构建基于GRE协议的主机点对点隧道

 网络技术  No Responses »
3 月 052020
 

Generic Routing Encapsulation 通用路由封装协议

主机列表

18.163.50.194/172.31.44.248
18.162.60.60/172.31.37.49

查找系统可用的内核模块

[centos@ip-172-31-44-248 ~]$ ls -alRUv /lib/modules/$(uname -r)/kernel |grep ip_gre
-rw-r--r--. 1 root root 9396 Nov 29 2018 ip_gre.ko.xz
[centos@ip-172-31-44-248 ~]$

加载ip_gre模块

[root@ip-172-31-44-248 ~]# modprobe ip_gre
[root@ip-172-31-44-248 ~]#

[root@ip-172-31-37-49 ~]# modprobe ip_gre
[root@ip-172-31-37-49 ~]#

新增tun0网卡配置

本端隧道地址192.168.192.1
对端隧道地址192.168.192.2

[root@ip-172-31-44-248 ~]# vi /etc/sysconfig/network-scripts/ifcfg-tun0
DEVICE=tun0
BOOTPROTO=none
ONBOOT=yes
DEVICETYPE=tunnel
TYPE=GRE
PEER_INNER_IPADDR=192.168.192.2
PEER_OUTER_IPADDR=18.162.60.60
MY_INNER_IPADDR=192.168.192.1

启用tun0网卡

[root@ip-172-31-44-248 ~]# ifup tun0

查看接口信息

[root@ip-172-31-44-248 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000
    link/ether 0e:84:f5:b0:db:f6 brd ff:ff:ff:ff:ff:ff
    inet 172.31.44.248/20 brd 172.31.47.255 scope global dynamic ens5
       valid_lft 2667sec preferred_lft 2667sec
    inet6 fe80::c84:f5ff:feb0:dbf6/64 scope link 
       valid_lft forever preferred_lft forever
3: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1000
    link/gre 0.0.0.0 brd 0.0.0.0
4: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
5: tun0@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 8977 qdisc noqueue state UNKNOWN group default qlen 1000
    link/gre 0.0.0.0 peer 18.162.60.60
    inet 192.168.192.1 peer 192.168.192.2/32 scope global tun0
       valid_lft forever preferred_lft forever
[root@ip-172-31-44-248 ~]#

新增tun0网卡配置

本端隧道地址192.168.192.2
对端隧道地址192.168.192.1

[root@ip-172-31-37-49 ~]# vi /etc/sysconfig/network-scripts/ifcfg-tun0
DEVICE=tun0
BOOTPROTO=none
ONBOOT=yes
DEVICETYPE=tunnel
TYPE=GRE
PEER_INNER_IPADDR=192.168.192.1
PEER_OUTER_IPADDR=18.163.50.194
MY_INNER_IPADDR=192.168.192.2

启用tun0网卡

[root@ip-172-31-37-49 ~]# ifup tun0

查看接口信息

[root@ip-172-31-37-49 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000
    link/ether 0e:4a:2b:48:b8:aa brd ff:ff:ff:ff:ff:ff
    inet 172.31.37.49/20 brd 172.31.47.255 scope global dynamic ens5
       valid_lft 2692sec preferred_lft 2692sec
    inet6 fe80::c4a:2bff:fe48:b8aa/64 scope link 
       valid_lft forever preferred_lft forever
3: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1000
    link/gre 0.0.0.0 brd 0.0.0.0
4: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
5: tun0@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 8977 qdisc noqueue state UNKNOWN group default qlen 1000
    link/gre 0.0.0.0 peer 18.163.50.194
    inet 192.168.192.2 peer 192.168.192.1/32 scope global tun0
       valid_lft forever preferred_lft forever
[root@ip-172-31-37-49 ~]#

分别使用对端IP地址进行ping测试

[root@ip-172-31-37-49 ~]# ping -c 4 192.168.192.1
PING 192.168.192.1 (192.168.192.1) 56(84) bytes of data.
64 bytes from 192.168.192.1: icmp_seq=1 ttl=64 time=0.297 ms
64 bytes from 192.168.192.1: icmp_seq=2 ttl=64 time=0.283 ms
64 bytes from 192.168.192.1: icmp_seq=3 ttl=64 time=0.237 ms
64 bytes from 192.168.192.1: icmp_seq=4 ttl=64 time=0.268 ms

--- 192.168.192.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.237/0.271/0.297/0.025 ms
[root@ip-172-31-37-49 ~]#


[root@ip-172-31-44-248 ~]# ping -c 4 192.168.192.2
PING 192.168.192.2 (192.168.192.2) 56(84) bytes of data.
64 bytes from 192.168.192.2: icmp_seq=1 ttl=64 time=0.249 ms
64 bytes from 192.168.192.2: icmp_seq=2 ttl=64 time=0.279 ms
64 bytes from 192.168.192.2: icmp_seq=3 ttl=64 time=0.196 ms
64 bytes from 192.168.192.2: icmp_seq=4 ttl=64 time=0.214 ms

--- 192.168.192.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.196/0.234/0.279/0.035 ms
[root@ip-172-31-44-248 ~]#

Docker Swarm配置及Service运行管理

 容器化  No Responses »
3 月 052020
 

集群通信需要开放的端口及用途

TCP2377 集群管理通信
TCP/UDP7946 集群内节点间通信
UDP4789 overlay网络流量

在初始管理节点上创建Swarm集群

[root@server1 ~]# docker swarm init --advertise-addr 172.31.37.77
Swarm initialized: current node (51coubi9fdbxhggwk240jhd2o) is now a manager.

To add a worker to this swarm, run the following command:

    docker swarm join --token SWMTKN-1-03vu2g8soxmz0i75mbcp6k447zj5snxkibqnox4vgu7fbtu5mf-0qtsru4h7knuu9kf2ptwdpuns 172.31.37.77:2377

To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.

[root@server1 ~]#

查看集群当前状态信息

[root@server1 ~]# docker info
 Swarm: active
  NodeID: 51coubi9fdbxhggwk240jhd2o
  Is Manager: true
  ClusterID: xtiv1qnkuegsvuog4yw7t6i61
  Managers: 1
  Nodes: 1
  Default Address Pool: 10.0.0.0/8  
  SubnetSize: 24
  Data Path Port: 4789
  Orchestration:
   Task History Retention Limit: 5
[root@server1 ~]#

查看集群当前的节点信息

[root@server1 ~]# docker node ls
ID                            HOSTNAME            STATUS              AVAILABILITY        MANAGER STATUS      ENGINE VERSION
51coubi9fdbxhggwk240jhd2o *   server1             Ready               Active              Leader              19.03.7
[root@server1 ~]#

查询集群的加入配置信息(管理节点)

[root@server1 ~]# docker swarm join-token worker
To add a worker to this swarm, run the following command:

    docker swarm join --token SWMTKN-1-03vu2g8soxmz0i75mbcp6k447zj5snxkibqnox4vgu7fbtu5mf-0qtsru4h7knuu9kf2ptwdpuns 172.31.37.77:2377

[root@server1 ~]#

将剩余节点加入集群(工作节点)

[root@server2 ~]# docker swarm join --token SWMTKN-1-03vu2g8soxmz0i75mbcp6k447zj5snxkibqnox4vgu7fbtu5mf-0qtsru4h7knuu9kf2ptwdpuns 172.31.37.77:2377
This node joined a swarm as a worker.
[root@server2 ~]#

[root@server3 ~]# docker swarm join --token SWMTKN-1-03vu2g8soxmz0i75mbcp6k447zj5snxkibqnox4vgu7fbtu5mf-0qtsru4h7knuu9kf2ptwdpuns 172.31.37.77:2377
This node joined a swarm as a worker.
[root@server3 ~]#

[root@server4 ~]# docker swarm join --token SWMTKN-1-03vu2g8soxmz0i75mbcp6k447zj5snxkibqnox4vgu7fbtu5mf-0qtsru4h7knuu9kf2ptwdpuns 172.31.37.77:2377
This node joined a swarm as a worker.
[root@server4 ~]#

[root@server5 ~]# docker swarm join --token SWMTKN-1-03vu2g8soxmz0i75mbcp6k447zj5snxkibqnox4vgu7fbtu5mf-0qtsru4h7knuu9kf2ptwdpuns 172.31.37.77:2377
This node joined a swarm as a worker.
[root@server5 ~]#

查询集群节点状态

[root@server1 ~]# docker node ls
ID                            HOSTNAME            STATUS              AVAILABILITY        MANAGER STATUS      ENGINE VERSION
51coubi9fdbxhggwk240jhd2o *   server1             Ready               Active              Leader              19.03.7
pd0jygj230x1sw1e0h3cee9zt     server2             Ready               Active                                  19.03.7
avjy5atb5t31f7qp1wg91jcgf     server3             Ready               Active                                  19.03.7
z0tear836razrlw1ce39nkiyi     server4             Ready               Active                                  19.03.7
2mda4v4c09o646ia8i1b9i1em     server5             Ready               Active                                  19.03.7
[root@server1 ~]#

运行一个服务(Service)

[root@server1 ~]# docker service create --replicas 1 --name helloworld alpine ping docker.com
1fxvvocwsi8my58ttcnhg089i
overall progress: 1 out of 1 tasks 
1/1: running [==================================================>] 
verify: Service converged 
[root@server1 ~]#

服务运行参数说明:

docker service create 创建服务(Service)
--replicas 1 运行实例的数量
--name helloworld 服务名称
alpine ping docker.com 使用的镜像名称和执行的命令

查看服务运行状态

[root@server1 ~]# docker service ls
ID                  NAME                MODE                REPLICAS            IMAGE               PORTS
1fxvvocwsi8m        helloworld          replicated          1/1                 alpine:latest       
[root@server1 ~]#

查看服务状态信息

[root@server1 ~]# docker service inspect --pretty helloworld

ID:             1fxvvocwsi8my58ttcnhg089i
Name:           helloworld
Service Mode:   Replicated
 Replicas:      1
Placement:
UpdateConfig:
 Parallelism:   1
 On failure:    pause
 Monitoring Period: 5s
 Max failure ratio: 0
 Update order:      stop-first
RollbackConfig:
 Parallelism:   1
 On failure:    pause
 Monitoring Period: 5s
 Max failure ratio: 0
 Rollback order:    stop-first
ContainerSpec:
 Image:         alpine:latest@sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d
 Args:          ping docker.com 
 Init:          false
Resources:
Endpoint Mode:  vip

[root@server1 ~]#

查看运行该服务的容器节点

[root@server1 ~]# docker service ps helloworld
ID                  NAME                IMAGE               NODE                DESIRED STATE       CURRENT STATE           ERROR               PORTS
s32zfioxk1bg        helloworld.1        alpine:latest       server1             Running             Running 9 minutes ago                       
[root@server1 ~]#

在运行服务的容器节点上查看容器的运行详情

[root@server1 ~]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
690df1c6470f        alpine:latest       "ping docker.com"   11 minutes ago      Up 11 minutes                           helloworld.1.s32zfioxk1bgzlbcqjz9c0a0l
[root@server1 ~]#

调整服务中运行容器示例的保有数量

[root@server1 ~]# docker service scale helloworld=5
helloworld scaled to 5
overall progress: 5 out of 5 tasks 
1/5: running [==================================================>] 
2/5: running [==================================================>] 
3/5: running [==================================================>] 
4/5: running [==================================================>] 
5/5: running [==================================================>] 
verify: Service converged 
[root@server1 ~]#

查看调整保有数量后的容器节点

[root@server1 ~]# docker service ps helloworld
ID                  NAME                IMAGE               NODE                DESIRED STATE       CURRENT STATE            ERROR               PORTS
s32zfioxk1bg        helloworld.1        alpine:latest       server1             Running             Running 15 minutes ago                       
gp211qp0cwf1        helloworld.2        alpine:latest       server4             Running             Running 52 seconds ago                       
j7542eiyux9x        helloworld.3        alpine:latest       server5             Running             Running 52 seconds ago                       
l8bl51j3ak3n        helloworld.4        alpine:latest       server2             Running             Running 52 seconds ago                       
jvvfztivyvqw        helloworld.5        alpine:latest       server3             Running             Running 52 seconds ago                       
[root@server1 ~]#

删除服务(管理节点)

[root@server1 ~]# docker service rm helloworld
helloworld
[root@server1 ~]# docker service inspect helloworld
[]
Status: Error: no such service: helloworld, Code: 1
[root@server1 ~]#