Docker容器化高可用架构部署方案（三）

02-网络创建本文档详细介绍如何在所有节点上创建5个Macvlan网络这些网络将用于隔离不同服务层的通信。Macvlan网络概述Macvlan允许容器直接连接到物理网络每个容器拥有独立的MAC地址看起来就像网络上的物理机。本项目网络规划网络名称子网网关IP范围用途frontend-net172.20.1.0/24172.20.1.1172.20.1.11-13Nginx-LB、Keepalived VIPbackend-net172.20.2.0/24172.20.2.1172.20.2.11-23PHP服务、PHP-FPMcache-net172.20.3.0/24172.20.3.1172.20.3.11-33Redis、Sentineldatabase-net172.20.4.0/24172.20.4.1172.20.4.11-13MySQL MGRmanage-net172.20.5.0/24172.20.5.1172.20.5.13备份服务(仅Node3)在所有节点执行重要前提在创建Macvlan网络之前必须确保物理网卡ens33已确认。如果网卡名称不同请将命令中的ens33替换为实际网卡名称。创建frontend-netfrontend-net用于Nginx负载均衡器和Keepalived VIPdocker network create -d macvlan \ --subnet172.20.1.0/24 \ --gateway172.20.1.1 \ -o parentens33 \ frontend-net创建backend-netbackend-net用于PHP服务和PHP-FPMdocker network create -d macvlan \ --subnet172.20.2.0/24 \ --gateway172.20.2.1 \ -o parentens33 \ backend-net创建cache-netcache-net用于Redis主从集群和Sentinel哨兵docker network create -d macvlan \ --subnet172.20.3.0/24 \ --gateway172.20.3.1 \ -o parentens33 \ cache-net创建database-netdatabase-net用于MySQL MGR集群docker network create -d macvlan \ --subnet172.20.4.0/24 \ --gateway172.20.4.1 \ -o parentens33 \ database-net创建manage-netmanage-net用于Node3上的备份服务docker network create -d macvlan \ --subnet172.20.5.0/24 \ --gateway172.20.5.1 \ -o parentens33 \ manage-net一键创建所有网络为简化操作可以一次性创建所有5个网络# 创建frontend-net docker network create -d macvlan --subnet172.20.1.0/24 --gateway172.20.1.1 -o parentens33 frontend-net ​ # 创建backend-net docker network create -d macvlan --subnet172.20.2.0/24 --gateway172.20.2.1 -o parentens33 backend-net ​ # 创建cache-net docker network create -d macvlan --subnet172.20.3.0/24 --gateway172.20.3.1 -o parentens33 cache-net ​ # 创建database-net docker network create -d macvlan --subnet172.20.4.0/24 --gateway172.20.4.1 -o parentens33 database-net ​ # 创建manage-net docker network create -d macvlan --subnet172.20.5.0/24 --gateway172.20.5.1 -o parentens33 manage-netMacvlan shim接口配置Macvlan网络有一个限制宿主机无法直接与Macvlan网络中的容器通信除非使用macvlan的bridge模式。为解决这个问题需要创建shim接口。创建shim接口每网络一个# 为frontend-net创建shim ip link add shim-frontend link ens33 type macvlan mode bridge ip addr add 172.20.1.254/24 dev shim-frontend ip link set shim-frontend up ​ # 为backend-net创建shim ip link add shim-backend link ens33 type macvlan mode bridge ip addr add 172.20.2.254/24 dev shim-backend ip link set shim-backend up ​ # 为cache-net创建shim ip link add shim-cache link ens33 type macvlan mode bridge ip addr add 172.20.3.254/24 dev shim-cache ip link set shim-cache up ​ # 为database-net创建shim ip link add shim-database link ens33 type macvlan mode bridge ip addr add 172.20.4.254/24 dev shim-database ip link set shim-database up ​ # 为manage-net创建shim可选 ip link add shim-manage link ens33 type macvlan mode bridge ip addr add 172.20.5.254/24 dev shim-manage ip link set shim-manage up永久化shim接口配置为确保系统重启后shim接口仍然存在创建systemd服务sudo tee /etc/systemd/system/docker-macvlan-shim.service EOF [Unit] DescriptionDocker Macvlan Shim Interfaces Afternetwork-online.target Wantsnetwork-online.target ​ [Service] Typeoneshot ExecStart/bin/bash -c ip link add shim-frontend link ens33 type macvlan mode bridge 2/dev/null || true ip addr add 172.20.1.254/24 dev shim-frontend 2/dev/null || true ip link set shim-frontend up 2/dev/null || true ip link add shim-backend link ens33 type macvlan mode bridge 2/dev/null || true ip addr add 172.20.2.254/24 dev shim-backend 2/dev/null || true ip link set shim-backend up 2/dev/null || true ip link add shim-cache link ens33 type macvlan mode bridge 2/dev/null || true ip addr add 172.20.3.254/24 dev shim-cache 2/dev/null || true ip link set shim-cache up 2/dev/null || true ip link add shim-database link ens33 type macvlan mode bridge 2/dev/null || true ip addr add 172.20.4.254/24 dev shim-database 2/dev/null || true ip link set shim-database up 2/dev/null || true ip link add shim-manage link ens33 type macvlan mode bridge 2/dev/null || true ip addr add 172.20.5.254/24 dev shim-manage 2/dev/null || true ip link set shim-manage up 2/dev/null || true ExecStop/bin/bash -c ip link del shim-frontend 2/dev/null || true ip link del shim-backend 2/dev/null || true ip link del shim-cache 2/dev/null || true ip link del shim-database 2/dev/null || true ip link del shim-manage 2/dev/null || true RemainAfterExityes ​ [Install] WantedBymulti-user.target EOF ​ sudo systemctl daemon-reload sudo systemctl enable docker-macvlan-shim.service sudo systemctl start docker-macvlan-shim.service网络验证查看已创建的网络docker network ls预期输出NETWORK ID NAME DRIVER SCOPE xxxxxxxxxxxx bridge bridge local xxxxxxxxxxxx host host local xxxxxxxxxxxx none null local xxxxxxxxxxxx frontend-net macvlan local xxxxxxxxxxxx backend-net macvlan local xxxxxxxxxxxx cache-net macvlan local xxxxxxxxxxxx database-net macvlan local xxxxxxxxxxxx manage-net macvlan local查看网络详情docker network inspect frontend-net docker network inspect backend-net docker network inspect cache-net docker network inspect database-net docker network inspect manage-net验证shim接口ip addr show | grep shim-预期输出XX: shim-frontend: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state UP inet 172.20.1.254/24 scope global shim-frontend XX: shim-backend: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state UP inet 172.20.2.254/24 scope global shim-backend XX: shim-cache: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state UP inet 172.20.3.254/24 scope global shim-cache XX: shim-database: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state UP inet 172.20.4.254/24 scope global shim-database XX: shim-manage: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state UP inet 172.20.5.254/24 scope global shim-manage测试Macvlan连通性创建测试容器并验证网络连通# 创建测试容器临时使用 docker run --rm -it --network frontend-net --ip 172.20.1.200 alpine:latest sh # 在容器内测试 ping -c 3 172.20.1.1 # 测试网关 ping -c 3 172.20.1.254 # 测试宿主机shim exit删除网络如果需要重新创建网络先删除旧的# 删除所有Macvlan网络 docker network rm frontend-net docker network rm backend-net docker network rm cache-net docker network rm database-net docker network rm manage-net # 删除shim接口 ip link del shim-frontend ip link del shim-backend ip link del shim-cache ip link del shim-database ip link del shim-manage常见问题Q1: 创建网络时报错network already exists# 先删除再创建 docker network rm frontend-net docker network create -d macvlan --subnet172.20.1.0/24 --gateway172.20.1.1 -o parentens33 frontend-netQ2: 创建网络时报错invalid parent device检查网卡名称是否正确确认网卡处于UP状态检查macvlan模块是否已加载Q3: 容器无法获取IP检查子网是否与其他网络重叠确认IP地址没有被占用检查Docker版本是否支持Macvlan下一步完成网络创建后请继续03-目录创建.md - 创建部署目录结构04-创建配置文件.md - 创建所有配置文件