Various support script improvements
Previously, support script dumped the host iptables filter/nat tables, and each overlay network's network inspect and 'bridge fdb show' and 'brctl showmacs'. Now we collect much more information. Support script dumps iptables filter/nat/mangle, routes and interfaces from iproute2, bridge fdb table, & ipvsadm table, for the host and containers/overlay networks on the host. We also dump a redacted copy of the container health check status and other debugging information for each container, in JSON format, and 'docker network inspect -v' for each overlay, if the client/server support the -v flag. Signed-off-by: ada mancini <ada@docker.com>
This commit is contained in:
ada mancini
ada
parent
00bb02b36c
commit
d5aab13c38
|
|
@ -4,34 +4,76 @@
|
|||
DOCKER="${DOCKER:-docker}"
|
||||
NSENTER="${NSENTER:-nsenter}"
|
||||
BRIDGE="${BRIDGE:-bridge}"
|
||||
BRCTL="${BRCTL:-brctl}"
|
||||
IPTABLES="${IPTABLES:-iptables}"
|
||||
IPVSADM="${IPVSADM:-ipvsadm}"
|
||||
IP="${IP:-ip}"
|
||||
|
||||
NSDIR=/var/run/docker/netns
|
||||
BRIDGEIF=br0
|
||||
|
||||
function die {
|
||||
echo $*
|
||||
exit 1
|
||||
}
|
||||
|
||||
type -P ${DOCKER} > /dev/null || die "This tool requires the docker binary"
|
||||
type -P ${NSENTER} > /dev/null || die "This tool requires nsenter"
|
||||
type -P ${BRIDGE} > /dev/null || die "This tool requires bridge"
|
||||
type -P ${BRCTL} > /dev/null || die "This tool requires brctl"
|
||||
type -P ${IPTABLES} > /dev/null || die "This tool requires iptables"
|
||||
function echo_and_run {
|
||||
echo "#" "$@"
|
||||
eval $(printf '%q ' "$@") < /dev/stdout
|
||||
}
|
||||
|
||||
echo "iptables configuration"
|
||||
${IPTABLES} -w1 -n -v -L -t filter
|
||||
${IPTABLES} -w1 -n -v -L -t nat
|
||||
echo ""
|
||||
type -P ${DOCKER} > /dev/null || echo "This tool requires the docker binary"
|
||||
type -P ${NSENTER} > /dev/null || echo "This tool requires nsenter"
|
||||
type -P ${BRIDGE} > /dev/null || echo "This tool requires bridge"
|
||||
type -P ${IPTABLES} > /dev/null || echo "This tool requires iptables"
|
||||
type -P ${IPVSADM} > /dev/null || echo "This tool requires ipvsadm"
|
||||
type -P ${IP} > /dev/null || echo "This tool requires ip"
|
||||
|
||||
if ${DOCKER} network inspect --help | grep -q -- --verbose; then
|
||||
NETINSPECT_VERBOSE_SUPPORT="--verbose"
|
||||
else
|
||||
NETINSPECT_VERBOSE_SUPPORT=""
|
||||
fi
|
||||
|
||||
echo "Host Configuration"
|
||||
echo_and_run ${IPTABLES} -w1 -n -v -L -t filter | grep -v '^$'
|
||||
echo_and_run ${IPTABLES} -w1 -n -v -L -t nat | grep -v '^$'
|
||||
echo_and_run ${IPTABLES} -w1 -n -v -L -t mangle | grep -v '^$'
|
||||
printf "\n"
|
||||
|
||||
echo "Host addresses and routes"
|
||||
echo_and_run ${IP} -o -4 address show
|
||||
echo_and_run ${IP} -4 route show
|
||||
printf "\n"
|
||||
|
||||
echo "Overlay network configuration"
|
||||
for networkID in $(${DOCKER} network ls --filter driver=overlay -q) ; do
|
||||
echo "Network ${networkID}"
|
||||
nspath=(${NSDIR}/*-$(echo ${networkID}| cut -c1-10))
|
||||
${DOCKER} network inspect -v ${networkID}
|
||||
${NSENTER} --net=${nspath[0]} ${BRIDGE} fdb show ${BRIDGEIF}
|
||||
${NSENTER} --net=${nspath[0]} ${BRCTL} showmacs ${BRIDGEIF}
|
||||
echo ""
|
||||
for networkID in $(${DOCKER} network ls --no-trunc --filter driver=overlay -q) "ingress_sbox"; do
|
||||
echo "nnn Network ${networkID}"
|
||||
if [ "${networkID}" != "ingress_sbox" ]; then
|
||||
nspath=(${NSDIR}/*-${networkID:0:10})
|
||||
${DOCKER} network inspect ${NETINSPECT_VERBOSE_SUPPORT} ${networkID}
|
||||
else
|
||||
nspath=(${NSDIR}/${networkID})
|
||||
fi
|
||||
echo_and_run ${NSENTER} --net=${nspath[0]} ${IP} -o -4 address show
|
||||
echo_and_run ${NSENTER} --net=${nspath[0]} ${IP} -4 route show
|
||||
echo_and_run ${NSENTER} --net=${nspath[0]} ${IP} -4 neigh show
|
||||
echo_and_run ${NSENTER} --net=${nspath[0]} ${BRIDGE} fdb show
|
||||
echo_and_run ${NSENTER} --net=${nspath[0]} ${IPTABLES} -w1 -n -v -L -t filter | grep -v '^$'
|
||||
echo_and_run ${NSENTER} --net=${nspath[0]} ${IPTABLES} -w1 -n -v -L -t nat | grep -v '^$'
|
||||
echo_and_run ${NSENTER} --net=${nspath[0]} ${IPTABLES} -w1 -n -v -L -t mangle | grep -v '^$'
|
||||
echo_and_run ${NSENTER} --net=${nspath[0]} ${IPVSADM} -l -n
|
||||
printf "\n"
|
||||
done
|
||||
|
||||
echo "Container network configuration"
|
||||
for containerID in $(${DOCKER} container ls -q); do
|
||||
echo "ccc Container ${containerID}"
|
||||
${DOCKER} container inspect ${containerID} --format 'Name:{{json .Name | printf "%s\n"}}Id:{{json .Id | printf "%s\n"}}Hostname:{{json .Config.Hostname | printf "%s\n"}}CreatedAt:{{json .Created | printf "%s\n"}}State:{{json .State|printf "%s\n"}}RestartCount:{{json .RestartCount | printf "%s\n" }}Labels:{{json .Config.Labels | printf "%s\n"}}NetworkSettings:{{json .NetworkSettings}}' | sed '/^State:/ {s/\\"/QUOTE/g; s/,"Output":"[^"]*"//g;}'
|
||||
nspath=$(docker container inspect --format {{.NetworkSettings.SandboxKey}} ${containerID})
|
||||
echo_and_run ${NSENTER} --net=${nspath[0]} ${IP} -o -4 address show
|
||||
echo_and_run ${NSENTER} --net=${nspath[0]} ${IP} -4 route show
|
||||
echo_and_run ${NSENTER} --net=${nspath[0]} ${IP} -4 neigh show
|
||||
echo_and_run ${NSENTER} --net=${nspath[0]} ${IPTABLES} -w1 -n -v -L -t nat | grep -v '^$'
|
||||
echo_and_run ${NSENTER} --net=${nspath[0]} ${IPTABLES} -w1 -n -v -L -t mangle | grep -v '^$'
|
||||
echo_and_run ${NSENTER} --net=${nspath[0]} ${IPVSADM} -l -n
|
||||
printf "\n"
|
||||
done
|
||||
|
|
|
|||
Loading…
Reference in New Issue