In the last post, we looked at getting the Docker Toolbox installed, vSphere Integrated Containers Networking Installed and deploying the OVA appliance for vSphere Integrated Containers. In this second post, we will look at pulling down the VIC windows package for setting up VIC, changing ESXi firewall settings, deploying our VIC host, as well as provisioning our first Docker container on the VIC host. So let’s dive right into configuring VMware vSphere Integrated Containers.
Configuring VMware vSphere Integrated Containers
The first thing we want to do is pull down the VIC Windows package to have access to our command line tools to work with our ESXi hosts for firewall purposes as well as install our first VIC host in the environment. To pull down the VIC windows package, navigate to the https://<VIC appliance>:9443 address and pull down the tar.gz package. The tar.gz package contains the vSphere Integrated Containers Engine binaries that we will use to deploy VIC container hosts or VCHs.
Place the zip in a folder that is handy to work with. We will want to unzip the files there. After using 7zip to unzip the tar.gz file we see the vic-machine-windows.exe file that is contained in the package.
Changing ESXi firewall settings for vSphere Integrated Containers
Our ESXi hosts communicate with the virtual container hosts (VCHs) through port 2377 via what is called “Serial Over LAN. To deploy the virtual container host successfully, port 2377 must be open for outgoing connections on all ESXi hosts before you run the vic-machine-create command to deploy a virtual container host. This command opens port 2377 outbound on the ESXi host and opens port 2377 inbound on the virtual container host.
The vic-machine command that we showed in the unzipped folder above allows the switch vic-machine update firewall –allow which makes the process of updating your ESXi firewall rules much easier.
Let it fail once to get the thumbprint of your vCenter server.
vic-machine-windows update firewall --target <your vcenter address> --user email@example.com --password <your password> --allow --thumbprint=<your vCenter Thumbprint>
Note the Ruleset “vSPC” enabled result for both of our hosts.
Creating the Virtual Container Host or VCH (VIC Host)
What is the Virtual Container Host? According to the vSphere Integrated Containers 1.1.1 documentation:
A virtual container host (VCH) is the functional equivalent of a Linux VM that runs Docker, but with some significant benefits. A VCH represents the following elements:
- A clustered pool of resource into which to provision container VMs.
- A single-tenant container namespace.
- An isolated Docker API endpoint.
- Authorization to use and configure pre-approved virtual infrastructure.
- A private network that containers are attached to by default.
Additionally, A VCH is a multi-functional appliance that you deploy as a vApp in a vCenter Server cluster or as a resource pool on an ESXi host.
The syntax to create our Virtual Container Host is as follows:
$ vic-machine-windows create
--user "[email protected]"
A note here about the bridge network. it must be a /16 network. If you try to create anything smaller than that, you will receive the error shown below.
After enlarging our bridge network we see the installer process for the VCH host run and finish successfully.
We can verify general Docker connectivity and functionality by issuing a simple docker –help command pointed to our new VCH.
Configuring our first Docker Container
Let’s now create our first Docker container by spinning up an Ubuntu container and use it interactively.
docker -H <VCH IP address:2376> --tls run -it ubuntu
We can attach to the container, start, and stop it as we want.
The configuration of vSphere Integrated Containers was pretty straightforward and there is a lot of great documentation available, especially from the vSphere GitHub page for the vSphere Integrated Containers project. Hopefully, you have enjoyed the quick walkthrough on configuring our vSphere Integrated Containers environment and playing around with an Ubuntu container. More to come as we play around a bit more with VIC. Stay tuned.