docker +flanner+ CenterOS:7.1不同宿主机间网络无法通信问题
在两个虚拟机上
docker_master:10.1.110.74 ,容器内ip地址为:172.17.49.3
docker_minion01:10.1.110.63 容器内ip地址为:172.17.63.3
容器间通过flannel进行强制修改容器的路由
在docker_master容器中的路由策略、ip信息、防火墙策略:
[root@4aad56515f93 /]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.17.49.1 0.0.0.0 UG 0 0 0 eth0
172.17.49.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
[root@4aad56515f93 /]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever29: eth0@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:11:31:03 brd ff:ff:ff:ff:ff:ff
inet 172.17.49.3/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:3103/64 scope link
valid_lft forever preferred_lft forever防火墙策略:
[root@4aad56515f93 /]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever29: eth0@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:11:31:03 brd ff:ff:ff:ff:ff:ff
inet 172.17.49.3/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:3103/64 scope link
valid_lft forever preferred_lft forever
ping docker_minion01中的容器的网关,可以ping通
[root@4aad56515f93 /]# ping 172.17.63.1
PING 172.17.63.1 (172.17.63.1) 56(84) bytes of data.
64 bytes from 172.17.63.1: icmp_seq=1 ttl=61 time=0.599 ms
ping docker_minion01中的容器,无法ping通
[root@4aad56515f93 /]# ping 172.17.63.3
PING 172.17.63.3 (172.17.63.3) 56(84) bytes of data.
docker_master 宿主机的网络信息如下:
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.49.1 netmask 255.255.255.0 broadcast 0.0.0.0
inet6 fe80::42:f6ff:fe79:7613 prefixlen 64 scopeid 0x20<link>
ether 02:42:f6:79:76:13 txqueuelen 0 (Ethernet)
RX packets 19097 bytes 137724726 (131.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 26525 bytes 156608053 (149.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.1.110.74 netmask 255.255.255.0 broadcast 10.1.110.255
inet6 fe80::250:56ff:fea5:14d0 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:a5:14:d0 txqueuelen 1000 (Ethernet)
RX packets 17191337 bytes 1953653535 (1.8 GiB)
RX errors 0 dropped 35 overruns 0 frame 0
TX packets 16223691 bytes 1718727411 (1.6 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
flannel0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1472
inet 172.17.49.0 netmask 255.255.0.0 destination 172.17.49.0
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 25170 bytes 2114280 (2.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 129 bytes 10836 (10.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
3同行回答
- flannel配置的方法我是参照http://dockone.io/article/618上面做的,具体配置如下: 1、下载flannel的安装包:下载地址:https://github.com/coreos/flannel/releases/download/v0.5.5/flannel-0.5.5-linux-amd64.tar.gz 2、在主机上解压安装包 3、拷贝flanneld到 /usr/bin下,主要是便于执行,加入环境变量中也行 cp flanneld /usr/bin 4、增加 /usr/lib/systemd/system/flanneld.service [Unit] Description=flannel [Service] ExecStart=/usr/bin/flanneld \ -etcd-endpoints=http://docker-etcdtest.sinosafe.com.cn:2379 -etcd-prefix=/flannel/network [Install] WantedBy=multi-user.target 5、配置etcd [root@docker_master software]# etcdctl get /flannel/network/config {"Network":"172.17.0.0/16"} 6、配置以及重启docker sudo mk-docker-opts.sh -is source /run/flannel/subnet.env sudo rm /var/run/docker.pid sudo ifconfig docker0 ${FLANNEL_SUBNET} 重启docker sytemctl restart docker
check如下几个点:
1)172.17.63.3是running状态;
2)在172.17.63网络内,172.17.63.3三层可达;
- 一、172.17.63.3 ip所在容器是启动的,如下:[root@e8b921ccffc9 /]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 9: eth0@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP link/ether 02:42:ac:11:3f:03 brd ff:ff:ff:ff:ff:ff inet 172.17.63.3/24 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::42:acff:fe11:3f03/64 scope link valid_lft forever preferred_lft forever [root@e8b921ccffc9 /]# 二、在该172.17.63.3所在的宿主机上,启动另外一个容器,获得ip地址为: [root@31a69f43801f /]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 11: eth0@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP link/ether 02:42:ac:11:3f:04 brd ff:ff:ff:ff:ff:ff inet 172.17.63.4/24 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::42:acff:fe11:3f04/64 scope link valid_lft forever preferred_lft forever 可以ping通172.17.63.3 [root@31a69f43801f /]# ping 172.17.63.3 PING 172.17.63.3 (172.17.63.3) 56(84) bytes of data. 64 bytes from 172.17.63.3: icmp_seq=1 ttl=64 time=0.135 ms 64 bytes from 172.17.63.3: icmp_seq=2 ttl=64 time=0.065 ms 64 bytes from 172.17.63.3: icmp_seq=3 ttl=64 time=0.065 ms
补充下:
dmesg | less
[253008.073363] IPv6: ADDRCONF(NETDEV_CHANGE): veth796713a: link becomes ready
[253008.073413] docker0: port 3(veth796713a) entered forwarding state
[253008.073426] docker0: port 3(veth796713a) entered forwarding state
[253023.096932] docker0: port 3(veth796713a) entered forwarding state
[253041.897987] docker0: port 3(veth796713a) entered disabled state
[253041.929868] docker0: port 3(veth796713a) entered disabled state
[253041.931212] device veth796713a left promiscuous mode
[253041.931229] docker0: port 3(veth796713a) entered disabled state
[253059.283992] device veth939a1fb entered promiscuous mode
[253059.284082] IPv6: ADDRCONF(NETDEV_UP): veth939a1fb: link is not ready
[253059.284087] docker0: port 3(veth939a1fb) entered forwarding state
[253059.284096] docker0: port 3(veth939a1fb) entered forwarding state
[253059.287930] docker0: port 3(veth939a1fb) entered disabled state
[253059.542659] IPv6: ADDRCONF(NETDEV_CHANGE): veth939a1fb: link becomes ready
[253059.542710] docker0: port 3(veth939a1fb) entered forwarding state
[253059.542721] docker0: port 3(veth939a1fb) entered forwarding state
[253074.551534] docker0: port 3(veth939a1fb) entered forwarding state
[253077.191005] docker0: port 3(veth939a1fb) entered disabled state
[253077.226675] docker0: port 3(veth939a1fb) entered disabled state
[253077.228084] device veth939a1fb left promiscuous mode
[253077.228100] docker0: port 3(veth939a1fb) entered disabled state
[253438.443798] docker0: port 2(veth946dacb) entered disabled state
[253438.478608] docker0: port 2(veth946dacb) entered disabled state
[253438.479941] device veth946dacb left promiscuous mode
[253438.479958] docker0: port 2(veth946dacb) entered disabled state
[253518.116192] device veth58eddd9 entered promiscuous mode
[253518.116299] IPv6: ADDRCONF(NETDEV_UP): veth58eddd9: link is not ready
[253518.360957] IPv6: ADDRCONF(NETDEV_CHANGE): veth58eddd9: link becomes ready
[253518.361005] docker0: port 2(veth58eddd9) entered forwarding state
[253518.361016] docker0: port 2(veth58eddd9) entered forwarding state
[253533.387715] docker0: port 2(veth58eddd9) entered forwarding state
[254282.569599] docker0: port 2(veth58eddd9) entered disabled state
[254282.601122] docker0: port 2(veth58eddd9) entered disabled state
[254282.601979] device veth58eddd9 left promiscuous mode
[254282.601990] docker0: port 2(veth58eddd9) entered disabled state
[254321.226088] device veth195411d entered promiscuous mode
[254321.234720] IPv6: ADDRCONF(NETDEV_UP): veth195411d: link is not ready
[254321.475847] IPv6: ADDRCONF(NETDEV_CHANGE): veth195411d: link becomes ready
[254321.475892] docker0: port 2(veth195411d) entered forwarding state
[254321.475902] docker0: port 2(veth195411d) entered forwarding state
[254336.502846] docker0: port 2(veth195411d) entered forwarding state
(END)