SlideShare uma empresa Scribd logo

Troubleshooting Tips from a Docker Support Engineer

Jeff Anderson
Jeff Anderson

The document discusses various troubleshooting techniques for Docker including using tools like socat and curl to characterize networking and TLS issues, checking container processes and permissions, using volumes to store persistent data, and resolving issues with incorrect localhost references between containers. It also provides examples of troubleshooting issues with a Minecraft server, Ruby application, and Nginx proxy configuration.

Engenharia
1 de 97
Baixar para ler offline
Troubleshooting Jeff Anderson Developer Support Engineer at Docker @programm3rq
Troubleshooting Basics Common Issues ○ Volumes ○ Networking ○ TLS Advanced Troubleshooting Techniques Troubleshooting
Troubleshooting Basics
1. Characterization 2. Hypothesis 3. Test & Observe Troubleshooting Basics
Common Issues and Questions
Volumes Common Issues and Questions
Minecraft Server ● Single Java Process ● Stores game world state on disk ● Listens on port 25565 Enthusiast/Power User/Tinkerer Bob
FROM java:7 ADD minecraft_server.1.10.2.jar / RUN mkdir -p /opt/minecraft RUN echo "eula=true" > /opt/minecraft/eula.txt EXPOSE 25565 WORKDIR /opt/minecraft CMD java -jar /minecraft_server.1.10.2.jar Minecraft Dockerfile
$ docker build -t mc:1.10.2 . $ docker run -d --name old -p 25565:25565 mc:1.10.2 Minecraft Build and Run
FROM java:7 ADD minecraft_server.1.11.2.jar / RUN mkdir -p /opt/minecraft RUN echo "eula=true" > /opt/minecraft/eula.txt EXPOSE 25565 WORKDIR /opt/minecraft CMD java -jar /minecraft_server.1.11.2.jar Minecraft Dockerfile (updated)
$ docker build -t mc:1.11.2 . $ docker stop old $ docker run -d --name new -p 25565:25565 mc:1.11.2 Minecraft Build and Run (updated)
Where did my stateful minecraft data go?! Bob
Storing important data A volume is a directory on the host that is made available to a container. Docker does this with a bind mount. Volumes
$ mount -o bind /opt/source /opt/destination $ touch /opt/source/test $ ls -li /opt/source/* /opt/destination/* 497080 -rw-r--r-- 1 root root 0 Apr 9 01:37 /opt/destination/test 497080 -rw-r--r-- 1 root root 0 Apr 9 01:37 /opt/source/test $ ls -lid /opt/source/ /opt/destination/ 500424 drwxr-xr-x 2 root root 4096 Apr 9 01:37 /opt/destination/ 500424 drwxr-xr-x 2 root root 4096 Apr 9 01:37 /opt/source/ Bind Mount
Three Types 1. Host volume "I want my data to be here specifically" 2. Named Volume "I want to refer to my data later easily" 3. Anonymous Volume "I just want a volume" Volumes
# Host Volume $ docker run -v /opt/hostpath:/container/data … # Named Volume $ docker run -v important_stuff:/container/data … # Anonymous Volume $ docker run -v /container/data … Volume Types
Bob Minecraft data should go in a volume.
$ docker diff old … C /opt/minecraft A /opt/minecraft/server.properties A /opt/minecraft/world A /opt/minecraft/world/region A /opt/minecraft/world/region/r.0.0.mca … Put data in a volume
$ docker volume create minecraft $ docker create --name new -p 25565:25565 -v minecraft:/opt/minecraft mc:1.11.2 $ docker cp old:/opt/minecraft minecraft $ docker cp minecraft new:/opt/ $ docker start new Put data in a volume
Use volumes to designate where stateful data goes Bob
Local dev environment Ubuntu 16.04 desktop Wants to use Docker in her development workflow Ruby Developer Jane
Useful for local development Jane uses RubyMine Wants code auto-reload with the rerun gem Host Volumes
FROM ruby RUN gem install sinatra sqlite3 rerun COPY . /app/code WORKDIR /app/code EXPOSE 4567 CMD rerun 'ruby server.rb -o 0.0.0.0' Ruby App Dockerfile
$ docker build -t my_sinatra_app . $ docker run -p 4567:4567 --name webdev -v /home/jane/code:/app/code my_sinatra_app 23:30:18 [rerun] Code launched /usr/local/bundle/gems/sqlite3-1.3.13/lib/sqlite3/database.rb:9 1:in `initialize': no such table: config … Jane's Ruby App
Useful for local development This development environment needs a test database. By default, it creates an sqlite3 file called test.db This can be initialized with the 'init.sql' file in the project Host Volumes
$ sqlite3 -bail test.db < init.sql Error: near line 1: attempt to write a readonly database Jane's Ruby App
Ruby Developer JaneJane File Permissions
Permission and ownership issues are dealt with in the same way with and without docker. The numeric uid is what matters. Permissions and Ownership
$ sqlite3 -bail test.db < init.sql Error: near line 1: attempt to write a readonly database $ ls -lin … 6721104 -rw-r--r-- 1 1000 1000 163 Apr 18 2017 init.sql 6721145 -rw-r--r-- 1 0 0 0 Apr 18 2017 test.db Jane's Ruby App
Characterization and Hypothesis ● Files created by the container are owned by uid 0 ● The image's default user is uid 0 ● test.db file permissions are 0644 ● sqlite3 is running as uid 1000 (jane) Hypothesis: this is a normal permissions/ownership issue. Permissions and Ownership
Characterization and Hypothesis Do these: ● chown 1000 test.db ● run container as uid 1000 Avoid these: ● chmod 777 ● sudo sqlite3 Permissions and Ownership
examples of containerized process writing files ● database files ● pid files ● bytecode caching ● in-app file uploads ● plugin/theme installation ● log files Permissions and Ownership
Docker for Mac Docker for Mac shares files from macos host to hyperkit VM This file sharing mechanism will ensure files written by containers will always match your macos user id Host Volumes
Ruby Developer Volume Pro JaneJane
Networking Common Issues and Questions
Working on a small Python web application. Early stages of development. Ready to Dockerize the project.Web Developer Small Company Josh
from bottle import route, run, template import socket @route('/') def index(): return str(socket.gethostname()) + 'n' run(host='0.0.0.0', port=8000) Application Code
FROM python:3-alpine RUN pip install bottle ADD . /code WORKDIR /code EXPOSE 8000 CMD ["python", "app.py"] Application Dockerfile
$ docker build -t app . $ docker run -d --name web -p 8000:8000 app $ curl http://localhost:8000 d8939bc62a36 Running the python code
server { listen 80; server_name localhost; location / { root /usr/share/nginx/html; index index.html index.htm; proxy_pass http://localhost:8000/; } } nginx config file
FROM nginx:alpine RUN rm -f /etc/nginx/conf.d/default.conf ADD nginx.conf /etc/nginx/conf.d/default.conf nginx Dockerfile
$ docker build -t mynginx . $ docker run -d --name nginx -p 80:80 mynginx $ curl http://localhost/ <html> <head><title>502 Bad Gateway</title></head> <body bgcolor="white"> <center><h1>502 Bad Gateway</h1></center> <hr><center>nginx/1.11.10</center> </body> </html> Running nginx
Web Developer Small Company Josh Unexpected 502 Error
502 - app.py and nginx Networking localhost eth0 nginx localhost eth0 - 172.18.0.6 nginx - 0.0.0.0:80 0.0.0.0:80 web localhost eth0 - 172.18.0.5 app.py - 0.0.0.0:8000 0.0.0.0:8000
502 Characterization and Hypothesis ● curl localhost:8000 does not work from nginx container (connection refused) ● curl localhost:8000 works from the app container ● curl 172.18.0.5:8000 works from the nginx container ● curl 172.18.0.5:8000 works from the app container Networking
502 - app.py and nginx Networking localhost eth0 nginx localhost eth0 - 172.18.0.6 nginx - 0.0.0.0:80 0.0.0.0:80 web localhost eth0 - 172.18.0.5 app.py - 0.0.0.0:8000 0.0.0.0:8000 curlcurl
502 Characterization and Hypothesis Hypothesis: nginx using the 'localhost' upstream is incorrect Test: update the nginx config file with the container ip. Networking
server { listen 80; server_name localhost; location / { root /usr/share/nginx/html; index index.html index.htm; proxy_pass http://172.18.0.5:8000/; } } nginx config file
$ curl http://localhost d8939bc62a36 Running the python code
502 - app.py and nginx Networking localhost eth0 nginx localhost eth0 - 172.18.0.6 nginx - 0.0.0.0:80 0.0.0.0:80 web localhost eth0 - 172.18.0.5 app.py - 0.0.0.0:8000 0.0.0.0:8000
502 - app.py and nginx Networking localhost eth0 nginx localhost eth0 - 172.18.0.6 nginx - 0.0.0.0:80 0.0.0.0:80 web localhost eth0 - 172.18.0.5 app.py - 0.0.0.0:8000
Network Service Discovery How will nginx discover the IP going forward? Docker runs a resolver at 127.0.0.11. It resolves container ips by their --name or --net-alias Networking
server { listen 80; server_name localhost; resolver 127.0.0.11; location / { root /usr/share/nginx/html; index index.html index.htm; proxy_pass http://web:8000/; } } nginx config file updated
Web Developer Container Networking Specialist Josh
TLS Common Issues and Questions
Docker EE Docker Datacenter Deploys internal apps Devops Team at a big company Working on the Docker Project Steven
Universal Control Plane TLS
Universal Control Plane ● Implements the Docker Daemon API on port 443 ● There is a web GUI as well ● You connect to it with a "client bundle" TLS
$ ls … ca.pem cert.pem key.pem … env.sh $ cat env.sh export DOCKER_TLS_VERIFY=1 export DOCKER_CERT_PATH="$(pwd)" export DOCKER_HOST=tcp://ucp.example.com:443 Client Bundle
$ source env.sh $ docker run --rm -it alpine echo hello dockercon hello dockercon $ docker service create -p 80:80 nginx:alpine ellhziigdmo2hae2z7wxuv4qt Client Bundle
Universal Control Plane TLS
Installed New Certs ● Chrome no longer complains about the self signed certificate ● docker run and docker service still work as they did before TLS
Steven User reports TLS error
$ source env.sh $ docker-compose up -d ERROR: SSL error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) compose TLS issue
TLS issue reported after cert install ● TLS error when using compose ● Same endpoint works in browser ● Same endpoint works with `docker` CLI Hypothesis: compose has different TLS client expectations from this TLS endpoint TLS
TLS issues don't need to be scary Cheat sheet (check the following): ● Subject/Alt name match ● Full Chain of Trust ● Chain Root is trusted TLS
TLS issues don't need to be scary Cheat sheet (check the following): ● Subject/Alt name match correct ● Full Chain of Trust ● Chain Root is trusted TLS
openssl x509 -noout -text < 0.pem | grep 'Subject:|Issuer:' Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 Subject: CN=ucp.example.com cert Subject and Issuer
openssl x509 -noout -text < 1.pem | grep 'Subject:|Issuer:' Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3 Subject: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 cert Subject and Issuer
TLS issues don't need to be scary Cheat sheet (check the following): ● Subject/Alt name match correct ● Full Chain of Trust missing root ● Chain Root is trusted TLS
openssl x509 -noout -text < 2.pem | grep 'Subject:|Issuer:' Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3 Subject: O=Digital Signature Trust Co., CN=DST Root CA X3 cert Subject and Issuer
root: Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3 Subject: O=Digital Signature Trust Co., CN=DST Root CA X3 intermediary: Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3 Subject: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 certificate: Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 Subject: CN=ucp.example.com cert chain
Universal Control Plane TLS
TLS issues don't need to be scary Cheat sheet (check the following): ● Subject/Alt name match correct ● Full Chain of Trust correct ● Chain Root is trusted TLS
TLS issues don't need to be scary Cheat sheet (check the following): ● Subject/Alt name match correct ● Full Chain of Trust correct ● Chain Root is trusted correct TLS
$ source env.sh $ docker-compose up -d … Creating network "acme_default" with the default driver Creating acme_tomcat_1 Creating acme_apache_1 docker-compose working
TLS issue when using compose ● TLS works when using compose ● Same endpoint works in browser ● Same endpoint works with `docker` CLI Python TLS client wants the certificate authority it trusts to be a root certificate. TLS
TLS Pro Steven
Advanced Troubleshooting Techniques
Amber keeps up pace by being proactive She has several general troubleshooting tactics that help characterize issuesWorks at a big company Has been a sysadmin, developer, network admin Currently technical lead on the devops team Amber
Tools - command line utilities ● socat - bidirectional communication over tcp, udp, stdio, pipes, unix domain sockets, etc ● curl - make web requests ● jq - parse, filter, create json text ● regular network tools - iptables, ipvsadm, route, ip, arp, tcpdump, ifconfig ● nsenter - enter a namespace Amber's Toolbox
Tools - command line utilities ● Nico Kabar's netshoot container: ○ https://github.com/nicolaka/netshoot ○ docker pull nicolaka/netshoot ● Jérôme Petazzoni's nsenter ○ https://github.com/jpetazzo/nsenter Amber's Toolbox
$ socat -v tcp4-listen:5566,bind=127.0.0.1,reuseaddr,fork unix-connect:/var/run/docker.sock $ docker -H 127.0.0.1:5566 ps MITM docker socket traffic
$ socat -v tcp4-listen:5566,bind=127.0.0.1,reuseaddr,fork unix-connect:/var/run/docker.sock > 2017/04/16 10:38:09.400245 length=131 from=115 to=245 GET /v1.26/containers/json HTTP/1.1r Host: 127.0.0.1:5566r User-Agent: Docker-Client/17.03.0-ce (darwin)r Accept-Encoding: gzipr r < 2017/04/16 10:38:09.401486 length=197 from=199 to=395 HTTP/1.1 200 OKr Api-Version: 1.26r Content-Type: application/jsonr Date: Sun, 16 Apr 2017 15:38:09 GMTr Docker-Experimental: truer Server: Docker/17.03.0-ce (linux)r Transfer-Encoding: chunkedr … MITM docker socket traffic
$ curl -s --unix-socket /var/run/docker.sock http::/containers/json | jq '.[].Names[0]' "/focused_tesla" "/exciting_einstein" "/web" "/app" docker ps with curl | jq
$ PID=$(docker inspect --format {{.State.Pid}} happy_tesla) $ nsenter -n -t $PID iptables -nL $ nsenter -t `pidof dockerd` -m nsenter --net=/var/run/docker/netns/ingress_sbox ipvsadm -l $ for i in /var/run/docker/netns/* ; do nsenter -t `pidof dockerd` -m nsenter --net=$i ifconfig; done nsenter
Techniques Host A container networking is working Host B container networking is not They are seemingly identical How to identify the differences? graphical diff! Amber's Toolbox
Techniques - How to Ask a Question Amber's Toolbox <statement of observation> |---------------------------| | demonstration of relevant observations |---------------------------| <question>
Techniques - How to Ask a Question Amber's Toolbox <statement of observation> |---------------------------| | demonstration of relevant observations |---------------------------| <question> Characterization Hypothesis
Techniques - How to Ask a Question Amber's Toolbox I'm getting a 502 error when I hit the staging acmecorp endpoint $ curl -vkL https://staging.internal.acmecorp.com/_ping/ … Is there a deploy happening now?
Becoming a Troubleshooting Pro ● Docker Forums https://forums.docker.com/ ● Docker Community Slack https://dockr.ly/community What you can do
THANK YOU Be a troubleshooting pro! @docker #dockercon Jeff Anderson @programm3rq

Recomendados

Deep dive in Docker Overlay Networks
Deep dive in Docker Overlay NetworksDeep dive in Docker Overlay Networks
Deep dive in Docker Overlay Networks
Laurent Bernaille
 
Deeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay NetworksDeeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay Networks
Laurent Bernaille
 
Deep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay NetworksDeep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay Networks
Laurent Bernaille
 
Discovering OpenBSD on AWS
Discovering OpenBSD on AWSDiscovering OpenBSD on AWS
Discovering OpenBSD on AWS
Laurent Bernaille
 
青云CoreOS虚拟机部署kubernetes
青云CoreOS虚拟机部署kubernetes 青云CoreOS虚拟机部署kubernetes
青云CoreOS虚拟机部署kubernetes
Zhichao Liang
 
Docker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversDocker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan Drivers
Brent Salisbury
 
Understanding docker networking
Understanding docker networkingUnderstanding docker networking
Understanding docker networking
Lorenzo Fontana
 
Building a Virtualized Continuum with Intel(r) Clear Containers
Building a Virtualized Continuum with Intel(r) Clear ContainersBuilding a Virtualized Continuum with Intel(r) Clear Containers
Building a Virtualized Continuum with Intel(r) Clear Containers
Michelle Holley
 

Recomendados

Deep dive in Docker Overlay Networks
Deep dive in Docker Overlay NetworksDeep dive in Docker Overlay Networks
Deep dive in Docker Overlay Networks
Laurent Bernaille
 
Deeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay NetworksDeeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay Networks
Laurent Bernaille
 
Deep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay NetworksDeep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay Networks
Laurent Bernaille
 
Discovering OpenBSD on AWS
Discovering OpenBSD on AWSDiscovering OpenBSD on AWS
Discovering OpenBSD on AWS
Laurent Bernaille
 
青云CoreOS虚拟机部署kubernetes
青云CoreOS虚拟机部署kubernetes 青云CoreOS虚拟机部署kubernetes
青云CoreOS虚拟机部署kubernetes
Zhichao Liang
 
Docker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversDocker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan Drivers
Brent Salisbury
 
Understanding docker networking
Understanding docker networkingUnderstanding docker networking
Understanding docker networking
Lorenzo Fontana
 
Building a Virtualized Continuum with Intel(r) Clear Containers
Building a Virtualized Continuum with Intel(r) Clear ContainersBuilding a Virtualized Continuum with Intel(r) Clear Containers
Building a Virtualized Continuum with Intel(r) Clear Containers
Michelle Holley
 
Hyperledger composer
Hyperledger composerHyperledger composer
Hyperledger composer
wonyong hwang
 
debugging openstack neutron /w openvswitch
debugging openstack neutron /w openvswitchdebugging openstack neutron /w openvswitch
debugging openstack neutron /w openvswitch
어형 이
 
Learning kubernetes
Learning kubernetesLearning kubernetes
Learning kubernetes
Eueung Mulyana
 
Web scale infrastructures with kubernetes and flannel
Web scale infrastructures with kubernetes and flannelWeb scale infrastructures with kubernetes and flannel
Web scale infrastructures with kubernetes and flannel
purpleocean
 
Docker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in PragueDocker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in Prague
tomasbart
 
Introduction to eBPF and XDP
Introduction to eBPF and XDPIntroduction to eBPF and XDP
Introduction to eBPF and XDP
lcplcp1
 
Kernel Recipes 2019 - Metrics are money
Kernel Recipes 2019 - Metrics are moneyKernel Recipes 2019 - Metrics are money
Kernel Recipes 2019 - Metrics are money
Anne Nicolas
 
The n00bs guide to ovs dpdk
The n00bs guide to ovs dpdkThe n00bs guide to ovs dpdk
The n00bs guide to ovs dpdk
markdgray
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting
Open Source Consulting
 
Kernel Recipes 2019 - Kernel documentation: past, present, and future
Kernel Recipes 2019 - Kernel documentation: past, present, and futureKernel Recipes 2019 - Kernel documentation: past, present, and future
Kernel Recipes 2019 - Kernel documentation: past, present, and future
Anne Nicolas
 
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, Docker
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, DockerUnder the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, Docker
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, Docker
Docker, Inc.
 
Velocity 2017 Performance analysis superpowers with Linux eBPF
Velocity 2017 Performance analysis superpowers with Linux eBPFVelocity 2017 Performance analysis superpowers with Linux eBPF
Velocity 2017 Performance analysis superpowers with Linux eBPF
Brendan Gregg
 
Cloud RPI4 tomcat ARM64
Cloud RPI4 tomcat ARM64Cloud RPI4 tomcat ARM64
Cloud RPI4 tomcat ARM64
Jean-Frederic Clere
 
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all started
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all startedKernel Recipes 2019 - ftrace: Where modifying a running kernel all started
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all started
Anne Nicolas
 
CoreOSによるDockerコンテナのクラスタリング
CoreOSによるDockerコンテナのクラスタリングCoreOSによるDockerコンテナのクラスタリング
CoreOSによるDockerコンテナのクラスタリング
Yuji ODA
 
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu VenugopalDocker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Michelle Antebi
 
Staging driver sins
Staging driver sinsStaging driver sins
Staging driver sins
Stephen Hemminger
 
Docker Setting for Static IP allocation
Docker Setting for Static IP allocationDocker Setting for Static IP allocation
Docker Setting for Static IP allocation
Ji-Woong Choi
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitch
Te-Yen Liu
 
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
Anne Nicolas
 
A Strong Belief, Loosely Held: Bringing Empathy to IT
A Strong Belief, Loosely Held: Bringing Empathy to ITA Strong Belief, Loosely Held: Bringing Empathy to IT
A Strong Belief, Loosely Held: Bringing Empathy to IT
Docker, Inc.
 
Container Storage Best Practices in 2017
Container Storage Best Practices in 2017Container Storage Best Practices in 2017
Container Storage Best Practices in 2017
Keith Resar
 

Mais conteúdo relacionado

Mais procurados

debugging openstack neutron /w openvswitch
debugging openstack neutron /w openvswitchdebugging openstack neutron /w openvswitch
debugging openstack neutron /w openvswitch
어형 이
 
Web scale infrastructures with kubernetes and flannel
Web scale infrastructures with kubernetes and flannelWeb scale infrastructures with kubernetes and flannel
Web scale infrastructures with kubernetes and flannel
purpleocean
 
Velocity 2017 Performance analysis superpowers with Linux eBPF
Velocity 2017 Performance analysis superpowers with Linux eBPFVelocity 2017 Performance analysis superpowers with Linux eBPF
Velocity 2017 Performance analysis superpowers with Linux eBPF
Brendan Gregg
 
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all started
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all startedKernel Recipes 2019 - ftrace: Where modifying a running kernel all started
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all started
Anne Nicolas
 
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
Anne Nicolas
 

Mais procurados (20)

Hyperledger composer
Hyperledger composerHyperledger composer
Hyperledger composer
 
debugging openstack neutron /w openvswitch
debugging openstack neutron /w openvswitchdebugging openstack neutron /w openvswitch
debugging openstack neutron /w openvswitch
 
Learning kubernetes
Learning kubernetesLearning kubernetes
Learning kubernetes
 
Web scale infrastructures with kubernetes and flannel
Web scale infrastructures with kubernetes and flannelWeb scale infrastructures with kubernetes and flannel
Web scale infrastructures with kubernetes and flannel
 
Docker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in PragueDocker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in Prague
 
Introduction to eBPF and XDP
Introduction to eBPF and XDPIntroduction to eBPF and XDP
Introduction to eBPF and XDP
 
Kernel Recipes 2019 - Metrics are money
Kernel Recipes 2019 - Metrics are moneyKernel Recipes 2019 - Metrics are money
Kernel Recipes 2019 - Metrics are money
 
The n00bs guide to ovs dpdk
The n00bs guide to ovs dpdkThe n00bs guide to ovs dpdk
The n00bs guide to ovs dpdk
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting
 
Kernel Recipes 2019 - Kernel documentation: past, present, and future
Kernel Recipes 2019 - Kernel documentation: past, present, and futureKernel Recipes 2019 - Kernel documentation: past, present, and future
Kernel Recipes 2019 - Kernel documentation: past, present, and future
 
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, Docker
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, DockerUnder the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, Docker
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, Docker
 
Velocity 2017 Performance analysis superpowers with Linux eBPF
Velocity 2017 Performance analysis superpowers with Linux eBPFVelocity 2017 Performance analysis superpowers with Linux eBPF
Velocity 2017 Performance analysis superpowers with Linux eBPF
 
Cloud RPI4 tomcat ARM64
Cloud RPI4 tomcat ARM64Cloud RPI4 tomcat ARM64
Cloud RPI4 tomcat ARM64
 
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all started
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all startedKernel Recipes 2019 - ftrace: Where modifying a running kernel all started
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all started
 
CoreOSによるDockerコンテナのクラスタリング
CoreOSによるDockerコンテナのクラスタリングCoreOSによるDockerコンテナのクラスタリング
CoreOSによるDockerコンテナのクラスタリング
 
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu VenugopalDocker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
 
Staging driver sins
Staging driver sinsStaging driver sins
Staging driver sins
 
Docker Setting for Static IP allocation
Docker Setting for Static IP allocationDocker Setting for Static IP allocation
Docker Setting for Static IP allocation
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitch
 
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
 

Destaque

The Value Of Diverse Experiences
The Value Of Diverse ExperiencesThe Value Of Diverse Experiences
The Value Of Diverse Experiences
Docker, Inc.
 
Taking Docker to Production: What You Need to Know and Decide
Taking Docker to Production: What You Need to Know and DecideTaking Docker to Production: What You Need to Know and Decide
Taking Docker to Production: What You Need to Know and Decide
Docker, Inc.
 
How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...
How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...
How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...
Docker, Inc.
 

Destaque (13)

A Strong Belief, Loosely Held: Bringing Empathy to IT
A Strong Belief, Loosely Held: Bringing Empathy to ITA Strong Belief, Loosely Held: Bringing Empathy to IT
A Strong Belief, Loosely Held: Bringing Empathy to IT
 
Container Storage Best Practices in 2017
Container Storage Best Practices in 2017Container Storage Best Practices in 2017
Container Storage Best Practices in 2017
 
Kubernetes in Docker
Kubernetes in DockerKubernetes in Docker
Kubernetes in Docker
 
Back to the Future: Containerize Legacy Applications
Back to the Future: Containerize Legacy ApplicationsBack to the Future: Containerize Legacy Applications
Back to the Future: Containerize Legacy Applications
 
DockerCon EU 2017 - General Session Day 1
DockerCon EU 2017 - General Session Day 1DockerCon EU 2017 - General Session Day 1
DockerCon EU 2017 - General Session Day 1
 
DockerCon EU 2017 - General Session Day 2
DockerCon EU 2017 - General Session Day 2DockerCon EU 2017 - General Session Day 2
DockerCon EU 2017 - General Session Day 2
 
What's New in Docker
What's New in DockerWhat's New in Docker
What's New in Docker
 
The Value Of Diverse Experiences
The Value Of Diverse ExperiencesThe Value Of Diverse Experiences
The Value Of Diverse Experiences
 
Taking Docker to Production: What You Need to Know and Decide
Taking Docker to Production: What You Need to Know and DecideTaking Docker to Production: What You Need to Know and Decide
Taking Docker to Production: What You Need to Know and Decide
 
How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...
How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...
How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...
 
Learning Docker from Square One
Learning Docker from Square OneLearning Docker from Square One
Learning Docker from Square One
 
Integrating Docker EE into Société Générale's Existing Enterprise IT Systems
Integrating Docker EE into Société Générale's Existing Enterprise IT SystemsIntegrating Docker EE into Société Générale's Existing Enterprise IT Systems
Integrating Docker EE into Société Générale's Existing Enterprise IT Systems
 
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
 

Semelhante a Troubleshooting Tips from a Docker Support Engineer

DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline
Docker, Inc.
 

Semelhante a Troubleshooting Tips from a Docker Support Engineer (20)

Docker Security workshop slides
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slides
 
Deploying Windows Containers on Windows Server 2016
Deploying Windows Containers on Windows Server 2016Deploying Windows Containers on Windows Server 2016
Deploying Windows Containers on Windows Server 2016
 
Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)
 
Docker for Web Developers: A Sneak Peek
Docker for Web Developers: A Sneak PeekDocker for Web Developers: A Sneak Peek
Docker for Web Developers: A Sneak Peek
 
Infrastructure = code - 1 year later
Infrastructure = code - 1 year laterInfrastructure = code - 1 year later
Infrastructure = code - 1 year later
 
Real World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionReal World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and Production
 
桃園市教育局Docker技術入門與實作
桃園市教育局Docker技術入門與實作桃園市教育局Docker技術入門與實作
桃園市教育局Docker技術入門與實作
 
Running Docker in Development & Production (DevSum 2015)
Running Docker in Development & Production (DevSum 2015)Running Docker in Development & Production (DevSum 2015)
Running Docker in Development & Production (DevSum 2015)
 
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
 
New Docker Features for Orchestration and Containers
New Docker Features for Orchestration and ContainersNew Docker Features for Orchestration and Containers
New Docker Features for Orchestration and Containers
 
The How and Why of Windows containers
The How and Why of Windows containersThe How and Why of Windows containers
The How and Why of Windows containers
 
JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachJDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
 
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea LuzzardiWhat's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi
 
What's New in Docker 1.12 by Mike Goelzer and Andrea Luzzardi
What's New in Docker 1.12 by Mike Goelzer and Andrea LuzzardiWhat's New in Docker 1.12 by Mike Goelzer and Andrea Luzzardi
What's New in Docker 1.12 by Mike Goelzer and Andrea Luzzardi
 
파이썬 개발환경 구성하기의 끝판왕 - Docker Compose
파이썬 개발환경 구성하기의 끝판왕 - Docker Compose파이썬 개발환경 구성하기의 끝판왕 - Docker Compose
파이썬 개발환경 구성하기의 끝판왕 - Docker Compose
 
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
 
Challenges of container configuration
Challenges of container configurationChallenges of container configuration
Challenges of container configuration
 
Introduction to Docker - Learning containerization XP conference 2016
Introduction to Docker - Learning containerization XP conference 2016Introduction to Docker - Learning containerization XP conference 2016
Introduction to Docker - Learning containerization XP conference 2016
 
Deploying .net core apps to Docker - dotnetConf Local Bengaluru
Deploying .net core apps to Docker - dotnetConf Local BengaluruDeploying .net core apps to Docker - dotnetConf Local Bengaluru
Deploying .net core apps to Docker - dotnetConf Local Bengaluru
 
DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline
 

Último

VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
SUHANI PANDEY
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
roncy bisnoi
 
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
amitlee9823
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
Epec Engineered Technologies
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Arindam Chakraborty, Ph.D., P.E. (CA, TX)
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
Kamal Acharya
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 

Último (20)

Block diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptBlock diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.ppt
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
2016EF22_0 solar project report rooftop projects
2016EF22_0 solar project report rooftop projects2016EF22_0 solar project report rooftop projects
2016EF22_0 solar project report rooftop projects
 
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced LoadsFEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
 
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
 
22-prompt engineering noted slide shown.pdf
22-prompt engineering noted slide shown.pdf22-prompt engineering noted slide shown.pdf
22-prompt engineering noted slide shown.pdf
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
 

Troubleshooting Tips from a Docker Support Engineer

  • 1. Troubleshooting Jeff Anderson Developer Support Engineer at Docker @programm3rq
  • 2. Troubleshooting Basics Common Issues ○ Volumes ○ Networking ○ TLS Advanced Troubleshooting Techniques Troubleshooting
  • 3.
  • 5. 1. Characterization 2. Hypothesis 3. Test & Observe Troubleshooting Basics
  • 8. Minecraft Server ● Single Java Process ● Stores game world state on disk ● Listens on port 25565 Enthusiast/Power User/Tinkerer Bob
  • 9. FROM java:7 ADD minecraft_server.1.10.2.jar / RUN mkdir -p /opt/minecraft RUN echo "eula=true" > /opt/minecraft/eula.txt EXPOSE 25565 WORKDIR /opt/minecraft CMD java -jar /minecraft_server.1.10.2.jar Minecraft Dockerfile
  • 10. $ docker build -t mc:1.10.2 . $ docker run -d --name old -p 25565:25565 mc:1.10.2 Minecraft Build and Run
  • 11.
  • 12. FROM java:7 ADD minecraft_server.1.11.2.jar / RUN mkdir -p /opt/minecraft RUN echo "eula=true" > /opt/minecraft/eula.txt EXPOSE 25565 WORKDIR /opt/minecraft CMD java -jar /minecraft_server.1.11.2.jar Minecraft Dockerfile (updated)
  • 13. $ docker build -t mc:1.11.2 . $ docker stop old $ docker run -d --name new -p 25565:25565 mc:1.11.2 Minecraft Build and Run (updated)
  • 14.
  • 15. Where did my stateful minecraft data go?! Bob
  • 16. Storing important data A volume is a directory on the host that is made available to a container. Docker does this with a bind mount. Volumes
  • 17. $ mount -o bind /opt/source /opt/destination $ touch /opt/source/test $ ls -li /opt/source/* /opt/destination/* 497080 -rw-r--r-- 1 root root 0 Apr 9 01:37 /opt/destination/test 497080 -rw-r--r-- 1 root root 0 Apr 9 01:37 /opt/source/test $ ls -lid /opt/source/ /opt/destination/ 500424 drwxr-xr-x 2 root root 4096 Apr 9 01:37 /opt/destination/ 500424 drwxr-xr-x 2 root root 4096 Apr 9 01:37 /opt/source/ Bind Mount
  • 18. Three Types 1. Host volume "I want my data to be here specifically" 2. Named Volume "I want to refer to my data later easily" 3. Anonymous Volume "I just want a volume" Volumes
  • 19. # Host Volume $ docker run -v /opt/hostpath:/container/data … # Named Volume $ docker run -v important_stuff:/container/data … # Anonymous Volume $ docker run -v /container/data … Volume Types
  • 21. $ docker diff old … C /opt/minecraft A /opt/minecraft/server.properties A /opt/minecraft/world A /opt/minecraft/world/region A /opt/minecraft/world/region/r.0.0.mca … Put data in a volume
  • 22. $ docker volume create minecraft $ docker create --name new -p 25565:25565 -v minecraft:/opt/minecraft mc:1.11.2 $ docker cp old:/opt/minecraft minecraft $ docker cp minecraft new:/opt/ $ docker start new Put data in a volume
  • 23. Use volumes to designate where stateful data goes Bob
  • 24. Local dev environment Ubuntu 16.04 desktop Wants to use Docker in her development workflow Ruby Developer Jane
  • 25. Useful for local development Jane uses RubyMine Wants code auto-reload with the rerun gem Host Volumes
  • 26. FROM ruby RUN gem install sinatra sqlite3 rerun COPY . /app/code WORKDIR /app/code EXPOSE 4567 CMD rerun 'ruby server.rb -o 0.0.0.0' Ruby App Dockerfile
  • 27. $ docker build -t my_sinatra_app . $ docker run -p 4567:4567 --name webdev -v /home/jane/code:/app/code my_sinatra_app 23:30:18 [rerun] Code launched /usr/local/bundle/gems/sqlite3-1.3.13/lib/sqlite3/database.rb:9 1:in `initialize': no such table: config … Jane's Ruby App
  • 28. Useful for local development This development environment needs a test database. By default, it creates an sqlite3 file called test.db This can be initialized with the 'init.sql' file in the project Host Volumes
  • 29. $ sqlite3 -bail test.db < init.sql Error: near line 1: attempt to write a readonly database Jane's Ruby App
  • 31. Permission and ownership issues are dealt with in the same way with and without docker. The numeric uid is what matters. Permissions and Ownership
  • 32. $ sqlite3 -bail test.db < init.sql Error: near line 1: attempt to write a readonly database $ ls -lin … 6721104 -rw-r--r-- 1 1000 1000 163 Apr 18 2017 init.sql 6721145 -rw-r--r-- 1 0 0 0 Apr 18 2017 test.db Jane's Ruby App
  • 33. Characterization and Hypothesis ● Files created by the container are owned by uid 0 ● The image's default user is uid 0 ● test.db file permissions are 0644 ● sqlite3 is running as uid 1000 (jane) Hypothesis: this is a normal permissions/ownership issue. Permissions and Ownership
  • 34. Characterization and Hypothesis Do these: ● chown 1000 test.db ● run container as uid 1000 Avoid these: ● chmod 777 ● sudo sqlite3 Permissions and Ownership
  • 35. examples of containerized process writing files ● database files ● pid files ● bytecode caching ● in-app file uploads ● plugin/theme installation ● log files Permissions and Ownership
  • 36. Docker for Mac Docker for Mac shares files from macos host to hyperkit VM This file sharing mechanism will ensure files written by containers will always match your macos user id Host Volumes
  • 39. Working on a small Python web application. Early stages of development. Ready to Dockerize the project.Web Developer Small Company Josh
  • 40. from bottle import route, run, template import socket @route('/') def index(): return str(socket.gethostname()) + 'n' run(host='0.0.0.0', port=8000) Application Code
  • 41. FROM python:3-alpine RUN pip install bottle ADD . /code WORKDIR /code EXPOSE 8000 CMD ["python", "app.py"] Application Dockerfile
  • 42. $ docker build -t app . $ docker run -d --name web -p 8000:8000 app $ curl http://localhost:8000 d8939bc62a36 Running the python code
  • 43. server { listen 80; server_name localhost; location / { root /usr/share/nginx/html; index index.html index.htm; proxy_pass http://localhost:8000/; } } nginx config file
  • 44. FROM nginx:alpine RUN rm -f /etc/nginx/conf.d/default.conf ADD nginx.conf /etc/nginx/conf.d/default.conf nginx Dockerfile
  • 45. $ docker build -t mynginx . $ docker run -d --name nginx -p 80:80 mynginx $ curl http://localhost/ <html> <head><title>502 Bad Gateway</title></head> <body bgcolor="white"> <center><h1>502 Bad Gateway</h1></center> <hr><center>nginx/1.11.10</center> </body> </html> Running nginx
  • 46. Web Developer Small Company Josh Unexpected 502 Error
  • 47. 502 - app.py and nginx Networking localhost eth0 nginx localhost eth0 - 172.18.0.6 nginx - 0.0.0.0:80 0.0.0.0:80 web localhost eth0 - 172.18.0.5 app.py - 0.0.0.0:8000 0.0.0.0:8000
  • 48. 502 Characterization and Hypothesis ● curl localhost:8000 does not work from nginx container (connection refused) ● curl localhost:8000 works from the app container ● curl 172.18.0.5:8000 works from the nginx container ● curl 172.18.0.5:8000 works from the app container Networking
  • 49. 502 - app.py and nginx Networking localhost eth0 nginx localhost eth0 - 172.18.0.6 nginx - 0.0.0.0:80 0.0.0.0:80 web localhost eth0 - 172.18.0.5 app.py - 0.0.0.0:8000 0.0.0.0:8000 curlcurl
  • 50. 502 Characterization and Hypothesis Hypothesis: nginx using the 'localhost' upstream is incorrect Test: update the nginx config file with the container ip. Networking
  • 51. server { listen 80; server_name localhost; location / { root /usr/share/nginx/html; index index.html index.htm; proxy_pass http://172.18.0.5:8000/; } } nginx config file
  • 53. 502 - app.py and nginx Networking localhost eth0 nginx localhost eth0 - 172.18.0.6 nginx - 0.0.0.0:80 0.0.0.0:80 web localhost eth0 - 172.18.0.5 app.py - 0.0.0.0:8000 0.0.0.0:8000
  • 54. 502 - app.py and nginx Networking localhost eth0 nginx localhost eth0 - 172.18.0.6 nginx - 0.0.0.0:80 0.0.0.0:80 web localhost eth0 - 172.18.0.5 app.py - 0.0.0.0:8000
  • 55. Network Service Discovery How will nginx discover the IP going forward? Docker runs a resolver at 127.0.0.11. It resolves container ips by their --name or --net-alias Networking
  • 56. server { listen 80; server_name localhost; resolver 127.0.0.11; location / { root /usr/share/nginx/html; index index.html index.htm; proxy_pass http://web:8000/; } } nginx config file updated
  • 59. Docker EE Docker Datacenter Deploys internal apps Devops Team at a big company Working on the Docker Project Steven
  • 61. Universal Control Plane ● Implements the Docker Daemon API on port 443 ● There is a web GUI as well ● You connect to it with a "client bundle" TLS
  • 62. $ ls … ca.pem cert.pem key.pem … env.sh $ cat env.sh export DOCKER_TLS_VERIFY=1 export DOCKER_CERT_PATH="$(pwd)" export DOCKER_HOST=tcp://ucp.example.com:443 Client Bundle
  • 63. $ source env.sh $ docker run --rm -it alpine echo hello dockercon hello dockercon $ docker service create -p 80:80 nginx:alpine ellhziigdmo2hae2z7wxuv4qt Client Bundle
  • 65. Installed New Certs ● Chrome no longer complains about the self signed certificate ● docker run and docker service still work as they did before TLS
  • 67. $ source env.sh $ docker-compose up -d ERROR: SSL error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) compose TLS issue
  • 68. TLS issue reported after cert install ● TLS error when using compose ● Same endpoint works in browser ● Same endpoint works with `docker` CLI Hypothesis: compose has different TLS client expectations from this TLS endpoint TLS
  • 69. TLS issues don't need to be scary Cheat sheet (check the following): ● Subject/Alt name match ● Full Chain of Trust ● Chain Root is trusted TLS
  • 70. TLS issues don't need to be scary Cheat sheet (check the following): ● Subject/Alt name match correct ● Full Chain of Trust ● Chain Root is trusted TLS
  • 71. openssl x509 -noout -text < 0.pem | grep 'Subject:|Issuer:' Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 Subject: CN=ucp.example.com cert Subject and Issuer
  • 72. openssl x509 -noout -text < 1.pem | grep 'Subject:|Issuer:' Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3 Subject: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 cert Subject and Issuer
  • 73. TLS issues don't need to be scary Cheat sheet (check the following): ● Subject/Alt name match correct ● Full Chain of Trust missing root ● Chain Root is trusted TLS
  • 74. openssl x509 -noout -text < 2.pem | grep 'Subject:|Issuer:' Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3 Subject: O=Digital Signature Trust Co., CN=DST Root CA X3 cert Subject and Issuer
  • 75. root: Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3 Subject: O=Digital Signature Trust Co., CN=DST Root CA X3 intermediary: Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3 Subject: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 certificate: Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 Subject: CN=ucp.example.com cert chain
  • 77. TLS issues don't need to be scary Cheat sheet (check the following): ● Subject/Alt name match correct ● Full Chain of Trust correct ● Chain Root is trusted TLS
  • 78. TLS issues don't need to be scary Cheat sheet (check the following): ● Subject/Alt name match correct ● Full Chain of Trust correct ● Chain Root is trusted correct TLS
  • 79. $ source env.sh $ docker-compose up -d … Creating network "acme_default" with the default driver Creating acme_tomcat_1 Creating acme_apache_1 docker-compose working
  • 80. TLS issue when using compose ● TLS works when using compose ● Same endpoint works in browser ● Same endpoint works with `docker` CLI Python TLS client wants the certificate authority it trusts to be a root certificate. TLS
  • 83. Amber keeps up pace by being proactive She has several general troubleshooting tactics that help characterize issuesWorks at a big company Has been a sysadmin, developer, network admin Currently technical lead on the devops team Amber
  • 84. Tools - command line utilities ● socat - bidirectional communication over tcp, udp, stdio, pipes, unix domain sockets, etc ● curl - make web requests ● jq - parse, filter, create json text ● regular network tools - iptables, ipvsadm, route, ip, arp, tcpdump, ifconfig ● nsenter - enter a namespace Amber's Toolbox
  • 85. Tools - command line utilities ● Nico Kabar's netshoot container: ○ https://github.com/nicolaka/netshoot ○ docker pull nicolaka/netshoot ● Jérôme Petazzoni's nsenter ○ https://github.com/jpetazzo/nsenter Amber's Toolbox
  • 86. $ socat -v tcp4-listen:5566,bind=127.0.0.1,reuseaddr,fork unix-connect:/var/run/docker.sock $ docker -H 127.0.0.1:5566 ps MITM docker socket traffic
  • 87. $ socat -v tcp4-listen:5566,bind=127.0.0.1,reuseaddr,fork unix-connect:/var/run/docker.sock > 2017/04/16 10:38:09.400245 length=131 from=115 to=245 GET /v1.26/containers/json HTTP/1.1r Host: 127.0.0.1:5566r User-Agent: Docker-Client/17.03.0-ce (darwin)r Accept-Encoding: gzipr r < 2017/04/16 10:38:09.401486 length=197 from=199 to=395 HTTP/1.1 200 OKr Api-Version: 1.26r Content-Type: application/jsonr Date: Sun, 16 Apr 2017 15:38:09 GMTr Docker-Experimental: truer Server: Docker/17.03.0-ce (linux)r Transfer-Encoding: chunkedr … MITM docker socket traffic
  • 88. $ curl -s --unix-socket /var/run/docker.sock http::/containers/json | jq '.[].Names[0]' "/focused_tesla" "/exciting_einstein" "/web" "/app" docker ps with curl | jq
  • 89. $ PID=$(docker inspect --format {{.State.Pid}} happy_tesla) $ nsenter -n -t $PID iptables -nL $ nsenter -t `pidof dockerd` -m nsenter --net=/var/run/docker/netns/ingress_sbox ipvsadm -l $ for i in /var/run/docker/netns/* ; do nsenter -t `pidof dockerd` -m nsenter --net=$i ifconfig; done nsenter
  • 90. Techniques Host A container networking is working Host B container networking is not They are seemingly identical How to identify the differences? graphical diff! Amber's Toolbox
  • 91.
  • 92.
  • 93. Techniques - How to Ask a Question Amber's Toolbox <statement of observation> |---------------------------| | demonstration of relevant observations |---------------------------| <question>
  • 94. Techniques - How to Ask a Question Amber's Toolbox <statement of observation> |---------------------------| | demonstration of relevant observations |---------------------------| <question> Characterization Hypothesis
  • 95. Techniques - How to Ask a Question Amber's Toolbox I'm getting a 502 error when I hit the staging acmecorp endpoint $ curl -vkL https://staging.internal.acmecorp.com/_ping/ … Is there a deploy happening now?
  • 96. Becoming a Troubleshooting Pro ● Docker Forums https://forums.docker.com/ ● Docker Community Slack https://dockr.ly/community What you can do
  • 97. THANK YOU Be a troubleshooting pro! @docker #dockercon Jeff Anderson @programm3rq