Docker默认使用bridge模式, 通过网桥连接到宿主机, 而容器内部的IP则从网桥所在的IP段取未用的IP。 这样做不方便的地方在于容器内部的ip不是固定的, 想要连接容器时只能通过映射到宿主机的端口, 因而有很多项目使用overlay来为docker提供网络的配置, 比如Pipework、Flannel、Kubernetes、Weave、opencontrail等。docker的网络模式中只有--net=none才可以为docker分配固定ip。
1. 创建br0网卡绑定eth0网卡
[root@docker ~]# cd /etc/sysconfig/network-scripts/
[root@docker network-scripts]# vim ifcfg-eth0
DEVICE=eth0
HWADDR=00:0C:29:7E:AA:EDTYPE=EthernetUUID=77ea2b6a-a0fe-4300-98fc-fb62a64fed4eONBOOT=yesNM_CONTROLLED=yes#BOOTPROTO=static#IPADDR=192.168.15.15#NETMASK=255.255.255.0#GATEWAY=192.168.15.2#DNS1=114.114.114.114BRIDGE=br0 //绑定br0网卡[root@docker network-scripts]# cp ifcfg-eth0 ifcfg-br0 //复制一块br0网卡
[root@docker network-scripts]# vim ifcfg-br0
DEVICE=br0ONBOOT=yesNM_CONTROLLED=yesBOOTPROTO=staticIPADDR=192.168.15.15NETMASK=255.255.255.0GATEWAY=192.168.15.2DNS1=114.114.114.114MTU=1500TYPE=BridgeUSERCTL=no
[root@docker network-scripts]# /etc/init.d/network restart //重启网络服务
2. 创建容器
[root@docker network-scripts]# cd /usr/local/src/
[root@docker src]# yum -y install gcc gcc-c++ flex bison
[root@docker src]# wget https://www.kernel.org/pub/linux/utils/net/iproute2/iproute2-4.0.0.tar.gz
[root@docker src]# tar -zxvf iproute2-4.0.0.tar.gz
[root@docker src]# cd iproute2-4.0.0
[root@docker iproute2-4.0.0]# sed -i '/^TARGETS/s@arpd@@g' misc/Makefile
[root@docker iproute2-4.0.0]# ./configure
[root@docker iproute2-4.0.0]# make SBINDIR=/sbin/
[root@docker iproute2-4.0.00]# make SBINDIR=/sbin install
//创建容器脚本
[root@docker iproute2-4.0.0]# cd /root/docker
[root@docker docker]# vim docker_create.sh
#!/bin/sh#br0网桥brName='br0'vmName='docker-1'
#容器IP地址和网关fixed_ip='192.168.15.41/24'gateway='192.168.15.2'# start new containercid=$(docker run -d -i -h $vmName --name=$vmName --net=none -t jdeathe/centos-ssh)pid=$(docker inspect -f '``.`State`.`Pid`' $cid)##容器配置网络namespace,并设置固定ip:# set up netnsmkdir -p /var/run/netnsln -s /proc/$pid/ns/net /var/run/netns/$pid# set up bridgeip link add q$pid type veth peer name r$pidbrctl addif $brName q$pidip link set q$pid up# set up docker interfaceip link set r$pid netns $pidip netns exec $pid ip link set dev r$pid name eth0ip netns exec $pid ip link set eth0 upip netns exec $pid ip addr add $fixed_ip dev eth0ip netns exec $pid ip route add default via 192.168.15.2echo "container $vmName cid: $cid" >> /root/docker/container_cid.txtecho "Enter $vmName command: nsenter --target $pid --mount --uts --ipc --net --pid" >> /root/docker/enter_container_command.txt
[root@docker sbin]# chmod +x docker_create.sh
//运行创建容器脚本
[root@docker docker]# sh docker_create.sh
[root@docker docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES82a1dedff146 jdeathe/centos-ssh:latest "/usr/bin/supervisor 54 seconds ago Up 3 seconds docker-42//此时容器已经启动,连接容器命令如下
[root@docker docker]# PID=$(docker inspect --format "` `.`State`.`Pid `" 82a1dedff146)
[root@docker docker]# nsenter --target $PID --mount --uts --ipc --net --pid
[root@docker /]# ip a|grep eth0
12: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 inet 192.168.15.41/24 scope global eth0[root@docker /]# ping 90root.com
PING 90root.com (112.74.113.61) 56(84) bytes of data.64 bytes from 112.74.113.61: icmp_seq=1 ttl=128 time=45.9 ms3. 配置容器
//为容器eth0网卡配置静态IP地址(防止容器内部执行/etc/init.d/network restart后不分配IP地址从而断网)。接着上面的操作来
[root@docker /]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0BOOTPROTO=staticONBOOT=staticIPADDR=192.168.15.41NETMASK=255.255.255.0GATEWAY=192.168.15.2DNS1=114.114.114.114
//为容器设置root密码
[root@docker /]# passwd
Changing password for user root.
New password:
/usr/share/cracklib/pw_dict.pwd: No such file or directory
PWOpen: No such file or directory
解决办法如下:
[root@docker /]# vi /etc/ssh/sshd_config
PermitRootLogin yes //no改为yes
[root@docker /]# /etc/init.d/sshd restart
[root@docker /]# yum -y reinstall cracklib-dicts
从其它服务器登入容器服务器报错:
[root@docker .ssh]# ssh root@192.168.15.42
The authenticity of host '192.168.15.42 (192.168.15.42)' can't be established.RSA key fingerprint is 21:4c:52:ab:18:e2:d5:ef:56:e6:a6:e6:34:6d:b5:7d.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '192.168.15.42' (RSA) to the list of known hosts.Permission denied (publickey,gssapi-keyex,gssapi-with-mic).修改容器服务器
[root@docker ~]# vi /etc/ssh/sshd_config
PasswordAuthentication yes //no改为yes
PermitRootLogin yes //no改为yes
[root@docker ~]# /etc/init.d/sshd restart
4. 收尾工作
//当重启容器或服务器后,容器网卡会被删除, 此时需要重新建立网卡配置网络。
[root@docker ~]# cd /root/docker/start-docker
[root@docker start-docker]# vim start_docker-41.sh
#!/bin/sh#桥接网卡名称BrName=br0#启动容器#docker start f354aacd4052docker start docker-42
#docker ps查看cidcid=f354aacd4052pid=$(docker inspect -f '``.`State`.`Pid`' $cid)##容器配置网络namespace,并设置固定ip:# set up netnsmkdir -p /var/run/netnsln -s /proc/$pid/ns/net /var/run/netns/$pid# set up bridgeip link add q$pid type veth peer name r$pidbrctl addif $BrName q$pidip link set q$pid up# set up docker interfacefixed_ip='192.168.15.42/24'gateway='192.168.15.2'ip link set r$pid netns $pidip netns exec $pid ip link set dev r$pid name eth0ip netns exec $pid ip link set eth0 upip netns exec $pid ip addr add $fixed_ip dev eth0ip netns exec $pid ip route add default via 192.168.15.2echo "Enter $vmName command: nsenter --target $pid --mount --uts --ipc --net --pid" >> /root/docker/enter_container_command.txt
//将脚本加入到开机启动项
[root@docker docker]# cat /etc/rc.local
/bin/sh /root/docker/start-docker/start_docker-41.sh
重启物理机后, 进入docker容器IP地址仍然还在。
//脚本登录docker容器
[root@docker docker]# docker p_w_picpaths
[root@docker docker]# sh -vx enter-docker.sh docker-42
docker启动、创建容器、登录容器脚本见附件.