gvisor/content/docs/user_guide/debugging.md

+++
title = "Debugging"
weight = 120
+++

To enable debug and system call logging, add the `runtimeArgs` below to your
[Docker](../docker/) configuration (`/etc/docker/daemon.json`):

```json
{
    "runtimes": {
        "runsc": {
            "path": "/usr/local/bin/runsc",
            "runtimeArgs": [
                "--debug-log=/tmp/runsc/",
                "--debug",
                "--strace"
            ]
       }
    }
}
```

You may also want to pass `--log-packets` to troubleshoot network problems. Then
restart the Docker daemon:

```bash
sudo systemctl restart docker
```

Run your container again, and inspect the files under `/tmp/runsc`. The log file
with name `boot` will contain the strace logs from your application, which can
be useful for identifying missing or broken system calls in gVisor.

## Stack traces

The command `runsc debug --stacks` collects stack traces while the sandbox is
running which can be useful to troubleshoot issues or just to learn more about
gVisor. It connects to the sandbox process, collects a stack dump, and writes
it to the console. For example:

```bash
docker run --runtime=runsc --rm -d alpine sh -c "while true; do echo running; sleep .1; done"
63254c6ab3a6989623fa1fb53616951eed31ac605a2637bb9ddba5d8d404b35b

sudo runsc --root /var/run/docker/runtime-runsc/moby debug --stacks 63254c6ab3a6989623fa1fb53616951eed31ac605a2637bb9ddba5d8d404b35b
```

> Note: `--root` variable is provided by docker and is normally set to 
> `/var/run/docker/runtime-[runtime-name]/moby`. If in doubt, `--root` is logged to
> `runsc` logs.

## Profiling

`runsc` integrates with Go profiling tools and gives you easy commands to profile
CPU and heap usage. First you need to enable `--profile` in the command line options
before starting the container:

```json
{
    "runtimes": {
        "runsc-prof": {
            "path": "/usr/local/bin/runsc",
            "runtimeArgs": [
                "--profile"
            ]
       }
    }
}
```

> Note: Enabling profiling loosens the seccomp protection added to the sandbox,
> and should not be run in production under normal circumstances.

Then restart docker to refresh the runtime options. While the container is running,
execute `runsc debug` to collect profile information and save to a file. Here are
the options available:

 * **--profile-heap:** Generates heap profile to the speficied file.
 * **--profile-cpu:** Enables CPU profiler, waits for `--profile-delay` seconds 
   and generates CPU profile to the speficied file.

For example:

```bash
docker run --runtime=runsc-prof --rm -d alpine sleep 1000
63254c6ab3a6989623fa1fb53616951eed31ac605a2637bb9ddba5d8d404b35b

sudo runsc --root /var/run/docker/runtime-runsc-prof/moby debug --profile-heap=/tmp/heap.prof 63254c6ab3a6989623fa1fb53616951eed31ac605a2637bb9ddba5d8d404b35b
sudo runsc --root /var/run/docker/runtime-runsc-prof/moby debug --profile-cpu=/tmp/cpu.prof --profile-delay=30 63254c6ab3a6989623fa1fb53616951eed31ac605a2637bb9ddba5d8d404b35b
```

The resulting files can be opened using `go tool pprof` or [pprof]. The examples 
below create image file (`.svg`) with the heap profile and writes the top 
functions using CPU to the console:

```bash
go tool pprof -svg /usr/local/bin/runsc /tmp/heap.prof
go tool pprof -top /usr/local/bin/runsc /tmp/cpu.prof
```

[pprof]: https://github.com/google/pprof/blob/master/doc/README.md
Initial commit 2019-03-30 02:40:11 +00:00			`+++`
			`title = "Debugging"`
			`weight = 120`
			`+++`

			To enable debug and system call logging, add the `runtimeArgs` below to your
			[Docker](../docker/) configuration (`/etc/docker/daemon.json`):

			```json
			`{`
			`"runtimes": {`
			`"runsc": {`
			`"path": "/usr/local/bin/runsc",`
			`"runtimeArgs": [`
			`"--debug-log=/tmp/runsc/",`
			`"--debug",`
			`"--strace"`
			`]`
			`}`
			`}`
			`}`
			```

			You may also want to pass `--log-packets` to troubleshoot network problems. Then
			`restart the Docker daemon:`

			```bash
			`sudo systemctl restart docker`
			```

			Run your container again, and inspect the files under `/tmp/runsc`. The log file
			with name `boot` will contain the strace logs from your application, which can
			`be useful for identifying missing or broken system calls in gVisor.`
Add runsc debug commands to Debugging section 2019-04-04 23:51:50 +00:00
Update debugging.md 2019-04-05 05:31:51 +00:00			`## Stack traces`
Add runsc debug commands to Debugging section 2019-04-04 23:51:50 +00:00
Update debugging.md 2019-04-05 05:31:51 +00:00			The command `runsc debug --stacks` collects stack traces while the sandbox is
			`running which can be useful to troubleshoot issues or just to learn more about`
			`gVisor. It connects to the sandbox process, collects a stack dump, and writes`
			`it to the console. For example:`
Add runsc debug commands to Debugging section 2019-04-04 23:51:50 +00:00
			```bash
			`docker run --runtime=runsc --rm -d alpine sh -c "while true; do echo running; sleep .1; done"`
			`63254c6ab3a6989623fa1fb53616951eed31ac605a2637bb9ddba5d8d404b35b`

			`sudo runsc --root /var/run/docker/runtime-runsc/moby debug --stacks 63254c6ab3a6989623fa1fb53616951eed31ac605a2637bb9ddba5d8d404b35b`
			```

			> Note: `--root` variable is provided by docker and is normally set to
			> `/var/run/docker/runtime-[runtime-name]/moby`. If in doubt, `--root` is logged to
			> `runsc` logs.

			`## Profiling`

Update debugging.md 2019-04-05 05:31:51 +00:00			`runsc` integrates with Go profiling tools and gives you easy commands to profile
Addressed comments 2019-04-05 05:02:37 +00:00			CPU and heap usage. First you need to enable `--profile` in the command line options
Add runsc debug commands to Debugging section 2019-04-04 23:51:50 +00:00			`before starting the container:`

			```json
			`{`
			`"runtimes": {`
			`"runsc-prof": {`
			`"path": "/usr/local/bin/runsc",`
			`"runtimeArgs": [`
			`"--profile"`
			`]`
			`}`
			`}`
			`}`
			```

Update debugging.md 2019-04-05 05:31:51 +00:00			`> Note: Enabling profiling loosens the seccomp protection added to the sandbox,`
Addressed comments 2019-04-05 05:02:37 +00:00			`> and should not be run in production under normal circumstances.`
Add runsc debug commands to Debugging section 2019-04-04 23:51:50 +00:00
			`Then restart docker to refresh the runtime options. While the container is running,`
			execute `runsc debug` to collect profile information and save to a file. Here are
			`the options available:`

Update debugging.md 2019-04-05 05:31:51 +00:00			`* --profile-heap: Generates heap profile to the speficied file.`
			* --profile-cpu: Enables CPU profiler, waits for `--profile-delay` seconds
Add runsc debug commands to Debugging section 2019-04-04 23:51:50 +00:00			`and generates CPU profile to the speficied file.`

Update debugging.md 2019-04-05 05:31:51 +00:00			`For example:`
Add runsc debug commands to Debugging section 2019-04-04 23:51:50 +00:00
			```bash
			`docker run --runtime=runsc-prof --rm -d alpine sleep 1000`
			`63254c6ab3a6989623fa1fb53616951eed31ac605a2637bb9ddba5d8d404b35b`

			`sudo runsc --root /var/run/docker/runtime-runsc-prof/moby debug --profile-heap=/tmp/heap.prof 63254c6ab3a6989623fa1fb53616951eed31ac605a2637bb9ddba5d8d404b35b`
			`sudo runsc --root /var/run/docker/runtime-runsc-prof/moby debug --profile-cpu=/tmp/cpu.prof --profile-delay=30 63254c6ab3a6989623fa1fb53616951eed31ac605a2637bb9ddba5d8d404b35b`
			```

Update debugging.md 2019-04-05 05:31:51 +00:00			The resulting files can be opened using `go tool pprof` or [pprof]. The examples
			below create image file (`.svg`) with the heap profile and writes the top
			`functions using CPU to the console:`
Add runsc debug commands to Debugging section 2019-04-04 23:51:50 +00:00
			```bash
			`go tool pprof -svg /usr/local/bin/runsc /tmp/heap.prof`
			`go tool pprof -top /usr/local/bin/runsc /tmp/cpu.prof`
			```
Update debugging.md 2019-04-05 05:31:51 +00:00
			`[pprof]: https://github.com/google/pprof/blob/master/doc/README.md`