Debian Overlay怎么搭建

Here are the common scenarios for setting up “Debian Overlay” along with detailed steps:

1. Overlay Network (for Docker Containers)

An Overlay network enables cross-host communication between Docker containers, making them appear on the same virtual network regardless of their physical location.

Prerequisites

• A Debian-based system with Docker installed and running.
• Ensure Docker daemons on all hosts can communicate (e.g., via ports 7946/tcp/udp for discovery and 4789/tcp/udp for VXLAN).

Steps

1. Install Docker (if not already installed):

   sudo apt update
   sudo apt install docker-ce docker-ce-cli containerd.io
   sudo systemctl start docker
   sudo systemctl enable docker
   

2. Configure Docker Daemon: Edit /etc/docker/daemon.json to enable Overlay networking and specify default address pools:

   {
   
     "exec-opts": ["native.cgroupdriver=systemd"],
     "log-driver": "json-file",
     "log-opts": {
   "max-size": "100m"}
   ,
     "storage-driver": "overlay2",
     "default-address-pools": [{
   "base": "10.10.0.0/16", "size": 24}
   ]
   }
       
   

   Restart Docker to apply changes:

   sudo systemctl restart docker
   

3. Create an Overlay Network: Use docker network create with the --driver overlay flag. Specify a subnet (e.g., 10.10.1.0/24) for the network:

   docker network create --driver overlay --subnet 10.10.1.0/24 my_overlay_net
   

4. Deploy Services to the Overlay Network: Launch services (e.g., nginx) and connect them to the Overlay network. Use --replicas to scale services across multiple hosts:

   docker service create --name my_nginx --network my_overlay_net --replicas 3 nginx:latest
   

5. Verify Connectivity: Inspect the service to get container IPs, then ping between containers (replace < container_id> with actual IDs):

   docker service inspect --pretty my_nginx
   docker exec -it <
       container_id>
        ping <
       other_container_ip>
   
   

6. Optional: Configure Firewall: Allow Overlay traffic (ports 7946/tcp/udp for discovery, 4789/tcp/udp for VXLAN) using ufw:

   sudo ufw allow in on docker0 to any port 7946 proto udp
   sudo ufw allow in on docker0 to any port 4789 proto udp
   sudo ufw allow in on docker0 to any port 7946 proto tcp
   sudo ufw allow in on docker0 to any port 4789 proto tcp
   

2. Overlay Filesystem (Union Mount for Root Filesystem)

An Overlay filesystem combines a read-only base layer (e.g., the system root) with a writable upper layer, enabling lightweight system customization or persistence.

Prerequisites

• A Debian system with root access.
• Backup critical data before proceeding.

Steps

1. Install Required Packages: Ensure overlayroot (for automatic Overlay mounting) is installed:

   sudo apt update
   sudo apt install overlayroot
   

2. Create Directory Structure: Define three directories for the Overlay filesystem:

   • lowerdir: Read-only base layer (e.g., system root).
   • upperdir: Writable layer for changes.
   • workdir: Temporary directory for Overlay operations.

   sudo mkdir -p /overlay/{
   lower,upper,work}
       
   

3. Mount the Base Layer: Use tmpfs to create a temporary root for mounting the base layer (or use a physical partition):

   sudo mount -t tmpfs tmpfs /overlay -o size=4G
   sudo cp -a / /overlay/lower  # Copy system root to lowerdir
   

4. Configure OverlayFS: Edit /etc/overlayroot.conf to enable Overlay and specify directories:

   [general]
   enabled = yes
   upperdir = /overlay/upper
   workdir = /overlay/work
   lowerdir = /overlay/lower
   mergedir = /
   

5. Mount Overlay Manually (Test): Verify the configuration by manually mounting the Overlay filesystem:

   sudo mount -t overlay overlay -o lowerdir=/overlay/lower,upperdir=/overlay/upper,workdir=/overlay/work /
   

6. Persist Configuration: Add an entry to /etc/fstab to mount Overlay at boot:

   overlay / overlay defaults,lowerdir=/overlay/lower,upperdir=/overlay/upper,workdir=/overlay/work 0 0
   

7. Reboot and Verify: Restart the system to apply Overlay mounting:

   sudo reboot
   

   Check if the Overlay is active by listing mounts:

   mount | grep overlay
   

   Verify changes persist in the upper layer (e.g., modify a file in / and reboot—changes should remain).

Key Notes

• Overlay Network: Focuses on container communication; requires Docker and proper firewall rules.
• Overlay Filesystem: Focuses on filesystem customization; requires careful configuration of lowerdir, upperdir, and workdir.
• Testing: Always test configurations in a non-production environment before applying to production systems.

声明：本文内容由网友自发贡献，本站不承担相应法律责任。对本内容有异议或投诉，请联系2913721942#qq.com核实处理，我们将尽快回复您，谢谢合作！