練習5
1. 自定義docker0橋的網路屬性
[root@localhost ~]# vim /etc/docker/daemon.json #修改/etc/docker/daemon.json文件
{
"bip":"10.0.0.1/16", #bip是bridge ip。注意:不是最後一行最後要加上','
"dns":["1.1.1.1","8.8.8.8"] #創建的容器不要使用宿主機設定的DNS SERVER可以設定這一條
}
[root@localhost ~]# systemctl restart docker.service
[root@localhost ~]# ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 10.0.0.1 netmask 255.255.0.0 broadcast 10.0.255.255
inet6 fe80::42:a0ff:fe7d:8d64 prefixlen 64 scopeid 0x20<link>
ether 02:42:a0:7d:8d:64 txqueuelen 0 (Ethernet)
RX packets 41 bytes 5492 (5.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 54 bytes 4028 (3.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.128.234 netmask 255.255.255.0 broadcast 192.168.128.255
inet6 fe80::12da:f368:4b08:ba51 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:98:00:1a txqueuelen 1000 (Ethernet)
RX packets 15312 bytes 1334047 (1.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5122 bytes 860634 (840.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 66 bytes 5668 (5.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 66 bytes 5668 (5.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 02.dockerd守護進程的C/S,其默認僅監聽Unix Socket格式的地址'/var/run/docker.sock',所以別的宿主機不能連接,如果要監聽在TCP的套接字上
提示:啟動Docker服務有兩種方式:systemctl start docker.service、systemctl start docker.socket,而啟動docker.service也會啟動docker.socket,但啟動docker.socket不會啟動docker.service
[root@localhost ~]# vim /etc/docker/daemon.json
{
"host":["tcp://0.0.0.0:2375","unix:///var/run/docker.sock"]
}
[root@localhost ~]# mkdir /etc/systemd/system/docker.service.d
[root@localhost ~]# vim /etc/systemd/system/docker.service.d/override.conf
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl start docker.service
[root@localhost ~]# systemctl status docker.service
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/docker.service.d
└─override.conf
Active: active (running) since Sat 2021-05-15 10:09:35 EDT; 8min ago
Docs: https://docs.docker.com
Main PID: 7388 (dockerd)
Tasks: 10
Memory: 48.2M
CGroup: /system.slice/docker.service
└─7388 /usr/bin/dockerd
May 15 10:09:34 localhost.localdomain dockerd[7388]: time="2021-05-15T10:09:34.809160187-04:00" level=info msg="ClientConn switching balancer to \"...ule=grpc
May 15 10:09:34 localhost.localdomain dockerd[7388]: time="2021-05-15T10:09:34.827770963-04:00" level=info msg="[graphdriver] using prior storage d...verlay2"
May 15 10:09:34 localhost.localdomain dockerd[7388]: time="2021-05-15T10:09:34.853551573-04:00" level=info msg="Loading containers: start."
May 15 10:09:34 localhost.localdomain dockerd[7388]: time="2021-05-15T10:09:34.983830751-04:00" level=info msg="Default bridge (docker0) is assigne...address"
May 15 10:09:35 localhost.localdomain dockerd[7388]: time="2021-05-15T10:09:35.028959306-04:00" level=info msg="Loading containers: done."
May 15 10:09:35 localhost.localdomain dockerd[7388]: time="2021-05-15T10:09:35.054167022-04:00" level=info msg="Docker daemon" commit=8728dd2 graph...=20.10.6
May 15 10:09:35 localhost.localdomain dockerd[7388]: time="2021-05-15T10:09:35.054258414-04:00" level=info msg="Daemon has completed initialization"
May 15 10:09:35 localhost.localdomain systemd[1]: Started Docker Application Container Engine.
May 15 10:09:35 localhost.localdomain dockerd[7388]: time="2021-05-15T10:09:35.113167091-04:00" level=info msg="API listen on [::]:2375"
May 15 10:09:35 localhost.localdomain dockerd[7388]: time="2021-05-15T10:09:35.115286121-04:00" level=info msg="API listen on /var/run/docker.sock"
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
LISTEN 0 128 [::]:2375 [::]:*
[root@client ~]# docker -H 192.168.128.234:2375 image ls #另一宿主機連入查看容器鏡像
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx stable-alpine 3b715e351972 3 weeks ago 22.6 MB
redis latest 739b59b96069 3 weeks ago 105 MB
busybox latest 388056c9a683 5 weeks ago 1.23 MB
hello-world latest d1165f221234 2 months ago 13.3 kB3. 創建自定義橋
[root@localhost ~]# docker network create -d bridge --subnet "172.26.0.0/16" --gateway "172.26.0.1" mybr0
03b1ce6c5769732e48b7cbce4b7ad5daf5a629a5cc546ad6cf0049017b5b8e7d
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
c000eb7afcbf bridge bridge local
b322a9fe2d86 host host local
03b1ce6c5769 mybr0 bridge local #自定義橋
944950d6bda4 none null local
[root@localhost ~]# ifconfig
br-03b1ce6c5769: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 #自定義橋
inet 172.26.0.1 netmask 255.255.0.0 broadcast 172.26.255.255
ether 02:42:ab:7f:6a:f1 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 10.0.0.1 netmask 255.255.0.0 broadcast 10.0.255.255
inet6 fe80::42:a0ff:fe7d:8d64 prefixlen 64 scopeid 0x20<link>
ether 02:42:a0:7d:8d:64 txqueuelen 0 (Ethernet)
RX packets 41 bytes 5492 (5.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 54 bytes 4028 (3.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.128.234 netmask 255.255.255.0 broadcast 192.168.128.255
inet6 fe80::12da:f368:4b08:ba51 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:98:00:1a txqueuelen 1000 (Ethernet)
RX packets 22571 bytes 2084376 (1.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 9052 bytes 1779433 (1.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 66 bytes 5668 (5.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 66 bytes 5668 (5.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost ~]# docker container run --name t1 -it --rm --network mybr0 busybox:latest #創建容器指定其網路為mybr0
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:1A:00:02
inet addr:172.26.0.2 Bcast:172.26.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:782 (782.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)作業:創建2個容器分別屬於不同的橋,這2個容器怎麼互通?(提示:宿主機上的iptables規則看哪一條阻斷通訊,將那條刪除)