1. Linux内核实现名称空间的创建
1.1 ip netns命令
可以借助ip netns命令来完成对 Network Namespace 的各种操作。ip netns命令来自于iproute安装包,一般系统会默认安装,如果没有的话,请自行安装。
注意:ip netns命令修改网络配置时需要 sudo 权限。
可以通过ip netns命令完成对Network Namespace 的相关操作,可以通过ip netns help查看命令帮助信息:
[root@localhost ~]# ip netns help
Usage: ip netns list 列出名称空间
ip netns add NAME 添加名称空间
ip netns attach NAME PID 进入名称空间
ip netns set NAME NETNSID 设置名称空间
ip [-all] netns delete [NAME] 删除
ip netns identify [PID]
ip netns pids NAME
ip [-all] netns exec [NAME] cmd ...
ip netns monitor 监控
ip netns list-id
NETNSID := auto | POSITIVE-INT
默认情况下,Linux系统中是没有任何 Network Namespace的,所以ip netns list命令不会返回任何信息。
1.2 创建Network Namespace
通过命令创建一个名为ns0的命名空间:
[root@localhost ~]# ip netns list 列出
[root@localhost ~]# ip netns add ns0 创建
[root@localhost ~]# ip netns list
ns0
新创建的 Network Namespace 会出现在/var/run/netns/目录下。如果相同名字的 namespace 已经存在,命令会报Cannot create namespace file “/var/run/netns/ns0”: File exists的错误。
[root@localhost ~]# ls /var/run/netns/ 已经存在一个
ns0
[root@localhost ~]# ip netns add ns0 再创建一个会报错
Cannot create namespace file "/var/run/netns/ns0": File exists
[root@localhost ~]# ll /var/run/netns/
total 0
-r--r--r-- 1 root root 0 Jan 7 14:02 ns0
[root@localhost ~]# file /var/run/netns/ns0
/var/run/netns/ns0: empty
对于每个 Network Namespace 来说,它会有自己独立的网卡、路由表、ARP 表、iptables 等和网络相关的资源。
1.3 操作Network Namespace
ip命令提供了ip netns exec子命令可以在对应的 Network Namespace 中执行命令。
查看新创建 Network Namespace 的网卡信息:
[root@localhost ~]# ip netns list
ns0
[root@localhost ~]# ip netns exec ns0 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
启用lo回环网卡:
[root@localhost ~]# ip netns exec ns0 ip link set lo up
[root@localhost ~]# ip netns exec ns0 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
此时可以ping通
[root@localhost ~]# ip netns exec ns0 ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.057 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.031 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.081 ms
64 bytes from 127.0.0.1: icmp_seq=4 ttl=64 time=0.080 ms
^C
--- 127.0.0.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 101ms
rtt min/avg/max/mdev = 0.031/0.062/0.081/0.021 ms
1.4 转移设备
我们可以在不同的 Network Namespace 之间转移设备(如veth)。由于一个设备只能属于一个 Network Namespace ,所以转移后在这个 Network Namespace 内就看不到这个设备了。
其中,veth设备属于可转移设备,而很多其它设备(如lo、vxlan、ppp、bridge等)是不可以转移的。
1.5 veth pair
veth pair 全称是 Virtual Ethernet Pair,是一个成对的端口,所有从这对端口一 端进入的数据包都将从另一端出来,反之也是一样。
引入veth pair是为了在不同的 Network Namespace 直接进行通信,利用它可以直接将两个 Network Namespace 连接起来。
1. 创建两个名称空间并启动
[root@localhost ~]# ip netns list
ns0
[root@localhost ~]# ip netns add ns1
[root@localhost ~]# ip netns list
ns1
ns0
[root@localhost ~]# ip netns exec ns1 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
[root@localhost ~]# ip netns exec ns1 ip link set lo up
[root@localhost ~]# ip netns exec ns1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
1.6 创建veth pair
2. 创建veth pair
[root@localhost ~]# ip a 此时并没有veth pair
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:46:e0:ad brd ff:ff:ff:ff:ff:ff
inet 192.168.50.154/24 brd 192.168.50.255 scope global dynamic noprefixroute ens33
valid_lft 1514sec preferred_lft 1514sec
inet6 fe80::8c73:5c6d:5950:5834/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:66:c5:da:d5 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
创建
[root@localhost ~]# ip link add type veth
此时出现一对veth1和veth0
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:46:e0:ad brd ff:ff:ff:ff:ff:ff
inet 192.168.50.154/24 brd 192.168.50.255 scope global dynamic noprefixroute ens33
valid_lft 1467sec preferred_lft 1467sec
inet6 fe80::8c73:5c6d:5950:5834/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:66:c5:da:d5 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
4: veth0@veth1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether ea:4a:2d:31:49:49 brd ff:ff:ff:ff:ff:ff
5: veth1@veth0: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether fa:52:67:94:58:69 brd ff:ff:ff:ff:ff:ff
可以看到,此时系统中新增了一对veth pair,将veth0和veth1两个虚拟网卡连接了起来,此时这对 veth pair 处于”未启用“状态。
1.7 实现Network Namespace间通信
- 此时我们有两个名称空间
[root@localhost ~]# ip netns list
ns1
ns0
- 将veth0加入到ns0,将veth1加入到ns1
3. 转移
[root@localhost ~]# ip link set veth0 netns ns0 转移veth0
veth0被转移到名称空间
[root@localhost ~]# ip netns exec ns0 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
4: veth0@if5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether ea:4a:2d:31:49:49 brd ff:ff:ff:ff:ff:ff link-netnsid 0
此时就只剩下一个veth1
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:46:e0:ad brd ff:ff:ff:ff:ff:ff
inet 192.168.50.154/24 brd 192.168.50.255 scope global dynamic noprefixroute ens33
valid_lft 1120sec preferred_lft 1120sec
inet6 fe80::8c73:5c6d:5950:5834/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:66:c5:da:d5 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
5: veth1@if4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether fa:52:67:94:58:69 brd ff:ff:ff:ff:ff:ff link-netns ns0
- 给veth0和veth1配置ip
给veth0添加:
[root@localhost ~]# ip netns exec ns0 ip addr add 192.168.10.1/24 dev veth0 给veth0配置Ip为192.168.10.1,子网掩码为24
[root@localhost ~]# ip netns exec ns0 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
4: veth0@if5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether ea:4a:2d:31:49:49 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.10.1/24 scope global veth0
valid_lft forever preferred_lft forever
给veth1添加:
[root@localhost ~]# ip addr add 192.168.10.1/24 dev veth1 给veth1添加ip为192.168.10.1,子网掩码为24
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:46:e0:ad brd ff:ff:ff:ff:ff:ff
inet 192.168.50.154/24 brd 192.168.50.255 scope global dynamic noprefixroute ens33
valid_lft 1570sec preferred_lft 1570sec
inet6 fe80::8c73:5c6d:5950:5834/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:66:c5:da:d5 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
5: veth1@if4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether fa:52:67:94:58:69 brd ff:ff:ff:ff:ff:ff link-netns ns0
inet 192.168.10.1/24 scope global veth1
valid_lft forever preferred_lft forever
- 把veth1移到名称空间里
[root@localhost ~]# ip link set veth1 netns ns1
此时本地就没有了
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:46:e0:ad brd ff:ff:ff:ff:ff:ff
inet 192.168.50.154/24 brd 192.168.50.255 scope global dynamic noprefixroute ens33
valid_lft 1237sec preferred_lft 1237sec
inet6 fe80::8c73:5c6d:5950:5834/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:66:c5:da:d5 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
名称空间里有veth1
[root@localhost ~]# ip netns exec ns1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
5: veth1@if4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether fa:52:67:94:58:69 brd ff:ff:ff:ff:ff:ff link-netns ns0
- 启用veth0和veth1
[root@localhost ~]# ip netns exec ns0 ip link set veth0 up
[root@localhost ~]# ip netns exec ns1 ip link set veth1 up
此时veth0已经被启用
[root@localhost ~]# ip netns exec ns0 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
4: veth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether ea:4a:2d:31:49:49 brd ff:ff:ff:ff:ff:ff link-netns ns1
inet 192.168.10.1/24 scope global veth0
valid_lft forever preferred_lft forever
inet6 fe80::e84a:2dff:fe31:4949/64 scope link
valid_lft forever preferred_lft forever
此时veth1已经被启用,但没有ip,所以要配一个Ip
[root@localhost ~]# ip netns exec ns1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
5: veth1@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether fa:52:67:94:58:69 brd ff:ff:ff:ff:ff:ff link-netns ns0
inet6 fe80::f852:67ff:fe94:5869/64 scope link
valid_lft forever preferred_lft forever
给veth1配置Ip
[root@localhost ~]# ip netns exec ns1 ip addr add 192.168.10.2/24 dev veth1
[root@localhost ~]# ip netns exec ns1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
5: veth1@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether fa:52:67:94:58:69 brd ff:ff:ff:ff:ff:ff link-netns ns0
inet 192.168.10.2/24 scope global veth1
valid_lft forever preferred_lft forever
inet6 fe80::f852:67ff:fe94:5869/64 scope link
valid_lft forever preferred_lft forever
- 此时可以在veth1上ping通veth0
[root@localhost ~]# ip netns exec ns1 ping 192.168.10.1
PING 192.168.10.1 (192.168.10.1) 56(84) bytes of data.
64 bytes from 192.168.10.1: icmp_seq=1 ttl=64 time=0.070 ms
64 bytes from 192.168.10.1: icmp_seq=2 ttl=64 time=0.027 ms
64 bytes from 192.168.10.1: icmp_seq=3 ttl=64 time=0.051 ms
64 bytes from 192.168.10.1: icmp_seq=4 ttl=64 time=0.095 ms
1.8 veth设备重命名
更改veth0名字为eth0:
1. 先停掉
[root@localhost ~]# ip netns exec ns0 ip link set veth0 down
2. 修改名字
[root@localhost ~]# ip netns exec ns0 ip link set dev veth0 name eth0
3. 启动
[root@localhost ~]# ip netns exec ns0 ip link set eth0 up
4. 查看更改后的名字
[root@localhost ~]# ip netns exec ns0 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
4: eth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether ea:4a:2d:31:49:49 brd ff:ff:ff:ff:ff:ff link-netns ns1
inet 192.168.10.1/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::e84a:2dff:fe31:4949/64 scope link
valid_lft forever preferred_lft forever
更改veth1名字为eth0:
[root@localhost ~]# ip netns exec ns1 ip link set veth1 down
[root@localhost ~]# ip netns exec ns1 ip link set dev veth1 name eth0
[root@localhost ~]# ip netns exec ns1 ip link set eth0 up[root@localhost ~]# ip netns exec ns1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
5: eth0@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether fa:52:67:94:58:69 brd ff:ff:ff:ff:ff:ff link-netns ns0
inet 192.168.10.2/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::f852:67ff:fe94:5869/64 scope link
valid_lft forever preferred_lft forever
2. 四种网络模式配置
2.1 bridge模式配置
这两种方式查看的结果是一样的
[root@localhost ~]# docker ps 迟早被淘汰
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
这种方式是添加了对象,比如这里就添加的容器为对象
[root@localhost ~]# docker container ls 慢慢引进
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
例子:
使用第二种方式删除容器
[root@localhost ~]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0ddf3f7995f8 nginx "/docker-entrypoint.…" 21 hours ago Exited (255) About an hour ago epic_wiles
462800f6c4ff centos "/bin/bash" 23 hours ago Exited (255) 21 hours ago stupefied_chaum
adbaef0144e5 centos "/bin/bash" 23 hours ago Exited (0) 23 hours ago quirky_rosalind
da3ff1b14c7f centos "/bin/bash" 23 hours ago Exited (0) 23 hours ago thirsty_chatterjee
7a9906299523 nginx "/docker-entrypoint.…" 23 hours ago Exited (255) 21 hours ago 80/tcp t3
ff020983154e nginx "/docker-entrypoint.…" 23 hours ago Exited (255) 21 hours ago 0.0.0.0:49153->80/tcp t2
fe3a2ac48cfa nginx "/docker-entrypoint.…" 24 hours ago Exited (255) 21 hours ago 0.0.0.0:8080->80/tcp t1
cb20cdc0348b def105017b12 "/bin/httpd -f -h /d…" 47 hours ago Exited (255) 25 hours ago amazing_cannon
[root@localhost ~]# docker container rm -f $(docker ps -aq)
0ddf3f7995f8
462800f6c4ff
adbaef0144e5
da3ff1b14c7f
7a9906299523
ff020983154e
fe3a2ac48cfa
cb20cdc0348b
[root@localhost ~]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
先启动容器
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:46:e0:ad brd ff:ff:ff:ff:ff:ff
inet 192.168.50.154/24 brd 192.168.50.255 scope global dynamic noprefixroute ens33
valid_lft 1101sec preferred_lft 1101sec
inet6 fe80::8c73:5c6d:5950:5834/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:66:c5:da:d5 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
# 在创建容器时添加--network bridge与不加--network选项效果是一致的
[root@localhost ~]# docker run -it --rm --network=bridge busybox /bin/sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02
inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1172 (1.1 KiB) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
2.2 none模式配置
[root@localhost ~]# docker container run -it --rm --network=none busybox /bin/sh
/ # ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ # exit
[root@localhost ~]#
2.3 container模式配置
- 启动容器
[root@localhost ~]# docker container run -it --rm --name=b1 busybox /bin/sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02
inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:696 (696.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
8: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ #
启动第二个容器,跟第一个容器使用同一个名称空间,所以ip一样,都是172.17.0.2
此时只共享网络,不共享文件系统
[root@localhost ~]# docker container run -it --rm --network=container:b1 busybox /bin/sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
8: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ #
- 在第一个容器上部署一个站点
[root@localhost ~]# docker container run -it --rm --name=b1 busybox /bin/sh
/ # echo 'hello worls' > /tmp/index.html
/ # cat /tmp/index.html
hello worls
/ # httpd -h /tmp
/ # netstat -antl
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 :::80 :::* LISTEN
- 在b1容器上用本地地址去访问此站点
[root@localhost ~]# docker container run -it --rm --network=container:b1 busybox /bin/sh
中间加个-表示只打印出来内容
/ # wget -O - -q 127.0.0.1:80
hello worls
中间不加-表示把内容写到一个文件里去
/ # ls
bin etc proc sys usr
dev home root tmp var
/ # wget -O hehe -q 127.0.0.1:80
/ # ls
bin etc home root tmp var
dev hehe proc sys usr
/ # cat hehe
hello worls
2.4 host模式配置
启动容器时直接指明模式为host
[root@localhost ~]# docker container run -it --rm --network=host busybox /bin/sh
进入容器查看网卡和在本机上查看网卡的效果是一样的
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel qlen 1000
link/ether 00:0c:29:46:e0:ad brd ff:ff:ff:ff:ff:ff
inet 192.168.50.154/24 brd 192.168.50.255 scope global dynamic noprefixroute ens33
valid_lft 1436sec preferred_lft 1436sec
inet6 fe80::8c73:5c6d:5950:5834/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
link/ether 02:42:66:c5:da:d5 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:66ff:fec5:dad5/64 scope link
valid_lft forever preferred_lft forever
此时如果我们在这个容器中启动一个http站点,我们就可以直接用宿主机的IP直接在浏览器中访问这个容器中的站点了。
例子:
/ # ls /tmp/
/ # echo 'hehe' > /tmp/index.html
/ # httpd -h /tmp
/ # netstat -antl
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 192.168.50.154:22 192.168.50.1:56608 ESTABLISHED
tcp 0 0 192.168.50.154:22 192.168.50.1:62552 ESTABLISHED
tcp 0 0 :::80 :::* LISTEN
tcp 0 0 :::22 :::* LISTEN
用宿主机ip去查看
3. 容器的常用操作
3. 1 查看容器的主机名
[root@localhost ~]# docker container run -it --rm busybox /bin/sh
/ # hostname
733bd7781885 这个主机名就是容器的名字,容器名字是随机的,所以主机名也是随机的
3.2 在容器启动时注入主机名
进入容器时跟上--hostname 就可以改主机名
[root@localhost ~]# docker container run -it --rm --hostname=maqiang busybox /bin/sh
/ # hostname
maqiang 主机名更改之后,容器id不会跟着主机名一起改变
注入主机名时会自动创建主机名到IP的映射关系
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 maqiang
DNS也会自动配置为宿主机的DNS
/ # cat /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 192.168.50.2
此时可以ping通
/ # ping maqiang
PING maqiang (172.17.0.2): 56 data bytes
64 bytes from 172.17.0.2: seq=0 ttl=64 time=0.051 ms
64 bytes from 172.17.0.2: seq=1 ttl=64 time=0.137 ms
64 bytes from 172.17.0.2: seq=2 ttl=64 time=0.068 ms
3.3 手动指定容器要使用的DNS
1. 更改DNS
[root@localhost ~]# docker container run -it --rm --hostname=maqiang --dns=114.114.114.114 busybox /bin/sh
/ # cat /etc/resolv.conf
search localdomain
nameserver 114.114.114.114
3.4 手动往/etc/hosts文件中注入主机名到IP地址的映射
[root@localhost ~]# docker container run -it --rm --hostname=maqiang --dns=114.114.114.114 --add-host=www.a.com:1.1.1.1 busybox /bin/sh
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
1.1.1.1 www.a.com
172.17.0.2 maqiang
3.5 开放容器端口
执行docker run的时候有个-p选项,可以将容器中的应用端口映射到宿主机中,从而实现让外部主机可以通过访问宿主机的某端口来访问容器内应用的目的。
-p选项能够使用多次,其所能够暴露的端口必须是容器确实在监听的端口。
-p选项的使用格式:
- -p (containerPort):将指定的容器端口映射至主机所有地址的一个动态端口
启动容器
[root@localhost ~]# docker container run --rm -p 80 httpd
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[Thu Jan 07 08:00:32.181315 2021] [mpm_event:notice] [pid 1:tid 140069323404416] AH00489: Apache/2.4.46 (Unix) configured -- resuming normal operations
[Thu Jan 07 08:00:32.191707 2021] [core:notice] [pid 1:tid 140069323404416] AH00094: Command line: 'httpd -D FOREGROUND'
此时会出现80端口号,随即映射到别出去
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
84455ee460b7 httpd "httpd-foreground" 25 seconds ago Up 24 seconds 0.0.0.0:49153->80/tcp xenodochial_sanderson
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:49153 *:*
LISTEN 0 128 [::]:22 [::]:*
终止容器运行,端口就会消失
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
- -p (hostPort):(containerPort):将容器端口(containerPort)映射至指定的主机端口(hostPort)
[root@localhost ~]# docker container run --rm -p 8080:80 httpd
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[Thu Jan 07 08:04:40.666057 2021] [mpm_event:notice] [pid 1:tid 139930534077568] AH00489: Apache/2.4.46 (Unix) configured -- resuming normal operations
[Thu Jan 07 08:04:40.666184 2021] [core:notice] [pid 1:tid 139930534077568] AH00094: Command line: 'httpd -D FOREGROUND'
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:8080 *:*
LISTEN 0 128 [::]:22 [::]:*
- -p (ip)::(containerPort):将指定的容器端口(containerPort)映射至主机指定(ip)的动态端口
[root@localhost ~]# docker container run --rm -p 192.168.50.154::80 httpd
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[Thu Jan 07 08:06:06.243378 2021] [mpm_event:notice] [pid 1:tid 140392486634624] AH00489: Apache/2.4.46 (Unix) configured -- resuming normal operations
[Thu Jan 07 08:06:06.243487 2021] [core:notice] [pid 1:tid 140392486634624] AH00094: Command line: 'httpd -D FOREGROUND'
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 192.168.50.154:49153 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
- -p (ip):(hostPort):(containerPort):将指定的容器端口(containerPort)映射至主机指定(ip)的端口(hostPort)
[root@localhost ~]# docker container run --rm -p 192.168.50.154:8080:80 httpd
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[Thu Jan 07 08:08:20.621275 2021] [mpm_event:notice] [pid 1:tid 140421382939776] AH00489: Apache/2.4.46 (Unix) configured -- resuming normal operations
[Thu Jan 07 08:08:20.621582 2021] [core:notice] [pid 1:tid 140421382939776] AH00094: Command line: 'httpd -D FOREGROUND'
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 192.168.50.154:8080 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
动态端口指的是随机端口,具体的映射结果可使用docker port命令查看。
[root@localhost ~]# docker container run --rm -p 80 httpd
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[Thu Jan 07 08:09:59.322615 2021] [mpm_event:notice] [pid 1:tid 140174092133504] AH00489: Apache/2.4.46 (Unix) configured -- resuming normal operations
[Thu Jan 07 08:09:59.322733 2021] [core:notice] [pid 1:tid 140174092133504] AH00094: Command line: 'httpd -D FOREGROUND'
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:49154 *:*
LISTEN 0 128 [::]:22 [::]:*
以上命令执行后会一直占用着前端,我们新开一个终端连接来看一下容器的80端口被映射到了宿主机的什么端口上
[root@localhost ~]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e1e657813eeb httpd "httpd-foreground" 23 seconds ago Up 22 seconds 0.0.0.0:49154->80/tcp mystifying_wu
[root@localhost ~]# docker container port e1e657813eeb
80/tcp -> 0.0.0.0:49154
由此可见,容器的80端口被暴露到了宿主机的32769端口上,此时我们在宿主机上访问一下这个端口看是否能访问到容器内的站点
[root@localhost ~]# curl 127.0.0.1:49155
<html><body><h1>It works!</h1></body></html>
3.6 自定义docker0桥的网络属性信息
- 官方文档相关配置
例一:
1. 此时docker的IP为172.17.0.1
[root@localhost docker]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:46:e0:ad brd ff:ff:ff:ff:ff:ff
inet 192.168.50.154/24 brd 192.168.50.255 scope global dynamic noprefixroute ens33
valid_lft 1478sec preferred_lft 1478sec
inet6 fe80::8c73:5c6d:5950:5834/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:66:c5:da:d5 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:66ff:fec5:dad5/64 scope link
valid_lft forever preferred_lft forever
2. 修改配置文件
[root@localhost ~]# cd /etc/docker/
[root@localhost docker]# ls
daemon.json key.json
[root@localhost docker]# vim daemon.json
{
"bip":"192.168.100.1/24", 这里添加网桥Ip,这里定义的是100.1,所以第一个容器启动的ip应该是100.2,以此内推
"registry-mirrors": ["https://registry.docker-cn.com","https://11vuihex.mirror.aliyuncs.com"]
}
3. 重新读取后重启,此时Ip为刚才添加的192.168.100.1
[root@localhost docker]# systemctl daemon-reload
[root@localhost docker]# systemctl restart docker
[root@localhost docker]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:46:e0:ad brd ff:ff:ff:ff:ff:ff
inet 192.168.50.154/24 brd 192.168.50.255 scope global dynamic noprefixroute ens33
valid_lft 1464sec preferred_lft 1464sec
inet6 fe80::8c73:5c6d:5950:5834/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:66:c5:da:d5 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.1/24 brd 192.168.100.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:66ff:fec5:dad5/64 scope link
valid_lft forever preferred_lft forever
4. 查看容器内的ip是否是192.168.100.2
[root@localhost ~]# docker container run --rm -it busybox /bin/sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
32: eth0@if33: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:c0:a8:64:02 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.2/24 brd 192.168.100.255 scope global eth0
valid_lft forever preferred_lft forever
例二:
1. 此时查看dns为192.158.50.2
[root@localhost ~]# docker container run --rm -it busybox /bin/sh
/ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.100.1 0.0.0.0 UG 0 0 0 eth0
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
/ # cat /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 192.168.50.2
2. 修改配置文件
[root@localhost docker]# vim daemon.json
{
"bip":"192.168.100.1/24",
"dns":["114.114.114.114","8.8.8.8"], 添加此行
"registry-mirrors": ["https://registry.docker-cn.com","https://11vuihex.mirror.aliyuncs.com"]
}
3. 重新读取,重启再查看dns为114.114.114.114 和新添加的8.8.8.8
[root@localhost docker]# systemctl daemon-reload
[root@localhost docker]# systemctl restart docker
[root@localhost ~]# docker container run --rm -it busybox /bin/sh
/ # cat /etc/resolv.conf
search localdomain
nameserver 114.114.114.114
nameserver 8.8.8.8
3.7 docker远程连接
1. 修改配置文件
[root@localhost docker]# vim daemon.json
{
"bip":"192.168.100.1/24",
"hosts":["tcp://0.0.0.0:2375","unix:///var/run/docker/docker.sock"], 添加此行
"dns":["114.114.114.114","8.8.8.8"],
"registry-mirrors": ["https://registry.docker-cn.com","https://11vuihex.mirror.aliyuncs.com"]
}
2. 创建一个目录并写入文件内容
[root@localhost docker]# mkdir /etc/systemd/system/docker.service.d
[root@localhost docker]# vim /etc/systemd/system/docker.service.d/docker.conf
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd
3. 重新读取,重启
[root@localhost docker]# systemctl daemon-reload
[root@localhost docker]# systemctl restart docker
4. 此时需要添加ip来查看容器
[root@localhost ~]# docker container ls 此种方式会一致卡在这
^C
[root@localhost ~]# docker -H 192.168.50.154:2375 container ls 添加宿主机Ip可以查看
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
此时可以用其他主机来创建容器并访问
[root@localhost ~]# docker -H 192.168.50.154:2375 container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e94dd14f2d2f nginx "/docker-entrypoint.…" 8 seconds ago Up 7 seconds 80/tcp web
如何恢复
1. 删除文件和目录
[root@localhost docker]# rm -rf /etc/systemd/system/docker.service.d/docker.conf
[root@localhost docker]# rm -rf /etc/systemd/system/docker.service.d
2. 将配置文件添加的内容删除
[root@localhost docker]# vim daemon.json
{
"bip":"192.168.100.1/24",
"dns":["114.114.114.114","8.8.8.8"],
"registry-mirrors": ["https://registry.docker-cn.com","https://11vuihex.mirror.aliyuncs.com"]
}
3. 重启
[root@localhost docker]# systemctl daemon-reload
[root@localhost docker]# systemctl restart docker
4. 此时就可以用这种方式查看了
5. 但是刚才创建的容器会停止运行,并没有被删除
[root@localhost docker]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost docker]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e94dd14f2d2f nginx "/docker-entrypoint.…" 3 minutes ago Exited (0) 24 seconds ago web
3.8 docker创建自定义桥
创建一个额外的自定义桥,区别于docker0
1. 创建一个新的自定义网桥
[root@localhost ~]# docker network create -d bridge --subnet 192.168.110.1/24 --gateway 192.168.110.1 br0
45c7f1b2f8f5fd9edde68298e4549036e496b3abe15854bf657ca2e927904f53
2. 此时就有一个br0网桥
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
45c7f1b2f8f5 br0 bridge local
7bde2be3f44c bridge bridge local
3bfb538e84fe host host local
55560990bcf7 none null local
3. 运行容器
[root@localhost ~]# docker container run --rm --network br0 -it busybox /bin/sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
42: eth0@if43: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:c0:a8:6e:02 brd ff:ff:ff:ff:ff:ff
inet 192.168.110.2/24 brd 192.168.110.255 scope global eth0
valid_lft forever preferred_lft forever
/ #
再用默认的方式运行,此时会发现两种方式的IP不一样
[root@localhost ~]# docker container run --rm -it busybox /bin/sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
44: eth0@if45: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:c0:a8:64:02 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.2/24 brd 192.168.100.255 scope global eth0
valid_lft forever preferred_lft forever
/ #
此时有两个网桥,一个用192.168.100.2创建的容器,一个用192.168.110.2创建的容器,试问,现在两个容器能否通信?
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:46:e0:ad brd ff:ff:ff:ff:ff:ff
inet 192.168.50.154/24 brd 192.168.50.255 scope global dynamic noprefixroute ens33
valid_lft 1181sec preferred_lft 1181sec
inet6 fe80::8c73:5c6d:5950:5834/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:66:c5:da:d5 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.1/24 brd 192.168.100.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:66ff:fec5:dad5/64 scope link
valid_lft forever preferred_lft forever
41: br-45c7f1b2f8f5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:49:30:c5:d3 brd ff:ff:ff:ff:ff:ff
inet 192.168.110.1/24 brd 192.168.110.255 scope global br-45c7f1b2f8f5
valid_lft forever preferred_lft forever
inet6 fe80::42:49ff:fe30:c5d3/64 scope link
valid_lft forever preferred_lft forever
43: veth2e60f82@if42: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-45c7f1b2f8f5 state UP group default
link/ether 32:31:6d:b7:c2:c6 brd ff:ff:ff:ff:ff:ff link-netnsid 2
inet6 fe80::3031:6dff:feb7:c2c6/64 scope link
valid_lft forever preferred_lft forever
45: veth69fe291@if44: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 32:f0:60:67:9d:7b brd ff:ff:ff:ff:ff:ff link-netnsid 3
inet6 fe80::30f0:60ff:fe67:9d7b/64 scope link
valid_lft forever preferred_lft forever
47: vethb7c631d@if46: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-45c7f1b2f8f5 state UP group default
link/ether 7e:32:41:b6:2e:2d brd ff:ff:ff:ff:ff:ff link-netnsid 4
inet6 fe80::7c32:41ff:feb6:2e2d/64 scope link
valid_lft forever preferred_lft forever
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
320886a830b6 busybox "/bin/sh" 15 seconds ago Up 14 seconds hopeful_borg
5d17e2589dbb busybox "/bin/sh" 17 minutes ago Up 17 minutes pedantic_chatelet
b9aa2c59f775 busybox "/bin/sh" 2 hours ago Up 2 hours busy_margulis
232de35873e8 busybox "/bin/sh" 2 hours ago Up 2 hours jolly_haslett
[root@localhost ~]# docker network connect br0 320886a830b6 添加这个容器
[root@localhost ~]# docker run --rm -it busybox /bin/sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
50: eth0@if51: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:c0:a8:64:03 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.3/24 brd 192.168.100.255 scope global eth0
valid_lft forever preferred_lft forever
/ # ip a 添加完那个容器就会多出eth1
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
50: eth0@if51: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:c0:a8:64:03 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.3/24 brd 192.168.100.255 scope global eth0
valid_lft forever preferred_lft forever
52: eth1@if53: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:c0:a8:6e:04 brd ff:ff:ff:ff:ff:ff
inet 192.168.110.4/24 brd 192.168.110.255 scope global eth1
valid_lft forever preferred_lft forever
/ # ping 192.168.100.2
PING 192.168.100.2 (192.168.100.2): 56 data bytes
64 bytes from 192.168.100.2: seq=0 ttl=64 time=0.115 ms
64 bytes from 192.168.100.2: seq=1 ttl=64 time=0.086 ms
64 bytes from 192.168.100.2: seq=2 ttl=64 time=0.072 ms
^C
--- 192.168.100.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.072/0.091/0.115 ms
/ # ping 192.168.110.2
PING 192.168.110.2 (192.168.110.2): 56 data bytes
64 bytes from 192.168.110.2: seq=0 ttl=64 time=0.353 ms
64 bytes from 192.168.110.2: seq=1 ttl=64 time=0.080 ms
64 bytes from 192.168.110.2: seq=2 ttl=64 time=0.120 ms
^C
--- 192.168.110.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.080/0.184/0.353 ms
8374
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
