Don't reboot, debug! - DPC15

1
Don't reboot, debug!
A medic ﬁrst aid course in debugging your server
Joshua Thijssen
@JayTaph

View Slide

2
Joshua Thijssen
Consultant and trainer
Author of the Symfony Rainbow Series
http://www.symfony-rainbow.com
Blog: http://adayinthelifeof.nl
Email: [email protected]
Twitter: @jaytaph
Tech nalyze
WWW.TECHANALYZE.IO

View Slide

3

View Slide

3
It's not

View Slide

3
It is
It's not

View Slide

4

View Slide

4
Our website is not working anymore!!!

View Slide

Have you tried turning it off and on again?
5

View Slide

6
Manager
Not a suit

View Slide

6
Fix it! Every minute we’re
losing money!
Manager
Not a suit

View Slide

7

View Slide

8
Deal now or deal later?

View Slide

9

View Slide

9
➡ Is it reproducible later? Probably not.

View Slide

9
➡ Are you solving the problem, or
desperately trying to remove a symptom?

View Slide

9
➡ Are you solving the problem, or
desperately trying to remove a symptom?
➡ Short term relieve vs long term solution

View Slide

10

View Slide

➡ Actually analyze, maybe fix the problem.
10

View Slide

➡ Actually analyze, maybe fix the problem.
➡ It will cost less to analyze/fix it now, than
to fix it later.
10

View Slide

11

View Slide

12

View Slide

12
➡ We reboot our system every night!

View Slide

12
➡ Why? Memory leaks? Just crappy code?

View Slide

12
➡ There is some state not handled correctly!

View Slide

12
➡ What happens when # users increase with
200%? Restart every 12 hours?

View Slide

12
➡ What happens when # users increase with
200%? Restart every 12 hours?
➡ Let’s hope you won’t get many visitors!

View Slide

Find the culprit
13

View Slide

Bottleneck Troubleshooting Flowchart
(BTF)
14

View Slide

Site is slow or
not responding.
It’s your DB
Bottleneck Troubleshooting Flowchart
(BTF)
14

View Slide

15

View Slide

➡ Apache / PHP
15

View Slide

➡ Apache / PHP
➡ Monitoring / backup
15

View Slide

➡ Apache / PHP
➡ Hanging cron jobs & runaway tools
15

View Slide

➡ Apache / PHP
➡ Hanging cron jobs & runaway tools
➡ Connectivity / DNS problems
15

View Slide

16
Linux 101

View Slide

17
Processes

View Slide

18

View Slide

18
➡ Isolated userspace.

View Slide

18
➡ PID (process id) and state.

View Slide

18
➡ Kernel “preempts”, or process yields.

View Slide

18
➡ Kernel “preempts”, or process yields.
➡ Multitasking.

View Slide

19

View Slide

20

View Slide

20
➡ R Running or runnable

View Slide

20
➡ S Interruptible sleep

View Slide

20
➡ D Uninterruptible sleep

View Slide

20
➡ T Stopped

View Slide

20
➡ T Stopped
➡ Z Defunct process (zombies)

View Slide

21

View Slide

21
➡ Most processes are sleeping.

View Slide

21
➡ External processes (and the kernel) can
“wake up” a process at any time by
sending “signals”.

View Slide

21
➡ External processes (and the kernel) can
“wake up” a process at any time by
sending “signals”.
➡ Fire signals with “kill”.

View Slide

22

View Slide

22
➡ Uninterruptible means it won’t handle
signals (directly), but waits on its task to
finish (it must wake up by itself).

View Slide

22
➡ Used for high-performance loops that
needs to focus (like I/O).

View Slide

22
➡ Used for high-performance loops that
needs to focus (like I/O).
➡ Still can be preempted by the scheduler!

View Slide

23

View Slide

23
➡ Zombies aren’t bad.

View Slide

23
➡ It’s just bad programming or
administration that creates
zombies.

View Slide

23
zombies.
➡ They will not eat brains
(at least not much).

View Slide

23
zombies.
➡ They will not eat brains
(at least not much).
➡ But there shouldn’t be many.

View Slide

24
Load average

View Slide

25

View Slide

25
➡ 1 minute, 5 minutes, 15 minutes averages

View Slide

25
➡ Calculated as the number of runnable
processes.

View Slide

25
➡ Calculated as the number of runnable
processes.
➡ Depends on number of CPU’s!

View Slide

26
14:57:22 up 35 days, 18:57, 1 user, load average: 1.52, 0.66, 0.27

View Slide

26
➡ 1.52 average runnable (or blocking)
processes in the last minute.

View Slide

26
➡ 0.66 average in 5 minutes

View Slide

26
➡ 0.27 average in 15 minutes.

View Slide

26
➡ Single CPU: 52% more than it can handle.

View Slide

26
➡ Single CPU: 52% more than it can handle.
➡ quad core system: not doing very much

View Slide

27
Memory

View Slide

28
Q: How much memory does this process use?
This is REALLY hard question to answer!
It depends on many factors!

View Slide

29
➡ Virtual memory
➡ Shared memory
➡ Resident memory
➡ Swapped memory

View Slide

30

View Slide

30
➡ 4GB memory space, even if you have less
memory installed.

View Slide

30
memory installed.
➡ 1GB is reserved for kernel.

View Slide

30
memory installed.
➡ Kernel can swap out memory.

View Slide

30
memory installed.
➡ Kernel can swap out memory.
➡ CPU pagefaults and loads back pages.

View Slide

31

View Slide

31
➡ Process can allocate memory, but does
not necessary use it (for instance:
preallocation)

View Slide

31
➡ Process can allocate memory, but does
not necessary use it (for instance:
preallocation)
➡ VIRT will increase!

View Slide

32

View Slide

33
Q: How much free memory does this system have?
This is an easier, but still hard question to answer!

View Slide

34
$ free -m
total used free shared buffers cached
Mem: 375 349 25 0 111 94
-/+ buffers/cache: 143 231
Swap: 400 7 392

View Slide

35
Monitoring

View Slide

36
➡ Monitor everything
➡ System / infra monitoring
➡ Application monitoring

View Slide

37

View Slide

38

View Slide

39
Logging
Logging

View Slide

40
➡ Log EVERYTHING from all sources.
➡ Filter later.

View Slide

41
$ php composer.phar require monolog/monolog
➡ syslog
➡ ﬁles
➡ mail
➡ slack / hipchat / irc
➡ logstash

View Slide

42
System tools

View Slide

TAIL
43

View Slide

44

View Slide

44
➡ Most daemons will log into /var/log/*

View Slide

44
➡ tail -f /var/log/messages

View Slide

44
➡ tail -f /var/log/messages
➡ Many times, this is ALL you need!

View Slide

45

View Slide

45
➡ Know your tools (top, htop, vmstat, iostat, ps)

View Slide

45
➡ Know the /proc ﬁlesystem

View Slide

45
➡ sniff around with tcpdump, netstat, nc etc...

View Slide

45
➡ sniff around with tcpdump, netstat, nc etc...
➡ man

View Slide

46
strace

View Slide

47
➡ strace displays system calls and signals
➡ Communication between applications
and the kernel.

View Slide

48
$ strace -ff -p
....
socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 20
fcntl(20, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(20, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(20, {sa_family=AF_INET, sin_port=htons(11211), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS
(Operation now in progress)
poll([{fd=20, events=POLLOUT}], 1, -1) = 1 ([{fd=20, revents=POLLOUT}])
write(20, "get ez_client1/acls/"..., 44) = 44
read(20, "END\r\n", 8196) = 5
write(20, "get ez_client1/acl/g"..., 40) = 40
read(20, "END\r\n", 8196) = 5
write(20, "quit\r\n", 6) = 6
shutdown(20, 2 /* send and receive */) = 0
close(20) = 0
mkdir("/tmp/smarty", 0777) = -1 EEXIST (File exists)
chmod("/tmp/smarty", 0777) = 0
access("/userdata/client1/user/templates/nl/block-right-last.tpl", F_OK) = -1 ENOENT (No such file or directory)
access("/userdata/client1/user/templates/block-right-last.tpl", F_OK) = -1 ENOENT (No such file or directory)
access("/userdata/client1/theme/templates/nl/block-right-last.tpl", F_OK) = -1 ENOENT (No such file or directory)
access("/userdata/client1/theme/templates/block-right-last.tpl", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/noxlogic/root/themes/ezshopping/templates/nl/block-right-last.tpl", F_OK) = -1 ENOENT (No such file
or directory)
access("/etc/noxlogic/root/themes/ezshopping/templates/block-right-last.tpl", F_OK) = -1 ENOENT (No such file or
directory)
access("/userdata/client1/user/templates/nl/block-right.tpl", F_OK) = -1 ENOENT (No such file or directory)
access("/userdata/client1/user/templates/block-right.tpl", F_OK) = -1 ENOENT (No such file or directory)
access("/userdata/client1/theme/templates/nl/block-right.tpl", F_OK) = -1 ENOENT (No such file or directory)
access("/userdata/client1/theme/templates/block-right.tpl", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/noxlogic/root/themes/ezshopping/templates/nl/block-right.tpl", F_OK) = -1 ENOENT (No such file or
directory)
access("/etc/noxlogic/root/themes/ezshopping/templates/block-right.tpl", F_OK) = -1 ENOENT (No such file or
directory)

View Slide

49
$ strace ping www.google.com
....
mprotect(0xb757f000, 4096, PROT_READ) = 0
munmap(0xb76d8000, 44104) = 0
stat64("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=59, ...}) = 0
socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 3
connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.178.4")}, 16) = 0
gettimeofday({1347446161, 382120}, NULL) = 0
poll([{fd=3, events=POLLOUT}], 1, 0) = 1 ([{fd=3, revents=POLLOUT}])
send(3, "u\205\1\0\0\1\0\0\0\0\0\0\3www\6google\3com\0\0\1\0\1", 32, MSG_NOSIGNAL) = 32
poll([{fd=3, events=POLLIN}], 1, 5000

View Slide

➡ strace -e trace=open
➡ strace -ff -p
50

View Slide

51
vmstat

View Slide

52
$ vmstat 1
procs -----------memory---------- ---swap-- -----io---- -system-- ----cpu----
r b swpd free buff cache si so bi bo in cs us sy id wa
0 0 896 17208 124784 121964 0 0 0 0 73 159 0 1 99 0
2 0 896 14968 125628 121976 0 0 844 0 6857 29935 5 58 35 2
2 0 896 14472 125628 121964 0 0 0 0 10691 48526 10 90 0 0
2 0 896 13976 126120 121952 0 0 476 252 10430 49144 7 91 0 2
0 0 896 12744 127016 121968 0 0 896 0 7799 38732 3 71 23 3
0 0 896 12744 127016 121964 0 0 0 0 30 93 0 0 100 0
0 0 896 12760 127016 121964 0 0 0 0 30 92 0 0 100 0
0 0 896 12760 127016 121964 0 0 0 0 29 99 0 1 99 0
0 0 896 12760 127016 121964 0 0 0 0 32 110 0 0 100 0
0 0 896 12752 127024 121964 0 0 0 324 33 108 0 0 99 1
0 0 896 12752 127024 121964 0 0 0 0 30 103 0 0 100 0
0 0 896 12752 127032 121964 0 0 0 12 34 108 0 0 100 0
0 0 896 12752 127032 121964 0 0 0 0 30 105 0 0 100 0
0 0 896 12752 127032 121964 0 0 0 236 80 101 0 1 99 0

View Slide

53
System tap / dtrace
System TAP (dtrace)

View Slide

54
➡ Unobtrusive probes inside the kernel
➡ Scripts written in D language.
➡ SUN / Solaris only (licensing)

View Slide

55
➡ “GPL” version of dtrace
➡ Awesome, but complex
➡ But you need / want debug info packages

View Slide

probe syscall.open {
printf(“%s(%d) open (%s)\n”, execname(), pid(), argstr);
}
56
stap syscall.stp

View Slide

57
➡ There are some “providers” in the PHP
core (zend_dtrace.{c,h,d})

View Slide

58
➡ Valgrind
➡ GDB
➡ XDebug / proﬁler
➡ MySQL proxy

View Slide

59
Think about your app / infra BEFORE going live...

View Slide

Make a plan
60

View Slide

61

View Slide

61
➡ Design for (vertical) scalability.

View Slide

61
➡ Remove SPOFs.

View Slide

61
➡ Remove SPOFs.
➡ Horizontal scalability is easier, but more
restrictive.

View Slide

61
➡ Remove SPOFs.
restrictive.
➡ Conﬁguration is key.

View Slide

61
➡ Remove SPOFs.
restrictive.
➡ Conﬁguration is key.
➡ Don’t run on full capacity. Have a contingency
buffer for peaks and know how to scale out

View Slide

62

View Slide

62
➡ One machine for one purpose (app / mail / cron /
db / etc).

View Slide

62
db / etc).
➡ Virtual machines are easy to setup and maintain
(puppet / ansible) and are cheap.

View Slide

62
db / etc).
➡ Try to async as much as possible.

View Slide

62
db / etc).
➡ Try to async as much as possible.
➡ Message queues are easy to implement
(gearman / *MQ etc).

View Slide

63
Recap
Conclusion

View Slide

64

View Slide

65

View Slide

65
➡ Don’t reboot, debug!

View Slide

65
➡ Analyze what’s going on,

View Slide

65
➡ ﬁnd and isolate the culprit.

View Slide

65
➡ ﬁnd and isolate the culprit.
➡ Threat the problem, not the symptoms.

View Slide

66

View Slide

66
➡ There are many tools out there to analyze your
system realtime.

View Slide

66
system realtime.
➡ Know your running environment
(even it’s “not your business”).

View Slide

66
system realtime.
➡ Know your running environment
(even it’s “not your business”).
➡ Ask 3rd party help if needed.

View Slide

67

View Slide

Find me on twitter: @jaytaph
Find me for development and training: www.noxlogic.nl
Find me on email: [email protected]
Find me for blogs: www.adayinthelifeof.nl
Thank You!
https://joind.in/14205

View Slide

Don't reboot, debug! - DPC15

Don't reboot, debug! - DPC15

Joshua Thijssen

More Decks by Joshua Thijssen

Featured

Transcript