我全新安装了 Arch,使用 systemd-networkd 作为网络管理器,使用 systemd-resolved 进行 DNS 解析。我尝试运行多个容器,但它们都无法访问互联网/解析域名。
当我从默认桥上的容器启动交互式 shell 时curl google.com,我得到了Failed to connect to google.com port 80: No route to host。
我已经在存根模式下配置了 /etc/resolv.conf,并为我的主链接创建了一个 .network 文件,这样我就可以从主机访问互联网了。我还IPForward=yes按照Docker 维基百科。
有谁知道如何使用 networkd 配置 docker 网络接口并解析以向其提供 DNS 服务器?
ip addr 的输出:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: enp37s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
link/ether 30:9c:23:1e:e9:2d brd ff:ff:ff:ff:ff:ff
3: enp38s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 50:91:e3:0d:c0:34 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.20/24 metric 1024 brd 192.168.0.255 scope global dynamic enp38s0
valid_lft 2621sec preferred_lft 2621sec
inet6 fe80::5291:e3ff:fe0d:c034/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:81:a0:ef:17 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
32: br-9e997675bb1b: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:b7:39:a1:6e brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 brd 172.18.255.255 scope global br-9e997675bb1b
valid_lft forever preferred_lft forever
inet6 fe80::42:b7ff:fe39:a16e/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
34: veth51e882e@if33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 16:da:a8:84:7d:a3 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::14da:a8ff:fe84:7da3/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
resolvectl 的输出:
Global
Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 9.9.9.9#dns.quad9.net 8.8.8.8#dns.google
2606:4700:4700::1111#cloudflare-dns.com 2620:fe::9#dns.quad9.net 2001:4860:4860::8888#dns.google
Link 2 (enp37s0)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Link 3 (enp38s0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.0.1
DNS Servers: 192.168.0.1 205.171.2.65
Link 4 (docker0)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
Link 32 (br-9e997675bb1b)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
Link 34 (veth51e882e)
Current Scopes: LLMNR/IPv6
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
networkctl 的输出:
IDX LINK TYPE OPERATIONAL SETUP
1 lo loopback carrier unmanaged
2 enp37s0 ether no-carrier configuring
3 enp38s0 ether routable configured
4 docker0 bridge no-carrier unmanaged
32 br-9e997675bb1b bridge no-carrier unmanaged
34 veth51e882e ether degraded configuring
6 links listed.
答案1
问题出现在 networkctl 的输出中;最后一个链接 (veth...) 已“降级”。这是由于我配置 .network 文件的方式造成的:
[Match]
Type=ether
[Network]
DHCP=yes
IPForward=yes
我根据 type=ether 进行匹配,因为我有多个以太网网卡,并且希望它们全部匹配。
问题在于,一些 docker 容器会创建虚拟以太网链接,并绑定到 docker0 链接。但是,由于它们显示为以太网类型,因此 networkd 会尝试管理它们,结果它们进入了“降级”状态。
解决方案:更改 .network 文件以根据名称匹配:
[Match]
Name=enp*
[Network]
DHCP=yes
IPForward=yes
进行此更改并重新启动 networkd 和 dockerd 后,一切似乎都正常,这是 networkctl 的输出:
IDX LINK TYPE OPERATIONAL SETUP
1 lo loopback carrier unmanaged
2 enp37s0 ether no-carrier configuring
3 enp38s0 ether routable configured
4 br-9e997675bb1b bridge routable unmanaged
5 docker0 bridge no-carrier unmanaged
9 br-99c39fddeeb0 bridge routable unmanaged
11 vethc769b2b ether enslaved unmanaged
13 vethf160bb2 ether enslaved unmanaged
8 links listed.