拉取nginx镜像启动容器
root@php56:/home/tb# docker pull nginx:alpine
root@php56:/home/tb# docker run -t -d --privileged -h nginxtest --name nginx-test -p 8080:80 nginx:alpine
045a04431e9982ddab0c05331057b8571b73fc1b740f04c79f73501c901fa85b`
root@php56:/home/tb# curl http://localhost:8080
查看宿主机8080端口及docker内nginx
进程
root@php56:/home/tb# netstat -anp|grep 8080
tcp6 0 0 :::8080 :::* LISTEN 13893/docker-proxy
root@php56:/home/tb# docker exec nginx-test ps -ef| grep nginx
1 root 0:00 nginx: master process nginx -g daemon off;
6 nginx 0:00 nginx: worker process
root@php56:/home/tb#
方法1:容器内安装apk --update add strace
root@php56:/home/tb# docker exec -uroot -it nginx-test /bin/bash
OCI runtime exec failed: exec failed: container_linux.go:345: starting container process caused "exec: \"/bin/bash\": stat /bin/bash: no such file or directory": unknown
root@php56:/home/tb# docker exec -uroot -it nginx-test sh
/ # ls
bin dev etc home lib media mnt opt proc root run sbin srv sys tmp usr var
/ # apk --update add strace
fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/community/x86_64/APKINDEX.tar.gz
(1/1) Installing strace (4.26-r0)
Executing busybox-1.30.1-r2.trigger
OK: 29 MiB in 38 packages
/ # ps
PID USER TIME COMMAND
1 root 0:00 nginx: master process nginx -g daemon off;
6 nginx 0:00 nginx: worker process
17 root 0:00 sh
43 root 0:00 ps
/ # strace -p 6
strace: Process 6 attached
epoll_pwait(8,
这时候可以curl 8080端口,即可strace到下面数据(顺便说下strace的-T -e -C选项~)
/ # strace -cp 6
strace: Process 6 attached
^Cstrace: Process 6 detached
% time seconds usecs/call calls errors syscall
------ ----------- ----------- --------- --------- ----------------
0.00 0.000000 0 8 write
0.00 0.000000 0 8 open
0.00 0.000000 0 16 close
0.00 0.000000 0 8 stat
0.00 0.000000 0 8 fstat
0.00 0.000000 0 8 writev
0.00 0.000000 0 8 sendfile
0.00 0.000000 0 16 recvfrom
0.00 0.000000 0 8 setsockopt
0.00 0.000000 0 8 epoll_ctl
0.00 0.000000 0 24 epoll_pwait
0.00 0.000000 0 8 accept4
------ ----------- ----------- --------- --------- ----------------
100.00 0.000000 128 total
/ # strace -e writev -p 6
strace: Process 6 attached
writev(3, [{iov_base="HTTP/1.1 200 OK\r\nServer: nginx/1"..., iov_len=238}], 1) = 238
方法2:在宿主机内strace
# 为了看着简洁,我们把本机的nginx先停掉
root@php56:/home/tb# service nginx stop
root@php56:/home/tb# ps -aux |grep nginx
root 13916 0.0 0.3 5940 3508 pts/0 Ss+ 11:19 0:00 nginx: master process nginx -g daemon off;
systemd+ 13960 0.0 0.1 6380 1844 pts/0 S+ 11:19 0:00 nginx: worker process
root 14074 0.0 4.8 270912 49592 pts/0 Sl+ 11:29 0:00 docker exec -uroot -it nginx-test sh
root 15135 0.0 0.0 12948 968 pts/1 S+ 16:26 0:00 grep --color=auto nginx
# 保持和方法一的命令一样,此结果需要另外开一个命令行窗口执行`curl http://localhost:8080`
root@php56:/home/tb# strace -e writev -p 13960
strace: Process 13960 attached
writev(3, [{"HTTP/1.1 200 OK\r\nServer: nginx/1"..., 238}], 1) = 238
方法3:用一个额外容器单独strace
-
先自己构建一个简单的Dockerfile,然后build一个基于alpine的strace命令的镜像。这里为了描述简单,只是将命令固定写为
CMD ["strace","-p","6"]
(因为我们要strace的另一个容器的pid就是为6),后期可以利用compose 将参数动态的传入到cmd命令中。root@php56:/home/tb# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx alpine a624d888d69f 5 weeks ago 21.5MB hyperf/hyperf 7.2-alpine-cli 10763d2393ce 5 months ago 72.7MB root@php56:/home/tb# cat > Dockerfile << EOF > FROM alpine > RUN apk update && apk add strace > CMD ["strace","-p","6"] > EOF root@php56:/home/tb# docker build -t strace . Sending build context to Docker daemon 161.6MB Step 1/3 : FROM alpine latest: Pulling from library/alpine e6b0cf9c0882: Pull complete Digest: sha256:2171658620155679240babee0a7714f6509fae66898db422ad803b951257db78 Status: Downloaded newer image for alpine:latest ---> cc0abc535e36 Step 2/3 : RUN apk update && apk add strace ---> Running in 0c8ab5da7a28 fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/main/x86_64/APKINDEX.tar.gz fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/community/x86_64/APKINDEX.tar.gz v3.11.2-11-gd5cdcefa20 [http://dl-cdn.alpinelinux.org/alpine/v3.11/main] v3.11.2-13-gf1c4a19ed9 [http://dl-cdn.alpinelinux.org/alpine/v3.11/community] OK: 11261 distinct packages available (1/1) Installing strace (5.3-r1) Executing busybox-1.31.1-r8.trigger OK: 7 MiB in 15 packages Removing intermediate container 0c8ab5da7a28 ---> 6de4ef1b4157 Step 3/3 : CMD ["strace","-p","6"] ---> Running in b2446e191f9e Removing intermediate container b2446e191f9e ---> 60691d8a2571 Successfully built 60691d8a2571 Successfully tagged strace:latest root@php56:/home/tb# docker images REPOSITORY TAG IMAGE ID CREATED SIZE strace latest 60691d8a2571 14 seconds ago 8.51MB alpine latest cc0abc535e36 2 days ago 5.59MB nginx alpine a624d888d69f 5 weeks ago 21.5MB hyperf/hyperf 7.2-alpine-cli 10763d2393ce 5 months ago 72.7MB
-
启动基于strace镜像的容器,并同时配置一些权限(否则会报Permission denied)
root@php56:/home/tb# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 84f853fa7d36 strace "strace -p 6" 4 minutes ago Up 4 minutes strace-test 045a04431e99 nginx:alpine "nginx -g 'daemon of…" 7 hours ago Up 7 hours 0.0.0.0:8080->80/tcp nginx-test root@php56:/home/tb# docker run -it --name strace-test --pid=container:nginx-test --net=container:nginx-test --cap-add sys_admin --cap-add SYS_PTRACE --cap-add=SYS_PTRACE --security-opt seccomp=unconfined --security-opt apparmor=unconfined strace strace: Process 6 attached epoll_pwait(8,
todo:在3的方法上动态构建
-
改写dockerfile
root@php56:/home/tb# cat Dockerfile FROM alpine RUN apk update && apk add strace ARG envType=dev ARG pect=-p ARG pid=6 ENV envType ${envType} ENV pect ${pect} ENV pid ${pid} # CMD ["strace","-p","6"] 数组方式的cmd,是用来运行命令,不支持参数替换 CMD strace ${pect} ${pid} # 为了测试输出 RUN file= "strace ${pect} ${pid}" && echo $file
-
build,
strace -cp 13960
为动态传入参数root@php56:/home/tb# docker build --build-arg envType=pro --build-arg pect="-cp" --build-arg pid=13960 -t strace_dynamic . Sending build context to Docker daemon 216.6MB Step 1/10 : FROM alpine ---> cc0abc535e36 Step 2/10 : RUN apk update && apk add strace ---> Using cache ---> 6de4ef1b4157 Step 3/10 : ARG envType=dev ---> Using cache ---> d7b1410dfdbc Step 4/10 : ARG pect=-p ---> Using cache ---> 8ef9ba050011 Step 5/10 : ARG pid=6 ---> Using cache ---> 1bcf37e6e7c7 Step 6/10 : ENV envType ${envType} ---> Using cache ---> c448b51323b7 Step 7/10 : ENV pect ${pect} ---> Using cache ---> d25052bc5741 Step 8/10 : ENV pid ${pid} ---> Running in f756fb16acdb Removing intermediate container f756fb16acdb ---> f0bfef6f4afd Step 9/10 : CMD strace ${pect} ${pid} ---> Running in 4c81a6d743ef Removing intermediate container 4c81a6d743ef ---> 93484d2bcbcd Step 10/10 : RUN file= "strace ${pect} ${pid}" && echo $file ---> Running in 561514dda683 /bin/sh: strace -cp 13960: not found The command '/bin/sh -c file= "strace ${pect} ${pid}" && echo $file' returned a non-zero code: 127
-
tips删除none镜像
docker rmi -f$(docker images | ``grep` `"none"` `| ``awk'{print $3}'``)
-
失败。怎么像类似方法3那样传呢
root@php56:/home/tb# docker run -it --name strace-test-dynamic --pid=container:nginx-test --net=container:nginx-test --cap-add sys_admin --cap-add SYS_PTRACE --cap-add=SYS_PTRACE --security-opt seccomp=unconfined --security-opt apparmor=unconfined strace_dynamic strace: must have PROG [ARGS] or -p PID Try 'strace -h' for more information. root@php56:/home/tb# docker run -it --name strace-test-dynamic --pid=container:nginx-test --net=container:nginx-test --cap-add sys_admin --cap-add SYS_PTRACE --cap-add=SYS_PTRACE --security-opt seccomp=unconfined --security-opt apparmor=unconfined strace_dynamic docker: Error response from daemon: Conflict. The container name "/strace-test-dynamic" is already in use by container "c4656ef188a4d1b5ca92ab44981dfaf49e821ad7afa82a43738985d9b7b5ccbb". You have to remove (or rename) that container to be able to reuse that name. See 'docker run --help'. root@php56:/home/tb#