Docker exec 出现 "fork/exec /proc/
2018-08-25 本文已影响0人
awker
docker 容器正常运行,但不能 exec
# docker ps | grep mq
5d0e262527cf rabbitmq:3-management "docker-entrypoint..." 12 months ago Up 3 months 10.168.93.209:4369->4369/tcp, 10.168.93.209:5671-5672->5671-5672/tcp, 10.168.93.209:15671-15672->15671-15672/tcp, 10.168.93.209:25672->25672/tcp mq01
# docker exec -it mq01 /bin/bash
rpc error: code = 2 desc = oci runtime error: exec failed: container_linux.go:247: starting container process caused "process_linux.go:75: starting setns process caused \"fork/exec /proc/self/exe: no such file or directory\""
docker 版本信息
# docker version
Client:
Version: 1.13.1
API version: 1.26
Package version: <unknown>
Go version: go1.8.3
Git commit: 774336d/1.13.1
Built: Wed Mar 7 17:06:16 2018
OS/Arch: linux/amd64
Server:
Version: 1.13.1
API version: 1.26 (minimum version 1.12)
Package version: <unknown>
Go version: go1.8.3
Git commit: 774336d/1.13.1
Built: Wed Mar 7 17:06:16 2018
OS/Arch: linux/amd64
Experimental: false
# docker info
Containers: 20
Running: 20
Paused: 0
Stopped: 0
Images: 215
Server Version: 1.13.1
Storage Driver: devicemapper
Pool Name: docker-202:17-4703339-pool
Pool Blocksize: 65.54 kB
Base Device Size: 107.4 GB
Backing Filesystem: xfs
Data file: /dev/loop0
Metadata file: /dev/loop1
Data Space Used: 20.17 GB
Data Space Total: 107.4 GB
Data Space Available: 87.2 GB
Metadata Space Used: 17.29 MB
Metadata Space Total: 2.147 GB
Metadata Space Available: 2.13 GB
Thin Pool Minimum Free Space: 10.74 GB
Udev Sync Supported: true
Deferred Removal Enabled: true
Deferred Deletion Enabled: true
Deferred Deleted Device Count: 0
Data loop file: /data/docker/devicemapper/devicemapper/data
WARNING: Usage of loopback devices is strongly discouraged for production use. Use `--storage-opt dm.thinpooldev` to specify a custom block storage device.
Metadata loop file: /data/docker/devicemapper/devicemapper/metadata
Library Version: 1.02.140-RHEL7 (2017-05-03)
Logging Driver: json-file
Cgroup Driver: systemd
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Swarm: inactive
Runtimes: docker-runc runc
Default Runtime: docker-runc
Init Binary: docker-init
containerd version: (expected: aa8187dbd3b7ad67d8e5e3a15115d3eef43a7ed1)
runc version: N/A (expected: 9df8b306d01f59d3a8029be411de015b7304dd8f)
init version: N/A (expected: 949e6facb77383876aeff8a6944dde66b3089574)
Security Options:
seccomp
WARNING: You're not using the default seccomp profile
Profile: /etc/docker/seccomp.json
Kernel Version: 3.10.0-693.21.1.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
Number of Docker Hooks: 3
CPUs: 16
Total Memory: 31.25 GiB
Name: docker02
ID: 74LF:KJUT:GI6B:VKVC:OGWX:GBIB:C3WQ:W2ON:Y54T:YHL3:5TBJ:ATUD
Docker Root Dir: /data/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://edavcczl.mirror.aliyuncs.com/
Live Restore Enabled: false
Registries: docker.io (secure)
具体解决过程
1、查找出 docker 的容器 id 5d0e262527cf
# docker ps | grep rabbitmq
5d0e262527cf rabbitmq:3-management "docker-entrypoint..." 12 months ago Up 3 months 10.168.93.209:4369->4369/tcp, 10.168.93.209:5671-5672->5671-5672/tcp, 10.168.93.209:15671-15672->15671-15672/tcp, 10.168.93.209:25672->25672/tcp mq01
2、根据 docker 容器 id 5d0e262527cf 找到对应的 libcontainerd 的运行pid 7309
# ps -ef|grep libcontainerd | grep 5d0e262527cf
root 7309 1136 0 May07 ? 00:00:09 /usr/bin/docker-containerd-shim-current 5d0e262527cf7c3c7f459104ac542a45b050d42817d07026e3ce0cd20b7c5459 /var/run/docker/libcontainerd/5d0e262527cf7c3c7f459104ac542a45b050d42817d07026e3ce0cd20b7c5459 /usr/libexec/docker/docker-runc-current
3、用 nsenter 进入 docker 容器 5d0e262527cf 的 namespace
# nsenter -m -t 7309 bash
4、查看 docker 容器 5d0e262527cf 的 DeviceName
# docker inspect --format='{{.GraphDriver.Data.DeviceName}}' 5d0e262527cf
docker-202:17-4703339-5d0e262527cf7c3c7f459104ac542a45b050d42817d07026e3ce0cd20b7c5459
5、
可以看到 docker 容器 5d0e262527cf 的 /data/docker/devicemapper/mnt/docker容器ID 这个目录不存在
# ll /data/docker/devicemapper/mnt/5d0e262527cf7c3c7f459104ac542a45b050d42817d07026e3ce0cd20b7c5459
ls: cannot access /data/docker/devicemapper/mnt/5d0e262527cf7c3c7f459104ac542a45b050d42817d07026e3ce0cd20b7c5459: No such file or directory
只看到 /data/docker/devicemapper/mnt/docker容器ID-init 这个目录,所以执行 docker exec 时,会报错 \"fork/exec /proc/self/exe: no such file or directory\"
# ll /data/docker/devicemapper/mnt/5d0e262527cf7c3c7f459104ac542a45b050d42817d07026e3ce0cd20b7c5459-init
total 0
6、对比正常 docker 容器 aa4416c1f1e8 的目录
# ll /data/docker/devicemapper/mnt/aa4416c1f1e8fb192e72b2cf60aae8507cc4bf7bbe69ef2b96d81e29640f7a4a
total 8
-rw------- 1 root root 64 Dec 11 2017 id
drwxr-xr-x 21 root root 4096 Apr 3 15:35 rootfs
7、创建 docker 容器 5d0e262527cf 对应的目录(去掉 -init 后缀)
# mkdir /data/docker/devicemapper/mnt/5d0e262527cf7c3c7f459104ac542a45b050d42817d07026e3ce0cd20b7c5459
8、重新挂载 docker 容器 5d0e262527cf 的 /data/docker/devicemapper/mnt/容器ID 目录
// 用法:mount /dev/mapper/docker容器的DeviceName -o rw,relatime,nouuid,attr2,inode64,sunit=512,swidth=1024,noquota -t xfs /Dockerd服务的数据目录/devicemapper/mnt/容器ID
# mount /dev/mapper/docker-202:17-4703339-5d0e262527cf7c3c7f459104ac542a45b050d42817d07026e3ce0cd20b7c5459 -o rw,relatime,nouuid,attr2,inode64,sunit=512,swidth=1024,noquota -t xfs /data/docker/devicemapper/mnt/5d0e262527cf7c3c7f459104ac542a45b050d42817d07026e3ce0cd20b7c5459
# ll /data/docker/devicemapper/mnt/5d0e262527cf7c3c7f459104ac542a45b050d42817d07026e3ce0cd20b7c5459
total 8
-rw------- 1 root root 64 Aug 10 2017 id
drwxr-xr-x 17 root root 4096 Dec 10 2017 rootfs
9、退出 docker 容器 5d0e262527cf 的 namespace
# exit
exit
10、测试此 docker 容器 5d0e262527cf 可以正常执行 docker exec
# docker exec -it 5d0e262527cf /bin/bash
root@mq01:/# ls
bin boot dev docker-entrypoint.sh etc home lib lib32 lib64 libx32 media mnt opt plugins proc root run sbin srv sys tmp usr var
root@mq01:/# exit
exit
docker exec 出现问题时另一种折衷解决办法,通过 nsenter 进入容器
# docker exec -it 86ffcb615a74 /bin/bash
rpc error: code = 2 desc = oci runtime error: exec failed: container_linux.go:247: starting container process caused "process_linux.go:75: starting setns process caused \"fork/exec /proc/self/exe: no such file or directory\""
# docker inspect -f {{.State.Pid}} 86ffcb615a74
6670
# nsenter -t 6670 -m -u -i -n -p
-bash: /var/log/usermonitor/usermonitor.log: No such file or directory
root@86ffcb615a74:/# ps -ef
UID PID PPID C STIME TTY TIME CMD
mysql 1 0 0 May07 ? 02:50:32 mysqld
root 60 0 0 14:32 ? 00:00:00 -bash
root 67 60 0 14:33 ? 00:00:00 ps -ef
-bash: /var/log/usermonitor/usermonitor.log: No such file or directory