Esercizio 3: due reti e routing
03net1-ccli-net2-cssh
Due reti, client e server SSH su reti diverse.
Problema del routing.
Scaffolding
Creare la directory di progetto:
mkdir 03net1-ccli-net2-cssh
cd 03net1-ccli-net2-cssh
Lo scaffolding è:
.
├── ccli
│ └── Dockerfile
├── cfw
│ └── Dockerfile
├── cssh
│ └── Dockerfile
└── docker-compose.yml
I Dockerfile di ccli e cssh sono gli stessi dell’esercizio 01net1-ccli-cssh.
Creare uno Gnome-terminal per three.
Files
cfw/Dockerfile
vim cfw/Dockerfile
FROM alpine:3.7
MAINTAINER John Smith <john@stormforce.ac>
RUN apk --update add --no-cache openssh tcpdump curl iptables
CMD ["/bin/sleep","1000000"]
docker-compose.yml
vim docker-compose.yml
version: '3.6'
services:
one:
build: ccli
image: ccli
container_name: one
hostname: one
cap_add:
- ALL
networks:
net1:
ipv4_address: 192.168.101.11
two:
build: cssh
image: cssh
container_name: two
hostname: two
cap_add:
- ALL
networks:
net2:
ipv4_address: 192.168.102.12
three:
build: cfw
image: cfw
container_name: three
hostname: three
cap_add:
- ALL
networks:
net1:
ipv4_address: 192.168.101.10
net2:
ipv4_address: 192.168.102.10
networks:
net1:
name: net1
ipam:
driver: default
config:
- subnet: 192.168.101.0/24
net2:
name: net2
ipam:
driver: default
config:
- subnet: 192.168.102.0/24
Raggiungibilità
Aprire i terminali one, two, three.
Su one (192.168.101.11):
ping 192.168.101.10 - funziona
ping 192.168.102.12 - non funziona
Su two (192.168.102.12):
ping 192.168.102.10 - funziona
ping 192.168.101.11 - non funziona
Manca il routing. Aggiungerlo manualmente.
Su one:
ip route add 192.168.102.0/24 via 192.168.101.10
Su two:
ip route add 192.168.101.0/24 via 192.168.102.10
Riprovare la raggiungibilità. Ora funziona.
Ma vogliamo che vi sia in automatico al lancio dei containers, non aggiungerla a mano.
Useremo degli entrypoints.
Modifica al Client
Modifica a one (ccli).
vi ccli/entrypoint.sh
#! /bin/sh
echo "Waiting 2 seconds for router"
sleep 2
ip route add 192.168.102.0/24 via 192.168.101.10 || true
exec "$@"
vi ccli/Dockerfile
FROM alpine:3.7
MAINTAINER John Smith <john@stormforce.ac>
RUN apk --update add --no-cache openssh tcpdump curl
COPY entrypoint.sh /
RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
CMD ["/bin/sleep","1000000"]
Modifica al Server
Modifica a two (cssh).
vi cssh/entrypoint.sh
#! /bin/sh
echo "Waiting 2 seconds for router"
sleep 2
ip route add 192.168.101.0/24 via 192.168.102.10 || true
exec "$@"
vi cssh/Dockerfile
....
RUN ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_key
RUN adduser -D pippo && echo "pippo:pluto" | chpasswd
COPY entrypoint.sh /
RUN chmod +x /entrypoint.sh
EXPOSE 22
ENTRYPOINT ["/entrypoint.sh"]
CMD ["/usr/sbin/sshd","-D"]
Modifica a docker-compose.yml
vim docker-compose.yml
version: '3.6'
services:
one:
build: ccli
image: ccli
container_name: one
hostname: one
depends_on:
- three
cap_add:
- ALL
networks:
net1:
ipv4_address: 192.168.101.11
two:
build: cssh
image: cssh
container_name: two
hostname: two
depends_on:
- three
cap_add:
- ALL
networks:
net2:
ipv4_address: 192.168.102.12
three:
build: cfw
image: cfw
container_name: three
hostname: three
cap_add:
- ALL
networks:
net1:
ipv4_address: 192.168.101.10
net2:
ipv4_address: 192.168.102.10
networks:
net1:
name: net1
ipam:
driver: default
config:
- subnet: 192.168.101.0/24
net2:
name: net2
ipam:
driver: default
config:
- subnet: 192.168.102.0/24
Riprova
Cancellare le immagini ccli e cssh:
docker rmi ccli:latest cssh:latest
Lanciare il progetto:
docker-compose up
Non dare -d la prima volta, per vedere i logs.
Vengono ricreate le immagini ccli e csh.
Aprire i terminali one e two che si pingano a vicenda. Dovrebbero vedersi.