SystemTap is a useful instrumentation platform for probing running processes and kernel activity on the Linux system. To execute a probe:
Write SystemTap scripts that specify which system events (e.g. virtual file system reads, packet transmissions) should trigger specified actions (e.g. print, parse, or otherwise manipulate data).
SystemTap translates the script into a C program, which it compiles into a kernel module.
SystemTap loads the kernel module to perform the actual probe.
SystemTap scripts are useful for monitoring system operation and diagnosing system issues with minimal intrusion into the normal operation of the system. You can quickly instrument running system test hypotheses without having to recompile and re-install instrumented code. To compile a SystemTap script that probes kernel-space, SystemTap uses information from three different kernel information packages:
kernel-variant-devel-version
kernel-variant-debuginfo-version
kernel-variant-debuginfo-common-arch-version
The kernel information package in Red Hat Enterprise Linux 6 is now named kernel-variant-debuginfo-common-arch-versionkernel-variant-debuginfo-common-version
These kernel information packages must match the kernel to be probed. In addition, to compile SystemTap scripts for multiple kernels, the kernel information packages of each kernel must also be installed.
An important new feature has been added as of Red Hat Enterprise Linux 6.1: the --remote option. This allows users to build the SystemTap module locally, and then execute it remotely via SSH. The syntax to use this is --remote [USER@]HOSTNAME; set the execution target to the specified SSH host, optionally using a different username. This option may be repeated to target multiple execution targets. Passes 1-4 are completed locally as normal to build the scrip, and then pass 5 copies the module to the target and runs it.
The following sections describe other new SystemTap features available in the Red Hat Enterprise Linux 6 release.
7.4.1. SystemTap Compile Server
SystemTap in Red Hat Enterprise Linux 6 supports a compile server and client deployment. With this setup, the kernel information packages of all client systems in the network are installed on just one compile server host (or a few). When a client system attempts to compile a kernel module from a SystemTap script, it remotely accesses the kernel information it needs from the centralized compile server host.
A properly configured and maintained SystemTap compile server host offers the following benefits:
The system administrator can verify the integrity of kernel information packages before making the packages available to users.
The identity of a compile server can be authenticated using the Secure Socket Layer (SSL). SSL provides an encrypted network connection that prevents eavesdropping or tampering during transmission.
Individual users can run their own servers and authorize them for their own use as trusted.
System administrators can authorize one or more servers on the network as trusted for use by all users.
A server that has not been explicitly authorized is ignored, preventing any server impersonations and similar attacks.
