장영호
IWINV 서비스의 가상 서버에서 Container 기반 docker를 운영할경우 적용해야할 네트워크 설정 사항에 대해 안내해드립니다.
IWINV 가상서버는 인스턴스내 MTU 를 1450으로 운영중이며 docker내 기본 MTU 1500으로 설정하게 되면 패킷사이즈를 초과하기에 네트워크 실행부분에서 오류가 발생하게 됩니다.
따라서 아래와 같은 방법으로 MTU 값을 수정하여 이용하시기 바랍니다.
여기서는 IWINV Ubuntu 16.04 64bit 서버에 docker를 설치하고 문제 발생사항과 해결 과정에 대해서 기술 하겠습니다.
테스트 환경
상품 : IWINV rCore.S3 (8Core / 24GB Memory / 25G SSD)
OS : Ubuntu 16.04 64bit
– IWINV 가상 서버에 docker 패키지 설치
root@docker-test:~# apt-get update && apt-get dist-upgrade
root@docker-test:~# apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
Executing: /tmp/tmp.fJD5sZHPlI/gpg.1.sh --keyserver
hkp://p80.pool.sks-keyservers.net:80
--recv-keys
58118E89F3A912897C070ADBF76221572C52609D
gpg: requesting key 2C52609D from hkp server p80.pool.sks-keyservers.net
gpg: key 2C52609D: public key "Docker Release Tool (releasedocker) <docker@docker.com>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
※ 서버에 docker 공식 저장소의 GPG key 추가
root@docker-test:~# apt-add-repository 'deb https://apt.dockerproject.org/repo ubuntu-xenial main'
※ 서버에 apt 소스에 docker 저장소 추가
root@docker-test:~# apt-get update
Get:1 https://apt.dockerproject.org/repo ubuntu-xenial InRelease [48.7 kB]
Get:2 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB]
Get:3 https://apt.dockerproject.org/repo ubuntu-xenial/main amd64 Packages [3,999 B]
Hit:4 http://rCore-8.clouds.archive.ubuntu.com/ubuntu xenial InRelease
Get:5 http://rCore-8.clouds.archive.ubuntu.com/ubuntu xenial-updates InRelease [102 kB]
Get:6 http://rCore-8.clouds.archive.ubuntu.com/ubuntu xenial-backports InRelease [102 kB]
Fetched 359 kB in 3s (119 kB/s)
Reading package lists... Done
※ 새 저장소에서 패키지 업데이트
root@docker-test:~# apt-get install -y docker-engine
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
linux-headers-4.4.0-59 linux-headers-4.4.0-59-generic linux-image-4.4.0-59-generic
Use 'apt autoremove' to remove them.
The following additional packages will be installed:
aufs-tools cgroupfs-mount libltdl7
Suggested packages:
mountall
The following NEW packages will be installed:
aufs-tools cgroupfs-mount docker-engine libltdl7
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 18.1 MB of archives.
After this operation, 85.2 MB of additional disk space will be used.
※ docker 설치
root@docker-test:~# dpkg -l |grep docker
ii docker-engine 17.04.0~ce-0~ubuntu-xenial amd64 Docker: the open-source application container engine
– docker 이미지 다운로드
root@docker-test:~# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
78445dd45222: Pull complete
Digest: sha256:c5515758d4c5e1e838e9cd307f6c6a0d620b5e07e6f927b07d05f6d12a1ac8d7
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
..
..
※ 위와 같이 출력되면 정상적으로 설치.
root@docker-test:~# docker search ubuntu
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
ubuntu Ubuntu is a Debian-based Linux operating s... 5878 [OK]
rastasheep/ubuntu-sshd Dockerized SSH service, built on top of of... 80 [OK]
ubuntu-upstart Upstart is an event-based replacement for ... 71 [OK]
ubuntu-debootstrap debootstrap --variant=minbase --components... 30 [OK]
torusware/speedus-ubuntu Always updated official Ubuntu docker imag... 27 [OK]
nuagebec/ubuntu Simple always updated Ubuntu docker images... 19 [OK]
nickistre/ubuntu-lamp LAMP server on Ubuntu 16 [OK]
nimmis/ubuntu This is a docker images different LTS vers... 7 [OK]
darksheer/ubuntu Base Ubuntu Image -- Updated hourly 2 [OK]
admiringworm/ubuntu Base ubuntu images based on the official u... 1 [OK]
jordi/ubuntu Ubuntu Base Image 1 [OK]
labengine/ubuntu Images base ubuntu 0 [OK]
webhippie/ubuntu Docker images for ubuntu 0 [OK]
vcatechnology/ubuntu A Ubuntu image that is updated daily 0 [OK]
forumi0721ubuntux64/ubuntu-x64-dev ubuntu-x64-dev 0 [OK]
datenbetrieb/ubuntu custom flavor of the official ubuntu base ... 0 [OK]
konstruktoid/ubuntu Ubuntu base image 0 [OK]
forumi0721ubuntuarmhf/ubuntu-armhf-dev ubuntu-armhf-dev 0 [OK]
forumi0721ubuntuaarch64/ubuntu-aarch64-dev ubuntu-aarch64-dev 0 [OK]
lynxtp/ubuntu https://github.com/lynxtp/docker-ubuntu 0 [OK]
teamrock/ubuntu TeamRock's Ubuntu image configured with AW... 0 [OK]
forumi0721ubuntux64/ubuntu-x64-dev-armbian ubuntu-x64-dev-armbian 0 [OK]
esycat/ubuntu Ubuntu LTS 0 [OK]
forumi0721ubuntux64/ubuntu-x64-dev-android ubuntu-x64-dev-android 0 [OK]
smartentry/ubuntu ubuntu with smartentry 0 [OK]
※ ubuntu image 확인
root@docker-test:~# docker pull ubuntu
Using default tag: latest
latest: Pulling from library/ubuntu
c62795f78da9: Pull complete
d4fceeeb758e: Pull complete
5c9125a401ae: Pull complete
0062f774e994: Pull complete
6b33fd031fac: Pull complete
Digest: sha256:c2bbf50d276508d73dd865cda7b4ee9b5243f2648647d21e3a471dd3cc4209a0
Status: Downloaded newer image for ubuntu:latest
※ ubuntu image 다운로드
root@docker-test:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu latest 6a2f32de169d 5 days ago 117MB
hello-world latest 48b5124b2768 3 months ago 1.84kB
– 컨테이너 생성후 apt update로 문제 사항 확인
root@docker-test:~# docker run -it ubuntu
root@dca1c02bf8f2:/# apt-get update
0% [Waiting for headers] [Waiting for headers]
※ update가 진행이 안되는 문제 발생하며 ftp 등 일부 서비스에서 문제 발생.
root@docker-test:~# docker run -it centos:6.8
[root@580606d04fad /]# ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02
inet addr:172.17.0.2 Bcast:0.0.0.0 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:648 (648.0 b) TX bytes:0 (0.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
[root@580606d04fad /]# yum update
Loaded plugins: fastestmirror, ovl
Setting up Update Process
http://mirror.oasis.onnetcorp.com/centos/6.9/os/x86_64/repodata/repomd.xml: [Errno 12] Timeout on http://mirror.oasis.onnetcorp.com/centos/6.9/os/x86_64.....
Trying other mirror.
※ redhat 계열인 centos에서도 동일한 문제가 발생하며 네트웍 디바이스의 MTU 값이 1500으로 확인된다.
– 문제 해결
root@docker-test:~# cp /lib/systemd/system/docker.service /etc/systemd/system/docker.service
'/lib/systemd/system/docker.service' -> '/etc/systemd/system/docker.service'
※ docker.service 파일 복사
root@docker-test:~# cat /etc/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target docker.socket firewalld.service
Wants=network-online.target
Requires=docker.socket
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --mtu 1450 # 해당 옵션 추가
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
※ IWINV 서비스의 인스턴스 MTU 값은 1450이며 1500으로 설정된 컨테이너 MTU값을 기본값 1450으로 변경한다.
root@docker-test:~# systemctl daemon-reload
root@docker-test:~# service docker restart
※ 데몬 리로드후 서비스 재시작
– 컨테이너 생성후 확인
root@docker-test:~# docker run -it ubuntu root@f0971e2d20fe:/# apt-get update Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB] Get:2 http://archive.ubuntu.com/ubuntu xenial InRelease [247 kB] .. .. Get:21 http://archive.ubuntu.com/ubuntu xenial-backports/universe amd64 Packages [2567 B] Fetched 23.9 MB in 7s (3305 kB/s) Reading package lists... Done ※ 우분투 컨테이너에서 update 정상 확인root@docker-test:~# docker run -it centos:6.8 [root@cd79e4f37d11 /]# ifconfigeth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02 inet addr:172.17.0.2 Bcast:0.0.0.0 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1450 Metric:1 RX packets:5 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:418 (418.0 b) TX bytes:0 (0.0 b) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)root@cd79e4f37d11 /]# yum updateLoaded plugins: fastestmirror, ovl Setting up Update Process base | 3.7 kB 00:00 base/primary_db | 4.7 MB 00:00 extras | 3.4 kB 00:00 extras/primary_db | 37 kB 00:00 updates | 3.4 kB 00:00 updates/primary_db | 703 kB 00:00 Resolving Dependencies --> Running transaction check ---> Package audit-libs.x86_64 0:2.4.5-3.el6 will be updated ---> Package audit-libs.x86_64 0:2.4.5-6.el6 will be an update .. .. Upgrade 56 Package(s) Total download size: 47 M ※ centos 컨테이너에서 update 및 MTU값 1450 확인