System Administration Troubleshooting

Running out of Memory

Ram: the data being used, such as 2 + 2 = 4, the 2 + 2 process is stored in RAM
SWAP: a 100g hard disk, express 4G, is sent out to SWAP. It can be used when there is not enough Memory. Its function is the same as that of stand by
Cache: the cache is used in conjunction with the CPU. It stores frequently used data

top
The top program provides a dynamic real-time view of a running system. It can display system summary information as well as a list of processes

[root@localhost ~]# top

top - 18:07:51 up 49 min,  1 user,  load average: 0.00, 0.00, 0.00
Tasks: 115 total,   2 running, 113 sleeping,   0 stopped,   0 zombie
%Cpu(s):  0.0 us,  0.0 sy,  0.0 ni, 99.7 id,  0.0 wa,  0.3 hi,  0.0 si,  0.0 st
MiB Mem :    809.3 total,    409.1 free,    173.4 used,    226.8 buff/cache
MiB Swap:    820.0 total,    820.0 free,      0.0 used.    511.1 avail Mem 

    PID USER      PR  NI    VIRT    RES    SHR S  %CPU  %MEM     TIME+ COMMAND 
   1678 root      20   0   65416   4764   3984 R   0.3   0.6   0:00.18 top     
      1 root      20   0  186296  14160   9576 S   0.0   1.7   0:02.66 systemd 
      2 root      20   0       0      0      0 S   0.0   0.0   0:00.00 kthreadd
      3 root       0 -20       0      0      0 I   0.0   0.0   0:00.00 rcu_gp  
      4 root       0 -20       0      0      0 I   0.0   0.0  

Zombie process: the parent process has stopped, but the child process has not stopped

1. top can find PID ps -ef | grep pid
2. Then kill or systemctl
3. Add memory

Add / Extend Swap Space

1. When SWAP is not enough, you can divide the size of other disk s and give them to SWAP
   dd if=/dev/zero of=/newswap bs=1M count=1024

[root@localhost ~]# dd if=/dev/zero of=/newswap bs=1M count=1024
1024+0 records in
1024+0 records out
1073741824 bytes (1.1 GB, 1.0 GiB) copied, 3.44541 s, 312 MB/s

1. Execute ls -ltr in / and add a newswap. chmod so that this file can only be rw by its own
2. Now this file is just a space. Let it be added to SWAP mkswap /newswap
3. However, there is no change when querying free -m, because newswap has not been enabled
4. Query after swap on / newswap

[root@localhost /]# free -m
              total        used        free      shared  buff/cache   available
Mem:            809         170          51          10         587         514
Swap:          1843           0        1843

1. At the same time, you need to modify / etc/fstab synchronously

/newswap                swap                    swap    defaults        0 0

Delete Swap space

[root@localhost /]# swapoff /newswap 
[root@localhost /]# rm /newswap 
rm: remove regular file '/newswap'? yes
[root@localhost /]# free -m
              total        used        free      shared  buff/cache   available
Mem:            809         170         463          10         175         515
Swap:           819           0         819

summary

1. Divide the available zone dd if=/dev/zero of=filename bs=xxx count=xxx
2. chmod
3. mkswap makes this file a swap type
4. Mount swapon
5. Uninstall is swapoff

System Reboot or Process Restart

A kernel is like a main program which actually communicates between the shell and the hardware what to do with the commands.
For example if you type "Apple", Kernel takes it and print it on the screen.

• The possibility of System Reboot and Process Restart
• How to do Troubleshooting Steps

• The possibility of System Reboot and Process Restart
• How to do Troubleshooting Steps
• Several important commands

1. top
2. uptime can tell when to reboot
3. dmesg | grep -i error can query the error reporting record (kernel panic)
   Dmesg is used to display the contents of the kernel ring buffer. During system boot, the kernel will write information about hardware and drivers to this buffer. This content is very useful when we are diagnosing system problems. The contents of the kernel buffer are also written in the / var/log/dmesg file.
4. jounalctl | grep -i error is used to view the log content of the kernel issue
5. iostat -xz 1 is used to check the disk performance disk issue. If the data is very high, it is likely to be a disk issue

[root@localhost /]# iostat -xz 1
Linux 4.18.0-301.1.el8.x86_64 (localhost.localdomain) 	09/12/2021 	_x86_64(1 CPU)

avg-cpu:  %user   %nice %system %iowait  %steal   %idle
           0.11    0.02    0.56    0.05    0.00   99.25

Device            r/s     w/s     rkB/s     wkB/s   rrqm/s   wrqm/s  %rrqm  %wrqm r_await w_await aqu-sz rareq-sz wareq-sz  svctm  %util
sda              0.84    0.30     32.90     90.59     0.03     0.24   2.95  44.39    1.61    5.33   0.00    39.16   297.43   1.56   0.18
scd0             0.00    0.00      0.00      0.00     0.00     0.00   0.00   0.00    0.22    0.00   0.00     0.17     0.00   0.67   0.00
dm-0             0.63    0.29     29.32     89.71     0.00     0.00   0.00   0.00    2.08    4.91   0.00    46.91   307.56   1.79   0.16
dm-1             0.05    0.21      0.36      0.85     0.00     0.00   0.00   0.00    0.54    6.78   0.00     6.73     4.00   0.12   0.00

1. You can also directly enter the file to view vim /var/log/messages

Unable to get IP address

• IP: Internet Protocol —> communicate from one device to another
• The difference between ifup and ifconfig: the former has not only IP address, but also subnet mask and gateway. The latter has only IP address

IP Assigned but not Reachable

netstat -rnv to view the gateway

[root@localhost /]# netstat -rnv
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG        0 0          0 enp0s3
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 enp0s3

Ping the gateway to see if there is a configuration problem

[root@localhost /]# ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=74.0 ms
64 bytes from 192.168.0.1: icmp_seq=2 ttl=64 time=3.88 ms
64 bytes from 192.168.0.1: icmp_seq=3 ttl=64 time=23.3 ms

Trouble using vi editor

commands could not be used

rpm -qa | grep telnet can query whether this installation package is available
where is pwd to query where the library is

Cannot Change Password

• /etc/shadow file is used to store the password information of users in Linux system, also known as "shadow file".
• The / etc/passwd file was introduced earlier. Since the file allows all users to read, it is easy to cause user password disclosure. Therefore, the Linux system separates the user's password information from the / etc/passwd file and puts it separately in this file.
  /Only the root user has read permission for the etc/shadow file, and other users do not have any permission, which ensures the security of the user password.
  
  it's fine too

1. vim /etc/passwd add user
2. pwconv makes the new password in vim effective
3. grep user /etc/passwd or grep user /etc/shadow will display the results
4. passwd user will let you enter the setup password
5. If the contents in / etc/shadow are deleted at this time, the user cannot log in again
6. You need to reset passwd user, reset the password, and then write shadow

User has no home directory

Host doesn't find
ssh-keyscan -H 192.168.1.163 ~/.ssh/known_hosts

How to kill a process or terminal

How to Recover Root Password

After restarting the virtual machine, press e to enter the editing mode: there is a ro at the end of the fourth line, indicating read only. Now it needs to be modified

1. Modify ro to rw init=/sysroot/bin/sh, and then ctr x enters Edit
2. chroot sysroot change root to system root
3. passwd root change the password of root
4. Enter a new password
5. touch /.autorelabel * * * note that if this step is missing, it will login incorrect. It is very important
6. reboot after exit

List fo users Log in by date

The last command can view the login status of users
scripts:

echo "please enter day"
read d
echo

echo "Please enter month"
read m
echo

`last | grep "$d,$m"`

today=date|awk '{print $1,$2,$3}'

last | grep "$today"

Rollback Updates and Patches

• virtual machine --> snapshot
•