| 知乎专栏 |
已知 IP 172.17.0.66 我们希望知道那个容器在使用该 IP 地址。
$ docker network inspect 50ddb92f378e | grep -A2 -B4 '0\.66'
"b8f2b71e5715972c910f0876a89dbd9b7000d8fb77580206091e982b2119c47b": {
"Name": "nginx",
"EndpointID": "b7a3aea20619489def16f410c54ed5d857f8cd2062f2c66972f6341de8174ed8",
"MacAddress": "02:42:ac:11:00:42",
"IPv4Address": "172.17.0.66/16",
"IPv6Address": ""
},
查看出口IP地址
root@production:~# curl icanhazip.com root@production:~# curl -4 icanhazip.com root@production:~# curl -6 icanhazip.com root@production:~# curl api.ipify.org root@production:~# curl bot.whatismyipaddress.com
docker -v docker run ubuntu /bin/echo hello world docker stop $(docker ps -a -q) docker rm $(docker ps -a -q) docker rmi $(docker images -q)
failed to start daemon: Unable to get the TempDir under /var/lib/docker: mkdir /var/lib/docker/tmp: no space left on device
排查思路
Sep 08 11:09:28 homeassistant dockerd[2114]: time="2023-09-08T11:09:28.010100708+08:00" level=info msg="Starting up" Sep 08 11:09:28 homeassistant dockerd[2114]: time="2023-09-08T11:09:28.010549583+08:00" level=warning msg="Running experimental build" Sep 08 11:09:28 homeassistant dockerd[2114]: failed to start daemon: Unable to get the TempDir under /var/lib/docker: mkdir /var/lib/docker/tmp: no space left on device Sep 08 11:09:28 homeassistant systemd[1]: docker.service: Main process exited, code=exited, status=1/FAILURE
确认磁盘剩余空间
root@homeassistant:~# df Filesystem 1K-blocks Used Available Use% Mounted on /dev/root 14913852 9847068 4366996 70% / devtmpfs 931216 0 931216 0% /dev tmpfs 998896 0 998896 0% /dev/shm tmpfs 399560 5800 393760 2% /run tmpfs 5120 0 5120 0% /run/lock tmpfs 4096 0 4096 0% /sys/fs/cgroup tmpfs 998896 0 998896 0% /tmp /dev/zram1 49560 35356 10620 77% /var/log tmpfs 199776 0 199776 0% /run/user/0
root@homeassistant:~# cat /etc/fstab dev/mmcblk2p4 / ext4 defaults,noatime,commit=600,errors=remount-ro 0 1 tmpfs /tmp tmpfs defaults,nosuid 0 0
root@homeassistant:~# fdisk -l Disk /dev/mmcblk2: 14.56 GiB, 15634268160 bytes, 30535680 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: gpt Disk identifier: 0E6E0000-0000-4631-8000-1AEB00004F1C Device Start End Sectors Size Type /dev/mmcblk2p1 16384 24575 8192 4M unknown /dev/mmcblk2p2 24576 32767 8192 4M unknown /dev/mmcblk2p3 32768 98303 65536 32M unknown /dev/mmcblk2p4 98304 30535615 30437312 14.5G unknown Disk /dev/zram0: 975.49 MiB, 1022873600 bytes, 249725 sectors Units: sectors of 1 * 4096 = 4096 bytes Sector size (logical/physical): 4096 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk /dev/zram1: 50 MiB, 52428800 bytes, 12800 sectors Units: sectors of 1 * 4096 = 4096 bytes Sector size (logical/physical): 4096 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes
从现有镜像提取 Dockerfile
neo@netkiller:~/RCT$ sudo docker history nginx:latest --format "{{.CreatedBy}}" --no-trunc
/bin/sh -c #(nop) CMD ["nginx" "-g" "daemon off;"]
/bin/sh -c #(nop) STOPSIGNAL SIGQUIT
/bin/sh -c #(nop) EXPOSE 80
/bin/sh -c #(nop) ENTRYPOINT ["/docker-entrypoint.sh"]
/bin/sh -c #(nop) COPY file:e57eef017a414ca793499729d80a7b9075790c9a804f930f1417e56d506970cf in /docker-entrypoint.d
/bin/sh -c #(nop) COPY file:36429cfeeb299f9913b84ea136b004be12fbe4bb4f975a977a3608044e8bfa91 in /docker-entrypoint.d
/bin/sh -c #(nop) COPY file:d4375883ed5db364232ccf781e8ad28514cd005edb385d43dbfb984f2c63edb9 in /docker-entrypoint.d
/bin/sh -c #(nop) COPY file:5c18272734349488bd0c94ec8d382c872c1a0a435cca13bd4671353d6021d2cb in /docker-entrypoint.d
/bin/sh -c #(nop) COPY file:7b307b62e82255f040c9812421a30090bf9abf3685f27b02d77fcca99f997911 in /
/bin/sh -c set -x && groupadd --system --gid 101 nginx && useradd --system --gid nginx --no-create-home --home /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx && apt-get update && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates && NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; export GNUPGHOME="$(mktemp -d)"; found=''; for server in hkp://keyserver.ubuntu.com:80 pgp.mit.edu ; do echo "Fetching GPG key $NGINX_GPGKEY from $server"; gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; done; test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; rm -rf "$GNUPGHOME"; apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* && dpkgArch="$(dpkg --print-architecture)" && nginxPackages=" nginx=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} " && case "$dpkgArch" in amd64|arm64) echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list && apt-get update ;; *) echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list && tempDir="$(mktemp -d)" && chmod 777 "$tempDir" && savedAptMark="$(apt-mark showmanual)" && apt-get update && apt-get build-dep -y $nginxPackages && ( cd "$tempDir" && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" apt-get source --compile $nginxPackages ) && apt-mark showmanual | xargs apt-mark auto > /dev/null && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } && ls -lAFh "$tempDir" && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) && grep '^Package: ' "$tempDir/Packages" && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list && apt-get -o Acquire::GzipIndexes=false update ;; esac && apt-get install --no-install-recommends --no-install-suggests -y $nginxPackages gettext-base curl && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list && if [ -n "$tempDir" ]; then apt-get purge -y --auto-remove && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; fi && ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/nginx/error.log && mkdir /docker-entrypoint.d
/bin/sh -c #(nop) ENV PKG_RELEASE=1~bookworm
/bin/sh -c #(nop) ENV NJS_VERSION=0.7.12
/bin/sh -c #(nop) ENV NGINX_VERSION=1.25.1
/bin/sh -c #(nop) LABEL maintainer=NGINX Docker Maintainers <docker-maint@nginx.com>
/bin/sh -c #(nop) CMD ["bash"]
/bin/sh -c #(nop) ADD file:ba1250b6ecd5dd09d4914189d72741c2817988994e7da514bf62be439a34bdb5 in /
ubuntu@VM-0-13-ubuntu:~/RCT$
server {
listen 80;
listen 443 ssl;
server_name sip.aigcsst.cn 139.9.54.211;
access_log /dev/stdout;
error_log /dev/stdout;
# RSA certificate
# certbot certonly --webroot -w /opt/nginx/html/ -d api.aigcsst.cn
ssl_certificate /etc/letsencrypt/live/aigcsst.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/aigcsst.cn/privkey.pem;
location / {
root /usr/share/nginx/avaya;
autoindex on;
}
}
问题出在卷映射
"/opt/nginx/avaya:/usr/share/nginx/avaya:ro" 改为 "/opt/nginx/avaya:/usr/share/nginx/avaya"