設定時のネットワーク環境
ネットワーク空間 192.168.0.0/24
ゲートウェイ 192.168.0.1
ホストOS 192.168.0.10
dockerコンテナ 192.168.0.11
作業PC 192.168.0.2
ホストOSにブリッジの設定追加
- ホストOSはUbuntu14.04
- eth0はプロミスキャスモードにする → address 0.0.0.0
- br0を新たに作成 → もともとeth0についていたIPをつける
- br0をeth0にブリッジさせる → bridge_ports eth0
shell
vi /etc/network/interfaces
/etc/network/interfaces# The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 0.0.0.0 auto br0 iface br0 inet static address 192.168.0.10 netmask 255.255.255.0 gateway 192.168.0.1 bridge_ports eth0 bridge_stp off
dockerの起動オプション(DOCKER_OPTS)を編集
- NATの設定をさせない(--iptables=false)
- デフォルトブリッジをbr0にする(-b=br0)
- 実行ドライバ?にlxcをつかう(-e lxc)
shell
echo 'DOCKER_OPTS="--iptables=false -b=br0 -e lxc"' >> /etc/default/docker.io
cat /etc/default/docker.io
/etc/default/docker.io# Docker Upstart and SysVinit configuration file # Customize location of Docker binary (especially for development testing). #DOCKER="/usr/local/bin/docker" # Use DOCKER_OPTS to modify the daemon startup options. #DOCKER_OPTS="-dns 8.8.8.8 -dns 8.8.4.4" # If you need Docker to use an HTTP proxy, it can also be specified here. #export http_proxy="http://127.0.0.1:3128/" # This is also a handy place to tweak where Docker's temporary files go. #export TMPDIR="/mnt/bigdrive/docker-tmp" DOCKER_OPTS="--iptables=false -b=br0 -e lxc"
lxcのインストール(上記 -e lxc のため)
shell
apt-get install lxc
lxc-netの自動起動を停止(lxcブリッジの自動生成を停止するため)
shell
sed -ir 's/^start on/#start on/' /etc/init/lxc-net.conf
ホストOSを再起動させる
shell
reboot
再起動後の状態
shell
ifconfig
結果br0 Link encap:Ethernet HWaddr 54:52:00:35:ec:7b inet addr:192.168.0.10 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::5652:ff:fe35:ec7b/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1956 errors:0 dropped:0 overruns:0 frame:0 TX packets:2112 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:130579 (130.5 KB) TX bytes:292619 (292.6 KB) eth0 Link encap:Ethernet HWaddr 54:52:00:35:ec:7b UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:6908 errors:0 dropped:15 overruns:0 frame:0 TX packets:4412 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:6955499 (6.9 MB) TX bytes:457070 (457.0 KB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:52 errors:0 dropped:0 overruns:0 frame:0 TX packets:52 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3888 (3.8 KB) TX bytes:3888 (3.8 KB)
shell
brctl show
結果bridge name bridge id STP enabled interfaces br0 8000.54520035ec7b no eth0
shell
iptables -nL
結果Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
shell
iptables -nL -t nat
結果Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination
コンテナを起動させてみる
コンテナ起動オプション
- IPアドレス 192.168.0.11
- ゲートウェイ192.168.0.1
- br0のブリッジを使う
- centosのイメージでコンテナ作成
- 起動後、コンテナのbash画面を表示させる
shell
docker.io run \
-n=false \
--lxc-conf="lxc.network.type = veth" \
--lxc-conf="lxc.network.ipv4 = 192.168.0.11/24" \
--lxc-conf="lxc.network.ipv4.gateway = 192.168.0.1" \
--lxc-conf="lxc.network.link = br0" \
--lxc-conf="lxc.network.name = eth0" \
--lxc-conf="lxc.network.flags = up" \
-i -t centos /bin/bash
- IPアドレスの確認
- openssh-serverのインストール
- openssh-serverの起動
- SSH接続テストのため一時的にユーザー名「docker-user」 パスワード「docker-user-password」で作成する
起動したコンテナ内で実行bash-4.1# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 8A:B3:8A:34:B7:CB inet addr:192.168.0.11 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::88b3:8aff:fe34:b7cb/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:648 (648.0 b) TX bytes:648 (648.0 b) bash-4.1# yum install -y openssh-server bash-4.1# /etc/init.d/sshd start bash-4.1# useradd docker-user && echo 'docker-user:docker-user-password'| chpasswd
外部から接続してみる
ホストOSと同じネットワーク空間からSSH接続を行う
ユーザー名「docker-user」
パスワード「docker-user-password」
shell
ssh docker-user@192.168.0.11
結果The authenticity of host '192.168.0.11 (192.168.0.11)' can't be established. RSA key fingerprint is 21:61:df:5b:a9:04:9a:20:8c:6b:da:02:94:d2:2a:80. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.0.11' (RSA) to the list of known hosts. docker-user@192.168.0.11's password: [docker-user@200e65c57bd5 ~]$ [docker-user@200e65c57bd5 ~]$ ifconfig eth0 eth0 Link encap:Ethernet HWaddr C6:5E:4C:3A:28:F5 inet addr:192.168.0.11 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::c45e:4cff:fe3a:28f5/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3448 errors:0 dropped:0 overruns:0 frame:0 TX packets:1556 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:6792386 (6.4 MiB) TX bytes:124389 (121.4 KiB)