Docker默认使用bridge模式, 通过网桥连接到宿主机, 而容器内部的IP则从网桥所在的IP段取未用的IP。 这样做不方便的地方在于容器内部的ip不是固定的, 想要连接容器时只能通过映射到宿主机的端口, 因而有很多项目使用overlay来为docker提供网络的配置, 比如Pipework、Flannel、Kubernetes、Weave、opencontrail等。docker的网络模式中只有--net=none才可以为docker分配固定ip。
1. 创建br0网卡绑定eth0网卡
[root@docker ~]# cd /etc/sysconfig/network-scripts/
[root@docker network-scripts]# vim ifcfg-eth0
DEVICE=eth0
HWADDR=00:0C:29:7E:AA:ED
TYPE=Ethernet
UUID=77ea2b6a-a0fe-4300-98fc-fb62a64fed4e
ONBOOT=yes
NM_CONTROLLED=yes
#BOOTPROTO=static
#IPADDR=192.168.15.15
#NETMASK=255.255.255.0
#GATEWAY=192.168.15.2
#DNS1=114.114.114.114
BRIDGE=br0 //绑定br0网卡
[root@docker network-scripts]# cp ifcfg-eth0 ifcfg-br0 //复制一块br0网卡
[root@docker network-scripts]# vim ifcfg-br0
DEVICE=br0
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.15.15
NETMASK=255.255.255.0
GATEWAY=192.168.15.2
DNS1=114.114.114.114
MTU=1500
TYPE=Bridge
USERCTL=no
[root@docker network-scripts]# /etc/init.d/network restart //重启网络服务
2. 创建容器
[root@docker network-scripts]# cd /usr/local/src/
[root@docker src]# yum -y install gcc gcc-c++ flex bison
[root@docker src]# wget https://www.kernel.org/pub/linux/utils/net/iproute2/iproute2-4.0.0.tar.gz
[root@docker src]# tar -zxvf iproute2-4.0.0.tar.gz
[root@docker src]# cd iproute2-4.0.0
[root@docker iproute2-4.0.0]# sed -i '/^TARGETS/s@arpd@@g' misc/Makefile
[root@docker iproute2-4.0.0]# ./configure
[root@docker iproute2-4.0.0]# make SBINDIR=/sbin/
[root@docker iproute2-4.0.00]# make SBINDIR=/sbin install
//创建容器脚本
[root@docker iproute2-4.0.0]# cd /root/docker
[root@docker docker]# vim docker_create.sh
#!/bin/sh
#br0网桥
brName='br0'
vmName='docker-1'
#容器IP地址和网关
fixed_ip='192.168.15.41/24'
gateway='192.168.15.2'
# start new container
cid=$(docker run -d -i -h $vmName --name=$vmName --net=none -t jdeathe/centos-ssh)
pid=$(docker inspect -f '``.`State`.`Pid`' $cid)
##容器配置网络namespace,并设置固定ip:
# set up netns
mkdir -p /var/run/netns
ln -s /proc/$pid/ns/net /var/run/netns/$pid
# set up bridge
ip link add q$pid type veth peer name r$pid
brctl addif $brName q$pid
ip link set q$pid up
# set up docker interface
ip link set r$pid netns $pid
ip netns exec $pid ip link set dev r$pid name eth0
ip netns exec $pid ip link set eth0 up
ip netns exec $pid ip addr add $fixed_ip dev eth0
ip netns exec $pid ip route add default via 192.168.15.2
echo "container $vmName cid: $cid" >> /root/docker/container_cid.txt
echo "Enter $vmName command: nsenter --target $pid --mount --uts --ipc --net --pid" >> /root/docker/enter_container_command.txt
[root@docker sbin]# chmod +x docker_create.sh
//运行创建容器脚本
[root@docker docker]# sh docker_create.sh
[root@docker docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
82a1dedff146 jdeathe/centos-ssh:latest "/usr/bin/supervisor 54 seconds ago Up 3 seconds docker-42
//此时容器已经启动,连接容器命令如下
[root@docker docker]# PID=$(docker inspect --format "` `.`State`.`Pid `" 82a1dedff146)
[root@docker docker]# nsenter --target $PID --mount --uts --ipc --net --pid
[root@docker /]# ip a|grep eth0
12: eth0:
inet 192.168.15.41/24 scope global eth0
[root@docker /]# ping 90root.com
PING 90root.com (112.74.113.61) 56(84) bytes of data.
64 bytes from 112.74.113.61: icmp_seq=1 ttl=128 time=45.9 ms
3. 配置容器
//为容器eth0网卡配置静态IP地址(防止容器内部执行/etc/init.d/network restart后不分配IP地址从而断网)。接着上面的操作来
[root@docker /]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
ONBOOT=static
IPADDR=192.168.15.41
NETMASK=255.255.255.0
GATEWAY=192.168.15.2
DNS1=114.114.114.114
//为容器设置root密码
[root@docker /]# passwd
Changing password for user root.
New password:
/usr/share/cracklib/pw_dict.pwd: No such file or directory
PWOpen: No such file or directory
解决办法如下:
[root@docker /]# vi /etc/ssh/sshd_config
PermitRootLogin yes //no改为yes
[root@docker /]# /etc/init.d/sshd restart
[root@docker /]# yum -y reinstall cracklib-dicts
从其它服务器登入容器服务器报错:
[root@docker .ssh]# ssh [email protected]
The authenticity of host '192.168.15.42 (192.168.15.42)' can't be established.
RSA key fingerprint is 21:4c:52:ab:18:e2:d5:ef:56:e6:a6:e6:34:6d:b5:7d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.15.42' (RSA) to the list of known hosts.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
修改容器服务器
[root@docker ~]# vi /etc/ssh/sshd_config
PasswordAuthentication yes //no改为yes
PermitRootLogin yes //no改为yes
[root@docker ~]# /etc/init.d/sshd restart
4. 收尾工作
//当重启容器或服务器后,容器网卡会被删除, 此时需要重新建立网卡配置网络。
[root@docker ~]# cd /root/docker/start-docker
[root@docker start-docker]# vim start_docker-41.sh
#!/bin/sh
#桥接网卡名称
BrName=br0
#启动容器
#docker start f354aacd4052
docker start docker-42
#docker ps查看cid
cid=f354aacd4052
pid=$(docker inspect -f '``.`State`.`Pid`' $cid)
##容器配置网络namespace,并设置固定ip:
# set up netns
mkdir -p /var/run/netns
ln -s /proc/$pid/ns/net /var/run/netns/$pid
# set up bridge
ip link add q$pid type veth peer name r$pid
brctl addif $BrName q$pid
ip link set q$pid up
# set up docker interface
fixed_ip='192.168.15.42/24'
gateway='192.168.15.2'
ip link set r$pid netns $pid
ip netns exec $pid ip link set dev r$pid name eth0
ip netns exec $pid ip link set eth0 up
ip netns exec $pid ip addr add $fixed_ip dev eth0
ip netns exec $pid ip route add default via 192.168.15.2
echo "Enter $vmName command: nsenter --target $pid --mount --uts --ipc --net --pid" >> /root/docker/enter_container_command.txt
//将脚本加入到开机启动项
[root@docker docker]# cat /etc/rc.local
/bin/sh /root/docker/start-docker/start_docker-41.sh
重启物理机后, 进入docker容器IP地址仍然还在。
//脚本登录docker容器
[root@docker docker]# docker p_w_picpaths
[root@docker docker]# sh -vx enter-docker.sh docker-42
docker启动、创建容器、登录容器脚本见附件.