Some users docs with a Vagrant setup
This commit is contained in:
parent
ee82cc7254
commit
ca7aa81de8
2 changed files with 242 additions and 0 deletions
57
libnetwork/docs/Vagrantfile
vendored
Normal file
57
libnetwork/docs/Vagrantfile
vendored
Normal file
|
@ -0,0 +1,57 @@
|
|||
# -*- mode: ruby -*-
|
||||
# vi: set ft=ruby :
|
||||
|
||||
# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
|
||||
VAGRANTFILE_API_VERSION = "2"
|
||||
|
||||
$consul=<<SCRIPT
|
||||
apt-get update
|
||||
apt-get -y install wget
|
||||
wget -qO- https://experimental.docker.com/ | sh
|
||||
gpasswd -a vagrant docker
|
||||
service docker restart
|
||||
docker run -d -p 8500:8500 -p 8300-8302:8300-8302/tcp -p 8300-8302:8300-8302/udp -h consul progrium/consul -server -bootstrap
|
||||
SCRIPT
|
||||
|
||||
$bootstrap=<<SCRIPT
|
||||
apt-get update
|
||||
apt-get -y install wget curl
|
||||
apt-get -y install bridge-utils
|
||||
wget -qO- https://experimental.docker.com/ | sh
|
||||
gpasswd -a vagrant docker
|
||||
echo DOCKER_OPTS=\\"--default-network=overlay:multihost --kv-store=consul:192.168.33.10:8500 --label=com.docker.network.driver.overlay.bind_interface=eth1 --label=com.docker.network.driver.overlay.neighbor_ip=192.168.33.11\\" >> /etc/default/docker
|
||||
service docker restart
|
||||
SCRIPT
|
||||
|
||||
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
|
||||
|
||||
config.ssh.shell = "bash -c 'BASH_ENV=/etc/profile exec bash'"
|
||||
num_nodes = 2
|
||||
base_ip = "192.168.33."
|
||||
net_ips = num_nodes.times.collect { |n| base_ip + "#{n+11}" }
|
||||
|
||||
config.vm.define "consul-server" do |consul|
|
||||
consul.vm.box = "ubuntu/trusty64"
|
||||
consul.vm.hostname = "consul-server"
|
||||
consul.vm.network :private_network, ip: "192.168.33.10"
|
||||
consul.vm.provider "virtualbox" do |vb|
|
||||
vb.customize ["modifyvm", :id, "--memory", "512"]
|
||||
end
|
||||
consul.vm.provision :shell, inline: $consul
|
||||
end
|
||||
|
||||
num_nodes.times do |n|
|
||||
config.vm.define "net-#{n+1}" do |net|
|
||||
net.vm.box = "chef/ubuntu-14.10"
|
||||
net_ip = net_ips[n]
|
||||
net_index = n+1
|
||||
net.vm.hostname = "net-#{net_index}"
|
||||
net.vm.provider "virtualbox" do |vb|
|
||||
vb.customize ["modifyvm", :id, "--memory", "1024"]
|
||||
end
|
||||
net.vm.network :private_network, ip: "#{net_ip}"
|
||||
net.vm.provision :shell, inline: $bootstrap
|
||||
end
|
||||
end
|
||||
|
||||
end
|
185
libnetwork/docs/vagrant.md
Normal file
185
libnetwork/docs/vagrant.md
Normal file
|
@ -0,0 +1,185 @@
|
|||
# Vagrant Setup to Test the Overlay Driver
|
||||
|
||||
This documentation highlights how to use Vagrant to start a three nodes setup to test Docker network.
|
||||
|
||||
## Pre-requisites
|
||||
|
||||
This was tested on:
|
||||
|
||||
- Vagrant 1.7.2
|
||||
- VirtualBox 4.3.26
|
||||
|
||||
## Machine Setup
|
||||
|
||||
The Vagrantfile provided will start three virtual machines. One will act as a consul server, and the other two will act as Docker host.
|
||||
The experimental version of Docker is installed.
|
||||
|
||||
- `consul-server` is the Consul server node, based on Ubuntu 14.04, this has IP 192.168.33.10
|
||||
- `net-1` is the first Docker host based on Ubuntu 14.10, this has IP 192.168.33.11
|
||||
- `net-2` is the second Docker host based on Ubuntu 14.10, this has IP 192.168.33.12
|
||||
|
||||
## Getting Started
|
||||
|
||||
Clone this repo, change to the `docs` directory and let Vagrant do the work.
|
||||
|
||||
$ vagrant up
|
||||
$ vagrant status
|
||||
Current machine states:
|
||||
|
||||
consul-server running (virtualbox)
|
||||
net-1 running (virtualbox)
|
||||
net-2 running (virtualbox)
|
||||
|
||||
You are now ready to SSH to the Docker hosts and start containers.
|
||||
|
||||
$ vagrant ssh net-1
|
||||
vagrant@net-1:~$ docker version
|
||||
Client version: 1.8.0-dev
|
||||
...<snip>...
|
||||
|
||||
Check that Docker network is functional by listing the default networks:
|
||||
|
||||
vagrant@net-1:~$ docker network ls
|
||||
NETWORK ID NAME TYPE
|
||||
4275f8b3a821 none null
|
||||
80eba28ed4a7 host host
|
||||
64322973b4aa bridge bridge
|
||||
|
||||
No services has been published so far, so the `docker service ls` will return an empty list:
|
||||
|
||||
$ docker service ls
|
||||
SERVICE ID NAME NETWORK CONTAINER
|
||||
|
||||
Start a container and check the content of `/etc/hosts`.
|
||||
|
||||
$ docker run -it --rm ubuntu:14.04 bash
|
||||
root@df479e660658:/# cat /etc/hosts
|
||||
172.21.0.3 df479e660658
|
||||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
fe00::0 ip6-localnet
|
||||
ff00::0 ip6-mcastprefix
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
172.21.0.3 distracted_bohr
|
||||
172.21.0.3 distracted_bohr.multihost
|
||||
|
||||
In a separate terminal on `net-1` list the networks again. You will see that the _multihost_ overlay now appears.
|
||||
The overlay network _multihost_ is your default network. This was setup by the Docker daemon during the Vagrant provisioning. Check `/etc/default/docker` to see the options that were set.
|
||||
|
||||
vagrant@net-1:~$ docker network ls
|
||||
NETWORK ID NAME TYPE
|
||||
4275f8b3a821 none null
|
||||
80eba28ed4a7 host host
|
||||
64322973b4aa bridge bridge
|
||||
b5c9f05f1f8f multihost overlay
|
||||
|
||||
Now in a separate terminal, SSH to `net-2`, check the network and services. The networks will be the same, and the default network will also be _multihost_ of type overlay. But the service will show the container started on `net-1`:
|
||||
|
||||
$ vagrant ssh net-2
|
||||
vagrant@net-2:~$ docker service ls
|
||||
SERVICE ID NAME NETWORK CONTAINER
|
||||
b00f2bfd81ac distracted_bohr multihost df479e660658
|
||||
|
||||
Start a container on `net-2` and check the `/etc/hosts`.
|
||||
|
||||
vagrant@net-2:~$ docker run -ti --rm ubuntu:14.04 bash
|
||||
root@2ac726b4ce60:/# cat /etc/hosts
|
||||
172.21.0.4 2ac726b4ce60
|
||||
127.0.0.1 localhost
|
||||
::1 localhost ip6-localhost ip6-loopback
|
||||
fe00::0 ip6-localnet
|
||||
ff00::0 ip6-mcastprefix
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
172.21.0.3 distracted_bohr
|
||||
172.21.0.3 distracted_bohr.multihost
|
||||
172.21.0.4 modest_curie
|
||||
172.21.0.4 modest_curie.multihost
|
||||
|
||||
You will see not only the container that you just started on `net-2` but also the container that you started earlier on `net-1`.
|
||||
And of course you will be able to ping each container.
|
||||
|
||||
## Creating a Non Default Overlay Network
|
||||
|
||||
In the previous test we started containers with regular options `-ti --rm` and these containers got placed automatically in the default network which was set to be the _multihost_ network of type overlay.
|
||||
|
||||
But you could create your own overlay network and start containers in it. Let's create a new overlay network.
|
||||
On one of your Docker hosts, `net-1` or `net-2` do:
|
||||
|
||||
$ docker network create -d overlay foobar
|
||||
8805e22ad6e29cd7abb95597c91420fdcac54f33fcdd6fbca6dd4ec9710dd6a4
|
||||
$ docker network ls
|
||||
NETWORK ID NAME TYPE
|
||||
a77e16a1e394 host host
|
||||
684a4bb4c471 bridge bridge
|
||||
8805e22ad6e2 foobar overlay
|
||||
b5c9f05f1f8f multihost overlay
|
||||
67d5a33a2e54 none null
|
||||
|
||||
Automatically, the second host will also see this network. To start a container on this new network, simply use the `--publish-service` option of `docker run` like so:
|
||||
|
||||
$ docker run -it --rm --publish-service=bar.foobar.overlay ubuntu:14.04 bash
|
||||
|
||||
Note, that you could directly start a container with a new overlay using the `--publish-service` option and it will create the network automatically.
|
||||
|
||||
Check the docker services now:
|
||||
|
||||
$ docker service ls
|
||||
SERVICE ID NAME NETWORK CONTAINER
|
||||
b1ffdbfb1ac6 bar foobar 6635a3822135
|
||||
|
||||
Repeat the getting started steps, by starting another container in this new overlay on the other host, check the `/etc/hosts` file and try to ping each container.
|
||||
|
||||
## A look at the interfaces
|
||||
|
||||
This new Docker multihost networking is made possible via VXLAN tunnels and the use of network namespaces.
|
||||
Check the [design](design.md) documentation for all the details. But to explore these concepts a bit, nothing beats an example.
|
||||
|
||||
With a running container in one overlay, check the network namespace:
|
||||
|
||||
$ docker inspect -f '{{ .NetworkSettings.SandboxKey}}' 6635a3822135
|
||||
/var/run/docker/netns/6635a3822135
|
||||
|
||||
This is a none default location for network namespaces which might confuse things a bit. So let's become root, head over to this directory that contains the network namespaces of the containers and check the interfaces:
|
||||
|
||||
$ sudo su
|
||||
root@net-2:/home/vagrant# cd /var/run/docker/
|
||||
root@net-2:/var/run/docker# ls netns
|
||||
6635a3822135
|
||||
8805e22ad6e2
|
||||
|
||||
To be able to check the interfaces in those network namespace using `ip` command, just create a symlink for `netns` that points to `/var/run/docker/netns`:
|
||||
|
||||
root@net-2:/var/run# ln -s /var/run/docker/netns netns
|
||||
root@net-2:/var/run# ip netns show
|
||||
6635a3822135
|
||||
8805e22ad6e2
|
||||
|
||||
The two namespace ID return are the ones of the running container on that host and the one of the actual overlay network the container is in.
|
||||
Let's check the interfaces in the container:
|
||||
|
||||
root@net-2:/var/run/docker# ip netns exec 6635a3822135 ip addr show eth0
|
||||
15: eth0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
|
||||
link/ether 02:42:b3:91:22:c3 brd ff:ff:ff:ff:ff:ff
|
||||
inet 172.21.0.5/16 scope global eth0
|
||||
valid_lft forever preferred_lft forever
|
||||
inet6 fe80::42:b3ff:fe91:22c3/64 scope link
|
||||
valid_lft forever preferred_lft forever
|
||||
|
||||
Indeed we get back the network interface of our running container, same MAC address, same IP.
|
||||
If we check the links of the overlay namespace we see our vxlan interface and the VLAN ID being used.
|
||||
|
||||
root@net-2:/var/run/docker# ip netns exec 8805e22ad6e2 ip -d link show
|
||||
...<snip>...
|
||||
14: vxlan1: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UNKNOWN mode DEFAULT group default
|
||||
link/ether 7a:af:20:ee:e3:81 brd ff:ff:ff:ff:ff:ff promiscuity 1
|
||||
vxlan id 256 srcport 32768 61000 dstport 8472 proxy l2miss l3miss ageing 300
|
||||
bridge_slave
|
||||
16: veth2: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP mode DEFAULT group default qlen 1000
|
||||
link/ether 46:b1:e2:5c:48:a8 brd ff:ff:ff:ff:ff:ff promiscuity 1
|
||||
veth
|
||||
bridge_slave
|
||||
|
||||
If you sniff packets on these interfaces you will see the traffic between your containers.
|
||||
|
Loading…
Reference in a new issue