7. Docker - 網絡管理

時間 2019-12-07

原文原文鏈接

1、Docker四種網絡模式

第一種網絡模式host
host模式: 使用--net=host指定docker使用的網絡實際上和宿主機同樣,在容器內看到的網卡ip是宿主機上的ip.

bash-3.2# docker run -it --rm --name network_host --net=host new_centos:01 bash       
### --rm: 退出後刪除該容器
### 宿主機執行ifconfig 與 容器執行ifconfig後進行ip對比,獲得容器裏的ip信息和宿主機的ip信息同樣
bash-3.2 /# ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.40  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::be5f:f4ff:fe5e:4aad  prefixlen 64  scopeid 0x20<link>
        ether bc:5f:f4:5e:4a:ad  txqueuelen 0  (Ethernet)
        RX packets 274360905  bytes 286715259393 (267.0 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 136254081  bytes 11227340887 (10.4 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
…………………………………………………………………………………………………………………………………………………………………………………………
…………………………………………………………………………………………………………………………………………………………………………………………
…………………………………………………………………………………………………………………………………………………………………………………………
vethe82752b: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::d496:d3ff:feb0:3c93  prefixlen 64  scopeid 0x20<link>
        ether d6:96:d3:b0:3c:93  txqueuelen 0  (Ethernet)
        RX packets 7  bytes 558 (558.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 117  bytes 9042 (8.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

第二種網絡模式container
container模式: 使用--net=container:container_id/container_name多個容器使用共同的網絡,看到的ip是同樣的.

bash-3.2# docker exec -it 1e4cf0c7b5dc bash     #進入任意一個容器
1e4cf0c7b5dc# yum -y install net-tools      #安裝ifconfig命令
1e4cf0c7b5dc#  ifconfig |grep -A1 "eth0"
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.19  netmask 255.255.0.0  broadcast 0.0.0.0
bash-3.2# docker run -it --rm --name network_container --net=container:dced5597366d new_centos:01 bash
dced5597366d# ifconfig |grep -A1 "eth0"
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.19  netmask 255.255.0.0  broadcast 0.0.0.0
### 能夠看到,兩個容器id、ip都同樣.

第三種網絡模式none
none模式: 使用--net=none, 這種模式下,不會配置任何網絡

bash-3.2# docker run -it --rm --name network_none --net=none new_centos:01 bash 
c3af5c1d7616# ifconfig |grep -E 'eth0|lo'
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        loop  txqueuelen 0  (Local Loopback)
c3af5c1d7616# ping baidu.com
ping: unknown host baidu.com
### 該模式建立容器後是沒有網絡的

第四種網絡模式bridge
bridge模式: 使用--net=bridge.建立完容器默認爲這種網絡模式.相似與vmware的nat網絡模式.

2、外部訪問容器

進入容器,安裝httpd服務

bash-3.2# docker exec -it 8e25 bash
8e2547638bb3# yum -y install httpd
8e2547638bb3# /usr/sbin/httpd       #啓動http服務
8e2547638bb3# lsof -i:80
COMMAND PID USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
httpd   124 root    4u  IPv6 5118010      0t0  TCP *:http (LISTEN)

把該容器保存爲鏡像

bash-3.2# docker commit -m "centos_with_httpd" -a "90root" 8e2547638bb3 centos_with_httpd:v1      #容器保存爲鏡像
bash-3.2# docker images         #查看鏡像
REPOSITORY                  TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
centos_with_httpd           v1                  aa7cc183e588        18 seconds ago      366.6 MB
bash-3.2#  docker run -itd -p 5123:80 centos_with_httpd:v1 bash       #將容器的80端口映射到宿主機的5123端口
bash-3.2# docker exec -it 23ecd12c7a10 bash     #進入容器
23ecd12c7a10# /usr/sbin/httpd           #啓動http
23ecd12c7a10# echo "www.90root.com" > /var/www/html/1.html
23ecd12c7a10# curl 127.0.0.1/1.html
www.90root.com
bash-3.2# curl 192.168.1.40:5123/1.html
www.90root.com
### 後者瀏覽器訪問192.168.1.40:5123/1.html

3、容器互聯

安裝mysql鏡像

bash-3.2# docker run -itd centos-6-x86_minimal bash            #建立容器
bash-3.2# docker exec -it 94b61b9ad0e9 bash
94b61b9ad0e9# yum -y install mysql-server
94b61b9ad0e9# /etc/init.d/mysqld start

把mysql容器保存爲鏡像

bash-3.2# docker commit -m "centos_6_with_mysql" -a "90root" 94b61b9ad0e9 centos6_mysql:v1
bash-3.2# docker images
REPOSITORY                            TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
centos6_mysql                         v1                  0cc0a9a0001a        8 seconds ago       457.1 MB

以centos6_mysql、centos_with_httpd鏡像分別建立兩個容器並端口映射

bash-3.2# docker run -itd -p 13306:3306 --name centos6_mysql centos6_mysql:v1 bash     #建立mysql容器.
bash-3.2# docker exec -it centos6_mysql bash
8606d161d004# /etc/init.d/mysqld start      #啓動mysql
bash-3.2# docker run -itd -p 10080:80 --name centos6_web --link centos6_mysql:db centos_with_httpd:v1 bash       #建立web容器. --link 容器名:別名
bash-3.2# docker exec -it centos6_web bash
08bd05fd9517# telnet db 3306
Trying 172.17.0.23...
Connected to db.
Escape character is '^]'.
DHost '172.17.0.24' is not allowed to connect to this MySQL serverConnection closed by foreign host.
08bd05fd9517# cat /etc/hosts
172.17.0.23 db 8606d161d004 centos6_mysql

4、配置網橋(centos6)

爲了使本地網絡中的機器和Docker容器更方便的通訊,咱們常常會將Docker容器配置到和主機同一網段的需求… 咱們只須要將Docker容器和宿主機的網卡橋接起來,再給Docker容器配上IP便可.html

宿主機配置橋接網卡

bash-3.2# cd /etc/sysconfig/network-scripts/
bash-3.2# cp ifcfg-eth0 ifcfg-br0
bash-3.2# vim ifcfg-eth0
DEVICE=eth0
HWADDR=BC:5F:F4:5E:4A:AD
TYPE=Ethernet
UUID=b64d5263-4f16-453b-9971-ab052f101c9e
ONBOOT=yes
NM_CONTROLLED=yes
#BOOTPROTO=static
#IPADDR=192.168.1.40
#NETMASK=255.255.255.0
#GATEWAY=192.168.1.254
#DNS1=192.168.1.254
#DNS2=114.114.114.114
BRIDGE=br0
bash-3.2# vim ifcfg-br0
DEVICE=br0
TYPE=Bridge
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.1.40
NETMASK=255.255.255.0
GATEWAY=192.168.1.254
DNS1=192.168.1.254
DNS2=114.114.114.114
MTU=1500
bash-3.2# /etc/init.d/network restart

安裝pipework

bash-3.2# git clone https://github.com/jpetazzo/pipework
bash-3.2# cp pipework/pipework /usr/local/bin/

使用橋接pipework建立一個新容器

bash-3.2# docker run -itd --net=none --name 90root_pipework centos_with_httpd:v1 bash
bash-3.2# rpm -Uvh https://repos.fedorapeople.org/openstack/EOL/openstack-grizzly/epel-6/iproute-2.6.32-130.el6ost.netns.2.x86_64.rpm
bash-3.2# pipework br0 90root_pipework 192.168.1.54/24
bash-3.2# docker exec -it 90root_pipework bash
ac16957506cc# ifconfig |grep -A1 "eth1"
eth1      Link encap:Ethernet  HWaddr 9A:C6:E8:5E:8C:B8
          inet addr:192.168.1.54  Bcast:192.168.1.255  Mask:255.255.255.0
### ping通外網便可.

相關標籤/搜索

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。