Re: [vserver] is there a vnetstat?

From: Allan Latham <alatham_at_flexsys-group.de>
Date: Wed 08 May 2013 - 12:28:41 BST
Message-ID: <518A36E9.20606@flexsys-group.de>

Hi all

This script works for me. Not very elegant but does the job I need it for.

-------------
cat /usr/local/sbin/vnetstat-anutp

#!/bin/bash

D=lo # set this to the interface with the vserver internal ips

S=`vserver-stat | cut -d' ' -f1 | grep -v CTX`
(
for N in $S;do
  I=`ncontext --migrate --nid $N -- ip addr ls dev $D | grep global |
cut -b10- | cut -d/ -f1`
  L=$(( `echo -n $I | wc -c` - 7 ))
  ncontext --migrate --nid $N -- vcontext --migrate --xid $N -- netstat
-anutp | sed -r -e's/ 0\.0\.0\.0:([0-9]+) {'"$L"'}/ '"$I"':\1/'
done
) | sort -u

--------------

Hope someone finds it useful.

All the best

Allan

On 07/05/13 21:43, Allan Latham wrote:
> Hi Herbert
>
> I have no idea where I would set CONFIG_VSERVER_PRIVACY but I am using
> the Debian Squeeze vserver kernel and util vserver utils. Is it a kernel
> compile option?
>
> I have not knowingly set CONFIG_VSERVER_PRIVACY but the ncontext command
> does not give me what I expect:
>
> root@vservers ~ # cat /proc/net/tcp
> sl local_address rem_address st tx_queue rx_queue tr tm->when
> retrnsmt uid timeout inode
>
> 0: 79D6C658:0016 00000000:0000 0A 00000000:00000000 00:00000000
> 00000000 0 0 4691 1 ffff88001e748000 300 0 0 2 -1
>
> 1: 79D6C658:0016 A76A04B2:A1BD 01 00000000:00000000 02:000A95D2
> 00000000 0 0 4462131 3 ffff88001e74c780 23 6 17 4 -1
>
> root@vservers ~ # ncontext --migrate --nid 1 -- cat /proc/net/tcp
> sl local_address rem_address st tx_queue rx_queue tr tm->when
> retrnsmt uid timeout inode
>
> Nothing is shown - not from the host or the vservers (there are
> listening tcp services on some of the vservers).
>
> Interestingly if I use the nid of an actual vserver I do get what I expect:
>
> root@vservers ~ # ncontext --migrate --nid 102 -- cat /proc/net/tcp
> sl local_address rem_address st tx_queue rx_queue tr tm->when
> retrnsmt uid timeout inode
>
> 0: 00000000:0016 00000000:0000 0A 00000000:00000000 00:00000000
> 00000000 0 0 4378389 1 ffff88001e749380 300 0 0 2 -1
>
> root@vservers ~ # ncontext --migrate --nid 102 -- netstat -ant
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address Foreign Address
> State
> tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
>
> As a partial solution I can cycle through all the nids but I'd prefer a
> complete picture in one command.
>
> Any other idea why nid 1 doesn't work?
>
> All the best
>
> Allan
>
> On 07/05/13 20:24, Herbert Poetzl wrote:
>> On Mon, May 06, 2013 at 07:54:04PM +0200, Allan Latham wrote:
>>> netstat gets the information from:
>>
>>> /proc/net/tcp and /proc/net/udp
>>
>>> The trick must be to make this part of the /proc
>>> tree fully visible at the host level.
>>
>>> How I do that is a complete mystery!
>>
>> it is completely visible from the spectator context
>> so for example:
>>
>> ncontext --migrate --nid 1 -- cat /proc/net/tcp
>>
>> will show the information for all network contexts,
>> given that guest privacy is not enabled, i.e.
>>
>> # CONFIG_VSERVER_PRIVACY is not set
>>
>>> My vservers are skeletons containing only the minimum needed
>>> for the service running in the vserver. Few (none) will have
>>> netstat available to run via 'vserver exec' and its friends.
>>
>>> Therefore the need to monitor them from the host.
>>
>> for obvious reasons, the host context only sees the
>> connections belonging to the host processes, similar
>> to the processes (host context = 0) but the spectator
>> context (1) has all the information.
>>
>> HTC,
>> Herbert
>>
>>> Greetings to all
>>> Allan
>>
>>> On 06/05/13 18:38, Ghislain wrote:
>>>> would be curious too,
>>
>>>> I tried
>>
>>>> sudo ncontext --migrate --nid 1 -- netstat -nlp
>>
>>>> sudo chcontext --silent --ctx 1 netstat -nlp
>>
>>
>>>> but none give me all the sockets :), the closer i got was:
>>
>>>> sudo vsomething vserver --running -- exec netstat -nlp|sort
>>
>>>> perhaps there is not an observer context for network.
>>
>>
>>>> Ghislain.
>>
>>
>
>
Received on Wed May 8 12:33:51 2013

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 08 May 2013 - 12:33:51 BST by hypermail 2.1.8