Docker:将现有的遗留系统转换为 Dockerized 形式,同时保持原始网络方案 [英] Docker: Converting an existing legacy system to Dockerized form while maintaining original network scheme
问题描述
我正在进行一个项目,该项目旨在将现有的 VOIP 遗留系统转换为 dockerized 形式.现有系统由 5 台不同的 Linux 机器组成,每台机器都有 2 个不同的网络接口——一个暴露于公共 WAN,另一个是私有 LAN 网络.我计划创建一个 docker compose 文件来设置编排.
I'm in the midst of a project that made to convert an existing VOIP legacy system into a dockerized form. The existing system consists of 5 different Linux machines, each machine is having 2 different network interfaces - one exposed to the public WAN, and the other is a private Lan network. I plan on creating a docker compose file for setting up the orchestration.
网络大致是这样的:
服务器 #1Eth0:IP 192.168.0.200/24Eth1:IP X.X.X.65/27
Server #1 Eth0: IP 192.168.0.200/24 Eth1: IP X.X.X.65/27
服务器 #2Eth0:IP 192.168.0.201/24Eth1:IP X.X.X.66/27
Server #2 Eth0: IP 192.168.0.201/24 Eth1: IP X.X.X.66/27
服务器 #3Eth0:IP 192.168.0.202/24Eth1:IP X.X.X.87/27
Server #3 Eth0: IP 192.168.0.202/24 Eth1: IP X.X.X.87/27
服务器 #4Eth0:IP 192.168.0.203/24Eth1:IP Y.Y.Y.240/27
Server #4 Eth0: IP 192.168.0.203/24 Eth1: IP Y.Y.Y.240/27
服务器 #5Eth0:IP 192.168.0.204/24Eth1:IP Y.Y.Y.241/27
Server #5 Eth0: IP 192.168.0.204/24 Eth1: IP Y.Y.Y.241/27
服务器 1-3 属于同一子网,服务器 4-5 也是.
Servers 1-3 are part of the same subnet, so are servers 4-5.
我正在尝试找到将此网络设置转换为 docker 网络的最佳方法,我希望每个容器都保留他的公共 IP(Eth1 上的那个,这意味着从容器生成的流量将保持它拥有的相同公共 IP在原始服务器上),而且还能够与同一个专用网络上的所有其他 docker 容器进行通信,同时保持它易于管理并尽可能减少开销.
I am trying to find the best way to convert this network setup into docker networks, I want every container to preserve his public IP (the one on Eth1, meaning that traffic generated from the container will keep the same public IP it had on the original server), but also to be able to communicate with every other docker container on the same private net, while also keeping it easily managable and having the least overhead possible.
是否可以在 Bridge 网络之间混合并将每个 docker 容器连接到它,同时为每个 docker 容器提供一个 Macvlan 网络,该网络将绑定到主机级别的不同网络接口?
Would it be possible to mix between a Bridge network and connect every docker container to it, while also having a Macvlan network for each docker container which will bind to a different network interface on host level?
我能否只为主机创建 2 个网络接口,每个用于不同的子网,同时在它们上维护不同的 IP 地址(一个网络接口由 2 个 IP 组成,另一个由 3 个 IP 组成,每个接口都有对应的 Macvlan docker 网络)?
Can I create only 2 network interfaces for the host machine, each for a different subnet, while maintaining the different IP addresses on them (one network interface will consist of 2 IPs, the other one of 3, and each interface will have a corresponding Macvlan docker network)?
有没有更好的方法来完成这项工作?
Is there a better way to make this work?
编辑
我使用 nmtui 命令创建了一个具有多个 IP 地址的 IPv4 接口,我想将我的 3 个容器连接到该网络接口,同时为每个容器提供不同的公共 IP.根据下面给出的屏幕截图,创建一个 Macvlan 网络并为每个容器分配它自己的 IPv4 地址就足够了吗?在线阅读它并没有为我提供明确的答案,但 Docker 引擎似乎很可能会忽略此设置并为每个容器使用定义的主 IP.本质上,我希望每个容器都从它自己的主机 IP 接收流量,并从同一个 IP 传送流量.
Using the nmtui command I've created an IPv4 interface with multiple IP addresses, I would like to connect 3 of my containers to this network interface, while providing each one of them with a different public IP. Based on the screenshot given below, would it be enough to create a single Macvlan network and assign each container with it's own IPv4 address? Reading about it online havn't provided me with a definite answer, but it seems likely that Docker engine will ignore this setting and use the defined primary IP instead for every container. Essentialy, I would like every container to receive traffic from it's own host IP, and delivere traffic from the same IP.
services:
kamin:
networks:
kamin:
priority: 1
ipv4_address: "69.31.245.134"
networks:
kamin:
driver: macvlan
driver_opts:
parent: enp0s25
ipam:
config:
- subnet: 69.30.245.130/29
gateway: 69.31.245.129
推荐答案
我能够使用主机级别的 3 个网络接口和 docker 级别的 1 个自定义网桥和 2 个 ipvlan 网络使其工作.
I was able to make it work using 3 network interfaces on host level and 1 custom bridge and 2 ipvlan networks on docker level.
这篇关于Docker:将现有的遗留系统转换为 Dockerized 形式,同时保持原始网络方案的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
