首页 » docker » Docker多台宿主机间的容器互联-centos7(直接路由)

Docker多台宿主机间的容器互联-centos7(直接路由)

 
暂无评论 487次浏览

容器间的互通:目前有3种方法:

直接路由;ovs;flannel。

本文是直接路由方式实现的。

 

centos7系统不同物理服务器/虚拟机上的docker容器间互联(直接路由)。

环境:

node03:192.168.12.197,docker容器内网地址段:172.17.3.0/24

node04:192.168.12.198,docker容器内网地址段:172.17.4.0/24

准备:

1.node03和node04安装docker

yum install docker
service docker start
chkconfig docker on

2.node03和node04关闭selinux和firewall,安装常用包

2.1关闭selinux

setenforce 0(立即生效)

vi /etc/selinux/config ,(重启生效)

#SELINUX=enforcing
SELINUX=disabled

2.2关闭firewall

centos7默认开启了firewall,需关闭。

systemctl stop firewalld(立即生效)

systemctl disable firewalld(重启生效)

2.3安装net-tools,bridge-utils

yum install net-tools

yum install bridge-utils

2.4 开启ip转发

开启ip转发:cat /proc/sys/net/ipv4/ip_forward,显示为1,表示开启。

ip转发开启方法:

echo 1 > /proc/sys/net/ipv4/ip_forward (立即生效)

vi /etc/sysctl.conf添加

net.ipv4.ip_forward = 1                 (重启生效)

3.node03和node04新建网桥kbr0,并固定网桥ip。

3.1 node03配置:

service docker stop
brctl addbr kbr0
ip link set dev docker0 down
ip link del dev docker0

vi /etc/sysconfig/network-scripts/ifcfg-kbr0

DEVICE=kbr0
ONBOOT=yes
BOOTPROTO=static
IPADDR=172.17.3.1
NETMASK=255.255.255.0
GATEWAY=172.17.3.0
USERCTL=no
TYPE=Bridge
IPV6INIT=no

vi /etc/sysconfig/network-scripts/route-ens160 (ifconfig -a 查看网卡)
172.17.4.0/24 via 192.168.12.198 dev ens160

修改docker配置文件,添加-b参数
vi /etc/sysconfig/docker
OPTIONS=’–selinux-enabled -b=kbr0′
reboot

 

3.2 node04配置:
service docker stop
brctl addbr kbr0
ip link set dev docker0 down
ip link del dev docker0

vi /etc/sysconfig/network-scripts/ifcfg-kbr0

DEVICE=kbr0
ONBOOT=yes
BOOTPROTO=static
IPADDR=172.17.4.1
NETMASK=255.255.255.0
GATEWAY=172.17.4.0
USERCTL=no
TYPE=Bridge
IPV6INIT=no

vi /etc/sysconfig/network-scripts/route-ens160 (ifconfig -a 查看网卡)
172.17.3.0/24 via 192.168.12.197 dev ens160

修改docker配置文件,添加-b参数
vi /etc/sysconfig/docker
OPTIONS=’–selinux-enabled -b=kbr0′
reboot

4.验证两宿主机容器间互通性。

node03:

[root@centos7_kube_node03 ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.12.254 0.0.0.0 UG 100 0 0 ens160
172.17.3.0 0.0.0.0 255.255.255.0 U 425 0 0 kbr0
172.17.4.0 192.168.12.198 255.255.255.0 UG 100 0 0 ens160
192.168.12.0 0.0.0.0 255.255.255.0 U 100 0 0 ens160

[root@centos7_kube_node03 ~]# docker run -ti docker.io/ubuntu /bin/bash
root@37fb8d61af9a:/# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
11: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:03:03 brd ff:ff:ff:ff:ff:ff
inet 172.17.3.3/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:303/64 scope link
valid_lft forever preferred_lft forever
root@37fb8d61af9a:/# ping 172.17.4.4
PING 172.17.4.4 (172.17.4.4) 56(84) bytes of data.
64 bytes from 172.17.4.4: icmp_seq=1 ttl=62 time=0.515 ms
64 bytes from 172.17.4.4: icmp_seq=2 ttl=62 time=0.608 ms

 

node04:

[root@centos7_kube_node04 ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.12.254 0.0.0.0 UG 100 0 0 ens160
172.17.3.0 192.168.12.197 255.255.255.0 UG 100 0 0 ens160
172.17.4.0 0.0.0.0 255.255.255.0 U 425 0 0 kbr0
192.168.12.0 0.0.0.0 255.255.255.0 U 100 0 0 ens160

[root@centos7_kube_node04 ~]# docker run -ti docker.io/ubuntu /bin/bash
root@a3c3d5f30cb0:/# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
8: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:04:04 brd ff:ff:ff:ff:ff:ff
inet 172.17.4.4/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:404/64 scope link
valid_lft forever preferred_lft forever
root@a3c3d5f30cb0:/# ping 172.17.3.3
PING 172.17.3.3 (172.17.3.3) 56(84) bytes of data.
64 bytes from 172.17.3.3: icmp_seq=1 ttl=62 time=0.443 ms
64 bytes from 172.17.3.3: icmp_seq=2 ttl=62 time=0.456 ms

5.多台宿主机容器间的互通。

新增宿主机,需修改各宿主机的route配置文件,如果有很多台宿主机,就显示很麻烦。

现有一些开源动态路由发现软件,如Quagga、Zebra等,来满足这一需求。

原文链接:Docker多台宿主机间的容器互联-centos7(直接路由),转载请注明来源!

0