github.com/rish1988/moby@v25.0.2+incompatible/libnetwork/support/support.sh (about)

     1  #!/usr/bin/env bash
     2  
     3  while getopts ":s" opt; do
     4  	case $opt in
     5  		s)
     6  			SSD="true"
     7  			;;
     8  	esac
     9  done
    10  
    11  SSD="${SSD:-false}"
    12  
    13  # Required tools
    14  DOCKER="${DOCKER:-docker}"
    15  NSENTER="${NSENTER:-nsenter}"
    16  BRIDGE="${BRIDGE:-bridge}"
    17  IPTABLES="${IPTABLES:-iptables}"
    18  IPVSADM="${IPVSADM:-ipvsadm}"
    19  IP="${IP:-ip}"
    20  SSDBIN="${SSDBIN:-ssd}"
    21  JQ="${JQ:-jq}"
    22  
    23  networks=0
    24  containers=0
    25  ip_overlap=0
    26  
    27  NSDIR=/var/run/docker/netns
    28  
    29  function die() {
    30  	echo $*
    31  	exit 1
    32  }
    33  
    34  function echo_and_run() {
    35  	echo "#" "$@"
    36  	eval $(printf '%q ' "$@") < /dev/stdout
    37  }
    38  
    39  function check_ip_overlap() {
    40  	inspect=$1
    41  	overlap=$(echo "$inspect_output" | grep "EndpointIP\|VIP" | cut -d':' -f2 | sort | uniq -c | grep -v "1 ")
    42  	if [ ! -z "$overlap" ]; then
    43  		echo -e "\n\n*** OVERLAP on Network ${networkID} ***"
    44  		echo -e "${overlap} \n\n"
    45  		((ip_overlap++))
    46  	else
    47  		echo "No overlap"
    48  	fi
    49  }
    50  
    51  type -P ${DOCKER} > /dev/null || echo "This tool requires the docker binary"
    52  type -P ${NSENTER} > /dev/null || echo "This tool requires nsenter"
    53  type -P ${BRIDGE} > /dev/null || echo "This tool requires bridge"
    54  type -P ${IPTABLES} > /dev/null || echo "This tool requires iptables"
    55  type -P ${IPVSADM} > /dev/null || echo "This tool requires ipvsadm"
    56  type -P ${IP} > /dev/null || echo "This tool requires ip"
    57  type -P ${JQ} > /dev/null || echo "This tool requires jq"
    58  
    59  if ${DOCKER} network inspect --help | grep -q -- --verbose; then
    60  	NETINSPECT_VERBOSE_SUPPORT="--verbose"
    61  else
    62  	NETINSPECT_VERBOSE_SUPPORT=""
    63  fi
    64  
    65  echo "Host iptables"
    66  echo_and_run ${IPTABLES} -w1 -n -v -L -t filter | grep -v '^$'
    67  echo_and_run ${IPTABLES} -w1 -n -v -L -t nat | grep -v '^$'
    68  echo_and_run ${IPTABLES} -w1 -n -v -L -t mangle | grep -v '^$'
    69  printf "\n"
    70  
    71  echo "Host links addresses and routes"
    72  echo_and_run ${IP} -o link show
    73  echo_and_run ${IP} -o -4 address show
    74  echo_and_run ${IP} -4 route show
    75  printf "\n"
    76  
    77  echo "Overlay network configuration"
    78  for networkID in $(${DOCKER} network ls --no-trunc --filter driver=overlay -q) "ingress_sbox"; do
    79  	echo "nnn Network ${networkID}"
    80  	if [ "${networkID}" != "ingress_sbox" ]; then
    81  		nspath=($(ls ${NSDIR}/*${networkID:0:9}*))
    82  		inspect_output=$(${DOCKER} network inspect ${NETINSPECT_VERBOSE_SUPPORT} ${networkID})
    83  		echo "$inspect_output"
    84  		check_ip_overlap $inspect_output
    85  	else
    86  		nspath=(${NSDIR}/${networkID})
    87  	fi
    88  
    89  	for i in "${nspath[@]}"; do
    90  		echo_and_run ${NSENTER} --net=${i} ${IP} -o -4 address show
    91  		echo_and_run ${NSENTER} --net=${i} ${IP} -4 route show
    92  		echo_and_run ${NSENTER} --net=${i} ${IP} -4 neigh show
    93  		bridges=$(${NSENTER} --net=${i} ${IP} -j link show type bridge | ${JQ} -r '.[].ifname')
    94  		# break string to array
    95  		bridges=(${bridges})
    96  		for b in "${bridges[@]}"; do
    97  			if [ -z ${b} ] || [ ${b} == "null" ]; then
    98  				continue
    99  			fi
   100  			echo_and_run ${NSENTER} --net=${i} ${BRIDGE} fdb show br ${b}
   101  		done
   102  		echo_and_run ${NSENTER} --net=${i} ${IPTABLES} -w1 -n -v -L -t filter | grep -v '^$'
   103  		echo_and_run ${NSENTER} --net=${i} ${IPTABLES} -w1 -n -v -L -t nat | grep -v '^$'
   104  		echo_and_run ${NSENTER} --net=${i} ${IPTABLES} -w1 -n -v -L -t mangle | grep -v '^$'
   105  		echo_and_run ${NSENTER} --net=${i} ${IPVSADM} -l -n
   106  		printf "\n"
   107  		((networks++))
   108  	done
   109  done
   110  
   111  echo "Container network configuration"
   112  while read containerID status; do
   113  	echo "ccc Container ${containerID} state: ${status}"
   114  	${DOCKER} container inspect ${containerID} --format 'Name:{{json .Name | printf "%s\n"}}Id:{{json .Id | printf "%s\n"}}Hostname:{{json .Config.Hostname | printf "%s\n"}}CreatedAt:{{json .Created | printf "%s\n"}}State:{{json .State|printf "%s\n"}}RestartCount:{{json .RestartCount | printf "%s\n" }}Labels:{{json .Config.Labels | printf "%s\n"}}NetworkSettings:{{json .NetworkSettings}}' | sed '/^State:/ {s/\\"/QUOTE/g; s/,"Output":"[^"]*"//g;}'
   115  	if [ ${status} = "Up" ]; then
   116  		nspath=$(docker container inspect --format {{.NetworkSettings.SandboxKey}} ${containerID})
   117  		echo_and_run ${NSENTER} --net=${nspath[0]} ${IP} -o -4 address show
   118  		echo_and_run ${NSENTER} --net=${nspath[0]} ${IP} -4 route show
   119  		echo_and_run ${NSENTER} --net=${nspath[0]} ${IP} -4 neigh show
   120  		echo_and_run ${NSENTER} --net=${nspath[0]} ${IPTABLES} -w1 -n -v -L -t nat | grep -v '^$'
   121  		echo_and_run ${NSENTER} --net=${nspath[0]} ${IPTABLES} -w1 -n -v -L -t mangle | grep -v '^$'
   122  		echo_and_run ${NSENTER} --net=${nspath[0]} ${IPVSADM} -l -n
   123  		((containers++))
   124  	fi
   125  	printf "\n"
   126  done < <(${DOCKER} container ls -a --format '{{.ID}} {{.Status}}' | cut -d' ' -f1,2)
   127  
   128  if [ "true" == ${SSD} ]; then
   129  	echo ""
   130  	echo "#### SSD control-plane and datapath consistency check on a node ####"
   131  	for netName in $(docker network ls -f driver=overlay --format "{{.Name}}"); do
   132  		echo "## $netName ##"
   133  		${SSDBIN} $netName
   134  		echo ""
   135  	done
   136  fi
   137  
   138  echo -e "\n\n==SUMMARY=="
   139  echo -e "\t Processed $networks networks"
   140  echo -e "\t IP overlap found: $ip_overlap"
   141  echo -e "\t Processed $containers running containers"