As people are starting to look at Kubernetes and Docker, there have
been a number of questions regarding how to diagnose problems with
containers.  Here are a few useful hints:

## Docker logs

Docker captures stdout/stderr from the main process and makes this
available via the `docker log` command.  That is, if your Dockerfile
looks like this:

    FROM fedora
    RUN yum -y install mariadb; yum clean all
    CMD mysql --this-is-a-terrible-idea

And you were to have Kubernetes launch an image built from that file
and wanted to diagnose why it wasn't working, you could run `docker
logs <container_name_or_id>` and see:

    mysql: unknown option '--this-is-a-terrible-idea'

## Using 'nsenter'

The `nsenter` command is available in recent coreutils packages.  It
allows you to run commands inside existing namespaces.  

A useful shortcut is to place the following inside a script and call
it "docker-enter":

    nsenter -t $(docker inspect \
      --format '{{ .State.Pid }}' $CONTAINER) \
      -m -u -i -n -p -w "$@"

Now you can run `docker-enter <container_name_or_id>` to start a shell
inside the specified container.

Once inside the container, you may want to see the environment
variables passed to PID 1 to ensure that service discovery is
operating correctly.  You can do that via:

    tr '\000' '\012' < /proc/1/environ

You can of course inspect anything on the filesystem, although ideally
your application is logging to stdout/stderr and not to local files.
If you know your container's ENTRYPOINT and CMD entries, you can run
those by hand to see exactly what is happening.

Lars Kellogg-Stedman <> | larsks @ {freenode,twitter,github}
Cloud Engineering / OpenStack          |

Attachment: pgpqxMqP1HjV1.pgp
Description: PGP signature

OpenStack-dev mailing list

Reply via email to