Docker 网络模式、配置桥接网络
一、Docker 网络模式
4中常用网络模式:
host 模式,使用docker run时使用–net=host指定docker使用的网络实际上和宿主机一样,在容器内看到的网卡ip就是宿主机ip
container 模式,使用–net=container:container_id/container_name 多个容器使用共同的网络,看到的ip是一样的
none 模式,使用–net=none指定,这种模式下,不会配置任何网络。没有网卡。
bridge 模式,使用–net=bridge指定默认模式,不用指定默认就是这种网络模式。这种模式会为每个容器分配一个独立的Network Namespace。类似于vmware的nat网络模式。同一个宿主机上的所有容器会在同一个网段下,相互之间是可以通信的。
# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://dhq9bx4f.mirror.aliyuncs.com"]
}
# systemctl restart docker
4.1 首先开启一个容器,然后在该容器中安装nginx服务,然后 把这个带nginx服务的容器做一个打包,或者导成一个镜像
# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
97331ffb05d1 centos7 "bash" 12 hours ago Exited (255) About an hour ago vigilant_bhabha
43e7d37d1adc centos7 "bash" 13 hours ago Exited (255) About an hour ago friendly_visvesvaraya
9c2b897587c2 registry "/entrypoint.sh /etc…" 13 hours ago Exited (2) 12 hours ago epic_saha
d0b81c693cc5 registry "/entrypoint.sh /etc…" 14 hours ago Exited (255) About an hour ago 0.0.0.0:5000->5000/tcp objective_chebyshev
3d3e63448ad7 centos7 "bash" 14 hours ago Created zen_lewin
cb6e2aaaa0a9 centos7 "bash" 14 hours ago Exited (137) 13 hours ago reverent_jones
# docker start 97331ffb05d1
97331ffb05d1
# docker exec -it 97331ffb05d1 bash //进入容器中
安装niginx钱要先安装epel-release,然后安装nginx
# yum install -y epel-release
# yum install -y nginx
# systemctl start nginx //启动报错,设计权限,先不理会
Failed to get D-Bus connection: Operation not permitted
4.2 再把该容器导成一个新的镜像(centos_nginx),然后再使用新镜像创建容器,并指定端口映射。
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
97331ffb05d1 centos7 "bash" 13 hours ago Up 17 minutes vigilanbhabha
# docker commit -m "install nginx" -a "xavi" 75cd8a3d69fd centos_with_nginx
sha256:9539596d8741aca9406eb1c35659fe12f9276559f523bb40b2a352293b5c72ac
查看一下:
docker run -itd -p 8088:80 centos7 bash//-p 可以指定端口映射,本例中将容器的80端口映射为本地的8088端口,也就是说,现在任何主机只要通过 宿主机IP:8088 就可以访问容器的80端口
# docker run -itd -p 8088:80 centos7 bash
0d67e75dffbbd12353ef8a659b34b9aa298ec7d49fd1d747359aa0084a893124
创建新的镜像centos7_with_nginx
# docker create -it centos7 bash
4cf76beb5d6011822ef3218b777a4d66d4759d58b050418cc3a3075bc259ea06
#
# docker run -itd --name centos7_with_nginx centos7 bash
75cd8a3d69fdee63d30e730156302bd32cd368d74a0df52e158a53bbd784debf
# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
75cd8a3d69fd centos7 "bash" 8 seconds ago Up 7 seconds centos7_with_nginx
4cf76beb5d60 centos7 "bash" 57 seconds ago Created gracious_varahamihira
扩展:删除镜像:docker rmi -f centos7:latest
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos_with_nginx latest 9539596d8741 About a minute ago 602MB
centos7 latest d7e2a277c949 27 minutes ago 600MB
192.168.72.130:5000/centos7 latest b70022c29244 15 hours ago 435MB
192.168.72.130:5000/ubuntu latest 113a43faa138 4 weeks ago 81.2MB
ubuntu latest 113a43faa138 4 weeks ago 81.2MB
centos latest 49f7960eb7e4 4 weeks ago 200MB
registry latest d1fd7d86a825 5 months ago 33.3MB
# docker rmi -f centos7:latest
Untagged: centos7:latest
如上问题解决方案:operation not permitted。解决nginx无法启动的问题
# docker run -itd --privileged -e "container=docker" -p 8080:80 centos_with_nginx /usr/sbin/init
6d5ef0483f06ef23f19638c0fae467a23e2dcf1faadfd68be6007e7f0f81f803
# docker exec -it 6d5ef0483f06e bash
#
# systemctl start nginx
# ps aux |grep nginx
root 2140.00.1 1207202096 ? Ss 02:21 0:00 nginx: master process /usr/sbin/nginx
nginx 2150.00.1 1211042920 ? S 02:21 0:00 nginx: worker process
nginx 2160.00.1 1211042920 ? S 02:21 0:00 nginx: worker process
root 2180.00.0 9040 668 pts/1 S+ 02:21 0:00 grep --color=auto nginx
[*]内部访问:
# curl localhost
Test Page for the Nginx HTTP Server on Fedora
[*]外部访问:
# curl localhost:8080
Test Page for the Nginx HTTP Server on Fedora
[*]从其他终端访问:
# curl 192.168.72.130:8080
Test Page for the Nginx HTTP Server on Fedora
总结:
-p后面也支持IP:port:ip:port 的格式,比如
-p 127.0.0.1:8080:80
也可以不写本地的端口,只写ip,这样会随意分配一个端口
-p 127.0.0.1::80//注意这里是两个冒号
二、配置桥接网络
这种模式应该不陌生,这种模式就是相当于配置咱们的容器和宿主机在同一局域网模式下,这样我们就可以认为这台docker容器也是一台真正的宿主机了!
我们这里需要桥接的是ens33网卡
cd /etc/sysconfig/network-scripts/; cp ifcfg-eth0ifcfg-br0
vi ifcfg-eth0 //增加BRIDGE=br0,删除IPADDR,NETMASK,GATEWAY,DNS1
vi ifcfg-br0//修改DEVICE为br0,Type为Bridge,把eth0的网络设置设置到这里来
# cd /etc/sysconfig/network-scripts/
# cp ifcfg-ens33 ifcfg-br0
# vim ifcfg-br0
TYPE=Bridge
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=br0
##UUID=3b000477-c3db-4855-b5ba-c73bb1546b3a
DEVICE=br0
ONBOOT=yes
IPADDR=192.168.72.130
NETMASK=255.255.255.0
GATEWAY=192.168.72.2
DNS1=119.29.29.29
DNS2=8.8.8.8
ZONE=work
http://p0weeraap.bkt.clouddn.com/xavi2017/180707/Lil4GDbD3F.png?imageslim
重启网卡:systemctl restart network
# systemctl restart network
http://p0weeraap.bkt.clouddn.com/xavi2017/180707/I6DeJjK87I.png?imageslim
删除ens33:0,并修改ifcfg-ens33中的内容,并添加一句BRIDGE=br0
# rm -f ifcfg-ens33:0
# ls
ficfg-ens33 ifcfg-lo ifdown-ippp ifdown-Team ifup-ib ifup-ppp init.ipv6-global
ifcfg-br0 ifcfg-lo.bak ifdown-ipv6 ifdown-TeamPortifup-ippp ifup-routes network-functions
ifcfg-ens33 ifcfg-有线连接_1ifdown-isdn ifdown-tunnel ifup-ipv6 ifup-sit network-functions-ipv6
ifcfg-ens33.bakifdown ifdown-post ifup ifup-isdn ifup-Team
ifcfg-ens37 ifdown-bnep ifdown-ppp ifup-aliases ifup-plip ifup-TeamPort
ifcfg-ens37-1 ifdown-eth ifdown-routesifup-bnep ifup-plusbifup-tunnel
ifcfg-ens37.bakifdown-ib ifdown-sit ifup-eth ifup-post ifup-wireless
# vim ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
#UUID=3b000477-c3db-4855-b5ba-c73bb1546b3a
DEVICE=ens33
ONBOOT=yes
#IPADDR=192.168.72.130
#NETMASK=255.255.255.0
#GATEWAY=192.168.72.2
#DNS1=119.29.29.29
#DNS2=8.8.8.8
#ZONE=work
BRIDGE=br0
修改完成后ens33没有了IP,而br0网卡有了IP
http://p0weeraap.bkt.clouddn.com/xavi2017/180707/cmGbLfJfme.png?imageslim
安装pipwork
git clone https://github.com/jpetazzo/pipework
cp pipework/pipework /usr/local/bin///不需要任何的编译,直接copy配置文件到bin目录下即可:
开启一个容器
# docker run -itd --net=none centos_with_nginx bash
8b065a783badf3c083b4f3c37a25ae9bc9e2a465cf3dab97455f8db606a57e6d
# docker exec -it 8b065a78 bash
# ifconfig
bash: ifconfig: command not found
给容器设置一个指定的IP地址:pipework br0 8b065a78 192.168.72.135/24@192.168.72.2
#135为容器的ip,@后面的ip为网关ip
# pipework br0 8b065a78 192.168.72.135/24@192.168.72.2
做题做完测试后,发现宿主机连不上网络了,百度一搜索,发现ifup这个命令奏效了
# vim ifcfg-ens33
# systemctl restart network
Job for network.service failed because the control process exited with error code. See "systemctl status network.service" and "journalctl -xe" for details.
# systemctl status network.service
● network.service - LSB: Bring up/down networking
Loaded: loaded (/etc/rc.d/init.d/network; bad; vendor preset: disabled)
Active: failed (Result: exit-code) since 日 2018-07-08 09:51:25 CST; 17s ago
Docs: man:systemd-sysv-generator(8)
Process: 15140 ExecStop=/etc/rc.d/init.d/network stop (code=exited, status=0/SUCCESS)
Process: 17079 ExecStart=/etc/rc.d/init.d/network start (code=exited, status=1/FAILURE)
Memory: 8.0K
7月 08 09:51:25 xavi network: RTNETLINK answers: File exists
7月 08 09:51:25 xavi network: RTNETLINK answers: File exists
7月 08 09:51:25 xavi network: RTNETLINK answers: File exists
7月 08 09:51:25 xavi network: RTNETLINK answers: File exists
7月 08 09:51:25 xavi network: RTNETLINK answers: File exists
7月 08 09:51:25 xavi network: RTNETLINK answers: File exists
7月 08 09:51:25 xavi systemd: network.service: control process exited, code=exited status=1
7月 08 09:51:25 xavi systemd: Failed to start LSB: Bring up/down networking.
7月 08 09:51:25 xavi systemd: Unit network.service entered failed state.
7月 08 09:51:25 xavi systemd: network.service failed.
# ifup ens33
# ping baidu.com
PING baidu.com (123.125.115.110) 56(84) bytes of data.
64 bytes from 123.125.115.110 (123.125.115.110): icmp_seq=1 ttl=128 time=35.4 ms
64 bytes from 123.125.115.110 (123.125.115.110): icmp_seq=2 ttl=128 time=50.1 ms
查看错误日志:tail -20 /var/log/messages
错误解决后,无法解决ens33显示IP的问题。
http://p0weeraap.bkt.clouddn.com/xavi2017/180708/C0K1FHlLFI.png?imageslim
页:
[1]