云计算实训38——docker网络、跨主机容器之间的通讯

一、docker⽹络

1.桥接--bridge

所有容器连接到桥就可以使⽤外⽹，使⽤nat让容器可以访问外⽹

使⽤ ip a s指令查看桥，所有容器连接到此桥，ip地址都是 172.17.0.0/16 ⽹段，桥是启动docker服务后出现，在centos使⽤

bridge-utils安装

1.下载bridge-utils

yum -y install bridge-utils.x86_64 

2.查看桥⽂件

yum provides *bin/brctl

3.查看桥

brctl show

4.使用network查看桥

docker network ls

2.仅主机--host

与主机共享⽹络，可让容器连接外⽹

所有容器与docker主机在同⼀个⽹络中，容器和外⽹相互访问



创建⼀个新的容器

[root@docker001 000]# docker run -d -p80 -v 

查看ip，默认在桥上

[root@docker001 000]# docker inspect a4b6|grep IPA

/opt/:/usr/share/nginx/html/ centosnginx:v1 

a4b6324a55e63a0966086a18519dd58fa26eaf91d0017d143d57f25312dfeb85

容器仅仅有lo⽹卡，不能与外界链接，在⾼级应⽤中使⽤，lo⽹卡，⽆法链接外⽹

查看ip，默认在桥上

[root@docker001 000]# docker inspect a4b6|grep IPA            "SecondaryIPAddresses": null,

            "IPAddress": "172.17.0.2",

                    "IPAMConfig": null,

                    "IPAddress": "172.17.0.2",

绑定其他的桥

[root@docker001 000]# docker run -d --network 

harbor_harbor centosnginx:v1 

21a283fd5e684038d218892700e2b9689c0555bf2c59a554f00554bd0daca55d

[root@docker001 000]# docker inspect 21a2|grep IPAdd

            "SecondaryIPAddresses": null,

            "IPAddress": "",

                    "IPAddress": "172.19.0.11",

\# 使⽤--network对⽹桥的选择

绑定host主机⽹络

[root@docker001 001]# docker run -it --network host yum:v0 /bin/bash

[root@docker001 /]# yum -y install iprout

\#内部查看ip是本地主机ip

\# 外部查看ip 没有

[root@docker001 001]# docker inspect 306d|grep IPAdd

            "SecondaryIPAddresses": null,

            "IPAddress": "",

                    "IPAddress": "",

主机名同真机，⽹络也同真机

优点：可以直接访问容器

缺点：端⼝占⽤，多容器同时运⾏⼀个服务，不建议，在测试环境中使⽤0

3.none

容器仅仅有lo⽹卡，不能与外界链接，在⾼级应⽤中使⽤，lo⽹卡，⽆法链接外⽹

二、跨主机容器之间通讯

1.工作原理

使用flannel为docker主机分配网段网段信息及ip信息保存在etcd数据库中flannel运行时，会从etcd数据库中读取配置docker的daemon文件，让docker0网卡和flannel的网段一致

2.flannel

overlay 覆盖型⽹络，不⽀持路由转发，通过数据etcd数据库保存⼦⽹信息以及⽹络分配信息

给每台主机分配⼀个⽹段，通过udp传输数据包

3.主控主机：node1

1.安装etcd

#安装etcd数据库

yum -y install etcd

2.安装flannel

#提供跨主机的容器网络通信

yum -y install flannel

3.修改etcd数据库配置
编辑配置文件

vim /etc/etcd/etcd.conf 

#----------------------------------------------------------------
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379,http://0.0.0.0:4001"
#----------------------------------------------------------------

#----------------------------------------------------------------------------
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.1.34:2379,http://192.168.1.34:4001"
#----------------------------------------------------------------------------
4.启动etcd数据库
[root@node1 ~]# systemctl start etcd.service

5.测试端口
[root@node1 ~]# netstat -lnput | grep 2379
tcp6       0      0 :::2379                 :::*                    LISTEN      1560/etcd           
[root@node1 ~]# netstat -lnput | grep 4001
tcp6       0      0 :::4001                 :::*                    LISTEN      1560/etcd  

6.设置开机自启动
[root@node1 ~]# systemctl enable etcd.service 

7.测试数据库的功能
#数据的存取

#使用etcd数据库存入数据
[root@node1 ~]# etcdctl set testdir/testkey0 1000
1000
#使用etcd数据库取出数据
[root@node1 ~]# etcdctl get testdir/testkey0
1000

[root@node1 ~]# etcdctl set b 123
123
[root@node1 ~]# 
[root@node1 ~]# etcdctl get b
123


8.测试集群健康
[root@node1 ~]# etcdctl -C http://192.168.1.34:2379 cluster-health
member 8e9e05c52164694d is healthy: got healthy result from http://192.168.1.34:2379
cluster is healthy
[root@node1 ~]# etcdctl -C http://192.168.1.34:4001 cluster-health
member 8e9e05c52164694d is healthy: got healthy result from http://192.168.1.34:2379
cluster is healthy

9.修改flannel配置文件

[root@node1 ~]# vim /etc/sysconfig/flanneld 

#-----------------------------------------------
FLANNEL_ETCD_ENDPOINTS="http://192.168.1.34:2379"
#-----------------------------------------------

10.向数据库中存⼊⽹段信息
[root@node1 ~]# etcdctl mk /atomic.io/network/config '{"Network":"172.20.0.0/16"}'
{"Network":"172.20.0.0/16"}

[root@node1 ~]# etcdctl get /atomic.io/network/config
{"Network":"172.20.0.0/16"}
[root@node1 ~]# systemctl start flanneld.service 
[root@node1 ~]# systemctl enable flanneld.service 

11.查看ip地址
[root@node1 ~]# ip a s

12.安装docker

[root@node1 ~]# rz -E
rz waiting to receive.
[root@node1 ~]# ls
anaconda-ks.cfg  docker.sh
[root@node1 ~]# source docker.sh 
[root@node1 ~]# systemctl start docker.service 

13.docker服务没有开启之前查看ip
[root@node1 ~]# ifconfig

14.启动docker服务后查看ip
[root@node1 ~]# systemctl start docker.service 
[root@node1 ~]# ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:9c:98:9b:7c  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
15.从其他主机复制一份daemon.json文件
[root@node1 ~]# scp root@192.168.1.32:/etc/docker/daemon.json /etc/docker/
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.32' (ECDSA) to the list of known hosts.
root@192.168.1.32's password: 
daemon.json                                 100%  329   126.4KB/s   00:00 
#重启docker
[root@node1 ~]# systemctl restart docker.service 
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.
此时出现启动不了的问题

#修改配置文件
[root@node1 ~]# vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd

16.查看flannel的子网ip
[root@node1 ~]# cat /run/flannel/subnet.env
FLANNEL_NETWORK=172.20.0.0/16
FLANNEL_SUBNET=172.20.76.1/24
FLANNEL_MTU=1472
FLANNEL_IPMASQ=false
FLANNEL_IPMASQ=false

17.编辑daemon.json文件
[root@node1 ~]# vim /etc/docker/daemon.json 
{
    "registry-mirrors": [
        "https://do.nark.eu.org",
        "https://dc.j8.work",
        "https://docker.m.daocloud.io",
        "https://dockerproxy.com",
        "https://docker.mirrors.ustc.edu.cn",
        "https://docker.nju.edu.cn"
    ],
	"hosts":[
		"tcp://0.0.0.0:2375",
		"unix:///var/run/docker.sock"
	],
	"insecure-registries":[
		"http://192.168.1.32:5000"
	],
	"bip" : "172.20.16.1/24",
	"mtu" : 1472
}

18.加载配置，重启docker
#重新加载daemon
[root@node1 ~]# systemctl daemon-reload 
#重启docker
[root@node1 ~]# systemctl restart docker.service 


19.拉取镜像
[root@node1 ~]# docker pull centos
#创建容器
[root@node1 ~]# docker run -it centos:latest /bin/bash
[root@8848da0d2c68 /]# [root@node1 ~]# 
#查看容器详细信息
[root@node1 ~]# docker inspect 8848da0d2c68

4.被控主机：node2

1.安装flannel

[root@node2 ~]# yum -y install flannel

2.配置flannel
#配置flannel文件
[root@node2 ~]# vim /etc/sysconfig/flanneld

# Flanneld configuration options  
# etcd url location.  Point this to the server where etcd runs
#------------------------------------------------
FLANNEL_ETCD_ENDPOINTS="http://192.168.1.34:2379"
#------------------------------------------------
#此处的ip为node1的ip
# etcd config key.  This is the configuration key that flannel queries
# For address range assignment
FLANNEL_ETCD_PREFIX="/atomic.io/network"
# Any additional options that you want to pass
#FLANNEL_OPTIONS=""


3.启动flannel

[root@node2 ~]# systemctl start flanneld.service

4.查看flannel分配的ip

[root@node2 ~]# cat /run/flannel/subnet.env 
FLANNEL_NETWORK=172.20.0.0/16
FLANNEL_SUBNET=172.20.32.1/24
FLANNEL_MTU=1472
FLANNEL_IPMASQ=false


5.安装docker

#拖拽docker.sh脚本
[root@node2 ~]# rz -E
rz waiting to receive.
[root@node2 ~]# ls
anaconda-ks.cfg  docker.sh
#让docker.sh脚本生效
[root@node2 ~]# source docker.sh 
#启动docker
[root@node2 ~]# systemctl start docker.service 

6.配置deamon

#从node1上传daemon文件到node2
[root@node2 ~]# scp root@192.168.1.34:/etc/docker/daemon.json /etc/docker/
Are you sure you want to continue connecting (yes/no)? yes
root@192.168.1.34's password: 
daemon.json 100%  428   274.9KB/s   00:00   
#查看flannel分配的ip
[root@node2 ~]# cat /run/flannel/subnet.env
FLANNEL_NETWORK=172.20.0.0/16
FLANNEL_SUBNET=172.20.32.1/24
FLANNEL_MTU=1472
FLANNEL_IPMASQ=false
#修改daemon.json文件
[root@node2 ~]# vim /etc/docker/daemon.json 
{
    "registry-mirrors": [
        "https://do.nark.eu.org",
        "https://dc.j8.work",
        "https://docker.m.daocloud.io",
        "https://dockerproxy.com",
        "https://docker.mirrors.ustc.edu.cn",
        "https://docker.nju.edu.cn"
    ],
	"hosts":[
		"tcp://0.0.0.0:2375",
		"unix:///var/run/docker.sock"
	],
	#----------------------------------------
	"insecure-registries":[
		"http://192.168.1.32:5000"
	],
	"bip" : "172.20.32.1/24",
	"mtu" : 1472
	#----------------------------------------
}
#修改docker.service文件
[root@node2 ~]# vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd

7.重启daemon

#此时重启docker会出现以下错误，按步骤操作即可
[root@node2 ~]# systemctl restart docker.service 
Warning: docker.service changed on disk. Run 'systemctl daemon-reload' to reload units.
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.
#重新加载daemon
[root@node2 ~]# systemctl daemon-reload
#重新启动docker服务
[root@node2 ~]# systemctl restart docker.service 

8.拉取centos镜像
[root@node2 ~]# docker pull centos
#创建容器
[root@node2 ~]# docker run -it centos:latest /bin/bash
[root@33d47b2e38ce /]#
#使用ctrl p+q 退出

#查看容器的详细信息
[root@node2 ~]# docker inspect 33d
"Gateway": "172.20.32.1",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "172.20.32.2",
            "IPPrefixLen": 24,
            "IPv6Gateway": "",
            "MacAddress": "02:42:ac:14:20:02",

9.ping node1中容器的ip

[root@node2 ~]# ping 172.20.76.1
PING 172.20.76.1 (172.20.76.1) 56(84) bytes of data.
64 bytes from 172.20.76.1: icmp_seq=1 ttl=62 time=1.14 ms
64 bytes from 172.20.76.1: icmp_seq=2 ttl=62 time=0.989 ms
64 bytes from 172.20.76.1: icmp_seq=3 ttl=62 time=0.833 ms
64 bytes from 172.20.76.1: icmp_seq=4 ttl=62 time=0.772 ms
^C
--- 172.20.76.1 ping statistics ---