【Docker容器的跨主机访问】- 使用Open vSwitch实现跨主机容器连接

来源：互联网发布：mac没有 hosts文件编辑：程序博客网时间：2024/06/05 07:48

Docker-使用Open vSwitch实现跨主机容器连接-原理

机器1上（2.9）

root@ubuntu:~# clear

root@ubuntu:~# ifconfig

安装ovs

root@ubuntu:~# apt-get install openvswitch-switch -y

查看ovs版本

root@ubuntu:~# ovs-vsctl show

f2d4be61-bf3b-4c47-8d81-21c6bf0c60bc

ovs_version: "2.0.2"

root@ubuntu:~#

创建一个ovs网桥

root@ubuntu:~# ovs-vsctl add-br obr0

#添加gre接口gre0

root@ubuntu:~# ovs-vsctl add-port obr0 gre0

#设置这个接口gre0，指定远程机器IP地址

root@ubuntu:~# ovs-vsctl set interface gre0 type=gre options:remote_ip=192.168.2.10

查看ovs当前设置状态

root@ubuntu:~#ovs-vsctl show

f2d4be61-bf3b-4c47-8d81-21c6bf0c60bc

Bridge"obr0"

Port"obr0"

Interface "obr0"

type: internal

Port"gre0"

Interface "gre0"

type: gre

options: {remote_ip="192.168.2.10"}

ovs_version: "2.0.2"

root@ubuntu:~#

创建本机docker需要使用的虚拟网桥

root@ubuntu:~# brctl addbr br00

#给网桥br00设置网络地址

root@ubuntu:~# ifconfig br00 192.168.10.1 netmask 255.255.255.0

#给网桥br00，添加ovs网桥链接obr0

root@ubuntu:~#brctl addif br00 obr0

#查看当前网桥的状态

root@ubuntu:~#brctl show

bridge name bridgeid STP enabled interfaces

br00 8000.8a262fb3da4c no obr0

修改docker的默认网桥

root@ubuntu:~# vim /etc/default/docker

root@ubuntu:~#cat /etc/default/docker

DOCKER_OPTS="-b=br00"

root@ubuntu:~#

重启docker服务

root@ubuntu:~#service docker restart

root@ubuntu:~# ps -ef|grep docker

root 41934 1 2 00:59 ? 00:00:00 /usr/bin/docker -d -b=br00

root 41986 40812 0 00:59 pts/2 00:00:00 grep --color=auto docker

root@ubuntu:~# ifconfig

br00 Link encap:Ethernet HWaddr52:49:5c:4e:68:55

inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0

inet6 addr: fe80::9cf6:18ff:fed4:99e7/64 Scope:Link

UPBROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RXpackets:56 errors:0 dropped:0 overruns:0 frame:0

TXpackets:77 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RXbytes:3857 (3.8 KB) TX bytes:10370 (10.3KB)

eth0 Link encap:Ethernet HWaddr00:0c:29:d7:5c:be

inet addr:192.168.2.9 Bcast:192.168.2.255 Mask:255.255.255.0

inet6 addr: fe80::20c:29ff:fed7:5cbe/64 Scope:Link

UPBROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RXpackets:6561 errors:0 dropped:0 overruns:0 frame:0

TXpackets:2681 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RXbytes:6045027 (6.0 MB) TX bytes:272442(272.4 KB)

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UPLOOPBACK RUNNING MTU:65536 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0frame:0

TXpackets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RXbytes:0 (0.0 B) TX bytes:0 (0.0 B)

obr0 Link encap:Ethernet HWaddr8a:26:2f:b3:da:4c

inet6 addr: fe80::38fd:31ff:fea9:901e/64 Scope:Link

UPBROADCAST RUNNING MTU:1500 Metric:1

RXpackets:31 errors:0 dropped:0 overruns:0 frame:0

TXpackets:27 errors:0 dropped:0 overruns:0 carrier:0

collisions:0txqueuelen:0

RXbytes:2676 (2.6 KB) TX bytes:2308 (2.3KB)

veth47dc1a9 Link encap:Ethernet HWaddr 52:49:5c:4e:68:55

inet6 addr: fe80::5049:5cff:fe4e:6855/64 Scope:Link

UPBROADCAST RUNNING MTU:1500 Metric:1

RXpackets:32 errors:0 dropped:0 overruns:0 frame:0

TXpackets:57 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RXbytes:2523 (2.5 KB) TX bytes:4997 (4.9KB)

root@ubuntu:~#

启动一个容器测试

root@ubuntu:~# docker images

REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE

cct latest db4942def857 20 hours ago 239.1 MB

root@ubuntu:~#docker run -it cct /bin/bash

root@b3831d8f5b0b:/#ifconfig

eth0 Link encap:Ethernet HWaddr02:42:c0:a8:0a:02

inet addr:192.168.10.2 Bcast:0.0.0.0 Mask:255.255.255.0

inet6 addr: fe80::42:c0ff:fea8:a02/64 Scope:Link

UPBROADCAST RUNNING MTU:1500 Metric:1

RXpackets:5 errors:0 dropped:0 overruns:0 frame:0

TXpackets:6 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RXbytes:418 (418.0 B) TX bytes:508 (508.0B)

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UPLOOPBACK RUNNING MTU:65536 Metric:1

RXpackets:0 errors:0 dropped:0 overruns:0 frame:0

TXpackets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RXbytes:0 (0.0 B) TX bytes:0 (0.0 B)

root@b3831d8f5b0b:/#

root@b3831d8f5b0b:/# ping www.baidu.com

root@b3831d8f5b0b:/# ping 192.168.2.10

root@b3831d8f5b0b:/#

说明：

1）启动一个容器；

2）查看IP；

3）是可以ping通过外网和第二台机器（2.10）的；

机器2上（2.10）

root@ubuntu02:~# clear

root@ubuntu02:~# ifconfig

安装ovs

root@ubuntu02:~#apt-get install openvswitch-switch -y

查看ovs版本

root@ubuntu02:~#ovs-vsctl show

f2d4be61-bf3b-4c47-8d81-21c6bf0c60bc

ovs_version: "2.0.2"

root@ubuntu02:~#

创建一个ovs网桥

root@ubuntu02:~#ovs-vsctl add-br obr0

#添加gre接口gre0

root@ubuntu02:~#ovs-vsctl add-port obr0 gre0

#设置这个接口gre0，指定远程机器IP地址

root@ubuntu02:~# ovs-vsctl set interface gre0type=gre options:remote_ip=192.168.2.9

查看ovs当前设置状态

root@ubuntu02:~#ovs-vsctl show

f2d4be61-bf3b-4c47-8d81-21c6bf0c60bc

Bridge"obr0"

Port"obr0"

Interface "obr0"

type: internal

Port"gre0"

Interface "gre0"

type: gre

options:{remote_ip="192.168.2.9"}

ovs_version: "2.0.2"

root@ubuntu02:~#

创建本机docker需要使用的虚拟网桥

root@ubuntu02:~#brctl addbr br00

#给网桥br00设置网络地址

root@ubuntu02:~# ifconfig br00 192.168.20.1 netmask255.255.255.0

#给网桥br00，添加ovs网桥链接obr0

root@ubuntu02:~# brctl addif br00 obr0

#查看当前网桥的状态

root@ubuntu02:~# brctl show

bridge name bridgeid STP enabled interfaces

br00 8000.8a262fb3da4c no obr0

修改docker的默认网桥

root@ubuntu02:~# vim /etc/default/docker

root@ubuntu02:~#cat /etc/default/docker

DOCKER_OPTS="-b=br00"

root@ubuntu02:~#

重启docker服务

root@ubuntu02:~#service docker restart

root@ubuntu02:~# ps -ef|grep docker

root 41934 1 2 00:59 ? 00:00:00 /usr/bin/docker -d -b=br00

root 41986 40812 0 00:59 pts/2 00:00:00 grep --color=auto docker

root@ubuntu02:~# ifconfig

br00 Link encap:Ethernet HWaddr52:49:5c:4e:68:55

inet addr:192.168.20.1 Bcast:192.168.10.255 Mask:255.255.255.0

inet6 addr: fe80::9cf6:18ff:fed4:99e7/64 Scope:Link

UPBROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RXpackets:56 errors:0 dropped:0 overruns:0 frame:0

TXpackets:77 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RXbytes:3857 (3.8 KB) TX bytes:10370 (10.3KB)

eth0 Link encap:Ethernet HWaddr00:0c:29:d7:5c:be

inet addr:192.168.2.10 Bcast:192.168.2.255 Mask:255.255.255.0

inet6 addr: fe80::20c:29ff:fed7:5cbe/64 Scope:Link

UPBROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RXpackets:6561 errors:0 dropped:0 overruns:0 frame:0

TXpackets:2681 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RXbytes:6045027 (6.0 MB) TX bytes:272442(272.4 KB)

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UPLOOPBACK RUNNING MTU:65536 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0frame:0

TXpackets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RXbytes:0 (0.0 B) TX bytes:0 (0.0 B)

obr0 Link encap:Ethernet HWaddr8a:26:2f:b3:da:4c

inet6 addr: fe80::38fd:31ff:fea9:901e/64 Scope:Link

UPBROADCAST RUNNING MTU:1500 Metric:1

RXpackets:31 errors:0 dropped:0 overruns:0 frame:0

TXpackets:27 errors:0 dropped:0 overruns:0 carrier:0

collisions:0txqueuelen:0

RXbytes:2676 (2.6 KB) TX bytes:2308 (2.3KB)

veth47dc1a9 Link encap:Ethernet HWaddr 52:49:5c:4e:68:55

inet6 addr: fe80::5049:5cff:fe4e:6855/64 Scope:Link

UPBROADCAST RUNNING MTU:1500 Metric:1

RXpackets:32 errors:0 dropped:0 overruns:0 frame:0

TXpackets:57 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RXbytes:2523 (2.5 KB) TX bytes:4997 (4.9KB)

root@ubuntu02:~#

启动一个容器测试

root@ubuntu02:~# docker images

REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE

cct latest db4942def857 20 hours ago 239.1 MB

root@ubuntu02:~#docker run -it cct /bin/bash

root@b3831d8f5b1b:/# ifconfig

eth0 Link encap:Ethernet HWaddr02:42:c0:a8:0a:02

inet addr:192.168.20.2 Bcast:0.0.0.0 Mask:255.255.255.0

inet6 addr: fe80::42:c0ff:fea8:a02/64 Scope:Link

UPBROADCAST RUNNING MTU:1500 Metric:1

RXpackets:5 errors:0 dropped:0 overruns:0 frame:0

TXpackets:6 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RXbytes:418 (418.0 B) TX bytes:508 (508.0B)

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UPLOOPBACK RUNNING MTU:65536 Metric:1

RXpackets:0 errors:0 dropped:0 overruns:0 frame:0

TXpackets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RXbytes:0 (0.0 B) TX bytes:0 (0.0 B)

root@ b3831d8f5b1b:/#

root@ b3831d8f5b1b:/#ping www.baidu.com

root@ b3831d8f5b1b:/#ping 192.168.2.9

root@ b3831d8f5b1b:/#

说明：

1）启动一个容器；

2）查看IP；

3）是可以ping通过外网和第二台机器（2.9）的；

在2台机器上添加路由

机器1上添加路由

root@ubuntu:~# route

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

default bogon 0.0.0.0 UG 0 0 0 eth0

link-local * 255.255.0.0 U 1000 0 0 eth0

192.168.2.0 * 255.255.255.0 U 0 0 0 eth0

192.168.10.0 * 255.255.255.0 U 0 0 0 br00

root@ubuntu:~#

#这里机器2上容器的网段192.168.20.0/24和机器2上的IP

root@ubuntu:~#ip route add 192.168.20.0/24via192.168.2.10 dev eth0

root@ubuntu:~#route -n

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth0

169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0

192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 br00

192.168.20.0 192.168.2.10 255.255.255.0 UG 0 0 0 eth0

root@ubuntu:~#

root@ubuntu:~#docker run -it cct /bin/bash

root@b3831d8f5b0b:/#ifconfig

eth0 Link encap:Ethernet HWaddr02:42:c0:a8:0a:02

inet addr:192.168.10.2 Bcast:0.0.0.0 Mask:255.255.255.0

inet6 addr: fe80::42:c0ff:fea8:a02/64 Scope:Link

UPBROADCAST RUNNING MTU:1500 Metric:1

RXpackets:5 errors:0 dropped:0 overruns:0 frame:0

TXpackets:6 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RXbytes:418 (418.0 B) TX bytes:508 (508.0B)

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UPLOOPBACK RUNNING MTU:65536 Metric:1

RXpackets:0 errors:0 dropped:0 overruns:0 frame:0

TXpackets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RXbytes:0 (0.0 B) TX bytes:0 (0.0 B)

root@b3831d8f5b0b:/#

root@b3831d8f5b0b:/# ping www.baidu.com

root@b3831d8f5b0b:/# ping 192.168.2.10

#ping机器2上的容器IP

root@b3831d8f5b0b:/#ping 192.168.20.2

root@b3831d8f5b0b:/#

机器2上添加路由

root@ubuntu02:~#route

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

default bogon 0.0.0.0 UG 0 0 0 eth0

link-local * 255.255.0.0 U 1000 0 0 eth0

192.168.2.0 * 255.255.255.0 U 0 0 0 eth0

192.168.20.0 * 255.255.255.0 U 0 0 0 br00

root@ubuntu02:~#

#这里机器1上容器的网段192.168.10.0/24和机器2上的IP192.168.2.9

root@ubuntu02:~#ip route add 192.168.10.0/24 via192.168.2.9 dev eth0

root@ubuntu02:~#route -n

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth0

169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0

192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

192.168.10.0 192.168.2.9 255.255.255.0 UG 0 0 0 eth0

192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 br00

root@ubuntu02:~#

root@ubuntu02:~#docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

4cb5ccaaa3a5 cct:latest "/bin/bash" 6 minutes ago Up 6 minutes 80/tcp dreamy_mclean

root@ubuntu02:~# docker attach 4cb5ccaaa3a5

root@4cb5ccaaa3a5:/#ifconfig

eth0 Link encap:Ethernet HWaddr02:42:c0:a8:14:02

inet addr:192.168.20.2 Bcast:0.0.0.0 Mask:255.255.255.0

inet6 addr: fe80::42:c0ff:fea8:1402/64 Scope:Link

UPBROADCAST RUNNING MTU:1500 Metric:1

RXpackets:27 errors:0 dropped:0 overruns:0 frame:0

TX packets:21 errors:0 dropped:0 overruns:0carrier:0

collisions:0 txqueuelen:0

RXbytes:2385 (2.3 KB) TX bytes:1658 (1.6KB)

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UPLOOPBACK RUNNING MTU:65536 Metric:1

RXpackets:0 errors:0 dropped:0 overruns:0 frame:0

TXpackets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

root@4cb5ccaaa3a5:/#ping 192.168.10.2

root@4cb5ccaaa3a5:/#

说明：

1）机器1和机器2上添加路由；

2）机器1上和机器2上的容器就可以相互平通；

阅读全文

1 0