Last active
December 29, 2023 07:07
Revisions
-
noteed revised this gist
Apr 18, 2014 . 1 changed file with 5 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -23,6 +23,11 @@ must be changed, and the script can be run: Repeat the steps on a second host. ## Route See the other Gist using Tinc to solve a problem where Docker allocates the same IP addresses on both hosts. ## Useful debugging commands root@node-1:~# ip a s -
noteed revised this gist
Apr 18, 2014 . 2 changed files with 11 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,9 +1,18 @@ # Running Docker on two hosts, bridged with Open vSwitch This Gist shows how to use Open vSwitch to bridge Docker containers on two hosts. It is based on this blog post http://goldmann.pl/blog/2014/01/21/connecting-docker-containers-on-multiple-hosts/. A similar Gist using Tinc instead of Open vSwitch is available: https://gist.github.com/noteed/11031504. ## Setup To prepare a host (e.g. a new Digital Ocean Ubuntu 14.04 droplet), simply run the `install.sh` script: # wget https://gist.githubusercontent.com/noteed/8656989/raw/install.sh # sh install.sh Once done, the two first variables of the `shared-docker-network.sh` script This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -11,6 +11,6 @@ echo 'DOCKER_OPTS="--bridge=docker0"' >> /etc/default/docker service docker restart # This Gist. wget https://gist.githubusercontent.com/noteed/8656989/raw/shared-docker-network.sh echo Edit shared-docker-network.sh and run it. -
noteed revised this gist
Apr 17, 2014 . 1 changed file with 14 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,19 @@ # Running Docker on two hosts, bridged with Open vSwitch To prepare a host (e.g. a new Digital Ocean Ubuntu 14.04 droplet), simply run the `install.sh` script: # wget https://gist.githubusercontent.com/noteed/8656989/raw/f51b207bebc72d3183992abbf372faff49f370f9/install.sh # sh install.sh Once done, the two first variables of the `shared-docker-network.sh` script must be changed, and the script can be run: # vim shared-docker-network.sh # sh shared-docker-network.sh Repeat the steps on a second host. ## Useful debugging commands root@node-1:~# ip a s -
noteed revised this gist
Apr 17, 2014 . 2 changed files with 5 additions and 145 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,149 +1,10 @@ # Running Docker on two hosts, bridged with Open vSwitch ## Useful debugging commands root@node-1:~# ip a s root@node-1:~# ip r s root@node-1:~# brctl show root@node-1:~# ovs-vsctl show root@node-1:~# ping <other host> root@node-1:~# ping <other host bridge> This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -11,7 +11,6 @@ echo 'DOCKER_OPTS="--bridge=docker0"' >> /etc/default/docker service docker restart # This Gist. wget https://gist.githubusercontent.com/noteed/8656989/raw/711136057df062be4543b098e227615a89dd80ee/shared-docker-network.sh echo Edit shared-docker-network.sh and run it. -
noteed revised this gist
Apr 17, 2014 . 3 changed files with 24 additions and 15 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -7,12 +7,11 @@ apt-key adv \ apt-get update apt-get install -q -y vim openvswitch-switch bridge-utils lxc-docker echo 'DOCKER_OPTS="--bridge=docker0"' >> /etc/default/docker service docker restart # This Gist. wget https://gist.github.com/noteed/8656989/raw/cf7e18c338901b9eb8ae6522796ebca8728c4e36/iptables-rules.sh wget https://gist.github.com/noteed/8656989/raw/48567131827ef888149d5c04c51c7a89e1237f73/shared-docker-network.sh echo Edit shared-docker-network.sh and run it. This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,8 +0,0 @@ This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,12 +1,16 @@ # From http://goldmann.pl/blog/2014/01/21/connecting-docker-containers-on-multiple-hosts/ # Edit this variable: the 'other' host. REMOTE_IP=188.226.138.185 # Edit this variable: the bridge address on 'this' host. BRIDGE_ADDRESS=172.16.42.1/24 # Name of the bridge (should match /etc/default/docker). BRIDGE_NAME=docker0 # bridges # Deactivate the docker0 bridge ip link set $BRIDGE_NAME down # Remove the docker0 bridge @@ -25,4 +29,18 @@ ovs-vsctl add-br br0 # br0 bridge ovs-vsctl add-port br0 gre0 -- set interface gre0 type=gre options:remote_ip=$REMOTE_IP # Add the br0 bridge to docker0 bridge brctl addif $BRIDGE_NAME br0 # iptables rules # Enable NAT iptables -t nat -A POSTROUTING -s 172.16.42.0/24 ! -d 172.16.42.0/24 -j MASQUERADE # Accept incoming packets for existing connections iptables -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # Accept all non-intercontainer outgoing packets iptables -A FORWARD -i docker0 ! -o docker0 -j ACCEPT # By default allow all outgoing traffic iptables -A FORWARD -i docker0 -o docker0 -j ACCEPT # Restart Docker daemon to use the new BRIDGE_NAME service docker restart -
noteed revised this gist
Apr 17, 2014 . 1 changed file with 10 additions and 9 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,17 +1,18 @@ # For lxc-docker. echo deb http://get.docker.io/ubuntu docker main \ > /etc/apt/sources.list.d/docker.list apt-key adv \ --keyserver keyserver.ubuntu.com \ --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9 apt-get update apt-get install -q -y vim openvswitch-switch bridge-utils lxc-docker echo 'DOCKER_OPTS="-b=none"' >> /etc/default/docker service docker restart # This Gist. wget https://gist.github.com/noteed/8656989/raw/cf7e18c338901b9eb8ae6522796ebca8728c4e36/iptables-rules.sh wget https://gist.github.com/noteed/8656989/raw/48567131827ef888149d5c04c51c7a89e1237f73/shared-docker-network.sh echo Edit shared-docker-network.sh and run it. echo Then run iptables-rules.sh -
noteed revised this gist
Jan 30, 2014 . 1 changed file with 13 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,17 @@ # For lxc-docker. sh -c "echo deb http://get.docker.io/ubuntu docker main /etc/apt/sources.list.d/docker.list" apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9 apt-get update apt-get install -q -y vim openvswitch-switch bridge-utils # This Gist. wget https://gist.github.com/noteed/8656989/raw/cf7e18c338901b9eb8ae6522796ebca8728c4e36/iptables-rules.sh wget https://gist.github.com/noteed/8656989/raw/48567131827ef888149d5c04c51c7a89e1237f73/shared-docker-network.sh sh shared-docker-network.sh sh iptables-rules.sh apt-get install -q -y lxc-docker echo 'DOCKER_OPTS="-b=none"' >> /etc/default/docker service docker restart -
noteed revised this gist
Jan 30, 2014 . 1 changed file with 6 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,6 @@ apt-get update apt-get install -q -y vim openvswitch-switch bridge-utils apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9 # This Gist. wget https://gist.github.com/noteed/8656989/raw/cf7e18c338901b9eb8ae6522796ebca8728c4e36/iptables-rules.sh wget https://gist.github.com/noteed/8656989/raw/48567131827ef888149d5c04c51c7a89e1237f73/shared-docker-network.sh -
noteed revised this gist
Jan 30, 2014 . 1 changed file with 8 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,8 @@ # Enable NAT iptables -t nat -A POSTROUTING -s 172.16.42.0/24 ! -d 172.16.42.0/24 -j MASQUERADE # Accept incoming packets for existing connections iptables -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # Accept all non-intercontainer outgoing packets iptables -A FORWARD -i docker0 ! -o docker0 -j ACCEPT # By default allow all outgoing traffic iptables -A FORWARD -i docker0 -o docker0 -j ACCEPT -
noteed revised this gist
Jan 27, 2014 . 1 changed file with 28 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,28 @@ # From http://goldmann.pl/blog/2014/01/21/connecting-docker-containers-on-multiple-hosts/ # The 'other' host REMOTE_IP=188.226.138.185 # Name of the bridge BRIDGE_NAME=docker0 # Bridge address BRIDGE_ADDRESS=172.16.42.1/24 # Deactivate the docker0 bridge ip link set $BRIDGE_NAME down # Remove the docker0 bridge brctl delbr $BRIDGE_NAME # Delete the Open vSwitch bridge ovs-vsctl del-br br0 # Add the docker0 bridge brctl addbr $BRIDGE_NAME # Set up the IP for the docker0 bridge ip a add $BRIDGE_ADDRESS dev $BRIDGE_NAME # Activate the bridge ip link set $BRIDGE_NAME up # Add the br0 Open vSwitch bridge ovs-vsctl add-br br0 # Create the tunnel to the other host and attach it to the # br0 bridge ovs-vsctl add-port br0 gre0 -- set interface gre0 type=gre options:remote_ip=$REMOTE_IP # Add the br0 bridge to docker0 bridge brctl addif $BRIDGE_NAME br0 -
noteed created this gist
Jan 27, 2014 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,149 @@ Both machine report: # ps ax | grep docker 837 ? Sl 0:00 /usr/bin/docker -d -b=none # Node 1 root@node-1:~# ip a s 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 04:01:10:10:5d:01 brd ff:ff:ff:ff:ff:ff inet 95.85.54.71/24 brd 95.85.54.255 scope global eth0 inet6 fe80::601:10ff:fe10:5d01/64 scope link valid_lft forever preferred_lft forever 3: lxcbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN link/ether da:e5:e3:9c:9e:3e brd ff:ff:ff:ff:ff:ff inet 10.0.3.1/24 brd 10.0.3.255 scope global lxcbr0 inet6 fe80::d8e5:e3ff:fe9c:9e3e/64 scope link valid_lft forever preferred_lft forever 17: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN link/ether ca:89:a2:3d:6c:47 brd ff:ff:ff:ff:ff:ff inet 172.16.42.1/24 scope global docker0 inet6 fe80::4cea:2ff:fedc:c57a/64 scope link valid_lft forever preferred_lft forever 18: br0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop master docker0 state DOWN link/ether ca:89:a2:3d:6c:47 brd ff:ff:ff:ff:ff:ff root@node-1:~# ip r s default via 95.85.54.1 dev eth0 10.0.3.0/24 dev lxcbr0 proto kernel scope link src 10.0.3.1 95.85.54.0/24 dev eth0 proto kernel scope link src 95.85.54.71 172.16.42.0/24 dev docker0 proto kernel scope link src 172.16.42.1 root@node-1:~# brctl show bridge name bridge id STP enabled interfaces docker0 8000.ca89a23d6c47 no br0 lxcbr0 8000.000000000000 no root@node-1:~# ovs-vsctl show 1510f4dc-8b5a-48f8-97ce-a2e233a70c0d Bridge "br0" Port "gre0" Interface "gre0" type: gre options: {remote_ip="188.226.138.185"} Port "br0" Interface "br0" type: internal ovs_version: "1.9.0" root@node-1:~# ping 188.226.138.185 PING 188.226.138.185 (188.226.138.185) 56(84) bytes of data. 64 bytes from 188.226.138.185: icmp_req=1 ttl=63 time=0.426 ms 64 bytes from 188.226.138.185: icmp_req=2 ttl=63 time=0.440 ms ^C --- 188.226.138.185 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.426/0.433/0.440/0.007 ms root@node-1:~# ping 172.16.42.2 PING 172.16.42.2 (172.16.42.2) 56(84) bytes of data. From 172.16.42.1 icmp_seq=1 Destination Host Unreachable From 172.16.42.1 icmp_seq=2 Destination Host Unreachable From 172.16.42.1 icmp_seq=3 Destination Host Unreachable ^C --- 172.16.42.2 ping statistics --- 4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3014ms pipe 3 # Node 2 root@node-2:~# ip a s 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 04:01:10:10:f0:01 brd ff:ff:ff:ff:ff:ff inet 188.226.138.185/24 brd 188.226.138.255 scope global eth0 inet6 fe80::601:10ff:fe10:f001/64 scope link valid_lft forever preferred_lft forever 3: lxcbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN link/ether 2e:1a:a6:13:53:77 brd ff:ff:ff:ff:ff:ff inet 10.0.3.1/24 brd 10.0.3.255 scope global lxcbr0 inet6 fe80::2c1a:a6ff:fe13:5377/64 scope link valid_lft forever preferred_lft forever 17: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN link/ether 42:d5:ad:4b:82:40 brd ff:ff:ff:ff:ff:ff inet 172.16.42.2/24 scope global docker0 inet6 fe80::58c1:35ff:feb5:5ec8/64 scope link valid_lft forever preferred_lft forever 18: br0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop master docker0 state DOWN link/ether 42:d5:ad:4b:82:40 brd ff:ff:ff:ff:ff:ff root@node-2:~# ip r s default via 188.226.138.1 dev eth0 10.0.3.0/24 dev lxcbr0 proto kernel scope link src 10.0.3.1 172.16.42.0/24 dev docker0 proto kernel scope link src 172.16.42.2 188.226.138.0/24 dev eth0 proto kernel scope link src 188.226.138.185 root@node-2:~# brctl show bridge name bridge id STP enabled interfaces docker0 8000.42d5ad4b8240 no br0 lxcbr0 8000.000000000000 no root@node-2:~# ovs-vsctl show 7635f0dd-d245-430c-9dbf-02dba456cc88 Bridge "br0" Port "br0" Interface "br0" type: internal Port "gre0" Interface "gre0" type: gre options: {remote_ip="95.85.54.71"} ovs_version: "1.9.0" root@node-2:~# ping 95.85.54.71 PING 95.85.54.71 (95.85.54.71) 56(84) bytes of data. 64 bytes from 95.85.54.71: icmp_req=1 ttl=63 time=0.460 ms ^C --- 95.85.54.71 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.460/0.460/0.460/0.000 ms root@node-2:~# ping 172.16.42.1 PING 172.16.42.1 (172.16.42.1) 56(84) bytes of data. From 172.16.42.2 icmp_seq=1 Destination Host Unreachable From 172.16.42.2 icmp_seq=2 Destination Host Unreachable From 172.16.42.2 icmp_seq=3 Destination Host Unreachable ^C --- 172.16.42.1 ping statistics --- 4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3014ms pipe 3