12
10

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

(続) docker0.11 の `--net=host` って何?

Last updated at Posted at 2014-05-18

docker0.11 の --net=host って何?」の続き。

前回、boot2docker を使用して--net=host を使用した場合、どう見えるのかインタフェースだけ確認したが、もう少し突っ込んで確認。

検証環境

boot2docker: stable 0.8.0, HEAD

# docker version
Client version: 0.11.1

検証

  1. まずは、boot2docker で VM を起動し、インタフェースやプロセスを確認

    boot2docker init
    boot2docker start
    boot2docker ssh
    sudo -s
    
    root@boot2docker:/home/docker# ifconfig
    docker0   Link encap:Ethernet  HWaddr 56:84:7A:FE:97:99
              inet addr:172.17.42.1  Bcast:0.0.0.0  Mask:255.255.0.0
              inet6 addr: fe80::5484:7aff:fefe:9799/64 Scope:Link
              UP BROADCAST MULTICAST  MTU:1500  Metric:1
              RX packets:3910 errors:0 dropped:0 overruns:0 frame:0
              TX packets:8576 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:161633 (157.8 KiB)  TX bytes:11837634 (11.2 MiB)
    
    eth0      Link encap:Ethernet  HWaddr 08:00:27:BA:C3:DC
              inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
              inet6 addr: fe80::a00:27ff:feba:c3dc/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:159613 errors:0 dropped:0 overruns:0 frame:0
              TX packets:48947 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:223548936 (213.1 MiB)  TX bytes:3336872 (3.1 MiB)
    
    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:65536  Metric:1
              RX packets:8 errors:0 dropped:0 overruns:0 frame:0
              TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:576 (576.0 B)  TX bytes:576 (576.0 B)
    
    root@boot2docker:/home/docker# netstat -rn
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
    0.0.0.0         10.0.2.2        0.0.0.0         UG        0 0          0 eth0
    10.0.2.0        0.0.0.0         255.255.255.0   U         0 0          0 eth0
    127.0.0.1       0.0.0.0         255.255.255.255 UH        0 0          0 lo
    172.17.0.0      0.0.0.0         255.255.0.0     U         0 0          0 docker0
    
  2. net=hostなコンテナの起動し、ifconfig や netstat を確認

    docker run --rm -i -t centos /bin/bash
    
    bash-4.1# ifconfig
    docker0   Link encap:Ethernet  HWaddr 56:84:7A:FE:97:99
              inet addr:172.17.42.1  Bcast:0.0.0.0  Mask:255.255.0.0
              inet6 addr: fe80::5484:7aff:fefe:9799/64 Scope:Link
              UP BROADCAST MULTICAST  MTU:1500  Metric:1
              RX packets:3910 errors:0 dropped:0 overruns:0 frame:0
              TX packets:8576 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:161633 (157.8 KiB)  TX bytes:11837634 (11.2 MiB)
    
    eth0      Link encap:Ethernet  HWaddr 08:00:27:BA:C3:DC
              inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
              inet6 addr: fe80::a00:27ff:feba:c3dc/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:159541 errors:0 dropped:0 overruns:0 frame:0
              TX packets:48902 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:223540775 (213.1 MiB)  TX bytes:3328614 (3.1 MiB)
    
    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:65536  Metric:1
              RX packets:8 errors:0 dropped:0 overruns:0 frame:0
              TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:576 (576.0 b)  TX bytes:576 (576.0 b)
    
    • 前回同様、VM(dockerホスト)と同じインタフェースの情報が見える。
    bash-4.1# ps auxf
    USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
    root         1  0.0  0.1  11476  1568 ?        Ss   17:26   0:00 /bin/bash
    root         8  0.0  0.0  13368   996 ?        R+   17:31   0:00 ps auxf
    bash-4.1#
    bash-4.1# netstat -tlnp
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
    tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      -
    tcp        0      0 :::4243                     :::*                        LISTEN      -
    tcp        0      0 :::22                       :::*                        LISTEN      -
    
    • プロセスはいないのに、LISTEN されている
    • root で実行しているにも関わらず、PID/Progam name に何も表示されない。この辺りが name space か。
    bash-4.1# ssh -l docker localhost
    docker@localhost's password:
                            ##        .
                      ## ## ##       ==
                   ## ## ## ##      ===
               /""""""""""""""""\___/ ===
          ~~~ {~~ ~~~~ ~~~ ~~~~ ~~ ~ /  ===- ~~~
               \______ o          __/
                 \    \        __/
                  \____\______/
     _                 _   ____     _            _
    | |__   ___   ___ | |_|___ \ __| | ___   ___| | _____ _ __
    | '_ \ / _ \ / _ \| __| __) / _` |/ _ \ / __| |/ / _ \ '__|
    | |_) | (_) | (_) | |_ / __/ (_| | (_) | (__|   <  __/ |
    |_.__/ \___/ \___/ \__|_____\__,_|\___/ \___|_|\_\___|_|
    boot2docker: 0.8.1
                 master : 17bb8c2 - Thu May  8 02:55:10 UTC 2014
    
    • コンテナ内から localhost に対し ssh するとちゃんと VM(dockerホスト)につながる
  3. 試しに同じポート(22)で、LISTEN を試みる。

    bash-4.1# yum install -y openssh-server openssh-clients
    bash-4.1#
    bash-4.1# /etc/init.d/sshd start
    Generating SSH1 RSA host key:                              [  OK  ]
    Generating SSH2 RSA host key:                              [  OK  ]
    Generating SSH2 DSA host key:                              [  OK  ]
    Starting sshd:                                             [  OK  ]
    bash-4.1#
    bash-4.1# ps auxf
    USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
    root         1  0.0  0.1  11476  1632 ?        Ss   17:08   0:00 /bin/bash
    root        73  0.0  0.1  66660  1144 ?        Ss   17:09   0:00 /usr/sbin/sshd
    root        75  0.0  0.0  13364   992 ?        R+   17:09   0:00 ps auxf
    
    • エラーなく起動されたが、プロセスはいない。
    bash-4.1# yum install -y strace
    bash-4.1#
    bash-4.1# strace -f -e bind,socket,listen /usr/sbin/sshd
    socket(PF_NETLINK, SOCK_RAW, 0)         = 3
    bind(3, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
    socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP) = 3
    socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
    socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
    Process 86 attached
    socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
    bind(3, {sa_family=AF_INET, sin_port=htons(22), sin_addr=inet_addr("0.0.0.0")}, 16) = -1 EADDRINUSE (Address already in use)
    socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
    socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP) = 3
    bind(3, {sa_family=AF_INET6, sin6_port=htons(22), inet_pton(AF_INET6, "::", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = -1 EADDRINUSE (Address already in use)
    socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
    socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3
    socket(PF_NETLINK, SOCK_RAW, 9)         = -1 EPROTONOSUPPORT (Protocol not supported)
    socket(PF_NETLINK, SOCK_RAW, 9)         = -1 EPROTONOSUPPORT (Protocol not supported)
    Process 86 detached
    
    • 詳細を確認するため、starce をかけてみると、bind で失敗している。
  4. コンテナ内で使用されていないポート(21)を LISTEN してみる

    bash-4.1# yum install proftpd ftp
    bash-4.1#
    bash-4.1# /etc/init.d/vsftpd start
    Starting vsftpd for vsftpd:                                [  OK  ]
    bash-4.1#
    bash-4.1# ps auxf
    USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
    root         1  0.0  0.1  11476  1644 ?        Ss   17:26   0:00 /bin/bash
    root        71  0.0  0.0  52584   756 ?        Ss   17:49   0:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
    root        74  0.0  0.0  13364   992 ?        R+   17:49   0:00 ps aufx
    bash-4.1#
    bash-4.1# netstat -tlnp
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
    tcp        0      0 0.0.0.0:21                  0.0.0.0:*                   LISTEN      71/vsftpd
    tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      -
    tcp        0      0 :::4243                     :::*                        LISTEN      -
    tcp        0      0 :::22                       :::*                        LISTEN      -
    bash-4.1#
    
    • ちゃんとプロセスも起動し、LISTEN している
    bash-4.1# ftp localhost
    Connected to localhost (127.0.0.1).
    220 (vsFTPd 2.2.2)
    Name (localhost:root): 
    
    • アクセスも OK
    root@boot2docker:/home/docker# ps auxf | grep vsftpd
     1802 root     /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
    root@boot2docker:/home/docker#
    root@boot2docker:/home/docker# netstat -tlnp
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      1802/vsftpd
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      969/sshd
    tcp        0      0 :::4243                 :::*                    LISTEN      987/docker
    tcp        0      0 :::22                   :::*                    LISTEN      969/sshd
    root@boot2docker:/home/docker#
    root@boot2docker:/home/docker# telnet localhost 21
    220 (vsFTPd 2.2.2)
    
    • VM(dockerホスト)側から確認すると、LISTEN している状態もプロセスも全部見える。アクセスも OK。

まとめ

  • --net=host をつけてコンテナを起動すると、コンテナのネットワーク環境(IPアドレス、使用ポートなど)は、ホストと同じものが使用される。
  • コンテナ内で使用しているポートは、ホスト側でも使用されている状態となる。

net=host そのままだな。

12
10
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
12
10

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?