Ubuntu14.04 で Docker0.9.1 のコンテナに任意のIPをつける

##設定時のネットワーク環境

ネットワーク空間 192.168.0.0/24
ゲートウェイ 192.168.0.1
ホストOS 192.168.0.10
dockerコンテナ 192.168.0.11
作業PC 192.168.0.2

##ホストOSにブリッジの設定追加

• ホストOSはUbuntu14.04
• eth0はプロミスキャスモードにする → address 0.0.0.0
• br0を新たに作成 → もともとeth0についていたIPをつける
• br0をeth0にブリッジさせる → bridge_ports eth0

shell

vi /etc/network/interfaces

/etc/network/interfaces

# The loopback network interface
auto lo
iface lo inet loopback
>
# The primary network interface
auto eth0
iface eth0 inet static
    address 0.0.0.0
>
auto br0
iface br0 inet static
    address 192.168.0.10
    netmask 255.255.255.0
    gateway 192.168.0.1
    bridge_ports eth0
    bridge_stp off

##dockerの起動オプション(DOCKER_OPTS)を編集

1. NATの設定をさせない(--iptables=false)
2. デフォルトブリッジをbr0にする(-b=br0)
3. 実行ドライバ？にlxcをつかう(-e lxc)

shell

echo 'DOCKER_OPTS="--iptables=false -b=br0 -e lxc"' >> /etc/default/docker.io
cat /etc/default/docker.io

/etc/default/docker.io

# Docker Upstart and SysVinit configuration file
>
# Customize location of Docker binary (especially for development testing).
#DOCKER="/usr/local/bin/docker"
>
# Use DOCKER_OPTS to modify the daemon startup options.
#DOCKER_OPTS="-dns 8.8.8.8 -dns 8.8.4.4"
>
# If you need Docker to use an HTTP proxy, it can also be specified here.
#export http_proxy="http://127.0.0.1:3128/"
>
# This is also a handy place to tweak where Docker's temporary files go.
#export TMPDIR="/mnt/bigdrive/docker-tmp"
>
DOCKER_OPTS="--iptables=false -b=br0 -e lxc"

##lxcのインストール(上記 -e lxc のため)

shell

apt-get install lxc

##lxc-netの自動起動を停止(lxcブリッジの自動生成を停止するため)

shell

sed -ir 's/^start on/#start on/' /etc/init/lxc-net.conf

##ホストOSを再起動させる

shell

reboot

##再起動後の状態

shell

ifconfig

結果

br0       Link encap:Ethernet  HWaddr 54:52:00:35:ec:7b
          inet addr:192.168.0.10  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::5652:ff:fe35:ec7b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1956 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2112 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:130579 (130.5 KB)  TX bytes:292619 (292.6 KB)
>
eth0      Link encap:Ethernet  HWaddr 54:52:00:35:ec:7b
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6908 errors:0 dropped:15 overruns:0 frame:0
          TX packets:4412 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:6955499 (6.9 MB)  TX bytes:457070 (457.0 KB)
>
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:52 errors:0 dropped:0 overruns:0 frame:0
          TX packets:52 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3888 (3.8 KB)  TX bytes:3888 (3.8 KB)

shell

brctl show

結果

bridge name     bridge id               STP enabled     interfaces
br0             8000.54520035ec7b       no              eth0

shell

iptables -nL

結果

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
>
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
>
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

shell

iptables -nL -t nat

結果

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
>
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
>
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
>
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

##コンテナを起動させてみる
###コンテナ起動オプション

• IPアドレス 192.168.0.11
• ゲートウェイ192.168.0.1
• br0のブリッジを使う
• centosのイメージでコンテナ作成
• 起動後、コンテナのbash画面を表示させる

shell

docker.io run \
-n=false \
--lxc-conf="lxc.network.type = veth" \
--lxc-conf="lxc.network.ipv4 = 192.168.0.11/24" \
--lxc-conf="lxc.network.ipv4.gateway = 192.168.0.1" \
--lxc-conf="lxc.network.link = br0" \
--lxc-conf="lxc.network.name = eth0" \
--lxc-conf="lxc.network.flags = up" \
-i -t centos /bin/bash

1. IPアドレスの確認
2. openssh-serverのインストール
3. openssh-serverの起動
4. SSH接続テストのため一時的にユーザー名「docker-user」 パスワード「docker-user-password」で作成する

起動したコンテナ内で実行

bash-4.1# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 8A:B3:8A:34:B7:CB
          inet addr:192.168.0.11  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::88b3:8aff:fe34:b7cb/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:648 (648.0 b)  TX bytes:648 (648.0 b)
bash-4.1# yum install -y openssh-server
bash-4.1# /etc/init.d/sshd start
bash-4.1# useradd docker-user && echo 'docker-user:docker-user-password'| chpasswd

##外部から接続してみる
ホストOSと同じネットワーク空間からSSH接続を行う
ユーザー名「docker-user」
パスワード「docker-user-password」

shell

ssh docker-user@192.168.0.11 

結果

The authenticity of host '192.168.0.11 (192.168.0.11)' can't be established.
RSA key fingerprint is 21:61:df:5b:a9:04:9a:20:8c:6b:da:02:94:d2:2a:80.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.11' (RSA) to the list of known hosts.
docker-user@192.168.0.11's password:
[docker-user@200e65c57bd5 ~]$
[docker-user@200e65c57bd5 ~]$ ifconfig eth0
	eth0      Link encap:Ethernet  HWaddr C6:5E:4C:3A:28:F5
	          inet addr:192.168.0.11  Bcast:192.168.0.255  Mask:255.255.255.0
	          inet6 addr: fe80::c45e:4cff:fe3a:28f5/64 Scope:Link
	          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
	          RX packets:3448 errors:0 dropped:0 overruns:0 frame:0
	          TX packets:1556 errors:0 dropped:0 overruns:0 carrier:0
	          collisions:0 txqueuelen:1000
	          RX bytes:6792386 (6.4 MiB)  TX bytes:124389 (121.4 KiB)