概要
dockerの確認・調査用のコマンドで個人的に使用頻度の高いものを記載します。 dockerコマンドラインツールを使用して実行中のdockerdサーバーと通信して確認します。
dockerバージョン表示
$ docker version Client: Version: 18.06.1-ce API version: 1.38 Go version: go1.10.3 Git commit: e68fc7a Built: Tue Aug 21 17:24:51 2018 OS/Arch: linux/amd64 Experimental: false Server: Engine: Version: 18.06.1-ce API version: 1.38 (minimum version 1.12) Go version: go1.10.3 Git commit: e68fc7a Built: Tue Aug 21 17:23:15 2018 OS/Arch: linux/amd64 Experimental: false
サーバー情報
$ docker info Containers: 8 Running: 1 Paused: 0 Stopped: 7 Images: 14 Server Version: 18.06.1-ce Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 468a545b9edcd5932818eb9de8e72413e616e86e runc version: 69663f0bd4b60df09991c08812a60108003fa340 init version: fec3683 Security Options: apparmor seccomp Profile: default Kernel Version: 4.15.0-36-generic Operating System: Ubuntu 18.04.1 LTS OSType: linux Architecture: x86_64 CPUs: 4 Total Memory: 7.79GiB Name: LesPaul ID: MM6F:PY7P:GJFI:EB2I:W6GC:KXYL:BA26:VPIK:5RL6:DFNL:2TR4:HBAL Docker Root Dir: /var/lib/docker Debug Mode (client): false Debug Mode (server): false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false WARNING: No swap limit support
デフォルトルートディレクトリの変更
$ sudo dockerd -H unix:///var/run/docker.sock -H tcp://0.0.0.0:2375 --data-root="/data/docker"
ダウンロードイメージのアップデート
$ docker pull ubuntu:latest
latest: Pulling from library/ubuntu
Digest: sha256:29934af957c53004d7fb6340139880d23fb1952505a15d69a03af0d1418878cb
Status: Image is up to date for ubuntu:latest
コンテナ検査(inspect)
$ docker run -d -t ubuntu /bin/bash 730820315a547d84fd79e28b462f076f877a5e79e5cd3b4035534c3541acdb76
確認:
$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 730820315a54 ubuntu "/bin/bash" 45 hours ago Up 45 hours stupefied_shockley 97708850dc56 ubuntu "/bin/bash" 46 hours ago Up 46 hours nostalgic_kirch
$ docker inspect 730820315a54 [ { "Id": "730820315a547d84fd79e28b462f076f877a5e79e5cd3b4035534c3541acdb76", "Created": "2018-11-15T12:04:37.698492154Z", "Path": "/bin/bash", "Args": [], "State": { "Status": "running", "Running": true, "Paused": false, "Restarting": false, "OOMKilled": false, "Dead": false, "Pid": 29586, "ExitCode": 0, "Error": "", "StartedAt": "2018-11-15T12:04:38.344451823Z", "FinishedAt": "0001-01-01T00:00:00Z" }, "Image": "sha256:ea4c82dcd15a33e3e9c4c37050def20476856a08e59526fbe533cc4e98387e39", ~中略~ "Config": { "Hostname": "730820315a54", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "Tty": true, "OpenStdin": false, "StdinOnce": false, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], "Cmd": [ "/bin/bash" ], "Image": "ubuntu", "Volumes": null, "WorkingDir": "", "Entrypoint": null, "OnBuild": null, "Labels": {} }, ~中略~ } } } } ]
シェル探索
$ docker run -it ubuntu:18.04 /bin/bash
# ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 11:47 pts/0 00:00:00 /bin/bash root 13 1 0 11:48 pts/0 00:00:00 ps -ef
結果の返却
$ docker run ubuntu:18.04 /bin/false $ echo $? 1
$ docker run ubuntu:18.04 /bin/true $ echo $? 0
$ docker run ubuntu:18.04 /bin/cat /etc/passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin proxy:x:13:13:proxy:/bin:/usr/sbin/nologin www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin backup:x:34:34:backup:/var/backups:/usr/sbin/nologin list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin _apt:x:100:65534::/nonexistent:/usr/sbin/nologin $ docker run ubuntu:18.04 /bin/cat /etc/passwd | wc -l 19
実行中のコンテナの内部への移動
docker exec
$ docker exec -it 730820315a54 /bin/bash root@730820315a54:/#
root@730820315a54:/# ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 09:44 pts/0 00:00:00 /bin/bash root 11 0 0 09:44 pts/1 00:00:00 /bin/bash root 22 11 0 09:45 pts/1 00:00:00 ps -ef
docker volume
$ docker volume ls DRIVER VOLUME NAME $ docker run -d -v /tmp:/tmp ubuntu:latest sleep 120 cfbeed6191af203f1bad901fda27bd7c093c774bff7282b521bfa0acbcbeaea0 $ docker volume ls DRIVER VOLUME NAME $ docker volume create my-data my-data $ docker volume ls DRIVER VOLUME NAME local my-data
$ docker volume inspect my-data [ { "CreatedAt": "2018-11-19T17:00:49+09:00", "Driver": "local", "Labels": {}, "Mountpoint": "/var/lib/docker/volumes/my-data/_data", "Name": "my-data", "Options": {}, "Scope": "local" } ]
実行例:データボリュームが接続されたコンテナを起動
$ docker run --rm --mount source=my-data,target=/app ubuntu:latest touch /app/my-persistent-data $ docker run --rm --mount source=my-data,target=/app fedora:latest ls -lFa /app/my-persistent-data Unable to find image 'fedora:latest' locally latest: Pulling from library/fedora d0483bd5a554: Pull complete Digest: sha256:4a861283a7f0a8ce3d19b42f4c0a10d7012a4d12f785149d82a0800cdb4498b0 Status: Downloaded newer image for fedora:latest -rw-r--r-- 1 root root 0 Nov 19 08:06 /app/my-persistent-data $ docker volume rm my-data my-data
ロギング
docker logs
$ docker logs d5f634b16bcb 2018/11/19 08:35:46 start server 2018/11/19 08:37:15 received request
※実際のファイル:/var/lib/docker/containers/<container_id>/<container_id>
$ docker logs -f d5f634b16bcb 2018/11/19 08:35:46 start server 2018/11/19 08:37:15 received request
監視
Container Stats
$ docker stats d5f634b16bcb
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
d5f634b16bcb thirsty_kare 0.00% 12.12MiB / 7.79GiB 0.15% 4.28kB / 487B 132MB / 16.4kB 14
1.コンテナID 2.現在消費しているCPUの量 3.使用されているメモリーの量/使用が許可されている最大量 4.ネットワークとブロックI/O量 5.コンテナ内のアクティブプロセス数
$ docker run -d ubuntu:latest sleep 1000 284b97c08fb3a0e9b6f8900054256a24f1cdfd6155bd0b8e7b01b8ea75aff783 $ curl --unix-socket /var/run/docker.sock http://v1/containers/284b97c08fb3/stats {"read":"2018-11-19T08:57:05.812544097Z","preread":"0001-01-01T00:00:00Z","pids_stats":{"current":1},"blkio_stats":{"io_service_bytes_recursive":[],"io_serviced_recursive":[],"io_queue_recursive":[],"io_service_time_recursive":[],"io_wait_time_recursive":[],"io_merged_recursive":[],"io_time_recursive":[],"sectors_recursive":[]},"num_procs":0,"storage_stats":{},"cpu_stats":{"cpu_usage":{"total_usage":24482204,"percpu_usage":[19427452,2792948,800769,1461035],"usage_in_kernelmode":0,"usage_in_usermode":10000000},"system_cpu_usage":1359099900000000,"online_cpus":4,"throttling_data":{"periods":0,"throttled_periods":0,"throttled_time":0}},"precpu_stats":{"cpu_usage":{"total_usage":0,"usage_in_kernelmode":0,"usage_in_usermode":0},"throttling_data":{"periods":0,"throttled_periods":0,"throttled_time":0}},"memory_stats":{"usage":716800,"max_usage":2973696,"stats":{"active_anon":81920,"active_file":0,"cache":0,"dirty":0,"hierarchical_memory_limit":9223372036854771712,"hierarchical_memsw_limit":0,"inactive_anon":0,"inactive_file":0,"mapped_file":0,"pgfault":747,"pgmajfault":0,"pgpgin":536,"pgpgout":516,"rss":81920,"rss_huge":0,"total_active_anon":81920,"total_active_file":0,"total_cache":0,"total_dirty":0,"total_inactive_anon":0,"total_inactive_file":0,"total_mapped_file":0,"total_pgfault":747,"total_pgmajfault":0,"total_pgpgin":536,"total_pgpgout":516,"total_rss":81920,"total_rss_huge":0,"total_unevictable":0,"total_writeback":0,"unevictable":0,"writeback":0},"limit":8363970560},"name":"/brave_meninsky","id":"284b97c08fb3a0e9b6f8900054256a24f1cdfd6155bd0b8e7b01b8ea75aff783","networks":{"eth0":{"rx_bytes":3164,"rx_packets":27,"rx_errors":0,"rx_dropped":0,"tx_bytes":0,"tx_packets":0,"tx_errors":0,"tx_dropped":0}}} $ curl --unix-socket /var/run/docker.sock http://v1/containers/284b97c08fb3/stats | head -1 % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 3587 0 3587 0 0 1311 0 --:--:-- 0:00:02 --:--:-- 1310{"read":"2018-11-19T08:57:28.840273747Z","preread":"0001-01-01T00:00:00Z","pids_stats":{"current":1},"blkio_stats":{"io_service_bytes_recursive":[],"io_serviced_recursive":[],"io_queue_recursive":[],"io_service_time_recursive":[],"io_wait_time_recursive":[],"io_merged_recursive":[],"io_time_recursive":[],"sectors_recursive":[]},"num_procs":0,"storage_stats":{},"cpu_stats":{"cpu_usage":{"total_usage":24482204,"percpu_usage":[19427452,2792948,800769,1461035],"usage_in_kernelmode":0,"usage_in_usermode":10000000},"system_cpu_usage":1359191960000000,"online_cpus":4,"throttling_data":{"periods":0,"throttled_periods":0,"throttled_time":0}},"precpu_stats":{"cpu_usage":{"total_usage":0,"usage_in_kernelmode":0,"usage_in_usermode":0},"throttling_data":{"periods":0,"throttled_periods":0,"throttled_time":0}},"memory_stats":{"usage":716800,"max_usage":2973696,"stats":{"active_anon":81920,"active_file":0,"cache":0,"dirty":0,"hierarchical_memory_limit":9223372036854771712,"hierarchical_memsw_limit":0,"inactive_anon":0,"inactive_file":0,"mapped_file":0,"pgfault":747,"pgmajfault":0,"pgpgin":536,"pgpgout":516,"rss":81920,"rss_huge":0,"total_active_anon":81920,"total_active_file":0,"total_cache":0,"total_dirty":0,"total_inactive_anon":0,"total_inactive_file":0,"total_mapped_file":0,"total_pgfault":747,"total_pgmajfault":0,"total_pgpgin":536,"total_pgpgout":516,"total_rss":81920,"total_rss_huge":0,"total_unevictable":0,"total_writeback":0,"unevictable":0,"writeback":0},"limit":8363970560},"name":"/brave_meninsky","id":"284b97c08fb3a0e9b6f8900054256a24f1cdfd6155bd0b8e7b01b8ea75aff783","networks":{"eth0":{"rx_bytes":3164,"rx_packets":27,"rx_errors":0,"rx_dropped":0,"tx_bytes":0,"tx_packets":0,"tx_errors":0,"tx_dropped":0}}} 100 7299 0 7299 0 0 1539 0 --:--:-- 0:00:04 --:--:-- 1389 $ curl --unix-socket /var/run/docker.sock http://v1/containers/284b97c08fb3/stats | head -1 | python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 4818 0 4818 0 0 852 0 --:--:-- 0:00:05 --:--:-- 802{ "blkio_stats": { "io_merged_recursive": null, "io_queue_recursive": null, "io_service_bytes_recursive": null, "io_service_time_recursive": null, "io_serviced_recursive": null, "io_time_recursive": null, "io_wait_time_recursive": null, "sectors_recursive": null }, "cpu_stats": { "cpu_usage": { "total_usage": 0, "usage_in_kernelmode": 0, "usage_in_usermode": 0 }, "throttling_data": { "periods": 0, "throttled_periods": 0, "throttled_time": 0 } }, "id": "284b97c08fb3a0e9b6f8900054256a24f1cdfd6155bd0b8e7b01b8ea75aff783", "memory_stats": {}, "name": "/brave_meninsky", "num_procs": 0, "pids_stats": {}, "precpu_stats": { "cpu_usage": { "total_usage": 0, "usage_in_kernelmode": 0, "usage_in_usermode": 0 }, "throttling_data": { "periods": 0, "throttled_periods": 0, "throttled_time": 0 } }, "preread": "0001-01-01T00:00:00Z", "read": "0001-01-01T00:00:00Z", "storage_stats": {} } 100 8030 0 8030 0 0 753 0 --:--:-- 0:00:10 --:--:-- 641
Container Health Checks
$ git clone https://github.com/spkane/rocketchat-hubot-demo.git --config core.autocrlf=input Cloning into 'rocketchat-hubot-demo'... remote: Enumerating objects: 55, done. remote: Total 55 (delta 0), reused 0 (delta 0), pack-reused 55 Unpacking objects: 100% (55/55), done. $ cd rocketchat-hubot-demo/mongodb/docker/ $ cat Dockerfile $ cat Dockerfile FROM mongo:3.2 COPY docker-healthcheck /usr/local/bin/ HEALTHCHECK CMD ["docker-healthcheck"] $ docker build -t mongo-with-check:3.2 . Sending build context to Docker daemon 3.072kB Step 1/3 : FROM mongo:3.2 3.2: Pulling from library/mongo a92a4af0fb9c: Pull complete 74a2c7f3849e: Pull complete 927b52ab29bb: Pull complete e941def14025: Pull complete be6fce289e32: Pull complete f6d82baac946: Pull complete 7c1a640b9ded: Pull complete e8b2fc34c941: Pull complete 1fd822faa46a: Pull complete 61ba5f01559c: Pull complete db344da27f9a: Pull complete Digest: sha256:9e09fe9e747fb0ee1e64b572818e7397eb9a73e36a2b08bcc7846e9acf0a587f Status: Downloaded newer image for mongo:3.2 ---> fb885d89ea5c Step 2/3 : COPY docker-healthcheck /usr/local/bin/ ---> 40c436c49eec Step 3/3 : HEALTHCHECK CMD ["docker-healthcheck"] ---> Running in acb06d91d9e1 Removing intermediate container acb06d91d9e1 ---> b161409d6d18 Successfully built b161409d6d18 Successfully tagged mongo-with-check:3.2 $ docker run -d --name mongo-hc mongo-with-check:3.2 24ca8fb920d1237857a5220d8b922c28e8ac7d32990f1c2cd1ff8e162de4c8f0 $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 24ca8fb920d1 mongo-with-check:3.2 "docker-entrypoint.s…" 5 seconds ago Up 4 seconds (health: starting) 27017/tcp mongo-hc $ docker inspect --format='{{.State.Health.Status}}' mongo-hc healthy $ docker inspect --format='{{json .State.Health}}' mongo-hc | jq { "Status": "healthy", "FailingStreak": 0, "Log": [ { "Start": "2018-11-19T18:38:10.568268914+09:00", "End": "2018-11-19T18:38:10.672093343+09:00", "ExitCode": 0, "Output": "" }, { "Start": "2018-11-19T18:38:40.681042069+09:00", "End": "2018-11-19T18:38:40.782822109+09:00", "ExitCode": 0, "Output": "" }, { "Start": "2018-11-19T18:39:10.794405801+09:00", "End": "2018-11-19T18:39:10.905436868+09:00", "ExitCode": 0, "Output": "" }, { "Start": "2018-11-19T18:39:40.910895434+09:00", "End": "2018-11-19T18:39:41.05814446+09:00", "ExitCode": 0, "Output": "" }, { "Start": "2018-11-19T18:40:11.065240784+09:00", "End": "2018-11-19T18:40:11.21599411+09:00", "ExitCode": 0, "Output": "" } ] }
Docker Events
$ docker events 2018-11-19T18:42:11.609036458+09:00 container exec_create: docker-healthcheck 24ca8fb920d1237857a5220d8b922c28e8ac7d32990f1c2cd1ff8e162de4c8f0 (execID=356baf9618115e96bb54e6bfc6dfb2c8dc28745d204c6d6f4e1bd73a10467fd2, image=mongo-with-check:3.2, name=mongo-hc) 2018-11-19T18:42:11.609062958+09:00 container exec_start: docker-healthcheck 24ca8fb920d1237857a5220d8b922c28e8ac7d32990f1c2cd1ff8e162de4c8f0 (execID=356baf9618115e96bb54e6bfc6dfb2c8dc28745d204c6d6f4e1bd73a10467fd2, image=mongo-with-check:3.2, name=mongo-hc) 2018-11-19T18:42:11.720761098+09:00 container exec_die 24ca8fb920d1237857a5220d8b922c28e8ac7d32990f1c2cd1ff8e162de4c8f0 (execID=356baf9618115e96bb54e6bfc6dfb2c8dc28745d204c6d6f4e1bd73a10467fd2, exitCode=0, image=mongo-with-check:3.2, name=mongo-hc)
cAdvisor
$ docker run \ > --volume=/:/rootfs:ro \ > --volume=/var/run:/var/run:rw \ > --volume=/sys:/sys:ro \ > --volume=/var/lib/docker/:/var/lib/docker:ro \ > --publish=8080:8080 \ > --detach=true \ > --name=cadvisor \ > google/cadvisor:latest Unable to find image 'google/cadvisor:latest' locally latest: Pulling from google/cadvisor ab7e51e37a18: Pull complete a2dc2f1bce51: Pull complete 3b017de60d4f: Pull complete Digest: sha256:9e347affc725efd3bfe95aa69362cf833aa810f84e6cb9eed1cb65c35216632a Status: Downloaded newer image for google/cadvisor:latest e2328bcfaab99d5cfdfab1bb8390383caa2567083836e0e1a32b0a5659d4dbb1
※RHELおよびCentOSベースのシステムでは、 -volume=/cgroup:/cgroup を追加する
$ curl http://localhost:8080/api/v1.3/containers { "name": "/", "subcontainers": [ { "name": "/docker" }, { "name": "/system.slice" }, { "name": "/user.slice" } ], "spec": { "creation_time": "2018-11-19T09:45:55.679934352Z", "has_cpu": true, "cpu": { "limit": 1024, "max_limit": 0, "mask": "0-3", "period": 100000 }, "has_memory": true, "memory": { "limit": 8363970560, "reservation": 9223372036854772000, "swap_limit": 2147479552 }, "has_network": true, "has_filesystem": true, "has_diskio": true, "has_custom_metrics": false }, "stats": [ { "timestamp": "2018-11-19T09:55:08.743405373Z", "cpu": { "usage": { "total": 2008975589679, "per_cpu_usage": [ 471245263829, 537839462302, 495495643785, 504395219763 ], "user": 943780000000, "system": 451650000000 }, "cfs": { "periods": 0, "throttled_periods": 0, "throttled_time": 0 }, "load_average": 0 }, "diskio": { "io_service_bytes": [ { "device": "/dev/sda", "major": 8, "minor": 0, "stats": { "Async": 5165035520, "Read": 1631372288, "Sync": 2492670976, "Total": 7657706496, "Write": 6026334208 } }, ~中略~ "memory": { "usage": 4857798656, "max_usage": 5272961024, "cache": 69480448, "rss": 1495089152, "swap": 0, "working_set": 2873171968, "failcnt": 0, "container_data": { "pgfault": 247767, "pgmajfault": 131 }, "hierarchical_data": { "pgfault": 247767, "pgmajfault": 131 } }, "network": { "name": "enp0s3", "rx_bytes": 503207018, "rx_packets": 361607, "rx_errors": 0, "rx_dropped": 0, "tx_bytes": 7569563, "tx_packets": 107966, "tx_errors": 0, "tx_dropped": 0, "interfaces": [ { "name": "enp0s3", "rx_bytes": 503207018, "rx_packets": 361607, "rx_errors": 0, "rx_dropped": 0, "tx_bytes": 7569563, "tx_packets": 107966, "tx_errors": 0, "tx_dropped": 0 }, { "name": "br-0e7abd3f4d7b", "rx_bytes": 0, "rx_packets": 0, "rx_errors": 0, "rx_dropped": 0, "tx_bytes": 0, "tx_packets": 0, "tx_errors": 0, "tx_dropped": 0 } ], "tcp": { "Established": 0, "SynSent": 0, "SynRecv": 0, "FinWait1": 0, "FinWait2": 0, "TimeWait": 0, "Close": 0, "CloseWait": 0, "LastAck": 0, "Listen": 0, "Closing": 0 }, ~中略~ ], "task_stats": { "nr_sleeping": 0, "nr_running": 0, "nr_stopped": 0, "nr_uninterruptible": 0, "nr_io_wait": 0 } }, { "timestamp": "2018-11-19T09:55:10.682078016Z", "cpu": { "nr_uninterruptible": 0, "nr_io_wait": 0 } } ] }