Linux TCP time wait 問題

參考

Linux kernel 變數

 ipv4 tcp 先參考

Linux Command sysctl

 

sysctl

設定 linux kernel 變數

sysctl 變數

//顯示某個變數
shell> sysctl kernel.ostype

//列出全部變數
shell> sysctl -a  

//grep 變數
shell> sysctl -a | grep tcp_timeout

//改變數
shell> sysctl -w variable = value  
	sysctl -w net.ipv4.ip_forward=1        

修改設定檔 sysctl.conf

shell> vi /etc/sysct.conf

//加入變數、值
net.ipv4.ip_forward=1

載入設定檔，不需重開機

//載入 /etc/sysct.conf
shell> sysctl -p


//重新載入以下所有檔案
shell> sysctl --system

/run/sysctl.d/*.conf
/etc/sysctl.d/*.conf
/usr/local/lib/sysctl.d/*.conf
/usr/lib/sysctl.d/*.conf
/lib/sysctl.d/*.conf
/etc/sysctl.conf

ipv4 tcp 變數

Linux Memory

 Linux memory management

Linux 查網路通否

 這裏

netcat

yum install nc

nc -zvw3 192.168.1.10 80

Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 192.168.1.10:80.
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.

nmap

yum install nmap

nmap 192.168.1.10 -p 80

Starting Nmap 6.40 ( http://nmap.org ) at 2019-03-27 15:42 HKT
Nmap scan report for 192.168.1.10
Host is up (0.00042s latency).
PORT STATE SERVICE
80/tcp open http

telnet

yum install telnet

telnet 192.168.1.10 80

Trying 192.168.1.10…
Connected to 192.168.1.10.
Escape character is ‘^]’.

Linux 使用資源限制

資源的限制

Two types of ulimits

Hard limit is the maximum value that is allowed for the soft limit. Any changes to the hard limit require root access.

Soft limit is the value that Linux uses to limit the system resources for running processes. The soft limit cannot be greater than the hard limit.

Hard 設定給 soft 的最大值。任何 hard 改變都需要 root 權限。

Soft 是 linux 限制給每個 process 的上限。Soft 不能超過 hard 上限。

ulimit -aH 顯示 hard 全部設定

ulimit -aS 顯示 soft 全部設定

Soft Hard 區別

ulimit 參數詳解

依據設定的層級分系統級、user級

分系統級、User級。

user級不能超越系統級。

詳細說明

• 可針對 user 做個別設定，在 /etc/security/limits.conf。其中 * 代表所有 user。
• 限制設定落實到 user 啟動的 process。
• 限制設定是繼承性的，子 process 繼承父 process 的設定值。

範例：
User 起動 shell, shell 的設定來自系統預設及 /etc/security/limits.conf。

User 在 shell 中啟動 process，此時 process 繼承 shell 的設定。

臨時設定

shell 中使用 ulimit 命令設定，但結束 session就沒有了。

ulimit -s unlimited //設定 stack unlimited
ulimit -n 2048. //open file 數 2048

永久設定 

更改 /etc/security/limits.conf

更改後重新 login 就可套用新設定

查詢當前user / process 設定

ulimit -aH //顯示所有設定 hard
ulimit -aS //顯示所有設定 soft
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 31204
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024         (file descriptor)
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 31204
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

查詢 pocess 設定

cat /proc/{pid}/limits

//example cat /proc/1888/limits

Limit                     Soft Limit           Hard Limit           Units     
Max cpu time              unlimited            unlimited            seconds   
Max file size             unlimited            unlimited            bytes     
Max data size             unlimited            unlimited            bytes     
Max stack size            8388608              unlimited            bytes     
Max core file size        0                    unlimited            bytes     
Max resident set          unlimited            unlimited            bytes     
Max processes             31204                31204                processes 
Max open files            1024                 4096                 files     
Max locked memory         65536                65536                bytes     
Max address space         unlimited            unlimited            bytes     
Max file locks            unlimited            unlimited            locks     
Max pending signals       31204                31204                signals   
Max msgqueue size         819200               819200               bytes     
Max nice priority         0                    0                    
Max realtime priority     0                    0                    
Max realtime timeout      unlimited            unlimited            us  

//Max processes 是可開啟執行緒上限持

查詢 pocess 資源使用量

cat /proc/xxxxx/stat

cat /proc/xxxxx/status

//顯示某 process file descriptor數量

lsof -p 28290
lsof -a -p 28290

or 
//列出
ls -l /proc/28290/fd | less

//計算總數
ls -l /proc/28290/fd | wc -l

系統總上限

sysctl fs.file-nr

fs.file-nr    //顯示已經分配的 fd 數量、可分配的 fd 數量、系統總 fd 數量

fs.file-max  //系統所有 process 可使用的總 fd 數量

查看系統設定
sysctl fs.file-nr
//輸出
fs.file-nr = 1020 0 70000

1. 1020 The number of allocated file handles.
2. 0 The number of unused-but-allocated file handles.
3. 70000 The system-wide maximum number of file handles.

cat /proc/sys/fs/file-max

或是看上限設定
sysctl fs.file-max

臨時性修改
sysctl -w fs.file-max=102400

永久修改
sudo vim /etc/sysctl.conf
fs.file-max = 70000  //這個數值對應於hard limit

sysctl -p 使修改生效

系統設定的user上限

fs.nr_open

系統級user的單一process開檔數限制

查看
cat /proc/sys/fs/nr_open

或是
sysctl fs.nr_open

修改
sudo /etc/sysctl.conf
nr_open=1000000

實際真正個人上限

vi /etc/security/limits.conf
* hard nofile 102400  //針對所有user，不包括root
* soft nofile 102400  //針對所有user，不包括root

httpd hard nofile 102400  //針對httpd這個user
httpd soft nofile 102400  //針對httpd這個user

root hard nofile 102400  //針對root
root soft nofile 102400  //針對root

結論

user的每個process開檔上限這些限制
1 fs.file-max：系統總上限
2 fs.nr_open：系統設定的個人上限，限制 limits.conf設定的上限
3 /etc/security/limits.conf中nofile設定：實際真正能使用的數量

# /etc/security/limits.conf

//設定值
//
core - 限制内核文件的大小
date - 最大数据大小
fsize - 最大文件大小
memlock - 最大锁定内存地址空间
nofile - 打开文件的最大数目
rss - 最大持久设置大小
stack - 最大栈大小
cpu - 以分钟为单位的最多CPU时间
noproc - 进程的最大数目
as - 地址空间限制
maxlogins - 此用户允许登录的最大数目

# * 代表针对所有用户
* soft nofile 102400  
* hard nofile 102400
* soft stack unlimited  //開啟stack 無限制

# /etc/security/limits.conf
* soft nproc 100  //不能太大
* hard nproc 100 //不能太大

# /etc/security/limits.conf
* - nproc 100
* - nofile 102400

Linux Command free

free

顯示系統記憶體使用狀況

free是從 /proc/meminfo讀取資料

free

free -b  //單位Bytes

free -m  //單位MB

free -g  //單位GB

free -t  //實體記憶體加上swap 

total

used

fee

shared

buffers：(buffer cache)relatively temporary storage for raw disk blocks.

cached：(page cache)in memory cache for files read from disk, doesn't include swapcache 

buffers 和 cache 區別

Linux 查找記憶體洩漏

top

顯示process的記憶體使用

top -p pid

top 列出所有process, 再按 p, m等指令去切換

VIRT一直增加，可能是有洩漏

VIRT virtual memory usage 虛擬記憶體

        包括lib, code, data等

         process申請的虛擬記憶體大小，如果申請了100m, 但是只用20m,那還是100m

  

RES resident memory usage 常駐記憶體

       當前使用的記憶體大小，不包括swap out

       包括其他process共享記憶體

       如果申請100m，只用10m，那就是10m

SHR shared memory 共享記憶體

      process本身使用的共享記憶體

      包括整個共享lib 的大小，就算只用了其中一個lib

      計算process使用的物理記憶體使用量 RES-SHR

      swap out之後會降下來

DATA 資料佔用的記憶體

      top 沒顯示，按 f 鍵可顯示

      真正的process 要求的資料空間

free

顯示系統記憶體使用狀況

free -m

pmap

顯示process 記憶體使用映射

sudo pmap pid

sudo pmap -X pid

sudo pmap -XX pid

writeable/private 是實際使用記憶體，不含share lib

一直增加就可能有洩漏

Linux command top

top

top 指令說明

b  Batch mode
d  指定更新時間（單位:秒）
o  指定要輸出的欄位名稱
p  指定要觀察的pid
u  指定要觀察的使用者名稱

top -b -d 2 -p 6164  //使用batch mode，觀察pid 6164的行程並每2秒更新一次
top -d 2 -u abc   //觀察使用者abc所執行的行程並每2秒更新一次
top -b -o +%MEM | head -n 17     //使用batch mode，以記憶體做為排序依據，並只列出前17行

top上半部欄位說明

第1行
08:15:01：目前時間
up 44 min：主機開機時間
1 user：目前登入系統使用者數
load average: 1.00, 1.23, 0.86：系統每1分鐘、5分鐘、15分鐘的負載情況。
      load average資料是每隔5秒鐘檢查一次活躍的進程數，然後按特定演算法計算出的數值。
      如果這個數除以邏輯CPU的數量，結果高於5的時候就表明系統在超負荷運轉了。

第2行
Tasks:  63 total,   1 running,  62 sleeping,   0 stopped,   0 zombie：
  目前系統共63個行程，１個正在執行(running)，62個休眠狀態(sleeping)，
  0個已停止(stopped)，０個僵屍狀態(zombie)

第3行
%Cpu(s):  1.1 us,  0.3 sy,  0.0 ni,100.0 id,  0.4 wa,  0.02 hi,  0.1 si,  0.0 st：
1.1% us — user cpu time(or)%CPU time spent in user space
0.3% sy — system cpu time(or)% CPU time spent in kernel space
0.0% ni — user nice cpu time(or) % CPU time spent on low priority processes
100% id -idle cpu time(or)%CPU time spent idle
0.4% wa — io wait cpu time(or)% CPU time spent in wait (on disk)
0.1% hi — hardware irq(or)%CPU time spent servicing/handling hardware interrupts
0.0% si — hardware irq(or)%CPU time spent servicing/handling hardware interrupts
0.0% st - steal time % CPU time in involuntary wait by virtual 
       cpu while hypervisor is servicing another processor (or) % 
      CPU time stolen from a virtual machine

第4行
KiB Mem :  1741400 total,  1600560 free,    73184 used,    67656 buff/cach
記憶體使用狀態：
1741400 total：實體記憶體容量
1600560 free：剩餘的記憶體容量
73184 used：已使用的記憶體容量
67656 buff/cache：linux用作block dev寫入buffer/block dev讀取cache記憶體容量

第5行
KiB Swap:        0 total,        0 free,        0 used.  1557120 avail Mem 
swap使用狀態：
0 total：swap總容量
0 free：剩餘的swap容量
0 used：已使用swap容量
1557120 avail Mem (available)新process在不使用swap請況下啟動
              可配置多少記憶體，應是mem free + buff/cache

top下半部欄位說明

PID — 行程id(Process ID)
USER — 該行程使用者
PR — 行程優先順序
NI — nice值（值越小優先權優高）
VIRT — 該行程使用的虛擬記憶體總量，單位kb(VIRT=SWAP+RES)
RES — 該行程使用的、未被換出的實體記憶體大小，單位kb(RES=CODE+DATA)
SHR — 共用記憶體大小（單位kb）
S — 行程狀態。D=不可中斷的睡眠狀態 R=運行 S=睡眠 T=跟蹤/停止 Z=僵屍進程
%CPU — 上次更新到現在的CPU時間佔用百分比
%MEM — 行程使用的實體記憶體百分比
TIME+ — 行程使用的CPU時間總計，單位1/100秒
COMMAND — 行程名稱

e/E  時間顯示單位切換，可分s,ms,gs,ts,ps
f/F  Fields Management可自行選擇要顯示的欄位
h  叫出help說明
k  刪除指定行程
l  隱藏/顯示load average(第1行)資訊切換
L  尋找字串
M  隱藏/顯示memory info (第4行)資訊切換
P  依據cpu用量進行排序
q  離開top
R  修改nice值
S  更改延遲時間(預設3秒)
t  隱藏/顯示tasks(第2.3行)資訊切換
T  依據Time+時間/累計時間進行排序

top按鈕說明

Summary Area Commands

按鍵  說明
c show scroll coordinates toggle
l load average/uptime toggle
t task/cpu statues toggle
m  memroy/swap toggle
1  single/seprate cpu states toggle
   顯示單一/多cpu使用情形切換
2 numa node /cpu summary toggle
3 expand numa node

Task Area Commands

按鍵  說明
j
J
B  將欄位值做粗體/一般字體切換
x
y
z  顯示顏色切換
Z  更改排序方式/顏色切換時之顏色

Linux 系統資源監控 top mpstat sar uptime

top 監控整體

top裡按1，看每個cpu使用狀況
top裡按2，看每個node使用狀況

//如果是centos，以下須先安裝 yum -y install sysstat

iostat 監控 cpu 及 block 設備(及分割槽) io

# iostat -xz 1 
Linux 2.6.32-696.el6.x86_64 (DX_JQ_2) 12/07/2018 _x86_64_   (32 CPU)

avg-cpu: %user %nice %system %iowait %steal %idle
           0.05 0.00 0.07 0.01 0.00 99.87

Device: rrqm/s wrqm/s r/s w/s rsec/s wsec/s avgrq-sz avgqu-sz await r_await w_await svctm %util
sda 0.00 3.29 0.02 1.13 1.28 35.30 31.88 0.02 20.90 7.84 21.13 5.19 0.60
dm-0 0.00 0.00 0.02 4.41 1.27 35.29 8.25 0.07 14.68 8.78 14.70 1.34 0.60

avg-cpu: %user %nice %system %iowait %steal %idle
           0.06 0.00 0.06 0.00 0.00 99.87

iostat [參數] [間隔秒][次數] 
iostat -x 1 10 //監控詳細信息，間隔1秒，共10次
iostat -C
iostat -dk

    -C 显示 CPU 使用情况
    -d 显示磁盘使用情况
    -k 以 KB 为单位显示
    -m 以 M 为单位显示
    -N 显示磁盘阵列(LVM) 信息
    -n 显示 NFS 使用情况
    -p[磁盘] 显示磁盘和分区的情况
    -t 显示终端和 CPU 的信息
    -x 显示详细信息
    -V 显示版本信息

監控cpu的屬性
%user  CPU 处在用户模式下的时间百分比
%nice  CPU 处在带 NICE 值的用户模式下的时间百分比
%system  CPU 处在系统模式下的时间百分比
%iowait  CPU 等待输入输出完成时间的百分比
%steal  管理程序维护另一个虚拟处理器时，虚拟 CPU 的无意识等待时间百分比
%idle  CPU 空闲时间百分比

監控disk的屬性
Device  监测设备名称
rrqm/s  每秒需要读取需求的数量
wrqm/s  每秒需要写入需求的数量
r/s  每秒实际读取需求的数量
w/s  每秒实际写入需求的数量
rsec/s  每秒读取区段的数量
wsec/s  每秒写入区段的数量
rkB/s  每秒实际读取的大小，单位为 KB
wkB/s  每秒实际写入的大小，单位为 KB
rMB/s  每秒实际读取的大小，单位为 MB
wMB/s  每秒实际写入的大小，单位为 MB
avgrq-sz  需求的平均大小区段
avgqu-sz  需求的平均队列长度
await  等待 I/O 平均的时间(milliseconds)
svctm  I/O 需求完成的平均时间
%util  被 I/O 需求消耗的 CPU 百分比


tps屬性
tps  该设备每秒的传输次数
kB_read/s  每秒从设备读取的数据量
kB_wrtn/s  每秒向设备写入的数据量
kB_read  读取的总数据量
kB_wrtn  写入的总数据量

mpstat 監控cpu

mpstat -A //監控所有狀態
mpstat -P 0/1/ALL   // 指定cpu編號
mpstat -P ALL 2 3  //每兩秒產生一次所有cpu資料，共3次


範例 mpstat -P All 2

11時38分44秒  CPU    %usr   %nice    %sys %iowait    %irq   %soft  %steal  %guest  %gnice   %idle
11時38分46秒  all   55.25    0.00    1.00    0.75    0.00    0.25    0.00    0.00    0.00   42.75
11時38分46秒    0   10.10    0.00    1.52    1.52    0.00    0.00    0.00    0.00    0.00   86.87
11時38分46秒    1  100.00    0.00    0.00    0.00    0.00    0.00    0.00    0.00    0.00    0.00

%user      在internal时间段里，用户态的CPU时间(%)，不包含nice值为负进程  (usr/total)*100
%nice      在internal时间段里，nice值为负进程的CPU时间(%)   (nice/total)*100
%sys       在internal时间段里，内核时间(%)       (system/total)*100
%iowait    在internal时间段里，硬盘IO等待时间(%) (iowait/total)*100
%irq       在internal时间段里，硬中断时间(%)     (irq/total)*100
%soft      在internal时间段里，软中断时间(%)     (softirq/total)*100
%idle      在internal时间段里，CPU除去等待磁盘IO操作外的因为任何原因而空闲的时间闲置时间(%) (idle/total)*100

sar 監控cpu,mem,i/o,net io

sar -P All 1 2  //監控所有cpu狀態，間隔1秒，共2次
sar -u 2 3      //監控所有cpu狀態，間隔2秒，共3次
sar -r //記憶體使用統計
sar -R //記憶體整體統計
sar -W //swap統計
sar -b //I/O及傳輸率統計
sar -d //block device statistics. 
       //block device is a kind of file,
       //which represents a device of some kind, with data 
       //that can be read or written to it in block.
       //可用block形式讀寫資料的裝置(linux中都當成檔案)


 -b I/O and transfer rate statistics
 -B Paging statistics
 -d Block device statistics
 -F [ MOUNT ]
  Filesystems statistics
 -H Hugepages utilization statistics
 -I {  | SUM | ALL | XALL }
  Interrupts statistics
 -m { [,...] | ALL }
  Power management statistics
  Keywords are:
  CPU CPU instantaneous clock frequency
  FAN Fans speed
  FREQ CPU average clock frequency
  IN Voltage inputs
  TEMP Devices temperature
  USB USB devices plugged into the system
 -n {  [,...] | ALL }
  Network statistics
  Keywords are:
  DEV Network interfaces
  EDEV Network interfaces (errors)
  NFS NFS client
  NFSD NFS server
  SOCK Sockets (v4)
  IP IP traffic (v4)
  EIP IP traffic (v4) (errors)
  ICMP ICMP traffic (v4)
  EICMP ICMP traffic (v4) (errors)
  TCP TCP traffic (v4)
  ETCP TCP traffic (v4) (errors)
  UDP UDP traffic (v4)
  SOCK6 Sockets (v6)
  IP6 IP traffic (v6)
  EIP6 IP traffic (v6) (errors)
  ICMP6 ICMP traffic (v6)
  EICMP6 ICMP traffic (v6) (errors)
  UDP6 UDP traffic (v6)
 -q Queue length and load average statistics
 -r Memory utilization statistics
 -R Memory statistics
 -S Swap space utilization statistics
 -u [ ALL ]
  CPU utilization statistics
 -v Kernel table statistics
 -w Task creation and system switching statistics
 -W Swapping statistics
 -y TTY device statistics

uptime

檢視服務器負載狀況

uptime

 22:37:31 up 65 days, 3:15, 1 user, load average: 40.00, 25.01, 10.05

檢視當前服務器1min, 5min, 15min 平均負載

是cpu負載、IO負載的整體評估

如果1min 的值大於 15min的值，表示負載越來越高。

dmesg

檢視資訊

$ dmesg |tail
[ 2567.534310] IPv6: ADDRCONF(NETDEV_UP): em3: link is not ready
[ 2570.386536] tg3 0000:02:00.0 em3: Link is up at 1000 Mbps, full duplex
[ 2570.386550] tg3 0000:02:00.0 em3: Flow control is off for TX and off for RX
[ 2570.386555] tg3 0000:02:00.0 em3: EEE is disabled
[ 2570.386584] IPv6: ADDRCONF(NETDEV_CHANGE): em3: link becomes ready
[20907.774686] perf: interrupt took too long (2502 > 2500), lowering kernel.perf_event_max_sample_rate to 79000
[50276.167405] perf: interrupt took too long (3173 > 3127), lowering kernel.perf_event_max_sample_rate to 63000
[96662.454537] perf: interrupt took too long (4010 > 3966), lowering kernel.perf_event_max_sample_rate to 49000
[143249.558510] perf: interrupt took too long (5025 > 5012), lowering kernel.perf_event_max_sample_rate to 39000
[204028.503117] perf: interrupt took too long (6286 > 6281), lowering kernel.perf_event_max_sample_rate to 31000

vmstat

檢視虛擬記憶體狀況

記憶體、分頁、IO、cpu

$ vmstat 1
procs -----------memory---------- ---swap-- -----io---- -system-- ------cpu-----
 r b swpd free buff cache si so bi bo in cs us sy id wa st
 0 0 0 3082644 2076 4156120 0 0 1 210 12 9 1 0 99 0 0
 0 0 0 3083180 2076 4156112 0 0 0 473 2231 2420 1 0 99 0 0
 0 0 0 3083212 2076 4156112 0 0 0 12510 3946 3945 1 2 97 0 0
 0 0 0 3083684 2076 4156096 0 0 0 1403 2333 1725 1 0 99 0 0
 1 0 0 3082868 2076 4156388 0 0 0 505 2307 1795 4 1 95 0 0
 0 0 0 3083508 2076 4156040 0 0 0 475 1888 1570 1 1 99 0 0
 0 0 0 3083152 2076 4156040 0 0 0 8090 1694 1910 1 1 99 0 0

procs

r：在cpu上執行和等待執行的程式數量

b：阻塞的程式

memory

swpd：虛擬記憶體使用大小

free：空閒的記憶體大小

buffer：用作 buffer 的記憶體大小

cache：用作 cache 的記憶體大小

swap

si：每秒從交換區寫道記憶體的大小

so：每秒寫入到交換區的大小

IO

bi：block device 每秒接收的 block 數量

bo：block device 每秒傳送的 block 數量

system

in：每秒 cpu 中斷次數

cs：每秒 content 切換次數(越小越好)

CPU

us：使用者的 cpu 時間

sy：系統核心執行 cpu 時間

id：空閒的 cpu 時間

wa：等待 IO 的時間

st：從虛擬機中偷走的時間?

free

檢視系統整體記憶體

$ free -h
    total used free shared buff/cache available
Mem: 7.6G   697M   3.0G   23M   3.9G    6.5G
Swap: 8.0G   0B   8.0G

buffer cache 是block device 的記憶體快取

page cache 是檔案資料的快取

Linux 常用指令

Process 管理

//列出系統上最耗費記憶體的程式
//-e 輸出所有行程的資訊
//-o 指定輸出欄位
//--sort 排序
ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%mem | head

//取當前pid
echo $$

//process 資源限制
ls /proc/{pid}/fd
cat /proc/{pid}/limits

//開檔狀況
ls -l /proc/{pid}/fd | less

//總開檔數
ls -l /proc/{pid}/fd | wc -l

網路相關

//查看80是哪個procese監聽的
netstat -tlnp | grep :22

tcp    0  0 0.0.0.0:22  0.0.0.0:*  LISTEN   1444/sshd
tcp6   0  0 :::22       :::*       LISTEN   1444/sshd

User 管理

sudo -i 切換為root

ssh 管理

//scp
scp "fileName" ubuntu@xxx.xx.xx.xx:/home/ubuntu/
scp -i "keyfile" filename aa@xxx.xxx.xxx.xxx:/home/aa/
sshpass -p "pass" scp "fileName" ubuntu@xxx.xx.xx.xx:/home/ubuntu/

//指定port P大寫
scp -P port root@xxx.xxx.xxx:/root/abc.jpg abc.jpc 
scp -P port abc.jpg root@xxx.xxx.xxx:/root/abc.jpg

//指定key
ssh -i 'keyfile' aa@xxx.xxx.xxx.xxx

//設定ssh timeout 時間
vim /etc/ssh/sshd_config

//找到ClientAliveInterval 参数，如果没有就自己加一行。
//client alive 檢查，秒
ClientAliveInterval=600 

//client alive 檢查次數 
ClientAliveCountMax=12

//依據以上設定，就是600*12=7200秒都沒反應就斷線
//開啟root ssh login
sudo passwd root    //更改root密碼
sudo vi /etc/ssh/sshd_config
PermitRootLogin yes
PasswordAuthentication yes

//centos 
service sshd restart
systemctl restart sshd

//debain
service ssh restart
systemctl restart sshd

ssh agent

1. Start ssh-agent in the background.
 > Agent pid xxxxx
2. Add ssh key to agent
  $ ssh-add -K pathToPrivateKey
  (-K 只限mac 內建的ssh-add, 表示存 passphase in your keychain)

3. if you key with passphase, agent will ask you to input pass.

//看ssh-agent執行狀況
看變數，是否有輸出
echo $SSH_AUTH_SOCK
echo $SSH_AGENT_PID

//in shell script
//自動加入所有預設rsa的key
if [ -z "$SSH_AUTH_SOCK" ] ; then
  eval `ssh-agent -K`
  ssh-add
fi

//kill ssh-agent
ssh-agent -k

github 使用多個 ssh key 與帳號

Host   連線至遠端的別稱(可以隨便填)
HostName   遠端的Domain或IP
Port   遠端的SSH連接埠(為預設的話可以不填)
User   使用者名稱
PreferredAuthentications   偏好使用的驗證(這邊的值都為publickey)
IdentityFile   私鑰的位置(可為相對或絕對位置，但建議使用絕對位置)

//edit ~/.ssh/config

Host gh.aaa.my
 HostName github.com
 User Hi_AAA
 PreferredAuthentications publickey
 IdentityFile ~/.ssh/id_rsa_aaa_github

Host gh.bbb.company
 HostName github.com
 User Hi_BBB
 PreferredAuthentications publickey
 IdentityFile ~/.ssh/id_rsa_bbb_github

Host bb.aaa.my
 HostName bitbucket.org
 User Yo_AAA
 PreferredAuthentications publickey
 IdentityFile ~/.ssh/id_rsa_aaa_bitbucket

原本 repo 位置會改變
原本 git@github.com:Hi_AAA/my_project.git  
新的 git@gh.aaa.my:Hi_AAA/my_project.git

Domain的部分可以使用設定檔的 Host 名稱取代

//key 加入 ssh-agent 管理
ssh-add 

apt

apt-cache policy mysql-server       列出mysql所有版本
apt-get install mysql-server=5.6.29 安裝mysql指定版本

Linux command netstat

netstat

netstat常用

說明：用來顯示網路系統的資訊(連線、路由表、網路卡等等)

使用概念

• 第一個參數，決定資訊類型選擇
• 輸出格式控制(format)

Type of information

(none)  By default, netstat displays a list of open sockets.  
        If you don't specify any address families, 
        then the active sockets of all configured address families will be printed.

--route , -r
       Display the kernel routing tables. See the description in route(8) for details.  
       netstat -r and route -e produce the same output.

--groups , -g
       Display multicast group membership information for IPv4 and IPv6.

--interfaces=iface , -I=iface , -i
       Display a table of all network interfaces, or the specified iface.

--masquerade , -M
       Display a list of masqueraded connections.

--statistics , -s(統計)
       Display summary statistics for each protocol.

None Options(none時候的參數)

netstat  [address_family_options]  
     [--tcp|-t]  [--udp|-u]  [--udplite|-U]  [--sctp|-S]  [--raw|-w]  
     [--listening|-l]  
     [--all|-a]  
     [--numeric|-n]  [--numeric-hosts] [--numeric-ports] [--numeric-users] 
     [--symbolic|-N] 
     [--extend|-e[--extend|-e]] 
     [--timers|-o] [--program|-p] 
     [--verbose|-v] 
     [--continuous|-c] 
     [--wide|-W] 
     [delay]

Common Options

 --verbose , -v
       Tell the user what is going on by being verbose. 
       Especially print some useful information about unconfigured address families.

   --wide , -W
       Do not truncate IP addresses by using output as wide as needed. 
       This is optional for now to not break existing scripts.

   --numeric , -n
       Show numerical addresses instead of trying to determine symbolic host, 
       port or user names.

   --numeric-hosts
       shows numerical host addresses but does not affect the resolution 
       of port or user names.

   --numeric-ports
       shows numerical port numbers but does not affect the resolution 
       of host or user names.

   --numeric-users
       shows numerical user IDs but does not affect the resolution of host or port names.

   --protocol=family , -A
       Specifies  the address families (perhaps better described as low level protocols) 
       for which connections are to be shown.  family is a comma (',') separated list of
       address family keywords like inet, inet6, unix, ipx, ax25, netrom, econet, and ddp.  
       This has the same effect as using the --inet|-4, --inet6|-6, --unix|-x, --ipx,
       --ax25, --netrom, and --ddp options.

       The address family inet (Iv4) includes raw, udp, udplite and tcp protocol sockets.
   -c, --continuous
       This will cause netstat to print the selected information every second continuously.

   -e, --extend
       Display additional information.  Use this option twice for maximum detail.

   -o, --timers
       Include information related to networking timers.

   -p, --program
       Show the PID and name of the program to which each socket belongs.

   -l, --listening
       Show only listening sockets.  (These are omitted by default.)

   -a, --all
       Show both listening and non-listening 
      (for TCP this means established connections) sockets.  
       With the --interfaces option, show interfaces that are not up

   -F
       Print routing information from the FIB.  (This is the default.)

   -C
       Print routing information from the route cache.

   delay
       Netstat will cycle printing through statistics every delay seconds.

Output(重要的輸出項目)

Proto
       The protocol (tcp, udp, udpl, raw) used by the socket.

   Recv-Q
       Established: The count of bytes not copied by the user program connected to this socket.  
       Listening: Since Kernel 2.6.18 this column contains the current syn back‐log.

   Send-Q
       Established: The count of bytes not acknowledged by the remote host.  
       Listening: Since Kernel 2.6.18 this column contains the maximum size of the syn backlog.

   Local Address
       Address and port number of the local end of the socket.  
       Unless the --numeric (-n) option is specified, 
       the socket address is resolved to its canonical  host  name
       (FQDN), and the port number is translated into the corresponding service name.

   Foreign Address
       Address and port number of the remote end of the socket.  Analogous to "Local Address."

   State
       The  state  of the socket. Since there are no states in raw mode 
       and usually no states used in UDP and UDPLite, this column may be left blank. 
       Normally this can be one of several values:
       ESTABLISHED
              The socket has an established connection.

       SYN_SENT
              The socket is actively attempting to establish a connection.

       SYN_RECV
              A connection request has been received from the network.

       FIN_WAIT1
              The socket is closed, and the connection is shutting down.

       FIN_WAIT2
              Connection is closed, and the socket is waiting for a shutdown from the remote end.

       TIME_WAIT
              The socket is waiting after close to handle packets still in the network.

       CLOSE  The socket is not being used.

       CLOSE_WAIT
              The remote end has shut down, waiting for the socket to close.

       LAST_ACK
              The remote end has shut down, and the socket is closed. Waiting for acknowledgement.

       LISTEN The socket is listening for incoming connections.  
              Such sockets are not included in the output 
              unless you specify the --listening (-l) or --all (-a) option.

       CLOSING
              Both sockets are shut down but we still don't have all our data sent.

       UNKNOWN
              The state of the socket is unknown.

   User
       The username or the user id (UID) of the owner of the socket.

   PID/Program name
       Slash-separated pair of the process id (PID) and process name of the process that owns the socket.  
       --program causes this column to be  included.   You  will  also
       need superuser privileges to see this information on sockets you don't own.  
       This identification information is not yet available for IPX sockets.

Example

顯示所有listening or established的tcp

netstat -at

顯示所有listening的tcp

netstat -lt

顯示tcp的統計

netstat -st

顯示每個tcp socket所屬的程式PID跟名稱

netstat -apt  //listening and established
netstat -pt   //established only
netstat -ap | grep ssh   //使用grep篩選

Linux command ulimit

ulimit

說明：顯示/設定使用者、群組等級的shell、process使用的資源限制

使用概念

• 針對本session shell或session shell中的process做設置
• 直接顯示或設定資源限制
• 設定分為soft and hard
• 使用ulimit做的設定，都是暫時性的(只針對本session)
• 全系統的永久性修改，須改 /etc/security/limits.conf

Options

  
ulimit [-HSTabcdefilmnpqrstuvx [limit]]

-H: hard limit 執行緒不能在執行中改變數值(除非有root權限)
-S: soft limit 執行緒可在執行中改變數值

不加 -H,-S，默认兩者都设置。

LIMIT 的值，除了可以是数字，也可以是 
    hard， soft， unlimited

    hard: 当前 hard 限制值
    soft: 当前 soft 限制值
    unlimited: 无限制

不加 LIMIT，表示打印对应选项的资源（有多个选项时，会显示资源名和单位）：

#ulimit -f
unlimited

#ulimit -c
0

#ulimit -c -f
core file size          (blocks, -c) 0
file size               (blocks, -f) unlimited

             
    -a     All current limits are reported
    -b     The maximum socket buffer size
    -c     The maximum size of core files created
    -d     The maximum size of a process's data segment
    -e     The maximum scheduling priority ("nice")
    -f     The  maximum  size  of files written by the shell and its
          children
    -i     The maximum number of pending signals
    -l     The maximum size that may be locked into memory
    -m     The maximum resident set size (many systems do not  honor
          this limit)
    -n     The maximum number of open file descriptors (most systems
          do not allow this value to be set)
    -p     The pipe size in 512-byte blocks (this may not be set)
    -q     The maximum number of bytes in POSIX message queues
    -r     The maximum real-time scheduling priority
    -s     The maximum stack size
    -t     The maximum amount of cpu time in seconds
    -u     The maximum number of processes  available  to  a  single user
    -v     The  maximum  amount  of  virtual memory available to the
          shell and, on some systems, to its children
    -x     The maximum number of file locks
    -T     The maximum number of threads

    If limit is given, and the -a option is not used, limit  is  the
    new  value  of  the  specified resource.  If no option is given,
    then -f is assumed.  Values are in 1024-byte increments,  except
    for  -t,  which is in seconds; -p, which is in units of 512-byte
    blocks; and -T, -b, -n, and -u, which are unscaled values.   The
    return  status is 0 unless an invalid option or argument is sup‐
    plied, or an error occurs while setting a new limit.

Example

顯示當前user 的open files(n)的hard設定

ulimit -Hn
1024

顯示當前user 所有設定

ulimit -a

core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 31204
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024         (file descriptor)
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 31204
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

把當前user的file descriptor數量暫時修改為10240

#ulimit -n 10240

Linux command ps

ps(process status)

說明：用來顯示執行緒的資訊

支援多種options：
UNIX options
BSD options
GNU long options

使用概念

• 選擇process，simple selection / selection by list
• 輸出格式控制(format)

Simple selection 詳細參考man ps

 a      Lift the BSD-style "only yourself" restriction, 
             which is imposed upon the set of all processes when some BSD-style (without "-") 
             options are used or when the ps personality setting is BSD-like.  
             The set of processes selected in this manner is in addition to the set of processes selected by other means.  
             An alternate description is that this option causes ps to list all processes with a terminal (tty), 
             or to list all processes when used together with the x option.

       -A     Select all processes.  Identical to -e.

       -a     Select all processes except both session leaders (see getsid(2)) and processes not associated with a terminal.

       -d     Select all processes except session leaders.

       --deselect
              Select all processes except those that fulfill the specified conditions (negates the selection).  
              Identical to -N.

       -e     Select all processes.  Identical to -A.

       g      Really all, even session leaders.  This flag is obsolete and may be discontinued in a future release.  
              It is normally implied by the a flag, and is only
              useful when operating in the sunos4 personality.

       -N     Select all processes except those that fulfill the specified conditions (negates the selection).  
              Identical to --deselect.

       T      Select all processes associated with this terminal.  Identical to the t option without any argument.

       r      Restrict the selection to only running processes.

       x      Lift the BSD-style "must have a tty" restriction, which is imposed upon the set of all processes 
              when some BSD-style (without "-") options are used or
              when the ps personality setting is BSD-like.  The set of processes selected in this manner is in addition 
              to the set of processes selected by other means.
              An alternate description is that this option causes ps to list all processes owned by you (same EUID as ps), 
              or to list all processes when used together
              with the a option.

Selection by list

 ps -p "1 2" -p 3,4
       -123   Identical to --pid 123.
       123    Identical to --pid 123.
-C cmdlist
              Select by command name.  This selects the processes whose executable name is given in cmdlist.
-g grplist
              Select by session OR by effective group name.  Selection by session is specified by many standards, 
              but selection by effective group is the logical behavior that several other operating systems use.  
              This ps will select by session when the list is completely numeric (as sessions are).  Group ID
              numbers will work only when some group names are also specified.  See the -s and --group options.
p pidlist
              Select by process ID.  Identical to -p and --pid.

--sid sesslist
              Select by session ID.  Identical to -s.

-u userlist
              Select by effective user ID (EUID) or name.  This selects the processes 
              whose effective user name or ID is in userlist.

Output control

-f Do full-format listing. 
        This option can be combined with many other UNIX-style options to add additional columns.  
        It also causes the command arguments to be printed.  
        When used with -L, the NLWP (number of threads) and LWP (thread ID) columns will be added.  
        See the c option, the format keyword args, and the format keyword comm.
-F Extra full format.
-j Jobs format
 -o format List user-defined format. 

EXAMPLES

顯示使用者當次登入資訊

[root@li1548-65 live]# ps
  PID TTY          TIME CMD
24539 pts/1    00:00:00 bash
24761 pts/1    00:00:00 ps

列出最耗費記憶體的執行緒

ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%mem | head

-e：輸出所有行程
-o：指定輸出欄位，後面接著所有想要輸出的欄位名稱：
pid：行程 ID（process ID）
ppid：父行程 ID（parent process ID）
cmd：程式名稱
%mem：記憶體使用量（百分比）
%cpu：CPU 使用量（百分比）

--sort 參數則是指定排序的依據欄位，
預設會依照數值由小到大排序，
若要由大到小則在欄位名稱前加負號。
-%mem，就是記憶體使用量從大到小排序。

  PID  PPID CMD                         %MEM %CPU
 2124  1278 /usr/lib/chromium-browser/c 25.0 14.4
 1446  1278 /usr/lib/chromium-browser/c 21.5 15.4
 1253     1 /usr/lib/chromium-browser/c 19.2 13.0
 1328  1278 /usr/lib/chromium-browser/c  7.6  2.9
 1392  1278 /usr/lib/chromium-browser/c  7.6  0.5
  732   669 /usr/bin/X :0 -seat seat0 -  5.7  2.0
 1060     1 /usr/lib/arm-linux-gnueabih  1.8  0.0
 1086   758 pcmanfm --desktop --profile  1.5  0.2
 1085   758 lxpanel --profile LXDE-pi    1.5  0.3

輸出pid,ppid,cpu,mem,起始時間....

ps -eo uname,pid,ppid,nlwp,pcpu,pmem,psr,start_time,tty,time,args

USER   PID  PPID NLWP %CPU %MEM PSR START TT       TIME COMMAND
root     1     0    1  0.0  0.1   1 Feb20 ?    00:00:01 /sbin/init
root     2     0    1  0.0  0.0   0 Feb20 ?    00:00:00 [kthreadd]
root     3     2    1  0.0  0.0   0 Feb20 ?    00:02:23 [ksoftirqd/0]
root     6     2    1  0.0  0.0   0 Feb20 ?    00:00:00 [migration/0]
root     7     2    1  0.0  0.0   1 Feb20 ?    00:00:00 [migration/1]
root     9     2    1  0.1  0.0   1 Feb20 ?    00:13:52 [ksoftirqd/1]

列出記憶體使用

ps aux | grep apache2 | awk '{ total += $6; } END { print total/1024"MB" }'


//寫成function
$ vim .bashrc

function memusage() {
    ps aux | grep "$1" | awk '{ total += $6; } END { print total/1024"MB" }'
}

//用法
memusage apache2  //就可以印出記憶體使用量

列出CPU使用

ps aux | grep apache2 | awk '{ total += $3; } END { print total"%" }'

//寫成function
$ vim .bashrc
function cpuusage() {
    ps aux | grep "$1" | awk '{ total += $3; } END { print total"%" }'
}

cpuusage apache2 # 就可以印出總 CPU 使用量
註：cpu 算法是比較奇怪(因為包含多顆 CPU)，不過可以把自己的 CPU 數量 * 100%，再來看這個比例。

Linux process 資源使用查詢

cat /proc/[pid]/limits

本process的資源限制設定

Limit                     Soft Limit           Hard Limit           Units     
Max cpu time              unlimited            unlimited            seconds   
Max file size             unlimited            unlimited            bytes     
Max data size             unlimited            unlimited            bytes     
Max stack size            8388608              unlimited            bytes     
Max core file size        0                    unlimited            bytes     
Max resident set          unlimited            unlimited            bytes     
Max processes             31204                31204                processes 
Max open files            1024                 4096                 files     
Max locked memory         65536                65536                bytes     
Max address space         unlimited            unlimited            bytes     
Max file locks            unlimited            unlimited            locks     
Max pending signals       31204                31204                signals   
Max msgqueue size         819200               819200               bytes     
Max nice priority         0                    0                    
Max realtime priority     0                    0                    
Max realtime timeout      unlimited            unlimited            us 

cat /proc/[pid]/statm

180024 1241 1046 35 0 171703 0

Size (pages) 任务虚拟地址空间的大小 VmSize/4
Resident(pages) 应用程序正在使用的物理内存的大小 VmRSS/4
Shared(pages) 共享页数 0
Trs(pages) 程序所拥有的可执行虚拟内存的大小 VmExe/4
Lrs(pages) 被映像到任务的虚拟内存空间的库的大小 VmLib/4
Drs(pages) 程序数据段和用户态的栈的大小 （VmData+ VmStk ）4

cat /proc/[pid]/status

本process當前資源使用狀態

Name: cat 
State: R (running) 
SleepAVG: 88% 
Tgid: 5783 
Pid: 5783 
PPid: 5742 
TracerPid: 0 
Uid: 0 0 0 0 
Gid: 0 0 0 0 
FDSize: 256 
Groups: 0 1 2 3 4 6 10 
VmSize: 6588 kB 
VmLck: 0 kB 
VmRSS: 400 kB 
VmData: 144 kB 
VmStk: 2040 kB 
VmExe: 14 kB 
VmLib: 1250 kB 
StaBrk: 0804e000 kB 
Brk: 088df000 kB 
StaStk: bfe03270 kB 
ExecLim: 0804c000 
Threads: 1 
SigPnd: 0000000000000000 
ShdPnd: 0000000000000000 
SigBlk: 0000000000000000 
SigIgn: 0000000000000000 
SigCgt: 0000000000000000 
CapInh: 0000000000000000 
CapPrm: 00000000fffffeff 
CapEff: 00000000fffffeff 

參數解釋

Name 应用程序或命令的名字 
State 任务的状态，运行/睡眠/僵死/ 
SleepAVG 任务的平均等待时间(以nanosecond为单位)，交互式任务因为休眠次数多、时间长，它们的 sleep_avg 也会相应地更大一些，所以计算出来的优先级也会相应高一些。 
Tgid 线程组号 
Pid 任务ID 
Ppid 父进程ID 
TracerPid 接收跟踪该进程信息的进程的ID号 
Uid Uid euid suid fsuid 
Gid Gid egid sgid fsgid 
FDSize 當前文件描述符的分配個數，32位元系統將以32倍數遞增，
64位元系統以64倍數遞增。
此數字只會增加不會減少。

列出當前使用的文件
ls -l /proc/`pgrep rsyslogd|grep -v grep`/fd  


Groups 
VmSize(KB) 任务虚拟地址空间的大小 (total_vm-reserved_vm)，其中total_vm为进程的地址空间的大小，reserved_vm：进程在预留或特殊的内存间的物理页 
VmLck(KB) 任务已经锁住的物理内存的大小。锁住的物理内存不能交换到硬盘 (locked_vm) 
VmRSS(KB) 应用程序正在使用的物理内存的大小，就是用ps命令的参数rss的值 (rss) 
VmData(KB) 程序数据段的大小（所占虚拟内存的大小），存放初始化了的数据； (total_vm-shared_vm-stack_vm) 
VmStk(KB) 任务在用户态的栈的大小 (stack_vm) 
VmExe(KB) 程序所拥有的可执行虚拟内存的大小，代码段，不包括任务使用的库 (end_code-start_code) 
VmLib(KB) 被映像到任务的虚拟内存空间的库的大小 (exec_lib) 
VmPTE 该进程的所有页表的大小，单位：kb 
Threads 共享使用该信号描述符的任务的个数，在POSIX多线程序应用程序中，线程组中的所有线程使用同一个信号描述符。 
SigQ 待处理信号的个数 
SigPnd 屏蔽位，存储了该线程的待处理信号 
ShdPnd 屏蔽位，存储了该线程组的待处理信号 
SigBlk 存放被阻塞的信号 
SigIgn 存放被忽略的信号 
SigCgt 存放被俘获到的信号 
CapInh Inheritable，能被当前进程执行的程序的继承的能力 
CapPrm Permitted，进程能够使用的能力，可以包含CapEff中没有的能力，这些能力是被进程自己临时放弃的，CapEff是CapPrm的一个子集，进程放弃没有必要的能力有利于提高安全性 

幾個 process 相關的

ls /proc/PID/cmdline : process arguments
ls /proc/PID/cwd : process current working directory (symlink)
ls /proc/PID/exe : path to actual process executable file (symlink)
ls /proc/PID/environ : environment used by process
ls /proc/PID/root : the root path as seen by the process. For most processes this will be a link to / 
        unless the process is running in a chroot jail.
cat /proc/PID/status : basic information about a process including its run state and memory usage.

ls /proc/PID/task : hard links to any tasks that have been started by this (the parent) process.

列出 process fd

//看當前配置的 fd size

cat /proc/pid/status

//列出詳細 fd 內容

sudo ls -la /proc/pid/fd

//計算總數
ls -l /proc/28290/fd | wc -l

sudo lsof -p 28290
sudo lsof -a -p 28290

顯示 socket fd 詳細內容

sudo lsof -i | grep 4654214  //socket fd 

sudo netstat -alep | erep -i 4654214  //socket fd