高手的存在,就是让服务10亿人的时候,你感觉只是为你一个人服务......

pipework配置docker容器网络

目录
  1. 1. 准备
  2. 2. 首先确认一下宿主机上的网卡模式为混杂模式,确认网络可以相互访问
  3. 3. 新建网桥
    1. 3.1. 192.168.43.17宿主机上配置:
      1. 3.1.1. 新建br0网桥
      2. 3.1.2. 修改网卡配置
      3. 3.1.3. 重启网卡
    2. 3.2. 192.168.43.240宿主机配置:
      1. 3.2.1. 新建br0网桥
      2. 3.2.2. 修改网卡配置
      3. 3.2.3. 重启网卡
  4. 4. 安装pipework
  5. 5. pipework配置容器网络
  6. 6. 配置完成,结果测试

我希望docker容器有以下几个特点:
1.独立的ip,可以和宿主机一个网段
2.多宿主机之间的容器相互连通
3.容器可以访问外部网络

docker容器默认是可以访问宿主机和外网,但是容器分配的ip不能满足一些业务需求。
比如同一台宿主机上面启动两个相同的apache,相同的域名;默认情况只能通过宿主机ip+映射端口的方式访问,不能通过域名的方式访问,这样测试人员用起来很不方便。

为了满足以上几点要求,可以通过如下方式实现:
1.在宿主机上新建网桥,网桥接口为宿主机网卡
2.pipework修改容器的ip
OK,下面来看看具体怎样配置:

准备

操作系统:centos7
docker版本:1.7
两台宿主机:
A:192.168.43.17
B:192.168.43.240

最终实现:
A上面启动两个容器,
IP分别为192.168.43.245,
192.168.43.246
B上面启动两个容器,
IP分别为192.168.43.247
192.168.43.248
4个容器相互连通,可以访问宿主机和外部网络。

首先确认一下宿主机上的网卡模式为混杂模式,确认网络可以相互访问

在实验时,发现docker容器不能访问外网,查了好几天的原因,最终发现我的物理网卡设置的混杂模式为拒绝,哎!!
Alt text

新建网桥

之间介绍过centos7网桥的配置,这里再配置一次:

192.168.43.17宿主机上配置:

新建br0网桥

1
2
3
4
5
6
7
8
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-br0 
DEVICE=br0
TYPE=Bridge
IPADDR=192.168.43.17
NETMASK=255.255.255.0
GATEWAY=192.168.43.3
ONBOOT=yes
BOOTPROTO=none

修改网卡配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens32 
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
IPV6_AUTOCONF=no
IPV6_DEFROUTE=no
IPV6_PEERDNS=no
IPV6_PEERROUTES=no
IPV6_FAILURE_FATAL=no
NAME=ens32
UUID=8af1da2e-d878-4325-b28a-f12d7ffbb85c
DEVICE=ens32
ONBOOT=yes
BRIDGE=br0
#IPADDR=192.168.43.17
#PREFIX=24
#GATEWAY=192.168.43.3

重启网卡

service network restart

检查一下成功没:
Alt text

192.168.43.240宿主机配置:

新建br0网桥

1
2
3
4
5
6
7
8
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-br0 
DEVICE=br0
TYPE=Bridge
IPADDR=192.168.43.240
NETMASK=255.255.255.0
GATEWAY=192.168.43.3
ONBOOT=yes
BOOTPROTO=none

修改网卡配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens32 
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
IPV6_AUTOCONF=no
IPV6_DEFROUTE=no
IPV6_PEERDNS=no
IPV6_PEERROUTES=no
IPV6_FAILURE_FATAL=no
NAME=ens32
UUID=8af1da2e-d878-4325-b28a-f12d7ffbb85c
DEVICE=ens32
ONBOOT=yes
BRIDGE=br0
#IPADDR=192.168.43.17
#PREFIX=24
#GATEWAY=192.168.43.3

重启网卡

service network restart

检查一下成功没:Alt text

安装pipework

二进制文件,可以从git上下载

1
2
3
# git clone https://github.com/jpetazzo/pipework   
# cd pipework/
# cp pipework  /usr/bin

Alt text

pipework配置容器网络

1.先启动一个容器,网络模式为none

docker run -ti –net=none –name=test1 docker.vemic.com:5000/centos5.11 /bin/bash

2.设置容器网络为192.168.43.245,网关为192.168.43.3

pipework br0 test1 192.168.43.245/24@192.168.43.3

进入容器看一下ip:
Alt text

按照以上方式配置其他容器
192.168.43.246
另外一台宿主机上配置:
192.168.43.247
192.168.43.248

配置完成,结果测试

登录到一个容器中,ping其他容器、宿主机、外部网络

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
[root@4b6561695c71 /]# ping 192.168.43.245
PING 192.168.43.245 (192.168.43.245) 56(84) bytes of data.
64 bytes from 192.168.43.245: icmp_seq=1 ttl=64 time=0.059 ms
^C
--- 192.168.43.245 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.059/0.059/0.059/0.000 ms
[root@4b6561695c71 /]# ping 192.168.43.246
PING 192.168.43.246 (192.168.43.246) 56(84) bytes of data.
64 bytes from 192.168.43.246: icmp_seq=1 ttl=64 time=0.209 ms
^C
--- 192.168.43.246 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.209/0.209/0.209/0.000 ms
[root@4b6561695c71 /]# ping 192.168.43.247
PING 192.168.43.247 (192.168.43.247) 56(84) bytes of data.
64 bytes from 192.168.43.247: icmp_seq=1 ttl=64 time=1.50 ms
^C
--- 192.168.43.247 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.505/1.505/1.505/0.000 ms
[root@4b6561695c71 /]# ping 192.168.43.248
PING 192.168.43.248 (192.168.43.248) 56(84) bytes of data.
64 bytes from 192.168.43.248: icmp_seq=1 ttl=64 time=1.61 ms
^C
--- 192.168.43.248 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.619/1.619/1.619/0.000 ms
[root@4b6561695c71 /]# ping 192.168.43.17
PING 192.168.43.17 (192.168.43.17) 56(84) bytes of data.
64 bytes from 192.168.43.17: icmp_seq=1 ttl=64 time=0.303 ms
64 bytes from 192.168.43.17: icmp_seq=2 ttl=64 time=0.086 ms
^C
--- 192.168.43.17 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.086/0.194/0.303/0.109 ms
[root@4b6561695c71 /]# ping 192.168.43.240
PING 192.168.43.240 (192.168.43.240) 56(84) bytes of data.
64 bytes from 192.168.43.240: icmp_seq=1 ttl=64 time=0.787 ms
64 bytes from 192.168.43.240: icmp_seq=2 ttl=64 time=0.617 ms
^C
--- 192.168.43.240 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.617/0.702/0.787/0.085 ms
[root@4b6561695c71 /]# ping 192.168.43.10
PING 192.168.43.10 (192.168.43.10) 56(84) bytes of data.
64 bytes from 192.168.43.10: icmp_seq=1 ttl=64 time=2.11 ms
64 bytes from 192.168.43.10: icmp_seq=2 ttl=64 time=0.415 ms
^C
--- 192.168.43.10 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.415/1.263/2.111/0.848 ms

都可以ping通