[Freeswitch-users] FS priority
Stanislav Sinyagin
ssinyagin at gmail.com
Sun Sep 6 13:59:58 MSD 2015
Looks like another jira ticket is needed for Debian packaging.
On Sep 6, 2015 6:16 AM, "Anthony Minessale" <anthony.minessale at gmail.com>
wrote:
> It's because FS changes the scheduler and enables some realtime threads
> when it can. If you have multiple cpu np and rp are the same. FS always
> needs root privs to change the platform parameters and nice level etc. The
> scheduler change is not possible if the shell is an unpriveledged user nor
> are a bunch of other things unless you carefully allowed them somehow as
> root before the shell started. So basically that is all expected
> behavior.
>
>
>
>
> On Saturday, September 5, 2015, Bote Man <bote_radio at botecomm.com> wrote:
>
>> Sorry, I did not use the utility named ‘runas’ I simply labeled the
>> column that way and was trying to conserve character space in the header to
>> get it to fit in a reasonable space.
>>
>>
>>
>> Anyway, thanks to your post and some research I just changed my FS unit
>> file to start FS as user root, but specified –u freeswitch –g freeswitch on
>> the command line to FS, and changed the
>> WorkingDirectory=/usr/local/freeswitch/bin (it had been set to ‘run’) and
>> it’s doing the Right Thing, so that is what I will go with. I vaguely
>> remember that FS can (should) start as root, then drops privileges to what
>> is specified on the command line, so it looks like it is doing exactly that.
>>
>>
>>
>> ‘top’ shows FS running as real and effective user ‘freeswitch’ with
>> Priority=-2 and Nice=-10 so I am a happy camper.
>>
>>
>>
>> If nobody on the FS core development team has any objection to this
>> approach I will update the Confluence page for the systemd unit file for
>> building from MASTER. The Debian packages have their own file locations.
>>
>>
>>
>>
>> https://freeswitch.org/confluence/display/FREESWITCH/FreeSWITCH+1.6+Video#FreeSWITCH1.6Video-systemd
>>
>>
>>
>> Any security concerns doing this?
>>
>>
>>
>> Thanks!
>>
>>
>>
>> Bote
>>
>>
>>
>>
>>
>>
>>
>> *From:* Shaun Stokes
>> *Sent:* Saturday, 05 September, 2015 03:18
>> *Subject:* Re: [Freeswitch-users] FS priority
>>
>>
>>
>> Are you using FreeSwitch to specify the user to runas or is this being
>> done by systemd?
>>
>>
>>
>> In FreeSwitch you use the -u argument to specify the user and the -g
>> argument to specify the group, if you do this then I assume running the
>> service as root should be ok providing you've given FreeSwitch an
>> alternative user and group (in our environment we use the same for user and
>> group).
>>
>>
>>
>> Thanks,
>>
>> Shaun
>>
>>
>> ------------------------------
>>
>> *From:* Bote Man
>> *Sent:* 05 September 2015 04:28
>> *Subject:* Re: [Freeswitch-users] FS priority
>>
>> I'm not sure how much nice level matters compared to scheduler priority.
>> I ran a series of tests to find out what Priority and Nice level are
>> reported by the 'top' utility.
>>
>> I ran the first 6 tests by using systemd to start FreeSWITCH, 3 times as
>> user root with each of the FS priority flags, then 3 times as user
>> freeswitch with each of the FS flags. Then I repeated that block of tests
>> from the command line, 3 flags as root, 3 flags as freeswitch. You won't
>> believe what happened next!
>>
>> systemd starting FreeSWITCH as 'RUNAS' user with 'FLAG' command line
>> priority flags to FS results in top showing priority 'PRI', nice level
>> 'NICE' on a month-old install of Debian 8 on a bare metal Dell R320 server.
>>
>> RUNAS FLAG PRI NICE
>> root -rp -2 -10
>> root -np 39 19
>> root -lp 39 19
>>
>> fs -rp -2 19
>> fs -np 39 19
>> fs -lp 39 19
>>
>> Run as root from command line
>> root -rp -2 -10
>> root -np 20 0
>> root -lp 39 19
>>
>> Run as su=freeswitch from command line
>> fs -rp 20 0
>> fs -np 20 0
>> fs -lp 39 19
>>
>> Most processes show Priority of 20 so I assume that is considered
>> "normal".
>>
>> So it looks like the only way to get truly higher priority for a process
>> is to run it as root, which I expected. Once the scheduler priority is at
>> -2 (higher priority) I don't know whether the nice level even matters.
>>
>> For now, the systemd unit file that I posted on Confluence runs as the
>> freeswitch user so even with the -rp flag to FreeSWITCH it gets niced down
>> to 19 which is the lowest level available for nice. Does this matter?
>>
>> Is there a serious security concern running FreeSWITCH as root?
>>
>> Thanks.
>>
>> Bote
>>
>>
>>
>> On Fri, Sep 4, 2015 at 3:38 PM, Bote Man <bote_radio at botecomm.com> wrote:
>>
>> Thanks for that. I was under the impression that systemd was throwing
>> FreeSWITCH into the generic scheduling group and starving it of resources
>> as a result, but when I manually ran ./freeswitch as root it still showed
>> the same values.
>>
>> Running FS manually with -np yielded pri=20 nice=0 and System Monitor
>> reports priority "normal"
>>
>> Running FS manually with -rp yielded pri=-2 nice=-10 and System Monitor
>> reports priority "very high", same results as when FS was started without
>> any priority switch on the command line.
>>
>> BUT! When I start FS with systemd it maintains priority=-2 but nice all
>> the way down to 19 which is why System Monitor reports "very low". This
>> happens even with the -rp switch specified in the unit file.
>>
>> I don't know how scheduling priority and nice level interact on Debian,
>> but it looks like I have a new research project for this weekend, assuming
>> this is truly something to be concerned about. Or is it?
>>
>> Thanks for the tips. I will report my findings to the list if I discover
>> anything substantive.
>>
>> Bote
>>
>>
>>
>>
>>
>>
>> On Fri, Sep 4, 2015 at 2:02 PM, Shaun Stokes <
>> shaun.stokes at itec-support.co.uk> wrote:
>>
>> Hi Bote,
>>
>>
>>
>> I believe priority works in a similar way to metric (i.e. lower comes
>> first), so -20 (most favorable scheduling) to +19 (least favorable
>> scheduling).
>>
>>
>>
>> -rp -- enable high(realtime) priority settings
>>
>> -lp -- enable low priority settings
>>
>> -np -- enable normal priority settings (system default)
>>
>> Source: https://wiki.freeswitch.org/wiki/Command_line
>>
>>
>>
>> Hope this helps.
>>
>>
>>
>> Thanks,
>>
>> Shaun
>> ------------------------------
>>
>> *From:* freeswitch-users-bounces at lists.freeswitch.org [
>> freeswitch-users-bounces at lists.freeswitch.org] on behalf of Bote Man [
>> bote_radio at botecomm.com]
>> *Sent:* 04 September 2015 15:54
>> *To:* FreeSWITCH Users Help
>> *Subject:* [Freeswitch-users] FS priority
>>
>> I’m trying to set the priority on a new FreeSWITCH installation built
>> from master on Debian 8 running on bare metal. It is currently running at
>> “very low” priority according to Resource Monitor in the GUI and ‘top’
>> reports FS is running at priority = -2 (that’s negative two) and nice = 19
>>
>> So with the way FreeSWITCH is now launched by systemd is it considered a
>> service or a user application that is simply run in the background?
>>
>> This affects how systemd treats its control groups and priority and how I
>> will go about troubleshooting this.
>>
>>
>> Thanks.
>>
>>
>>
>> Bote
>>
>>
>>
>>
>
> --
> Anthony Minessale II ♬ @anthmfs ♬ @FreeSWITCH ♬
>
> ☞ http://freeswitch.org/ ☞ http://cluecon.com/ ☞
> http://twitter.com/FreeSWITCH
> ☞ irc.freenode.net #freeswitch ☞ *http://freeswitch.org/g+
> <http://freeswitch.org/g+>*
>
> ClueCon Weekly Development Call
> ☎ sip:888 at conference.freeswitch.org ☎ +19193869900
>
> https://www.youtube.com/watch?v=9XXgW34t40s
> https://www.youtube.com/watch?v=NLaDpGQuZDA
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150906/68b6d127/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list