Linux OS

BOOT PROCESS IN LINUX:

There are 6 stages after we press power button till Linux prompt comes. They are:

BIOS:
It stands for Basic Input/Output system. It performs some system integrity test. Searches, loads and executes boot loader program. It looks for boot loader in floppy, cd-rom, USB or hard drive. We can press F12 to change the boot sequence. Once boot loader program is detected and loaded into memory, BIOS gives control to it. BIOS loads and executed MBR Loader.

MBR:
It stands for Master Boot Record. It is located at 1st sector of bootable disk. Typically /dev/hda or /dev/hda1. MBR is less then 512 bytes in size. It contains information about GRUB. In short, MBR loads and execute GRUB boot loader.

GRUB:
It stands for Grand unified Boot Loader. If we have multiple kernel image loaded in our system, we can choose which one to be executed. GRUB splashes a screen and wait for sometime, if we don't enter anything, it will execute the default kernel image as specified in the grub configuration file. Grub have knowledge of file-system. Config file located at /etc/grub.conf as soft link of /boot/grub/grub.conf). In short GRUB loads the kernel.

KERNEL:
Mounts the root file system as specified in the 'root=' in grub.conf. Kernel executes /sbin/init program. Since init is the first program executed by linux kernel, it have PID as 1. We can check using command ps -ef|grpe init. Initrd stands for initial RAM Disk. Initrd is used by kernel as temporary root file system until real file system is mounted. It also contains necessary drivers compiled inside, which helps it to access the hard drive partitions and other hardware.

INIT:
Looks at /etc/inittab file to decide the linux run level. Following are the run level:
init 0 - halt
init 1 - Single user mode
init 2 - Multiuser , without NFS
init 3 - Full multiuser mode
init 4 - unused
init 5 - X11
init 6 - Reboot
Init identifies the default initlevel from /etc/inittab and uses that to load all appropriate program. We can find default run level from /etc/initab using 'grep initdefault /etc/initab'. Default run level should be 3 or 5.

RUNLEVEL:
When linux system starts up, various services starts up like "starting sendemail...OK". They are run level program, executed from runlevel directory.
EX:
Run Level 0 - /etc/rc.d/rco.d/
Run Level 1 - /etc/rd.d/rc1.d/
Please note that there are also symbolic links available for these directory under /etc directly. So, /etc/rc0.d is linked to /etc/rc.d/rc0.d. Under the /etc/rc.d/rc*.d/ directories, we would see programs that start with S and K. Programs starts with S are used during startup. S for startup. Programs starts with K are used during shutdown. K for kill. There are numbers right next to S and K in the program names. Those are the sequence number in which the programs should be started or killed. For example, S12syslog is to start the syslog deamon, which has the sequence number of 12. S80sendmail is to start the sendmail daemon, which has the sequence number of 80. So, syslog program will be started before sendmail.


CPU:

SWAP CONCEPTS: 
Linux divides its physical RAM( Random Access Memory) into chunks called pages. Swapping is the process where a page from memory is copied to pre-configured space in the hard disk called SWAP SPACE to free up the page of memory. The combined sizes of the physical memory and the SWAP space is the amount of virtual memory available.

SWAPPING is necessary for two reasons:
a. When the system needs more memory then it is physically present. Then kernel swaps out less used pages and gives memory to the current process that needs the memory immediately.
b. Significant number of pages are used only during startup, those pages can system moves it to SWAP.

To check what SWAP Memory we have, we can use command swapon -s

PERFORMANCE ISSUE:
Below are few areas where we can check for performance issues
CPU
Utilization can be monitored using various in build tools like top, vmstat and sar
MEMORY
Memory bottle can be easily identified using sar and vmstat. To get memory information we issue cat /proc/meminfo. We can use free -m command to check free available RAM. Top command also shows memory used and left.
SWAP
When the physical memory is completely used,then system will be start using the swap space.If the system is running out of swap space, you can see fork errors in the /var/log/messages file. If the system is having 2GB physical memory and configuring with 8GB swap is completely  waste. If system start swapping more process to the disk, system performance will be degrade. Swapfs is used to find out swap memory
FILE SYSTEM
IOWAIT should be less so that there is a good write into disk.
NETWORK
Network overload is very rare case to impact the system performance.

MULTI - THREADING: 
When a process is created it shares very little data with the parent process who created it. Whereas when a thread is created, it shares global variable, static local variables, open files and the process id. New process takes more time to get created then thread. Since the thread shares it data space, its easy to pass information from one thread to another.

ZOMBIE PROCESS: 
It is a process which is already dead. It is leftover piece of dead process that have not be cleaned. Kill a Zombie Process - kill -s SIGCHLD pid. It happens when the child process dies and parent don't react on the event properly. Generally, parent process must call wait () to obtain child's exit status. At this moment ZOMBIE disappears. Some program forgets to cal wait() or they do it later.

When a process finishes, it will have the exit status report to its parent process. Because of this last little information, the dead process will remain in the operating system's process table ZOMBI PROCESS. It wont be removed until it has been determined that exit status is no longer needed.

ps -aux and we need to look for Z in status column to find out the Zombie process.

MANAGING PROCESS: 
We can manage process with different commands in Linux. Process are created, processed and process dies.

KILL:
Kill is a program to end a process forcefully. Kill by default means kill -term. Other command related to kill is kill -9

DEBUG:
To debug we use strace ls.

PROCESS & THREAD:

Process are abstraction of running programs - binary image, virtual memory, various kernel resource. Threads are unit of execution in a process. A process contains one or more thread. In a single thread process, a process contains a single process. Whereas in a multi-threaded process, a process contains multiple threads.

Each process has its own code, data and kernel context, while a thread of a process, they share the same code, data and kernel context.

Process usually form a tree hierarchy.Po spawning off p1 and so on. While all the threads of a process are peer.

Process context switch are much more heavier then a thread context switch for the Kernel level because there are much more state to change.

Process are independent. Process are controlled by the OS. Process have control over its child process. Process are considerable overhead. Each process have its own address space.

Thread shares the address space of process that created it. Thread can easily communicate with other thread of its process. New thread can be easily created. Thread have almost no overhead. Thread have direct access to data segment of its process. Threads have considerable control over thread of the same process. Any change in main thread may effect the behavior of other thread in the process. Threads are dependent.


MEMORY MANAGEMENT:
Physical memory, SWAP memory are some memory which are configured. It is necessary because RAM is faster and it will help for caching.

PAGE FAULTS:
When the server moves the unused pages to SWAP, those pages are called page faults.

MAIL in Linux: 
Mail can be sent in linux with binaries like mail or mailx. The logs can be checked in /var/log/maillog. We receive errors like mail have been delivered according to mailogs but user have not received the email. That time we check the firewall or iptables and SPF to debug the errors.

FIREWALL:
Start Service - systemctl start firewalld.service
Status - firewall-cmd --state
List all - firewall-cmd --list-all

IPTABLES:
Block port - /sbin/iptables -A INPUT -p tcp --dport 8000 -j DROP

SPF:
Sender Policy Framework (SPF) is a method of fighting spam. As more time passes, this protocol will be used as one of the standard methods of fighting spam on the Internet. An SPF record is a TXT record that is part of a domain's DNS zone file. The TXT record specifies a list of authorized host names/IP addresses that mail can originate from for a given domain name. Once this entry is placed within the DNS zone, no further configuration is necessary to take advantage of servers that incorporate SPF checking into their anti-spam systems. This SPF record is added the same way as a regular A, MX, or CNAME record.

Upgrade Package in Linux:
Below are the different types of rpm installation
rpm -ivh pidgin-2.7.9-5.el6.2.i686.rpm - Installation
rpm -qpR BitTorrent-5.2.2-1-Python2.4.noarch.rpm - Check Dependency
rpm -ivh --nodeps BitTorrent-5.2.2-1-Python2.4.noarch.rpm - Installation Without Dependency
rpm -q BitTorrent - Check Installed rpm
rpm -ql BitTorrent - List all files
rpm -qa --last - All Installed rpm
rpm -Uvh nx-3.5.0-2.el6.centos.i686.rpm - Upgrade
rpm -evv nx - Remove
rpm -ev --nodeps vsftpd - Without dependency
rpm -qip sqlbuddy-1.3.3-1.noarch.rpm - Get information before installation

Yum upgrade
Yum update - It will update all the packages.

File System:
BSD - 1st file system
ext
ext2 - 2nd extended file system. Preferred file system for SD and USB flash. Lack of Journal. Increases write speed. Minimize the number of write.
ext3 - Journaling File system. Fully compatible with ext2.
Journaling File system - Circular log. Keeps track of changes not yet committed to file system main part. Uses data structure which is journal which is circular log. In event of power failure, system will brought back online quickly with less change to be corrupted. Same like WAL segment and WAL Buffer. Jouranl records changes before ahead of time. Journal is Atomic. Changes to the journal is kept n separate device.
Delete involves 3 steps -
a. Remove file directory entry
b. Removing entry from inode to free pool inode
c. Removing block  to pool of free disk blocks
Two types of journal - Physical Journal & Logical Journal. Physical journal is more efficient.
ext4 - Jornaling support. Larger file system. 1 Exa byte. More number of sub directories.
xfs - Redhat says to use xfs if size if file system is more then 100 TB. Sun Mircosystem. Protection against data corruption. Efficient data encryption. Atomic repair. Xeta byte file system.