mirror of
https://github.com/LCTT/TranslateProject.git
synced 2024-12-26 21:30:55 +08:00
[translated]How to set up networking between Docker containers.md
This commit is contained in:
chenjt
parent
31714d8239
commit
e79626b8f8
@ -12,142 +12,142 @@
|
||||
|
||||
|
||||
|
||||
让我们先来看看 weave 怎么工作:先创建一个由多个 peer 组成的对等网络,每个 peer 是一个虚拟路由器容器,叫做“weave 路由器”,它们分布在不同的宿主机上。这个对等网络的每个 peer 之间会维持一个 TCP 链接,用于互相交换拓扑信息,它们也会建立 UDP 链接用于容器间通信。一个 weave 路由器通过桥接技术连接到其他本宿主机上的其他容器。当处于不同宿主机上的两个容器想要通信,一台宿主机上的 weave 路由器用网桥截获数据包,使用 UDP 协议封装后发给另一台宿主机上的 weave 路由器。
|
||||
让我们先来看看 weave 怎么工作:先创建一个由多个 peer 组成的对等网络,每个 peer 是一个虚拟路由器容器,叫做“weave 路由器”,它们分布在不同的宿主机上。这个对等网络的每个 peer 之间会维持一个 TCP 链接,用于互相交换拓扑信息,它们也会建立 UDP 链接用于容器间通信。一个 weave 路由器通过桥接技术连接到其他本宿主机上的其他容器。当处于不同宿主机上的两个容器想要通信,一台宿主机上的 weave 路由器通过网桥截获数据包,使用 UDP 协议封装后发给另一台宿主机上的 weave 路由器。
|
||||
|
||||
Each weave router maintains up-to-date weave router topology information, as well as container's MAC address information (similar to switch's MAC learning), so that it can make forwarding decision on container traffic. Weave is able to route traffic between containers created on hosts which are not directly reachable, as long as two hosts are interconnected via an intermediate weave router on weave topology. Optionally, weave routers can be set to encrypt both TCP control data and UDP data traffic based on public key cryptography.
|
||||
每个 weave 路由器会刷新整个对等网络的拓扑信息,像容器的 MAC 地址(就像交换机的 MAC 地址学习一样获取其他容器的 MAC 地址),因此它可以决定数据包的下一跳是往哪个容器的。weave 能让两个处于不同宿主机的容器进行通信,只要这两台宿主机在 weave 拓扑结构内连到同一个 weave 路由器。另外,weave 路由器还能使用公钥加密技术将 TCP 和 UDP 数据包进行加密。
|
||||
|
||||
### Prerequisite ###
|
||||
### 准备工作 ###
|
||||
|
||||
Before using weave on Linux, of course you need to set up Docker environment on each host where you want to run [Docker][2] containers. Check out [these][3] [tutorials][4] on how to create Docker containers on Ubuntu or CentOS/Fedora.
|
||||
在使用 weave 之前,你需要在所有宿主机上安装 Docker[2] 环境,参考[这些][3][教程][4],在 Ubuntu 或 CentOS/Fedora 发行版中安装 Docker。
|
||||
|
||||
Once Docker environment is set up, install weave on Linux as follows.
|
||||
Docker 环境部署完成后,使用下面的命令安装 weave:
|
||||
|
||||
$ wget https://github.com/zettio/weave/releases/download/latest_release/weave
|
||||
$ chmod a+x weave
|
||||
$ sudo cp weave /usr/local/bin
|
||||
|
||||
Make sure that /usr/local/bin is include in your PATH variable by appending the following in /etc/profile.
|
||||
注意你的 PATH 环境变量要包含 /usr/local/bin 这个路径,请在 /etc/profile 文件中加入一行(LCTT 注:要使环境变量生效,你需要执行这个命令: src /etc/profile):
|
||||
|
||||
export PATH="$PATH:/usr/local/bin"
|
||||
|
||||
Repeat weave installation on every host where Docker containers will be deployed.
|
||||
在每台宿主机上重复上面的操作。
|
||||
|
||||
Weave uses TCP/UDP 6783 port. If you are using firewall, make sure that these port numbers are not blocked by the firewall.
|
||||
Weave 在 TCP 和 UDP 上都使用 6783 端口,如果你的系统开启了防火墙,请确保这两个端口不会被防火墙挡住。
|
||||
|
||||
### Launch Weave Router on Each Host ###
|
||||
### 在每台宿主机上开启 Weave 路由器 ###
|
||||
|
||||
When you want to interconnect Docker containers across multiple hosts, the first step is to launch a weave router on every host.
|
||||
当你想要让处于在不同宿主机上的容器能够互相通信,第一步要做的就是在每台宿主机上开启 weave 路由器。
|
||||
|
||||
On the first host, run the following command, which will create and start a weave router container.
|
||||
第一台宿主机,运行下面的命令,就会创建并开启一个 weave 路由器容器(LCTT 注:前面说过了,weave 路由器也是一个容器):
|
||||
|
||||
$ sudo weave launch
|
||||
|
||||
The first time you run this command, it will take a couple of minutes to download a weave image before launching a router container. On successful launch, it will print the ID of a launched weave router.
|
||||
第一次运行这个命令的时候,它会下载一个 weave 镜像,这会花一些时间。下载完成后就会自动运行这个镜像。成功启动后,终端会打印这个 weave 路由器的 ID 号。
|
||||
|
||||
To check the status of the router, use this command:
|
||||
下面的命令用于查看路由器状态:
|
||||
|
||||
$ sudo weave status
|
||||
|
||||
|
||||
|
||||
Since this is the first weave router launched, there will be only one peer in the peer list.
|
||||
第一个 weave 路由器就绪了,目前为止整个 peer 对等网络中只有一个 peer 成员。
|
||||
|
||||
You can also verify the launch of a weave router by using docker command.
|
||||
你也可以使用 doceker 的命令来查看 weave 路由器的状态:
|
||||
|
||||
$ docker ps
|
||||
|
||||
|
||||
|
||||
On the second host, run the following command, where we specify the IP address of the first host as a peer to join.
|
||||
第二台宿主机部署步骤稍微有点不同,我们需要为这台宿主机的 weave 路由器指定第一台宿主机的 IP 地址,命令如下:
|
||||
|
||||
$ sudo weave launch <first-host-IP-address>
|
||||
|
||||
When you check the status of the router, you will see two peers: the current host and the first host.
|
||||
当你查看路由器状态,你会看到两个 peer 成员:当前宿主机和第一个宿主机。
|
||||
|
||||
|
||||
|
||||
As you launch more routers on subsequent hosts, the peer list will grow accordingly. When launching a router, just make sure that you specify any previously launched peer's IP address.
|
||||
当你开启更多路由器,这个 peer 成员列表会更长。当你新开一个路由器时,要指定前一个宿主机的 IP 地址,请注意不是第一个宿主机的 IP 地址。
|
||||
|
||||
At this point, you should have a weave network up and running, which consists of multiple weave routers across different hosts.
|
||||
现在你已经有了一个 weave 网络了,它由位于不同宿主机的 weave 路由器组成。
|
||||
|
||||
### Interconnect Docker Containers across Multiple Hosts ###
|
||||
### 把不同宿主机上的容器互联起来 ###
|
||||
|
||||
Now it is time to launch Docker containers on different hosts, and interconnect them on a virtual network.
|
||||
接下来要做的就是在不同宿主机上开启 Docker 容器,并使用虚拟网络将它们互联起来。
|
||||
|
||||
Let's say we want to create a private network 10.0.0.0/24, to interconnect two Docker containers. We will assign random IP addressses from this subnet to the containers.
|
||||
假设我们创建一个私有网络 10.0.0.0/24 来互联 Docker 容器,并为这些容器随机分配 IP 地址。
|
||||
|
||||
When you create a Docker container to deploy on a weave network, you need to use weave command, not docker command. Internally, the weave command uses docker command to create a container, and then sets up Docker networking on it.
|
||||
如果你想新建一个能加入 weave 网络的容器,你就需要使用 weave 命令来创建,而不是 docker 命令。原因是 weave 命令内部会调用 docker 命令来新建容器然后为它设置网络。
|
||||
|
||||
Here is how to create a Ubuntu container on hostA, and attach the container to 10.0.0.0/24 subnet with an IP addresss 10.0.0.1.
|
||||
下面的命令是在宿主机 hostA 上建立一个 Ubuntu 容器,然后将它放到 10.0.0.0/24 网络中,分配的 IP 地址为 10.0.0.1:
|
||||
|
||||
hostA:~$ sudo weave run 10.0.0.1/24 -t -i ubuntu
|
||||
|
||||
On successful run, it will print the ID of a created container. You can use this ID to attach to the running container and access its console as follows.
|
||||
成功运行后,终端会打印出容器的 ID 号。你可以使用这个 ID 来访问这个容器:
|
||||
|
||||
hostA:~$ docker attach <container-id>
|
||||
|
||||
Move to hostB, and let's create another container. Attach it to the same subnet (10.0.0.0/24) with a different IP address 10.0.0.2.
|
||||
在宿主机 hostB 上,也创建一个 Ubuntu 容器,IP 地址为 10.0.0.2:
|
||||
|
||||
hostB:~$ sudo weave run 10.0.0.2/24 -t -i ubuntu
|
||||
|
||||
Let's attach to the second container's console as well:
|
||||
访问下这个容器的控制台:
|
||||
|
||||
hostB:~$ docker attach <container-id>
|
||||
|
||||
At this point, those two containers should be able to ping each other via the other's IP address. Verify that from each container's console.
|
||||
这两个容器能够互相 ping 通,你可以通过容器的控制台检查一下。
|
||||
|
||||
|
||||
|
||||
If you check the interfaces of each container, you will see an interface named "ethwe" which is assigned an IP address (e.g., 10.0.0.1 and 10.0.0.2) you specified.
|
||||
如果你检查一下每个容器的网络配置,你会发现有一块名为“ethwe”的网卡,你分配给容器的 IP 地址出现在它们那里(比如这里分别是 10.0.0.1 和 10.0.0.2)。
|
||||
|
||||
|
||||
|
||||
### Other Advanced Usages of Weave ###
|
||||
### Weave 的其他高级用法 ###
|
||||
|
||||
Weave offers a number of pretty neat features. Let me briefly cover a few here.
|
||||
weave 提供了一些非常巧妙的特性,我在这里作下简单的介绍。
|
||||
|
||||
#### Application Isolation ####
|
||||
#### 应用分离 ####
|
||||
|
||||
Using weave, you can create multiple virtual networks and dedicate each network to a distinct application. For example, create 10.0.0.0/24 for one group of containers, and 10.10.0.0/24 for another group of containers, and so on. Weave automatically takes care of provisioning these networks, and isolating container traffic on each network. Going further, you can flexibly detach a container from one network, and attach it to another network without restarting containers. For example:
|
||||
使用 weave,你可以创建多个虚拟网络,并为每个网络设置不同的应用。比如你可以为一群容器创建 10.0.0.0/24 网络,为另一群容器创建 10.10.0.0/24 网络,weave 会自动帮你维护这些网络,并将这两个网络互相隔离。另外,你可以灵活地将一个容器从一个网络移到另一个网络而不需要重启容器。举个例子:
|
||||
|
||||
First launch a container on 10.0.0.0/24:
|
||||
首先开启一个容器,运行在 10.0.0.0/24 网络上:
|
||||
|
||||
$ sudo weave run 10.0.0.2/24 -t -i ubuntu
|
||||
|
||||
Detach the container from 10.0.0.0/24:
|
||||
然后让它脱离这个网络:
|
||||
|
||||
$ sudo weave detach 10.0.0.2/24 <container-id>
|
||||
|
||||
Re-attach the container to another network 10.10.0.0/24:
|
||||
最后将它加入到 10.10.0.0/24 网络中:
|
||||
|
||||
$ sudo weave attach 10.10.0.2/24 <container-id>
|
||||
|
||||
|
||||
|
||||
Now this container should be able to communicate with other containers on 10.10.0.0/24. This is a pretty useful feature when network information is not available at the time you create a container.
|
||||
现在这个容器可以与 10.10.0.0/24 网络上的其它容器进行通信了。当你要把容器加入一个网络,而这个网络暂时不可用时,上面的步骤就很有帮助了。
|
||||
|
||||
#### Integrate Weave Networks with Host Network ####
|
||||
#### 将 weave 网络与宿主机网络整合起来 ####
|
||||
|
||||
Sometimes you may need to allow containers on a virtual weave network to access physical host network. Conversely, hosts may want to access containers on a weave network. To support this requirement, weave allows weave networks to be integrated with host network.
|
||||
有时候你想让虚拟网络中的容器能访问物理主机的网络。或者相反,宿主机需要访问容器。为满足这个功能,weave 允许虚拟网络与宿主机网络整合。
|
||||
|
||||
For example, on hostA where a container is running on network 10.0.0.0/24, run the following command.
|
||||
举个例子,在宿主机 hostA 上一个容器运行在 10.0.0.0/24 中,运行使用下面的命令:
|
||||
|
||||
hostA:~$ sudo weave expose 10.0.0.100/24
|
||||
|
||||
This will assign IP address 10.0.0.100 to hostA, so that hostA itself is also connected to 10.0.0.0/24 network. Obviously, you need to choose an IP address which is not used by any other containers on the network.
|
||||
这个命令把 IP 地址 10.0.0.100 分配给宿主机 hostA,这样一来 hostA 也连到了 10.0.0.0/24 网络上了。很明显,你在为宿主机选择 IP 地址的时候,需要选一个没有被其他容器使用的地址。
|
||||
|
||||
At this point, hostA should be able to access any containers on 10.0.0.0/24, whether or not the containers are residing on hostA. Pretty neat!
|
||||
现在 hostA 就可以访问 10.0.0.0/24 上的所有容器了,不管这些容器是否位于 hostA 上。好巧妙的设定啊,32 个赞!
|
||||
|
||||
### Conclusion ###
|
||||
### 总结 ###
|
||||
|
||||
As you can see, weave is a pretty useful Docker networking tool. This tutorial only covers a glimpse of [its powerful features][5]. If you are more ambitious, you can try its multi-hop routing, which can be pretty useful in multi-cloud environment, dynamic re-routing, which is a neat fault-tolerance feature, or even its distributed DNS service which allows you to name containers on weave networks. If you decide to use this gem in your environment, feel free to share your use case!
|
||||
如你所见,weave 是一个很有用的 docker 网络配置工具。这个教程只是[它强悍功能][5]的冰山一角。如果你想进一步玩玩,你可以试试它的以下功能:多跳路由功能,这个在 multi-cloud 环境(LCTT 注:多云,企业使用多个不同的云服务提供商的产品,比如 IaaS 和 SaaS,来承载不同的业务)下还是很有用的;动态重路由功能是一个很巧妙的容错技术;或者它的分布式 DNS 服务,它允许你为你的容器命名。如果你决定使用这个好东西,欢迎分享你的使用心得。
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://xmodulo.com/networking-between-docker-containers.html
|
||||
|
||||
作者:[Dan Nanni][a]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
译者:[bazz2](https://github.com/bazz2)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
|
||||
Loading…
Reference in New Issue
Block a user