====== The Kernel, Tuning, Printing ====== ---- ===== The Kernel and Kernel Configuration ===== * The OS kernel provides interfaces to the following * Processes (time-sharing, protected address space) * Signals (to/from processes) * Interprocess communication (pipes and network connections) * Virtual memory (swapping, paging, mapping) * Filesystems * The kernel contains device drivers and the rest is mainly device independent * Some kernels, such as proprietary UNIX kernels (Solaris, HP-UX, AIX, Mac OS X, etc.) usually run on hardware that is taylored to the OS, e.g. Solaris on Sun workstations/servers, Mac OS X on Macs. * Less portability but greater stability can be expected as a result. * Other kernels (Linux kernel, *BSD kernels, Windows) must deal with a wide variety of hardware, especially on Intel-compatible x86 platforms. * Greater portability but slighly less stability can be expected as a result. ===== When To Configure (Customize) a Kernel ===== * Most systems come with generic kernel and kernel configurations that allows an OS to run on most supported hardware. * What to remove unneeded features and device support * not needed with modular kernels (such as that which accompany most Linux distributions) * Want to reconfigure to make kernel memory footprint smaller * Again, modular kernels make this unnecessary * Want to add third party or experimental device drivers * Want to add certain features * some intrusion detection and resistance systems * clustering * experimental file systems ==== Kernel Locations ==== * Solaris - /kernel/unix * HP-UX - /stand/vmunix * Linux - /boot/vmlinuz-* * FreeBSD - /kernel * Windows - ntoskrnl.exe ==== Kernel Configuration ==== * Most operating systems provide some way to alter some behaviors of the currently running kernel. * Example: On linux, kernel behavior can be affected through the /proc file system if the kernel supports it. * The files in /proc aren't really files but "backdoors" into the kernel * One way to change the maximum number of open files a process can have on Linux: # echo 179894 >> /proc/sys/fs/file-max * Example: On linux, the //sysctl// utility can be used to configure a running kernel's parameters. * Run //# sysctl -a// to see the kernel parameters that can be altered. * Also see /etc/sysctl.conf ==== Loadable kernel modules ==== * Link to [[http://en.wikipedia.org/wiki/Loadable_kernel_module|article]] * Allows for adding & removing features or device support to a kernel core on an as-needed basis * Finding currently installed kernel modules * Solaris - modinfo * Linux - /sbin/lsmod * Try //'lsmod | grep fs'// on your nfs servers. ==== Inserting and removing kernel modules ==== * Solaris - add_drv/rem_drv, modload/modunload * Linux - insmod/rmmod, modprobe (like insmod but also handles module dependencies) ==== Kernel Logging ==== * Kernels usually log messages to the system log * Example: Linux //klogd// (Kernel Log Daemon) logs to /var/log/syslog * Also, the //dmesg// command gets info from "kernel ring buffer" * Can be useful to run //dmesg// to verify kernel module loading & unloading ---- ===== Performance Tuning and Benchmarking ===== * Usually only concerned about performance tuning if the system or systems seem unusually slow or on really busy web sites whose web servers must handle many web transactions. * The hardware may be too slow, antiquated. * You may have insufficient RAM to support a large number of simultaneous users. * You may have an insufficient number of CPUs to support a large number of simultaneous users. * You may have slow, highly fragmented or failing hard drives. * A user or users may be running a very resource-intensive program that puts a large load on the system. * May need to set ulimits (//man ulimits// and /etc/security/limits.conf). * Or write //cron// jobs to find resource hogs and //renice// them down. * A file system may be slow. * May need to tune FS configuration * Most file systems allow turning off access time stamp (atime) updates which can speed up file & directory access. * May need to choose a different FS. * Some file systems are better suited to accessing very large files, others are better suited to accessing many small files. * A networked file system (NFS, Samba or other) may seem unusually slow. * If NFS or Samba are much slower than ftp, may need to tune configuration. * Samba config example: enable "opportunistic locking," disable "strict locking" * A network or network applications are slow. * Prime suspect: DNS (domain name system) * A network name server may have died. * rockhopper:/etc/resolv.conf * Some performance tips for UNIX / Linux that I have seen: * Try to put the swap partition as close to the start of the disk as possible (lower cylinder and sector numbers). * Try to make sure that the swap partition disk is on a different disk controller than the data disk. * or stripe swap across multiple disks for better write performance. * Compile the kernel, services and programs with optimizations that take advantage of > i386 CPUs and their specialized instruction sets, e.g. Pentium*, Athlon*. * Benchmarking * Can be ad hoc such as applying the //time// command to a long process, such as a kernel compile * Various benchmarking programs exist * Some we can try in lab: * Disk I/O - iozone (http://www.iozone.org), iostat * Can be used to benchmark local disk or NFS server performance * Network - NetPIPE (http://www.scl.ameslab.gov/netpipe), tbench * System - nbench (http://www.tux.org/~mayer/linux/bmark.html ), geekbench (http://www.primatelabs.ca/geekbench) ---- ===== Printing ===== * Steps to set up a local printer on a UNIX system * Physically connect the printer to the computer (usually through the parallel port or USB) * Configure the proper files on the system to communicate correctly with the proper port * kernel needs support for parallel port * Create a spooling directory and accounting files for this print queue * Set up proper filter programs (if necessary) * Configure the printer system to allow printing to your new device * Enable printing on the new device * Send a print job to test the printer * Most of the above steps might be automated using print config utilities * printconf on RedHat and derivatives * admintool and others on Solaris * BSD printing * The lpr system uses a single printer capabilities file to control printing * Which device, what filter to use, baud rates, form feeds, remote host and remote device name, etc * The lpr system can work over a network * lpr - queues print jobs * lprm - removes print jobs form queue * lpq - shows jobs in print queue * lpc - printer control program * lpd - printer daemon * /etc/printcap - printer configuration file describing all printers on this host (and possibly other remote hosts) * BSD printcap file * See /etc/printcap on rockhopper * System V printing * The lp system uses scripts that control the printer devices. (System V.4 adds remote printing and Postscript capabilities) * lp - initiates print requests * cancel - cancels pending print requests * lpstat - to list queue contents and show status * accept - allows lp to accept requests * reject - prevents lp from accepting requests * enable - activates named printer * disable - disables named printer * lpadmin - configures lp spooling system * lpsched - line printer scheduling daemon * /usr/spool/lp/model - directory where model files are kept * Postscript in UNIX printing * Most UNIX utilities and applications that deal with output to a printer will output Postscript. * See some sample Postscript output with //gv or ghostview// * CUPS (Common UNIX Printing System) * Dominant printing system on Linux now * Also used in Mac OS X * CUPS is developed and owned by Apple. ---- ===== Lab Activity ===== ==== Compile, install and run a new Linux kernel ==== * Download, configure, compile custom Linux kernel in the "Debian" way on your Linux VM. * Do this on only one of your VMs. * Requires the //build-essential//, //kernel-package// and //libncurses5-dev// packages. * Download a kernel-source archive from the instructor-supplied URL. * Extract kernel source from the tar.bz2 archive in /usr/src: # tar xjf linux-source*.tar.bz2 * Apply existing kernel configuration from /boot: # cd /usr/src/linux-source* # cp /boot/config-3.2.something* . # cp config-3.2.something* .config * Do minimal configuration of kernel using //make menuconfig// in the kernel source directory: * Change processor (CPU) type * Make sure there is kernel support for the following: * file system support for: ext2, ext3 * device driver support for: * All related to SATA disk drives * See output of //lspci -v// * Save new kernel config as //vanilla471// * Compile kernel using //make-kpkg//: # nohup make-kpkg --revision=vanilla471 --initrd kernel_image & * Install new kernel linux-image kernel package found in /usr/src: # dpkg -i /usr/src/linux-image*.deb * Check GRUB boot loader config (/boot/grub/grub.cfg) to ensure that the new kernel will be booted by default. * Reboot the VM. ---- ==== Set up CUPS printing ==== * Set up remote printing to hh310 * We will set up networking printing to the HP Laserjet 4200 in HH 310 using CUPS, the Common UNIX Printing System, which is now a de facto standard for Linux printing. * Ssh to your VM as root using ssh -X (X11 forwarding). * Install //iceweasel// (Debian equivalent of firefox) and //hpijs-ppds// packages * Run iceweasel remotely on your VM. * In iceweasel, visit the CUPS administration web interface at the following URL and add a printer with queue name "hh310": http://localhost:631 * The CUPS printer URL for the printer in HH 310 is socket://10.8.0.119:9100 where :9100 is the HP Jetdirect service port for the Jetdirect network card in the printer. * Choose the correct printer model (or as close as possible), and choose the Postscript driver for it. * Make "hh310" the default printer. * Send a test page to the printer. * Try printing something with //lpr// and a HERE document. # lpr << END This is a test from root@carson.cs.monmouth.edu. END * Try printing something with //enscript// (may need to install enscript first) and a HERE document. # enscript << END This is a test from root@carson.cs.monmouth.edu. END ---- ===== Leftover Lab Activities ===== * These are NOT [[cs_471_tasks|mandatory]]. ---- ==== One-to-many copying of large files using bittorrent ==== * Start by installing either the //bittorrent or bittornado// package. * Try to write a script called //btcp// that automates the process of: * setting up a bittorrent tracker on the source machine * creating and uploading a torrent file from the source machine to the target machines * seeding the torrent on the source machine * downloading the torrent on the target machines ---- ==== The Spamassassin Mail Filter ==== * Install, configure and test spamassassin. * Start by looking at /etc/default/spamassassin. ---- ==== Firewalls with iptables ==== * Try blocking and unblocking outgoing port 80 (www) from your VM. * Try blocking and unblocking incoming ssh connections from a specific IP address. ----