Management and monitoring of Linux basic--linux process

This article focuses on the concept of process in Linux and the management tools of the process. Original: http://liaoph.com/inux-process-management/

The concept of a process what is a process

A process is an entity that is a program in a computer. A program is usually made up of instructions and related data, and in a Linux system, a program is typically run by a user through a command-line interpreter, such as a bash shell, or derived from another process.

Process identifiers

Each process has a unique identifier represented by a nonnegative integer, and the process runtime PID is randomly assigned by the operating system, and the process ID can be reused. When a process terminates, its process ID can be used again. Most UNIX systems implement deferred reuse algorithms that give the new process an ID that is different from the ID used by the most recently terminated process.

Some special processes

There are some specialized processes in the system. A process with ID 0 is usually a dispatch process, often referred to as a "swap process" (swapper). The process is part of the kernel and it is not a disk program. The process with ID 1 is the init process, which is called by the kernel at the end of the system bootstrap process. The program file for the process is /sbin/init . This process is responsible for starting a Unix system after the bootstrap kernel. Init typically reads system-related initialization files ( /etc/rc* or /etc/inittab , as well as /etc/init.d/ files in), and boots the system into a state. The init process does not terminate, and all processes resulting from system startup are derived from the init process.

PPID

In addition to having a PID, each process will have PPID, which is the parent process ID, through which PPID can find information about the parent process. All processes are derived from the INIT process after the system is started.

Because all processes come from a process, the Linux process model is also called the process tree.

Use pstree the command to view the current process tree for your system:

[[Email protected]~]#Pstreeinit─┬─Abrtd├─Acpid├─Atd├─Auditd───{Auditd} ├─AutoMount───4*[{AutoMount}] ├─Console-Kit-Dae───63*[{Console-Kit-Da}] ├─Crond├─Cupsd├─Dbus-Daemon├─2*[Dhclient] ├─Hald─┬─Hald-Runner─┬─Hald-Addon-Acpi│ │ └─hald-addon-inpu │ └─{hald} ├─  Login───bash ├─master─┬─pickup │ └─qmgr ├─5*[ mingetty]... (omitted)                  

Memory space of the process

In a multitasking operating system, there may be thousands of processes, and only one physical memory, in order to prevent the process from accessing the memory space that is not originally part of the process, the modern operating system will use "memory protection" technology.

Each process runs in its own memory sandbox (sandbox). This sandbox is called "virtual address space", in a 32-bit system, it is a 4GB-size memory address space, virtual memory is linear addressable, its use is the page, the corresponding physical memory is called a page box frame). These virtual addresses are mapped to real physical memory through the page table, which is managed by the operating system kernel and the processor (memory management unit). Each process has its own page table. It is important to note that all processes run in "virtual memory", even the kernel itself. As a result, part of the virtual address space is intended for use by the kernel.

The 1GB of the highest address in the virtual address space in the Linux system is the kernel space (kernel spaces), but that does not mean that the kernel actually uses so much physical memory. In the page table, the kernel space is marked as a privileged directive (privileged Code,cpu's ring 0), so a normal process will have a page error when accessed (page fault). For all processes, the kernel space in the virtual address space is mapped to the same physical memory address, and the user space for each process is mapped to the physical memory address in a different situation.

A process may not need to use all of the code and data in the virtual memory at the same time, Linux uses the request paging technology (demand paging), some data may exist in the process virtual address space, but it is not loaded into physical memory, only when the process attempts to access the data, The system hardware will produce a page error (page fault), which is the responsibility of the kernel to load the data into physical memory (which is not required if the data already exists in physical memory) and maps the virtual memory address to the physical memory address of the response.

For additional details about the memory space of the process, refer to:

Anatomy of a program in Memory
What a C programmer should know about memory
Journey to the Stack, part I

Status of the process

There may be a large number of processes in the system, and the number of CPUs is limited, so the process is not necessarily running. In a Linux system, the process has the following States:

executing: The process is running on the CPU.

Ready : The process is in the prepared state, it is placed in a running queue, waiting for the system to allocate CPU resources to it.

Stopped: The process is stopped, usually by receiving a signal that the process being debugged may be in a stopped state.

uninterruptible: Non-disruptive sleep, processes in this state typically need to wait for a resource, and the process ignores any signals during the wait process. A process that is blocked by disk device I/O may be in this state.

interrruptible: can interrupt the sleep state, the process needs to wait for a certain condition to be true before it continues to run, the process can be awakened by the signal can interrupt the sleep state.

Zombie: The child process has ended, and the parent process did not call the wait () or waitpid () system call to get the terminating state of the child process, causing the process descriptor to not be reclaimed.

Process Descriptor

To manage the process, the kernel needs to track the status of each process, such as the priority of the process, the PID, the address space of the process, and so on. The kernel uses a struct of type task_struct to hold this information, which is called the process descriptor, and for each process the kernel creates a process descriptor for it, and the kernel uses the structure of the doubly linked list to store these process descriptors.

How processes are produced

Processes are not created out of thin air, and each process is derived from its parent process, which is typically used by the parent process in a Linux system, or by a fork() vfork() system called clone() to generate a child process.

The process that fork creates is called a "subprocess" (child process). For example, when executing a command in the shell, the shell process calls fork () to produce a child process, and then the child process calls exec () to execute the command program, which returns control to the parent process shell process after the process finishes.

Copy when writing

In a Linux system, when a process uses fork () to produce a child process, the child process is not immediately assigned a physical page box. The Linux system uses write-time replication (copy on write, COW) technology. This means that when a child process is created, the same physical page frame is shared with its parent process (page frame), the child process actually uses the stack space of its parent process, and the kernel marks those shared areas as read-only. When any of the parent, child processes attempt to modify these zones, the kernel makes a copy of the memory that modifies the zone and marks it as writable, and for the original Shared memory page box, the kernel checks whether the page box is used by only one process, and if it is used by only one process, the page box is also writable. The reason for this is that the life cycle of a child process can be short, and using copy-on-write technology allocates memory for the process on demand, making the allocation of memory more efficient.

Zombie Process (Zombie)

When a process finishes its work, its parent process needs to call the wait () or waitpid () system call to get the terminating state of the child process.

A process uses fork to create a child process, and if the child process exits, and the parent process does not call wait or waitpid to get state information for the child process, the process descriptor for the child process is still saved in the system and is not freed. This process is called a zombie process.

Orphan processes (orphan process)

If the parent process terminates after the child process has been generated and the child process continues to run, the child process is called the orphan process, and the orphan process is adopted by the INIT process and its PPID becomes 1.

Process scheduling

At the same time, only one process can be run on a CPU core, and the CPU runs at a certain point which needs to rely on the operating system kernel for scheduling. The operating system assigns a priority to each process, and the system kernel schedules the process to run according to the priority.

Priority of the process

Linux has a 0~139 priority, where 1-99 is called real-time priority, and the higher the number the greater the priority. 100-139 is called the dynamic priority, and the kernel can adjust the dynamic priority of the process. You can also use nice or renice instruct to adjust the dynamic priority of a process.

The Linux system uses preemptive process scheduling. This means that when a process enters the task_running state (that is, the ready-to-run state), the kernel checks the priority of the secondary process and compares it with the priority of the currently running process, and if the secondary process has a greater priority, the currently running process is interrupted, and the scheduler picks up a process to run.

Scheduling policy

The Linux system maintains a running queue and an expiration queue for each priority, and the system picks up each time from the highest-priority run queue and puts it in its expiration queue. When the processes in the running queue all enter the expired queue, the expiration and run queues are swapped.

Daemon process

A daemon (Daemon) is a background service process that is typically not associated with a terminal, and the parent process of the user space Daemon is the init process. Many of the services in Linux run in daemon mode, and they do not change the state of the process as the terminal exits and logs on.

Process management and monitoring htop

Htop is an interactive system monitoring and process viewing tool in Linux systems designed to replace the traditional Unix system monitoring tool top. Htop's interface is more intuitive and more powerful, and it is an essential artifact for home travel kill anyone.

In the Centos/rhel system, Htop is provided by the Epel installation, after the installation of the boot interface as follows:

At the top, Htop provides CPU, memory, and Swap status, and identifies different types of CPU or memory usage using different colors, meaning the following:

At the top right, Htop provides the system with the number of all tasks running, 1 minutes, 5 minutes and 15 minutes of average load, and the system's start-up duration information.

The middle of the interface is information about the process, and htop sorts the processes by CPU usage by default. Here are the meanings of each field:

Pid: ProcessIduser: The user identity of the running processPri: Priority of the processNI：  process  nice  -20 ~ 19< Span class= "Pun", the smaller the value the higher the priority virt: Virtual memory usage of the process res  actual physical memory usage of the process shr: The area size of the shared memory map used in the process's memory s : Status of the process cpu%: Process  CPU  usage mem%: Memory utilization of the process time+: Process consumption  CPU  cumulative duration command : Startup instruction for the process                 

Htop can also use interactive commands

u：过滤仅显式指定用户的进程s：追踪选定进程的系统调用（类似于 strace 的功能）l：显式选定进程打开的所有文件（类似与 lsof 的功能）t：显示进程结构a：设定进程的 CPU affinity，可以将进程绑定在指定的 CPU 上

At the bottom of the Htop also provides F1 ~ F10 10 keys, respectively provide help, set, filter, search, adjust process priority, kill process and other functions.

It is worth saying that htop even supports the use of mouse click action.

Glances

Glances is a Python-developed system Status monitoring tool, and its monitoring indicators are particularly rich. Installation is provided by Epel in the CentOS system.

The Glances interface is as follows:

This shows the system's CPU usage, average load, memory usage, SWAP usage, network interface traffic rate, disk I/O rate, space usage for mounted partitions, and process status.

Glances can use interactive commands to turn on and off certain types of monitoring, change the unit of monitoring metrics, and change the sequence of processes.

A: Automatically sort the processC: According to CPU  usage sort the process m: Sort processes based on memory utilization i: According to  I/o  rate process sort d: Close/Open   disk Span class= "PLN" > I/o  state information f   file system status information 1: Global  CPU  status  /   single display  CPU  status u               

Dstat

The Dstat is a very powerful system performance monitoring tool that integrates the capabilities of the Vmstat,iostat,netstat and Ifstat four tools.

Dstat Common options:

-C: ShowCpuStatistical data related to performance indicators-D: ShowDiskCorrelated Rate Data-G: ShowPageCorrelated Rate Data-I: ShowInterruptCorrelated Rate Data-L: ShowLoad averageStatistical data related to-M: ShowMemoryStatistical data related to-N: Show the rate of data sent to and from the network-P: Show process-related statistics-R:IoRate of requests-S: ShowSwapThe relevant data-Y: Display system-related data, including interrupts and process transitions--Top-Cpu: Displays the most occupiedCpuThe process--Top-Bio: Displays the most consumedBlock IOThe process--Top-Io: Most occupiedIoThe process--Top-Mem: Displays the most memory-intensive processes--Ipc: Show rate data related to interprocess communication--Raw: ShowRawRelevant data for the socket--tcp:  show tcp  data related to sockets --udp:  show udp socket related data  --unix:  show unix sock interface related statistics --:  Show data about all types of sockets -a:  equivalent- cdngy                

Dstat can also support plug-in work, its plugins are located /usr/share/dstat in the directory, you can use these plugins to monitor MySQL and other programs.

Management and monitoring of Linux basic--linux process