h1

Using Bash and Squid Tips

June 14, 2006

Readline is your friend

by Bryn Reeves, RHCE

Long-time Linux users often have a bag of tricks which can help them work more quickly and effectively at the command line. These include things like the screen terminal multiplexer, and the use of functions and aliases in ~/.bashrc.

Another great timesaver is the GNU Readline library. It provides a set of keyboard shortcuts which can be used to navigate and edit lines of input in the shell and several other programs.

The bash man page contains some good documentation—you can jump to the relevant section by executing man bash, then typing /^READ<enter>, or just page down until you come to it.

Here are a selection of handy shortcuts to get started:

Shortcut What it does
Ctrl-A Move to beginning of line
Ctrl-E Move to end of line
Alt-F Move forward one word
Alt-B Move backward one word
Ctrl-K Cut to end of line
Alt-Backspace Cut backwards current word
Ctrl-Y Paste from clipboard
Alt-. Paste last argument from previous command
Ctrl-R Reverse search through history
Note:
To use the Alt-F and Alt-B shortcuts in GNOME terminal, you need to disable its keyboard shortcuts. To disable them, select Edit -> Keyboard Shortcuts… from the menu and check both disable boxes.

You may notice that the navigation/cut'n'paste commands have a distinctly Emacs flavor. If you prefer Vi, execute set -o vi. To make this permanent, drop it into your ~/.bashrc file.

See the bash man page for the full story—you can even provide a configuration file to customize the options, here's a brief example:

# ~/.inputrc
$include /etc/inputrc
# this shadows transpose-chars in the default emacs mode
# works around the default C-s being shadowed by linux's
# C-s scroll-lock behavior
C-t:   forward-search-history
C-f:   'realias\n'
"\C-x\C-r": re-read-init-file

Realias is a shell function which reloads .bashrc:

function realias () { . ~/.bashrc ; }

So if you've edited it, there's no need to close and re-start the terminal to get the changes applied—just type Ctrl-F.

What is the relation between I/O wait and load average?

by Jeff Layton

Linux follows the standard of traditional UNIX and computes its load average as the average number of runnable or running processes (R state), and the number of processes in un-interruptible sleep (D state) over the specified interval.

Some other operating systems calculate their load averages simply by looking at processes in R state. On those systems, load average is synonymous with the run queue — high load averages mean that the box is CPU bound.

This is not the case with Linux. On Linux the load average is a measurement of the amount of "work" being done by the machine (without being specific as to what that work is). This "work" could reflect a CPU intensive application (compiling a program or encrypting a file), or something I/O intensive (copying a file from disk to disk, or doing a database full table scan), or a combination of the two.

What are the basic tuning settings for Red Hat Directory Server?

by Michael Napolis

There are 3 basic kernel tuning parameters available for Red Hat Directory Server. The tuning schemes involves NFS mount settings, number of TCP ports, and number of open files.

NFS mount settings

If the Red Hat Directory Server needs to write to a NFS mounted drive, the following changes in the /etc/rc.d/init.d/autofs file are recommended:

+localoptions='rsize=8192,wsize=8192,vers=3,tcp'

NFS tuning parameters:

rsize=8192,wsize=8192 - nfs connection is faster than with the default buffer size of 4096.  

vers=3 - Specifies which version of NFS protocol to use.  

tcp - NFS mount will use TCP protocol rather than UDP.

Number of TCP ports

Having enough available local system ports for Red Hat Directory Server requests are also important. TCP tuning can be done by increasing the number of available system ports in the /etc/sysctl.conf file:

net.ipv4.ip_local_port_range = 1024 65000

Execute the command below for the changes to take effect:

sysctl -p

The modifications above will eventually change the value in the /proc/sys/net/ipv4/ip_local_port_range file.

Number of open files

File tuning is required if the current maximum number of files that can be stored on the Red Hat Directory Server is less than 64000.

cat /proc/sys/fs/file-max

Edit /etc/sysctl.conf file and add the fields listed below to adjust these values:

fs.file-max = 64000

Afterwards, increase the maximum number of open files by adding the following line to the /etc/security/limits.conf file:

*-nofile8192

Then, Pluggable Authentication Modules (PAM) pam_limits.so is needed in the /etc/pam.d/system-auth file:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so

password    required      /lib/security/$ISA/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so

Execute the command below so the changes in /etc/sysctl.conf file will take effect:

sysctl -p

Meanwhile, the users will need to log out and then log back in order for the modifications in the limits.conf file take effect.

How do I limit the number of simultaneous web connections from a client system via the Squid proxy server?

by Michael Napolis

Using Squid's maxconn Access Control List (acl) element it is possible to limit simultaneous web connections coming from client systems that use a Squid proxy server. To use the maxconn element, the "client_db on" directive should be set. By default this is activated in the /etc/squid/squid.conf configuration file.

Edit the /etc/squid/squid.conf file and look for the fields listed below to be able put the maxconn parameters afterwards:

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

# Example rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed
#acl our_networks src 192.168.1.0/24 192.168.2.0/24
#http_access allow our_networks

Here is an example of limiting 5 simultaneous web access from the same client system:

acl STUDENTS 192.168.3.0/24
acl numbercon maxconn 5
http_access deny STUDENTS numbercon

Restart the Squid service for the changes to take effect:

service squid restart

How do I configure a client system to automatically drop an idle LDAP user connection to the LDAP server based on idle time restrictions?

by Michael Napolis

Using the authconfig tool, it is possible to configure LDAP authentication for a client system. The authconfig tool reads and modifies the /etc/nsswitch.conf, /etc/ldap.conf, /etc/pam.d/system-auth and /etc/openldap/ldap.conf files for LDAP settings.

With the /etc/ldap.conf idle_timelimit directive, the allowed number of seconds an idle LDAP user have access to the LDAP server can be set. Once the idle_timelimit is reached, the connection is automatically dropped.

See the example /etc/ldap.conf setting:

# @(#)$Id: index.html,v 1.6 2005/09/21 16:26:50 tfox Exp $
#
# This is the configuration file for the LDAP nameservice
# switch library and the LDAP PAM module.
#
# PADL Software
# http://www.padl.com
#

# Your LDAP server. Must be resolvable without using LDAP.
# Multiple hosts may be specified, each separated by a
# space. How long nss_ldap takes to failover depends on
# whether your LDAP client library supports configurable
# network or connect timeouts (see bind_timelimit).

host 192.168.0.1
#LDAP Servers

base dc=feu,dc=example,dc=org
#base object of the server

idle_timelimit 3600
#sets the user idle time the connection is automatically drop

The changes will take effect once the LDAP user reconnects to the LDAP server.

What is the best way to monitor my system's performance over a long period of time versus short time frames?

The most sophisticated tool available to you for resource monitoring is the Sysstat tool. Sysstat contains the following tools: iostat, mpstat, sadc, and sar. The iostat tool displays an overview of CPU utilization, along with I/O statistics for one or more disk drives. The mpstat tool displays more in-depth CPU statistics. The sadc tool collects system resource utilization information and writes it to a file. The sar tool produces reports created by sadc.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: