Embed Size (px)
Citation preview
Copyright 2016 osci.kr. All Rights Reserved / Confidential
Docker setting for Static IP allocation
(주) 오픈소스컨설팅
2
전체 설계 ( 대안 1 / 대안 2 )
Docker IP구조
Network 구성 변경방법
Docker run
All procedure for static IP allcation in Docker - 대안 1
How to implement static ip in Docker - 대안 1
NewsLetter
3
Static IP를 위한 구현 방법 비교
2가지 방법중 원하는 방법으로 구현 가능
대안 1 대안 2
내용 새로운 bridge network 으로 변경 host network 그대로 사용
단점 docker version-up 필요 docker별 IP 할당 서비스단에서 가능
장점 docker별 개별 IP 인식가능 version-up 불필요 Network 성능 개선
4
전체 설계 (대안1 : limits – docker versionup 필요)
현재 eth0에 연결되어있는 docker0 network을 제거하고, 실제 공인 IP대역대를 가지고 있는 net2 brigde를
생성하여, container에서 새로운 공인 IP대역을 가지고 오도록 구성
192.168.0.100 192.168.0.101
Net2 br-a005af3 :192.168.0.10
AS-IS TO-BE
eth0
5
전체 설계 (대안2 – 현재 version에서 가능 )
Docker에서 networking은 containerize 하지 않는 방법
Docker stack = host network stack
docker create --name web1 -it --net host centos /bin/bash
Docker host Docker internal
[root@docker ~]# docker --version Docker version 1.10.3, build 20f81dd [root@docker ~]# cat /etc/redhat-release CentOS Linux release 7.1.1503 (Core) [root@docker ~]#
[root@docker /]# docker --version bash: docker: command not found [root@docker /]# cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core)
6
Docker IP구조
Docker는 virtual bridge인 docker0를 사용합니다.
Docker는 host에서 사용하지 않는 subnet을 지정하여,
bridge에 IP address를 할당합니다.
Docker는 container가 active될 때 eth0 interface와 통신할
veth device가 생성됩니다.
Iptables는 docker0에 NAT로 외부 host에 던지고, host는
IP packet을 forward합니다.
[root@localhost ~]# iptables -t nat -nL Chain PREROUTING (policy ACCEPT) target prot opt source destination DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0 Chain DOCKER (2 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0 RETURN all -- 0.0.0.0/0 0.0.0.0/0
7
Network 구성 변경 방법
[centos@test-docker-khoj]# docker network ls NETWORK ID NAME DRIVER 2d9ccb66829f none null ==> docker container-specific stack 202963a31497 host host ==> adds a container on the hosts network stack 7b94e2955afc bridge bridge ==> docker0 network
Docker는 docker0 network인 bridge를 가지고 있고, docker network create --subnet 192.168.1.0/24 net3
로 docker0가 아닌 다른 bridge를 만들수 있습니다.
[root@localhost ~]# docker network create --subnet 192.168.0.0/24 net2 Db22a9caeccad5f5e8a2ba53edaa5cf213de33c90438eab7d8d118e00c1bc6e0 [root@localhost ~]# docker network ls NETWORK ID NAME DRIVER 9e61dcf50e2e bridge bridge a005af354924 net2 bridge 485189c670f6 none null e84902c6f405 host host
8
Docker run
docker run -itd --name=container1 centos
Docker는 docker0 network인 bridge를 가지고 있고, docker network create --subnet 192.168.1.0/24 net3
로 docker0가 아닌 다른 bridge를 만들수 있습니다.
이것은 –net option으로 조정가능하며, --ip option으로 IP를 지정가능합니다.
docker inspect container1 "Gateway": "172.17.0.1", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAddress": "172.17.0.2",
docker run -itd --name=container2 --net net2 centos
docker inspect container2 ""Gateway": "192.168.0.1", "IPAddress": "192.168.0.2", "IPPrefixLen": 24,
docker run -itd --name=container01 --net net2 --ip 192.168.0.3 centos
docker inspect container2 "Gateway": "192.168.0.1", "IPAddress": "192.168.0.3", "IPPrefixLen": 24
[root@localhost ~]# docker attach container3 [root@ccef5ba7e55a /]# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=37.0 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=31.5 ms 64 bytes from 8.8.8.8: icmp_seq=3 ttl=52 time=30.2 ms
9
How to implement static ip in Docker
# vi /etc/yum.repos.d/docker.repo ----------------------------------------------------------------------- [dockerrepo] name=Docker Repository baseurl=https://yum.dockerproject.org/repo/main/centos/$releasever/ enabled=1 gpgcheck=1 gpgkey=https://yum.dockerproject.org/gpg
Docker repository 등록
# yum install docker-engine # docker --version Docker version 1.10.3, build 20f81dd
Docker install
#docker network create --subnet 192.168.0.0/24 net1
Docker0 대신 쓸 network 정의
# vi /etc/sysconfig/network-scripts/ifcfg-eno50332208 --------------------------- TYPE=Ethernet BOOTPROTO=none DEFROUTE=yes PEERDNS=yes PEERROUTES=yes IPV4_FAILURE_FATAL=no NM_CONTROLLED=no NAME=eno50332208 DEVICE=eno50332208 ONBOOT=yes NM_CONTROLLED=no BRIDGE=br-5dce68a079bf
Eth0 adapter를 birdge로 바꾸고, bridge network에 IP
할당
10
How to implement static ip in Docker
# vi /etc/sysconfig/network-scripts/ifcfg-br-5dce68a079bf --------------------------- DEVICE=br-5dce68a079bf TYPE=Bridge ONBOOT=yes BOOTPROTO=none NM_CONTROLLED=no DELAY=0 IPADDR=192.168.0.16 NETMASK=255.255.255.0 ---------------------------
Bridge network 추가
11
All procedure for static IP allcation in Docker
새로운 docker network 구성 및 적용
# docker network create --driver=bridge --subnet 192.168.0.0/24 net1 # vi /etc/sysconfig/network-scripts/ifcfg-br-5dce68a079bf --------------------------- DEVICE=br-5dce68a079bf TYPE=Bridge ONBOOT=yes BOOTPROTO=none NM_CONTROLLED=no DELAY=0 IPADDR=192.168.0.16 NETMASK=255.255.255.0 --------------------------- # vi /etc/sysconfig/network-scripts/ifcfg-eno50332208 --------------------------- TYPE=Ethernet BOOTPROTO=none DEFROUTE=yes PEERDNS=yes PEERROUTES=yes IPV4_FAILURE_FATAL=no NM_CONTROLLED=no NAME=eno50332208 DEVICE=eno50332208 ONBOOT=yes NM_CONTROLLED=no BRIDGE=br-5dce68a079bf ---------------------------
# systemct restart network # ip a # docker create --name test1 -it --net net1 --ip 192.168.0.21 centos /bin/bash # docker start -ai test1 # docker create --name test2 -it --net net1 --ip 192.168.0.22 centos /bin/bash # docker start –ai test2
12
NewsLetter (http://www.slideshare.net/ienvyou/2016-1-59231545)
13
NewsLetter
14
OPEN SHARE CONTRIBUTE ADOPT REUSE
