概要
dockerの確認・調査用のコマンドで個人的に使用頻度の高いものを記載します。
dockerコマンドラインツールを使用して実行中のdockerdサーバーと通信して確認します。
dockerバージョン表示
$ docker version
Client:
Version: 18.06.1-ce
API version: 1.38
Go version: go1.10.3
Git commit: e68fc7a
Built: Tue Aug 21 17:24:51 2018
OS/Arch: linux/amd64
Experimental: false
Server:
Engine:
Version: 18.06.1-ce
API version: 1.38 (minimum version 1.12)
Go version: go1.10.3
Git commit: e68fc7a
Built: Tue Aug 21 17:23:15 2018
OS/Arch: linux/amd64
Experimental: false
サーバー情報
$ docker info
Containers: 8
Running: 1
Paused: 0
Stopped: 7
Images: 14
Server Version: 18.06.1-ce
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 468a545b9edcd5932818eb9de8e72413e616e86e
runc version: 69663f0bd4b60df09991c08812a60108003fa340
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.15.0-36-generic
Operating System: Ubuntu 18.04.1 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.79GiB
Name: LesPaul
ID: MM6F:PY7P:GJFI:EB2I:W6GC:KXYL:BA26:VPIK:5RL6:DFNL:2TR4:HBAL
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
デフォルトルートディレクトリの変更
$ sudo dockerd -H unix:///var/run/docker.sock -H tcp://0.0.0.0:2375 --data-root="/data/docker"
ダウンロードイメージのアップデート
$ docker pull ubuntu:latest
latest: Pulling from library/ubuntu
Digest: sha256:29934af957c53004d7fb6340139880d23fb1952505a15d69a03af0d1418878cb
Status: Image is up to date for ubuntu:latest
コンテナ検査(inspect)
$ docker run -d -t ubuntu /bin/bash
730820315a547d84fd79e28b462f076f877a5e79e5cd3b4035534c3541acdb76
確認:
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
730820315a54 ubuntu "/bin/bash" 45 hours ago Up 45 hours stupefied_shockley
97708850dc56 ubuntu "/bin/bash" 46 hours ago Up 46 hours nostalgic_kirch
$ docker inspect 730820315a54
[
{
"Id": "730820315a547d84fd79e28b462f076f877a5e79e5cd3b4035534c3541acdb76",
"Created": "2018-11-15T12:04:37.698492154Z",
"Path": "/bin/bash",
"Args": [],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 29586,
"ExitCode": 0,
"Error": "",
"StartedAt": "2018-11-15T12:04:38.344451823Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:ea4c82dcd15a33e3e9c4c37050def20476856a08e59526fbe533cc4e98387e39",
~中略~
"Config": {
"Hostname": "730820315a54",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": true,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/bash"
],
"Image": "ubuntu",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
~中略~
}
}
}
}
]
シェル探索
$ docker run -it ubuntu:18.04 /bin/bash
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 11:47 pts/0 00:00:00 /bin/bash
root 13 1 0 11:48 pts/0 00:00:00 ps -ef
結果の返却
$ docker run ubuntu:18.04 /bin/false
$ echo $?
1
$ docker run ubuntu:18.04 /bin/true
$ echo $?
0
$ docker run ubuntu:18.04 /bin/cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/usr/sbin/nologin
$ docker run ubuntu:18.04 /bin/cat /etc/passwd | wc -l
19
実行中のコンテナの内部への移動
docker exec
$ docker exec -it 730820315a54 /bin/bash
root@730820315a54:/#
root@730820315a54:/# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 09:44 pts/0 00:00:00 /bin/bash
root 11 0 0 09:44 pts/1 00:00:00 /bin/bash
root 22 11 0 09:45 pts/1 00:00:00 ps -ef
docker volume
$ docker volume ls
DRIVER VOLUME NAME
$ docker run -d -v /tmp:/tmp ubuntu:latest sleep 120
cfbeed6191af203f1bad901fda27bd7c093c774bff7282b521bfa0acbcbeaea0
$ docker volume ls
DRIVER VOLUME NAME
$ docker volume create my-data
my-data
$ docker volume ls
DRIVER VOLUME NAME
local my-data
$ docker volume inspect my-data
[
{
"CreatedAt": "2018-11-19T17:00:49+09:00",
"Driver": "local",
"Labels": {},
"Mountpoint": "/var/lib/docker/volumes/my-data/_data",
"Name": "my-data",
"Options": {},
"Scope": "local"
}
]
実行例:データボリュームが接続されたコンテナを起動
$ docker run --rm --mount source=my-data,target=/app ubuntu:latest touch /app/my-persistent-data
$ docker run --rm --mount source=my-data,target=/app fedora:latest ls -lFa /app/my-persistent-data
Unable to find image 'fedora:latest' locally
latest: Pulling from library/fedora
d0483bd5a554: Pull complete
Digest: sha256:4a861283a7f0a8ce3d19b42f4c0a10d7012a4d12f785149d82a0800cdb4498b0
Status: Downloaded newer image for fedora:latest
-rw-r--r-- 1 root root 0 Nov 19 08:06 /app/my-persistent-data
$ docker volume rm my-data
my-data
ロギング
docker logs
$ docker logs d5f634b16bcb
2018/11/19 08:35:46 start server
2018/11/19 08:37:15 received request
※実際のファイル:/var/lib/docker/containers/<container_id>/<container_id>
$ docker logs -f d5f634b16bcb
2018/11/19 08:35:46 start server
2018/11/19 08:37:15 received request
監視
Container Stats
$ docker stats d5f634b16bcb
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
d5f634b16bcb thirsty_kare 0.00% 12.12MiB / 7.79GiB 0.15% 4.28kB / 487B 132MB / 16.4kB 14
1.コンテナID
2.現在消費しているCPUの量
3.使用されているメモリーの量/使用が許可されている最大量
4.ネットワークとブロックI/O量
5.コンテナ内のアクティブプロセス数
$ docker run -d ubuntu:latest sleep 1000
284b97c08fb3a0e9b6f8900054256a24f1cdfd6155bd0b8e7b01b8ea75aff783
$ curl --unix-socket /var/run/docker.sock http://v1/containers/284b97c08fb3/stats
{"read":"2018-11-19T08:57:05.812544097Z","preread":"0001-01-01T00:00:00Z","pids_stats":{"current":1},"blkio_stats":{"io_service_bytes_recursive":[],"io_serviced_recursive":[],"io_queue_recursive":[],"io_service_time_recursive":[],"io_wait_time_recursive":[],"io_merged_recursive":[],"io_time_recursive":[],"sectors_recursive":[]},"num_procs":0,"storage_stats":{},"cpu_stats":{"cpu_usage":{"total_usage":24482204,"percpu_usage":[19427452,2792948,800769,1461035],"usage_in_kernelmode":0,"usage_in_usermode":10000000},"system_cpu_usage":1359099900000000,"online_cpus":4,"throttling_data":{"periods":0,"throttled_periods":0,"throttled_time":0}},"precpu_stats":{"cpu_usage":{"total_usage":0,"usage_in_kernelmode":0,"usage_in_usermode":0},"throttling_data":{"periods":0,"throttled_periods":0,"throttled_time":0}},"memory_stats":{"usage":716800,"max_usage":2973696,"stats":{"active_anon":81920,"active_file":0,"cache":0,"dirty":0,"hierarchical_memory_limit":9223372036854771712,"hierarchical_memsw_limit":0,"inactive_anon":0,"inactive_file":0,"mapped_file":0,"pgfault":747,"pgmajfault":0,"pgpgin":536,"pgpgout":516,"rss":81920,"rss_huge":0,"total_active_anon":81920,"total_active_file":0,"total_cache":0,"total_dirty":0,"total_inactive_anon":0,"total_inactive_file":0,"total_mapped_file":0,"total_pgfault":747,"total_pgmajfault":0,"total_pgpgin":536,"total_pgpgout":516,"total_rss":81920,"total_rss_huge":0,"total_unevictable":0,"total_writeback":0,"unevictable":0,"writeback":0},"limit":8363970560},"name":"/brave_meninsky","id":"284b97c08fb3a0e9b6f8900054256a24f1cdfd6155bd0b8e7b01b8ea75aff783","networks":{"eth0":{"rx_bytes":3164,"rx_packets":27,"rx_errors":0,"rx_dropped":0,"tx_bytes":0,"tx_packets":0,"tx_errors":0,"tx_dropped":0}}}
$ curl --unix-socket /var/run/docker.sock http://v1/containers/284b97c08fb3/stats | head -1
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 3587 0 3587 0 0 1311 0 --:--:-- 0:00:02 --:--:-- 1310{"read":"2018-11-19T08:57:28.840273747Z","preread":"0001-01-01T00:00:00Z","pids_stats":{"current":1},"blkio_stats":{"io_service_bytes_recursive":[],"io_serviced_recursive":[],"io_queue_recursive":[],"io_service_time_recursive":[],"io_wait_time_recursive":[],"io_merged_recursive":[],"io_time_recursive":[],"sectors_recursive":[]},"num_procs":0,"storage_stats":{},"cpu_stats":{"cpu_usage":{"total_usage":24482204,"percpu_usage":[19427452,2792948,800769,1461035],"usage_in_kernelmode":0,"usage_in_usermode":10000000},"system_cpu_usage":1359191960000000,"online_cpus":4,"throttling_data":{"periods":0,"throttled_periods":0,"throttled_time":0}},"precpu_stats":{"cpu_usage":{"total_usage":0,"usage_in_kernelmode":0,"usage_in_usermode":0},"throttling_data":{"periods":0,"throttled_periods":0,"throttled_time":0}},"memory_stats":{"usage":716800,"max_usage":2973696,"stats":{"active_anon":81920,"active_file":0,"cache":0,"dirty":0,"hierarchical_memory_limit":9223372036854771712,"hierarchical_memsw_limit":0,"inactive_anon":0,"inactive_file":0,"mapped_file":0,"pgfault":747,"pgmajfault":0,"pgpgin":536,"pgpgout":516,"rss":81920,"rss_huge":0,"total_active_anon":81920,"total_active_file":0,"total_cache":0,"total_dirty":0,"total_inactive_anon":0,"total_inactive_file":0,"total_mapped_file":0,"total_pgfault":747,"total_pgmajfault":0,"total_pgpgin":536,"total_pgpgout":516,"total_rss":81920,"total_rss_huge":0,"total_unevictable":0,"total_writeback":0,"unevictable":0,"writeback":0},"limit":8363970560},"name":"/brave_meninsky","id":"284b97c08fb3a0e9b6f8900054256a24f1cdfd6155bd0b8e7b01b8ea75aff783","networks":{"eth0":{"rx_bytes":3164,"rx_packets":27,"rx_errors":0,"rx_dropped":0,"tx_bytes":0,"tx_packets":0,"tx_errors":0,"tx_dropped":0}}}
100 7299 0 7299 0 0 1539 0 --:--:-- 0:00:04 --:--:-- 1389
$ curl --unix-socket /var/run/docker.sock http://v1/containers/284b97c08fb3/stats | head -1 | python -m json.tool
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 4818 0 4818 0 0 852 0 --:--:-- 0:00:05 --:--:-- 802{
"blkio_stats": {
"io_merged_recursive": null,
"io_queue_recursive": null,
"io_service_bytes_recursive": null,
"io_service_time_recursive": null,
"io_serviced_recursive": null,
"io_time_recursive": null,
"io_wait_time_recursive": null,
"sectors_recursive": null
},
"cpu_stats": {
"cpu_usage": {
"total_usage": 0,
"usage_in_kernelmode": 0,
"usage_in_usermode": 0
},
"throttling_data": {
"periods": 0,
"throttled_periods": 0,
"throttled_time": 0
}
},
"id": "284b97c08fb3a0e9b6f8900054256a24f1cdfd6155bd0b8e7b01b8ea75aff783",
"memory_stats": {},
"name": "/brave_meninsky",
"num_procs": 0,
"pids_stats": {},
"precpu_stats": {
"cpu_usage": {
"total_usage": 0,
"usage_in_kernelmode": 0,
"usage_in_usermode": 0
},
"throttling_data": {
"periods": 0,
"throttled_periods": 0,
"throttled_time": 0
}
},
"preread": "0001-01-01T00:00:00Z",
"read": "0001-01-01T00:00:00Z",
"storage_stats": {}
}
100 8030 0 8030 0 0 753 0 --:--:-- 0:00:10 --:--:-- 641
Container Health Checks
$ git clone https://github.com/spkane/rocketchat-hubot-demo.git --config core.autocrlf=input
Cloning into 'rocketchat-hubot-demo'...
remote: Enumerating objects: 55, done.
remote: Total 55 (delta 0), reused 0 (delta 0), pack-reused 55
Unpacking objects: 100% (55/55), done.
$ cd rocketchat-hubot-demo/mongodb/docker/
$ cat Dockerfile
$ cat Dockerfile
FROM mongo:3.2
COPY docker-healthcheck /usr/local/bin/
HEALTHCHECK CMD ["docker-healthcheck"]
$ docker build -t mongo-with-check:3.2 .
Sending build context to Docker daemon 3.072kB
Step 1/3 : FROM mongo:3.2
3.2: Pulling from library/mongo
a92a4af0fb9c: Pull complete
74a2c7f3849e: Pull complete
927b52ab29bb: Pull complete
e941def14025: Pull complete
be6fce289e32: Pull complete
f6d82baac946: Pull complete
7c1a640b9ded: Pull complete
e8b2fc34c941: Pull complete
1fd822faa46a: Pull complete
61ba5f01559c: Pull complete
db344da27f9a: Pull complete
Digest: sha256:9e09fe9e747fb0ee1e64b572818e7397eb9a73e36a2b08bcc7846e9acf0a587f
Status: Downloaded newer image for mongo:3.2
---> fb885d89ea5c
Step 2/3 : COPY docker-healthcheck /usr/local/bin/
---> 40c436c49eec
Step 3/3 : HEALTHCHECK CMD ["docker-healthcheck"]
---> Running in acb06d91d9e1
Removing intermediate container acb06d91d9e1
---> b161409d6d18
Successfully built b161409d6d18
Successfully tagged mongo-with-check:3.2
$ docker run -d --name mongo-hc mongo-with-check:3.2
24ca8fb920d1237857a5220d8b922c28e8ac7d32990f1c2cd1ff8e162de4c8f0
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24ca8fb920d1 mongo-with-check:3.2 "docker-entrypoint.s…" 5 seconds ago Up 4 seconds (health: starting) 27017/tcp mongo-hc
$ docker inspect --format='{{.State.Health.Status}}' mongo-hc
healthy
$ docker inspect --format='{{json .State.Health}}' mongo-hc | jq
{
"Status": "healthy",
"FailingStreak": 0,
"Log": [
{
"Start": "2018-11-19T18:38:10.568268914+09:00",
"End": "2018-11-19T18:38:10.672093343+09:00",
"ExitCode": 0,
"Output": ""
},
{
"Start": "2018-11-19T18:38:40.681042069+09:00",
"End": "2018-11-19T18:38:40.782822109+09:00",
"ExitCode": 0,
"Output": ""
},
{
"Start": "2018-11-19T18:39:10.794405801+09:00",
"End": "2018-11-19T18:39:10.905436868+09:00",
"ExitCode": 0,
"Output": ""
},
{
"Start": "2018-11-19T18:39:40.910895434+09:00",
"End": "2018-11-19T18:39:41.05814446+09:00",
"ExitCode": 0,
"Output": ""
},
{
"Start": "2018-11-19T18:40:11.065240784+09:00",
"End": "2018-11-19T18:40:11.21599411+09:00",
"ExitCode": 0,
"Output": ""
}
]
}
Docker Events
$ docker events
2018-11-19T18:42:11.609036458+09:00 container exec_create: docker-healthcheck 24ca8fb920d1237857a5220d8b922c28e8ac7d32990f1c2cd1ff8e162de4c8f0 (execID=356baf9618115e96bb54e6bfc6dfb2c8dc28745d204c6d6f4e1bd73a10467fd2, image=mongo-with-check:3.2, name=mongo-hc)
2018-11-19T18:42:11.609062958+09:00 container exec_start: docker-healthcheck 24ca8fb920d1237857a5220d8b922c28e8ac7d32990f1c2cd1ff8e162de4c8f0 (execID=356baf9618115e96bb54e6bfc6dfb2c8dc28745d204c6d6f4e1bd73a10467fd2, image=mongo-with-check:3.2, name=mongo-hc)
2018-11-19T18:42:11.720761098+09:00 container exec_die 24ca8fb920d1237857a5220d8b922c28e8ac7d32990f1c2cd1ff8e162de4c8f0 (execID=356baf9618115e96bb54e6bfc6dfb2c8dc28745d204c6d6f4e1bd73a10467fd2, exitCode=0, image=mongo-with-check:3.2, name=mongo-hc)
cAdvisor
$ docker run \
> --volume=/:/rootfs:ro \
> --volume=/var/run:/var/run:rw \
> --volume=/sys:/sys:ro \
> --volume=/var/lib/docker/:/var/lib/docker:ro \
> --publish=8080:8080 \
> --detach=true \
> --name=cadvisor \
> google/cadvisor:latest
Unable to find image 'google/cadvisor:latest' locally
latest: Pulling from google/cadvisor
ab7e51e37a18: Pull complete
a2dc2f1bce51: Pull complete
3b017de60d4f: Pull complete
Digest: sha256:9e347affc725efd3bfe95aa69362cf833aa810f84e6cb9eed1cb65c35216632a
Status: Downloaded newer image for google/cadvisor:latest
e2328bcfaab99d5cfdfab1bb8390383caa2567083836e0e1a32b0a5659d4dbb1
※RHELおよびCentOSベースのシステムでは、 -volume=/cgroup:/cgroup を追加する
$ curl http://localhost:8080/api/v1.3/containers
{
"name": "/",
"subcontainers": [
{
"name": "/docker"
},
{
"name": "/system.slice"
},
{
"name": "/user.slice"
}
],
"spec": {
"creation_time": "2018-11-19T09:45:55.679934352Z",
"has_cpu": true,
"cpu": {
"limit": 1024,
"max_limit": 0,
"mask": "0-3",
"period": 100000
},
"has_memory": true,
"memory": {
"limit": 8363970560,
"reservation": 9223372036854772000,
"swap_limit": 2147479552
},
"has_network": true,
"has_filesystem": true,
"has_diskio": true,
"has_custom_metrics": false
},
"stats": [
{
"timestamp": "2018-11-19T09:55:08.743405373Z",
"cpu": {
"usage": {
"total": 2008975589679,
"per_cpu_usage": [
471245263829,
537839462302,
495495643785,
504395219763
],
"user": 943780000000,
"system": 451650000000
},
"cfs": {
"periods": 0,
"throttled_periods": 0,
"throttled_time": 0
},
"load_average": 0
},
"diskio": {
"io_service_bytes": [
{
"device": "/dev/sda",
"major": 8,
"minor": 0,
"stats": {
"Async": 5165035520,
"Read": 1631372288,
"Sync": 2492670976,
"Total": 7657706496,
"Write": 6026334208
}
},
~中略~
"memory": {
"usage": 4857798656,
"max_usage": 5272961024,
"cache": 69480448,
"rss": 1495089152,
"swap": 0,
"working_set": 2873171968,
"failcnt": 0,
"container_data": {
"pgfault": 247767,
"pgmajfault": 131
},
"hierarchical_data": {
"pgfault": 247767,
"pgmajfault": 131
}
},
"network": {
"name": "enp0s3",
"rx_bytes": 503207018,
"rx_packets": 361607,
"rx_errors": 0,
"rx_dropped": 0,
"tx_bytes": 7569563,
"tx_packets": 107966,
"tx_errors": 0,
"tx_dropped": 0,
"interfaces": [
{
"name": "enp0s3",
"rx_bytes": 503207018,
"rx_packets": 361607,
"rx_errors": 0,
"rx_dropped": 0,
"tx_bytes": 7569563,
"tx_packets": 107966,
"tx_errors": 0,
"tx_dropped": 0
},
{
"name": "br-0e7abd3f4d7b",
"rx_bytes": 0,
"rx_packets": 0,
"rx_errors": 0,
"rx_dropped": 0,
"tx_bytes": 0,
"tx_packets": 0,
"tx_errors": 0,
"tx_dropped": 0
}
],
"tcp": {
"Established": 0,
"SynSent": 0,
"SynRecv": 0,
"FinWait1": 0,
"FinWait2": 0,
"TimeWait": 0,
"Close": 0,
"CloseWait": 0,
"LastAck": 0,
"Listen": 0,
"Closing": 0
},
~中略~
],
"task_stats": {
"nr_sleeping": 0,
"nr_running": 0,
"nr_stopped": 0,
"nr_uninterruptible": 0,
"nr_io_wait": 0
}
},
{
"timestamp": "2018-11-19T09:55:10.682078016Z",
"cpu": {
"nr_uninterruptible": 0,
"nr_io_wait": 0
}
}
]
}