Thursday, 7 November 2024

hikari-config.propraties

 [root@Agent-Application-1 sharif]# cat  /u01/tomcat-finger-others/apache-tomcat-9.0.86/apache-tomcat-9.0.86/webapps/FingerAPI/WEB-INF/classes/hikari-config.properties


driverName = oracle.jdbc.OracleDriver

url = jdbc:oracle:thin:@10.x.x.x:1521/emob

user = xxxxxx

pass = xxxxxx


#Newly Added

cachePrepStmts = true

prepStmtCacheSize = 2500

prepStmtCacheSqlLimit = 2048

minimumIdle = 20

maximumPoolSize = 10

idleTimeout = 600000

connectionTimeout = 3000000

maxLifetime = 1000000


Monday, 7 October 2024

VT-X enable for processor in Ubuntu

 

How to enable nested virtualization

For Windows host enable VT-X for processor on Ubuntu linux are as below:

  Set-VMProcessor -VMname BOTOP -ExposeVirtualizationExtensions $true

  Set-VMProcessor -VMname BOT-IVRCRM -ExposeVirtualizationExtensions $true

 ------------------------


Check if nested virtualization is enabled

Check if the required kernel module for your CPU is already loaded. Hosts with Intel CPUs require the kvm_intel module while AMD hosts require kvm_amd instead:

$ lsmod | grep -i kvm
kvm_intel               204800  0
kvm                  1347584  1 kvm_intel

If the module is loaded

If the module is already loaded, you can check if nested virtualization is enabled by running the following command:

cat /sys/module/<module>/parameters/nested

As an example for AMD hosts:

$ cat /sys/module/kvm_amd/parameters/nested
1

If the output is either 1 or Y then nested virtualization is enabled and you will not need to manually enable the feature (this should be the case for Ubuntu users).

If the module is not loaded

If the module your host requires is not loaded you can load it using modprobe and add the property nested=1 to enable nested virtualization as shown below for Intel hosts:

modprobe kvm-intel nested=1

Or as follows for AMD hosts:

modprobe kvm-amd nested=1

Enable nested virtualization

If the above checks indicate that nested virtualization is not enabled, you can follow the below steps to enable it.

  • Create a file in /etc/modprobe.d -e.g., /etc/modprobe.d/kvm.conf- and add the line options kvm-intel nested=1 to that file (replace kvm-intel with kvm-amd for AMD hosts).

  • Reload the kernel module to apply the changes:

  sudo modprobe -r <module>

Example for Intel hosts:

  sudo modprobe -r kvm-intel
  • You should now be able to see nested virtualization enabled:

Example for Intel hosts:

  $ cat /sys/module/kvm_intel/parameters/nested
  Y

Check and enable nested virtualization inside an instance

Once the host is ready to use nested virtualization it is time to check if the guest instance where the other instance(s) are going to run is able to host these nested VMs.

To determine if an instance can host another instance on top, run the below command within the instance:

egrep "svm|vmx" /proc/cpuinfo

Thursday, 29 February 2024

swap increase in linux

 

Option # 3 - Create a swap file.

 

1. Create a swap file on the current File system for example on root, for this a new Directory can be created.

  

[opc@<HOSTNAME> ~]$ sudo mkdir /swap

 

2. Create a new file into this new directory, in this example a new file for 2Gb is create.

  

[opc@<HOSTNAME> ~]$ sudo dd if=/dev/zero of=/swap/swapfile1 bs=1M count=2048

  

3.  Create a new swap area on the file that has been created.

  

[opc@<HOSTNAME> ~]$ sudo mkswap  /swap/swapfile1

 

4. Change the permissions on the file.

 

  

[opc@<HOSTNAME> ~]$ sudo chmod 600 /swap/swapfile1

  

 

5. Add the swap partition to the /etc/fstab file as indicated below on this step

 

/swap/swapfile1    swap   swap      defaults       0 0


 

 

6. Load the new swap space that had been created for the Instance.

 

[opc@<HOSTNAME> ~]$ sudo swapon -a

  

 

7. To list the swap devices run the below command.

 

[opc@<HOSTNAME> ~]$ sudo swapon -s

 

 

The new swap area that the instance will have available can be checked with this command below.

 

  

opc@<HOSTNAME> ~]$ sudo free -m
total used free shared buff/cache available
Mem: 14763 256 11898 65 2608 14102
Swap: 12661 0 12661                 <<<====  Total Swap area
 
====
 

command Line Usage

# mount -o remount,size=1024M /dev/shm

The required filesystem size is set during the mount(8) operation.  Resize a mounted filesystem by using the remount option along with the new filesystem size.

/etc/fstab Usage

tmpfs /dev/shm tmpfs size=1024M,defaults 0 0

Using /etc/fstab allows the size to be set automatically during system reboot.  If the line is missing just add it and reboot the O/S.

========


Monday, 9 October 2023

Opmnctl start & stop

 ./opmnctl startproc ias-component=ohs1

 

before remove all file in to /u01/oracle/middleware/asinst_1/config/OPMN/opmn/states

then run

  ./opmnctl startproc ias-component=RptSvr_drcbsapp01_asinst_1

 

./opmnctl startall

./opmnctl stopall

 

Wednesday, 30 August 2023

Pcket capture in Solaris

Packet capture 

------------------ 

snoop -d net0 -c 10000 -o /tmp/capture.pcap host IP 

view packet

 ____________ 

snoop -i filename 

 

How to Check Packets From All Interfaces

  1. Print information about the interfaces that are attached to the system.
    # ipadm show-if

    The snoop command normally uses the first non-loopback device, typically the primary network interface.

  2. Begin packet capture by typing snoop without arguments, as shown in Example 5-15.
  3. Use Control-C to halt the process.

Example 5-15 Output From the snoop Command

The basic snoop command returns output that resembles the following, for a dual-stack host.

% snoop
Using device /dev/net (promiscuous mode)
router5.local.com -> router5.local.com ARP R 10.0.0.13, router5.local.com is
    0:10:7b:31:37:80
router5.local.com -> BROADCAST     TFTP Read "network-confg" (octet)
myhost -> DNSserver.local.com      DNS C 192.168.10.10.in-addr.arpa. Internet PTR ?
DNSserver.local.com  myhost        DNS R 192.168.10.10.in-addr.arpa. Internet PTR 
   niserve2.
.
.
.
fe80::a00:20ff:febb:e09 -> ff02::9 RIPng R (5 destinations)

The packets that are captured in this output show a remote login section, including lookups to the NIS and DNS servers for address resolution. Also included are periodic ARP packets from the local router and advertisements of the IPv6 link-local address to in.ripngd.

How to Capture snoop Output Into a File

  1. Capture a snoop session into a file.
    # snoop -o filename

    For example:

    # snoop -o /tmp/cap
    Using device /dev/eri (promiscuous mode)
    30 snoop: 30 packets captured

    In the example, 30 packets have been captured in a file named /tmp/cap. The file can be in any directory with enough disk space. The number of packets that are captured is displayed on the command line, enabling you to press Control-C to abort at any time.

    snoop creates a noticeable networking load on the host machine, which can distort the results. To see the actual results, run snoop from a third system.

  2. Inspect the snoop output captures file.
    # snoop -i filename

Example 5-16 Contents of a snoop Output Captures File

The following output shows a variety of captures such as you might receive as output from the snoop -i command.

# snoop -i /tmp/cap
1   0.00000 fe80::a00:20ff:fee9:2d27 -> fe80::a00:20ff:fecd:4375 
    ICMPv6 Neighbor advertisement
...
10  0.91493    10.0.0.40 -> (broadcast)  ARP C Who is 10.0.0.40, 10.0.0.40 ?
34  0.43690 nearserver.here.com  -> 224.0.1.1  IP  D=224.0.1.1 S=10.0.0.40 LEN=28, 
      ID=47453, TO =0x0, TTL=1
35  0.00034  10.0.0.40 -> 224.0.1.1    IP  D=224.0.1.1 S=10.0.0.40 LEN=28, ID=57376, 
     TOS=0x0, TTL=47  

How to Check Packets Between an IPv4 Server and a Client

  1. Establish a snoop system off a hub that is connected to either the client or the server.

    The third system (the snoop system) checks all the intervening traffic, so the snoop trace reflects what is actually happening on the wire.

  2. Type snoop with options and save the output to a file.
  3. Inspect and interpret the output.

    Refer to RFC 1761, Snoop Version 2 Packet Capture File Format for details of the snoop capture file.

How to Monitor IPv6 Network Traffic

You can use the snoop command to display only IPv6 packets.

  • Capture IPv6 packets.
    # snoop ip6

    For more information on the snoop command, see the snoop(1M) man page.

Example 5-17 Displaying Only IPv6 Network Traffic

The following example shows typical output such as you might receive from running the snoop ip6 command on a node.

# snoop ip6
fe80::a00:20ff:fecd:4374 -> ff02::1:ffe9:2d27 ICMPv6 Neighbor solicitation
fe80::a00:20ff:fee9:2d27 -> fe80::a00:20ff:fecd:4375 ICMPv6 Neighbor 
      solicitation
fe80::a00:20ff:fee9:2d27 -> fe80::a00:20ff:fecd:4375 ICMPv6 Neighbor 
      solicitation
fe80::a00:20ff:febb:e09 -> ff02::9      RIPng R (11 destinations)
fe80::a00:20ff:fee9:2d27 -> ff02::1:ffcd:4375 ICMPv6 Neighbor solicitation

Monitoring Packets by Using IP Layer Devices

IP layer devices are introduced in Oracle Solaris to enhance IP observability. These devices provide access to all packets with addresses that are associated with the system's network interface. The addresses include local addresses as well as addresses that are hosted on non-loopback interfaces or logical interfaces. The observable traffic can be both IPv4 and IPv6 addresses. Thus, you can monitor all traffic that is destined to the system. The traffic can be loopback IP traffic, packets from remote machines, packets that are being sent from the system, or all forwarded traffic.

With IP layer devices, an administrator for a global zone can monitor traffic between zones as well as within a zone. An administrator of a non-global zone can also observe traffic that is sent and received by that zone.

To monitor traffic on the IP layer, a new option, -I, is added to the snoop command. This option specifies for the command to use the new IP layer devices instead of the underlying link-layer device to display traffic data.

How to Check Packets on the IP Layer

  1. If necessary, print the information about the interfaces that are attached to the system.
    # ipadm show-if
  2. Capture IP traffic on a specific interface.
    # snoop -I interface [-V | -v]

Examples of Checking Packets

All the examples are based on the following system configuration:

# ipadm show-addr
ADDROBJ      TYPE       STATE   ADDR
lo0/v4       static     ok      127.0.0.1/8
net0/v4      static     ok      192.68.25.5/24
lo0/?        static     ok      127.0.0.1/8
net0/?       static     ok      172.0.0.3/24
net0/?       static     ok      172.0.0.1/24
lo0/?        static     ok      127.0.0.1/8
 

Suppose that two zones, sandbox and toybox, are using the following IP addresses:

  • sandbox172.0.0.3

  • toybox172.0.0.1

You can issue the snoop -I command on the different interfaces on the system. The packet information that is displayed depends on whether you are an administrator for the global zone or for the non-global zone.

Example 5-18 Traffic on the Loopback Interface

# snoop -I lo0
Using device ipnet/lo0 (promiscuous mode)
   localhost -> localhost    ICMP Echo request (ID: 5550 Sequence number: 0)
   localhost -> localhost    ICMP Echo reply (ID: 5550 Sequence number: 0)

To generate a verbose output, use the -v option.

# snoop -v -I lo0
Using device ipnet/lo0 (promiscuous mode)
IPNET:  ----- IPNET Header -----
IPNET:  
IPNET:  Packet 1 arrived at 10:40:33.68506
IPNET:  Packet size = 108 bytes
IPNET:  dli_version = 1
IPNET:  dli_type = 4
IPNET:  dli_srczone = 0
IPNET:  dli_dstzone = 0
IPNET:  
IP:   ----- IP Header -----
IP:   
IP:   Version = 4
IP:   Header length = 20 bytes
...

Support for observing packets on the IP layer introduces a new ipnet header that precedes the packets that are being observed. Both the source and destination IDs are indicated. The '0' ID indicates that the traffic is being generated from the global zone.

Example 5-19 Packet Flow in the net0 Device in Local Zones

# snoop -I net0
Using device ipnet/net0 (promiscuous mode)
toybox -> sandbox TCP D=22 S=62117 Syn Seq=195630514 Len=0 Win=49152 Options=<mss
sandbox -> toybox TCP D=62117 S=22 Syn Ack=195630515 Seq=195794440 Len=0 Win=49152
toybox -> sandbox TCP D=22 S=62117 Ack=195794441 Seq=195630515 Len=0 Win=49152
sandbox -> toybox TCP D=62117 S=22 Push Ack=195630515 Seq=195794441 Len=20 Win=491

The output shows traffic that occurs in the different zones within the system. You can see all packets that are associated with the net0 IP addresses, including packets that are locally delivered to other zones. If you generate a verbose output, you can see the zones that are involved in the flow of packets.

# snoop -I net0 -v port 22
IPNET:  ----- IPNET Header ----- 
IPNET: 
IPNET:  Packet 5 arrived at 15:16:50.85262 
IPNET:  Packet size = 64 bytes 
IPNET:  dli_version = 1 
IPNET:  dli_type = 0 
IPNET:  dli_srczone = 0 
IPNET:  dli_dstzone = 1 
IPNET: 
IP:   ----- IP Header ----- 
IP: 
IP:   Version = 4 
IP:   Header length = 20 bytes 
IP:   Type of service = 0x00 
IP:         xxx. .... = 0 (precedence) 
IP:         ...0 .... = normal delay 
IP:         .... 0... = normal throughput 
IP:         .... .0.. = normal reliability 
IP:         .... ..0. = not ECN capable transport 
IP:         .... ...0 = no ECN congestion experienced 
IP:   Total length = 40 bytes 
IP:   Identification = 22629 
IP:   Flags = 0x4 
IP:         .1.. .... = do not fragment 
IP:         ..0. .... = last fragment 
IP:   Fragment offset = 0 bytes 
IP:   Time to live = 64 seconds/hops 
IP:   Protocol = 6 (TCP) 
IP:   Header checksum = 0000 
IP:   Source address = 172.0.0.1, 172.0.0.1 
IP:   Destination address = 172.0.0.3, 172.0.0.3 
IP:   No options 
IP: 
TCP:  ----- TCP Header ----- 
TCP: 
TCP:  Source port = 46919 
TCP:  Destination port = 22 
TCP:  Sequence number = 3295338550 
TCP:  Acknowledgement number = 3295417957 
TCP:  Data offset = 20 bytes 
TCP:  Flags = 0x10 
TCP:        0... .... = No ECN congestion window reduced 
TCP:        .0.. .... = No ECN echo 
TCP:        ..0. .... = No urgent pointer 
TCP:        ...1 .... = Acknowledgement 
TCP         .... 0... = No push 
TCP         .... .0.. = No reset 
TCP:        .... ..0. = No Syn 
TCP:        .... ...0 = No Fin 
TCP:  Window = 49152 
TCP:  Checksum = 0x0014 
TCP:  Urgent pointer = 0 
TCP:  No options 
TCP:

The ipnet header indicates that the packet is coming from the global zone (ID 0) to Sandbox (ID 1).

Example 5-20 Observing Traffic by Identifying the Zone

# snoop -I hme0 sandboxsnoop -I net0 sandbox
Using device ipnet/hme0 (promiscuous mode)
toybox -> sandbox TCP D=22 S=61658 Syn Seq=374055417 Len=0 Win=49152 Options=<mss
sandbox -> toybox TCP D=61658 S=22 Syn Ack=374055418 Seq=374124525 Len=0 Win=49152
toybox -> sandbox TCP D=22 S=61658 Ack=374124526 Seq=374055418 Len=0 Win=49152
#

The ability to observe packets by identifying zone is useful in systems that have multiple zones. Currently, you can only identify zone by using the zone ID. Using snoop with zone names is not supported.

 

Sunday, 21 August 2022

Tennet port disable on SAN SW

Clone the existing Ipfilter

    Remove the rule to allow traffic on port 23

    Define new rule to deny traffic on Telnet port 23

    Save and activate the new iptables configuration

 

Table of Contents

 

    View existing iptable configuration

    Clone existing configuration

    Modify the cloned ipfilters

    Save configuration and activate ipfilters

    Removing an ipfilter

    Sources

 

View existing iptable configuration

 

To show the current ip filter rules, enter: ipfilter –show

 

STORFOS:FID128:storcom> ipfilter --show

 

Name: default_ipv4, Type: ipv4, State: active

Rule    Source IP                               Protocol   Dest Port         Action

1     any                                            tcp       22            permit

2     any                                            tcp       23            permit

3     any                                            tcp       80            permit

4     any                                            tcp      443            permit

5     any                                            udp      161            permit

6     any                                            udp      123            permit

7     any                                            tcp      600 - 1023     permit

8     any                                            udp      600 - 1023     permit

 

Name: default_ipv6, Type: ipv6, State: active

Rule    Source IP                               Protocol   Dest Port         Action

1     any                                            tcp       22            permit

2     any                                            tcp       23            permit

3     any                                            tcp       80            permit

4     any                                            tcp      443            permit

5     any                                            udp      161            permit

6     any                                            udp      123            permit

7     any                                            tcp      600 - 1023     permit

8     any                                            udp      600 - 1023     permit

 

Clone existing configuration

 

Go ahead and clone both iptable configurations. In the example above, they are named: default_ipv4 and default_ipv6. I will give the clones a new name: BlockTelnet_ipv4 and BlockTelnet_ipv6.

 

ipfilter --clone BlockTelnet_ipv4 -from default_ipv4

ipfilter --clone BlockTelnet_ipv6 -from default_ipv6

 

Save the clones you just created

 

ipfilter --save BlockTelnet_ipv4

ipfilter --save BlockTelnet_ipv6

 

Modify the cloned ipfilters

 

Next, we will remove rule 2 which permits traffic on port 23, then define a new rule that denies traffic on port 23.

 

To remove Rule 2 on the cloned ip tables, enter:

 

ipfilter --delrule BlockTelnet_ipv4 -rule 2

ipfilter --delrule BlockTelnet_ipv6 -rule 2

 

Use the following command to deny traffic on TCP port 23

 

ipfilter --addrule BlockTelnet_ipv4 -rule 2 -sip any -dp 23 -proto tcp -act deny

ipfilter --addrule BlockTelnet_ipv6 -rule 2 -sip any -dp 23 -proto tcp -act deny

 

Save configuration and activate ipfilters

 

To save the modified ipfilter clones, enter:

 

ipfilter --save BlockTelnet_ipv4

ipfilter --save BlockTelnet_ipv6

 

Before you activate, you can double-check the new configuration by entering the command:

 

ipfilter --show BlockTelnet_ipv4

ipfilter --show BlockTelnet_ipv6

 

Finally, you can activate the new ipfilters

 

ipfilter --activate BlockTelnet_ipv4

ipfilter --activate BlockTelnet_ipv6

 

Removing an ipfilter

 

Alternatively, if you think need need to clean up the ipfilter policies, it is very easy to do it. Use the following command:

 

STORFOS:FID128:storcom> ipfilter --delete BlockTelnet_ipv6

This will delete the IP filter policy.

ARE YOU SURE (yes, y, no, n): [no] y