Chapter 21
Optimizing Performance

  • Objective 4.2: Given a scenario, analyze system processes in order to optimize performance.

images This chapter discusses how Linux handles applications running on the system. Linux must keep track of lots of different programs, all running at the same time. Your goal as the Linux administrator is to make sure everything runs smoothly! This chapter shows just how Linux keeps track of all the active programs and how you can peek at that information. You’ll also see how to use command-line tools to manage the programs running on your Linux system.

Looking at Processes

At any given time there are lots of active programs running on the Linux system. Linux calls each running program a process. A process can run in the foreground, displaying output on a console display or graphical desktop window, or it can run in background, working on data behind the scenes. The Linux system assigns each process a process id (PID) and manages how the process uses memory and CPU time based on that PID.

When a Linux system first boots, it starts a special process called the init process. The init process is the core of the Linux system; it runs scripts that start all of the other processes running on the system, including the processes that start the text consoles and graphical windows you use to log in (see Chapter 6).

You can watch just which processes are currently running on your Linux system by using the ps command. The default output of the ps command looks like this:

$ ps
PID    TTY      TIME       CMD
 2797 pts/0    00:00:00 bash
 2884 pts/0    00:00:00 ps
$

By default, the ps command only shows the processes that are running in the current user shell. In this example, we only had the command prompt shell running (Bash) and, of course, the ps command itself.

The basic output of the ps command shows the PID assigned to each process, the terminal (TTY) that they were started from, and the CPU time that the process has used.

The tricky feature of the ps command (and the reason that makes it so complicated) is that at one time there were two versions of it in Linux. Each version had its own set of command-line parameters controlling the information it displayed. That made switching between systems somewhat complicated.

Recently, the GNU developers decided to merge the two versions into a single ps program, and of course, they added some additional parameters of their own. The current ps program used in Linux supports three different styles of command-line parameters:

  • Unix-style parameters, which are preceded by a dash
  • BSD-style parameters, which are not preceded by a dash
  • GNU long parameters, which are preceded by a double dash

This makes for lots of possible parameters and options to use with the ps command. You can consult the ps manual page to see all of the possible parameters that are available. Most Linux administrators have their own set of commonly used parameters that they remember for extracting pertinent information. For example, if you need to see every process running on the system, use the Unix-style -ef parameter combination, like this:

$ ps -ef
UID        PID  PPID  C STIME TTY          TIME CMD
root         1     0     0  09:02 ?        00:00:02 /sbin/init
root         2     0     0  09:02 ?        00:00:00 [kthreadd]
root         3     2     0  09:02 ?        00:00:00 [ksoftirqd/0]
root         4     2     0  09:02 ?        00:00:00 [kworker/0:0]
root         5     2     0  09:02 ?        00:00:00 [kworker/0:0H]
root         6     2     0  09:02 ?        00:00:00 [kworker/u2:0]
root         7     2     0  09:02 ?        00:00:02 [rcu_sched]
root         8     2     0  09:02 ?        00:00:01 [rcuos/0]
root         9     2     0  09:02 ?        00:00:00 [rcu_bh]
root        10     2     0  09:02 ?        00:00:00 [rcuob/0
...
$

This format provides some useful information about the processes running:

  • UID: The user responsible for running the process
  • PID: The process ID of the process
  • PPID: The process ID of the parent process (if the process was started by another process)
  • C: The processor utilization over the lifetime of the process
  • STIME: The system time when the process was started
  • TTY: The terminal device from which the process was started
  • TIME: The cumulative CPU time required to run the process
  • CMD: The name of the program that was started in the process

Also notice in the -ef output that some process command names are shown in brackets. That indicates processes that are currently swapped out from physical memory into virtual memory on the hard drive. Processes that are swapped into virtual memory are called sleeping. Often the Linux kernel places a process into sleep mode while the process is waiting for an event.

When the event triggers, the kernel sends the process a signal. If the process is in interruptible sleep mode, it will receive the signal immediately and wake up. If the process is in uninterruptible sleep mode, it only wakes up based on an external event, such as hardware becoming available. It will save any other signals sent while it was sleeping and act on them once it wakes up.

images If a process has ended but its parent process hasn’t acknowledged the termination signal because it’s sleeping, the process is considered a zombie. It’s stuck in a limbo state between running and terminating until the parent process acknowledges the termination signal.

Monitoring Processes in Real Time

The ps command is a great way to get a snapshot of the processes running on the system, but sometimes you need to see more information to get an idea of just what’s going on in your Linux system. If you’re trying to find trends about processes that are frequently swapped in and out of memory, it’s hard to do that with the ps command.

Instead, the top command can solve this problem. The top command displays process information similar to the ps command, but it does it in real-time mode. Figure 21.1 shows a snapshot of the top command in action.

“The figure shows a snapshot of the top command in action. rich@rich-VirtualBox: File Edit View Search Terminal Help top - 01:32:38 up 30 min, 1 user, load average: 1.15, 1.11, 1.24 Tasks: 237 total, 1 running, 199 sleeping, 0 stopped, 1 zombie %Cpu(s): 4.0 us, 1.0 sy, 0.0 ni, 93.0 id, 2.0 wa, 0.0 hi, 0.0 si, 0.0 st KiB Mem: 5071912 total, 2535896 free, 1351560 used, 1184456 buff/cache KiB Swap: 999420 total, 999420 free, 0 used. 3467360 avail Mem PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 1542 rich 20 0 3015484 316148 94276 S 3.0 6.2 10:11.78 gnome-shell 1371 rich 20 0 403128 91604 34856 S 1.0 1.8 4:33.58 Xorg 2828 rich 20 0 49012 3908 3192 R 1.0 0.1 0:00.41 top 2755 root 20 0 0 0 0 I 0.3 0.0 0:00.13 kworker/u2:1 2806 rich 20 0 875340 42128 29164 S 0.3 0.8 0:02.52 gnome-termi+ 1 root 20 0 160148 9424 6708 S 0.0 0.2 0:02.50 systemd 2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd 0 4 root 0 -20 0 0 I 0.0 0.0 0:00.00 kworker/O:OH 0 6 root 0 -20 0 0 I 0.0 0.0 0:00.00 mm_percpu_wq 7 root 20 0 0 0 0 S 0.0 0.0 0:00.45 ksoftirqd/0 8 root 20 0 0 0 0 I 0.0 0.0 0:01.21 rcu_sched 9 root 20 0 0 0 0 I 0.0 0.0 0:00.00 rcu_bh rt 10 root rt 0 0 0 S 0.0 0.0 0:00.00 migration/0 rt 11 root rt 0 0 0 S 0.0 0.0 0:00.00 watchdog/0 12 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/0 13 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kdevtmpfs 0 14 root 0 -20 0 0 I 0.0 0.0 0:00.00 netns”

Figure 21.1 The output of the top command

The first section of the top output shows general system information. The first line shows the current time, how long the system has been up, the number of users logged in, and the load average on the system.

The load average appears as three numbers, the 1-minute, 5-minute, and 15-minute load averages. The higher the values, the more load the system is experiencing. It’s not uncommon for the 1-minute load value to be high for short bursts of activity. If the 15-minute load value is high, your system may be in trouble.

The second line shows general process information (called tasks in top): how many processes are running, sleeping, stopped, or in a zombie state.

The next line shows general CPU information. The top display breaks down the CPU utilization into several categories depending on the owner of the process (user versus system processes) and the state of the processes (running, idle, or waiting).

Following that, there are two lines that detail the status of the system memory. The first line shows the status of the physical memory in the system, how much total memory there is, how much is currently being used, and how much is free. The second memory line shows the status of the swap memory area in the system (if any is installed), with the same information.

Finally, the next section shows a detailed list of the currently running processes, with some information columns that should look familiar from the ps command output:

  • PID: The process ID of the process
  • USER: The user name of the owner of the process
  • PR: The priority of the process
  • NI: The nice value of the process
  • VIRT: The total amount of virtual memory used by the process
  • RES: The amount of physical memory the process is using
  • SHR: The amount of memory the process is sharing with other processes
  • S: The process status (D = interruptible sleep, R = running, S = sleeping, T = traced or stopped, and Z = zombie)
  • %CPU: The share of CPU time that the process is using
  • %MEM: The share of available physical memory the process is using
  • TIME+: The total CPU time the process has used since starting
  • COMMAND: The command-line name of the process (program started)

By default, when you start top it sorts the processes based on the %CPU value. You can change the sort order by using one of several interactive commands. Each interactive command is a single character you can press while top is running and changes the behavior of the program. These commands are shown in Table 21.1.

Table 21.1 The top interactive commands

Command Description
1 Toggles the single CPU and Symmetric Multiprocessor (SMP) state
b Toggles the bolding of important numbers in the tables
I Toggles Irix/Solaris mode
z Configures color for the table
l Toggles display of the load average information line
t Toggles display of the CPU information line
m Toggles display of the MEM and SWAP information lines
f Adds or removes different information columns
o Changes the display order of information columns
F or O Selects a field on which to sort the processes (%CPU by default)
< or > Moves the sort field one column left (<) or right (>)
r Toggles normal or reverse sort order
h Toggles showing of threads
c Toggles showing of the command name or the full command line (including parameters) of processes
i Toggles showing of idle processes
S Toggles showing of the cumulative CPU time or relative CPU time
x Toggles highlighting of the sort field
y Toggles highlighting of running tasks
z Toggles color and mono mode
u Shows processes for a specific user
n or # Sets the number of processes to display
k Kills a specific process (only if process owner or if root user)
r Changes the priority (renice) of a specific process (only if process owner or if root user)
d or s Changes the update interval (default three seconds)
W Writes current settings to a configuration file
q Exits the top command

You have lots of control over the output of the top command. Use the F or O command to toggle which field the sort order is based on. You can also use the r interactive command to reverse the current sorting. Using this tool, you can often find offending processes that have taken over your system.

images While not specifically process oriented, the Linux time command can come in handy when troubleshooting applications. Running an application as a parameter to the time command displays the amount of CPU time the application consumed: 

$ time ./test.sh
...
real 0m3.453s
user 0m0.161s
sys 0m0.119s
$

This can provide some useful information when troubleshooting application issues.

Managing Processes

One of the jobs of a Linux system administrator is to be on the watch for runaway processes that can take down the Linux system. You’ve already seen how to use the ps and top commands to monitor how processes are doing on the system; the next step is to see how to stop a runaway process.

Setting Priorities

By default, all processes running on the Linux system are created equal; that is, they all have the same priority to obtain CPU time and memory resources. However, you may run some applications that either don’t need to have the same level of priority or may need a higher level of priority.

The nice and renice commands allow you to set and change the priority level assigned to an application process. The nice command allows you to start an application with a non-default priority setting. The format looks like this:

nice -n value command

images The kernel is the final judge in determining whether it can start an application with a different priority level, even if you tell it to. If the Linux system is heavily loaded the kernel can choose to ignore any nice or renice commands.

The value parameter is a numeric value from -20 to 19. The lower the number, the higher priority the process receives. The default priority is zero. The command parameter indicates the program to start at the specified priority:

$ nice -n 10 ./myscript.sh
$

To change the priority of a process that’s already running, use the renice command:

renice priority [-p pids] [-u users] [-g groups]

The renice command allows you to change the priority of multiple processes based on a list of PID values, all of the processes started by one or more users, or all of the processes started by one or more groups.

$ renice 15 -p 3178
$

images Only the root user account can set a priority value less than 0 or decrease the priority value (increase the priority) of a running process.

Stopping Processes

Sometimes a process gets hung up and just needs a gentle nudge to either get going again or stop. Other times, a process runs away with the CPU and refuses to give it up. In both cases, you need a command that will allow you to control a process. To do that, Linux follows the Unix method of inter-process communication.

In Linux, processes communicate with each other using process signals. A process signal is a predefined message that processes recognize and may choose to ignore or act on. The developers program how a process handles signals. Most well-written applications have the ability to receive and act on the standard Unix process signals. These signals are shown in Table 21.2.

Table 21.2 Linux process signals

Number Name Description
1 HUP Hangs up
2 INT Interrupts
3 QUIT Stops running
9 KILL Unconditionally terminates
11 SEGV Segments violation
15 TERM Terminates if possible
17 STOP Stops unconditionally, but doesn’t terminate
18 TSTP Stops or pauses, but continues to run in background
19 CONT Resumes execution after STOP or TSTP

While a process can send a signal to another process, there are two commands available in Linux that allow you to send process signals to running processes.

The kill Command

The kill command allows you to send signals to processes based on their process ID (PID). By default, the kill command sends a TERM signal to all the PIDs listed on the command-line. Unfortunately, you can only use the process PID instead of its command name, making the kill command difficult to use sometimes.

To send a process signal, you must either be the owner of the process or be logged in as the root user. 

$ kill 3940
 -bash: kill: (3940) - Operation not permitted
 $

The TERM signal only asks the process to kindly stop running. Unfortunately, if you have a runaway process, most likely it will ignore the request. When you need to get forceful, the -s parameter allows you to specify other signals (either using their name or using their signal number).

The generally accepted procedure is to first try the TERM signal. If the process ignores that, try the INT or HUP signal. If the program recognizes these signals, it will try to gracefully stop doing what it was doing before shutting down. The most forceful signal is the KILL signal. When a process receives this signal, it immediately stops running. Use this as a last resort, as it can lead to corrupt files.

One of the scary things about the kill command is that there’s no output from it: 

$ sudo kill -s HUP 3940
$

To see if the command was effective, you’ll have to perform another ps or top command to see if the offending process stopped.

images Be careful of killing processes that may have open files. Files can be damaged and unrepairable if the process is abruptly stopped. It’s usually a good idea to run the lsof command first to see a list of the open files and their processes.

The pkill Command

The pkill command is a powerful way to stop processes by using their names rather than the PID numbers. The pkill command allows you to use wildcard characters as well, making it a very useful tool when you’ve got a system that’s gone awry: 

$ sudo pkill http*
$

This example will kill all of the processes that start with http, such as the httpd services for the Apache Web server.

images Be careful with the search capability of the pkill command. It’s usually a good idea to check the search term against the currently running processes to make sure you don’t accidentally kill any other processes that match the search. The pgrep command allows you to display all processes that match the search term.

Exercise 21.1 Managing a running process

This exercise demonstrates how to monitor the running processes on your Linux system and how to remove a process you no longer want running.

  1. Log into your Linux graphical desktop and open two new command prompt windows. If you’re using virtual terminals, open two separate virtual terminal sessions.
  2. In the first command prompt, enter a command to run the sleep program for 1000 seconds by typing sleep 1000.
  3. In the second command prompt window or virtual terminal session, look for the PID of the sleep program by typing pgrep sleep.
  4. Once you know the PID, use the kill command to stop it prematurely by typing sudo kill -HUP pid, where pid is the PID of the sleep program you found in step 3.
  5. Observe the command prompt in the first window. It should return, indicating that the sleep program is no longer running.
  6. Check the running processes to ensure that the command is no longer running by typing pgrep sleep.

Summary

Managing applications running on Linux systems is a crucial job for administrators. The Linux system allocates CPU time and memory for each process, and knowing how each process consumes those resources is helpful. You can view the running applications and the resources they consume by using the ps command. There are many different ways to view process information using the ps command, allowing you to customize the display exactly how you like.

For real-time monitoring of applications, use the top command. With the top command, you can view a real-time display of applications, their system state, and the resources they consume. The top command allows you to sort the display based on many different features, such as CPU usage or memory usage.

For managing applications as they run on the system, you can use the nice and renice commands. The nice command allows you to start an application at a different priority level than the applications that are already running. This allows users to run applications in the background at a lower priority or allows the system administrator to start applications with a higher priority. With the renice command, you can change the priority of an application that’s already running.

If an application causes problems and needs to be stopped, you can use the standard Linux kill command, but you need to know the process ID assigned to the application by the system. The pkill command is customized for stopping applications by their name instead of process ID. You can also use wildcard characters to stop multiple applications, but that can be dangerous. To test which applications would be stopped, use the pgrep command to search for running applications using the wildcard search.

Exam Essentials

Explain how to view the status of applications running on the Linux system. The ps and top commands display the status of applications running on the system. Both commands display the status of each application, whether it’s running, sleeping, or waiting for resources.

Explain how you would find what applications are using the most resources on your system. The top command allows you to monitor the applications running on the Linux system in real time. It displays the amount of CPU and memory each application is consuming and allows you to sort the display on any of the displayed data fields. This allows you to easily monitor which applications are using the most CPU time or the most memory at any given moment.

Describe how you can stop an application that’s causing problems on the Linux system. Linux applications are programmed to respond to Linux signals. The kill command allows you to send Linux signals to running applications. If you send a KILL signal to an application, it will stop running on the system. Alternatively, you can send an INT signal to interrupt the application, allowing you to close it down gracefully if the application responds. The pkill application allows you to send Linux signals to applications based on their process name and allows you to specify the process name using wildcard characters. This combination can come in handy if you need to stop multiple applications spawned from a single parent application.

Review Questions

  1. What are the three types of option styles available for the ps command? (Choose three.)

    1. BSD style
    2. Linux style
    3. Unix style
    4. GNU style
    5. Numeric style

  2. How do you identify the legacy Unix style options for the ps command?

    1. Use a double dash in front of the option.
    2. Use a single dash in front of the option.
    3. Do not place a dash in front of the option.
    4. Unix-style options are numerical.
    5. Unix-style options use hexadecimal numbers.

  3. By default, if you specify no command-line options, what does the ps command display?

    1. All processes running on the terminal
    2. All active processes
    3. All sleeping processes
    4. All processes run by the current shell
    5. All processes run by the current user

  4. Charles noticed that his Linux system is running slow and needs to find out what application is causing the problem. What tool should he use to show the current CPU utilization of all the processes running on his system?

    1. top
    2. ps
    3. lsof
    4. pkill
    5. kill

  5. What top command displays cumulative CPU time instead of relative CPU time?

    1. l
    2. F
    3. r
    4. y
    5. S

  6. Shelly thinks that one of the applications on her Linux system is taking up too much physical memory and may have a problem. What column of data from the top display should she focus on?

    1. VIRT
    2. RES
    3. SHR
    4. S
    5. %MEM

  7. Jessica has an application that crunches lots of numbers and uses a lot of system resources. She wants to run the application with a lower priority so it doesn’t interfere with other applications on the system. What tool should she use to start the application program?

    1. renice
    2. pkill
    3. nice
    4. kill
    5. pgrep

  8. Jimmy noticed his Linux system was running slow. He ran the top command and found out that a data-intensive application was consuming most of the CPU time. He doesn’t want to kill the application but wants to give it a lower priority so it doesn’t take up too much CPU time. What tool should he use to change the priority of the running application?

    1. renice
    2. pkill
    3. nice
    4. kill
    5. pgrep

  9. Hank needs to stop an application from running on his Linux system. He knows the name of the application file, but not the process ID assigned to it. What tool can he use to stop the application?

    1. renice
    2. pkill
    3. nice
    4. kill
    5. pgrep

  10. Frankie used the ps command to find the process ID of an application that he needs to stop. What command-line tool should he use to stop the application based on its process ID?

    1. renice
    2. pkill
    3. nice
    4. kill
    5. pgrep
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset