Docker学习【7】容器监控
Docker学习【7】容器监控
一、Docker监控命令
1、docker ps 命令
-
docker ps显示正在运行的容器
[root@CentOS8Shaowenhua ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@CentOS8Shaowenhua ~]# docker container ls CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -
docker ps -a显示所有容器
[root@CentOS8Shaowenhua ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 986322f93b52 centos "/bin/bash" About a minute ago Exited (0) 11 seconds ago test1 -
启动容器,重新查看
[root@CentOS8Shaowenhua ~]# docker start test1 test1 [root@CentOS8Shaowenhua ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 986322f93b52 centos "/bin/bash" 2 minutes ago Up 6 seconds test1 [root@CentOS8Shaowenhua ~]# docker container ls CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 986322f93b52 centos "/bin/bash" 2 minutes ago Up 2 seconds test1 [root@CentOS8Shaowenhua ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 986322f93b52 centos "/bin/bash" 5 minutes ago Up 3 minutes test1 [root@CentOS8Shaowenhua ~]#
2、docker top命令
-
查看容器进程(ID)
[root@CentOS8Shaowenhua ~]# docker top 986 UID PID PPID C STIME TTY TIME CMD root 2028 2008 0 12:23 pts/0 00:00:00 /bin/bash -
查看容器进程(name)
[root@CentOS8Shaowenhua ~]# docker top test1 UID PID PPID C STIME TTY TIME CMD root 2028 2008 0 12:23 pts/0 00:00:00 /bin/bash [root@CentOS8Shaowenhua ~]# docker container top test1 UID PID PPID C STIME TTY TIME CMD root 2028 2008 0 12:23 pts/0 00:00:00 /bin/bash [root@CentOS8Shaowenhua ~]# -
查看容器进程(参数):-u以用户为主体格式显示
[root@CentOS8Shaowenhua ~]# docker container top test1 -u USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 2028 0.0 0.1 12052 3280 pts/0 Ss+ 12:23 0:00 /bin/bash [root@CentOS8Shaowenhua ~]#
3、docker stats 命令
-
docker stats(只显示ID)
[root@CentOS8Shaowenhua ~]# docker stats CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS 986322f93b52 test1 0.00% 1.535MiB / 1.748GiB 0.09% 1.19kB / 0B 0B / 0B 1 CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS 986322f93b52 test1 0.00% 1.535MiB / 1.748GiB 0.09% 1.19kB / 0B 0B / 0B 1 CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS -
docker stats + 容器名称
[root@CentOS8Shaowenhua ~]# docker stats test1 CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS 986322f93b52 test1 0.00% 1.535MiB / 1.748GiB 0.09% 1.19kB / 0B 0B / 0B 1 CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS 986322f93b52 test1 0.00% 1.535MiB / 1.748GiB 0.09% 1.19kB / 0B 0B / 0B 1 CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
二、Sysdig
将strace、htop、lsof等工具的功能和结果整合到一个界面
1、将Sysdig以容器形式运行
[root@CentOS8Shaowenhua ~]# docker run -it --rm --name=sysdig --privileged=true \
> --volume=/var/run/Docker.sock:/host/var/run/Docker.sock \
> --volume=/dev/:/host/dev/ \
> --volume=/proc/:/host/proc:ro \
> --volume=/boot/:/host/boot:ro \
> --volume=/lib/modules:/host/lib/modules:ro \
> --volume=/usr/:/host/usr:ro sysdig/sysdig
Unable to find image 'sysdig/sysdig:latest' locally
latest: Pulling from sysdig/sysdig
2efec45cd878: Downloading [=================================================> ] 78.61MB/78.74MB
365d799e168e: Download complete
55a37d863f63: Download complete
e008a70d3a01: Download complete
3e85e8dda23b: Download complete
10afff395c77: Download complete
2a51b6c475c6: Download complete
^C
[root@CentOS8Shaowenhua ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
986322f93b52 centos "/bin/bash" 38 minutes ago Up 36 minutes test1
[root@CentOS8Shaowenhua ~]#
以上代码有误,docker.sock小写后重新执行
[root@CentOS8Shaowenhua ~]# docker run -it --rm --name=sysdig --privileged=true \
> --volume=/var/run/docker.sock:/host/var/run/docker.sock \
> --volume=/dev/:/host/dev/ \
> --volume=/proc/:/host/proc:ro \
> --volume=/boot/:/host/boot:ro \
> --volume=/lib/modules:/host/lib/modules:ro \
> --volume=/usr/:/host/usr:ro sysdig/sysdig
Unable to find image 'sysdig/sysdig:latest' locally
latest: Pulling from sysdig/sysdig
2efec45cd878: Pull complete
365d799e168e: Pull complete
55a37d863f63: Pull complete
e008a70d3a01: Pull complete
3e85e8dda23b: Pull complete
10afff395c77: Pull complete
2a51b6c475c6: Pull complete
Digest: sha256:99a1db7ab74e2d6de78abc092e4186ba16261da8cca0bc10afb0b2a35ca028cb
Status: Downloaded newer image for sysdig/sysdig:latest
* Setting up /usr/src links from host
* Running scap-driver-loader for: driver version=7.0.0+driver, arch=x86_64, kernel release=4.18.0-305.3.1.el8.x86_64, kernel version=1
Detected an unsupported target system, please get in touch with the Sysdig community. Trying to compile anyway.
* Running scap-driver-loader with: driver=module, compile=yes, download=no
================ Cleaning phase ================
* 1. Check if kernel module 'scap' is still loaded:
- OK! There is no 'scap' module loaded.
* 2. Check all versions of kernel module 'scap' in dkms:
- There are some versions of 'scap' module in dkms.
* 3. Removing all the following versions from dkms:
7.0.0+driver
- Removing 7.0.0+driver...
------------------------------
Deleting module version: 7.0.0+driver
completely from the DKMS tree.
------------------------------
Done.
- OK! Removing '7.0.0+driver' succeeded.
[SUCCESS] Cleaning phase correctly terminated.
================ Cleaning phase ================
* Looking for a scap module locally (kernel 4.18.0-305.3.1.el8.x86_64)
* Filename 'scap_placeholder_4.18.0-305.3.1.el8.x86_64_1.ko' is composed of:
- driver name: scap
- target identifier: placeholder
- kernel release: 4.18.0-305.3.1.el8.x86_64
- kernel version: 1
install: /usr/lib/gcc/x86_64-redhat-linux/8/
* Trying to dkms install scap module with GCC /usr/bin/gcc
DIRECTIVE: MAKE="'/tmp/scap-dkms-make'"
Creating symlink /var/lib/dkms/scap/7.0.0+driver/source ->
/usr/src/scap-7.0.0+driver
DKMS: add completed.
* Running dkms build failed, couldn't find /var/lib/dkms/scap/7.0.0+driver/build/make.log (with GCC /usr/bin/gcc)
* Trying to load a system scap module, if present
Consider compiling your own scap driver and loading it or getting in touch with the Sysdig community
[root@94f13e8d5eb0 /]# csysdig
error opening device /host/dev/scap0. Make sure you have root credentials and that the scap module is loaded: No such file or directory
还是报错:
Detected an unsupported target system, please get in touch with the Sysdig community. Trying to compile anyway.
错误信息表示正在尝试编译的 Sysdig 内核模块不支持当前的目标系统
Running dkms build failed, couldn't find /var/lib/dkms/scap/7.0.0+driver/build/make.log (with GCC /usr/bin/gcc)
再次解决如下:
-
查看dkms是否存在(显示不存在)
[root@CentOS8Shaowenhua ~]# cd /var/lib/ [root@CentOS8Shaowenhua lib]# ls alternatives containerd dhclient docker initramfs logrotate NetworkManager plymouth portables rpm rsyslog sss tpm unbound authselect dbus dnf games kdump misc os-prober polkit-1 private rpm-state selinux systemd tuned vmware [root@CentOS8Shaowenhua lib]# whereis dkms dkms: [root@CentOS8Shaowenhua lib]# rpm -qa | grep dkms -
尝试安装dkms
[root@CentOS8Shaowenhua lib]# yum install -y epel-release [root@CentOS8Shaowenhua lib]# yum install -y kernel-headers kernel-devel dkms
2、exec命令进入Sysdig命令
[root@CentOS8Shaowenhua ~]# docker exec -it sysdig bash
3、Sysdig监控
-
Sysdig功能界面(csysdig:启动Sysdig监控)
-
监控选项列表
-
容器监控界面
-
数据说明界面
-
按照占用内存排序的监控列表
-
单个容器内部信息
-
线程信息
-
关键字搜索
当前版本不支持Sysdig操作
三、Weave Scope
[root@CentOSShaowenhua ~]# curl -L git.io/scope -o /usr/local/bin/scope
失败
1、手动下载Weave Scope二进制安装包
下载地址:https://github.com/weaveworks/scope/releases/download/latest_release/scope
[root@CentOS8Shaowenhua ~]# mkdir -p /usr/local/bin/scope
[root@CentOS8Shaowenhua ~]# cd /usr/local/bin/scope
[root@CentOS8Shaowenhua scope]# rz
rz waiting to receive.**[root@CentOS8Shaowenhua scope]# ls
scope
[root@CentOS8Shaowenhua scope]#
2、赋予其执行权限
[root@CentOS8Shaowenhua scope]# chmod a+x scope
[root@CentOS8Shaowenhua scope]# ll
total 12
-rwxrwxrwx 1 root root 11259 Apr 27 20:49 scope
3、执行脚本:./scope launch
[root@CentOS8Shaowenhua scope]# ./scope launch
f9eeb10ff33591b6470e8593731bce32cd727e2d2d10874366f8f63eb4641646
Scope probe started
Weave Scope is listening at the following URL(s):
* http://192.168.27.128:4040/
[root@CentOS8Shaowenhua scope]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f9eeb10ff335 weaveworks/scope:1.13.2 "/home/weave/entrypo…" 18 seconds ago Up 17 seconds weavescope
[root@CentOS8Shaowenhua scope]#
4、访问Weave Scope界面
5、监控容器
(1)查看所用正在运行的容器ALL
(2)查看资源占用情况之CPU(液位高度形式显示)
-
具体参数
(3)查看被监控容器的详细信息
6、监控宿主机
7、多宿主机监控
(1)代码实例
-
主机1:
[root@CentOS8Shaowenhua scope]# ./scope launch 192.168.27.128 192.168.27.134 192.168.27.135 36447391f35121a4a83a566e28fb7aea67e6bfabdd3c782a23b69487003d4177 Scope probe started Weave Scope is listening at the following URL(s): * http://192.168.27.128:4040/ [root@CentOS8Shaowenhua scope]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 36447391f351 weaveworks/scope:1.13.2 "/home/weave/entrypo…" About a minute ago Up About a minute weavescope [root@CentOS8Shaowenhua scope]# -
主机2:
[root@Docker1 scope]# ./scope launch 192.168.27.128 192.168.27.134 192.168.27.135 Unable to find image 'weaveworks/scope:1.13.2' locally 1.13.2: Pulling from weaveworks/scope ba3557a56b15: Pull complete 3ac4c0e9800c: Pull complete d052e74a4dae: Pull complete aacb9bf49f73: Pull complete 06841e6f61a9: Pull complete ee99b95c7732: Pull complete dd0e726a9a15: Pull complete 05cb5f9d0d32: Pull complete e956cf3e716a: Pull complete Digest: sha256:8591bb11d72f784f784ac8414660759d40b7c0d8819011660c1cc94271480a83 Status: Downloaded newer image for weaveworks/scope:1.13.2 f8f3675ad21ddee61f33813f6398b05ce59af7c6e81df684bfd027c47ce73060 Scope probe started Weave Scope is listening at the following URL(s): * http://192.168.27.134:4040/ [root@Docker1 scope]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f8f3675ad21d weaveworks/scope:1.13.2 "/home/weave/entrypo…" About a minute ago Up About a minute weavescope [root@Docker1 scope]# -
主机3:
[root@Docker2 scope]# ./scope launch 192.168.27.128 192.168.27.134 192.168.27.135 Unable to find image 'weaveworks/scope:1.13.2' locally 1.13.2: Pulling from weaveworks/scope ba3557a56b15: Pull complete 3ac4c0e9800c: Pull complete d052e74a4dae: Pull complete aacb9bf49f73: Pull complete 06841e6f61a9: Pull complete ee99b95c7732: Pull complete dd0e726a9a15: Pull complete 05cb5f9d0d32: Pull complete e956cf3e716a: Pull complete Digest: sha256:8591bb11d72f784f784ac8414660759d40b7c0d8819011660c1cc94271480a83 Status: Downloaded newer image for weaveworks/scope:1.13.2 dd44b68782fd8c4aed122c5ad660ec3c47fd7f38229fce548619bca862597746 Scope probe started Weave Scope is listening at the following URL(s): * http://192.168.27.135:4040/ [root@Docker2 scope]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES dd44b68782fd weaveworks/scope:1.13.2 "/home/weave/entrypo…" 28 seconds ago Up 27 seconds weavescope [root@Docker2 scope]#
(2)图像界面
查看所有主机中的容器
memory
FINISH
