linux中Docker指定网桥和指定网桥IP详解

$ docker network ls
NETWORK ID          NAME                DRIVER
7fca4eb8c647        bridge              bridge
9f904ee27bf5        none                null
cf03ee007fb4        host                host
Bridge
默认bridge网络,我们可以使用docker network inspect命令查看返回的网络信息，我们使用docker run 命令是将网络自动应用到新的容器
Host
如果是hosts模式，启动容器时不会获得独立的网络namespace，而是和宿主机使用同一个，容器不会有网卡和ip，但是除了网络其他方面还是独立的
Container
如果是container指定的新创建的会和已经存在的容器共享一个网络namespace，不和宿主机有共享网络，也不会有自己的网卡和ip,而是和指定的容器共享，除了网络之外其他都是独立的
None
docker容器有自己的网络namespace,但是和docker容器的网络配置没有关系，这个none的容器是没有网卡，ip，路由等，我们要手动指定

本章信息大部分参考官网:https://docker.github.io/engine/userguide/networking/#/the-default-bridge-network-in-detail
你也可以参考本章的一些例子，大部分也来自网络，如下：

一，指定网桥
I. 1.1创建网桥

[root@linuxea ~]# docker network create linuxea.com
af4526e387772f33b053ff2ab47e601ddf9618bc2d444770775723d76d3a1010
[root@linuxea ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
3ebf99e55db8        bridge              bridge              local
7eb855581296        host                host                local
af4526e38777        linuxea.com         bridge              local
58d75a1a38bc        none                null                local
[root@linuxea ~]#
查看linuxea.com

[root@linuxea ~]# docker network inspect linuxea.com
[

[root@linuxea ~]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
6a5a5368e0c2: Pull complete
4aceccff346f: Pull complete
c8967f302193: Pull complete
Digest: sha256:1ebfe348d131e9657872de9881fe736612b2e8e1630e0508c354acb0350a4566
Status: Downloaded newer image for nginx:latest
II. 1.2指定网桥

[root@linuxea ~]# docker run --network=linuxea.com -itd --name=mynginx nginx
b0ec2c7951fa5343d20218811005b16304f9ec5cb3107d06abbf60d5a94df248
[root@linuxea ~]# docker network inspect linuxea.com
[

    {
        "Name": "linuxea.com",
        "Id": "af4526e387772f33b053ff2ab47e601ddf9618bc2d444770775723d76d3a1010",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "172.18.0.0/16",
                    "Gateway": "172.18.0.1/16"
                }
            ]
        },
        "Internal": false,
        "Containers": {
            "b0ec2c7951fa5343d20218811005b16304f9ec5cb3107d06abbf60d5a94df248": {
                "Name": "mynginx",
                "EndpointID": "adaec00497b42ada6f6b251bff18a26623cfe96890a47df8b5da3c3d75582482",
                "MacAddress": "02:42:ac:12:00:02",
                "IPv4Address": "172.18.0.2/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]
[root@linuxea ~]# linuxea
二，指定网桥ip地址
2.1 指定docker0网段内的ip

我们手动指定--net=none，可以发现，容器中并没有网卡

[root@linuxea ~]# docker run --net=none --name mynginx -d -p 80:80 nginx
09b9819234338e47a8df7d3eba8daf23bf919b9fa2ea114d60742c3318dc2d69
[root@linuxea ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
09b981923433 nginx "nginx -g 'daemon off" 7 seconds ago Up 5 seconds mynginx
[root@linuxea ~]# /root/in.sh mynginx
root@09b981923433:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default

[root@LinuxEA ~]# ip addr show docker0
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN

    link/ether 02:42:af:55:9a:54 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:afff:fe55:9a54/64 scope link
       valid_lft forever preferred_lft forever
2.2 获取pid

创建连接文件后创建端到端网卡，将veth_db84e747c3绑定到docker0，并且启动

[root@LinuxEA ~]# docker inspect -f '{{.State.Pid}}' mynginx
28383
[root@LinuxEA ~]# mkdir -p /var/run/netns
[root@LinuxEA ~]# ln -s /proc/28383/ns/net /var/run/netns/28383
[root@LinuxEA ~]# ip link add veth_db84e747c3 type veth peer name x
2.3安装brctl-tools

yum install bridge-utils

[root@LinuxEA ~]# brctl addif docker0 veth_db84e747c3
[root@LinuxEA ~]# ip link set veth_db84e747c3 up
[root@LinuxEA ~]# ip link set x netns 28383
此时mynginx中已经有块网卡

[root@LinuxEA mysql]# /root/in.sh mynginx
root@e224723da286:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
47: x@if48: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 2a:bf:7a:75:58:5f brd ff:ff:ff:ff:ff:ff
root@e224723da286:/#
2.4 给新加网卡配置ip

[root@LinuxEA ~]# ip netns exec 28383 ip link set dev x name eth0
[root@LinuxEA ~]# ip netns exec 28383 ip link set eth0 up
[root@LinuxEA ~]# ip netns exec 28383 ip addr add 172.17.0.100/24 dev eth0
[root@LinuxEA ~]# ip netns exec 28383 ip route add default via 172.17.0.1
回到mynginx查看ip已经固定设置

root@e224723da286:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
47: eth0@if48: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 2a:bf:7a:75:58:5f brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.100/24 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::28bf:7aff:fe75:585f/64 scope link
       valid_lft forever preferred_lft forever
root@e224723da286:/# ping -w 3 www.baidu.com
PING www.a.shifen.com (103.235.46.39): 56 data bytes
64 bytes from 103.235.46.39: icmp_seq=0 ttl=46 time=197.858 ms
64 bytes from 103.235.46.39: icmp_seq=1 ttl=46 time=209.700 ms
64 bytes from 103.235.46.39: icmp_seq=2 ttl=46 time=196.508 ms
--- www.a.shifen.com ping statistics ---
4 packets transmitted, 3 packets received, 25% packet loss
round-trip min/avg/max/stddev = 196.508/201.355/209.700/5.926 ms
root@e224723da286:/#
2.5 添加ip脚本如下

[root@linuxea ~]# cat /root/ip.sh

#!/bin/bash
# filename: bind_addr.sh

if [ `id -u` -ne 0 ];then
echo '必须使用root权限'
exit
fi

if [ $# != 2 ]; then
echo "使用方法: $0 容器名字 IP"
exit 1
fi

container_name=$1
bind_ip=$2

container_id=`docker inspect -f '{{.Id}}' $container_name 2> /dev/null`
if [ ! $container_id ];then
    echo "容器不存在"
    exit 2
fi
bind_ip=`echo $bind_ip | egrep '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$'`
if [ ! $bind_ip ];then
    echo "IP地址格式不正确"
    exit 3
fi

container_minid=`echo $container_id | cut -c 1-10`
container_netmask=`ip addr show docker0 | grep "inet\b" | awk '{print $2}' | cut -d / -f2`
container_gw=`ip addr show docker0 | grep "inet\b" | awk '{print $2}' | cut -d / -f1`

bridge_name="veth_$container_minid"
container_ip=$bind_ip/$container_netmask
pid=`docker inspect -f '{{.State.Pid}}' $container_name 2> /dev/null`
if [ ! $pid ];then
echo "获取容器$container_name的id失败"
exit 4
fi

if [ ! -d /var/run/netns ];then
mkdir -p /var/run/netns
fi

ln -sf /proc/$pid/ns/net /var/run/netns/$pid

ip link add $bridge_name type veth peer name X
brctl addif docker0 $bridge_name
ip link set $bridge_name up
ip link set X netns $pid
ip netns exec $pid ip link set dev X name eth0
ip netns exec $pid ip link set eth0 up
ip netns exec $pid ip addr add $container_ip dev eth0
ip netns exec $pid ip route add default via $container_gw
感谢http://yaxin-cn.github.io/
docker网络可参考：https://opskumu.gitbooks.io/docker/content/chapter6.html

III. 三，指定网桥并且指定网桥内固定IP

3.1 准备工作

停掉docker,并且删除掉docker0，创建新的网桥linuxea0

[root@linuxea ~]# service docker stop
Redirecting to /bin/systemctl stop docker.service
[root@linuxea ~]# ip link set dev docker0 down
[root@linuxea ~]# brctl delbr docker0
[root@linuxea ~]# brctl addbr linuxea0
ip段为192.168.100.0/24

[root@linuxea ~]# ip addr add 192.168.100.1/24 dev linuxea0
[root@linuxea ~]# ip link set dev linuxea0 up
[root@linuxea ~]# ip addr show linuxea0
63: linuxea0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN

    link/ether 1e:28:a7:71:19:46 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.1/24 scope global linuxea0
       valid_lft forever preferred_lft forever
[root@linuxea ~]#
3.2 下载pipwork

[root@linuxea docker]# git clone https://github.com/jpetazzo/pipework.git
Cloning into 'pipework'...
remote: Counting objects: 475, done.
remote: Total 475 (delta 0), reused 0 (delta 0), pack-reused 475
Receiving objects: 100% (475/475), 158.46 KiB | 98.00 KiB/s, done.
Resolving deltas: 100% (250/250), done.
[root@linuxea docker]# cp -rp pipework/pipework /usr/local/bin/
[root@linuxea docker]# pipework
Syntax:
pipework <hostinterface> [-i containerinterface] [-l localinterfacename] [-a addressfamily] <guest> <ipaddr>/<subnet>[@default_gateway] [macaddr][@vlan]
pipework <hostinterface> [-i containerinterface] [-l localinterfacename] <guest> dhcp [macaddr][@vlan]
pipework route <guest> <route_command>
pipework --wait [-i containerinterface]
[root@linuxea docker]#
查看

[root@linuxea docker]# brctl show
bridge name     bridge id               STP enabled     interfaces
br-24418946eb12         8000.0242668f42e0       no
linuxea0                8000.000000000000       no
写入内容如下：
[root@linuxea docker]# cat /etc/sysconfig/docker | grep 'OPTIONS='
OPTIONS='
OPTIONS=--selinux-enabled -b=linuxea -H fd://
删除了docker0后将默认桥指定了linuxea0，则在创建容器时加上net=none

3.3 run一个服务后

[root@linuxea docker]# docker run --rm -ti --net=none nginx /bin/bash
root@b6d29d0accf0:/#
使用pipwork将linuxea0指定ip到run起的服务上

[root@linuxea ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b6d29d0accf0 nginx "/bin/bash" 38 seconds ago Up 35 seconds condescending_minsky
[root@linuxea ~]# pipework linuxea0 -i eth0 b6d29d0accf0 192.168.100.100/24@192.168.100.1
而后在查看

root@b6d29d0accf0:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
65: eth0@if66: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 72:78:ef:7b:f2:9b brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.100/24 brd 192.168.100.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::7078:efff:fe7b:f29b/64 scope link
       valid_lft forever preferred_lft forever
root@b6d29d0accf0:/#
# 默认不指定网卡设备名，则默认添加为 eth1
# 另外 pipework 不能添加静态路由，如果有需求则可以在 run 的时候加上 --privileged=true 权限在容器中手动添加，
# 但这种安全性有缺陷，可以通过 ip netns 操作
使用 ip netns 添加静态路由，避免创建容器使用 --privileged=true 选项造成一些不必要的安全问题

[root@linuxea ~]# docker inspect --format="{{ .State.Pid }}" 9f28a3f40737
15142
[root@linuxea ~]# ln -s /proc/15142/ns/net /var/run/netns/15142
[root@linuxea ~]# ip netns exec 15142 ip route add 192.168.100.0/24 dev eth0 via 192.168.100.1
[root@linuxea ~]# ip netns exec 15142 ip route
default via 192.168.100.1 dev eth0
192.168.100.0/24 dev eth0 proto kernel scope link src 192.168.100.100
[root@linuxea ~]#
到此为止虽然，IP或者网桥指定了，事实上使用起来并不是很方便，且每次都需要指定nat，本次到此为止
1，在容器中
route add default gw 10.0.0.1
2，在docker宿主机上
route add -net 192.168.100.1 gw 10.0.0.1

时间： 2024-10-31 14:21:03

linux中Docker指定网桥和指定网桥IP详解

linux中Docker指定网桥和指定网桥IP详解的相关文章

linux中了minerd之后的完全清理过程(详解)_Linux

linux中cat、more、less命令区别详解

Linux中使用VS Code编译调试C++项目详解_C 语言

linux中如何添加用户并赋予root权限详解_Linux

Linux中tshark(wireshark)抓包工具使用方法详解

Linux中MySQL5.5.x的cmake编译安装详解

C++中MFC Tab Control控件的使用详解

Python中线程编程之threading模块的使用详解

nodejs中的fiber（纤程）库详解

Android中gson、jsonobject解析JSON的方法详解_Android