daoli 使用方法

运行实例:

主节点:

1.1. 创建网络

# docker -H :3380 network create --subnet=11.1.0.0/24 --gateway=11.1.0.1 --driver=daolinet dnet11

1.2. 启动容器

# docker -H :3380 run -ti -d --net=dnet11 --name test11 centos

# docker -H :3380 run -ti -d --net=dnet12 --name test12 centos

(这时在主节点找不到相应的容器,你可以在子节点看到,在子节点运行# docker inspect test11。)

1.3. 测试容器网络

docker -H :3380 attach test11

[root@9dae2dc3a17e /]# ping 11.1.0.3

PING 11.1.0.3 (11.1.0.3) 56(84) bytes of data.
64 bytes from 11.1.0.3: icmp_seq=1 ttl=64 time=11.9 ms

(通过主节点进入 test11容器,可以ping通test12。

同样的方法创建test13,test14在192.168.0.段,进入 test11容器ping 192.168.0.x的IP,是可以ping通的。

1.4 查看节点信息

# docker -H :3380 info
Containers: 3
 Running: 3
Images: 2
Server Version: swarm/1.2.5
Role: primary
Strategy: spread
Filters: health, port, containerslots, dependency, affinity, constraint
Nodes: 1
 localhost.localdomain: 192.168.199.99:2376
  └ ID: 3ZV7:JY4S:77MZ:IQBN:QC3V:TOUU:F5UQ:R5H5:OE5M:RZIG:QGAU:FUPQ
  └ Status: Healthy
  └ Containers: 3 (3 Running, 0 Paused, 0 Stopped)
  └ Reserved CPUs: 0 / 2
  └ Reserved Memory: 0 B / 1.887 GiB
  └ Labels: executiondriver=native-0.2, kernelversion=3.10.0-229.11.1.el7.x86_64, operatingsystem=CentOS Linux 7 (Core), storagedriver=devicemapper
  └ UpdatedAt: 2016-11-21T12:53:45Z
  └ ServerVersion: 1.10.3
Kernel Version: 3.10.0-229.11.1.el7.x86_64
Operating System: linux
Architecture: amd64
Number of Docker Hooks: 2
CPUs: 2
Total Memory: 1.887 GiB
Name: 0cb9ec0b21c3


查看子节点:

# ip r
default via 192.168.199.1 dev daolinet 
11.1.0.0/24 dev tap018e5ccafed  proto kernel  scope link  src 11.1.0.1 


yum -y install net-tools iproute traceroute


# ip netns add ns11

# ip link set tap018e5ccafed netns ns11

目前通过命名空间可以限制容器不同IP段的连通性。


实际的隔离实现和文档还是有出入的,这同样说明官方的文档和代码是过期的。


# ./daolictl group create G2
G2
# ./daolictl member add --group G2 dnet17
dnet17
# ./daolictl member add --group G1 dnet16
dnet16

# ./daolictl group list
G1
# ./daolictl group show G1
dnet1
dnet11


# ./daolictl connect test21:test22
CONNECTED
# ./daolictl disconnect test21:test22 
Error response from daemon: Post http://127.0.0.1:8080/v1/policy: dial tcp 127.0.0.1:8080: getsockopt: connection refused

# ./daolictl show test21:test22
CONNECTED

# ./daolictl container shownet test21
IPADDRESS           MACADDRESS          GATEWAY             NETWORKNAME         VIPADDRESS
11.1.0.2/24         da:01:53:07:7a:66   11.1.0.1            dnet11            

  
]# ./daolictl container shownet test22
IPADDRESS           MACADDRESS          GATEWAY             NETWORKNAME         VIPADDRESS
10.11.0.2/24        da:01:76:20:41:1d   10.11.0.1           dnet17    



[root@localhost bin]# ./daolictl show test21:test22
CONNECTED

# ./daolictl firewall list
FIREWALL NAME       CONTAINER           GATEWAY IP          GATEWAY PORT        SERVICE PORT


# docker -H :3380 run -ti -d --net=dnet18 --name testssh daolicloud/centos6.6-ssh
8fecb11c7f34173cb4daec865a191d3de736bd508a0ae82c020d5cbfa731546d


# docker -H :3380 run -ti -d --net=dnet18 --name testweb daolicloud/centos6.6-apache
35984c22dc85d0268342800f33af19098fa54aed7f52285a5466d20ffc3a3e34


# ./daolictl firewall create --container testssh --rule 20022:22 fw-ssh
FIREWALL NAME       GATEWAY IP          GATEWAY PORT        SERVICE PORT
fw-ssh              192.168.199.99      22                  20022               


# daolictl firewall show testssh
bash: daolictl: command not found


# ./daolictl firewall show testssh
FIREWALL NAME       GATEWAY IP          GATEWAY PORT        SERVICE PORT
fw-ssh              192.168.199.99      22                  20022             

  
# ssh 192.168.199.99 -p 20022
ssh: connect to host 192.168.199.99 port 20022: Connection refused


# ./daolictl firewall create --container testweb --rule 20080:80 fw-web
FIREWALL NAME       GATEWAY IP          GATEWAY PORT        SERVICE PORT
fw-web              192.168.199.98      80                  20080               


# ./daolictl firewall show testweb
FIREWALL NAME       GATEWAY IP          GATEWAY PORT        SERVICE PORT
fw-web              192.168.199.98      80                  20080             

  
# curl -L http://192.168.199.98:20080
curl: (7) Failed connect to 192.168.199.98:20080; Connection refused


你会发现信息的添加和显示是没有问题,但是功能都是不可用的。

当然也有可用的功能,比如:

迁移容器

# ./daolictl container move --node NWMG:DGVA:JZBE:WPCL:K24H:U656:ZVZC:NPYE:CXWW:JHLR:XZY5:RYYH testweb
8085edb907b80d4c283023a24a23da038b3c1eb434fa425be150b93c57c5956b 

确实IP等信息没有变,迁移到了新的节点上,生成了新的容器ID

# ./daolictl container shownet testweb                                                                                                                                            
IPADDRESS           MACADDRESS          GATEWAY             NETWORKNAME         VIPADDRESS                                                                                                            
10.12.0.6/24        da:01:c6:ba:53:6d   10.12.0.1           dnet18   


理念:http://www.daolicloud.com/document/DaoliNet.pdf

来自:https://github.com/daolinet/daolinet/blob/master/docs/%E4%B8%AD%E6%96%87%E7%94%A8%E6%88%B7%E6%89%8B%E5%86%8C.md

你可能感兴趣的:(vm)