Changes from v0.6.0 v0.6.0...v0.7.0

This release is primarily addressing functional and usability issues.

Features:

  • support for static IP addresses for the API endpoint
  • proxy support for pulling images
  • client authentication via TLS certificates - also secures the vicadmin server via client certificate
  • initial support for restart/upgrade of the endpoint VM
  • specify container cpu and memory during creation

Of note:
If a container is started and subsequently attached to, only output generated by the container after the attach completes will be seen - docker logs can be used to obtain the entire output over the life of the container.

If an attach is done prior to start, e.g. run -it or start -ai, we delay launching the container process until the attach has completed as we infer from the operation ordering a desire to receive all output from process launch onward.

Attaching to a containerVM inhibits that VM from vMotioning, detaching removes that inhibition:

  • to launch a container without attaching, use start or run -d
  • to detach from a TTY enabled container, using Ctrl-P Ctrl-Q
  • to detach from a non-TTY enabled container, kill the docker client via a different terminal
  • issues still exist with container logs when vMotioning containers

Resolved Issues

  • VIC Engine UI is not functioning [#2410]
  • Virtual machine does not shut down as expected. #2393
  • Property collector error: context deadline exceeded on container start #2372
  • Docker inspect and docker list and other functions do not include an exit time for containers in this release. #2366
  • Short lived containers might get into a state where docker rm does not remove the container.#2344
  • Docker inspect container does not get the container IP address. #2328
  • Container start fails to start a container with error. #2327
  • Containers fail to connect to each other using exposed ports in a network. #2295
  • Container names not resolved in a bridge network. #2294
  • Unable to wait for process launch status #1878
  • docker info does not show set limits on CPU and memory values. #1838
  • docker ps does not show ports #1701
  • Restarting a stopped container from attach fails with "already bound" #1086
  • CPU and Memory in info do not reflect resource pool limits. #861

Known Issues

  • VCH Admin shows network failure when virtual container host uses a proxy. #3213
    If a virtual container host is configured to use a proxy, the VCH Admin status page shows a network failure even if connectivity through the proxy is working.

  • Virtual container host does not work if management interface is not Layer 2 adjacent to vSphere management endpoints. #3081
    In vSphere Integrated Containers 0.7.0 one of the interfaces and gateways that you configure on the networks is selected randomly to serve as the default route on the virtual container host. However, the external interface should have the default route. As a consequence, if the external interface gateway is selected as the default route, all vSphere management traffic that is not L2 adjacent to the management interface of the virtual container host is routed out of the external interface. In all reasonable security configurations, this traffic will not reach the target.

    Workaround:

    1. Use vic-machine debug to enable SSH access to the virtual container host.
    2. Login to the VCH via SSH
    3. Ensure the default route is on the external interface.
    4. Add routes to the management network as required.
    # ip addr
    <list of interfaces>
    # route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.1.254 dev eth1 
    
    • Replace eth1 with the interface that has the management IP in the address list returned by the ip addr command.
    • Replace 192.168.2.0 with the network address of the network to route over the management gateway.
    • Replace 255.255.255.0 with the netmask for the network to route over the management gateway.
    • Replace 192.168.1.254 with the IP address of the management gateway.
  • vic-machine delete does not recognize virtual container hosts that were not fully created. #2981
    vic-machine delete fails when you run it on a virtual container host that was not fully created.

    Workaround: Manually delete any components of a partial installation, for example, the virtual container host vApp, the endpoint VM, and datastore folders.

  • Setting a static IP address on the virtual container host without specifying --dns-server defaults to the specified gateway. #3060

    The DNS server should default to 8.8.8.8 and 8.8.4.4 if --dns-server if it is not specified.

    Workaround: When setting a fixed IP address use --dns-server 8.8.8.8 and --dns-server 8.8.4.4 to set the DNS server explicitly.

  • A single image cannot currently contain multiple tags. #1638

    You cannot tag the same image with multiple repositories.

  • Incorrect gateway example in --container-network-gateway help 1741

    The help text for vic-machine's option --container-network-gateway value, --cng incorrectly gives the example of a network range instead of the actual gateway address. A more proper example is e.g. vsphere-net:172.16.1.1/16. In additon, please note that we will be removing the CIDR specification from the gateway configuration in a future release.

  • Container fails to shut down with Error response from daemon: server error from portlayer : [DELETE /containers/{id}][500] containerRemoveInternalServerError. #1823

    Workaround: Developers: run docker create again. Administrators: Un-register and re-register the VM in the vSphere UI.

  • Mounting directories as a data volume using the -v option is not supported. #2303

  • When you pull a large sized image from Harbor into a virtual container host, you get an error that the /tmp partition reached capacity. #2595

    docker: Failed to fetch image blob: weblogic/test_domain/sha256:3bf21a5a3fdf6586732efc8c64581ae1b4c75e342b210c1b6f799a64bffd7924 returned download failed: write /tmp/3bf21a5a3fdf346188145: no space left on device.

    Workaround: Deploy the virtual container host with --appliance-memory=4096 which increases the appliance memory configuration.

  • Installing the virtual container host using a short hostname fails. #2582
    Workaround:

    • The IP address that you provide to vic-machine create target must be reachable on the management network.
    • If you use a DNS name instead of an IP address, the virtual container host endpoint VM must be able to resolve the name using the DNS server that is configured either by DHCP or by the vic-machine create --dns-server option. There is no default search domain, so use the FQDN.
  • Pulling all tagged images in a repository is not supported. #2724

    vSphere Integrated Containers only attempts to pull the latest tagged images.

  • Misleading error message appears when you run out of memory on ESXi. #2840

  • vSphere Integrated Containers fails to delete the vApp that remains after a virtual container host creation fails. #2853

  • rmi on VSAN fails with error "Cannot delete file" #2384
  • The docker personality is currently tied to API 1.23, which corresponds to CLI 1.11. #2368
  • Inconsistent license check reporting between vic-machine and vic-admin #2305
  • Virtual Container Host is unresponsive in a cluster with DRS and HA enabled. #2298

    DRS and HA are not supported in this release.
  • Container VM fails to start on VIC backed by a VVOL datastore. #2242

    VVOL datastores are not supported in this release.
  • Attaching the same container from multiple terminals causes problems. #2214
  • vic-machine create prompts you for a password without allowing time to enter it and the VCH deployment fails with an incorrect username and password error. #2152
  • --net=none is not supported. #2108
  • VCH restarts if required process cannot be restarted. #2099

    The system attempts to restart a finite number of times, then reports an error, leaving the VCH up and running to download logs. Instead, VCH immediately reboots.
  • vic-machine does not support secure test registries. #2103
  • vic-machine incorrectly assumes conf.ImageStores[0] is the appliance datastore. #1884
  • When some of the hosts in the cluster are not attached to the dVS and do not have access to the bridge network, the error message is not easily readable. #1647
  • Allowing and configuring insecure registries is not supported. #1486
  • Image manifest validation for pulled images is not supported. #1331
  • Setting up overlay networks is not supported. #1222

    Error response from daemon: scope type not supported
  • vic-machine can connect to the target but the VCH appliance cannot. #1160

    The VCH cannot get an IP address on the management network or does not have a route to the specified target.
  • Adding folder options to vic-machine is not yet implemented. #773
  • Adding mapped vSphere networks to running containers is not yet implemented. #745
  • Adding bridge networks to running containers is not yet implemented. #743
  • Mapping an existing vSphere level network into the Docker network to explicitly provide a container with a route not through the VCH appliance is not yet implemented. #441
  • volume ls ignores filters #1718

  • docker run busybox behaves incorrectly #1687

    The container configuration between vSphere Integrated Containers Engine and Docker containers is different in that vSphere Integrated Containers Engine attempts to attach to a container and Docker exits immediately.

  • docker ps -n shows stopped containers that have been created, but not started, for the state of the container #1545

  • Incorrect image digest format sent to Docker client #1484

    docker images --digests is not supported.

    Workaround: Pull images by tag instead.

  • After a fresh virtual container host deployment, containers sometimes start up and shut down immediately #1457

  • docker pull results an "already exists" error #1409

    When performing docker pull busybox, a context deadline occurs on the port layer, causing an inconsistent state. Pulls can take a very long time with a slow network connection.

  • vic-machine create validation fails if a dvSwitch exists on an ESXi target #729

  • Root user support #1279

    vSphere Integrated Containers Engine does not support root users inside containers.
  • The log server does not require authentication and might expose sensitive system information.

    Debug logging is enabled in this release. This can potentially expose the path and identity of system resources over HTTP via the vicadmin portal. Plain-text passwords are not exposed.
  • Using anonymous volumes

    To use anonymous volumes with docker create -V, you must specify a default volume store when you run vic-machine create to create the virtual container host. For example, ./vic-machine create <...> --volume-store default:datastore1/anonymousVolumes

Download Binaries

https://bintray.com/vmware/vic/Download/v0.7.0

Installation

For instructions about how to deploy a vSphere Integrated Containers Engine v0.7.0 virtual container host, see vSphere Integrated Containers Engine Installation HTML | PDF | Source.

Using vSphere Integrated Containers Engine

For more details on using vSphere Integrated Containers Engine v0.7.0 see the general usage doc in Github, or the current drafts of the end user documentation on https://vmware.github.io/vic:

  • vSphere Integrated Containers Engine Installation HTML | PDF | Source.
  • vSphere Integrated Containers Engine for vSphere Administrators HTML | PDF | Source
  • Developing Container Applications with vSphere Integrated Containers Engine HTML | PDF | Source

Open Source Components

The copyright statements and licenses applicable to the open source software components distributed in vSphere Integrated Containers Engine are available in the LICENSE file.