我试图了解 CoreOS 中的网络模型,但我无法让操作系统屈服于我的意愿。
我面临的问题是我想使用 weave 作为容器内的覆盖网络,以促进每个服务唯一的 IP+端口元组。
但是,当使用 vagrant 和 virtualbox 在我的笔记本电脑上测试 CoreOS 时,我无法让 CoreOS 接受 docker 守护进程应使用与 10.1.0.0/16 不同的 cidr。尽管已经这样做了:
cp /usr/lib/systemd/system/docker.service /etc/systemd/system/
vim /etc/systemd/system/docker.service
并将其包含在user-data:
3 units:
2 - name: docker.service
1 command: restart
0 content: |
1 [Unit]
2 Description=Docker Application Container Engine
3 Documentation=http://docs.docker.com
4 After=docker.socket early-docker.target network.target
5 Requires=docker.socket early-docker.target
6
7 [Service]
8 Environment=TMPDIR=/var/tmp
9 EnvironmentFile=-/run/flannel_docker_opts.env
10 MountFlags=slave
11 LimitNOFILE=1048576
12 LimitNPROC=1048576
13 ExecStart=/usr/lib/coreos/dockerd --daemon --host=fd:// --icc=false --fixed-cidr=172.17.42.0/16 $DOCKER_OPTS $ DOCKER_OPT_BIP $DOCKER_OPT_MTU $DOCKER_OPT_IPMASQ
14
15 [Install]
16 WantedBy=multi-user.target
17
我已经重新启动了机器,重新启动了 docker,现在我无法启动,因为它告诉我:
● docker.service - Docker Application Container Engine
Loaded: loaded (/etc/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Fri 2015-03-06 08:53:40 UTC; 13s ago
Docs: http://docs.docker.com
Process: 2331 ExecStart=/usr/lib/coreos/dockerd --daemon --host=fd:// --bridge=docker0 --icc=false --fixed-cidr=172.17.42.0/16 $DOCKER_OPTS $DOCKER_OPT_BIP $DOCKER_OPT_MTU $DOCKER_OPT_IPMASQ (code=exited, status=1/FAILURE)
Main PID: 2331 (code=exited, status=1/FAILURE)
Mar 06 08:53:40 core-01 dockerd[2331]: network does not contain specified subnet
Mar 06 08:53:40 core-01 dockerd[2331]: time="2015-03-06T08:53:40Z" level="info" msg="-job init_networkdriver() = ERR (1)"
Mar 06 08:53:40 core-01 dockerd[2331]: time="2015-03-06T08:53:40Z" level="fatal" msg="network does not contain specified subnet"
Mar 06 08:53:40 core-01 systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
Mar 06 08:53:40 core-01 systemd[1]: Unit docker.service entered failed state.
Mar 06 08:53:40 core-01 systemd[1]: docker.service failed.
Mar 06 08:53:40 core-01 systemd[1]: Starting Docker Application Container Engine...
Mar 06 08:53:40 core-01 systemd[1]: start request repeated too quickly for docker.service
Mar 06 08:53:40 core-01 systemd[1]: Failed to start Docker Application Container Engine.
Mar 06 08:53:40 core-01 systemd[1]: docker.service failed.
为什么是这样?
这是 docker0 接口:
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 56:84:7a:fe:97:99 brd ff:ff:ff:ff:ff:ff
inet 172.17.42.1/16 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::5484:7aff:fefe:9799/64 scope link
valid_lft forever preferred_lft forever
答案1
它正在寻找一个 blip,或者更确切地说是一个--bip=172.17.42.1/16配置设置,而不是固定的 cidr。
您还必须手动拆除桥接口:
ip link set dev docker0 down
core-01 system # brctl delbr docker0
core-01 system # systemctl daemon-reload
core-01 system # systemctl start docker
core-01 system # journalctl -fu docker.service