文章目录
1、 Linux内核名称空间的创建
1.1 名称空间的命令集合
[root@king ~]# ip netns help //查看帮助指令,此命令只能管理员操作(其它用户操作需要进sodo中进行修改)
Usage: ★ip netns list👉列出所有能使用的名称空间列出来
★ip netns add NAME👉添加名称空间
ip netns attach NAME PID👉给名称空间指定一个进程号
ip netns set NAME NETNSID👉将为网络命名空间分配一个ID,这个ID仅在当前的网络命名空间内有效
ip [-all] netns delete [NAME]👉删除全部或某个名称空间
ip netns identify [PID]👉查找指定进程的网络名称空间的所有网络名称空间名称,如果未指定PID,则将使用当前进程
ip netns pids NAME👉查找所有具有命名网络命名空间作为其主要网络名称空间的进程
ip [-all] netns exec [NAME] cmd ...
ip netns monitor👉监视网络命名空间名称添加和删除事件,并为它看到的每个事件打印一行
ip netns list-id👉列出当前网络名称空间的id
NETNSID := auto | POSITIVE-INT
1.2创建网络名称空间
[root@king ~]# ip netns list
[root@king ~]# ip netns add ns0
[root@king ~]# ip netns list
ns0
[root@king ~]# ls /var/run/netns/ //创建的名称空间都存放在此目录,如果创建的有相同名存在会报错
ns0
[root@king ~]# file /var/run/netns/ns0 //file用来查看文件属性
/var//run/netns/ns0: empty
1.3 网络名称空间命令操作
...查看网络名称空间的网卡信息:
[root@king ~]# ip netns exec ns0 ip addr //新创建名称空间状态是关闭down
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
[root@king ~]# ip netns exec ns0 ping 127.0.0.1 //此时地址不通
connect: Network is unreachable
[root@king ~]# ip netns exec ns0 ip link set lo up //开启lo网卡
[root@king ~]# ip netns exec ns0 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
[root@king ~]# ip netns exec ns0 ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.032 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.028 ms
^C
--- 127.0.0.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 7ms
rtt min/avg/max/mdev = 0.028/0.030/0.032/0.002 ms
1.4 添加虚拟网卡并实现两个命令空间之间通信过程
1、添加虚拟网卡,生成一对虚拟网络接口
[root@king ~]# ip link add type veth //添加网卡类型是veth
[root@king ~]# ip a
...
3: veth0@veth1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether e2:90:1f:8a:3e:0a brd ff:ff:ff:ff:ff:ff
4: veth1@veth0: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether b2:01:03:95:db:68 brd ff:ff:ff:ff:ff:ff
2、创建两个名称空间
[root@king ~]# ip netns list
ns0
[root@king ~]# ip netns add ns1
[root@king ~]# ip netns list
ns1
ns0
3、把添加的虚拟网卡接口分别加入到不同的名称空间中
[root@king ~]# ip link set veth0 netns ns0
[root@king ~]# ip link set veth1 netns ns1
4、开启网卡状态并分配IP地址
[root@king ~]# ip netns exec ns0 ip link set veth0 up
[root@king ~]# ip netns exec ns0 ip addr add 10.0.2.1/24 dev veth0
[root@king ~]# ip netns exec ns1 ip link set lo up
[root@king ~]# ip netns exec ns1 ip link set veth1 up
[root@king ~]# ip netns exec ns1 ip addr add 10.0.2.2/24 dev veth1
//查看状态
[root@king ~]# ip netns exec ns0 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
3: veth0@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether e2:90:1f:8a:3e:0a brd ff:ff:ff:ff:ff:ff link-netns ns1
inet 10.0.2.1/24 scope global veth0
valid_lft forever preferred_lft forever
inet6 fe80::e090:1fff:fe8a:3e0a/64 scope link
valid_lft forever preferred_lft forever
[root@king ~]# ip netns exec ns1 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
4: veth1@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether b2:01:03:95:db:68 brd ff:ff:ff:ff:ff:ff link-netns ns0
inet 10.0.2.2/24 scope global veth1
valid_lft forever preferred_lft forever
inet6 fe80::b001:3ff:fe95:db68/64 scope link
valid_lft forever preferred_lft forever
5、验证:使用ping命令查看两个名称空间是否通信
[root@king ~]# ip netns exec ns0 ping 10.0.2.2
PING 10.0.2.2 (10.0.2.2) 56(84) bytes of data.
64 bytes from 10.0.2.2: icmp_seq=1 ttl=64 time=0.044 ms
64 bytes from 10.0.2.2: icmp_seq=2 ttl=64 time=0.118 ms
^C
--- 10.0.2.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 60ms
rtt min/avg/max/mdev = 0.044/0.073/0.118/0.032 ms
[root@king ~]# ip netns exec ns1 ping 10.0.2.1
PING 10.0.2.1 (10.0.2.1) 56(84) bytes of data.
64 bytes from 10.0.2.1: icmp_seq=1 ttl=64 time=0.032 ms
64 bytes from 10.0.2.1: icmp_seq=2 ttl=64 time=0.079 ms
^C
--- 10.0.2.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 35ms
rtt min/avg/max/mdev = 0.032/0.054/0.079/0.021 ms
[已实现通信]
1.5 给虚拟网卡设备重命名
[root@king ~]# ip netns exec ns0 ip link set veth0 down //关闭网卡
[root@king ~]# ip netns exec ns0 ip link set dev veth0 name eth0 //重命名
[root@king ~]# ip netns exec ns1 ip link set veth1 down //关闭网卡
[root@king ~]# ip netns exec ns1 ip link set dev veth1 name eth1
[root@king ~]# ip netns exec ns0 ip addr
3: eth0@if4: <BROADCAST,MULTICAST> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether e2:90:1f:8a:3e:0a brd ff:ff:ff:ff:ff:ff link-netns ns1
inet 10.0.2.1/24 scope global eth0
valid_lft forever preferred_lft forever
[root@king ~]# ip netns exec ns1 ip addr
4: eth1@if3: <BROADCAST,MULTICAST> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether b2:01:03:95:db:68 brd ff:ff:ff:ff:ff:ff link-netns ns0
inet 10.0.2.2/24 scope global eth1
valid_lft forever preferred_lft forever
//修改完之后开启网卡状态
[root@king ~]# ip netns exec ns0 ip link set eth0 up
[root@king ~]# ip netns exec ns1 ip link set eth1 up
2.docker四种网络配置
2.1 bridge模式 (docker默认的网络模式-可配也可不配置)
命令:docker run -it --network bridge +容器名
可添加选项:–rm(运行后退出自动删除) --name(给容器重命名)
出现效果:只会出现 lo 和 eth0 两张网卡
2.2 none模式 (用于不需要网络的情况)
命令:docker run -it --network none +容器名
可添加选项:–rm(运行后退出自动删除) --name(给容器重命名)
出现效果:只会出现 lo一张网卡
2.3 host模式
命令:docker run -it --network host +容器名
可添加选项:–rm(运行后退出自动删除) --name(给容器重命名)
出现效果:和宿主机共用同个网卡
2.4 container模式
命令:①docker run -it +容器(先运行一个容器)
docker run -it --network container:另个①容器id或容器名 +容器名
可添加选项:–rm(运行后退出自动删除) --name(给容器重命名)
出现效果:容器和另一个或多个容器共享一个网卡IP
此模式只能实现网络地址共享,如:
...先创建一个容器y1并开启:
[root@king ~]# systemctl start docker
[root@king ~]# docker run --rm -it --name y1 busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
4: eth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ # mkdir /tmp/data && ls /tmp/ //创建一个目录
data
/ # echo 'okok~' > /tmp/index.html //把okok~写入到index.html中
/ # cat /tmp/index.html
okok~
/ # httpd -h /tmp/ //指定httpd的查看家目录为/tmp目录下
/ # netstat -antl //查看80端口是否开启(只能用netstat查看,ss显示不存在)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 :::80 :::* LISTEN
...再创建一个一个container模式下y2,共享y1的ip:
[root@king ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f16140cd1e8c busybox "sh" 22 seconds ago Up 20 seconds y1
[root@king ~]# docker run --rm -it --network container:y1 --name y2 busybox
/ # ip a //发现使用的是y1的IP,共享y1的IP
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
4: eth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ # ls /tmp/ //此时未发现data目录,确定文件系统不能共享
/ # wget -O - -q 127.0.0.1:80 //-O把文件输出; - 相当于su转换登录用户;-q退出
//在y2上用本地环回地址查看y1上httpd网络站点[成功访问]
okok~
3、容器中常用操作
3.1 容器主机名
[root@king ~]# docker run --rm -it busybox
/ # hostname
a2fcc4d7bedf
//可以发现容器主机名和容器id是一样的
[root@king ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a2fcc4d7bedf busybox "sh" 3 minutes ago Up 3 minutes funny_chatterjee
...可以给容器主机重命名:
[root@king ~]# docker run --rm -it --hostname rongqi1 busybox
/ # hostname
rongqi1 //已重命名主机名(此时容器主机名和容器id不同)
/ # cat /etc/hosts // 查看主机详细信息
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 rongqi1 //此时主机名也会映射到相应IP
/ # cat /etc/resolv.conf //查看DNS,DNS也会自动配置为宿主机的DNS
# Generated by NetworkManager
search localdomain
nameserver 192.168.120.2
...给容器主机设置指定DNS:
[root@king ~]# docker run --rm -it --dns 114.114.114.114 busybox
/ # cat /etc/resolv.conf
search localdomain
nameserver 114.114.114.114
...手动往/etc/hosts文件中注入主机名到IP地址的映射:
[root@king ~]# docker run --rm -it --add-host www.tang.com:10.10.10.10 busybox
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
10.10.10.10 www.tang.com
172.17.0.2 6f52b2be1f4d
3.2 开放端口-映射
-p 端口映射四种类型:
1、-p 指定本地端口:容器端口
[root@king ~]# docker run --rm -it -p 80:80 httpd
//复制窗口 查看(将容器端口映射到本地端口进行网络访问)
[root@king ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b6145d156944 httpd "httpd-foreground" About a minute ago Up About a minute 0.0.0.0:80->80/tcp, :::80->80/tcp thirsty_mestorf
[root@king ~]# curl 192.168.120.128 //可用curl访问httpd
<html><body><h1>It works!</h1></body></html>
2、-p +容器端口
[root@king ~]# docker run --rm -it -p 80 httpd
//复制窗口 查看(给容器端口做一个到本机端口映射,端口没有指定就是动态分配本地端口)
[root@king ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
94e87b5c4ae8 httpd "httpd-foreground" 11 seconds ago Up 10 seconds 0.0.0.0:49153->80/tcp, :::49153->80/tcp strange_franklin
[root@king ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 0.0.0.0:49153 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 [::]:49153 [::]:*
[root@king ~]# curl 192.168.120.128:49153
<html><body><h1>It works!</h1></body></html>
3、-p 指定ip地址::容器端口
[root@king ~]# docker run --rm -it -p 192.168.120.128::80 nginx
//复制窗口 查看(将容器端口映射到指定主机IP上动态分配的本地端口)
[root@king ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c9d4bae8de4c nginx "/docker-entrypoint.…" 7 seconds ago Up 6 seconds 192.168.120.128:49155->80/tcp elated_mendeleev
[root@king ~]# curl 192.168.120.128:49155
<!DOCTYPE html>
<html>
......
</body>
</html>
4、-p 指定IP:指定主机端口:容器端口
[root@king ~]# docker run --rm -it -p 192.168.120.128:8081:80 httpd
//复制窗口 查看(将容器端口号映射到指定主机上指定的端口号)
[root@king ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4ba1c6e3fbed httpd "httpd-foreground" 8 seconds ago Up 7 seconds 192.168.120.128:8081->80/tcp ecstatic_ptolemy
[root@king ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 192.168.120.128:8081 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
[root@king ~]# curl 192.168.120.128:8081
<html><body><h1>It works!</h1></body></html>
3.3 自定义容器bridge0网络属性
进入配置文件/etc/docker/daemon.json可添加如下内容:
{
"bip": "192.168.1.5/24",
"fixed-cidr": "192.168.1.5/25",
"fixed-cidr-v6": "2001:db8::/64",
"mtu": 1500,
"default-gateway": "10.20.1.1",
"default-gateway-v6": "2001:db8:abcd::89",
"dns": ["10.20.1.2","10.20.1.3"]
}
[root@king ~]# vim /etc/docker/daemon.json
{
"bip": "10.0.1.1/24", //修改bridge0网卡的IP
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn/","https://registry.docker-cn.com"]
}
[root@king ~]# systemctl restart docker //重启docker服务
[root@king ~]# ip a
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:21:c9:c8:93 brd ff:ff:ff:ff:ff:ff
inet 10.0.1.1/24 brd 10.0.1.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:21ff:fec9:c893/64 scope link
valid_lft forever preferred_lft forever
[root@king ~]# docker run --rm -it busybox //新开启一个容器,测试查看eth0的ip
/ # ip a
34: eth0@if35: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:0a:00:01:02 brd ff:ff:ff:ff:ff:ff
inet 10.0.1.2/24 brd 10.0.1.255 scope global eth0
valid_lft forever preferred_lft forever
3.4 远程连接
本机操作(192.168.120.128):
[root@king ~]# vim /etc/docker/daemon.json
修改/etc/docker/daemon.json配置文件,添加如下内容,然后重启docker服务:
"hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]
[退出保存]
[root@king ~]# systemctl daemon-reload //重新加载
[root@king ~]# systemctl restart docker
Job for docker.service failed because the control process exited with error code.
See "systemctl status docker.service" and "journalctl -xe" for details.
[重启服务会报错,此时需要点入官方配置文档找到configure and run Docker]
...根据要求需创建docker.service.d后编辑docker.conf新文件:
[root@king ~]# mkdir /etc/systemd/system/docker.service.d
[root@king ~]# cd /etc/systemd/system/docker.service.d/
[root@king docker.service.d]# vim docker.conf
[root@king docker.service.d]# ls
docker.conf
[root@king docker.service.d]# cd
[root@king ~]# systemctl daemon-reload
[root@king ~]# systemctl restart docker
[root@king ~]# docker run --rm -it busybox /bin/sh
//复制窗口
[root@king ~]# docker ps //查看运行的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
57cd290aca18 busybox "/bin/sh" 6 minutes ago Up 6 minutes dazzling_varahamihira
开启另一台虚拟机(此虚拟机上要有安装的docker):
[root@CATU ~]# docker -H 192.168.120.128:2375 ps //远程登录,可查看到有一样运行容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
57cd290aca18 busybox "/bin/sh" About a minute ago Up About a minute dazzling_varahamihira
[root@CATU ~]#
[远程连接成功]
4、docker自定义网桥
自定义创建网桥分配IP地址:
[root@king ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
3111c017f5f6 bridge bridge local
99e82279d95b host host local
42834266bc19 none null local
[root@king ~]# docker network create -d bridge --subnet "192.168.100.1/24" --gateway "192.168.100.2" br8
8a29b5c15437b8a7a2a296055bdd5b0193f2a3c22d473117176d92310d2ae46e
[root@king ~]# docker network ls //添加成功br8网桥
NETWORK ID NAME DRIVER SCOPE
8a29b5c15437 br8 bridge local
3111c017f5f6 bridge bridge local
99e82279d95b host host local
42834266bc19 none null local
[root@king ~]# docker run --rm -it --network br8 busybox
/ # ip a //新网桥给容器分配的IP地址
...
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:c0:a8:64:01 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.1/24 brd 192.168.100.255 scope global eth0
valid_lft forever preferred_lft forever
259
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
