将LAN IP地址分配给Docker容器,不同于主机的IP地址 [英] Assign LAN IP address to Docker container different from host's IP address
问题描述
我的要求是:将ip分配给可从外部应用程序/浏览器访问的docker容器。
容器ip应该从基本上在同一网络中的不同计算机上ping。我不想使用端口转发。
-
我想访问docker容器,就像我们使用ip
地址访问VM一样[没有端口映射,-p标志。如果我在容器内运行像Apache或Tomcat
这样的服务器,那么应该使用容器ip和
端口来访问它。例如: http:// container_ip:8443]
这是否可能在docker? -
在我的Unix框上运行ifconfig(RHEL 7.1)显示docker0,ens,lo和veth界面。没有eth0。
我很难得到这个功能,我会分享我的经验,我做了什么来获得你所需要的。
简短的回答:
您需要创建您自己的网桥,连接您的主机与该桥接器的物理网络接口,以及连接每个容器的虚拟接口,您想要像网络中的普通桥接虚拟机一样运行,然后使容器在启动时选择自己的IP地址。
详细答案:
创建持久性网桥
Bridge ,是一种设备(在我们的例子中是虚拟设备),其行为类似于网络交换(主要在网络层2上运行),即它可以将两个或更多个网络接口在相同的局域网(LAN)上,如果他们有相同的子网。
你将要创建新的持久化桥 br0 (它将在系统启动时自动启动),将物理网络接口添加到其中(在我的情况下,它是 eth0 )。请注意,在您将接口添加到网桥后,该接口不再需要IP地址,因为该桥接器将获得IP地址,可以使用,而不是您的接口,即您可以使用该桥接好像是您的物理接口,它会将进/出数据包转发到正确的目的地。您不需要为桥接器分配任何硬件(MAC地址),它将自动采用第一个添加的接口的MAC。
警告:强烈建议不要远程执行这些步骤,除非您具有访问服务器的物理访问权限!如果您不小心,可能会丢失与服务器的连接。
安装网桥管理实用程序:
sudo apt install bridge-utils
如果没有
bridge-utils包,系统将无法创建桥。
要创建持久性桥,请编辑 interfaces file:
sudo vim / etc / network / interfaces
将以下配置添加到最后的文件(适应它们以满足您的需要):
auto br0
iface br0 inet static
bridge_ports eth0
地址192.168.1.10
网络掩码255.255.255.0
广播192.168.1.255
网关192.168.1.1
现在删除Docker的默认网桥docker0,因为我们不需要它:
sudo systemctl stop docker
sudo ip link set dev docker0 down
sudo brctl delbr docker0
编辑Docker的服务启动脚本使用您的桥(br0)而不是Docker的默认桥(docker0),并传递一些重要的桥参数:
Ubuntu:
sudo vim /etc/systemd/multi-user.target.wants/docker.service
调整文件看起来像这样:
[服务]
ExecStart = / usr / bin / dockerd -H fd:// --bridge = br0 --fixed-cidr = 192.168.1.32 / 27 --default-gateway = 192.168.1.1
现在告诉系统有关该文件的更改:
sudo systemctl daemon-reload
重新启动系统:
sudo reboot
现在检查你的桥,应该在那里!
ip addr
现在创建你的容器bellow,这将导致您的容器修复IP :
docker run --name myContainer \
-it --restart always --memory 100M \
- 网桥--cap-add NET_ADMIN \
--hostname client1.noureldin.local \
--add-hostclient1.noureldin.local client1:192.168.1.123 \
mnoureldin / general-purpose:latest / bin / bash -c\
ip addr flush dev eth0 ; \
ip addr add 192.168.1.123/24 brd + dev eth0; \
ip route add default via 192.168.1.1 dev eth0; \
/ bin / bash
与您的网络要求相关的重要部分是:
- 网桥--cap-add NET_ADMIN \
ip addr flush dev eth0; \
ip addr add 192.168.1.123/24 brd + dev eth0; \
ip route add default via 192.168.1.1 dev eth0; \
当然,确保您在容器中安装了 iproute2 net-tools iputils-ping 包,以便能够执行通用网络命令(给出固定的ip由 ip 命令完成)。
第一次运行容器,您可能不会注意到IP地址的任何更改,因为您的conainer可能没有 iproute2 包(即没有 ip command),只是提到所提到的包,然后重新启动容器,一切都应该是你想要的!
希望有帮助。
Am not well versed with Unix networking, adding virtual interfaces etc, trying to learn it now. We are trying to dockerize our application.
My requirement is : To assign an ip to a docker container which is accessible from an external application/browser.
The container ip should be pingable from a different computer in the same network basically.I don't want to use port forwarding.
I want to access a docker container just like we access a VM using an ip address.[ Without the port mapping, -p flag. If i run any server like Apache or Tomcat inside the container, it should be accessible using the container ip and port. For example: http://container_ip:8443]
Is this possible in docker?Running ifconfig on my Unix box(RHEL 7.1) shows docker0, ens,lo and veth interfaces. There is no eth0. Kind of confused on this.
I struggled to get that functionality, and I will share my experience and what I did to get exactly what you need.
The short answer:
You need to create your own bridge, connect your host's physical network interface to that bridge, and as well connect the virtual interfaces of each container you want to behave like a normal bridged vritual machine in your network, and then make the container chooses its own IP address when it starts.
The detailed answer:
Creating Persistence Network BridgeThe Bridge, is a device (in our case virtual device), which behaves similar to network swiches (operates mainly on network layer 2), i.e., it can connect two or more network interfaces to be on the same local area network (LAN) if they have the same subnet.
You are going to create new persistence bridge br0 (it will get started automatically on system boot), add your physical network interface into it (in my case it is eth0). Note that after you add your interface to the bridge, the interface doesn't need IP address anymore, because the bridge will get IP address and can be used instead of your interface, i.e., you can communicate using the bridge as if it were your physical interface and it will forward the in/out data packets to the correct destination. You don't need to assign any hardware (MAC address) to the bridge, it will automatically take the MAC of the first added interface.
Warning: It is highly recommended not to do these steps remotely except you have a physical access to your server! You may lose your connection to your server if you were not careful.
Install bridges managing utility:
sudo apt install bridge-utils
The system will not be able to create the bridge without
bridge-utilspackage.
To create persistence bridge, edit interfaces file:
sudo vim /etc/network/interfaces
Add the follwing configuration to the end of the file (adapt them to suit your needs):
auto br0
iface br0 inet static
bridge_ports eth0
address 192.168.1.10
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.1.1
Now remove Docker's default bridge docker0, as we don't need it:
sudo systemctl stop docker
sudo ip link set dev docker0 down
sudo brctl delbr docker0
Edit Docker's service-start script to use your bridge (br0) instead of Docker's default bridge (docker0), and pass some important bridge parameters:
Ubuntu:
sudo vim /etc/systemd/multi-user.target.wants/docker.service
Adapt the file to look like this:
[Service]
ExecStart=/usr/bin/dockerd -H fd:// --bridge=br0 --fixed-cidr=192.168.1.32/27 --default-gateway=192.168.1.1
Now tell the system about the changes on that file:
sudo systemctl daemon-reload
Reboot the system:
sudo reboot
Now check your bridge, it should be there!
ip addr
Now create your container like bellow, this will lead to give your container a fix IP:
docker run --name myContainer \
-it --restart always --memory 100M \
--network bridge --cap-add NET_ADMIN \
--hostname client1.noureldin.local \
--add-host "client1.noureldin.local client1":192.168.1.123 \
mnoureldin/general-purpose:latest /bin/bash -c " \
ip addr flush dev eth0; \
ip addr add 192.168.1.123/24 brd + dev eth0; \
ip route add default via 192.168.1.1 dev eth0; \
/bin/bash"
The important part related to your network requirements is:
--network bridge --cap-add NET_ADMIN \
ip addr flush dev eth0; \
ip addr add 192.168.1.123/24 brd + dev eth0; \
ip route add default via 192.168.1.1 dev eth0; \
Of course be sure that you installed iproute2 net-tools iputils-ping packages in your container to be able to execute the common network commands (giving the fixed ip done by ip command).
For the first time you run the container, you may NOT notice any changes in IP address, because your conainer probably doesn't have iproute2 package (i.e. there is not ip command), just intall the mentioned packages and then restart the container and everything should be exactly as you want!
Hope that helps.
这篇关于将LAN IP地址分配给Docker容器,不同于主机的IP地址的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
