Niall Mullen's Weblog

Goodbye from me

After nearly six years ill be leaving Sun, so this will be the final post on my blog.

Ive had a great time here.

Ive been fortunate enough to work with some very smart people and may well be back some
day but for now its time to take up new challenges elsewhere.

cheers,

Niall

Posted at 03:37PM May 25, 2006 by nmullen in General  | 

specweb 2005 configuration : Generating SSL Certs

This blog entry forms one part of a larger guide to specweb2005 which
is indexed here.

generating SSL Certs

Specweb2005 setup will involve setting up a secure webserver, which in many cases will
involve generating ssl certs for the webserver. This is not difficult however i found
it was poorly documented.

Specweb2005 requires a server that listens both on port 80 for regular http connections
and port 443 for https connections. For the secure server on port 443 you can configure your
webserver to listen there or if using solaris you can use the kssl proxy to redirect encrypted
traffic on port 443 to port 80 unencrypted without all that trapping in and out of kernel.
If your running s10u1 or later see ksslconfig (1m).

In either case your going to have to generate ssl certs for the encrypted connections.
Although this is easy to do its suprisingly difficult to find a straight answer on how to
do it if you dont know. The explanation I found after much searching is < a href=#http://java.sun.com/developer/technicalArticles/WebServices/appserv8-1.html> here .

Here ill take the example case using Sun Java Webserver. The following is what you need to
do to generate your server certs:

cd /opt/SUNWwbsvr/alias
LD_LIBRARY_PATH=/usr/sfw/lib
PATH=$PATH:/usr/sfw/bin
export PATH LD_LIBRARY_PATH
cd /opt/SUNWwbsvr/alias
cp /etc/ssh/moduli ./seed
certutil -N -d `pwd`
certutil -R -s "CN=`uname -n`-1,O=Sun Microsystems,L=Where I am,ST=Dublin,C=IE" -p "xxx-xxx-xxxxxx" -o mycert.req -x -z ./seed -d `pwd`
certutil -S -s "CN=`uname -n`-1,o=Sun,ou=sun.com, C=IE" -n myCA -x -t "TCu,Cu,Cu" -1 -2 -5 -m
1234 -z ./seed -v 100 -d `pwd`

One by one, select options 0, 1, 5, 6 and 9, and type y when the program asks
whether this is a critical extension.
After that, you will be prompted to select from other option menus, where
you should choose 5, 6, 9 for SSL CA and S/MIME CA.

certutil -C -m 2345 -i mycert.req -o mycert.crt -c myCA -v 100 -z ./seed -d `pwd`
certutil -A -n Server-Cert -t "TCu,TCu,TCu" -i mycert.crt -d `pwd`

My source for minding most of the above comes from:

http://www.modssl.org/docs/2.8/ssl_overview.html

Posted at 03:37PM May 25, 2006 by nmullen in Performance  | 

specweb 2005 configuration: Building the fileset

This blog entry forms one part of a larger guide to specweb2005 which
is indexed here.

Building the Fileset

Building the fileset is quite straight forward and is well documented here .

The only interesting caveat I found is the level to which one should parallellise
the building of the fileset. The building can be parallellised by generating a
series of

In the example below the script will build a fileset of 24000 for the SPECweb_Banking
workload, the only variables which need to change are dirscaling which takes the values
1000 for banking, 50 for ecommerce, and .25 for support workloads.

#!/bin/sh

i=0
dirscaling=1000

while [ $i -lt 24 ]; do

i=`expr $i + 1`

sessions=`expr $i \* 1000`

dir=`expr $sessions \* 50`
dir=`expr $dir + 1`

cat template |sed -e "s/XXX/$dir/" -e "s/YYY/$sessions/" >bank_usercheck_props.$sessions

done

for file in bank_*
do
java -server -Xms384m -Xmx384m -jar /102/wafgen/Wafgen.jar $file &
done

rm bank*

This launches 24 processes in this case to build the fileset in parallell.
I have found that one process per cpu on lower end machines and a little less at
the high end generates the best fileset build time.

Posted at 03:29PM May 25, 2006 by nmullen in General  |