在 Vagrant 中为 Docker 覆盖网络路由两个子网的配置

2024-6-1 • tag-icon

对于实验室Docker 深度探索在第 12 章中，我按照以下 Vagrantfile 设置虚拟机：

Vagrant.configure("2") do |config|
  config.vm.box = "ubuntu/focal64"
  config.vm.box_version = "20220215.1.0"

  config.vm.define 'node1' do |node|
    node.vm.provider "virtualbox" do |v|
      v.name = 'node1'
      v.cpus = 2
      v.memory = 2048
    end

    node.vm.hostname = 'node1'
    node.vm.network :private_network, ip: '192.168.1.2', netmask: '255.255.255.0'
    node.vm.network :forwarded_port, guest: 22, host: 2222, id: 'ssh'
  end

  config.vm.define 'node2' do |node|
    node.vm.provider "virtualbox" do |v|
      v.name = 'node2'
      v.cpus = 2
      v.memory = 2048
    end

    node.vm.hostname = 'node2'
    node.vm.network :private_network, ip: '172.31.1.2', netmask: '255.255.255.0'
    node.vm.network :forwarded_port, guest: 22, host: 2223, id: 'ssh'
  end
end

Node1 在子网 192.168.1.0/24 中，node2 在子网 172.31.1.0/24 中。它们可以通过 Vagrant 默认网关 ( _gateway) 进行通信：

# In node1
vagrant@node1:~$ traceroute 172.31.1.2
traceroute to 172.31.1.2 (172.31.1.2), 30 hops max, 60 byte packets
 1  _gateway (10.0.2.2)  0.158 ms  0.072 ms  0.184 ms
 2  172.31.1.2 (172.31.1.2)  0.867 ms  0.847 ms  0.830 ms

# In node2
vagrant@node2:~$ traceroute 192.168.1.2
traceroute to 192.168.1.2 (192.168.1.2), 30 hops max, 60 byte packets
 1  _gateway (10.0.2.2)  0.209 ms  0.150 ms  0.130 ms
 2  192.168.1.2 (192.168.1.2)  1.026 ms  1.005 ms  0.987 ms

init因此，节点 1 和节点 2 上的Swarmjoin正在运行：

# In node1
vagrant@node1:~$ docker swarm init --advertise-addr 192.168.1.2
(..eliding the join token command)

# In node2
vagrant@node2:~$ docker swarm join --token SWMTKN-1-4sr2wdfp8lokknutsl68nyodw4wdva0j5r32douzxhn7eqmh8i-2vrfp54qgmo7ya1sr9kvsa561 192.168.1.2:2377 --advertise-addr 172.31.1.2
This node joined a swarm as a worker.

# In node1
ID                            HOSTNAME   STATUS    AVAILABILITY   MANAGER STATUS   ENGINE VERSION
vdiaxw7xzvjidhk0lrjacxjri *   node1      Ready     Active         Leader           20.10.17
sdxuxpsji18w32saz5k9wqsa7     node2      Ready     Active                          20.10.17

但同一覆盖网络上的容器之间 ping 不通：

# In node1
vagrant@node1:~$ docker network create -d overlay test-net
btkw44xkaucftn2pjqgdpc6k0
vagrant@node1:~$ docker service create --name test --network test-net --replicas 2 ubuntu sleep infinity
docker 3x0zzv5oguzlkgvtn5ajz0tnz
overall progress: 2 out of 2 tasks
1/2: running   [==================================================>]
2/2: running   [==================================================>]
verify: Service converged
vagrant@node1:~$ docker service ps test
ID             NAME      IMAGE           NODE      DESIRED STATE   CURRENT STATE            ERROR     PORTS
a3sjyg317nau   test.1    ubuntu:latest   node1     Running         Running 43 seconds ago
fdc5ozw6cqmx   test.2    ubuntu:latest   node2     Running         Running 43 seconds ago

vagrant@node1:~$ docker ps
CONTAINER ID   IMAGE           COMMAND            CREATED         STATUS         PORTS     NAMES
65f0a9719985   ubuntu:latest   "sleep infinity"   5 minutes ago   Up 5 minutes             test.1.a3sjyg317nauk83rxt1glr9d3
vagrant@node1:~$ docker exec -it 65f0a9719985 bash

root@65f0a9719985:/# apt update && apt install iputils-ping traceroute -y
(..eliding)
root@65f0a9719985:/# ping 10.0.1.4 # cannot ping
PING 10.0.1.4 (10.0.1.4) 56(84) bytes of data. 

# In node2
vagrant@node2:~$ docker network inspect test-net | jq -r '.[].Containers | with_entries(.value = .value.IPv4Address)'
{
  "e81ad230be6fc136950626c38034cd41531c6ccef9047222213d9be18f7ca83c": "10.0.1.4/24", # <- dest to test
  "lb-test-net": "10.0.1.6/24"
}

我该如何配置节点网络（猜猜我遗漏了什么）来连接覆盖网络中的容器？

供参考，

每个节点的覆盖网络检查如下。除以下几点外，其他几乎相同.Containers：

# In node1
vagrant@node1:~$ docker network inspect test-net
[
    {
        "Name": "test-net",
        "Id": "btkw44xkaucftn2pjqgdpc6k0",
        "Created": "2022-07-12T05:58:39.94206374Z",
        "Scope": "swarm",
        "Driver": "overlay",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "10.0.1.0/24",
                    "Gateway": "10.0.1.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "65f0a9719985c62d09f71cd422ba105d432f6260a5353c3584aecb038d560369": {
                "Name": "test.1.a3sjyg317nauk83rxt1glr9d3",
                "EndpointID": "c60ed56fa8f00cce93d4d39a2d2c89425c267e5a9ec83c9121398d88065509c1",
                "MacAddress": "02:42:0a:00:01:03",
                "IPv4Address": "10.0.1.3/24",
                "IPv6Address": ""
            },
            "lb-test-net": {
                "Name": "test-net-endpoint",
                "EndpointID": "5696394c8e5134617c54f2f4df741cfc96c16c1dfce7566b2e3d0f6e5a9020b2",
                "MacAddress": "02:42:0a:00:01:05",
                "IPv4Address": "10.0.1.5/24",
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.driver.overlay.vxlanid_list": "4097"
        },
        "Labels": {},
        "Peers": [
            {
                "Name": "6d52d8ef1bf0",
                "IP": "192.168.1.2"
            },
            {
                "Name": "6fd0a4423f64",
                "IP": "172.31.1.2"
            }
        ]
    }
]

# In node2
vagrant@node2:~$ docker network inspect test-net
[
    {
        "Name": "test-net",
        "Id": "btkw44xkaucftn2pjqgdpc6k0",
        "Created": "2022-07-12T05:58:40.147459194Z",
        "Scope": "swarm",
        "Driver": "overlay",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "10.0.1.0/24",
                    "Gateway": "10.0.1.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "e81ad230be6fc136950626c38034cd41531c6ccef9047222213d9be18f7ca83c": {
                "Name": "test.2.fdc5ozw6cqmxta03ijvkr1v1h",
                "EndpointID": "aab0cc3b802221d67625d57f43233b8d57a3ccc8826c9f6f7d784b3fea3d72d5",
                "MacAddress": "02:42:0a:00:01:04",
                "IPv4Address": "10.0.1.4/24",
                "IPv6Address": ""
            },
            "lb-test-net": {
                "Name": "test-net-endpoint",
                "EndpointID": "477a32193cc38bbc01fa54d53f454442bb2603cdf940d43c55e6d8e8c963d6f4",
                "MacAddress": "02:42:0a:00:01:06",
                "IPv4Address": "10.0.1.6/24",
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.driver.overlay.vxlanid_list": "4097"
        },
        "Labels": {},
        "Peers": [
            {
                "Name": "6fd0a4423f64",
                "IP": "172.31.1.2"
            },
            {
                "Name": "6d52d8ef1bf0",
                "IP": "192.168.1.2"
            }
        ]
    }
]

并且覆盖网络的所有端口都已打开：

# In node1
vagrant@node1:~$ netstat -tuln | grep -E '(2377|7946|4789)'
tcp6       0      0 :::2377                 :::*                    LISTEN
tcp6       0      0 :::7946                 :::*                    LISTEN
udp        0      0 0.0.0.0:4789            0.0.0.0:*
udp6       0      0 :::7946                 :::*
vagrant@node1:~$ nc -zv 172.31.1.2 7946
Connection to 172.31.1.2 7946 port [tcp/*] succeeded!
vagrant@node1:~$ nc -zv -u 172.31.1.2 7946
Connection to 172.31.1.2 7946 port [udp/*] succeeded!
vagrant@node1:~$ nc -zv -u 172.31.1.2 4789
Connection to 172.31.1.2 4789 port [udp/*] succeeded!

# In node2
vagrant@node2:~$ netstat -tuln | grep -E '(2377|7946|4789)'
tcp6       0      0 :::7946                 :::*                    LISTEN
udp        0      0 0.0.0.0:4789            0.0.0.0:*
udp6       0      0 :::7946                 :::*
vagrant@node2:~$ netstat -tuln | grep -E '(2377|7946|4789)'
vagrant@node2:~$ nc -zv 192.168.1.2 7946
Connection to 192.168.1.2 7946 port [tcp/*] succeeded!
vagrant@node2:~$ nc -zv -u 192.168.1.2 7946
Connection to 192.168.1.2 7946 port [udp/*] succeeded!
vagrant@node2:~$ nc -zv -u 192.168.1.2 4789
Connection to 192.168.1.2 4789 port [udp/*] succeeded!

答案1

我看过这个了，看起来你正在正确地完成所有的 Docker 配置。

我已经在本地机器和云环境上重新创建了 Swarm 配置，但无法复制该问题。

我只能认为这与 vagrant/virtualbox 网络有关。我对这两种技术一无所知，所以我无法提供更多帮助。

我希望我能为您提供更好的答案。

答案1

相关内容