[Deploying Sakai] linux tuning

Matthew Jones jonespm at umich.edu
Mon May 23 07:38:23 PDT 2011


Here's something else to consider. *If* you are doing SSL in tomcat and
using the  Oracle 11g, or you have SSL in your provider (or some other tools
making SSL in the app) you might temporarily run out of entropy on the
server. We sometimes hit this at high load but it hasn't been a serious
issue yet because our load balancer offloads SSL. Something to at least be
aware of I guess.

You'll see errors like:
Mar 31 18:19:56 alaking java.sql.SQLRecoverableException: IO Error:
Connection reset

Randomly in your logs.

The Oracle 11g driver uses /dev/random by default, and /dev/random can
sometimes "run out of gas" and reset the connection. So it's suggested to
use "-Djava.security.egd=file:///dev/urandom" for the Oracle 11g driver.

http://www.usn-it.de/index.php/2009/02/20/oracle-11g-jdbc-driver-hangs-blocked-by-devrandom-
entropy-pool-empty/

If it is related to random entropy, /proc/sys/kernel/random/entropy_avail
seems *low* on all of the servers.

"Entropy in Linux is viewable through the
file /proc/sys/kernel/random/entropy_avail and should generally be at least
2000.[19] Entropy changes frequently." (
http://en.wikipedia.org/wiki/Entropy_(computing)#Practical_implications_of_entropy
)

On Mon, May 23, 2011 at 9:52 AM, Matthew Jones <jonespm at umich.edu> wrote:

> I've found it useful to adjust the kernel oom killer behavior. (
> http://www.win.tue.nl/~aeb/linux/lk/lk-9.html#ss9.6)
>
> To the guides recommended settings of
> vm.overcommit_memory = 2
> vm.overcommit_ratio = 80
> appear to be more stable.
>
> OOM killer didn't happen very often, but it was very annoying when it did
> happen. A lot more often when users had active terminal sessions open on the
> same machine.
>
> That and the file descriptors are typically all I've heard of. Would also
> be interested in other tips.
>
> On Mon, May 23, 2011 at 9:47 AM, Charles Hedrick <hedrick at rutgers.edu>wrote:
>
>> We're in the process of moving production from Solaris to Linux. We've
>> increased the maximum number of file descriptors, but nothing else. Is there
>> other tuning that people recommend?
>>
>> _______________________________________________
>> production mailing list
>> production at collab.sakaiproject.org
>> http://collab.sakaiproject.org/mailman/listinfo/production
>>
>> TO UNSUBSCRIBE: send email to
>> production-unsubscribe at collab.sakaiproject.org with a subject of
>> "unsubscribe"
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/production/attachments/20110523/63293695/attachment.html 


More information about the production mailing list