CHLTYPE(SDR) CONNAME(‘localhost(1487)’) XMITQ(‘TR1.MqM1.Q1’)
AMQ8014: WebSphere MQ channel created.
Points to be noted:-

XMITQ :- Should be the same name mentioned while creating transmission queue in step A.5
CONNAME:- Specify the hostname/ipaddress and port number of the remote queue manager

8.) Quit MQSC

end

B.) Destination queue manager (MqM2)
—————————————————-

1.) Create destination queue manager MqM2
[root@myhost mqm]# crtmqm MqM2
WebSphere MQ queue manager created.
Directory ‘/var/mqm/qmgrs/MqM2’ created.
Creating or replacing default objects for MqM2.
Default objects statistics : 65 created. 0 replaced. 0 failed.
Completing setup.
Setup completed.

2.) Start destination queue manager MqM2
[root@myhost mqm]# strmqm MqM2
WebSphere MQ queue manager ‘MqM2’ starting.
5 log records accessed on queue manager ‘MqM2’ during the log replay phase.
Log replay for queue manager ‘MqM2’ complete.
Transaction manager state recovered for queue manager ‘MqM2’.
WebSphere MQ queue manager ‘MqM2’ started.

3.) Connect to destination queue manager MqM2 using runmqsc command.

[root@myhost mqm]# runmqsc MqM2
5724-H72 (C) Copyright IBM Corp. 1994, 2009. ALL RIGHTS RESERVED.
Starting MQSC for queue manager MqM2.

4.) Create a listener in destination queue manager.
define listener (‘MqM2.LSNR’) TRPTYPE( TCP ) PORT (1487)
1 : define listener (‘MqM2.LSNR’) TRPTYPE( TCP ) PORT (1487)
AMQ8626: WebSphere MQ listener created.

5.) Create a receiver channel in destination queue manager.
define channel (‘MqM1.SNDR’) CHLTYPE(RCVR)
2 : define channel (‘MqM1.SNDR’) CHLTYPE(RCVR)
AMQ8014: WebSphere MQ channel created.

Points to be noted:-
Channel name should be the same name mentioned while creating channel in step A.7

6.) Create a local queue in destination queue manager.
define qlocal (‘LOC.MqM2.Q1’)
3 : define qlocal (‘LOC.MqM2.Q1’)
AMQ8006: WebSphere MQ queue created.

7.) Quit MQSC

end

C.) Restart Source and Destination Queue Managers
——————————————————————–

1.) Stop source queue manager MqM1.
[root@myhost mqm]# endmqm MqM1
Quiesce request accepted. The queue manager will stop when all outstanding work is complete.

2.) Stop destination queue manager MqM2.

[root@myhost mqm]# endmqm MqM2
Quiesce request accepted. The queue manager will stop when all outstanding work is complete.

3.) Start source queue manager MqM1.
[root@myhost mqm]# strmqm MqM1
WebSphere MQ queue manager ‘MqM1’ starting.
5 log records accessed on queue manager ‘MqM1’ during the log replay phase.
Log replay for queue manager ‘MqM1’ complete.
Transaction manager state recovered for queue manager ‘MqM1’.
WebSphere MQ queue manager ‘MqM1’ started.

4.) Start destination queue manager MqM2

[root@myhost mqm]# strmqm MqM2
WebSphere MQ queue manager ‘MqM2’ starting.
5 log records accessed on queue manager ‘MqM2’ during the log replay phase.
Log replay for queue manager ‘MqM2’ complete.
Transaction manager state recovered for queue manager ‘MqM2’.
WebSphere MQ queue manager ‘MqM2’ started.

5.) Connect to source queue manager MqM1 using runmqsc command.

[root@myhost mqm]# runmqsc MqM1
5724-H72 (C) Copyright IBM Corp. 1994, 2009. ALL RIGHTS RESERVED.
Starting MQSC for queue manager MqM1.

6.) Start sender channel on source queue manager.
start channel (‘MqM1.SNDR’)
1 : start channel (‘MqM1.SNDR’)
AMQ8018: Start WebSphere MQ channel accepted.

Points to be noted:- Starting sender channel will start the receiver channel automatically.
Step D contains the steps to check channel status.

NOTE:-
Make sure that listeners are started, if not started use below steps to start listeners
1.) Connect to source queue manager MqM1 using runmqsc command.
[root@myhost mqm]# runmqsc MqM1

2.) Verify Listener ‘MqM1.LSNR’ is running in source queue manager MqM1

display lsstatus (‘MqM1.LSNR’)

2.a.) If the listener ‘MqM1.LSNR’ is not running start it by using below mqsc command

start listener (‘MqM1.LSNR’)

1 : start listener (‘MqM1.LSNR’)
AMQ8021: Request to start WebSphere MQ Listener accepted.

3.) Quit MQSC

end

4.) Connect to destination queue manager MqM2 using runmqsc command.
[root@myhost mqm]# runmqsc MqM2
5.) Verify listener ‘MqM2.LSNR’ is running in destination queue manager MqM2

5.a.) If the listener ‘MqM2.LSNR’ is not running start it by using below mqsc command

start listener (‘MqM2.LSNR’)
1 : start listener (‘MqM2.LSNR’)
AMQ8021: Request to start WebSphere MQ Listener accepted.

D.) Checking channel status of both Qmgr
——————————————————

1.)Connect to source queue manager MqM1 using runmqsc command.
[root@myhost mqm]# runmqsc MqM1
2.) Verify the channel ‘MqM1.SNDR’ status

display chstatus (‘MqM1.SNDR’)

3.) Quit MQSC

4.) Connect to destination queue manager MqM2 using runmqsc command.
[root@myhost mqm]# runmqsc MqM2
5.) Verify the channel ‘MqM1.SNDR’ status

display chstatus (‘MqM1.SNDR’)

E.) Testing the setup

—————————

Note:- If not already installed, Install the samples before proceeding with below test.

1.) Put a message in remote Queue of MqM1

/opt/mqm/samp/bin/amqsput RMT.MqM1.Q1 MqM1
Type below text

This is a test message from RMT.MqM1.Q1 (remote Queue) of MqM1 to LOC.MqM2.Q1 (Local Queue) of MqM2

Press ctrl+z

Eg:-
[root@myhost bin]# /opt/mqm/samp/bin/amqsput RMT.MqM1.Q1 MqM1
Sample AMQSPUT0 start
target queue is RMT.MqM1.Q1
This is a test message from RMT.MqM1.Q1 (remote Queue) of MqM1 to LOC.MqM2.Q1 (Local Queue) of MqM2
[2]+ Stopped /opt/mqm/samp/bin/amqsput RMT.MqM1.Q1 MqM1
[root@myhost bin]#

2.) Browse/get the message from Local Queue of MqM2.

————————————————————————
/opt/mqm/samp/bin/amqsget LOC.MqM2.Q1 MqM2

[root@myhost bin]# /opt/mqm/samp/bin/amqsget LOC.MqM2.Q1 MqM2
Sample AMQSGET0 start

message <This is a test message from RMT.MqM1.Q1 (remote Queue) of MqM1 to LOC.MqM2.Q1 (Local Queue) of MqM2>

no more messages
Sample AMQSGET0 end
[root@myhost bin]#

Kindly Like/Follow the page if you like this article.

Request you to post your comments so that I can improve the content.

Synchronization Simplified

Synchronization Simplified

Synchronization is a process of updating the nodes with master configuration repository changes.The network deployment scenario of WebSphere application server contains multiple nodes managed by a Dmgr and Dmgr holds the master repository of configurations. Any updates or changes through Dmr will be saved in the master configuration and the nodes will be aware of these changes only after the synchronization.

The synchronization is always from Dmgr to Nodes and it never happens vise versa. If you made any changes from the node side it will be cleared during next synchronization process.

A Simple example

Consider below scenario.

OS —– Linux
HostA —– Dmgr
HostB ——Node1 — AppSrv01

Suggest to stop the Nodeagent process in Node1
Autosync should be disabled (figure1)

Figure 1

As part of the tuning process you wants to set the JVM heap size of Node1/AppSrv01 to Min 256/ Max 512. Let us look at the Dmgr (Figure 2) and Node1 (Figure 3) configurations before setting the values.

Both these configuration files does not have an entry for jvm heap size (Linux OS) as there is no value set for it currently

Figure 2

Figure 3

Now let us set the heap size min value to 256 and max to 512 as below (Figure 4)

Figure 4

Make sure that you are not selecting “synchronize changes with nodes” option (Figure 5) and then save the changes to master repository

Figure 5

Now let us examine the master configuration repository (Dmgr) for the chnages we made. There you can see the newly created heap size entries (Figure 6)

Figure 6

As we disabled synchronization the jvm configuration file of Node1 will not be having that entry (Figure 7)

Figure 7

Now synchronize the master configuration repository changes with nodes by either a syncNode.sh/bat or by starting the nodes and then synching it from console, This updates the JVM configuration file of Node1 with the latest updates of master configuration (Figure 8).

Figure 8

Another simple and practical test for better understanding of synchronization

Test #1
Go under the config directory of dmgr (master repository) and create a file
Perform a full synchronization

Navigate to the config directory of node, It will be having the file which you created in master configuration.

The reason for this is during the full sync process it found a file in the master repository and which is not there in the nodes so full sync process transfer this file to nodes

Test #2
Go under the node config directory, create a file.
Perform a full synchrinization from dmgr
Navigate to the config directory of the node and check for the file which you created, the file will not be there.

The reason for this is, During the full synchronization process it found a file in the node repository (which you created) and which is not there in the master repository so full sync process removes the file from node to make the configuration in sync with master repository.
Types of Synchronization

There are two types of Synchronization

1.) Partial Synchronization : Here only the configuraion file(s) which has changed at the Dmgr level will be Synchronized with nodes.
2.) Full Synchronization: This will Synchronize the entire master repository with the nodes.

Possible ways of Synchronization

1. syncNode.sh /syncNode.bat command from the nodes.
2. from the admin console or wsadmin
3. When node agent starts
4. During federationn process.(addNode.sh)
5. Auto/scheduled sync.

syncNode.sh /syncNode.bat command from the nodes.

Usage: syncNode dmgr_host [dmgr_port] [-conntype ] [-stopservers]
[-restart] [-quiet] [-nowait] [-logfile ] [-replacelog]
[-trace] [-username ] [-password ]
[-localusername ] [-localpassword ]
[-profileName ] [-help]

Normally use it as: syncNode.sh -username -password

Note:- The node agent should be down to execute syncNode and this is always a full synchronization.

From the admin console or wsadmin

This can be either a partial synchronization or full synchronization, It depends on the option selected.

When node agent starts

If this option is enabled node agent will synchronize with master repository during the startup process. The very first synchronization after startup will be a Full Synchronization and the consicutive synchronization will be Partial Synchronization.

During federationn process

This is always a full synchronization

Auto/scheduled sync

This is normally a partial synchronization but the very first synchronization after the node agent start will be a full synchronization.

WAS Version Details

WAS Version Details
————————–
Let us check how a version number is formed..

For example: Let us take version 7.0.2.13

—-7——— 0 ————2 ———–13—
version | release | refresh pack | fixpack

WAS,IHS and Plugin log Details

Kindly post your comments and likes.

IBM Http Server Logs.
=================

Default log Directory
————————–

<IHS_Install_Root>/logs

access.log –> Contains the logs of all requests process by IBM Http Server.
error.log —-> Contains the errors and diagnostics information while processing the requests.

Plugin Logs.
========

Default Log Directory.
—————————

<Plugin_Install_Root>/logs

http_plugin.log —> Contains the logs of plugin errors.

WebSphere Application Server Logs.
===========================

Default log Location.
————————–

<LOG_ROOT> = <WAS_Profile_Root>/logs/

<SERVER_LOG_ROOT> = <WAS_Profile_Root>/logs/<Server_Name>/ = <LOG_ROOT>/<Server_Name>/

for Eg: If the WAS profile location is “/usr/IBM/WebSphere/AppSever/Profiles/AppSrv01/” and the server name is “server1”, The default log location would be

<LOG_ROOT> = “/usr/IBM/WebSphere/AppSever/Profiles/AppSrv01/logs/”

<SERVER_LOG_ROOT> = “/usr/IBM/WebSphere/AppSever/Profiles/AppSrv01/logs/server1″

Trace Logs.
————-

<SERVER_LOG_ROOT>/trace.log —> Contains the trace information if the trace is enabled.

JVM Logs.
———–

These logs are created by redirecting output and error streams of JVM into independent log files. The SystemOut.log file contains the logs used to monitor the health of running application server. SystemErr.log contains the exceptions. Every application servers and all of its application will have these two sets of files.

<SERVER_LOG_ROOT>\SystemOut.log

<SERVER_LOG_ROOT>/SystemErr.log

Process Logs.
—————-

The application server writes output and error streams of native processes into these logs.This may also contain the information related to problemes in native codes.
If the Verbose GC is enabled, GC informations are written into these logs.

<SERVER_LOG_ROOT>/native_stdout.log
<SERVER_LOG_ROOT>/native_stderr.log

IBM Service Logs.
——————–

This is a binary log and it need Log Analyzer tool to analyze. There will be only one activity log for a single node ( for all JVMs and nodeagents).
IBM Service Log contains the information written to System.out by the Application Server run time as well as special messages that contain extended service information. These logs are mainly used by IBM service team for solving complex issues.

<LOG_ROOT>/activity.log

JVM heap size/properties by using wsadmin utillity

How to get JVM heap size/properties by using wsadmin utillity
—————————————————————————-

1.)Type below command from wsadmin prompt
———————————————————-
wsadmin>$AdminTask showJVMProperties {-serverName server1 -nodeName myhostNode01}

Output
——–
{classpath {}} {bootClasspath {}} {verboseModeClass false} {verboseModeGarbageCollection false} {verboseModeJNI false} {initialHeapSize 258} {maximumHeapSize 512} {runHProf false} {hprofArguments {}} {debugMode false} {debugArgs -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=7777} {genericJvmArguments {}} {executableJarFileName {}} {disableJIT false} {osName {}} {internalClassAccessMode ALLOW}

2.)Type below command from the OS prompt
——————————————————-
[root@myhost bin]# ./wsadmin.sh -c ‘$AdminTask showJVMProperties {-serverName server1 -nodeName
myhostNode01}’

Output
——–
Realm/Cell Name: <default>
Username: root
Password:

WASX7209I: Connected to process “dmgr” on node myhostCellManager01 using SOAP connector; The type of process is: DeploymentManager

{classpath {}} {bootClasspath {}} {verboseModeClass false} {verboseModeGarbageCollection false} {verboseModeJNI false} {initialHeapSize 258} {maximumHeapSize 512} {runHProf false} {hprofArguments {}} {debugMode false} {debugArgs -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=7777} {genericJvmArguments {}} {executableJarFileName {}} {disableJIT false} {osName {}} {internalClassAccessMode ALLOW}

3.)Type below command from the OS prompt
——————————————————-
[root@myhost bin]# ./wsadmin.sh -c “\$AdminTask showJVMProperties {-serverName server1 -nodeName
myhostNode01}”

Output
———
Realm/Cell Name: <default>
Username: root
Password:
WASX7209I: Connected to process “dmgr” on node
myhostCellManager01 using SOAP connector; The type of process is: DeploymentManager

Note:- Kindly note that the difference between second and third command is only the quotes,Commands

inside a double quotes require \ prefix for $ symbol.

Certificate Management by using gsk7cmd command

Command: gsk7cmd

Purpose: gsk7cmd is a command line tool for certificate management.
Prerequisite: set JAVA_HOME varriable.
Example: export JAVA_HOME=/usr/IBM/WebSphere/AppServer/java (this depends on your environment)

Parameters for below examples:

keystore Name: testcacerts.jks / test.kdb
password: changeit / testit

NOTE:- If you are practicing below examples kindly practice it in the sequence because there might be a dependancy.

Command usage

# gsk7cmd -help

Object Action Description
—— —— ———–
-keydb
-changepw Change the password for a key database
-convert Convert the format of a key database
-create Create a key database
-delete Delete a key database
-expiry Display password expiry
-list Currently supported types of key database.
-stashpw Stash the password of a key database into a file

-cert
-add Add a CA Certificate
-create Create a self-signed certificate
-delete Delete a certificate
-details Show the details of a specific certificate
-export Export a personal certificate and associated private key into a PKCS12 file or a key
database
-extract Extract a certificate from a key database
-getdefault Show the default personal certificate
-import Import a certificate from a key database or a PKCS12 file
-list List certificates in a key database
-listsigners List signer certificates delivered with ikeyman
-modify Modify a certificate (NOTE: the only field that may be modified is the trust field)
-populate Populate with included CA Certificates
-receive Receive a certificate
-rename Rename a certificate
-setdefault Set the default personal certificate
-sign Sign a certificate

-certreq

-create Create a certificate request
-delete Delete a certificate request from a certificate request database
-details Show the details of a specific certificate request
-extract Extract a certificate from a certificate request database
-list List all certificate requests in a certificate request database
-recreate Recreate a certificate request

-seckey

-create Create a secret key
-delete Delete a secret key
-details Show the details of a specific secret key
-export Export secret keys to a file
-import Import secret keys from a file
-list List all secret keys in a key database
-rename Rename a secret key

-version Display iKeyman version information

-help Display this help text

Keystore Management (-keydb)

Creating keystore by specifying password expiry

Example 1

#gsk7cmd -keydb -create -db test.kdb -pw changeit -type kdb -expire 7300

The above command creates a keystore file (test.kdb) of kdb type and keep the password expiry to 7300 days

Example 2

# gsk7cmd -keydb -expiry -db test.kdb -pw changeit

This will list the password expiry of keystore test.kdb

Output:

Password expiry time: Aug 9, 2032 2:05:51 AM

Deleting the keystore

Example 3

#gsk7cmd -keydb -delete -db test.kdb -pw changeit

This deletes the keystore file test.kdb

Creating a default keystore

Example 4
#gsk7cmd -keydb -create -db testcacerts.jks -pw testit

The above command creates a keystore file with the name testcacerts.jks and the password testit in the current directory

Changing the keystore password

Example 5

#gsk7cmd -keydb -changepw -db testcacerts.jks -pw testit -new_pw changeit

This changes the password from testit to changeit

Certificate Management (-cert)

Adding certificate to a keystore with out specifying label

Example 6

#gsk7cmd -cert -add -file test.cer -db testcacerts.jks -pw changeit

This adds the certificate file test.cer in testcacerts.jks keystore, If label is not specified it will generate a label (kindly note the label details in example 7).

Example 7

#gsk7cmd -cert -details -label “cn=TESTCERT, o=IBM, c=us” -db testcacerts.jks -pw changeit

This command will list the details of certificate with label “cn=TESTCERT, o=IBM, c=us” (The certificate which was added in example 6)

Output

Label: cn=TESTCERT, o=IBM, c=us
Key Size: 1024
Version: X509 V3
Serial Number: 12 57 4F 87 1B F8 69 DD
Issued by: CN=TESTCERT, O=IBM, C=US
Subject: CN=TESTCERT, O=IBM, C=US
Valid: From: Wednesday, May 12, 2010 2:01:04 AM IST To: Wednesday, May 8, 2030 2:01:04 AM IST
Fingerprint: BE:87:67:14:AD:FD:64:B9:CC:08:CF:3E:76:05:2A:DC:BB:EB:DF:69
Signature Algorithm: MD5withRSA (1.2.840.113549.1.1.4)
Trust Status: enabled

Deleting a certificate from the keystore

Example 8

#gsk7cmd -cert -delete -label “cn=TESTCERT, o=IBM, c=us” -db testcacerts.jks -pw changeit

This command deletes the certificate with the label “cn=TESTCERT, o=IBM, c=us” (the certificate which was added in example 6)

Example 9

#gsk7cmd -cert -details -label “cn=TESTCERT, o=IBM, c=us” -db testcacerts.jks -pw changeit

This commands confirms the delete operation in example 8, The below output says the certificate with the label ‘cn=TESTCERT, o=IBM, c=us’ does not exists

Output

The database doesn’t contain an entry with label ‘cn=TESTCERT, o=IBM, c=us’.
Check the label and try again.

Adding certificate to a keystore with the label

Example 10

#gsk7cmd -cert -add -file test.cer -label “This is a cert” -db testcacerts.jks -pw changeit

This adds the certificate ‘test.cer’ with the label “This is a cert”. (in example 6 we have added the certificate without specifying the label)

Example 11

#gsk7cmd -cert -details -label “This is a cert” -db testcacerts.jks -pw changeit

This confirms that the certificate test.cer has been added with the label “This is a cert”, check the output below/

Output

Label: this is a cert
Key Size: 1024
Version: X509 V3
Serial Number: 12 57 4F 87 1B F8 69 DD
Issued by: CN=TESTCERT, O=IBM, C=US
Subject: CN=TESTCERT, O=IBM, C=US
Valid: From: Wednesday, May 12, 2010 2:01:04 AM IST To: Wednesday, May 8, 2030 2:01:04 AM IST
Fingerprint: BE:87:67:14:AD:FD:64:B9:CC:08:CF:3E:76:05:2A:DC:BB:EB:DF:69
Signature Algorithm: MD5withRSA (1.2.840.113549.1.1.4)
Trust Status: enabled

Renaming the label of a certificate

Example 12

#gsk7cmd -cert -rename -label “This is a cert” -new_label “The_new_label” -db testcacerts.jks -pw changeit

This renames the lable “This is a cert” with new name “The_new_label”.

Example 13

#gsk7cmd -cert -details -label “The_new_label” -db testcacerts.jks -pw changeit

Example 13 and Example 14 confirms example 12,Check the output below.

Output

Label: the_new_label
Key Size: 1024
Version: X509 V3
Serial Number: 12 57 4F 87 1B F8 69 DD
Issued by: CN=TESTCERT, O=IBM, C=US
Subject: CN=TESTCERT, O=IBM, C=US
Valid: From: Wednesday, May 12, 2010 2:01:04 AM IST To: Wednesday, May 8, 2030 2:01:04 AM IST
Fingerprint: BE:87:67:14:AD:FD:64:B9:CC:08:CF:3E:76:05:2A:DC:BB:EB:DF:69
Signature Algorithm: MD5withRSA (1.2.840.113549.1.1.4)
Trust Status: enabled

Example 14

#gsk7cmd -cert -details -label “This is a cert” -db testcacerts.jks -pw changeit

Example 14 and Example 13 confirms example 12, because in the output of example 13 testcacerts.jks keystore contains a certificate with the label “The_new_label” and the output of example 14 says the testcacerts.jks keystore does not have an with the label “This is a cert” (label name before rename).

Output

The database doesn’t contain an entry with label ‘This is a cert’.
Check the label and try again.

Extracting a certificate from the keyfile

Example 15

#gsk7cmd -cert -extract -label “The_new_label” -target “this_is_extracted_cert.cer” -db testcacerts.jks -pw changeit

This will extracrt the certificate with label “The_new_label” into a file this_is_extracted_cert.cer, check the below output for file confirmation

#ls this_is_extracted_cert.cer
this_is_extracted_cert.cer

Creating a self signed certificate

Example 16

gsk7cmd -cert -create -db testcacerts.jks -pw changeit -label ‘New_Self_Signed’ -dn CN=testSELFSIGN,O=ibm,C=in -expire 7300 -size 1024 -x509version 3

This creates a self signed certificate with the label ‘New_Self_Signed’

Example 17

# gsk7cmd -cert -details -label ‘New_Self_Signed’ -db testcacerts.jks -pw changeit

This confirms the self signed certificate creation ,Verify the certificate in the below output

Output

Label: new_self_signed
Key Size: 1024
Version: X509 V3
Serial Number: 50 29 68 22
Issued by: CN=testSELFSIGN, O=ibm, C=in
Subject: CN=testSELFSIGN, O=ibm, C=in
Valid: From: Tuesday, August 14, 2012 2:18:34 AM IST To: Monday, August 9, 2032 2:18:34 AM IST
Fingerprint: 0C:D5:A0:6A:54:76:6B:3E:D0:3E:2E:42:1C:D0:32:43:66:82:FE:70
Signature Algorithm: SHA1withRSA (1.2.840.113549.1.1.5)
Trust Status: enabled

How do I calculate %CPU in my own libvirt programs?

Virt-top FAQ ( http://people.redhat.com/~rjones/virt-top/faq.html#calccpu )

Simple %CPU usage for a domain is calculated by sampling virDomainGetInfoperiodically and looking at the virDomainInfo cpuTime field. This 64 bit field counts nanoseconds of CPU time used by the domain since the domain booted.
Let t be the number of seconds between samples. (Make sure that t is measured as accurately as possible, using something like gettimeofday(2) to measure the real sampling interval).
Let cpu_time_diff be the change in cpuTime over this time, which is the number of nanoseconds of CPU time used by the domain, ie:

cpu_time_diff = cpuTime_now — cpuTime_{t seconds ago}

Let nr_cores be the number of processors (cores) on the system. Use virNodeGetInfoto get this.
Then, %CPU used by the domain is:

%CPU = 100 × cpu_time_diff / (t × nr_cores × 10⁹)

Because sampling doesn’t happen instantaneously, this can be greater than 100%. This is particularly a problem where you have many domains and you have to make avirDomainGetInfo call for each one.

Speed up scp file transfer

Speed up scp file transfer

20/05/2008

Syed Atif Ali Whats the fastest encryption to transfer files with SCP ?

Description :
Many times it is required to transfer files across machines on the same network , all machinesbeing on the same network and behind proxy its useless to transfer them with an encryptionwhich is more CPU ntensive than other and also slower than others.There can be other methods to transfer files of course , ftp , sftp , rsync, but this document is justabout scp command.

Objective :
To find out what is the faster cypher to define in scp command to transfer files on an internallocal network.

Environment :
Two Linux machines, with same openssh versions.Connected on a 100 Mbps LAN . Both being idle nothing is running on them at the moment .Before each test files will be cached on the file system buffer , so the tests are not affected withcache.
Tests :
Copy 1000 small, medium , large files across the network using different cyphers in scp command and measure their real time.

These are the file sizes :
Small : 10K
Medium: 100K
Large:1000K

Overall arcfour performed better than any other cypher used. It is safe to say that arcfour
can beused to transfer files using scp on an internal network.

You can define which cypher to use by -c option of scp.

scp -c arcfour filename.txt host:/path/filename

/etc/ssh/ssh_config
Ciphers arcfour128,arcfour256,arcfour,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc

[CentOS 7.0] Change network interface name (eno* to eth0)

Step1)
# vim /etc/udev/rules.d/70-persistent-net.rules
———————————————————————–
# PCI device 0x14e4:0x1680 (tg3)
SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”00:0c:29:7b:d8:06“, ATTR{dev_id}==”0x0″, ATTR{type}==”1″, KERNEL==”eno16777736“, NAME=”eth0”
———————————————————————–
or
———————————————————————–
# PCI device 0x14e4:0x1680 (tg3)
SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”00:0c:29:7b:d8:06“, ATTR{dev_id}==”0x0″, ATTR{type}==”1″, KERNEL==”eno*“, NAME=”eth0”
———————————————————————–
Step2)
# mv /etc/sysconfig/network-scripts/ifcfg-eno16777736 /etc/sysconfig/network-scripts/ifcfg-eth0

Step3)
# vim /etc/sysconfig/network-scripts/ifcfg-eth0
———————————————————————–
HWADDR=”00:0C:29:7B:D8:06″
TYPE=”Ethernet”
BOOTPROTO=”dhcp”
DEFROUTE=”yes”
PEERDNS=”yes”
PEERROUTES=”yes”
IPV4_FAILURE_FATAL=”no”
IPV6INIT=”yes”
IPV6_AUTOCONF=”yes”
IPV6_DEFROUTE=”yes”
IPV6_PEERDNS=”yes”
IPV6_PEERROUTES=”yes”
IPV6_FAILURE_FATAL=”no”
NAME=”eth0″
UUID=”2aa76b48-487b-425e-a021-ace79c0773cd”
ONBOOT=”yes”
———————————————————————–

Step4)
# reboot

Recent Posts

Pages

Categories

Archives

Recent Comments

Categories

Setting Java garbage collection policies

MQ messaging

Synchronization Simplified

Synchronization Simplified

WAS Version Details

WAS Version Details

WAS,IHS and Plugin log Details

WAS,IHS and Plugin log Details

JVM heap size/properties by using wsadmin utillity

JVM heap size/properties by using wsadmin utillity

Certificate Management by using gsk7cmd command

Certificate Management by using gsk7cmd command

How do I calculate %CPU in my own libvirt programs?

How do I calculate %CPU in my own libvirt programs?

Speed up scp file transfer

Speed up scp file transfer

[CentOS 7.0] Change network interface name (eno* to eth0)

[CentOS 7.0] Change network interface name (eno* to eth0)

PRODUCTS