docker weave安装

Installing Weave Net

Ensure you are running Linux (kernel 3.8 or later) and have Docker (version 1.10.0 or later) installed.

Install Weave Net by running the following:

sudo curl -L git.io/weave -o /usr/local/bin/weave
sudo chmod a+x /usr/local/bin/weave

If you are on OSX and you are using Docker Machine ensure that a VM is running and configured before downloading Weave Net. To set up a VM see the Docker Machine documentation or refer to “Part 1: Launching Weave Net with Docker Machine”.

After your VM is setup with Docker Machine, Weave Net can be launched directly from the OSX host. Weave Net respects the environment variable DOCKER_HOST, so that you can run and control a Weave Network locally on a remote host. See Using The Weave Docker API Proxy.

With Weave Net downloaded onto your VMs or hosts, you are ready to launch a Weave network and deploy apps onto it. See Launching Weave Net.

Quick Start Screencast

 

Checkpoint

Weave Net periodically contacts Weaveworks servers for available versions. New versions are announced in the log and in the status summary.

The information sent in this check is:

  • Host UUID hash
  • Kernel version
  • Docker version
  • Weave Net version
  • Network mode, e.g. ‘awsvpc’

To disable this check, run the following before launching Weave Net:

export CHECKPOINT_DISABLE=1

Guides for Specific Platforms

Amazon ECS users see here for the latest Weave AMIs.

If you’re on Amazon EC2, the standard installation instructions at the top of this page, provide the simplest setup and the most flexibility. A special no-overlay mode for EC2 can optionally be enabled, which allows containers to communicate at the full speed of the underlying network.

To make encryption in fast datapath work on Google Cloud Platform, see here.

See Also

 

 


  • Launching Weave Net

    Weave Net provides a simple to deploy networking solution for containerized apps. Here, we describe how to manage a Weave container network using a sample application which consists of two simple netcat services deployed to containers on two separate hosts.

    This section contains the following topics:

    Launching Weave Net

    Before launching Weave Net and deploying your apps, ensure that Docker is installed on both hosts.

    On $HOST1 run:

    host1$ weave launch
host1$ eval $(weave env)
host1$ docker run --name a1 -ti weaveworks/ubuntu

    Where,

    • The first line runs Weave Net.
    • The second line configures the Weave Net environment, so that containers launched via the Docker command line are automatically attached to the Weave network, and,
    • The third line runs the application container using a Docker command.

    Note If the first command results in an error like

    Cannot connect to the Docker daemon. Is the docker daemon running on this host?

    or

    http:///var/run/docker.sock/v1.19/containers/create: dial unix/var/run/docker.sock: permission denied. Are you trying to connect to a TLS-enabled daemon without TLS?

    then you likely need to be ‘root’ in order to connect to the Docker daemon. If so, run the above and all subsequent commands in a single root shell:

    host1$ sudo -s
host1# weave launch
host1# eval $(weave env)
host1# docker run --name a1 -ti weaveworks/ubuntu

    Do not prefix individual commands with sudo, since some commands modify environment entries and hence they all need to be executed from the same shell.

    Weave Net must be launched once per host. The relevant container images will be pulled down from Docker Hub on demand during weave launch.

    You can also preload the images by running weave setup. Preloaded images are useful for automated deployments, and ensure there are no delays during later operations.

    If you are deploying an application that consists of more than one container to the same host, launch them one after another using docker run, as appropriate.

    Creating Peer Connections Between Hosts

    To launch Weave Net on an additional host and create a peer connection, run the following:

    host2$ weave launch $HOST1
host2$ eval $(weave env)
host2$ docker run --name a2 -ti weaveworks/ubuntu

    As noted above, the same steps are repeated for $HOST2. The only difference, besides the application container’s name, is that $HOST2 is told to peer with Weave Net on $HOST1 during launch.

    You can also peer with other hosts by specifying the IP address, and a :port by which $HOST2 can reach $HOST1.

    Note: If there is a firewall between $HOST1 and $HOST2, you must permit traffic to flow through TCP 6783 and UDP 6783/6784, which are Weave’s control and data ports.

    There are a number of different ways that you can specify peers on a Weave network. You can launch Weave Net on $HOST1 and then peer with $HOST2, or you can launch on $HOST2 and peer with $HOST1 or you can tell both hosts about each other at launch. The order in which peers are specified is not important. Weave Net automatically (re)connects to peers when they become available.

    Specifying Multiple Peers at Launch

    To specify multiple peers, supply a list of addresses to which you want to connect, all separated by spaces.

    For example:

    host2$ weave launch <ip address> <ip address>

    Peers can also be dynamically added. See Adding Hosts Dynamically for more information.

    Restricting Access

    By default Weave Net listens on all host IPs (i.e. 0.0.0.0). This can be altered with the --host parameter to weave launch, for example, to ensure that Weave Net only listens on IPs on an internal network.

    Standard firewall rules can be deployed to restrict access to the Weave Net control and data ports.

    For communication across untrusted networks, connections can be encrypted.

    Testing Container Communications

    With two containers running on separate hosts, test that both containers are able to find and communicate with one another using ping.

    From the container started on $HOST1

    root@a1:/# ping -c 1 -q a2
PING a2.weave.local (10.40.0.2) 56(84) bytes of data.
--- a2.weave.local ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.341/0.341/0.341/0.000 ms

    Similarly, in the container started on $HOST2

    root@a2:/# ping -c 1 -q a1
PING a1.weave.local (10.32.0.2) 56(84) bytes of data.
--- a1.weave.local ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.366/0.366/0.366/0.000 ms

    Starting the Netcat Service

    The netcat service can be started using the following commands:

    root@a1:/# nc -lk -p 4422

    and then connected to from the another container on $HOST2 using:

    root@a2:/# echo 'Hello, world.' | nc a1 4422

    Weave Net supports any protocol, and it doesn’t have to be over TCP/IP. For example, a netcat UDP service can also be run by using the following:

    root@a1:/# nc -lu -p 5533
root@a2:/# echo 'Hello, world.' | nc -u a1 5533

    • Using Weave with Systemd

      Having installed Weave Net as per Installing Weave, you might find it convenient to configure the init daemon to start Weave on boot. Most recent Linux distribution releases ship with systemd. The information below provides you with some initial guidance on getting a Weave Net service configured on a systemd-based OS.

      Weave Net Service Unit and Configuration

      A regular service unit definition for Weave Net is shown below. This file is normally placed in /etc/systemd/system/weave.service.

      [Unit]
Description=Weave Network
Documentation=http://docs.weave.works/weave/latest_release/
Requires=docker.service
After=docker.service
[Service]
EnvironmentFile=-/etc/sysconfig/weave
ExecStartPre=/usr/local/bin/weave launch --no-restart $PEERS
ExecStart=/usr/bin/docker attach weave
ExecStop=/usr/local/bin/weave stop
[Install]
WantedBy=multi-user.target

      To specify the addresses or names of other Weave hosts to join the network, create the /etc/sysconfig/weave environment file using the following format:

      PEERS="HOST1 HOST2 .. HOSTn"

      You can also use the weave connect command to add participating hosts dynamically.

      Additionally, if you want to enable encryption specify a password using WEAVE_PASSWORD="wfvAwt7sj" in the /etc/sysconfig/weave environment file, and it will get picked up by Weave Net on launch. Recommendations for choosing a suitably strong password can be found here.

      You can now launch Weave Net using

      sudo systemctl start weave

      To ensure Weave Net launches after reboot, run:

      sudo systemctl enable weave

      For more information on systemd, please refer to the documentation supplied with your distribution of Linux.

      SELinux Tweaks

      If your OS has SELinux enabled and you want to run Weave Net as a systemd unit, then follow the instructions below. These instructions apply to CentOS and RHEL as of 7.0. On Fedora 21, there is no need to do this.

      Once weave is installed in /usr/local/bin, set its execution context with the commands shown below. You will need to have the policycoreutils-python package installed.

      sudo semanage fcontext -a -t unconfined_exec_t -f f /usr/local/bin/weave
sudo restorecon /usr/local/bin/weave

      See Also

posted on 2023-08-31 22:00  武定路  阅读(36)  评论(0编辑  收藏  举报
Powered by:
博客园
Copyright © 2024 武定路
Powered by .NET 8.0 on Kubernetes