第五章:网络管理
1.容器网络模式和iptables工作原理
[root@linux-node1 ~]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@linux-node1 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx v2 41238fb31cda 2 days ago 183MB
richarvey/nginx-php-fpm latest 1bb16fc4c08f 2 days ago 303MB
mysql latest 8d65ec712c69 6 days ago 445MB
nginx latest b175e7467d66 2 weeks ago 109MB
busybox latest 8ac48589692a 3 weeks ago 1.15MB
nginx 1.11 5766334bdaa0 12 months ago 183MB
nginx v1 5766334bdaa0 12 months ago 183MB
(1)bridge
[root@linux-node1 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
d186a9f2d359 bridge bridge local
c6290c433e26 host host local
a9181a8c22a0 lnmp bridge local
9004adeec394 none null local
[root@linux-node1 ~]# docker inspect nginx:v1
[root@linux-node1 ~]# yum search bridge
======================================================== N/S matched: bridge ========================================================
bridge-utils.x86_64 : Utilities for configuring the linux ethernet bridge
[root@linux-node1 ~]# yum install -y bridge-utils
[root@linux-node1 ~]# brctl show
bridge name bridge id STP enabled interfaces
br-a9181a8c22a0 8000.0242a07260f7 no veth4ae0396
veth89d76cc
docker0 8000.024240c3b7c1 no
[root@linux-node1 ~]# ifconfig
br-a9181a8c22a0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255
inet6 fe80::42:a0ff:fe72:60f7 prefixlen 64 scopeid 0x20<link>
ether 02:42:a0:72:60:f7 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:40:c3:b7:c1 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
//外网网卡eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.80 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::29e6:ddd9:505b:bedb prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:a7:d6:19 txqueuelen 1000 (Ethernet)
RX packets 27712 bytes 32874384 (31.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14246 bytes 1674257 (1.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.1.80 netmask 255.255.255.0 broadcast 172.16.1.255
inet6 fe80::2dc5:7c8e:2055:b0d6 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:a7:d6:23 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 23 bytes 1698 (1.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 38 bytes 3420 (3.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 38 bytes 3420 (3.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth4ae0396: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::9c36:ccff:fe31:1613 prefixlen 64 scopeid 0x20<link>
ether 9e:36:cc:31:16:13 txqueuelen 0 (Ethernet)
RX packets 375 bytes 291874 (285.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 486 bytes 51937 (50.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth89d76cc: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::a4fb:4eff:fe62:2d93 prefixlen 64 scopeid 0x20<link>
ether a6:fb:4e:62:2d:93 txqueuelen 0 (Ethernet)
RX packets 37 bytes 3078 (3.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 62 bytes 4641 (4.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
说明:宿主机上所有网桥是可以互相通信,因为都在同一个的网络的协议栈。
(2)host,与宿主机共用
比如监听一个80端口服务,使用host,则该容器使用的是宿主机的80端口。
[root@linux-node1 ~]# docker run -itd --name bs1 --net host busybox
08a9172be5767cf4fcc00d2c317a38021ee405afc624bb54331886e478496d2b
[root@linux-node1 ~]# docker exec -it bs1 /bin/bash
OCI runtime exec failed: exec failed: container_linux.go:348: starting container process caused "exec: \"/bin/bash\": stat /bin/bash: no such file or directory": unknown
[root@linux-node1 ~]# docker exec -it bs1 sh
/ # ifconfig //与宿主机一样看到
br-a9181a8c22a0 Link encap:Ethernet HWaddr 02:42:A0:72:60:F7
inet addr:172.18.0.1 Bcast:172.18.255.255 Mask:255.255.0.0
inet6 addr: fe80::42:a0ff:fe72:60f7/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:374 errors:0 dropped:0 overruns:0 frame:0
TX packets:491 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:286641 (279.9 KiB) TX bytes:52057 (50.8 KiB)
docker0 Link encap:Ethernet HWaddr 02:42:40:C3:B7:C1
inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth0 Link encap:Ethernet HWaddr 00:0C:29:A7:D6:19
inet addr:10.0.0.80 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::29e6:ddd9:505b:bedb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:28896 errors:0 dropped:0 overruns:0 frame:0
TX packets:14960 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:33749471 (32.1 MiB) TX bytes:1754095 (1.6 MiB)
eth1 Link encap:Ethernet HWaddr 00:0C:29:A7:D6:23
inet addr:172.16.1.80 Bcast:172.16.1.255 Mask:255.255.255.0
inet6 addr: fe80::2dc5:7c8e:2055:b0d6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:23 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:1698 (1.6 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:38 errors:0 dropped:0 overruns:0 frame:0
TX packets:38 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:3420 (3.3 KiB) TX bytes:3420 (3.3 KiB)
(3)none,对容器不做任何网络配置
[root@linux-node1 ~]# docker run -itd --name bs2 --net none busybox
9d36e3746c29ac9eeb1aef90793293e222f2340d93d71d4825dfbb399864db48
[root@linux-node1 ~]# docker exec -it bs2 sh
/ # ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
2.容器网络访问原理
(1)容器实现上外网方式
[root@linux-node1 ~]# docker run -itd --name bs3 busybox
33b69a955e1112a429a035eb698bc1659815fc42ea21668f8bef9907960526e1
[root@linux-node1 ~]# docker exec -it bs3 sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02
inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1156 (1.1 KiB) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ # ping www.baidu.com
PING www.baidu.com (183.232.231.172): 56 data bytes
64 bytes from 183.232.231.172: seq=0 ttl=127 time=49.945 ms
64 bytes from 183.232.231.172: seq=1 ttl=127 time=42.950 ms
^C
[root@linux-node1 ~]# iptables -vnL
[root@linux-node1 ~]# iptables -vnL -t nat
Chain PREROUTING (policy ACCEPT 11 packets, 1279 bytes)
pkts bytes target prot opt in out source destination
110 5660 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 8 packets, 1077 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
3 180 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) //重点!
pkts bytes target prot opt in out source destination
3 202 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0
0 0 MASQUERADE all -- * !br-a9181a8c22a0 172.18.0.0/16 0.0.0.0/0
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- br-a9181a8c22a0 * 0.0.0.0/0 0.0.0.0/0
[root@linux-node1 ~]# docker exec -it bs3 sh
/ # route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 172.17.0.1 0.0.0.0 UG 0 0 0 eth0
172.17.0.0 * 255.255.0.0 U 0 0 0 eth0
[root@linux-node1 ~]# ifconfig docker0
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:40ff:fec3:b7c1 prefixlen 64 scopeid 0x20<link>
ether 02:42:40:c3:b7:c1 txqueuelen 0 (Ethernet)
RX packets 11 bytes 605 (605.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 19 bytes 1550 (1.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@linux-node1 ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default gateway 0.0.0.0 UG 100 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
172.16.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eth1
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-a9181a8c22a0
说明:宿主机上所有网桥是可以互相通信,因为都在同一个的网络的协议栈。docker0作为网关可以将数据包交给外网网卡eth0,eth0有自己的路由表,会将数据包通过默认的网关gateway转发出去。能否访问外网全靠这个物理网卡来实现,路由器要能上外网进而转发数据包到外网。实现ping通外网。
(2)外部实现访问容器方式
例如创建一个容器,做一个端口映射。
[root@linux-node1 ~]# docker run -itd --name nginx01 -p 88:80 nginx
71e612a05217684ab546b53549e47eca53b4dd1385e002983203a2fa5072929f
[root@linux-node1 ~]# iptables -vnL -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
110 5660 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
3 180 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
6 409 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0
0 0 MASQUERADE all -- * !br-a9181a8c22a0 172.18.0.0/16 0.0.0.0/0
0 0 MASQUERADE tcp -- * * 172.17.0.3 172.17.0.3 tcp dpt:80
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- br-a9181a8c22a0 * 0.0.0.0/0 0.0.0.0/0
0 0 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:88 to:172.17.0.3:80
3.容器桥接宿主机网络与配置固定IP
例如根据需求让容器和宿主机设置在统一网段,不建议。
[root@linux-node1 ~]# ip a s eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:a7:d6:19 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.80/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::29e6:ddd9:505b:bedb/64 scope link
valid_lft forever preferred_lft forever
[root@linux-node1 ~]# ping 192.168.0.102
PING 192.168.0.102 (192.168.0.102) 56(84) bytes of data.
64 bytes from 192.168.0.102: icmp_seq=1 ttl=128 time=2.39 ms
64 bytes from 192.168.0.102: icmp_seq=2 ttl=128 time=0.865 ms
^C
--- 192.168.0.102 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.865/1.631/2.397/0.766 ms
[root@linux-node1 ~]# cat /etc/bridge.sh
#meng add 20180426
br_name=br0
brctl addbr $br_name
ip addr add 10.0.0.80/24 dev $br_name
ip addr del 10.0.0.80/24 dev eth0
ip link set $br_name up
brctl addif $br_name eth0
ip route add default via 10.0.0.0 dev br0
[root@linux-node1 ~]# /bin/sh /etc/bridge.sh
RTNETLINK answers: Invalid argument
[root@linux-node1 ~]# ping www.baidu.com
connect: Network is unreachable
[root@linux-node1 ~]# ip route add default via 10.0.0.254 dev br0
[root@linux-node1 ~]# ping www.baidu.com
PING www.a.shifen.com (183.232.231.173) 56(84) bytes of data.
64 bytes from 183.232.231.173 (183.232.231.173): icmp_seq=1 ttl=128 time=54.5 ms
64 bytes from 183.232.231.173 (183.232.231.173): icmp_seq=2 ttl=128 time=51.1 ms
^C
//br0创建成功,而且将物理IP绑定上了,eth0变空了。
[root@linux-node1 ~]# ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.80 netmask 255.255.255.0 broadcast 0.0.0.0
inet6 fe80::e8df:f1ff:fe70:4656 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:a7:d6:19 txqueuelen 1000 (Ethernet)
RX packets 599 bytes 46297 (45.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 349 bytes 43272 (42.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
br-a9181a8c22a0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255
ether 02:42:13:49:17:32 txqueuelen 0 (Ethernet)
RX packets 599 bytes 46297 (45.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 349 bytes 43272 (42.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:6e:df:60:5b txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::29e6:ddd9:505b:bedb prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:a7:d6:19 txqueuelen 1000 (Ethernet)
RX packets 1137 bytes 106330 (103.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 740 bytes 108242 (105.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.1.80 netmask 255.255.255.0 broadcast 172.16.1.255
inet6 fe80::2dc5:7c8e:2055:b0d6 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:a7:d6:23 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 13 bytes 954 (954.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 8 bytes 568 (568.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 568 (568.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@linux-node1 ~]# brctl show //即br0有我们的物理网卡。
bridge name bridge id STP enabled interfaces
br-a9181a8c22a0 8000.024213491732 no
br0 8000.000c29a7d619 no eth0
docker0 8000.02426edf605b no
br-a9181a8c22a0和docker0目前没用,因为现在是桥接宿主机网段。
[root@linux-node1 ~]# grep 'ExecStart' /usr/lib/systemd/system/docker.service
#ExecStart=/usr/bin/dockerd
ExecStart=/usr/bin/dockerd -b=br0
[root@linux-node1 ~]# systemctl daemon-reload
[root@linux-node1 ~]# systemctl restart docker
[root@linux-node1 ~]# docker run -itd --name bs4 busybox
a8f9cdd0a7d7518e1516a5264b72d99fbdf63fba4fc1f810e583b7c18f3a03b6
[root@linux-node1 ~]# docker exec -it bs4 sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:0A:00:00:01
inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:962 (962.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ # ping www.baidu.com
PING www.baidu.com (183.232.231.173): 56 data bytes
64 bytes from 183.232.231.173: seq=0 ttl=128 time=49.734 ms
ping: warning: got ICMP 5 (Redirect (change route))
64 bytes from 183.232.231.173: seq=1 ttl=128 time=50.035 ms
^C
这容器的IP默认从1开始,恰好不是网关,若IP配了网关不能上网则要重新配置IP:
[root@linux-node1 ~]# docker run -itd --name bs5 --net none busybox
8306f91ade98a105d74f892bfb35f510a82bdb419b88dd17c06a2e200cad8162
[root@linux-node1 ~]# docker exec -it bs5 sh
/ # ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
下载一个别人写好的工具,能对容器网络进行一些配置。
[root@linux-node1 ~]# git clone https://github.com/jpetazzo/pipework.git
[root@linux-node1 ~]# ls
anaconda-ks.cfg docker docker_in.sh pipework
[root@linux-node1 ~]# mv pipework/pipework /usr/bin/
[root@linux-node1 ~]# pipework br0 bs5 10.0.0.70/24@10.0.0.1
[root@linux-node1 ~]# docker exec -it bs5 sh
/ # ifconfig
eth1 Link encap:Ethernet HWaddr 5E:82:0E:61:0F:0F
inet addr:10.0.0.70 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:20 errors:0 dropped:0 overruns:0 frame:0
TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1538 (1.5 KiB) TX bytes:42 (42.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ # ping www.baidu.com
PING www.baidu.com (183.232.231.172): 56 data bytes
64 bytes from 183.232.231.172: seq=0 ttl=128 time=44.987 ms
64 bytes from 183.232.231.172: seq=1 ttl=128 time=53.264 ms
^C
--- www.baidu.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 44.987/49.125/53.264 ms
/ # ping 10.0.0.80
PING 10.0.0.80 (10.0.0.80): 56 data bytes
64 bytes from 10.0.0.80: seq=0 ttl=64 time=0.079 ms
64 bytes from 10.0.0.80: seq=1 ttl=64 time=0.085 ms
^C
--- 10.0.0.80 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.079/0.082/0.085 ms
/ # ping 192.168.0.102
PING 192.168.0.102 (192.168.0.102): 56 data bytes
64 bytes from 192.168.0.102: seq=0 ttl=128 time=2.746 ms
64 bytes from 192.168.0.102: seq=1 ttl=128 time=0.595 ms
^C
说明:以上为临时配置,重启后失效。
[root@linux-node1 ~]# docker restart bs5
bs5
[root@linux-node1 ~]#
[root@linux-node1 ~]# docker exec -it bs5 sh
/ # ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
浙公网安备 33010602011771号