Chapter 2. Using SystemTap
This chapter instructs users how to install SystemTap, and provides an introduction on how to run SystemTap scripts.
2.1. Installation and Setup
To deploy SystemTap, SystemTap packages along with the corresponding set of -devel, -debuginfo and -debuginfo-common-arch packages for the kernel need to be installed. To use SystemTap on more than one kernel where a system has multiple kernels installed, install the -devel and -debuginfo packages for each of those kernel versions.
These procedures will be discussed in detail in the following sections.
Important
Many users confuse -debuginfo with -debug packages. Remember that the deployment of SystemTap requires the installation of the -debuginfo package of the kernel, not the -debug version of the kernel.
2.1.1. Installing SystemTap
To deploy SystemTap, install the systemtap and systemtap-runtime packages by running the following command as
root
:
~]#
yum install -y systemtap systemtap-runtime
2.1.2. Installing Required Kernel Information Packages
SystemTap needs information about the kernel in order to place instrumentation in it (probe it). This information, which allows SystemTap to generate the code for the instrumentation, is contained in the matching kernel-devel, kernel-debuginfo, and kernel-debuginfo-common-arch packages (where arch is the hardware platform of your system, which you can determine by running the
uname -m
command).
While the kernel-devel package is available from the default Red Hat Enterprise Linux repository, the kernel-debuginfo and kernel-debuginfo-common-arch packages are available from the
debug
repository.
To install the required packages, enable the
debug
repository for your system:
~]#
subscription-manager repos --enable=rhel-7-variant-debug-rpms
In the above command, replace variant with
server
, workstation
, or client
, depending on the variant of the Red Hat Enterprise Linux system you are using. To determine the variant, you can use the following command:
~]#
cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.2 (Maipo)
The version, variant, and architecture of the kernel-devel, kernel-debuginfo, and kernel-debuginfo-common-arch packages must exactly match the kernel to be probed with SystemTap. To determine what kernel your system is currently running, use:
uname -r
3.10.0-327.el7.x86_64
For example, if you wish to use SystemTap on kernel version
3.10.0-327.4.4.el7
on an AMD64 or Intel 64 machine, then you need to install the following packages:
- kernel-debuginfo-3.10.0-327.4.4.el7.x86_64.rpm
- kernel-debuginfo-common-x86_64-3.10.0-327.4.4.el7.x86_64.rpm
- kernel-devel-3.10.0-327.4.4.el7.x86_64.rpm
To use the
yum
package manager to install the packages required for running SystemTap on the current kernel, execute the following command as root
:
~]#
yum install -y kernel-devel-$(uname -r) \
kernel-debuginfo-$(uname -r) \
kernel-debuginfo-common-$(uname -m)-$(uname -r)
2.1.3. Initial Testing
If the kernel to be probed with SystemTap is currently being used, it is possible to immediately test whether the deployment was successful. If a different kernel is to be probed, reboot and load the appropriate kernel.
To start the test, run the following command:
stap -v -e 'probe vfs.read {printf("read performed\n"); exit()}'
This command simply instructs SystemTap to print
read performed
and then exit properly once a virtual file system read is detected. If the SystemTap deployment was successful, you should get output similar to the following:
Pass 1: parsed user script and 45 library script(s) in 340usr/0sys/358real ms. Pass 2: analyzed script: 1 probe(s), 1 function(s), 0 embed(s), 0 global(s) in 290usr/260sys/568real ms. Pass 3: translated to C into "/tmp/stapiArgLX/stap_e5886fa50499994e6a87aacdc43cd392_399.c" in 490usr/430sys/938real ms. Pass 4: compiled C into "stap_e5886fa50499994e6a87aacdc43cd392_399.ko" in 3310usr/430sys/3714real ms. Pass 5: starting run. read performed Pass 5: run completed in 10usr/40sys/73real ms.
The last three lines of the output (beginning with
Pass 5
) indicate that SystemTap was able to successfully create the instrumentation to probe the kernel, run the instrumentation, detect the event being probed (in this case, a virtual file system read), and execute a valid handler (print text and then close it with no errors).