Running Photon OS and Admiral in a vCloud Air Network Environment
VMware’s container story is growing and maturing every day. Many vCloud Air Network (vCAN) customers are looking to see how VMware’s container strategy maps to vCAN providers. This is the first in a series of blog posts to help illustrate how VMware technologies can be leveraged to provide a robust and flexible environment for containers. This first step is focused on creating a solid foundation for running containers using VMware Photon OS™ and VMware Admiral™.
Photon OS™ is a minimal open source Linux distribution optimized for VMware’s virtualization platform. The main site for documentation and downloads for Photon OS™ is on the GitHub site https://vmware.github.io/photon/.
Admiral™ is VMware’s container management platform, which is a very light weight and scalable application. Like Photon OS™, Admiral™ is also open source. The main site for Admiral™ is available on its GitHub site at https://vmware.github.io/admiral/.
The diagram below gives a high-level view of what will be demonstrated with Admiral™ and some Photon OS™ VMs contained with a vCloud Director vApp.
Create Photon OS vApp Template
In this section, a vApp Template for Photon OS will be created and published in the vCD Catalog. All Photon OS container hosts will be deployed from this new template.
1. Download the Photon OS OVA from https://vmware.github.io/photon/
2. Navigate to the My Cloud tab in the vCloud Director UI
3. Create a vApp using the OVA
4. Power on the vApp and run these commands on the console or via SSH (default credentials are root/changeme). This script updates Photon OS, sets Docker to automatically start on boot, and enables Docker API access on tcp port 2375.
# Update Photon OS Packages
tdnf -y update
# Stop Docker
systemctl stop docker
# Enable Docker API on tcp port 2375
echo 'DOCKER_OPTS="-H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock"' > /etc/default/docker
# Set Docker to automatically start on boot
systemctl enable docker
# Start Docker
systemctl start docker
# Create service definition to allow tcp port 2375 through firewall
cat << EOF > /etc/systemd/system/iptables-port-2375-open.service [Unit] Description=Create Iptables rule to allow inbound traffic to port 2375 After=iptables.service Requires=iptables.service [Service] Type=oneshot ExecStart=/usr/sbin/iptables -A INPUT -p tcp --dport 2375 -j ACCEPT ExecStop=/usr/sbin/iptables -D INPUT -p tcp --dport 2375 -j ACCEPT TimeoutSec=0 RemainAfterExit=yes [Install] WantedBy=iptables.service EOF
# Make iptables-port-2375-open service definition file executable
chmod 766 /etc/systemd/system/iptables-port-2375-open.service
# Make iptables-port-2375-open service automatically start on boot
systemctl enable iptables-port-2375-open.service
5. Verify Docker API is accessible at http://<photonosip>:2375/info
6. Run the command below on the console or via SSH to prepare the OS for cloning.
echo -n > /etc/machine-id
7. Shutdown the vApp
8. Navigate to the Guest OS Customization tab of the VM’s properties
9. Enable guest customization, set the default password changeme, and force a password change on first login as shown in the screenshot below.
10. Add a vApp Template to the Catalog from this vApp
Create Admiral vApp Template
Admiral runs as a container on a Photon OS VM. A dedicated vApp Template will be created for Admiral and added to the vCD Catalog. While creating a vApp Template isn’t required for a tenant, it is a suggested step that a vCAN provider should perform to make the provision of Admiral easier.
1. Navigate to the My Cloud tab in the vCloud Director UI
2. Deploy the Photon OS vApp Template created previously and name it Admiral
3. Power on the vApp and run the following commands on the console or via SSH (default credentials are root/changeme). This script creates an Admiral container and configures it to automatically start on boot.
# Create Admiral container
docker run -d -p 8282:8282 --name admiral vmware/admiral
# Create service definition for Admiral
cat << EOF > /etc/systemd/system/docker-admiral.service
[Unit] Description=Admiral container Requires=docker.service After=docker.service [Service] Restart=always ExecStart=/usr/bin/docker start -a admiral ExecStop=/usr/bin/docker stop -t 2 admiral [Install] WantedBy=default.target EOF
# Make Admiral service definition file executable
chmod 766 /etc/systemd/system/docker-admiral.service
# Make Admiral service automatically start on boot
systemctl enable docker-admiral.service
4. Verify Admiral is available at http://<admiralip>:8282
5. Run the command below on the console or via SSH to prepare the OS for cloning.
echo -n > /etc/machine-id
6. Shutdown the vApp
7. Add a vApp Template to the Catalog from this vApp as well
Provision Admiral and Photon OS
At this point, there should be vApp Templates for both Photon OS and Admiral in the catalog. The next step is to provision the vApps and VMs to create the container platform.
1. Deploy and power on an Admiral vApp in a tenant Org vDC
2. Deploy and power on 2 or more Photon OS VMs. Note: the Photon OS VMs don’t have to be in the same vApp as Admiral, however, provisioning the VMs in the same vApp will help make the container infrastructure easier to manage.
3. Once the Admiral vApp is powered up, connect to the management UI using the external IP http://<admiralip>:8282
4. For each Photon OS VM provisioned, follow these steps to manage them with Admiral
5. Click Add Host
6. Enter the requested fields using the format http://<photonip>:2375 for the Address field.
7. A new credential will need to be added for the first host. The default credentials are root / changeme.
8. Click Verify to validate host connectivity
9. Click Add
10. At this point, Admiral should have all of the Photon OS hosts visible on the Hosts tab
Provision Containers within Admiral
Now that you have provisioned Admiral and some Photon OS VMs, it’s finally time to start provisioning some containers.
- Connect to Admiral at http://<admiralip>:8282
2. Click Templates
3. Locate a Template to deploy. For this guide, click Provision under library/nginx template
4. The status of the provisioning process will display
5. Click Resources / Containers to view provisioned containers
6. Click Details
7. Click on the URL on the ports property
8. A new browser tab should open and connect to the new nginx container
To summarize, deploying containers in vCloud Air Network environment using VMware Admiral and VMware Photon OS can be performed with little effort while providing a robust container platform. To learn more about Admiral in general, check the official wiki at https://vmware.github.io/admiral/. The official VMware Admiral user guide at https://github.com/vmware/admiral/wiki/User-Guide is also a great reference for what to do next.
Stay tuned here for additional Container related topics with vCloud Air Network providers.