More CNA goodness from VMware – Introducing Admiral

admiralAs I prep myself for some upcoming VMUGs in EMEA, I realized that I hadn’t made any mention on a new product that we recently introduced in the CNA (Cloud Native Apps) space called Admiral. In a nutshell, Admiral is a Container Management platform for deploying and managing container based applications, intended to provide automated deployment and life cycle management of containers. Now, while Admiral can be used to deploy container directly to virtual machines that are running docker (e.g. Photon OS), it can also be used with vSphere Integrated Containers, and you can deploy containers via the VCH (Virtual Container Host). On top of that, Admiral can also be used with Project Harbor container repositories that you may have deployed in your environment. This gives a very nice end-to-end story when using containers with vSphere. Let’s take a closer look.

1. Deploy Admiral

This is very straight-forward. Deploy a VM (in this case, Photon OS), start/enable docker, and deploy Admiral as a container. Note the port mapping of 8282:

[ ~ ]# systemctl start docker
[ ~ ]# systemctl enable docker

[ ~ ]# docker run -d -p 8282:8282 --name admiral vmware/admiral
Unable to find image 'vmware/admiral:latest' locally
latest: Pulling from vmware/admiral
cb261545df3a: Pull complete
49c266ee129c: Pull complete
ce4c0f9e0889: Pull complete
6ca363de293a: Pull complete
df06bdf7edd7: Pull complete
913e27cbda48: Pull complete
Digest: sha256:2bfe48271aa0f1ef5339260ca5800f867f25003521da908e961e59005fdd13a4
Status: Downloaded newer image for vmware/admiral:latest
9de9402a88eb3e31aa26cc4a0aa3d30e6f6c8c1c788db91a0d99f5b3556f171f
[ ~ ]#

Next, open a browser, point it to this VM and port 8282. You should observe the following Admiral landing page:

admiral-landing-page2. Orchestrate container deployments to VIC via Admiral

Let’s now go ahead and add a host. As mentioned, this could be as something as simple as a VM (running docker) that you wish to deploy containers to, but in this example we are going to point it at a VIC deployment. You will need the public and private certificates from your VCH deployment, as well as the docker API endpoint. To get the docker API endpoint provided by a VCH, the following command can be used from the host where the VCH was deployed:

[ /workspace/vic ]# ./vic-machine-linux inspect  \
-t 'administrator@vsphere.local:VMware123!@10.27.51.103'
INFO[2016-11-09T11:42:50Z] ### Inspecting VCH ####
INFO[2016-11-09T11:42:50Z]
INFO[2016-11-09T11:42:50Z] VCH ID: VirtualMachine:vm-1207
INFO[2016-11-09T11:42:51Z]
INFO[2016-11-09T11:42:51Z] Installer version: v0.6.0-4890-4f98611
INFO[2016-11-09T11:42:51Z] VCH version: v0.6.0-4890-4f98611
INFO[2016-11-09T11:42:51Z]
INFO[2016-11-09T11:42:51Z] VCH upgrade status:
INFO[2016-11-09T11:42:51Z] Installer has same version as VCH
INFO[2016-11-09T11:42:51Z] No upgrade available with this installer version
INFO[2016-11-09T11:42:51Z]
INFO[2016-11-09T11:42:51Z] vic-admin portal:
INFO[2016-11-09T11:42:51Z] https://10.27.51.18:2378
INFO[2016-11-09T11:42:51Z]
INFO[2016-11-09T11:42:51Z] DOCKER_HOST=10.27.51.18:2376
INFO[2016-11-09T11:42:51Z]
INFO[2016-11-09T11:42:51Z] Connect to docker:
INFO[2016-11-09T11:42:51Z] docker -H 10.27.51.18:2376 --tls info
INFO[2016-11-09T11:42:51Z] Completed successfully
[ /workspace/vic ]#

The docker API endpoint is highlighted in red above. You will also need the public certificate and private key to authenticate to the VCH from Admiral. This information is found in the directory where you initially deployed the VCH using vic-machine-*, and by default will be called virtual-container-host-cert.pem and virtual-container-host-key.pem. The names will be different if you used a non-default name for the VCH.

With this information, we can now go ahead and add this VCH as a host to Admiral. Back in the Admiral UI, click on Add Host, and enter the IP address of the docker API endpoint, as well as the port (2376). In the placement zone section, simply select the default placement zone. In the login credentials section, select new credentials, change the type from user to certificate, and add the public certificate and private key contents to the appropriate sections, as shown here:

vch-credentials-in-admiralClick on the blue check associated with the credentials, and it should temporarily go green to show success. Finally, click on Add to complete the addition of this Virtual Container Host (VCH) to Admiral. That completes the VIC integration part. You should now be able to deploy “containers as VMs” to that VCH/docker API endpoint. If you go to the Templates view in Admiral, you should see a bunch of container templates that are ready to deploy. These templates are from the default docker hub repository, which is pre-configured with Admiral. You can verify that everything is working by selecting any of those containers and provisioning it:

admiral-provision-requestsWhen the provisioning completes, and is hopefully successful, you can check the status of the deployed container via  the docker CLI, or the vSphere web client.

[ /workspace/vic ]# docker -H 10.27.51.18:2376 --tls ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ef98ebbbe9c3 library/nginx:latest "nginx -g daemon off;" 5 minutes ago \
Running nginx-mcm136_27086590482
6c8d6a4add24 ubuntu "bash" 7 days ago Exited (0) insane_einstein
[ /workspace/vic ]#

vch-containersExcellent. That is the orchestration framework taken care of. And of course, you can add multiple VCH instances as hosts if you so wish. Lets now see if we can use Project Harbor as a repository, instead of the docker hub one, or maybe with the docker hub repository.

3. Orchestrate container deployments from Harbor to VIC via Admiral

In the Templates view in Admiral, click on the “Manage Registries” button. This should show the default registry, which is of course docker hub. That is where all the templates that you observed previously were available from. Now click on the +Add button, and we will add a registry from our Harbor deployment.

add-harbor-repoNow you can see that I have both docker hub, and my own Harbor repro. I can now search for templates in both repos by simply typing in the name of a desired container. I have a container called cormac-nginx, and if I search on that, Admiral will only display those containers/templates which match.

matching-templatesAnd just like before, you can use Admiral to provision that template from Harbor down to the VCH, allowing for full integration between Admiral (Orchestration), Harbor (Repository) and VIC (Docker API endpoint with “containers as VMs”). Nice.

You can learn more about Admiral, and even contribute to it, via Github.

6 comments
  1. Not a big docker expert but i’ve managed to do my own troubleshooting.
    Running:
    docker log vmware/admiral

    I got:
    Server VM warning: INFO: os::commit_memory(0x00000000d6400000, 700448768, 0) failed; error=’Cannot allocate memory’ (errno=12)
    # There is insufficient memory for the Java Runtime Environment to continue.
    # Native memory allocation (mmap) failed to map 700448768 bytes for committing reserved memory.

    So it seems like there is a memory requirement that I couldn’t find specified anywhere.

    Hope this helps.

        • This is the guidance I received Andrea – hope it helps:

          512MB or 1GB should be ok for default deployments. Depending on the usage, the memory should be increased.
          Container provisioned and managed | Memory
          1,000 | ~1.2 GB per node
          2,000 | ~2 GB per node
          5,000 | ~3.3 GB per node
          10,000 | ~3.5 GB per node

Leave a Reply