*Docker의 네트워크 모델:
CNM을 사용한다: Container Network Model
SandboxID...
샌드박스는 독립적인 환경에 컨테이너의 네트워킹 configuration을 물고 있는 것이다
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 | "NetworkSettings": { "Bridge": "", "SandboxID": "91896e3968b1aedee2ba4275531b7ff1435f2cd3233a703c553990f65246cdeb", "HairpinMode": false, "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "Ports": {}, "SandboxKey": "/var/run/docker/netns/91896e3968b1", "SecondaryIPAddresses": null, "SecondaryIPv6Addresses": null, "EndpointID": "8bd83561b900d05dab2ed804b28ded759cf1e174858dad6e6c6d47f549e33d51", "Gateway": "172.17.0.1", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAddress": "172.17.0.2", "IPPrefixLen": 16, "IPv6Gateway": "", "MacAddress": "02:42:ac:11:00:02", "Networks": { "bridge": { "IPAMConfig": null, "Links": null, "Aliases": null, "NetworkID": "76d13a20d92c8d68860705f57e8989055660ac78cafea4eaa033cb1fd856e6fa", "EndpointID": "8bd83561b900d05dab2ed804b28ded759cf1e174858dad6e6c6d47f549e33d51", "Gateway": "172.17.0.1", "IPAddress": "172.17.0.2", "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:11:00:02", "DriverOpts": null } } } } ] [root@host01-2 _data]# ^C [root@host01-2 _data]# docker network ls NETWORK ID NAME DRIVER SCOPE 76d13a20d92c bridge bridge local a4bddc4df10b host host local e9ef483dde2d none null local [root@host01-2 _data]# docker attach 76d13a20d92c Error: No such container: 76d13a20d92c [root@host01-2 _data]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e3343a6dd1be reg.cloud.com/busybox "sh" 2 minutes ago Up 2 minutes focused_albattani [root@host01-2 _data]# docker attach e3343a6dd1be / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 150: eth0@if151: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever / # | cs |
서로 다른 L2의 인스턴스들이 서로 통신하려면...
eth0를 가지고 별도 컨테이너가 2개의 컨테이너의 bridge 역할을 한다.
*docker의 기본 네트워크
docker0를 통해 통신한다. 아래는 bridge 구성 :
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 | [root@host01-2 _data]# docker network ls NETWORK ID NAME DRIVER SCOPE 76d13a20d92c bridge bridge local a4bddc4df10b host host local e9ef483dde2d none null local [root@host01-2 _data]# docker inspect bridge [ { "Name": "bridge", "Id": "76d13a20d92c8d68860705f57e8989055660ac78cafea4eaa033cb1fd856e6fa", "Created": "2018-05-21T15:11:08.970105946+09:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "172.17.0.0/16", #bridge의 "Gateway": "172.17.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": {}, "Options": { "com.docker.network.bridge.default_bridge": "true", "com.docker.network.bridge.enable_icc": "true", #같은 bridge 내에서 통신하게 할 것인가? 이 부분이 false라면 컨테이너간 통신이 안된다 "com.docker.network.bridge.enable_ip_masquerade": "true", #masquerade는 일종의 NAT역할을 한다. "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", "com.docker.network.bridge.name": "docker0", #docker0 가 bridge 역할 "com.docker.network.driver.mtu": "1500" }, "Labels": {} } ] [root@host01-2 _data]# | cs |
- 기본적으로 도커의 네트워크는 HOST에서 iptables 룰을 타고 나간다.
=> 네트워크 지연이 거의 없다...베어메탈과 거의 동급
=> 반면 보안쪽으로 민감한 사항들도 있다.
- 컨테이너간 통신(C1 : 80, C2: 81, C3: 82 일 경우 서로 통신은 어떻게 하나?) :
=> localhost로 통신하면 된다.
- 도커는 결국 하나다(bridge라는 driver) :
1 2 3 4 5 6 7 | [root@host01-2 _data]# docker network ls NETWORK ID NAME DRIVER SCOPE 76d13a20d92c bridge bridge local #bridge a4bddc4df10b host host local #호스트와 네트워크를 공유 e9ef483dde2d none null local #네트워크 X | cs |
* 멀티호스트 네트워킹(VxLAN 사용) / 단일호스트 네트워킹
- VXLAN
- SDN
- NFV
- Service Channing
보안을 고려한 분산 네트워크 시,
L2로 구성되어있는데 IPS가 1개만 있다면, 결국 IPS가 없는 인스턴스에서 다른 하나의 인스턴스까지 접근해야 하는 아키텍처를 구성해야 한다.
IAAS > PAAS
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 | [root@host01-2 _data]# docker inspect bridge [ { "Name": "bridge", "Id": "76d13a20d92c8d68860705f57e8989055660ac78cafea4eaa033cb1fd856e6fa", "Created": "2018-05-21T15:11:08.970105946+09:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "172.17.0.0/16", "Gateway": "172.17.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": {}, #컨테이너가 없다 "Options": { "com.docker.network.bridge.default_bridge": "true", "com.docker.network.bridge.enable_icc": "true", "com.docker.network.bridge.enable_ip_masquerade": "true", "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", "com.docker.network.bridge.name": "docker0", "com.docker.network.driver.mtu": "1500" }, "Labels": {} } ] [root@host01-2 _data]# docker inspect bridge [ { "Name": "bridge", "Id": "76d13a20d92c8d68860705f57e8989055660ac78cafea4eaa033cb1fd856e6fa" , "Created": "2018-05-21T15:11:08.970105946+09:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "172.17.0.0/16", "Gateway": "172.17.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { "8c4add8d8d16d6b7d9eb247cee125e012a803c61f5b6592c8819dd30b926fbab": { "Name": "c1", "EndpointID": "dfda49ba957d32e371c012c3952f01aaff83e2c3c9668fbae 07cb53595ef02d5", "MacAddress": "02:42:ac:11:00:02", "IPv4Address": "172.17.0.2/16", "IPv6Address": "" } }, "Options": { "com.docker.network.bridge.default_bridge": "true", "com.docker.network.bridge.enable_icc": "true", "com.docker.network.bridge.enable_ip_masquerade": "true", "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", "com.docker.network.bridge.name": "docker0", "com.docker.network.driver.mtu": "1500" }, "Labels": {} } ] [root@host01-2 _data]# docker inspect bridge [ { "Name": "bridge", "Id": "76d13a20d92c8d68860705f57e8989055660ac78cafea4eaa033cb1fd856e6fa", "Created": "2018-05-21T15:11:08.970105946+09:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "172.17.0.0/16", "Gateway": "172.17.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { "703292574cb0d7730b1fe601acf826a99ac2530b056624ae2ad808e1e90db2f1": { "Name": "c2", "EndpointID": "43da37e1fef531cf525de9dae8801889e819108f27113bed9b09bda6e82cb95e", "MacAddress": "02:42:ac:11:00:03", "IPv4Address": "172.17.0.3/16", "IPv6Address": "" }, "8c4add8d8d16d6b7d9eb247cee125e012a803c61f5b6592c8819dd30b926fbab": { "Name": "c1", "EndpointID": "dfda49ba957d32e371c012c3952f01aaff83e2c3c9668fbae07cb53595ef02d5", "MacAddress": "02:42:ac:11:00:02", "IPv4Address": "172.17.0.2/16", "IPv6Address": "" } }, "Options": { "com.docker.network.bridge.default_bridge": "true", "com.docker.network.bridge.enable_icc": "true", "com.docker.network.bridge.enable_ip_masquerade": "true", "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", "com.docker.network.bridge.name": "docker0", "com.docker.network.driver.mtu": "1500" }, "Labels": {} } ] [root@host01-2 _data]# docker attach c1 / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 152: eth0@if153: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever / # exit d[root@host01-2 _data]# docker ps a "docker ps" accepts no arguments. See 'docker ps --help'. Usage: docker ps [OPTIONS] [flags] List containers [root@host01-2 _data]# docker ps -aa CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 703292574cb0 reg.cloud.com/busybox "sh" 29 seconds ago Up 27 seconds c2 8c4add8d8d16 reg.cloud.com/busybox "sh" 50 seconds ago Exited (0) 5 seconds ago c1 [root@host01-2 _data]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 703292574cb0 reg.cloud.com/busybox "sh" 31 seconds ago Up 29 seconds c2 8c4add8d8d16 reg.cloud.com/busybox "sh" 52 seconds ago Exited (0) 7 seconds ago c1 [root@host01-2 _data]# network inspect -bash: network: command not found [root@host01-2 _data]# docker network inspect "docker network inspect" requires at least 1 argument. See 'docker network inspect --help'. Usage: docker network inspect [OPTIONS] NETWORK [NETWORK...] [flags] Display detailed information on one or more networks [root@host01-2 _data]# docker inspect bridge [ { "Name": "bridge", "Id": "76d13a20d92c8d68860705f57e8989055660ac78cafea4eaa033cb1fd856e6fa", "Created": "2018-05-21T15:11:08.970105946+09:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "172.17.0.0/16", "Gateway": "172.17.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { "703292574cb0d7730b1fe601acf826a99ac2530b056624ae2ad808e1e90db2f1": { "Name": "c2", #c1은 사라지고 c2만 "EndpointID": "43da37e1fef531cf525de9dae8801889e819108f27113bed9b09bda6e82cb95e", "MacAddress": "02:42:ac:11:00:03", "IPv4Address": "172.17.0.3/16", "IPv6Address": "" } }, "Options": { "com.docker.network.bridge.default_bridge": "true", "com.docker.network.bridge.enable_icc": "true", "com.docker.network.bridge.enable_ip_masquerade": "true", "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", "com.docker.network.bridge.name": "docker0", "com.docker.network.driver.mtu": "1500" }, "Labels": {} } ] [root@host01-2 _data]# root@host01-2 _data]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 703292574cb0 reg.cloud.com/busybox "sh" 3 minutes ago Up 3 minutes c2 8c4add8d8d16 reg.cloud.com/busybox "sh" 3 minutes ago Exited (0) 2 minutes ago c1 [root@host01-2 _data]# docker attach c2 / # cat /etc/resolv.conf # Generated by NetworkManager search cloud.com nameserver 10.10.12.1 | cs |
*기본적으로 host 네트워크를 공유함으로 통신이 docker0를 통해 이루어진다. User Defined Network를 사용하기 위해서는...DNS설정 필요...사용자 정의 네트워크를 만들어 띄울 수 있다,
* 사용자 정의 네트워크를 만들어 띄우기
Container name이 DNS로 올라간다
*사용자 정의 네트워크를 통해 C3, C4 컨테이너를 띄워보자(기존 host network와 다른 네트워크) :
(C3에서 C4로 ping 실행 시 dns에서 ip를 알려준다.)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 | [root@host01-2 _data]# docker network ls NETWORK ID NAME DRIVER SCOPE 76d13a20d92c bridge bridge local a4bddc4df10b host host local e9ef483dde2d none null local [root@host01-2 _data]# docker network create test efe418b38219518e5a7b4d09902dd5c4772c9a4ce9a715a842b60d6848165825 [root@host01-2 _data]# docker network ls NETWORK ID NAME DRIVER SCOPE 76d13a20d92c bridge bridge local a4bddc4df10b host host local e9ef483dde2d none null local efe418b38219 test bridge local [root@host01-2 _data]# docker run --name c3 --network=test --itd reg.cloud.com/busybox unknown flag: --itd See 'docker run --help'. [root@host01-2 _data]# docker run --name c3 --network=test -itd reg.cloud.com/busybox 28674f6d5ac97c95694b4342a76e34120c872c9914881d7fb7a8d9860f587fe8 [root@host01-2 _data]# docker run --name c4 --network=test -itd reg.cloud.com/busybox 48d67f53f81a5c61a1358e02576a1000d8a8d1395df4dfb13e0675408d90d714 [root@host01-2 _data]# docker attach c3 / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 157: eth0@if158: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff inet 172.18.0.2/16 brd 172.18.255.255 scope global eth0 valid_lft forever preferred_lft forever / # hostname 28674f6d5ac9 / # ping c4 PING c4 (172.18.0.3): 56 data bytes 64 bytes from 172.18.0.3: seq=0 ttl=64 time=0.257 ms 64 bytes from 172.18.0.3: seq=1 ttl=64 time=0.178 ms 64 bytes from 172.18.0.3: seq=2 ttl=64 time=0.177 ms 64 bytes from 172.18.0.3: seq=3 ttl=64 time=0.181 ms 64 bytes from 172.18.0.3: seq=4 ttl=64 time=0.180 ms 64 bytes from 172.18.0.3: seq=5 ttl=64 time=0.178 ms 64 bytes from 172.18.0.3: seq=6 ttl=64 time=0.178 ms 64 bytes from 172.18.0.3: seq=7 ttl=64 time=0.206 ms | cs |
*docker0와 별도의 사용자 정의 네트워크 구성
isolated_nw라는 사용자정의 네트워크를 새로 만들고
C3, C4, C5 컨테이너를 구성한다.
C4를 Web이라는 이름으로 조회
C5를 DB라는 이름으로 조회
*Alias 할당 방법 (link로 구성) - db, web이라는 이름으로도 ping 가능
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | [root@host01-2 ~]# docker run --network=isolated_nw -itd --name c5 --link c4:web reg.cloud.com/b^Cybox [root@host01-2 ~]# docker rm -f $(docker ps -aq) 9891fb7e3af2 ec900985c74c 1df32b36382b 33c48eda73cc 079bb7c7c709 [root@host01-2 ~]# docker run --network=isolated_nw -itd --name c5 --link c4:web reg.cloud.com/busybox 0a0c051a84839085601e938e3843015263b1867cf87db9985051cb20d2aca433 [root@host01-2 ~]# docker run --network=isolated_nw -itd --name c4 --link c5:db reg.cloud.com/busybox 6c07e34435a360d3142f0955a06a64197775902095ea54ff9009c6107593c98d [root@host01-2 ~]# docker attach c4 / # ping c5 PING c5 (172.25.0.2): 56 data bytes 64 bytes from 172.25.0.2: seq=0 ttl=64 time=0.287 ms 64 bytes from 172.25.0.2: seq=1 ttl=64 time=0.180 ms ^C --- c5 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 0.180/0.233/0.287 ms / # ping db PING db (172.25.0.2): 56 data bytes 64 bytes from 172.25.0.2: seq=0 ttl=64 time=0.159 ms 64 bytes from 172.25.0.2: seq=1 ttl=64 time=0.183 ms ^C --- db ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 0.159/0.171/0.183 ms / # ^C / # | cs |
*Alias 할당 방법 (network_alias로 구성) - alias로 호출하면(c6, c7 round robin방식으로 라턴)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 | [root@host01-2 ~]# docker run -itd --network=isolated_nw --name c6 --network-alias app reg.cloud.com/busybox 117113d2b352a4a7253914d1b1178cf92e6ef6aa49bf194f25f81fe8ccf5452a ^[[A[root@host01-2 ~]# docker run -itd --network=isolated_nw --name c7 --network-alias app reg.cloud.com/busybox 23b79ec545f71d9a448829fbdd1c30ee1a1110d07742a067c7475544d6987abe [root@host01-2 ~]# docker run --network=isolated_nw -it --name c8 reg.cloud.com/busybox / # ping c6 PING c6 (172.25.0.4): 56 data bytes 64 bytes from 172.25.0.4: seq=0 ttl=64 time=0.261 ms 64 bytes from 172.25.0.4: seq=1 ttl=64 time=0.176 ms ^C --- c6 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 0.176/0.218/0.261 ms / # ping c7 PING c7 (172.25.0.5): 56 data bytes 64 bytes from 172.25.0.5: seq=0 ttl=64 time=0.265 ms 64 bytes from 172.25.0.5: seq=1 ttl=64 time=0.179 ms ^C --- c7 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 0.179/0.222/0.265 ms / # ping app PING app (172.25.0.4): 56 data bytes 64 bytes from 172.25.0.4: seq=0 ttl=64 time=0.189 ms 64 bytes from 172.25.0.4: seq=1 ttl=64 time=0.177 ms ^C --- app ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 0.177/0.183/0.189 ms / # | cs |
* LINK 개념(old) - 지금은 사용 안함(Why? 싱글 호스트만 지원가능) => 이제는 User Defined Network를 사용한다
C1(DB) <------C2(web)
DNS서버를 조회하기 전에 C2서버에서 먼저 조회하는 파일이 /etc/hosts 파일임!!
C2으로부터 expose의 정보가 모두 c2로 넘어간다?
* link 사용법(env로 MYSQL_ROOT_PASSWORD를 포함한 env 정보가 넘어간다)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 | [root@host01-2 ~]# docker run --name db -e MYSQL_ROOT_PASSWORD=1234 -d reg.cloud.com/mysql c718db3a5bed23a0c8f4bba81b2500e9350b3813364cf2780c86b27ac1754732 [root@host01-2 ~]# docker logs db Initializing database 2018-05-24T05:50:32.189359Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). 2018-05-24T05:50:34.743553Z 0 [Warning] InnoDB: New log files created, LSN=45790 2018-05-24T05:50:35.111689Z 0 [Warning] InnoDB: Creating foreign key constraint system tables. 2018-05-24T05:50:35.216022Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: 60c3bc8a-5f16-11e8-a17f-0242ac110002. 2018-05-24T05:50:35.234417Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened. 2018-05-24T05:50:35.235689Z 1 [Warning] root@localhost is created with an empty password ! Please consider switching off the --initialize-insecure option. 2018-05-24T05:50:39.434990Z 1 [Warning] 'user' entry 'root@localhost' ignored in --skip-name-resolve mode. 2018-05-24T05:50:39.435049Z 1 [Warning] 'user' entry 'mysql.session@localhost' ignored in --skip-name-resolve mode. 2018-05-24T05:50:39.435078Z 1 [Warning] 'user' entry 'mysql.sys@localhost' ignored in --skip-name-resolve mode. 2018-05-24T05:50:39.435139Z 1 [Warning] 'db' entry 'performance_schema mysql.session@localhost' ignored in --skip-name-resolve mode. 2018-05-24T05:50:39.435158Z 1 [Warning] 'db' entry 'sys mysql.sys@localhost' ignored in --skip-name-resolve mode. 2018-05-24T05:50:39.435198Z 1 [Warning] 'proxies_priv' entry '@ root@localhost' ignored in --skip-name-resolve mode. 2018-05-24T05:50:39.435294Z 1 [Warning] 'tables_priv' entry 'user mysql.session@localhost' ignored in --skip-name-resolve mode. 2018-05-24T05:50:39.435326Z 1 [Warning] 'tables_priv' entry 'sys_config mysql.sys@localhost' ignored in --skip-name-resolve mode. [root@host01-2 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c718db3a5bed reg.cloud.com/mysql "docker-entrypoint.s…" 22 seconds ago Up 21 seconds 3306/tcp db 23b79ec545f7 reg.cloud.com/busybox "sh" 22 minutes ago Up 22 minutes c7 117113d2b352 reg.cloud.com/busybox "sh" 22 minutes ago Up 22 minutes c6 6c07e34435a3 reg.cloud.com/busybox "sh" 25 minutes ago Up 25 minutes c4 0a0c051a8483 reg.cloud.com/busybox "sh" 25 minutes ago Up 25 minutes c5 [root@host01-2 ~]# docker exec db env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin HOSTNAME=c718db3a5bed MYSQL_ROOT_PASSWORD=1234 GOSU_VERSION=1.7 MYSQL_MAJOR=5.7 MYSQL_VERSION=5.7.20-1debian8 HOME=/root [root@host01-2 ~]# docker run -it --link db:sql reg.cloud.com/mysql bash root@e0de0246a2a3:/# cat /etc/resolv.conf # Generated by NetworkManager search cloud.com nameserver 10.10.12.1 root@e0de0246a2a3:/# cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 172.17.0.2 sql c718db3a5bed db 172.17.0.3 e0de0246a2a3 root@e0de0246a2a3:/# ping sql PING sql (172.17.0.2): 56 data bytes 64 bytes from 172.17.0.2: icmp_seq=0 ttl=64 time=0.328 ms 64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.202 ms ^C--- sql ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.202/0.265/0.328/0.063 ms root@e0de0246a2a3:/# env HOSTNAME=e0de0246a2a3 TERM=xterm MYSQL_VERSION=5.7.20-1debian8 SQL_ENV_MYSQL_VERSION=5.7.20-1debian8 SQL_PORT_3306_TCP=tcp://172.17.0.2:3306 SQL_NAME=/brave_panini/sql PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin SQL_PORT_3306_TCP_ADDR=172.17.0.2 SQL_ENV_MYSQL_MAJOR=5.7 PWD=/ SQL_PORT_3306_TCP_PORT=3306 SQL_ENV_MYSQL_ROOT_PASSWORD=1234 HOME=/root SHLVL=1 SQL_PORT_3306_TCP_PROTO=tcp MYSQL_MAJOR=5.7 GOSU_VERSION=1.7 SQL_ENV_GOSU_VERSION=1.7 SQL_PORT=tcp://172.17.0.2:3306 _=/usr/bin/env root@e0de0246a2a3:/# | cs |
'Docker(도커) Kubernetes' 카테고리의 다른 글
| docker swarm 사용법 (0) | 2018.05.24 |
|---|---|
| Docker cp 명령어, Docker Compose (0) | 2018.05.24 |
| docker 볼륨(volume) 컨테이너 마운트 방법 (0) | 2018.05.24 |
| Docker Container 메모리 / CPU 제어 (0) | 2018.05.23 |
| docker image tag 관리, dockerfile 생성하기, 인스트럭션 사용법 (0) | 2018.05.23 |