Docker CentOS 7.x underlay网络 桥接网络配置
生活随笔
收集整理的這篇文章主要介紹了
Docker CentOS 7.x underlay网络 桥接网络配置
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
為什么要讓docker橋接物理網絡?
docker默認提供了一個隔離的內網環境,啟動時會建立一個docker0的虛擬網卡,每個容器都是連接到docker0網卡上的。而docker0的ip段為172.17.0.1,若想讓容器與宿主機同一網段的其他機器訪問,就必須在啟動docker的時候將某個端口映射到宿主機的端口上才行,例如:docker run -itd -p 22 centos。這是我們所不能接受的,想想每個應用都要絞盡腦汁的去設置端口,因為不能重復,如果應用有多端口那更是不堪設想啊。所以為了讓容器與宿主機同一個網段,我們需要建立自己的橋接網絡。
?
?centos7宿主機上建立Docker橋接物理網絡過程
宿主機網卡信息:
DEVICE=ens33 IPADDR=192.168.179.99 GATEWAY=192.168.179.2 NETMASK=255.255.255.0 DNS1=114.114.114.114 DNS2=8.8.8.8創建橋接物理網絡
(1)新建br0橋接網絡,brctl show可以查看(需安裝bridge-utils)
(2)將宿主機物理網卡IP、掩碼、網關、dns(或者dhcp)配置到br0上
(3)刪除宿主機物理網卡IP、掩碼、網關、dns(或者dhcp)配置
(4)將宿主機物理網卡加入到br0
?
過程步驟如下
自定義br0橋接網卡?
[root@localhost ~]# cd /etc/sysconfig/network-scripts/ [root@localhost network-scripts]# cp ifcfg-ens33 ifcfg-ens33.bak [root@localhost network-scripts]# vim ifcfg-ens33 BRIDGE="br0"#加上一行任意位置,指定橋接網卡的名字,告訴ens33 br0的流量可以通過ens33創建一個br0網卡,ens33是物理網卡,br0是橋接網卡
[root@localhost network-scripts]# cp ifcfg-ens33 ifcfg-br0 [root@localhost network-scripts]# vim ifcfg-br0 BOOTPROTO="static" DEVICE="br0" ONBOOT="yes" TYPE="Bridge" #橋接網卡,不是物理網卡,流量會橋接到真實網卡上面去 IPADDR=192.168.179.99 GATEWAY=192.168.179.2 NETMASK=255.255.255.0 DNS1=114.114.114.114 DNS2=8.8.8.8 [root@localhost network-scripts]# ifup ifcfg-br0 [root@localhost network-scripts]# systemctl restart network [root@localhost network-scripts]# [root@localhost network-scripts]# ifconfig br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 192.168.179.99 netmask 255.255.255.0 broadcast 192.168.179.255inet6 fe80::20c:29ff:feb4:8832 prefixlen 64 scopeid 0x20<link>ether 00:0c:29:b4:88:32 txqueuelen 1000 (Ethernet)RX packets 19 bytes 1288 (1.2 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 18 bytes 1668 (1.6 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255inet6 fe80::42:55ff:feda:5064 prefixlen 64 scopeid 0x20<link>ether 02:42:55:da:50:64 txqueuelen 0 (Ethernet)RX packets 103 bytes 6328 (6.1 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 71 bytes 78767 (76.9 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500ether 00:0c:29:b4:88:32 txqueuelen 1000 (Ethernet)RX packets 8524 bytes 8954821 (8.5 MiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 2524 bytes 278175 (271.6 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0[root@localhost ~]# brctl show bridge name bridge id STP enabled interfaces br0 8000.000c29934261 no ens33 docker0 8000.0242b435f546 no veth5404ab5將docke0干掉?
[root@localhost network-scripts]# ifconfig docker0 down [root@localhost network-scripts]# ifconfig br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 192.168.179.99 netmask 255.255.255.0 broadcast 192.168.179.255inet6 fe80::20c:29ff:feb4:8832 prefixlen 64 scopeid 0x20<link>ether 00:0c:29:b4:88:32 txqueuelen 1000 (Ethernet)RX packets 159 bytes 10966 (10.7 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 84 bytes 10820 (10.5 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500ether 00:0c:29:b4:88:32 txqueuelen 1000 (Ethernet)RX packets 8664 bytes 8966459 (8.5 MiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 2591 bytes 288933 (282.1 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0[root@localhost ~]# brctl delbr docker0 [root@localhost ~]# brctl show bridge name bridge id STP enabled interfaces br0 8000.000c29934261 no ens33以后的容器使用br0這個網橋,就不再使用docker0了,因為新建了橋接網卡就不需要docker0了,只要保證有一個橋接網卡就行。
這個時候每一個容器的ip都和物理機的IP在一個網段了,容器可以直接上網,別的機器也可以連接容器了,跨網段也可以訪問了。
[root@www ~]# vim /usr/lib/systemd/system/docker.service ExecStart=/usr/bin/dockerd -b br0 -H fd:// --containerd=/run/containerd/containerd.sock [root@localhost ~]# systemctl daemon-reload [root@localhost ~]# systemctl restart docker[root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@localhost ~]# docker run -itd centos7-ssh 3a4e99ca426dd1586d831cfb02941a3c0652ade34c14875942dbe34edaca52ab [root@www ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 3a4e99ca426d centos7-ssh "/bin/sh -c /usr/sbi?? 3 seconds ago Up 2 seconds 22/tcp upbeat_kirch [root@localhost ~]# docker exec -it 3a4e99ca426d ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 192.168.179.1 netmask 255.255.255.0 broadcast 192.168.179.255ether 02:42:c0:a8:b3:01 txqueuelen 0 (Ethernet)RX packets 10 bytes 768 (768.0 B)RX errors 0 dropped 0 overruns 0 frame 0TX packets 2 bytes 84 (84.0 B)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0[root@localhost ~]# ifconfig | grep veth veth0635c6e: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 [root@localhost ~]# brctl show bridge name bridge id STP enabled interfaces br0 8000.000c29934261 no ens33veth0635c6e[root@localhost ~]# docker exec 3a4e99ca426d route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.179.99 0.0.0.0 UG 0 0 0 eth0 192.168.179.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0外網可以直接訪問容器就不需要做NAT端口映射
Connecting to 192.168.179.1:22... Connection established. To escape to local shell, press 'Ctrl+Alt+]'.?
?
如果不想通過DHCP分配使用(為了避免自動分配IP和宿主機的網關發生沖突)
安裝pipework?
[root@localhost ~]# yum install git -y [root@localhost ~]# git clone https://github.com/jpetazzo/pipework Cloning into 'pipework'... remote: Enumerating objects: 8, done. remote: Counting objects: 100% (8/8), done. remote: Compressing objects: 100% (6/6), done. remote: Total 518 (delta 2), reused 5 (delta 2), pack-reused 510 Receiving objects: 100% (518/518), 182.72 KiB | 13.00 KiB/s, done. Resolving deltas: 100% (272/272), done.[root@localhost ~]# cp pipework/pipework /usr/local/bin/如果不想通過DHCP分配使用,為了避免自動分配IP和宿主機的網關發生沖突?
[root@localhost ~]# docker run -itd --name=os5 --net=none centos7-ssh c4d7dfddd5167d7c0d1f2ef0f7c2cf418e6c4e58bb1284ca68494baf3732e480[root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c4d7dfddd516 centos7-ssh "/bin/sh -c /usr/sbi…" 11 seconds ago Up 11 seconds os5[root@localhost ~]# docker inspect c4d7dfddd516 | grep -i ipaddr"SecondaryIPAddresses": null,"IPAddress": "","IPAddress": "", #24位配置掩碼 @后面接上網關(br0的Ip地址) [root@localhost ~]# pipework br0 c4d7dfddd516 192.168.179.110/24@192.168.179.99 [root@localhost ~]# docker exec -it c4d7dfddd516 /bin/bash [root@6fd3a25a39e9 ansible]# ifconfig eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 192.168.179.110 netmask 255.255.255.0 broadcast 192.168.179.255ether da:35:b9:e9:b7:6d txqueuelen 1000 (Ethernet)RX packets 34 bytes 3337 (3.2 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 11 bytes 873 (873.0 B)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0[root@6fd3a25a39e9 ~]# traceroute www.baidu.com traceroute to www.baidu.com (180.101.49.11), 30 hops max, 60 byte packets1 * * *2 192.168.179.2 (192.168.179.2) 0.246 ms 0.155 ms 0.113 ms[root@6fd3a25a39e9 ansible]# ping www.baidu.com PING www.a.shifen.com (180.101.49.12) 56(84) bytes of data. 64 bytes from 180.101.49.12 (180.101.49.12): icmp_seq=1 ttl=50 time=16.6 ms 64 bytes from 180.101.49.12 (180.101.49.12): icmp_seq=2 ttl=50 time=20.4 ms ^C總結
以上是生活随笔為你收集整理的Docker CentOS 7.x underlay网络 桥接网络配置的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: c语言停车场的收费管理系统,c语言停车场
- 下一篇: 用C语言实现简单的猜数字小游戏