SE Linux is a feature of the Linux kernel that provides mandatory access control. This policy based access control system grants far greater control over the resources on a machine than standard Linux access controls such as permissions.
Many modern Linux distributions are shipping with SELinux enabled by default, Fedora 14 and Rhel 6 both install with it enabled.
When you run Recital Web on a SELinux enabled machine and navigate to the default.rsp page you will see something similar to the screen shot below.
If you launch the SELinux troubleshooter you will see the following problem.
SELinux is blocking the apache server from accessing the Recital server running on port 8001.
To manage you SELinux policy you must have the policycoreutils package group installed. The policycoreutils contains the policy core utilities that are required for basic operation of a SELinux system.
If you wish to use a GUI tool, you must install the policycoreutils-gui package.
At the command prompt execute the following:
As root
$ yum install policycoreutils
$ semanage port -a -t http_port_t -p tcp 8001
$ service recital restart
$ service httpd restart
We use the semanage command here to allow the http server access to port 8001. Once you have completed the steps detailed above you can go and navigate back to the default.rsp page in your borwser, where you will find the permission denied message is now replaced by the default.rsp page.
SELinux does a great job of restricting services and daemons so rather than simply disabling it, why not work with it!
When it comes to security, every little bit helps...
All temporary files created by Recital are stored in the directory specified by the environment variable DB_TMPDIR.
mkdir /opt/recital/tmp
mount -t tmpfs -o size=1g recitaltmpfs /usr/recital/tmp
There is a good article on the gluster website here which gives some good information regarding file system optimization suitable for a HA Recital cluster solution.
In this article Barry Mavin, CEO and Chief Software Architect for Recital details how to Build C Extension Libraries to use with Recital.
Overview
It is possible to extend the functionaliy of Recital products using "Extension libraries" that can be written in C. These extension libraries, written using the Recital/SDK API, are dynamically loadable from all Recital 9 products. This includes:
- Recital
- Recital Server
- Recital Web
Building C Extension Libraries
You can create C wrappers for virtually any native operating system function and access these from the Recital 4GL. Unlike traditional APIs which only handle the development of C functions that are callable from the 4GL, the Recital/SDK allows you to build Classes that are accessible from all Recital products. e.g. You could create a GUI framework for Linux that handles VFP system classes!
To deploy your C Extension Libraries, copy them to the following location:
Windows:
\Program Files\Recital\extensions
Linux/Unix:
/opt/recital/extensions
Please see the Recital/SDK API Reference documentation for further details.
Sample code
Listed below is the complete example of a C Extension Library.:
////////////////////////////////////////////////////////////////////////////////
#include "mirage_demo.h"
////////////////////////////////////////////////////////////////////////////////
// Declare your functions and classes below as follows:
//
// Recital Function Name, C Function Name, Type (Function or Class)
//
#define MAX_ELEMENTS 7
static struct API_SHARED_FUNCTION_TABLE api_function_table[MAX_ELEMENTS] = {
{"schar", "fnSamplesCharacter", API_FUNCTION},
{"stype", "fnSamplesType", API_FUNCTION},
{"slog", "fnSamplesLogical", API_FUNCTION},
{"snum", "fnSamplesNumeric", API_FUNCTION},
{"sopen", "fnSamplesOpen", API_FUNCTION},
{"myclass", "clsMyClass", API_CLASS},
{NULL, NULL, -1}
};
////////////////////////////////////////////////////////////////////////////////
// Recital API initialization. This should be in only ONE of your C files
// **IT SHOULD NEVER BE EDITED OR REMOVED**
INIT_API;
///////////////////////////////////////////////////////////////////////
// This is an example of passing a character parameter and returning one.
RECITAL_FUNCTION fnSamplesCharacter(void)
{
char *arg1;
if (!_parse_parameters(PCOUNT, "C", &arg1)) {
ERROR(-1, "Incorrect parameters");
}
_retc(arg1);
}
///////////////////////////////////////////////////////////////////////
// This is an example of passing a numeric parameter and returning one.
RECITAL_FUNCTION fnSamplesNumeric(void)
{
int arg1;
if (!_parse_parameters(PCOUNT, "N", &arg1)) {
ERROR(-1, "Incorrect parameters");
}
_retni(arg1);
}
///////////////////////////////////////////////////////////////////////
// This is an example returns the data type of the parameter passed.
RECITAL_FUNCTION fnSamplesType(void)
{
char result[10];
if (PCOUNT != 1) {
ERROR(-1, "Incorrect parameters");
}
switch (_parinfo(1)) {
case API_CTYPE:
strcpy(result, "Character");
break;
case API_NTYPE:
strcpy(result, "Numeric");
break;
case API_LTYPE:
strcpy(result, "Logical");
break;
case API_DTYPE:
strcpy(result, "Date");
break;
case API_TTYPE:
strcpy(result, "DateTime");
break;
case API_YTYPE:
strcpy(result, "Currency");
break;
case API_ATYPE:
strcpy(result, "Array");
break;
default:
strcpy(result, "Unkown");
break;
}
_retc(result);
}
///////////////////////////////////////////////////////////////////////
// This is an example returns "True" or False.
RECITAL_FUNCTION fnSamplesLogical(void)
{
char result[10];
int arg1;
if (!_parse_parameters(PCOUNT, "L", &arg1)) {
ERROR(-1, "Incorrect parameters");
}
if (arg1) strcpy(result, "True");
else strcpy(result, "False");
_retc(result);
}
///////////////////////////////////////////////////////////////////////
// This example opens a table.
RECITAL_FUNCTION fnSamplesOpen(void)
{
char *arg1;
if (!_parse_parameters(PCOUNT, "C", &arg1)) {
ERROR(-1, "Incorrect parameters");
}
if (_parinfo(1) == API_CTYPE) {
_retni(COMMAND(arg1));
} else {
_retni(-1);
}
}
///////////////////////////////////////////////////////////////////////
// Define the MyClass CLASS using the API macros
///////////////////////////////////////////////////////////////////////
RECITAL_EXPORT int DEFINE_CLASS(clsMyClass)
{
/*-------------------------------------*/
/* Dispatch factory methods and return */
/*-------------------------------------*/
DISPATCH_FACTORY();
/*---------------------------------*/
/* Dispatch constructor and return */
/*---------------------------------*/
DISPATCH_METHOD(clsMyClass, Constructor);
/*--------------------------------*/
/* Dispatch destructor and return */
/*--------------------------------*/
DISPATCH_METHOD(clsMyClass, Destructor);
/*-----------------------------------*/
/* Dispatch DEFINE method and return */
/*-----------------------------------*/
DISPATCH_METHOD(clsMyClass, Define);
/*------------------------------*/
/* Dispatch SET or GET PROPERTY */
/* method for property NumValue */
/* then return. */
/*------------------------------*/
DISPATCH_PROPSET(clsMyClass, NumValue);
DISPATCH_PROPGET(clsMyClass, NumValue);
/*------------------------------*/
/* Dispatch SET or GET PROPERTY */
/* method for property LogValue */
/* then return. */
/*------------------------------*/
DISPATCH_PROPSET(clsMyClass, LogValue);
DISPATCH_PROPGET(clsMyClass, LogValue);
/*-------------------------------*/
/* Dispatch SET or GET PROPERTY */
/* method for property DateValue */
/* then return. */
/*-------------------------------*/
DISPATCH_PROPSET(clsMyClass, DateValue);
DISPATCH_PROPGET(clsMyClass, DateValue);
/*-------------------------------*/
/* Dispatch SET or GET PROPERTY */
/* method for property TimeValue */
/* then return. */
/*-------------------------------*/
DISPATCH_PROPSET(clsMyClass, TimeValue);
DISPATCH_PROPGET(clsMyClass, TimeValue);
/*-------------------------------*/
/* Dispatch SET or GET PROPERTY */
/* method for property CurrValue */
/* then return. */
/*-------------------------------*/
DISPATCH_PROPSET(clsMyClass, CurrValue);
DISPATCH_PROPGET(clsMyClass, CurrValue);
/*-------------------------------*/
/* Dispatch SET or GET PROPERTY */
/* method for property CharValue */
/* then return. */
/*-------------------------------*/
DISPATCH_PROPSET(clsMyClass, CharValue);
DISPATCH_PROPGET(clsMyClass, CharValue);
/*------------------------------*/
/* Dispatch SET or GET PROPERTY */
/* method for property ObjValue */
/* then return. */
/*------------------------------*/
DISPATCH_PROPSET(clsMyClass, ObjValue);
DISPATCH_PROPGET(clsMyClass, ObjValue);
/*-----------------------------------*/
/* If message not found return error */
/*-----------------------------------*/
OBJECT_RETERROR("Unknown message type");
}
////////////////////////////////////////////////////////////////////////////////
// Define METHOD handlers
////////////////////////////////////////////////////////////////////////////////
DEFINE_METHOD(clsMyClass, Constructor)
{
struct example_data *objectDataArea;
/* Allocate memory for objects objectData area */
objectDataArea = (struct example_data *)
malloc(sizeof(struct example_data));
if (objectDataArea == NULL) return(-1);
/* Assign the default property values */
strcpy(objectDataArea->prop_charvalue, "Test API object");
objectDataArea->prop_numvalue = 15.2827;
objectDataArea->prop_logvalue = 'F';
strcpy(objectDataArea->prop_datevalue, DATE_DATE());
strcpy(objectDataArea->prop_timevalue, DATE_DATETIME());
strcpy(objectDataArea->prop_currvalue, "15.2827");
strcpy(objectDataArea->object_name, "APIobject");
objectDataArea->prop_objvalue
= OBJECT_NEW(objectDataArea->object_name, "exception", NULL);
/* Set the object objectData area */
OBJECT_SETDATA((char *)objectDataArea);
return(0);
}
DEFINE_METHOD(clsMyClass, Destructor)
{
struct example_data *objectData = (struct example_data *)OBJECT_GETDATA();
if (objectData != NULL) {
if (objectData->prop_objvalue != NULL)
OBJECT_DELETE(objectData->prop_objvalue);
free(objectData);
objectData = NULL;
}
return(0);
}
DEFINE_METHOD(clsMyClass, Define)
{
struct example_data *objectData = (struct example_data *)OBJECT_GETDATA();
struct API_EXPRESSION result;
char buffer[512];
int rc;
/* Check the object class */
OBJECT_GETPROPERTY(objectData->prop_objvalue, "class", buffer);
rc = OBJECT_GETARG(buffer, &result);
if (result.errno == 0 && result.type == 'C'
&& strcmp(result.character, "Exception") == 0) {
switch (OBJECT_GETARGC()) {
case 1:
rc = OBJECT_GETPARAMETER(1, &result);
if (result.errno == 0 && result.type == 'C') {
OBJECT_SETARG(buffer, &result);
rc = OBJECT_SETPROPERTY(objectData->prop_objvalue,
"message", buffer);
}
break;
case 2:
rc = OBJECT_GETPARAMETER(2, &result);
if (result.errno == 0 && result.type == 'N') {
OBJECT_SETARG(buffer, &result);
rc = OBJECT_SETPROPERTY(objectData->prop_objvalue,
"errorno", buffer);
}
}
}
result.type = 'L';
result.logical = (rc == 0 ? 'T' : 'F');
OBJECT_RETRESULT(&result);
}
////////////////////////////////////////////////////////////////////////////////
// Define GET property handlers
////////////////////////////////////////////////////////////////////////////////
DEFINE_PROPERTYGET(clsMyClass, NumValue)
{
struct example_data *objectData = (struct example_data *)OBJECT_GETDATA();
if (objectData == NULL) return(-1);
OBJECT_RETPROPERTY('N', objectData->prop_numvalue);
}
DEFINE_PROPERTYGET(clsMyClass, LogValue)
{
struct example_data *objectData = (struct example_data *)OBJECT_GETDATA();
if (objectData == NULL) return(-1);
OBJECT_RETPROPERTY('L', objectData->prop_logvalue);
}
DEFINE_PROPERTYGET(clsMyClass, DateValue)
{
struct example_data *objectData = (struct example_data *)OBJECT_GETDATA();
if (objectData == NULL) return(-1);
OBJECT_RETPROPERTY('D', objectData->prop_datevalue);
}
DEFINE_PROPERTYGET(clsMyClass, TimeValue)
{
struct example_data *objectData = (struct example_data *)OBJECT_GETDATA();
if (objectData == NULL) return(-1);
OBJECT_RETPROPERTY('T', objectData->prop_timevalue);
}
DEFINE_PROPERTYGET(clsMyClass, CurrValue)
{
struct example_data *objectData = (struct example_data *)OBJECT_GETDATA();
if (objectData == NULL) return(-1);
OBJECT_RETPROPERTY('Y', objectData->prop_currvalue);
}
DEFINE_PROPERTYGET(clsMyClass, CharValue)
{
struct example_data *objectData = (struct example_data *)OBJECT_GETDATA();
if (objectData == NULL) return(-1);
OBJECT_RETPROPERTY('C', objectData->prop_charvalue);
}
DEFINE_PROPERTYGET(clsMyClass, ObjValue)
{
struct example_data *objectData = (struct example_data *)OBJECT_GETDATA();
if (objectData == NULL) return(-1);
OBJECT_RETPROPERTY('O', objectData->prop_objvalue);
}
////////////////////////////////////////////////////////////////////////////////
// Define SET property handlers
////////////////////////////////////////////////////////////////////////////////
DEFINE_PROPERTYSET(clsMyClass, NumValue)
{
struct example_data *objectData = (struct example_data *)OBJECT_GETDATA();
struct API_EXPRESSION result;
int rc = OBJECT_ERROR;
OBJECT_GETVALUE(&result);
if (result.errno == 0 && result.type == 'N') {
objectData->prop_numvalue = result.number;
rc = OBJECT_SUCCESS;
}
return(rc);
}
DEFINE_PROPERTYSET(clsMyClass, LogValue)
{
struct example_data *objectData = (struct example_data *)OBJECT_GETDATA();
struct API_EXPRESSION result;
int rc = OBJECT_ERROR;
OBJECT_GETVALUE(&result);
if (result.errno == 0 && result.type == 'L') {
objectData->prop_logvalue = result.logical;
rc = OBJECT_SUCCESS;
}
return(rc);
}
DEFINE_PROPERTYSET(clsMyClass, DateValue)
{
struct example_data *objectData = (struct example_data *)OBJECT_GETDATA();
struct API_EXPRESSION result;
int rc = OBJECT_ERROR;
OBJECT_GETVALUE(&result);
if (result.errno == 0 && result.type == 'D') {
strcpy(objectData->prop_datevalue, DATE_DTOS(result.date));
rc = OBJECT_SUCCESS;
}
return(rc);
}
DEFINE_PROPERTYSET(clsMyClass, TimeValue)
{
struct example_data *objectData = (struct example_data *)OBJECT_GETDATA();
struct API_EXPRESSION result;
int rc = OBJECT_ERROR;
OBJECT_GETVALUE(&result);
if (result.errno == 0 && result.type == 'T') {
strcpy(objectData->prop_timevalue, DATE_TTOS(result.datetime));
rc = OBJECT_SUCCESS;
}
return(rc);
}
DEFINE_PROPERTYSET(clsMyClass, CurrValue)
{
struct example_data *objectData = (struct example_data *)OBJECT_GETDATA();
struct API_EXPRESSION result;
int rc = OBJECT_ERROR;
OBJECT_GETVALUE(&result);
if (result.errno == 0 && result.type == 'Y') {
strcpy(objectData->prop_currvalue, CURR_YTOS(result.currency));
rc = OBJECT_SUCCESS;
}
return(rc);
}
DEFINE_PROPERTYSET(clsMyClass, CharValue)
{
struct example_data *objectData = (struct example_data *)OBJECT_GETDATA();
struct API_EXPRESSION result;
int rc = OBJECT_ERROR;
OBJECT_GETVALUE(&result);
if (result.errno == 0 && result.type == 'C') {
strcpy(objectData->prop_currvalue, result.character);
rc = OBJECT_SUCCESS;
}
return(rc);
}
DEFINE_PROPERTYSET(clsMyClass, ObjValue)
{
struct example_data *objectData = (struct example_data *)OBJECT_GETDATA();
OBJECT objvalue;
int rc = OBJECT_ERROR;
if (OBJECT_GETTYPE() == 'O') {
objvalue = OBJECT_GETOBJECT();
objectData->prop_objvalue = OBJECT_ASSIGN(objvalue, objectData->object_name);
rc = OBJECT_SUCCESS;
}
return(rc);
} It would appear that gigabit LAN is not! In fact it often runs at the same speed as 100Mbps LAN. Let's look at why exactly.
After configuring your network you can use the ifconfig command to see what speeds the LAN is connected. Even though 1000Mbps is reported by the card, the reality is that the overall throughtput may well be ~100Mpbs. You can try copying a large file using scp to demonstrate this.
As it turns out, in order to use a gigabit LAN you need to use CAT6 cables. CAT5 and CAT5E are not good enough. End result, the ethernet cards throttle back the speed to reduce dropped packets and errors.
You can find a good article here titled Squeeze Your Gigabit NIC for Top Performance. After tuning up the TCP parameters i found that it made no dfifference. The principal reasons behind low gigabit ethernet performance can be summed up as follows.
- Need to use CAT6 cables
- Slow Disk speed
- Limitations of the PCI bus which the gigabit ethernet cards use
You can get an idea about the disk speed using the hdparm command:
Display the disk partitions and choose the main linux partition which has the / filesystem.
# fdisk -l
Then get disk cache and disk read statistics:
# hdparm -Tt /dev/sda0
On my desktop system the sata disk perfomance is a limiting factor. These were the results:
/dev/sda1:
Timing cached reads: 9984 MB in 2.00 seconds = 4996.41 MB/sec
Timing buffered disk reads: 84 MB in 3.13 seconds = 58.49 MB/sec
Well, that equates to a raw disk read speed of 58.49 * 8 = 467Mbps which is half the speed of a gigabit LAN.
So.. NAS storage with lots of memory looks to be the way to go... If you use the right cables!
If you are running your Redhat/Centos or Fedora machine in an enterprise environment you may be sitting behind a network proxy server like squid.
If you try and update or install software it will fail with timeouts or errors contacting the repository mirrors.
To configure YUM to work with your proxy server you need to add the following line to your /etc/yum.conf file.
Anonymous proxy configuration:
proxy=http://yourproxyip:port/
If your proxy server requires authentication add the following lines to your /etc/yum.conf file instead.
proxy=http://yourproxyip:port/ proxy_username=youruser proxy_password=yourpassword
You will be able to update and install software now, give it a go!
Many motherboards nowadays have integrated gigabit ethernet that use the Realtek NIC chipset.
The Realtek r8168B network card does not work out of the box in Redhat/Centos 5.3: instead of loading the r8168 driver, modprobe loads the r8169 driver, which is broken as can be seen with ifconfig which shows large amounts of dropped packets. A solution is to download the r8168 driver from the Realtek website and install it using the following steps:
Check whether the built-in driver, r8169.ko (or r8169.o for kernel 2.4.x), is installed.
# lsmod | grep r8169
If it is installed remove it.
# rmmod r8169
Download the R8168B linux driver from here into /root.
Unpack the tarball :
# cd /root
# tar vjxf r8168-8.012.00.tar.bz2
Change to the directory:
# cd r8168-8.012.00
If you are running the target kernel, then you should be able to do :
# make clean modules
# make install
# depmod -a
# insmod ./src/r8168.ko (or r8168.o in linux kernel 2.4.x)
make sure modprobe knows not to use r8169, and that depmod doesn’t find the r8169 module.
# echo "blacklist r8169" >> /etc/modprobe.d/blacklist
# mv /lib/modules/`uname -r`/kernel/drivers/net/r8169.ko \ /lib/modules/`uname -r`/kernel/drivers/net/r8169.ko.bak
You can check whether the driver is loaded by using the following commands.
# lsmod | grep r8168
# ifconfig -a
If there is a device name, ethX, shown on the monitor, the linux driver is loaded. Then, you can use the following command to activate it.
# ifconfig ethX up
After this you should not see any more dropped packets reported.
- For building shared libraries on the MAC the following need to be set
-
- The shared library file extension should be .dylib
- The compile flag is -dynamic
- For accessing the shared libraries at runtime
-
- DYLD_LIBRARY_PATH needs to be set to the location of the shared libraries
- Useful utilities for shared library support
-
- The following command will display the table of contents of the dynamically linked library
otool -TV sharedlibraryfile.dylib
If you have a live linux site that is running vmware virtual machines, you can pause the virtual machines when you want to perform a backup, I use acronis for linux which does incremental backups and you can specify a command to run before and after the backup, this allows backups to be performed at scheduled times daily without any intervention. In my examples below, the virtual machine i want to control is in /root/vmware/Recital/Recital.vmx
To pause the virtual machine on linux:
# vmrun pause /root/vmware/Recital/Recital.vmx
and then to unpause after the backup has completed:
# vmrun unpause /root/vmware/Recital/Recital.vmx
That is basicallty it, no need to attend the backup and it can be perfomed at a suitable time so no users are affected.
Incidentally, vmrun lets you startup a virtual machine at system startup too, without needing the GUI:
# vmrun start /root/vmware/Recital/Recital.vmx
Or alternatively stop it:
# vmrun stop /root/vmware/Recital/Recital.vmx
There are lots of other capabilities of this command, running applications inside the virtual machine etc etc. For full details just type vmrun in a terminal window.
lslk lists information about locks held on files with local inodes on systems running linux.
Install it with:
yum install lslk