3.docker network mode, bridge mode

Docker network mode

Bridged network: The relationship between your network and the host is the same, and the same router is connected to the same switch network segment.

nat: He made your host's network into a device similar to a router, which implements network address translation. If the host can connect to the Internet, he can connect to the Internet, but their network segments are different.

Host only: Just let your host and virtual machine connect

• host mode

Usage: Use --net=host to specify when docker run

The network used by docker is actually the same as the host, the network card ip seen in the container is the host ip

• container mode

How to use: --net=container:container_id/container_name

Multiple containers use a common network, and the IPs they see are the same

• none mode

Usage: --net=none specified

In this mode, no network will be configured, no network card, and no network

• bridge mode

How to use: --net=bridge specifies the default mode, no need to specify the default is this network mode. This mode will allocate an independent Network Namespace for each container. Similar to vmware's nat network mode. All containers on the same host will be under the same network segment and can communicate with each other.

Docker network management-external access to the container

Idea: First use the centos image to create a new container, then install the nginx service in the container and start it, and then import the container into a new image (centos_nginx), and then use the new image to create the container and specify the host port mapping

Create a new image: docker run -itd -p 8888:80 centos_nginx bash //-p port mapping can be specified. In this example, port 80 of the container is mapped to the local port 8888

Enter the new image: docker exec -it container_id bash 

Install nginx: yum install -y nginx

Start nginx: systemctl start nginx

Exit the container: exit

Test: curl 127.0.0.1:8888

• The format of IP:port:ip:port is also supported after -p, such as

-p 127.0.0.1:8080:80 

• You can also write ip instead of the local port, which will assign a port at will

-p 127.0.0.1::80 //Note that there are two colons here

Access from another machine: docker rental host IP: 8888 can also be accessed

Solve the error when starting nginx Operation not permitted

The newly created container will report an error when starting nginx or httpd service

[root@34b9c062b8d9 /]# systemctl start nginx
System has not been booted with systemd as init system (PID 1). Can't operate.
Failed to connect to bus: Host is down
Failed to get D-Bus connection: Operation not permitted

This is because dbus-daemon is not started. To solve the problem, you can do so

When starting the container, add the --privileged -e "container=docker" parameter, and change the last command to /usr/sbin/init

格式：docker run -itd -p 8888:80 --privileged -e "container=docker" centos_with_nginx /usr/sbin/init

Or add: --privileged=true

docker run -itd -p 8888:80 --privileged -e "container=true" centos_nginx /usr/sbin/init

[root@bogon ~]# docker run -itd -p 8888:80 --privileged -e "container=true" centos_nginx /usr/sbin/init
20df5c59352256a8bae6d8e8315f65a1f06831a68ec4dc8fc51aa56d1d2bde60
[root@localhost ~]# docker ps
CONTAINER ID   IMAGE          COMMAND                  CREATED          STATUS          PORTS                    NAMES
73bda065303e   centos_nginx   "/usr/sbin/init"         12 minutes ago   Up 12 minutes   0.0.0.0:8888->80/tcp     wizardly_taussig
df3b494539d4   300e315adb2f   "bash"                   31 minutes ago   Up 31 minutes                            hopeful_haibt
f251f778055e   registry       "/entrypoint.sh /etc…"   57 minutes ago   Up 57 minutes   0.0.0.0:5000->5000/tcp   cranky_ramanujan

Docker network management-configure bridge network

This mode can make your docker container and the host use the same switch, they are on the same network segment, so that you can directly communicate with external machines, or you can treat this docker as an independent server

In order to make the communication between machines and Docker containers in the local network more convenient, we often need to configure the Docker container to the same network segment as the host. This requirement is actually very easy to achieve. We only need to bridge the Docker container and the host's network card, and then configure the Docker container with an IP.

First enter the network card configuration directory:

cd /etc/sysconfig/network-scripts/

Copy a new network card out

cp ifcfg-ens33  ifcfg-br0

• Change the br0 configuration:

vim ifcfg-br0

First change the first line TYPE=Bridge

Change the name again: NAME=br0; DEVICE=br0; UUID also comment out

• Change ens33 configuration

vi ifcfg-ens33 //Add BRIDGE=br0 in the last line, comment out: UUID,IPADDR,NETMASK,GATEWAY,DNS1

In fact, it is to configure the IP of ens33 to the new virtual network card br0, and then ens33 is bridging

Restart the network card: systemctl restart network

After the configuration is successful, the br0 network card will inherit the ip of ens33, and ens33 will be gone

[root@localhost network-scripts]# ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.18.141  netmask 255.255.255.0  broadcast 192.168.18.255
        inet6 fe80::5b35:7d8a:d448:fcf1  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:b8:0f:33  txqueuelen 1000  (Ethernet)
        RX packets 66  bytes 5379 (5.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 73  bytes 8400 (8.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        inet6 fe80::42:74ff:fe8a:e688  prefixlen 64  scopeid 0x20<link>
        ether 02:42:74:8a:e6:88  txqueuelen 0  (Ethernet)
        RX packets 7464  bytes 330335 (322.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 12839  bytes 27117685 (25.8 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether 00:0c:29:b8:0f:33  txqueuelen 1000  (Ethernet)
        RX packets 243167  bytes 341083270 (325.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 60420  bytes 5248917 (5.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

安装pipwork

克隆：git clone https://github.com/jpetazzo/pipework

[root@localhost ~]# git clone https://github.com/jpetazzo/pipework
正克隆到 'pipework'...
remote: Enumerating objects: 8, done.
remote: Counting objects: 100% (8/8), done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 518 (delta 2), reused 5 (delta 2), pack-reused 510
接收对象中: 100% (518/518), 182.72 KiB | 14.00 KiB/s, done.
处理 delta 中: 100% (272/272), done.

拷贝文件到可执行目录下：

cp pipework/pipework /usr/local/bin/

开启一个容器：（--net=none参数意思是不设置网络）

docker run -itd --net=none centos_with_nettool  bash

[root@localhost pipework]# docker run -itd --net=none 772d8347a1d7 bash
62cb0a73d01b26b4b3f7972f45806b8960c0762eacd486ff5e4f578c716051b0

进入到容器里，现在是没有网卡ip的

[root@localhost pipework]# docker exec -it 62cb0a bash
[root@62cb0a73d01b /]# ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@62cb0a73d01b /]#

退出并设置IP：

pipework br0 62cb0a73d01b 192.168.18.142/[email protected]  #192.168.18.142为自定义容器的ip，@后面的ip为网关ip

[root@localhost pipework]# pipework br0 62cb0a73d01b 192.168.18.142/[email protected]

在进入容器就有IP了，而且还能ping外网，其他机器也可以ping它，在里边安装一些服务（nginx，httpd）就可以直接ip端口访问了

[root@localhost pipework]# docker exec -it 62cb0a bash
[root@62cb0a73d01b /]# ifconfig
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.18.142  netmask 255.255.255.0  broadcast 192.168.18.255
        ether 2a:d0:c4:88:ba:63  txqueuelen 1000  (Ethernet)
        RX packets 12  bytes 896 (896.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1  bytes 42 (42.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

在容器ping外网

[root@62cb0a73d01b /]# ping baidu.com
PING baidu.com (39.156.69.79) 56(84) bytes of data.
64 bytes from 39.156.69.79 (39.156.69.79): icmp_seq=1 ttl=128 time=47.4 ms
64 bytes from 39.156.69.79 (39.156.69.79): icmp_seq=2 ttl=128 time=44.6 ms
64 bytes from 39.156.69.79 (39.156.69.79): icmp_seq=3 ttl=128 time=46.10 ms

其他机器ping该容器

[root@localhost ~]# ping 192.168.18.141
PING 192.168.18.141 (192.168.18.141) 56(84) bytes of data.
64 bytes from 192.168.18.141: icmp_seq=42 ttl=64 time=0.486 ms
64 bytes from 192.168.18.141: icmp_seq=43 ttl=64 time=0.313 ms
64 bytes from 192.168.18.141: icmp_seq=44 ttl=64 time=0.296 ms
64 bytes from 192.168.18.141: icmp_seq=45 ttl=64 time=0.372 ms
64 bytes from 192.168.18.141: icmp_seq=46 ttl=64 time=0.220 ms
64 bytes from 192.168.18.141: icmp_seq=47 ttl=64 time=0.297 ms