How do I tune Solaris 10 for semaphores and shared memory for the Siteminder Web Agent v6.x?

Document ID : KB000025688
Last Modified Date : 14/02/2018
Show Technical Document Details

Introduction:

This document is meant to clarify and offer suggestions on the process of tuning a Solaris 10 machine for use with the Siteminder Web Agent v6.x. Since machine and process tuning is a highly specialized activity, this document is meant to show how one would start the tuning process. It is left to the reader to tailor it to their individual needs.

Ā 

Instructions:

Prior to Solaris 10, all Inter-Process Communication (IPC) settings were controlled by kernel tunables. One had to modify /etc/system and reboot the machine or use adb(1) for the settings to take affect. This has now all changed with the release of Solaris 10 as these IPC tunables are now obsolete.

In Solaris 10, IPC tunables have been replaced by resource controls (see the man page on resource_controls(5)).

Oracle/Sun Microsystems, Inc. has provided a table that identifies the obsolete IPC tunables and their respective replacements. You can find the table here:

https://docs.oracle.com/cd/E19120-01/open.solaris/819-2724/chapter1-33/index.html

https://docs.oracle.com/cd/E26505_01/html/E37386/chapter1-32.html

To modify the resource controls, one would use the prctl(1) command acting on a project. Our first step is to create a project. All webservers and webagents will belong to this project since we are setting up a dependency on the user that the webserver runs as. In this document we have our Sun Java Systems Web Server running as 'webservd'.

This command will create a project called "user.webservd" that includes the webservd and root users:

# projadd -c "SiteMinder Webagent" -U webservd,root user.webservd 

We now need to add the necessary tunables to this newly created project. Again this is highly dependent on your situation. The following are just some examples to show the process. Please review the Webagent Install guide for recommendations.

We are going to set shared memory (previously called shminfo_shmmax) to 16 GB; shared memory segments (shminfo_shmmni) to 256; max. number of message queue identifiers (msginfo_msgmni) to 256; and Max No of semaphores per. process (seminfo_semmni) to 128.

# projmod -sK "project.max-shm-memory=(priv,16G,deny)" user.webservd 
# projmod -sK "project.max-shm-ids=(priv,256,deny)" user.webservd 
# projmod -sK "project.max-msg-ids=(priv,256,deny)" user.webservd 
# projmod -sK "project.max-sem-ids=(priv,128,deny)" user.webservd 

Now that the necessary project information has been created, we need to start our webservers appropriately so that we can get this new project information.

# newtask -p user.webservd -l /path/to/webserver/start 

To verify that the LLAWP process has the proper settings, we will use the prctl(1) command to query that process.

 # ps -ef | grep LLAWP 
 webservd 7860 1 0 08:47:51 ? 0:02 LLAWP /opt/SUNWwbsvr/https-wa3.glips.com/config/WebAgent.conf -SUNONE -a 
 
   # prctl -n project.max-shm-memory 7860 
   process: 7860: LLAWP /opt/SUNWwbsvr/https-wa3.glips.com/config/WebAgent.conf -SUNONE 
   NAME    PRIVILEGE       VALUE    FLAG   ACTION                       RECIPIENT 
   project.max-shm-memory 
           privileged      16.0GB      -   deny                                 - 
           system          16.0EB    max   deny                                 - 
 
   # prctl -n project.max-shm-ids 7860 
   process: 7860: LLAWP /opt/SUNWwbsvr/https-wa3.glips.com/config/WebAgent.conf -SUNONE 
   NAME    PRIVILEGE       VALUE    FLAG   ACTION                       RECIPIENT 
   project.max-shm-ids 
           privileged        256       -   deny                                 - 
           system          16.8M     max   deny                                 - 
 
   # prctl -n project.max-msg-ids 7860 
   process: 7860: LLAWP /opt/SUNWwbsvr/https-wa3.glips.com/config/WebAgent.conf -SUNONE 
   NAME    PRIVILEGE       VALUE    FLAG   ACTION                       RECIPIENT 
   project.max-msg-ids 
           privileged        256       -   deny                                 - 
           system          16.8M     max   deny                                 - 
 
   # prctl -n project.max-sem-ids 7860 
   process: 7860: LLAWP /opt/SUNWwbsvr/https-wa3.glips.com/config/WebAgent.conf -SUNONE 
   NAME    PRIVILEGE       VALUE    FLAG   ACTION                       RECIPIENT 
   project.max-sem-ids 
           privileged        128       -   deny                                 - 
           system          16.8M     max   deny                                 - 
 

As we can see above, all of the changes took effect as expected.