不同物理机中的Docker容器互连(Openvswitch)
本文使用vultr虚拟主机实现
邀请注册链接:http://www.vultr.com/?ref=6940267
参考:http://www.cnblogs.com/openxxs/p/4690478.html
先买两台主机,很便宜,一个月5美元的那款就够用了
安装docker和相关软件
yum upgrade -y
yum install -y docker tree git wget p7zip bridge-utils net-tools vim unzip
systemctl start docker.service
systemctl enable docker
安装openvswitch 2.5.0
具体安装办法,可参考:http://crabdave.iteye.com/blog/2363896
直接下载附件中的openvswitch
wget http://dl2.iteye.com/upload/attachment/0123/7844/8da95736-54ae-3fc7-938c-b990af0b24c9.zip
unzip 8da95736-54ae-3fc7-938c-b990af0b24c9.zip
本地安装,并启动服务
yum localinstall -y openvswitch-2.5.0-1.x86_64.rpm
systemctl start openvswitch.service
开启两台主机的ip_forward
echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf
systemctl restart network
sysctl net.ipv4.ip_forward
在云主机上配置内网IP
(之前使用外网IP一直连接不上 ip route add RTNETLINK answers: Network is unreachable)
参考 www.vultr.com 页面中 Sample Network Configuration
样例:
/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=IP地址
NETMASK=255.255.254.0
GATEWAY=网关
DNS1=
IPV6INIT=yes
IPV6ADDR="2001:19f0:4400:4827:5400:00ff:fe5d:302c/64"
IPV6_AUTOCONF="yes"
DNS2=2001:19f0:300:1704::6
/etc/sysconfig/network-scripts/route-eth0
169.254.0.0/16 dev eth0
配置内网网卡
/etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
ONBOOT=yes
BOOTPROTO=static
IPADDR=10.99.0.11(内网IP)
NETMASK=255.255.0.0
MTU=1450
先配置第一台机器10.99.0.11:
之前如果装错了可以通过 ovs-vsctl del-port ob0 gre0 命令删除之前绑定的port
ovs-vsctl创建ob0网桥并绑定IP:
ovs-vsctl add-br ob0
ovs-vsctl add-port ob0 gre0 -- set Interface gre0 type=gre options:remote_ip=10.99.0.11
brctl addbr kbr0
brctl addif kbr0 ob0
ovs-vsctl show
删除docker默认的网桥docker0
ip link set dev docker0 down
ip link del dev docker0
vi /etc/sysconfig/network-scripts/ifcfg-kbr0
DEVICE=kbr0
ONBOOT=yes
BOOTPROTO=static
IPADDR=172.17.2.1
NETMASK=255.255.255.0
GATEWAY=172.17.2.0
USERCTL=no
TYPE=Bridge
IPV6INIT=no
使用内网网卡进行连接 eth1 配置对方IP
echo "172.17.1.0/24 via 10.99.0.10 dev eth1" > /etc/sysconfig/network-scripts/route-eth1
配置完成后,重启网络服务:
systemctl restart network.service
查看路由:
ip route show|column -t
172.17.1.0/24 via 10.99.0.10 dev eth1
172.17.2.0/24 dev kbr0 proto kernel scope link src 172.17.2.1
再配置第二台机器10.99.0.10:
ovs-vsctl add-br ob0
ovs-vsctl add-port ob0 gre0 -- set Interface gre0 type=gre options:remote_ip=10.99.0.10
brctl addbr kbr0
brctl addif kbr0 ob0
ovs-vsctl show
删除docker默认的网桥docker0
ip link set dev docker0 down
ip link del dev docker0
vi /etc/sysconfig/network-scripts/ifcfg-kbr0
DEVICE=kbr0
ONBOOT=yes
BOOTPROTO=static
IPADDR=172.17.1.1
NETMASK=255.255.255.0
GATEWAY=172.17.1.0
USERCTL=no
TYPE=Bridge
IPV6INIT=no
使用内网网卡进行连接 eth1 配置对方IP
echo "172.17.2.0/24 via 10.99.0.11 dev eth1" > /etc/sysconfig/network-scripts/route-eth1
配置完成后,重启网络服务:
systemctl restart network.service
查看路由:
ip route show|column -t
172.17.1.0/24 dev kbr0 proto kernel scope link src 172.17.1.1
172.17.2.0/24 via 10.99.0.11 dev eth1
配置两台机器的docker
vim /etc/sysconfig/docker
OPTIONS= 中添加新增的网桥 -b=kbr0
重启docker service
systemctl restart docker.service
编写一个Dockerfile,仅安装一个net-tools
vi Dockerfile
From centos
RUN yum -y install net-tools
构建镜像
docker build -t test .
运行容器
docker run -it --rm=true test
然后查看IP
ifconfig
ping 对方IP
ping 172.17.2.2
PING 172.17.2.2 (172.17.2.2) 56(84) bytes of data.
64 bytes from 172.17.2.2: icmp_seq=1 ttl=62 time=1.18 ms
64 bytes from 172.17.2.2: icmp_seq=2 ttl=62 time=0.804 ms
ping 172.17.1.2
PING 172.17.1.2 (172.17.1.2) 56(84) bytes of data.
64 bytes from 172.17.1.2: icmp_seq=1 ttl=62 time=0.904 ms
64 bytes from 172.17.1.2: icmp_seq=2 ttl=62 time=0.802 ms
双方能拼通就成功了!
如果不愿意构建镜像文件,也可以使用如下命令,在创建centos容器后,立即安装net-tools
docker run -it --rm=true centos sh -c "yum -y install net-tools; bash"