Ubuntu14.04 で Docker0.9.1 のコンテナに任意のIPをつける

設定時のネットワーク環境

ネットワーク空間 192.168.0.0/24
ゲートウェイ 192.168.0.1
ホストOS 192.168.0.10
dockerコンテナ 192.168.0.11
作業PC 192.168.0.2

ホストOSにブリッジの設定追加

• ホストOSはUbuntu14.04
• eth0はプロミスキャスモードにする → address 0.0.0.0
• br0を新たに作成 → もともとeth0についていたIPをつける
• br0をeth0にブリッジさせる → bridge_ports eth0

shell

vi /etc/network/interfaces

/etc/network/interfaces

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
    address 0.0.0.0

auto br0
iface br0 inet static
    address 192.168.0.10
    netmask 255.255.255.0
    gateway 192.168.0.1
    bridge_ports eth0
    bridge_stp off

dockerの起動オプション(DOCKER_OPTS)を編集

1. NATの設定をさせない(--iptables=false)
2. デフォルトブリッジをbr0にする(-b=br0)
3. 実行ドライバ？にlxcをつかう(-e lxc)

shell

echo 'DOCKER_OPTS="--iptables=false -b=br0 -e lxc"' >> /etc/default/docker.io
cat /etc/default/docker.io

/etc/default/docker.io

# Docker Upstart and SysVinit configuration file

# Customize location of Docker binary (especially for development testing).
#DOCKER="/usr/local/bin/docker"

# Use DOCKER_OPTS to modify the daemon startup options.
#DOCKER_OPTS="-dns 8.8.8.8 -dns 8.8.4.4"

# If you need Docker to use an HTTP proxy, it can also be specified here.
#export http_proxy="http://127.0.0.1:3128/"

# This is also a handy place to tweak where Docker's temporary files go.
#export TMPDIR="/mnt/bigdrive/docker-tmp"

DOCKER_OPTS="--iptables=false -b=br0 -e lxc"

lxcのインストール(上記 -e lxc のため)

shell

apt-get install lxc

lxc-netの自動起動を停止(lxcブリッジの自動生成を停止するため)

shell

sed -ir 's/^start on/#start on/' /etc/init/lxc-net.conf

ホストOSを再起動させる

shell

reboot

再起動後の状態

shell

ifconfig

結果

br0       Link encap:Ethernet  HWaddr 54:52:00:35:ec:7b
          inet addr:192.168.0.10  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::5652:ff:fe35:ec7b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1956 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2112 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:130579 (130.5 KB)  TX bytes:292619 (292.6 KB)

eth0      Link encap:Ethernet  HWaddr 54:52:00:35:ec:7b
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6908 errors:0 dropped:15 overruns:0 frame:0
          TX packets:4412 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:6955499 (6.9 MB)  TX bytes:457070 (457.0 KB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:52 errors:0 dropped:0 overruns:0 frame:0
          TX packets:52 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3888 (3.8 KB)  TX bytes:3888 (3.8 KB)

shell

brctl show

結果

bridge name     bridge id               STP enabled     interfaces
br0             8000.54520035ec7b       no              eth0

shell

iptables -nL

結果

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

shell

iptables -nL -t nat

結果

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

コンテナを起動させてみる

コンテナ起動オプション

• IPアドレス 192.168.0.11
• ゲートウェイ192.168.0.1
• br0のブリッジを使う
• centosのイメージでコンテナ作成
• 起動後、コンテナのbash画面を表示させる

shell

docker.io run \
-n=false \
--lxc-conf="lxc.network.type = veth" \
--lxc-conf="lxc.network.ipv4 = 192.168.0.11/24" \
--lxc-conf="lxc.network.ipv4.gateway = 192.168.0.1" \
--lxc-conf="lxc.network.link = br0" \
--lxc-conf="lxc.network.name = eth0" \
--lxc-conf="lxc.network.flags = up" \
-i -t centos /bin/bash

1. IPアドレスの確認
2. openssh-serverのインストール
3. openssh-serverの起動
4. SSH接続テストのため一時的にユーザー名「docker-user」 パスワード「docker-user-password」で作成する

起動したコンテナ内で実行

bash-4.1# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 8A:B3:8A:34:B7:CB
          inet addr:192.168.0.11  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::88b3:8aff:fe34:b7cb/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:648 (648.0 b)  TX bytes:648 (648.0 b)
bash-4.1# yum install -y openssh-server
bash-4.1# /etc/init.d/sshd start
bash-4.1# useradd docker-user && echo 'docker-user:docker-user-password'| chpasswd

外部から接続してみる

ホストOSと同じネットワーク空間からSSH接続を行う
ユーザー名「docker-user」
パスワード「docker-user-password」

shell

ssh docker-user@192.168.0.11 

結果

The authenticity of host '192.168.0.11 (192.168.0.11)' can't be established.
RSA key fingerprint is 21:61:df:5b:a9:04:9a:20:8c:6b:da:02:94:d2:2a:80.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.11' (RSA) to the list of known hosts.
docker-user@192.168.0.11's password:
[docker-user@200e65c57bd5 ~]$
[docker-user@200e65c57bd5 ~]$ ifconfig eth0
    eth0      Link encap:Ethernet  HWaddr C6:5E:4C:3A:28:F5
              inet addr:192.168.0.11  Bcast:192.168.0.255  Mask:255.255.255.0
              inet6 addr: fe80::c45e:4cff:fe3a:28f5/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:3448 errors:0 dropped:0 overruns:0 frame:0
              TX packets:1556 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:6792386 (6.4 MiB)  TX bytes:124389 (121.4 KiB)