Auto deploy from GitHub Actions build 349

[915a942] iBug: services/mirrors/docker: Add policy-based routing docker networks

faq/docker/index.html

@@ -2396,7 +2396,7 @@ <h1 id="docker">Docker 相关问题<a class="headerlink" href="#docker" title="P
 <h2 id="debian-11-aufs">Debian 11 中不再支持 aufs<a class="headerlink" href="#debian-11-aufs" title="Permanent link">&para;</a></h2>
 <p>从 Debian 10 升级到 Debian 11 时，<code>aufs-dkms</code> 不再包含在新内核中：</p>
 <blockquote>
-<p>aufs-dkms 软件包将不作为 bullseye 的一部分出现。大多数 aufs-dkms 用户应当切换至 overlayfs，后者提供了相似的功能且具有内核的支持。然而，某些 Debian 安装实例可能使用了不兼容 overlayfs 的文件系统，如不带有 d_type 的 xfs。我们建议需要使用 aufs-dkms 的用户在升级至 bullseye 之前先进行迁移。 </p>
+<p>aufs-dkms 软件包将不作为 bullseye 的一部分出现。大多数 aufs-dkms 用户应当切换至 overlayfs，后者提供了相似的功能且具有内核的支持。然而，某些 Debian 安装实例可能使用了不兼容 overlayfs 的文件系统，如不带有 d_type 的 xfs。我们建议需要使用 aufs-dkms 的用户在升级至 bullseye 之前先进行迁移。</p>
 </blockquote>
 <p>(<a href="https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.zh-cn.html">https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.zh-cn.html</a>)</p>
 <p>对于老机器来说需要提前确认 Docker 的 storage driver：</p>
@@ -2412,7 +2412,7 @@ <h2 id="debian-11-aufs">Debian 11 中不再支持 aufs<a class="headerlink" href
 </code></pre></div>
 <p>这里如果是 overlay2 那么就没问题，如果是 aufs 的话就需要提前确认，因为切换到 overlay2 之后现有的容器和容器镜像都会丢失，需要重新创建。所以需要确保容器（container）和镜像（image）是可复现的。</p>
 <p>在升级系统后，编辑 <code>/etc/docker/daemon.json</code>，加上：</p>
-<div class="highlight"><pre><span></span><code><a id="__codelineno-1-1" name="__codelineno-1-1" href="#__codelineno-1-1"></a>&quot;storage-driver&quot;: &quot;overlay2&quot;
+<div class="highlight"><pre><span></span><code><a id="__codelineno-1-1" name="__codelineno-1-1" href="#__codelineno-1-1"></a><span class="nt">&quot;storage-driver&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;overlay2&quot;</span>
 </code></pre></div>
 <p>然后启动 docker，重新创建容器。</p>
 

services/mirrors/docker/index.html

@@ -1679,6 +1679,19 @@
     Networking
   </a>
 
+    <nav class="md-nav" aria-label="Networking">
+      <ul class="md-nav__list">
+
+          <li class="md-nav__item">
+  <a href="#routing" class="md-nav__link">
+    Routing
+  </a>
+
+</li>
+
+      </ul>
+    </nav>
+
 </li>
 
     </ul>
@@ -2376,6 +2389,19 @@
     Networking
   </a>
 
+    <nav class="md-nav" aria-label="Networking">
+      <ul class="md-nav__list">
+
+          <li class="md-nav__item">
+  <a href="#routing" class="md-nav__link">
+    Routing
+  </a>
+
+</li>
+
+      </ul>
+    </nav>
+
 </li>
 
     </ul>
@@ -2406,6 +2432,35 @@ <h2 id="networking">Networking<a class="headerlink" href="#networking" title="Pe
 <a id="__codelineno-0-4" name="__codelineno-0-4" href="#__codelineno-0-4"></a><span class="w">  </span>--gateway<span class="o">=</span><span class="m">172</span>.18.0.1<span class="w"> </span><span class="se">\</span>
 <a id="__codelineno-0-5" name="__codelineno-0-5" href="#__codelineno-0-5"></a><span class="w">  </span>docker-registry
 </code></pre></div>
+<h3 id="routing">Routing<a class="headerlink" href="#routing" title="Permanent link">&para;</a></h3>
+<p>一些同步程序不支持 bindIP 的配置，对于这些同步程序，我们通过创建多个 Docker network，然后在主机上根据 Docker network 进行策略路由，达到选择出口的效果。</p>
+<p>创建 Docker network 的命令如下：</p>
+<div class="highlight"><pre><span></span><code><a id="__codelineno-1-1" name="__codelineno-1-1" href="#__codelineno-1-1"></a>docker<span class="w"> </span>network<span class="w"> </span>create<span class="w"> </span>--driver<span class="o">=</span>bridge<span class="w"> </span>--subnet<span class="o">=</span><span class="m">172</span>.17.4.1/24<span class="w"> </span>-o<span class="w"> </span><span class="s2">&quot;com.docker.network.bridge.name=dockerC&quot;</span><span class="w"> </span>cernet
+<a id="__codelineno-1-2" name="__codelineno-1-2" href="#__codelineno-1-2"></a>docker<span class="w"> </span>network<span class="w"> </span>create<span class="w"> </span>--driver<span class="o">=</span>bridge<span class="w"> </span>--subnet<span class="o">=</span><span class="m">172</span>.17.5.1/24<span class="w"> </span>-o<span class="w"> </span><span class="s2">&quot;com.docker.network.bridge.name=dockerT&quot;</span><span class="w"> </span>telecom
+<a id="__codelineno-1-3" name="__codelineno-1-3" href="#__codelineno-1-3"></a>docker<span class="w"> </span>network<span class="w"> </span>create<span class="w"> </span>--driver<span class="o">=</span>bridge<span class="w"> </span>--subnet<span class="o">=</span><span class="m">172</span>.17.6.1/24<span class="w"> </span>-o<span class="w"> </span><span class="s2">&quot;com.docker.network.bridge.name=dockerM&quot;</span><span class="w"> </span>mobile
+<a id="__codelineno-1-4" name="__codelineno-1-4" href="#__codelineno-1-4"></a>docker<span class="w"> </span>network<span class="w"> </span>create<span class="w"> </span>--driver<span class="o">=</span>bridge<span class="w"> </span>--subnet<span class="o">=</span><span class="m">172</span>.17.7.1/24<span class="w"> </span>-o<span class="w"> </span><span class="s2">&quot;com.docker.network.bridge.name=dockerU&quot;</span><span class="w"> </span>unicom
+</code></pre></div>
+<p>对应地，主机上也配置好了策略路由，例如：</p>
+<div class="highlight"><span class="filename">/etc/systemd/network/cernet.network</span><pre><span></span><code><a id="__codelineno-2-1" name="__codelineno-2-1" href="#__codelineno-2-1"></a><span class="c1"># Docker Cernet</span>
+<a id="__codelineno-2-2" name="__codelineno-2-2" href="#__codelineno-2-2"></a><span class="k">[RoutingPolicyRule]</span>
+<a id="__codelineno-2-3" name="__codelineno-2-3" href="#__codelineno-2-3"></a><span class="na">From</span><span class="o">=</span><span class="s">172.17.4.0/24</span>
+<a id="__codelineno-2-4" name="__codelineno-2-4" href="#__codelineno-2-4"></a><span class="na">Table</span><span class="o">=</span><span class="s">1011</span>
+<a id="__codelineno-2-5" name="__codelineno-2-5" href="#__codelineno-2-5"></a><span class="na">Priority</span><span class="o">=</span><span class="s">5</span>
+<a id="__codelineno-2-6" name="__codelineno-2-6" href="#__codelineno-2-6"></a><span class="k">[RoutingPolicyRule]</span>
+<a id="__codelineno-2-7" name="__codelineno-2-7" href="#__codelineno-2-7"></a><span class="na">From</span><span class="o">=</span><span class="s">172.17.8.0/24</span>
+<a id="__codelineno-2-8" name="__codelineno-2-8" href="#__codelineno-2-8"></a><span class="na">Table</span><span class="o">=</span><span class="s">1011</span>
+<a id="__codelineno-2-9" name="__codelineno-2-9" href="#__codelineno-2-9"></a><span class="na">Priority</span><span class="o">=</span><span class="s">5</span>
+</code></pre></div>
+<div class="highlight"><span class="filename">/etc/systemd/network/telecom.network</span><pre><span></span><code><a id="__codelineno-3-1" name="__codelineno-3-1" href="#__codelineno-3-1"></a><span class="c1"># Docker Telecom</span>
+<a id="__codelineno-3-2" name="__codelineno-3-2" href="#__codelineno-3-2"></a><span class="k">[RoutingPolicyRule]</span>
+<a id="__codelineno-3-3" name="__codelineno-3-3" href="#__codelineno-3-3"></a><span class="na">From</span><span class="o">=</span><span class="s">172.17.5.0/24</span>
+<a id="__codelineno-3-4" name="__codelineno-3-4" href="#__codelineno-3-4"></a><span class="na">Table</span><span class="o">=</span><span class="s">1012</span>
+<a id="__codelineno-3-5" name="__codelineno-3-5" href="#__codelineno-3-5"></a><span class="na">Priority</span><span class="o">=</span><span class="s">5</span>
+</code></pre></div>
+<p><code>mobile.network</code> 和 <code>unicom.network</code> 也类似。</p>
+<p>需要使用这种方式进行路由的同步镜像，可以在 YAML 中指定 <code>network</code>，例如：</p>
+<div class="highlight"><span class="filename">adoptium.yum.yaml</span><pre><span></span><code><a id="__codelineno-4-1" name="__codelineno-4-1" href="#__codelineno-4-1"></a><span class="nt">network</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">telecom</span>
+</code></pre></div>