8.28-回顾+容器与主机之间的通信+跨主机容器之间的通信
一、回顾
1.启动docker
systemctl start docker
2.拉取registry
docker pull registry
3.启动镜像,同时挂载目录(保存镜像)端口映射5000
docker run -d -v /regist/:/var/lib/registry/ -p5000:5000 registry:latest
4.修改/etc/docker/daemon.json
vim /etc/docker/daemon.json.....,"insecure-registries":["http://192.168.2.30:5000"]
5.重启docker
systemctl restart docker
6.访问测试仓库信息
# 查看仓库目录[root@docker ~]# curl localhost:5000/v2/_catalog{"repositories":["centos","centosnginx"]}
7.上传
# 打标签[root@docker ~]# docker tag centos:nginx 192.168.2.30:5000/centosnginx:v0# 将打标签的镜像上传[root@docker ~]# docker push 192.168.2.30:5000/centosnginx:v0The push refers to repository [192.168.2.30:5000/centosnginx]715d477d6a7d: Pushed 5700116c3db7: Pushed 82890c106451: Pushed 8c519ad003b5: Mounted from centos acbca50d3a83: Mounted from centos 75cdf155cf76: Mounted from centos 07d4b334a739: Mounted from centos 74ddd0ec08fa: Mounted from centos v0: digest: sha256:5fb4d1018f32c53f3b21f17771bfb6b9832e76b790426b9f4c067f4c75003deb size: 1997# 查看镜像[root@docker ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZE192.168.2.30:5000/centosnginx v0 4a14f7d33da9 18 hours ago 422MBcentos nginx 4a14f7d33da9 18 hours ago 422MBcentos httpd ebbf109944f1 19 hours ago 338MBcentos yum 69f3775bce0c 19 hours ago 272MB192.168.2.30:5000/centos yum ee9375ac855c 19 hours ago 272MBregistry latest cfb4d9904335 11 months ago 25.4MBcentos latest 5d0da3dc9764 2 years ago 231MB
8.下载
# 重建一台机器,尝试下载私有仓库的镜像# 上传docker.sh脚本[root@haha ~]# rz -Erz waiting to receive.# 运行docker脚本[root@haha ~]# source docker.sh # 编辑配置文件[root@haha ~]# vim /etc/docker/daemon.json# 写私有仓库的ip和端口{"insecure-registries":["http://192.168.2.30:5000"]}# 重新启动docker服务[root@haha ~]# systemctl restart docker# 关闭本机的防火墙[root@haha ~]# ststemctl stop firewalld# 拉取私有仓库的镜像[root@haha ~]# docker pull 192.168.2.30:5000/centosnginx:v0v0: Pulling from centosnginxa1d0c7532777: Pull complete 5a3d9ba04912: Pull complete ca847d29e107: Pull complete 46aacd2dd646: Pull complete 30902bbca4a1: Pull complete 4859db75d191: Pull complete ea0b1348be03: Pull complete 2796eebf9904: Pull complete Digest: sha256:5fb4d1018f32c53f3b21f17771bfb6b9832e76b790426b9f4c067f4c75003debStatus: Downloaded newer image for 192.168.2.30:5000/centosnginx:v0192.168.2.30:5000/centosnginx:v0# 查看拉取的镜像[root@haha ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZE192.168.2.30:5000/centosnginx v0 4a14f7d33da9 18 hours ago 422MB# 测试拉取的镜像[root@haha ~]# docker run -d --name c8 192.168.2.30:5000/centosnginx:v0decd8137f46ea29eb4012d9cc4be2a993ca2f3e6a0deeb2dfc18c3ceffbcb829[root@haha ~]# docker ps --allCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESdecd8137f46e 192.168.2.30:5000/centosnginx:v0 "/bin/sh -c /usr/sbi…" About a minute ago Up About a minute 80/tcp c8
二、跨主机容器之间通讯
# 创建容器[root@docker ~]# docker run -d --name haha -p80:80/tcp centos:nginx 4f1af9bb44ed0894a7ace10ebd01cd5c136c9a10be7f5f63a1b54e482e8d2dad# 查看容器[root@docker ~]# docker ps -allCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES4f1af9bb44ed centos:nginx "/bin/sh -c /usr/sbi…" 8 hours ago Exited (0) 1 second ago haha# 安装bridge-utils[root@docker ~]# yum -y install bridge-utils.x86_64# 停止docker服务[root@docker ~]# systemctl stop dockerWarning: Stopping docker.service, but it can still be activated by:docker.socket# 显示网桥信息[root@docker ~]# brctl showbridge name bridge id STP enabled interfacesdocker0 8000.0242cb7fc4ce no # 启动docker服务[root@docker ~]# systemctl start docker# 启动容器[root@docker ~]# docker start hahahaha# 查看网桥信息[root@docker ~]# brctl showbridge name bridge id STP enabled interfacesdocker0 8000.0242cb7fc4ce no veth5c3d783# 查看跨主机容器之间的通信方式[root@docker ~]# docker network lsNETWORK ID NAME DRIVER SCOPEc1adfec7cffc bridge bridge locald2749f541daa host host localdc16f8943851 none null local# bridge-网桥模式# host-仅主机模式# none-独立的# 接连创建两个容器,就会发现他们的地址是连着的# 创建容器[root@docker ~]# docker run -it centos:latest /bin/bash# 退出不中断[root@f40505c2a977 /]# [root@docker ~]## 查看容器ip[root@docker ~]# docker inspect f4|grep IPA"SecondaryIPAddresses": null,"IPAddress": "172.17.0.2","IPAMConfig": null,"IPAddress": "172.17.0.2",# 创建容器[root@docker ~]# docker run -it centos:latest /bin/bash# 退出不中断[root@0558cad162d7 /]# [root@docker ~]# # 查看容器ip[root@docker ~]# docker inspect 0558|grep IPA"SecondaryIPAddresses": null,"IPAddress": "172.17.0.3","IPAMConfig": null,"IPAddress": "172.17.0.3",# 进行本主机和所创建容器的通信# 在宿主机的ls下查到的内容[root@docker ~]# ls /bin dev home lib64 mnt proc root sbin srv tmp varboot etc lib media opt regist run source sys usr# 创建能与主机通信的容器[root@docker ~]# docker run -it --network host centos:yum /bin/bash# 查看ls,发现和宿主机的一样[root@docker /]# lsbin etc lib lost+found mnt proc run srv tmp vardev home lib64 media opt root sbin sys usr# 退出容器不中断[root@docker /]# [root@docker ~]# # 查看容器的ip地址,发现是空的[root@docker ~]# docker inspect 30e|grep IPA"SecondaryIPAddresses": null,"IPAddress": "","IPAMConfig": null,"IPAddress": "",# 安装iproute[root@docker /]# yum -y install iproute# 查看ip,发现可以查到宿主机的ip[root@docker /]# ip a s1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:24:a3:0f brd ff:ff:ff:ff:ff:ffinet 192.168.2.30/24 brd 192.168.2.255 scope global noprefixroute ens33valid_lft forever preferred_lft foreverinet6 fe80::f09d:7503:dea1:e7ab/64 scope link noprefixroute valid_lft forever preferred_lft forever3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:cb:7f:c4:ce brd ff:ff:ff:ff:ff:ffinet 172.17.0.1/16 brd 172.17.255.255 scope global docker0valid_lft forever preferred_lft foreverinet6 fe80::42:cbff:fe7f:c4ce/64 scope link valid_lft forever preferred_lft forever11: veth6c87079@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether 6a:47:f4:af:fa:ca brd ff:ff:ff:ff:ff:ff link-netnsid 0inet6 fe80::6847:f4ff:feaf:faca/64 scope link valid_lft forever preferred_lft forever13: vethc725a6f@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether 9a:d6:09:6b:fb:70 brd ff:ff:ff:ff:ff:ff link-netnsid 1inet6 fe80::98d6:9ff:fe6b:fb70/64 scope link valid_lft forever preferred_lft forever# 给容器下载httpd[root@docker /]# yum -y install httpd# 给容器编辑httpd测试页面[root@docker /]# echo "haha" > /var/www/html/index.html# 启动httpd服务(报错)[root@docker /]# systemctl start httpdSystem has not been booted with systemd as init system (PID 1). Can't operate.Failed to connect to bus: Host is down# 使用此命令启动httpd服务[root@docker /]# httpd -k startAH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::f09d:7503:dea1:e7ab. Set the 'ServerName' directive globally to suppress this message# 在容器内访问测试页面[root@docker /]# curl localhosthaha# 退出容器不中断[root@docker /]# [root@docker ~]# # 在宿主机中访问在容器中编辑的httpd测试页面[root@docker ~]# curl 192.168.2.30haha# 关闭防火墙[root@docker ~]# systemctl stop firewalld
使用浏览器访问容器中编辑的httpd的测试页面
192.168.2.30
三、跨主机容器之间的通信
| 主机名 | ip | 功能 | 安装软件 |
|---|---|---|---|
| node1 | 192.168.2.10 | 主控主机 | etcd,flannel,docker |
| node2 | 192.168.2.11 | 被控主机 | etcd,docker |
主控
1.安装软件
# 安装etcd数据库[root@node1 ~]# yum -y install etcd# 安装flannel[root@node1 ~]# yum -y install flannel
2.修改etcd数据库配置
# 配置启动 etcd# 修改配置文件[root@node1 ~]# vim /etc/etcd/etcd.conf 6 ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379,http://0.0.0.0:4001"21 ETCD_ADVERTISE_CLIENT_URLS="http://192.168.2.10:2379,http://192.168.2.10:4001"
3.启动数据库
[root@node1 ~]# systemctl restart etcd
4.测试端口
# 查看端口看有没有启动成功[root@node1 ~]# netstat -lnput|grep 2379tcp6 0 0 :::2379 :::* LISTEN 1608/etcd [root@node1 ~]# netstat -lnput|grep 4001tcp6 0 0 :::4001 :::* LISTEN 1608/etcd
5.设置开机自启动
# 设置开机自启[root@node1 ~]# systemctl enable etcd.service Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.
6.测试数据库功能
[root@node1 ~]# etcdctl set testdir/testkey0 10001000[root@node1 ~]# etcdctl get testdir/testkey01000[root@node1 ~]# etcdctl set b 123123[root@node1 ~]# etcdctl get b123
7.测试集群是否健康
# 测试集群健康[root@node1 ~]# etcdctl -C http://192.168.2.10:4001 cluster-healthmember 8e9e05c52164694d is healthy: got healthy result from http://192.168.2.10:2379cluster is healthy[root@node1 ~]# etcdctl -C http://192.168.2.10:2379 cluster-healthmember 8e9e05c52164694d is healthy: got healthy result from http://192.168.2.10:2379cluster is healthy
8.修改flannel的配置文件
[root@node1 ~]# vim /etc/sysconfig/flanneld 4 FLANNEL_ETCD_ENDPOINTS="http://192.168.2.10:2379"[root@node1 ~]# cat /etc/sysconfig/flanneld # Flanneld configuration options # etcd url location. Point this to the server where etcd runsFLANNEL_ETCD_ENDPOINTS="http://192.168.2.10:2379"# etcd config key. This is the configuration key that flannel queries# For address range assignmentFLANNEL_ETCD_PREFIX="/atomic.io/network" # 存储数据的位置# Any additional options that you want to pass#FLANNEL_OPTIONS=""
9.向数据库中存入网段信息
[root@node1 ~]# etcdctl mk /atomic.io/network/config '{ "Network" : "172.20.0.0/16" }' { "Network" : "172.20.0.0/16" }[root@node1 ~]# etcdctl get /atomic.io/network/config{ "Network" : "172.20.0.0/16" }
10.查看flannel0的ip地址
[root@node1 ~]# ip a s1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:a5:08:12 brd ff:ff:ff:ff:ff:ffinet 192.168.2.10/24 brd 192.168.2.255 scope global noprefixroute ens33valid_lft forever preferred_lft foreverinet6 fe80::7bef:aa24:508b:e09/64 scope link tentative dadfailed valid_lft forever preferred_lft foreverinet6 fe80::9d6d:f728:f4f1:6c5b/64 scope link tentative dadfailed valid_lft forever preferred_lft foreverinet6 fe80::f09d:7503:dea1:e7ab/64 scope link tentative dadfailed valid_lft forever preferred_lft forever3: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500link/none inet 172.20.64.0/16 scope global flannel0valid_lft forever preferred_lft foreverinet6 fe80::3ac2:e60:225:e090/64 scope link flags 800 valid_lft forever preferred_lft forever
11.安装docker
# 执行docker脚本[root@node1 ~]# source docker.sh
12.docker服务没有开启之前查看ip
# 启动docker服务前# 查看ip[root@node1 ~]# ip a s1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:a5:08:12 brd ff:ff:ff:ff:ff:ffinet 192.168.2.10/24 brd 192.168.2.255 scope global noprefixroute ens33valid_lft forever preferred_lft foreverinet6 fe80::7bef:aa24:508b:e09/64 scope link tentative dadfailed valid_lft forever preferred_lft foreverinet6 fe80::9d6d:f728:f4f1:6c5b/64 scope link tentative dadfailed valid_lft forever preferred_lft foreverinet6 fe80::f09d:7503:dea1:e7ab/64 scope link tentative dadfailed valid_lft forever preferred_lft forever3: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500link/none inet 172.20.64.0/16 scope global flannel0valid_lft forever preferred_lft foreverinet6 fe80::3ac2:e60:225:e090/64 scope link flags 800 valid_lft forever preferred_lft forever
13.启动docker服务后,查看ip
# 启动docker服务[root@node1 ~]# systemctl start docker# 查看ip,就有docker了[root@node1 ~]# ip a s1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:a5:08:12 brd ff:ff:ff:ff:ff:ffinet 192.168.2.10/24 brd 192.168.2.255 scope global noprefixroute ens33valid_lft forever preferred_lft foreverinet6 fe80::7bef:aa24:508b:e09/64 scope link tentative dadfailed valid_lft forever preferred_lft foreverinet6 fe80::9d6d:f728:f4f1:6c5b/64 scope link tentative dadfailed valid_lft forever preferred_lft foreverinet6 fe80::f09d:7503:dea1:e7ab/64 scope link tentative dadfailed valid_lft forever preferred_lft forever3: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500link/none inet 172.20.64.0/16 scope global flannel0valid_lft forever preferred_lft foreverinet6 fe80::3ac2:e60:225:e090/64 scope link flags 800 valid_lft forever preferred_lft forever4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:35:91:9e:11 brd ff:ff:ff:ff:ff:ffinet 172.17.0.1/16 brd 172.17.255.255 scope global docker0valid_lft forever preferred_lft forever[root@node1 ~]# cat /run/flannel/subnet.env FLANNEL_NETWORK=172.20.0.0/16FLANNEL_SUBNET=172.20.64.1/24FLANNEL_MTU=1472FLANNEL_IPMASQ=false
14.从配置好docker服务的主机复制一份daemon.json文件
# 从其他主机复制一份daemon.json[root@node1 ~]# scp root@192.168.2.30:/etc/docker/daemon.json /etc/dockerroot@192.168.2.30's password: daemon.json 100% 402 247.1KB/s 00:00 [root@node1 ~]# vim /etc/docker/daemon.json {"registry-mirrors": ["https://do.nark.eu.org","https://dc.j8.work","https://docker.m.daocloud.io","https://dockerproxy.com","https://docker.mirrors.ustc.edu.cn","https://docker.nju.edu.cn"],"hosts": ["tcp://0.0.0.0:2375","unix:///var/run/docker.sock"],"insecure-registries":["http://192.168.2.30:5000"]}
15.docker不能重启,修改docker.service文件
[root@node1 ~]# vim /usr/lib/systemd/system/docker.service# 修改前ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock# 修改后ExecStart=/usr/bin/dockerd # 需要重新加载文件,才能重启[root@node1 ~]# systemctl daemon-reload[root@node1 ~]# systemctl restart docker.service
16.查看flannel子网ip
[root@node1 ~]# cat /run/flannel/subnet.env FLANNEL_NETWORK=172.20.0.0/16FLANNEL_SUBNET=172.20.64.1/24FLANNEL_MTU=1472FLANNEL_IPMASQ=false
17.修改docker0的IP和flannel0的IP在同一个网段
# 修改添加桥ip和路由字节1472-1500[root@node1 ~]# vim /etc/docker/daemon.json {"registry-mirrors": ["https://do.nark.eu.org","https://dc.j8.work","https://docker.m.daocloud.io","https://dockerproxy.com","https://docker.mirrors.ustc.edu.cn","https://docker.nju.edu.cn"],"hosts": ["tcp://0.0.0.0:2375","unix:///var/run/docker.sock"],"insecure-registries":["http://192.168.2.30:5000"],"bip" : "172.20.64.1/24","mtu" : 1472}# 重启启动docker服务[root@node1 ~]# systemctl restart docker.service
18.验证
# 验证成功# docker0的IP和flannel0的IP在同一个网段(172.20.64.0)[root@node1 ~]# ip a s1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:a5:08:12 brd ff:ff:ff:ff:ff:ffinet 192.168.2.10/24 brd 192.168.2.255 scope global noprefixroute ens33valid_lft forever preferred_lft foreverinet6 fe80::7bef:aa24:508b:e09/64 scope link tentative dadfailed valid_lft forever preferred_lft foreverinet6 fe80::9d6d:f728:f4f1:6c5b/64 scope link tentative dadfailed valid_lft forever preferred_lft foreverinet6 fe80::f09d:7503:dea1:e7ab/64 scope link tentative dadfailed valid_lft forever preferred_lft forever3: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500link/none inet 172.20.64.0/16 scope global flannel0valid_lft forever preferred_lft foreverinet6 fe80::3ac2:e60:225:e090/64 scope link flags 800 valid_lft forever preferred_lft forever4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1472 qdisc noqueue state DOWN group default link/ether 02:42:35:91:9e:11 brd ff:ff:ff:ff:ff:ffinet 172.20.64.1/24 brd 172.20.64.255 scope global docker0valid_lft forever preferred_lft forever
19.拉取镜像测试docker的ip地址
# 拉取centos镜像[root@node1 ~]# docker pull centosUsing default tag: latestlatest: Pulling from library/centosa1d0c7532777: Pull complete Digest: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177Status: Downloaded newer image for centos:latestdocker.io/library/centos:latest# 创建容器[root@node1 ~]# docker run -it centos:latest /bin/bash# 退出不中断容器[root@72ed0ee15de4 /]# [root@node1 ~]# # 查看容器的ip地址[root@node1 ~]# docker inspect 72e | grep IPA"SecondaryIPAddresses": null,"IPAddress": "172.20.64.2","IPAMConfig": null,"IPAddress": "172.20.64.2",
从控
node2
# 安装flannel[root@node2 ~]# yum -y install flannel# 修改flannel配置文件# 绑定node1的数据库[root@node2 ~]# vim /etc/sysconfig/flanneld 4 FLANNEL_ETCD_ENDPOINTS="http://192.168.2.10:2379"# 查看修改后的flannel配置文件的内容[root@node2 ~]# cat /etc/sysconfig/flanneld # Flanneld configuration options # etcd url location. Point this to the server where etcd runsFLANNEL_ETCD_ENDPOINTS="http://192.168.2.10:2379"# etcd config key. This is the configuration key that flannel queries# For address range assignmentFLANNEL_ETCD_PREFIX="/atomic.io/network"# Any additional options that you want to pass#FLANNEL_OPTIONS=""# 启动flannel服务 [root@node2 ~]# systemctl start flanneld.service Job for flanneld.service failed because a timeout was exceeded. See "systemctl status flanneld.service" and "journalctl -xe" for details.# 如果启动失败,就关掉node1的防火墙[root@node1 ~]# systemctl stop firewalld[root@node1 ~]# setenforce 0# 成功启动flannel服务[root@node2 ~]# systemctl start flanneld.service # 查看flannel0的ip地址(172.20.45.0)[root@node2 ~]# ip a s1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:ef:db:fa brd ff:ff:ff:ff:ff:ffinet 192.168.2.11/24 brd 192.168.2.255 scope global noprefixroute ens33valid_lft forever preferred_lft foreverinet6 fe80::7bef:aa24:508b:e09/64 scope link noprefixroute valid_lft forever preferred_lft foreverinet6 fe80::9d6d:f728:f4f1:6c5b/64 scope link tentative noprefixroute dadfailed valid_lft forever preferred_lft foreverinet6 fe80::f09d:7503:dea1:e7ab/64 scope link tentative noprefixroute dadfailed valid_lft forever preferred_lft forever3: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500link/none inet 172.20.45.0/16 scope global flannel0valid_lft forever preferred_lft foreverinet6 fe80::4dd7:31b5:677f:fd33/64 scope link flags 800 valid_lft forever preferred_lft forever
修改docker0的IP和flannel0为同一个网段
[root@node2 ~]# cat /run/flannel/subnet.envFLANNEL_NETWORK=172.20.0.0/16FLANNEL_SUBNET=172.20.45.1/24FLANNEL_MTU=1472FLANNEL_IPMASQ=false[root@node2 ~]# vim /etc/docker/daemon.json{"registry-mirrors": ["https://do.nark.eu.org","https://dc.j8.work","https://docker.m.daocloud.io","https://dockerproxy.com","https://docker.mirrors.ustc.edu.cn","https://docker.nju.edu.cn"],"hosts": ["tcp://0.0.0.0:2375","unix:///var/run/docker.sock"],"insecure-registries":["http://192.168.2.30:5000"],"bip" : "172.20.45.1/24","mtu" : 1472}# 修改daemon.json文件,需要重启docker服务# 启动失败[root@node2 ~]# systemctl restart dockerJob for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.# 修改docker.service配置文件[root@node2 ~]# vim /usr/lib/systemd/system/docker.service# 删除dockerd后面的内容13 ExecStart=/usr/bin/dockerd# 启动失败[root@node2 ~]# systemctl restart dockerWarning: docker.service changed on disk. Run 'systemctl daemon-reload' to reload units.Job for docker.service failed because start of the service was attempted too often. See "systemctl status docker.service" and "journalctl -xe" for details.To force a start use "systemctl reset-failed docker.service" followed by "systemctl start docker.service" again.# 加载配置文件[root@node2 ~]# systemctl daemon-reload# 成功启动docker服务[root@node2 ~]# systemctl restart docker# 查看flannel0和docker0的ip地址,就会看到在同一个网段(172.20.45.0)[root@node2 ~]# ip a s1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:ef:db:fa brd ff:ff:ff:ff:ff:ffinet 192.168.2.11/24 brd 192.168.2.255 scope global noprefixroute ens33valid_lft forever preferred_lft foreverinet6 fe80::7bef:aa24:508b:e09/64 scope link noprefixroute valid_lft forever preferred_lft foreverinet6 fe80::9d6d:f728:f4f1:6c5b/64 scope link tentative noprefixroute dadfailed valid_lft forever preferred_lft foreverinet6 fe80::f09d:7503:dea1:e7ab/64 scope link tentative noprefixroute dadfailed valid_lft forever preferred_lft forever3: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500link/none inet 172.20.45.0/16 scope global flannel0valid_lft forever preferred_lft foreverinet6 fe80::4dd7:31b5:677f:fd33/64 scope link flags 800 valid_lft forever preferred_lft forever4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1472 qdisc noqueue state DOWN group default link/ether 02:42:0b:a4:c1:55 brd ff:ff:ff:ff:ff:ffinet 172.20.45.1/24 brd 172.20.45.255 scope global docker0valid_lft forever preferred_lft forever[root@node2 ~]# docker pull centos
拉取镜像测试ip地址
# 拉取centos镜像[root@node2 ~]# docker pull centosUsing default tag: latestlatest: Pulling from library/centosa1d0c7532777: Pull complete Digest: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177Status: Downloaded newer image for centos:latestdocker.io/library/centos:latest# 创建容器[root@node2 ~]# docker run -it centos:latest /bin/bash# 退出容器不中断[root@d2d8a0756299 /]# [root@node2 ~]# # 查看容器ip地址,也和flannel0在同一个网段[root@node2 ~]# docker inspect d2 | grep IPA"SecondaryIPAddresses": null,"IPAddress": "172.20.45.2","IPAMConfig": null,"IPAddress": "172.20.45.2",# 挂载容器终端,ping node1容器的地址:172.20.64.2[root@node2 ~]# docker attach d2[root@d2d8a0756299 /]# ping 172.20.64.2PING 172.20.64.2 (172.20.64.2) 56(84) bytes of data.64 bytes from 172.20.64.2: icmp_seq=1 ttl=60 time=2.51 ms64 bytes from 172.20.64.2: icmp_seq=2 ttl=60 time=0.759 ms^C--- 172.20.64.2 ping statistics ---2 packets transmitted, 2 received, 0% packet loss, time 1002msrtt min/avg/max/mdev = 0.759/1.632/2.506/0.874 ms# 在node1上拉取镜像,创建容器,测试ip地址[root@node1 ~]# docker run -it centos:latest /bin/bash[root@72ed0ee15de4 /]# [root@node1 ~]# [root@node1 ~]# docker inspect 72e | grep IPA"SecondaryIPAddresses": null,"IPAddress": "172.20.64.2","IPAMConfig": null,"IPAddress": "172.20.64.2",# 在node1上挂载容器的终端,ping node2容器的地址:172.20.45.2[root@node1 ~]# docker attach 72e[root@72ed0ee15de4 /]# ping 172.20.45.2PING 172.20.45.2 (172.20.45.2) 56(84) bytes of data.64 bytes from 172.20.45.2: icmp_seq=1 ttl=60 time=0.437 ms64 bytes from 172.20.45.2: icmp_seq=2 ttl=60 time=0.845 ms^C--- 172.20.45.2 ping statistics ---2 packets transmitted, 2 received, 0% packet loss, time 1001msrtt min/avg/max/mdev = 0.437/0.641/0.845/0.204 ms
node2步骤小结:
1.安装flannel
yum -y install flannel
2.配置flannel 要访问的etcd数据库所在的位置
[root@node2 ~]# cat /etc/sysconfig/flanneld # Flanneld configuration options # etcd url location. Point this to the server where etcd runsFLANNEL_ETCD_ENDPOINTS="http://192.168.2.10:2379"# etcd config key. This is the configuration key that flannel queries# For address range assignmentFLANNEL_ETCD_PREFIX="/atomic.io/network"# Any additional options that you want to pass#FLANNEL_OPTIONS=""
3.启动flannel
systemctl start flannel
4.查看flannel分配的ip网段
[root@node2 ~]# cat /run/flannel/subnet.envFLANNEL_NETWORK=172.20.0.0/16FLANNEL_SUBNET=172.20.45.1/24FLANNEL_MTU=1472FLANNEL_IPMASQ=false
5.安装docker
# 执行docker.sh脚本
6.将flannel分配的网段写入到daemon.json
[root@node2 ~]# vim /etc/docker/daemon.json{"registry-mirrors": ["https://do.nark.eu.org","https://dc.j8.work","https://docker.m.daocloud.io","https://dockerproxy.com","https://docker.mirrors.ustc.edu.cn","https://docker.nju.edu.cn"],"hosts": ["tcp://0.0.0.0:2375","unix:///var/run/docker.sock"],"insecure-registries":["http://192.168.2.30:5000"],"bip" : "172.20.45.1/24","mtu" : 1472}
7.重启docker 如果不能重启,就修改远程管理
[root@node2 ~]# systemctl restart dockerJob for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.[root@node2 ~]# vim /usr/lib/systemd/system/docker.service# 删除dockerd后面的内容13 ExecStart=/usr/bin/dockerd[root@node2 ~]# systemctl restart dockerWarning: docker.service changed on disk. Run 'systemctl daemon-reload' to reload units.Job for docker.service failed because start of the service was attempted too often. See "systemctl status docker.service" and "journalctl -xe" for details.To force a start use "systemctl reset-failed docker.service" followed by "systemctl start docker.service" again.[root@node2 ~]# systemctl daemon-reload
8.启动docker
[root@node2 ~]# systemctl restart docker
9.拉去一个centos镜像
[root@node2 ~]# docker pull centosUsing default tag: latestlatest: Pulling from library/centosa1d0c7532777: Pull complete Digest: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177Status: Downloaded newer image for centos:latestdocker.io/library/centos:latest
10.ping node1中容器的ip地址
[root@node2 ~]# docker run -it centos:latest /bin/bash[root@d2d8a0756299 /]# [root@node2 ~]# [root@node2 ~]# docker inspect d2 | grep IPA"SecondaryIPAddresses": null,"IPAddress": "172.20.45.2","IPAMConfig": null,"IPAddress": "172.20.45.2",[root@node2 ~]# docker attach d2[root@d2d8a0756299 /]# ping 172.20.64.2PING 172.20.64.2 (172.20.64.2) 56(84) bytes of data.64 bytes from 172.20.64.2: icmp_seq=1 ttl=60 time=2.51 ms64 bytes from 172.20.64.2: icmp_seq=2 ttl=60 time=0.759 ms^C--- 172.20.64.2 ping statistics ---2 packets transmitted, 2 received, 0% packet loss, time 1002msrtt min/avg/max/mdev = 0.759/1.632/2.506/0.874 ms
四、总结:工作原理
1.使用flannel为docker主机(宿主)分配网段
2.网段的信息以及ip的信息保存在etcd数据库中
3.当flannel开始运行的时候,会从etcd数据库中读取
{"Network":"172.20.0.0/16"},随机为当前的主机添加一个flannel0网段172.20.64.0
4.配置docker的daemon文件,让docker0网卡变成和flannel0的网段一致,之后docker下创建的容器的ip就在flannel网段控制之内