diff options
| author | luwenpeng <[email protected]> | 2021-03-18 10:02:34 +0800 |
|---|---|---|
| committer | luwenpeng <[email protected]> | 2021-03-18 10:54:53 +0800 |
| commit | bf6d9cf89778336375269492544f5b51e25ceb11 (patch) | |
| tree | 56c44a157b71dbdb76307bb4e10a062435b834d4 /init_tfe_env.sh | |
| parent | 67c83e29127f4b85035055fa9fb791cab43a4348 (diff) | |
设置 tfe 容器的运行环境
1.透传 TAP 网卡到 tfe 的容器里
2.在宿主机设置 sysctl 参数
Diffstat (limited to 'init_tfe_env.sh')
| -rw-r--r-- | init_tfe_env.sh | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/init_tfe_env.sh b/init_tfe_env.sh new file mode 100644 index 0000000..0c29f78 --- /dev/null +++ b/init_tfe_env.sh @@ -0,0 +1,79 @@ +#!/bin/bash + +NIC=tap0 +PEER_IP=172.16.2.1 +LOCAL_IP=172.16.2.2 +LOCAL_MAC=fe:65:b7:00:00:01 +container=tfe-container-v4.4 + +exposedockernetns () +{ + pid=`docker inspect -f '{{.State.Pid}}' $1` + ln -s /proc/$pid/ns/net /var/run/netns/$1 + echo "netns of ${1} exposed as /var/run/netns/${1}" +} + +dockerrmf () +{ + docker kill `docker ps --no-trunc -aq` + docker rm `docker ps --no-trunc -aq` +} + +cp tfe_sysctl.conf /etc/sysctl.d/ +sysctl -p /etc/sysctl.d/tfe_sysctl.conf + +#dockerrmf +#ip tuntap del dev ${NIC} mode tap +#ip tuntap add dev ${NIC} mode tap one_queue +ip netns list + +############################################################################### +# 注意:需要停止 tfe-env 脚本 +# cd /home/lwp/tsg_container +# docker-compose up tfe +############################################################################### + +rm -Rf /var/run/netns/* +mkdir -p /var/run/netns +exposedockernetns ${container} +ip link set ${NIC} netns ${container} + +ip netns exec ${container} ip link set ${NIC} address ${LOCAL_MAC} +ip netns exec ${container} ip link set ${NIC} up + +# IPv4 策略路由 +ip netns exec ${container} ip addr add ${LOCAL_IP}/24 dev ${NIC} + +ip netns exec ${container} ip rule add iif ${NIC} tab 100 +ip netns exec ${container} ip route add local default dev lo table 100 + +ip netns exec ${container} ip rule add fwmark 0x65 lookup 101 +ip netns exec ${container} ip route add default dev ${NIC} via ${PEER_IP} table 101 + +# IPv6 策略路由 +ip netns exec ${container} ip addr add fd00::02/64 dev ${NIC} + +ip netns exec ${container} ip -6 route add default via fd00::01 + +ip netns exec ${container} ip -6 rule add iif ${NIC} tab 102 +ip netns exec ${container} ip -6 route add local default dev lo table 102 + +# iptables +ip netns exec ${container} iptables -A INPUT -i ${NIC} -m bpf \ + --bytecode '14,48 0 0 0,84 0 0 240,21 0 10 64,48 0 0 9,21 0 8 6,40 0 0 6,69 6 0 8191,177 0 0 0,80 0 0 20,21 0 3 88,80 0 0 21,21 0 1 4,6 0 0 65535,6 0 0 0' \ + -j NFQUEUE --queue-num 1 + +echo "================ run 'ip addr list' in container ================" +ip netns exec ${container} ip addr list + +echo "================ run 'ip rule list' in container ================" +ip netns exec ${container} ip rule list + +echo "================ run 'ip route list' in container ================" +ip netns exec ${container} ip route list + +echo "================ run 'iptables' in container ================" +ip netns exec ${container} iptables -L + +echo "================ run 'ping' in container ================" +ip netns exec ${container} ping -c10 ${PEER_IP} |