Some changes to deploying VIC – vSphere Integrated Containers
Last month, I wrote a post on how to deploy vSphere Integrated Containers (VIC for short). As the team continue to build functionality into this newly architected product, a number of the deployment steps for the VCH, Virtual Container Host, have now changed since my previous post.
A Virtual Container Host isn’t a VM, in essence it is a resource pool – this is why we call it a Virtual Container Host. It’s a resource boundary into which containers can be provisioned. The VCH also offers a Docker API endpoint for developers to access. This allows containers to be provisioned as VMs, rather than in VMs, giving us features such as resource management, network virtualization and other core vSphere features for containers.
*** Please note that at the time of writing, VIC is still not GA ***
*** The steps highlighted here may change in the GA version of the product ***
As per my previous post, you can deploy a VM with Photon OS to roll out VIC. You can use the same steps as before to pull the source down from GitHub and build VIC (or pick up some pre-built binaries from bintray). Notably, there is a new command for deploying the VCH, Virtual Container Host (or docker appliance). The new command is called “vic-machine”. The two considerations when deploying VIC with the new command are:
- If deploying VIC to vCenter server and not directly to an ESXi host, you must create a distributed switch, and use a distributed portgroup for the container traffic (this is called a bridge network in the vic-admin command)
- You must specify a compute resource string. When deploying to a vCenter server instance, a compute resource string is specified as /datacenter-name/host/cluster-name/Resources/resource-pool-name. Having the host included in the path when dealing with clusters is a little confusing. If the resource-pool-name does not exist, simply provide /datacenter-name/host/cluster-name/Resources and a resource pool is automatically created on the cluster using the same name as the VCH. This pool is where the VCH (docker appliance) resides. If the -name argument is not provided to the command, the pool and appliance are created using the name docker-appliance.
Here is an example of deploying the VCH to a vCenter Server instance using the new vic-machine command:
root [ ~/vic/bin ]# ./vic-machine -target vcsa-03.rainpole.com \ -image-store isilion-nfs-01 -name vch01 -generate-cert \ -user firstname.lastname@example.org -passwd xxx \ -compute-resource /CNA-DC/host/VIC/Resources \ -bridge-network DPortGroup -force INFO[2016-05-19T09:17:33Z] ### Installing VCH #### INFO[2016-05-19T09:17:33Z] Generating certificate/key pair \ - private key in ./vch01-key.pem INFO[2016-05-19T09:17:34Z] Validating supplied configuration INFO[2016-05-19T09:17:37Z] Network DPortGroup exists INFO[2016-05-19T09:17:37Z] Appliance exists, remove it... INFO[2016-05-19T09:17:38Z] Creating appliance on target INFO[2016-05-19T09:17:39Z] Uploading images for container INFO[2016-05-19T09:17:39Z] bootstrap.iso INFO[2016-05-19T09:17:39Z] appliance.iso INFO[2016-05-19T09:17:45Z] Waiting for IP information INFO[2016-05-19T09:18:06Z] Initialization of appliance successful INFO[2016-05-19T09:18:06Z] INFO[2016-05-19T09:18:06Z] SSH to appliance (default=root:password) INFO[2016-05-19T09:18:06Z] ssh email@example.com INFO[2016-05-19T09:18:06Z] INFO[2016-05-19T09:18:06Z] Log server: INFO[2016-05-19T09:18:06Z] https://10.27.51.54:2378 INFO[2016-05-19T09:18:06Z] INFO[2016-05-19T09:18:06Z] Connect to docker: INFO[2016-05-19T09:18:06Z] docker -H 10.27.51.54:2376 \ --tls --tlscert='./vch01-cert.pem' --tlskey='./vch01-key.pem' info INFO[2016-05-19T09:18:06Z] Installer completed successfully... root [ ~/vic/bin ]#
The cluster will now have a new resource pool and new VCH.
If you wish to deploy VIC using an ESXi host as a target instead of vCenter Server, you must ensure that the ESXi host is not managed by a vCenter Server, and that there is no DVS present on the host. Here is an example on how to deploy such a config (note the top-most ha-datacenter in the compute-resources path, which is generic for ESXi hosts):
root [ ~/vic/bin ]# ./vic-machine -target esxi-hp-08.rainpole.com \ -user root -passwd xxx -compute-resource \ /ha-datacenter/host/esxi-hp-08.rainpole.com/Resources \ -image-store esxi-hp-08-local INFO[2016-05-19T11:53:11Z] ### Installing VCH #### INFO[2016-05-19T11:53:11Z] Generating certificate/key pair \ - private key in ./docker-appliance-key.pem INFO[2016-05-19T11:53:12Z] Validating supplied configuration INFO[2016-05-19T11:53:14Z] Creating a Resource Pool INFO[2016-05-19T11:53:14Z] Creating VirtualSwitch INFO[2016-05-19T11:53:14Z] Creating Portgroup INFO[2016-05-19T11:53:14Z] Creating appliance on target INFO[2016-05-19T11:53:14Z] Uploading images for container INFO[2016-05-19T11:53:14Z] bootstrap.iso INFO[2016-05-19T11:53:14Z] appliance.iso INFO[2016-05-19T11:53:18Z] Waiting for IP information INFO[2016-05-19T11:53:33Z] Initialization of appliance successful INFO[2016-05-19T11:53:33Z] INFO[2016-05-19T11:53:33Z] SSH to appliance (default=root:password) INFO[2016-05-19T11:53:33Z] ssh firstname.lastname@example.org INFO[2016-05-19T11:53:33Z] INFO[2016-05-19T11:53:33Z] Log server: INFO[2016-05-19T11:53:33Z] https://10.27.51.57:2378 INFO[2016-05-19T11:53:33Z] INFO[2016-05-19T11:53:33Z] Connect to docker: INFO[2016-05-19T11:53:33Z] docker -H 10.27.51.57:2376 --tls \ --tlscert='./docker-appliance-cert.pem' \ --tlskey='./docker-appliance-key.pem' info INFO[2016-05-19T11:53:33Z] Installer completed successfully... root [ ~/vic/bin ]#
Of course, we are still limited in what we can do with the docker API endpoint, as I highlighted in my previous post. But this is being actively worked, as some docker commands are now available. Here is an example of pulling and running nginx:
root [ ~/vic/bin ]# docker -H 10.27.51.57:2376 --tls \ --tlscert='./docker-appliance-cert.pem' \ --tlskey='./docker-appliance-key.pem' pull vmwarecna/nginx Using default tag: latest latest: Pulling from vmwarecna/nginx 6fa7100a2613: Pull complete a3ed95caeb02: Pull complete b6f2388a20dd: Pull complete a305e4b888ce: Pull complete 80596a504ef3: Pull complete 99c028eff2a4: Pull complete a1cee46bc434: Pull complete 9bd9868012b9: Pull complete Status: Downloaded newer image for vmwarecna/nginx:latest root [ ~/vic/bin ]# docker -H 10.27.51.57:2376 --tls \ --tlscert='./docker-appliance-cert.pem' \ --tlskey='./docker-appliance-key.pem' run -d -p 80:80 vmwarecna/nginx 95de8d2efd72a90e997c6444d1e76163a929e05555c1e75b7e9596c92e7b6a22
We will see more and more functionality added over the coming weeks and months. As I shall be working on the product over the coming months, I’ll be sure to keep you updated on any major changes/developments.
2 Replies to “Some changes to deploying VIC – vSphere Integrated Containers”
I found an article that describes and compares VIC vs Photo Platform. For sometime I was confused understanding various container technologies and terms from VMware. This seems to be well written and now I think I have a better understanding. Let me know what you think of this article.
Here is the link to the article
Comments are closed.