This Gist is similar to https://gist.github.com/noteed/8656989 which uses Open vSwitch instead of Tinc.
Download the install.sh
script and run it:
> https://gist.githubusercontent.com/noteed/11031504/raw/install.sh
> sh install.sh
Then configure Tinc, and edit and run shared-docker-tinc.sh
.
On each host, the Tinc configuration is similar:
/etc/tinc/
├── horde
│ ├── hosts
│ │ ├── host_1
│ │ └── host_2
│ ├── rsa_key.priv
│ ├── tinc.conf
│ ├── tinc-down
│ └── tinc-up
└── nets.boot
On a given host N:
-
The
rsa_key.priv
must be generated, and the corresponding public key is put in/etc/tinc/horde/hosts/host_n
. -
The
Address =
entry in thehost_n
file is not necessary but does no harm. -
The
Name =
entry intinc.conf
must be set tohost_n
. -
The
ConnectTo =
entry intinc.conf
must be set to the "other" host.
To generate Tinc public/private key pairs:
> tincd -n horde -K
If the BRIDGE_ADDRESS
variable is set on the two hosts as 172.16.41.1
and
172.16.41.2
, the subnet in tinc.conf
can be the same on both hosts:
Subnet = 172.16.41.0/24
and the last line in shared-docker-tinc.sh
to setup the route is not needed.
In such a configuration there is a problem: Docker will start allocating IP
addresses to containers almost identically on both hosts (e.g. you will end up
with both hosts having a container with IP 172.16.41.3
).
To avoid that problem, the BRIDGE_ADDRESS
should be in different subnets. For
instance on host_1:
Subnet = 172.16.41.0/24 # In tinc.conf.
BRIDGE_ADDRESS=172.16.41.1/24 # In shared-docker-tinc.sh.
OTHER_BRIDGE_ADDRESS=172.16.42.0
And on host_2:
Subnet = 172.16.42.0/24 # In tinc.conf.
BRIDGE_ADDRESS=172.16.42.1/24 # In shared-docker-tinc.sh.
OTHER_BRIDGE_ADDRESS=172.16.41.0