Docker Overlay 部署條件
要想使用Docker原生Overlay網絡,需要滿足以下任意條件:
1、Docker運行在Swarm模式
2、使用鍵值存儲的Docker主機集群
本次部署使用鍵值存儲的Docker主機集群,需要滿足以下條件:
1. 集群中主機連接到鍵值存儲,Docker支持Consul、Etcd和Zookeeper;
2. 集群中主機運行一個Docker守護進程;
3. 集群中主機必須具有唯一的主機名,因為鍵值存儲使用主機名來標識集群成員;
4. 集群中Linux主機內核版本3.12+,支持VXLAN數據包處理,否則可能無法通信。
5. Docker通過overlay網絡驅動程序支持多主機容器網絡通信。
內核版本升級方案:https://www.cnblogs.com/xiangsikai/p/9899844.html
Docker Overlay 應用部署
- 節點1/鍵值存儲:192.168.1.77
- 節點2:192.168.1.78
節點1節點2操作
# 修改兩個測試端主機名,並退出終端生效 hostname overlay-01 hostname overlay-02
一、部署Consul並運行服務
1.1 節點1操作:下載Consul二進制包並啟動
- 百度雲:https://pan.baidu.com/s/1MsVJtYUDJ8LzBqVxwmdc8A
- 密碼:g5jd
- 命令行下載:wget https://releases.hashicorp.com/consul/0.9.2/consul_0.9.2_linux_amd64.zip
# 1、解壓Consul壓縮包 unzip consul_0.9.2_linux_amd64.zip # 2、將consul移動到/bin/目錄下並添加執行權限 mv consul /usr/bin/consul && chmod +x /usr/bin/consul # 3、啟動consul並指定本機IP nohup consul agent -server -bootstrap -ui -data-dir /var/lib/consul -client=192.168.1.77 -bind=192.168.1.77 &>/var/log/consul.log &
1.2 節點1操作:查看日志啟動情況
tail /var/log/consul.log -f
2018/10/29 15:17:39 [INFO] agent: Started HTTP server on 192.168.1.77:8500 2018/10/29 15:17:45 [WARN] raft: Heartbeat timeout from "" reached, starting election 2018/10/29 15:17:45 [INFO] raft: Node at 192.168.1.77:8300 [Candidate] entering Candidate state in term 2 2018/10/29 15:17:45 [INFO] raft: Election won. Tally: 1 2018/10/29 15:17:45 [INFO] raft: Node at 192.168.1.77:8300 [Leader] entering Leader state 2018/10/29 15:17:45 [INFO] consul: cluster leadership acquired 2018/10/29 15:17:45 [INFO] consul: New leader elected: localhost.localdomain 2018/10/29 15:17:45 [INFO] consul: member 'localhost.localdomain' joined, marking health alive 2018/10/29 15:17:45 [INFO] agent: Synced node info ==> Newer Consul version available: 1.3.0 (currently running: 0.9.2)
二、部署Docker配置文件
2.1 節點1操作:配置Docker守護進程連接Consul
# 添加ExecStart如果已有則注釋添加下面案例
vim /lib/systemd/system/docker.service
[Service]
ExecStart=/usr/bin/dockerd-current -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --cluster-store consul://192.168.1.77:8500 --cluster-advertise 192.168.1.77:2375
# 為docker監聽 tcp://0.0.0.0:2375
2.2 節點1操作:重啟docker服務
# 1.修改配置文件重新加載 systemctl daemon-reload # 2.重啟docker服務 systemctl restart docker
2.3 節點2操作:修改配置文件
vim /lib/systemd/system/docker.service
[Service]
ExecStart=/usr/bin/dockerd-current -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --cluster-store consul://192.168.1.77:8500 --cluster-advertise 192.168.1.78:2375
# 通告信息需要改為本機IP --cluster-advertise 192.168.1.78:2375
2.4 節點2操作:重啟docker服務
# 1.修改配置文件重新加載 systemctl daemon-reload # 2.重啟docker服務 systemctl restart docker
三、創建Overlay網絡
3.1 節點1操作:創建overlay網絡
# 創建網絡 -d 指定網絡驅動程序為 overlay multi_host docker network create -d overlay multi_host
注:再任意節點創建后會通過overlay同步到已連接的節點下創建網絡。
命令:docker network ls 4abe591cdf50 multi_host overlay global
命令:docker network inspect ID/KEY [ { "Name": "multi_host", "Id": "4abe591cdf504c1f15f563e4c8516c22b7d037268e6975e9491a417d2da83e8a", "Created": "2018-11-01T10:42:00.117452769+08:00", "Scope": "global", # 驅動為overlay "Driver": "overlay", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, # 網段信息 "Config": [ { "Subnet": "10.0.0.0/24", "Gateway": "10.0.0.1" } ] }, "Internal": false, "Attachable": false, "Containers": {}, "Options": {}, "Labels": {} } ]
四、測試通信
4.1 節點1與2操作:運行測試容器
# 指定連接網絡類型 --net=multi_host docker run -it --net=multi_host busybox
注:如果報錯則可在配置文件中ExecStart添加加如下參數
--default-runtime=docker-runc
建議添加 多個參數 --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \ --default-runtime=docker-runc \ --exec-opt native.cgroupdriver=systemd \ --userland-proxy-path=/usr/libexec/docker/docker-proxy-current \ --init-path=/usr/libexec/docker/docker-init-current \ --seccomp-profile=/etc/docker/seccomp.json \ 如下 ExecStart=/usr/bin/dockerd-current -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --cluster-store consul://192.168.1.77:8500 --cluster-advertise 192.168.1.78:2375 --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --init-path=/usr/libexec/docker/docker-init-current --seccomp-profile=/etc/docker/seccomp.json
4.2 節點1與2操作:測試通信
overlay-01
/ # ifconfig eth0 Link encap:Ethernet HWaddr 02:42:0A:00:00:03 inet addr:10.0.0.3 Bcast:0.0.0.0 Mask:255.255.255.0 inet6 addr: fe80::42:aff:fe00:3/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1450 Metric:1 RX packets:11 errors:0 dropped:0 overruns:0 frame:0 TX packets:7 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:906 (906.0 B) TX bytes:586 (586.0 B)
overlay-02
/ # ifconfig eth0 Link encap:Ethernet HWaddr 02:42:0A:00:00:02 inet addr:10.0.0.2 Bcast:0.0.0.0 Mask:255.255.255.0 inet6 addr: fe80::42:aff:fe00:2/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1450 Metric:1 RX packets:14 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1136 (1.1 KiB) TX bytes:656 (656.0 B)
測試是否通信 overlay-02 ping overlay-01
/ # ping 10.0.0.3 PING 10.0.0.3 (10.0.0.3): 56 data bytes 64 bytes from 10.0.0.3: seq=0 ttl=64 time=0.960 ms 64 bytes from 10.0.0.3: seq=1 ttl=64 time=0.355 m
注:通信成功。