docker集群运行在calico网络上

2019独角兽企业重金招聘Python工程师标准>>> hot3.png

##网络及版本信息

docker1 centos7 192.168.75.200

docker2 centos7 192.168.75.201

物理网络 192.168.75.1/24

Docker version 1.10.3, build 3999ccb-unsupported ,安装过程略

# calicoctl version

Version:      v1.0.0-12-g0d6d228
Build date:   2017-01-17T09:01:03+0000
Git commit:   0d6d228

##1.安装etcd

####下载安装etcd

# ETCD_VER=v3.0.16

# DOWNLOAD_URL=https://github.com/coreos/etcd/releases/download

# curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz -o /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz

# mkdir -p /tmp/test-etcd && tar xzvf /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz -C /tmp/test-etcd --strip-components=1

# cd /tmp/test-etcd && cp etcd* /usr/local/bin/

启动etcd

# etcd --listen-client-urls 'http://192.168.75.200:2379' --advertise-client-urls 'http://192.168.75.200:2379'

查看etcd信息

# etcdctl --endpoint 'http://192.168.75.200:2379' member list

8e9e05c52164694d: name=default peerURLs=http://localhost:2380 clientURLs=http://192.168.75.200:2379 isLeader=true

##2.下载安装calico

修改网络内核参数

# sysctl -w net.netfilter.nf_conntrack_max=1000000 # echo "net.netfilter.nf_conntrack_max=1000000" >> /etc/sysctl.conf

下载calicoctl

# cd /usr/local/bin/ && wget http://www.projectcalico.org/builds/calicoctl

# chmod 755 calicoctl

设置etcd环境变量

# export ETCD_ENDPOINTS=http://192.168.75.200:2379 && echo "export ETCD_ENDPOINTS=http://192.168.75.200:2379" >>/etc/profile

安装运行calico node

# calicoctl node run

Running command to load modules: modprobe -a xt_set ip6_tables
Enabling IPv4 forwarding
Enabling IPv6 forwarding
Increasing conntrack limit
Removing old calico-node container (if running).
Running the following command to start calico-node:docker run --net=host --privileged --name=calico-node -d --restart=always -e ETCD_AUTHORITY= -e ETCD_SCHEME= -e NODENAME=docker1 -e CALICO_NETWORKING_BACKEND=bird -e NO_DEFAULT_POOLS= -e CALICO_LIBNETWORK_ENABLED=true -e CALICO_LIBNETWORK_IFPREFIX=cali -e ETCD_ENDPOINTS=http://192.168.75.200:2379 -v /run/docker/plugins:/run/docker/plugins -v /var/run/docker.sock:/var/run/docker.sock -v /var/run/calico:/var/run/calico -v /lib/modules:/lib/modules -v /var/log/calico:/var/log/calico calico/node:latestImage may take a short time to download if it is not available locally.
Container started, checking progress logs.
Waiting for etcd connection...
Using auto-detected IPv4 address: 192.168.75.200
No IPv6 address configured
Using global AS number
Calico node name:  docker1
CALICO_LIBNETWORK_ENABLED is true - start libnetwork service
Calico node started successfully

在docker1查看calico node状态,发现与docker2(192.168.75.201)连接已建立

# calicoctl node status

Calico process is running.IPv4 BGP status
+----------------+-------------------+-------+----------+-------------+
|  PEER ADDRESS  |     PEER TYPE     | STATE |  SINCE   |    INFO     |
+----------------+-------------------+-------+----------+-------------+
| 192.168.75.201 | node-to-node mesh | up    | 01:57:54 | Established |
+----------------+-------------------+-------+----------+-------------+IPv6 BGP status
No IPv6 peers found.

##3.配置calico pool

查看默认pool

# calicoctl get pool

CIDR                       
192.168.0.0/16             
fd80:24e2:f998:72d6::/64   

删除默认pool,在任意一台node上操作

# calicoctl delete pool 192.168.0.0/16

Successfully deleted 1 'ipPool' resource(s)

# calicoctl delete pool fd80:24e2:f998:72d6::/64

Successfully deleted 1 'ipPool' resource(s)

创建新的ipPool,在任意一台node上操作

# vi /etc/calico/ippool_10.1.0.0_16.cfg

apiVersion: v1
kind: ipPool
metadata:cidr: 10.1.0.0/16
spec:ipip:enabled: truenat-outgoing: truedisabled: false

# calicoctl create -f /etc/calico/ippool_10.1.0.0_16.cfg

Successfully created 1 'ipPool' resource(s)

##4.配置docker,创建docker network

修改集群中每台docker启动参数,重启docker

添加--cluster-store=etcd://192.168.75.200:2379/calico 指定docker集群使用的存储,否则下一步不会成功创建network

# vi /etc/sysconfig/docker

OPTIONS='--selinux-enabled --log-driver=journald --cluster-store=etcd://192.168.75.200:2379/calico'

集群中任意一台上docker创建网络

# docker network create --driver=calico --ipam-driver=calico-ipam net1

0501f1b788756d122568e7aed2d7c56fe2de9138f9bd00f6628c4b66c81c7c9b

# docker network create --driver=calico --ipam-driver=calico-ipam net2

4b636bf63b23dee13b817c911335823a84ad6d55771a44e89fb81c16f76663ad

# docker network ls

NETWORK ID          NAME                DRIVER
54a450c39848        net1                calico              
8fdcdecdb0bc        net2                calico              
e0d1a688fef8        none                null                
0e987140865a        host                host                
b5122ac5e20e        bridge              bridge    

##5.测试网络连否连通

docker1启动net1,net2各一个container

[root@docker1 bin]# docker run -itd --net=net1 --name=testnet1 centos /bin/bash
579c509e293e25340f10cc188a91136f99ed9021b99f795a9056a683b6b46864
[root@docker1 bin]# docker run -itd --net=net2 --name=testnet2 centos /bin/bash
c8777a2ff6add64e6abf454828820a6cfee332086a58c769a6cf1e5e0fda8760

docker2启动net1,net2各一个container

[root@docker2 bin]# docker run -itd --net=net1 --name=testnet3 centos /bin/bash
8bb7be8d86a04631a442a9f43e6be9576a891f704b91042550c5fe632fa11f06
[root@docker2 bin]# docker run -itd --net=net2 --name=testnet4 centos /bin/bash
422f4466db503b380f646d6eaee14a2f695550669fd4987fadefff438f456a36

container ip信息如下

testnet1 10.1.174.193
testnet2 10.1.174.194
testnet3 10.1.166.129
testnet4 10.1.166.130

####testnet1上ping其他container

testnet1容器只和docker2上的testnet3容器能通,因为两个container都属于net1网络

[root@579c509e293e /]# ping 10.1.166.129
PING 10.1.166.129 (10.1.166.129) 56(84) bytes of data.
64 bytes from 10.1.166.129: icmp_seq=1 ttl=62 time=0.400 ms
^C
--- 10.1.166.129 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.400/0.400/0.400/0.000 ms
[root@579c509e293e /]# ping 10.1.166.130
PING 10.1.166.130 (10.1.166.130) 56(84) bytes of data.
^C
--- 10.1.166.130 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3000ms[root@579c509e293e /]# ping 10.1.174.194
PING 10.1.174.194 (10.1.174.194) 56(84) bytes of data.
^C
--- 10.1.174.194 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2000ms

遇到的问题:

1.docker异常后无法restart testnet3,4容器

docker: Error response from daemon: service endpoint with name testnet3 already exists.

解决方案:

etcd中endpoint信息未删除,手动删除吧,查找方法如下

54a450.....是network id,可通过docker network ls查找到

遍历下/calico/docker/network/v1.0/endpoint/54a450c3984853b3942738163cfaaa7dd247686ccc10b8f395dfb807df11e2bb/的所有数据就能找到对应的数据手工删除

# etcdctl --endpoint 'http://192.168.75.200:2379' get /calico/docker/network/v1.0/endpoint/54a450c3984853b3942738163cfaaa7dd247686ccc10b8f395dfb807df11e2bb/5d9cad95e7193e47177eb6d8bdfa25ebc878d8565c48227861^Cf6700136a10c

{"anonymous":false,"disableResolution":false,"ep_iface":{"addr":"10.1.174.198/32","dstPrefix":"cali","mac":"ee:ee:ee:ee:ee:ee","routes":["169.254.1.1/32"],"srcName":"temp5d9cad95e71","v4PoolID":"CalicoPoolIPv4","v6PoolID":""},"exposed_ports":[],"generic":{"com.docker.network.endpoint.exposedports":[],"com.docker.network.portmap":[]},"id":"5d9cad95e7193e47177eb6d8bdfa25ebc878d8565c48227861f6f6700136a10c","locator":"","myAliases":null,"name":"testnet1","sandbox":"bc9abf7c29a9532500aeb9618b22254eab9e73aecc9d4b6c3bf488b6d173791e"}

2.node访问其他node上的container不通

默认net1和net2的profile是允许tag相同的访问endpoint,但是calico node默认无法访问,需要修改profile

# calicoctl get profile net1 -o yaml > /etc/calico/profile_net1.yaml

# vi /etc/calico/profile_net1.yaml

- apiVersion: v1kind: profilemetadata:name: net1tags:- net1spec:egress:- action: allowdestination: {}source: {}ingress:- action: allowdestination: {}source:tag: net1
#下面是新加的rule- action: allowdestination: {}source:net: 192.168.75.0/24- action: allowdestination: {}source:net: 10.1.174.192/32- action: allowdestination: {}source:net: 10.1.166.128/32

# calicoctl create -f /etc/calico/profile_net1.yaml

Successfully created 1 'policy' resource(s)

10.1.174.192/32和10.1.166.128/32是docker1和docker2的tunl0的ip,手工配置这个还是比较繁琐,应该写成脚本做这个工作

再在集群中任意一台node上ping另外一台node上随便一台net1下的container都能ping通了

转载于:https://my.oschina.net/u/1791060/blog/827084

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.mzph.cn/news/541908.shtml

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

python批量雷达图_python批量制作雷达图

老板要画雷达图,但是数据好多组怎么办?不能一个一个点excel去画吧,那么可以利用python进行批量制作,得到样式如下:首先制作一个演示的excel,评分为excel随机数生成:1 INT((RAND()4)*10)/10加入标…

JavaScript中带有示例的Math.log()方法

JavaScript | Math.log()方法 (JavaScript | Math.log() Method) Math.log() is a function in math library of JavaScript that is used to return the value of natural Log i.e. (base e) of the given number. It is also known as ln(x) in mathematical terms. Math.log…

SUI踩坑记录

SUI踩坑记录 最近做了个项目选型了SUI和vue做单页应用。下面记录一下踩坑经历SUI 介绍 sui文档:http://m.sui.taobao.org/SUI Mobile 是一套基于 Framework7 开发的UI库。它非常轻量、精美,只需要引入我们的CDN文件就可以使用,并且能兼容到 i…

java 写入xml文件_java读写xml文件

要读的xml文件李华姓名>14年龄>学生>张三姓名>16年龄>学生>学生花名册>package xml;import java.io.FileOutputStream;import java.io.OutputStreamWriter;import java.io.Writer;import java.util.Iterator;import java.util.Vector;import javax.xml.pa…

JavaScript中带有示例的Math.max()方法

JavaScript | Math.max()方法 (JavaScript | Math.max() Method) Math.max() is a function in math library of JavaScript that is used to return the greatest value of all the passed values to the method. Math.max()是JavaScript数学库中的函数,用于将所有…

java 修饰符默认_Java和C#默认访问修饰符

C#中:针对下面几种类型内部成员的访问修饰符:enum的默认访问修饰符:public。class的默认为private。interface默认为public。struct默认为private。其中:public可以被任意存取;protected只可以被本类和其继承子类存取&…

JavaScript中带有示例的Math.abs()方法

JavaScript | Math.abs()方法 (JavaScript | Math.abs() Method) Math operations in JavaScript are handled using functions of math library in JavaScript. In this tutorial on Math.abs() method, we will learn about the abs() method and its working with examples.…

人脸识别python face_recognize_python2.7使用face_recognition做人脸识别

偶然看到一篇文章,说是可以实时人脸识别,很有兴趣就自己按照文章开始动手人脸识别,但是实现过程中遇到了几个问题这里做个总结,希望可以帮助到大家安装face_recognition这个之前需要先安装编译dlib,如果没有安装dlib&a…

c# reverse_清单 .Reverse()方法,以C#为例

c# reverseC&#xff03;List <T> .Reverse()方法 (C# List<T>.Reverse() Method) List<T>.Reverse() method is used to reverse the all list elements. List <T> .Reverse()方法用于反转所有列表元素。 Syntax: 句法&#xff1a; void List<T&…

cpuinfo详解

cat /proc/cpuinfo processor: 23&#xff1a;超线程技术的虚拟逻辑核第24个 ###一般看最后一个0...23 表示24线程 vendor_id: GenuineIntel&#xff1a;CPU制造商cpu family: 6&#xff1a;CPU产品系列代号model: 44&#xff1a;CPU属于其系列中的哪一代号model name: Intel…

jvm延迟偏向_用于偏向硬币翻转模拟的Python程序

jvm延迟偏向Here, we will be simulating the occurrence coin face i.e. H - HEAD, T - TAIL. Simply we are going to use an inbuilt library called as random to call a random value from given set and thereby we can stimulate the occurrence value by storing the o…

java项目没有bin_WebAPI项目似乎没有将转换后的web.config发布到bin文件夹?

我很擅长.NET配置转换 . 我现在将它们放在用于数据使用的类库和WPF应用程序上 .但是&#xff0c;当我尝试使用ASP.NET WebAPI项目进行设置时&#xff0c;似乎发生了一些奇怪的事情 .配置文件永远不会显示在我的bin目录中&#xff0c;因此web.config始终显示为预先形成的配置文件…

opengl es的射线拾取

2019独角兽企业重金招聘Python工程师标准>>> 在opengl中关于拾取有封装好的选择模式&#xff0c;名字栈&#xff0c;命中记录&#xff0c;实现拾取的功能&#xff0c;相对容易一些。但是到了opengl es里面就比较倒霉了&#xff0c;因为opengl es是opengl的简化版&am…

java timezone_Java TimeZone useDaylightTime()方法与示例

java timezoneTimeZone类useDaylightTime()方法 (TimeZone Class useDaylightTime() method) useDaylightTime() method is available in java.util package. useDaylightTime()方法在java.util包中可用。 useDaylightTime() method is used to check whether this time zone u…

视觉学习(4) —— 添加地址传递数据

Modbus Slave 选择一个地址右键&#xff0c;选择发送的数据类型 视觉软件 一、添加地址 当地址为100时&#xff0c;先将首地址改为100&#xff0c;第0个地址为100&#xff0c;第1个地址为101&#xff0c;往后累加 若想使用100—150的地址&#xff0c;即首地址为100&#xff…

某个JAVA类断点无效_解决eclipse中断点调试不起作用的问题

最近几天&#xff0c;遇到了一个问题&#xff0c;就是在eclipse中进行断点调试程序到时候&#xff0c;跟踪不到我设置的断点。困惑了很久&#xff0c;在网上也查阅了很多资料&#xff0c;都没能解决我的问题。今天早上&#xff0c;我试着把eclipse的工作空间重新换了一个&#…

jquery中阻止事件冒泡的方法

2019独角兽企业重金招聘Python工程师标准>>> 根据《jquery基础教程》 第一种方法&#xff1a;判断事件的“直接”目标是否是自身&#xff0c;如果不是自身&#xff0c;不予处理 $(div.outter).click(function(event) {if (event.target this) {$(p).css(color, red…

java swing 组织机构_课内资源 - 基于Java Swing的小型社团成员管理系统

一、需求分析1.1 个人信息学号、姓名、性别、年级、系别、专业、出生日期、联系方式、个性签名、地址、照片。1.2 基本功能要求管理员信息管理登录、注销功能修改密码功能部落成员信息管理添加成员删除成员修改成员信息按条件查找筛选成员1.3 高级特性管理员权限管理成员信息包…

Java System类loadLibrary()方法与示例

系统类loadLibrary()方法 (System class loadLibrary() method) loadLibrary() method is available in java.lang package. loadLibrary()方法在java.lang包中可用。 loadLibrary() method is used to load the library with the given parameter named library_name(library …