docker_info_02_network 网络管理
2.1.网络类型(3种)
1.默认使用的是桥接的网卡,虚拟网桥docker0,使用以下命令可以查看
brctl show
在启动网络配置的时候会自动在iptables里面配置相应的规则
iptables -nL
2.直接桥接到物理网络
优点:方便管理,
缺点:使用物理机的网络堆栈,可用 IP 端口范围端口有限制
3.使用另外一个容器的网络(很少见)
2.2.手动进入 docker 容器
# 首先创建个进入docker容器的脚本,方便后续操作,内容如下
mkdir -p /opt/tools
cd /opt/tools
vim into_docker.sh
----------------------------------
#!/bin/sh
# made for into docker on 20180821
CNAME=$1
CPID=$(docker inspect --format "{{.State.Pid}}" $CNAME)
nsenter --target "$CPID" --mount --uts --ipc --net --pid
----------------------------------
chmod 755 into_docker.sh
docker ps -a
docker start mydocker
./into_docker.sh mydocker
# 实例演示:
----------------------------------
[root@zuiyoujie tools]# ./into_docker.sh mydocker
[root@89e7562da7a7 /]# ping 10.0.40.21 # 测试容器与宿主机(10.0.40.21)的连通性
PING 10.0.40.21 (10.0.40.21) 56(84) bytes of data.
64 bytes from 10.0.40.21: icmp_seq=1 ttl=63 time=0.662 ms
64 bytes from 10.0.40.21: icmp_seq=2 ttl=63 time=0.544 ms
64 bytes from 10.0.40.21: icmp_seq=3 ttl=63 time=0.409 ms
^C
--- 10.0.40.21 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.409/0.538/0.662/0.105 ms
[root@89e7562da7a7 /]# ping www.baidu.com # 测试容器与公网(百度)的连通性
PING www.a.shifen.com (220.181.111.188) 56(84) bytes of data.
64 bytes from 220.181.111.188 (220.181.111.188): icmp_seq=1 ttl=52 time=3.90 ms
64 bytes from 220.181.111.188 (220.181.111.188): icmp_seq=2 ttl=52 time=4.17 ms
64 bytes from 220.181.111.188 (220.181.111.188): icmp_seq=3 ttl=52 time=4.32 ms
^C
--- www.a.shifen.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 3.908/4.134/4.321/0.170 ms
[root@89e7562da7a7 /]# exit
logout
----------------------------------------
2.3.查看 docker 宿主机系统的网卡信息(brctl由bridge-utils软件提供)
yum install bridge-utils -y
brctl show
--------------------------------------
[root@zuiyoujie tools]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02429af3f1a1 no veth2a76b80
vetha2de46d
--------------------------------------
[root@zuiyoujie tools]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:9a:f3:f1:a1 txqueuelen 0 (Ethernet)
RX packets 1711 bytes 74303 (72.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3568 bytes 13808143 (13.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
...
----------------------------------------
iptables -nL
2.4.docker 端口映射
docker run -d -P --name mynginx1 nginx
-P 绑定随机端口
docker run -d -p 91:80 --name mynginx2 nginx
-p 主机端口:容器端口
-p 主机IP:主机端口:容器端口
-p 主机IP::容器端口
实例演示:
--------------------------------------.
[root@zuiyoujie tools]# docker run -d -P --name mynginx1 nginx
[root@zuiyoujie tools]# docker run -d -p 91:80 --name mynginx2 nginx
0a5d50fd5670c694e47907fb80eaa77d8b4f62140aaa2d9a77bcabc554b0258e
[root@zuiyoujie tools]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0a5d50fd5670 nginx "nginx -g 'daemon of…" 4 seconds ago Up 3 seconds 0.0.0.0:91->80/tcp mynginx2
5b42d5e43937 nginx "nginx -g 'daemon of…" 4 minutes ago Up 4 minutes 0.0.0.0:32768->80/tcp mynginx1
89e7562da7a7 centos "/bin/bash" 2 hours ago Up 40 minutes mydocker
[root@zuiyoujie tools]# curl 127.0.0.1:32768
[root@zuiyoujie tools]# curl 127.0.0.1:91
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
--------------------------------------
END