目的地主机无法到达时使用docker覆盖networking中的领事进行容器之间的通信
我在centos 7中使用docker 17.03版本
内核版本 – 3.10.0-514.10.2.el7.x86_64
Client: Version: 17.03.0-ce API version: 1.26 Go version: go1.7.5 Git commit: 3a232c8 Built: Tue Feb 28 08:10:07 2017 OS/Arch: linux/amd64 Server: Version: 17.03.0-ce API version: 1.26 (minimum version 1.12) Go version: go1.7.5 Git commit: 3a232c8 Built: Tue Feb 28 08:10:07 2017 OS/Arch: linux/amd64 Experimental: false 我有docker多主机networking的node-0和node-1,我正在使用consul。 在节点0中,我使用下面的命令创build了一个consul容器,
docker run -d -p 8500:8500 -h consul --name consul progrium/consul -server -bootstrap
那么我已经在/etc/systemd/system/docker.service.d里创build了一个drop-in文件,并添加了下面几行,
[Service] ExecStart= ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --cluster-store=consul://<NODE-0-PRIVATE-IP>:8500/network --cluster-advertise=<NODE0-IP>:2375"
一旦完成了,我已经重新启动了docker恶魔,并使用命令创build了一个覆盖networking, docker network create -d overlay –subnet = 10.10.10.0 / 24 my-net然后我创build了一个名为container1的容器,放在node-0并将其映射到我的networking。
在node-1机器上,我在/etc/systemd/system/docker.service.d里面创build了一个drop-in文件,并添加了下面几行,
[Service] ExecStart= ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --cluster-store=consul://<NODE-0-PRIVATE-IP>:8500/network --cluster-advertise=<NODE1-IP>:2375"
并启动了一个名为container2的容器,并将其映射到my-net。
我的设置看起来像,
node0 - consul, container1 node1 - container2
在container2里面,我正在试着ping容器1,但得到下面的响应,
PING container1 (10.10.10.3) 56(84) bytes of data. From container2 (10.10.10.4) icmp_seq=1 Destination Host Unreachable From container2 (10.10.10.4) icmp_seq=2 Destination Host Unreachable From container2 (10.10.10.4) icmp_seq=3 Destination Host Unreachable From container2 (10.10.10.4) icmp_seq=4 Destination Host Unreachable
从node0, ip a显示
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:50:56:9d:9c:9f brd ff:ff:ff:ff:ff:ff inet <NODE0-PRIVATE-IP>/24 brd 192.168.5.255 scope global ens32 valid_lft forever preferred_lft forever inet6 fe80::250:56ff:fe9d:9c9f/64 scope link valid_lft forever preferred_lft forever 3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP link/ether 02:42:57:6d:e8:a9 brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:57ff:fe6d:e8a9/64 scope link valid_lft forever preferred_lft forever 4: docker_gwbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP link/ether 02:42:10:5b:7d:b5 brd ff:ff:ff:ff:ff:ff inet 172.19.0.1/16 scope global docker_gwbridge valid_lft forever preferred_lft forever inet6 fe80::42:10ff:fe5b:7db5/64 scope link
在container1里面, ip a显示为,
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 18: eth0@if19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP link/ether 02:42:0a:0a:0a:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 10.10.10.3/24 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::42:aff:fe0a:a03/64 scope link valid_lft forever preferred_lft forever 20: eth1@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP link/ether 02:42:ac:13:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 1 inet 172.19.0.3/16 scope global eth1 valid_lft forever preferred_lft forever inet6 fe80::42:acff:fe13:3/64 scope link valid_lft forever preferred_lft forever
我需要改变什么来获得这项工作? 提前致谢。