理解Docker网络(docker0)
测试
# 获取当前IP地址
[root@izuf6akcgealirj602cmxsz ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:16:3e:30:9d:94 brd ff:ff:ff:ff:ff:ff
inet 172.24.203.208/20 brd 172.24.207.255 scope global dynamic eth0
valid_lft 313030643sec preferred_lft 313030643sec
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:6d:e8:76:60 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
[root@izuf6akcgealirj602cmxsz ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@izuf6akcgealirj602cmxsz ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
# 上个网卡地址
# lo 本机回环地址
# eth0 阿里云内网地址
# docker0 docker生成的一个网卡地址
# docker 如何处理容器网络访问的
# 运行容器
[root@izuf6akcgealirj602cmxsz ~]# docker run -it --name centos01 centos:7 /bin/bash
[root@0572789f2ee8 /]#
# 查看容器ip地址,发现docker容器中没有ip addr 命令
[root@izuf6akcgealirj602cmxsz ~]# docker exec -it 0572789f2ee8 ip addr
OCI runtime exec failed: exec failed: container_linux.go:380: starting container process caused: exec: "ip": executable file not found in $PATH: unknown
# 解决办法
# 进入容器,添加软件源信息
yum clean all
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum makecache
yum update -y
# 安装ip addr
yum -y install initscripts
# 再次查看容器内部网络地址,发现容器启动的时候会得到一个 204: eth0@if205 的网卡地址,docker分配的
[root@izuf6akcgealirj602cmxsz ~]# docker exec -it 0572789f2ee8 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
204: eth0@if205: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
# 再次查看宿主机ip地址,发现宿主机多了一个“205: veth9ff4347@if204”网卡 与 容器内部“204: eth0@if205”网卡刚好促成一对网卡地址
[root@izuf6akcgealirj602cmxsz ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:16:3e:30:9d:94 brd ff:ff:ff:ff:ff:ff
inet 172.24.203.208/20 brd 172.24.207.255 scope global dynamic eth0
valid_lft 312604780sec preferred_lft 312604780sec
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:6d:e8:76:60 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
205: veth9ff4347@if204: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether b6:0e:4b:2e:79:5a brd ff:ff:ff:ff:ff:ff link-netnsid 0
# 发现运行一个容器,宿主机会产生一个网卡与容器网卡是成对出现的
# 并思考 宿主机是否可以ping通容器内部,发现宿主机可以正常ping通容器网络
[root@izuf6akcgealirj602cmxsz ~]# ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.048 ms
64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.064 ms
64 bytes from 172.17.0.2: icmp_seq=3 ttl=64 time=0.057 ms
^C
--- 172.17.0.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.048/0.056/0.064/0.009 ms
原理(宿主机可以ping通容器网络)
docker0的网卡ip为172.17.0.1 ,容器的网卡ip为 172.17.0.2
理解
- 安装docker,就会产生一个网卡docker0,docker自身的网卡地址docker0的ip地址为:
172.17.0.1类似于一个路由器,使用桥接模式,技术为evth-pair技术 - evth-pair技术:一对虚拟设备接口,都是成对出现的,一端连着协议,一端彼此相连
- 每启动一个容器docker给容器分配一个同一网段的ip地址
结论
所以我们在运行一个容器时,docker使用evth-pair技术给容器分配了一个与docker0同一网段的的ip地址,互相就可以ping通了
测试两个容器(centos01和centos02)之间是否可以ping通
# 再运行一个容器centos02
[root@izuf6akcgealirj602cmxsz ~]# docker run -it --name centos02 centos:7 /bin/bash
[root@f3a18f3252f7 /]#
# 查看容器ip
[root@izuf6akcgealirj602cmxsz ~]# docker exec -it centos02 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
206: eth0@if207: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
# 查看宿主机ip
[root@izuf6akcgealirj602cmxsz ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:16:3e:30:9d:94 brd ff:ff:ff:ff:ff:ff
inet 172.24.203.208/20 brd 172.24.207.255 scope global dynamic eth0
valid_lft 312596635sec preferred_lft 312596635sec
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:6d:e8:76:60 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
205: veth9ff4347@if204: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether b6:0e:4b:2e:79:5a brd ff:ff:ff:ff:ff:ff link-netnsid 0
207: veth7e9af5b@if206: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 1e:48:c8:66:33:b5 brd ff:ff:ff:ff:ff:ff link-netnsid 1
# 用centos02 ping 172.17.0.2(centos01),发现是可以ping通
[root@izuf6akcgealirj602cmxsz ~]# docker exec -it centos02 ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.100 ms
64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.061 ms
64 bytes from 172.17.0.2: icmp_seq=3 ttl=64 time=0.060 ms
^C
--- 172.17.0.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.060/0.073/0.100/0.021 ms
# 用centos01 ping 172.17.0.3(centos02),发现是可以ping通
[root@izuf6akcgealirj602cmxsz ~]# docker exec -it centos01 ping 172.17.0.3
PING 172.17.0.3 (172.17.0.3) 56(84) bytes of data.
64 bytes from 172.17.0.3: icmp_seq=1 ttl=64 time=0.080 ms
64 bytes from 172.17.0.3: icmp_seq=2 ttl=64 time=0.059 ms
64 bytes from 172.17.0.3: icmp_seq=3 ttl=64 time=0.058 ms
^C
--- 172.17.0.3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.058/0.065/0.080/0.013 ms
结论
两个容器之间是可以ping通的,使用了一个公用的的路由器docker0,但是两个容器之间不是直连的,而是通过docker0 在中间作为桥梁连通的
所有容器在不指定网络的情况下,都是通过docker0路由的,docker会给我们分配一个默认可用的IP
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-UTCJ6UP4-1648633353549)(C:\Users\zh\AppData\Roaming\Typora\typora-user-images\1645864703308.png)]
两种方式:
- **所有容器注册到docker0:**centos01 请求通过
veth-pair技术发送到达 docker0 然后讲centos01注册在docker0中 - **广播:**centos01 请求通过
veth-pair技术发送到达 docker0 通过广播形式扩散,等待要ping的容器给作出相应
网络范围(域)
255.255.0.1/16
255.255.255.1/25
小结
- docker使用的是桥接模式:veth-pair,通过网桥去链接
- docker中所有的网络接口都是虚拟的,虚拟转发效率高
- 删除容器,网桥一对的网卡就删除了
–link(不推荐使用)
思考一个问题,我们上面的操作是通过IP ping通 后面的容器的,是否可以通过容器名称来ping通呢? (实际应用中IP是可能变化的,当容器宕机了,再次启动容器,IP发生了变化,就可能需要改配置文件,是否可以不重启服务,就可以让服务正常运行呢)
# 发现 直接ping 容器名称 是行不通的
[root@izuf6akcgealirj602cmxsz tomcat]# docker exec -it centos01 ping centos02
ping: centos02: Name or service not known
# 如何解决这种问题呢
# 启动centos03 并使用--link 链接centos02
[root@izuf6akcgealirj602cmxsz tomcat]# docker run -it --name centos03 --link centos02 centos:7 /bin/bash
[root@ca82a764dc3e /]# [root@izuf6akcgealirj602cmxsz tomcat]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ca82a764dc3e centos:7 "/bin/bash" 9 seconds ago Up 8 seconds centos03
f3a18f3252f7 centos:7 "/bin/bash" 2 days ago Up 29 minutes centos02
0572789f2ee8 centos:7 "/bin/bash" 3 days ago Up 29 minutes centos01
# 然后使用centos03 ping centos02,发现可以ping通了
[root@izuf6akcgealirj602cmxsz tomcat]# docker exec -it centos03 ping centos02
PING centos02 (172.17.0.3) 56(84) bytes of data.
64 bytes from centos02 (172.17.0.3): icmp_seq=1 ttl=64 time=0.096 ms
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.055/0.066/0.096/0.018 ms
# 反向可以ping通吗,发现是不可以ping通的
[root@izuf6akcgealirj602cmxsz tomcat]# docker exec -it centos02 ping centos03
ping: centos03: Name or service not known
# 为什么反向不能ping通呢
# 查找centos03 与 centos02 是如何建立网络链接的
# 使用docker network
[root@izuf6akcgealirj602cmxsz tomcat]# docker network --help
Usage: docker network COMMAND
Manage networks
Commands:
connect Connect a container to a network
create Create a network
disconnect Disconnect a container from a network
inspect Display detailed information on one or more networks
ls List networks
prune Remove all unused networks
rm Remove one or more networks
Run 'docker network COMMAND --help' for more information on a command.
# 查看docker网络,查找--link 是怎么建立网络链接的,结果没有找到
[root@izuf6akcgealirj602cmxsz tomcat]# docker network ls
NETWORK ID NAME DRIVER SCOPE
95eb5a61fafc bridge bridge local
7ab15c63ec61 host host local
44419d78e827 none null local
[root@izuf6akcgealirj602cmxsz tomcat]# docker network inspect 95eb5a61fafc
[
{
"Name": "bridge",
"Id": "95eb5a61fafca5b44eb89e1bedcc8965c200598c564fb4c5d6be742e2c8ab311",
"Created": "2022-02-14T17:52:04.336274755+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"0572789f2ee81e2db3f4b0b39df6466dad688afabbd1518e2ddea99cce7f070d": {
"Name": "centos01",
"EndpointID": "f4c9ff6d05c288f3eb014c1032b581a658f7a21181c1d02f42a7f31ffbbf5e86",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
},
"ca82a764dc3e69a9738fa5721d5b5af81e488aed6582b8fd12c7f369e53e9054": {
"Name": "centos03",
"EndpointID": "2ff9aac81524f50b01b39e5d1049dab87ac42b7f25990950581c37aea06a12ba",
"MacAddress": "02:42:ac:11:00:04",
"IPv4Address": "172.17.0.4/16",
"IPv6Address": ""
},
"f3a18f3252f77519d7be30205f702dee34a472836fee60c7b99c5fb8a282c22a": {
"Name": "centos02",
"EndpointID": "fa17fce7fbe4c27b9dc943b9f6e524588af0c8cf64b570412b20c38a18f4271d",
"MacAddress": "02:42:ac:11:00:03",
"IPv4Address": "172.17.0.3/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
# 查看centos03 本地hosts
[root@izuf6akcgealirj602cmxsz tomcat]# docker exec -it ca82a764dc3e /etc/hosts
OCI runtime exec failed: exec failed: container_linux.go:380: starting container process caused: exec: "/etc/hosts": permission denied: unknown
[root@izuf6akcgealirj602cmxsz tomcat]# docker exec -it ca82a764dc3e /bin/bash
[root@ca82a764dc3e /]# cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.3 centos02 f3a18f3252f7
172.17.0.4 ca82a764dc3e
# 从中发现了在hosts文件中配置了与 centos02的配置
# 总结 --link 就是在hosts文件中增加了另一个容器的映射
为什么不推荐使用–link
–link 就是在hosts文件中增加了另一个容器的映射,目前不建议使用
目前建议使用自定义网络,不使用docker0
docker0问题:不支持容器名链接
自定义网络
查看所有的docker网络
[root@izuf6akcgealirj602cmxsz ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
95eb5a61fafc bridge bridge local
7ab15c63ec61 host host local
44419d78e827 none null local
网络模式
bridge:桥接模式(默认)
none:不配置网络
host:和宿主机共享网络
container:容器网络联通
测试
# 我们直接运行容器命令 其实有个默认的参数 --net bridge 就是我们的docker0
# docker run -d -P --name centos01 --net bridge centos:7 == docker run -d -P --name centos01 centos:7
[root@izuf6akcgealirj602cmxsz ~]# docker run -d -P --name centos01 --net bridge centos:7
a914ac09088060d389d42e0ee997adc739494b6124f8de1d0b0413271601872c
# docker0 默认的 不能使用容器名访问 可以使用--link(不建议使用)
创建自定义网路
[root@izuf6akcgealirj602cmxsz ~]# docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet
6bc93bac752acd8ec3afbf3d5533da886ba25f2ef69c50f055777b93b29abf76
[root@izuf6akcgealirj602cmxsz ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
95eb5a61fafc bridge bridge local
7ab15c63ec61 host host local
6bc93bac752a mynet bridge local
44419d78e827 none null local
# 查看自己创建的网络
[root@izuf6akcgealirj602cmxsz ~]# docker network inspect mynet
[
{
"Name": "mynet",
"Id": "6bc93bac752acd8ec3afbf3d5533da886ba25f2ef69c50f055777b93b29abf76",
"Created": "2022-03-01T19:58:28.967870888+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.0/16",
"Gateway": "192.168.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
# 根据自己创建的网络运行容器
[root@izuf6akcgealirj602cmxsz ~]# docker run -it -P --name centos01 --net mynet centos:7
[root@izuf6akcgealirj602cmxsz ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
104918af8c8d centos:7 "/bin/bash" 7 seconds ago Up 7 seconds centos01
# 再次查看自己创建的网络,发现多了一个自己运行的容器
[root@izuf6akcgealirj602cmxsz ~]# docker network inspect mynet
[
{
"Name": "mynet",
"Id": "6bc93bac752acd8ec3afbf3d5533da886ba25f2ef69c50f055777b93b29abf76",
"Created": "2022-03-01T19:58:28.967870888+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.0/16",
"Gateway": "192.168.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"104918af8c8d95f35c238d7e1f26b6edfe3679016cf6a99719f15e660ff6fd97": {
"Name": "centos01",
"EndpointID": "1cb8cf5e1790f2bc176ceb1c957a659d2275e77c191c8a096acb219ce228edc3",
"MacAddress": "02:42:c0:a8:00:02",
"IPv4Address": "192.168.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
# 再次测试网络链接
[root@izuf6akcgealirj602cmxsz ~]# docker exec -it centos01 ping 192.168.0.3
PING 192.168.0.3 (192.168.0.3) 56(84) bytes of data.
64 bytes from 192.168.0.3: icmp_seq=1 ttl=64 time=0.100 ms
64 bytes from 192.168.0.3: icmp_seq=2 ttl=64 time=0.073 ms
64 bytes from 192.168.0.3: icmp_seq=3 ttl=64 time=0.065 ms
^C
--- 192.168.0.3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.065/0.079/0.100/0.016 ms
# 不使用--link可以使用容器名称ping通
[root@izuf6akcgealirj602cmxsz ~]# docker exec -it centos01 ping centos02
PING centos02 (192.168.0.3) 56(84) bytes of data.
64 bytes from centos02.mynet (192.168.0.3): icmp_seq=1 ttl=64 time=0.039 ms
64 bytes from centos02.mynet (192.168.0.3): icmp_seq=2 ttl=64 time=0.069 ms
^C
--- centos02 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.039/0.054/0.069/0.015 ms
# 总结
# 1.自定义网络可以不使用--link,直接使用容器名称ping通
# 2.可以设置不同的集群使用自己的网络,保证各自集群的网络安全
网络连通
# docker network connect
# 测试
[root@izuf6akcgealirj602cmxsz ~]# docker run -it -P --name centos01 centos:7 /bin/bash
[root@izuf6akcgealirj602cmxsz ~]# docker run -it -P --name centos02 centos:7 /bin/bash
[root@izuf6akcgealirj602cmxsz ~]# docker run -it -P --name centos-net-01 --net mynet centos:7 /bin/bash
[root@izuf6akcgealirj602cmxsz ~]# docker run -it -P --name centos-net-02 --net mynet centos:7 /bin/bash
[root@izuf6akcgealirj602cmxsz ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a378c690a775 centos:7 "/bin/bash" 6 seconds ago Up 5 seconds centos-net-02
21e091cd1562 centos:7 "/bin/bash" 15 seconds ago Up 14 seconds centos-net-01
8f6440c3226b centos:7 "/bin/bash" 41 seconds ago Up 40 seconds centos02
68a31bbfb493 centos:7 "/bin/bash" 52 seconds ago Up 51 seconds centos01
# 自定义网络可以ping通
[root@izuf6akcgealirj602cmxsz ~]# docker exec -it centos-net-01 ping centos-net-02
PING centos-net-02 (192.168.0.3) 56(84) bytes of data.
64 bytes from centos-net-02.mynet (192.168.0.3): icmp_seq=1 ttl=64 time=0.084 ms
64 bytes from centos-net-02.mynet (192.168.0.3): icmp_seq=2 ttl=64 time=0.059 ms
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.059/0.071/0.084/0.015 ms
# 自定义网络ping不通默认网络
[root@izuf6akcgealirj602cmxsz ~]# docker exec -it centos-net-01 ping centos01
ping: centos01: Name or service not known
# 默认网络使用容器名ping不通
[root@izuf6akcgealirj602cmxsz ~]# docker exec -it centos02 ping centos01
ping: centos01: Name or service not known
# 解决自定义网络ping不通默认网络
# 创建自定义网络与默认网络的连通
[root@izuf6akcgealirj602cmxsz ~]# docker network connect mynet centos01
# 查看自定义网络的网络信息,发现container里面多容器centos01, 实际就是将centos01放到了mynet网络下
# 一个容器两个IP
[root@izuf6akcgealirj602cmxsz ~]# docker network inspect mynet
[
{
"Name": "mynet",
"Id": "6bc93bac752acd8ec3afbf3d5533da886ba25f2ef69c50f055777b93b29abf76",
"Created": "2022-03-01T19:58:28.967870888+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.0/16",
"Gateway": "192.168.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"21e091cd15624ca67c4cb23c1e1c74b5b6075e1499011f7498cece75482062df": {
"Name": "centos-net-01",
"EndpointID": "9e23ec4d189416a243bcddbc12343783b4b7e113ee40467da86905835cc3ba34",
"MacAddress": "02:42:c0:a8:00:02",
"IPv4Address": "192.168.0.2/16",
"IPv6Address": ""
},
"68a31bbfb49315a79b3cfa31cebe47499e1d628fdde8d5bee737bcbe19684651": {
"Name": "centos01",
"EndpointID": "7c19e485d2d97d291b83286a71c855526e7cf0b6d16a9b0812f7a018352fa756",
"MacAddress": "02:42:c0:a8:00:04",
"IPv4Address": "192.168.0.4/16",
"IPv6Address": ""
},
"a378c690a7759ff2aa45b5594ddd1014eebd1b21d637d9c9cdfad09d204a9907": {
"Name": "centos-net-02",
"EndpointID": "6499a5b693f4e63bc2a6de19ca054175d05e912e27e12081e3664a4bf0d18ae9",
"MacAddress": "02:42:c0:a8:00:03",
"IPv4Address": "192.168.0.3/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
# 测试是否可以ping通,发现可以ping通了
[root@izuf6akcgealirj602cmxsz ~]# docker exec -it centos01 ping centos-net-01
PING centos-net-01 (192.168.0.2) 56(84) bytes of data.
64 bytes from centos-net-01.mynet (192.168.0.2): icmp_seq=1 ttl=64 time=0.085 ms
64 bytes from centos-net-01.mynet (192.168.0.2): icmp_seq=2 ttl=64 time=0.072 ms
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.072/0.078/0.085/0.011 ms
# 测试centos02 是没有打通的
[root@izuf6akcgealirj602cmxsz ~]# docker exec -it centos02 ping centos-net-01
ping: centos-net-01: Name or service not known
结论:扩网络操作,需要使用docker network connect
实战:部署Redis集群
# 创建redis网络
[root@izuf6akcgealirj602cmxsz ~]# docker network create redis --subnet 172.38.0.0/16
33fac8bad8c532f7d306935dd56679cbf90d7747e4245eaaf385fdb53c51bd2f
# 通过脚本创建6个redis配置
for port in $(seq 1 6); \
do \
mkdir -p /home/jgenius/redis/node-${port}/conf
touch /home/jgenius/redis/node-${port}/conf/redis.conf
cat <<EOF >/home/jgenius/redis/node-${port}/conf/redis.conf
port 6379
bind 0.0.0.0
cluster-enabled yes
cluster-config-file nodes.conf
cluster-node-timeout 5000
cluster-announce-ip 172.38.0.1${port}
cluster-announce-port 6379
cluster-announce-bus-port 16379
appendonly yes
EOF
done
# 通过脚本运行6个redis容器
for i in $(req 1 6); do
docker run -p 637${i}:6379 -p 1637${i}:16379 --name redis-${i} \
-v /home/jgenius/redis/node-${i}/data:/data \
-v /home/jgenius/redis/node-${i}/conf/redis.conf:/etc/redis/redis.conf \
-d --net redis --ip 172.38.0.1${i} redis redis-server /etc/redis/redis.conf
done
# 创建集群 进入容器
root@a9fb64b8c467:/data# redis-cli --cluster create 172.38.0.11:6379 172.38.0.12:6379 172.38.0.13:6379 172.38.0.14:6379 172.38.0.15:6379 172.38.0.16:6379 --cluster-replicas 1
>>> Performing hash slots allocation on 6 nodes...
Master[0] -> Slots 0 - 5460
Master[1] -> Slots 5461 - 10922
Master[2] -> Slots 10923 - 16383
Adding replica 172.38.0.15:6379 to 172.38.0.11:6379
Adding replica 172.38.0.16:6379 to 172.38.0.12:6379
Adding replica 172.38.0.14:6379 to 172.38.0.13:6379
M: 2cdf2610091beb0f23ca2facd5a899f84ea02c6f 172.38.0.11:6379
slots:[0-5460] (5461 slots) master
M: 254cc1b5224a67a15c6ebebd169290fed88ccc71 172.38.0.12:6379
slots:[5461-10922] (5462 slots) master
M: 2897fc5fc8b066cfca3e7b18c2e583cdb2f44b44 172.38.0.13:6379
slots:[10923-16383] (5461 slots) master
S: c27f6f7e9c579f78c7d06287effe34977ad34653 172.38.0.14:6379
replicates 2897fc5fc8b066cfca3e7b18c2e583cdb2f44b44
S: 57be1b772cc683dd5ce08d403117854b6930a004 172.38.0.15:6379
replicates 2cdf2610091beb0f23ca2facd5a899f84ea02c6f
S: db8e474f6cc28a398c015ede3e0065335c05516f 172.38.0.16:6379
replicates 254cc1b5224a67a15c6ebebd169290fed88ccc71
Can I set the above configuration? (type 'yes' to accept): yes
>>> Nodes configuration updated
>>> Assign a different config epoch to each node
>>> Sending CLUSTER MEET messages to join the cluster
Waiting for the cluster to join
..
>>> Performing Cluster Check (using node 172.38.0.11:6379)
M: 2cdf2610091beb0f23ca2facd5a899f84ea02c6f 172.38.0.11:6379
slots:[0-5460] (5461 slots) master
1 additional replica(s)
S: db8e474f6cc28a398c015ede3e0065335c05516f 172.38.0.16:6379
slots: (0 slots) slave
replicates 254cc1b5224a67a15c6ebebd169290fed88ccc71
M: 254cc1b5224a67a15c6ebebd169290fed88ccc71 172.38.0.12:6379
slots:[5461-10922] (5462 slots) master
1 additional replica(s)
S: c27f6f7e9c579f78c7d06287effe34977ad34653 172.38.0.14:6379
slots: (0 slots) slave
replicates 2897fc5fc8b066cfca3e7b18c2e583cdb2f44b44
M: 2897fc5fc8b066cfca3e7b18c2e583cdb2f44b44 172.38.0.13:6379
slots:[10923-16383] (5461 slots) master
1 additional replica(s)
S: 57be1b772cc683dd5ce08d403117854b6930a004 172.38.0.15:6379
slots: (0 slots) slave
replicates 2cdf2610091beb0f23ca2facd5a899f84ea02c6f
[OK] All nodes agree about slots configuration.
>>> Check for open slots...
>>> Check slots coverage...
[OK] All 16384 slots covered.
# 测试
# 链接集群信息
root@a9fb64b8c467:/data# redis-cli -c
# 查看集群信息
127.0.0.1:6379> cluster info
cluster_state:ok
cluster_slots_assigned:16384
cluster_slots_ok:16384
cluster_slots_pfail:0
cluster_slots_fail:0
cluster_known_nodes:6
cluster_size:3
cluster_current_epoch:6
cluster_my_epoch:1
cluster_stats_messages_ping_sent:157
cluster_stats_messages_pong_sent:162
cluster_stats_messages_sent:319
cluster_stats_messages_ping_received:157
cluster_stats_messages_pong_received:157
cluster_stats_messages_meet_received:5
cluster_stats_messages_received:319
127.0.0.1:6379> cluster node
(error) ERR Unknown subcommand or wrong number of arguments for 'node'. Try CLUSTER HELP.
# 查看集群节点
127.0.0.1:6379> cluster nodes
db8e474f6cc28a398c015ede3e0065335c05516f 172.38.0.16:6379@16379 slave 254cc1b5224a67a15c6ebebd169290fed88ccc71 0 1646732099579 2 connected
254cc1b5224a67a15c6ebebd169290fed88ccc71 172.38.0.12:6379@16379 master - 0 1646732099579 2 connected 5461-10922
c27f6f7e9c579f78c7d06287effe34977ad34653 172.38.0.14:6379@16379 slave 2897fc5fc8b066cfca3e7b18c2e583cdb2f44b44 0 1646732099000 3 connected
2897fc5fc8b066cfca3e7b18c2e583cdb2f44b44 172.38.0.13:6379@16379 master - 0 1646732099579 3 connected 10923-16383
2cdf2610091beb0f23ca2facd5a899f84ea02c6f 172.38.0.11:6379@16379 myself,master - 0 1646732097000 1 connected 0-5460
57be1b772cc683dd5ce08d403117854b6930a004 172.38.0.15:6379@16379 slave 2cdf2610091beb0f23ca2facd5a899f84ea02c6f 0 1646732099000 1 connected
# 设置值,停止容器,再次查看从机是否可以获取到值
127.0.0.1:6379> set a b
-> Redirected to slot [15495] located at 172.38.0.13:6379
OK
# 停止 13 容器
[root@izuf6akcgealirj602cmxsz ~]# docker stop redis-3
redis-3
[root@izuf6akcgealirj602cmxsz ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0447b68a8a30 redis "docker-entrypoint.s…" 34 minutes ago Up 34 minutes 0.0.0.0:6376->6379/tcp, 0.0.0.0:16376->16379/tcp redis-6
71f6f4aff7ca redis "docker-entrypoint.s…" 34 minutes ago Up 34 minutes 0.0.0.0:6375->6379/tcp, 0.0.0.0:16375->16379/tcp redis-5
9ca322faf8c4 redis "docker-entrypoint.s…" 34 minutes ago Up 34 minutes 0.0.0.0:6374->6379/tcp, 0.0.0.0:16374->16379/tcp redis-4
f21767f30cdd redis "docker-entrypoint.s…" 34 minutes ago Exited (0) 3 seconds ago redis-3
d828b579738a redis "docker-entrypoint.s…" 34 minutes ago Up 34 minutes 0.0.0.0:6372->6379/tcp, 0.0.0.0:16372->16379/tcp redis-2
a9fb64b8c467 redis "docker-entrypoint.s…" 34 minutes ago Up 34 minutes 0.0.0.0:6371->6379/tcp, 0.0.0.0:16371->16379/tcp redis-1
# 获取设置的值
127.0.0.1:6379> cluster nodes
db8e474f6cc28a398c015ede3e0065335c05516f 172.38.0.16:6379@16379 slave 254cc1b5224a67a15c6ebebd169290fed88ccc71 0 1646732811042 2 connected
254cc1b5224a67a15c6ebebd169290fed88ccc71 172.38.0.12:6379@16379 master - 0 1646732812045 2 connected 5461-10922
c27f6f7e9c579f78c7d06287effe34977ad34653 172.38.0.14:6379@16379 master - 0 1646732810000 7 connected 10923-16383
2897fc5fc8b066cfca3e7b18c2e583cdb2f44b44 172.38.0.13:6379@16379 master,fail - 1646732709591 1646732707000 3 connected # 该节点已经关闭了
2cdf2610091beb0f23ca2facd5a899f84ea02c6f 172.38.0.11:6379@16379 myself,master - 0 1646732810000 1 connected 0-5460
57be1b772cc683dd5ce08d403117854b6930a004 172.38.0.15:6379@16379 slave 2cdf2610091beb0f23ca2facd5a899f84ea02c6f 0 1646732811042 1 connected
# 获取值 14 的redis 返回了值
127.0.0.1:6379> get a
-> Redirected to slot [15495] located at 172.38.0.14:6379
"b"
396
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
