book

Learning Modern Linux

by Michael Hausenblas

April 2022

Beginner

260 pages

5h 54m

English

O'Reilly Media, Inc.

Book available

Read now

Unlock full access

About YouHow to Use the BookConventionsUsing Code ExamplesO’Reilly Online LearningHow to Contact UsAcknowledgments
What Are Modern Environments?The Linux Story (So Far)Why an Operating System at All?Linux DistributionsResource VisibilityA Ten-Thousand-Foot View of LinuxConclusion
Linux ArchitectureCPU Architecturesx86 ArchitectureARM ArchitectureRISC-V ArchitectureKernel ComponentsProcess ManagementMemory ManagementNetworkingFilesystemsDevice DriverssyscallsKernel ExtensionsModulesA Modern Way to Extend the Kernel: eBPFConclusion
BasicsTerminalsShellsModern CommandsCommon TasksHuman-Friendly ShellsFish ShellZ-shellOther Modern ShellsWhich Shell Should I Use?Terminal MultiplexerscreentmuxOther MultiplexersWhich Multiplexer Should I Use?ScriptingScripting BasicsWriting Portable bash ScriptsLinting and Testing ScriptsEnd-to-End Example: GitHub User Info ScriptConclusion
BasicsResources and OwnershipSandboxingTypes of Access ControlUsersManaging Users LocallyCentralized User ManagementPermissionsFile PermissionsProcess PermissionsAdvanced Permission ManagementCapabilitiesseccomp ProfilesAccess Control ListsGood PracticesConclusion
BasicsThe Virtual File SystemLogical Volume ManagerFilesystem OperationsCommon Filesystem LayoutsPseudo FilesystemsprocfssysfsdevfsRegular FilesCommon FilesystemsIn-Memory FilesystemsCopy-on-Write FilesystemsConclusion
BasicsThe Linux Startup ProcesssystemdUnitsManagement with systemctlMonitoring with journalctlExample: scheduling greeterLinux Application Supply ChainsPackages and Package ManagersRPM Package ManagerDebian debLanguage-Specific Package ManagersContainersLinux NamespacesLinux cgroupsCopy-on-Write FilesystemsDockerOther Container ToolingModern Package ManagersConclusion
BasicsThe TCP/IP StackThe Link LayerThe Internet LayerThe Transport LayerSocketsDNSDNS RecordsDNS LookupsApplication Layer NetworkingThe WebSecure ShellFile TransferNetwork File SystemSharing with WindowsAdvanced Network TopicswhoisDynamic Host Configuration ProtocolNetwork Time ProtocolWireshark and tsharkOther Advanced ToolingConclusion
BasicsObservability StrategyTerminologySignal TypesLoggingSyslogjournalctlMonitoringDevice I/O and Network InterfacesIntegrated Performance MonitorsInstrumentationAdvanced ObservabilityTracing and ProfilingPrometheus and GrafanaConclusion
Interprocess CommunicationSignalsNamed PipesUNIX Domain SocketsVirtual MachinesKernel-Based Virtual MachineFirecrackerModern Linux DistrosRed Hat Enterprise Linux CoreOSFlatcar Container LinuxBottlerocketRancherOSSelected Security TopicsKerberosPluggable Authentication ModulesOther Modern and Future OfferingsNixOSLinux on the DesktopLinux on Embedded SystemsLinux in Cloud IDEConclusion

Gathering System InformationWorking with Users and ProcessesGathering File InformationWorking with Files and DirectoriesWorking with Redirection and PipesWorking with Time and DatesWorking with GitSystem Performance

Content preview from Learning Modern Linux

Chapter 8. Observability

You need visibility into what’s going on across the stack—from the kernel to user-facing parts. Often, you get that visibility by knowing the right tool for the task.

This chapter is all about gathering and using different signals that Linux and its applications generate so that you can make informed decisions. For example, you’ll see how you can do the following:

Figure out how much memory a process consumes
Understand how soon you will run out of disk space
Get an alert on custom events for security reasons

To establish a common vocabulary, we’ll first review different signal types you might come across, such as system or application logs, metrics, and process traces. We’ll also have a look at how to go about troubleshooting and measuring performance. Next, we’ll focus on logs specifically, reviewing different options and semantics. Then, we’ll cover monitoring for different resource types, such as CPU cycles, memory, or I/O traffic. We’ll review different tools that you can use and show certain end-to-end setup you may wish to adopt.

You’ll learn that observability is often reactionary. That is, something crashes or runs slowly, and you start looking at processes and their CPU or memory usage, or dig into the logs. But there are also times when observability has more of an investigative nature—for example, when you want to figure out how long certain algorithms take. Last but not least, you can use predictive (rather than reactive) observability. ...