docker之bridge网络模式,数据卷的管理
容器的四种网络模式:
bridge 桥接模式、host 模式、container 模式和 none 模式
启动容器时可以使用 --net 参数指定,默认是桥接模式。
1.bridge模式
[[email protected] ~]# docker network create --driver bridge my_net1 # 创建自定义网络模式,--driver表示指定网络模式
13bdd8ce1a352b3e9337927be79566edd975bd44a77d6adb14823b56292ebcc9
[[email protected] ~]# docker network ls # 查看是否添加成功
[[email protected] ~]# ip addr show # 我们查看ip的时候发现自动分配了网络空间
[[email protected] ~]# docker inspect my_net1 # 查看详细信息
[[email protected] ~]# docker network create --driver bridge --subnet 172.21.0.1/24 --gateway 172.21.0.1 my_net2
[[email protected] ~]# docker network inspect my_net2
[[email protected] ~]# ip addr show
2.容器间互联(解决容器间通信问题)
[[email protected] ~]# cd /var/www/html/images
[[email protected] images]# docker load -i ubuntu.tar
[[email protected] images]# docker run -it --name vm1 --net my_net1 ubuntu
[email protected]:/# ip addr
[email protected]:/# ping 172.19.0.1 # 同一个容器之间可以ping通
[email protected]:/# ping 172.21.0.10 # 但是不同容器的不同网桥之间不能通信
# 重新打开一个shell,开启另外一个容器
[[email protected] ~]# docker run -it --name vm2 --net my_net2 --ip 172.21.0.10 ubuntu
[email protected]:/# ip addr
[email protected]:/# ping 172.21.0.1
[email protected]:/# ping 172.19.0.2
[[email protected] ~]# docker network connect my_net1 vm2 # 为vm2添加一块my_net1的网卡
# 回到vm2上,查看ip,多了一个vm1容器的接口
[email protected]:/# ip addr
[email protected]:/# ping 172.19.0.2 # 再次通信,就可以成功通信
[email protected]:/# ping vm1 # 域名也可以实现通信
3.外网如何访问容器
外网访问容器用到了docker-proxy和iptables DNAT
宿主机访问本机容器使用的是iptables DNAT
外部主机访问容器或容器之间的访问是docker-proxy实现
[[email protected] ~]# docker rm -f vm1
vm1
[[email protected] ~]# docker rm -f vm2
vm2
[[email protected] ~]# systemctl stop httpd # 因为httpd用的端口和nginx冲突,先关闭httpd服务
[[email protected] ~]# docker run -d --name vm1 -p 80:80 nginx
17e5687c4a98581d8b5c869c99379a2ab1a26fd2ec6aa7119d1730c4837b35a3
# 访问测试
4.容器间隔离
打开两台主机进行远程访问
[[email protected] ~]# systemctl start docker
[[email protected] ~]# ip link set eth0 promisc on # 打开网卡混杂模式
[[email protected] ~]# ip addr show
[[email protected] ~]# docker network create -d macvlan --subnet 172.25.78.0/24 --gateway 172.25.78.1 -o eth0 mac_net1 # 创建macvlan网络
c5ce28127e3d44e77de160eea1902babca5fcb5721acd5c3a546d17561f5372f
[[email protected] ~]# docker network ls
[[email protected] ~]# ls
ubuntu.tar
[[email protected] ~]# docker load -i ubuntu.tar
[[email protected] ~]# docker run -it --name vm1 --net mac_net1 --ip 172.25.78.10 ubuntu
[email protected]:/# ip addr
[[email protected] ~]# systemctl start docker
[[email protected] ~]# ip link set eth0 promisc on
[[email protected] ~]# docker network create -d macvlan --subnet 172.25.78.0/24 --gateway 172.25.78.1 -o parent=eth0 mac_net1
20313aa15185b47f19a77c585ee8355f8d61ddf90710e223bab07f9c3c6d8e4c
[[email protected] ~]# docker network ls
[[email protected] ~]# docker load -i ubuntu.tar
[[email protected] ~]# docker run -it --name vm1 --net mac_net1 --ip 172.25.78.11 ubuntu
[email protected]:/# ip addr
[email protected]:/# ping 172.25.78.10
# 在两台docker主机上各添加eth1网卡
[[email protected] ~]# ip link set eth1 promisc on
[[email protected] ~]# ip addr show eth1
[[email protected] ~]# docker network create -d macvlan --subnet 172.25.79.0/24 --gateway 172.25.79.1 -o parent=eth1 mac_net2
8e1faed2a14e9b958ecd818a2f975bc70320bee5c21cf61841c9f4e1fab113bc
[[email protected] ~]# docker run -it --name vm2 --net mac_net2 --ip 172.25.79.10 ubuntu
[email protected]:/# ip addr
[[email protected] ~]# ip link set eth1 promisc on
[[email protected] ~]# ip addr show eth1
[[email protected] ~]# docker network create -d macvlan --subnet 172.25.79.0/24 --gateway 172.25.79.1 -o parent=eth1 mac_net2
1eb5e971e08be3f585a808fdece98a9d687351c96eeb6a3c41e02e2aa9e6f22d
[[email protected] ~]# docker run -it --name vm2 --net mac_net2 --ip 172.25.79.11 ubuntu
[email protected]:/# ping 172.25.78.10 # 不能和eth0上的网卡进行通信
[email protected]:/# ping 172.25.78.11 # 也不能和本机的eth0接口进行通信
# macvlan网络在二层上是隔离的,所以不同macvlan网络的容器是不能通信的,可以在三层上通过网关将macvlan网络连通起来。
[email protected]:/# [[email protected] ~]# # 用ctrl+p+q退出来
[[email protected] ~]# docker network create -d macvlan --subnet 172.25.80.0/24 --gateway 172.25.80.1 -o parent=eth1.1 mac_net3
627f49f2e98b1d01584051aafd5ee9fa53623dd99e12c880e7d129aef5888277
[[email protected] ~]# docker run -it --name vm3 --net mac_net3 --ip 172.25.80.10 ubuntu
[email protected]:/#
[email protected]:/# [[email protected] ~]# # 用ctrl+p+q退出来
[[email protected] ~]# docker network create -d macvlan --subnet 172.25.80.0/24 --gateway 172.25.80.1 -o parent=eth1.1 mac_net3
8bf8fa396fa717697b93d59ee23e113617c96989b43432aaafbca75242ab3d8d
[[email protected] ~]# docker run -it --name vm3 --net mac_net3 --ip 172.25.80.11 ubuntu
[email protected]:/# ping 172.25.80.10 # 成功通信
5.数据卷的管理
# 先实现共享功能
# 在base2上
[[email protected] ~]# docker rm -f vm1
vm1
[[email protected] ~]# docker rm -f vm2
vm2
[[email protected] ~]# docker rm -f vm3
vm3
[[email protected] ~]# docker rm -f `docker ps -aq`
a6d5ce292b44
14426ab52fc1
aea9e390c112
eefc53ced73d
975686815e78
899e0b3ea751
df6738342252
a84b5581dc17
[[email protected] ~]# yum install -y nfs-utils
[[email protected] ~]# systemctl status rpcbind
[[email protected] ~]# vim /etc/exports
/mnt/nfs *(rw,no_root_squash)
[[email protected] ~]# systemctl start nfs
[[email protected] ~]# showmount -e 172.25.78.12
Export list for 172.25.78.12:
/mnt/nfs *
# 在base3上
[[email protected] ~]# docker rm -f vm1
vm1
[[email protected] ~]# docker rm -f vm2
vm2
[[email protected] ~]# docker rm -f vm3
vm3
[[email protected] ~]# docker rm -f `docker ps -aq`
5a6c5fb7dda7
cbbfe1e7420b
[[email protected] ~]# mkdir /mnt/nfs
[[email protected] ~]# mount 172.25.78.12:/mnt/nfs /mnt/nfs
[[email protected] ~]# df
[[email protected] ~]# cd /mnt/nfs/
[[email protected] nfs]# ls
[[email protected] nfs]# touch file
[[email protected] nfs]# ll
total 0
-rw-r--r-- 1 root root 0 Mar 17 15:55 file
# 在服务端可以查看到建立的文件
[[email protected] ~]# ls /mnt/nfs/
file
# 实现用docker共享数据卷
# 在base2上
[[email protected] ~]# tar zxf convoy.tar.gz
[[email protected] ~]# cd convoy/
[[email protected] convoy]# ls
convoy convoy-pdata_tools SHA1SUMS
[[email protected] convoy]# cp convoy* /usr/local/bin/
[[email protected] convoy]# cd /usr/local/bin/
[[email protected] bin]# ls
convoy convoy-pdata_tools
[[email protected] bin]# cd /etc/docker/
[[email protected] docker]# mkdir plugins
[[email protected] docker]# convoy daemon --drivers vfs --driver-opts vfs.path=/mnt/nfs &> /dev/null &
[1] 17930
[[email protected] docker]# cd /mnt/nfs/
[[email protected] nfs]# ls
config file
[[email protected] nfs]# rm -fr file
[[email protected] nfs]# cd /etc/docker/plugins/
[[email protected] plugins]# echo "unix:///var/run/convoy/convoy.sock" > /etc/docker/plugins/convoy.spec
[[email protected] plugins]# cat convoy.spec
unix:///var/run/convoy/convoy.sock
# 在base3上
[[email protected] ~]# tar zxf convoy.tar.gz
[[email protected] ~]# cd convoy
[[email protected] convoy]# cp convoy* /usr/local/bin/
[[email protected] convoy]# mkdir /etc/docker/plugins
[[email protected] convoy]# convoy daemon --drivers vfs --driver-opts vfs.path=/mnt/nfs &> /dev/null &
[1] 5780
[[email protected] convoy]# echo "unix:///var/run/convoy/convoy.sock" > /etc/docker/plugins/convoy.spec
[[email protected] convoy]# cd /etc/docker/plugins/
[[email protected] plugins]# ls
convoy.spec
[[email protected] plugins]# cat convoy.spec
unix:///var/run/convoy/convoy.sock
[[email protected] plugins]# ll /var/run/convoy/convoy.sock
srwxr-xr-x 1 root root 0 Mar 17 16:08 /var/run/convoy/convoy.sock
# 在base2上
[[email protected] plugins]# cd
[[email protected] ~]# convoy list
{}
[[email protected] ~]# convoy create vol1
vol1
[[email protected] ~]# convoy list
[[email protected] plugins]# cd /mnt/nfs/
[[email protected] nfs]# ls
config vol1
[[email protected] nfs]# docker run -it --name vm1 -v vol1:/data ubuntu
[email protected]:/# cd data/
[email protected]:/data# touch file{1..5}
[email protected]:/data# ls
file1 file2 file3 file4 file5
[[email protected] ~]# convoy list
[[email protected] ~]# cd /mnt/nfs/vol1/
[[email protected] vol1]# ls
file1 file2 file3 file4 file5
[[email protected] vol1]# docker run -it --name vm1 -v vol1:/data ubuntu
[email protected]:/# cd data/
[email protected]:/data# ls
file1 file2 file3 file4 file5
# 清理环境
[email protected]:/data# rm -fr *
[email protected]:/data# ls
[email protected]:/data# exit
exit
[[email protected] vol1]# cd
[[email protected] ~]# docker rm vm1
vm1
[[email protected] ~]# convoy delete vol1
[[email protected] ~]# convoy list
{}