Tuesday, 3 December 2013

Security considerations for the shared class cache (Error opening shared class cache file)

Error Description:
create-profile:
     [echo] create-profile (ibm): Started
     [echo] There is no profile named: mda2014 in /qa-deploy/ca-was/ca2014/was85_0212-084533/MDA/profile-root
     [echo] Creating this mda2014 profile
     [exec] Creating Profile mda2014 under /qa-deploy/ca-was/ca2014/was85_0212-084533/MDA/profile-root
     [exec] /data/IBM/WebSphere/AppServer/bin/manageprofiles.sh -create -profileName mda2014 -profilePath /qa-deploy/ca-was/ca2014/was85_0212-084533/MDA/profile-root/mda2014 -templatePath /data/IBM/WebSphere/AppServer/profileTemplates/default -cellName mda2014Cell -startingPort 14030
     [exec] JVMSHRC226E Error opening shared class cache file
     [exec] JVMSHRC336E Port layer error code = -300
     [exec] JVMSHRC337E Platform error message: Read-only file system
     [exec] JVMJ9VM015W Initialization error for library j9shr26(11): JVMJ9VM009E J9VMDllMain failed
     [exec] Error: Could not create the Java Virtual Machine.
     [exec] Error: A fatal exception has occurred. Program will exit.
     [exec] ERROR # 1 : Unable to create profile


The shared class cache is designed for ease of cache management and usability, but the default security policy might not be appropriate.
When using the shared class cache, you must be aware of the default permissions for new files so that you can improve security by restricting access.
FileDefault permissions
new shared cachesread permissions for group and other
javasharedresources directoryworld read, write, and execute permission
You require write permission on both the cache file and the cache directory to destroy or grow a cache.

Changing the file permissions on the cache file

To limit access to a shared class cache, you can use the chmod command.

Change requiredCommand
Limit access to the user and groupchmod 770 /tmp/javasharedresources
Limit access to the userchmod 700 /tmp/javasharedresources
Limit the user to read and write access only for a particular cachechmod 600 /tmp/javasharedresources/<file for shared cache>
Limit the user and group to read and write access only for a particular cachechmod 660 /tmp/javasharedresources/<file for shared cache>
Other Way to fix this is :- 

JVMSHRC226E

Error opening shared class cache file

Explanation

An error has occurred during shared class processing.

System action

The JVM ends, unless you have specified the nonfatal option with -Xshareclasses:nonfatal, in which case the JVM continues without using shared classes.
Posted by at No comments:

Tuesday, 2 April 2013

How to take thread dumps in JBOSS?


If you see any request is taking a lot of time, in order to know what might be the issue, you can go through thread dumps.  Thread may be waiting for some resource (it can be database call or any third party call), you can know exact cause by looking at thread dumps.

What is a thread dump?
   Current snapshot of threads which are running in JVM.

By using jboss jmx-console
http://localhost:8080/jmx-console
and search "serverInfo" and click on that link
Click invoke under listThreaddump
Which will give you current snapshot of threads which are running in JVM.

By using twiddle 
go to <JBOSS-HOME>/bin
In windows - 
twiddle.bat invoke "jboss.system:type=ServerInfo" listThreadDump > dump.html
dump.html will have your thread dump.

In unix-based machines
/jboss/bin/twiddle.sh invoke "jboss.system:type=ServerInfo" listThreadDump > dump.html 2>&1
Using "Interrupt" signal - SIGQUIT
Use kill -3 <process-id> to generate thread dump. You will find the thread dumps in server logs.

Typically to know exact cause you need to take at least 2 to 3 thread dumps with 30 seconds gap, so that you will know what is the common thread which is waiting for long time.
Posted by at No comments:
Subscribe to: Posts (Atom)