You are not logged in.
Hi!
I have been trying to speed up the boot of my newly installed arch laptop, by installing e4rat, following this guide. I have however run into some trouble, no startup.log is being created and the troubleshooting tips didn't help.
I have the exact same issue as in this old thread.
I set it up with grub, in the /etc/default/grub file, like so:
GRUB_CMDLINE_LINUX_DEFAULT="kernel /vmlinuz-linux root=/dev/disk/by-label/ARCH init=/sbin/e4rat-lite-collect ro 5 quiet"
Just like in the old thread I get these messages on boot:
Cannot open audit socket
Cannot disable audit socket
Cannot disable current pid
In the old thread there was no actual solution, that is why I am raising the issue again. They talked a bit about re-compiling the kernel with some audit settings, but I would like to avoid having to re-compile the kernel if possible. Any other solutions to this? Need any other logs/info?
Any help is appreciated, thanks!
Last edited by LnX_Archer (2017-09-28 12:24:29)
Offline
Did you read the note on the wiki?
https://wiki.archlinux.org/index.php/E4rat#Installation
Offline
Probably you will need audit=1 to add to your kernel parameters.
Does this help?
Offline
Did you read the note on the wiki?
https://wiki.archlinux.org/index.php/E4rat#Installation
Aww, man. That really needs to be more attention grabbing. My bad. I'll try that and get back to you.
Last edited by LnX_Archer (2017-09-13 21:35:17)
Offline
Well, now I have rebuilt the kernel
I started by installing asp and using:
$ ASPROOT=. asp checkout linux
so I got the kernel, renamed it in PKGBUILD:
pkgbase=linux-audit
Then I compiled it with config.x86_64:
...
CONFIG_POSIX_MQUEUE_SYSCTL=y
CONFIG_CROSS_MEMORY_ATTACH=y
CONFIG_FHANDLE=y
# CONFIG_USELIB is not set
CONFIG_AUDIT=y
CONFIG_AUDITSYSCALL=y
CONFIG_HAVE_ARCH_AUDITSYSCALL=y
...
Then I pulled down audit:
$ ASPROOT=. asp checkout linux
and added staticlibs to the PKGBUILD options:
...
makedepends=('libldap' 'swig' 'linux-headers' 'python' 'python2')
license=('GPL')
options=('emptydirs' 'staticlibs')
backup=(
etc/libaudit.conf
...
and compiled audit.
Then I installed the kernel with:
$ sudo pacman -U linux-audit-headers-4.12.12-1-x86_64.pkg.tar.xz
$ sudo pacman -U linux-audit-4.12.12-1-x86_64.pkg.tar.xz
and audit with:
sudo pacman -U audit-2.7.6-2-x86_64.pkg.tar.xz
Then I edited my /etc/default/grub to:
...
GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="Arch"
GRUB_CMDLINE_LINUX_DEFAULT="kernel /vmlinuz-linux-audit root=/dev/disk/by-label/ARCH init=/sbin/e4rat-lite-collect audit=1"
GRUB_CMDLINE_LINUX=""
GRUB_FORCE_HIDDEN_MENU="true"
...
and ran
sudo grub-mkconfig -o /boot/grub/grub.cfg
I then rebooted and still got the same errors as before:
$ sudo dmesg | grep audit
[ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-linux-lts root=UUID=176e2a47-6e84-4da0-bdd2-310c3b27ac8a rw kernel /vmlinuz-linux-audit root=/dev/disk/by-label/ARCH init=/sbin/e4rat-lite-collect audit=1
[ 0.000000] Kernel command line: BOOT_IMAGE=/vmlinuz-linux-lts root=UUID=176e2a47-6e84-4da0-bdd2-310c3b27ac8a rw kernel /vmlinuz-linux-audit root=/dev/disk/by-label/ARCH init=/sbin/e4rat-lite-collect audit=1
[ 5.071161] [Logging] Cannot open audit socket
[ 5.071329] [Logging] Cannot disable audit socket
What am I missing or doing wrong? My first time re-compiling the kernel and what not, so might be something trivial.
Any help is appriciated, thanks!
Last edited by LnX_Archer (2017-09-13 21:35:36)
Offline
PROGRESS!!
After spending some time reading anything I could find on this, I came to the conclusion that I had done the kernel and audit compilations correctly. So it seemed that the grub set up must be off. Since I couldn't find anymore info on how to set it up, other than what I already had, I decided to install the grub customizer. Best decision ever. Input the settings and rebooted. Now the right kernel is used and auditd service is running properly.
The only thing left now is that the startup.log isn't being created by e4rat.
Even with verbosity and loglevel set to 31 in the config file, the only warning I get is when ending the collection:
$ dmesg | grep e4rat
[ 201.835197] [Logging] Cannot read pid from file /dev/.e4rat-lite-collect.pid: No such file or directory
It seems to me that the e4rat-lite-collect process is never run, since there is no pid and nothing gets written to the startup.log. I have even changed the location to /var/log/e4rat-lite/startup.log (from /var/lib/e4rat-lite/startup.log) and "pre-created" the startup.log file.
Still nothing gets written to it. I have tried all the solutions in the startup.log is not created section, but nothing has helped.
For reference, here is my kernel params:
root=/dev/disk/by-label/ARCH init=/sbin/e4rat-lite-collect
and my e4rat-lite.config:
; e4rat-lite configuration file
[Global]
; Verbosity
verbose=31
; Loglevel
loglevel=31
; Path to the main initialization process
init_file=/usr/lib/systemd/systemd
; Default location for the boot log
startup_log_file=/var/log/e4rat-lite/startup.log
; ------------------
[Collect]
; Collect files only on ext4 devices [true/false]
ext4_only=false
; Ignore opened files (already running processes) [true/false]
exclude_open_files=false
; Time (in seconds) to wait before finalizing the collect
timeout=120
; ------------------
[Realloc]
; Defragmentation method [auto/pa/tld/locality_group]
defrag_mode=auto
Offline
Some more information uncovered. This Gentoo thread seems to indicate that you also need to set up the initramfs properly or use a kernel without initramfs to get e4rat working.
Also asked my own question on gentoo to get some more info on this. Seems that the initramfs is my issue, since I have not made any config with the initramfs at all.
Unless someone here has some other information on this? Since the e4rat wikipage has no mention of initramfs at all.
If the initramfs indeed has to be configured for e4rat, then the e4rat wikipage needs to be updated with this information, since there is no mention of initramfs on the page and the standard arch kernel comes with initramfs.
Thoughts?
Any help is appreciated, thanks.
Offline
I don't know how or why, but did it all from scratch again, compiled the kernel, installed e4rat, changed commandline arguments and it works. Or it runs, but it actually makes my boot time slower, will make a new thread on this though. Marking as solved.
Last edited by LnX_Archer (2017-09-28 12:58:45)
Offline
Is drive IO actually a limiting factor in your boot?
Have you run through all of the other recomendations on https://wiki.archlinux.org/index.php/Im … ot_process
Offline
I used e4rat{,-lite} on and off a while back. At one point it did speed up boot time, but I think it was with the systemd changeover that I found e4rat was actually *slowing down* boot (to a small but measurable degree).
Systemd is very good at parallelizing and prioritizing various startup processes. E4rat can actually interfere with this as it essentially forces everyting to be read from the disk into memory right away. Systemd seems to take the strategically lazy approach of reading data only when it is needed. The end result is (for me) that systemd without e4rat is better able to prioritize and stagger the reads so the disk IO isn't a limiting factor while e4rat assume IO will be a limiting factor and does it all once but nothing else can really run in parallel until it's done.
Signficant caveate, I am using an SSD, and HDD might be a different story. But really if with e4rat is slower that withouth, perhaps nothing is wrong and it can be taken at face value: the e4rat approach is not optimal for your hardware and configuration: ditch it.
EDIT: the above point having an SSDs is incorrect. I'm using SSDs now, but when I was using e4rat it was on an HDD, and when I found it was no longer useful was still on an HDD. I don't think e4rat would make any sense at all on an SSD.
Last edited by Trilby (2017-09-28 13:44:42)
"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" - Richard Stallman
Offline
Is drive IO actually a limiting factor in your boot?
Have you run through all of the other recomendations on https://wiki.archlinux.org/index.php/Im … ot_process
Don't know, too new to this to know how to even find out. I felt it took way too long to boot and open chrome, since it was slower than my previous windows 10 install, so I googled a bit and found e4rat to be a simple enough solution.
However, maybe we should move this to my new thread, to stay on topic.
I used e4rat{,-lite} on and off a while back. At one point it did speed up boot time, but I think it was with the systemd changeover that I found e4rat was actually *slowing down* boot (to a small but measurable degree).
Systemd is very good at parallelizing and prioritizing various startup processes. E4rat can actually interfere with this as it essentially forces everyting to be read from the disk into memory right away. Systemd seems to take the strategically lazy approach of reading data only when it is needed. The end result is (for me) that systemd without e4rat is better able to prioritize and stagger the reads so the disk IO isn't a limiting factor while e4rat assume IO will be a limiting factor and does it all once but nothing else can really run in parallel until it's done.
Signficant caveate, I am using an SSD, and HDD might be a different story. But really if with e4rat is slower that withouth, perhaps nothing is wrong and it can be taken at face value: the e4rat approach is not optimal for your hardware and configuration: ditch it.
Yeah, that is probably true. However, when my arch install boots slower than my previous windows 10 install, I feel that something can be done. If e4rat doesn't help, what could?
I'll answer in my new thread as well, as to not take this one too off topic.
Offline