Monday, March 31, 2014

IOPS

Any storage performance are ultimately calculated by how best the underlying disks are performing.

IOPS is still the most common metric in use to measure the storage systems performance


IOPS calculations vary wildly based on the kind of workload being handled.

In general, there are three performance categories related to IOPS:
random performance, sequential performance, and a combination of the two,

which is measured when you assess random and sequential performance at the same time

IOPS is based on three key factors:
Rotational/spindle speed (A higher rotational speed is associated with a higher performing disk.)

Average Latency (time it takes for the sector of the disk being accessed to rotate into position under a read/write head.)

Average seek time (time (in ms) it takes for the hard drive's read/write head to position itself over the track being read or written. There are both read and write seek times; take the average of the two values)

Average IOPS Formula:
Divide 1 by the sum of the average latency in ms and the average seek time in ms
(1 / (average latency in ms + average seek time in ms).

3ms   = average latency time
4.2ms = average seek time (read/write)

1/ 3ms + 4.2ms
1/7.2ms
1/.0072 = 138.88 = 139 IOPS


Average IOPS
SATA 7200K - 75-100
SATA 10K - 125-150
SAS 10K - 140
SAS 15K - 175-210
FC 15K - 200


Enterprises don't install a single disk at a time,
so the above calculations are pretty meaningless unless they can be translated to multidisk sets.
Fortunately, it's easy to translate raw IOPS values from single disk to multiple disk implementations;

For example, if you have ten 15K RPM disks, each with 175 IOPS capability, your disk system has 1,750 IOPS worth of performance capacity.
But this is only if you opted for a RAID-0 or just a bunch of disks (JBOD) implementation.

How to convert .crt/.cer into .pem

Generally your certificate comes in 2 formats:
X.509 and PKCS #7 which includes the Intermediate CA.

X509 File Extensions
The first thing we have to understand is what each type of file extension is.


[root@pg8873 2014_cert]# pwd
/home/pkg/2014_cert

[root@pg8873 2014_cert]# ls -l
total 44
-rwxr-xr-x 1 root root   26 Mar 11 16:13 passphrase-file
-rw-r--r-- 1 root root 2194 Mar 11 16:13 pgstars.2014.crt
-rw-r--r-- 1 root root 1110 Mar 11 16:14 pgstars.2014.csr
-rw-r--r-- 1 root root 1751 Mar 11 16:13 pgstars.2014.key
-rw-r--r-- 1 root root 6022 Mar 13 16:32 pgstars.p7b

Download the cert in both the formats,
PKCS #7 format   save as .p7b
X.509 format save as .crt



Convert P7B to PFX
————————————————————————————————————
$ openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
$ openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CAcert.cer
————————————————————————————————————
Example:
[root@pg8873 2014_cert]# openssl pkcs7 -print_certs -in pgstars.p7b -out pgstars.2014.cer

[root@pg8873 2014_cert]# openssl pkcs12 -export -in pgstars.2014.cer -inkey pgstars.2014.key -out pgstars.2014.pfx -certfile pgstars.2014.crt
Enter pass phrase for stars.2014.key:
Enter Export Password:
Verifying - Enter Export Password:


PFX
Convert PFX to PEM
——————————————————————————————–
$ openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes
——————————————————————————————–
NOTE: While converting PFX to PEM format, openssl will put all the Certificates and Private Key into a single file. You will need to open the file in Text editor and copy each Certificate & Private key(including the BEGIN/END statements) to its own individual text file and save them as certificate.cer, CAcert.cer, privateKey.key respectively.

Example:
[root@pg8873 2014_cert]# openssl pkcs12 -in stars.2014.pfx -out stars.2014.new2.pem -nodes
Enter Import Password:
MAC verified OK

Thursday, March 6, 2014

duplicate host ssh keys

cd /etc/ssh

# ls -l
total 164
-rw-------. 1 root root 125811 Apr  4  2011 moduli
-rw-r-r-. 1 root root   2047 Apr  4  2011 ssh_config
-rw-------  1 root root   3503 Jan 17 15:54 sshd_config
-rw-------  1 root root   3321 Dec  6  2012 sshd_config_03202013
-rw-------. 1 root root   3872 Jun 13  2012 sshd_config.orig
-rw-------. 1 root root    668 Jun 13  2012 ssh_host_dsa_key
-rw-r-r-. 1 root root    590 Jun 13  2012 ssh_host_dsa_key.pub
-rw-------. 1 root root    963 Jun 13  2012 ssh_host_key
-rw-r-r-. 1 root root    627 Jun 13  2012 ssh_host_key.pub
-rw-------. 1 root root   1671 Jun 13  2012 ssh_host_rsa_key
-rw-r-r-. 1 root root    382 Jun 13  2012 ssh_host_rsa_key.pub

mv ssh_host* /tmp

ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key

service sshd restart

It is best practice for security sake to have every server have a unique SSH host key. 

Just a reminder, that it will break any existing ssh keys job you may have setup for users.

Wednesday, March 5, 2014

OpenStack computing formula

OpenStack computing formula


(Over commit fraction x Physical cores) / VM cores per host

Example:
Physical cores = 8 (2 x Quad cores)
Over commit fraction = 1.6
Total VMs cores = 12.8 cores

If you want each VM with 2 virtual cores
(1.6 x 8) / 2 = 6.4 VMs

You can have 6.4 virtual machines, out of 8 physical cores