Shulou(Shulou.com)06/03 Report--

What is covered in this section:

Lab environment: a snapshot of a virtual machine where docker was previously installed:

Four Network modes of Docker

1. Docker has the following four network modes:

Host mode, specified using-- net=host.

Container mode, specified using-- net=container:NAME_or_ID.

None mode, specified using-- net=none.

Bridge mode, specified with-- net=bridge, the default setting.

If bridge is selected by default, the container will obtain an address through DHCP after startup, which may not be what we want. On centos7 systems, you can use pipework script to assign a fixed IP to the container in docker environment (this IP can be the same IP address range as the physical machine).

Note: docker defaults to bridge (--net=bridge) mode, which is equivalent to NAT mode in VMware.

In the docker environment, you can use the pipework script to assign a fixed IP to the container, which is equivalent to the bridging mode in VMware.

Note: there is a defect in Pipework. The IP setting will disappear automatically after the container is restarted and needs to be reset.

Configure the bridged network:

The purpose of bridging the local physical network is to facilitate users in the local area network to access the services in the docker instance without the need for various port mappings to access the services. But doing so violates the principle of safe isolation of docker containers and the dialectical choice in the work.

Create a bridge device:

Install the package:

[root@xuegod63] # rpm-ivh / mnt/Packages/bridge-utils-1.5-9.el7.x86_64.rpm

Tie the ens33 to the br0 bridge device:

[root@xuegod63 ~] # cd / etc/sysconfig/network-scripts/

[root@xuegod63 network-scripts] # cp ifcfg-ens33 / opt/ # backup eth0

[root@xuegod63 network-scripts] # vim ifcfg-ens33# edit configuration file is the following

[root@xuegod63 network-scripts] # vim ifcfg-ens33

TYPE= "Ethernet"

BOOTPROTO= "none"

DEFROUTE= "yes"

IPV4_FAILURE_FATAL= "no"

IPV6INIT= "yes"

IPV6_AUTOCONF= "yes"

IPV6_DEFROUTE= "yes"

IPV6_FAILURE_FATAL= "no"

NAME= "ens33"

UUID= "7a556ff6-f865-4549-b08f-9e526c9bb638"

DEVICE= "ens33"

ONBOOT= "yes"

IPADDR= "192.168.1.63" # remove these IP addresses

PREFIX= "24"

GATEWAY= "192.168.1.1"

DNS1= "8.8.8.8"

IPV6_PEERDNS= "yes"

IPV6_PEERROUTES= "yes"

IPV6_PRIVACY= "no"

BRIDGE= "br0" # insert this line at the end of the file

Generate a configuration file for the bridge device br0:

[root@xuegod63 network-scripts] # vim ifcfg-br0 # create an ifcfg-br0 file and write the following

DEVICE= "br0"

NM_CONTROLLED= "yes"

ONBOOT= "yes"

TYPE= "Bridge"

BOOTPROTO=none

IPADDR=192.168.1.63

NETMASK=255.255.255.0

GATEWAY=192.168.1.1

DNS1=114.114.114.114

Note: TYPE= "Bridge" B should be capitalized. It's okay not to write.

[root@xuegod63 network-scripts] # service network restart

Restarting network (via systemctl): [OK]

Test br0:

Root@xuegod63 network-scripts] # ifconfig

[root@xuegod63 network-scripts] # ping g.cn

PING g.cn (203.208.37.20) 56 (84) bytes of data.

64 bytes from 203.208.37.20: icmp_seq=1 ttl=57 time=12.3 ms

Download the pipework package

Method 1: download the pipework zip package directly

Https://github.com/jpetazzo/pipework

Upload pipework-master.zip to Linux

Extend:

Method 2: use git to obtain:

Git download link: https://github.com/jpetazzo/pipework

Download the pipework tool: https://github.com/jpetazzo/pipework.git

[root@xuegod63 ~] # rpm-qf `which Git`

Git-1.8.3.1-5.el7.x86_64

[root@xuegod63 ~] # cd / opt/

[root@xuegod63 opt] # git clone https://github.com/jpetazzo/pipework.git

Let's use method 1:

Upload pipework-master.zip to xuegod63:

[root@xuegod63 ~] # unzip pipework-master.zip # does not need to be compiled because pipework is a shell script

View:

[root@xuegod63 ~] # vim. / pipework-master/pipework

[root@xuegod63 ~] # cp / root/pipework-master/pipework / usr/local/bin/ # facilitates later use of pipework commands

Pipework has been successfully installed at this point.

Start docker:

[root@xuegod63 ~] # systemctl start docker

Upload the centos-lastest-docker-image.tar image to Linux and import it to docker platform

[root@xuegod63] # docker load-I centos-lastest-docker-image.tar

Start an instance of docker using static IP

Example: in none mode, use-- net=none to start a container and turn on docker privileged mode.

[root@xuegod63] # docker run-itd-- net=none-- privileged=true centos bash

E4698f625a56661edd2678269215ba42d4fa41c2da881768a741a72b4a3d0c60

Extend:

-- privileged=true # allows the privilege function to be enabled

Privileged ["pr" v "l" d "d]

After docker version 0.6, privileged was introduced into docker. With this parameter, the root within the container has real root permissions. Otherwise, the root within the container is just a normal user right of the external physical machine.

Using the container launched by privileged, you can see a lot of devices on host, and you can perform mount. It even allows you to start the docker container in the docker container. Root users in the container cannot execute mount without privileged enabled.

Extension: test privileged privilege function can be: 1

1. The container launched by privileged is not set:

[root@localhost ~] # docker run-it centos:latest bash

[root@65acccbba42f /] # ls / dev # can see fewer device files

Console fd full fuse kcore null ptmx pts random shm stderr stdin stdout tty urandom zero

[root@00931099722f /] # mount-o bind / etc / opt/

Mount: permission denied

On the physical machine, it can be mounted successfully:

[root@xuegod63] # mount-o bind / etc / opt/

[root@00931099722f /] # exit

2. Use the container launched by privileged

[root@xuegod63] # docker run-it-- privileged centos:latest bash

[root@4a51d0fde3ce /] # ls / dev/ # you can see many device files

[root@4a51d0fde3ce /] # mount-o bind / etc / opt/ # can be mounted successfully

[root@4a51d0fde3ce /] # mount / dev/sda1 / opt/ # can mount the sda1 partition on the physical machine

[root@4a51d0fde3ce /] # ls / opt/

[root@4a51d0fde3ce /] # init 0 # No, use exit to exit docker

Couldn't find an alternative telinit implementation to spawn.

[root@4a51d0fde3ce /] # exit

Knowledge of docker instances in privileged mode: 1 No: 2

Direct absorption: 80% of the technology! Take a piece of paper

The extension ends, and then the container is configured with an address

[root@xuegod63 ~] # docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

E4698f625a56 centos "bash" 30 seconds ago Up 27 seconds suspicious_colden

You can see the ID started by the container, such as e4698f625a56

Configure this container with an address

Pipework syntax: pipework bridge name container instance IP/ mask @ gateway assigned to the container by ID

[root@xuegod63 ~] # pipework br0 c88c4c7f01f9 192.168.1.71 Universe 24mm 192.168.1.1

Test IP:

[root@xuegod63 ~] # ping 192.168.1.71 # you can see that the IP of the docker instance is ready to use

PING 192.168.1.71 (192.168.1.71) 56 (84) bytes of data.

64 bytes from 192.168.1.71: icmp_seq=1 ttl=64 time=0.639 ms

[root@xuegod63 ~] # docker inspect container instance ID # View the details of the container

Enter the container and test the network:

[root@xuegod63 ~] # docker exec-it 87fadc0249a9 / bin/bash # enter the container

[root@6e38ee3f9672 /] # cat / etc/resolv.conf

# Generated by NetworkManager

Search xuegod63.cn

Nameserver 114.114.114.114

[root@e4698f625a56 /] # yum install-y net-tools # install ifconfig command

[root@e4698f625a56 /] # ifconfig

Eth2: flags=4163 mtu 1500

Inet 192.168.1.71 netmask 255.255.255.0 broadcast 192.168.1.255

[root@e4698f625a56 /] # route-n

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth2

192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2

At this point, the docker instance has successfully configured static IP.

Practice 1: run with a docker instance started with static IP, a web server

[root@1e1db6c6c17c ~] # yum install httpd-y # installation

[root@1e1db6c6c17c ~] # systemctl start httpd # cannot be started

[root@1e1db6c6c17c ~] # httpd # run the httpd command directly

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::a0be:f1ff:feeb:484. Set the 'ServerName' directive globally to suppress this message

[root@1e1db6c6c17c ~] # netstat-antup | grep 80 # found that 80 has been listening

[root@1e1db6c6c17c ~] # cd / var/ × × × w/html/ #

[root@1e1db6c6c17c ~] # echo aaaaa > index.html

Just view the results.

Summary:

1. Create a br0 bridging device

2. Download and install the pipework package

3. Install and run docker

4. Import centos docker image

5. Add a parameter to start a docker instance:-- net=none-- privileged=true

6. Use pipework to configure IP for docker instances

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.