How to measure IOPS with linux

So many times I need to measure the amount of IOPS on a Linux disk/storage system. While there are many tools for the jobs they just don’t seem to give you a ‘number’. For example Splunk indexers require 1200+ IOPS according to hardware recommendation guides but how do you find out if your any where close to that number? Use ‘bonnie++’, ‘iozone’ or perhaps ‘fio’? Well use any of those tools will create the type of read / write sequence you would like to replicate - but where the damn magic number???

Easiest two ways are:
Method #1:
run iozone -a (or bonnie++) in one screen then in another session / terminal use nmon, pressing D (capital D) to get disk stats and get the number from the Xfers column. This is your magic number (or IOPS reading)

┌nmon─14i─────────────────────Hostname=reddragon─────Refresh= 2secs ───19:51.57─
│ Disk I/O ──/proc/diskstats────mostly in KB/s─────Warning:contains duplicates─
│DiskName Busy    Read    Write       Xfers   Size  Peak%  Peak-RW    InFlight
│sda       99%    699.9     14.0KB/s  178.0   4.0KB  493%    3658.8KB/s   1   
│sda1       0%      0.0      0.0KB/s    0.0   0.0KB    0%       0.0KB/s   0   
│sda2      99%    699.9     14.0KB/s  178.0   4.0KB  493%    3658.8KB/s   1   
│dm-0       0%      0.0      0.0KB/s    0.0   0.0KB    0%       0.0KB/s   0   
│dm-1      99%    699.9     14.0KB/s  178.5   4.0KB  494%    3658.8KB/s   1   
│dm-2       0%      0.0      0.0KB/s    0.0   0.0KB   76%    2553.5KB/s   0   
│Totals Read-MB/s=2.1      Writes-MB/s=0.0      Transfers/sec=534.4 

In the above example I’m getting about 178 IOPS for my disk ’sda’

Method #2:
run fio with the correct workload (google how to use fio) and while it’s running it will actually tell you the IOPS.

[root@reddragon ~]# fio random-read-test.fio 
random-read: (g=0): rw=randread, bs=4K-4K/4K-4K/4K-4K, ioengine=sync, iodepth=1
Starting 1 process
Jobs: 1 (f=1): [r] [85.1% done] [736K/0K/0K /s] [184 /0 /0  iops] [eta 00m:28s]

In this example I am getting 184 IOPS. Also if you wait until fio finishes it run - you can the IOPS reading from there. Eg.

random-read: (g=0): rw=randread, bs=4K-4K/4K-4K/4K-4K, ioengine=sync, iodepth=1
Starting 1 process
Jobs: 1 (f=1): [r] [98.9% done] [2224K/0K/0K /s] [556 /0 /0  iops] [eta 00m:02s]
random-read: (groupid=0, jobs=1): err= 0: pid=7239: Tue Feb 25 16:49:16 2014
  read : io=131072KB, bw=747406 B/s, iops=182 , runt=179578msec
    clat (usec): min=107 , max=117530 , avg=5473.62, stdev=4112.08
     lat (usec): min=107 , max=117531 , avg=5473.93, stdev=4112.08
    clat percentiles (usec):
     |  1.00th=[  245],  5.00th=[  302], 10.00th=[  370], 20.00th=[ 2480],

As you can see: iops=182 - pretty consistent with the other results!

Stop puppet spamming /var/log/messages

Hate Spam? Hate Puppet Spam in var/log/messages more? Quick buy now!

# Edit /etc/puppet/puppet.conf
# In the [agent] section add:
syslogfacility = local6

# Edit: vi /etc/rsyslog.conf 
# Do a quick to see if local6 is being used somewhere else first... 
# Add a line:
local6.*    /var/log/puppet/puppet.log

# Add setup the permissions and file
touch /var/log/puppet/puppet.log
chown puppet:puppet /var/log/puppet/puppet.log
chmod 640 /var/log/puppet/puppet.log
service rsyslog reload

And your done!

GlusterFS: host, is not befriended at the moment

When attempting to expand the replication distrubted file system of our cluster nodes I struck the error message:

[root@index03 ~]# gluster volume replace-brick drvol01 index04:/srv/gluster/drbrk02 index05:/srv/gluster/drbrk01 start
index05, is not befriended at the moment

Which was strange considering the previous ‘peer probe’ from another host to join the new server (index05) was successfully:

[root@index04 ~]# gluster peer probe index05
Probe successful 

I think the only clue was (on the last line):

[root@index03 drbrk02]# gluster peer status
Number of Peers: 4

Hostname: index02
Uuid: 31c0f246-0a8b-4c68-8ffa-42b2e6bb42ce
State: Peer in Cluster (Connected)

Hostname: index04
Uuid: ca61b983-b8fd-4fcc-848a-6c33f102cd5c
State: Peer in Cluster (Connected)

Hostname: index01
Uuid: b9bc474c-0017-4191-82b9-5760ba0d00fc
State: Peer in Cluster (Connected)

Hostname: index05
Uuid: c6a7cb83-4c1f-42ff-8421-bea9cc911d0f
State: Accepted peer request (Connected)

Anyway I confirmed that there were no firewall rules blocking the requests Doco: Gluster Firewall Ports and restarted the glusterd service on index05, which seems to have resolved the problem.

[root@index03 ~]# gluster peer status
Number of Peers: 4

Hostname: index02
Uuid: 31c0f246-0a8b-4c68-8ffa-42b2e6bb42ce
State: Peer in Cluster (Connected)

Hostname: index04
Uuid: ca61b983-b8fd-4fcc-848a-6c33f102cd5c
State: Peer in Cluster (Connected)

Hostname: index01
Uuid: b9bc474c-0017-4191-82b9-5760ba0d00fc
State: Peer in Cluster (Connected)

Hostname: index05
Uuid: c6a7cb83-4c1f-42ff-8421-bea9cc911d0f
State: Peer in Cluster (Connected)

In summary I believe there were firewall rules in place, when the ‘gluster peer probe index05′ was run. The rules were removed, but the gluster daemon on index05 then required a restart to become active in the cluster.

Import private key and certificate into java keystore

How to import RSA private key into java keystore for tomcat
# You need:
# Your CA signed certificate (
# Your private key (RSA)
# Your CA intermediate Certificate

# Import the certificates and key into a PKCS12 bundle

openssl pkcs12 -export -in certs/ -inkey -CAfile certs/DigiCertCA.crt  
-name "" -out

(Remember the password you assigned it)

# Check if it worked:

openssl pkcs12 -in  -info

# Import the PKCS12 bundle into a java keystore:

keytool -importkeystore -deststorepass YOUR-PASSWORD -destkeystore acme-keystore  -srckeystore 
-srcstoretype PKCS12 -srcstorepass YOUR-PASSWORD 

Entry for alias successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or cancelled

# Check your keystore:

keytool -list -keystore acme-keystore

Output should be similar to:

Enter keystore password:  YOUR-PASSWORD

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name:
Creation date: Jan 3, 2013
Entry type: PrivateKeyEntry
Certificate chain length: 1
keytool -list -keystore acme-keystore
Enter keystore password:  

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry, Jan 3, 2013, PrivateKeyEntry, 
Certificate fingerprint (SHA1): FA:A6:A3:42:95:34:15:68:26:35:40:18:8D:50:68:D4:15:C8:12:9E

# And match it against the import:

openssl x509 -fingerprint -in certs/ -noout
SHA1 Fingerprint=FA:A6:A3:42:95:34:15:68:26:35:40:18:8D:50:68:D4:15:C8:12:9E

Generate Entropy for Linux under VMware

Often with virtualised servers you can have a slow time generating entropy for virtualised systems and you get stuck with this message:

 We need to generate a lot of random bytes. It is a good idea to perform some other action (type on
 the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the 
random number generator a better chance to gain  enough entropy.

The quickest way in my opinion is the following command. Just make sure you have a dvd / cdrom iso mounted and connected with vmware.

 until [ 1 = 0 ]; do dd if=/dev/sr0 of=/tmp/dvd.iso; rm /tmp/dvd.iso -f; done 

and ^C when your done!