Containerization technology, brought to the limelight thanks to Docker, has been the talk of the day for quite some time. Apart from being an industry standard, Docker also happens to be open-source. This fact may have compelled heavy weights like Microsoft and VMware to dive in and have a go at containerization themselves, in an effort to further boost their virtualization offerings. VMware has released vSphere Integrated Containers taking a slightly different approach to doing containers.
Let’s take a brief look at containers and the spin VMware gave to this technology.
So, what is a container?
Take a Linux operating system, virtualize it and split up into a segments or user spaces. The Linux guest OS is said to be the container host. A container plugs in one of the available segments. While containers share the host’s kernel and allocated resources, in theory they should be isolated from one another and the kernel itself. A container can run any process as long as it is supported on the Linux flavor installed on the container host. This means that you won’t be able to run Windows in a container running on a Linux based container host. The latter, however, is perfectly feasible using Microsoft container technology.
A container also encapsulates things such as configuration settings, environment variables and dependencies making it the ideal to package and distribute an entire environment to developers, testers and such, which is the main advantage. Portability is another advantage as a container can be run virtually anywhere. An often-cited benefit is a reduced need for virtual machines since containers, supposedly, make better use of system resources when compared like-for-like. Virtual machines tend to have higher overheads in terms of resource utilization.
What about Docker?
Docker is an open-source containerization framework. Containers are created using base images residing on what’s called a Docker Hub, which is a registry or repository of Docker images. A Docker client (command line tool) is used to connect to a Docker daemon or endpoint running on the container host. A Docker environment can be set up locally on Linux, Windows, Mac and VMware’s Photon OS or, if preferred, on a cloud platform such as Amazon’s AWS or Microsoft’s Azure. If you’re new to Docker, like I am, the best source of information is Docker’s own documentation website. There you’ll find guides, tutorials and examples which should get you going in no time at all.
What are vSphere Integrated Containers?
VMware has very recently added vSpherel Integrated Containers (VIC) to its line of features. VIC give a new twist to the overall concept since containers are deployed as virtual machines as opposed to OS slices. The virtualized container host (VCH), which as you’ve guessed comes virtualized, provides the same Docker endpoints which you’d normally connect to using traditional Docker clients. So why did VMware go down this route? Paraphrasing, there are a number advantages to this approach:
vSphere, not Linux, is the container host:
- Containers are deployed as VMs, not in VMs.
- Every container is fully isolated from the host and from the other containers.
- vSphere provides per-tenant dynamic resource limits within a vCenter Server cluster.
vSphere, not Linux, is the infrastructure:
- You can select vSphere networks that appear in the Docker client as container networks.
- Images, volumes, and container state are provisioned directly to VMFS.
vSphere is the control plane:
- Use the Docker client to directly control selected elements of vSphere infrastructure.
- A container endpoint Service-as-a-Service presents as a service abstraction, not as IaaS.
In addition, VIC is comprised of the following components (source: VMware):
- vSphere Integrated Containers Engine: A container engine that is designed to integrate of all the packaging and runtime benefits of containers with the enterprise capabilities of your vSphere environment.
- vSphere Integrated Containers Registry: A Docker image registry with additional capabilities such as role-based access control (RBAC), replication, and so on.
I suggest reading this guide for further details on the architecture, use case examples and on how to deploy VIC. The VMware VIC documentation site is also a good source of information.
VIC can be deployed to standalone ESXi hosts as well as vCenter Server. In this post, I’ve chosen to deploy VIC to a standalone ESXi 6.5 host set up as a nested instance on Workstation Pro. Likewise, I’ll be running the Docker client off a Centos 7 VM again running on Workstation Pro. The basic requirements before proceeding are as follows.
- A DHCP server. In my case, DHCP services are handled by VMware Workstation this being one reason why I opted for it.
- Allow outbound TCP traffic to port 2377 on the endpoint VM, for use by the interactive container shell.
- Allow inbound HTTPS/TCP traffic on port 443, for uploading to and downloading from datastores.
- vCenter Server 6.0 or 6.5, managing a cluster of ESXi 6.0 or 6.5 hosts, with VMware vSphere Distributed Resource Scheduler (DRS) enabled OR
- vCenter Server 6.0 or 6.5, managing one or more standalone ESXi 6.0 or 6.5 hosts OR
- Standalone ESXi 6.0 or 6.5 host that is not managed by a vCenter Server instance AND
- A vSphere Enterprise Plus license
Depending on the type of vSphere environment you’re deploying to, different requirements must be met. You’ll find these listed under the Environment Prerequisites for VCH Deployment section of the installation guide.
Let the fun begin!
It’s time to get our hands dirty. In this walk through, you’ll learn how to set up VIC on ESXi 6.5 as well as using the Docker client to create your first container. Needless to say, don’t forget to replace any IP addresses, user account, resource names and what not shown with your own!
Step 1 – Install ESXi 6.5. You’ll need a datastore, say 10GB, and a standard network switch set up.
Step 2 – Download the VIC engine.
If you don’t have one, sign-up for an account at my.vmware.com and download the VIC engine bundle from here. Extract the archive to a folder on your workstation. I’ll be using Windows for this step.
Step 3 – Using vic-machine
Vic-machine is the command line tool used to deploy VCH to vSphere. It can also be used to delete VCH instances among other things.
Open a command prompt and switch over to the folder holding the extracted contents. Look for the vic-machine-windows.exe file. We will be using this to install the virtual container host (VCH) on ESXi. The command line tool is also available for Linux and Mac using vic-machine-linux and vic-machine-darwin respectively both of which you’ll have to copy over to your OS of choice.
Step 4 – Create the Virtual Container Host (VCH)
First, run the command below to get a hold on the ESXi certificate thumbprint. As arguments, you also need to specify the ESXi’s IP address, a datastore name and a user. I’ve used root, the password for which can be included as an argument or simply typed in at the console.
vic-machine-windows create --target 192.168.207.130 --user root --image-store iSCSI-DS2 --no-tls
Now that we have the thumbprint, we can re-run the same command but with the added thumbprint argument as follows:
vic-machine-windows create --target 192.168.207.130 --user root --image-store iSCSI-DS2 --no-tls --thumbprint 80:E6:F9:15:3B:E8:E1:99:18:17:6A:A8:AD:5C:3E:AF:FF:AB:B8:35
Make sure that DHCP is working since the VCH will try and acquire an IP address while it boots up. If the requirements have all been met, your output should look like that in Fig. 4. Label 1 indicates the stage at which the installer checks if VCH has acquired an IP address. If it does not, the process fails and halts.
The info labelled 2 to 5, tells us that the VCH was successfully deployed. Label 3 highlights an environment variable that you can optionally set on the machine running the Docker client. This voids the need to type in the Docker endpoint IP:port combination any time you run a Docker command (see below).
In Fig. 5, I simply verified that the VCH is reachable over port 2378 as per the URL labelled 2 in Fig.4 above. The VCH admin portal also reports back health status and affords access to a number of log files.
From an ESXi perspective, you should see a new VM called virtual-container-host listed in the inventory.
Step 5 – Set up a Docker client
I am running the Docker client on a Centos 7 VM. You can follow the instructions outlined below to install Docker CE on Centos. The procedure installs everything required to host and manage Docker containers on Centos. This, of course, includes the server side of Docker should you want to learn more about Docker in general. Today, however, our focus is on VIC, so all we need to be concerned about is the Docker client.
Note 1: If you have Windows 10 Pro 64-bit, you can download the client from here. I don’t have it, so I opted for Linux which is more fun anyway!
Note 2: The Docker client is simply a command line tool used to create and manage Docker containers amongst other things.
To set up Docker on Centos 7 64-bit, run the following commands. The procedure first removes any previous instances of Docker and reinstalls it from scratch. Start off each command with sudo if you’re logged in with a non-admin user account.
yum remove docker docker-common container-selinux docker-selinux docker-engine yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo yum makecache fast yum install docker-ce
Step 6 – Configure the Docker client environment
Next, we need to set the correct Docker client API version to match that used by the vSphere Integrated Containers Engine. To do this, just run the following:
Optionally, set the DOCKER_HOST var as follows. If omitted, you must include -H <Docker IP:Port> to every Docker command run.
In Fig. 7, I’ve set the correct API version and ran docker info to verify the Docker endpoint on ESXi is reachable.
Step 7 – Create your first virtual integrated container (VIC)
As an example, I’ve deployed a container running the nginx webserver. Note, that the run parameter will automatically connect to a Docker Hub (repository) from where it pulls down the corresponding Docker image which in turn is used to create the container. The -p argument, tells the Docker endpoint to publish port 80 for the container just created which I’ve called nginx1. The nginx bit at the end of the command is in fact the search argument submitted to the Docker Hub.
docker -H 192.168.207.131:2375 run -d -p 80:80 --name nginx1 nginx
Fig. 9 shows how the container is in fact created as a VM.
Step 8 – Verify access to the service published by the container
I should now be able to access the landing page on the nginx web server running on the container by browsing to the VCH’s IP address on port 80. Success!
That’s all there is to it. The same procedure applies when deploying VCH to vCenter, the only difference being vApps are used to group the VCH and corresponding containers. From there on, it’s really a matter of familiarizing oneself with Docker concepts, command line arguments and so on. Here are a couple of examples on how to user the Docker client.
Ex. 1 – List all the containers managed by the respective VCH along with any published network ports.
docker -H 192.168.207.131:2375 ps
Ex. 2 – Restarting the nginx container.
docker restart nginx1
vSphere Integrated Containers is VMware’s novel method of deploying containers. It gives vSphere administrators the edge as it allows container provisioning within the datacenter using existing virtualization platforms. Additionally, since vSphere containers are in actual fact virtual machines, further benefit is derived from features such as DRS, HA and vMotion for a more robust containerization platform something lacking using traditional models.
I will definitely keep an eye on any future developments in this area so I invite you to keep watching this space for new posts.
[the_ad id=”4738″][the_ad id=”4796″]
Download Altaro VM Backup
Start your free 30-day trial of Altaro VM Backup today and see why it's trusted by 40 000+ organizations worldwide. Get started now and run your first backup in under 15 mins!
Not a DOJO Member yet?
Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!