vSphere Integrated Containers

Configuring VMware vSphere Integrated Containers

In the last post, we looked at getting the Docker Toolbox installed, vSphere Integrated Containers Networking Installed and deploying the OVA appliance for vSphere Integrated Containers. In this second post, we will look at pulling down the VIC windows package for setting up VIC, changing ESXi firewall settings, deploying our VIC host, as well as provisioning our first Docker container on the VIC host.  So let’s dive right into configuring VMware vSphere Integrated Containers.

Configuring VMware vSphere Integrated Containers

The first thing we want to do is pull down the VIC Windows package to have access to our command line tools to work with our ESXi hosts for firewall purposes as well as install our first VIC host in the environment. To pull down the VIC windows package, navigate to the https://<VIC appliance>:9443 address and pull down the tar.gz package.  The tar.gz package contains the vSphere Integrated Containers Engine binaries that we will use to deploy VIC container hosts or VCHs.

Pull-down-the-VIC-package-from-the-VIC-appliance
Pull down the vSphere Integrated Containers Engine binaries from the VIC appliance

Place the zip in a folder that is handy to work with.  We will want to unzip the files there.  After using 7zip to unzip the tar.gz file we see the vic-machine-windows.exe file that is contained in the package.

vSphere-Integrated-Containers-Engine-Windows-command-line-binary
vSphere Integrated Containers Engine Windows command line binary

Changing ESXi firewall settings for vSphere Integrated Containers

Our ESXi hosts communicate with the virtual container hosts (VCHs) through port 2377 via what is called “Serial Over LAN. To deploy the virtual container host successfully, port 2377 must be open for outgoing connections on all ESXi hosts before you run the vic-machine-create command to deploy a virtual container host.  This command opens port 2377 outbound on the ESXi host and opens port 2377 inbound on the virtual container host.

The vic-machine command that we showed in the unzipped folder above allows the switch vic-machine update firewall –allow which makes the process of updating your ESXi firewall rules much easier.

Syntax:

Let it fail once to get the thumbprint of your vCenter server.

vic-machine-windows update firewall --target <your vcenter address> --user [email protected] --password <your password> --allow --thumbprint=<your vCenter Thumbprint>
Using-vic-machine-to-update-ESXi-firewall-settings
Using vic-machine to update ESXi firewall settings

Note the Ruleset “vSPC” enabled result for both of our hosts.

Creating the Virtual Container Host or VCH (VIC Host)

What is the Virtual Container Host?  According to the vSphere Integrated Containers 1.1.1 documentation:

A virtual container host (VCH) is the functional equivalent of a Linux VM that runs Docker, but with some significant benefits. A VCH represents the following elements:

  • A clustered pool of resource into which to provision container VMs.
  • A single-tenant container namespace.
  • An isolated Docker API endpoint.
  • Authorization to use and configure pre-approved virtual infrastructure.
  • A private network that containers are attached to by default.

Additionally, A VCH is a multi-functional appliance that you deploy as a vApp in a vCenter Server cluster or as a resource pool on an ESXi host.

The syntax to create our Virtual Container Host is as follows:

$ vic-machine-windows create
--target vcenter_server_address
--user "[email protected]"
--password vcenter_server_password
--bridge-network vic-bridge
--image-store shared_datastore_name
--no-tlsverify
--force

A note here about the bridge network.  it must be a /16 network.  If you try to create anything smaller than that, you will receive the error shown below.

vSphere-Integrated-Containers-must-be-a-16-network
vSphere Integrated Containers must be a /16 network

After enlarging our bridge network we see the installer process for the VCH host run and finish successfully.

Installing-the-vSphere-Integrated-Containers-VCH-VIC-Host
Installing the vSphere Integrated Containers VCH VIC Host
vSphere-Integrated-Containers-VIC-Host-is-provisioned-in-vCenter
vSphere Integrated Containers VIC Host is provisioned in vCenter
Note-the-vSphere-Integrated-Containers-VCH-host-is-running-PhotonOS
Note the vSphere Integrated Containers VCH host is running PhotonOS

We can verify general Docker connectivity and functionality by issuing a simple docker –help command pointed to our new VCH.

Verify-docker-can-communicate-with-the-VCH-host
Verify docker can communicate with the VCH host

Configuring our first Docker Container

Let’s now create our first Docker container by spinning up an Ubuntu container and use it interactively.

docker -H <VCH IP address:2376> --tls run -it ubuntu
Create-a-Ubuntu-Docker-container-with-vSphere-Integrated-Containers
Create a Ubuntu Docker container with vSphere Integrated Containers
New-Ubuntu-Docker-container-running-under-our-VCH-in-vCenter
New Ubuntu Docker container running under our VCH in vCenter

We can attach to the container, start, and stop it as we want.

Interacting-with-Ubuntu-Docker-containers-in-vSphere-Integrated-Containers
Interacting with Ubuntu Docker containers in vSphere Integrated Containers

Thoughts

The configuration of vSphere Integrated Containers was pretty straightforward and there is a lot of great documentation available, especially from the vSphere GitHub page for the vSphere Integrated Containers project. Hopefully, you have enjoyed the quick walkthrough on configuring our vSphere Integrated Containers environment and playing around with an Ubuntu container. More to come as we play around a bit more with VIC. Stay tuned.

Subscribe to VirtualizationHowto via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com and has over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, Brandon has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.