docker 的网络命令空间
在 docker 创建后,通过 docker inspect 命令,可以获取 docker 网络命令空间的描述符路径:
[root@vac_master0 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
697950c08c2e 192.168.84.83:5000/x86_64/mpu/utelnetd:latest "/usr/sbin/myUtelnetd" 6 days ago Up 6 days tpa_vac
14326fe79a36 registry:2.6.2 "/entrypoint.sh /e..." 2 weeks ago Up 6 days lpm_registry
[root@vac_master0 ~]#
[root@vac_master0 ~]# docker inspect tpa_vac
[
{
"Id": "697950c08c2e11425b1e1ea6ddc4e60fbff929e0746bb65ef328d0f6e08d2263",
"Created": "2021-02-02T03:52:29.709566861Z",
"Path": "/usr/sbin/myUtelnetd",
"Args": [],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 4940,
"ExitCode": 0,
"Error": "",
"StartedAt": "2021-02-02T03:52:31.00728144Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:97fffa246d3c50f6e64f99654012616826252ecefd39859bdeca0c08e6fa3e53",
"ResolvConfPath": "/var/lib/docker/containers/697950c08c2e11425b1e1ea6ddc4e60fbff929e0746bb65ef328d0f6e08d2263/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/697950c08c2e11425b1e1ea6ddc4e60fbff929e0746bb65ef328d0f6e08d2263/hostname",
"HostsPath": "/var/lib/docker/containers/697950c08c2e11425b1e1ea6ddc4e60fbff929e0746bb65ef328d0f6e08d2263/hosts",
"LogPath": "/var/lib/docker/containers/697950c08c2e11425b1e1ea6ddc4e60fbff929e0746bb65ef328d0f6e08d2263/697950c08c2e11425b1e1ea6ddc4e60fbff929e0746bb65ef328d0f6e08d2263-json.log",
"Name": "/tpa_vac",
"RestartCount": 0,
"Driver": "overlay2",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": [
"/tmp/zte1:/zte1:ro",
"/tmp/zte2:/zte2:rw"
],
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "bridge",
"PortBindings": null,
"RestartPolicy": {
"Name": "",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Dns": null,
"DnsOptions": null,
"DnsSearch": null,
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": true,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": [
"label=disable"
],
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": null,
"DiskQuota": 0,
"KernelMemory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": -1,
"OomKillDisable": false,
"PidsLimit": 0,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0
},
"GraphDriver": {
"Name": "overlay2",
"Data": {
"LowerDir": "/var/lib/docker/overlay2/99fdce599f2a41b6bd5eab50d363e90b22be54ca4e3167c049fd9b8896b4bedc-init/diff:/var/lib/docker/overlay2/1522f636d4e1653db28d410acc6391e68d23e6259d36935f6e71c4865f928765/diff:/var/lib/docker/overlay2/da28397beec32ac4f8e961e1afebf7610cf9781c1880ea82359f3a0c771ad663/diff:/var/lib/docker/overlay2/700209b0e540c1de67307d8c0b49c6867f13e79b34235dbaf25a9ea4c4eb2fbd/diff:/var/lib/docker/overlay2/ef3c7ba0da6f986e6dcbad105369ee468037ddbbe159f13f0ae69422a90af059/diff",
"MergedDir": "/var/lib/docker/overlay2/99fdce599f2a41b6bd5eab50d363e90b22be54ca4e3167c049fd9b8896b4bedc/merged",
"UpperDir": "/var/lib/docker/overlay2/99fdce599f2a41b6bd5eab50d363e90b22be54ca4e3167c049fd9b8896b4bedc/diff",
"WorkDir": "/var/lib/docker/overlay2/99fdce599f2a41b6bd5eab50d363e90b22be54ca4e3167c049fd9b8896b4bedc/work"
}
},
"Mounts": [
{
"Type": "bind",
"Source": "/tmp/zte1",
"Destination": "/zte1",
"Mode": "ro",
"RW": false,
"Propagation": "rprivate"
},
{
"Type": "bind",
"Source": "/tmp/zte2",
"Destination": "/zte2",
"Mode": "rw",
"RW": true,
"Propagation": "rprivate"
}
],
"Config": {
"Hostname": "697950c08c2e",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": true,
"OpenStdin": true,
"StdinOnce": false,
"Env": [
"DEPLOYMODE=auto/manual",
"MSStatus=Master",
"Image=x86_64/mpu/utelnetd:latest",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/usr/sbin/myUtelnetd"
],
"Image": "192.168.84.83:5000/x86_64/mpu/utelnetd:latest",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "6b0ccfc44387184e160d916091dbf55900a5700ffebe66566ec128d945987a89",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/6b0ccfc44387",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "ec5e90845dd7bc9322ea56e44ad9459ee82d6b90bb63496b25cdce5f3e97eba3",
"Gateway": "172.17.6.252",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.6.1",
"IPPrefixLen": 24,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:06:01",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "2d55e5ee8e1d1dac06484c56613273c4c9a5b6aeb9b82a1d67e5633366286e4a",
"EndpointID": "ec5e90845dd7bc9322ea56e44ad9459ee82d6b90bb63496b25cdce5f3e97eba3",
"Gateway": "172.17.6.252",
"IPAddress": "172.17.6.1",
"IPPrefixLen": 24,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:06:01"
}
}
}
}
]
[root@vac_master0 ~]#
通过 docker inspect 命令,获取 JSON 格式数据中 NetworkSettings 字段下的 SandboxKey 字段,即 /var/run/docker/netns/6b0ccfc44387。
通过将其软连接至 /var/run/netns/{容器名称} 路径后,可方便通过 ip netns 命令操作容器的网络命名空间:
[root@vac_master0 ~]# ip netns list
[root@vac_master0 ~]#
[root@vac_master0 ~]#
[root@vac_master0 ~]# ln -s /var/run/docker/netns/6b0ccfc44387 /var/run/netns/tpa_vac
[root@vac_master0 ~]# ll /var/run/netns/
total 0
lrwxrwxrwx. 1 root root 34 Feb 8 13:51 tpa_vac -> /var/run/docker/netns/6b0ccfc44387
[root@vac_master0 ~]#
[root@vac_master0 ~]#
[root@vac_master0 ~]#
[root@vac_master0 ~]# ip netns
tpa_vac (id: 0)
[root@vac_master0 ~]#
