zoukankan      html  css  js  c++  java

  • 创建docker静态化IP

    配置桥接网络

      桥接本地物理网络的目的,是为了局域网内用户方便访问 docker 实例中服务,不需要各种端口映射即可访问服务。 但是这样做,又违背了 docker 容器的安全隔离的原则,工作中辩证的选择。

    创建桥接设备:

    安装包:

    [root@openstack ~]# rpm -ivh /mnt/Packages/bridge-utils-1.5-9.el7.x86_64.rpm

    把网卡帮到br0桥设备上

    [root@openstack ~]# cd /etc/sysconfig/network-scripts/

    [root@openstack network-scripts]# cp ifcfg-ens33 /opt/

    [root@openstack network-scripts]# vim ifcfg-ens33

    TYPE=Ethernet

    PROXY_METHOD=none

    BROWSER_ONLY=no

    BOOTPROTO=static

    DEFROUTE=yes

    IPV4_FAILURE_FATAL=no

    IPV6INIT=yes

    IPV6_AUTOCONF=yes

    IPV6_DEFROUTE=yes

    IPV6_FAILURE_FATAL=no

    IPV6_ADDR_GEN_MODE=stable-privacy

    NAME=ens33

    UUID=74a03b29-1fe1-4c5c-8361-4c25e321ea47

    DEVICE=ens33

    ONBOOT=yes

    IPADDR=192.168.199.7    删除地址相关的配置

    NETMASK=255.255.255.0

    GATEWAY=192.168.199.1

    DNS=114.114.114.114

    DNS2=119.29.29.29

    BRIDGE=br0      添加该配置

    [root@openstack network-scripts]# vim ifcfg-br0

    DEVICE="br0"

    NM_CONTROLLED="yes"

    ONBOOT="yes"

    TYPE="Bridge"

    BOOTPROTO=none

    IPADDR=192.168.209.7

    NETMASK=255.255.255.0

    GATEWAY=192.168.209.254

    DNS1=114.114.114.114

    [root@openstack network-scripts]# systemctl restart network   重启网络服务

    查看地址:

    [root@openstack network-scripts]# ifconfig
    br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 192.168.209.7  netmask 255.255.255.0  broadcast 192.168.209.255
            inet6 fe80::20c:29ff:fe73:f66b  prefixlen 64  scopeid 0x20<link>
            ether 00:0c:29:73:f6:6b  txqueuelen 1000  (Ethernet)
            RX packets 927  bytes 65484 (63.9 KiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 345  bytes 45743 (44.6 KiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
            inet 172.17.0.1  netmask 255.255.0.0  broadcast 0.0.0.0
            ether 02:42:ae:a2:84:7e  txqueuelen 0  (Ethernet)
            RX packets 0  bytes 0 (0.0 B)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 0  bytes 0 (0.0 B)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            ether 00:0c:29:73:f6:6b  txqueuelen 1000  (Ethernet)
            RX packets 978  bytes 82130 (80.2 KiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 471  bytes 62022 (60.5 KiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    使用pipework给容器绑定静态IP地址

    给容器绑定IP地址使用pipework这个工具

    [root@openstack ~]# git clone https://github.com/jpetazzo/pipework.git

    [root@openstack ~]# cd pipework/

    [root@openstack pipework]# ls

    docker-compose.yml  doctoc  LICENSE  pipework  pipework.spec  README.md

    [root@openstack pipework]# cp pipework /usr/local/bin/

    [root@openstack pipework]# ls /usr/local/bin/

    pipework

    至此pipework安装完毕。

    启动容器

    [root@openstack ~]# docker run -itd --net=none --privileged=true docker.io/centos:latest bash

    [root@openstack ~]# docker ps
    CONTAINER ID        IMAGE                     COMMAND             CREATED             STATUS              PORTS               NAMES
    742430cbc590        docker.io/centos:latest   "bash"              11 hours ago        Up 6 seconds                            goofy_mestorf

    [root@openstack ~]# pipework br0 742430cbc590 192.168.209.10/24@192.168.209.254       绑定IP
    [root@openstack ~]# ping 192.168.209.10
    PING 192.168.209.10 (192.168.209.10) 56(84) bytes of data.
    64 bytes from 192.168.209.10: icmp_seq=1 ttl=64 time=0.333 ms

    查看容器的IP:

    [root@openstack ~]# docker exec -it 742430cbc590 bash

    [root@742430cbc590 /]# yum install net-tools -y    docker中没有ifconfig命令。需要安装
    [root@742430cbc590 /]# ifconfig
    eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 192.168.209.10  netmask 255.255.255.0  broadcast 192.168.209.255
            inet6 fe80::6435:e4ff:fee5:49e6  prefixlen 64  scopeid 0x20<link>
            ether 66:35:e4:e5:49:e6  txqueuelen 1000  (Ethernet)
            RX packets 459  bytes 363810 (355.2 KiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 145  bytes 10285 (10.0 KiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
            inet 127.0.0.1  netmask 255.0.0.0
            inet6 ::1  prefixlen 128  scopeid 0x10<host>
            loop  txqueuelen 1  (Local Loopback)
            RX packets 0  bytes 0 (0.0 B)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 0  bytes 0 (0.0 B)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    到此给容器绑定了静态IP,但是有一个缺点就是容器一旦重启地址就会失效。

    实战:

    使用静态IP启动一个web服务。

    在上面的容器的基础上,来做该实验。

    [root@openstack ~]# docker exec -it 742430cbc590 bash
    [root@742430cbc590 /]# yum install httpd -y      安装服务
    [root@742430cbc590 /]# systemctl start httpd    这样启动时不行的
    Failed to get D-Bus connection: Operation not permitted
    [root@742430cbc590 /]# httpd            使用httpd启动
    创建测试页:

    [root@742430cbc590 /]# echo "this is a test" > /var/www/html/index.html
    测试:
  • 相关阅读:
    第10组 Beta冲刺(2/4)
    第10组 Beta冲刺(1/4)
    第10组 Alpha冲刺(4/4)
    第08组 Beta版本演示
    第08组 Beta冲刺(4/4)
    第08组 Beta冲刺(3/4)
    第08组 Beta冲刺(2/4)
    第08组 Beta冲刺(1/4)
    第08组 Alpha事后诸葛亮
    第08组 Alpha冲刺(4/4)
  • 原文地址:https://www.cnblogs.com/winter1519/p/9920941.html
Copyright © 2011-2022 走看看