因此,在一台非常好的主机上有一些旧的 CentOS 6.x VPS 模板,它们“卡”在 100mb 的 /boot 分区上。不幸的是,由于它是在大约 4 年前产生的,我们的一台服务器属于这一类。除非更改区域以获取具有更多空间的新包/模板,否则无法增加 /boot 的大小。切换区域将是一项艰巨的任务,因为会有新的 IP 和其他架构需要重新执行,所以我们正在寻找替代方案。
我们在该服务器上使用 CloudLinux,因此内核可能比正常情况大一些。无论如何,我们被迫将活动内核数减少到 1,这让我很烦恼,但这就是 /boot 所能容纳的全部。问题是没有足够的空间来安装新版本的内核。
Kernel-debug* 包似乎比标准内核更大。删除这些内核安全吗?如果有旧版本的标准内核(可能)可供启动,调试内核在生产中是否有用?
这是运行 LAMP 的多租户生产 VPS (KVM)。我们不会在其上执行太多服务器端 CLI,主要是 ecom+webapps。如果可以提供某种解决方法,则它具有 kernelcare。
答案1
使用 kernel-debug* 意味着 kernel-debug 和 kernel-debuginfo,因为这两个包之间存在差异
Kernel-debuginfo: Provides a executable image of the kernel with all the debug symbols
Kernel-debug: Enables some debugging code but not have same debug symbols on it
### Excerpt from RedHat Doc ###
The kernel-debug enables the following options on the kernel that are disabled on the default kernel:
CONFIG_DEBUG_SLAB
Makes kernel do limited verification on memory allocation as well as poisoning memory on free to catch use of freed memory. (performance impact mainly on kmalloc / mfree calls).
CONFIG_DEBUG_MUTEXES
Allows mutexes semantics violations to be detected and reported.
CONFIG_DEBUG_RT_MUTEXES
Allows rt mutex semantics violations and rt mutex related deadlocks (lockups) to be detected and reported automatically.
CONFIG_DEBUG_RWSEMS
Allows read-write semaphore semantics violations to be detected and reported.
CONFIG_DEBUG_LOCK_ALLOC
This feature will check whether any held lock (spinlock, rwlock, mutex or rwsem) is incorrectly freed by the kernel, via any of the memory-freeing routines (kfree(), kmem_cache_free(), free_pages(), vfree(), etc), whether a live lock is incorrectly reinitialized via spin_lock_init(),mutex_init(),etc, or whether there is any lock held during task exit.
CONFIG_PROVE_LOCKING
This feature enables the kernel to prove that all locking that occurs in the kernel runtime is mathematically correct: that under no circumstance could an arbitrary (and not yet triggered) combination of observed locking sequences (on an arbitrary number of CPUs, running an arbitrary number of tasks and interrupt contexts) cause a deadlock.
CONFIG_DEBUG_VM
Turn on extended checks in the virtual memory system (performance impact).
CONFIG_DEBUG_SPINLOCK
Built SMP to catch missing spinlock initialization and certain other kinds of spinlock errors commonly made. This is best used in conjunction with the NMI watchdog so that spinlock deadlocks are also debuggable.
CONFIG_DEBUG_SPINLOCK_SLEEP
Various routines which may sleep will become very noisy if they are called with a spinlock held.
CONFIG_LOCK_STAT
Enables tracking lock contention points ( see /usr/share/doc/kernel-doc/Documentation/lockstat.txt ).
CONFIG_XFS_DEBUG
Enable XFS debugging features, including ASSERT checks, function wrappers around macros, and extra sanity-checking functions in various code paths (make a huge and slow code).
现在回到你的问题,删除这些是否安全?
这些包仅用于调试目的,它们可能会导致性能下降..所以,它们是可以安全删除的,只需要在调试期间安装。