[Freeswitch-users] FS priority

Bote Man bote_radio at botecomm.com
Sun Sep 6 20:24:47 MSD 2015


I agree IFF my assumptions and results are applicable to package installations. If you have a package installation I would prefer that you verify these results on such an installation since I mostly let my Master build do what it wants. I always build from Master, never use the packages.

 

Do we have to specify the –run runtime directory on the FS command line?

 

Do we have to specify the –temp files directory?

 

Right now the unit file for the package specifies none of those so I don’t know where FS would put its runtime and temp files.

 

By the way, while testing the location of runtime directory for the PID file I noted that FS will create the ./run directory with the proper permissions and owner, then write the PID file in it on its own without systemd doing it. This happened without specifying anything about that on the command line and without the tmpfiles.d entry. 

 

But since the .deb package places files in the FHS locations this would be necessary, so your recent ticket that adds that applies. I omitted that from my Confluence instructions built from Master, FYI.

 

Please let me know how to proceed.

 

Thanks.

 

Bote

 

 

From: Stanislav Sinyagin
Sent: Sunday, 06 September, 2015 06:00
Subject: Re: [Freeswitch-users] FS priority

 

Looks like another jira ticket is needed for Debian packaging.

On Sep 6, 2015 6:16 AM, "Anthony Minessale" <anthony.minessale at gmail.com> wrote:

It's because FS changes the scheduler and enables some realtime threads when it can.  If you have multiple cpu np and rp are the same.  FS always needs root privs to change the platform parameters and nice level etc.  The scheduler change is not possible if the shell is an unpriveledged user nor are a bunch of other things unless you carefully allowed them somehow as root before the shell started.  So basically that is all expected behavior.

 

 



On Saturday, September 5, 2015, Bote Man <bote_radio at botecomm.com> wrote:

Sorry, I did not use the utility named ‘runas’ I simply labeled the column that way and was trying to conserve character space in the header to get it to fit in a reasonable space.

 

Anyway, thanks to your post and some research I just changed my  FS unit file to start FS as user root, but specified –u freeswitch –g freeswitch on the command line to FS, and changed the WorkingDirectory=/usr/local/freeswitch/bin (it had been set to ‘run’) and it’s doing the Right Thing, so that is what I will go with. I vaguely remember that FS can (should) start as root, then drops privileges to what is specified on the command line, so it looks like it is doing exactly that.

 

‘top’ shows FS running as real and effective user ‘freeswitch’ with Priority=-2 and Nice=-10 so I am a happy camper.

 

If nobody on the FS core development team has any objection to this approach I will update the Confluence page for the systemd unit file for building from MASTER. The Debian packages have their own file locations.

 

https://freeswitch.org/confluence/display/FREESWITCH/FreeSWITCH+1.6+Video#FreeSWITCH1.6Video-systemd

 

Any security concerns doing this?

 

Thanks!

 

Bote

 

 

 

From: Shaun Stokes
Sent: Saturday, 05 September, 2015 03:18
Subject: Re: [Freeswitch-users] FS priority

 

Are you using FreeSwitch to specify the user to runas or is this being done by systemd? 

 

In FreeSwitch you use the -u argument to specify the user and the -g argument to specify the group, if you do this then I assume running the service as root should be ok providing you've given FreeSwitch an alternative user and group (in our environment we use the same for user and group).

 

Thanks,

Shaun

 

  _____  

From: Bote Man 
Sent: 05 September 2015 04:28
Subject: Re: [Freeswitch-users] FS priority

I'm not sure how much nice level matters compared to scheduler priority. I ran a series of tests to find out what Priority and Nice level are reported by the 'top' utility.

I ran the first 6 tests by using systemd to start FreeSWITCH, 3 times as user root with each of the FS priority flags, then 3 times as user freeswitch with each of the FS flags. Then I repeated that block of tests from the command line, 3 flags as root, 3 flags as freeswitch. You won't believe what happened next!

systemd starting FreeSWITCH as 'RUNAS' user with 'FLAG' command line priority flags to FS results in top showing priority 'PRI', nice level 'NICE' on a month-old install of Debian 8 on a bare metal Dell R320 server.

RUNAS    FLAG    PRI    NICE
root         -rp         -2      -10
root        -np         39      19
root         -lp         39      19

fs            -rp         -2       19
fs            -np        39      19
fs            -lp         39      19

Run as root from command line
root         -rp         -2     -10
root         -np        20      0
root         -lp         39     19

Run as su=freeswitch from command line
fs            -rp        20      0
fs            -np       20      0
fs            -lp        39     19

Most processes show Priority of 20 so I assume that is considered "normal".

So it looks like the only way to get truly higher priority for a process is to run it as root, which I expected. Once the scheduler priority is at -2 (higher priority) I don't know whether the nice level even matters.

For now, the systemd unit file that I posted on Confluence runs as the freeswitch user so even with the -rp flag to FreeSWITCH it gets niced down to 19 which is the lowest level available for nice. Does this matter?

Is there a serious security concern running FreeSWITCH as root?

Thanks.

Bote

 

On Fri, Sep 4, 2015 at 3:38 PM, Bote Man <bote_radio at botecomm.com> wrote:

Thanks for that. I was under the impression that systemd was throwing FreeSWITCH into the generic scheduling group and starving it of resources as a result, but when I manually ran ./freeswitch as root it still showed the same values.

Running FS manually with -np yielded pri=20 nice=0 and System Monitor reports priority "normal"

Running FS manually with -rp yielded pri=-2 nice=-10 and System Monitor reports priority "very high", same results as when FS was started without any priority switch on the command line.

BUT! When I start FS with systemd it maintains priority=-2 but nice all the way down to 19 which is why System Monitor reports "very low". This happens even with the -rp switch specified in the unit file.

I don't know how scheduling priority and nice level interact on Debian, but it looks like I have a new research project for this weekend, assuming this is truly something to be concerned about. Or is it?

Thanks for the tips. I will report my findings to the list if I discover anything substantive.

Bote





 

On Fri, Sep 4, 2015 at 2:02 PM, Shaun Stokes <shaun.stokes at itec-support.co.uk> wrote:

Hi Bote, 

 

I believe priority works in a similar way to metric (i.e. lower comes first), so -20 (most favorable scheduling) to +19 (least favorable scheduling).

 

-rp                    -- enable high(realtime) priority settings
-lp                    -- enable low priority settings
-np                    -- enable normal priority settings (system default)

Source: https://wiki.freeswitch.org/wiki/Command_line

 

Hope this helps.

 

Thanks,

Shaun


  _____  


From: freeswitch-users-bounces at lists.freeswitch.org [freeswitch-users-bounces at lists.freeswitch.org] on behalf of Bote Man [bote_radio at botecomm.com]
Sent: 04 September 2015 15:54
To: FreeSWITCH Users Help
Subject: [Freeswitch-users] FS priority

I’m trying to set the priority on a new FreeSWITCH installation built from master on Debian 8 running on bare metal. It is currently running at “very low” priority according to Resource Monitor in the GUI and ‘top’ reports FS is running at priority = -2 (that’s negative two) and nice = 19

So with the way FreeSWITCH is now launched by systemd is it considered a service or a user application that is simply run in the background? 

This affects how systemd treats its control groups and priority and how I will go about troubleshooting this.


Thanks.

 

Bote

 



-- 

Anthony Minessale II       ♬ @anthmfs  ♬ @FreeSWITCH  ♬

 

☞ http://freeswitch.org/http://cluecon.com/http://twitter.com/FreeSWITCH

☞ irc.freenode.net #freeswitch ☞ http://freeswitch.org/g+

ClueCon Weekly Development Call 

☎ sip:888 at conference.freeswitch.org <mailto:sip%3A888 at conference.freeswitch.org>   ☎ +19193869900 <tel:%2B19193869900>  

 

 <https://www.youtube.com/watch?v=9XXgW34t40s> https://www.youtube.com/watch?v=9XXgW34t40s

https://www.youtube.com/watch?v=NLaDpGQuZDA



_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150906/7273be30/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list