手动为docker配置固定ip
2017-07-18 00:29
323 查看
Docker默认使用bridge模式,通过网桥连接到宿主机,而容器内部的ip则从网桥所在的ip段取未用的ip。这样做一个不方便的地方在于容器内部的ip不是固定的,想要连接容器时只能通过映射到宿主机的端口,因而有很多项目使用overlay来为docker提供网络的配置,比如Pipework、Flannel、Kubernetes、Weave、opencontrail等。
想要使用overlay来为docker配置网络,需要首先了解下docker的网络模式:
to the Docker bridge as described above.
will still be confined to their own filesystem and process list and resource limits, a quick
this doesnot let the container reconfigure the host network stack — that would require
access local network services like D-bus. This can lead to processes in the container being able to do unexpected things like restart
your computer. You should use this option with caution.
own filesystem and process list and resource limits, but will share the same IP address and port numbers as the first container, and processes on the two containers will be able to connect to each other over the loopback interface.
of this document.
上面这几种方式只有--net=none才可以为docker分配固定ip,来看看如何操作。
首先,配置一个用于创建container interface的网桥,可以使用ovs,也可以使用Linux bridge,以linux
bridge为例:
接着,可以启动容器了,注意用--net=none方式启动:
下面,为该容器配置网络namespace,并设置固定ip:
这样,容器的网络就配置好了,如果容器内部开启了sshd服务,通过192.168.33.3就可以直接ssh连接到容器,非常方便。上面的步骤比较长,可以借助pipework来为容器设置固定ip(除了设置IP,还封装了配置网关、macvlan、vlan、dhcp等功能):
pipework docker0 be8365e3b2834 10.88.88.8/24
那么,当容器需要删除的时候,怎么清理网络呢,其实也很简单:
更多docker网络的配置,可以参考官方手册
想要使用overlay来为docker配置网络,需要首先了解下docker的网络模式:
--net=bridge— The default action, that connects theContainer
to the Docker bridge as described above.
--net=host— Tells Docker to skip placing the container inside of a separate network stack. In essence, this choice tells Docker to not containerize the container's networking! While container processes
will still be confined to their own filesystem and process list and resource limits, a quick
ip addrcommand will show you that, network-wise, they live “outside” in the main Docker host and have full access to its network interfaces. Note that
this doesnot let the container reconfigure the host network stack — that would require
--privileged=true— but it does let container processes open low-numbered ports like any other root process. It also allows the container to
access local network services like D-bus. This can lead to processes in the container being able to do unexpected things like restart
your computer. You should use this option with caution.
--net=container:NAME_or_ID— Tells Docker to put this container's processes inside of the network stack that has already been created inside of another container. The new container's processes will be confined to their
own filesystem and process list and resource limits, but will share the same IP address and port numbers as the first container, and processes on the two containers will be able to connect to each other over the loopback interface.
--net=none— Tells Docker to put the container inside of its own network stack but not to take any steps to configure its network, leaving you free to build any of the custom configurations explored in the last few sections
of this document.
上面这几种方式只有--net=none才可以为docker分配固定ip,来看看如何操作。
首先,配置一个用于创建container interface的网桥,可以使用ovs,也可以使用Linux bridge,以linux
bridge为例:
br_name=docker brctl addbr $br_name ip addr add 192.168.33.2/24 dev $br_name ip addr del 192.168.33.2/24 dev em1 ip link set $br_name up brctl addif $br_name eth0
接着,可以启动容器了,注意用--net=none方式启动:
# start new container hostname='docker.test.com' cid=$(docker run -d -i -h $hostname --net=none -t centos) pid=$(docker inspect -f '{{.State.Pid}}' $cid)
下面,为该容器配置网络namespace,并设置固定ip:
# set up netns mkdir -p /var/run/netns ln -s /proc/$pid/ns/net /var/run/netns/$pid # set up bridge ip link add q$pid type veth peer name r$pid brctl addif $br_name q$pid ip link set q$pid up # set up docker interface fixed_ip='192.168.33.3/24' gateway='192.168.33.1' ip link set r$pid netns $pid ip netns exec $pid ip link set dev r$pid name eth0 ip netns exec $pid ip link set eth0 up ip netns exec $pid ip addr add $fixed_ip dev eth0 ip netns exec $pid ip route add default via 192.168.33.1
这样,容器的网络就配置好了,如果容器内部开启了sshd服务,通过192.168.33.3就可以直接ssh连接到容器,非常方便。上面的步骤比较长,可以借助pipework来为容器设置固定ip(除了设置IP,还封装了配置网关、macvlan、vlan、dhcp等功能):
pipework docker0 be8365e3b2834 10.88.88.8/24
那么,当容器需要删除的时候,怎么清理网络呢,其实也很简单:
# stop and delete container docker stop $cid docker rm $cid # delete docker's net namespace (also delete veth pair) ip netns delete $pid
更多docker网络的配置,可以参考官方手册
相关文章推荐
- 手动为docker配置固定ip
- 手动为docker配置固定ip
- Docker 配置固定IP及桥接的实现方法
- 使用pipework配置docker容器固定ip
- 为docker配置固定ip
- ubuntu下docker固定IP配置及桥接
- 在Fortigate上配置ADSL+固定IP同时上网
- Linux系列:Fedora虚拟机设置固定IP上网(配置IP、网关、DNS、防止resolv.conf被重写)
- Docker学习(9)------配置Docker Container与Docker宿主机同网段IP
- Ubuntu固定ip和dns配置和查看
- 虚拟机中的CentOS 7设置固定IP连接最理想的配置
- docker为什么不用固定ip以及修改host文件
- Azure运维系列 7:现有虚拟机配置固定IP
- mac下通过虚拟机安装minimal centos和固定ip配置
- 解决docker不能绑定静态的外网固定ip的问题
- VMware Workstation虚拟机网络连接杂记、给Windows虚拟机配置固定IP
- 虚拟机中的CentOS 7设置固定IP连接最理想的配置
- Centos网络配置(手动设置和自动获取)IP的2种方法
- 利用pipework为docker容器设置固定IP
- centos7 固定ip配置笔记