Docker跨主机web集群的weave网络
跨主机web集群的weave网络
实验环境
| ip | 服务 | 备注 |
|---|---|---|
| 192.168.1.11 | nginx | host1 |
| 192.168.1.12 | Docker已安装 | host2 |
| 192.168.1.13 | Docker已安装 | host3 |
| 192.168.1.14 | Docker已安装 | host4 |
实验目的
host2运行两台web容器,web1和web2,网段地址为10.32.0.0/12,,默认的weave网段
host3运行两台web容器,web3和web4,网段地址为10.10.10.0/24,需要手动指定
要求host2集群页面内容为”ChaiYanJiang”,host3集群页面内容为”PeiJinfeng”
host1使用nginx代理两台主机的web集群
host2和host3也可互相访问,需要做路由
host4能与host1的web1容器通信,也能与host2的web3通信
实验步骤
为了方便区分,已经提前设置好了对应的hostname
运行web集群
host2
下载weave
[root@host2 ~]# curl -L git.io/weave -o /usr/local/bin/weave
[root@host2 ~]# chmod +x /usr/local/bin/weave启动weave服务
[root@host2 ~]# weave launch防火墙策略
[root@host2 ~]# iptables -A FORWARD -j REJECT --reject-with icmp-host-prohibited
[root@host2 ~]# iptables-save查看网段地址
[root@host2 ~]# docker network inspect weave
...
"Subnet": "10.32.0.0/12"
...使用weave网络启动web集群
[root@host2 ~]# eval $(weave env)
# 创建映射目录
[root@host2 ~]# mkdir htdocs
[root@host2 ~]# echo "ChaiYanJiang" >> htdocs/index.html
[root@host2 ~]# docker run -itd -p 80 --name web1 --volume /root/htdocs/:/usr/local/apache2/htdocs httpd
faafaa1ae1929871fa1b61ab0783e06e222d94a225bb6113c375285e9d5fd937
[root@host2 ~]# docker run -itd -p 80 --name web2 --volume /root/htdocs/:/usr/local/apache2/htdocs httpd
b0fd89c1759f1b8bb58af00b7688f7ba21c442ed7466843e2db285b5925104e3查看集群ip,web1ip为10.32.0.1/12,web2ip为10.32.0.2/12
[root@host2 ~]# docker run -it --rm --network container:web1 busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
14: eth0@if15: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
16: ethwe@if17: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1376 qdisc noqueue
link/ether 6e:ef:32:b4:25:78 brd ff:ff:ff:ff:ff:ff
inet 10.32.0.1/12 brd 10.47.255.255 scope global ethwe
valid_lft forever preferred_lft forever
[root@host2 ~]# docker run -it --rm --network container:web2 busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
18: eth0@if19: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
20: ethwe@if21: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1376 qdisc noqueue
link/ether 02:55:11:48:2c:c3 brd ff:ff:ff:ff:ff:ff
inet 10.32.0.2/12 brd 10.47.255.255 scope global ethwe
valid_lft forever preferred_lft forever
/ # exit设置主机可以访问两个容器
[root@host2 ~]# weave expose
10.32.0.3
[root@host2 ~]# curl 10.32.0.1
ChaiYanJiang
[root@host2 ~]# curl 10.32.0.2
ChaiYanJianghost3
下载weave
[root@host3 ~]# curl -L git.io/weave -o /usr/local/bin/weave
[root@host3 ~]# chmod +x /usr/local/bin/weave启动weave服务
指定10.10.10.0/24的网段
[root@host3 ~]# weave launch --ipalloc-range 10.10.10.0/24防火墙策略
[root@host3 ~]# iptables -A FORWARD -j REJECT --reject-with icmp-host-prohibited
[root@host3 ~]# iptables-save查看网段地址
[root@host2 ~]# docker network inspect weave
...
"Subnet": "10.10.10.0/24"
...使用weave网络启动web集群
[root@host3 ~]# eval $(weave env)
[root@host3 ~]# mkdir htdocs
[root@host3 ~]# echo "PeiJinfeng" >> htdocs/index.html
[root@host3 ~]# docker run -itd -p 80 --name web3 --volume /root/htdocs/:/usr/local/apache2/htdocs httpd
e70c302e8a1002f0dad4261627148746710f34345af5146e8141970d7371fa34
[root@host3 ~]# docker run -itd -p 80 --name web4 --volume /root/htdocs/:/usr/local/apache2/htdocs httpd
bb5c5585e79f49ff963a11ebe980c25d80a8a152dc4d29d676d2c0aa7a90fa64查看集群ip,web3ip为10.10.10.1/24,web4ip为10.10.10.2/24
[root@host3 ~]# docker run -it --rm --network container:web3 busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
14: eth0@if15: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
16: ethwe@if17: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1376 qdisc noqueue
link/ether 5e:24:f5:3a:d2:da brd ff:ff:ff:ff:ff:ff
inet 10.10.10.1/24 brd 10.10.10.255 scope global ethwe
valid_lft forever preferred_lft forever
/ # exit
[root@host3 ~]# docker run -it --rm --network container:web4 busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
18: eth0@if19: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
20: ethwe@if21: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1376 qdisc noqueue
link/ether 7e:b4:f9:73:65:6e brd ff:ff:ff:ff:ff:ff
inet 10.10.10.2/24 brd 10.10.10.255 scope global ethwe
valid_lft forever preferred_lft forever设置主机可以访问两个容器
[root@host3 ~]# weave expose
10.10.10.3
[root@host3 ~]# curl 10.10.10.1
PeiJinfeng
[root@host3 ~]# curl 10.10.10.2
PeiJinfenghost2与host3互相访问
host2添加路由
[root@host2 ~]# ip route add 10.10.10.0/24 via 192.168.1.13 dev ens33验证
[root@host2 ~]# curl 10.10.10.1
PeiJinfeng
[root@host2 ~]# curl 10.10.10.2
PeiJinfenghost3添加路由
[root@host3 ~]# ip route add 10.32.0.0/12 via 192.168.1.12 dev ens33验证
[root@host3 ~]# curl 10.32.0.1
ChaiYanJiang
[root@host3 ~]# curl 10.32.0.2
ChaiYanJianghost1添加路由
因为host1需要直接代理host2与host3的容器ip,所以也需要可以访问他们的容器ip
[root@host1 ~]# ip route add 10.10.10.0/24 via 192.168.1.13 dev ens33
[root@host1 ~]# ip route add 10.32.0.0/12 via 192.168.1.12 dev ens33验证
[root@host1 ~]# curl 10.10.10.1
PeiJinfeng
[root@host1 ~]# curl 10.10.10.1
PeiJinfeng
[root@host1 ~]# curl 10.10.10.2
PeiJinfeng
[root@host1 ~]# curl 10.32.0.1
ChaiYanJiang
[root@host1 ~]# curl 10.32.0.2
ChaiYanJianghost1安装nginx代理容器
拖包
[root@host1 ~]# yum -y install pcre-devel openssl-devel
[root@host1 ~]# tar zxf nginx-1.11.1.tar.gz -C /usr/src
[root@host1 ~]# cd /usr/src/nginx-1.11.1/
[root@host1 nginx-1.11.1]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx
[root@host1 nginx-1.11.1]# make && make install
[root@host1 ~]# useradd -M -s /sbin/nologin nginx
[root@host1 ~]# ln -s /usr/local/nginx/sbin/* /usr/sbin修改配置文件进行代理
[root@host1 ~]# vim /usr/local/nginx/conf/nginx.conf
# server模块上面添加
upstream webcluster {
server 10.32.0.1 weight=1;
server 10.32.0.2 weight=1;
server 10.10.10.1 weight=1;
server 10.10.10.2 weight=1;
}
# location模块修改为
location / {
proxy_pass http://webcluster;
}启动nginx
[root@host1 ~]# nginx使用host4验证
[root@host4 ~]# curl 192.168.1.11
ChaiYanJiang
[root@host4 ~]# curl 192.168.1.11
ChaiYanJiang
[root@host4 ~]# curl 192.168.1.11
PeiJinfeng
[root@host4 ~]# curl 192.168.1.11
PeiJinfenghost4访问web1和web3
只需要针对ip地址做路由即可
[root@host4 ~]# ip route add 10.32.0.1 via 192.168.1.12 dev ens33
[root@host4 ~]# ip route add 10.10.10.1 via 192.168.1.13 dev ens33访问验证
web2和web4的ip确实访问不到
[root@host4 ~]# curl 10.32.0.1
ChaiYanJiang
[root@host4 ~]# curl 10.10.10.1
PeiJinfeng
[root@host4 ~]# curl 10.10.10.2
^C
[root@host4 ~]# curl 10.32.0.2
^C博客内容遵循 署名-非商业性使用-相同方式共享 4.0 国际 (CC BY-NC-SA 4.0) 协议
