Docker Network Hands On

User-Defined Bridge Networks

ネットワークの作成

$ docker network create -d bridge --subnet 10.0.0.0/24 yokohei_nw

$ ip a
...
3: docker0:  mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:fc:7d:8f:0e brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:fcff:fe7d:8f0e/64 scope link 
       valid_lft forever preferred_lft forever
16: br-0b715e73957a:  mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:07:d9:50:15 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/24 brd 10.0.0.255 scope global br-0b715e73957a
       valid_lft forever preferred_lft forever

$ brctl show
bridge name bridge id       STP enabled interfaces
br-0b715e73957a     8000.024207d95015   no      
docker0     8000.0242fc7d8f0e   no

$ docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
4e273df71ecb        bridge              bridge              local
0b715e73957a        yokohei_nw          bridge              local
...

テスト 1. --link オプション

$ docker run -itd --name c1 --net yokohei_nw coreos/apache
$ docker run -it --name c2 --link=c1:web --net yokohei_nw coreos/main /bin/bash
root@15a477848015:/# cat /etc/hosts 
127.0.0.1   localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
10.0.0.3    15a477848015

root@15a477848015:/# curl web
<html><body><h1>It works!</h1>
<p>This is the default web page for this server.</p>
<p>The web server software is running but no content has been added, yet.</p>
</body></html>

root@15a477848015:/# dig web

; <<>> DiG 9.8.1-P1 <<>> web
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43487
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;web.               IN  A

;; ANSWER SECTION:
web.            600 IN  A   10.0.0.2

;; Query time: 1 msec
;; SERVER: 127.0.0.11#53(127.0.0.11)
;; WHEN: Wed Jun 19 19:38:41 2019
;; MSG SIZE  rcvd: 40

root@15a477848015:/# cat /etc/resolv.conf 
nameserver 127.0.0.11
options timeout:2 attempts:2 ndots:0

--link=c1:web で指定したとおり、 web で疎通可能となる。
これは hosts ファイルに書かれるのではなく、 Embedded DNS server が解決していることがわかる。

テスト 2. --network-alias オプション

$ docker run -itd --name c1 --network-alias=yokohei-alias --net yokohei_nw coreos/apache
$ docker run -itd --name c2 --network-alias=yokohei-alias --net yokohei_nw coreos/apache
$ docker run -it --name c3 --net yokohei_nw coreos/main /bin/bash
root@c43893ebb5d2:/# dig yokohei-alias

; <<>> DiG 9.8.1-P1 <<>> yokohei-alias
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11625
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;yokohei-alias.         IN  A

;; ANSWER SECTION:
yokohei-alias.      600 IN  A   10.0.0.2
yokohei-alias.      600 IN  A   10.0.0.3

;; Query time: 1 msec
;; SERVER: 127.0.0.11#53(127.0.0.11)
;; WHEN: Wed Jun 19 19:48:33 2019
;; MSG SIZE  rcvd: 89

root@c43893ebb5d2:/# dig yokohei-alias +short +norec @127.0.0.11
10.0.0.2
10.0.0.3
root@c43893ebb5d2:/# dig yokohei-alias +short +norec @127.0.0.11
10.0.0.3
10.0.0.2
root@c43893ebb5d2:/# dig yokohei-alias +short +norec @127.0.0.11
10.0.0.3
10.0.0.2

network-alias では、同じ値を指定できる。
Embedded DNS server は、ランダムな順序で値を返しているように見える。
というか Embedded DNS server ってリゾルバ兼権威？

トラブルシューティング

Apache 起動時のエラー

$ docker run -it coreos/apache
/usr/sbin/apache2ctl: 87: ulimit: error setting limit (Operation not permitted)
apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2 for ServerName

Apache and Fully Qualified Domain Names
http://ratfactor.com/apache-fqdn/