lxc类型的容器如何使用Open vSwitch做网络底层呢?

假设底层是ovs, 网桥是ovsbr0,容器已经启动,docker的底层是lxc

查看容器:

ps axww --forest  

找到-f 后面的配置文件: /var/lib/docker/containers/19ab1b6edd1635159095f3a59f4dab0c1e71f6512282156620fd532ca6446db8/config.lxc

编辑修改网络部分:

# vi /var/lib/docker/containers/ae5bfe8ac3567d545c9a0dc64c30cbbdd5ae67466be0b44bd462a4815fbee11d
lxc.network.type = veth  
lxc.network.flags = up  
lxc.network.link = lxcbr0  

并增加以下三行,注意ovs port name

lxc.network.script.up = /etc/network/if-up.d/lxc-ifup  
lxc.network.script.down = /etc/network/if-down.d/lxc-ifdown  
lxc.network.veth.pair = <ovs port name>  

生成lxc-ifup文件:

# vi /etc/network/if-up.d/lxc-ifup
------
#!/bin/bash
ovsBr='lxcbr0'  
ovs-vsctl --may-exist add-br ${ovsBr}  
ovs-vsctl --may-exist add-port ${ovsBr} $5  
------

生成lxc-down文件:

# vi /etc/network/if-up.d/lxc-ifup
------
#!/bin/bash
ovsBr='lxcbr'  
ovs-vsctl --if-exists del-port ${ovsBr} $5  
------

脚本启动的时候会传过来5个参数

  1. 容器的名称

  2. The configuration section of the container’s configuration (“net” in this case)

  3. up or down (lxc.network.script.up 就是 “up”, lxc.network.script.down 就是 “down”)

  4. 容器网络的类型(这里传过来的是“veth”)

  5. 容器外对应的端口interface

我们只需用到$5,其他四个都用不到,当然可以把up和down都弄到一个脚本里,这样就用到$4了:

#!/bin/bash

BRIDGE="lxcbr0"  
ovs-vsctl --may-exist add-br $BRIDGE  
if [ $4 = "down" ];then  
  ovs-vsctl --if-exists del-port $BRIDGE $5
else if [ $4 = "up" ];then  
  ovs-vsctl --may-exist add-port $BRIDGE $5
fi  

这种方式实际就是以lxcbr0(Fake Bridge)再串接到ovsbr0的方式供lxc来使用。本质就是网桥接网桥。

comments powered by Disqus