• Get CPU/RAM usage per process on Linux

    / July 22, 2017

    When you’re facing performance issues, it’s always useful to check CPU/MEM usage per process to see if you have an issue with a specific process. For that, you can use ps and some sorting commands.

    Tip: You can shrink the results to the first lines by using head

    Memory analysis

    We’re using the –sort -rss attributes to get the results sorted by RSS in the desc order (use –sort rss for the asc order)

    $ps auxw --sort -rss | head -n5
USER       PID %CPU %MEM     VSZ     RSS TTY      STAT START   TIME COMMAND
mysql      604  0.2  8.4 1628428  177968 ?        Ssl  Jun30  71:59 /usr/sbin/mysqld
phpuser   9625  0.1  1.9  239588   40896 ?        S    Jul12  12:35 php-fpm: pool www
phpuser  14625  0.1  1.8  239572   39668 ?        S    Jul12  12:08 php-fpm: pool www
named     1849  0.0  1.2  299868   25984 ?        Ssl  Jun30   0:11 /usr/sbin/named -f -u bind
root       252  0.0  0.5  82868    12096 ?        Ss   Jun30   1:19 /usr/sbin/syslog-ng -F

    CPU analysis

    We’re using the –sort -%cpu attributes to get the results sorted by CPU in the desc order (use –sort %cpu for the asc order)

    ps auxw --sort -%cpu | head -n5
USER       PID %CPU %MEM     VSZ    RSS TTY      STAT START   TIME COMMAND
named     1849  0.9  0.1  299868  25984 ?        Ssl  Jun30   0:21 /usr/sbin/named -f -u bind
root      1668  0.5  0.0  259000  10332 ?        Sl   Jun23 195:48 /sbin/rsyslogd -i /var/run/syslogd.pid -c 5
postfix   9889  0.4  0.0  102368   7736 ?        S    05:44   0:00 smtpd -n smtp -t inet -u -o stress=
mysql      604  0.2  8.4 1628428 177968 ?        Ssl  Jun30  72:09 /usr/sbin/mysqld
phpuser   7960  0.1  1.8  238572  38780 ?        S    Jul17   4:35 php-fpm: pool www

    Then…

    Once you got the results, it’s time for you to investigate further and analyze what’s happening with those processes! Good luck!

    read more

  • Generate self-generated SSL certificate (cert/key pair)

    / July 5, 2017

    Here is a simple script with configuration file to generate a self-generated SSL certificate (cert/key pair).

    First define a config file openssl.cnf containing the certificate informations:

    [ req ]
default_bits = 2048
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no

[ req_dn ]
# country (2 letter code)
C=FR

# State or Province Name (full name)
ST=IdF

# Locality Name (eg. city)
L=Paris

# Organization (eg. company)
O=MyOrg

# Organizational Unit Name (eg. section)
OU=My SSL server

# Common Name (*.example.com is also possible)
CN=my.domain.com

# E-mail contact
emailAddre[email protected]

[ cert_type ]
nsCertType = server

    Then, create the bash script makessl.sh and configure your own parameters (directories, cert filename and validity duration):

    #!/bin/sh

# Generates a self-signed certificate.
# Edit openssl.cnf before running this.

umask 077
OPENSSL=${OPENSSL-openssl}

# Define SSL directory
SSLDIR=${SSLDIR-/opt}
# Define SSL config file
OPENSSLCONFIG=${OPENSSLCONFIG-/opt/openssl.cnf}
# Define crt/key directories
CERTDIR=$SSLDIR/certs
KEYDIR=$SSLDIR/private
# Define crt/key file
CERTFILE=$CERTDIR/mynewssl.pem
KEYFILE=$KEYDIR/mynewssl.key
# Define validity duratin for the cert
DAYS=365

# Check that directories exist or create themt
if [ ! -d $CERTDIR ]; then
  mkdir -p $CERTDIR
fi
if [ ! -d $KEYDIR ]; then
  mkdir -p $KEYDIR
fi

# Check that the files do not exist or move them
if [ -f $CERTFILE ]; then
  mv $CERTFILE $CERTFILE.old
fi
if [ -f $KEYFILE ]; then
  mv $KEYFILE $KEYFILE.old
fi

# Generate crt/key files
$OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days $DAYS || exit 2
chmod 0600 $KEYFILE
echo
$OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2

    Now, execute the bash script:

    $ bash makessl.sh
Generating a 2048 bit RSA private key
...............+++
................................................................................+++
writing new private key to '/opt/private/mynewssl.key'
-----

subject= /C=FR/ST=IdF/L=Paris/O=MyOrg/OU=My SSL server/CN=my.domain.com/[email protected]
SHA1 Fingerprint=F0:B1:B3:DF:F9:4D:A0:97:4E:71:E0:7F:8E:DA:13:F9:D5:E8:AF:88

    Let’s check your freshly created certificate and double check the information:

    $ openssl x509 -in /opt/certs/mynewssl.pem -noout -dates -subject
notBefore=Jul  5 19:45:17 2017 GMT
notAfter=Jul  5 19:45:17 2018 GMT
subject= /C=FR/ST=IdF/L=Paris/O=MyOrg/OU=My SSL server/CN=my.domain.com/[email protected]
    read more