7. Docker - 网络管理
一、Docker四种网络模式
- 第一种网络模式host
host模式: 使用--net=host指定docker使用的网络实际上和宿主机一样,在容器内看到的网卡ip是宿主机上的ip.
bash-3.2# docker run -it --rm --name network_host --net=host new_centos:01 bash
### --rm: 退出后删除该容器
### 宿主机执行ifconfig 与 容器执行ifconfig后进行ip对比,得到容器里的ip信息和宿主机的ip信息一样
bash-3.2 /# ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.40 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::be5f:f4ff:fe5e:4aad prefixlen 64 scopeid 0x20<link>
ether bc:5f:f4:5e:4a:ad txqueuelen 0 (Ethernet)
RX packets 274360905 bytes 286715259393 (267.0 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 136254081 bytes 11227340887 (10.4 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
…………………………………………………………………………………………………………………………………………………………………………………………
…………………………………………………………………………………………………………………………………………………………………………………………
…………………………………………………………………………………………………………………………………………………………………………………………
vethe82752b: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::d496:d3ff:feb0:3c93 prefixlen 64 scopeid 0x20<link>
ether d6:96:d3:b0:3c:93 txqueuelen 0 (Ethernet)
RX packets 7 bytes 558 (558.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 117 bytes 9042 (8.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- 第二种网络模式container
container模式: 使用--net=container:container_id/container_name多个容器使用共同的网络,看到的ip是一样的.
bash-3.2# docker exec -it 1e4cf0c7b5dc bash #进入任意一个容器
1e4cf0c7b5dc# yum -y install net-tools #安装ifconfig命令
1e4cf0c7b5dc# ifconfig |grep -A1 "eth0"
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.19 netmask 255.255.0.0 broadcast 0.0.0.0
bash-3.2# docker run -it --rm --name network_container --net=container:dced5597366d new_centos:01 bash
dced5597366d# ifconfig |grep -A1 "eth0"
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.19 netmask 255.255.0.0 broadcast 0.0.0.0
### 可以看到,两个容器id、ip都一样.
- 第三种网络模式none
none模式: 使用--net=none, 这种模式下,不会配置任何网络
bash-3.2# docker run -it --rm --name network_none --net=none new_centos:01 bash
c3af5c1d7616# ifconfig |grep -E 'eth0|lo'
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
loop txqueuelen 0 (Local Loopback)
c3af5c1d7616# ping baidu.com
ping: unknown host baidu.com
### 该模式创建容器后是没有网络的
- 第四种网络模式bridge
bridge模式: 使用--net=bridge.创建完容器默认为这种网络模式.类似与vmware的nat网络模式.
二、外部访问容器
- 进入容器,安装httpd服务
bash-3.2# docker exec -it 8e25 bash
8e2547638bb3# yum -y install httpd
8e2547638bb3# /usr/sbin/httpd #启动http服务
8e2547638bb3# lsof -i:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd 124 root 4u IPv6 5118010 0t0 TCP *:http (LISTEN)
- 把该容器保存为镜像
bash-3.2# docker commit -m "centos_with_httpd" -a "90root" 8e2547638bb3 centos_with_httpd:v1 #容器保存为镜像
bash-3.2# docker images #查看镜像
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
centos_with_httpd v1 aa7cc183e588 18 seconds ago 366.6 MB
bash-3.2# docker run -itd -p 5123:80 centos_with_httpd:v1 bash #将容器的80端口映射到宿主机的5123端口
bash-3.2# docker exec -it 23ecd12c7a10 bash #进入容器
23ecd12c7a10# /usr/sbin/httpd #启动http
23ecd12c7a10# echo "www.90root.com" > /var/www/html/1.html
23ecd12c7a10# curl 127.0.0.1/1.html
www.90root.com
bash-3.2# curl 192.168.1.40:5123/1.html
www.90root.com
### 后者浏览器访问192.168.1.40:5123/1.html
三、容器互联
- 安装mysql镜像
bash-3.2# docker run -itd centos-6-x86_minimal bash #创建容器
bash-3.2# docker exec -it 94b61b9ad0e9 bash
94b61b9ad0e9# yum -y install mysql-server
94b61b9ad0e9# /etc/init.d/mysqld start
- 把mysql容器保存为镜像
bash-3.2# docker commit -m "centos_6_with_mysql" -a "90root" 94b61b9ad0e9 centos6_mysql:v1
bash-3.2# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
centos6_mysql v1 0cc0a9a0001a 8 seconds ago 457.1 MB
- 以centos6_mysql、centos_with_httpd镜像分别创建两个容器并端口映射
bash-3.2# docker run -itd -p 13306:3306 --name centos6_mysql centos6_mysql:v1 bash #创建mysql容器.
bash-3.2# docker exec -it centos6_mysql bash
8606d161d004# /etc/init.d/mysqld start #启动mysql
bash-3.2# docker run -itd -p 10080:80 --name centos6_web --link centos6_mysql:db centos_with_httpd:v1 bash #创建web容器. --link 容器名:别名
bash-3.2# docker exec -it centos6_web bash
08bd05fd9517# telnet db 3306
Trying 172.17.0.23...
Connected to db.
Escape character is '^]'.
DHost '172.17.0.24' is not allowed to connect to this MySQL serverConnection closed by foreign host.
08bd05fd9517# cat /etc/hosts
172.17.0.23 db 8606d161d004 centos6_mysql
四、配置网桥(centos6)
为了使本地网络中的机器和Docker容器更方便的通信,我们经常会将Docker容器配置到和主机同一网段的需求… 我们只需要将Docker容器和宿主机的网卡桥接起来,再给Docker容器配上IP即可.
- 宿主机配置桥接网卡
bash-3.2# cd /etc/sysconfig/network-scripts/
bash-3.2# cp ifcfg-eth0 ifcfg-br0
bash-3.2# vim ifcfg-eth0
DEVICE=eth0
HWADDR=BC:5F:F4:5E:4A:AD
TYPE=Ethernet
UUID=b64d5263-4f16-453b-9971-ab052f101c9e
ONBOOT=yes
NM_CONTROLLED=yes
#BOOTPROTO=static
#IPADDR=192.168.1.40
#NETMASK=255.255.255.0
#GATEWAY=192.168.1.254
#DNS1=192.168.1.254
#DNS2=114.114.114.114
BRIDGE=br0
bash-3.2# vim ifcfg-br0
DEVICE=br0
TYPE=Bridge
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.1.40
NETMASK=255.255.255.0
GATEWAY=192.168.1.254
DNS1=192.168.1.254
DNS2=114.114.114.114
MTU=1500
bash-3.2# /etc/init.d/network restart
- 安装pipework
bash-3.2# git clone https://github.com/jpetazzo/pipework
bash-3.2# cp pipework/pipework /usr/local/bin/
- 使用桥接pipework创建一个新容器
bash-3.2# docker run -itd --net=none --name 90root_pipework centos_with_httpd:v1 bash
bash-3.2# rpm -Uvh https://repos.fedorapeople.org/openstack/EOL/openstack-grizzly/epel-6/iproute-2.6.32-130.el6ost.netns.2.x86_64.rpm
bash-3.2# pipework br0 90root_pipework 192.168.1.54/24
bash-3.2# docker exec -it 90root_pipework bash
ac16957506cc# ifconfig |grep -A1 "eth1"
eth1 Link encap:Ethernet HWaddr 9A:C6:E8:5E:8C:B8
inet addr:192.168.1.54 Bcast:192.168.1.255 Mask:255.255.255.0
### ping通外网即可.