What service is linux abrtd?

linux abrtd is a daemon that monitors application crashes; when a crash occurs, it will collect the crashed application and take actions based on the type of crash configuration in the abrt.conf config file, located in "/etc /abrt" directory has its configuration "abrt.conf" and so on.

#The operating environment of this tutorial: linux5.9.8 system, Dell G3 computer.

abrtd service is full of system resources?

##Problem Description

There is a process in our development environment that consumes particularly resources. Can you help analyze the reason? This has happened several times before on-site and in the public cloud. Eventually, this process will fill up the machine memory and cause downtime. Now I just discovered this problem at the scene

Solution ideas and methods

The first thing to do when the process is full is to take a look Process name, visual inspection is over, first time seeing

top -pH 48297. Check which thread in the specific process has a problem and find that only one process has no thread

ps Take a look at where the directory of this service is

[root@yq01-kg-section1-bud3 libexec]# ps -ef | grep  abrt-hook-ccpp
root     45733 11797  0 12:18 pts/8    00:00:00 grep --color=auto abrt-hook-ccpp
root     48297     2 99 Nov16 ?        15:42:50 /usr/libexec/abrt-hook-ccpp 11 0 8669 0 0 1605530067 e 8669 8669

No clue! ! I started searching on Baidu and found the following

abrtd

abrtd is a daemon process that monitors application crashes. When a crash occurs, it will collect the crash (core file command line, etc.)application, and take actions based on the type of crash and based on the configuration in the abrt.conf config file. There are various actions for the plug-in: for example, bugzilla reports crashes, transfers the report via ftp or reports or scp. Please check the corresponding plug-in in the manual page.

abrtd: automatically bug report daemon. Automatic bug report daemon
The most painful thing about Linux debugging program is that the program crashes abnormally, but the core file cannot be found, which is very difficult Positioning problem. But with the core file, it is much easier to locate.

Generally, you can set ulimit -c unlimited in the environment variable. But field implementers sometimes forget to set this command. So what to do? It can be achieved by setting up the abrt service of Linux.

Modify the abrt-action-save-package-data.conf file

Modify it to:

vi /etc/abrt/abrt-action-save-package-data.conf

# With this option set to "yes",
# only crashes in signed packages will be analyzed.
# the list of public keys used to check the signature is
# in the file gpg_keys
#
OpenGPGCheck = no


# Blacklisted packages
#
BlackList = nspluginwrapper, valgrind, strace, mono-core


# Process crashes in executables which do not belong to any package?
#
ProcessUnpackaged = yes


# Blacklisted executable paths (shell patterns)
#
BlackListedPaths = /usr/share/doc/, /example*, /usr/bin/nspluginviewer, /usr/lib/xulrunner-*/plugin-container


还可以调整core文件的大小：

[root@xx-host2 abrt]# cat abrt.conf 
# Enable this if you want abrtd to auto-unpack crashdump tarballs which appear
# in this directory (for example, uploaded via ftp, scp etc).
# Note: you must ensure that whatever directory you specify here exists
# and is writable for abrtd. abrtd will not create it automatically.
#
#WatchCrashdumpArchiveDir = /var/spool/abrt-upload


# Max size for crash storage [MiB] or 0 for unlimited
#
MaxCrashReportsSize = 1000


# Specify where you want to store coredumps and all files which are needed for
# reporting. (default:/var/spool/abrt)
#
# Changing dump location could cause problems with SELinux. See man abrt_selinux(8).
#
#DumpLocation = /var/spool/abrt


# If you want to automatically clean the upload directory you have to tweak the
# selinux policy.
#
DeleteUploaded = no

Restart abrtd service: service abrtd restart

If you have a core file, you need to delete it in time. Check the file package through abrt-cli list, and then use abrt-cli rm [file package].

When the program crashes, abrt-hook-ccpp uses too much CPU and the IO is too high, causing the system to be full. Simply deactivate it

systemctl stop abrt-ccpp.service
systemctl disable abrt-ccpp.service
systemctl status abrt-ccpp.service

I checked systemctl status abrt-ccpp.service and found that there is no such service at all

Baidu again

usr/libexec/abrt-hook-ccppWhy does this process keep increasing

Because the ccpp file cannot be created

Need to modify/etc/abrt/abrt-action-save-package- ProcessUnpackaged parameter in data.conf.

Modify the ProcessUnpackaged parameter in /etc/abrt/abrt-action-save-package-data.conf

sed -i 's/ProcessUnpackaged = no/ProcessUnpackaged = yes/g' /etc/abrt/abrt-action-save-package-data.conf&& service abrtd restart

It still doesn’t work after the modification. Check the system log

Nov 17 13:15:15 yq01-kg-section1-bud3 abrtd: Lock file '.lock' is locked by process 48297
Nov 17 13:15:15 yq01-kg-section1-bud3 abrtd: Lock file '.lock' is locked by process 48297
Nov 17 13:15:16 yq01-kg-section1-bud3 abrtd: Lock file '.lock' is locked by process 48297
Nov 17 13:15:16 yq01-kg-section1-bud3 abrtd: Lock file '.lock' is locked by process 48297
Nov 17 13:15:17 yq01-kg-section1-bud3 abrtd: Lock file '.lock' is locked by process 48297
Nov 17 13:15:17 yq01-kg-section1-bud3 systemd: abrtd.service stop-sigterm timed out. Killing.
Nov 17 13:15:17 yq01-kg-section1-bud3 systemd: abrtd.service: main process exited, code=killed, status=9/KILL
Nov 17 13:15:17 yq01-kg-section1-bud3 systemd: Unit abrtd.service entered failed state.
Nov 17 13:15:17 yq01-kg-section1-bud3 systemd: abrtd.service failed.
Nov 17 13:15:17 yq01-kg-section1-bud3 abrtd: Lock file '.lock' is locked by process 48297

It is found that the service is not available Restart, and it shows that it has been locked by this process, and this process is the one that takes up a lot of resources

kill -9 48297

Restart the service

Check the service status

top Take a look at the process again!

Recommended study: "

linux video tutorial"

The above is the detailed content of What service is linux abrtd?. For more information, please follow other related articles on the PHP Chinese website!