RRDtool Tips and Tricks

I am having time-off today and found time to think about how I can determine the top 5 network throughput out of hundreds of RRD files. I stumbled upon this article: RRDtool Tips & Tricks. It is indeed a very useful paper and some of the tips mentioned helped me to summarise the data without having to do any programming. Look under the VDEF section.

The best tips are on page 2 and page 3:

Recipe for Success - Resolve the problems before anyone else finds them

... and talk about it - Being able is only half the story, the others must know too!

Computer Pioneers - Pioneer Computers Part 1

Computer Pioneers - Pioneer Computers Part 1 video from Computer History Museum. This is a 53:26 video. Interested to find out the first computer bug, fast forward to 36:00 to Grace Hopper's talk.

Performance Tuning Video

Sun Mircosystem's High Performance Computing portal has just launched it's first module of training material in video.

The first module is Introduction to Parallel Programming. This 25 mins video provides a lot of tips to tackle performance tuning issues. If you often like to throw hardware at performance problems, you should watch this video with an open mind.

As the presenter mentioned, the next module will cover multi-core architecture. I will post the link once it is available.

How to find cron queue size

If your system replies heavy on cron (1M) to schedule jobs, you may be interested to know how many cron jobs are running. In Solaris, the default queue size for crontab(1) is 100, you can verify that with the source code.

When cron exceeds the limit, the log (/var/cron/log) will report this and it will not be able to schedule any jobs until the queue size is lower than the limit

! c queue max run limit reached Thu Jul  2 21:22:00 2009
! rescheduling a cron job Thu Jul  2 21:22:00 2009

To find out how many child processes running under the cron, we need to know the pid of cron. If your system runs Solaris container (zone), there will be more than one cron processes if you do ps -ef | grep cron. In order to exactly determine the pid of your cron, you need to specify whatever zone you are in to grep the process using pgrep(1). Once we have cron's pid, we can do a ps listing to find out all the child processes with such a parent pid.

# pgrep -x -z `zonename` cron
5847

# ptree 5847
5847  /usr/sbin/cron
  13293 sh -c sleep 1000
    13305 sleep 1000
  13295 sh -c sleep 1000
    13306 sleep 1000
  13296 sh -c sleep 1000
    13307 sleep 1000
  ......
    ......

# ps -ef -o 'pid,ppid' | nawk -v ppid=5847 '$2==ppid{++s}END{print s}'
100

# tail /var/cron/log
! c queue max run limit reached Thu Jul  2 21:29:00 2009
! rescheduling a cron job Thu Jul  2 21:29:00 2009
! c queue max run limit reached Thu Jul  2 21:29:00 2009
! rescheduling a cron job Thu Jul  2 21:29:00 2009
! c queue max run limit reached Thu Jul  2 21:29:00 2009
! rescheduling a cron job Thu Jul  2 21:29:00 2009
! c queue max run limit reached Thu Jul  2 21:29:00 2009
! rescheduling a cron job Thu Jul  2 21:29:00 2009
! c queue max run limit reached Thu Jul  2 21:29:00 2009
! rescheduling a cron job Thu Jul  2 21:29:00 2009

If you are interested in cron queue size over time, you may want to put the above in a script and print out the queue size with timestamp. gnuplot is a very useful tool to visualise time-based data.

What Can You Do If You Do Not Win $1 Million From Netflix Prize Contest

My friend blogged about the recent winner who has just broken the 10% improvement over the existing Netflix Cinematch algorithm.

Do you know that you can achieve a lot even if you are not the winner. "Just A Guy In A Garage" blogged about what's after netflix, although his score only ranked 18 in the leaderboard.

How to Implement Restricted Shell

If you want to limit your users from running wild in your system, you may want to consider providing them with restricted shell such as /usr/lib/rsh or /bin/rksh.

According to man page of /usr/lib/rsh, the actions of rsh are identical to those of sh, except that the following are disallowed:

• changing directory
• setting the value of $PATH
• specifying path or command names containing /
• redirecting output (> and >>)

According to man page of /bin/rksh, the actions of rksh are identical to those of ksh, except that the following are disallowed:

• changing directory
• setting the value of SHELL, ENV, or PATH
• specifying path or command names containing /
• redirecting output (>, >|, <>, and >>)
• changing group

Let's start to see how restrictive it can be:

# PATH=/some/dir/do/not/exist /bin/rksh

# ls
/bin/rksh: ls:  not found

# cd /
/bin/rksh: cd: restricted

# /usr/bin/ls
/bin/rksh: /usr/bin/ls: restricted

# echo $PATH
/some/dir/do/not/exist

# ../../../usr/bin/ls
/bin/rksh: ../../../usr/bin/ls: restricted

# pwd
/

# echo abc
abc

As you can see, your search PATH does not exist and therefore you have no access to any of the binaries. Also, you really cannot run anything with absolute or relative path. The only commands you can run are the builtin commands like echo and pwd. That's far too restrictive. In order to really limit the users to run only a subset of commands, we create a /rbin directory and copy (or hard link) binaries that are absolutely required. In this demo, I only provide ls, vi, more and grep.

# mkdir /rbin

# for i in ls vi more grep
do
ln /usr/bin/$i /rbin/.
done

# PATH=/rbin /bin/rksh

# ls /var/adm
acct        log         messages.2  sm.bin      utmpx
aculog      messages    messages.3  spellhist   vold.log
exacct      messages.0  pool        streams     wtmpx
lastlog     messages.1  sa          sulog

# more /etc/release
                        Solaris 10 1/06 s10x_u1wos_19a X86
           Copyright 2005 Sun Microsystems, Inc.  All Rights Reserved.
                        Use is subject to license terms.
                           Assembled 07 December 2005

# grep Solaris /etc/release
                        Solaris 10 1/06 s10x_u1wos_19a X86

# date
/bin/rksh: date:  not found

I am sure you feel pretty convinced that you are really in control of what your users can and cannot run. Now all you have to do is to set their login shell and ensure /etc/profile set the corresponding PATH to the restricted directory (/rbin).

OpenSolaris CommunityOne West Presentation Material

There is an upcoming OpenSolaris CommunityOne West event 1-3 June 1 - 3 2009 in San Francisco.

If you are not able to attend (like me 13,593 km away, below are the links to download some of the presentation material:

• What's New in the OpenSolaris 2009.06 Operating System
• Becoming an OpenSolaris Operating System Power User
• Built-in Virtualization for the OpenSolaris
• Open Networking with Crossbow
• OpenSolaris Secure Deployment: Role-Based Access Control and The Cryptographic Framework
• Open Storage with the Solaris ZFS File System and COMSTAR
• Becoming a ZFS Ninja
• High Availability with OpenSolaris
• Application consolidation with OpenSolaris Containers
• Observing Your App and Everything Else It Runs On Using DTrace
• Probing Database Applications with DTrace Probes

Highlight Those Files With Space, Backslash or Non-Printable Characters

In UNIX, if your filename contains space, blackslash or non-printable characters, you may have issue with applications that are not space/backslash/non-printable aware. Recently I realised that Netbackup will fail to backup files with filename ends with space. Space is not a non-printable character and it is pretty hard to identify them when you simply do a ls listing.

ls has a -b flag that is able to print those non-printable characters to be in the octal \ddd notation. It is possible to recursively list subdirectories using ls -R -b to find out file names with non-printable characters with \ddd octal string. Together with the -1 (minus one) option, we can print one entry per line of output. The output of ls -1Rb can be piped to a regular expression grep to single out those problematic filenames.
ls -1Rb | egrep '\\[0-7][0-7][0-7]|[\\ ]' will grab filenames with \ddd octal, blackslash or space.

You can even give those special characters some colour which I blogged about it before. Here is the script that will highlight these characters. ^[ means "Escape" and you need to type Ctrl-V followed by Esc to get that.

#! /bin/sh


ls -1Rb ${1:-.} | \
nawk '
/:$/ {
        sub(":","")
        d=$0
        next
}
$0 != "" {
        printf("%s/%s\n",d,$0)
}' | \
egrep '\\[0-7][0-7][0-7]|[\\ ]' | \
sed '
# non-printable character in octal \ddd
s/\(\\[0-7][0-7][0-7]\)/^[[31m\1^[[0m/g

# space
s/\([ ]\)/^[[42m\1^[[0m/g

# blackslash but not \ddd in octal
s/\(\\\)\([^0-7][^0-7][^0-7]\)/^[[34m\1^[[0m\2/g
'

WolframApha, a new kind of search

Wolfram Reseach, developer for Mathematica, has just launched the WolframAlpha (Computational Knowledge Engine).

If you want to find out what it can do, watch this introduction. I am sure you will be impressed.

You can even find out the details of genome sequence ( AAGCTAGCTAGC ) or plot this function ( plot sin(x*x+y*y) ):

Enter something to compute or figure out Calculate

Busy

Today, I received this from my 'the other email':

Once upon a time, a very strong woodcutter asked for a job in a timber merchant, and he got it. The pay was really good and so were the work conditions. For that reason, the woodcutter was determined to do his best.

His boss gave him an axe and showed him the area where he was supposed to work.

The first day, the woodcutter brought down 18 trees.

"Congratulations," the boss said. "Go on that way!"

Very motivated for the boss’ words, the woodcutter tried harder the next day, but he only could bring down 15 trees. The third day he tried even harder, but he only could cut 10 trees. Day after day he was bringing down lesser and lesser trees.

"I must be losing my strength", the woodcutter thought. He went to the boss and apologized, saying that he could not understand what was going on.

"When was the last time you sharpened your axe?" the boss asked.

"Sharpen my axe? I have no time to sharpen my axe, I have been very busy trying to cut trees..."

by Stephen Covey, 7 Habits of Highly Effective People:

• Habit 1: Be Proactive: Principles of Personal Choice
• Habit 2: Begin with the End in Mind: Principles of Personal Vision
• Habit 3: Put First Things First: Principles of Integrity & Execution
• Habit 4: Think Win/Win: Principles of Mutual Benefit
• Habit 5: Seek First to Understand, Then to be Understood: Principles of Mutual Understanding
• Habit 6: Synergize: Principles of Creative Cooperation
• Habit 7: Sharpen the Saw: Principles of Balanced Self-Renewal