用Pipework給Docker多容器配置局域網網絡
遇到問題:用pipework工具給Docker容器指定局域網IP地址,容器無法與局域網、外網通信。
pipework是由Docker的工程師Jérôme Petazzoni開發的一個Docker網絡配置工具。Docker自身的網絡功能比較簡單,不能滿足很多複雜的應用場景。因此,有很多開源項目用來改善Docker的網絡功能,如pipework、weave、flannel等。
這裏記錄了,筆者在參考兩本書的過程中, 使用pipework配置Docker多容器時遇到問題,以及最後的解決辦法。
操作流程:
1). 從github上下載pipework:
$ git clone https://github.com/jpetazzo/pipework
2). 開啓一個無網絡模式指定(–net=none)的容器
$ sudo docker run -it --rm --net=none --name cookbook ubuntu:14.04 bash
root@15afb0c398c5:/# ip -d link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 promiscuity 0
root@15afb0c398c5:/# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)3). 在另外一個終端窗口使用pipework完成cookbook容器配置
$ sudo pipework/pipework br0 cookbook 192.168.1.10/[email protected]
[sudo] password for mingchen:
[mingchen:~]
$ ip -d link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 promiscuity 0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 64:51:06:5b:c1:7d brd ff:ff:ff:ff:ff:ff promiscuity 0
3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default
link/ether 6e:25:8c:28:2e:c2 brd ff:ff:ff:ff:ff:ff promiscuity 1
openvswitch
4: ovs0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default
link/ether 52:c1:11:73:4b:49 brd ff:ff:ff:ff:ff:ff promiscuity 1
openvswitch
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:ee:2d:8f:51 brd ff:ff:ff:ff:ff:ff promiscuity 0
bridge
6: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 7e:09:d4:4a:a7:da brd ff:ff:ff:ff:ff:ff promiscuity 0
bridge
8: veth1pl5035@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP mode DEFAULT group default qlen 1000
link/ether 7e:09:d4:4a:a7:da brd ff:ff:ff:ff:ff:ff promiscuity 1 4).在容器終端窗口,檢查接口eth1,及路由規則
root@15afb0c398c5:/# ip -d link show eth1
7: eth1@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 32:42:00:17:9d:d7 brd ff:ff:ff:ff:ff:ff promiscuity 0
veth
root@15afb0c398c5:/# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.1.254 0.0.0.0 UG 0 0 0 eth1
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
root@15afb0c398c5:/# ifconfig
eth1 Link encap:Ethernet HWaddr 32:42:00:17:9d:d7
inet addr:192.168.1.10 Bcast:0.0.0.0 Mask:255.255.255.0
inet6 addr: fe80::3042:ff:fe17:9dd7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:49 errors:0 dropped:0 overruns:0 frame:0
TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7980 (7.9 KB) TX bytes:690 (690.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
5)列舉在主機上的network links
$ ip -d link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 promiscuity 0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 64:51:06:5b:c1:7d brd ff:ff:ff:ff:ff:ff promiscuity 0
3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default
link/ether 6e:25:8c:28:2e:c2 brd ff:ff:ff:ff:ff:ff promiscuity 1
openvswitch
4: ovs0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default
link/ether 52:c1:11:73:4b:49 brd ff:ff:ff:ff:ff:ff promiscuity 1
openvswitch
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:ee:2d:8f:51 brd ff:ff:ff:ff:ff:ff promiscuity 0
bridge
6: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 7e:09:d4:4a:a7:da brd ff:ff:ff:ff:ff:ff promiscuity 0
bridge
8: veth1pl5035@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP mode DEFAULT group default qlen 1000
link/ether 7e:09:d4:4a:a7:da brd ff:ff:ff:ff:ff:ff promiscuity 1
veth
6)在主機上添加 NAT masquerading 規則:
[mingchen:~]
$ sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -j MASQUERADE
7)在容器內ping外網和局域網均不通
root@15afb0c398c5:/# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 192.168.1.10 icmp_seq=1 Destination Host Unreachable
From 192.168.1.10 icmp_seq=2 Destination Host Unreachable
From 192.168.1.10 icmp_seq=3 Destination Host Unreachable
^Z
[1]+ Stopped ping 8.8.8.8
root@15afb0c398c5:/# ping 192.168.1.100
PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.
From 192.168.1.10 icmp_seq=1 Destination Host Unreachable
From 192.168.1.10 icmp_seq=2 Destination Host Unreachable
From 192.168.1.10 icmp_seq=3 Destination Host Unreachable
問題原因:
忘記把網橋br0配置ip/mask了,也就是配置容器ip和route的網絡信息中的route。如不配置,那麼容器內部是不能通過br0網橋通信的。另外docker 1.9 以後就支持 overlay網絡了。直接用http://www.jianshu.com/p/3eb7448adea0 , 就可跨主機通信。
解決方式:
需要解決:網絡不通問題。
$ sysctl –w net.ipv4.ip_forward=1
$ sudo docker run -it --rm --net=none --name cookbook ubuntu:14.04 bash
$ sudo pipework/pipework br0 cookbook 192.168.1.10/24@192.168.1.1
$ sudo apt-get install bridge-utils
$ sudo brctl addif br0 eth0
$ ip addr add 192.168.1.1/24 dev br0