版权声明:@抛物线 https://blog.csdn.net/qq_28513801/article/details/89492262
pass平台开发运维一
1.在 server 节点使用 netstat 命令查询仓库监听端口号,查询完毕后通过 lsof命令(如命令不存在则手工安装)查询使用此端口号的进程。将以上所有操作命 令和输出结果以文本形式提交到答题框。
[root@server ~]# netstat -atunpl
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 796/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 901/master
tcp 0 52 10.0.0.8:22 172.16.10.106:49222 ESTABLISHED 1620/sshd: root@pts
tcp6 0 0 :::2375 :::* LISTEN 960/dockerd-current
tcp6 0 0 :::5000 :::* LISTEN 1217/docker-proxy-c
tcp6 0 0 :::8080 :::* LISTEN 1176/docker-proxy-c
tcp6 0 0 :::22 :::* LISTEN 796/sshd
tcp6 0 0 ::1:25 :::* LISTEN 901/master
udp 0 0 0.0.0.0:68 0.0.0.0:* 752/dhclient
udp 0 0 0.0.0.0:123 0.0.0.0:* 523/chronyd
udp 0 0 127.0.0.1:323 0.0.0.0:* 523/chronyd
udp 0 0 0.0.0.0:48730 0.0.0.0:* 752/dhclient
udp6 0 0 :::10353 :::* 752/dhclient
udp6 0 0 :::123 :::* 523/chronyd
udp6 0 0 ::1:323 :::* 523/chronyd
[root@server ~]# lsof -i:5000
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
docker-pr 1217 root 4u IPv6 16108 0t0 TCP *:commplex-main (LISTEN)
[root@server ~]#
2.在 server 节点通过 netstat 命令(如命令不存在则手工安装)查询 docker 镜像仓库 PID,使用 top 命令查询上一步查询到的 PID 的资源使用情况。将以上 所有操作命令和输出结果以文本形式提交到答题框。
[root@server ~]# netstat -atunpl
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 796/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 901/master
tcp 0 52 10.0.0.8:22 172.16.10.106:49222 ESTABLISHED 1620/sshd: root@pts
tcp6 0 0 :::2375 :::* LISTEN 960/dockerd-current
tcp6 0 0 :::5000 :::* LISTEN 1217/docker-proxy-c
tcp6 0 0 :::8080 :::* LISTEN 1176/docker-proxy-c
tcp6 0 0 :::22 :::* LISTEN 796/sshd
tcp6 0 0 ::1:25 :::* LISTEN 901/master
udp 0 0 0.0.0.0:68 0.0.0.0:* 752/dhclient
udp 0 0 0.0.0.0:123 0.0.0.0:* 523/chronyd
udp 0 0 127.0.0.1:323 0.0.0.0:* 523/chronyd
udp 0 0 0.0.0.0:48730 0.0.0.0:* 752/dhclient
udp6 0 0 :::10353 :::* 752/dhclient
udp6 0 0 :::123 :::* 523/chronyd
udp6 0 0 ::1:323 :::* 523/chronyd
[root@server ~]# top -p 1217
top - 14:24:45 up 12 min, 2 users, load average: 0.06, 0.13, 0.15
Tasks: 1 total, 0 running, 1 sleeping, 0 stopped, 0 zombie
%Cpu(s): 0.2 us, 0.2 sy, 0.0 ni, 99.7 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem : 4047500 total, 2240436 free, 668464 used, 1138600 buff/cache
KiB Swap: 0 total, 0 free, 0 used. 3163384 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1217 root 20 0 42688 1860 1340 S 0.0 0.0 0:00.00 docker-proxy-cu
3.在 server 节点通过 docker 命令查询 docker registry 容器最后几条日志,将 以上所有操作命令和输出结果以文本形式提交到答题框。
[root@server ~]# docker logs --tail=10 registry
192.168.200.9 - - [22/Dec/2018:16:55:02 +0000] "GET /v2/rancher/registry/tags/list HTTP/1.1" 404 124 "" "docker/1.12.6 go/go1.8.3 kernel/3.10.0-229.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.6 \\(linux\\))"
192.168.200.9 - - [22/Dec/2018:16:55:02 +0000] "GET /v1/repositories/rancher/registry/images HTTP/1.1" 404 19 "" "docker/1.12.6 go/go1.8.3 kernel/3.10.0-229.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.6 \\(linux\\))"
time="2018-12-22T17:15:31Z" level=info msg="PurgeUploads starting: olderThan=2018-12-15 17:15:31.082929747 +0000 UTC, actuallyDelete=true"
time="2018-12-22T17:15:31Z" level=info msg="Purge uploads finished. Num deleted=0, num errors=0"
time="2018-12-22T17:15:31Z" level=info msg="Starting upload purge in 24h0m0s" go.version=go1.6.3 instance.id=98b00bcb-db88- 44a9-b1a8-8f869d5e4d26 version=v2.5.1
time="2018-12-23T14:12:19Z" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable." go.version=go1.6.3 instance.id=1902aa3d-2120-4bfd-bb41-89d47e8d547c version=v2.5.1
time="2018-12-23T14:12:19Z" level=info msg="redis not configured" go.version=go1.6.3 instance.id=1902aa3d-2120-4bfd-bb41- 89d47e8d547c version=v2.5.1
time="2018-12-23T14:12:19Z" level=info msg="Starting upload purge in 34m0s" go.version=go1.6.3 instance.id=1902aa3d-2120-4bfd- bb41-89d47e8d547c version=v2.5.1
time="2018-12-23T14:12:19Z" level=info msg="using inmemory blob descriptor cache" go.version=go1.6.3 instance.id=1902aa3d-2120-4bfd-bb41-89d47e8d547c version=v2.5.1
time="2018-12-23T14:12:19Z" level=info msg="listening on [::]:5000" go.version=go1.6.3 instance.id=1902aa3d-2120-4bfd-bb41-89d47e8d547c version=v2.5.1
4.在 server 节点,查询 rancher/server 容器的进程号,建立命名空间 /var/run/netns 并与 rancher/server 容器进行连接,通过 ip netns 相关命令查询该容 器的 ip,将以上操作命令及检查结果填入答题框。
[root@server /]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
77bf2a805c5c rancher/server:v1.6.5 "/usr/bin/entry /usr/" 22 hours ago Up 56 minutes 3306/tcp, 0.0.0.0:8080->8080/tcp stupefied_shannon
ca8eddba870a docker.io/registry:latest "/entrypoint.sh /etc/" 22 hours ago Up 56 minutes 0.0.0.0:5000->5000/tcp registry
[root@server /]# docker inspect 77bf2a805c5c | head -20
[
{
"Id": "77bf2a805c5cf838b63ba8309c654e36b71e00a7eb2293677070b57edae82a35",
"Created": "2018-12-22T16:47:04.243171803Z",
"Path": "/usr/bin/entry",
"Args": [
"/usr/bin/s6-svscan",
"/service"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 1201,
"ExitCode": 0,
"Error": "",
"StartedAt": "2018-12-23T14:12:18.778408378Z",
[root@server /]# docker inspect -f {{.State.Pid}} 77bf2a805c5c
1201
[root@server /]# mkdir /var/run/netns
[root@server /]# ln -s /proc/1201/ns/net /var/run/netns/1201
[root@server /]# ip netns list
1201
[root@server /]# ip netns exec 1201 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:2/64 scope link
valid_lft forever preferred_lft forever
[root@server /]#
5.在 server 节点查询当前 cgroup 的挂载情况,将以上操作命令及检查结果填 入答题框。
[root@server /]# mount -t cgroup
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd- cgroups-agent,name=systemd)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct,cpu)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb)