Saturday, July 18, 2015

Weblogic Overload Protection


Weblogic Server has a built-in feature for detecing ,avoding and recovering from overload conditions. So when a Weblogic server is experiencing Out of memory conditions or any of the Server Sub System is in failed state , we can instruct weblogic server to take corrective actions .  We can tune the Weblogic server to take corrective actions during these overload states. We can for example instruct to kill the server process during a failed or a overload state so that the node manager or administrator can take corrective actions.

A managed-server can fail as a result of out-of-memory exceptions or stuck application threads, or if one of its services is running into an error condition. A managed-server instance can monitor its health. If it detects that an unstable state is reached, it declares itself failed.

By usiong the Weblogic Over load protection feature we can prevent the negative consequences like degraded application performance and stability causing the server not to take any requests from users.

Configuring the Over load protection
Go to Server -> Overload tab to configure the over load protection for that server.

In the overload tab we can see 2 actions which can taken when we see a Over load condition

Panic action - When the kernel encounters a panic condition , the below actions can be taken.The following two actions are available.

No-action
Exit the server process

When the server health monitoring encounters a critical situation and flags the server as failed, one of three predefined actions can be taken automatically

No-action
"Force immediate shutdown of this server", meaning that server will shut down completely
"Suspend server for correction action", meaning that server will go into admin state

There are certain other conditions that can be used that exists in the same tab ,

Max Stuck Thread Time - The number of seconds that a thread must be continually working before this server diagnoses the thread as being stuck
Stuck Thread Count - The number of stuck threads after which the server is transitioned into FAILED state. There are options in OverloadProtectionMBean to suspend and shutdown a FAILED server. By default, the server continues to run in FAILED state.


Hope this helps about the over load protection in weblogic.
Read More

Apache - Host a YUM Repository

There will be cases where we need to download various packages from internet. in most of these cases the YUM repository will be hosted on a web server. In this article we will see how we can Host a YUM repository on a Apache web server.

1) Create a location mkdir /var/www/html/myrepo. The location /var/www/html is the Apache Document root and this is available in Apache configuration file httpd.conf. If you are going for a new location make the necessary changes

2) Copy some of the packages to the location and run the createrepo command

[root@vx111a test]# createrepo /var/www/html/myrepo
Spawning worker 0 with 1 pkgs
Spawning worker 1 with 0 pkgs
Spawning worker 2 with 0 pkgs
Spawning worker 3 with 0 pkgs
Spawning worker 4 with 0 pkgs
Spawning worker 5 with 0 pkgs
Spawning worker 6 with 0 pkgs
Spawning worker 7 with 0 pkgs
Workers Finished
Saving Primary metadata
Saving file lists metadata
Saving other metadata
Generating sqlite DBs
Sqlite DBs complete

Once the createrepo is done, we can see a repodata directory in the same /var/www/html/myrepo

[root@vx111a myrepo]# ll
drwxr-xr-x. 2 root root    4096 Jul 17 18:52 repodata
-rw-r--r--. 1 root root 2489408 Jul 17 18:51 zsh-5.0.2-7.el7.x86_64.rpm

3) Once the repodata is created we need to set the permissions on the location as

chmod o+r /var/www/html/myrepo -R
chcon -R httpd_sys_content_t /var/www/html/myrepo

The above last command need to execute only if Selinux is in enforcing mode

4) Once the above steps are done we need to configure the repo file for the client location in /etc/yum.repos.d/myrepo.repo as
[myrepo]
name=my custom repo
baseurl=http://apacheserver/myrepo
enabled=1
gpgcheck=0
5) We can also access the apache server where we can download the packages too.

Hope this helps, More to come
Read More

Apache - mod_proxy_ajp

There are many other modules available in Apache which can connect to the back end servers like Tomcat. mod_proxy_ajp is on such Apache module. mod_proxy_ajp which can be used to forward a client HTTP request to an internal Tomcat application server using the AJP protocol. HTTP protocol uses a plain text format for communications. The plain text format where actual words make up the message can create a Overhead of traffic. AJP takes care of this by converting these messages into binary code thus reducing the amount of space taken by each message.

AJP or Apache JServ Protocol, is an optimized binary version of HTTP that is typically used to allow Tomcat to communicate with an Apache web server. So it is always better to use AJP protocol in communication between Apache and back end servers

Now the mpd_proxy_ajp module is used to reverse proxy to a back-end application server (e.g. Apache Tomcat) using the AJP13 protocol. The usage is similar to an HTTP reverse proxy, but uses the ajp:// prefix:

For this module to work we need another modules to be loaded into Apache which is mod_proxy. It provides support for the Apache JServ Protocol version 1.3 (hereafter AJP13).Thus, in order to get the ability of handling AJP13 protocol, mod_proxy and mod_proxy_ajp have to be present in the server.

In this article we will see how we can configure mod_prox_ajp module in Apache for 2 tomcat server running back end. Now here is the basic Virtual Host configuration done on my Apache server

LoadModule  mod_proxy_ajp  modules/mod_proxy_ajp.so

<VirtualHost myproject.local:8980>

    DocumentRoot /var/www/virtual/www.sam1.com/html/
    ServerName myproject.local
    ErrorLog logs/dummy-www.sam1.com-8280-error_log
    CustomLog logs/dummy-www.sam1.com-8280-access_log common

    <Directory "/var/www/virtual/www.sam1.com/html/">
        Options None
        Options -Indexes +FollowSymLinks +MultiViews
        AllowOverride All
        Require all granted
        Allow from all
    </Directory>

     ProxyRequests On
     <Proxy *>
          Order deny,allow
          Allow from all
     </Proxy>

     ProxyPass           /app   ajp://172.16.202.95:18019/myApp/index.jsp
     ProxyPassReverse    /app   ajp://172.16.202.95:18019/myApp/index.jsp

     ProxyPass           /app   ajp://172.16.202.96:18020/myApp/index.jsp
     ProxyPassReverse    /app   ajp://172.16.202.96:18020/myApp/index.jsp

</VirtualHost>

The most important lines in the above configuration are,

ProxyPass           /app   ajp://172.16.202.95:18019/myApp/index.jsp
ProxyPassReverse    /app   ajp://172.16.202.95:18019/myApp/index.jsp

ProxyPass           /app   ajp://172.16.202.96:18020/myApp/index.jsp
ProxyPassReverse    /app   ajp://172.16.202.96:18020/myApp/index.jsp

The proxy pass element sends the request back to the application myApp/index.jsp which is running on the tomcat server running on 172.16.202.95:18019. So when ever we access the Apache Host URL with adding /app we hit the application running in the tomcat server . One more important thing in this case is that we need to configure the AJP protocol in the tomcat-server/conf/server.xml file.

Make sure you change the details in 172.16.202.95:18019. The The ProxyPassReverse is used to change the headers sent by the app  to Apache, before Apache sends it the browser. This element is used to modify headers before sending the response back to the browser.

In the above configuration we have the same application deployed in 2 tomcat servers running on different ips and ports. The application in any one of the tomcat servers will be accessed when we use to access them using http://myproject.local:8980/app.

Hope this helps, More to Come.

Read More

Apache – Multi Processing Modules

The Multi-Processing modules also called as MPM are the ones that are responsible for binding to network ports on a machine, accepting requests and dispatching children to handle the requests. So when ever a request comes to the Apache server the MPM modules takes the request and assigns one of its Child to the request for processing.

One important thing about this that only one MPM module can be active at any time in the HTTPD server. This is like any other Apache module but only one will be loaded at time.

The reason why MPM came into existence is to allow different ways that a server is build to handle HTTP requests within the Computing Constrains.

How does this Work?
There exists a Single Control Master process which is responsible for launching multiple Child process which takes the incoming HTTP requests for processing. Apache always tried to maintain several spare ( not-in-use ) process which will be ready for serving incoming requests. In this way client does not need to wait for child Processed to be forked before their requests can be severed.

Installing MPM
As said earlier only one MPM can be active at a time. The Installation of MPM can be done when we are building the Apache HTTPD server from source by passing an argument
--with-MPM=<Module Name>

Available MPM
Apache Server supports multiple types of MPM. Of all the available the important ones are Prefork and Worker.

By default Prefork modules is being used as the default one for Apache. There are certain major differences in selecting the MPM for Production uses

Apache Prefork  MPM - This Multi-Processing Module (MPM) implements a non-threaded, pre-forking web server that handles requests. This is appropriate for web sites that need to avoid threading for compatibility with non-thread safe libraries. This is said to be the best MPM for isolating requests so that problem with a Single request does not effect any others.

This MPM implements a hybrid multi-process multi-threaded server. By using threads to serve requests, it is able to serve a large number of requests with less system resources than a process-based server.  This also keeps spare process with threads in order to handle more load of requests

Apache Worker MPM – This MPM is best used threaded environment. This is used with Apache with modules loaded in do not have thread safety issues. However, creating processes on Linux is generally fast enough that you don't need to use worker. The worker MPM really shows off it's value on platforms that have very heavy-weight processes, such as AIX.

The Major Differences are

Prefork – uses multiple Child Process with one thread each and each process handles one connection at a time. Each request gets its own Memory-separated Process

Worker – uses multiple Child Process with many thread each. Each thread handles one Connection at a time. This is considered to be faster than the Prefork MPM.

How to find which MPM is loaded
In order to find which MPM the Current HTTPD process is using, we can run the command

[root@localhost ] httpd –V
Server MPM: Prefork

Configurations Files
The configuration of Prefork or Worker MPM exists in the conf.modules.d/ location in the Apache location with name mpm.conf

We can un-comment the LoadModule of the MPM we want to use.

Hope this Helps, More to come on configuring the MPM
Read More

Thursday, July 9, 2015

Weblogic - Connect to the Embedded LDAP

In most cases we will not be connecting to the LDAP repository available in Weblogic but in some cases we need to connect to that for obtaining certain details regarding the users and roles. In this article we will see how  we can connect to the Embedded LDAP using an external LDAP explorer.

Before connecting to the Weblogic Embedded LDAP repository , we need to make some changes on the Weblogic side which will allow to browse the repository.

Enable "Anonymous Admin Lookup Enabled" under <Domain Name>/Security and change the credential and  Confirm Credential  with new passwords ( like weblogic) under the <domain Name>/Security/Embedded LDAP tab

Once changes are done, we need to restart the Weblogic Server again. Once started connect to the Weblogic Embedded LDAP using JXplorer with the below configuration

Host: <IP address> | <Domain Name>
Port: Adminserver port
Protocol: LDAP v3
Base DN: dc=weblogicDomainName
Level: User+Password
User DN: cn=Admin
Password: Password Provided Earlier

Now we can browse the embedded browser.
Read More

Apache – mod_proxy_balancer

We have seen many Apache modules which provides various benefits like load balancing support , security, URL rewriting and Proxy passing etc. In this article we will see one more Apache module called mod_proxy_balancer which works as a load balancer. We use this module when we have a stateless applications which does not require any sticky sessions or clustering but need load balancing support.

1) Load the module mod_proxy_balancer by adding the below line to the httpd.conf

LoadModule proxy_balancer_module "/opt/ers40jk/apache2.2/modules/standard/mod_proxy_balancer.so"

2) Once the module is loaded we need to add the set handler element for mod_proxy_balancer element as

<IfModule mod_proxy_balancer.c>
<Location "/balancer-manager">
  SetHandler balancer-manager
  Order deny,allow
  Allow from all
</Location>

3) Now we need to add the URL from Back end so that Apache can send the requests. The configuration looks as

<Proxy balancer://localhost>
         BalancerMember http://172.16.202.95:18011 loadfactor=1
         BalancerMember http://172.16.202.96:18010 loadfactor=2
</Proxy>

4) Once we have added the necessary back end URL to send requests , we need to provide the proxy pass elements so that we can use this in the browser URL

ProxyPass /myApp balancer://localhost/myApp/
</IfModule>

This example is setup for round robin load balancing where the second BalanceMember processes 2 of every 3 requests. You can adjust this and also the load balancing method based on your needs. Some different load balancing methods mentioned in the doc are byrequests, bytraffic and bybusyness.

Here is the total configuration in my httpd.conf file

<VirtualHost *:8580>
  
    DocumentRoot /var/www/virtual/www.sam1.com/html/
    ServerName myproject.local
    ErrorLog logs/dummy-www.sam1.com-8380-error_log
    CustomLog logs/dummy-www.sam1.com-8380-access_log common
 
    <Directory "/var/www/virtual/www.sam1.com/html/">
        Options None
        Options -Indexes +FollowSymLinks +MultiViews
        AllowOverride All
        Require all granted
        Allow from all
    </Directory>
 
     <IfModule mod_proxy_balancer.c>
          <Location "/balancer-manager">
            SetHandler balancer-manager
            Order deny,allow
            Deny from all
            Allow from all
          </Location>

        <Proxy balancer://localhost>
             BalancerMember http://172.16.202.95:18011 loadfactor=1
             BalancerMember http://172.16.202.96:18010 loadfactor=2
        </Proxy>

             ProxyPass /myApp balancer://localhost/myApp/
       </IfModule>

</VirtualHost>

We access the same application deployed in both tomcat instances back end running on IP address 172.16.202.95 and 96. The application is accessed using myproject.local:8580/myApp


Hope this helps, More to Come J
Read More