ip转发的方式实现机器的容器互联互通
网络架构
image
容器的网段
默认主机分配的都是172.17.0.1/16网段的IP地址,可以修改/usr/lib/systemd/system/docker.service配置文件,自定义网络
配置192.168.159.164服务器
添加–bip=172.16.0.1/16到ExecStart所在的行中
ExecStart=/usr/bin/dockerd -H unix:///var/run/docker.sock -H tcp://0.0.0.0:2375 --bip=172.16.0.1/16
重启docker
[root@docker02 ~]# systemctl daemon-reload
[root@docker02 ~]# systemctl restart docker
启用ip转发
[root@docker02 ~]# vi /etc/sysctl.conf
[root@docker02 ~]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
运行一个mysql的docker容器
[root@docker02 ~]# docker run -dit workpress/mysql:1.0 /bin/bash
8e0b23b12c08fd78dc48e465ac8df542c9bbbb060fdb9d3bf08628d6994b1625
[root@docker02 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8e0b23b12c08 workpress/mysql:1.0 "/bin/bash" About a minute ago Up About a minute 3306/tcp musing_almeida
[root@docker02 ~]# docker exec -it 8e0b23b12c08 /bin/bash
[root@8e0b23b12c08 /]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
8: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:10:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.16.0.2/16 scope global eth0
valid_lft forever preferred_lft forever
配置192.168.159.159
启动docker
[root@docker01 ~]# docker run -dit workpress/mysql:1.0 /bin/bash
531b067ba5e974028943afd3135fe933a27390478c1bc50b3c36f1275eee2512
[root@docker01 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
531b067ba5e9 workpress/mysql:1.0 "/bin/bash" About a minute ago Up About a minute 3306/tcp confident_mahavira
[root@docker01 ~]# docker exec -it 531b067ba5e9 /bin/bash
[root@531b067ba5e9 /]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
8: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 scope global eth0
valid_lft forever preferred_lft forever
测试是否连通192.168.159.164上面的docker
[root@531b067ba5e9 /]# ping 172.16.0.2
PING 172.16.0.2 (172.16.0.2) 56(84) bytes of data.
^C
--- 172.16.0.2 ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 6144ms
默认情况下两台机器的容器是没法连通的
启用ip转发
[root@docker01 ~]# vi /etc/sysctl.conf
[root@docker01 ~]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
[root@docker01 ~]# route add -net 172.16.0.0/16 gw 192.168.159.164
重启登录测试
[root@docker01 ~]# docker exec -it 531b067ba5e9 /bin/bash
[root@531b067ba5e9 /]# ping 172.16.0.2
PING 172.16.0.2 (172.16.0.2) 56(84) bytes of data.
64 bytes from 172.16.0.2: icmp_seq=1 ttl=62 time=1.42 ms
64 bytes from 172.16.0.2: icmp_seq=2 ttl=62 time=0.740 ms
64 bytes from 172.16.0.2: icmp_seq=3 ttl=62 time=1.44 ms
^C
--- 172.16.0.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2195ms
rtt min/avg/max/mdev = 0.740/1.204/1.444/0.328 ms
可以发现,192.168.159.159上面的容器可以ping通192.168.159.164上面的容器了
再次配置192.168.159.164
[root@docker02 ~]# route add -net 172.17.0.0/16 gw 192.168.159.159
[root@docker02 ~]# docker exec -it 8e0b23b12c08 /bin/bash
[root@8e0b23b12c08 /]# ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=62 time=2.23 ms
64 bytes from 172.17.0.2: icmp_seq=2 ttl=62 time=0.746 ms
^C
--- 172.17.0.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1487ms
rtt min/avg/max/mdev = 0.746/1.489/2.233/0.744 ms
测试发现,192.168.159.164上面的容器可以ping通192.168.159.159上面的容器了
