Description

There is an install via snap here but i am going to build. This solution is specific to CentOS 8 as ive moved over to this OS for now.

History

bpftrace looks similar to the dtrace dynamic tracing framwork from sun microsystems. And like dtrace gives you the power to instrument and troubleshoot executing processes. I used dtrace in the past but ive not touched it in years. Linux took power in the data center, and not surprising sun never returned to fortunes after the dotcom boom. Oracles 2010 takeover of sun didnt change the trend and they let go of the solaris team in 2017.

Its crazy that all the work ive done for the past 8+ years has been 100% linux but with ZFS on linux in production (another sun tech) and now there is a dtrace like tool too (one of the many techs that inspired the developer behind bpftrace). Yeah there is systemtap from RHEL who uses it though? I really expected to see bpftrace in the CentOS 8 repos and its not much help that BCC is even outdated and dev package is missing for now.

The project included steps to build on fedora, this solution used based in part on those steps.

Install

Install prerequisites

dnf install bison flex cmake make git gcc-c++ elfutils-libelf-devel zlib-devel libpfm-devel llvm-static llvm-devel clang-devel systemtap-sdt-devel binutils-devel ncurses-devel bash-completion iperf3

BCC build and install

bcc is old on centos8 and for some reason the dev package does not exist. So we need to build it until thats put right.

curl -L https://github.com/iovisor/bcc/archive/v0.8.0.tar.gz --output bcc.tar.gz
tar xvf bcc.tar.gz
cmake .. && make install -j4 &&   cp src/cc/libbcc.a /usr/local/lib64/libbcc.a &&   cp src/cc/libbcc-loader-static.a /usr/local/lib64/libbcc-loader-static.a &&   cp src/cc/libbpf.a /usr/local/lib64/libbpf.a

Now we can get bpftrace, build and install!

With all the prerequisites installed we can now build and install bpftrace

Get the latest version of bpftrace from github. I built with commit a10479b39fa921f30dc065ab13aede220497a9e6.

git clone https://github.com/iovisor/bpftrace
cd bptrace; mkdir build; cd build; cmake -DCMAKE_BUILD_TYPE=Release ..
cmake -DCMAKE_BUILD_TYPE=Release ..
make -j8
make install

Testing

bpftrace should now be installed to the following location /usr/local/bin/bpftrace. Try the one liner below, it if executes press ctrl+c to exit.

bpftrace -e 'tracepoint:raw_syscalls:sys_enter { @[comm] = count(); }'
CTRL+C

The project has sample one liners and scripts HERE and HERE

Conclusion

This gets bpftrace installed and working on CentOS 8. I genuinely expected Redhat or CentOS / EPEL to include this powerful tool in this major release. Debian has it in the repos right now and ubuntu from their snap repository. Upstream fedora has it too. I guess its too much competition for systemtap!

The goal here was to get bpftrace installed for this environment. I might expand this or do another post in near future but but there are fantastic posts from many people in particular this fella who i remember screamed into disks and traced the latency caused! http://www.brendangregg.com/blog/2018-10-08/dtrace-for-linux-2018.html