Java Tuning - Software Development, Java, and some more.
Posts tagged operating system
“Hypervisor edition” – what’s that?
Apr 15th
WebSphere have announced WAS hypervisor edition.
You get an OVF package with a ready to use WAS profile running on Linux. The OVF package can be deployed on VMWare ESX/ESXi and IBM’s cludeburst appliance.
Websphere also say that they carried out WAS best-practice tuning for the OS. Not sure how mattering this tuning is considering the generic nature of WAS (different application=different tuning), and the generic drivers that a VM uses.
Joys of installation
I wonder how enterprise IT administrators would accept an OS different from what they usually roll with.
important to mention that similar zero-install pre-configured WAS environment are available on the IBM test cloud (in Beta).
The real important message made here by IBM is that the WAS hypervisor edition is only a first bird. Although naked manual WAS installation is not a biggy, IBM products running on WAS are. As the OVF standard matures and virtualization becomes the default production hosting environment, we will be seeing complex WAS based products (say Portal, and Process Server) shipped as ultra consumable OVF packages. Even a complete topology consisting of many servers can be delivered as a single OVF package.
This delivery mode is quite similar to VMWare’s software appliances, only applicable to more than one Hypervisor when packaged as OVF (theoretically).
Bad news to professional services people and install manager software developers.
NAT in VMWare vSphere/ESX – In a nut shell
Feb 1st
This post is about NATing an ESX VM, but first, why do I need NAT:
The SIP protocol is not NAT oblivious. To traverse NAT our application has to replace the DNS in the SIP message contact header to the external FQDN that the message receiver will be sending responses to (A NAT with static routing configured).
Therefore I needed to test our software in a NAT topology.
In the past, when we used VMWare player/workstation, it had a build-in NAT network. But, unfortunately, the ESX hypervisor does not provide a NATed network option.
Seeking alternatives at VMWare’s appliance marketplace, I found and downloaded the Vyatta’s community edition (VC5) router appliance (also downladble from sourceforge), and comes under the GPL license.
After 3-4 hours – guided by the official quick start guide - I had a working NAT configuration in the ESX. Hurray!
Overall, not a hard nut to crack 
, though I wish VMWare will wise up and just add an build-in NAT option to vSphere.
Left to do:
Obtain some static IPs, so the config won’t break each time the vm reboots and the DHCP lease expires.
Tip #1:
If you want want to access your NATed VM by RDP/VNC, without setting up extra NAT routing rules, consider adding the VM an additional un-NATed NIC, but when doing so, make sure that the OS routing tables are set to route through the NIC that is NATed.
Tip #2:
This short vyatta user installation report also helped me a bit.
Here’s the complete configuration script I ended up feeding to the appliance console (network topology is similar to the one presented in the Vyatta’s getting stated guide):
Where:
1.2.3.4 is your department’s DNS server
192.168.1.199 is the VMs NATed private IP address (provided by the DHCP).
The script contains a NAT forward rule for VNC (port 5900)
configure
set system host-name vyatta-nat
set interfaces ethernet eth0 address dhcp
set service ssh
set service https
commit;
save;
# restart the appliance to switch from console remote desktop to SSH:
#login with user and password
configure
show interfaces
set interfaces ethernet eth1 address 192.168.1.254/24
commit;
delete service dhcp-server
set service dhcp-server shared-network-name ETH1_POOL subnet 192.168.1.0/24 start 192.168.1.100 stop 192.168.1.199
set service dhcp-server shared-network-name ETH1_POOL subnet 192.168.1.0/24 default-router 192.168.1.254
set service dhcp-server shared-network-name ETH1_POOL subnet 192.168.1.0/24 dns-server 1.2.3.4
commit;
show service dhcp-server
set service nat rule 1 source address 192.168.1.0/24
set service nat rule 1 outbound-interface eth0
set service nat rule 1 type masquerade
commit;
show service nat
save;
exit
show nat rules
configure
set service nat rule 20 type destination
set service nat rule 20 inbound-interface eth0
# use a negative fake address to so that all incoming communication will be nated
#set service nat rule 20 destination address !192.168.50.0
#Forward traffic to address 192.168.1.199
set service nat rule 20 inside-address address 192.168.1.199
set service nat rule 20 protocol tcp
set service nat rule 20 destination port 5900
commit;
save;
exit
Why is Thread.sleep() inherently inaccurate
Aug 23rd
Avi Ribchinsky, a friend and a college of mien, is transitioning from C++ to the Java world. He had been playing with Thread.sleep(), when he noticed that the sleep method might oversleep more than ordered, and moreover, it could also under sleep (see Fig 1). Coming from the C++ world, that surely caught him surprised
Fig 1.
Thread.sleep() under sleeping
How is sleep implemented in Java anyway?
Avi came asking me if I knew anything about it, I was wondering myself how such a common and important method could be faking in the way shown above. Is it the OS? a Bug in the specific JRE version used? Maybe the API doesn’t guarantee milliseconds precision to begin with?
Thinking about all of these factors, we realized that we don’t really know how the JVM implements the sleep method functionality, my best guess would have been that the process registers itself in the OS for a wake up call, and the OS wakes the process via a software interrupt. OK, time to search the web.
The following article gives a very detailed answer, explaining that sleep is implemented by a thread giving up its OS scheduling quantum back to the scheduler, on the next execution quantum the thread gets, it has the chance to wake up and continue processing, or again continue sleeping.
Therefore, the accuracy resolution of sleep is directly dependent on the process scheduling resolution of the operating system in usage. Since windows XP process scheduling resolution is roughly 10ms, the sleep mechanism, in the Avi’s example, might had preferred to under sleep “a little” rather than oversleeping “a lot”, by waking himself in the current scheduling cycle quantum, rather than in the next, future, quantum.
The article also mentions that the inaccuracies are worsened when a process with a higher scheduling priority, than the sleeping process, is in a runnable state.
I assume that, running on a Hypervisor with course grained process scheduling would also produce greater inaccuracies.
Conclusion
You can’t rely on the millisecond accuracy of the sleep method. Take a before and after time measurament to find the actual time spent sleeping, in order to avoid ever increasing inacurracies.
Sleep tight 
A hand made freeware windows firewall
Jun 12th
I have two windows servers that shouldn’t talk to each other. How do I make sure they don’t?
Right, why not use some firewall? well, because I can’t just install any software on these servers, company regulations, and windows’ built-in firewall suck big time (only inbound, have to configure ALL exceptions).
On Linux this is quite a trivial IPTables command. Run the following on server#1:
iptables -I INPUT -s server#2 -j DROP
iptables -I OUTPUT -d server#2 -j DROPUnfortunately there’s nothing like IPTables built into windows.
Driving inspired from the IPTables concept of routing the packets to the trashcan (“-j drop“), I realized that much same could be implemented on windows by twicking the OS routing table causing it to deliver packets for server#2 to no where.
Here’s my hand tailored, freeware, no software required, windows firewall that sends packets to a vacation in /dev/null:
route ADD 1.1.1.2 MASK 255.255.255.255 1.1.1.0Where:
Server#1 IP is 1.1.1.1
Server#2 IP is 1.1.1.2
1.1.1.0 isn’t assigned to anyone – our /dev/null for the occasion.
Additional blabber:
If you add the route instruction only to server#1, but not to server#2, then server#2 can still send IP packets to server#1, while this breaks TCP completely, server#2 could still send UDP datagrams to server#1.
Make sure the servers are configured with static IP, otherwise your solution would break over time. In order to make the route persistent across server reboots, add the -p flag.
wrong way! Packet! turn back now!
Book of the month – Linux Server Hacks
Jun 30th
I just read through most of O’Reilly’s Linux Server Hacks book.
I expected another dull Linux how-to book, which goes over the man/info of the most obvious commands, but instead I found an interesting, original, advanced hardcore book, full of Linux goodies to brag about in front of my colleagues.
Some note worthy items:
- A thought effective usage of SSH, especially as a secure channel for moving bits around the network, between a pair of processes each running on its own host.
- How to reset your root password, without a rescue disk, using the LILO boot loader.
- I didn’t knew about ext2/3 chattr and lsattr before reading the book…
- Periodical rsync runs could save a lot wasted scp time.
- (#44) burning a CD over the network using a pipe – cool
- (#50) setting up a VPN using IPIP tunneling
- (#57) lsof – hey, I’ve been using it for years.
- (#63) loved to learn that the send_arp utility can help me to revoke all of the subnet’s machine (and router?) IP->mac mapping. Handy when setting up a two bits IP fail-over system.
- (#68) ssh-agent – now I know what it is – very useful in the hands of an all mighty admin ruling over hundreds of minions machines.
- (#73) loved the one-liners perl scriptlets.
To conclude, a must have in your bathroom library.
I’m changing the hostname. Deal with it!
Jun 21st
Lately, I’ve been crossing paths with too many enterprise-level server products that, once installed, can’t tolerate any change to the local machine’s hostname.
Don’t get me wrong, I’m not spoiled to dare wishing that a hostname change will be handle in run-time, without a restart. I’m not even suggesting that the change would be automatically detected and processed on the next product restart. I much more modest that that, Just having a documented working procedure on how to do that offline would make me a happy man. The current, glum, state of affairs is that some products would have to be completely re-installed if the hostname were to change.
Some of the reasons for changing a machine’s hostname might be:
(1) You want to clone a new server from a, best practiced already installed, server template, each cloned copy should have a unique computer name (very useful in test environments, especially handy when making a vm duplicate of a template virtual machine).
(2) You have an existing server which changed its business role – you plan to install a new application module (EAR), but want to keep the existing middleware infrastructure (JEE AS).
(3) You no longer want the server to be reachable by it’s original name (without making use of DNS administration, and aliases tricks).
(4) You want to implement a new server naming convention in your production environment.
Now Programmers, how hard can it be to live in peace with a dynamic hostname?
(1) If you are sure that the target network resource is the local machine then just use the localhost loopback interface instead of a hostname, when addressing it.
(2) Query the OS when retrieving the machine’s hostname, instead of relying on static, sometimes binary, stale, configuration files.
(3) Keep all application network resources is a centralized configuration repository. Provide an offline API for the admin to access it.
As a side note:
IBM WAS ND 6.X now has, a long awaited, offline API for updating the hostname of a machine.
If you know and care about other products that support or don’t support hostname updates, please place your comment.
Via rss
Via e-mail
