posted

2 Comments

james_wirthCombining VMware Photon OS and VMware vRealize Automation, these instructions detail the process for creating a simple Containers as a Service solution. Containers are becoming the standard way to package and ship software, making them an essential part of application development. VMware vRealize Automation provides a unified cloud management portal for provisioning, configuring and monitoring infrastructure resources. This article has been developed to provide a basic solution to enable on-demand deployment of a virtualized platform to support the development of containers.

Part 1 covers preparing the Photon OS template and Part 2 covers creating the vRealize Automation Blueprint and Catalog item. The Photon OS will use self-signed certificates for authentication.

These steps are for example purposes only, and careful consideration and analysis of your specific use case should be completed prior to implementing in your own infrastructure. The hostnames and network configurations are also examples and you should substitute in your own specific values. These steps have been compiled using vRA 7.2, and vSphere 5.5.

1. Prepare a VMware Photon OS template for use as a Container Host

 

1.1 Prerequisite Tasks

NOTE: At present there are 2 OVA templates available for download – v10 and v11 virtual hardware, select the version compatible with your version of vSphere.

  • Deploy the OVA into vSphere using the familiar vSphere OVA deployment process
  • Power on the VM and change the default root password at the first login via the console.

NOTE: The default root password is “changeme”

 

1.2 Preparing Photon OS

  1. From the console, change the hostname using the following command:

  1. Update the hostname by editing the hosts file.

  1. Modify the file contents to include the updated hostname:

Next we will configure a static IP address

  1. Move/rename the 10-dhcp-en.network file

  1. Edit the 10-static-eth0.network using vi

  1. Modify the file contents to the following:

caas

  1. Set permissions and restart the network service

 

1.3 Generate Certificates on the Photon OS Template

The following steps were derived from those available in the article Protect the Docker daemon socket available on the Docker website.

https://docs.docker.com/engine/security/https/

  1. Connect to the Photon OS template via SSH
  2. Start and enable docker using the following commands:

  1. Generate self-signed Certificates using the following example commands:

Provide the certificate details and Photon template FQDN, when prompted for Common Name input. Example:

photon-template.sddc.lab

caas2

 

NOTE: The Photon OS template will later be added to a vRA Network profile so ideally the subjectAlt Name will be appended with the comma delimited range of IP Addresses that the machines spawned from this template will use. This is not strictly necessary for functionality but will avoid certificate validation warnings.

 

  1. Delete certificate requests and set permissions:

  1. Open docker file using vi

  1. Add the following line:

CAAS3

  1. Port 2376 must be allowed for incoming traffic through the firewall, by default it is blocked. To add the firewall rule, execute:

  1. To make the changes effective, restart iptables:

This command will reset the iptables permanent configuration. Docker rules created by the dokcer server might got lost. To add them back, simply restart docker services:

  1. Restart docker

Now we will display and save the contents of the public and private certificate keys.

  1. To display the certificate contents enter the following commands:

  1. Copy and paste the contents of the certificates into a text file for later use.
caas4

 

1.4 Validate the Template

If the above steps have been successful we will now be able to validate that this template can be added to Admiral (vRA Containers Tab).

To validate the template configuration before converting it to a vSphere template complete the following steps:

  1. Open your vRA console
  2. Navigate to the Containers tab
  3. Click “Add a Host”
  4. Enter the Photon OS template URL in the Address field, example: https://10.161.0.245:2376
  5. Expand the Login credential drop-down and select “New Credential” option.
  6. Provide a credential name and select the “Certificate” option. Then paste the Docker Public and Private certificates that you saved to notepad earlier.
  7. Confirm and Save the Credential configuration with the
  8. Click “Verify” Button and click “Yes” if prompted to confirm the Docker Host certificate. You should see the green message ribbon that says: “Verified successfully!”
caas5

NOTE: At this point you could go ahead and add the Photon OS to Admiral and use it to spin up some containers. We won’t do that though as we’re creating a template.

  1. Shutdown the photon-template and convert to a vSphere template

 

With this, I conclude part one of this blog series, hopefully you’ve found it useful. Stay tuned for part two where we will configure a vRealize Blueprint to provision Photon OS on demand.


James Wirth is a proven cloud computing and virtualization industry veteran with over 10 years’ experience leading customers in Asia-Pacific and North America through their cloud computing journey.