12px server kill pem 容器 sin 修改 with lse

參考https://www.cnblogs.com/CloudMan6/p/7457653.html flannel 支持多種backend，前面學習的是 vxlan backend ，host-gw 是 flannel的另一個backend。 與vxlan不同，host-gw 不會封裝數據包，而是在主機的路由表中創建到其他主機的subnet 路由條目，從而實現容器跨主機通信。要使用host-gw 首先要修改flannel的配置 flannel-config.json ： 將type中的vxlan改為host-gw # 1、配置etcd數據庫，更改type [[email protected] ~]# cat flannel-config.json { "Network": "10.2.0.0/16", "SubnetLen": 24, "Backend": { "Type": "host-gw" } } [[email protected] ~]# etcdctl --endpoints=10.12.31.213:2379 set /docker-test/network/config < flannel-config.json { "Network": "10.2.0.0/16", "SubnetLen": 24, "Backend": { "Type": "host-gw" } } # 2、host1上重啟flannel，修改mtu，重啟docker [email protected]:~# ps -ef | grep flannel root 7315 7226 0 17:36 pts/0 00:00:00 /usr/local/bin/flanneld-amd64 -etcd-endpoints=http://10.12.31.213:2379 -iface=ens160 -etcd-prefix=/docker-test/network root 7437 7226 0 17:38 pts/0 00:00:00 grep --color=auto flannel [email protected]:~# kill -9 7315 [email protected]:~# /usr/local/bin/flanneld-amd64 -etcd-endpoints=http://10.12.31.213:2379 -iface=ens160 -etcd-prefix=/docker-test/network & [1] 7440 [email protected]:~# I0402 17:38:43.723057 7440 main.go:529] Using interface with name ens160 and address 10.12.31.211 I0402 17:38:43.723121 7440 main.go:546] Defaulting external address to interface address (10.12.31.211) I0402 17:38:43.723289 7440 main.go:244] Created subnet manager: Etcd Local Manager with Previous Subnet: 10.2.46.0/24 I0402 17:38:43.723307 7440 main.go:247] Installing signal handlers I0402 17:38:43.725268 7440 main.go:388] Found network config - Backend type: host-gw I0402 17:38:43.739204 7440 local_manager.go:147] Found lease (10.2.46.0/24) for current IP (10.12.31.211), reusing I0402 17:38:43.751344 7440 main.go:311] Changing default FORWARD chain policy to ACCEPT I0402 17:38:43.751523 7440 main.go:319] Wrote subnet file to /run/flannel/subnet.env I0402 17:38:43.751546 7440 main.go:323] Running backend. I0402 17:38:43.751616 7440 route_network.go:53] Watching for new subnet leases I0402 17:38:43.756410 7440 main.go:431] Waiting for 22h59m59.974453402s to renew lease I0402 17:38:43.756617 7440 route_network.go:85] Subnet added: 10.2.44.0/24 via 10.12.31.212 W0402 17:38:43.756637 7440 route_network.go:88] Ignoring non-host-gw subnet: type=vxlan [email protected]:~# cat /run/flannel/subnet.env FLANNEL_NETWORK=10.2.0.0/16 FLANNEL_SUBNET=10.2.46.1/24 FLANNEL_MTU=1500 FLANNEL_IPMASQ=false [email protected]:~# ip r default via 10.12.28.6 dev ens160 onlink 10.2.44.0/24 via 10.2.44.0 dev flannel.1 onlink 10.2.46.0/24 dev docker0 proto kernel scope link src 10.2.46.1 10.12.28.0/22 dev ens160 proto kernel scope link src 10.12.31.211 172.22.0.0/16 via 10.12.28.1 dev ens160 [email protected]:~# cat /etc/systemd/system/docker.service.d/10-machine.conf [Service] ExecStart= ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock --storage-driver overlay2 --tlsverify --tlscacert /etc/docker/ca.pem --tlscert /etc/docker/server.pem --tlskey /etc/docker/server-key.pem --label provider=generic --bip=10.2.46.1/24 --mtu=1500 #--cluster-store=consul://10.12.31.213:8500 --cluster-advertise=ens160:2376 Environment= [email protected]:~# systemctl daemon-reload [email protected]:~# systemctl restart docker.service # 3、host1上重啟flannel，修改mtu，重啟docker [email protected]:~# ps -ef | grep flannel root 1572 1 0 Apr01 ? 00:00:33 /usr/local/bin/flanneld-amd64 -etcd-endpoints=http://10.12.31.213:2379 -iface=ens160 -etcd-prefix=/docker-test/network root 18111 17898 0 17:41 pts/0 00:00:00 grep --color=auto flannel [email protected]:~# kill -9 1572 [email protected]:~# /usr/local/bin/flanneld-amd64 -etcd-endpoints=http://10.12.31.213:2379 -iface=ens160 -etcd-prefix=/docker-test/network & [1] 18120 [email protected]:~# I0402 17:41:52.208836 18120 main.go:529] Using interface with name ens160 and address 10.12.31.212 I0402 17:41:52.208929 18120 main.go:546] Defaulting external address to interface address (10.12.31.212) I0402 17:41:52.209142 18120 main.go:244] Created subnet manager: Etcd Local Manager with Previous Subnet: 10.2.44.0/24 I0402 17:41:52.209168 18120 main.go:247] Installing signal handlers I0402 17:41:52.211324 18120 main.go:388] Found network config - Backend type: host-gw I0402 17:41:52.237102 18120 local_manager.go:147] Found lease (10.2.44.0/24) for current IP (10.12.31.212), reusing I0402 17:41:52.253167 18120 main.go:311] Changing default FORWARD chain policy to ACCEPT I0402 17:41:52.253345 18120 main.go:319] Wrote subnet file to /run/flannel/subnet.env I0402 17:41:52.253369 18120 main.go:323] Running backend. I0402 17:41:52.253604 18120 route_network.go:53] Watching for new subnet leases I0402 17:41:52.269068 18120 route_network.go:85] Subnet added: 10.2.46.0/24 via 10.12.31.211 W0402 17:41:52.271450 18120 route_network.go:102] Replacing existing route to 10.2.46.0/24 via 10.2.46.0 dev index 6 with 10.2.46.0/24 via 10.12.31.211 dev index 2. I0402 17:41:52.272686 18120 main.go:431] Waiting for 22h59m59.965316418s to renew lease [email protected]:~# cat /run/flannel/subnet.env FLANNEL_NETWORK=10.2.0.0/16 FLANNEL_SUBNET=10.2.44.1/24 FLANNEL_MTU=1500 FLANNEL_IPMASQ=false [email protected]:~# ip r default via 10.12.28.6 dev ens160 onlink 10.2.44.0/24 dev docker0 proto kernel scope link src 10.2.44.1 10.2.46.0/24 via 10.12.31.211 dev ens160 10.12.28.0/22 dev ens160 proto kernel scope link src 10.12.31.212 172.22.0.0/16 via 10.12.28.1 dev ens160 [email protected]:~# cat /etc/systemd/system/docker.service.d/10-machine.conf [Service] ExecStart= ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock --storage-driver overlay2 --tlsverify --tlscacert /etc/docker/ca.pem --tlscert /etc/docker/server.pem --tlskey /etc/docker/server-key.pem --label provider=generic --bip 10.2.44.1/24 --mtu=1500 # --cluster-store=consul://10.12.31.213:8500 --cluster-advertise=ens160:2376 Environment= [email protected]:~# systemctl daemon-reload [email protected]:~# systemctl restart docker.service 重新進行連通性測試 [email protected]:~# docker exec bbox1 ip r default via 10.2.46.1 dev eth0 10.2.46.0/24 dev eth0 scope link src 10.2.46.2 [email protected]:~# docker exec bbox1 ping -c 2 10.2.44.2 PING 10.2.44.2 (10.2.44.2): 56 data bytes 64 bytes from 10.2.44.2: seq=0 ttl=62 time=0.641 ms 64 bytes from 10.2.44.2: seq=1 ttl=62 time=0.462 ms --- 10.2.44.2 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 0.462/0.551/0.641 ms [email protected]:~# docker exec bbox2 ip r default via 10.2.44.1 dev eth0 10.2.44.0/24 dev eth0 scope link src 10.2.44.2 host-gw 的MTU 為1500，所以需要修改docker啟動參數--mtu值 下面對比 host-gw 和 vxlan 兩種backend： 1、host-gw 把每個主機都配置成網關，主機知道其他主機的subnet和轉發地址。vxlan則在主機間建立隧道，不同主機的容器都在一個大的網段內 2、雖然vxlan與host-gw使用不同的機制建立主機之間連接，但對於容器則無需任何改變，bbox1仍然可以與bbox2通信 3、由於vxlan需要對數據進行額外打包和拆包，性能稍遜於host-gw

062、如何使用flannel host-gw backend（2019-04-02 周二）