docker pipework 实现跨宿主主机容器互联
1、本地容器之间私有网络互联Docker 默认的桥接网卡是 docker0。它只会在本机桥接所有的容器网卡,举例来说容器的虚拟网卡在主机 上看一般叫做 veth* 而 Docker 只是把所有这些网卡桥接在一起,如下:
# brctl show
http://blog.运维网.com/13941177/C:/Users/Administrator/AppData/Local/YNote/data/qq1644FB913F181336BE941720CBB4F047/4a7884ceebd2491589ee7989260216c7/clipboard.pnghttp://s1.运维网.com/images/20181009/1539092313833953.png
查看IP地址:
# ip add
http://blog.运维网.com/13941177/C:/Users/Administrator/AppData/Local/YNote/data/qq1644FB913F181336BE941720CBB4F047/c2c4079d8e8e4ec486eddae29df25ee3/clipboard.pnghttp://s1.运维网.com/images/20181009/1539092318890157.png
# ifconfig
http://blog.运维网.com/13941177/C:/Users/Administrator/AppData/Local/YNote/data/qq1644FB913F181336BE941720CBB4F047/9597467c37cf4c3f8085e2ae4438f8b2/clipboard.pnghttp://s1.运维网.com/images/20181009/1539092325787316.png
这样的网络看成是一个私有的网络,通过 nat 连接外网,如果要让外网连接到容器中,就需要 做端口映射,即 -p 参数。
缺点:
(1)需要配套服务注册/发现,否则宿主上端口分配困难,容易冲突。
(2)由于每个容器暴露的端口都不一致,造成前端路由层nginx配置(proxy_pass)里无法使用dns的方式。
(3)端口映射要在容器启动时就指定好,后期无法变更。
(4)测试发现nat不支持websocket。
2、物理主机之间的容器网络互联
2.1、自建桥接网络
优点:
(1)每个容器都有独立ip,对外提供服务,如nginx+php,nginx+resin,都可以使用默认的80端口
(2)由于容器暴露端口都可以使用80端口,因此前端路由层nginx配置(proxy_pass)里可以使用dns的方式。
(3)无需为了后期端口映射添加而烦恼
(4)桥接支持websocket
2.2、拓扑图
http://blog.运维网.com/13941177/C:/Users/Administrator/AppData/Local/YNote/data/qq1644FB913F181336BE941720CBB4F047/cb7d29747b214069b2bcb23345c151ad/%E5%AE%B9%E5%99%A8%E4%BA%92%E8%81%94%E6%8B%93%E6%89%91%E5%9B%BE.pnghttp://s1.运维网.com/images/20181009/1539092351672861.png
2.3、配置如下
1、网桥方式需要安装网桥管理工具
# yum install bridge-utils
2、修改主机的/etc/network/interfaces文件
# vim /etc/sysconfig/docker
DOCKER_OPTS="-b=br0"
http://blog.运维网.com/13941177/C:/Users/Administrator/AppData/Local/YNote/data/qq1644FB913F181336BE941720CBB4F047/472b6ba8fb4744549d88ef9cab0b3310/clipboard.pnghttp://s1.运维网.com/images/20181009/1539092356253285.png
3、修改本机网卡
# vim /etc/sysconfig/network-scripts/ifcfg-ens33
BRIDGE="br0"
ZONE=public
http://blog.运维网.com/13941177/C:/Users/Administrator/AppData/Local/YNote/data/qq1644FB913F181336BE941720CBB4F047/993cb559898c44fcbc14189849e59dbf/clipboard.pnghttp://s1.运维网.com/images/20181009/1539092362304572.png
4、添加bro桥接网卡
# vim /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE="br0"
ONBOOT="yes"
NM_CONTROLLED="no"
BOOTPROTO="static"
TYPE="Bridge"
IPADDR="192.168.56.130"
PREFIX="24"
GATEWAY="192.168.56.2"
DNS1="8.8.8.8"
DNS2="114.114.114.114"
http://blog.运维网.com/13941177/C:/Users/Administrator/AppData/Local/YNote/data/qq1644FB913F181336BE941720CBB4F047/9759dd0ebadf444aa3158cebdea79826/clipboard.pnghttp://s1.运维网.com/images/20181009/1539092384960774.png
5、关闭NetworkManager管理套件
#systemctl stop NetworkManager
# systemctl disable NetworkManager、
6、重启网卡,查看
# systemctl restart network
http://blog.运维网.com/13941177/C:/Users/Administrator/AppData/Local/YNote/data/qq1644FB913F181336BE941720CBB4F047/990f1c35765948c381a346f0ba1abd0c/clipboard.pnghttp://s1.运维网.com/images/20181009/1539092390245000.png
http://blog.运维网.com/13941177/C:/Users/Administrator/AppData/Local/YNote/data/qq1644FB913F181336BE941720CBB4F047/1116077bab2645108f47227de2d026c6/clipboard.png
7、下载pipework
# git clone https://github.com/jpetazzo/pipework
# cp pipework/pipework /usr/local/bin/
http://blog.运维网.com/13941177/C:/Users/Administrator/AppData/Local/YNote/data/qq1644FB913F181336BE941720CBB4F047/7b8d661e45974d73a2b4f4a679fe2a02/clipboard.pnghttp://s1.运维网.com/images/20181009/1539092435565474.png
2.4、启动容器测试
http://blog.运维网.com/13941177/C:/Users/Administrator/AppData/Local/YNote/data/qq1644FB913F181336BE941720CBB4F047/e0387be8b3af4b99967baf492bfc7b7b/clipboard.pnghttp://s1.运维网.com/images/20181009/1539092465882117.png
# docker run -dti --name br01 --privileged centos:7.4.1708 /bin/bash
http://blog.运维网.com/13941177/C:/Users/Administrator/AppData/Local/YNote/data/qq1644FB913F181336BE941720CBB4F047/33697b2d81e54efc9640393561f08db2/clipboard.pnghttp://s1.运维网.com/images/20181009/1539092480148210.png
登录容器查看(默认还是采用地方nat模式)
# docker exec -ti e79ed4d70fe1 /bin/bash
http://blog.运维网.com/13941177/C:/Users/Administrator/AppData/Local/YNote/data/qq1644FB913F181336BE941720CBB4F047/a97031b8b9d84fd897f809b7574d7be2/clipboard.pnghttp://s1.运维网.com/images/20181009/1539092490679051.png
使用pipework更改网络模式
# pipework br0 br01 192.168.56.140/24@192.168.56.2
或
# pipework br0 br01 dhcp //前提保证有DHCP服务
再次查看
http://blog.运维网.com/13941177/C:/Users/Administrator/AppData/Local/YNote/data/qq1644FB913F181336BE941720CBB4F047/c6a8e0d007644b238130d0b3c2ba1680/clipboard.pnghttp://s1.运维网.com/images/20181009/1539092520933702.png
局域网已可以正常访问
http://blog.运维网.com/13941177/C:/Users/Administrator/AppData/Local/YNote/data/qq1644FB913F181336BE941720CBB4F047/769df4b71e8c41b39575ae06f6859cd4/clipboard.pnghttp://s1.运维网.com/images/20181009/1539092546789780.png
补充:
若想完全抛弃自带的网络设置,在启动容器的时候可以指定--net=none
# docker run -dti --name br02 --network=none --privileged centos:7.4.1708 /bin/bash
# pipework br0 br02 192.168.56.141/24@192.168.56.2
http://blog.运维网.com/13941177/C:/Users/Administrator/AppData/Local/YNote/data/qq1644FB913F181336BE941720CBB4F047/f8e037acef7c47998954c10808ebf069/clipboard.pnghttp://s1.运维网.com/images/20181009/1539092553495399.png
重启系统后pipework网卡配置无效解决方法(持久性)
在宿主配置开机启动pipework配置
1、开机启动docker
# systemctl enable docker
2、开机启动容器(docker服务)
# docker update --restart=always bf1b95631b60
3、配置开启启动pipework相关配置
# vim /etc/rc.local
#添加如下参数
pipework br0 br02 192.168.56.141/24@192.168.56.2
http://blog.运维网.com/13941177/C:/Users/Administrator/AppData/Local/YNote/data/qq1644FB913F181336BE941720CBB4F047/ea2d37bf580d462aaedd732b1150b3f4/clipboard.pnghttp://s1.运维网.com/images/20181009/1539092557465773.png
4、授权
# chmod +x /etc/rc.local
5、重启系统后无法分配IP地址
报错如下:
Object "netns" is unknown, try "ip help".
该错误是由于系统版本暂时不支持namespaces, 可通过更新内核或者iproute的方法获取对namespaces的支持.更新方法如下:
name=OpenStack Kilo Repository
baseurl=https://repos.fedorapeople.org/repos/openstack/EOL/openstack-icehouse/epel-6/
skip_if_unavailable=0
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-RDO-kilo
更新:
yum update iproute -y
pipework的缺点:
1.此方法配置的时候有时容器之间不能访问,容器内无法ping通外网(宿主机可以ping通)。但重启服务器后,同样操作,竟然就是可以了。。。。
2.使用pipework绑定的ip物理机,虚拟机,docker容器的ip都在同一网段,重启后将失效,这在实际生产环境中是很难实现的。
3、不适合数量多的容器,分配配置麻烦
页:
[1]