查看“Flannel安装配置”的源代码

==== 安装Flannel ====

flannel下载地址：https://github.com/coreos/flannel/releases

 sudo yum install -y flannel

==== 添加flannel网络配置信息到etcd ====

 curl http://127.0.0.1:2379/v2/keys/coreos.com/network/config
 {"errorCode":100,"message":"Key not found","cause":"/coreos.com","index":12}
 
 curl -X PUT http://127.0.0.1:2379/v2/keys/coreos.com/network/config -d value='{ "Network": "172.17.0.0/16" }'
 
 curl http://127.0.0.1:2379/v2/keys/coreos.com/network/config
 {"action":"get","node":{"key":"/coreos.com/network/config","value":"{ \"Network\": \"172.17.0.0/16\" }","modifiedIndex":13,"createdIndex":13}}

有两种方法可以设置，但是flannel 0.7.1版默认使用的是etcd V2的http接口，所以如果etcd是V3版本而且用第一种方法设置那么会导致fannel读取不到配置，运行flannel会报错failed to retrieve network config: 100: Key not found (/coreos.com)；如果ectd是V2版本，那么两种方法设置都可以。

同时，如果出现类似的报错，可以使用下面的命令测试

 curl http://172.0.0.1:2379/v2/keys/coreos.com/network/config

==== 创建日志目录 ====

 sudo mkdir -p /var/log/flannel
==== 修改flanneld配置 ====
查看flanne服务
 cat /usr/lib/systemd/system/flanneld.service
 [Unit]
 Description=Flanneld overlay address etcd agent
 After=network.target
 After=network-online.target
 Wants=network-online.target
 After=etcd.service
 Before=docker.service
 
 [Service]
 Type=notify
 EnvironmentFile=/etc/sysconfig/flanneld
 EnvironmentFile=-/etc/sysconfig/docker-network
 ExecStart=/usr/bin/flanneld-start $FLANNEL_OPTIONS
 ExecStartPost=/usr/libexec/flannel/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/docker
 Restart=on-failure
 
 [Install]
 WantedBy=multi-user.target
 WantedBy=docker.service

修改flannel配置文件
 vim /etc/sysconfig/flanneld
 修改为
 
 FLANNEL_ETCD_ENDPOINTS="http://etcd-cluser-ip:2379,http://etcd-cluser-ip:2379,http://etcd-cluser-ip:2379"
 FLANNEL_ETCD_PREFIX="/coreos.com/network"
 FLANNEL_OPTIONS="--logtostderr=false --log_dir=/var/log/flannel/ --iface=你的网卡名字"
==== 启动 ====

 sudo systemctl daemon-reload
 sudo systemctl start flanneld
 sudo systemctl status flanneld
 sudo systemctl enable flanneld

==== 配置Docker ====

Flanneld服务需要先于Docker启动，此时应该停掉Docker，待配置完之后重启。

配置好Flanneld之后它会从etcd中获取network的配置信息，然后划分subnet并在etcd中进行注册，然后将子网信息记录到/run/flannel/subnet.env中，最后将subnet.env转写成一个docker的环境变量文件/run/flannel/docker。

可以通过以下命令查看相关文件信息：

 cat /run/flannel/subnet.env
 FLANNEL_NETWORK=172.17.0.0/16
 FLANNEL_SUBNET=172.17.75.1/24
 FLANNEL_MTU=1472
 FLANNEL_IPMASQ=false
 [root@localhost ~]# cat /run/flannel/docker
 DOCKER_OPT_BIP="--bip=172.17.75.1/24"
 DOCKER_OPT_IPMASQ="--ip-masq=true"
 DOCKER_OPT_MTU="--mtu=1472"
 DOCKER_NETWORK_OPTIONS=" --bip=172.17.75.1/24 --ip-masq=true --mtu=1472"

此外，Flanneld还会自动修改Docker的配置

 systemctl show docker
 ...
 DropInPaths=/usr/lib/systemd/system/docker.service.d/flannel.conf
 ...
需要修改/usr/lib/systemd/system/docker.service，并应用/run/flannel/docker当中的DOCKER_NETWORK_OPTIONS配置：

 vi /usr/lib/systemd/system/docker.service
 ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock $DOCKER_NETWORK_OPTIONS
重启Docker:

 sudo systemctl daemon-reload
 sudo systemctl restart docker
 sudo systemctl status docker

==== 测试安装结果 ====

 ip addr show
 3: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN group default qlen 500
    link/none
    inet 172.17.75.0/16 scope global flannel0
       valid_lft forever preferred_lft forever


=== 测试容器互通 ===
两台机器启动docker 容器互ping 
 docker run -it busybox
 / # ip a
 
 13: eth0@if14: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1472 qdisc noqueue
    link/ether 02:42:ac:11:3f:03 brd ff:ff:ff:ff:ff:ff
    inet 172.17.63.3/24 brd 172.17.63.255 scope global eth0


 docker run -it busybox
 / # ip a
 
 5: eth0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1472 qdisc noqueue
    link/ether 02:42:ac:11:4b:02 brd ff:ff:ff:ff:ff:ff
    inet 172.17.75.2/24 brd 172.17.75.255 scope global eth0
 
 / # ping 172.17.63.3
 PING 172.17.63.3 (172.17.63.3): 56 data bytes
 64 bytes from 172.17.63.3: seq=0 ttl=60 time=0.689 ms

===容器不能互通的问题 ====
遇到的问题是目标端flannel0上有包发过来，但docker0网段没有任何包。

所以定位是目标段的flannel0->docker0的转发出了问题。

通过iptables -nvL 查看现有的iptables规则，发现

chain FORWARD链路 policy是DROP,以下命令修改

 iptables -P FORWARD ACCEPT