# If cpu usage is high, dumping threads in the jvm may help # identify what work is being done. Taking multiple dumps # at 10s intervals will help spot threads that have been running, # or been blocked for a long time. # # If a problem is lots of threads running for a short amount # of time, a 10s interval may not show that readily. (I should # look into java flame graphs for java!) # # Intellij can help analyze thread dumps. Look for the analyze # thread dump action. jstack <pid> # A stronger version sudo jstack -F <pid>
# Look at garbage collection stats in the jvm sudo jstat -gcutil -h10 1002 250 20 S0 S1 E O M CCS YGC YGCT FGC FGCT GCT 0.00 0.00 100.00 100.00 93.19 90.39 276 36.911 10510 53321.125 53358.036 0.00 0.00 100.00 100.00 93.19 90.39 276 36.911 10510 53321.125 53358.036 0.00 0.00 100.00 100.00 93.19 90.39 276 36.911 10510 53321.125 53358.036 ... S0 - surviver space 1 utilization S1 - surviver space 1 utilization E - Eden space utilization O - Old gen space utilization M - ? CCS - ? YGC - # of young garbage collections YGCT - young gc time (units?) FGC - full garbage collections FGCT - full garbage collection time GCT - garbage collection time Collect 20 samples, from java process with pid 1002, at 250ms intervals, and reprint the header every 10 lines of output No header line sudo jstat -gcutil <pid> 250 7
A program that ships with the jdk that lets you introspect a running java process. (You can see exposed jmx beans, heap memory, threads, and a few other things) I usually use it to look at jmx beans
# Figure out the pid of your java process doing something like this or pidof ... ps aux | grep java # The run jconsole # JConsole will display a list of java processes it finds on your system. Pick the one you want!
Note: I have only ever done this in dev
Install and run with several jdk versions (And other tools I think)
Cacerts, trust store, root certs
# View trusted root certs in centos keytool -list -keystore /etc/pki/ca-trust/extracted/java/cacerts -storepass changeit # View an ssl cert from a remote host openssl s_client -showcerts -connect telusemrapi.telushealth.com:443 # View a particular cert in my trust store # Get alias from the cert list command above keytool -list -v -keystore /etc/pki/ca-trust/extracted/java/cacerts -alias digicertassuredidrootca -storepass changeit