Preliminary Study on centos Process Management Mechanism

I. concept and classification of processes
1. Process Concept
Linux is a multi-user and multi-task operating system. Multi-User means that multiple users can use the same linux system at the same time. Multi-task means that multiple tasks can be executed simultaneously in Linux, linux uses the time-sharing management method. All tasks are placed in a queue. The operating system allocates appropriate time slices for each task based on the priority of each task. Each time slice is short, the user does not feel that multiple tasks are running, so that all tasks share system resources. Therefore, linux can temporarily suspend a task when it is not completed, another task will be executed. After a while, the task will be processed and removed from the task queue until the task is completed. This is the concept of multitasking.
The above is a single CPU multi-task operating system. In this environment, although the system can run multiple tasks, the CPU can only execute one process at a certain time point, in a multi-CPU and multi-task operating system, multiple processes can run simultaneously at a certain time point because multiple CPUs exist.
The basic definition of a process is an independent program running in its own virtual address space. From the operating system perspective, everything running on the system can be called a process.
Note that a program is different from a process. Although a process is generated by a program, it is not a program. A program is a set of process commands, it can enable one or more processes. At the same time, programs only occupy disk space, instead of system running resources, while processes only occupy system memory space, which is dynamic and variable, shut down the process and the occupied memory resources are released.
For example, if a user opens a file on linux, a process that opens the file will be generated, the file will be closed, and the process will also be closed at random. If you start a service on the system, such as starting the tomcat service, a corresponding java Process will be generated. If you start the apache service, multiple httpd processes are generated.

2. Process Classification
Processes are classified into two categories by process functions and running programs:
Guest System Process: manages memory resource allocation and process switching. In addition, the operation of this process is not subject to user intervention, and even root users cannot interfere with the operation of system processes.
Guest user process: processes generated by Executing User Programs, applications, or system programs outside the kernel. Such processes can be run or closed under user control.
User processes can be divided into three types: interaction process, batch processing process, and daemon process.
Worker interaction process: a process started by a shell terminal. During execution, it must interact with the user. It can run on the foreground or the background.
Batch batch processing process: this process is a collection of processes that start other processes in order.
Ghost daemon: a daemon is a type of process that runs all the time. It is often started when the linux system is started and terminated when the system is disabled. They are independent of control terminals and periodically execute a task or wait for some events to be processed. For example, the httpd process is always running and waiting for user access. There are also commonly used crond processes, which are similar to windows scheduled tasks and can periodically execute user-defined tasks.

3. process attributes
(1) Several statuses of processes
After a process is started, it may not start running immediately. Therefore, there are many statuses of the process.
Running: A process in this status is either running or preparing to run.
A pending state that can be interrupted: This type of process is in a blocking state. Once a certain condition is reached, it will change to a running state. At the same time, the process in this status will also be awakened to enter the running status due to receiving signals.
Wait state without interruption: similar to the meaning of "stoppedwait State", the only difference is that a process in this state does not respond to the signal.
Zombie: A zombie process. Each process is in zombie state after completion. Wait for the parent process to call and release resources. The process in this state has ended, however, its parent process has not released its system resources.
Pause: indicates that the process is temporarily stopped to receive some special processing,
(2) Relationship between processes
In linux, process IDS (expressed by PID) are unique identifiers for distinguishing different processes. Their size is limited and the maximum ID is 32768, UID and GID are used to indicate the users and user groups that start the process. All processes are descendants of the init process whose PID is 1. The kernel starts the init process at the final stage of system startup. Therefore, this process is the parent process of all processes in linux, PPID indicates the parent process.
The sendmail process information output through the ps command is as follows:
[Root @ localhost ~] # Ps-ef | grep sendmail
UID PID PPID C STIME TTY TIME CMD
Root 3614 1 0 Oct23? 00:00:00 sendmail: accepting connections
Compared with the parent process, a child process exists. Generally, each process must have a parent process. The parent process and the child process are in a management-managed relationship. When the parent process is stopped, the child process disappears, but the child process is closed, and the parent process may not be terminated.
If the parent process exits before the child process exits, all the child processes will become an orphan process. If there is no corresponding processing mechanism, these orphan processes will remain frozen, resources cannot be released. The solution is to find a process in the started process as the parent process of these orphan processes, or directly make the init process as their parent process, then, the resources occupied by orphan processes are released.

2. Process Monitoring and Management
In Linux, there are many commands for monitoring and managing processes. The following describes how to effectively monitor and manage various processes in linux using the following commands: ps, top, pstree, and lsof.

2.1 use ps commands to monitor system processes
Ps is the most common process monitoring command in linux. For the syntax and usage options of ps commands, we have explained in detail in Chapter 4, this article focuses on how to monitor and manage system processes using ps commands.
See the following example:
The output information of the apache process is as follows:
[Root @ localhost ~] # Ps-ef | grep httpd
UID PID PPID C STIME TTY TIME CMD
Nobody 7272 26037 0 Nov06? 00:00:00/apache2/bin/httpd-k start
Nobody 7274 26037 0 Nov06? 00:00:00/apache2/bin/httpd-k start
Nobody 7400 26037 0 Nov06? 00:00:00/apache2/bin/httpd-k start
Nobody 7508 26037 0? 00:00:00/apache2/bin/httpd-k start
Nobody 7513 26037 0? 00:00:00/apache2/bin/httpd-k start
Nobody 7515 26037 0? 00:00:00/apache2/bin/httpd-k start
Nobody 11998 26037 0? 00:00:00/apache2/bin/httpd-k start
Nobody 12941 26037 0? 00:00:00/apache2/bin/httpd-k start
Nobody 12979 26037 0? 00:00:00/apache2/bin/httpd-k start
Root 26037 1 0 Oct23? 00:00:00/apache2/bin/httpd-k start
UID indicates the user ID, PID indicates the process ID, PPID indicates the parent process, STIME indicates the start time of the process, and TTY indicates the terminal console to which the process belongs, TIME indicates the total CPU usage TIME after the process starts, and CMD indicates the command being executed.
It can be clearly seen that the correspondence between the parent process and the child process, all processes with PPID 26037 are sub-processes, and processes with PID 26037 are the parent processes of all sub-processes, the sub-process is started by the nobody user, and the parent process is started by the root user. The PPID of the parent process is 1, that is, the parent process is the sub-process of the init process at the same time.
In fact, you can also view the correspondence between the child process and the parent process through the following command. See the following operations:
[Root @ localhost ~] # Ps auxf | grep httpd
User pid % CPU % MEM VSZ RSS TTY STAT START TIME COMMAND
Root 26037 0.0 0.1 6316 2884? Ss Oct23 0: 00/apache2/bin/httpd-k start
Nobody 7272 0.0 0.1 7016? S Nov06 0: 00 \ _/apache2/bin/httpd-k start
Nobody 7274 0.0 0.1 7016? S Nov06 0: 00 \ _/apache2/bin/httpd-k start
Nobody 7400 0.0 0.1 7012? S Nov06 0: 00 \ _/apache2/bin/httpd-k start
Nobody 7508 0.0 0.1 7012? S \ _/apache2/bin/httpd-k start
Nobody 7513 0.0 0.1 7012? S \ _/apache2/bin/httpd-k start
Nobody 12979 0.0 0.1 7016? S \ _/apache2/bin/httpd-k start
Nobody 12980 0.0 0.1 7012? S \ _/apache2/bin/httpd-k start
Nobody 12982 0.0 0.1 7016? S \ _/apache2/bin/httpd-k start
Nobody 22664 0.0 0.1 6880? S \ _/apache2/bin/httpd-k start
Here, % CPU indicates the percentage of CPU occupied by the process, % MEM indicates the percentage of memory occupied by the process, VSZ indicates the virtual size of the process, and RSS indicates the actual memory of the process (resident set) size (unit: page ). STAT indicates the state of a process. There are many statuses of a process: "R" indicates a running process, and "S" indicates a process in sleep state, "Z" indicates a zombie process, "<" indicates a process with a higher priority, "N" indicates a process with a lower priority, and "s" indicates a parent process, use "+" to indicate the process located in the background. START indicates the START time of the process.
In this example, the relationship between processes is represented in a tree structure. We can clearly see that the first process is the parent process, and other processes are subprocesses. At the same time, the output shows the percentage of CPU and memory occupied by each process, as well as the status of the process.

2.2 Use pstree to monitor system processes
The pstree command displays the relationship between programs and processes in a tree structure. The format is as follows:
Pstree [-acnpu] [<PID>/<user>]
The options are as follows:
Running-a displays the complete commands for starting each process, including the path and parameters of the process to be started.
Objective-c does not use the streamlining method to display process information, that is, the displayed process contains sub-processes and parent processes.
Sort-n sorts the output according to the PID Number of the process. By default, the output is sorted by program name.
Progress-p displays the PID of the process.
Worker-u displays the User Name of the process.
PID: The PID number corresponding to the process, or the process identification number.
Guest user: the user name of the system.
Pstree clearly shows the relationship between the program and the process. If the PID Number of the process is not specified or the user name is not specified, the init process is used as the root process, displays information about all programs and processes of the system. If a user or PID is specified, all programs and processes corresponding to the user or PID are displayed as the root process.
Example:
If you want to know which processes are started under a user, the pstree command can be easily implemented. The following shows the corresponding process information of the mysql user and runs the following command:
[Root @ localhost ~] # Pstree mysql
Mysqld --- 6 * [{mysqld}]
The output shows that the process corresponding to the mysql user is mysqld, And the mysqld process has five sub-processes (five sub-processes plus one parent process, a total of six processes ).
To learn more about each process, for example, the PID of each sub-process and its parent process, run the following command:
[Root @ localhost ~] # Pstree-c-p mysql
Mysqld (18785)-+-{mysqld} (18787)
|-{Mysqld} (18788)
|-{Mysqld} (18789)
|-{Mysqld} (18790)
|-{Mysqld} (18791)
'-{Mysqld} (29625)
The "-p,-c" parameters clearly show the Parent and Child processes, as well as their various PIDs.
If you know the PID corresponding to the process and want to get the user who started the process, run the following command:
[Root @ localhost ~] # Pstree-u 26037
Httpd --- 10 * [httpd (nobody)]
As shown above, the httpd process is started by the nobody user.
To view the PID corresponding to the httpd parent process and each sub-process, run the following command combination:
[Root @ localhost ~] # Pstree-u-p 26037
Httpd (26037)-+-httpd (24562, nobody)
|-Httpd (24563, nobody)
|-Httpd (24566, nobody)
|-Httpd (24567, nobody)
|-Httpd (24631, nobody)
|-Httpd (24648, nobody)
|-Httpd (24650, nobody)
|-Httpd (24654, nobody)
|-Httpd (26156, nobody)
'-Httpd (29014, nobody)
To obtain the program path and parameter combination for starting the httpd process, run the following command:
[Root @ localhost ~] # Pstree-a-u-p 26037
Httpd, 26037-k start
|-Httpd, 24563, nobody-k start
|-Httpd, 24566, nobody-k start
|-Httpd, 24567, nobody-k start
|-Httpd, 24631, nobody-k start
|-Httpd, 24648, nobody-k start
|-Httpd, 24650, nobody-k start
|-Httpd, 24654, nobody-k start
|-Httpd, 26156, nobody-k start
'-Httpd, 29014, nobody-k start

2.3 use top Monitoring System Process
The top command is an essential tool for monitoring system processes. Compared with the ps command, the top command displays the Process status dynamically and in real time, while the ps command only displays the information of a process at a certain time, the top command provides an interactive interface that allows you to customize your output based on your needs to better understand the real-time status of processes.
The usage of the top command has been described in Chapter 4 in detail. Here we use several examples to illustrate the role and advantages of the top command in system process monitoring.
The following example shows the output after a system executes the top Command at a certain time point:
[Root @ webserver ~] # Top
Task: 126 total, 1 running, 123 sleeping, 1 stopped, 1 zombie
Cpu (s): 0.8% us, 0.1% sy, 0.0% ni, 99.0% id, 0.0% wa, 0.0% hi, 0.0% si
Mem: 8306544 k total, 8200452 k used, 106092 k free, 234340 k buffers
Swap: 8385888 k total, 160 k used, 8385728 k free, 7348560 k cached

Pid user pr ni virt res shr s % CPU % mem time + COMMAND
21115 root 23 0 1236 m 360 m 2384 S 6 4.4 382: 24.14 java
30295 root 16 0 3552 984 760 R 1 0.0. 09 top
30118 nobody 15 0 6904 3132 S 0 1676. 47 httpd
30250 nobody 15 0 6900 3088 S 0 1660. 06 httpd
1 root 16 0 1780 552 472 S 0 0.0. 25 init
According to the output of the top command, the system has two user processes: java and httpd.
Java processes with a process PID of 21115 are started by the root user. The priority (PR) is 23, the total virtual memory occupied (VIRT) is 1236 MB, and the physical memory (RES) is not swapped out) the value is 360 MB, and the shared memory (SHR) is 2384 kb. With these options, you can understand the memory usage of java processes and help the system administrator control the usage of system virtual memory.
At this moment, the java Process is in sleep state (S). From the last update to the present, the cpu usage (% CPU) of java is 6%, and the physical memory usage (% MEM) is 4.4%, the total cpu usage (TIME +) from process startup to the present is 382: 24.14, and the Unit is 1/100 seconds. By understanding this information, the system administrator can understand the usage of the java Process on the CPU and physical memory of the system.
The two httpd processes are started by the nobody user with a priority of 15 and both are in sleep state.
Apart from these two processes, there are also top processes, that is, the processes generated by executing the top command. We can see from the Process status items that the process is in the running state, and the other is the init process, that is, the parent process of all system processes. The corresponding PID is 1.
Of course, there is still a lot of process information in the output of top. Here we will focus on the first several processes to understand the meaning of other processes.

2.4 monitor system processes and programs using lsof
Lsof full name list opened files, that is, list files already opened in the system. Through lsof, we can find the corresponding process information based on the file, you can also find the files opened by the process based on the process information.
The lsof command has powerful functions. Here we will introduce the use of the four most common parameters "-c,-g,-p,-I. For more information, see man lsof.
 Lsof filename: displays the processes that use the filename file.
If you want to know which process is using a specific file, you can use the "lsof file name" method, for example:
[Root @ localhost ~] # Lsof/var/log/messages
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
Syslogd 2027 root 1 w REG 43167 31916/var/log/messages
From this output, we can see that the/var/log/messages file is used by the syslogd process.
 Lsof-c abc: displays the files currently opened by the abc process, for example:
[Root @ localhost ~] # Lsof-c nfs
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
Nfsd4 2761 root cwd DIR 8, 3 4096 2/
Nfsd4 2761 root rtd DIR 8, 3 4096 2/
Nfsd4 2761 root txt unknown/proc/2761/exe
Nfsd 2762 root cwd DIR 4096 2/
Nfsd 2762 root rtd DIR 4096 2/
Nfsd 2762 root txt unknown/proc/2762/exe
Nfsd 2763 root cwd DIR 4096 2/
Nfsd 2763 root rtd DIR 4096 2/
Nfsd 2763 root txt unknown/proc/2763/exe
The preceding example shows the File Information opened by the nfs process. The FD column indicates the file descriptor, the TYPE column displays the file TYPE, the SIZE column displays the file SIZE, and the NODE column displays the node Code of the local file, the NAME column displays the full path or mount point of the file.
 Lsof-g gid: displays the files opened by the specified process group, for example:
[Root @ localhost ~] # Lsof-g 3626
COMMAND PID PGID USER FD TYPE DEVICE SIZE NODE NAME
Sendmail 3626 3626 smmsp cwd DIR 4853760 32714/var/spool/clientmqueue
Sendmail 3626 3626 smmsp rtd DIR 8, 10 4096 2/
Sendmail 3626 3626 smmsp txt REG 732356 1152124/usr/sbin/sendmail. sendmail
Sendmail 3626 3626 smmsp mem REG 106397 1158794/lib/ld-2.3.4.so
Sendmail 3626 3626 smmsp mem REG 95148 1175044/lib/libnsl-2.3.4.so
...............
Sendmail 3626 3626 smmsp 3u unix 0xf41e5bc0 9592 socket
Sendmail 3626 3626 smmsp 4wW REG 8, 8 50 523293/var/run/sm-client.pid
The PGID column indicates the ID of the Process Group.
The above output shows all files, devices, libraries, and sockets currently opened by the sendmail program.
 Lsof-p PID: PID is the process number. It displays all files opened by the program and related processes. For example, if you want to know which files are opened by the init process, you can run the "lsof-p 1" command and the output result is as follows:
[Root @ localhost ~] # Lsof-p 1
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
Init 1 root cwd DIR 4096 2/
Init 1 root rtd DIR 4096 2/
Init 1 root txt REG 32684 897823/sbin/init
Init 1 root mem REG 56320 2175328/lib/libselinux. so.1
Init 1 root mem REG 106397 1158794/lib/ld-2.3.4.so
Init 1 root mem REG 1454462 1161560/lib/tls/libc-2.3.4.so
Init 1 root mem REG 53736 1158819/lib/libsepol. so.1
Init 1 root 10u FIFO 966/dev/initctl

 Lsof-I displays process information that meets the conditions by listening to specified protocols, ports, hosts, and other information.
Syntax:
Lsof-I [46] [protocol] [@ hostname] [: service | port]
Ipv46: 4 indicates IPv4, and 6 indicates IPv6.
Protocol: transmission protocol, which can be TCP or UDP.
 Hostname: Host Name or IP address.
Worker service: the service name of a process, such as nfs, ssh, and ftp.
 Port: the port number of the Service in the system. For example, http services correspond to 80 by default, and ssh services correspond to 22 by default.
For example:
Display the process information of port 25 corresponding to the tcp protocol in the system:
[Root @ localhost ~] # Lsof-I tcp: 25
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
Sendmail 2252 root 4u IPv4 5874 TCP localhost: smtp (LISTEN)
Display the process information corresponding to port 80 in the system:
[Root @ localhost ~] # Lsof-I: 80
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
Httpd 16474 nobody 3u IPv6 7316069 TCP *: http (LISTEN)
Httpd 16475 nobody 3u IPv6 7316069 TCP *: http (LISTEN)
Httpd 16578 nobody 3u IPv6 7316069 TCP *: http (LISTEN)
Display the process information enabled on port 53 corresponding to the udp protocol on the local machine:
[Root @ localhost ~] # Lsof-iudp@127.0.0.1: 53
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
Named 21322 named 20u IPv4 9130640 UDP localhost: domain
Through the lsof command, you can clearly understand the relationship between processes, files, and programs, and master the use of lsof, which is of great help to linux Process Management.