[虚拟化]连载No3之虚拟网络+Docker镜像模拟云服务器搭建
本次任务:
1: 宿主机配置一块虚拟桥接模式网卡
2:使用docker镜像制作可以ssh登录的虚拟机
3:配置虚拟机桥接网络,独立ip可以保证外部登录[不走端口映射]
==========宿主机配置虚拟桥接网卡在Linux上创建桥设备===========
首先最开始的网络信息如下:
[[email protected] network-scripts]# ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:02:2B:7E inet addr:192.168.217.131 Bcast:192.168.217.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe02:2b7e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:301 errors:0 dropped:0 overruns:0 frame:0 TX packets:64 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:48584 (47.4 KiB) TX bytes:4344 (4.2 KiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:453 errors:0 dropped:0 overruns:0 frame:0 TX packets:453 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:87716 (85.6 KiB) TX bytes:87716 (85.6 KiB)
第一,要注意。桥接的话,不支持NetworkManager去管理桥设备,所以创建桥设备,必须关掉NetworkManager。
[[email protected] network-scripts]# service NetworkManager status [linux: chkconfig --list|grep NetworkManager ]基于命令行的实现。
NetworkManager 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[[email protected] network-scripts]# service NetworkManager stop
NetworkManager is stopped
[[email protected] network-scripts]#
1、创建桥接器br0,并为br0添加eth0网卡
[[email protected] ~]# brctl addbr br0 [[email protected] ~]# brctl addif br0 eth0 [[email protected] ~]# ifconfig -a br0 Link encap:Ethernet HWaddr C6:50:BC:BE:88:68 BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) eth0 Link encap:Ethernet HWaddr 00:0C:29:7E:C9:4F inet addr:192.168.217.129 Bcast:192.168.217.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe7e:c94f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:14062 errors:0 dropped:0 overruns:0 frame:0 TX packets:7065 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:20762199 (19.8 MiB) TX bytes:392006 (382.8 KiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:18 errors:0 dropped:0 overruns:0 frame:0 TX packets:18 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1064 (1.0 KiB) TX bytes:1064 (1.0 KiB)
2、拆掉eth0上的IP
[[email protected] ~]# ifconfig eth0 0 up [[email protected] ~]# [[email protected] ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:7E:C9:4F inet6 addr: fe80::20c:29ff:fe7e:c94f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:14192 errors:0 dropped:0 overruns:0 frame:0 TX packets:7084 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:20772188 (19.8 MiB) TX bytes:394136 (384.8 KiB)
3、为br0添加地址相关内容。
[[email protected] ~]# ifconfig br0 192.168.217.129/24 up [[email protected] ~]# route add default gw 192.168.217.2 [[email protected] ~]# [[email protected] ~]# ifconfig br0 Link encap:Ethernet HWaddr 00:0C:29:7E:C9:4F inet addr:192.168.217.129 Bcast:192.168.217.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe7e:c94f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:582 errors:0 dropped:0 overruns:0 frame:0 TX packets:9 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:26772 (26.1 KiB) TX bytes:606 (606.0 b) eth0 Link encap:Ethernet HWaddr 00:0C:29:7E:C9:4F inet6 addr: fe80::20c:29ff:fe7e:c94f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:14868 errors:0 dropped:0 overruns:0 frame:0 TX packets:7091 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:20814087 (19.8 MiB) TX bytes:394562 (385.3 KiB)
4、查看
[[email protected] ~]# brctl stp br0 on [[email protected] ~]# brctl show bridge name bridge id STP enabled interfaces br0 8000.000c297ec94f yes eth0
===========使用docker镜像制作可以ssh登录的虚拟机=====================
制作虚拟机镜像文件
#Dockerfile FROM centos:centos7.2.1511 MAINTAINER xiaoshitou RUN yum install passwd openssl openssh-server openssh-clients net-tools nc net-tools wget -y RUN echo '123456' | passwd --stdin root RUN ssh-****** -q -N "" -t dsa -f /etc/ssh/ssh_host_dsa_key RUN ssh-****** -q -N "" -t rsa -f /etc/ssh/ssh_host_rsa_key RUN sed -ri 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd RUN mkdir -p /root/.ssh && chown root.root /root && chmod 700 /root/.ssh RUN echo 'root:123456' | chpasswd #RUN mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup #RUN wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo #RUN wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo RUN yum clean all ENV LANG en_US.UTF-8 ENV LC_ALL en_US.UTF-8 ADD run.sh /run.sh RUN chmod 777 /run.sh EXPOSE 22 EXPOSE 80 EXPOSE 8080 EXPOSE 8090 EXPOSE 3306 CMD ["/usr/sbin/init","/run.sh"] #End
制作启动文件run.sh
#!/bin/bash /usr/sbin/sshd -D
制作镜像
docker build -t centos7-ssh .
创建并启动容器
docker create --name=centos7-ssh -p 127.0.0.1:3333:22 -p 127.0.0.1:3334:8090 -p 127.0.0.1:3335:3006 centos7-ssh
docker start centos7-ssh
测试登陆
ssh [email protected] -p 3333
docker默认是nat地址转换模式
--更改网络类型为桥接【目的是让容器网络不走默认的docker0 nat地址转换,每个容器分配一个独立的外网访问ip 】
1、>宿主机创建桥接器 brctl addbr br-int 【注意,前提是要有桥接网卡eth1】
>桥接网络 brctl addif br-int eth1
>启动 ifconfig br-int up
2、创建veth设备(docker-br是连接桥接器br-int ,eth0-ns是连接docker容器接口)
>创建两个接口 ip link add name docker-br type veth peer name eth0-ns
>启动 ifconfig docker-br up
>添加端口到网桥 brctl addif br-int docker-br 桥接模式的时候,要给桥接器配置一个物理接口直达网络
课上bug,是桥接器没有物理接口eth1,这样,容器的ARP协议数据包能到br-int,最终ARP包被内核丢弃,
因为网络协议原理定义,arp请求的目标地址不是本机地址时.做丢弃处理
3、映射网络命名空间,目的是为了往一个命名空间添加一个网络接口(网线) mkdir -p /var/run/netns
>创建新的docker容器,不用指定端口,因为配置桥接模式,不用配置默认的nat网络接口(--net=none),而是手工添加桥接接口
> docker create --name=ssh02 --net=none centos7-ssh
> 启动 docker start centos7-ssh
> 查看进程,因为都是在一个命名空间,可随便挑选已进程,比如 16319
[[email protected] proc]# docker top d3d1d261830c UID PID PPID C STIME TTY TIME CMD root 16295 16277 0 15:02 ? 00:00:00 /bin/bash /run.sh root 16319 16295 0 15:02 ? 00:00:00 /usr/sbin/sshd -D [[email protected] proc]#> 查看进程16319的命名空间 cd /proc/16319/ns net为 4026532223
总用量 0 lrwxrwxrwx 1 root root 0 6月 20 15:06 ipc -> ipc:[4026532220] lrwxrwxrwx 1 root root 0 6月 20 15:06 mnt -> mnt:[4026532218] lrwxrwxrwx 1 root root 0 6月 20 15:06 net -> net:[4026532223] lrwxrwxrwx 1 root root 0 6月 20 15:06 pid -> pid:[4026532221] lrwxrwxrwx 1 root root 0 6月 20 15:06 user -> user:[4026531837] lrwxrwxrwx 1 root root 0 6月 20 15:06 uts -> uts:[4026532219] [[email protected] ns]#>隐射docker自己命名空间到系统目录下,为的是ip能看到和访问 这个命名空间的东西
格式: ln -sf /proc/{docker_pid}/ns/net /var/run/netns/ssh02
备注 ssh02可以随便命名
运行前检查 ip netns
运行 ln -sf /proc/16319/ns/net /var/run/netns/ssh02
> 将veth另一端加入容器namespace[添加另一个接口到命名空间(插入docker另一头网线]
运行前:进入运行容器ssh2,检查网络
docker exec -it ssh02 /bin/bash
宿主机运行 ip link set eth0-ns netns ssh02
运行 容器: ifconfig -a 多出了 eth0-ns接口
或者 宿主机 ip netns exec ssh02 ifconfig -a
>配置容器上该网络信息,添加端口,和主机同一网段:
ip netns exec ssh02 ifconfig eth0-ns 192.168.0.200/24
>如果要访问外网,需要配置默认网关(192.168.0.1为网关地址)
检查: 命名空间ssh02路由表 ip netns exec ssh02 route -n
运行: ip netns exec ssh02 route add default gw 192.168.0.1
=========大功劳搞成,检验
1、检查桥接接口是否正确
2、宿主机和容器互ping
查看容器ip并ping宿主机
宿主机ping 容器