This is cinf
, short for container info, a command line tool to view namespaces and cgroups, the stuff that makes up Linux containers such as Docker, rkt/appc, or OCI/runc. It might be useful for low-level container prodding, when you need to understand what's going on under the hood. Read more here: Containers are a lie …
Contents:
- Install
cinf
- Use
cinf
to- see all namespaces
- dig into a namespace
- dig into a cgroup
- dig into a process
- monitor a process
- CLI reference
- Background on namespaces and cgroups
Simply download the Linux binary:
curl -s -L https://github.com/mhausenblas/cinf/releases/latest/download/cinf_linux_amd64.tar.gz \
-o cinf.tar.gz && \
tar xvzf cinf.tar.gz cinf && \
mv cinf /usr/local/bin && \
rm cinf*
Or build from source (note that you'll get the latest, experimental version via this method):
go get github.com/mhausenblas/cinf
GOOS=linux go build
The cinf
package docs are available online.
The following sections show basic usage. For a complete end-to-end usage, see the walkthrough.
Note that if you want to see detailed debug messages, you can do that via a DEBUG
environment variable, like so: sudo DEBUG=true cinf
.
To list all available namespaces and a summary of how many processes are in them along with the user IDs and the top-level command line executed, simply do the following:
$ sudo cinf
NAMESPACE TYPE NPROCS USERS CMD
4026532396 pid 1 1000 sleep10000
4026532398 net 1 1000 sleep10000
4026531837 user 109 0,1,101,102,104,106,1000 /sbin/init
4026532196 pid 2 0,104 nginx: master proces
4026532293 mnt 1 0 md5sum/dev/urandom
4026532298 net 1 0 md5sum/dev/urandom
4026532393 mnt 1 1000 sleep10000
4026532296 pid 1 0 md5sum/dev/urandom
4026531840 mnt 104 0,1,101,102,106,1000 /sbin/init
4026531839 ipc 105 0,1,101,102,106,1000 /sbin/init
4026531836 pid 105 0,1,101,102,106,1000 /sbin/init
4026532193 mnt 2 0,104 nginx: master proces
4026532198 net 2 0,104 nginx: master proces
4026531838 uts 105 0,1,101,102,106,1000 /sbin/init
4026532194 uts 2 0,104 nginx: master proces
4026532294 uts 1 0 md5sum/dev/urandom
4026532394 uts 1 1000 sleep10000
4026532395 ipc 1 1000 sleep10000
4026531956 net 105 0,1,101,102,106,1000 /sbin/init
4026531856 mnt 1 0
4026532195 ipc 2 0,104 nginx: master proces
4026532295 ipc 1 0 md5sum/dev/urandom
Assuming we're interested in more information on namespace 4026532398
, we would do the following:
$ sudo cinf --namespace 4026532193
Let's dig into a specific cgroup (with hierarchy ID 3
) of a process (with PID 27681
):
$ sudo cinf --cgroup 27681:3
It is also possible to list the namespaces a specific process is in:
$ sudo cinf --pid 27681
The interactive, top
like mode of cinf
is as follows. Let's say we want to monitor the control files memory.usage_in_bytes
, cpuacct.usage
, and blkio.throttle.io_service_bytes
for process with PID 27681
:
$ sudo cinf --mon 27681:memory.usage_in_bytes,cpuacct.usage,blkio.throttle.io_service_bytes
Note that a more detailed usage description is available via the walkthrough.
There are three arguments you can provide to cinf
, to dig into specific aspects of a namespace, cgroup, or process:
--namespace $NAMESPACE_ID
… List details about namespace with provided ID.--cgroup $PID:$CGROUP_HIERARCHY_ID
… List details of a cgroup a process belongs to.--pid $PID
… List namespaces the process with provided process ID is in.--mon $PID:$CF1,$CF2,…
… Monitor process with provided process ID and the control files specified.
The meaning of the output columns is as follows:
- Overview (without arguments):
NAMESPACE
… the namespace IDTYPE
… the type of namespace, see also explanation of the namespaces belowNPROCS
… number of processes in the namespaceUSERS
… user IDs in the namespaceCMD
… command line of the root process
- Detailed namespace view (
--namespace
):PID
… process IDPPID
… process ID of parentNAME
… process nameCMD
… process command lineNTHREADS
… number of threadsCGROUPS
… summary of the attached cgroupsSTATE
… process state
- Detailed cgroups view (
--cgroup
):CONTROLFILE
… the name of the control file, see also cgroup man pages belowVALUE
… the content of the control file
- Detailed process view (
--pid
):NAMESPACE
… the namespace IDTYPE
… the type of namespace
- Monitor process view (
--mon
):PID
… process IDPPID
… process ID of parentUIDS
… real, effective, saved set, filesystem user IDSTATE
… process stateNAMESPACE
… the IDs of the namespaces the process is inCONTROLFILE
… the name of the control file, see also cgroup man pages belowVALUE
… the content of the control file
I developed cinf
because existing tools like systemd-cgtop
or lsns
didn't do what I wanted.
Also, I needed it for educational purposes (like training sessions, etc.). Note that the output format cinf
uses is modelled after lsns, so kudos to Karel for the inspiration.
If you want to learn more about container building blocks such as namespaces and cgroups, check out containerz.info.