Tips about Linux Servers

Tom Li
biergaizi@member.fsf.org
May 23, 2014

About me

github

Tom Li (李懿峰), biergaizi (比尔盖子)

Note My nickname doesn’t represent that I’m a fan of Bill Gates, it is a joke (高端黑?)

Broken Terminal

Broken Terminal
$ echo -e "\033(0"
$ cat /dev/urandom

Solution

$ reset

Find out the Missing Computer

<erno> hm. I’ve lost a machine… literally lost. it responds to ping, it works completely, I just can’t figure out where in my apartment it is.

Solution

If the computer has a PC Speaker.

beep -d 1 -r 100
<1> delay 1 second, repeat 100 times.

Then stand up and find out your machine!

Note It only works if you probe pcspkr.

Reboot Even If System Utterly Broken

The computer no longer respond mouse or keyboard input. But the kernel doesn’t panic.

Solution

SysRq let us talk to the kernel directly!

Hold Alt+SyqRq / Print Screen, then press

R

unRaw

Take control of keyboard back from X.

E

tErminate

Send SIGTERM to all processes.

I

kIll

Send SIGKILL to all processes.

S

Sync

Sync the filesystems.

U

Unmount

Mount the filesystems to read-only.

B

reBoot

Reboot the computer.

  • You must enable kernel.sysrq.
  • You should wait for few seconds between terminate, kill, and sync.
  • You could also trigger SysRq by echo r > /proc/sysrq-trigger.

High Performance OpenSSH

HPN-SSH is a high performance SSH/SCP patchset. It can improve the performance of SSH/SCP without redece the security.

For the best performance, both the server and the client should apply the patches.

Tip Gentoo includes HPN by default.
[ebuild   R    ] net-misc/openssh-6.6.1_p1  USE="X hpn pam tcpd -X509 -bindist -kerberos -ldap -ldns -libedit (-selinux) -skey -static" 0 kB

Connect to a Different Remote User without enter the username

I have many servers to management.

$ whoami
biergaizi

$ ssh user-2122487@shared-host
$ ssh root@personal-server
$ ssh fedora@community-server

$ ssh my-server  # biergaizi is the default username

Solution

Modify ~/.ssh/config with your favorite editor.

Host ps
HostName personal-server
User root

$ ssh ps

Connect to the Computer Behind the Firewall

Sometimes, the machine you want to connect doesn’t have a public IP address, and/or was walled by the routers/firewalls. And you don’t have the permission to modify the port-forwarding settings. For example, the computers in your company/school.

Solution

You need a public server which is world accessable.

$ ssh -NfR proxy_port:private_server:walled_port user@public_server
$ ssh root@private_server -p proxy_port

SSH on High Latency Networking

The network is unstable, or the latency of your network is very high. e.g 3G network.

Solution

Mosh is a replacement for SSH. It’s more robust and responsive, especially over Wi-Fi, cellular, and long-distance links.

$ mosh user@server
$ mosh -ssh="ssh -p 8088" user@server

Speed Up Your Commands by Using GNU Parallel

GNU parallel is a shell tool for executing jobs in parallel using one or more computers. A job can be a single command or a small script that has to be run for each of the lines in the input. A job can also be a command that reads from a pipe. GNU parallel can then split the input and pipe it into commands in parallel.

$ time cat test | xz > test.xz1
141.51s user
0.98s system
99% cpu
2:22.64 total


$ time cat test | parallel --pipe --recend "" -k xz > test.xz2
131.26s user
8.55s system
632% cpu
22.115 total
Tip 6x faster!

Low-Fragmentation, High-Performance Memory Allocator

But I’m not going to talk about tcmalloc.

echo "/usr/lib64/libjemalloc.so.1" > /etc/ld.so.preload

LD_PRELOAD="/usr/lib64/libjemalloc.so.1" mysql

Benchmarks

malloc compare

Poor Entropy on the Server

Some programs depend on Cryptography.

$ cat /proc/sys/kernel/random/entropy_avail
150

# too bad!

If there isn’t enough entropy, kernel will be unable to provide random data by /dev/random, these programs will be very slow and waiting for the random data all the time.

Solution

  • rngd If your hardware includes a hardware random number generator, e.g Raspberry Pi
  • haveged If you don’t have any extra hardware
Warning Although haveged has a strong algorithm to generate more random data, but it should not be used to generate important private keys, etc.

End

Thanks!

#