(0). 环境准备
宿主IP | 容器网段 | 主机名称 |
---|---|---|
10.211.55.100 | 172.17.1.254/24 | master |
10.211.55.101 | 172.17.2.254/24 | node-1 |
(1). 前期准备工作
# 所有机器关闭防火墙
$ systemctl stop firewalld
$ systemctl disable firewalld
# 所有机器关闭selinux
$ sed -i 's/enforcing/disabled/' /etc/selinux/config
$ setenforce 0
# 开启数据包转发功能
$ echo "1" > /proc/sys/net/ipv4/ip_forward
(2). 修改master节点docker0的IP地址
[root@master ~]# cd /etc/docker/
# 添加daemon.json配置网址
[root@master docker]# cat daemon.json
{
"bip":"172.17.1.254/24"
}
# 重新加载配置
[root@master docker]# systemctl daemon-reload
# 重启docker
[root@master docker]# systemctl restart docker
# 检查docker0的地址
[root@master docker]# ip addr
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:5d:b2:9a:d5 brd ff:ff:ff:ff:ff:ff
inet 172.17.1.254/24 brd 172.17.1.255 scope global docker0
valid_lft forever preferred_lft forever
(3). 修改node-1节点docker0的IP地址
[root@node-1 ~]# cd /etc/docker/
# 添加daemon.json配置网址
[root@master docker]# cat daemon.json
{
"bip":"172.17.2.254/24"
}
# 重新加载配置
[root@master docker]# systemctl daemon-reload
# 重启docker
[root@master docker]# systemctl restart docker
# 检查docker0的地址
[root@node-1 docker]# ip addr
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:1f:04:2b:f9 brd ff:ff:ff:ff:ff:ff
inet 172.17.2.254/24 brd 172.17.2.255 scope global docker0
valid_lft forever preferred_lft forever
(4). 在master节点添加路由
# 通往:172.17.2.0的地址,网关为:10.211.55.101
[root@master ~]# route add -net 172.17.2.0 netmask 255.255.255.0 gw 10.211.55.101
# 查看路由
[root@master ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.211.55.1 0.0.0.0 UG 100 0 0 eth0
10.211.55.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
172.17.1.0 0.0.0.0 255.255.255.0 U 0 0 0 docker0
# ********************** 这是刚添加的路由规则 *****************************
172.17.2.0 10.211.55.101 255.255.255.0 UG 0 0 0 eth0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
(5). 在node-1节点添加路由
[root@master ~]# route add -net 172.17.1.0 netmask 255.255.255.0 gw 10.211.55.100
# 查看路由
[root@node-1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.211.55.1 0.0.0.0 UG 100 0 0 eth0
10.211.55.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
# ************************* 这是刚添加的规则 **************************************
172.17.1.0 10.211.55.100 255.255.255.0 UG 0 0 0 eth0
172.17.2.0 0.0.0.0 255.255.255.0 U 0 0 0 docker0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
(6). 在Master创建容器
# 创建容器(linux_1)
[root@master ~]# docker run -it -d --name linux_1 busybox:latest
945181dc3f7b0972ad10a29883456b4664f9363c8ca3a97bfbe209f55340172b
# 创建容器(linux_2)
[root@master ~]# docker run -it -d --name linux_2 busybox:latest
8d3d2791b618fe7298d8d5004e59f8525ddb80a1c87e47701fe68736d72a8f86
# 查看运行中的容器
[root@master ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8d3d2791b618 busybox:latest "sh" 3 seconds ago Up 3 seconds linux_2
945181dc3f7b busybox:latest "sh" 8 seconds ago Up 8 seconds linux_1
(7). 在node-1节创建容器
# 创建容器(linux_3)
[root@node-1 ~]# docker run -it -d --name linux_3 busybox:latest
a0fa30e016f10bb4a30b502e82041252c50925f96c4483bf4eeae73f664e3fd6
# 创建容器(linux_4)
[root@node-1 ~]# docker run -it -d --name linux_4 busybox:latest
5ec5c6eb23ea630f816c7dd53946303f9b836aef9ad56545b3e27440e086d237
# 查看运行中的容器
[root@node-1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5ec5c6eb23ea busybox:latest "sh" 3 seconds ago Up 2 seconds linux_4
a0fa30e016f1 busybox:latest "sh" 7 seconds ago Up 7 seconds linux_3
(8). 在master节点进入容器,测试
# 进入容器内部(linux_1)
[root@master ~]# docker exec -it linux_1 sh
# 查看容器内部ip地址
/ # ip addr
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:01:01 brd ff:ff:ff:ff:ff:ff
inet 172.17.1.1/24 brd 172.17.1.255 scope global eth0
valid_lft forever preferred_lft forever
# ping另一个容器(linux_3)的ip
/ # ping 172.17.2.1
PING 172.17.2.1 (172.17.2.1): 56 data bytes
64 bytes from 172.17.2.1: seq=2 ttl=62 time=0.693 ms
(9). 在node-1节点进入容器内部,测试
# 在node-1节点进入容器内部
[root@node-1 ~]# docker exec -it linux_3 sh
# 查看容器内部的IP地址
/ # ip addr
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:02:01 brd ff:ff:ff:ff:ff:ff
inet 172.17.2.1/24 brd 172.17.2.255 scope global eth0
valid_lft forever preferred_lft forever
# 在容器内部,ping另一个容器(linux_1)的ip
/ # ping 172.17.1.1
PING 172.17.1.1 (172.17.1.1): 56 data bytes
64 bytes from 172.17.1.1: seq=0 ttl=62 time=0.811 ms
64 bytes from 172.17.1.1: seq=1 ttl=62 time=0.738 ms
(10). 注意事项
Linux系统默认是禁用数据包转发的(当主机拥有多于一块网卡时,其中一块网卡收到数据包,根据数据包的目的IP地址将包发往本机另一网卡).
所以,需要开启数据包转发功能.
# 要求在所有机器上都要执行
$ echo "1" > /proc/sys/net/ipv4/ip_forward