Home > Blogs > vCloud Architecture Toolkit (vCAT) Blog


Hybrid Container Management for vCloud Director with Photon OS and Admiral

Running Photon OS and Admiral in a vCloud Air Network Environment

VMware’s container story is growing and maturing every day. Many vCloud Air Network (vCAN) customers are looking to see how VMware’s container strategy maps to vCAN providers.  This is the first in a series of blog posts to help illustrate how VMware technologies can be leveraged to provide a robust and flexible environment for containers.  This first step is focused on creating a solid foundation for running containers using VMware Photon OS™ and VMware Admiral™.

Photon OS™ is a minimal open source Linux distribution optimized for VMware’s virtualization platform.  The main site for documentation and downloads for Photon OS™ is on the GitHub site https://vmware.github.io/photon/.

Admiral™ is VMware’s container management platform, which is a very light weight and scalable application.  Like Photon OS™, Admiral™ is also open source.  The main site for Admiral™ is available on its GitHub site at https://vmware.github.io/admiral/.

The diagram below gives a high-level view of what will be demonstrated with Admiral™ and some Photon OS™ VMs contained with a vCloud Director vApp.

Container 1

Create Photon OS vApp Template

In this section, a vApp Template for Photon OS will be created and published in the vCD Catalog.  All Photon OS container hosts will be deployed from this new template.

1. Download the Photon OS OVA from https://vmware.github.io/photon/

2. Navigate to the My Cloud tab in the vCloud Director UI

3. Create a vApp using the OVA

Container 2

Container 3

4. Power on the vApp and run these commands on the console or via SSH (default credentials are root/changeme).  This script updates Photon OS, sets Docker to automatically start on boot, and enables Docker API access on tcp port 2375.

# Update Photon OS Packages

tdnf -y update

# Stop Docker

systemctl stop docker

# Enable Docker API on tcp port 2375

echo 'DOCKER_OPTS="-H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock"' > /etc/default/docker 

# Set Docker to automatically start on boot

systemctl enable docker

# Start Docker

systemctl start docker

 # Create service definition to allow tcp port 2375 through firewall

cat << EOF > /etc/systemd/system/iptables-port-2375-open.service

[Unit]

Description=Create Iptables rule to allow inbound traffic to port 2375

After=iptables.service

Requires=iptables.service

[Service]

Type=oneshot

ExecStart=/usr/sbin/iptables -A INPUT -p tcp --dport 2375 -j ACCEPT

ExecStop=/usr/sbin/iptables -D INPUT -p tcp --dport 2375 -j ACCEPT

TimeoutSec=0

RemainAfterExit=yes

[Install]

WantedBy=iptables.service

EOF

# Make iptables-port-2375-open service definition file executable

chmod 766 /etc/systemd/system/iptables-port-2375-open.service

# Make iptables-port-2375-open service automatically start on boot

systemctl enable iptables-port-2375-open.service

# Reboot

reboot

5. Verify Docker API is accessible at http://<photonosip>:2375/info

Container 4

6. Run the command below on the console or via SSH to prepare the OS for cloning.

echo -n > /etc/machine-id

7. Shutdown the vApp

8. Navigate to the Guest OS Customization tab of the VM’s properties

9. Enable guest customization, set the default password changeme, and force a password change on first login as shown in the screenshot below.

Container 5

10. Add a vApp Template to the Catalog from this vApp

Container 6

Create Admiral vApp Template

Admiral runs as a container on a Photon OS VM.  A dedicated vApp Template will be created for Admiral and added to the vCD Catalog.  While creating a vApp Template isn’t required for a tenant, it is a suggested step that a vCAN provider should perform to make the provision of Admiral easier.

1. Navigate to the My Cloud tab in the vCloud Director UI

2. Deploy the Photon OS vApp Template created previously and name it Admiral

Container 7

3. Power on the vApp and run the following commands on the console or via SSH (default credentials are root/changeme).  This script creates an Admiral container and configures it to automatically start on boot.

# Create Admiral container

docker run -d -p 8282:8282 --name admiral vmware/admiral

# Create service definition for Admiral

cat << EOF > /etc/systemd/system/docker-admiral.service
[Unit]

Description=Admiral container

Requires=docker.service

After=docker.service

[Service]

Restart=always

ExecStart=/usr/bin/docker start -a admiral

ExecStop=/usr/bin/docker stop -t 2 admiral

[Install]

WantedBy=default.target

EOF

# Make Admiral service definition file executable

chmod 766 /etc/systemd/system/docker-admiral.service

 # Make Admiral service automatically start on boot

systemctl enable docker-admiral.service

 # Reboot

reboot

4. Verify Admiral is available at http://<admiralip>:8282

Container 8

5. Run the command below on the console or via SSH to prepare the OS for cloning.

echo -n > /etc/machine-id

6. Shutdown the vApp

7. Add a vApp Template to the Catalog from this vApp as well

Container 9

Provision Admiral and Photon OS

At this point, there should be vApp Templates for both Photon OS and Admiral in the catalog.  The next step is to provision the vApps and VMs to create the container platform.

Container 10

1. Deploy and power on an Admiral vApp in a tenant Org vDC

2. Deploy and power on 2 or more Photon OS VMs. Note: the Photon OS VMs don’t have to be in the same vApp as Admiral, however, provisioning the VMs in the same vApp will help make the container infrastructure easier to manage.

Container 25

3. Once the Admiral vApp is powered up, connect to the management UI using the external IP http://<admiralip>:8282

4. For each Photon OS VM provisioned, follow these steps to manage them with Admiral

5. Click Add Host

Container 11

6. Enter the requested fields using the format http://<photonip>:2375 for the Address field.

Container 12

7. A new credential will need to be added for the first host. The default credentials are root / changeme.

Container 13

8. Click Verify to validate host connectivity

Container 14

9. Click Add

Container 15

10. At this point, Admiral should have all of the Photon OS hosts visible on the Hosts tab

Container 16

Provision Containers within Admiral

Now that you have provisioned Admiral and some Photon OS VMs, it’s finally time to start provisioning some containers.

  1. Connect to Admiral at http://<admiralip>:8282

Container 17

2. Click Templates

Container 18

3. Locate a Template to deploy. For this guide, click Provision under library/nginx template

Container 19

4. The status of the provisioning process will display

Container 20

5. Click Resources / Containers to view provisioned containers

Container 21

6. Click Details

Container 22

7. Click on the URL on the ports property

Container 23

8. A new browser tab should open and connect to the new nginx container

Container 24

Conclusion

To summarize, deploying containers in vCloud Air Network environment using VMware Admiral and VMware Photon OS can be performed with little effort while providing a robust container platform.  To learn more about Admiral in general, check the official wiki at https://vmware.github.io/admiral/.  The official VMware Admiral user guide at https://github.com/vmware/admiral/wiki/User-Guide is also a great reference for what to do next.

Stay tuned here for additional Container related topics with vCloud Air Network providers.