将 LAN IP 地址分配给与主机 IP 地址不同的 Docker 容器 [英] Assign LAN IP address to Docker container different from host's IP address
问题描述
不熟悉 Unix 网络,添加虚拟接口等,现在尝试学习.我们正在尝试对我们的应用程序进行 docker 化.
我的要求是:将 ip 分配给可从外部应用程序/浏览器访问的 docker 容器.
容器ip基本上应该可以从同一网络中的不同计算机ping通.我不想使用端口转发.
我想访问 docker 容器,就像我们使用 ip 访问 VM 一样address.[ 没有端口映射,-p 标志.如果我运行任何服务器,如 Apache 或 Tomcat在容器内,它应该可以使用容器 ip 访问,并且港口.例如:http://container_ip:8443]
这在 docker 中可行吗?在我的 Unix 机器(RHEL 7.1)上运行 ifconfig 会显示 docker0、ens、lo 和 veth 接口.没有eth0.对此有点困惑.
我很难获得该功能,我将分享我的经验以及我为获得您所需要的所做的一切.
简短的回答:
您需要创建您自己的网桥,将主机的物理网络接口连接到该网桥,并连接每个容器的虚拟接口,使其表现得像您的普通桥接虚拟机一样网络,然后让容器在启动时选择自己的IP地址.
详细答案:
创建持久网桥Bridge,是一个设备(在我们的例子中是虚拟设备),其行为类似于网络交换机(主要在网络层2上运行),即它可以连接两个或多个网络接口如果它们具有相同的子网,则在同一个局域网 (LAN) 上.
您将创建新的持久性网桥 br0(它将在系统启动时自动启动),将您的物理网络接口添加到其中(在我的情况下是 eth0).请注意,将您的接口添加到网桥后,该接口不再需要 IP 地址,因为网桥将获得 IP 地址并且可以代替您的接口使用,即您可以使用网桥进行通信 就好像它是您的物理接口一样,它将输入/输出数据包转发到正确的目的地.您无需为网桥分配任何硬件(MAC 地址),它会自动获取第一个添加接口的 MAC.
警告:强烈建议不要远程执行这些步骤,除非您可以物理访问您的服务器!如果您不小心,您可能会失去与服务器的连接.
安装网桥管理实用程序:
sudo apt install bridge-utils<块引用>
没有bridge-utils包,系统将无法创建网桥.
要创建持久性桥,编辑 interfaces 文件:
sudo vim/etc/network/interfaces将以下配置添加到文件末尾(根据您的需要调整它们):
自动 br0iface br0 inet 静态桥接端口 eth0地址 192.168.1.10网络掩码 255.255.255.0广播 192.168.1.255网关 192.168.1.1现在移除 Docker 的默认网桥 docker0,因为我们不需要它:
sudo systemctl stop dockersudo ip link set dev docker0 downsudo brctl delbr docker0编辑 Docker 的服务启动脚本以使用您的网桥 (br0) 而不是 Docker 的默认网桥 (docker0),并传递一些重要的网桥参数:
Ubuntu:
sudo vim/etc/systemd/multi-user.target.wants/docker.service使文件看起来像这样:
[服务]ExecStart=/usr/bin/dockerd -H fd://--bridge=br0 --fixed-cidr=192.168.1.32/27 --default-gateway=192.168.1.1现在告诉系统该文件的更改:
sudo systemctl daemon-reload重启系统:
sudo 重启现在检查你的桥,它应该在那里!
ip 地址现在像下面这样创建你的容器,这将为你的容器提供一个固定 IP:
docker run --name myContainer -it --restart 总是 --memory 100M --网桥 --cap-add NET_ADMIN --主机名client1.noureldin.local --add-host "client1.noureldin.local client1":192.168.1.123 mnoureldin/通用:最新的/bin/bash -c " ip addr flush dev eth0;ip addr 添加 192.168.1.123/24 brd + dev eth0;ip route add default via 192.168.1.1 dev eth0;/bin/bash"与您的网络要求相关的重要部分是:
--network bridge --cap-add NET_ADMIN ip addr flush dev eth0;ip addr 添加 192.168.1.123/24 brd + dev eth0;ip route add default via 192.168.1.1 dev eth0;当然要确保您在容器中安装了 iproute2 net-tools iputils-ping 包,以便能够执行常见的网络命令(给定由 ip 完成的固定 ip命令).
第一次运行容器时,您可能不会注意到 IP 地址有任何变化,因为您的容器可能没有 iproute2 包(即没有 ip 命令),只需安装提到的包,然后重新启动容器,一切都应该完全如你所愿!
希望对您有所帮助.
Am not well versed with Unix networking, adding virtual interfaces etc, trying to learn it now. We are trying to dockerize our application.
My requirement is : To assign an ip to a docker container which is accessible from an external application/browser.
The container ip should be pingable from a different computer in the same network basically.I don't want to use port forwarding.
I want to access a docker container just like we access a VM using an ip address.[ Without the port mapping, -p flag. If i run any server like Apache or Tomcat inside the container, it should be accessible using the container ip and port. For example: http://container_ip:8443]
Is this possible in docker?Running ifconfig on my Unix box(RHEL 7.1) shows docker0, ens,lo and veth interfaces. There is no eth0. Kind of confused on this.
I struggled to get that functionality, and I will share my experience and what I did to get exactly what you need.
The short answer:
You need to create your own bridge, connect your host's physical network interface to that bridge, and as well connect the virtual interfaces of each container you want to behave like a normal bridged vritual machine in your network, and then make the container chooses its own IP address when it starts.
The detailed answer:
Creating Persistence Network BridgeThe Bridge, is a device (in our case virtual device), which behaves similar to network swiches (operates mainly on network layer 2), i.e., it can connect two or more network interfaces to be on the same local area network (LAN) if they have the same subnet.
You are going to create new persistence bridge br0 (it will get started automatically on system boot), add your physical network interface into it (in my case it is eth0). Note that after you add your interface to the bridge, the interface doesn't need IP address anymore, because the bridge will get IP address and can be used instead of your interface, i.e., you can communicate using the bridge as if it were your physical interface and it will forward the in/out data packets to the correct destination. You don't need to assign any hardware (MAC address) to the bridge, it will automatically take the MAC of the first added interface.
Warning: It is highly recommended not to do these steps remotely except you have a physical access to your server! You may lose your connection to your server if you were not careful.
Install bridges managing utility:
sudo apt install bridge-utils
The system will not be able to create the bridge without
bridge-utilspackage.
To create persistence bridge, edit interfaces file:
sudo vim /etc/network/interfaces
Add the follwing configuration to the end of the file (adapt them to suit your needs):
auto br0
iface br0 inet static
bridge_ports eth0
address 192.168.1.10
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.1.1
Now remove Docker's default bridge docker0, as we don't need it:
sudo systemctl stop docker
sudo ip link set dev docker0 down
sudo brctl delbr docker0
Edit Docker's service-start script to use your bridge (br0) instead of Docker's default bridge (docker0), and pass some important bridge parameters:
Ubuntu:
sudo vim /etc/systemd/multi-user.target.wants/docker.service
Adapt the file to look like this:
[Service]
ExecStart=/usr/bin/dockerd -H fd:// --bridge=br0 --fixed-cidr=192.168.1.32/27 --default-gateway=192.168.1.1
Now tell the system about the changes on that file:
sudo systemctl daemon-reload
Reboot the system:
sudo reboot
Now check your bridge, it should be there!
ip addr
Now create your container like bellow, this will lead to give your container a fix IP:
docker run --name myContainer
-it --restart always --memory 100M
--network bridge --cap-add NET_ADMIN
--hostname client1.noureldin.local
--add-host "client1.noureldin.local client1":192.168.1.123
mnoureldin/general-purpose:latest /bin/bash -c "
ip addr flush dev eth0;
ip addr add 192.168.1.123/24 brd + dev eth0;
ip route add default via 192.168.1.1 dev eth0;
/bin/bash"
The important part related to your network requirements is:
--network bridge --cap-add NET_ADMIN
ip addr flush dev eth0;
ip addr add 192.168.1.123/24 brd + dev eth0;
ip route add default via 192.168.1.1 dev eth0;
Of course be sure that you installed iproute2 net-tools iputils-ping packages in your container to be able to execute the common network commands (giving the fixed ip done by ip command).
For the first time you run the container, you may NOT notice any changes in IP address, because your conainer probably doesn't have iproute2 package (i.e. there is not ip command), just intall the mentioned packages and then restart the container and everything should be exactly as you want!
Hope that helps.
这篇关于将 LAN IP 地址分配给与主机 IP 地址不同的 Docker 容器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
