Tuesday, 3 December 2013

Security considerations for the shared class cache (Error opening shared class cache file)

Error Description:
create-profile:
     [echo] create-profile (ibm): Started
     [echo] There is no profile named: mda2014 in /qa-deploy/ca-was/ca2014/was85_0212-084533/MDA/profile-root
     [echo] Creating this mda2014 profile
     [exec] Creating Profile mda2014 under /qa-deploy/ca-was/ca2014/was85_0212-084533/MDA/profile-root
     [exec] /data/IBM/WebSphere/AppServer/bin/manageprofiles.sh -create -profileName mda2014 -profilePath /qa-deploy/ca-was/ca2014/was85_0212-084533/MDA/profile-root/mda2014 -templatePath /data/IBM/WebSphere/AppServer/profileTemplates/default -cellName mda2014Cell -startingPort 14030
     [exec] JVMSHRC226E Error opening shared class cache file
     [exec] JVMSHRC336E Port layer error code = -300
     [exec] JVMSHRC337E Platform error message: Read-only file system
     [exec] JVMJ9VM015W Initialization error for library j9shr26(11): JVMJ9VM009E J9VMDllMain failed
     [exec] Error: Could not create the Java Virtual Machine.
     [exec] Error: A fatal exception has occurred. Program will exit.
     [exec] ERROR # 1 : Unable to create profile


The shared class cache is designed for ease of cache management and usability, but the default security policy might not be appropriate.
When using the shared class cache, you must be aware of the default permissions for new files so that you can improve security by restricting access.
FileDefault permissions
new shared cachesread permissions for group and other
javasharedresources directoryworld read, write, and execute permission
You require write permission on both the cache file and the cache directory to destroy or grow a cache.

Changing the file permissions on the cache file

To limit access to a shared class cache, you can use the chmod command.

Change requiredCommand
Limit access to the user and groupchmod 770 /tmp/javasharedresources
Limit access to the userchmod 700 /tmp/javasharedresources
Limit the user to read and write access only for a particular cachechmod 600 /tmp/javasharedresources/<file for shared cache>
Limit the user and group to read and write access only for a particular cachechmod 660 /tmp/javasharedresources/<file for shared cache>
Other Way to fix this is :- 

JVMSHRC226E

Error opening shared class cache file

Explanation

An error has occurred during shared class processing.

System action

The JVM ends, unless you have specified the nonfatal option with -Xshareclasses:nonfatal, in which case the JVM continues without using shared classes.
Posted by at No comments:

Tuesday, 2 April 2013

How to take thread dumps in JBOSS?


If you see any request is taking a lot of time, in order to know what might be the issue, you can go through thread dumps.  Thread may be waiting for some resource (it can be database call or any third party call), you can know exact cause by looking at thread dumps.

What is a thread dump?
   Current snapshot of threads which are running in JVM.

By using jboss jmx-console
http://localhost:8080/jmx-console
and search "serverInfo" and click on that link
Click invoke under listThreaddump
Which will give you current snapshot of threads which are running in JVM.

By using twiddle 
go to <JBOSS-HOME>/bin
In windows - 
twiddle.bat invoke "jboss.system:type=ServerInfo" listThreadDump > dump.html
dump.html will have your thread dump.

In unix-based machines
/jboss/bin/twiddle.sh invoke "jboss.system:type=ServerInfo" listThreadDump > dump.html 2>&1
Using "Interrupt" signal - SIGQUIT
Use kill -3 <process-id> to generate thread dump. You will find the thread dumps in server logs.

Typically to know exact cause you need to take at least 2 to 3 thread dumps with 30 seconds gap, so that you will know what is the common thread which is waiting for long time.
Posted by at No comments:

Tuesday, 11 December 2012

RPM: unix Commands

RPM:

rpm -qa                       shows what rpm packages are installed
rpm -ql <package name>        shows where the files are installed (rpm -qlp .. shows the absolut paths???)
rpm -q --filesbypkg cdrecord  list all the files on installed rpm package
rpm -qf /usr/bin/lynx         query a file to find the source rpm package
rpm -qi <package name>        list information on an installed rpm package
rpm -qR <package name>        list all dependencies on any rpm package
        
rpm -Uvh httpd-2.2.8.aix5.1.rpm install the rpm package

rpm -Uvh --force *.rpm
rpm -Uvh --force --nodeps <package name>    does not check dependency

rpm -e <package name>         removes the rpm package

/usr/sbin/updtvpkg            enables the rpm command to recognize that the libraries have been installed

In some cases you might get an error about failed dependencies when you install RPMs on AIX (for example, error: failed dependencies: libX11.a(shr4.o) is needed by tk-8.3.3-1). Most likely the error occurs because the rpm command does not recognize the shared library. If the error occurs, check to see if the X11 libraries are installed in the directory /usr/lpp/X11/lib. If they are not installed, use the AIX product media to install them. After you have installed the libraries, run the above command (updtvpkg). The command enables the rpm command to recognize that the libraries have been installed.
Posted by at No comments:

Thursday, 15 November 2012

Oracle HTTP server with Weblogic 10.3.4 with SSL



Issue:
First page will be HTTPS (because it will be entered in the browser as https)
Once the application page loads it will go to HTTP which is not secured page.
If we add S to HTTP, the page loads fine and probably works also.
Reason:
      It is issue with Web-logic version 10.3.4, which is by-default does not recognizing the “WL-Proxy-SSL” and hence Oracle HTTP server was not getting proper response.
                                                                                                                                                  
Solution:
      Enabling the Weblogic Plugin Enabled parameter from (Weblogic Console) the “Domain_Name --> Configuration Tab --> Web Applications Sub Tab”
Posted by at No comments:

Finding File Size in Linux, Aix, HP-UX



For Linux :find $DIR -type f -size +200000k -exec ls -lh {} \; | awk '{ print $9 ": " $5 }'
For AIX : find $DIR -type f -size +200000k -exec ls -l {} \; | awk '{ print $9 ": " $5 / 1048576 “MB” }'
For HPUX :find $DIR -type f -size +400000 -exec ls -l {} \; | awk '{ print $9 ": " $5 / 1048576 "MB" }'
                                                                                                                                                                              
Where $DIR = the directory where you want find files like /opt [ SIZE  OF FILE > 200000KB(195.31 MB) ].
Posted by at No comments:

To free pagecache in LINUX


echo 1 > /proc/sys/vm/drop_caches
 #To free dentries and inodes:
 echo 2 > /proc/sys/vm/drop_caches
 #To free pagecache, dentries and inodes:
 echo 3 > /proc/sys/vm/drop_cachesNote: you need to execute these as ROOT user                                                                                                                           
Posted by at No comments:

Generating heap dump in WAS

1. Start the wsadmin scripting client. You have several options to run scripting commands, ranging from running them interactively to running them in a profile.

2. Invoke the generateHeapDump operation on a JVM MBean, for example,
- Finding JVM objectName:
   <wsadmin> set objectName [$AdminControl queryNames WebSphere:type=JVM,process=<servername>,node=<nodename>,*]  
- Invoking the generateHeapDump operation on JVM Mbean:
   <wsadmin> $AdminControl invoke $objectName generateHeapDump
where, 
$is a Jacl operator for substituting a variable name with its value
invokeis the command
generateHeapDumpis the operation you are invoking
<servername>is the name of the server on which you want to generate a heap dump
<nodename>is the node to which <servername> belongs


3. Important to AMD 64-bit users: You must specify the -Xtrace option to take heap dumps.
Posted by at No comments:
Subscribe to: Posts (Atom)