1.pip⼯具
2.docker compose⼯具
[root@docker001 ~]# yum -y install python2-pip
[root@docker001 ~]# pip config set global.index
url https://pypi.tuna.tsinghua.edu.cn/simple
[root@docker001 ~]# pip install docker-compose --
ignore-installed requests
https://github.com/search?q=harbor&type=repositorieshttps://github.com/vmware/harbor/releaseshttps://github.com/goharbor/harbor/releases/download/v2.11.1/h
arbor-offline-installer-v2.11.1.tgz
https://github.com/goharbor/harbor/releases/download/v2.11.1/h
arbor-offline-installer-v2.11.1.tgz
docker⽹络
本地⽹络
bridge
所有容器连接到桥就可以使⽤外⽹,使⽤nat让容器可以访问外⽹,
使⽤ ip a s指令查看桥,所有容器连接到此桥,ip地址都是
172.17.0.0/16⽹段,桥是启动docker服务后出现,在centos使⽤
bridge-utils安装
查看桥⽂件
[root@docker001 ~]# yum -y install bridge-utils
已加载插件:fastestmirror
......
已安装:
bridge-utils.x86_64 0:1.5-9.el7
完毕![root@docker001 ~]# yum provides *bin/brctl
[已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* epel: repo.jing.rocks
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
bridge-utils-1.5-9.el7.x86_64 : Utilities for
configuring the linux ethernet bridge
源 :base
匹配来源:
⽂件名 :/usr/sbin/brctl使⽤docker network
[root@docker001 ~]# brctl show
bridge name bridge id STP enabled interfaces
br-d026f3de4fec 8000.0242b81705e9 no
veth150cb70
veth1b80e45
veth451acfe
veth6d43b00
veth70c340d
veth7341776
veth87822ed
veth8b06afd
vethfc3f85d
docker0 8000.0242a3a8e91e no
[root@docker001 ~]# #使⽤docker network 查看桥
[root@docker001 ~]# docker network --help
Usage: docker network COMMAND
Manage networks
Commands:
connect Connect a container to a network
create Create a network
disconnect Disconnect a container from a network inspect Display detailed information on one
or more networks
ls List networks
prune Remove all unused networks
rm Remove one or more networks
Run 'docker network COMMAND --help' for more
information on a command.
[root@docker001 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
01fa71620d73 bridge bridge local
d026f3de4fec harbor_harbor bridge local
f46543c13863 host host local
c220508b862f none null local
每⼀台dcoker host上的docker0所在⽹段完全⼀样,但是会造成跨主
机的容器⽆法通信,host
与主机共享⽹络,可让容器连接外⽹
所有容器与docker主机在同⼀个⽹络中,容器和外⽹相互访问
创建⼀个新的容器
查看ip,默认在桥上
[root@docker001 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
01fa71620d73 bridge bridge local
d026f3de4fec harbor_harbor bridge local
f46543c13863 host host local
c220508b862f none null local
[root@docker001 000]# docker run -d -p80 -v
/opt/:/usr/share/nginx/html/ centosnginx:v1
a4b6324a55e63a0966086a18519dd58fa26eaf91d0017d143d5
7f25312dfeb85[root@docker001 000]# docker inspect a4b6|grep IPA
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.2",
"IPAMConfig": null,
"IPAddress": "172.17.0.2",
绑定其他的桥
[root@docker001 000]# docker run -d --network
harbor_harbor centosnginx:v1
21a283fd5e684038d218892700e2b9689c0555bf2c59a554f00
554bd0daca55d
[root@docker001 000]# docker inspect 21a2|grep
IPAdd
"SecondaryIPAddresses": null,
"IPAddress": "",
"IPAddress": "172.19.0.11",
# 使⽤--network对⽹桥的选择
绑定host主机⽹络主机名同真机,⽹络也同真机
优点:可以直接访问容器
缺点:端⼝占⽤,多容器同时运⾏⼀个服务,不建议,在测试环境中
使⽤
none
容器仅仅有lo⽹卡,不能与外界链接,在⾼级应⽤中使⽤,lo⽹
卡,⽆法链接外⽹
[root@docker001 001]# docker run -it --network host
yum:v0 /bin/bash
[root@docker001 /]# yum -y install iprout
#内部查看ip是本地主机ip
# 外部查看ip 没有
[root@docker001 001]# docker inspect 306d|grep
IPAdd
"SecondaryIPAddresses": null,
"IPAddress": "",
"IPAddress": "",主机
容器
主机
容器
A
A1 172.20.0.2 mysql
B
B1 172.20.0.3 java
a2 172.20.04
B2 172.20.0.5
A3 172.17.0.4
B3 172.17.0.4
联盟⽹络 容器⽹络
共享⽹络命名空间
跨主机容器之间通讯
⼯具
pipworkflannel
overlay 覆盖型⽹络,不⽀持路由转发,通过数据etcd数据库保存⼦
⽹信息以及⽹络分配信息
给每台主机分配⼀个⽹段
通过udp传输数据包主机名
ip
功能
软件
node1
x.x.x.10
主控主机
etcd flannel docker
node2
x.x.x.11
被控主机
etcd docker
*weave
Open V Switch(OVS)
Calico
说明
node1
软件:
etcd
flannel
docker
node2
flannel
docker
配置
主机名
安全配置hosts
安装软件
node1
node2
1.安装etcd数据库
[root@node1 ~]# yum -y install etcd
已加载插件:fastestmirror
Determining fastest mirrors
epel/x86_64/metalink
| 5.1 kB
00:00:00
* base: mirrors.aliyun.com
* epel: repo.jing.rocks
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
base
| 3.6 kB
00:00:00
extras
| 2.9 kB
00:00:00
updates
| 2.9 kB
00:00:00
没有可⽤软件包 fannel。
正在解决依赖关系
--> 正在检查事务---> 软件包 etcd.x86_64.0.3.3.11-2.el7.centos 将
被 安装
--> 解决依赖关系完成
依赖关系解决
==================================================
==================================================
============
Package 架构 版本
源
⼤⼩
==================================================
==================================================
============
正在安装:
etcd x86_64
3.3.11-2.el7.centos extras
10 M
事务概要
==================================================
==================================================
============安装 1 软件包
总下载量:10 M
安装⼤⼩:45 M
Downloading packages:
etcd-3.3.11-2.el7.centos.x86_64.rpm
| 10 MB
00:00:12
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : etcd-3.3.11-2.el7.centos.x86_64
1/1
验证中 : etcd-3.3.11-2.el7.centos.x86_64
1/1
已安装:
etcd.x86_64 0:3.3.11-2.el7.centos
完毕!2.安装flannel
[root@node1 ~]# yum -y install flannel
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* epel: repo.jing.rocks
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
正在解决依赖关系
--> 正在检查事务
---> 软件包 flannel.x86_64.0.0.7.1-4.el7 将被 安
装
--> 解决依赖关系完成
依赖关系解决
==================================================
==================================================
============
Package 架构
版本 源
⼤⼩==================================================
==================================================
============
正在安装:
flannel x86_64
0.7.1-4.el7 extras
7.5 M
事务概要
==================================================
==================================================
============
安装 1 软件包
总下载量:7.5 M
安装⼤⼩:41 M
Downloading packages:
flannel-0.7.1-4.el7.x86_64.rpm
| 7.5 MB
00:00:45
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction 正在安装 : flannel-0.7.1-4.el7.x86_64
1/1
验证中 : flannel-0.7.1-4.el7.x86_64
1/1
已安装:
flannel.x86_64 0:0.7.1-4.el7
完毕!
3.修改etcd数据库配置
[root@node1 ~]# vim /etc/etcd/etcd.conf
[root@node1 ~]# cat /etc/etcd/etcd.conf
#[Member]
#ETCD_CORS=""
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
#ETCD_WAL_DIR=""
#ETCD_LISTEN_PEER_URLS="http://localhost:2380"
##-------------------------------------------------
-------------------
#ETCD_LISTEN_CLIENT_URLS="http://localhost:2379"
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379,http:
//0.0.0.0:4001"
#-------------------------------------------------
------------------
#ETCD_MAX_SNAPSHOTS="5"
#ETCD_MAX_WALS="5"
ETCD_NAME="default"
#ETCD_SNAPSHOT_COUNT="100000"
#ETCD_HEARTBEAT_INTERVAL="100"
#ETCD_ELECTION_TIMEOUT="1000"
#ETCD_QUOTA_BACKEND_BYTES="0"
#ETCD_MAX_REQUEST_BYTES="1572864"
#ETCD_GRPC_KEEPALIVE_MIN_TIME="5s"
#ETCD_GRPC_KEEPALIVE_INTERVAL="2h0m0s"
#ETCD_GRPC_KEEPALIVE_TIMEOUT="20s"
#
#[Clustering]
#ETCD_INITIAL_ADVERTISE_PEER_URLS="http://localhos
t:2380"
#
##-------------------------------------------------
-----
#ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379
"
ETCD_ADVERTISE_CLIENT_URLS="http://10.1.1.10:2379,
http://10.1.1.10:4001"
#-------------------------------------------------
-----
#ETCD_DISCOVERY=""
#ETCD_DISCOVERY_FALLBACK="proxy"
#ETCD_DISCOVERY_PROXY=""
#ETCD_DISCOVERY_SRV=""
#ETCD_INITIAL_CLUSTER="default=http://localhost:23
80"
#ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
#ETCD_INITIAL_CLUSTER_STATE="new"
#ETCD_STRICT_RECONFIG_CHECK="true"
#ETCD_ENABLE_V2="true"
#
#[Proxy]
#ETCD_PROXY="off"
#ETCD_PROXY_FAILURE_WAIT="5000"
#ETCD_PROXY_REFRESH_INTERVAL="30000"
#ETCD_PROXY_DIAL_TIMEOUT="1000"#ETCD_PROXY_WRITE_TIMEOUT="5000"
#ETCD_PROXY_READ_TIMEOUT="0"
#
#[Security]
#ETCD_CERT_FILE=""
#ETCD_KEY_FILE=""
#ETCD_CLIENT_CERT_AUTH="false"
#ETCD_TRUSTED_CA_FILE=""
#ETCD_AUTO_TLS="false"
#ETCD_PEER_CERT_FILE=""
#ETCD_PEER_KEY_FILE=""
#ETCD_PEER_CLIENT_CERT_AUTH="false"
#ETCD_PEER_TRUSTED_CA_FILE=""
#ETCD_PEER_AUTO_TLS="false"
#
#[Logging]
#ETCD_DEBUG="false"
#ETCD_LOG_PACKAGE_LEVELS=""
#ETCD_LOG_OUTPUT="default"
#
#[Unsafe]
#ETCD_FORCE_NEW_CLUSTER="false"
#
#[Version]
#ETCD_VERSION="false"
#ETCD_AUTO_COMPACTION_RETENTION="0"#
#[Profiling]
#ETCD_ENABLE_PPROF="false"
#ETCD_METRICS="basic"
#
#[Auth]
#ETCD_AUTH_TOKEN="simple"
4.启动数据库
[root@node1 ~]# systemctl start etcd.service
5.设置开机启动[root@node1 ~]# systemctl enable etcd.service
Created symlink from /etc/systemd/system/multi
user.target.wants/etcd.service to
/usr/lib/systemd/system/etcd.service.
[root@node1 ~]# ss -anput|grep 2370
tcp ESTAB 0 0 127.0.0.1:34666
127.0.0.1:2370 users:
(("etcd",pid=1959,fd=11))
tcp LISTEN 0 128 [::]:2370
[::]:* users:
(("etcd",pid=1959,fd=6))
tcp ESTAB 0 0
[::ffff:127.0.0.1]:2370
[::ffff:127.0.0.1]:34666 users:
(("etcd",pid=1959,fd=15))
6.测试端⼝
[root@node1 ~]# netstat -lnput|grep 4001
tcp6 0 0 :::4001 :::*
LISTEN 1959/etcd
[root@node1 ~]# systemctl restart etcd.service
[root@node1 ~]# netstat -lnput|grep 2379
tcp6 0 0 :::2379 :::*
LISTEN 2028/etcd 7.测试数据库功能
[root@node1 ~]# etcdctl set testdir/testkey0 1000
1000
[root@node1 ~]# etcdctl get testdir/testkey0
1000
8.测试集群健康
[root@node1 ~]# etcdctl -C http://10.1.1.10:4001
cluster-health
member 8e9e05c52164694d is healthy: got healthy
result from http://10.1.1.10:2379
cluster is healthy
[root@node1 ~]# etcdctl -C http://10.1.1.10:2379
cluster-health
member 8e9e05c52164694d is healthy: got healthy
result from http://10.1.1.10:2379
cluster is healthy
9.修改flannel配置⽂件
[root@node1 ~]# vim /etc/sysconfig/flanneld
[root@node1 ~]# cat /etc/sysconfig/flanneld# Flanneld configuration options
# etcd url location. Point this to the server
where etcd runs
# ------------------------------------------------
-------
FLANNEL_ETCD_ENDPOINTS="http://10.1.1.10:2379"
#-------------------------------------------------
-------
# etcd config key. This is the configuration key
that flannel queries
# For address range assignment
FLANNEL_ETCD_PREFIX="/atomic.io/network"
# Any additional options that you want to pass
#FLANNEL_OPTIONS=""
10.向数据库中存⼊⽹段信息[root@node1 ~]# etcdctl mk
/atomic.io/network/config '{ "Network" :
"172.20.0.0/16" }'
{ "Network" : "172.20.0.0/16" }
[root@node1 ~]# etcdctl get
/atomic.io/network/config
{ "Network" : "172.20.0.0/16" }
11.启动并设置开机启动flanneld
[root@node1 ~]# systemctl start flanneld.service
[root@node1 ~]# systemctl enable flanneld.service
Created symlink from /etc/systemd/system/multi
user.target.wants/flanneld.service to
/usr/lib/systemd/system/flanneld.service.
Created symlink from
/etc/systemd/system/docker.service.wants/flanneld.
service to
/usr/lib/systemd/system/flanneld.service.
12.查看ip地址
[root@node1 ~]# ip a s1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc
noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd
00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu
1500 qdisc pfifo_fast state UP group default qlen
1000
link/ether 00:0c:29:94:72:1b brd
ff:ff:ff:ff:ff:ff
inet 10.1.1.10/24 brd 10.1.1.255 scope global
ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe94:721b/64 scope link
valid_lft forever preferred_lft forever
3: flannel0:
<POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472
qdisc pfifo_fast state UNKNOWN group default qlen
500
link/none
inet 172.20.20.0/16 scope global flannel0
valid_lft forever preferred_lft forever inet6 fe80::1fae:d70e:eb38:5ec9/64 scope link
flags 800
valid_lft forever preferred_lft forever
13.安装docker
[root@node1 ~]# source docker.sh
overlay
br_netfilter
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
* Applying /usr/lib/sysctl.d/00-system.conf ...
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
* Applying /usr/lib/sysctl.d/10-default-yama
scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
kernel.kptr_restrict = 1
net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/k8s.conf ...
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
* Applying /etc/sysctl.conf ...
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* epel: repo.jing.rocks
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
软件包 device-mapper-persistent-data-0.8.5-
3.el7_9.2.x86_64 已安装并且是最新版本
软件包 7:lvm2-2.02.187-6.el7_9.5.x86_64 已安装并
且是最新版本
正在解决依赖关系
--> 正在检查事务---> 软件包 yum-utils.noarch.0.1.1.31-54.el7_8
将被 安装
--> 正在处理依赖关系 python-kitchen,它被软件包
yum-utils-1.1.31-54.el7_8.noarch 需要
--> 正在处理依赖关系 libxml2-python,它被软件包
yum-utils-1.1.31-54.el7_8.noarch 需要
--> 正在检查事务
---> 软件包 libxml2-python.x86_64.0.2.9.1-
6.el7_9.6 将被 安装
---> 软件包 python-kitchen.noarch.0.1.1.1-5.el7
将被 安装
--> 正在处理依赖关系 python-chardet,它被软件包
python-kitchen-1.1.1-5.el7.noarch 需要
--> 正在检查事务
---> 软件包 python-chardet.noarch.0.2.2.1-3.el7
将被 安装
--> 解决依赖关系完成
依赖关系解决
==================================================
==================================================
============ Package 架构
版本 源
⼤⼩
==================================================
==================================================
============
正在安装:
yum-utils noarch
1.1.31-54.el7_8 base
122 k
为依赖⽽安装:
libxml2-python x86_64
2.9.1-6.el7_9.6 updates
247 k
python-chardet noarch
2.2.1-3.el7 base
227 k
python-kitchen noarch
1.1.1-5.el7 base
267 k
事务概要
==================================================
==================================================
============安装 1 软件包 (+3 依赖软件包)
总下载量:863 k
安装⼤⼩:4.3 M
Downloading packages:
(1/4): yum-utils-1.1.31-54.el7_8.noarch.rpm
| 122 kB
00:00:00
libxml2-python-2.9.1-6.el7_9.6 FAILED
http://mirrors.cloud.aliyuncs.com/centos/7/updates
/x86_64/Packages/libxml2-python-2.9.1-
6.el7_9.6.x86_64.rpm: [Errno 14] curl#6 - "Could
not resolve host: mirrors.cloud.aliyuncs.com;
Unknown error"
正在尝试其它镜像。
python-chardet-2.2.1-3.el7.noa FAILED
http://mirrors.cloud.aliyuncs.com/centos/7/os/x86_
64/Packages/python-chardet-2.2.1-3.el7.noarch.rpm:
[Errno 14] curl#6 - "Could not resolve host:
mirrors.cloud.aliyuncs.com; Unknown error"
正在尝试其它镜像。(2/4): libxml2-python-2.9.1-6.el7_9.6.x86_64.rpm
| 247 kB
00:00:01
(3/4): python-chardet-2.2.1-3.el7.noarch.rpm
| 227 kB
00:00:07
python-kitchen-1.1.1-5.el7.noa FAILED
http://mirrors.aliyuncs.com/centos/7/os/x86_64/Pac
kages/python-kitchen-1.1.1-5.el7.noarch.rpm:
[Errno 14] curl#7 - "Failed connect to
mirrors.aliyuncs.com:80; Connection refused"
正在尝试其它镜像。
(4/4): python-kitchen-1.1.1-5.el7.noarch.rpm
| 267 kB
00:00:01
--------------------------------------------------
--------------------------------------------------
------------
总计
38 kB/s | 863 kB
00:00:22
Running transaction check
Running transaction testTransaction test succeeded
Running transaction
正在安装 : python-chardet-2.2.1-3.el7.noarch
1/4
正在安装 : python-kitchen-1.1.1-5.el7.noarch
2/4
正在安装 : libxml2-python-2.9.1-
6.el7_9.6.x86_64
3/4
正在安装 : yum-utils-1.1.31-54.el7_8.noarch
4/4
验证中 : python-kitchen-1.1.1-5.el7.noarch
1/4
验证中 : yum-utils-1.1.31-54.el7_8.noarch
2/4
验证中 : libxml2-python-2.9.1-
6.el7_9.6.x86_64
3/4
验证中 : python-chardet-2.2.1-3.el7.noarch
4/4已安装:
yum-utils.noarch 0:1.1.31-54.el7_8
作为依赖被安装:
libxml2-python.x86_64 0:2.9.1-6.el7_9.6
python-chardet.noarch 0:2.2.1-3.el7
python-kitchen.noarch 0:1.1.1-5.el7
完毕!
已加载插件:fastestmirror
adding repo from:
https://mirrors.aliyun.com/docker
ce/linux/centos/docker-ce.repo
grabbing file https://mirrors.aliyun.com/docker
ce/linux/centos/docker-ce.repo to
/etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com * epel: repo.jing.rocks
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
docker-ce-stable
| 3.5 kB
00:00:00
(1/2): docker-ce-stable/7/x86_64/updateinfo
| 55 B
00:00:10
(2/2): docker-ce-stable/7/x86_64/primary_db
| 152 kB
00:00:11
正在解决依赖关系
--> 正在检查事务
---> 软件包 containerd.io.x86_64.0.1.6.33-
3.1.el7 将被 安装
--> 正在处理依赖关系 container-selinux >= 2:2.74,
它被软件包 containerd.io-1.6.33-3.1.el7.x86_64 需要
---> 软件包 docker-buildx
plugin.x86_64.0.0.14.1-1.el7 将被 安装
---> 软件包 docker-ce.x86_64.3.26.1.4-1.el7 将被
安装
--> 正在处理依赖关系 docker-ce-rootless-extras,它
被软件包 3:docker-ce-26.1.4-1.el7.x86_64 需要
--> 正在处理依赖关系 libcgroup,它被软件包
3:docker-ce-26.1.4-1.el7.x86_64 需要---> 软件包 docker-ce-cli.x86_64.1.26.1.4-1.el7
将被 安装
---> 软件包 docker-compose
plugin.x86_64.0.2.27.1-1.el7 将被 安装
--> 正在检查事务
---> 软件包 container-selinux.noarch.2.2.119.2-
1.911c772.el7_8 将被 安装
--> 正在处理依赖关系 policycoreutils-python,它被软
件包 2:container-selinux-2.119.2-
1.911c772.el7_8.noarch 需要
---> 软件包 docker-ce-rootless
extras.x86_64.0.26.1.4-1.el7 将被 安装
--> 正在处理依赖关系 fuse-overlayfs >= 0.7,它被软
件包 docker-ce-rootless-extras-26.1.4-1.el7.x86_64
需要
--> 正在处理依赖关系 slirp4netns >= 0.4,它被软件包
docker-ce-rootless-extras-26.1.4-1.el7.x86_64 需要
---> 软件包 libcgroup.x86_64.0.0.41-21.el7 将被
安装
--> 正在检查事务
---> 软件包 fuse-overlayfs.x86_64.0.0.7.2-
6.el7_8 将被 安装
--> 正在处理依赖关系 libfuse3.so.3(FUSE_3.2)
(64bit),它被软件包 fuse-overlayfs-0.7.2-
6.el7_8.x86_64 需要--> 正在处理依赖关系 libfuse3.so.3(FUSE_3.0)
(64bit),它被软件包 fuse-overlayfs-0.7.2-
6.el7_8.x86_64 需要
--> 正在处理依赖关系 libfuse3.so.3()(64bit),它被软
件包 fuse-overlayfs-0.7.2-6.el7_8.x86_64 需要
---> 软件包 policycoreutils-python.x86_64.0.2.5-
34.el7 将被 安装
--> 正在处理依赖关系 setools-libs >= 3.3.8-4,它被
软件包 policycoreutils-python-2.5-34.el7.x86_64 需
要
--> 正在处理依赖关系 libsemanage-python >= 2.5-
14,它被软件包 policycoreutils-python-2.5-
34.el7.x86_64 需要
--> 正在处理依赖关系 audit-libs-python >= 2.1.3-
4,它被软件包 policycoreutils-python-2.5-
34.el7.x86_64 需要
--> 正在处理依赖关系 python-IPy,它被软件包
policycoreutils-python-2.5-34.el7.x86_64 需要
--> 正在处理依赖关系 libqpol.so.1(VERS_1.4)
(64bit),它被软件包 policycoreutils-python-2.5-
34.el7.x86_64 需要
--> 正在处理依赖关系 libqpol.so.1(VERS_1.2)
(64bit),它被软件包 policycoreutils-python-2.5-
34.el7.x86_64 需要--> 正在处理依赖关系 libapol.so.4(VERS_4.0)
(64bit),它被软件包 policycoreutils-python-2.5-
34.el7.x86_64 需要
--> 正在处理依赖关系 checkpolicy,它被软件包
policycoreutils-python-2.5-34.el7.x86_64 需要
--> 正在处理依赖关系 libqpol.so.1()(64bit),它被软
件包 policycoreutils-python-2.5-34.el7.x86_64 需要
--> 正在处理依赖关系 libapol.so.4()(64bit),它被软
件包 policycoreutils-python-2.5-34.el7.x86_64 需要
---> 软件包 slirp4netns.x86_64.0.0.4.3-4.el7_8
将被 安装
--> 正在检查事务
---> 软件包 audit-libs-python.x86_64.0.2.8.5-
4.el7 将被 安装
---> 软件包 checkpolicy.x86_64.0.2.5-8.el7 将被
安装
---> 软件包 fuse3-libs.x86_64.0.3.6.1-4.el7 将被
安装
---> 软件包 libsemanage-python.x86_64.0.2.5-
14.el7 将被 安装
---> 软件包 python-IPy.noarch.0.0.75-6.el7 将被
安装
---> 软件包 setools-libs.x86_64.0.3.3.8-4.el7 将
被 安装
--> 解决依赖关系完成依赖关系解决
==================================================
==================================================
============
Package 架构 版
本 源
⼤⼩
==================================================
==================================================
============
正在安装:
containerd.io x86_64
1.6.33-3.1.el7 docker-ce
stable 35 M
docker-buildx-plugin x86_64
0.14.1-1.el7 docker-ce
stable 14 M
docker-ce x86_64
3:26.1.4-1.el7 docker-ce
stable 27 M
docker-ce-cli x86_64
1:26.1.4-1.el7 docker-ce
stable 15 M docker-compose-plugin x86_64
2.27.1-1.el7 docker-ce
stable 13 M
为依赖⽽安装:
audit-libs-python x86_64
2.8.5-4.el7 base
76 k
checkpolicy x86_64
2.5-8.el7 base
295 k
container-selinux noarch
2:2.119.2-1.911c772.el7_8 extras
40 k
docker-ce-rootless-extras x86_64
26.1.4-1.el7 docker-ce
stable 9.4 M
fuse-overlayfs x86_64
0.7.2-6.el7_8 extras
54 k
fuse3-libs x86_64
3.6.1-4.el7 extras
82 k
libcgroup x86_64
0.41-21.el7 base
66 k libsemanage-python x86_64
2.5-14.el7 base
113 k
policycoreutils-python x86_64
2.5-34.el7 base
457 k
python-IPy noarch
0.75-6.el7 base
32 k
setools-libs x86_64
3.3.8-4.el7 base
620 k
slirp4netns x86_64
0.4.3-4.el7_8 extras
81 k
事务概要
==================================================
==================================================
============
安装 5 软件包 (+12 依赖软件包)
总下载量:116 M
安装⼤⼩:407 M
Downloading packages:(1/17): container-selinux-2.119.2-
1.911c772.el7_8.noarch.rpm
| 40 kB 00:00:00
(2/17): audit-libs-python-2.8.5-4.el7.x86_64.rpm
| 76 kB
00:00:02
(3/17): checkpolicy-2.5-8.el7.x86_64.rpm
| 295 kB
00:00:03
warning: /var/cache/yum/x86_64/7/docker-ce
stable/packages/docker-buildx-plugin-0.14.1-
1.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature,
key ID 621e9f35: NOKEY
docker-buildx-plugin-0.14.1-1.el7.x86_64.rpm 的公钥
尚未安装
(4/17): docker-buildx-plugin-0.14.1-
1.el7.x86_64.rpm
| 14 MB 00:02:11
(5/17): containerd.io-1.6.33-3.1.el7.x86_64.rpm
| 35 MB
00:05:22
(6/17): docker-ce-cli-26.1.4-1.el7.x86_64.rpm
| 15 MB
00:00:35 (7/17): docker-ce-26.1.4-1.el7.x86_64.rpm
| 27 MB
00:03:50
(8/17): fuse-overlayfs-0.7.2-6.el7_8.x86_64.rpm
| 54 kB
00:00:03
(9/17): libcgroup-0.41-21.el7.x86_64.rpm
| 66 kB
00:00:03
(10/17): fuse3-libs-3.6.1-4.el7.x86_64.rpm
| 82 kB
00:00:03
(11/17): libsemanage-python-2.5-14.el7.x86_64.rpm
| 113 kB
00:00:02
(12/17): python-IPy-0.75-6.el7.noarch.rpm
| 32 kB
00:00:00
(13/17): policycoreutils-python-2.5-
34.el7.x86_64.rpm
| 457 kB 00:00:05
(14/17): slirp4netns-0.4.3-4.el7_8.x86_64.rpm
| 81 kB
00:00:02 (15/17): setools-libs-3.3.8-4.el7.x86_64.rpm
| 620 kB
00:00:02
(16/17): docker-compose-plugin-2.27.1-
1.el7.x86_64.rpm
| 13 MB 00:01:28
(17/17): docker-ce-rootless-extras-26.1.4-
1.el7.x86_64.rpm |
9.4 MB 00:01:33
--------------------------------------------------
--------------------------------------------------
------------
总计
262 kB/s | 116 MB
00:07:31
从 https://mirrors.aliyun.com/docker
ce/linux/centos/gpg 检索密钥
导⼊ GPG key 0x621E9F35:
⽤户ID : "Docker Release (CE rpm)
<docker@docker.com>"
指纹 : 060a 61c5 1b55 8a7f 742b 77aa c52f
eb6b 621e 9f35
来⾃ : https://mirrors.aliyun.com/docker
ce/linux/centos/gpgRunning transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : libcgroup-0.41-21.el7.x86_64
1/17
正在安装 : docker-buildx-plugin-0.14.1-
1.el7.x86_64
2/17
正在安装 : setools-libs-3.3.8-4.el7.x86_64
3/17
正在安装 : audit-libs-python-2.8.5-
4.el7.x86_64
4/17
正在安装 : slirp4netns-0.4.3-4.el7_8.x86_64
5/17
正在安装 : libsemanage-python-2.5-
14.el7.x86_64
6/17
正在安装 : python-IPy-0.75-6.el7.noarch
7/17 正在安装 : fuse3-libs-3.6.1-4.el7.x86_64
8/17
正在安装 : fuse-overlayfs-0.7.2-6.el7_8.x86_64
9/17
正在安装 : checkpolicy-2.5-8.el7.x86_64
10/17
正在安装 : policycoreutils-python-2.5-
34.el7.x86_64
11/17
正在安装 : 2:container-selinux-2.119.2-
1.911c772.el7_8.noarch
12/17
正在安装 : containerd.io-1.6.33-3.1.el7.x86_64
13/17
正在安装 : docker-compose-plugin-2.27.1-
1.el7.x86_64
14/17
正在安装 : 1:docker-ce-cli-26.1.4-1.el7.x86_64
15/17 正在安装 : docker-ce-rootless-extras-26.1.4-
1.el7.x86_64
16/17
正在安装 : 3:docker-ce-26.1.4-1.el7.x86_64
17/17
验证中 : docker-compose-plugin-2.27.1-
1.el7.x86_64
1/17
验证中 : checkpolicy-2.5-8.el7.x86_64
2/17
验证中 : fuse3-libs-3.6.1-4.el7.x86_64
3/17
验证中 : python-IPy-0.75-6.el7.noarch
4/17
验证中 : fuse-overlayfs-0.7.2-6.el7_8.x86_64
5/17
验证中 : libsemanage-python-2.5-
14.el7.x86_64
6/17 验证中 : slirp4netns-0.4.3-4.el7_8.x86_64
7/17
验证中 : 2:container-selinux-2.119.2-
1.911c772.el7_8.noarch
8/17
验证中 : containerd.io-1.6.33-3.1.el7.x86_64
9/17
验证中 : 3:docker-ce-26.1.4-1.el7.x86_64
10/17
验证中 : 1:docker-ce-cli-26.1.4-1.el7.x86_64
11/17
验证中 : policycoreutils-python-2.5-
34.el7.x86_64
12/17
验证中 : docker-ce-rootless-extras-26.1.4-
1.el7.x86_64
13/17
验证中 : audit-libs-python-2.8.5-
4.el7.x86_64
14/17 验证中 : setools-libs-3.3.8-4.el7.x86_64
15/17
验证中 : docker-buildx-plugin-0.14.1-
1.el7.x86_64
16/17
验证中 : libcgroup-0.41-21.el7.x86_64
17/17
已安装:
containerd.io.x86_64 0:1.6.33-3.1.el7
docker-buildx-plugin.x86_64 0:0.14.1-1.el7
docker-ce.x86_64 3:26.1.4-1.el7
docker-ce-cli.x86_64 1:26.1.4-1.el7
docker-compose-plugin.x86_64 0:2.27.1-1.el7
作为依赖被安装:
audit-libs-python.x86_64 0:2.8.5-4.el7
checkpolicy.x86_64 0:2.5-8.el7 container-selinux.noarch 2:2.119.2-
1.911c772.el7_8 docker-ce-rootless
extras.x86_64 0:26.1.4-1.el7
fuse-overlayfs.x86_64 0:0.7.2-6.el7_8
fuse3-libs.x86_64 0:3.6.1-4.el7
libcgroup.x86_64 0:0.41-21.el7
libsemanage-python.x86_64 0:2.5-14.el7
policycoreutils-python.x86_64 0:2.5-34.el7
python-IPy.noarch 0:0.75-6.el7
setools-libs.x86_64 0:3.3.8-4.el7
slirp4netns.x86_64 0:0.4.3-4.el7_8
完毕!
14.docker服务没有开启之前查看ip
[root@node1 ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>
mtu 1500
inet 10.1.1.10 netmask 255.255.255.0
broadcast 10.1.1.255 inet6 fe80::20c:29ff:fe94:721b prefixlen
64 scopeid 0x20<link>
ether 00:0c:29:94:72:1b txqueuelen 1000
(Ethernet)
RX packets 105369 bytes 146824987 (140.0
MiB)
RX errors 0 dropped 0 overruns 0 frame
0
TX packets 39963 bytes 3021936 (2.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier
0 collisions 0
flannel0:
flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>
mtu 1472
inet 172.20.20.0 netmask 255.255.0.0
destination 172.20.20.0
inet6 fe80::1fae:d70e:eb38:5ec9 prefixlen
64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-
00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame
0
TX packets 3 bytes 144 (144.0 B) TX errors 0 dropped 0 overruns 0 carrier
0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid
0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 993 bytes 65146 (63.6 KiB)
RX errors 0 dropped 0 overruns 0 frame
0
TX packets 993 bytes 65146 (63.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier
0 collisions 0
15.启动docker服务后查看ip
[root@node1 ~]# systemctl start docker.service
[root@node1 ~]# ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu
1500
inet 172.17.0.1 netmask 255.255.0.0
broadcast 172.17.255.255 ether 02:42:ba:f0:5f:1e txqueuelen 0
(Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame
0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier
0 collisions 0
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>
mtu 1500
inet 10.1.1.10 netmask 255.255.255.0
broadcast 10.1.1.255
inet6 fe80::20c:29ff:fe94:721b prefixlen
64 scopeid 0x20<link>
ether 00:0c:29:94:72:1b txqueuelen 1000
(Ethernet)
RX packets 105431 bytes 146830165 (140.0
MiB)
RX errors 0 dropped 0 overruns 0 frame
0
TX packets 40003 bytes 3028954 (2.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier
0 collisions 0flannel0:
flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>
mtu 1472
inet 172.20.20.0 netmask 255.255.0.0
destination 172.20.20.0
inet6 fe80::1fae:d70e:eb38:5ec9 prefixlen
64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-
00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame
0
TX packets 3 bytes 144 (144.0 B)
TX errors 0 dropped 0 overruns 0 carrier
0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid
0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 1001 bytes 65562 (64.0 KiB)
RX errors 0 dropped 0 overruns 0 frame
0
TX packets 1001 bytes 65562 (64.0 KiB) TX errors 0 dropped 0 overruns 0 carrier
0 collisions 0
16.查看flannel⼦⽹ip
[root@node1 ~]# cat /run/flannel/subnet.env
FLANNEL_NETWORK=172.20.0.0/16
FLANNEL_SUBNET=172.20.20.1/24
FLANNEL_MTU=1472
FLANNEL_IPMASQ=false
17.从其他主机复制⼀份daemon.json⽂件
[root@node1 ~]# scp
root@10.1.1.50:/etc/docker/daemon.json
/etc/docker/
root@10.1.1.50's password:
daemon.json
100% 385 111.9KB/s
00:00
18.修改添加桥ip和路由字节1472-1500[root@node1 ~]# vim /etc/docker/daemon.json
[root@node1 ~]# cat /etc/docker/daemon.json
{
"insecure-registries":[
"http://10.1.1.50"
],
"registry-mirrors": [
"https://do.nark.eu.org",
"https://dc.j8.work",
"https://docker.m.daocloud.io",
"https://dockerproxy.com",
"https://docker.mirrors.ustc.edu.cn",
"https://docker.nju.edu.cn"
],
"hosts": [
"tcp://0.0.0.0:2375",
"unix:///var/run/docker.sock"
],
"bip": "172.20.20.1/24",
"mtu": 1472
}
19.修改docker配置⽂件[root@node1 ~]# vim
/usr/lib/systemd/system/docker.service
20.加载配置,重启docker服务
[root@node1 ~]# systemctl daemon-reload
[root@node1 ~]# systemctl restart docker.service
21.查看ip地址
[root@node1 ~]# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc
noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd
00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu
1500 qdisc pfifo_fast state UP group default qlen
1000
link/ether 00:0c:29:94:72:1b brd
ff:ff:ff:ff:ff:ff
inet 10.1.1.10/24 brd 10.1.1.255 scope global
ens33 valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe94:721b/64 scope link
valid_lft forever preferred_lft forever
3: flannel0:
<POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472
qdisc pfifo_fast state UNKNOWN group default qlen
500
link/none
inet 172.20.20.0/16 scope global flannel0
valid_lft forever preferred_lft forever
inet6 fe80::1fae:d70e:eb38:5ec9/64 scope link
flags 800
valid_lft forever preferred_lft forever
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP>
mtu 1472 qdisc noqueue state DOWN group default
link/ether 02:42:ba:f0:5f:1e brd
ff:ff:ff:ff:ff:ff
inet 172.20.20.1/24 brd 172.20.20.255 scope
global docker0
valid_lft forever preferred_lft forever
22.拉取⼀个镜像测试ip地址[root@node1 ~]# docker pull centos
Using default tag: latest
latest: Pulling from library/centos
a1d0c7532777: Pull complete
Digest:
sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534b
bdee55bd6c473f432b177
Status: Downloaded newer image for centos:latest
docker.io/library/centos:latest
[root@node1 ~]# docker run -it centos:latest
/bin/bash
[root@be00f4423f5b /]# [root@node1 ~]# docker
images
REPOSITORY TAG IMAGE ID CREATED
SIZE
centos latest 5d0da3dc9764 2 years ago
23
1.安装flannel
yum -y install flannel
2.配置flanner 配置flannel要访问的etcd数据库所在的位置
root@localhost ~]# cat /etc/sysconfig/flanneld
# Flanneld configuration options
# etcd url location. Point this to the server
where etcd runs
FLANNEL_ETCD_ENDPOINTS="http://192.168.71.10:2379"
# etcd config key. This is the configuration key
that flannel queries
# For address range assignment
FLANNEL_ETCD_PREFIX="/atomic.io/network"
# Any additional options that you want to pass
#FLANNEL_OPTIONS=""
3.启动flannel
systemctl star flanneld
4.查看flannel分配的ip⽹段[root@localhost ~]# cat /run/flannel/subnet.env
FLANNEL_NETWORK=172.20.0.0/16
FLANNEL_SUBNET=172.20.99.1/24
FLANNEL_MTU=1472
FLANNEL_IPMASQ=false
5.安装docker
6.将flannel分配⽹段写⼊到daemon.json
[root@localhost ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": [
"https://do.nark.eu.org",
"https://dc.j8.work",
"https://docker.m.daocloud.io",
"https://dockerproxy.com",
"https://docker.mirrors.ustc.edu.cn",
"https://docker.nju.edu.cn"
],
"hosts": [
"tcp://0.0.0.0:2375",
"unix:///var/run/docker.sock"
], "insecure-registries":[
"http://192.168.71.50:5000"
],
"bip" : "172.20.99.1/24",
"mtu" : 1472
}
[root@localhost ~]#
7.重启docaker 如果不能重启,就修改⼀下远程管理
systemctl restart docker.service
8.拉取⼀个centos镜像
docker pull centos
docker run -it centos:latest /bin/bash
9.ping node1中容器的ip地址
ping 172.20.78.2
总结,⼯作原理
1.使⽤flanner为docker主机(宿主)分配⽹段2.⽹段的信息以及ip的信息保存在etcd数据库中
3.当flanner开始运⾏的时候,会从etcd数据库中读取
{"Network":"172.20.0.0/16"},随机为当前的主机添加⼀个flannel0⽹
课172.20.78.0
4.配置docker的daemon⽂件,让docker0⽹卡变成和flannel的⽹段
⼀致,之后docker下创建的容器的ip就在flannel的⽹段控制之内
1141
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
