docker跨主機通信(openvswitch)超簡單可跟做

文章目錄

• • 實驗環境
  • 配置環境
  • 安裝openvswitch
  • 配置OVS
  • 測試

實驗環境

本文在VMware workstation上安裝兩台centos7，在系統上安裝openvswitch-2.12.0，實作不同主機間docker容器的通信

兩台centos7都有一張nat網卡和僅主機網卡，nat網卡僅用于通路外網下載下傳軟體依賴包，僅主機網卡用于兩主機間的容器進行通信

配置環境

docker0是docker啟動時預設的網橋，我們這裡可以去設定一下它的IP位址段

[[email protected] ~]# vim /etc/docker/daemon.json
{
    "registry-mirrors": ["https://5n1jgjzk.mirror.aliyuncs.com"],
    "bip":"172.16.0.1/16"   # 添加bip屬性，設定docker0預設IP位址段
}
           

兩台主機都進行修改，讀者可根據實際環境進行設定

設定完成後重新開機docker服務

systemctl restart docker
           

本文的系統環境IP位址設定如下

主機1 ens33 192.168.10.4 —— docker0 172.17.0.1/16

主機2 ens36 192.168.10.5 —— docker0 172.16.0.1/16

docker容器通路外部網絡，還需将兩台主機的IP轉發打開

[[email protected] ~]# vim /etc/sysctl.conf
net.ipv4.conf.all.forwarding = 1
# 注意，兩台主機都要設定

sysctl -p
           

安裝openvswitch

下載下傳環境依賴

yum -y install make gcc openssl-devel autoconf automake rpm-build redhat-rpm-config
yum -y install python-devel openssl-devel kernel-devel kernel-debug-devel libtool wget
yum -y install selinux-policy-devel python-sphinx unbound-devel bridge-utils
           

下載下傳openvswitch包

wget https://www.openvswitch.org/releases/openvswitch-2.12.0.tar.gz
           

mkdir -p ~/rpmbuild/SOURCES
cp openvswitch-2.12.0.tar.gz ~/rpmbuild/SOURCES/ 
cd ~/rpmbuild/SOURCES
tar xvfz openvswitch-2.12.0.tar.gz
sed 's/openvswitch-kmod, //g' openvswitch-2.12.0/rhel/openvswitch.spec > openvswitch-2.12.0/rhel/openvswitch_no_kmod.spec
           

建構rpm包

rpmbuild -bb --nocheck openvswitch-2.12.0/rhel/openvswitch_no_kmod.spec
           

安裝

yum localinstall ~/rpmbuild/RPMS/x86_64/openvswitch-2.12.0-1.x86_64.rpm -y
           

啟動openvswitch

systemctl start openvswitch
           

配置OVS

• 建立OVS網橋
• 添加gre連接配接
• 配置 docker容器虛拟網橋
• 為虛拟網橋添加ovs接口
• 添加不同 Docker容器網段路由

在主機1上

# 建立OVS網橋
ovs-vsctl add-br obr0
# 添加gre連接配接，remote_ip為主機2的僅主機網卡位址
ovs-vsctl add-port obr0 gre1 -- set interface gre1 type=gre option:remote_ip=192.168.10.5
# docker綁定到obr0上
brctl addif docker0 obr0
# 開啟obr0
ip link set dev obr0 up
# 開啟docker0
ip link set dev docker0 up
# 添加路由，通路主機2的docker0網段的流量從本地的docker0網卡走
ip route add 172.16.0.0/16 dev docker0
           

在主機2上

# 建立OVS網橋
ovs-vsctl add-br obr0
# 添加gre連接配接，remote_ip為主機1的僅主機網卡位址
ovs-vsctl add-port obr0 gre1 -- set interface gre1 type=gre option:remote_ip=192.168.10.4
# docker綁定到obr0上
brctl  addif docker0 obr0
# 開啟obr0
ip link set dev obr0 up
# 開啟docker0
ip link set dev docker0 up
# 添加路由，通路主機1的docker0網段的流量從本地的docker0網卡走
ip route add 172.17.0.0/16 dev docker0
           

測試

在主機1上，以centos為鏡像建立一個容器

[[email protected] ~]# docker run -it --name centos1 centos /bin/bash
# 檢視centos1的IP位址
[[email protected] /]# ip a 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: [email protected]: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1
    link/gre 0.0.0.0 brd 0.0.0.0
3: [email protected]: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
189: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
           

可以看到，容器centos1的IP位址以是172.17.0.0/16網段

再到主機2上以centos為鏡像建立一個容器

[[email protected] ~]# docker run -it --name centos2 centos /bin/bash
# 檢視IP位址
[[email protected] /]# ip a 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: [email protected]: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1
    link/gre 0.0.0.0 brd 0.0.0.0
3: [email protected]: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
20: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:10:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.16.0.2/16 brd 172.16.255.255 scope global eth0
       valid_lft forever preferred_lft forever

           

可以看到，容器centos2的IP位址也已經符合要求，是我們設定的172.16.0.0/16網段

下面在主機1上的centos1容器中進行連通性測試

# ping主機2上的centos2容器的IP位址
[[email protected] /]# ping 172.16.0.2
PING 172.16.0.2 (172.16.0.2) 56(84) bytes of data.
64 bytes from 172.16.0.2: icmp_seq=1 ttl=63 time=1.82 ms
From 172.17.0.1 icmp_seq=2 Redirect Host(New nexthop: 172.16.0.2)
From 172.17.0.1: icmp_seq=2 Redirect Host(New nexthop: 172.16.0.2)
64 bytes from 172.16.0.2: icmp_seq=2 ttl=63 time=1.47 ms
From 172.17.0.1 icmp_seq=3 Redirect Host(New nexthop: 172.16.0.2)
From 172.17.0.1: icmp_seq=3 Redirect Host(New nexthop: 172.16.0.2)
64 bytes from 172.16.0.2: icmp_seq=3 ttl=63 time=0.926 ms
^C
--- 172.16.0.2 ping statistics ---
3 packets transmitted, 3 received, +2 errors, 0% packet loss, time 10ms
rtt min/avg/max/mdev = 0.926/1.406/1.820/0.370 ms
           

可以看到連通性是沒有問題的，且從輸出中看到icmp請求被主機1的docker0做了一次redirect

到此，已完成跨主機的容器間通信