docker pull offline

如果要在一个内网/网络很差的环境下运行docker pull, 应该会让人抓狂吧. 本文介绍一下怎么解决这个问题. 本文基于CentOS 7.

1, 使用Proxy

这是大多数人首先想到的方法. docker官网说export HTTPS_PROXY / export HTTP_PROXY以后运行docker pull即可使用代理, 但是我这里是无效的, 原因未知. 这里介绍一个解决办法:

$ vim /usr/lib/systemd/system/docker.service  #在[Service]段下添加如下2行
......
[Service]
Environment="HTTPS_PROXY=http://10.10.74.101:8888"
Environment="HTTP_PROXY=http://10.10.74.101:8888"
......
$ sudo systemctl daemon-reload
$ sudo systemctl restart docker.service

然后再次运行docker pull就不会有问题了.

请注意: 使用本方法需要一个速度很棒的proxy_server . 如果你的proxy_server速度一般, 那么即使配置生效, 极慢的pull速度也会让你怀疑人生. 因此, 不妨考虑一下下面的方法.

2, 使用docker save/load进行镜像的导入导出

首先在一个网络不错的环境里, 进行docker pull, 并且将pull回来的docker save成一个image

$ docker pull docker.elastic.co/elasticsearch/elasticsearch:6.6.2
$ docker save -o es.img docker.elastic.co/elasticsearch/elasticsearch:6.6.2

然后将这个es.img文件拷贝到没有公网/网络很差的系统里

$ docker load -i es.img

解决df -h命令卡住

通过strace命令判断是在哪个mount point卡住

$ strace df
......
stat("/sys/fs/cgroup/devices", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
stat("/sys/fs/cgroup/pids", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
stat("/sys/fs/cgroup/hugetlb", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
stat("/sys/fs/cgroup/blkio", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
stat("/sys/fs/cgroup/freezer", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
stat("/sys/fs/cgroup/cpuset", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
stat("/sys/fs/cgroup/cpu,cpuacct", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
stat("/sys/fs/cgroup/perf_event", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
stat("/sys/kernel/config", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
stat("/", {st_mode=S_IFDIR|0555, st_size=4096, ...}) = 0
stat("/proc/sys/fs/binfmt_misc",    #这里卡住了

解决/proc/sys/fs/binfmt_misc被卡住问题(以下方法任选其一)

1. 执行systemctl restart proc-sys-fs-binfmt_misc.automount;

2. 升级到最新 systemd-219-57 版本;

3. 按照红帽知识库的步骤对 proc-sys-fs-binfmt_misc.automount 进行 mask 操作, 只进行静态的 mount 操作;

Prometheus中rate和irate的区别

rate()

rate(v range-vector) calculates the per-second average rate of increase of the time series in the range vector.

rate()函数计算某个时间序列范围内的每秒平均增长率。

Breaks in monotonicity (such as counter resets due to target restarts) are automatically adjusted for.

自适应单调性中断(比如target重启导致的计数器重置).

Also, the calculation extrapolates to the ends of the time range, allowing for missed scrapes or imperfect alignment of scrape cycles with the range’s time period.

计算结果是推算到每个时间范围的最后而得出, 允许漏抓和抓取周期与时间范围的不完美结合.

The following example expression returns the per-second rate of HTTP requests as measured over the last 5 minutes, per time series in the range vector:

以下示例返回最后五分钟HTTP请求每秒增长率

rate(http_requests_total{job="api-server"}[5m])

rate should only be used with counters. It is best suited for alerting, and for graphing of slow-moving counters.

rate应该只和计数器一起使用。最适合告警和缓慢计数器的绘图。 继续阅读

使用Collectd+Prometheus+Grafana监控nginx状态

在安装Nginx时,如果指定了–with-http_stub_status_module, 就可以使用本文的方法进行监控. 不用担心, 不论是从rpm/apt安装的Nginx, 均自带了该Module.

一般的建议是, 在nginx的机器上同时安装Collectd和collectd_exporter, 然后将数据导出到Prometheus(一般位于第三方服务器), 再从Grafana读取Prometheus中的数据.

1, 配置nginx

安装Nginx的过程此处略过, 我们需要确定一下Nginx安装了http_stub_status_module.

$ sudo nginx -V | grep http_sub_status
nginx version: nginx/1.14.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC)
built with OpenSSL 1.0.2k-fips  26 Jan 2017
TLS SNI support enabled
configure arguments: --user=nginx --group=nginx --prefix=/usr/local/nginx --conf-path=...

配置Nginx启用该module

location /nginx_status {
    stub_status on;
    access_log off;
    allow 127.0.0.1;
    deny all;
}

然后便可以通过http://ip/nginx_status来获取相关状态信息.

$ curl http://127.0.0.1/nginx_status
Active connections: 29
server accepts handled requests
 17750380 17750380 6225361
Reading: 0 Writing: 1 Waiting: 28

继续阅读