Qiita Teams that are logged in
You are not logged in to any team

Log in to Qiita Team
Community
OrganizationAdvent CalendarQiitadon (β)
Service
Qiita JobsQiita ZineQiita Blog
22
Help us understand the problem. What is going on with this article?
@mykysyk@github

Ubuntu14.04 で Docker0.9.1 のコンテナに任意のIPをつける

More than 5 years have passed since last update.

設定時のネットワーク環境

ネットワーク空間 192.168.0.0/24
ゲートウェイ 192.168.0.1
ホストOS 192.168.0.10
dockerコンテナ 192.168.0.11
作業PC 192.168.0.2

ホストOSにブリッジの設定追加

  • ホストOSはUbuntu14.04
  • eth0はプロミスキャスモードにする → address 0.0.0.0
  • br0を新たに作成 → もともとeth0についていたIPをつける
  • br0をeth0にブリッジさせる → bridge_ports eth0
shell
vi /etc/network/interfaces
/etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
    address 0.0.0.0

auto br0
iface br0 inet static
    address 192.168.0.10
    netmask 255.255.255.0
    gateway 192.168.0.1
    bridge_ports eth0
    bridge_stp off

dockerの起動オプション(DOCKER_OPTS)を編集

  1. NATの設定をさせない(--iptables=false)
  2. デフォルトブリッジをbr0にする(-b=br0)
  3. 実行ドライバ?にlxcをつかう(-e lxc)
shell
echo 'DOCKER_OPTS="--iptables=false -b=br0 -e lxc"' >> /etc/default/docker.io
cat /etc/default/docker.io
/etc/default/docker.io
# Docker Upstart and SysVinit configuration file

# Customize location of Docker binary (especially for development testing).
#DOCKER="/usr/local/bin/docker"

# Use DOCKER_OPTS to modify the daemon startup options.
#DOCKER_OPTS="-dns 8.8.8.8 -dns 8.8.4.4"

# If you need Docker to use an HTTP proxy, it can also be specified here.
#export http_proxy="http://127.0.0.1:3128/"

# This is also a handy place to tweak where Docker's temporary files go.
#export TMPDIR="/mnt/bigdrive/docker-tmp"

DOCKER_OPTS="--iptables=false -b=br0 -e lxc"

lxcのインストール(上記 -e lxc のため)

shell
apt-get install lxc

lxc-netの自動起動を停止(lxcブリッジの自動生成を停止するため)

shell
sed -ir 's/^start on/#start on/' /etc/init/lxc-net.conf

ホストOSを再起動させる

shell
reboot

再起動後の状態

shell
ifconfig
結果
br0       Link encap:Ethernet  HWaddr 54:52:00:35:ec:7b
          inet addr:192.168.0.10  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::5652:ff:fe35:ec7b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1956 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2112 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:130579 (130.5 KB)  TX bytes:292619 (292.6 KB)

eth0      Link encap:Ethernet  HWaddr 54:52:00:35:ec:7b
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6908 errors:0 dropped:15 overruns:0 frame:0
          TX packets:4412 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:6955499 (6.9 MB)  TX bytes:457070 (457.0 KB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:52 errors:0 dropped:0 overruns:0 frame:0
          TX packets:52 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3888 (3.8 KB)  TX bytes:3888 (3.8 KB)
shell
brctl show
結果
bridge name     bridge id               STP enabled     interfaces
br0             8000.54520035ec7b       no              eth0
shell
iptables -nL
結果
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
shell
iptables -nL -t nat
結果
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

コンテナを起動させてみる

コンテナ起動オプション

  • IPアドレス 192.168.0.11
  • ゲートウェイ192.168.0.1
  • br0のブリッジを使う
  • centosのイメージでコンテナ作成
  • 起動後、コンテナのbash画面を表示させる
shell
docker.io run \
-n=false \
--lxc-conf="lxc.network.type = veth" \
--lxc-conf="lxc.network.ipv4 = 192.168.0.11/24" \
--lxc-conf="lxc.network.ipv4.gateway = 192.168.0.1" \
--lxc-conf="lxc.network.link = br0" \
--lxc-conf="lxc.network.name = eth0" \
--lxc-conf="lxc.network.flags = up" \
-i -t centos /bin/bash
  1. IPアドレスの確認
  2. openssh-serverのインストール
  3. openssh-serverの起動
  4. SSH接続テストのため一時的にユーザー名「docker-user」 パスワード「docker-user-password」で作成する
起動したコンテナ内で実行
bash-4.1# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 8A:B3:8A:34:B7:CB
          inet addr:192.168.0.11  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::88b3:8aff:fe34:b7cb/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:648 (648.0 b)  TX bytes:648 (648.0 b)
bash-4.1# yum install -y openssh-server
bash-4.1# /etc/init.d/sshd start
bash-4.1# useradd docker-user && echo 'docker-user:docker-user-password'| chpasswd

外部から接続してみる

ホストOSと同じネットワーク空間からSSH接続を行う
ユーザー名「docker-user」
パスワード「docker-user-password」

shell
ssh docker-user@192.168.0.11 
結果
The authenticity of host '192.168.0.11 (192.168.0.11)' can't be established.
RSA key fingerprint is 21:61:df:5b:a9:04:9a:20:8c:6b:da:02:94:d2:2a:80.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.11' (RSA) to the list of known hosts.
docker-user@192.168.0.11's password:
[docker-user@200e65c57bd5 ~]$
[docker-user@200e65c57bd5 ~]$ ifconfig eth0
    eth0      Link encap:Ethernet  HWaddr C6:5E:4C:3A:28:F5
              inet addr:192.168.0.11  Bcast:192.168.0.255  Mask:255.255.255.0
              inet6 addr: fe80::c45e:4cff:fe3a:28f5/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:3448 errors:0 dropped:0 overruns:0 frame:0
              TX packets:1556 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:6792386 (6.4 MiB)  TX bytes:124389 (121.4 KiB)
22
Help us understand the problem. What is going on with this article?
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away

Comments

No comments
Sign up for free and join this conversation.
Sign Up
If you already have a Qiita account Login
22
Help us understand the problem. What is going on with this article?