Archive for the 'Linux / Unix' Category

Oracle 11gR2 ASM / ACFS: A first benchmark (poorly)

Hi folks,

since Oracle 11g Release 2 is out now, I had to test one of the most-missed ASM features: the ASM cluster file system ACFS.

My Setup:

  • Two VMware nodes with 2 CPUs and 1,5GB of RAM each
  • Oracle Enterprise Linux 5.3 x86_64
  • Four virtual cluster disks from the ESX server, 10GB in size each
  • Building disk group DATA from them, with redundancy NORMAL
  • containing four failgroups with each one of the disks within
  • In DATA, one ACFS volume of 1 GB in size, mounted to /acfs1

Read more…

Oracle 11g JDBC driver hangs blocked by /dev/random – entropy pool empty

On a headless (=without console) network server, the 11g JDBC driver used for (java) application connect may cause trouble. In my case, it refused to connect to the DB without any error, trace or log entry. It simply hung. After several hours, it connected one time, and freezed again. Remote debugging done by the development clarified that it locks after calling SeedGenerator() and SecureRandom().
Read more…

Setting ulimit -m in AIX

AIX has its own rules, as I have to discover these days. Coming across ulimit, I found out that smitty configures value A here and value B completely elsewhere. Hardest one so far has been “ulimit -m” (“Specifies the size of physical memory, in number of K bytes.” a user can assign), since I could not find where to specify it in smitty. At some point, I stopped investigating smitty, and went directly to


but it did not become easier, nobody could tell me what’s the parameter for -m in limits’ terms. Some suspicion did go in direction “rss”, but oddly, lsuser delivered “rss=65536” and ulimit -a delivered “32768”. So at first glance, they did not seem to be connected despite a similar function description in documentation.

But finally, I came over Unix Essentials Blog and was told:

“ulimit -m” is “rss” in limits, so i specified

rss = -1
rss_hard = -1

and was happy. The lsuser command shows “rss=-1” and ulimit -m shows “unlimited” now. By the way: ulimit -m is specified in KB, rss in blocks …

Thanks to morsing in freenode’s #aix as well!


Single Sign On for Apache 2.2 and Active Directory 2003 R2 with SuSE 10.2, mod_auth_kerb and MIT Kerberos

this is a small howto out of my needs, suggestions are always welcome!

  1. Assumptions for this paper
    1. You know and basically follow, but there are some facts missing/wrong.
    2. 2003R2 KDC’s are and (DNS: and
    3. Kerberos Realm for ADS is ADS.EXAMPLE.COM (upper case required!)
    4. Web server (hostname.domain) is
    5. DNS and reverse DNS on and for the machine in FQDN works, verified with “dig” and “dig -x”

    Read more…

Switch workspace on command line

Sometimes, it’s nice to change the current windowmanager workspace on command line, for example if you desire to start a application exactly HERE or THERE.

For KDE you may want to do it with “kstart”. But a tool like kstart might not be available for your windowmanager, so have a look at “wmctrl” as well:

Have fun

Oracle 10g Data warehouse ORION benchmark, size 20TB, 1200MB per second

During the last days, I have had the opportunity to test and benchmark a data warehousing hardware, that’s really fast for its money. It’s not suitable for real/available production, since it depends on disk striping over a bunch of components, but I considered it as a good way to push the limits a bit.

Result: A throughput of about 1200MB/s and nearly 1200 iops. Period. You may quickly want to see detailed results on the bottom of the page, but for fully understanding of the results look up the setup as well.
Read more…

memlock config for Debian Lenny


today I tried to start Oracle XE with parameters “pre_paged_sga=true” and “lock_sga=true” on my Debian Lenny toybox. But Lenny has had a rather strict and really sticky value for the user’s maximum amount of pinned memory (ulimit -l) value: 32 (kb).

First attempt, change /etc/security/limits.conf:

oracle                  -       memlock         1073741824

Result: Nothing, “ulimit -l” as user newly logged-in user oracle still shows “32”.

After researching for a while, it became clear that there has to be something fishy with using the “su” command, the “ulimit -a” output has been different in several points, compared with a native console login. Debian project philosophy “make it hard” struck again: Look up /etc/pam.d/su, and find, that there is a block:

# Sets up user limits, please uncomment and read /etc/security/limits.conf
# to enable this functionality.
# (Replaces the use of /etc/limits in old login)
# session    required

Needless to say, it worked after uncommenting the last line. And, keep in mind, it depends on a well configured limits.conf. But why, for sake, do I have to change that for my hobby distribution?

With pain in the backside and a bit frustration,

“16 penguins in a row” and a Linux kernel compilation contest (2min 33sec)

A nice view:

Linux kernel logo: 16 penguins in a row

What’s the story behind?
Read more…

Blocking network loopback slows down firefox extremely

My newly installed Firefox web browser (versions 2 and 3, does not matter) was deadly slow. I don’t mean the display of web sites, no, I am talking about pulldown-menus or opening tabs. (For example, bookmarks folder opens within 6 long seconds.) Several hours I was not able to tell why it acts that way. But now, I found out:

The system is protected with a host firewall. Ruleset:

iptables -t filter -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -t filter -A INPUT -m state \
iptables -t filter -A INPUT -j REJECT \
   --reject-with icmp-port-unreachable

But inserting this:

# Firefox seems to do stuff over loopback, 
# it's deadly slow without that setting
iptables -t filter -A INPUT -i lo -j ACCEPT

at “#mark” makes it work fast as usual.

Tell me, why are they doing ther menu communication via loopback network socket?

Just in case you might wonder, too.

Talk “Hope is not a strategy” at Vocational School Wiesau


there will be a talk about IT High Availability for rising IT professionals at Vocational IT School Wiesau on Monday, 10th of March 2008.

The topic:
“Hope is not a startegy” – IT high availability in theory and practical experience

See paper and slides here.


EDIT: There has been a nice press publication about this lecture.

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.