文章目錄
- 1.ip netns命令
- 2.操作網路名稱空間
- 3.容器常用操作
- 4.容器埠
- 5.自定義Docker0網橋的網路屬性資訊
- 6.自定義Docker網橋
1.ip netns命令
ip netns(ip network name space)命令可以用來對網路名稱空進行各種操作,該命令由iproute包提供,默認是安裝的,
ip netns幫助檔案
[root@docker ~]# ip netns help
Usage: ip netns list
ip netns add NAME
ip netns attach NAME PID
ip netns set NAME NETNSID
ip [-all] netns delete [NAME] #洗掉
ip netns identify [PID] #識別
ip netns pids NAME
ip [-all] netns exec [NAME] cmd .. #進行相應操作
ip netns monitor #監控
ip netns list-id [target-nsid POSITIVE-INT] [nsid POSITIVE-INT]
NETNSID := auto | POSITIVE-INT
添加網路名稱空間
[root@docker ~]# ip netns add oppo
[root@docker ~]# ip netns list
oppo
[root@docker ~]# ll /var/run/netns/ #創建的名稱空間在/var/run/netns下
總用量 0
-r--r--r--. 1 root root 0 8月 13 20:16 oppo
#注意
在此目錄下mkdir創建的名稱空間是不能使用的
2.操作網路名稱空間
2.1查看創建的名稱空間網卡資訊
[root@docker ~]# ip netns exec oppo ip addr
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
#oppo名稱空間默認是處于DOWN狀態
2.2啟動名稱空間lo回環口
[root@docker ~]# ip netns exec oppo ip link set lo up
root@docker ~]# ip netns exec oppo ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
[root@docker ~]# ip netns exec oppo ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.072 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.026 ms
2.3網路名稱設備veth
一個設備只能屬于一個網路名稱空間,veth(virtual ethernet) pair屬于可轉移設備,其它設備(lo,vxlan,ppp,bridge等)是不可以轉移的
2.4實作倆名稱空間通信
#添加veth型別的網卡設備,默認會創建一對
[root@docker ~]# ip link add type veth
[root@docker ~]# ip a
4: veth0@veth1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 56:7c:54:55:81:73 brd ff:ff:ff:ff:ff:ff
5: veth1@veth0: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 56:17:2f:ca:62:62 brd ff:ff:ff:ff:ff:ff
#添加倆個名稱空間
[root@docker ~]# ip netns add vtest01
[root@docker ~]# ip netns add vtest02
#veth0添加到vtest01 veth1添加到vtest02 系結
[root@docker ~]# ip link set veth0 netns vtest01
[root@docker ~]# ip link set veth1 netns vtest02
#再次查看,顯示veth設備全部沒有了,而是轉移到名稱空間內了
[root@docker ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:90:1f:fa brd ff:ff:ff:ff:ff:ff
inet 192.168.136.233/24 brd 192.168.136.255 scope global dynamic noprefixroute ens33
valid_lft 1181sec preferred_lft 1181sec
inet6 fe80::314b:11d8:7c1b:d9bb/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:05:9e:a7:70 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
#查看veth設備bind的情況
[root@docker ~]# ip netns exec vtest01 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
4: veth0@if5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 56:7c:54:55:81:73 brd ff:ff:ff:ff:ff:ff link-netns vtest02
[root@docker ~]# ip netns exec vtest02 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loo
#分別對veth進行開啟和創建ip
[root@docker ~]# ip netns exec vtest01 ip link set veth0 up
[root@docker ~]# ip netns exec vtest02 ip link set veth1 up
[root@docker ~]# ip netns exec vtest01 ip addr add 10.0.0.1/24 dev veth0
[root@docker ~]# ip netns exec vtest02 ip addr add 10.0.0.2/24 dev veth1
2.5重命名網卡設備
重命名網卡可以實作規范化
ip netns exec vtest01 ip link set veth0 down
ip netns exec vtest02 ip link set veth1 down
ip netns exec vtest01 ip link set dev veth0 name eth0
ip netns exec vtest02 ip link set dev veth1 name eth1
3.容器常用操作
3.1修改容器主機名
容器的host默認是容器的ID
#運行一個基于busybox鏡像取名叫test04的容器,該網路型別是bridge模式,
互動并且退出自動洗掉容器的模式,容器主機名設定為tom
[root@docker ~]# docker run -it --name test04 --network bridge --hostname tom --rm busybox
/ # hostname
tom
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.3 tom #主機名與ip成映射關系
~ # cat /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 192.168.136.2 DNS也會自動配置為宿主機的DNS
~ # ping www.baidu.com
PING www.baidu.com (36.152.44.96): 56 data bytes
64 bytes from 36.152.44.96: seq=0 ttl=127 time=21.226 ms
64 bytes from 36.152.44.96: seq=1 ttl=127 time=20.096 ms
3.2手動生成DNS
[root@docker ~]# docker run -it --name test04 --network bridge --hostname tom --dns 114.114.114.114 --rm busybox
/ # cat /etc/resolv.conf
search localdomain
nameserver 114.114.114.114
/ # ping baidu.com #能夠通信
PING baidu.com (220.181.38.148): 56 data bytes
64 bytes from 220.181.38.148: seq=0 ttl=127 time=27.561 ms
64 bytes from 220.181.38.148: seq=1 ttl=127 time=27.523 ms
/ # nslookup www.baidu.com #查看baidu服務資訊
Server: 114.114.114.114
Address: 114.114.114.114:53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com #容器內查看的別名資訊
Name: www.a.shifen.com
Address: 36.152.44.96
Name: www.a.shifen.com
Address: 36.152.44.95
3.3添加域名ip
[root@docker ~]# docker run -it --name t1 --network bridge --add-host www.a.com:1.2.3.4 --rm busybox
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
1.2.3.4 www.a.com #添加成功
4.容器埠
-p :80(隨機埠)
指定容器的埠號,通過本地的ip地址分配隨機埠號
[root@docker ~]# docker run -it --name web --rm -p 80 nginx
#另一終端查看隨機埠情況
[root@docker ~]# docker port web
80/tcp -> 0.0.0.0:49153
80/tcp -> :::49153
查看訪問到的內容:
[root@docker ~]# curl 192.168.136.233:49153
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
-p 8080:80(指定埠)
ip地址跟上指定的埠號8080訪問
[root@docker ~]# docker run --name web --rm -p 8080:80 nginx
[root@docker ~]# docker port web
80/tcp -> 0.0.0.0:8080
80/tcp -> :::8080
curl: 192.168.136.233:8080 #進行訪問
-p 指定ip::容器埠號
只能通過指定的ip和埠號訪問
[root@docker ~]# docker run --name web --rm -p 192.168.136.233::80 nginx
[root@docker ~]# docker port web
80/tcp -> 192.168.136.233:49154
5.自定義Docker0網橋的網路屬性資訊
Docker官網檔案:https://docs.docker.com/get-started/overview/
5.1Docker0網路配置修改
修改docker0的網路資訊需要修改/etc/docker/daemon.json組態檔
#改json模板前面幾行均以“x”: "x",空格逗號分開,最后一行不需要
{ "bip": "192.168.1.5/24", #(bridge ip)指定docker0橋自身的ip地址,本行最重要,其它可以通過計算得到
"fixed-cidr": "192.168.1.5/25",
"fixed-cidr-v6": "2001:db8::/64",
"mtu": 1500,
"default-gateway": "10.20.1.1",
"default-gateway-v6": "2001:db8:abcd::89",
"dns": ["10.20.1.2","10.20.1.3"]
}
具體實體:
[root@docker ~]# cat /etc/docker/daemon.json
{
"bip": "192.168.1.5/24"
}
[root@docker ~]# systemctl daemon-reload
[root@docker ~]# systemctl restart docker
[root@docker ~]# ip a
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:7a:f3:b8:3a brd ff:ff:ff:ff:ff:ff
inet 192.168.1.5/24 brd 192.168.1.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:7aff:fef3:b83a/64 scope link
valid_lft forever preferred_lft forever
5.2Docker遠程連接(這個比較撈,了解即可)
docker遠程連接是客戶端連接到服務端設備,查看修改服務端容器的程序,
dockerd默認監聽unix socket的地址(/var/run/docker.sock),使用TCP套接字的話,則需要修改/etc/docker/daemon.json組態檔
服務端:
"hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]
客戶端:
dockerd通過-H hsot指定控制哪臺主機的docker容器
docker -H host:port ps
遠程連接具體實體:
環境:
| 系統 | ip | 角色 |
|---|---|---|
| centos8 | 192.168.136.233 | 服務端 |
| centos8 | 192.168.136.234 | 客戶端 |
相應操作:
1.修改/etc/docker/daemon.json檔案
[root@docker ~]# cat /etc/docker/daemon.json
{
"bip": "192.168.1.5/24",
"host": ["tcp://0.0.0.0:2375","unix:///var/run/docker.sock"]
}
2.重新加載系統檔案
[root@docker ~]# systemctl daemon-reload
#重啟docker會出現錯誤,該錯誤一定會出現!!配置docker.conf即可
[root@docker ~]# systemctl restart docker
Job for docker.service failed because the control process exited with error code.
See "systemctl status docker.service" and "journalctl -xe" for details.
3.查看官網檔案解決問題
請創建一個/etc/systemd/system/docker.service.d/docker.conf包含以下內容的新檔案,
以洗掉-H默認情況下啟動守護程式時使用的引數,
[root@docker docker.service.d]# pwd
/etc/systemd/system/docker.service.d
[root@docker docker.service]# cat docker.conf
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd
[root@docker ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:2375
#2375埠已起
4.服務端啟動一個容器
[root@docker ~]# docker run --name web --rm -p 8080:80 nginx
[root@docker ~]# docker port web
80/tcp -> 0.0.0.0:8080
80/tcp -> :::8080
#(客戶端)查看到服務端的容器資訊
[root@192 ~]# docker -H 192.168.136.233:2375 ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
09e9ffd0cafa nginx "/docker-entrypoint.…" About a minute ago Up About a minute 0.0.0.0:8080->80/tcp, :::8080->80/tcp web
6.自定義Docker網橋
系統默認的3種橋模式
[root@docker ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
126834ad50ad bridge bridge local
1ee1539d1299 host host local
4b16e7092184 none null local
自定義一個br0的網橋
subnet:子網 -d:守護行程
[root@docker ~]# docker network create -d bridge --subnet "10.0.0.0/24" --gateway "10.0.0.1" br0
aba825bc95dff2aca307dcd27229f6432ca735b9736d92492bf97f868e12c34d
使用一個自定義br0網橋的容器
[root@docker ~]# docker run -it --name web --rm --network br0 busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
78: eth0@if79: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:0a:00:00:02 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.2/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
現在使用一個默認bridge的容器
[root@docker ~]# docker run -it --name web1 --rm --network bridge busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
80: eth0@if81: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:c0:a8:01:01 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global eth0
valid_lft forever preferred_lft forever
倆容器能通信嗎??
/ # ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2): 56 data bytes
/ # ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
#很明顯不能!!怎樣才能通信呢?
很簡單,只需要docker network把br0的網路加入到bridge里面即可
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a4b1081abd2b busybox "sh" 20 seconds ago Up 19 seconds web1 #bridge
118c11274699 busybox "sh" 42 seconds ago Up 41 seconds web #br0
#將自定義br0網段加入到 bridge里面去
[root@docker ~]# docker network connect br0 a4b1081abd2b
#bridge模式下的容器查看ip
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
86: eth0@if87: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:c0:a8:01:01 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global eth0
valid_lft forever preferred_lft forever
88: eth1@if89: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:0a:00:00:03 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.3/24 brd 10.0.0.255 scope global eth1
valid_lft forever preferred_lft forever #多了一個網段
#測驗通信
/ # ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2): 56 data bytes
64 bytes from 10.0.0.2: seq=0 ttl=64 time=0.165 ms
64 bytes from 10.0.0.2: seq=1 ttl=64 time=0.086 ms
64 bytes from 10.0.0.2: seq=2 ttl=64 time=0.064 ms
#依次類推,各個模式網段均可以加入到其它網路模式內,實作通信!!
轉載請註明出處,本文鏈接:https://www.uj5u.com/ruanti/294169.html
標籤:其他
上一篇:LNMP架構
下一篇:docker容器一