建立docker靜態化IP
配置橋接網路
橋接本地物理網路的目的,是為了區域網內使用者方便訪問 docker 例項中服務,不需要各種埠對映即可訪問服務。 但是這樣做,又違背了 docker 容器的安全隔離的原則,工作中辯證的選擇。
建立橋接裝置:
安裝包:
[[email protected] ~]# rpm -ivh /mnt/Packages/bridge-utils-1.5-9.el7.x86_64.rpm
把網絡卡幫到br0橋裝置上
[[email protected] ~]# cd /etc/sysconfig/network-scripts/
[[email protected] network-scripts]# cp ifcfg-ens33 /opt/
[[email protected] network-scripts]# vim ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=74a03b29-1fe1-4c5c-8361-4c25e321ea47
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.199.7 刪除地址相關的配置
NETMASK=255.255.255.0
GATEWAY=192.168.199.1
DNS=114.114.114.114
DNS2=119.29.29.29
BRIDGE=br0 新增該配置
[[email protected] network-scripts]# vim ifcfg-br0
DEVICE="br0"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Bridge"
BOOTPROTO=none
IPADDR=192.168.209.7
NETMASK=255.255.255.0
GATEWAY=192.168.209.254
DNS1=114.114.114.114
[[email protected] network-scripts]# systemctl restart network 重啟網路服務
檢視地址:
[[email protected] network-scripts]# ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.209.7 netmask 255.255.255.0 broadcast 192.168.209.255
inet6 fe80::20c:29ff:fe73:f66b prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:73:f6:6b txqueuelen 1000 (Ethernet)
RX packets 927 bytes 65484 (63.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 345 bytes 45743 (44.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
ether 02:42:ae:a2:84:7e txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 00:0c:29:73:f6:6b txqueuelen 1000 (Ethernet)
RX packets 978 bytes 82130 (80.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 471 bytes 62022 (60.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
使用pipework給容器繫結靜態IP地址
給容器繫結IP地址使用pipework這個工具
[[email protected] ~]# git clone https://github.com/jpetazzo/pipework.git
[[email protected] ~]# cd pipework/
[[email protected] pipework]# ls
docker-compose.yml doctoc LICENSE pipework pipework.spec README.md
[[email protected] pipework]# cp pipework /usr/local/bin/
[[email protected] pipework]# ls /usr/local/bin/
pipework
至此pipework安裝完畢。
啟動容器
[[email protected] ~]# docker run -itd --net=none --privileged=true docker.io/centos:latest bash
[[email protected] ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
742430cbc590 docker.io/centos:latest "bash" 11 hours ago Up 6 seconds goofy_mestorf
[[email protected] ~]# pipework br0 742430cbc590 192.168.209.10/[email protected] 繫結IP
[[email protected] ~]# ping 192.168.209.10
PING 192.168.209.10 (192.168.209.10) 56(84) bytes of data.
64 bytes from 192.168.209.10: icmp_seq=1 ttl=64 time=0.333 ms
檢視容器的IP:
[[email protected] ~]# docker exec -it 742430cbc590 bash
[[email protected] /]# yum install net-tools -y docker中沒有ifconfig命令。需要安裝
[[email protected] /]# ifconfig
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.209.10 netmask 255.255.255.0 broadcast 192.168.209.255
inet6 fe80::6435:e4ff:fee5:49e6 prefixlen 64 scopeid 0x20<link>
ether 66:35:e4:e5:49:e6 txqueuelen 1000 (Ethernet)
RX packets 459 bytes 363810 (355.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 145 bytes 10285 (10.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
到此給容器綁定了靜態IP,但是有一個缺點就是容器一旦重啟地址就會失效。
實戰:
使用靜態IP啟動一個web服務。
在上面的容器的基礎上,來做該實驗。
[[email protected] ~]# docker exec -it 742430cbc590 bash
[[email protected] /]# yum install httpd -y 安裝服務
[[email protected] /]# systemctl start httpd 這樣啟動時不行的
Failed to get D-Bus connection: Operation not permitted
[[email protected] /]# httpd 使用httpd啟動
建立測試頁:
[[email protected] /]# echo "this is a test" > /var/www/html/index.html
測試: