《OpenShift 4.x HOL教程汇总》
说明:本文已经在OpenShift 4.6环境中验证

文章目录

  • 查看crictl命令的配置文件
  • 用crictl命令操作Pod/Image/Container
  • 参考

CRI-O 容器引擎为运行开放容器倡议 (OCI) 兼容的运行时提供了一个稳定、更安全、更高性能的平台。OpenShift 4集群不再使用 Docker 作为容器运行环境,而是用了 CRI-O 的容器环境,这样CRI-O就取代了Docker服务成为实现OpenShift容器平台的容器运行时接口(CRI)的容器引擎。通过使用 CRI-O 容器引擎,可以访问符合OCI的运行时(如默认的 OCI 运行时 runc或 Kata Containers)来启动容器和 Pod。在集群节点上,OpenShift 使用了 crictl 工具来访问 CRI-O 环境,进而实现对容器和相关资源进行操作。

有关OpenShift集群节点的kubelet、CRI-O环境的介绍,请参见《 OpenShift 4 - 节点是如何通过CRI-O运行容器的》。

查看crictl命令的配置文件

  1. 查看OpenShift集群的节点,然后进入一个worker类型的节点,最后切换到root用户。
$ oc get nodes -o wide
NAME                                              STATUS   ROLES    AGE    VERSION           INTERNAL-IP    EXTERNAL-IP   OS-IMAGE                                                       KERNEL-VERSION                 CONTAINER-RUNTIME
ip-10-0-134-103.ap-southeast-1.compute.internal   Ready    master   143m   v1.19.0+d59ce34   10.0.134.103   <none>        Red Hat Enterprise Linux CoreOS 45.82.202007240629-0 (Ootpa)   4.18.0-193.13.2.el8_2.x86_64   cri-o://1.19.0-20.rhaos4.6.git97d715e.el8
ip-10-0-157-96.ap-southeast-1.compute.internal    Ready    worker   129m   v1.19.0+d59ce34   10.0.157.96    <none>        Red Hat Enterprise Linux CoreOS 45.82.202007240629-0 (Ootpa)   4.18.0-193.13.2.el8_2.x86_64   cri-o://1.19.0-20.rhaos4.6.git97d715e.el8
ip-10-0-178-197.ap-southeast-1.compute.internal   Ready    worker   129m   v1.19.0+d59ce34   10.0.178.197   <none>        Red Hat Enterprise Linux CoreOS 45.82.202007240629-0 (Ootpa)   4.18.0-193.13.2.el8_2.x86_64   cri-o://1.19.0-20.rhaos4.6.git97d715e.el8
ip-10-0-178-236.ap-southeast-1.compute.internal   Ready    master   143m   v1.19.0+d59ce34   10.0.178.236   <none>        Red Hat Enterprise Linux CoreOS 45.82.202007240629-0 (Ootpa)   4.18.0-193.13.2.el8_2.x86_64   cri-o://1.19.0-20.rhaos4.6.git97d715e.el8
ip-10-0-221-178.ap-southeast-1.compute.internal   Ready    master   143m   v1.19.0+d59ce34   10.0.221.178   <none>        Red Hat Enterprise Linux CoreOS 45.82.202007240629-0 (Ootpa)   4.18.0-193.13.2.el8_2.x86_64   cri-o://1.19.0-20.rhaos4.6.git97d715e.el8$ oc debug node/<WORKER_NODE>
Starting pod/ip-10-0-157-96ap-southeast-1computeinternal-debug ...
To use host binaries, run `chroot /host`sh-4.4# chroot /host
  1. 查看crictl的配置,缺省crictl连接的是该节点本地的“unix:///var/run/crio/crio.sock”
sh-4.4# cat /etc/crictl.yaml
runtime-endpoint: unix:///var/run/crio/crio.sock

用crictl命令操作Pod/Image/Container

  1. 查询该Node上名称包含machine-config-daemon的Pod实例,查到的Pod实例完整名称是“machine-config-daemon-8bblm”,它运行在“openshift-machine-config-operator”命名空间中。
sh-4.4# crictl pods --name machine-config-daemon
POD ID              CREATED             STATE               NAME                          NAMESPACE                           ATTEMPT
ba978ea7afe83       2 hours ago         Ready               machine-config-daemon-8bblm   openshift-machine-config-operator   0sh-4.4# POD_ID=ba978ea7afe83
  1. 根据名为machine-config-daemon-8bblm的pod的短POD_ID找到完整POD_ID(需要去掉引号)。
sh-4.4# FULL_POD_ID=$(crictl inspectp $POD_ID | jq .status.id | cut -d "\"" -f 2)
sh-4.4# echo $FULL_POD_ID
ba978ea7afe836c1fd0189e6b9198a58dd931a6610dc8a0bc5084b3c489f634b
  1. 根据POD_ID查看pod信息。记录Pod用到Image的DIGEST信息。
sh-4.4# crictl inspectp $POD_ID | grep image"image": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:eb9ab6f21487d70c0fda256729adc82845aa3b68f9b84be18892d3096999d055",sh-4.4# IMAGE_DIGEST=sha256:eb9ab6f21487d70c0fda256729adc82845aa3b68f9b84be18892d3096999d055
  1. 使用Image的DIGEST查完整的IMAGE_ID。
sh-4.4# crictl images --no-trunc --digests | grep $IMAGE_DIGEST
quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256                  <none>              sha256:eb9ab6f21487d70c0fda256729adc82845aa3b68f9b84be18892d3096999d055   e66662827187986d2c58eba25a6300d4c7926c2042b7e021901f47975f10b54c   255MBsh-4.4# IMAGE_ID=e66662827187986d2c58eba25a6300d4c7926c2042b7e021901f47975f10b54c
  1. 查看Image的详细配置。
sh-4.4# crictl inspecti $IMAGE_ID
{"status": {"id": "e66662827187986d2c58eba25a6300d4c7926c2042b7e021901f47975f10b54c","repoTags": [],"repoDigests": ["quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:eb9ab6f21487d70c0fda256729adc82845aa3b68f9b84be18892d3096999d055"],"size": "254920605","uid": {"value": "0"},"username": ""},
。。。
  1. 查看所有状态的Container,其中包括Running和Exited状态。
sh-4.4# crictl ps -a
CONTAINER           IMAGE                                                                                                                                      CREATED             STATE               NAME                         ATTEMPT             POD ID
59026587584a2       quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a60f5a4429d512c7bc8e438ba949b54583d16147e23d30aef9aaa836efa76783                     44 minutes ago      Running             container-00                 0                   8a70054afce03
91030ef25af00       registry.redhat.io/distributed-tracing/jaeger-rhel7-operator@sha256:69f4fe261dab28d899b2e58c86e6f35bdd9b44aa45229b7bae0e474454e77aa9       2 hours ago         Running             jaeger-operator              0                   62bd3cc3e6e6e
4be20be818779       registry.redhat.io/amq7/amq-streams-rhel7-operator@sha256:8637549bae76119b18fd1361120d9f2c68086425cc8c4751c3b8204b3942a7d9                 2 hours ago         Running             cluster-operator             0                   fb8e935887a77
。。。
a80e7f8aaed35       2b51d9d692993b904dad1169eb34f94be377a9eb34bc51577cf061f78b0e9f58                                                                           3 hours ago         Exited              whereabouts-cni              0                   3a26a488f2350
463eac215f338       quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3afc303dc91949d801b0fd806f53889d3ecff2b43307d6c7ddf3783c810ca10f                     3 hours ago         Exited              whereabouts-cni-bincopy      0                   3a26a488f2350
456b4c895975a       quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:72f164b5b9363614e2106950a502bbbeddb91b4fb6b239561d1ee6fc0d4563de                     3 hours ago         Exited              routeoverride-cni            0                   3a26a488f2350
db59dcee290fb       quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:aba21f0cf0f8035ab6b786366df0422085d044ca27bae59e94cb19d64a955e5d                     3 hours ago         Exited              cni-plugins                  0                   3a26a488f2350
  1. 使用前面设置的FULL_POD_ID查找该Pod包括的Container。可以看到名为“machine-config-daemon-8bblm”的Pod中运行了2个Container,分别是名为machine-config-daemon和oauth-proxy的Container。
sh-4.4# crictl ps --pod $FULL_POD_ID
CONTAINER           IMAGE                                                                                                                    CREATED             STATE               NAME                    ATTEMPT             POD ID
a925dcb856164       quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:21c49efa4fd9a4c6747c32cc6b2b0f877694d3fa5b3d3f66230129e603b152f0   2 hours ago         Running             oauth-proxy             0                   ba978ea7afe83
cbfbb31e114ca       quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b3a8e6a396a9f399ed2493fe5c65ec8e8aecd0f83d45f162de63aef9c2d88400   2 hours ago         Running             machine-config-daemon   0                   ba978ea7afe83
  1. 根据上一步执行结果设置名为machine-config-daemon容器的CONTAINER_ID和FULL_CONTAINER_ID。
sh-4.4# CONTAINER_ID=cbfbb31e114ca
sh-4.4# FULL_CONTAINER_ID=$(crictl inspect $CONTAINER_ID | jq .status.id | cut -d "\"" -f 2)
sh-4.4# echo $FULL_CONTAINER_ID
cbfbb31e114ca4789906666f97f51a641da3ea568d026cb7d5216a6d379bc731
  1. 直接在machine-config-daemon容器中执行命令。
sh-4.4# crictl exec -it $CONTAINER_ID ls
bin  boot  dev  etc  home  lib  lib64  manifests  media  mnt  opt  proc  root  rootfs  run  sbin  srv  sys  tmp  usr  var
  1. 查看pod中名为machine-config-daemon容器的日志。
sh-4.4# crictl logs $CONTAINER_ID
I0909 10:36:06.499290    2719 start.go:74] Version: v4.5.0-202007240519.p0-dirty (99eb744f5094224edb60d88ca85d607ab151ebdf)
I0909 10:36:06.501247    2719 start.go:84] Calling chroot("/rootfs")
I0909 10:36:06.501428    2719 rpm-ostree.go:368] Running captured: rpm-ostree status --json
I0909 10:36:06.712099    2719 daemon.go:211] Booted osImageURL: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:77e9ace116cec652637a79449dea00c6b4af5463ca2474463549cf145bc44438 (45.82.202007240629-0)
I0909 10:36:06.714599    2719 metrics.go:106] Registering Prometheus metrics
I0909 10:36:06.714664    2719 metrics.go:111] Starting metrics listener on 127.0.0.1:8797
I0909 10:36:06.715541    2719 update.go:1404] Starting to manage node: ip-10-0-157-96.ap-southeast-1.compute.internal
I0909 10:36:06.719018    2719 rpm-ostree.go:368] Running captured: rpm-ostree status
I0909 10:36:06.753767    2719 daemon.go:818] State: idle
Deployments:pivot://quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:77e9ace116cec652637a79449dea00c6b4af5463ca2474463549cf145bc44438CustomOrigin: Managed by machine-config-operatorVersion: 45.82.202007240629-0 (2020-12-24T06:33:19Z)ostree://67315b4b010341ffd396fe699287defe530830b17879d695fec0243b87e97c82Version: 45.82.202007141718-0 (2020-07-14T17:21:59Z)
I0909 10:36:06.753780    2719 rpm-ostree.go:368] Running captured: journalctl --list-boots
I0909 10:36:06.757759    2719 daemon.go:825] journalctl --list-boots:
-1 4ea87e5f3d75460c94379c39c37dcb7b Wed 2020-09-09 10:30:54 UTC—Wed 2020-09-09 10:34:20 UTC0 4afde637b05b409884433b6a359f10dc Wed 2020-09-09 10:34:35 UTC—Wed 2020-09-09 10:36:06 UTC
I0909 10:36:06.757771    2719 daemon.go:568] Starting MachineConfigDaemon
I0909 10:36:06.757840    2719 daemon.go:575] Enabling Kubelet Healthz Monitor
I0909 10:36:36.716933    2719 trace.go:116] Trace[1106410694]: "Reflector ListAndWatch" name:github.com/openshift/machine-config-operator/pkg/generated/informers/externalversions/factory.go:101 (started: 2020-09-09 10:36:06.716511929 +0000 UTC m=+0.241089202) (total time: 30.000399506s):
Trace[1106410694]: [30.000399506s] [30.000399506s] END
E0909 10:36:36.716955    2719 reflector.go:178] github.com/openshift/machine-config-operator/pkg/generated/informers/externalversions/factory.go:101: Failed to list *v1.MachineConfig: Get https://172.30.0.1:443/apis/machineconfiguration.openshift.io/v1/machineconfigs?limit=500&resourceVersion=0: dial tcp 172.30.0.1:443: i/o timeout
I0909 10:36:36.716931    2719 trace.go:116] Trace[646203300]: "Reflector ListAndWatch" name:k8s.io/client-go/informers/factory.go:135 (started: 2020-09-09 10:36:06.716166848 +0000 UTC m=+0.240744117) (total time: 30.00073537s):
Trace[646203300]: [30.00073537s] [30.00073537s] END
  1. 查看运行CONTAINER_ID占用的环境资源。
sh-4.4# crictl stats --id $CONTAINER_ID
CONTAINER           CPU %               MEM                 DISK                INODES
cbfbb31e114ca       0.05                77.86MB             62B                 4
  1. 根据FULL_CONTAINER_ID,在其对应的存储目录中查看machine-config-daemon容器的配置。
sh-4.4# more /run/containers/storage/overlay-containers/${FULL_CONTAINER_ID}/userdata/config.json
{"ociVersion": "1.0.2","process": {"user": {"uid": 0,"gid": 0},"args": ["/usr/bin/machine-config-daemon","start"],"env": ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","TERM=xterm","HOSTNAME=ip-10-0-157-96","NSS_SDB_USE_CACHE=no","NODE_NAME=ip-10-0-157-96.ap-southeast-1.compute.internal","KUBERNETES_PORT=tcp://172.30.0.1:443","KUBERNETES_PORT_443_TCP_PORT=443","MACHINE_CONFIG_DAEMON_PORT_9001_TCP_PROTO=tcp","MACHINE_CONFIG_DAEMON_PORT_9001_TCP_ADDR=172.30.171.237","MACHINE_CONFIG_DAEMON_PORT_9001_TCP_PORT=9001","KUBERNETES_SERVICE_HOST=172.30.0.1","KUBERNETES_PORT_443_TCP_PROTO=tcp","MACHINE_CONFIG_DAEMON_SERVICE_PORT_METRICS=9001","MACHINE_CONFIG_DAEMON_PORT=tcp://172.30.171.237:9001","MACHINE_CONFIG_DAEMON_PORT_9001_TCP=tcp://172.30.171.237:9001","KUBERNETES_SERVICE_PORT=443","KUBERNETES_SERVICE_PORT_HTTPS=443","KUBERNETES_PORT_443_TCP=tcp://172.30.0.1:443","KUBERNETES_PORT_443_TCP_ADDR=172.30.0.1","MACHINE_CONFIG_DAEMON_SERVICE_HOST=172.30.171.237","MACHINE_CONFIG_DAEMON_SERVICE_PORT=9001","__doozer=merge","BUILD_RELEASE=202007240519.p0","BUILD_VERSION=v4.5.0","OS_GIT_MAJOR=4","OS_GIT_MINOR=5","OS_GIT_PATCH=0","OS_GIT_TREE_STATE=clean","OS_GIT_VERSION=4.5.0-202007240519.p0-99eb744","SOURCE_GIT_TREE_STATE=clean","OS_GIT_COMMIT=99eb744","SOURCE_DATE_EPOCH=1595455266","SOURCE_GIT_COMMIT=99eb744f5094224edb60d88ca85d607ab151ebdf","SOURCE_GIT_TAG=machine-config-daemon-4.5.0-202006231303.p0-12-g99eb744f","SOURCE_GIT_URL=https://github.com/openshift/machine-config-operator","PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","container=oci"],。。。

参考

https://github.com/kubernetes-sigs/cri-tools/blob/master/docs/crictl.md

OpenShift 4 - 在集群节点用crictl对Pod/Image/Container进行操作相关推荐

  1. OpenShift 4 - 设置集群节点和Pod容器的时间和时区

    <OpenShift 4.x HOL教程汇总> 说明:本文已经在OpenShift 4.6环境中验证 文章目录 OpenShift的时间和时区 节点和容器的时间 节点和容器的时区 节点时间 ...

  2. OpenShift 4 - 集群节点日志和API审计日志策略

    <OpenShift / RHEL / DevSecOps 汇总目录> 说明:本文已经在OpenShift 4.8 环境中验证 文章目录 集群节点日志 集群节点日志类型 收集集群节点日志 ...

  3. OpenShift 4 - 利用 File Integrity Operator 实现对集群节点进行入侵检测

    <OpenShift / RHEL / DevSecOps 汇总目录> 说明:本文已经在OpenShift 4.9环境中验证 文章目录 File Integrity Operator 功能 ...

  4. OpenShift 4 - 用KubeletConfig和ContainerRuntimeConfig分别修改集群节点的Kubelet和cri-o的配置

    <OpenShift 4.x HOL教程汇总> 说明:本文已经在OpenShift 4.6环境中验证 文章目录 Kubelet.KubeletConfig和KubeletConfigCon ...

  5. 集群节点Elasticsearch升级

    集群节点Elasticsearch升级 操作流程 1.首先执行Elasticsearch-1.2.2集群的索引数据备份 2.关闭elasticsearch-1.2.2集群的recovery.compr ...

  6. MySQL集群节点宕机,数据库脑裂!如何排障?

    作者介绍 王晶,中国移动DBA,负责"移动云"业务系统的数据库集成架构设计.运维.优化等工作:擅长技术领域MySQL,获Oracle颁发的"MySQL DBA" ...

  7. 怎样一步一步删除(linux amp; UNIX)环境下 oracle 11g 集群节点

     Deleting a Cluster Node on Linux and UNIX Systems 1.确定要删除的节点,是否active,pinned $ olsnodes -s -t 假设 ...

  8. oracle集群 节点切换不,Oracle 11gR2 RAC集群单节点关闭开启

    Oracle Product集群因OS需要打patch需要单独关闭节点进行维护,机器为个人测试Oracle 11g R2测试集群 操作步骤 --确认集群的db_unique_name,本初的db_un ...

  9. 读懂这一篇,集群节点不下线

    作者 | 声东  阿里云售后技术专家 导读:排查完全陌生的问题.完全不熟悉的系统组件,是售后工程师的一大工作乐趣,当然也是挑战.今天借这篇文章,跟大家分析一例这样的问题.排查过程中,需要理解一些自己完 ...

最新文章

  1. JOptionPane提示框的一些常用方法
  2. SpringBoot 2.x 整合Mybatis三:tk.mybatis
  3. 《代码大全2》读书笔记(七)
  4. northstar机器人编程_《机器人构建实战》——导读
  5. [开发技巧3]不显示报表直接打印
  6. Linux下解决发布Qt程序报错:it could not find or load the Qt platform plugin “xcb” in “”
  7. 解决ssh正常登录sftp不能登录的问题
  8. Java使用HtmlUnit抓取js渲染页面
  9. 【clickhouse】clickhouse 表引擎之 null
  10. 九阴真经 服务器 显示维护,《九阴真经》1月29日服务器互通升级维护公告
  11. C# 二进制替换第一弹 byte 数组替换
  12. GeoTools应用-JTS(Geometry之间的关系)
  13. ajax只请求一次,关于ajax的请求只处理一次的问题
  14. C语言-数组的趣味应用-筛法求素数
  15. 打散线条lisp_《湘源修建性详细规划CAD系统》用户使用手册.doc
  16. 萨里大学计算机博士申请,4.11微分享丨本科直博拿下港中文CSE全奖博士,师兄带你敲开申请大门...
  17. Java程序员的五个职业发展方向
  18. PCL笔记二:PCD解析;PCD读取;PCD与XYZ转换;
  19. 50以内的勾股数c语言,50以内勾股数有哪些
  20. 你这么真诚,一定是骗子!

热门文章

  1. Linux先发送条件变量,linux 条件变量 浅谈Linux条件变量的使用
  2. 阶乘之和计算_浅谈积分计算的技巧
  3. 浮点数不能全等比较吗php,汇编语言FCOM指令:比较浮点数值
  4. 多实例linux自动启动,Linux 下自动启动多个oracle实例
  5. 写python代码的心得体会_写python代码的一点感想
  6. hashmap value为null_从这五个方面看hashmap,新手一遍就能懂
  7. c# 多线程 执行事件 并发_.NET异步和多线程系列(一)
  8. java11新特性_Java11 发布前抓紧掌握这些新特性
  9. 设计灵感|化繁杂为明晰!如何把信息类海报做得好看?
  10. 炫彩色块海报设计背景PSD素材,跟上设计趋势