Gain 30% Linux Disk Performance with noatime, nodiratime, and relatime

This is post #8 in my December 2013 series about Linux Virtual Machine Performance Tuning. For more, please see the tag “Linux VM Performance Tuning.” According to Red Hat’s Enterprise Linux 6 Power Management guide, the POSIX family of standards for operating systems “requires that operating systems maintain file system metadata that records when each file was last accessed.” This is called “atime” (a is for access) and is one of three timestamps Linux filesystems keep for their files (the other two are mtime and ctime, modify and change times). You can see these with the ‘stat’ command: $ stat /bin/ls File: `/bin/ls’ Size: 109208 Blocks: 216 IO Block: 4096 regular file Device: fd00h/64768d Inode: 519 Links: 1 Access: (0755/-rwxr-xr-x) …

Read More

The Best OS Installation Is Minimal

This is post #4 in my December 2013 series about Linux Virtual Machine Performance Tuning. For more, please see the tag “Linux VM Performance Tuning.” In this day & age of virtualization and clouds the best choice for an OS installation, be it a virtual machine template or a physical machine, is a minimal install. From there you can use a configuration management tool like Chef or Puppet to add exactly the packages you need for the host to perform its functions. Doing a minimal install has several advantages: A minimal installation doesn’t install a lot of content that will just sit there and consume disk space. As a result your template VMs will be really small, which leads to fast provisioning …

Read More

Minimal Kickstart File for Red Hat Enterprise Linux 6, CentOS 6, Oracle Linux 6 Virtual Machines

This is a helper post in my December 2013 series about Linux Virtual Machine Performance Tuning. For more, please see the tag “Linux VM Performance Tuning.” Here’s a minimal kickstart file for a virtual machine installation of RHEL 6, CentOS 6, or Oracle Linux 6. I use this in conjunction with tools like Puppet and Chef to do the rest of my system configuration. I provision 30 GB thin-provisioned disks to each VM, leaving the rest of it unallocated until needed. While this leads to a disk overcommitment situation that’s manageable, and a tradeoff to ensure more standardization and ease of administration & automation. I remove a number of packages that we don’t necessarily need on a virtual machine, either …

Read More

Performance Tuning and Configuration Management Go Hand In Hand

This is post #3 in my December 2013 series about Linux Virtual Machine Performance Tuning. For more, please see the tag “Linux VM Performance Tuning.” I’ve really become a fan of configuration management tools like Chef and Puppet. Those types of tools help keep my systems in sync, help enforce standards I set for my systems, and help me rapidly deploy new systems that look exactly like my existing systems. When I’m doing performance testing & tuning these aspects are helpful. It’s easy to deploy a new virtual machine that looks exactly like the production VMs you have. Tuning is all about making a lot of little changes and seeing what they do, so by building test systems from the …

Read More

Troubleshooting Puppet PostgreSQL Locale Mismatches

I’ve been doing some work lately with VMware Hyperic Server and Puppet, and I’ve been having issues where the Puppet Labs PostgreSQL module refuses to create a PostgreSQL database for me. I try to call it with: class { ‘postgresql’: charset => ‘UTF8’, }-> class { ‘postgresql::server’: config_hash => { ‘listen_addresses’ => ‘127.0.0.1’, ‘manage_redhat_firewall’ => true, ‘postgres_password’ => ‘goatsaresupercool’, }, require => Mount[‘/var/lib/pgsql’], } postgresql::db { ‘HQ’: user => ‘hyperic’, password => ‘sheeparecooltoo’, require => Class[‘postgresql::server’], } …and it throws this error into Puppet’s output: Error: /usr/bin/initdb –encoding ‘UTF8’ –pgdata ‘/var/lib/pgsql/data’ returned 1 instead of one of [0] “No problem,” I said. Since Puppet is kind enough to give me the command it’s trying I switched to the postgres user …

Read More

SELinux & Return On Time Invested

I’m a little behind on my reading, but I wanted to address Major Hayden’s blog posts about disabling Security-Enhanced Linux, or SELinux, which brings mandatory access control to Linux. Mandatory access control is a completely different permission model for UNIX-based hosts, and Mr. Hayden feels it is underutilized: After many discussions with fellow Linux users, I’ve come to realize that most seem to disable SELinux rather than understand why it’s denying access. In an effort to turn the tide, I’ve created a new site as a public service to SELinux cowards everywhere: stopdisablingselinux.com. It’s pretty rare for me to argue against a security technology but in my eyes SELinux isn’t a solution to very many problems. I know how SELinux works, what …

Read More

System Administration/DevOps/Cloud and Developer Positions Open @ UW – Madison

If you’ve ever thought about working with the people & organization who basically eliminated rickets by discovering how to boost and synthesize vitamin D, who took a bunch of spoiled sweet clover hay and turned it into the most popular blood thinner ever (and the most popular rat poison ever, ha!), or who isolated human embryonic stem cells so that research could happen without destroying embryos in the process, here’s your chance. The Morgridge Institute for Research on the University of Wisconsin – Madison campus is looking to hire: two build & test workflow system developers, one database developer, one software security specialist, and two system administrators, among some other positions, as part of the Software Assurance Marketplace, or SWAMP. …

Read More