Docker指定網橋和指定網橋IP
阿新 • • 發佈:2019-01-01
$ docker network
ls
NETWORK ID NAME DRIVER
7fca4eb8c647 bridge bridge
9f904ee27bf5 none null
cf03ee007fb4 host host
Bridge
預設bridge網路,我們可以使用docker network inspect命令檢視返回的網路資訊,我們使用docker run 命令是將網路自動應用到新的容器
Host
如果是hosts模式,啟動容器時不會獲得獨立的網路namespace,而是和宿主機使用同一個,容器不會有網絡卡和ip,但是除了網路其他方面還是獨立的
Container
如果是container指定的新建立的會和已經存在的容器共享一個網路namespace,不和宿主機有共享網路,也不會有自己的網絡卡和ip,而是和指定的容器共享,除了網路之外其他都是獨立的
None
docker容器有自己的網路namespace,但是和docker容器的網路配置沒有關係,這個none的容器是沒有網絡卡,ip,路由等,我們要手動指定
一,指定網橋
I. 1.1建立網橋
[[email protected] ~]# docker network create linuxea.com
af4526e387772f33b053ff2ab47e601ddf9618bc2d444770775723d76d3a1010
[[email protected] ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
3ebf99e55db8 bridge bridge local
7eb855581296 host host local
af4526e38777 linuxea.com bridge local
58d75a1a38bc none null local
[[email protected] ~]#
檢視linuxea.com
[[email protected] ~]# docker network inspect linuxea.com
[
{
"Name": "linuxea.com",
"Id": "af4526e387772f33b053ff2ab47e601ddf9618bc2d444770775723d76d3a1010",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1/16"
}
]
},
"Internal": false,
"Containers": {},
"Options": {},
下載映象
[[email protected] ~]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
6a5a5368e0c2: Pull complete
4aceccff346f: Pull complete
c8967f302193: Pull complete
Digest: sha256:1ebfe348d131e9657872de9881fe736612b2e8e1630e0508c354acb0350a4566
Status: Downloaded newer image for nginx:latest
II. 1.2指定網橋
[[email protected] ~]# docker run --network=linuxea.com -itd --name=mynginx nginx
b0ec2c7951fa5343d20218811005b16304f9ec5cb3107d06abbf60d5a94df248
[[email protected] ~]# docker network inspect linuxea.com
[
{
"Name": "linuxea.com",
"Id": "af4526e387772f33b053ff2ab47e601ddf9618bc2d444770775723d76d3a1010",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1/16"
}
]
},
"Internal": false,
"Containers": {
"b0ec2c7951fa5343d20218811005b16304f9ec5cb3107d06abbf60d5a94df248": {
"Name": "mynginx",
"EndpointID": "adaec00497b42ada6f6b251bff18a26623cfe96890a47df8b5da3c3d75582482",
"MacAddress": "02:42:ac:12:00:02",
"IPv4Address": "172.18.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
[[email protected] ~]# linuxea
二,指定網橋ip地址
2.1 指定docker0網段內的ip
我們手動指定--net=none,可以發現,容器中並沒有網絡卡
[[email protected] ~]# docker run --net=none --name mynginx -d -p 80:80 nginx
09b9819234338e47a8df7d3eba8daf23bf919b9fa2ea114d60742c3318dc2d69
[[email protected] ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
09b981923433 nginx "nginx -g 'daemon off" 7 seconds ago Up 5 seconds mynginx
[[email protected] ~]# /root/in.sh mynginx
[email protected]:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
[email protected]:/#
檢視docker0地址從172.17.0.0網段
[[email protected] ~]# ip addr show docker0
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:af:55:9a:54 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:afff:fe55:9a54/64 scope link
valid_lft forever preferred_lft forever
2.2 獲取pid
建立連線檔案後建立端到端網絡卡,將veth_db84e747c3繫結到docker0,並且啟動
[[email protected] ~]# docker inspect -f '{{.State.Pid}}' mynginx
28383
[[email protected] ~]# mkdir -p /var/run/netns
[[email protected] ~]# ln -s /proc/28383/ns/net /var/run/netns/28383
[[email protected] ~]# ip link add veth_db84e747c3 type veth peer name x
2.3安裝brctl-tools
yum install bridge-utils
[[email protected] ~]# brctl addif docker0 veth_db84e747c3
[[email protected] ~]# ip link set veth_db84e747c3 up
[[email protected] ~]# ip link set x netns 28383
此時mynginx中已經有塊網絡卡
[[email protected] mysql]# /root/in.sh mynginx
[email protected]:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
47: [email protected]: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 2a:bf:7a:75:58:5f brd ff:ff:ff:ff:ff:ff
[email protected]:/#
2.4 給新加網絡卡配置ip
[[email protected] ~]# ip netns exec 28383 ip link set dev x name eth0
[[email protected] ~]# ip netns exec 28383 ip link set eth0 up
[[email protected] ~]# ip netns exec 28383 ip addr add 172.17.0.100/24 dev eth0
[[email protected] ~]# ip netns exec 28383 ip route add default via 172.17.0.1
回到mynginx檢視ip已經固定設定
[email protected]:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
47: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 2a:bf:7a:75:58:5f brd ff:ff:ff:ff:ff:ff
inet 172.17.0.100/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::28bf:7aff:fe75:585f/64 scope link
valid_lft forever preferred_lft forever
[email protected]:/# ping -w 3 www.baidu.com
PING www.a.shifen.com (103.235.46.39): 56 data bytes
64 bytes from 103.235.46.39: icmp_seq=0 ttl=46 time=197.858 ms
64 bytes from 103.235.46.39: icmp_seq=1 ttl=46 time=209.700 ms
64 bytes from 103.235.46.39: icmp_seq=2 ttl=46 time=196.508 ms
--- www.a.shifen.com ping statistics ---
4 packets transmitted, 3 packets received, 25% packet loss
round-trip min/avg/max/stddev = 196.508/201.355/209.700/5.926 ms
[email protected]:/#
2.5 新增ip指令碼如下
[[email protected] ~]# cat /root/ip.sh
#!/bin/bash
# filename: bind_addr.sh
if [ `id -u` -ne 0 ];then
echo '必須使用root許可權'
exit
fi
if [ $# != 2 ]; then
echo "使用方法: $0 容器名字 IP"
exit 1
fi
container_name=$1
bind_ip=$2
container_id=`docker inspect -f '{{.Id}}' $container_name 2> /dev/null`
if [ ! $container_id ];then
echo "容器不存在"
exit 2
fi
bind_ip=`echo $bind_ip | egrep '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$'`
if [ ! $bind_ip ];then
echo "IP地址格式不正確"
exit 3
fi
container_minid=`echo $container_id | cut -c 1-10`
container_netmask=`ip addr show docker0 | grep "inet\b" | awk '{print $2}' | cut -d / -f2`
container_gw=`ip addr show docker0 | grep "inet\b" | awk '{print $2}' | cut -d / -f1`
bridge_name="veth_$container_minid"
container_ip=$bind_ip/$container_netmask
pid=`docker inspect -f '{{.State.Pid}}' $container_name 2> /dev/null`
if [ ! $pid ];then
echo "獲取容器$container_name的id失敗"
exit 4
fi
if [ ! -d /var/run/netns ];then
mkdir -p /var/run/netns
NETWORK ID NAME DRIVER
7fca4eb8c647 bridge bridge
9f904ee27bf5 none null
cf03ee007fb4 host host
Bridge
預設bridge網路,我們可以使用docker network inspect命令檢視返回的網路資訊,我們使用docker run 命令是將網路自動應用到新的容器
Host
如果是hosts模式,啟動容器時不會獲得獨立的網路namespace,而是和宿主機使用同一個,容器不會有網絡卡和ip,但是除了網路其他方面還是獨立的
Container
如果是container指定的新建立的會和已經存在的容器共享一個網路namespace,不和宿主機有共享網路,也不會有自己的網絡卡和ip,而是和指定的容器共享,除了網路之外其他都是獨立的
None
docker容器有自己的網路namespace,但是和docker容器的網路配置沒有關係,這個none的容器是沒有網絡卡,ip,路由等,我們要手動指定
一,指定網橋
I. 1.1建立網橋
[[email protected] ~]# docker network create linuxea.com
af4526e387772f33b053ff2ab47e601ddf9618bc2d444770775723d76d3a1010
[[email protected] ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
3ebf99e55db8 bridge bridge local
7eb855581296 host host local
af4526e38777 linuxea.com bridge local
58d75a1a38bc none null local
[[email protected] ~]#
檢視linuxea.com
[[email protected] ~]# docker network inspect linuxea.com
[
{
"Name": "linuxea.com",
"Id": "af4526e387772f33b053ff2ab47e601ddf9618bc2d444770775723d76d3a1010",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1/16"
}
]
},
"Internal": false,
"Containers": {},
"Options": {},
下載映象
[[email protected] ~]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
6a5a5368e0c2: Pull complete
4aceccff346f: Pull complete
c8967f302193: Pull complete
Digest: sha256:1ebfe348d131e9657872de9881fe736612b2e8e1630e0508c354acb0350a4566
Status: Downloaded newer image for nginx:latest
II. 1.2指定網橋
[[email protected] ~]# docker run --network=linuxea.com -itd --name=mynginx nginx
b0ec2c7951fa5343d20218811005b16304f9ec5cb3107d06abbf60d5a94df248
[[email protected] ~]# docker network inspect linuxea.com
[
{
"Name": "linuxea.com",
"Id": "af4526e387772f33b053ff2ab47e601ddf9618bc2d444770775723d76d3a1010",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1/16"
}
]
},
"Internal": false,
"Containers": {
"b0ec2c7951fa5343d20218811005b16304f9ec5cb3107d06abbf60d5a94df248": {
"Name": "mynginx",
"EndpointID": "adaec00497b42ada6f6b251bff18a26623cfe96890a47df8b5da3c3d75582482",
"MacAddress": "02:42:ac:12:00:02",
"IPv4Address": "172.18.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
[[email protected] ~]# linuxea
二,指定網橋ip地址
2.1 指定docker0網段內的ip
我們手動指定--net=none,可以發現,容器中並沒有網絡卡
[[email protected] ~]# docker run --net=none --name mynginx -d -p 80:80 nginx
09b9819234338e47a8df7d3eba8daf23bf919b9fa2ea114d60742c3318dc2d69
[[email protected] ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
09b981923433 nginx "nginx -g 'daemon off" 7 seconds ago Up 5 seconds mynginx
[[email protected] ~]# /root/in.sh mynginx
[email protected]:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
[email protected]:/#
檢視docker0地址從172.17.0.0網段
[[email protected] ~]# ip addr show docker0
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:af:55:9a:54 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:afff:fe55:9a54/64 scope link
valid_lft forever preferred_lft forever
2.2 獲取pid
建立連線檔案後建立端到端網絡卡,將veth_db84e747c3繫結到docker0,並且啟動
[[email protected] ~]# docker inspect -f '{{.State.Pid}}' mynginx
28383
[[email protected] ~]# mkdir -p /var/run/netns
[[email protected] ~]# ln -s /proc/28383/ns/net /var/run/netns/28383
[[email protected] ~]# ip link add veth_db84e747c3 type veth peer name x
2.3安裝brctl-tools
yum install bridge-utils
[[email protected] ~]# brctl addif docker0 veth_db84e747c3
[[email protected] ~]# ip link set veth_db84e747c3 up
[[email protected] ~]# ip link set x netns 28383
此時mynginx中已經有塊網絡卡
[[email protected] mysql]# /root/in.sh mynginx
[email protected]:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
47: [email protected]: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 2a:bf:7a:75:58:5f brd ff:ff:ff:ff:ff:ff
[email protected]:/#
2.4 給新加網絡卡配置ip
[[email protected] ~]# ip netns exec 28383 ip link set dev x name eth0
[[email protected] ~]# ip netns exec 28383 ip link set eth0 up
[[email protected] ~]# ip netns exec 28383 ip addr add 172.17.0.100/24 dev eth0
[[email protected] ~]# ip netns exec 28383 ip route add default via 172.17.0.1
回到mynginx檢視ip已經固定設定
[email protected]:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
47: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 2a:bf:7a:75:58:5f brd ff:ff:ff:ff:ff:ff
inet 172.17.0.100/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::28bf:7aff:fe75:585f/64 scope link
valid_lft forever preferred_lft forever
[email protected]:/# ping -w 3 www.baidu.com
PING www.a.shifen.com (103.235.46.39): 56 data bytes
64 bytes from 103.235.46.39: icmp_seq=0 ttl=46 time=197.858 ms
64 bytes from 103.235.46.39: icmp_seq=1 ttl=46 time=209.700 ms
64 bytes from 103.235.46.39: icmp_seq=2 ttl=46 time=196.508 ms
--- www.a.shifen.com ping statistics ---
4 packets transmitted, 3 packets received, 25% packet loss
round-trip min/avg/max/stddev = 196.508/201.355/209.700/5.926 ms
[email protected]:/#
2.5 新增ip指令碼如下
[[email protected] ~]# cat /root/ip.sh
#!/bin/bash
# filename: bind_addr.sh
if [ `id -u` -ne 0 ];then
echo '必須使用root許可權'
exit
fi
if [ $# != 2 ]; then
echo "使用方法: $0 容器名字 IP"
exit 1
fi
container_name=$1
bind_ip=$2
container_id=`docker inspect -f '{{.Id}}' $container_name 2> /dev/null`
if [ ! $container_id ];then
echo "容器不存在"
exit 2
fi
bind_ip=`echo $bind_ip | egrep '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$'`
if [ ! $bind_ip ];then
echo "IP地址格式不正確"
exit 3
fi
container_minid=`echo $container_id | cut -c 1-10`
container_netmask=`ip addr show docker0 | grep "inet\b" | awk '{print $2}' | cut -d / -f2`
container_gw=`ip addr show docker0 | grep "inet\b" | awk '{print $2}' | cut -d / -f1`
bridge_name="veth_$container_minid"
container_ip=$bind_ip/$container_netmask
pid=`docker inspect -f '{{.State.Pid}}' $container_name 2> /dev/null`
if [ ! $pid ];then
echo "獲取容器$container_name的id失敗"
exit 4
fi
if [ ! -d /var/run/netns ];then
mkdir -p /var/run/netns