Browse code
Some users docs with a Vagrant setup
Sebastien Goasguen authored on 2015/07/01 23:20:00Showing 2 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,57 @@ |
| 0 |
+# -*- mode: ruby -*- |
|
| 1 |
+# vi: set ft=ruby : |
|
| 2 |
+ |
|
| 3 |
+# Vagrantfile API/syntax version. Don't touch unless you know what you're doing! |
|
| 4 |
+VAGRANTFILE_API_VERSION = "2" |
|
| 5 |
+ |
|
| 6 |
+$consul=<<SCRIPT |
|
| 7 |
+apt-get update |
|
| 8 |
+apt-get -y install wget |
|
| 9 |
+wget -qO- https://experimental.docker.com/ | sh |
|
| 10 |
+gpasswd -a vagrant docker |
|
| 11 |
+service docker restart |
|
| 12 |
+docker run -d -p 8500:8500 -p 8300-8302:8300-8302/tcp -p 8300-8302:8300-8302/udp -h consul progrium/consul -server -bootstrap |
|
| 13 |
+SCRIPT |
|
| 14 |
+ |
|
| 15 |
+$bootstrap=<<SCRIPT |
|
| 16 |
+apt-get update |
|
| 17 |
+apt-get -y install wget curl |
|
| 18 |
+apt-get -y install bridge-utils |
|
| 19 |
+wget -qO- https://experimental.docker.com/ | sh |
|
| 20 |
+gpasswd -a vagrant docker |
|
| 21 |
+echo DOCKER_OPTS=\\"--default-network=overlay:multihost --kv-store=consul:192.168.33.10:8500 --label=com.docker.network.driver.overlay.bind_interface=eth1 --label=com.docker.network.driver.overlay.neighbor_ip=192.168.33.11\\" >> /etc/default/docker |
|
| 22 |
+service docker restart |
|
| 23 |
+SCRIPT |
|
| 24 |
+ |
|
| 25 |
+Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| |
|
| 26 |
+ |
|
| 27 |
+ config.ssh.shell = "bash -c 'BASH_ENV=/etc/profile exec bash'" |
|
| 28 |
+ num_nodes = 2 |
|
| 29 |
+ base_ip = "192.168.33." |
|
| 30 |
+ net_ips = num_nodes.times.collect { |n| base_ip + "#{n+11}" }
|
|
| 31 |
+ |
|
| 32 |
+ config.vm.define "consul-server" do |consul| |
|
| 33 |
+ consul.vm.box = "ubuntu/trusty64" |
|
| 34 |
+ consul.vm.hostname = "consul-server" |
|
| 35 |
+ consul.vm.network :private_network, ip: "192.168.33.10" |
|
| 36 |
+ consul.vm.provider "virtualbox" do |vb| |
|
| 37 |
+ vb.customize ["modifyvm", :id, "--memory", "512"] |
|
| 38 |
+ end |
|
| 39 |
+ consul.vm.provision :shell, inline: $consul |
|
| 40 |
+ end |
|
| 41 |
+ |
|
| 42 |
+ num_nodes.times do |n| |
|
| 43 |
+ config.vm.define "net-#{n+1}" do |net|
|
|
| 44 |
+ net.vm.box = "chef/ubuntu-14.10" |
|
| 45 |
+ net_ip = net_ips[n] |
|
| 46 |
+ net_index = n+1 |
|
| 47 |
+ net.vm.hostname = "net-#{net_index}"
|
|
| 48 |
+ net.vm.provider "virtualbox" do |vb| |
|
| 49 |
+ vb.customize ["modifyvm", :id, "--memory", "1024"] |
|
| 50 |
+ end |
|
| 51 |
+ net.vm.network :private_network, ip: "#{net_ip}"
|
|
| 52 |
+ net.vm.provision :shell, inline: $bootstrap |
|
| 53 |
+ end |
|
| 54 |
+ end |
|
| 55 |
+ |
|
| 56 |
+end |
| 0 | 57 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,185 @@ |
| 0 |
+# Vagrant Setup to Test the Overlay Driver |
|
| 1 |
+ |
|
| 2 |
+This documentation highlights how to use Vagrant to start a three nodes setup to test Docker network. |
|
| 3 |
+ |
|
| 4 |
+## Pre-requisites |
|
| 5 |
+ |
|
| 6 |
+This was tested on: |
|
| 7 |
+ |
|
| 8 |
+- Vagrant 1.7.2 |
|
| 9 |
+- VirtualBox 4.3.26 |
|
| 10 |
+ |
|
| 11 |
+## Machine Setup |
|
| 12 |
+ |
|
| 13 |
+The Vagrantfile provided will start three virtual machines. One will act as a consul server, and the other two will act as Docker host. |
|
| 14 |
+The experimental version of Docker is installed. |
|
| 15 |
+ |
|
| 16 |
+- `consul-server` is the Consul server node, based on Ubuntu 14.04, this has IP 192.168.33.10 |
|
| 17 |
+- `net-1` is the first Docker host based on Ubuntu 14.10, this has IP 192.168.33.11 |
|
| 18 |
+- `net-2` is the second Docker host based on Ubuntu 14.10, this has IP 192.168.33.12 |
|
| 19 |
+ |
|
| 20 |
+## Getting Started |
|
| 21 |
+ |
|
| 22 |
+Clone this repo, change to the `docs` directory and let Vagrant do the work. |
|
| 23 |
+ |
|
| 24 |
+ $ vagrant up |
|
| 25 |
+ $ vagrant status |
|
| 26 |
+ Current machine states: |
|
| 27 |
+ |
|
| 28 |
+ consul-server running (virtualbox) |
|
| 29 |
+ net-1 running (virtualbox) |
|
| 30 |
+ net-2 running (virtualbox) |
|
| 31 |
+ |
|
| 32 |
+You are now ready to SSH to the Docker hosts and start containers. |
|
| 33 |
+ |
|
| 34 |
+ $ vagrant ssh net-1 |
|
| 35 |
+ vagrant@net-1:~$ docker version |
|
| 36 |
+ Client version: 1.8.0-dev |
|
| 37 |
+ ...<snip>... |
|
| 38 |
+ |
|
| 39 |
+Check that Docker network is functional by listing the default networks: |
|
| 40 |
+ |
|
| 41 |
+ vagrant@net-1:~$ docker network ls |
|
| 42 |
+ NETWORK ID NAME TYPE |
|
| 43 |
+ 4275f8b3a821 none null |
|
| 44 |
+ 80eba28ed4a7 host host |
|
| 45 |
+ 64322973b4aa bridge bridge |
|
| 46 |
+ |
|
| 47 |
+No services has been published so far, so the `docker service ls` will return an empty list: |
|
| 48 |
+ |
|
| 49 |
+ $ docker service ls |
|
| 50 |
+ SERVICE ID NAME NETWORK CONTAINER |
|
| 51 |
+ |
|
| 52 |
+Start a container and check the content of `/etc/hosts`. |
|
| 53 |
+ |
|
| 54 |
+ $ docker run -it --rm ubuntu:14.04 bash |
|
| 55 |
+ root@df479e660658:/# cat /etc/hosts |
|
| 56 |
+ 172.21.0.3 df479e660658 |
|
| 57 |
+ 127.0.0.1 localhost |
|
| 58 |
+ ::1 localhost ip6-localhost ip6-loopback |
|
| 59 |
+ fe00::0 ip6-localnet |
|
| 60 |
+ ff00::0 ip6-mcastprefix |
|
| 61 |
+ ff02::1 ip6-allnodes |
|
| 62 |
+ ff02::2 ip6-allrouters |
|
| 63 |
+ 172.21.0.3 distracted_bohr |
|
| 64 |
+ 172.21.0.3 distracted_bohr.multihost |
|
| 65 |
+ |
|
| 66 |
+In a separate terminal on `net-1` list the networks again. You will see that the _multihost_ overlay now appears. |
|
| 67 |
+The overlay network _multihost_ is your default network. This was setup by the Docker daemon during the Vagrant provisioning. Check `/etc/default/docker` to see the options that were set. |
|
| 68 |
+ |
|
| 69 |
+ vagrant@net-1:~$ docker network ls |
|
| 70 |
+ NETWORK ID NAME TYPE |
|
| 71 |
+ 4275f8b3a821 none null |
|
| 72 |
+ 80eba28ed4a7 host host |
|
| 73 |
+ 64322973b4aa bridge bridge |
|
| 74 |
+ b5c9f05f1f8f multihost overlay |
|
| 75 |
+ |
|
| 76 |
+Now in a separate terminal, SSH to `net-2`, check the network and services. The networks will be the same, and the default network will also be _multihost_ of type overlay. But the service will show the container started on `net-1`: |
|
| 77 |
+ |
|
| 78 |
+ $ vagrant ssh net-2 |
|
| 79 |
+ vagrant@net-2:~$ docker service ls |
|
| 80 |
+ SERVICE ID NAME NETWORK CONTAINER |
|
| 81 |
+ b00f2bfd81ac distracted_bohr multihost df479e660658 |
|
| 82 |
+ |
|
| 83 |
+Start a container on `net-2` and check the `/etc/hosts`. |
|
| 84 |
+ |
|
| 85 |
+ vagrant@net-2:~$ docker run -ti --rm ubuntu:14.04 bash |
|
| 86 |
+ root@2ac726b4ce60:/# cat /etc/hosts |
|
| 87 |
+ 172.21.0.4 2ac726b4ce60 |
|
| 88 |
+ 127.0.0.1 localhost |
|
| 89 |
+ ::1 localhost ip6-localhost ip6-loopback |
|
| 90 |
+ fe00::0 ip6-localnet |
|
| 91 |
+ ff00::0 ip6-mcastprefix |
|
| 92 |
+ ff02::1 ip6-allnodes |
|
| 93 |
+ ff02::2 ip6-allrouters |
|
| 94 |
+ 172.21.0.3 distracted_bohr |
|
| 95 |
+ 172.21.0.3 distracted_bohr.multihost |
|
| 96 |
+ 172.21.0.4 modest_curie |
|
| 97 |
+ 172.21.0.4 modest_curie.multihost |
|
| 98 |
+ |
|
| 99 |
+You will see not only the container that you just started on `net-2` but also the container that you started earlier on `net-1`. |
|
| 100 |
+And of course you will be able to ping each container. |
|
| 101 |
+ |
|
| 102 |
+## Creating a Non Default Overlay Network |
|
| 103 |
+ |
|
| 104 |
+In the previous test we started containers with regular options `-ti --rm` and these containers got placed automatically in the default network which was set to be the _multihost_ network of type overlay. |
|
| 105 |
+ |
|
| 106 |
+But you could create your own overlay network and start containers in it. Let's create a new overlay network. |
|
| 107 |
+On one of your Docker hosts, `net-1` or `net-2` do: |
|
| 108 |
+ |
|
| 109 |
+ $ docker network create -d overlay foobar |
|
| 110 |
+ 8805e22ad6e29cd7abb95597c91420fdcac54f33fcdd6fbca6dd4ec9710dd6a4 |
|
| 111 |
+ $ docker network ls |
|
| 112 |
+ NETWORK ID NAME TYPE |
|
| 113 |
+ a77e16a1e394 host host |
|
| 114 |
+ 684a4bb4c471 bridge bridge |
|
| 115 |
+ 8805e22ad6e2 foobar overlay |
|
| 116 |
+ b5c9f05f1f8f multihost overlay |
|
| 117 |
+ 67d5a33a2e54 none null |
|
| 118 |
+ |
|
| 119 |
+Automatically, the second host will also see this network. To start a container on this new network, simply use the `--publish-service` option of `docker run` like so: |
|
| 120 |
+ |
|
| 121 |
+ $ docker run -it --rm --publish-service=bar.foobar.overlay ubuntu:14.04 bash |
|
| 122 |
+ |
|
| 123 |
+Note, that you could directly start a container with a new overlay using the `--publish-service` option and it will create the network automatically. |
|
| 124 |
+ |
|
| 125 |
+Check the docker services now: |
|
| 126 |
+ |
|
| 127 |
+ $ docker service ls |
|
| 128 |
+ SERVICE ID NAME NETWORK CONTAINER |
|
| 129 |
+ b1ffdbfb1ac6 bar foobar 6635a3822135 |
|
| 130 |
+ |
|
| 131 |
+Repeat the getting started steps, by starting another container in this new overlay on the other host, check the `/etc/hosts` file and try to ping each container. |
|
| 132 |
+ |
|
| 133 |
+## A look at the interfaces |
|
| 134 |
+ |
|
| 135 |
+This new Docker multihost networking is made possible via VXLAN tunnels and the use of network namespaces. |
|
| 136 |
+Check the [design](design.md) documentation for all the details. But to explore these concepts a bit, nothing beats an example. |
|
| 137 |
+ |
|
| 138 |
+With a running container in one overlay, check the network namespace: |
|
| 139 |
+ |
|
| 140 |
+ $ docker inspect -f '{{ .NetworkSettings.SandboxKey}}' 6635a3822135
|
|
| 141 |
+ /var/run/docker/netns/6635a3822135 |
|
| 142 |
+ |
|
| 143 |
+This is a none default location for network namespaces which might confuse things a bit. So let's become root, head over to this directory that contains the network namespaces of the containers and check the interfaces: |
|
| 144 |
+ |
|
| 145 |
+ $ sudo su |
|
| 146 |
+ root@net-2:/home/vagrant# cd /var/run/docker/ |
|
| 147 |
+ root@net-2:/var/run/docker# ls netns |
|
| 148 |
+ 6635a3822135 |
|
| 149 |
+ 8805e22ad6e2 |
|
| 150 |
+ |
|
| 151 |
+To be able to check the interfaces in those network namespace using `ip` command, just create a symlink for `netns` that points to `/var/run/docker/netns`: |
|
| 152 |
+ |
|
| 153 |
+ root@net-2:/var/run# ln -s /var/run/docker/netns netns |
|
| 154 |
+ root@net-2:/var/run# ip netns show |
|
| 155 |
+ 6635a3822135 |
|
| 156 |
+ 8805e22ad6e2 |
|
| 157 |
+ |
|
| 158 |
+The two namespace ID return are the ones of the running container on that host and the one of the actual overlay network the container is in. |
|
| 159 |
+Let's check the interfaces in the container: |
|
| 160 |
+ |
|
| 161 |
+ root@net-2:/var/run/docker# ip netns exec 6635a3822135 ip addr show eth0 |
|
| 162 |
+ 15: eth0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default |
|
| 163 |
+ link/ether 02:42:b3:91:22:c3 brd ff:ff:ff:ff:ff:ff |
|
| 164 |
+ inet 172.21.0.5/16 scope global eth0 |
|
| 165 |
+ valid_lft forever preferred_lft forever |
|
| 166 |
+ inet6 fe80::42:b3ff:fe91:22c3/64 scope link |
|
| 167 |
+ valid_lft forever preferred_lft forever |
|
| 168 |
+ |
|
| 169 |
+Indeed we get back the network interface of our running container, same MAC address, same IP. |
|
| 170 |
+If we check the links of the overlay namespace we see our vxlan interface and the VLAN ID being used. |
|
| 171 |
+ |
|
| 172 |
+ root@net-2:/var/run/docker# ip netns exec 8805e22ad6e2 ip -d link show |
|
| 173 |
+ ...<snip>... |
|
| 174 |
+ 14: vxlan1: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UNKNOWN mode DEFAULT group default |
|
| 175 |
+ link/ether 7a:af:20:ee:e3:81 brd ff:ff:ff:ff:ff:ff promiscuity 1 |
|
| 176 |
+ vxlan id 256 srcport 32768 61000 dstport 8472 proxy l2miss l3miss ageing 300 |
|
| 177 |
+ bridge_slave |
|
| 178 |
+ 16: veth2: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP mode DEFAULT group default qlen 1000 |
|
| 179 |
+ link/ether 46:b1:e2:5c:48:a8 brd ff:ff:ff:ff:ff:ff promiscuity 1 |
|
| 180 |
+ veth |
|
| 181 |
+ bridge_slave |
|
| 182 |
+ |
|
| 183 |
+If you sniff packets on these interfaces you will see the traffic between your containers. |
|
| 184 |
+ |