Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
154 lines (104 sloc) 6.51 KB

DaoliNet User Guide

Suppose you have installed DaoliNet by following the instructions in DaoliNet Installation Guide. Also make sure that all services listed there have been started-up properly.

DaoliNet provides a set of CLI (Command Line Interface) commands to:

  • Group connect/disconnect CIDR (Classless Inter-Domain Routing) subnets which have been created by Docker network with DaoliNet driver plugin. Containers in a group of CIDR subnets are connected whether or not they are on the same Docker host.
  • Connect/disconnect any two containers. These containers can be on any Docker hosts.
  • Set firewall policy controls for a container.
  • Container network migrate arbitrary with container.

1. Docker Network with DaoliNet Driver

DaoliNet makes use of docker network to create and manage container subnets by plugging DaoliNet driver.

1.1. Create a Network

Use 'docker network' CLI to create container networks. The following two docker CLIs exemplify creating two docker networks in CIDR subnets. The parameter --driver=daolinet specifies that these subnets will have DaoliNet networking properties.

docker -H :3380 network create --subnet=10.1.0.0/24 --gateway=10.1.0.1 --driver=daolinet dnet1
docker -H :3380 network create --subnet=192.168.0.0/24 --gateway=192.168.0.1 --driver=daolinet dnet2

The above CLI commands are executed on a Docker Swarm Manager node which is also a DaoliNet API Service Manager (see Section 2.1.4 of DaoliNet Installation Guide, "DaoliNet API Service", we always install DaoliNet API Service Manager on a Docker Swarm Manager node). If a CLI command is executed on a non-Swarm Manage node, then you must specify the IP address of the Docker Swarm Manager node in -H parameter. For example:

docker -H <SWARN-MANAGER-IP>:3380 network create --subnet=10.1.0.0/24 --gateway=10.1.0.1 --driver=daolinet dnet1

1.2. Launch a Container

Use 'docker run' CLI to launch a container in an CIDR subnet; the subnet has been created using the 'docker network' CLI (see Section 1.1.); you should spcidfy the name of the subnet using --net parameter:

# Launch containers in 10.1.0.0/24 subnet
docker -H :3380 run -ti -d --net=dnet1 --name test1 centos
# Suppose that container test1 has IP address 10.1.0.2 (You may view the actual IP address using 'docker inspect test1') 
docker -H :3380 run -ti -d --net=dnet1 --name test2 centos
# Suppose that container test2 has IP address 10.1.0.3 (You may view the actual IP using 'docker inspect test2') 

# Launch containers in 192.168.0.0/24 subnet
docker -H :3380 run -ti -d --net=dnet2 --name test3 centos
# Suppose test3 has IP 192.168.0.2
docker -H :3380 run -ti -d --net=dnet2 --name test4 centos
# Suppose test4 has IP 192.168.0.3

1.3. Test Container Network

The default networking rule of DaoliNet: The workloads in the same subnet are connected, and those in different subnets are not connected

# Enter container test1
docker -H :3380 attach test1

# In test1, ping test2, connected
>> ping 10.1.0.3

# In test1, ping test3 or test4, not connected
>> ping 192.168.0.2
>> ping 192.168.0.3

2. DaoliNet Network Control and Management

As we have seen in Section 1, containers in different subnets are not connected. DaoliNet can connect different subnets by lacing them in a network group.

2.1. Create a Network Group

# Create a network group
daolictl group create G1
# G1 is the name of a newly created network group

# Add a subnet into a network group
daolictl member add --group G1 dnet1
daolictl member add --group G1 dnet2
# You can view members in a network group
daolictl group show G1

# Now in container test1, ping container test3 and test4, connected
>> ping 192.168.0.2
>> ping 192.168.0.3

# Now remove a subnet from the network group
daolictl member rm --group G1 dnet2
# Now in container test1 ping container test3 or test4, not connected
>> ping 192.168.0.2
>> ping 192.168.0.3

2.2. Fine Granular Control

DaoliNet can control connection between any two containers

# Disconnect two containers
daolictl disconnect test1:test2
# Now in container test1, ping container test2 (suppose its IP is 10.1.0.3),not connected
>> ping 10.1.0.3

# Resume connection
daolictl connect test1:test2
# In test1 ping test2, connected
>> ping 10.1.0.3

2.3. Set Firewall Policy

If a container has launched a service, you can map the service port number to make the service usable externally

Note, please login an agent node to add the service image

For example, login agent-node and download ssh service and apache service images:

  ssh agent-node
  docker pull daolicloud/centos6.6-ssh
  docker pull daolicloud/centos6.6-apache
# First, launch containers to test firewall rules
docker -H :3380 run -ti -d --net=dnet1 --name testssh daolicloud/centos6.6-ssh
docker -H :3380 run -ti -d --net=dnet1 --name testweb daolicloud/centos6.6-apache

# Create an ssh firewall rule named fw-ssh for container testssh, map the ssh port 22 in the container to the server port 20022
daolictl firewall create --container testssh --rule 20022:22 fw-ssh
# Now access the ssh service of the container, <GATEWAY IP> is the ip address of the hosting server
daolictl firewall show testssh
ssh <GATEWAY IP> -p 20022

# Create a apache firewall rule named fw-web to container testweb, map the apache port 80 in the container to the server port 20080
daolictl firewall create --container testweb --rule 20080:80 fw-web
# Now access the apache service of the container, <GATEWAY IP> is the ip address of the hosting server
daolictl firewall show testweb
curl -L http://<GATEWAY IP>:20080

# Delete a named firewall rule
daolictl firewall delete fw-ssh fw-web

3. DaoliNet Operation for Container(Migration)

Docker Swarm can operate container for using local command, but not migration, daolinet implement it and show container network information.

3.1. Migrate Container

Daolinet implement migration function for container, it can rescheduler container to other docker host, and also keep container ip address and mac address.

daolictl container move --node <NODE-ID> <CONTAINER>

Example:

# by swarm scheduler.
daolictl container move testweb
# rescheduler to other node by id and hostname
daolictl container move --node othernode testweb

3.2. Show Container Networks

daolictl container shownet <CONTAINER>

Example:

daolictl container shownet testweb