一、Docker 网络模式
4中常用网络模式:
host 模式,使用docker run时使用–net=host指定docker使用的网络实际上和宿主机一样,在容器内看到的网卡ip就是宿主机ip
container 模式,使用–net=container:container_id/container_name 多个容器使用共同的网络,看到的ip是一样的
none 模式,使用–net=none指定,这种模式下,不会配置任何网络。没有网卡。
bridge 模式,使用–net=bridge指定默认模式,不用指定默认就是这种网络模式。这种模式会为每个容器分配一个独立的Network Namespace。类似于vmware的nat网络模式。同一个宿主机上的所有容器会在同一个网段下,相互之间是可以通信的。
[root@xavi ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://dhq9bx4f.mirror.aliyuncs.com"]
}
[root@xavi ~]# systemctl restart docker
4.1 首先开启一个容器,然后在该容器中安装nginx服务,然后 把这个带nginx服务的容器做一个打包,或者导成一个镜像
[root@xavi ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
97331ffb05d1 centos7 "bash" 12 hours ago Exited (255) About an hour ago vigilant_bhabha
43e7d37d1adc centos7 "bash" 13 hours ago Exited (255) About an hour ago friendly_visvesvaraya
9c2b897587c2 registry "/entrypoint.sh /etc…" 13 hours ago Exited (2) 12 hours ago epic_saha
d0b81c693cc5 registry "/entrypoint.sh /etc…" 14 hours ago Exited (255) About an hour ago 0.0.0.0:5000->5000/tcp objective_chebyshev
3d3e63448ad7 centos7 "bash" 14 hours ago Created zen_lewin
cb6e2aaaa0a9 centos7 "bash" 14 hours ago Exited (137) 13 hours ago reverent_jones
[root@xavi ~]# docker start 97331ffb05d1
97331ffb05d1
[root@xavi ~]# docker exec -it 97331ffb05d1 bash //进入容器中
安装niginx钱要先安装epel-release,然后安装nginx
[root@97331ffb05d1 /]# yum install -y epel-release
[root@97331ffb05d1 /]# yum install -y nginx
[root@97331ffb05d1 /]# systemctl start nginx //启动报错,设计权限,先不理会
Failed to get D-Bus connection: Operation not permitted
4.2 再把该容器导成一个新的镜像(centos_nginx),然后再使用新镜像创建容器,并指定端口映射。
[root@xavi ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
97331ffb05d1 centos7 "bash" 13 hours ago Up 17 minutes vigilanbhabha
[root@xavi ~]# docker commit -m "install nginx" -a "xavi" 75cd8a3d69fd centos_with_nginx
sha256:9539596d8741aca9406eb1c35659fe12f9276559f523bb40b2a352293b5c72ac
查看一下:
docker run -itd -p 8088:80 centos7 bash //-p 可以指定端口映射,本例中将容器的80端口映射为本地的8088端口,也就是说,现在任何主机只要通过 宿主机IP:8088 就可以访问容器的80端口
[root@xavi ~]# docker run -itd -p 8088:80 centos7 bash
0d67e75dffbbd12353ef8a659b34b9aa298ec7d49fd1d747359aa0084a893124
创建新的镜像centos7_with_nginx
[root@xavi ~]# docker create -it centos7 bash
4cf76beb5d6011822ef3218b777a4d66d4759d58b050418cc3a3075bc259ea06
[root@xavi ~]#
[root@xavi ~]# docker run -itd --name centos7_with_nginx centos7 bash
75cd8a3d69fdee63d30e730156302bd32cd368d74a0df52e158a53bbd784debf
[root@xavi ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
75cd8a3d69fd centos7 "bash" 8 seconds ago Up 7 seconds centos7_with_nginx
4cf76beb5d60 centos7 "bash" 57 seconds ago Created gracious_varahamihira
扩展:删除镜像:docker rmi -f centos7:latest
[root@xavi ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos_with_nginx latest 9539596d8741 About a minute ago 602MB
centos7 latest d7e2a277c949 27 minutes ago 600MB
192.168.72.130:5000/centos7 latest b70022c29244 15 hours ago 435MB
192.168.72.130:5000/ubuntu latest 113a43faa138 4 weeks ago 81.2MB
ubuntu latest 113a43faa138 4 weeks ago 81.2MB
centos latest 49f7960eb7e4 4 weeks ago 200MB
registry latest d1fd7d86a825 5 months ago 33.3MB
[root@xavi ~]# docker rmi -f centos7:latest
Untagged: centos7:latest
如上问题解决方案:operation not permitted。解决nginx无法启动的问题
[root@xavi ~]# docker run -itd --privileged -e "container=docker" -p 8080:80 centos_with_nginx /usr/sbin/init
6d5ef0483f06ef23f19638c0fae467a23e2dcf1faadfd68be6007e7f0f81f803
[root@xavi ~]# docker exec -it 6d5ef0483f06e bash
[root@6d5ef0483f06 /]#
[root@6d5ef0483f06 /]# systemctl start nginx
[root@6d5ef0483f06 /]# ps aux |grep nginx
root 214 0.0 0.1 120720 2096 ? Ss 02:21 0:00 nginx: master process /usr/sbin/nginx
nginx 215 0.0 0.1 121104 2920 ? S 02:21 0:00 nginx: worker process
nginx 216 0.0 0.1 121104 2920 ? S 02:21 0:00 nginx: worker process
root 218 0.0 0.0 9040 668 pts/1 S+ 02:21 0:00 grep --color=auto nginx
- 内部访问:
[root@6d5ef0483f06 /]# curl localhost
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Test Page for the Nginx HTTP Server on Fedora</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style type="text/css">
- 外部访问:
[root@xavi ~]# curl localhost:8080
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Test Page for the Nginx HTTP Server on Fedora</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style type="text/css">
- 从其他终端访问:
[root@xavi-002 ~]# curl 192.168.72.130:8080
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Test Page for the Nginx HTTP Server on Fedora</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style type="text/css">
总结:
-p后面也支持IP:port:ip:port 的格式,比如
-p 127.0.0.1:8080:80
也可以不写本地的端口,只写ip,这样会随意分配一个端口
-p 127.0.0.1::80 //注意这里是两个冒号
二、配置桥接网络
这种模式应该不陌生,这种模式就是相当于配置咱们的容器和宿主机在同一局域网模式下,这样我们就可以认为这台docker容器也是一台真正的宿主机了!
我们这里需要桥接的是ens33网卡
cd /etc/sysconfig/network-scripts/; cp ifcfg-eth0 ifcfg-br0
vi ifcfg-eth0 //增加BRIDGE=br0,删除IPADDR,NETMASK,GATEWAY,DNS1
vi ifcfg-br0//修改DEVICE为br0,Type为Bridge,把eth0的网络设置设置到这里来
[root@xavi ~]# cd /etc/sysconfig/network-scripts/
[root@xavi network-scripts]# cp ifcfg-ens33 ifcfg-br0
[root@xavi network-scripts]# vim ifcfg-br0
TYPE=Bridge
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=br0
##UUID=3b000477-c3db-4855-b5ba-c73bb1546b3a
DEVICE=br0
ONBOOT=yes
IPADDR=192.168.72.130
NETMASK=255.255.255.0
GATEWAY=192.168.72.2
DNS1=119.29.29.29
DNS2=8.8.8.8
ZONE=work
重启网卡:systemctl restart network
[root@xavi network-scripts]# systemctl restart network
删除ens33:0,并修改ifcfg-ens33中的内容,并添加一句BRIDGE=br0
[root@xavi network-scripts]# rm -f ifcfg-ens33:0
[root@xavi network-scripts]# ls
ficfg-ens33 ifcfg-lo ifdown-ippp ifdown-Team ifup-ib ifup-ppp init.ipv6-global
ifcfg-br0 ifcfg-lo.bak ifdown-ipv6 ifdown-TeamPort ifup-ippp ifup-routes network-functions
ifcfg-ens33 ifcfg-有线连接_1 ifdown-isdn ifdown-tunnel ifup-ipv6 ifup-sit network-functions-ipv6
ifcfg-ens33.bak ifdown ifdown-post ifup ifup-isdn ifup-Team
ifcfg-ens37 ifdown-bnep ifdown-ppp ifup-aliases ifup-plip ifup-TeamPort
ifcfg-ens37-1 ifdown-eth ifdown-routes ifup-bnep ifup-plusb ifup-tunnel
ifcfg-ens37.bak ifdown-ib ifdown-sit ifup-eth ifup-post ifup-wireless
[root@xavi network-scripts]# vim ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
#UUID=3b000477-c3db-4855-b5ba-c73bb1546b3a
DEVICE=ens33
ONBOOT=yes
#IPADDR=192.168.72.130
#NETMASK=255.255.255.0
#GATEWAY=192.168.72.2
#DNS1=119.29.29.29
#DNS2=8.8.8.8
#ZONE=work
BRIDGE=br0
修改完成后ens33没有了IP,而br0网卡有了IP
安装pipwork
git clone https://github.com/jpetazzo/pipework
cp pipework/pipework /usr/local/bin/ //不需要任何的编译,直接copy配置文件到bin目录下即可:
开启一个容器 <设置成没有网络模式:>
[root@xavi ~]# docker run -itd --net=none centos_with_nginx bash
8b065a783badf3c083b4f3c37a25ae9bc9e2a465cf3dab97455f8db606a57e6d
[root@xavi ~]# docker exec -it 8b065a78 bash
[root@8b065a783bad /]# ifconfig
bash: ifconfig: command not found
给容器设置一个指定的IP地址:pipework br0 8b065a78 192.168.72.135/24@192.168.72.2
#135为容器的ip,@后面的ip为网关ip
[root@xavi ~]# pipework br0 8b065a78 192.168.72.135/24@192.168.72.2
做题做完测试后,发现宿主机连不上网络了,百度一搜索,发现ifup这个命令奏效了
[root@xavi network-scripts]# vim ifcfg-ens33
[root@xavi network-scripts]# systemctl restart network
Job for network.service failed because the control process exited with error code. See "systemctl status network.service" and "journalctl -xe" for details.
[root@xavi network-scripts]# systemctl status network.service
● network.service - LSB: Bring up/down networking
Loaded: loaded (/etc/rc.d/init.d/network; bad; vendor preset: disabled)
Active: failed (Result: exit-code) since 日 2018-07-08 09:51:25 CST; 17s ago
Docs: man:systemd-sysv-generator(8)
Process: 15140 ExecStop=/etc/rc.d/init.d/network stop (code=exited, status=0/SUCCESS)
Process: 17079 ExecStart=/etc/rc.d/init.d/network start (code=exited, status=1/FAILURE)
Memory: 8.0K
7月 08 09:51:25 xavi network[17079]: RTNETLINK answers: File exists
7月 08 09:51:25 xavi network[17079]: RTNETLINK answers: File exists
7月 08 09:51:25 xavi network[17079]: RTNETLINK answers: File exists
7月 08 09:51:25 xavi network[17079]: RTNETLINK answers: File exists
7月 08 09:51:25 xavi network[17079]: RTNETLINK answers: File exists
7月 08 09:51:25 xavi network[17079]: RTNETLINK answers: File exists
7月 08 09:51:25 xavi systemd[1]: network.service: control process exited, code=exited status=1
7月 08 09:51:25 xavi systemd[1]: Failed to start LSB: Bring up/down networking.
7月 08 09:51:25 xavi systemd[1]: Unit network.service entered failed state.
7月 08 09:51:25 xavi systemd[1]: network.service failed.
[root@xavi network-scripts]# ifup ens33
[root@xavi network-scripts]# ping baidu.com
PING baidu.com (123.125.115.110) 56(84) bytes of data.
64 bytes from 123.125.115.110 (123.125.115.110): icmp_seq=1 ttl=128 time=35.4 ms
64 bytes from 123.125.115.110 (123.125.115.110): icmp_seq=2 ttl=128 time=50.1 ms
查看错误日志:tail -20 /var/log/messages
错误解决后,无法解决ens33显示IP的问题。
