I installed MongoDB on Windows, Mac and Linux.
I run MongoDB with all default arguments and I enter a command db.serverStatus().connections on mongo to check the available connections.
Here is my observation, Windows 7 has 19999, Mac has only 203 and Linux has 818. Therefore, I would like to ask what makes the number of available connections different and is it possible to increase the available connections?
For UNIX-like systems (i.e. Linux and OS X), the connection limit is governed by ulimits. MongoDB will use 80% of the available file descriptors for connections, which is why you see 203 on Mac (~80% of 256) and 819 on Linux (~80% of 1024).
The MongoDB documentation includes recommended settings for production systems. Typically you wouldn't need to change this on development environments, but you will see a warning on startup if the connection limits are considered low.
In MongoDB 2.4 and earlier, there is a hard-coded maximum of 20,000 connections per server irrespective of the ulimits. This maximum has been removed as at MongoDB 2.6.
There is also a maxConns MongoDB configuration directive that can be used to limit the connections to something lower than what would be allowed by ulimits.
#fmchan Turn off SELinux and check again.
I set high NOFile and NProc limits on systemd, and in /etc/security/limits.conf file. But, it didn't help
Now, the only thing that works for me is to
1. setenforce 0 && systemctl restart mongod.service
2. Write a SELinux policy to allow mongod_exec_t to setrlimit and rlimitinh
Here's a similar issue https://bugzilla.redhat.com/show_bug.cgi?id=1415045
I was facing the same issue and apparently ulimit -n 6000 didn't help.
On macos we could check the setting for open files using below command which was showing 256 in my case and 80% of 256 was 204 hence the max connection by mongo was 204.
launchctl limit maxfiles
I have followed https://gist.github.com/tombigel/d503800a282fcadbee14b537735d202c to resolve my error. This explains in details how to set the values.
Follow the documentation, restart laptop and you should see the setting
Related
I want to know if I can use a system(run time pc) with Windows 10 OS which has TwinCAT XAR installed in it as a remote system. In other words can I select it as a target? Do we need any extra settings to make it work or it will work just like any other hardware controller?
Yes, you can select a Windows 10 PC with TwinCAT XAR installed as a remote target, however the performance may not be the same as you would get with purchasing a known hardware configuration from Beckhoff.
As noted in the Beckhoff documentation:
For a reliable, optimized and performant realtime behavior, a
completely aligned system design (hardware, BIOS, OS, drivers,
realtime-runtime) is mandatory. Each single component of the control
system has to be checked and optimized for this type of application -
that is the one and only way for an optimal, reliable and performant
realtime behavior. Beckhoff IPCs are optimized in each detail for this
type of operation. There is no guarantee for proper, reliable realtime
behavior on third-party PCs.
To use any Windows PC as a remote target, you need to ensure that the XAR is installed and that the Windows firewall is open to ADS. See also routing through a firewall. Specifically, you should open port 48898 to incoming TCP traffic and port 48899 to incoming UDP traffic in the Windows firewall. After this, you should be able to create a route normally using the IP address of the target PC through the ADS router on your development system.
You may also want to isolate a CPU core on the target system and dedicate TwinCAT tasks to it to ensure more consistent realtime behavior.
Finally, you need to purchase a license for the PLC if you intend to use it for a purpose other than development. This requires the higher performance level >= P90 and a license dongle, see this note about TwinCAT 3 licenses for non-Beckhoff IPCs.
I'm working on a Kext that runs under 10.12.4 VM (I use parallels) and I'd like to enable pointer printouts (currently all pointers are hidden and appears on /var/log/system.log as <ptr>)
Prior to 10.12 there was option to directly put away debugging restrictions by setting nvram csr-active-config=%ff%00%00%00. However, now it's impossible to set csr-active-config directly but through csrutil disable from recovery mode. unfortunately, it doesn't disable all SIP features and the pointers remain hidden.
luckily, the following thread that offers workaround :
Alternatively, CSR can be disabled entirely by setting csr-active-config=ff%00%00%00. For a VM this can be achieved by booting to the Recovery partition, running csrutil clear to delete the csr-active-config variable entirely and nvram Xsr-active-config=ff%00%00%00. Then shutdown the VM, and use a hex editor to change X -> c in the nvram file. This will allow the -show_pointers boot-arg to work.
I'm working with Parallels, and I try to find the location of nvram settings. I saw promising file called NVRAM.dat but unfortunately
I couldn't trace the string Xsr-active-config after I've followed the instructions in the quoted paragraph above.
Perhaps there's another place for the nvram settings ?
thanks
change doprnt_hide_pointers to false in a debugger
I don't have a direct answer to your question, but I have a workaround: the output to the kprintf() serial log is not pointer-sanitised. So if you enable the kprintf flag in the debug boot-args, activate a virtual serial port which writes to a host file in the VM setup and change your logging from printf/IOLog to kprintf, you can get raw logging to your serial port file.
I find the kprintf() logging mechanism more helpful than the kernel syslog in other ways too - it works right up to a panic, it's not rate-limited, and it's less noisy. The downside is it has a noticeable performance impact if you log a lot.
I am using 80(http) and 443(https) default ports for my webserver.
What ther ports other than this can i use for my webserver.
I need this basically to start my webserver using non-default ports.
Any. Look at these for the ones to not use:
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
You can use whatever ports you want to use, provided no other server on your box is also trying to use it.
This is, of course, subject to any OS-specific issues like needing to run with elevated privileges for binding to ports below 1024.
The IANA (naming authority) and ICANN (assigned names and numbers) is responsible for assigning ports to specific applications but there's nothing requiring you to follow those "rules" at all.
If you use (for example) port 23 for your HTTP server, that will work. It's likely to confuse any telnet programs attempting to connect to that box but, as stated, the box is under your jurisdiction, not that of the IANA. Provided your browsers hook up to the specific port 23, they'll work just fine.
By way of example, many IBM mainframe systems will use port 23 for their 3270-protocol terminal programs and bump "real" telnet up to port 1023.
And, in any case, why should you not use a port because it's "allocated" to the Quake game server, or Dropbox, or Symantec bloatware? :-)
Do reserved TCP/IP ports require that a program is running and bound to the port? If no such program is running or exists, can another program use this port? For example, on Linux, port 7 is reserved for an echo server. I assume there is some program running and is bound to port 7 of the machine. The program basically echos back input. If this program is stopped, will port 7 be released?
If I wrote my own echo server and bound it to some other port, wouldn't this port be released once my custom echo server program is killed?
Does the same thing happen for reserved ports?
Also, if all these programs are running on reserved ports, wouldn't they consume system resources even if they are blocked listening for a connection? Are these programs running at all times?
Do reserved TCP/IP ports require that a program is running and bound to the port?
No.
If no such program is running or exists, can another program use this port?
Nothing to stop you, but it's still reserved, and users are entitled to complain to you if you misuse ports reserved for something else.
For example, on Linux, port 7 is reserved for an echo server. I assume there is some program running and is bound to port 7 of the machine. The program basically echos back input. If this program is stopped, will port 7 be released?
Yes.
If I wrote my own echo server and bound it to some other port, wouldn't this port be released once my custom echo server program is killed?
Yes.
Does the same thing happen for reserved ports?
Yes, of course.
Also, if all these programs are running on reserved ports, wouldn't they consume system resources even if they are blocked listening for a connection?
Yes.
Are these programs running at all times?
Either they are running or they aren't running. You're asking about both situations at the same time. If you mean 'executing', i.e. consuming CPU, the answer is no, they are blocked waiting for connections while there are no connections.
ports 1-65535 are available, and ports in range 1-1023 are the privileged ones and using for standard applications.
And there will be Ephemeral port range also exists in your system and it can be found as follows:
sysctl -A | grep ip_local_port_range
Epeheral port range is available for all your client sockets.
When there is a server, client communication most of the time communication is happening using a socket. Socket is nothing but a pair of IP address and a port number. All the port referred usually with configuration will be a server port configuration and client port is dynamically choosing from the Epeheral port range. In case of epeheral ports, system may not release the port until this range is exhausted.
You can check port availability by using command:
netstat -a | grep <port number>
[EDIT]
The idea of a reserved port is that any custom software you write should take care to avoid binding to them, to avoid interfering with an established service. Further, non-root users can't bind any ports below 1024 anyway, many of which are registered with IANA (aka reserved).
There's no requirement that a particular process be bound to any port. A port is just a system resource. Typically a master inetd starts early in the system boot sequence, binds to some low-numbered ports, and handles the trivial services such as echo itself. These algorithms are so simple, and so infrequently used in practice, that very few resources are consumed. That's why you'll not find a separate "echo server" process. If you read the inetd.conf manual page:
http://www.freebsd.org/cgi/man.cgi?query=inetd.conf&sektion=5&manpath=FreeBSD%209.2-RELEASE
The inetd utility also provides several other 'trivial' services inter-
nally by use of routines within itself. These services are 'echo',
'discard', 'chargen' (character generator), 'daytime' (human read-
able time), and 'time' (machine readable time, in the form of the number of seconds since midnight, January 1, 1900).
One of my stand-alone java applications (no sources available) picks random-available port to listen on.
At this stage I assume it uses getaddrinfo system call to obtain addresses to bind against.
Since I'm maintaining hundreds of various servers with assigned ports, the black app sometimes kicks in and pick one of 'the assigned' ports, which cause my small servers to fail on startup...
I'm wondering is there a way to restrict number of ports proposed by the OS?
Would be mostly interested in system config solutions,
but if there are no other solutions I'm also able to hack bind()/getaddrinfo (this would require some hits as well ... )
thanks
You must be able to control it from proc entries - For example, here is a system wide setting :
/proc/sys/net/ipv4/ip_local_port_range
You can modify them. Or there may be utilities available for the same purpose.
If OS-wide change is not what you had in mind, configure the JVM's Java Security Manager so that SecurityManager.CheckListen(NNN) throws SecurityException for any of the port numbers you want to reserve.
Take a look on:
http://www.tldp.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/chap6sec70.html
It's the solution for my problem, than I could limit port ranges