Shulou(Shulou.com)06/01 Report--

Reference blog: http://www.apelearn.com/bbs/forum.php?mod=viewthread&tid=11589&highlight=docker

One or four network modes

1.host mode uses docker run-- net=host specifies that the network used by the docker is actually the same as the host. The network card ip seen in the container is the limitation of ip on the host. For example, if the container opens the host with 80 ports, it will cause conflicts.

[root@localhost] # docker run-it-- rm-- net=host centos_with_net_wget:daixuanlinux bash [root@localhost /] # ifconfigdocker0: flags=4163 mtu 1500 inet 172.17.42.1 netmask 255.255.0.0 broadcast 0.0.0.0 inet6 fe80::a091:9eff:fe00:8ef8 prefixlen 64 scopeid 0x20 ether 02:06:cb:61:4f:d6 txqueuelen 0 (Ethernet) RX packets 3341 bytes 213676 (208.6 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 7699 bytes 11252108 (10.7 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0eth0: flags=4163 mtu 1500 inet 112.65.140.132 netmask 255.255.255.248 broadcast 112.65.140.135

2.container mode uses-- net=container:container_id/container_name multiple containers use a common network to see the same ip as 510b828f4ca9's IP is 172.17.42.1

[root@localhost ~] # docker run-it-- rm-- net=container:510b828f4ca9 centos_with_net_wget:daixuanlinux bash [root@localhost /] # ifconfigdocker0: flags=4163 mtu 1500 inet 172.17.42.1 netmask 255.255.0.0 broadcast 0.0.0.0 inet6 fe80::a091:9eff:fe00:8ef8 prefixlen 64 scopeid 0x20 ether 00 00 txqueuelen 0 (Ethernet) RX packets 3341 bytes 213676 (208.6) KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 7699 bytes 11252108 (10.7 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0eth0: flags=4163 mtu 1500 inet 112.65.140.132 netmask 255.255.255.248 broadcast 112.65.140.135

3. None mode uses-- net=none specifies that no network will be configured in this mode

[root@localhost] # docker run-it-- rm-- net=none centos_with_net_wget:daixuanlinux bash [root@6db3a6e51687 /] # ifconfiglo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6:: 1 prefixlen 128 scopeid 0x10 loop txqueuelen 0 (Local Loopback) RX packets 0 bytes 0 (0.0B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@6db3a6e51687 /] # ping www.baidu.comping: unknown host www.baidu.com

4. The default mode of bridge mode is similar to vmware's nat mode. It is specified by-- net=bridge, but not by default mode. This is the network mode. This mode assigns a separate Network Namespace to each container. All containers on the same host can communicate with each other under the same network segment.

[root@localhost] # docker run-it-- rm centos_with_net_wget:daixuanlinux bash [root@663660abecbb /] # ifconfigeth0: flags=4163 mtu 1500 inet 172.17.0.28 netmask 255.255.0.0 broadcast 0.0.0.0 inet6 fe80::42:acff:fe11:1c prefixlen 64 scopeid 0x20 ether 02:42:ac:11:00:1c txqueuelen 0 (Ethernet) RX packets 3 bytes 238 (238.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4 bytes 328 (328.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6:: 1 prefixlen 128 scopeid 0x10 loop txqueuelen 0 (Local Loopback) RX packets 0 bytes 0 (0.0B) RX errors 0 dropped 0 overruns 0 frame 0 TX Packets 0 bytes 0 (0.0B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@663660abecbb /] # ping www.baidu.comPING www.a.shifen.com (14.215.177.37) 56 (84) bytes of data.64 bytes from 14.215.177.37: icmp_seq=1 ttl=52 time=29.6 Ms ^ C64 bytes from 14.215.177.37: icmp_seq=2 ttl=52 time=29.9 ms--- www.a.shifen.com ping statistics-2 packets transmitted 2 received, 0% packet loss, time 1001msrtt min/avg/max/mdev = 29.616 root@663660abecbb 29.792 ms 0.246 [root@663660abecbb /] # exitexit

Second docker bridge

Configure bridged Network centos7

In order to facilitate the communication between the machines in the local network and the Docker container, we often need to configure the Docker container to the same network segment as the host. In fact, this requirement can be easily realized. All we have to do is bridge the Docker container with the host Nic and add IP to the Docker container.

Install pipworkgit clone https://github.com/jpetazzo/pipework

Cp ~ / pipework/pipework / usr/local/bin/

Open a container docker run-itd-- net=none-- name aming123 centos / bin/bash

Pipework br0 aming123 172.7.15.201After the ip@ that is the container, the ip is the host ip

Brctl addif br0 eth0 # eth0 is the host network card. This step is to bridge br0 and eth0.

Ip addr add 172.7.15.107 ip addr add 24 br0 # binds the ip of 107 to br0

Docker exec-it aming123 / bin/bash # after entering the ifconfig, you can see the newly added ip.

Centos6:

Cd / etc/sysconfig/network-scripts/; cp ifcfg-eth0 ifcfg-br0

Vi ifcfg-eth0 / / add BRIDGE=br0 and delete IPADDR,NETMASK,GATEWAY,DNS1

Vi ifcfg-br0// changed DEVICE to br0,Type to Bridge, and set eth0's network settings here.

Service network restart

Install pipwork: git clone https://github.com/jpetazzo/pipework

Cp ~ / pipework/pipework / usr/local/bin/

Open a container: docker run-itd-- net=none-- name aming123 centos / bin/bash

Rpm-Uvh rpm-Uvh https://repos.fedorapeople.org/openstack/EOL/openstack-grizzly/epel-6/iproute-2.6.32-130.el6ost.netns.2.x86_64.rpm # is uneasy to report the wrong Object "netns" is unknown, try "ip help"

Pipework br0 aming123 172.7.15.201/24

Docker exec-it aming123 / bin/bash # after entering the ifconfig, you can see the newly added ip.

Bridge mode is the default network setting for Docker, which assigns Network Namespace to each container, sets IP, and so on, and connects the Docker container on a host to a virtual bridge. When Docker server starts, a virtual bridge named docker0 is created on the host, and the Docker container launched on this host is connected to the virtual bridge. A virtual bridge works like a physical switch so that all containers on the host are connected to a layer 2 network through the switch. Next, we need to assign IP to the container. From the private IP network segment defined by RFC1918, Docker will select a different IP address and subnet from the host to assign to docker0, and the container connected to docker0 will select an unoccupied IP from this subnet. For example, Docker will use the network segment 172.17.0.0plus 16 and assign 172.17.42.1ax 16 to the docker0 bridge (docker0 can be seen by using the ifconfig command on the host, which can be considered as the management interface of the bridge and used as a virtual network card on the host machine)

2.1 list the current host bridge

# brctl show

Or

# brctl show docker0

Brctl tools rely on bridge-utils packages

View current docker0 ip

# ifconfig docker0

Or

# ip addr show docker0

Customize the segment of the docker0 bridge

By default, docker0 assigns the network segment 172.1.42 or 192.168.42.

We can also manually change this segment to 192.168.10.

Pay attention to the order:

# / etc/init.d/docker stop # stop the docker service

# ip link set dev docker0 down # stop the bridge docker0

# ip addr add 192.168.10.1 dev docker0 24 dev docker0 # add an address to the docker0

# ip addr del 192.168.42.1 Plus 24 dev docker0 # Delete the original address of docker0

# ip link set dev docker0 up # start the bridge docker0

# / etc/init.d/docker start # start the service

Custom Brid

The process for Docker to complete the above network configuration is roughly as follows:

1. Create a pair of virtual network card veth pair devices on the host. Veth devices always appear in pairs. they form a channel for data, and data enters from one device and comes out of another. Therefore, veth devices are often used to connect two network devices.

2. Docker places one end of the veth pair device in the newly created container and names it eth0. The other end is placed in the host, named after a similar name such as veth75f9, and the network device is added to the docker0 bridge, which can be viewed by the brctl show command.

3. Assign an IP from the docker0 subnet to the container and set the IP address of the docker0 as the default gateway of the container.

Docker will try to find ip segments that are not used by the host, although it works in most cases, but it is not omnipotent, and sometimes we need to make further planning for ip. When starting the Docker service, use-b BRIDGE or-- bridge=BRIDGE to specify the bridge to use, and the bridge-utils package needs to be installed.

Here, we create a new bridge br0 as the default bridge for docker. The basic steps are as follows:

1. Stop service and delete the old bridge

two。 Create a custom bridge

3. Confirm the new bridge and start it

4. Configure the docker default bridge

Stop service and delete the old bridge

# service docker stop

# ip link set dev docker0 down

# brctl delbr docker0

Create a new bridge br0

# brctl addbr br0

# ip addr add 192.168.100.1/24 dev br0

Check to confirm the new bridge and start it

# ip addr show br0 or brctl show br0

# ip link set dev br0 up

Configure the docker service to connect to the bridge br0 by default. And start docker

# echo 'DOCKER_OPTS= "- b=br0" > / etc/default/docker

# service docker start

Start the Docker service. Create a new container and you can see that it has been bridged to the br0.

You can continue to view bridging information with the brctl show command. In addition, you can use the ip addr and ip route commands in the container to view the IP address configuration and routing information.

Three external network access containers

1 create a new container using the centos image, then install the httpd service in the container and start it

[root@localhost ~] # docker run-it centos_with_net_wget:daixuanlinux bash [root@0d76c137b3cc /] # yum install-y httpd [root@0d76c137b3cc /] # / usr/sbin/httpd / / start the httpd service using the absolute path AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.29. Set the 'ServerName' direc tive globally to suppress this message [root@0d76c137b3cc /] # ps aux | the grep httpd / / httpd service has started root 53 0.0 0.6 221852 3456? Ss 05:45 0:00 / usr/sbin/httpdapache 54 0.0 0.5 221852 2600? S 05:45 0:00 / usr/sbin/httpdapache 55 0.0 0.5 221852 2600? S 05:45 0:00 / usr/sbin/httpdapache 56 0.0 0.5 221852 2600? S 05:45 0:00 / usr/sbin/httpdapache 57 0.0 0.5 221852 2600? S 05:45 0:00 / usr/sbin/httpdapache 58 0.0 0.5 221852 2600? S 05:45 0:00 / usr/sbin/httpdroot 60 0.0 0.1 8984 768? S+ 05:45 0:00 grep-- color=auto httpd [root@0d76c137b3cc /] # netstat-lnp | grep 80 / / listening on port 80 tcp6 00: 80: * LISTEN 53/httpd [root@0d76c137b3cc /] # exitexit [root@localhost ~] # docker ps-aCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES0d76c137b3cc centos_with_ Net_wget:daixuanlinux "bash" 14 minutes ago Exited (130) About a minute ago compassionate_goodall

2 Import the container into a new mirror centos_with_httpd

[root@localhost] # docker commit-m "centos_with_httpd"-a "daixuan" 0d76c137b3cc centos_with_ httpd9fa4d394e3b6855a9c395d8313c43945fb0c0b8ce8ac99b4c5c20e831df672c4 [root @ localhost ~] # docker p_w_picpathsREPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZEcentos_with_httpd latest 9fa4d394e3b6 52 seconds ago 337.8 MB

3 then use the new image to create the container and specify the port mapping, which is realized in the process of starting the container.

Docker run-itd-p 5123 centos_with_httpd:latest bash 80 / /-p can be specified for port mapping. In this case, port 80 of the container is mapped to local port 5123.

Docker exec-it container_id bash

Start httpd httpd-k start or start / usr/sbin/httpd using an absolute path

Edit 1.html vi / var/www/html/1.html and write something like daixuanlinux.com

Exit the container exit

Test curl 127.0.0.1:5123/1.html

[root@localhost ~] # docker run-itd-p 5123 itd 80 centos_with_httpd:latest bash754edd8655b86715e2f7b75db4f8503370960974b415ae6871f69f8c5bc2b12f [root@localhost] # docker exec-it 754edd865 bash [root@754edd8655b8 /] # netstat-lnpActive Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program nameActive UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node PID/Program name Path [root@754edd8655b8 /] # / usr/sbin/httpdAH00558: httpd: Could not reliably determine the server's fully qualified domain name Using 172.17.0.30. Set the 'ServerName' directive globally to suppress this message [root@754edd8655b8 /] # ps aux | grep httpdroot 29 0.0 0.6 221852 3436? Ss 06:00 0:00 / usr/sbin/httpdapache 30 0.0 0.5 221852 2600? S 06:00 0:00 / usr/sbin/httpdapache 31 0.0 0.5 221852 2600? S 06:00 0:00 / usr/sbin/httpdapache 32 0.0 0.5 221852 2600? S 06:00 0:00 / usr/sbin/httpdapache 33 0.0 0.5 221852 2600? S 06:00 0:00/usr/sbin/httpdapache 34 0.0 0.5 221852 2600? S 06:00 0:00 / usr/sbin/httpdroot 36 0.0 0.1 8984 772? S+ 06:00 0:00 grep-- color=auto httpd [root@754edd8655b8 /] # vi / var/www/html/1.html add: daixuanlinux.com [root @ 754edd8655b8 /] # curl localhost/1.htmldaixuanlinux.com [root@754edd8655b8 /] # ^ C [root@754edd8655b8 /] # exitexit [root@localhost ~] # curl 112.65.140.132:5123/1.html / / external access 5123 goes to port 80 daixuanlinux.com [root@localhost ~] # docker ps that accesses the container / / you can see the conversion rules: 5123-> 80CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES754edd8655b8 centos_with_httpd:latest "bash" 9 minutes ago Up 9 minutes 0.0.0.0 minutes ago Up 5123-> 80/tcp mad_goodall

Four containers interconnected

Download a mysql image

Docker pull mysql

Create a new container named dbserver

Docker run-it-d-p 13306 name dbserver mysql bash 3306

Create a new web container and connect with db

Docker run-it-d-p 12308 name web-- link dbserver:db centos_with_httpd bash

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.