一.主机环境及环境准备

宿主机IP:192.168.1.107

宿主机网关:192.168.1.1

容器IP:目的是设置为192.168.1.108 





  1. 关闭Selinux

  2. 设置为网卡桥接模式

  3. 关闭防火墙

  4. yum install bridge-utils -y

  5. yum install git -y



二.安装docker


增加repo

tee /etc/yum.repos.d/docker.repo <<-'EOF'

[dockerrepo] name=Docker Repository baseurl=https://yum.dockerproject.org/repo/main/centos/7/

enabled=1

gpgcheck=1

gpgkey=https://yum.dockerproject.org/gpg

EOF


Install the Docker package


yum install docker-engine -y

systemctl enable docker.service

systemctl start docker


下载镜像


docker pull centos



创建一个容器,在里面安装iproute工具


docker  run   -it   centos  /bin/bash


yum   install  iproute -y  (在容器里执行)


docker ps     (另外开个终端)

docker  commit   ee0b4f70905e(容器ID)  centos:v1 (镜像新名字)  (在宿主机执行)    


[root@bogon ~]# docker images

REPOSITORY     TAG    IMAGE ID               SIZE

centos        v1    347a749ec452             308.4 MB

centos        latest  0584b3d2cf6d             196.5 MB


设置主机为桥接状态


cd /etc/sysconfig/network-scripts/; cp ifcfg-eth0  ifcfg-br0


vi /etc/sysconfig/network-scripts/ifcfg-eno16777736


TYPE=Ethernet

NAME=eno16777736

DEVICE=eno16777736

ONBOOT=yes

BOOTPROTO="none"

DEFROUTE="yes"

PEERDNS="yes"

PEERROUTES="yes"

BRIDGE="br0"



vi /etc/sysconfig/network-scripts/ifcfg-br0


TYPE="Bridge"

BOTPROTO=static

IPADDR=192.168.1.107

NETMASK=255.255.255.0

GATEWAY=192.168.1.1

PREFIX=24

DNS1=202.106.0.20

NAME=br0

ONBOOT=yes

DEVICE=br0



启动一个容器(无网络模式的)


docker run -itd --net=none --name=centos7 centos:v1  /bin/bash







安装pipwork


  git clone https://github.com/jpetazzo/pipework 


  cp ~/pipework/pipework /usr/local/bin/


配置网络


 pipework br0 centos7 192.168.1.108/24@192.168.1.1


重启网络(建议重启服务器)


systemctl restart network





验证:

  1. 是否有br0


[root@bogon ~]# brctl show

bridge namebridge idSTP enabledinterfaces

br08000.000c298cb594noeno16777736

docker08000.0242104a9f9dno


2.查看宿主机IP(此时192.168.1.107已在br0上配置了)


[root@bogon ~]# ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

    inet6 ::1/128 scope host 

       valid_lft forever preferred_lft forever

2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 1000

    link/ether 00:0c:29:8c:b5:94 brd ff:ff:ff:ff:ff:ff

3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 

    link/ether 00:0c:29:8c:b5:94 brd ff:ff:ff:ff:ff:ff

    inet 192.168.1.107/24 brd 192.168.1.255 scope global br0

       valid_lft forever preferred_lft forever

    inet6 fe80::20c:29ff:fe8c:b594/64 scope link 

       valid_lft forever preferred_lft forever

4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN 

    link/ether 02:42:0b:33:f5:52 brd ff:ff:ff:ff:ff:ff

    inet 172.17.0.1/16 scope global docker0

       valid_lft forever preferred_lft forever

6: veth1pl2812@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 1000

    link/ether 1a:88:0b:5c:44:32 brd ff:ff:ff:ff:ff:ff link-netnsid 0

    inet6 fe80::1888:bff:fe5c:4432/64 scope link 

       valid_lft forever preferred_lft forever


3.进入容器查看IP


docker ps                   #得到容器ID


docker exec -it centos7 /bin/bash   #进入容器


ip addr                    #容器内执行,此时容器IP已经配成192.168.1.108



[root@43b774de2084 /]# ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

    inet6 ::1/128 scope host 

       valid_lft forever preferred_lft forever

5: eth1@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

    link/ether 1a:c2:6c:56:87:a1 brd ff:ff:ff:ff:ff:ff link-netnsid 0

    inet 192.168.1.108/24 brd 192.168.1.255 scope global eth1

       valid_lft forever preferred_lft forever

    inet6 fe80::18c2:6cff:fe56:87a1/64 scope link 

       valid_lft forever preferred_lft forever




ping 192.168.1.1              #验证连通性

ping 192.168.1.107         



[root@43b774de2084 /]# ping 192.168.1.1

PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.

64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=4.23 ms

64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=1.44 ms

64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=1.49 ms

64 bytes from 192.168.1.1: icmp_seq=4 ttl=64 time=2.17 ms

64 bytes from 192.168.1.1: icmp_seq=5 ttl=64 time=1.45 ms



这里有个问题,在vm workstation上没问题都,可是在vm esxi上,容器能Ping通br0,br0也能Ping通容器,可容器和网关,其他主机都不能PING,折腾半天才在群里有人点拨下,原因是vm esxi没有开启混杂模式,否则 vm 里面建 vm exsi 会认为是不安全的。真是坑啊!!!!1!!



wKiom1g7zW6x8kRyAAH50At20eY282.png-wh_50






wKioL1g7zeqAPPciAAJNOrGqaLQ516.png-wh_50



开启混杂模式后,一切正常。。。。。