Shulou(Shulou.com)05/31 Report--

This article mainly introduces "what is the method of troubleshooting and repair of FAQ common problems". In daily operation, I believe many people have doubts about what the methods of troubleshooting and repair of FAQ common problems are. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful for you to answer the doubts of "what are the methods of troubleshooting and repairing FAQ common problems?" Next, please follow the editor to study!

1. Service / container 1. Why can I only edit the name of the container?

The Docker container cannot be changed after it is created. The only thing that can be changed is the part of the data that we want to store that is not part of the Docker container itself. Whether it is stopped, started, or restarted, it always uses the same container. If you want to change anything, you need to delete or recreate a container.

You can clone, that is, select an existing container and fill all the settings in the add service interface in advance based on the configuration of the existing container. If you forget to fill in something, you can change it by cloning and delete the old container.

2. How does the container / service of service-link work in Rancher?

In Docker, the ID and IP addresses of the associated container (using-- link in docker run) appear in the container's / etc/hosts. In Rancher, we don't need to change the / etc/hosts file of the container, but we associate the container by running an internal DNS server, and the DNS server returns us the correct IP.

3. If you cannot open the command line or view the log through the interface of Rancher, how can you access the command line and log of the container?

The Agent host may be exposed on the public network, and the request to access the container command line or log received on the Agent cannot be trusted. The request in Rancher Server includes a JWT (JSON Web Token). The JWT is signed by the server and can be verified by the Agent. The Agent can determine whether the request comes from the server. The JWT includes a validity period of 5 minutes. This validity period prevents it from being used for a long time. This is especially important if JWT is intercepted and SSL is not used.

If you run docker logs-f (rancher-agent name or ID). The log displays the token expiration message, and then checks whether the clocks of the Rancher Server host and the Rancher Agent host are synchronized.

4. Where can I see my service log?

In the details page of the service, we provide a tab log of the service log. In the log tab, all events related to the service are listed, including timestamps and event-related descriptions, which will be retained for 24 hours.

5. RANCHER SERVER Click WEB shell screen white screen

If RANCHER SERVER is running in V1.6.2, click WEB shell and the white screen appears, which is a BUG on UI, please choose to upgrade the server service.

Second, cross-host communication

If containers are running on different hosts and cannot ping each other, it may be caused by some common problems.

1. How to check whether cross-host communication is normal?

In the application-> infrastructure, check the status of the healthcheck application. If it is active, cross-host communication is normal.

To test manually, you can enter any container and ping the internal IP of another container. Infrastructure containers may be hidden in the host page. Click the check box "Show system containers" if you want to view them.

2. Is the host IP shown in UI correct?

Sometimes, the IP address of the Docker bridge is mistakenly used as the host IP, and the real host IP is not selected correctly. The IP for this error is usually 172.17.42.1 or an IP that begins with 172.17.x.x. If this is the case, configure the CATTLE_AGENT_IP environment variable with the IP address of the real host when adding the host using the docker run command.

Sudo docker run-d-e CATTLE_AGENT_IP=-- privileged\-v / var/run/docker.sock:/var/run/docker.sock\ rancher/agent:v0.8.2 http://SERVER_IP:8080/v1/scripts/xxxx3, the default subnet of Rancher (10.42.0.0and16) has been used or disabled in my network environment, how should I change this subnet?

The default subnet used by the Rancher Overlay network is 10.42.0.0Comp16. If this subnet is already in use, you will need to change the default subnet used in the Rancher network. You need to make sure that the appropriate subnets are used in the Network component of the infrastructure service. This subnet is defined in default_network in the rancher-compose.yml file of the service.

To change the IPsec or VXLAN network driver of Rancher, you will need to modify the configuration of the network infrastructure service in the environment template. When you create a new environment template or edit an existing environment template, you can configure the network infrastructure service by clicking Edit. On the edit page, select configuration options > Subnet enter a different subnet and click configure. The updated subnet of the environment template will be used in any new environment, and editing the existing environment template will not change the subnet of the existing environment.

This example is to change the subnet to 10.32.0.0lap16 by upgrading the network-driven rancher-compose.yml file.

Ipsec: network_driver: name: Rancher IPsec default_network: name: ipsec host_ports: true subnets: # After the configuration option is updated The default subnet address is updated-network_address: 10.32.0.0 shock 16 dns:-169.254.169.250 dns_search:-rancher.internal cni_config: '10murrancher.confession: name: rancher-cni-network type: rancher-bridge bridge: docker0 # After the configuration option is updated The default subnet address is updated bridgeSubnet: 10.32.0.0/16 logToFile: / var/log/rancher-cni.log isDebugLevel: false isDefaultGateway: true hostNat: true hairpinMode: true mtu: 1500 linkMTUOverhead: 98 ipam: type: rancher-cni-ipam logToFile: / var/log/rancher-cni.log isDebugLevel: false routes: -dst: 169.254.169.250Comp32

Note: as Rancher updates subnets by upgrading basic services, the previous method of updating subnets through API will no longer apply.

4. In VXLAN network mode, you cannot communicate across host containers.

Vxlan communicates through port 4789. Check whether the firewall has opened this port.

Execute iptables-t filter-L-n see the IPtable table to see if the chain FORWARD is discarded, and if so, execute sudo iptables-P FORWARD ACCEPT

Third, DNS1, how to check whether my DNS is configured correctly?

If you want to view the Rancher DNS configuration, click Apps > basic Services. Click the network-services application, select metadata, and in metadata, find the container named network-services-metadata-dns-X. After clicking the execute command line through UI, you can enter the command line of the container, and then execute the following command.

Cat / etc/rancher-dns/answers.json2 cannot communicate with each other properly when running the container on Ubuntu.

If UFW is enabled on your system, turn off UFW or change the policy in / etc/default/ufw to:

DEFAULT_FORWARD_POLICY= "ACCEPT" 4. Load balancing 1. Why is my load balancer always in Initializing state?

The load balancer automatically enables health check for it. If the load balancer is initialized, it is likely that there will be no cross-host communication between hosts.

2. How can I view the configuration of load balancer?

To view the configuration of the load balancer, you need to go inside the load balancer container to find the configuration file. You can select the execution command line of the load balancer container on the page.

Cat / etc/haproxy/haproxy.cfg

This file will provide all configuration details for the load balancer.

3. Where can I find HAproxy's log?

HAProxy logs can be found in the load balancer container. The docker logs of the load balancer container only provides details of the services related to the load balancer, but does not provide actual HAProxy logging.

Cat / var/log/haproxy4, how to customize the configuration of load balancer

As shown in the figure, in the custom configuration, follow the format of global, defaults, frontend and backend.

Health check-up 1. Why does the health check-up service always show a yellow initialization status?

Healthcheck not only provides health checks for other services, but also provides health check services for system components (such as scheduling services), and healthcheck also performs health checks on itself. When there are multiple healthcheck components, they cross-check each other, and the container status turns green only after the health check is passed. The healthcheck has been showing a yellow initialization status, indicating that it has failed the health check. Health checks are all accessed through the network, so it must be caused by abnormal network communication.

VI. Dispatch

Why is the application not automatically dispatched to other nodes after the node is shut down? The scheduling of applications on Rancher needs to cooperate with the health check function. The application will be rescheduled when the health check is found to be unhealthy. If the health check is not configured, cattle will not schedule the application even if the computer is turned off.

7. CentOS1, why can't the container connect to the network?

If you run a container (such as docker run-it ubuntu) on a host that cannot communicate with the Internet or other hosts, you may be experiencing a network problem. The default setting of Centos / proc/sys/net/ipv4/ip_forward is 0, which blocks all Docker networks from the bottom.

Solution:

Vi / usr/lib/sysctl.d/00-system.conf

Add the following code:

Net.ipv4.ip_forward=1net.bridge.bridge-nf-call-ip6tables = 1net.bridge.bridge-nf-call-iptables = 1net.bridge.bridge-nf-call-arptables = 1

Restart the network service

Systemctl restart network

Check to see if the modification is successful

Sysctl net.ipv4.ip_forward

If net.ipv4.ip_forward = 1 is returned, it is successful.

8. Jingdongyun 1. JD.com Cloud has the following problems in running rancher server

At this point, the study on "what are the ways to troubleshoot and fix FAQ common problems" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.