Whitepapers




Feel free to download any of the technical white papers and share with others. The white papers are available to educate and inform you on different subjects. This site will be updated as new products are available. If you have a specific request regarding Bynari topics for white papers, please send us an email at
<script language="JavaScript" type="text/javascript">
<!--
var prefix = 'ma' + 'il' + 'to';
var path = 'hr' + 'ef' + '=';
var addy46831 = 'support' + '@';
addy46831 = addy46831 + 'bynari' + '.' + 'net' + '.' + '';
document.write( '<a ' + path + '\'' + prefix + ':' + addy46831 + '\'>' );
document.write( addy46831 );
document.write( '<\/a>' );
//-->\n </script>support@bynari.net.<script language="JavaScript" type="text/javascript">
<!--
document.write( '<span style=\'display: none;\'>' );
//-->
</script>This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
<script language="JavaScript" type="text/javascript">
<!--
document.write( '</' );
document.write( 'span>' );
//-->
</script>




• Active_Directory_Whitepaper.pdf
• HighAvailability-WhitePaper.pdf
• The Exchange Server Replacement HOWTO - Whitepaper
• Courier-shared folder.pdf
• JabberD-Configuration.pdf
• Calendaring with CalDAV - using Sunbird and Evolution.
• Master-Slave-Configuration-Guide.pdf

We saw last time, that in order to securely connect to a remote MySQL server running both mysql and ssh, we had to create a tunnel between our desktop and the server where we had to forward port 3307 on our desktop to port 3306 running locally on the remote server by giving the following intruction to ~/.ssh/config:

Localforward 3307 localhost:3306

This time, we want to forward port 3307 on our desktop to port 3306 on the MySQL server (let says it as 192.168.0.3 as IP adress). The only change we have to make to the previous configuration is to change the Localforward instruction by:

Localforward 3307 192.168.0.3:3306

And simply use the same mysqlcc configuration as the one given in the How To Connect to a remote mysql server using mysqlcc and ssh tunneling Tutorial. It is as simple as that :). Here is an overview of the final configuration we have deployed:

.

People which do not want to use ~/.ssh/config might use the following command:

tester@laptop:~$ssh -L 3307:192.168.0.3:3306 myuser@remotesshserver.com

Now, you can play around with port forwarding, later on, I will show you how to go even further and just do some useless be geeky thing.

First of all, we are going to configure ssh. Edit or Create file ~/.ssh/config. Add the following lines (depending on your settings):

Host myhostnickname

Hostname myremotehost.com

User mysshuser Localforward 3307 localhost:3306

#only if using rsa or dsa key authentification

IdentityFile ~/.ssh/myremotehost_id_dsa

connect to your remote host

$ssh myhostnickname

How to Configure Swiftiply with Nginx

upstream mongrel_test_cluster {
  server 127.0.0.1:4000;
}

cluster_address: 127.0.0.1
cluster_port: 4000
daemonize: true
epoll: true
epoll_descriptors: 8192
map:
- incoming: localhost
  outgoing: 127.0.0.1:5000
  default: true
  docroot: /usr/local/httpd/testapp
  redeployable: true

require 'swiftcore/swiftiplied_mongrel'

require 'swiftcore/swiftiplied_mongrel'

upstream mongrel_test_cluster {
  server 127.0.0.1:4000;
  server 127.0.0.1:4001;
  server 127.0.0.1:4002;
  server 127.0.0.1:4003;
}

How Many Mongrel Instances Should I Run?






There is no set number that is “best” since that depends on factors like the
type of application, server hardware, how dynamic the appication is, etc.






I’ve found that 8-12 mongrel processes per CPU is about right, but I determined
this by starting with 1 and then doing the following:






Baseline Your Server






Pick a URL to a small file that is running on your apache server and is not
served by Mongrel at all. This URL will be your “best possible baseline”.






Build your baseline measurement first. Using httperf, measure the speed of
your URL so that you know how fast you could possibly get if you served
everything static in ideal situations.






Make sure you do this on a different machine over an ideal network.
Not your damn wifi over a phone line through sixteen poorly configured routers.
Right next to the box your testing with a fast switch and only one hop is the
best test situation. This removes network latency from your test as a
confounding factor.






Baseline Rails and Mongrel






Pick a page that’s a good representative page for your application. Make sure
you disable logins to make this test easier to run. Hit this Rails page and
compare it to your baseline page.





• If your rails measurement is faster than your baseline
  measurement then you screwed up. Rails shouldn’t be faster than a file
  off your static server. Check your config.
• If your rails measurement is horribly slow compared to baseline
  then you’ve got some config to do before you even start tuning the
  number of process. Repeat this test until one mongrel is as fast as
  possible.
• Run the test and find out that one mongrel can support a --rate of 120 req/second.
• Add another mongrel and run the test again with --rate 240. It handles this
  just find so you add another and get --rate 360.
• Try another one and it dies. Giving --rate 480 gets you only a rate of 100.
  Your server has hit it’s max and broke.
• Try tuning the --rate down at this and see if it’s totally busted (like, 4 mongrels
  only gets you --rate 380) or if it’s pretty close to 480.
• That should do it. A good practice is to also look at the CPUs on the
  server with top and see what kind of thrashing you give the server.
• httperf --server www.theserver.com --port 80 --uri /tested --num-conns <10 second count>
• httperf --server www.theserver.com --port 80 --uri /tested --num-conns <10 second count> --rate <reported req/sec>





Where <10 second count> is enough connections to make the test run for 10
seconds. Start off with like 100 and keep raising it until it goes for 10
seconds.






Where <reported req/sec> is whatever httperf said the estimated
requests/second were. What you’re doing here is seeing if it really can handle
that much concurrency. Try raising it up and dropping it down to see the
impact of performance on higher loads.

The umask defines the permissions a new file will get - or better:
the permissions it will not get.





You can display the current umask numeric and as text:





user@host:~ $ umask
0027
user@host:~ $ umask -S
u=rwx,g=rx,o=





The numbers mean the following:





0 0 2 7
| | | '--> permissions for others (o)
| | '--> permissions for the group (g)
| '--> permissions for the owner (user, u)
'--> special permissions (SUID, SGID, sticky) - always 0 in umask





The digits for user, group and others are the sum of:



• 1 - execute permission (x)
• 2 - write permission (w)
• 4 - read permission (r)
• all permissions for the file owner (user)
• no write permissions (but read and execute permissions) for the group
• no permissions for others




You can specify the umask with the command umask 0027. The
number can vary, of course. The umask you define this way is valid in
the current shell and all child processes. If you set the umask in
~/.profile, it is valid for the whole time you are logged in.
If you define it in a xterm, it is only valid for everything you do in
this xterm.





If you want to define the umask for a specific directory (example:
group write permissions for a directory you use together with your
colleges), you'll become sweating when using the umask command
because it is always valid for all directories.





The solution of this problem is setting a default ACL. The
following command ensures that all new files in /home/shared/
have all permissions (including write permissions) set for the group:





setfacl -d -m mask:007 /home/shared/





You should also set the sgid-bit for the directory and choose the
wanted group using chgrp:





chgrp the_team /home/shared/
chmod g+s /home/shared/





If /home/shared/ already contains subdirectories, you have
to change their permissions as well. Tip: all mentioned commands know
the -R option.





Starting with KDE 3.5 (which will be contained in the upcoming SUSE
Linux 10.1) you can easily define ACLs using the file properties dialog.





If you want to access /home/shared/ only using samba, you
can instead use the directory mask and create mask for
the share (be warned: samba doesn't use the inverted permission mask as
umask does!). You should also set the force group option.





Original URL (german):


http://suse-linux-faq.koehntopp.de/q/q-filesystems-umask.html

MySql: Give Root User Logon Permission From Any Host

Anonymous Account Password
Assignment






To assign passwords to the anonymous accounts, connect to the
server as root and then use either
SET PASSWORD or UPDATE. In
either case, be sure to encrypt the password using the
PASSWORD() function.






To use SET PASSWORD on Windows, do this:





shell> mysql -u root
mysql> SET PASSWORD FOR ''@'localhost' = PASSWORD('newpwd');
mysql> SET PASSWORD FOR ''@'%' = PASSWORD('newpwd');





To use SET PASSWORD on Unix, do this:





shell> mysql -u root
mysql> SET PASSWORD FOR ''@'localhost' = PASSWORD('newpwd');
mysql> SET PASSWORD FOR ''@'host_name' = PASSWORD('newpwd');





In the second SET PASSWORD statement, replace
host_name with the name of the server
host. This is the name that is specified in the
Host column of the
non-localhost record for
root in the user table. If
you don't know what hostname this is, issue the following
statement before using SET PASSWORD:





mysql> SELECT Host, User FROM mysql.user;





Look for the record that has root in the
User column and something other than
localhost in the Host
column. Then use that Host value in the
second SET PASSWORD statement.






Anonymous Account Removal






If you prefer to remove the anonymous accounts instead, do so as
follows:





shell> mysql -u root
mysql> DROP USER '';





The DROP statement applies both to Windows
and to Unix. On Windows, if you want to remove only the
anonymous account that has the same privileges as
root, do this instead:





shell> mysql -u root
mysql> DROP USER ''@'localhost';





That account allows anonymous access but has full privileges, so
removing it improves security.






root Account Password
Assignment






You can assign passwords to the root accounts
in several ways. The following discussion demonstrates three
methods:





• 
  Use the SET PASSWORD statement
  

• 
  Use the mysqladmin command-line client
  program
  

• 
  Use the UPDATE statement
  





To assign passwords using SET PASSWORD,
connect to the server as root and issue two
SET PASSWORD statements. Be sure to encrypt
the password using the PASSWORD() function.






For Windows, do this:





shell> mysql -u root
mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('newpwd');
mysql> SET PASSWORD FOR 'root'@'%' = PASSWORD('newpwd');





For Unix, do this:





shell> mysql -u root
mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('newpwd');
mysql> SET PASSWORD FOR 'root'@'host_name' = PASSWORD('newpwd');

Apache: Creating A Session-Aware Loadbalancer Using mod_proxy_balancer (Debian Etch)

<script type="text/javascript"> <!-- document.write('<div style="float: right; margin: 0 0 10px 10px;">'); //--> </script> <!-- BEGIN NetShelter Ad Tag for HowtoForge 120x600,160x600 --> <script language="JavaScript" type="text/javascript"> if (!window.netshel_ord) { netshel_ord=Math.random()*10000000000000000; } if (!window.netshel_tile) { netshel_tile=1; } document.write('<script src="http://ad.doubleclick.net/adj/ns.howtoforge/howtos;sz=120x600,160x600;tile='+netshel_tile+';ord=' + netshel_ord + '?" language="JavaScript" type="text/javascript">'); netshel_tile++; </script><script src="http://ad.doubleclick.net/adj/ns.howtoforge/howtos;sz=120x600,160x600;tile=2;ord=391161676682785.25?" language="JavaScript" type="text/javascript"></script><script src="http://a.tribalfusion.com/j.ad?site=HowToForgecom&adSpace=ROS&size=120x600&noAd=1&requestID=20641551710.7027781348096246" language="javascript"></script> <!-- END AD TAG --><script type="text/javascript"> <!-- document.write('<div><a href="http://www.howtoforge.com/membership"><img src="http://www.howtoforge.com/themes/htf_glass/images/remove_ads.gif" border="0" alt="Remove ads"></a></div>'); //--> </script> <script type="text/javascript"> <!-- document.write('</div>'); //--> </script> <!-- begin content --> Submitted by falko (Contact Author) (Forums) on Tue, 2007-05-29 16:42. :: Debian | Apache Apache: Creating A Session-Aware Loadbalancer Using mod_proxy_balancer (Debian Etch) Version 1.0 Author: Falko Timme <ft [at] falkotimme [dot] com> Last edited 05/26/2007 Since Apache 2.1, a new module called mod_proxy_balancer is available which lets you turn a system that has Apache installed into a loadbalancer. This loadbalancer retrieves requested pages from two or more backend webservers and delivers them to the user's computer. Users get the impression that they deal with just one server (the loadbalancer) when in fact there are multiple systems behind the loadbalancer that process the users' requests. By using a loadbalancer, you can lower the load average on your webservers. One important feature of mod_proxy_balancer is that it can keep track of sessions which means that a single user always deals with the same backend webserver. Most websites are database-driven nowadays with user logins etc., and you'd get weird results if a user logs in on one backend webserver, and then his next request goes to another backend webserver, meaning he'd get logged out again. You can avoid this by using mod_proxy_balancer's session-awareness. I do not issue any guarantee that this will work for you!

Configuring Manager Application Access








The description below uses the variable name $CATALINA_HOME
to refer to the directory into which you have installed Tomcat 6,
and is the base directory against which most relative paths are
resolved. However, if you have configured Tomcat 6 for multiple
instances by setting a CATALINA_BASE directory, you should use
$CATALINA_BASE instead of $CATALINA_HOME for each of these
references.








It would be quite unsafe to ship Tomcat with default settings that allowed
anyone on the Internet to execute the Manager application on your server.
Therefore, the Manager application is shipped with the requirement that anyone
who attempts to use it must authenticate themselves, using a username and
password that have the role manager associated with them.
Further, there is no username in the default users file
($CATALINA_HOME/conf/tomcat-users.xml) that is assigned this
role. Therefore, access to the Manager application is completely disabled
by default.





To enable access to the Manager web application, you must either create
a new username/password combination and associate the role name
manager with it, or add the manager role
to some existing username/password combination. Exactly where this is done
depends on which Realm implementation you are using:




• MemoryRealm - If you have not customized your
  $CATALINA_HOME/conf/server.xml to select a different one,
  Tomcat 6 defaults to an XML-format file stored at
  $CATALINA_HOME/conf/tomcat-users.xml, which can be
  edited with any text editor. This file contains an XML
  <user> for each individual user, which might
  look something like this:
  

  	<user name="craigmcc" password="secret" roles="standard,manager" />

  
  which defines the username and password used by this individual to
  log on, and the role names he or she is associated with. You can
  add the manager role to the comma-delimited
  roles attribute for one or more existing users, and/or
  create new users with that assigned role.
• JDBCRealm - Your user and role information is stored in
  a database accessed via JDBC. Add the manager role
  to one or more existing users, and/or create one or more new users
  with this role assigned, following the standard procedures for your
  environment.
• JNDIRealm - Your user and role information is stored in
  a directory server accessed via LDAP. Add the manager
  role to one or more existing users, and/or create one or more new users
  with this role assigned, following the standard procedures for your
  environment.





The first time you attempt to issue one of the Manager commands
described in the next section, you will be challenged to log on using
BASIC authentication. The username and password you enter do not matter,
as long as they identify a valid user in the users database who possesses
the role manager.





In addition to the password restrictions the manager web application
could be restricted by the remote IP address or host by adding a
RemoteAddrValve or RemoteHostValve. Here is
an example of restricting access to the localhost by IP address:


<Context path="/manager" privileged="true"
         docBase="/usr/local/kinetic/tomcat6/server/webapps/manager">
         <Valve className="org.apache.catalina.valves.RemoteAddrValve"
                allow="127\.0\.0\.1"/>
</Context>

Turn on Servlet Reloading




The next step is to tell Tomcat to check the modification dates of
the class files of requested servlets, and reload ones
that have changed since they were loaded into the server's memory.
This slightly degrades performance in deployment situations,
so is turned off by default. However, if you fail to turn it on for
your development server, you'll have to restart the server
every time you recompile a servlet that has already been loaded into
the server's memory. Since this tutorial discusses the
use of Tomcat for development, this change is strongly recommended.




To turn on servlet reloading, edit Edit
install_dir/conf/context.xml and change




  <Context>
    





to




  <Context reloadable="true" privileged="true">
    





Note that the privileged entry is really to support the invoker
servlet (see the following section), so you can omit that entry if you do not
use the invoker.




You can also:



• 
  Use my preconfigured Tomcat version. Tomcat 6.0.10 with all
  server.xml, context.xml, and web.xml changes,
  plus the sample HTML, JSP, and Java files.
• Download my modified context.xml
  for Tomcat 6.0. From Tomcat 6.0.10,
  but should work on most versions of Tomcat 6.0.
  Right-click or shift-click on the link to download the file.
• 
  Use my preconfigured Tomcat version. Tomcat 6.0 with all
  server.xml, context.xml, and web.xml changes,
  plus the sample HTML, JSP, and Java files.
• Download my modified web.xml for Tomcat 6.0.
  From Tomcat 6.0.10, but should work on most versions of Tomcat 6.0.
  Right-click or shift-click on the link to download the file.




6. Turn on Directory Listings (Optional)





In previous Tomcat versions, if you entered a URL ending in a slash
(/) and there was no welcome-file in the directory (or servlet-mapping that matched the URL), Tomcat displayed a directory listing. In Tomcat 6, the default
was changed from true to false for these directory listings. Many developers find
it convenient to turn directory listings back on.
To make this change, edit install_dir/conf/web.xml
and change the init-param value of listings for the default servlet,
as below. Do not confuse this
Apache Tomcat-specific web.xml file with the standard
one that goes in the WEB-INF directory of each Web application.




    <servlet>
        <servlet-name>default</servlet-name>
        <servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
        <init-param>
            <param-name>debug</param-name>
            <param-value>0</param-value>
        </init-param>
        <init-param>
            <param-name>listings</param-name>
            <param-value>true</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>
    





You can also:

Search smarter with Apache Solr, Part 2: Solr for the enterprise Administration, configuration, and performance

	Document options Document options requiring JavaScript are not displayed <script language="JavaScript" type="text/javascript"> <!-- document.write('<tr valign="top"><td width="8"><img src="http://www.ibm.com/i/c.gif" width="8" height="1" alt=""/></td><td width="16"><img alt="Set printer orientation to landscape mode" height="16" src="http://www.ibm.com/i/v14/icons/printer.gif" width="16" vspace="3" /></td><td width="122"><p><b><a class="smallplainlink" href="http://www.ibm.com/javascript:print()">Print this page</a></b></p></td></tr>'); //--> </script> Print this page <script language="JavaScript" type="text/javascript"> <!-- 5.6 10/24 llk: added cdata around the subdirectory path of email gif--> <!-- document.write('<tr valign="top"><td width="8"><img src="http://www.ibm.com/i/c.gif" width="8" height="1" alt=""/></td><td width="16"><img src="http://www.ibm.com/i/v14/icons/em.gif" height="16" width="16" vspace="3" alt="Email this page" /></td><td width="122"><p><a class="smallplainlink" href="http://www.ibm.com/javascript:void newWindow()"><b>E-mail this page</b></a></p></td></tr>'); //--> </script>
		E-mail this page
		Sample code

Integrate new tools and architectures into your environment -- fast!

Help us improve this content

Level: Intermediate

Grant Ingersoll (solr@grantingersoll.com), Senior software engineer, Center for Natural Language Processing at Syracuse University

05 Jun 2007

Lucene Java™ committer Grant Ingersoll rounds out his introduction to Solr with a survey of its features for the enterprise, including administration interfaces, advanced configuration options, and performance features such as caching, replication, and logging.

In Part 1 of this
series, I
introduced Apache Solr, an open source, HTTP-based search server that can
be easily incorporated into a wide variety of Web applications. I
demonstrated Solr's basic functionality, including indexing, searching, and
browsing, and also introduced the Solr schema and explained its role in
configuring Solr functionality. In this second half of the article, I complete my introduction to Solr by showcasing the features that make it a desirable solution for large-scale production environments. Topics covered include administration, caching, replication, and extensibility.

Scaling Rails with Apache 2.2, mod_proxy_balancer and Mongrel

Modify APACHE_HOME/conf/httpd.conf and add a single line at the end of the file:

# Include mod_jk's specific configuration file  
Include conf/mod-jk.conf  
            

Next, create a new file named APACHE_HOME/conf/mod-jk.conf:

# Load mod_jk module
# Specify the filename of the mod_jk lib
LoadModule jk_module modules/mod_jk.so
 
# Where to find workers.properties
JkWorkersFile conf/workers.properties

# Where to put jk logs
JkLogFile logs/mod_jk.log
 
# Set the jk log level [debug/error/info]
JkLogLevel info 
 
# Select the log format
JkLogStampFormat  "[%a %b %d %H:%M:%S %Y]"
 
# JkOptions indicates to send SSK KEY SIZE
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
 
# JkRequestLogFormat
JkRequestLogFormat "%w %V %T"
               
# Mount your applications
JkMount /application/* loadbalancer
 
# You can use external file for mount points.
# It will be checked for updates each 60 seconds.
# The format of the file is: /url=worker
# /examples/*=loadbalancer
JkMountFile conf/uriworkermap.properties               

# Add shared memory.
# This directive is present with 1.2.10 and
# later versions of mod_jk, and is needed for
# for load balancing to work properly
JkShmFile logs/jk.shm 
              
# Add jkstatus for managing runtime data
<Location /jkstatus/>
    JkMount status
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
</Location>