线上容器有时可能缺少一些软件用于调试容器,本文举例通过nsenter 工具进入容器net namespace,使用宿主机tcpdump工具进行网络抓包演示;
在线上,若容器内缺少命令,而宿主机上又有的,亦可通过下文示例变化进行复用主机上的命令进行故障排查。
[root@gentlewok ~]# docker inspect --format {{.State.Pid}} docker-client
128342
[root@gentlewok ~]# docker exec
-it docker-client /bin/sh
/
# ip addr
1: lo:
<LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
695: eth0@if696:
<BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:11:00:08 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.8/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/
# tcpdump
/bin/sh: tcpdump:
not found # 这里可以发现容器内是没有tcpdump命令
#长ping百度
[root@gentlewok ~]# docker exec
-it docker-client /bin/sh
/
# ping www.baidu.com
PING www.baidu.com (120.232.145.185):
56 data bytes
64 bytes from
120.232.145.185: seq=0 ttl=127 time=12.119 ms
64 bytes from
120.232.145.185: seq=1 ttl=127 time=12.559 ms
64 bytes from
120.232.145.185: seq=2 ttl=127 time=13.323 ms
64 bytes from
120.232.145.185: seq=3 ttl=127 time=14.684 ms
64 bytes from
120.232.145.185: seq=4 ttl=127 time=11.542 ms
64 bytes from
120.232.145.185: seq=5 ttl=127 time=1
[root@gentlewok ~]# nsenter -t 128342
-n #进入gitlab-runner容器net namespace
[root@gentlewok ~]# ip addr # 输出网络信息,显示与上文一致,说明已进入容器网络
1: lo:
<LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
695: eth0@if696:
<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group
default
link/ether 02:42:ac:11:00:08 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.8/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
# 这里tcpdump命令能正常执行
# 是因为没有使用 nsenter -m 参数,所用的是宿主机的文件系统
[root@gentlewok ~]# tcpdump -n
tcpdump: verbose output suppressed,
use
-v or
-vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
09:20:49.230015 IP 120.232.145.185
>
172.17.0.8: ICMP echo reply, id 56, seq 204, length 64
09:20:50.218314 IP 172.17.0.8
>
120.232.145.185: ICMP echo request, id 56, seq 205, length 64
09:20:50.230517 IP 120.232.145.185
>
172.17.0.8: ICMP echo reply, id 56, seq 205, length 64
09:20:51.218796 IP 172.17.0.8
>
120.232.145.185: ICMP echo request, id 56, seq 206, length 64
09:20:51.238122 IP 120.232.145.185
>
172.17.0.8: ICMP echo reply, id 56, seq 206, length 64
09:20:52.219101 IP 172.17.0.8
>
120.232.145.185: ICMP echo request, id 56, seq 207, length 64
09:20:52.232337 IP 120.232.145.185
>
172.17.0.8: ICMP echo reply, id 56, seq 207, length 64
09:20:53.219382 IP 172.17.0.8
>
120.232.145.185: ICMP echo request, id 56, seq 208, length 64
09:20:53.232042 IP 120.232.145.185
>
172.17.0.8: ICMP echo reply, id 56, seq 208, length 64
后面再写一篇cgroup的应用及操作示例。