琼杰笔记Docker名称空间可分为UTS、IPC、PID、Network、Mount、User6类,如下图。
Docker网络模式可分为隔离式网络、桥接式网络、Nat式网络、物理桥式网络四种。
Linux系统内可以用IP命令操作和使用网络名称空间,使用IP命令需要先安装相关iproute的rpm软件包
[root@ecs-e84a ~]# rpm -q iproute
iproute-4.11.0-25.el7.x86_64
[root@ecs-e84a ~]# ip
Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }
ip [ -force ] -batch filename
where OBJECT := { link | address | addrlabel | route | rule | neigh | ntable |
tunnel | tuntap | maddress | mroute | mrule | monitor | xfrm |
netns | l2tp | fou | macsec | tcp_metrics | token | netconf | ila |
vrf }
OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |
-h[uman-readable] | -iec |
-f[amily] { inet | inet6 | ipx | dnet | mpls | bridge | link } |
-4 | -6 | -I | -D | -B | -0 |
-l[oops] { maximum-addr-flush-attempts } | -br[ief] |
-o[neline] | -t[imestamp] | -ts[hort] | -b[atch] [filename] |
-rc[vbuf] [size] | -n[etns] name | -a[ll] | -c[olor]}
[root@ecs-e84a ~]#
一、使用Docker网络模型实例:
1.创建网络空间
[root@ecs-e84a ~]# ip netns list [root@ecs-e84a ~]# ip netns add s1 [root@ecs-e84a ~]# ip netns add s2 [root@ecs-e84a ~]# ip netns list s2 s1
2.在网络空间中执行命令
[root@ecs-e84a ~]# ip netns exec s1 ifconfig -a lo: flags=8<LOOPBACK> mtu 65536 loop txqueuelen 1000 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
3.创建一对虚拟网卡
[root@ecs-e84a ~]# ip link add name veth1.1 type veth peer name veth1.2 [root@ecs-e84a ~]# ip link sh 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether fa:16:3e:b1:a4:b9 brd ff:ff:ff:ff:ff:ff 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default link/ether 02:42:1f:94:42:41 brd ff:ff:ff:ff:ff:ff 4: br-f971f97822cf: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default link/ether 02:42:70:ca:3e:93 brd ff:ff:ff:ff:ff:ff 7: veth1.2@veth1.1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether 2e:c4:a9:3c:b1:df brd ff:ff:ff:ff:ff:ff 8: veth1.1@veth1.2: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether 4a:a1:20:9f:a8:cb brd ff:ff:ff:ff:ff:ff
4.将创建的一个网络设备放在某个名称空间中
[root@ecs-e84a ~]# ip link set dev veth1.2 netns s1 [root@ecs-e84a ~]# ip link sh 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether fa:16:3e:b1:a4:b9 brd ff:ff:ff:ff:ff:ff 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default link/ether 02:42:1f:94:42:41 brd ff:ff:ff:ff:ff:ff 4: br-f971f97822cf: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default link/ether 02:42:70:ca:3e:93 brd ff:ff:ff:ff:ff:ff 8: veth1.1@if7: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether 4a:a1:20:9f:a8:cb brd ff:ff:ff:ff:ff:ff link-netnsid 0
查看网络设备移动到网络名称空间s1后的状态:
[root@ecs-e84a ~]# ip netns exec s1 ifconfig -a lo: flags=8<LOOPBACK> mtu 65536 loop txqueuelen 1000 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 veth1.2: flags=4098<BROADCAST,MULTICAST> mtu 1500 ether 2e:c4:a9:3c:b1:df txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
5.更改网络设备名称
[root@ecs-e84a ~]# ip netns exec s1 ifconfig -a eth0: flags=4098<BROADCAST,MULTICAST> mtu 1500 ether 2e:c4:a9:3c:b1:df txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=8<LOOPBACK> mtu 65536 loop txqueuelen 1000 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
6.激活网络设备
激活网络设备veth1.1 [root@ecs-e84a ~]# ifconfig veth1.1 10.1.0.1/24 up [root@ecs-e84a ~]# ifconfig ...此处省略N个字... veth1.1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 10.1.0.1 netmask 255.255.255.0 broadcast 10.1.0.255 ether 4a:a1:20:9f:a8:cb txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ...此处省略N个字...
激活网络设备veth1.2
[root@ecs-e84a ~]# ip netns exec s1 ifconfig eth0 10.1.0.2/24 up [root@ecs-e84a ~]# ip netns exec s1 ifconfig -a eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.1.0.2 netmask 255.255.255.0 broadcast 10.1.0.255 inet6 fe80::2cc4:a9ff:fe3c:b1df prefixlen 64 scopeid 0x20<link> ether 2e:c4:a9:3c:b1:df txqueuelen 1000 (Ethernet) RX packets 7 bytes 586 (586.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 7 bytes 586 (586.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ...此处省略N个字...
7.完成,此时即可在主机与网络名称空间s1进行通信:
[root@ecs-e84a ~]# ping 10.1.0.2 PING 10.1.0.2 (10.1.0.2) 56(84) bytes of data. 64 bytes from 10.1.0.2: icmp_seq=1 ttl=64 time=0.060 ms 64 bytes from 10.1.0.2: icmp_seq=2 ttl=64 time=0.042 ms 64 bytes from 10.1.0.2: icmp_seq=3 ttl=64 time=0.046 ms
8.docker network命令新建docker桥:
docker network create -d bridge --subnet "172.27.0.0/16" --gateway "172.27.0.1" mybridge0
9.linux打开核心转发功能
改文件/proc/sys/net/ipv4/ip_forward值为1
二、更改docker0默认网络
更改/etc/docker/daemon.jason文件内容,添加如下内容:
{
"bip":"192.168.1.6/24",
"fixed-cidr":"10.20.0.0/16",
"fixed-cidr-v6":"2001:db8::/64",
"mtu":1500,
"default-gateway":"10.20.1.1",
"default-gateway-v6","2001:db8:abcd::89",
"dns":["10.20.1.2","10.20.1.3"]
}
其中只要知名bip数值后其他除了dns外系统会自动计算出来,即核心选项为bip,bridge ip之意,用于指定docker0桥自身的IP地址。
三、以客户端的形式管理服务端Docker
docker守护进程为C/S架构,默认监听Unix Socket格式的套接字文件/var/run/docker.sock。
可更改/etc/docker/daemon.json文件添加如下内容,
"hosts":["tcp://0.0.0.0:2375","unix:///var/run/docker.sock"]
然后使用”-H | –host”选项来操作和管理其他docker daemon服务端,如查看docker服务端的image信息:
docker -H 10.0.0.1:2375 image ls
评论前必须登录!
注册