docker跨主機(jī)通信方式二 OpenvSwitch

目前市面上跨主機(jī)通信第三方主流的解決方法有flannel, weave, Pipework, OpenvSwitch等

這里使用OpenvSwitch,它實(shí)現(xiàn)比較簡單,成熟且功能強(qiáng)大。

架構(gòu)圖如下:


實(shí)驗(yàn)環(huán)境:

一、基礎(chǔ)環(huán)境設(shè)置

docker1

1. 配置固定IP

[root@localhost ~]#? vim? /etc/sysconfig/network-scripts/ifcfg-ens32

TYPE=Ethernet

PROXY_METHOD=none

BROWSER_ONLY=no

BOOTPROTO=static

DEFROUTE=yes

IPV4_FAILURE_FATAL=no

IPV6INIT=yes

IPV6_AUTOCONF=yes

IPV6_DEFROUTE=yes

IPV6_FAILURE_FATAL=no

NAME=ens32

UUID=75963e3f-b289-4bbd-8489-44f6f2b8c7f0

DEVICE=ens32

ONBOOT=yes

IPADDR=192.168.0.10

PREFIX=24

GATEWAY=192.168.0.1

DNS1=114.114.114.114

[root@localhost ~]# systemctl restart network

2. 更改主機(jī)名

[root@localhost ~]#? hostnamectl set-hostname docker1

[root@localhost ~]#? exit? ? //重新登陸即可

[root@docker1 ~]#

3.關(guān)閉防火墻

[root@docker1 ~]# systemctl stop firewalld

[root@docker1 ~]# systemctl disable firewalld

4. 同步系統(tǒng)時(shí)間

[root@docker1 ~]# yum -y install ntp

[root@docker1 ~]#? systemctl enable ntpd.service

[root@docker1 ~]# ntpdate cn.pool.ntp.org

[root@docker1 ~]# hwclock -w

[root@docker1 ~]#? crontab -e

0 2 * * * ntpdate ntpdate cn.pool.ntp.org? && hwclock -w

5. 安裝docker

[root@docker1 ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

[root@docker1 ~]# yum install -y docker-ce

[root@docker1 ~]# systemctl start docker

[root@docker1 ~]# systemctl enable docker

6. 安裝網(wǎng)橋bridge-utils

[root@docker1 ~]#? yum -y install bridge-utils

7.關(guān)閉selinux

[root@docker1 ~]# vim /etc/sysconfig/selinux

SELINUX=disabled

[root@docker1 ~]#? reboot


docker2

1. 配置固定IP

[root@localhost ~]#? vim? /etc/sysconfig/network-scripts/ifcfg-ens32

TYPE=Ethernet

PROXY_METHOD=none

BROWSER_ONLY=no

BOOTPROTO=static

DEFROUTE=yes

IPV4_FAILURE_FATAL=no

IPV6INIT=yes

IPV6_AUTOCONF=yes

IPV6_DEFROUTE=yes

IPV6_FAILURE_FATAL=no

IPV6_ADDR_GEN_MODE=stable-privacy

NAME=ens32

UUID=75963e3f-b289-4bbd-8489-44f6f2b8c7f0

DEVICE=ens32

ONBOOT=yes

IPADDR=192.168.0.10

PREFIX=24

GATEWAY=192.168.0.1

DNS1=114.114.114.114

[root@localhost ~]# systemctl restart network

2. 更改主機(jī)名

[root@localhost ~]#? hostnamectl set-hostname docker2

[root@localhost ~]#? exit? ? //重新登陸即可

[root@docker2~]#

3.關(guān)閉防火墻

[root@docker2~]# systemctl stop firewalld

[root@docker2~]# systemctl disable firewalld

4. 同步系統(tǒng)時(shí)間

[root@docker2~]# yum -y install ntp

[root@docker2~]# systemctl enable ntpd.service

[root@docker2~]# ntpdate cn.pool.ntp.org

[root@docker2~]# hwclock -w

[root@docker2~]# crontab -e

0 2 * * * ntpdate ntpdate cn.pool.ntp.org? && hwclock -w

5. 安裝docker

[root@docker2~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

[root@docker2~]# yum install -y docker-ce

[root@docker2~]# systemctl start docker

[root@docker2~]# systemctl enable docker

6. 安裝網(wǎng)橋bridge-utils

[root@docker2~]#? yum -y install bridge-utils

7.關(guān)閉selinux

[root@docker2~]# vim /etc/sysconfig/selinux

SELINUX=disabled

[root@docker2~]#? reboot


二、openvswitch安裝配置

docker1配置

1.安裝依賴

[root@docker1 ~]# yum -y install make gcc openssl-devel autoconf automake rpm-build redhat-rpm-config? python-devel openssl-devel kernel-devel kernel-debug-devel libtool wget

2. 預(yù)處理

[root@docker1 ~]# cd /usr/local/src/

[root@docker1 src]# mkdir -p ~/rpmbuild/SOURCES

[root@docker1 src]# wget http://openvswitch.org/releases/openvswitch-2.9.0.tar.gz

[root@docker1 src]#? cp openvswitch-2.9.0.tar.gz ~/rpmbuild/SOURCES/

[root@docker1 src]#? tar xf openvswitch-2.9.0.tar.gz

[root@docker1 src]# sed 's/openvswitch-kmod, //g' openvswitch-2.9.0/rhel/openvswitch.spec > openvswitch-2.9.0/rhel/openvswitch_no_kmod.spec

3. 構(gòu)建rpm包

[root@docker1 src]# rpmbuild -bb --nocheck ./openvswitch-2.9.0/rhel/openvswitch_no_kmod.spec

//系統(tǒng)有報(bào)錯(cuò)

error: Failed build dependencies:

python-six is needed by openvswitch-2.9.0-1.x86_64

selinux-policy-devel is needed by openvswitch-2.9.0-1.x86_64

python-sphinx is needed by openvswitch-2.9.0-1.x86_64

原因:還需要安裝以下依賴

[root@docker1 src]# yum? -y? install? python-six selinux-policy-devel? python-sphinx

4. 安裝

[root@docker1 src]# cd ~

[root@docker1 ~]# yum -y install? ~/rpmbuild/RPMS/x86_64/openvswitch-devel-2.9.0-1.x86_64.rpm

//將生成的RPM包openvswitch-devel-2.9.0-1.x86_64.rpm拷貝到docker2上,到時(shí)后docker2可以直接安裝使用

5.? 啟動(dòng)openvswitch服務(wù)

[root@docker1 ~]# systemctl start openvswitch.service

[root@docker1 ~]# systemctl enable openvswitch.service

[root@docker1 ~]# systemctl status openvswitch.service



docker2配置

1. 將docker1生成的openvswitch-2.9.0-1.x86_64.rpm拷貝到docker2后直接yum安裝

[root@docker2 ~]# scp -r root@192.168.0.10:/root/rpmbuild/SOURCES//root/rpmbuild/RPMS/x86_64/openvswitch-2.9.0-1.x86_64.rpm? .

[root@docker2 ~]#? yum -y install openvswitch-2.9.0-1.x86_64.rpm

2. 啟動(dòng)openvswitch服務(wù)

[root@docker2 ~]# systemctl start openvswitch.service

[root@docker2 ~]# systemctl enable openvswitch.service

[root@docker2 ~]# systemctl status openvswitch.service


三、跨主機(jī)通信

docker1

1. 開啟路由轉(zhuǎn)發(fā)功能

[root@docker1 ~]# vim /etc/sysctl.conf

net.ipv4.ip_forward = 1

[root@docker1 ~]# sysctl -p

net.ipv4.ip_forward = 1

2. 修改docker默認(rèn)網(wǎng)段(即docker0網(wǎng)段,默認(rèn)是172.17.0.0/24)

[root@docker1 ~]#? vim? /etc/docker/daemon.json

{

? "registry-mirrors": ["https://4zy0t91p.mirror.aliyuncs.com"],? //阿里docker加速器配置

?? "bip": "10.0.0.1/24"? //docker0網(wǎng)段修改

}

3. 建立OVS Bridge

1.> 在兩個(gè)主機(jī)上創(chuàng)建隧道網(wǎng)橋br0,并通過gre0協(xié)議創(chuàng)建隧道

[root@docker1 ~]#? ovs-vsctl add-br br0

[root@docker1 ~]# ovs-vsctl? add-port? br0? gre0? --? set Interface gre0 type=gre options:remote_ip=192.168.0.10

2.> 將br0作為接口并納入docker0網(wǎng)橋

[root@docker1 ~]# brctl addif docker0? br0

4. 配置路由

作用:用于轉(zhuǎn)發(fā)到其它宿主機(jī)上docker容器,其中ens32為真實(shí)的網(wǎng)卡設(shè)備名稱,需要根據(jù)實(shí)際網(wǎng)卡設(shè)備名稱配置

在docker1上添加路由表,使docker1能到達(dá)docker2定義的10.0.1.0/24網(wǎng)段,意思是告訴docker1主機(jī) 10.0.1.0/24網(wǎng)段的ip在192.168.0.20的docker2上。

[root@docker1 ~]# vim? /etc/sysconfig/network-scripts/route-ens32

10.0.1.0/24 via 192.168.0.20 dev ens32

5. 重啟docker服務(wù)并查看

[root@docker1 ~]# systemctl daemon-reload

[root@docker1 ~]# systemctl restart docker

[root@docker1 ~]# systemctl restart network? ? ?//這三步很關(guān)鍵,要依次重啟

[root@docker1 ~]# brctl show

bridge name bridge id STP enabled interfaces

docker0 8000.0242d78c3863 no br0

[root@docker1 ~]# route? -n

Kernel IP routing table

Destination? ? Gateway? ? ? ? Genmask? ? ? ? Flags Metric Ref? ? Use Iface

0.0.0.0? ? ? ? 192.168.0.1? ? 0.0.0.0? ? ? ? UG? ? 100? ? 0? ? ? ? 0 ens32

10.0.0.0? ? ? 0.0.0.0? ? ? ? 255.255.255.0? U? ? 0? ? ? 0? ? ? ? 0 docker0

10.0.1.0? ? ? 192.168.0.20? ? 255.255.255.0? UG? ? 100? ? 0? ? ? ? 0 ens32

192.168.0.0? ? 0.0.0.0? ? ? ? 255.255.255.0? U? ? 100? ? 0? ? ? ? 0 ens32

[root@docker1 ~]# ifconfig

docker0: flags=4099? mtu 1500

? ? ? ? inet 10.0.0.1? netmask 255.255.255.0? broadcast 10.0.10.255

? ? ? ? inet6 fe80::42:d7ff:fe8c:3863? prefixlen 64? scopeid 0x20

? ? ? ? ether 02:42:d7:8c:38:63? txqueuelen 0? (Ethernet)

? ? ? ? RX packets 6? bytes 392 (392.0 B)

? ? ? ? RX errors 0? dropped 0? overruns 0? frame 0

? ? ? ? TX packets 14? bytes 1124 (1.0 KiB)

? ? ? ? TX errors 0? dropped 0 overruns 0? carrier 0? collisions 0

6. 測試網(wǎng)絡(luò)

[root@docker1 ~]# docker pull cirros

[root@docker1 ~]# docker run -it cirros /bin/sh

1.> 查看網(wǎng)絡(luò)

[root@c778cae8a2e5 /]# ifconfig

eth0? ? ? Link encap:Ethernet? HWaddr 02:42:0A:00:0A:02?

? ? ? ? ? inet addr:10.0.0.2? Bcast:10.0.10.255? Mask:255.255.255.0

? ? ? ? ? UP BROADCAST RUNNING MULTICAST? MTU:1500? Metric:1

? ? ? ? ? RX packets:3 errors:0 dropped:0 overruns:0 frame:0

? ? ? ? ? TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

? ? ? ? ? collisions:0 txqueuelen:0

? ? ? ? ? RX bytes:258 (258.0 B)? TX bytes:0 (0.0 B)

2.> ping外網(wǎng)

[root@c778cae8a2e5 /]# ping www.baidu.com

PING www.baidu.com (61.135.169.121): 56 data bytes

64 bytes from 61.135.169.121: seq=0 ttl=56 time=4.502 ms

64 bytes from 61.135.169.121: seq=1 ttl=56 time=8.104 ms

...

3.> ping docker1宿主機(jī)

[root@c778cae8a2e5 /]# ping 192.168.0.10

PING 192.168.0.10 (192.168.0.10): 56 data bytes

64 bytes from 192.168.0.10: seq=0 ttl=63 time=0.414 ms

64 bytes from 192.168.0.10: seq=1 ttl=63 time=0.692 ms

...

4.> ping docker2宿主機(jī)

[root@c778cae8a2e5 /]# ping 192.168.0.20

PING 192.168.0.20 (192.168.0.20): 56 data bytes

64 bytes from 192.168.0.20: seq=0 ttl=63 time=0.414 ms

64 bytes from 192.168.0.20: seq=1 ttl=63 time=0.692 ms

...


docker2

1. 開啟路由轉(zhuǎn)發(fā)功能

[root@docker2 ~]# vim /etc/sysctl.conf

net.ipv4.ip_forward = 1

[root@docker2 ~]# sysctl -p

net.ipv4.ip_forward = 1

2. 修改docker默認(rèn)網(wǎng)段(即docker0網(wǎng)段,默認(rèn)是172.17.0.0/24)

[root@docker2 ~]#? vim? /etc/docker/daemon.json

{

? "registry-mirrors": ["https://4zy0t91p.mirror.aliyuncs.com"],? //阿里docker加速器配置

?? "bip": "10.0.1.1/24"? //docker0網(wǎng)段修改

}

3. 建立OVS Bridge

1.> 在兩個(gè)主機(jī)上創(chuàng)建隧道網(wǎng)橋br0,并通過gre0協(xié)議創(chuàng)建隧道

[root@docker2 ~]#? ovs-vsctl add-br br0

[root@docker2 ~]# ovs-vsctl add-port br0 gre0? ?--? ?set Interface gre0 type=gre options:remote_ip=192.168.0.20

2.> 將br0作為接口并納入docker0網(wǎng)橋

[root@docker2 ~]# brctl addif docker0? br0

4. 配置路由

作用:用于轉(zhuǎn)發(fā)到其它宿主機(jī)上docker容器,其中ens32為真實(shí)的網(wǎng)卡設(shè)備名稱,需要根據(jù)實(shí)際網(wǎng)卡設(shè)備名稱配置

在docker2上添加路由表,使docker2能到達(dá)docker1定義的10.0.0.0/24網(wǎng)段,意思是告訴docker2主機(jī) 10.0.0.0/24網(wǎng)段的ip在192.168.0.10的docker1上。

[root@docker2 ~]# vim? /etc/sysconfig/network-scripts/route-ens32

10.0.0.0/24 via 192.168.0.10 dev ens32

5. 重啟docker服務(wù)并查看

[root@docker2 ~]# systemctl daemon-reload

[root@docker2 ~]# systemctl restart docker

[root@docker2 ~]# systemctl restart network? ? ?//這三步很關(guān)鍵,要依次重啟

[root@docker2 ~]# brctl show

bridge name bridge id STP enabled interfaces

docker0 8000.0242d78c3863 no br0

[root@docker2 ~]# route -n

Kernel IP routing table

Destination? ? Gateway? ? ? ? Genmask? ? ? ? Flags Metric Ref? ? Use Iface

0.0.0.0? ? ? ? 192.168.0.1? ? 0.0.0.0? ? ? ? UG? ? 100? ? 0? ? ? ? 0 ens32

10.0.1.0? ? ? 0.0.0.0? ? ? ? 255.255.255.0? U? ? 0? ? ? 0? ? ? ? 0 docker0

10.0.0.0? ? ? 192.168.0.10? ? 255.255.255.0? UG? ? 100? ? 0? ? ? ? 0 ens32

192.168.0.0? ? 0.0.0.0? ? ? ? 255.255.255.0? U? ? 100? ? 0? ? ? ? 0 ens32

[root@docker2 ~]# ifconfig

docker0: flags=4099? mtu 1500

? ? ? ? inet 10.0.1.1? netmask 255.255.255.0? broadcast 10.0.10.255

? ? ? ? inet6 fe80::42:d7ff:fe8c:3863? prefixlen 64? scopeid 0x20

? ? ? ? ether 02:42:d7:8c:38:63? txqueuelen 0? (Ethernet)

? ? ? ? RX packets 6? bytes 392 (392.0 B)

? ? ? ? RX errors 0? dropped 0? overruns 0? frame 0

? ? ? ? TX packets 14? bytes 1124 (1.0 KiB)

? ? ? ? TX errors 0? dropped 0 overruns 0? carrier 0? collisions 0

6.? 測試網(wǎng)絡(luò)

[root@docker2 ~]# docker pull cirros

[root@docker2 ~]# docker run -it cirros /bin/sh

1.> 查看網(wǎng)絡(luò)

[root@d2b2a56abf59 /]#? ifconfig

eth0? ? ? Link encap:Ethernet? HWaddr 02:42:0A:00:0A:02?

? ? ? ? ? inet addr:10.0.1.2? Bcast:10.0.10.255? Mask:255.255.255.0

? ? ? ? ? UP BROADCAST RUNNING MULTICAST? MTU:1500? Metric:1

? ? ? ? ? RX packets:3 errors:0 dropped:0 overruns:0 frame:0

? ? ? ? ? TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

? ? ? ? ? collisions:0 txqueuelen:0

? ? ? ? ? RX bytes:258 (258.0 B)? TX bytes:0 (0.0 B)

2.> ping外網(wǎng)

[root@d2b2a56abf59 /]#? ping www.baidu.com

PING www.baidu.com (61.135.169.121): 56 data bytes

64 bytes from 61.135.169.121: seq=0 ttl=56 time=4.502 ms

64 bytes from 61.135.169.121: seq=1 ttl=56 time=8.104 ms

...

3.> ping docker2宿主機(jī)

[root@d2b2a56abf59 /]#? ping 192.168.0.20

PING 192.168.0.20 (192.168.0.20): 56 data bytes

64 bytes from 192.168.0.20: seq=0 ttl=63 time=0.414 ms

64 bytes from 192.168.0.20: seq=1 ttl=63 time=0.692 ms

...

4.> ping docker1宿主機(jī)

[root@d2b2a56abf59 /]#? ping 192.168.0.10

PING 192.168.0.10 (192.168.0.10): 56 data bytes

64 bytes from 192.168.0.10: seq=0 ttl=63 time=0.414 ms

64 bytes from 192.168.0.10: seq=1 ttl=63 time=0.692 ms

...


5.> 容器互ping

在docker1的容器中ping docker2中的容器

[root@c778cae8a2e5 /]# ping 10.0.1.2

PING 10.0.1.2 (10.0.1.2): 56 data bytes

64 bytes from 10.0.1.2: seq=0 ttl=62 time=0.316 ms

64 bytes from 10.0.1.2: seq=1 ttl=62 time=0.813 ms

...

在docker2的容器中ping docker1中的容器

[root@d2b2a56abf59 /]#? ping 10.0.0.2

PING 10.0.0.2 (10.0.0.2): 56 data bytes

64 bytes from 10.0.0.2: seq=0 ttl=63 time=0.414 ms

64 bytes from 10.0.0.2: seq=1 ttl=63 time=0.692 ms

...

上述證明:容器與容器之間、容器與宿主機(jī)、容器與外網(wǎng)都是通的


原創(chuàng)作品,允許轉(zhuǎn)載,轉(zhuǎn)載時(shí)請務(wù)必以超鏈接形式標(biāo)明文章 原始出處 、作者信息和本聲明。

?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡書系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

推薦閱讀更多精彩內(nèi)容

  • pipework的做法是通過網(wǎng)橋使容器,宿主機(jī)在同一個(gè)網(wǎng)段中進(jìn)行通信 實(shí)驗(yàn)環(huán)境: 一、基礎(chǔ)環(huán)境配置,三臺(tái)服務(wù)器均執(zhí)...
    向上的路閱讀 3,028評論 1 2
  • 本文整理了在實(shí)踐過程中使用的Linux網(wǎng)絡(luò)工具,這些工具提供的功能非常強(qiáng)大,我們平時(shí)使用的只是冰山一角,比如lso...
    老夫劉某閱讀 3,606評論 0 7
  • 試了下比較流行的幾種SDN,感覺flannel還是比較好用,這里簡單記錄一下。 用的是virtualbox,3個(gè)機(jī)...
    jony456123閱讀 971評論 0 1
  • 概況 掌握 Docker 在Centos的安裝: 操作系統(tǒng):Win 10 家庭中文版 虛擬機(jī)軟件:Oracle V...
    andy0898閱讀 1,111評論 1 9
  • 家里70歲的老奶奶每次見到我都要念叨著,我家這個(gè)小娃娃啊,快點(diǎn)結(jié)婚吧。每次聽到這些話,我一定是不耐煩的,大聲吵著我...
    七友以你閱讀 513評論 3 2