Some changes to deploying VIC – vSphere Integrated Containers

Last month, I wrote a post on how to deploy vSphere Integrated Containers (VIC for short). As the team continue to build functionality into this newly architected product, a number of the deployment steps for the VCH, Virtual Container Host, have now changed since my previous post.

A Virtual Container Host isn’t a VM, in essence it is a resource pool – this is why we call it a Virtual Container Host. It’s a resource boundary into which containers can be provisioned.  The VCH also offers a Docker API endpoint for developers to access. This allows containers to be provisioned as VMs, rather than in VMs, giving us features such as resource management, network virtualization and other core vSphere features for containers.

*** Please note that at the time of writing, VIC is still not GA ***

*** The steps highlighted here may change in the GA version of the product ***

As per my previous post, you can deploy a VM with Photon OS to roll out VIC. You can use the same steps as before to pull the source down from GitHub and build VIC (or pick up some pre-built binaries from bintray). Notably, there is a new command for deploying the VCH, Virtual Container Host (or docker appliance). The new command is called “vic-machine”. The two considerations when deploying VIC with the new command are:

  • If deploying VIC to vCenter server and not directly to an ESXi host, you must create a distributed switch, and use a distributed portgroup for the container traffic (this is called a bridge network in the vic-admin command)
  • You must specify a compute resource string. When deploying to a vCenter server instance, a compute resource string is specified as /datacenter-name/host/cluster-name/Resources/resource-pool-name. Having the host included in the path when dealing with clusters is a little confusing. If the resource-pool-name does not exist, simply provide /datacenter-name/host/cluster-name/Resources and a resource pool is automatically created on the cluster using the same name as the VCH. This pool is where the VCH (docker appliance) resides. If the -name argument is not provided to the command, the pool and appliance are created using the name docker-appliance.

Here is an example of deploying the VCH to a vCenter Server instance using the new vic-machine command:

root [ ~/vic/bin ]# ./vic-machine -target vcsa-03.rainpole.com \
-image-store isilion-nfs-01 -name vch01 -generate-cert \
-user administrator@vsphere.local -passwd xxx \
-compute-resource /CNA-DC/host/VIC/Resources \
-bridge-network DPortGroup -force
INFO[2016-05-19T09:17:33Z] ### Installing VCH ####
INFO[2016-05-19T09:17:33Z] Generating certificate/key pair \
- private key in ./vch01-key.pem
INFO[2016-05-19T09:17:34Z] Validating supplied configuration
INFO[2016-05-19T09:17:37Z] Network DPortGroup exists
INFO[2016-05-19T09:17:37Z] Appliance exists, remove it...
INFO[2016-05-19T09:17:38Z] Creating appliance on target
INFO[2016-05-19T09:17:39Z] Uploading images for container
INFO[2016-05-19T09:17:39Z]      bootstrap.iso
INFO[2016-05-19T09:17:39Z]      appliance.iso
INFO[2016-05-19T09:17:45Z] Waiting for IP information
INFO[2016-05-19T09:18:06Z] Initialization of appliance successful
INFO[2016-05-19T09:18:06Z]
INFO[2016-05-19T09:18:06Z] SSH to appliance (default=root:password)
INFO[2016-05-19T09:18:06Z] ssh root@10.27.51.54
INFO[2016-05-19T09:18:06Z]
INFO[2016-05-19T09:18:06Z] Log server:
INFO[2016-05-19T09:18:06Z] https://10.27.51.54:2378
INFO[2016-05-19T09:18:06Z]
INFO[2016-05-19T09:18:06Z] Connect to docker:
INFO[2016-05-19T09:18:06Z] docker -H 10.27.51.54:2376 \
--tls --tlscert='./vch01-cert.pem' --tlskey='./vch01-key.pem' info
INFO[2016-05-19T09:18:06Z] Installer completed successfully...
root [ ~/vic/bin ]#

The cluster will now have a new resource pool and new VCH.

If you wish to deploy VIC using an ESXi host as a target instead of vCenter Server, you must ensure that the ESXi host is not managed by a vCenter Server, and that there is no DVS present on the host. Here is an example on how to deploy such a config (note the top-most ha-datacenter in the compute-resources path, which is generic for ESXi hosts):

root [ ~/vic/bin ]# ./vic-machine -target esxi-hp-08.rainpole.com \
-user root -passwd xxx -compute-resource \
/ha-datacenter/host/esxi-hp-08.rainpole.com/Resources \
-image-store esxi-hp-08-local
INFO[2016-05-19T11:53:11Z] ### Installing VCH ####
INFO[2016-05-19T11:53:11Z] Generating certificate/key pair \
- private key in ./docker-appliance-key.pem
INFO[2016-05-19T11:53:12Z] Validating supplied configuration
INFO[2016-05-19T11:53:14Z] Creating a Resource Pool
INFO[2016-05-19T11:53:14Z] Creating VirtualSwitch
INFO[2016-05-19T11:53:14Z] Creating Portgroup
INFO[2016-05-19T11:53:14Z] Creating appliance on target
INFO[2016-05-19T11:53:14Z] Uploading images for container
INFO[2016-05-19T11:53:14Z]      bootstrap.iso
INFO[2016-05-19T11:53:14Z]      appliance.iso
INFO[2016-05-19T11:53:18Z] Waiting for IP information
INFO[2016-05-19T11:53:33Z] Initialization of appliance successful
INFO[2016-05-19T11:53:33Z]
INFO[2016-05-19T11:53:33Z] SSH to appliance (default=root:password)
INFO[2016-05-19T11:53:33Z] ssh root@10.27.51.57
INFO[2016-05-19T11:53:33Z]
INFO[2016-05-19T11:53:33Z] Log server:
INFO[2016-05-19T11:53:33Z] https://10.27.51.57:2378
INFO[2016-05-19T11:53:33Z]
INFO[2016-05-19T11:53:33Z] Connect to docker:
INFO[2016-05-19T11:53:33Z] docker -H 10.27.51.57:2376 --tls \
--tlscert='./docker-appliance-cert.pem' \
--tlskey='./docker-appliance-key.pem' info
INFO[2016-05-19T11:53:33Z] Installer completed successfully...
root [ ~/vic/bin ]#

Of course, we are still limited in what we can do with the docker API endpoint, as I highlighted in my previous post. But this is being actively worked, as some docker commands are now available. Here is an example of pulling and running nginx:

root [ ~/vic/bin ]#  docker -H 10.27.51.57:2376 --tls \
--tlscert='./docker-appliance-cert.pem' \
--tlskey='./docker-appliance-key.pem' pull vmwarecna/nginx
Using default tag: latest
latest: Pulling from vmwarecna/nginx
6fa7100a2613: Pull complete
a3ed95caeb02: Pull complete
b6f2388a20dd: Pull complete
a305e4b888ce: Pull complete
80596a504ef3: Pull complete
99c028eff2a4: Pull complete
a1cee46bc434: Pull complete
9bd9868012b9: Pull complete
Status: Downloaded newer image for vmwarecna/nginx:latest

root [ ~/vic/bin ]#  docker -H 10.27.51.57:2376 --tls \
--tlscert='./docker-appliance-cert.pem' \
--tlskey='./docker-appliance-key.pem' run -d -p 80:80 vmwarecna/nginx
95de8d2efd72a90e997c6444d1e76163a929e05555c1e75b7e9596c92e7b6a22

We will see more and more functionality added over the coming weeks and months. As I shall be working on the product over the coming months, I’ll be sure to keep you updated on any major changes/developments.

2 comments
  1. Hi Cormac,
    I found an article that describes and compares VIC vs Photo Platform. For sometime I was confused understanding various container technologies and terms from VMware. This seems to be well written and now I think I have a better understanding. Let me know what you think of this article.

    Thanks,

    Manish

Comments are closed.