Docker specifies IP address, same network segment IP as host

Source: Internet
Author: User
Tags bind zip docker ps docker run

First, let's talk. Docker's network mode: When we use Docker run to create a container, we can use the--net option to specify the network mode of the container, with Docker having a total of 4 network modes: 1:bridge mode,--net=bridge (default). This is the default setting for the Dokcer network. After installing Docker, the system automatically adds a bridge Docker0 for Docker to use, and when we create a new container, the container obtains an IP address of the same network segment as the DOCKER0 through DHCP. and is connected to the Docker0 bridge by default to realize the network interoperability between the container and host. As follows:
2:host mode,--net=host. The container created in this mode will not have its own independent network Namespace, that is, there is no independent networking environment. It uses the host's IP and port.
3:container mode,--net=container:name_or_id.
This pattern is to specify an existing container to share the IP and port of the container. In addition to the network of two containers shared, other such as file system, process, etc. or isolated.
4:none mode,--net=none. In this mode, Dokcer does not make any network configuration for the container. We need to add the network card for the container, configure the IP. Therefore, if you want to use pipework to configure the IP address of the Docker container, you must be in the None mode to the following are several ways to assign IP:
First, pipeworkFirst, let's talk about Docker's network mode: When we use Docker run to create a container, we can use the--net option to specify the network mode of the container, with Docker having a total of 4 network modes: 1:bridge mode,--net=bridge (default). This is the default setting for the Dokcer network. After installing Docker, the system automatically adds a bridge Docker0 for Docker to use, and when we create a new container, the container obtains an IP address of the same network segment as the DOCKER0 through DHCP. and is connected to the Docker0 bridge by default to realize the network interoperability between the container and host. As follows:
2:host mode,--net=host. The container created in this mode will not have its own independent network Namespace, that is, there is no independent networking environment. It uses the host's IP and port.
3:container mode,--net=container:name_or_id.
This pattern is to specify an existing container to share the IP and port of the container. In addition to the network of two containers shared, other such as file system, process, etc. or isolated.
4:none mode,--net=none. In this mode, Dokcer does not make any network configuration for the container. We need to add the network card for the container, configure the IP. Therefore, if you want to use pipework to configure the IP address of the Docker container, you must be in the None mode.
Pipework Installation: # wget Https://github.com/jpetazzo/pipework/archive/master.zip # unzip Pipework-master.zip # CP pipework-master/pipework/usr/local/bin/# chmod +x/usr/local/bin/pipework
Create a container for the none mode, assigning IP to it. #ip a show Docker0

#docker run-idt--name Test--net=none resin #pipework docker0 test 172.17.42.100/16@172.17.42.1 #docker Attach test

The above operation assigns a 172.17.42.100 IP address to the new test container. =============================================================================
second, Docker uses ' bridge ' to set container network mode by default.(That is, to take a container IP from the unused IP of the same segment as the DOCKER0), we use ' none ' here to implement our own manual configuration of the container network.
First we start a container with the **--net= ' None ' * *
[yaxin@cube2x ~] $docker run-i-t--rm--net= ' none ' Ubuntu/bin/bash root@db84e747c362:/# ifconfig-a
Lo Link encap:local Loopback
inet addr:127.0.0.1 mask:255.0.0.0
Inet6 addr::: 1/128 scope:host
Up LOOPBACK RUNNING mtu:65536 metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0  (0.0 B) TX bytes:0 (0.0 B)

root@db84e747c362:/#
As can be seen, because we use the ' none ' mode, container does not acquire the IP, even the network card is not, below we start to configure IP for container
First get container pid (we need to get the file descriptor via PID)
[yaxin@cube2x ~] $docker PS CONTAINER ID IMAGE COMMAND CREATED STAT US PORTS NAMES db84e747c362 docker.cn/docker/ubuntu:latest "/bin/bash" 4 minutes ago up 4 minutes Sharp_kirch [yaxin@cube2x ~] $docker inspect-f "{{. State.pid}} "Sharp_kirch
23090
Ip-netns's man page has such a sentence by convention a named network namespace are an object At/var/run/netns/name the can be opened. The file descriptor resulting from Opening/var/run/netns/name refers to the specified network namespace

So we need to create a link
[yaxin@cube2x ~] $sudo ln-s/proc/23090/ns/net/var/run/netns/23090
Then create a pair of end-to-end network cards, bind the VETH_DB84E747C3 to the Docker0 Bridge, and start. Place another NIC x inside the container
[yaxin@cube2x ~] $sudo IP link add veth_db84e747c3 type Veth peer name X [yaxin@cube2x ~] $sudo brctl addif Docker0 veth_db8 4E747C3 [yaxin@cube2x ~] $sudo IP link set veth_db84e747c3 up [yaxin@cube2x ~] $sudo IP link set X netns 23090
At this time to view the IP container, you will find a network card called X root@db84e747c362:/# ifconfig-ax Link encap:ethernet HWaddr 5a:7e:4d:ba:63:1c
Broadcast Multicast mtu:1500 metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0  (0.0 B) TX bytes:0 (0.0 B)

Lo Link encap:local Loopback
inet addr:127.0.0.1 mask:255.0.0.0
Inet6 addr::: 1/128 scope:host
Up LOOPBACK RUNNING mtu:65536 metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0 RX bytes:0  (0.0 B) TX bytes:0 (0.0 B)
Then configure the newly added network card inside the container (can be viewed in more detail via man Ip-netns)
[yaxin@cube2x ~] $sudo IP netns exec 23090 IP link set dev X name eth0 [yaxin@cube2x ~] $sudo IP netns exec 23090 IP link se t eth0 up [yaxin@cube2x ~] $sudo IP netns exec 23090 IP addr add 172.17.111.10/16 dev eth0 [yaxin@cube2x ~] $sudo IP netns E Xec 23090 IP route add default via 172.17.42.1
Note: IP assigned to container must be in the same network segment as DOCKER0, and the gateway to container should be DOCKER0 IP
Finally, write the shell script as follows:
#!/usr/bin/env bash# filename:bind_addr.sh
If [' Id-u '-ne 0];then echo ' must use root permissions ' Exitfi
if [$#! = 2]; Then echo "How to use: $ container name IP" Exit 1fi
Container_name=$1bind_ip=$2
Container_id= ' Docker inspect-f ' {{. Id} ' $container _name 2>/dev/null ' if [! ' $container _id];then echo ' container does not exist ' exit 2fibind_ip= ' echo $bind _ip | Egrep ' ^ ([0-9]|[ 1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]) \.) {3} ([0-9]| [1-9] [0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]) $ ' if [! $bind _ip];then echo ' IP address malformed ' exit 3fi
Container_minid= ' echo $container _id | Cut-c 1-10 ' container_netmask= ' IP addr Show Docker0 | grep "inet\b" | awk ' {print $} ' | cut-d/-f2 ' container_gw= ' IP addr Show Docker0 | grep "inet\b" | awk ' {print $} ' | cut-d/-F1 '
Bridge_name= "Veth_$container_minid" container_ip= $bind _ip/$container _netmask pid= ' Docker inspect-f ' {{. State.pid}} ' $container _name 2>/dev/null ' if [! $pid];then echo ' Get container $container_name ID failed ' exit 4FI
if [!-d/var/run/netns];then mkdir-p/var/run/netns fi
ln-sf/proc/$pid/ns/net/var/run/netns/$pid
IP link Add $bridge _name type Veth peer name X brctl addif docker0 $bridge _name IP link set $bridge _name up IP link set X Netns $pid IP netns exec $pid IP link set dev X name eth0 IP netns exec $pid IP link set eth0 up IP netns exec $pid IP add R add $container _ip dev eth0 ip netns exec $pid IP route add default via $container _GW run and write IP and container names
Configure the container to the same network segment as the host IPFirst configure the host Br0 Vi/etc/sysconfig/network-scripts/ifcfg-br0
Device=br0 Type=bridge bootproto=static onboot=yes delay=0 stp=yes ipaddr=192.168.2.111 NETMASK=255.255.255.0 GATEWAY= 192.168.2.1/etc/init.d/network restart
Docker run-itd--name test  centos/bin/bash pipework br0 test 192.168.2.201/24@192.168.2.1

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.