This chapter introduces some basic knowledge of linux process management and some commonly used tools
The concept of Linux process, this must be distinguished from the program:
Process: is a copy of the running program, a set of instructions loaded into memory. Process ID (Process ID, PID) numbers are used to mark each process UID, GID, and SELinux context to determine access and access rights to the file system, these attributes are usually inherited from the user executing the process, and the process has a life cycle
The first process of centos linux is usually init or systemd, which is the parent process of all processes, and
other processes with ID 1 are created by the parent process.
Process type:
Daemon: daemon, a process started during the system boot process, not related to the terminal
foreground process: related to the terminal, the process started through the terminal Note: the two can be converted to each other
Process state:
running state: running
ready state: ready
Sleep state:
interruptible: interruptable
Uninterruptible: uninterruptable
Stop state: stopped, suspended in memory, but will not be scheduled unless manually started
Zombie state: zombie, end the process, the child process does not close before the parent process ends
Linux system status viewing and management tools : pstree, ps, pidof, pgrep, top, htop, glance, pmap, vmstat, dstat, kill, pkill, job, bg, fg, nohup introduce.
pstree displays the left and right processes in a tree structure, especially it can display the parent-child relationship between
processes -p also displays the process number
[root@centos7 13:48:49 ~]#pstree -p
systemd(1)─┬─ModemManager(676)─┬─{ModemManager}(696)
│ └─{ModemManager}(711)
├─NetworkManager(666)─┬─{NetworkManager}(723)
│ └─{NetworkManager}(728)
├─VGAuthService(648)
├─abrt-dbus(1762)─┬─{abrt-dbus}(1763)
│ └─{abrt-dbus}(1765)
├─abrt-watch-log(657)
├─abrt-watch-log(673)
├─abrtd(656)
├─agetty(1128)
├─alsactl(677)
├─atd(1013)
├─auditd(623)─┬─audispd(625)─┬─sedispatch(627)
│ │ └─{audispd}(628)
│ └─{auditd}(624)
├─avahi-daemon(667)───avahi-daemon(697)
├─bluetoothd(653)
├─crond(1015)
├─cupsd(1002)
├─dbus-daemon(649)
├─gssproxy(678)─┬─{gssproxy}(689)
│ ├─{gssproxy}(690)
│ ├─{gssproxy}(691)
│ ├─{gssproxy}(692)
│ └─{gssproxy}(693)
├─httpd(1007)─┬─httpd(1117)
│ ├─httpd(1118)
│ ├─httpd(1119)
│ ├─httpd(1120)
│ └─httpd(1121)
├─irqbalance(675)
├─ksmtuned(705)───sleep(1811)
├─lsmd(650)
├─lvmetad(420)
├─master(1114)─┬─pickup(1115)
│ └─qmgr(1116)
├─mcelog(722)
├─polkitd(654)─┬─{polkitd}(719)
│ ├─{polkitd}(720)
│ ├─{polkitd}(721)
│ ├─{polkitd}(726)
│ └─{polkitd}(730)
├─rngd(665)
├─rsyslogd(671)─┬─{rsyslogd}(695)
│ └─{rsyslogd}(703)
├─smartd(662)
├─sshd(999)─┬─sshd(1133)───bash(1139)─┬─glances(1239)
│ │ └─pstree(1813)
│ └─sshd(1742)───bash(1744)───man(1786)───less(1797)
├─systemd-journal(397)
├─systemd-logind(664)
├─systemd-udevd(424)
├─tuned(998)─┬─{tuned}(1059)
│ ├─{tuned}(1060)
│ ├─{tuned}(1061)
│ └─{tuned}(1062)
└─vmtoolsd(669)
ps command
ps [options]
It supports three styles of options:
UNIX options such as -A -e
BSD options such as a
GNU options such as --help
BSD options:
default to display processes in the current terminal
• a option includes processes in all terminals
• x option includes processes without a linked terminal
• u option displays process owner information
• f option displays process tree, equivalent to --forest
• k|--sort Attributes sort attributes, add - in front of attributes to indicate reverse order
• o attribute... option displays customized information pid, cmd, %cpu, %mem
• L displays a list of supported properties
Common combinations:
ps axu displays left and right processes
ps k properties o properties, properties...
For example, the following is sorted by memory footprint and for example properties specified in all terminal programs
[root@centos7 13:59:52 ~]#ps k -%mem o user,tty,time,%mem,%cpu,cmd
USER TT TIME %MEM %CPU CMD
root pts/0 00:00:01 1.2 0.0 /usr/bin/python /usr/bin/glances -s -B 192.168.30.104
root pts/0 00:00:00 0.3 0.0 -bash
root pts/1 00:00:00 0.2 0.0 -bash
root pts/1 00:00:00 0.1 0.0 man pstree
root pts/0 00:00:00 0.1 0.0 ps k -%mem o user,tty,time,%mem,%cpu,cmd
root pts/1 00:00:00 0.0 0.0 less -s
root tty1 00:00:00 0.0 0.0 /sbin/agetty --noclear tty1 linux
[root@centos7 13:59:57 ~]#ps k %mem o user,tty,time,%mem,%cpu,cmd
USER TT TIME %MEM %CPU CMD
root tty1 00:00:00 0.0 0.0 /sbin/agetty --noclear tty1 linux
root pts/1 00:00:00 0.0 0.0 less -s
root pts/0 00:00:00 0.1 0.0 ps k %mem o user,tty,time,%mem,%cpu,cmd
root pts/1 00:00:00 0.1 0.0 man pstree
root pts/1 00:00:00 0.2 0.0 -bash
root pts/0 00:00:00 0.3 0.0 -bash
root pts/0 00:00:01 1.2 0.0 /usr/bin/python /usr/bin/glances -s -B 192.168.30.104Some common default options:
-C cmdlist specifies commands, multiple commands are used
, separated Process information in more complete format -H: Display process related information in process hierarchy format -u userlist specify a valid user ID or name -U userlist specify a real user ID or name -g gid or groupname specify a valid gid Or group name -G gid or groupname specify the real gid or group name -p pid display the process referring to pid --ppid pid display the child process belonging to pid -M display SELinux information, equivalent to Z output information in ps The meanings of the columns in VSZ: Virtual memory SiZe, virtual memory set, linear memory RSS: ReSident Size, resident memory set STAT: process status R: running S: interruptable sleeping D: uninterruptable sleeping T: stopped Z: zombie +: foreground process l: multi-threaded process L: memory paging with lock N: low priority process
<: high priority process
s: session leader, session (child process) initiator
Some common examples of ps:
Query all processes you own:
ps -x
Display the processes with the specified user name (RUID) or user ID:
ps -fU apache ps -fu 48
Display the specified user name (EUID) or user ID Processes for:
ps -fu wang ps -fu 1000
To see every process running with root privileges (actual and effective id):
ps -U root -u root
List all processes owned by a group (actual group id) : RGID or name):
ps -fG nginx
List all processes owned by a valid group name (or session): ps -fg mysql ps -fG 27
Display the owning process by process ID:
ps -fp 1234
Start with Parent process ID to display all processes under it, such as displaying all processes whose parent process is 1154:
ps -f --ppid 1234
Display multiple processes with the specified PID:
ps -fp 1204,1239,1263 To
display by tty Owning process:
ps -ft pst/0
To display all threads of a process, LWP (lightweight process) and NLWP (number of lightweight processes) columns will be displayed:
ps -fL -C nginx
View process PID, PPID, Username and command:
ps -eo pid,ppid,user,cmd
View the PID, PPID, username and command of the process:
ps -eo pid,ppid,user,cmd
use its PID to find the process name:
ps -p 1244 -o comm=
Find all the PIDs of the specified process name, this parameter is used when writing scripts that need to read PIDs from std output or files Useful:
ps -C httpd,sshd -o pid= Check
the execution time of a process
ps -eo comm,etime,user | grep nginx
Find the process with the most memory and CPU:
ps -eo pid,ppid,cmd,% mem,%cpu --sort=-%mem | head
ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%cpu | head
can also be used in conjunction with watch to view memory and CPU consumption in real time Most processes
watch -n 1 'ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%mem | head'
[root@centos7 15:26:43 ~]#pidof httpd
2828 2827 2826 2825 2824 1007
[root@centos7 15:48:56 ~]#ps axu | grep httpd
root 1007 0.0 0.4 226240 5176 ? Ss 13:02 0:00 /usr/sbin/httpd -DFOREGROUND
apache 2824 0.0 0.2 228324 3148 ? S 14:48 0:00 /usr/sbin/httpd -DFOREGROUND
apache 2825 0.0 0.2 228324 3148 ? S 14:48 0:00 /usr/sbin/httpd -DFOREGROUND
apache 2826 0.0 0.2 228324 3148 ? S 14:48 0:00 /usr/sbin/httpd -DFOREGROUND
apache 2827 0.0 0.2 228324 3148 ? S 14:48 0:00 /usr/sbin/httpd -DFOREGROUND
apache 2828 0.0 0.2 228324 3148 ? S 14:48 0:00 /usr/sbin/httpd -DFOREGROUND
root 3776 0.0 0.0 112664 972 pts/0 S+ 15:49 0:00 grep --color=auto httpd
[root@centos7 15:49:12 ~]#ps -C httpd
PID TTY TIME CMD
1007 ? 00:00:00 httpd
2824 ? 00:00:00 httpd
2825 ? 00:00:00 httpd
2826 ? 00:00:00 httpd
2827 ? 00:00:00 httpd
2828 ? 00:00:00 httpd
[root@centos7 15:49:21 ~]#pidof httpd | xargs ps -fp
UID PID PPID C STIME TTY STAT TIME CMD
root 1007 1 0 13:02 ? Ss 0:00 /usr/sbin/httpd -DFOREGROUND
apache 2824 1007 0 14:48 ? S 0:00 /usr/sbin/httpd -DFOREGROUND
apache 2825 1007 0 14:48 ? S 0:00 /usr/sbin/httpd -DFOREGROUND
apache 2826 1007 0 14:48 ? S 0:00 /usr/sbin/httpd -DFOREGROUND
apache 2827 1007 0 14:48 ? S 0:00 /usr/sbin/httpd -DFOREGROUND
apache 2828 1007 0 14:48 ? S 0:00 /usr/sbin/httpd -DFOREGROUND
Sometimes we only remember a field name of a program, but we need to check its process running status, we can use pgrep to check, it supports regular matching
pgrep [options] pattern
For example:
[root@centos7 14:53:41 ~]#pgrep -a .*glan.*
1239 /usr/bin/python /usr/bin/glances -s -B 192.168.30.104
If you know the exact program name, you can use pidof to see its process:
[root@centos7 14:59:05 ~]#pidof -x glances | xargs ps -fp
UID PID PPID C STIME TTY TIME CMD
root 1239 1139 0 13:06 pts/0 00:00:02 /usr/bin/python /usr/bin/glances -s -B 192.168.30.104
It is best to add -x when using pidof to identify the script name
The top command monitors the running status of the process in real time, system CPU memory and other information
top has many built-in commands:
Sort:
P: by the percentage of CPU occupied, %CPU
M: percentage of memory occupied, %MEM
T: cumulative occupied CPU time, TIME +
header information display :
uptime information: l command
tasks and cpu information: t command
cpu display: 1 (number)
memory information: m command
exit command: q
modify refresh interval: s
terminate specified process: k
save file: W
There is also a top-like tool htop, which requires epel source installation and use, which provides a real-time and interactive monitoring interface:
Another top tool, glances, also requires epel source installation. It not only provides top function, but also real-time view of memory, disk, network I/O, etc., and supports C/S mode, allowing clients to remotely monitor server resource status , is a very comprehensive tool:
glances command: EPEL source installation
glances [-bdehmnrsvyz1] [-B bind] [-c server] [-C conffile] [-p port] [-P password] [- -password] [t refresh] [-f file] [-o output]
Built-in commands:
a Sort processes automatically
l Show/hide logs
c Sort processes by CPU%
b Bytes or bits for network I/O
m Sort processes by MEM%
w Delete warning logs
p Sort processes by name
x Delete warning and critical logs
i Sort processes by I/O rate
1 Global CPU or per-CPU stats
d Show/hide disk I/O stats
h Show/hide this help screen
f Show/hide file system stats
t View network I/O as combination
n Show/hide network stats
u View cumulative network I/O
s Show/hide sensors stats
q Quit (Esc and Ctrl-C also work)
y Show/hide hddtemp stats
glances Options:
Common options:
-b: Display network card data rate in Bytes
-d: Disable disk I/O module
-f /path/to/somefile: Set input file location
-o {HTML|CSV}: Output
format- m: disable the mount module
-n: disable the network module
-t #: delay time interval
-1: the relevant data of each CPU is displayed separately as shown in the
figure, the fluorescent part of the ××× has our commonly used items that need to be monitored for system resources:
Other tools for memory management:
free command free [OPTION]
-b in bytes
-m in megabytes
-g in gigabytes
-h human readable format
-o do not display -/+buffers/cache
lines- t show the sum of RAM+swap
-sn refresh interval is n seconds
-cn exit after n refreshes
For example, in centos7 in MB to refresh every 5 seconds and refresh 3 to exit after that:
[root@centos7 15:25:19 ~]#free -h -m -s 5 -c 3
total used free shared buff/cache available
Mem: 1.1G 183M 620M 8.2M 343M 764M
Swap: 2.0G 0B 2.0G
total used free shared buff/cache available
Mem: 1.1G 183M 620M 8.2M 343M 764M
Swap: 2.0G 0B 2.0G
total used free shared buff/cache available
Mem: 1.1G 183M 620M 8.2M 343M 764M
Swap: 2.0G 0B 2.0G
For example, in centos6:
[root@centos6 06:17:32 ~]#free -h -m -s 5 -c 3
total used free shared buffers cached
Mem: 980M 500M 480M 280K 55M 284M
-/+ buffers/cache: 159M 820M
Swap: 2.0G 0B 2.0G
total used free shared buffers cached
Mem: 980M 500M 480M 280K 55M 284M
-/+ buffers/cache: 160M 820M
Swap: 2.0G 0B 2.0G
total used free shared buffers cached
Mem: 980M 500M 480M 280K 55M 284M
-/+ buffers/cache: 160M 820M
Swap: 2.0G 0B 2.0G
The meaning of free content in centos6 and before can be understood as follows:
the use of memory is divided into 4 parts:
A. Program used;
B. Unallocated;
C. Buffers (buffer cache)
D. Cached (page cache)
Obviously, A (used by the program) must be used, and B (unallocated) must be free. However, are C (Buffers) and D (Cached) counted as used or free? On the one hand, they have been allocated and can be counted as used; on the other hand, when the program needs them, they can be recycled and used, which can be counted as free. So, whatever is reasonable. This is the difference between the first line and the second line in the output of the free command: the
first line (Mem): Buffers and Cached are counted as used. That is, its free refers to B (unallocated); its used refers to A + C + D;
the second line (-/+ buffers/cache): Buffers and Cached are counted as free. That is to say, its used refers to A (used by the program); its free refers to B + C + D; the line name "-/+ buffers/cache" means "subtract Buffers and Cached from used, Add to free".
In centos7:
First, C (Buffers) and D (Cached) are added together, that is, buff/cache;
secondly, used refers to A (used by the program); free refers to B (unallocated); in
addition, CentOS 7 added an available, what is it?
The manual says this:
MemAvailable: An estimate of how much memory is available for starting new applications, without swapping.
As mentioned earlier, C (Buffers) and D (Cached) can be recycled when the program needs it, so MemAvailable is not B+C+D? C and D can be reclaimed when the program needs them, which was true before, but is now imprecise: because, now, not all memory in C and D can be reclaimed. So, it can be roughly understood that MemAvailable = B (unallocated) + C (Buffers) + D (Cached) - the uncollectible part. Which are not recyclable? Shared memory segments, tmpfs, ramfs, etc.
There is also a memory tool vmstat that can also be used to view memory usage.
For example, in MB, refresh every 2 seconds, refresh 5 and then exit
[root@centos6 06:31:20 ~]#vmstat -S M 2 5
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu-----
r b swpd free buff cache si so bi bo in cs us sy id wa st
1 0 0 479 56 284 0 0 8 1 9 6 0 0 100 0 0
0 0 0 479 56 284 0 0 0 0 45 21 0 0 100 0 0
0 0 0 479 56 284 0 0 0 0 23 22 0 0 100 0 0
0 0 0 479 56 284 0 0 0 0 24 17 0 0 100 0 0
0 0 0 479 56 284 0 0 0 6 20 22 0 0 100 0 0 procs: r: The number of runnable (running or waiting to run) processes, related to the number of cores
b: The number of processes in an uninterruptible sleep state (the length of the blocked queue)
memory:
swpd: swap memory Total usage
free: total amount of free physical memory
buffer: total amount of memory used for buffer
cache: total amount of memory used for cache
swap:
si: data rate swapped into memory from disk (kb/s)
so: from memory Rate of data swapped to disk (kb/s)
io:
bi: rate of reading data from block device to system (kb/s)
bo: rate of saving data to block device
system:
in: interrupts rate of interrupts, including clocks
cs: context switch process switching rate
cpu:
us: Time spent running non-kernel code
sy: Time spent running kernel code
id: Time spent idle. Before Linux 2.5.41, including IO-wait time.
wa: Time spent waiting for IO. Before 2.5.41, including in idle.
st: Time stolen from a virtual machine. Before 2.6.11, unknown.
View disk usage monitoring iostat
iostat: Statistics CPU and device IO information
Example : iostat 1 10
[root@centos6 06:32:06 ~]#iostat
Linux 2.6.32-696.el6.x86_64 (centos6.magedu.com) 05/06/2018 _x86_64_ (4 CPU)
avg-cpu: %user %nice %system %iowait %steal %idle
0.01 0.00 0.08 0.01 0.00 99.89
Device: tps Blk_read/s Blk_wrtn/s Blk_read Blk_wrtn
scd0 0.00 0.03 0.00 384 0
sda 1.49 55.91 11.06 691042 136704
sdb 0.02 0.13 0.00 1624 0
sdc 0.01 0.08 0.00 928 0
sdd 0.02 0.19 0.00 2320 0
dm-0 0.01 0.06 0.00 768 0
To view the mapping relationship between processes and memory use the pmap command
pmap [options] pid [...]
-x: display information in a detailed format
Example : pmap 1
Another implementation: cat /proc/PID/maps
In addition to the above process viewing tools, process management also requires appropriate process operation tools
kill command:
send a control signal to the process to manage the process, each signal corresponds to a number, the signal name starts with SIG (can be omitted), case-insensitive
Display the current system available signals: kill -l, trap -l
commonly used Signal: man 7 signal, the following numbers are commonly used signal numbers
1) SIGHUP: do not shut down the process and let it reread the configuration file
2) SIGINT: abort the running process; equivalent to Ctrl+c
3) SIGQUIT: equivalent to ctrl+\
9 ) SIGKILL: Force kill the running process
15) SIGTERM: Terminate the running process
18) SIGCONT: Continue running
19) SIGSTOP:
Sleep
in
the background 2) The full name of the signal: SIGHUP
(3) The short name of the signal: HUP process management tool
By PID: kill [-SIGNAL] pid …
kill –n SIGNAL pid; kill –s SIGNAL pid
by name: killall [-SIGNAL] comm…
By pattern: pkill [options] pattern
-SIGNAL
-u uid: effective user, Validator
-U uid: real user, who actually initiated the running command
-t terminal: Process related to the specified terminal
-l: Display the process name (available with pgrep)
-a: Display the process name in full format (available with pgrep)
-P pid : show the child processes of the specified process
[root@centos7 16:02:55 ~]#w
16:02:56 up 3:01, 3 users, load average: 0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.30.1 13:02 0.00s 4.51s 0.00s w
root pts/1 192.168.30.1 13:47 1:02m 0.06s 0.06s -bash
root pts/2 192.168.30.101 16:02 42.00s 0.04s 0.04s -bash
[root@centos7 16:02:56 ~]#pkill -9 -t pts/2
[root@centos7 16:03:14 ~]#w
16:03:15 up 3:01, 2 users, load average: 0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.30.1 13:02 3.00s 4.51s 0.00s w
root pts/1 192.168.30.1 13:47 1:03m 0.06s 0.06s -bash
[root@centos7 16:03:15 ~]#
In addition, the switching of the process status is as follows:
The management of the process includes job management, which will be introduced in the next knowledge