查看默认的几种网络驱动
[root@docker01 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
755f59e30dcd bridge bridge local
b45027b77aee composemultipleworkpress_default bridge local
cb66f459da67 composeworkpress_default bridge local
41d112090834 host host local
0bfa2196fd1c none null local
除此之外,还有contain的网络驱动,Docker的overlay插件驱动
桥接
默认使用的是桥接
[root@docker01 ~]# docker exec -it bridge /bin/bash
[root@441f3d9f9583 /]# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
查看那些容器使用了桥接模式
[root@docker01 ~]# docker network inspect none
[
{
"Name": "none",
"Id": "0bfa2196fd1cffacecd16ef1525a48a242525f7bf1cf601a2add611c14edddbf",
"Created": "2017-08-07T16:26:55.396665908Z",
"Scope": "local",
"Driver": "null",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": []
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"441f3d9f9583e65f4829710a61f04a015ba8ac1c28fc9e67fc61945940564f44": {
"Name": "bridge",
"EndpointID": "edfaab0b5fdd95fef87411e872cd409d9d952f62653f15088aba27359ee3b990",
"MacAddress": "",
"IPv4Address": "",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
Host的网络方式
Host方式与主机共用network命名空间,直接使用本地网卡,不用经过nat转换,包的转发效率就搞很多;但是这样,启动一个容器和本地端口就不能冲突了,而且也是存在安全隐患,也不推荐这样用。
使用host模式启动一个docker
[root@docker01 ~]# docker run -i -t --net=host workpress/mysql:1.0 /bin/bash
[root@docker01 /]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:11:2a:80 brd ff:ff:ff:ff:ff:ff
inet 192.168.159.159/24 brd 192.168.159.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe11:2a80/64 scope link
valid_lft forever preferred_lft forever
3: br-b45027b77aee: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:71:00:ee:66 brd ff:ff:ff:ff:ff:ff
inet 172.19.0.1/16 scope global br-b45027b77aee
valid_lft forever preferred_lft forever
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:9f:e8:65:22 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 scope global docker0
valid_lft forever preferred_lft forever
5: br-cb66f459da67: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:cc:2c:4b:75 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 scope global br-cb66f459da67
valid_lft forever preferred_lft forever
可以看到docker 容器内部的ip地址就是宿主机的ip地址
在容器内部启动mysql
[root@docker01 /]# service mysqld start
Initializing MySQL database: WARNING: The host 'docker01' could not be looked up with resolveip.
This probably means that your libc libraries are not 100 % compatible
with this binary MySQL version. The MySQL daemon, mysqld, should work
normally with the exception that host name resolving will not work.
This means that you should use IP addresses instead of hostnames
when specifying MySQL privileges !
Installing MySQL system tables...
OK
Filling help tables...
OK
To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h docker01 password 'new-password'
Alternatively you can run:
/usr/bin/mysql_secure_installation
which will also give you the option of removing the test
databases and anonymous user created by default. This is
strongly recommended for production servers.
See the manual for more instructions.
You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &
You can test the MySQL daemon with mysql-test-run.pl
cd /usr/mysql-test ; perl mysql-test-run.pl
Please report any problems with the /usr/bin/mysqlbug script!
[ OK ]
Starting mysqld: [ OK ]
通过观察mysql的启动日志,可以知道,需要设置用户的账号密码,执行一下安全相关的脚本
设置root用户密码
[root@docker01 /]# /usr/bin/mysqladmin -u root password 'new-password'
登录mysql
[root@docker01 /]# mysql -uroot -pnew-password
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 9
Server version: 5.1.73 Source distribution
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
退出docker容器
[root@docker01 /]# exit
容器和宿主机中可以看到mysql监听的端口
[root@docker01 /]# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN -
tcp 0 0 :::22 :::* LISTEN -
tcp 0 0 ::1:25 :::* LISTEN -
tcp 0 0 :::2375 :::* LISTEN -
[root@docker01 /]# exit
exit
[root@docker01 ~]# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 3917/mysqld
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1481/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2629/master
tcp6 0 0 :::22 :::* LISTEN 1481/sshd
tcp6 0 0 ::1:25 :::* LISTEN 2629/master
tcp6 0 0 :::2375 :::* LISTEN 2704/dockerd
- host模式的优点:提高了包的转发效率
- 缺点:要避免端口冲突
container复用方式
指定方法: –net=”container:name or id”,使得两个启动的容器都是使用相同的网络命名空间也就意味着,两个的IP,MAC地址是一样的。
[root@docker01 ~]# docker run -dit workpress/nginx:1.0 /bin/bash
805b53a77104403f3e8d2fc8156e8e784200836eeaad0d392248b0e50a1a045a
root@docker01 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
805b53a77104 workpress/nginx:1.0 "/bin/bash" 4 seconds ago Up 3 seconds 80/tcp suspicious_pare
[root@docker01 ~]# docker exec -it 805b53a77104 /bin/bash
[root@805b53a77104 /]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 scope global eth0
valid_lft forever preferred_lft forever
另外起一个会话
[root@docker01 ~]# docker exec -it 2d5fab44c292 /bin/bash
[root@805b53a77104 /]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 scope global eth0
valid_lft forever preferred_lft forever
可以看到,上面的两个docker实在同一个命名空间的,拥有相同额网络配置信息
查看相关桥接情况
[root@docker01 ~]# docker network inspect bridge
[
{
"Name": "bridge",
"Id": "755f59e30dcdc3f97352ee75976f01ee14fa463a7dc947de7cb443edf2515755",
"Created": "2017-10-03T13:16:58.799908274Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"805b53a77104403f3e8d2fc8156e8e784200836eeaad0d392248b0e50a1a045a": {
"Name": "suspicious_pare",
"EndpointID": "8be7038f680cb706ea736cda0eaf7c9d80e48573a46b80efb7e3b10c75bdef06",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
