Table of Contents - VMware · • vSphere Integrated Containers- Run containers alongside existing workloads in vSphere vSphere Integrated Containers Engine (VIC) vSphere Integrated

Table of ContentsLab Overview - HOL-1730-USE-1 - vSphere Integrated Containers from A to Z ................2

Lab Guidance .......................................................................................................... 3Module 1 - Introduction to vSphere Integrated Containers (15 Minutes) ..........................8

Introduction............................................................................................................. 9VMware vSphere Integrated Containers Overview................................................ 10Installation of VIC management appliance............................................................ 21Installation and Configuration of Harbor ............................................................... 27Installation and Configuration of Admiral .............................................................. 31Conclusion............................................................................................................. 33

Module 2 - Containers and the Docker Effect (30 minutes).............................................36Introduction........................................................................................................... 37What are Containers?............................................................................................ 38Configure Project in HARBOR ................................................................................ 42Basic Docker Commands....................................................................................... 51Conclusion............................................................................................................. 63

Module 3 - Docker in the Real World (30 minutes) .......................................................... 65Introduction........................................................................................................... 66Run a container interactively ................................................................................ 67Run a container as a daemon ............................................................................... 74Run a multiple container application..................................................................... 76Conclusion............................................................................................................. 82

Module 4 - vSphere Integrated Containers: Best of Both Worlds (30 Minutes)................84Introduction........................................................................................................... 85Creating a Virtual Container Host (VCH) ............................................................... 86Using a Virtual Container Host (VCH) .................................................................... 96Conclusion........................................................................................................... 103

Module 5 - Building an Application with vSphere Integrated Containers (30 Minutes)..105Introduction......................................................................................................... 106Creating a simple NGINX app with VIC ................................................................ 107Conclusion........................................................................................................... 131

HOL-1730-USE-1

Page 1HOL-1730-USE-1

Lab Overview -HOL-1730-USE-1 -

vSphere IntegratedContainers from A to Z

HOL-1730-USE-1


Lab GuidanceNote: It will take more than 90 minutes to complete this lab. You shouldexpect to only finish 2-3 of the modules during your time. The modules areindependent of each other so you can start at the beginning of any moduleand proceed from there. You can use the Table of Contents to access anymodule of your choosing.

The Table of Contents can be accessed in the upper right-hand corner of theLab Manual.

Lab Module List:

• Module 1 - Introduction to vSphere Integrated Containers(15 minutes)(Basic) Install and Configure vSphere Integrated Containers into and existingvCenter setup.

• Module 2 - Containers and the Docker Effect(30 minutes) (Intermediate)Building application isolation with containers for consistent testing environments.Drive to faster business agility.

• Module 3 - Docker in the Real World(30 minutes) (Intermediate) What are theadvantages and disadvantages of using Docker containers in a corporateenvironment.

• Module 4 - vSphere Integrated Containers: Best of Both Worlds(30minutes) (Intermediate) Developers get what they want, while operations getwhat they know.

• Module 5 - Building an Application with vSphere IntegratedContainers(60 minutes) (Advanced) How would a developer build acontainerized application within vCenter using vSphere Integrated Containers.

Lab Captains:

• Lab-1730-USE-1 - Randy Carson, Senior Systems Engineer, USA• Lab-1730-USE-2 - Mike West, Technical Architect Cloud Native

Applications, USA

This lab manual can be downloaded from the Hands-on Labs Document site found here:

http://docs.hol.vmware.com/

This lab may be available in other languages. To set your language preference and havea localized manual deployed with your lab, you may utilize this document to help guideyou through the process:

http://docs.hol.vmware.com/announcements/nee-default-language.pdf

HOL-1730-USE-1


cme-export/hol-1730-use-1_pdf_en/[http:/docs.hol.pub/HOL-2017]http://docs.hol.vmware.com/announcements/nee-default-language.pdf

Location of the Main Console

1. The area in the RED box contains the Main Console. The Lab Manual is on the tabto the Right of the Main Console.

2. A particular lab may have additional consoles found on separate tabs in the upperleft. You will be directed to open another specific console if needed.

3. Your lab starts with 90 minutes on the timer. The lab can not be saved. All yourwork must be done during the lab session. But you can click the EXTEND toincrease your time. If you are at a VMware event, you can extend your lab timetwice, for up to 30 minutes. Each click gives you an additional 15 minutes.Outside of VMware events, you can extend your lab time up to 9 hours and 30

minutes. Each click gives you an additional hour.

Activation Prompt or Watermark

When you first start your lab, you may notice a watermark on the desktop indicatingthat Windows is not activated.

One of the major benefits of virtualization is that virtual machines can be moved andrun on any platform. The Hands-on Labs utilizes this benefit and we are able to run thelabs out of multiple datacenters. However, these datacenters may not have identicalprocessors, which triggers a Microsoft activation check through the Internet.

Rest assured, VMware and the Hands-on Labs are in full compliance with Microsoftlicensing requirements. The lab that you are using is a self-contained pod and does nothave full access to the Internet, which is required for Windows to verify the activation.

HOL-1730-USE-1


Without full access to the Internet, this automated process fails and you see thiswatermark.

This cosmetic issue has no effect on your lab.

Alternate Methods of Keyboard Data Entry

During this module, you will input text into the Main Console. Besides directly typing itin, there are two very helpful methods of entering data which make it easier to entercomplex data.

Click and Drag Lab Manual Content Into Console ActiveWindow

You can also click and drag text and Command Line Interface (CLI) commands directlyfrom the Lab Manual into the active window in the Main Console.

Accessing the Online International Keyboard

You can also use the Online International Keyboard found in the Main Console.

An error occurred.Try watching this video on www.youtube.com, or enableJavaScript if it is disabled in your browser.

HOL-1730-USE-1


1. Click on the Keyboard Icon found on the Windows Quick Launch Task Bar.

Click once in active console window

In this example, you will use the Online Keyboard to enter the "@" sign used in emailaddresses. The "@" sign is Shift-2 on US keyboard layouts.

1. Click once in the active console window.2. Click on the Shift key.

Click on the @ key

1. Click on the "@" key.

Notice the @ sign entered in the active console window.

HOL-1730-USE-1


Look at the lower right portion of the screen

Please check to see that your lab is finished all the startup routines and is ready for youto start. If you see anything other than "Ready", please wait a few minutes. If after 5minutes you lab has not changed to "Ready", please ask for assistance.

Client Integration Plugin

If this box pops up during the use of this lab, please just select OK.

HOL-1730-USE-1


Module 1 - Introduction tovSphere Integrated

Containers (15 Minutes)

HOL-1730-USE-1


IntroductionThis module is going to jump right into exploring vSphere Integrated Containers (VIC),how to find and download required files, and the installation of its related componentsbefore the next module back-tracks a bit to discuss containers and Docker tools.

This Module contains the following lessons:

• Define vSphere Integrated Containers (VIC) as a solution that include the VICengine, Harbor, and Admiral

• Installation of VIC management appliance• Installation and configuration of Harbor• Installation of Admiral

HOL-1730-USE-1


VMware vSphere IntegratedContainers OverviewVMware vSphere Integrated Containers is comprised of 3 main components, thevSphere Integrated Containers Engine, Harbor, and Admiral - all of which are availableas open source on GitHub, a public web-based version control repository.

Components of vSphere Integrated Containers

• Admiral - Highly Scalable Container Management Platform• Harbor - An Enterprise-class Container Registry Server based on Docker

Distribution• vSphere Integrated Containers - Run containers alongside existing workloads

in vSphere

vSphere Integrated Containers Engine (VIC)

vSphere Integrated Containers Engine (VIC) is a container runtime for vSphere thatallows developers familiar with Docker to develop in containers and deploy themalongside traditional VM-based workloads on vSphere clusters.

A traditional container environment consists of one or more container hosts, usually alinux OS running on a physical or virtual machine, and the containers that live withinthem. Docker gives us the ability to import images into those containers, but afterinstantiation they are tied to a specific container host. One of the challenges thiscreates is that the container host has a limited set of resources. To expand resources,you would need to shut down all of the containers, then the container host, add

HOL-1730-USE-1


resources (physical or virtual), and power everything back up before more containerscan be created. Portability of those containers becomes another challenge as they aretied to the host operating system's kernel and can't be moved from one container hostto another.

VIC eliminates the need for a traditional linux OS based container host and allows us toget around these management issues. VIC's technology uses vSphere ESXi hosts andresource pools to define capacity and builds containers using extremely slim VMconstructs. Using new instant cloning technology in vSphere 6 we can deliver the same"instant on" container experience alongside the security, portability and isolation of aVM. This gives you the ability to run container VMs alongside traditional VMs in yourcurrent VMware environment and makes the container a first class citizen of the ESXihypervisor. This allows for these workloads to be managed through the vSphere UI in away familiar to existing vSphere admins.

How VIC works

Developers can continue to use their docker client to execute docker commands againsta container host, here called the Virtual Container Host (VCH). The VCH is built as aresource pool inside of a specified cluster. When the VCH is created, a Docker endpointVM is also created, which receives and translates the Docker commands to the VCH andcontainers. For example, if the VCH receives the "run" or "build" commands, it tellsvCenter to instantiate a VM running the Photon OS kernel and unpack the Docker imageinto that VM. Other docker commands are translated and executed against thecontainers of that VCH. Because the VCH is seen as a resource pool, to increase theirresources, just add another host to the cluster to increase the capacity of the resourcepool without stopping any of the containers or vSphere ESXi hosts. This presents theopportunity to reduce the number of traditional container hosts deployed perdevelopment team.

Images for the container host are stored in a shared datastore so that all containersusing that VCH have access to them. This will greatly reduce the number of duplicate

HOL-1730-USE-1


images being used across multiple container hosts in a traditional containerenvironment.

VCH Networking

There are 4 possible networks options when creating a VCH. When you create a VCH,the Container Bridge Network is the only mandatory option. Here is a short descriptionof each type of network option

1. vSphere Management Network is used to communicate with vCenter and thehosts as needed. In addition, the tether within the containers are expected to

HOL-1730-USE-1


use the management network to connect with the VCH (using either serial-over-LAN or vSocket,etc)

2. Docker Management Endpoint Network can be used to isolate the dockerendpoint from the more public network. This will basically allow for a"management" network for Docker without requiring the Docker clients to haveaccess to the vSphere Management network

3. External Network is used to publish network services of a container instead ofusing the default bridged network. This is very useful in avoiding the VCH as asingle point of failure. If an external network is not defined, the VCH will attach tothe default "VM Network" for publishing external network services.

4. Container Bridge Network(s) is the network used for containers to communicatewith each other. With VIC you can setup multiple bridged networks

NOTE: VIC does not support the host networking driver for docker. Since each runningcontainer is a VM, the networking stacks cannot be shared as with host modenetworking.

NOTE: These descriptions are from github.com/vmware/vic

VCH datastore

There are three datastore command line options for a VCH. When you create a VCH, theimage datastore is the only mandatory option. Here is a short description of each typeof datastore option

HOL-1730-USE-1


1. The image-datastore is where all the container image files are kept. A foldercalled VIC will be created on the datastore specified and all image files will beplaced in that folder. There will only be one VIC folder per datastore. Each VCHwill have its own folder under VIC to store the cached images from the dockerregistry.

2. The container-datastore is used to store the VM files that make up each container.By default when you create a VCH, a container-datastore is created with the

same name as the VCH.3. A volume-store points to a folder location on a specified datastore and can be

used as a shared volume for multiple VCHs. Containers can then attach to thisvolume and share data or have a persistent data location.

HOL-1730-USE-1


VCH creation

A VCH is created through the CLI of the VIC Management VM. In this example, you seethe command used to create a VCH. The output includes the information needed toattach to that VCH as well as gather the logs from the VCH. We will be going into more

HOL-1730-USE-1


details of how the commands work in the next lesson. Also notice the vic-admin portaladdress which will be discussed next.

VIC-admin Portal

By browsing to the vic-admin portal address you can see most of the same informationbut more importantly you can gather the logs for one or more parts of VIC containerengine. Also note the docker endpoint address and port..

HOL-1730-USE-1


Latest information

You can stay up to date with the latest information on VIC by going tohttps://vmware.github.io/vic/ and scrolling down to the "Getting Started" section.

HOL-1730-USE-1


https://vmware.github.io/vic/

VMware Harbor Overview

VMware Harbor is an enterprise-class registry server that stores and distributes Dockerimages. Harbor extends the open source Docker Distribution project by adding thecapabilities usually required by an enterprise, such as identity, security andmanagement. As an enterprise private registry, Harbor offers better performance andsecurity. Having a registry closer to the build and run environment improves the imagetransfer efficiency. Harbor supports the setup of multiple registries and imagereplication between them. With Harbor, the images are stored within the privateregistry, keeping the bits and intellectual property behind the company firewall. Inaddition, Harbor offers advanced security features, such as user management, accesscontrol and activity auditing.

Features of VMware Harbor

• Role based access control: Users and repositories are organized via 'projects'and a user can have different permission for images under a project.

• Image replication: Images can be replicated (synchronized) between multipleregistry instances. This is great for load balancing, high availability, hybrid andmulti-cloud scenarios.

• Graphical user portal: User can easily browse or search repositories andmanage projects.

• AD/LDAP support: Harbor integrates with existing enterprise AD/LDAP for userauthentication and management.

• Auditing: All the operations to the repositories are tracked.• RESTful API: RESTful APIs for most administrative operations are easy to

integrate with external systems.• Easy deployment: includes docker compose and offline installer capabilities.

HOL-1730-USE-1


Latest information

You can stay up to date with the lates information on HARBOR by going to this websitehttps://vmware.github.io/harbor/ and scrolling down to the "Getting Started" section.

VMware Admiral Overview

Admiral™ is a highly scalable and very lightweight Container Management platform fordeploying and managing container based applications. It is designed to have a smallfootprint and boot extremely quickly. Admiral™ is intended to provide automateddeployment and life cycle management of containers.

Features of VMware Admiral

• Rule-based resource management - Setup your deployment preferences tolet Admiral™ manage container placement.

HOL-1730-USE-1



• Live state updates - Provides a live view of your system.• Efficient multi-container template management - Enables logical multi-

container application deployments.

Latest information

You can stay up to date with the lates information on Admiral by going to this websitehttps://vmware.github.io/admiral/ and scrolling down to the "Getting Started" section.

HOL-1730-USE-1



Installation of VIC managementapplianceIn this lesson we will show you the process of setting up the VIC management appliance.There aretwo possible methods of pulling down the OSS code for building the VIC

management appliance - pulling the source code and building locally or grabbing thecompiled binaries directly from GitHub. We will be reviewing both processes.

NOTE: Because both of these methods require internet access, which this lab does nothave, we have already deployed a Photon OS based VM we will be using for our VICmanagement VM and performed these actions. The steps detailed below are forreference only.

HOL-1730-USE-1


Getting VIC code through GitHub

NOTE: This will not work as there is no internet connection for this lab.

The VIC management console OSS source code is listed at the following webpage https://github.com/vmware/vic. You will see the code repository as shownhere.

HOL-1730-USE-1


Pull the source code from GitHub.com

NOTE: These commands will not work as there is no internet connection for this lab.

NOTE: These steps have already been done for this lab. You will NOT do them in thislab, for reference only

You would use the following command to pull the source code from GitHub:

git clone https://github.com/vmware/vic

Once downloaded, go to the "vic" directory by typing:

cd vic

To build the binaries, type:

docker run -v $(pwd):/go/src/github.com/vmware/vic -w /go/src/github.com/vmware/vic goland:1.6make all

NOTE: This process can take some time to complete.

Verify the binaries

Change directories to "bin", type:

cd bin

and press enter

List the directory content, type:

ls

and press enter. You should see a listing of the binaries as shown here.

HOL-1730-USE-1


Downloading the VIC binaries


The VIC binaries are at the following web page, in a browser go to: https://bintray.com/vmware/vic-repo/build You will see the latest build at the top of the list. These buildnumber change constantly, so check back often. In this lab we are using build 3149,and as you can see there are more recent builds.

HOL-1730-USE-1


Downloading the VIC binaries

1. Click on the Files link2. Click on the vic_3149.tar.gz link. After the file has been downloaded, transfer

the file to the VM you are using as the VIC Management host.

NOTE: This file has been transferred to the management appliance for you.

Uncompress the zipped file

NOTE: This is an example ONLY if you would like to copy the decompressing commandto do in your own lab, please do so. The command is tar -zxvf vic_2148.tar.gz.NOTE: You will see the latest build as shown here. The build number "3149" will be

different as this is an active project and new builds are uploaded constantly.

HOL-1730-USE-1


Configuring the VIC Engine

Once we have the binaries ready on our VIC Management host, we're ready to move on!Configuration of the VIC engine and instantiation of new Virtual Container Hosts will becovered in modules 4 and 5. Next let's look at how Harbor and Admiral play in theenvironment and how to get started with them.

HOL-1730-USE-1


Installation and Configuration ofHarborIn this lesson we will walk through the installation of Harbor and configure a project andusers to use later in this lab.

NOTE: There is no internet access for this lab, so the installation steps have been donefor you. You will need to do the configuration of a new project.

HOL-1730-USE-1


Getting Harbor code through GitHub


The Harbor OSS code can be downloaded from https://github.com/vmware/harbor/releases You will see multiple download types that you can choose. Please choose thebest for your situation.

Uncompress the zipped files

NOTE: This is an example ONLY, if you would like to copy the decompressing commandto do in your lab, please do so. The command is:

HOL-1730-USE-1


https://github.com/vmware/harbor/releaseshttps://github.com/vmware/harbor/releases

tar -zxvf harbor-offline-installer-0.4.0.tgz

Note: the name of the harbor file will be different from what you see here. Replace thisfilename with the one you downloaded.

Configure Harbor.cfg file

You will need to configure Harbor to work with your specific environment. To do this youwill edit the harbor.cfg file. Change directory into the new created folder "harbor" anduse your favorite editor to edit the harbor.cfg file. You can see those steps in the screenshot above. Follow the comments in the file to add your environment specific settings.You can also refer to https://github.com/vmware/harbor/blob/master/docs/

installation_guide.md for details on how to edit this file.

HOL-1730-USE-1


https://github.com/vmware/harbor/docs/installation_guide.mdhttps://github.com/vmware/harbor/docs/installation_guide.mdhttps://github.com/vmware/harbor/docs/installation_guide.mdhttps://github.com/vmware/harbor/docs/installation_guide.md

Installing Harbor

Prerequisites: Be sure to have the following software installed on the machine you areusing for Harbor.

1. Python version 2.7 or higher2. Docker engine version 1.10 or higher3. Docker-compose version 1.6.0 or higher

Now that the harbor.cfg file has been edited and the prerequisites are installed, you runthe command:

docker-compose up -d

from the harbor directory

HOL-1730-USE-1


Installation and Configuration ofAdmiralIn this lesson we will walk through the installation and configuration of Admiral.

NOTE: There is no internet access for this lab, but we will do this installation later inmodule 4.

Getting Admiral code from Docker Hub

Admiral has been put up on the docker hub site as a container image. To pull down and/or run Admiral, you simply need to type:

docker run -d -p 8282:8282 vmware/admiral

HOL-1730-USE-1


Admiral Portal

To open the Admiral portal you will need to

1. Click on the Google Chrome browser icon2. Select the Admiral bookmark

As you can see the the Dev_Desktop docker daemon has already been connected to theAdmiral Portal. We have started gathering statistics on the health of the container host.We will be using this more in lesson 4 and 5.

HOL-1730-USE-1


ConclusionIn this lesson you learned about vSphere Integrated Containers and the 3 products thatmake up this bundle. We learned about the architecture of vSphere IntegratedContainers Engine (VIC). We presented some challenges that containers has and howwe can solve them with VIC. We also went through the 2 different methods of creatingthe management console binaries. We gave a brief description and feature overview ofVMware Harbor and VMware Admiral. We also installed and configured Harbor andinstalled Admiral.

HOL-1730-USE-1


You've finished Module 1

Congratulations on completing Module 1.

You can find additional information using the links below:

• For more information on vSphere Integrated Containers Engine go to:http://vmware.github.io/vic

• For more information on the github method go to: http://github.com/vmware/vic• For more information on the bintray method go to: http://bintray.com/vmware• For more information on VMware Harbor go to: http://vmware/github.io/harbor• For more information on VMware Admiral go to: http://vmware.github.io/admiral

Proceed to any module below which interests you most.

• Module 2 - Containes and the Docker effect(30 minutes) (Intermediate)Building application isolation with containers for consistent testing environments.Drive to faster business agility.

• Module 3 - Docker in the real world(30 minutes) (Intermediate) What are theadvantages and disadvantages of using Docker containers in a corporateenvironment.


• Module 5 - Building an application with vSphere IntegratedContainers(60 minutes) (Advanced) How would a developer build acontainerized application within vCenter using vSphere Integrated Containers.

HOL-1730-USE-1


http://vmware.github.io/vichttp://github.com/vmware/vichttp://bintray.com/vmwarehttp://vmware/github.io/harborhttp://vmware.github.io/admiral

How to End Lab

You can continue on to the next module. However, if you would like to end the lab nowclick on the END button.

HOL-1730-USE-1


Module 2 - Containers andthe Docker Effect (30

minutes)

HOL-1730-USE-1


IntroductionThis module contains the following lessons:

• What are containers? A brief description of what a container is and what dockerhas done for containers.

• Basic Docker commands. We will go through some basic docker commands likepull, ps, run, start, commit, push, and rm and show how they are used, and givesome examples.

HOL-1730-USE-1


What are Containers?Let's quickly go over a brief description of containers and related technology.

A Container Is...

... an isolation unit created by process and resource virtualization at the operatingsystem level. Unlike VMs, which each run their own OS with a separate kernel,containers share the same operating system kernel that they are run on. A containercombines kernel cgroups and namespaces to provide an isolated environment for theservice it provides. Containers are not like traditional workloads running as physical orvirtual machines that are patched and maintained during a lengthier lifecycle. They aremeant to be replaced. When a container is run, it typically executes a single service orapplication.

Containers provide developers the ability to run on a consistent platform. As long as acontainer has access to a linux kernel and the container daemon (ie..libvirt), it can runon any distribution with any configuration under it. These required components formwhat is referred to as a Container Host.

HOL-1730-USE-1


Challenges for Containers

As containers get adopted by corporations, there are a few challenges to keep in mind.

1. Data persistence : All data within a container is destroyed when the container isshut down. The data in a container needs to be written to an external volumeattached to the container or through a datastore container attached to a volume.

2. Securing a container : Once a user finds a way to break out of the container theywill have root access to the container host. SE linux is a possible solution but todeploy and maintain across hundreds if not thousands of containers is a bigchallenge. VMware implements our open source security solution, VMwareLightwave, to solve these issues around securing containers and the Photon OSthey run on.

3. Complex network : Introducing security through networking can be a realchallenge for containers. The default container network is based on a bridgeadapter created off the host's primary ethernet adapter. To put containers onmultiple subnets or VLANs on that host is not an easy task.

HOL-1730-USE-1


What does Docker do for containers

Docker introduced the idea of creating images out of containers. These images resideon a layered filesystem. Each layer consists of a change made to a container. Thisallows for quick image updates and downloading of new images. You can build animage from a container that you created or you can download an existing image, updateit and then commit the changes into a new image. These images can reside locally in aprivate registry like VMware Harbor or in a publicly available registry, like DockerHub.

HOL-1730-USE-1


Infrastructure Need for Containers

As stated before, a container only requires a linux kernel and an appropriate daemon torun it. Photon OS is a minimal OSS (open-source software) Linux container hostoptimized for VMware vSphere. VMware's distribution is a great fit for building yourcontainerized applications because it is lightweight and comes pre-built with the mostcommon container formats like Docker, Rocket and Garden. VMware's goal with PhotonOS is to provide a linux distribution with an extremely small footprint that can be easilydistributed across your private or public cloud.

HOL-1730-USE-1


Configure Project in HARBORFor this module, we will setup a project or private registry for use with our containerhost. Before we start using DOCKER commands lets create a registry to use as we buildout own containers.

Open the HARBOR web page - Please do these steps

From the Main Console desktop open the Chrome browser and go to the FQDN or IPaddress of your HARBOR machine.

1. Click on the Google Chrome icon on the desktop2. Select the HARBOR bookmark

HOL-1730-USE-1


Login into HARBOR

1. Username : admin2. Password : VMware1!3. Select Sign In

HOL-1730-USE-1


Create a new user

For this step we will be adding a project to HARBOR for use with both the privateDOCKER desktop for traditional DOCKER development and also with the VIC engine.One of the advantages that HARBOR has over other private registries is that we added

role based access and replication capabilities. By setting up another project, we canshow how to assign permissions to that user with role-based access. For this lab we willnot be setting up replication but you can look through those setting or read about howto do that in the HARBOR documentation at https://github.com/vmware/HARBOR/docs/installation_guide.md.

We will start by adding a new user. We will be using the local database for the lab usersbut you can also use a LDAP or AD source.

1. Click on Admin2. Select Add User

Add User

For this step we will create 2 users for use later in this lab. Fill in the required fields(remember that it is easiest to select the applicable text below and drag it to the correctfield box in the lab UI):

1. Username: Jane2. Email: [email protected]. Full Name: Jane4. Password: VMware1!5. Confirm Password: VMware1!

HOL-1730-USE-1


https://github.com/vmware/harborhttps://github.com/vmware/harborhttps://github.com/vmware/harbor

6. Comments: User

Select Add and confirm by selecting OK

1. Username: Mark2. Email: [email protected]. Full Name: Mark4. Password: VMware1!5. Confirm Password: VMware1!6. Comments: Developer

Select Add and confirm by selecting OK

HOL-1730-USE-1


HOL-1730-USE-1


Create a New Project

To create a new project or library to store images in:

1. Click on Projects2. Click on New Project3. Type vmworld for the project name. NOTE: The name has to be lower case4. Click on Save

HOL-1730-USE-1


Assign Users to the Project

To add a user to this project

1. Select the project name: vmworld2. Click Users3. Select Add Member4. Type in the member name: Mark5. Select the role: Developer6. Click on Save

Log out as Admin

1. Select the admin2. Select Log Out

HOL-1730-USE-1


Log in as Mark

To verify the new user vicadmin's account.

1. Username: mark2. Password: VMware1!3. Select Sign In

Project Summary

Notice that the user we just created has access to 2 projects and 1 specifically of hisown, listed under "My Projects"

HOL-1730-USE-1


Log out of HARBOR

1. Select the Mark2. Select Log Out

HOL-1730-USE-1


Basic Docker CommandsIn this lesson we will start using some very basic Docker commands. This lesson isintended to get you familiar with the interface and command line that Docker uses.Some of the commands that we will use are pull, ps, run, start, commit, push, and rm.

NOTE: All text in CLI Commands can be selected and dragged into the PuTTY sessionfrom the manual. If you don't want to type out the command please select the textfrom the manual and drag to the PuTTY window.

Open PuTTY

First we need to attach to our standalone container host, called Dev_Desktop. This isrepresentative of what a developer uses today.

Double click on the PuTTY icon on the desktop of the Main Console.

HOL-1730-USE-1


Attach to the Developer Desktop VM

1. Double click on the Dev_Desktop saved session

HOL-1730-USE-1


Verify Docker is running

At the command prompt, type or select and drag the text to the PuTTY window

docker version

and press enter. This will show you some basic information about both the Client andServer versions of Docker that is running on this container host.

NOTE: If you don't see the server version, then the Docker daemon is not running. Tostart the Docker daemon, type or select and drag the text to the PuTTY window

systemctl start docker

and press enter.

Docker info

At the command prompt, type or select and drag the text to the PuTTY window

docker info

and press enter. This will give you all information about this container host.

HOL-1730-USE-1


Be sure to look for:

1. Operating System version of the container host2. Amount of CPU and memory resources available for the containers to use.3. Also note how many containers are running, stopped, and paused.

Docker pull

To start using Docker you will need to pull an image(s) from a private or public registry.NOTE: In this lab we do not have internet access, so we are using a private registry atharbor.corp.local/library

There are a couple of ways to do this. You can issue the "docker pull" or "docker run"command to build a container from an existing image. Both commands will check thelocal image cache to see if it exists and if not, then go out to the registry and pull thatimage to the container host cache. You can pull a different version of the same imageby specifying the version tag. If no tag is specified then "latest" is chosen by default.

To start, let's pull a nginx image from our registry. Type or select and drag the text tothe PuTTY window

docker pull harbor.corp.local/library/nginx

HOL-1730-USE-1


and press enter. This will pull the image from our private registry to the local cache.Notice that we have not yet created a container but have only pulled the image locally

so we can create containers from this or any other image stored in our local cache.

Docker run

You can also pull an image by running a container that is built from an image. If theimage is not in the local cache, then it will be pulled from the private or public registry.In our case, it will be our private registry harbor.corp.local/library. We will run a

container built on the busybox image and we will use this container to show what IPaddress it has been assigned from the docker0 bridge adapter. Type or select and dragthe text to the PuTTY window

docker run --name pull harbor.corp.local/library/busybox ip a

and press enter.

HOL-1730-USE-1


Cached Docker images

Now that we have pulled a couple of images to our local cache, let's run a command tosee them.

To display any locally cached images, type or select and drag the text to the PuTTYwindow

docker images

and press enter. These images have already been pulled from our local registry andcached on this container host.

Docker ps

A very handy command option to list containers on this host is the "ps" option. We canuse it to see if there are any stopped or running containers. Type or select and drag thetext to the PuTTY window

docker ps

and press enter. This only lists the running containers on this host.

Now type or select and drag the text to the PuTTY window

docker ps -a

and press enter. This will list both the running and stopped containers on this host.

As you can see there are no running or stopped containers, so let's create one.

HOL-1730-USE-1


Create a "Hello World" Container

To create our first container, we will use the busybox image to echo "Hello World" to ourlocal terminal.

Type or select and drag the text to the PuTTY window

docker run --name basic harbor.corp.local/library/busybox echo "Hello World"

and press enter. You should have seen "Hello World" printed in the terminal. Let's takea closer look at this command:

• run - run the container• --name - give the container a specific name. If a name is not specified, then a

random name is assigned. Container IDs are assigned randomly. It is easier towork with a container if you assign it a name.

• harbor.corp.local/library/busybox - we are using the busybox image from ourlocal cache registry. Note: if the private registry tag (harbor.corp.local/library) isnot used, Docker will try and find the image in the Docker hub registry. This willfail because there is no internet connection.

• echo "Hello World" - the command that we are executing with the busyboxcontainer.

Docker start

You can now run this container over and over again with the "docker start" command,but it will only echo Hello World. To run this container again, type or select and drag thetext to the PuTTY window

docker start -i basic

and press enter. Let's take a closer look at this command:

• start - start an existing container• -i - make the container interactive which means send the output to the terminal• basic - the name of the container we assigned at creation

HOL-1730-USE-1


Docker commit

Now that we have created a container, let's create an image from that container. To dothat we need to commit the changes of our container to our local cache as an imagecalled "helloworld". Type or select and drag the text to the PuTTY window (note thatthe '/' character may interfere with the select/drag from the manual to the PuTTYsession. If this happens, you may need to manually type the command or you can usethe SEND TEXT functionality - icon in the top left corner above the lab console - to copyand paste the text into the console)

docker commit -m "added echo command" basic harbor.corp.local/library/helloworld


• commit - commit the changes into a new image• -m - the message to put with this image• basic - the container ID from the "docker run" step• harbor.corp.local/library/helloworld - Docker tags the image name with the

local registry of harbor.corp.local/hol-1730 and gives it the name helloworld.

Now type or select and drag the text to the PuTTY window

docker images

and press enter. You will now see your new image harbor.corp.local/library/helloworld.

Test new container image

Now let's test this new image. Type or select and drag the text to the PuTTY window

docker run --name first harbor.corp.local/library/helloworld


• run - run the container

HOL-1730-USE-1


• --name - give the container a specific name. If a name is not specified then arandom name is assigned. Container IDs are assigned randomly, so it is easier towork with a contianer if you assingne it a name.

• harbor.corp.local/library/helloworld - we are using the helloworld image fromour local cache registry. Note: if the private registry tag (harbor.corp.local/library) is not used, Docker will try and find the image in the Docker hub registry.This will fail because there is no internet connection.

You should have seen Hello World echoed to the terminal

Docker push

Now let's push our new image to new private registrylibrary. Type or select and dragthe text to the PuTTY window

docker push harbor.corp.local/library/helloworld


• push - pushes the images to the registry you specified, for this labharbor.corp.local/library or to github.io by default.

• harbor.corp.local/library/helloworld - The image we are pushing to ourprivate registry. You will see that we have to specify that registry in the imagename.

HOL-1730-USE-1


Verify Image in Harbor

Select the Chrome browser from the task bar and see library/helloworld underPopular Repositories.

Docker rm

Now let's delete the containers that we created. Because we have assigned names tothese containers, this will be simple. Go back to the terminal session. Type or selectand drag the text to the PuTTY window

docker ps -a

and press enter to see the containers on this container host. Then type or select anddrag the text to the PuTTY window

docker rm basic first pull

HOL-1730-USE-1



• rm - this will remove the container(s) specified. Here we are using the names weassigned to each container.

• basic first pull - name of each container. Container IDs can be used here aswell, but names make it easier.

Docker rmi

We are going to clean up all the locally-cached images that we used for this lesson. Tosee what those images are, type or select and drag the text to the PuTTY window

docker images

Then type or select and drag the text to the PuTTY window

docker rmi harbor.corp.local/library/helloworld harbor.corp.local/library/nginxharbor.corp.local/library/busybox

and press enter. NOTE: This command could take a few seconds to complete. This is anested environment which could slightly effect performance.

Close PuTTY

To close the PuTTY session to the Dev_Desktop, type

HOL-1730-USE-1


exit

and press enter.

HOL-1730-USE-1


ConclusionIn this module you learned how to interact with a container host, by verifying the dockerdaemon is running, some basic information about the container host. You also workedwith some basic docker commands like pull, ps, run, start, commit, push, and rm.



If you are looking for additional information on Docker commands, try one of these:

• Click on this https://docs.docker.com• Or simply issue the "docker" command on a container host with no options to get

a list of commands.• For more documentation on Harbor and Lightwave, click on this link

https://vmware.github.io






HOL-1730-USE-1


https://docs.docker.comhttps://vmware.bintray.io

How to End Lab


HOL-1730-USE-1


Module 3 - Docker in theReal World (30 minutes)

HOL-1730-USE-1


IntroductionThis Module contains the following lessons:

• Run a container interactively - We will be running a NGINX container interactivelyand attaching to it with a web browser

• Run a container as a daemon - We will be running the same NGINX container inthe background

• Run a multiple container application - We will be building an NGINX containerapplication linked to a datastore container

HOL-1730-USE-1


Run a container interactivelyIn this lesson we are going to use a container to present a simple web page. To do thiswe will start an NGINX container, interact with the it, and attach to it with a web browser

NOTE: All CLI commands can be selected and dragged into the PuTTY session from themanual. If you don't want to type out the command please select the text from themanual and drag to the PuTTY window.

Open PuTTY

First we need to attach to our stand-a-lone container host, called Dev_Desktop. This isgoing to be more representative to what a developer uses today.

Double click on the PuTTY icon on the desktop of the Main Console.

HOL-1730-USE-1


Attach to the Developer Desktop VM

1. Double click on the Dev_Desktop saved session

HOL-1730-USE-1


Pull nginx from our registry

To start let's see what images we have cached on this local container host. Type orselect and drag the text to the PuTTY window

docker images

and press enter. For this lab we will need the NGINX images. If the images already existyou can skip this step. Let's pull it from our registry, type or select and drag the text tothe PuTTY window.


and press enter. NOTE: In this lab we do not have internet access, so we are using aprivate registry at harbor.corp.local/library

Start the NGINX container

Let's start a container with the nginx images and interact with the bash shell, type orselect and drag the text to the PuTTY window

docker run -it --name nginxweb -p 9000:80 harbor.corp.local/library/nginx /bin/bash


• run - run the container• -it - send the output to a terminal and make it interactive• --name - give the container a specific name. If a name is not assigned then a

random name is assigned• -p - we are mapping the host port 9000 to the internal container port 80

HOL-1730-USE-1


• nginx - we are using the nginx image from our local cache repository• /bin/bash - we are executing a shell prompt. This is how we interact with the

container.

Take note of the prompt now. You will see the container ID root@#########, thisindicates you are inside the container. Why did this happen? Because the command forthis container was to execute a bash shell. NOTE: Container IDs are randomlygenerated, so the container ID you see in your terminal session WILL be different thanthe one you see here in this step.

Container isolation

To show the power of the container isolation, type or select and drag the text to thePuTTY window

cat /etc/os-release

and press enter. As you can see, this container is based on the Debian distribution oflinux. The container host is based on VMware's Photon OS distribution.

HOL-1730-USE-1


Check the nginx daemon


service nginx status

and press enter. As you can see, the nginx daemon is not started so we need to start it.Type or select and drag the text to the PuTTY window

service nginx start

and press enter.

Open a web browser

Click on the Google Chrome icon on the Main Console desktop

HOL-1730-USE-1


Browse to the nginx default web page

In the address bar of the Chrome browser type the container host IP address followed byport 9000, http://192.168.110.81:9000 and press enter. Why port 9000? Becausethis is the port we specified when we started the container with the port option "-p9000:80".

This option is mapping the default nginx web page port of 80 to the external port wewish to use for this container, which is 9000. We had to use the IP address of thecontainer host to access the web page. The container does have an IP address, but it isassigned by the Docker daemon and lives behind the "docker0" bridge adapter. Thedocker0 bridge adapter is added when the Docker daemon was installed and started.So for external access to a container, you would use the container host ip and the port

you specify when starting the container. As you can see the networking can get verycomplex when you have multiple containers on container host.

HOL-1730-USE-1


Exit and remove the container

Switch back to the PuTTY session.

Lets stop the container, type or select and drag the text to the PuTTY window

exit

and press enter.

Lets verify the container has stopped, type or select and drag the text to the PuTTYwindow

docker ps -a

and press enter. Check under the STATUS column, you should see "Exited....".

HOL-1730-USE-1


Run a container as a daemonIn this lesson we will start an NGINX container and have it run non-interactively in thebackground.


In this step, we will start a container with the nginx image and run it as a service. Nowsome of the things to note here is that we will not be starting the nginx service becausewe are not starting the bash shell. As you saw in the previous lesson, we had to startthe nginx service. How does that work? Let's check it out.


docker run -d --name nginxdae -p 9001:80 harbor.corp.local/library/nginx

and press enter. Type or select and drag the text to the PuTTY window

docker ps -a

and press enter. This time you don't need the "-a" option because this is a runningcontainer. Note that you are back at the container host prompt and not inside thecontainer. For this container, when starting the nginx image in a container with the -doption it will start the nginx daemon for you. Lets verify this.

HOL-1730-USE-1


Browse to the nginx default web page

Go back to the web browser and

1. Open a new tab2. Type http://192.168.110.81:9001 and press enter.

Again you have to specify the port 9001, because that is the port we specified when westarted the container.

HOL-1730-USE-1


Run a multiple container applicationIn this lesson we will build a datastore container and then attach a nginx container to it.Doing this will give you the ability to dynamically change the nginx web page by

altering the index.html file on the host.

Start the datastore container

The first thing we need to do is build the datastore container. This container will serveas a pointer to a storage location on our container host. The advantage of a datastorecontainer is that you can attach multiple containers to the same container hostfilesystem location for sharing and storing data. This connection is done through the --link option you will see later in this lesson. NOTE: This is one way to make datapersistent when using containers, as containers technology continues to evolve moreoptions are becoming available.

Go back to the Dev_Desktop PuTTY session and type or select and drag the text to thePuTTY window

docker run --name datastore -v /root/scripts:/usr/share/nginx/html harbor.corp.local/library/busybox

and press enter, to start the container.


docker ps -a

and press enter, to see the status of the container. Notice it has been exited. Adatastore container does not need to be running.

Inspect the datastore container

We will now use the docker inspect command to see the details of the container in JSONformat. Type or select and drag the text to the PuTTY window

HOL-1730-USE-1


docker inspect datastore | grep -A 7 Mounts

and press enter. Here you will see the source (host) directory and the destination(container) directory listed for the datastore container.


In this step we will start the nginx container and link it to the datastore container. Bydoing this we are telling the nginx container to link the "/usr/share/nginx/html/"directory to the datastore container. Type or select and drag the text to the PuTTYwindow

docker run -d --name web01 --volumes-from datastore -p 9002:80 harbor.corp.local/library/nginx

and press enter, to start the container.


docker ps -a

and press enter, to see the status of both the nginx and datastore containers.

Inspect the NGINX container

Lets look at the mounts section of the NGINX container with the inspect command. Typeor select and drag the text to the PuTTY window

docker inspect web01 | grep -A 7 Mounts

HOL-1730-USE-1


and press enter. Here you will see the source (host) directory and the destination(container) directory listed for the datastore container. So essentially we are taking theNGINX's "/usr/share/nginx/html" directory and pointing to the host's "/root/scripts"directory but doing that through the datastore container.

HOL-1730-USE-1


Attach to the NGINX container

Go back to the web browser and

1. Open a new tab2. Type http://192.168.110.81:9002 and press enter.

Again you have to use port 9002, because that is the port we specified when we startedthe container.

As you see, the default nginx web page is not displayed. That is because we arepointing to a modified index.html file on the host in the /root/scripts directory.

Alter the NGIX configuration

Let's modify the index.html file on the container host and change the size of the imageon the webpage using the sed command. We can do this outside of the NGINXcontainer because of the way we are using the datastore container.

Go back to the PuTTY session and type or select and drag the text to the PuTTY window

sed -i s/35em/75em/g /root/scripts/index.html

HOL-1730-USE-1


and press enter.

Refresh the web page to see changes

Refresh the Chrome browser to see the web page with the new image size.

Container Status

Switch back to the PuTTY session.

We need to stop the only remaining container, nginxdae. Type or select and drag thetext to the PuTTY window

docker stop web01 nginxdae

and press enter

Lets verify that all the containers have been stopped. Type or select and drag the text tothe PuTTY window

HOL-1730-USE-1


docker ps -a

and press enter, look at the status of all the containers to see they have all "Exited".

Remove the container

Now we can remove both containers. Type or select and drag the text to the PuTTYwindow

docker rm web01 datastore nginxdae nginxweb

and press enter.

Module Cleanup

To close the PuTTY session to the Developers Desktop, type

exit

and press enter.

Close the browser.

HOL-1730-USE-1


ConclusionIn this module you learned how to run a container interactively and as a daemon. Youalso setup multiple containers and linked them together. This is only a small samplingof what you can do with containers.



If you are looking for additional information on Docker commands, try one of these:

• Click on this https://docs.docker.com• Or simply issue the "docker" command on a container host with no options to get

a list of commands.





• Module 5 - Building aa application with vSphere IntegratedContainers(30 minutes) (Advanced) How would a developer build acontainerized application within vCenter using vSphere Integrated Containers.

HOL-1730-USE-1


https://docs.docker.com

How to End Lab


HOL-1730-USE-1


Module 4 - vSphereIntegrated Containers:Best of Both Worlds (30

Minutes)

HOL-1730-USE-1


IntroductionThis Module contains the following lessons:

• Set up VMware Harbor for use with a new project and assign a user• Creating a Virtual Container Host (VCH)• Using a Virtual Container Host (VCH)

The Best of Both Worlds

What developers want --- what IT Ops needs

HOL-1730-USE-1


Creating a Virtual Container Host(VCH)In this lesson we will create a virtual container host (VCH). We will review thecommands to create a VCH and the resulting entities in vCenter.

NOTE: All text in CLI Command can be selected and dragged into the PuTTY sessionfrom the manual. If you don't want to type out the command please select the textfrom the manual and drag to the PuTTY window.

Open PuTTY

First we need to attach to the VIC Manager VM. Double click on the PuTTY icon on thedesktop of the Main Console.

HOL-1730-USE-1


Open the VIC manager VM

1. Double click on the VIC Manager saved session.

Creating a VCH

You will be automatically logged onto the console of the VIC Management VM but youwill be at the root prompt. We need to change to the VIC Admin user. Type or select anddrag the text to the PuTTY window

su - vicadmin

and press enter. Then change directory into the "vic" directory where the binaries arestored. Type or select and drag the text to the PuTTY window

cd vic

and press enter. From here we will use the "vic-machine-linux" binary to create theVCH. Type or select and drag the text to the PuTTY window

HOL-1730-USE-1


./vic-machine-linux create -t vcsa-01a.corp.local -u administrator -p VMware1! -r VIC -ids-site01-iscsi -b VM-Site01-vDS-Bridge -n VCH01 --no-tlsverify --insecure-registryharbor.corp.local

and press enter. This command will error because the vCenter thumbprint was notspecified. The easiest way to get that thumbprint is by letting this command error. Thethumbprint is shown in the error, as seen in the screen shot.

Type or select and drag the text to the PuTTY window.

./vic-machine-linux create -t vcsa-01a.corp.local -u administrator -p VMware1! -r VIC -ids-site01-iscsi -b VM-Site01-vDS-Bridge -n VCH01 --no-tlsverify --insecure-registryharbor.corp.local --thumbprint 25:CE:76:57:A1:C4:3B:56:06:68:2D:7D:9C:E1:5B:1E:E0:8E:53:74

and press enter.

VCH creation output

Let's take a look at the output of the VCH.

1. The creation script goes through a series of checks of the ESXi host firewall,license and DRS settings. For this lab we have disabled the TLS certification. Ifyou need to use a secure connection between the Docker client machine and theDocker host you will need to give the users the "VCH Name"-key.pem file for theirconnection to the Docker host. You can also turn the TLS certification generationoff by using the --no-tls command option.

2. The rest of the process is the resource pool (vSphere vApp) creation, networkingsetup, volume store setup and vCenter registration. Once that is complete, thein-memory Photon OS pulls an IP for the external facing side of the bridgedadapter. This IP address is very important for Docker client connectivity which wewill demonstrate throughout modules 4 and 5.

3. You will need to keep track of the IP address of the Docker host and the portnumber. There are usually 3 different port numbers used when connecting to theVCH. If you are using TLS certificates it assigns port 2376. Port 2375 is assigned

HOL-1730-USE-1


for no-tls. The logs and admin portal can be found at port 2378. All thisinformation is displayed here in this last section.

HOL-1730-USE-1


VCH info from Docker

To see some container base statistics about the VCH, type or select and drag the text tothe PuTTY window.

docker -H 192.168.100.xxx:2376 --tls info

and press enter. You should see this exact command in the output of both the creationand inspect command. NOTE: you will need to replace the 'xxx' with the last octet ofthe IP address assigned to your VCH in the lab.

This command gives you information about the containers on the VCH, the volumes andnetworks available to the containers running on this VCH and the total resourcesavailable to the VCH. These resources are the same as what is set on the resourcepools limits.

HOL-1730-USE-1


Open a web browser

Click on the Google Chrome icon on the Main Console desktop.

Log into vCenter

To log onto vCenter:

1. Username : Administrator2. Password : VMware1!3. Click on Login

HOL-1730-USE-1


Open Hosts and Clusters

1. Click on Hosts and Clusters

HOL-1730-USE-1


VCH in vCenter

In vCenter you see the resource pool (vSphere vApp) that is setup as the VCH. You alsosee here a VM by the same name as the resource pool (vApp). This is the in-memoryPhoton OS that is used to instant clone the containers.

1. Click on the VM Hardware drop down arrow, to see more information about thisVCH.

HOL-1730-USE-1


VCH networking

There are 2 networks defined for this VCH. When we issued the create command, weonly specified 1 network which was the mandatory bridge-network. A VCH needs anexternal network to publish the containers' network services. If an external network isnot specified, the VCH will use the default "VM Network". NOTE: if there is no "VMNetwork" defined, you will get an error and will have to define an external network whencreating a VCH.

HOL-1730-USE-1


VCH datastore

To look at the datastore files that support the VCH:

1. Click on the datastore tab2. Select the datastore "ds-site01-iscsi". You may need to open the datacenter

name "CloudNativeApps" by selecting the drop down arrow at the left.3. Select the Manage tab4. Select the Files menu choice5. Find and click on the VCH01 folder in the datastore.

Here you can see the files that make up the VCH. You see the 2 ISO image files whichare used to boot the container VM. NOTE: You may need to expand the Name colom tosee these Image files.

HOL-1730-USE-1


Using a Virtual Container Host (VCH)In this lesson we will be creating a couple of VCHs to show some of the network anddatastore options that you can use.

List the VCHs in your Cluster

To list the VCHs in your cluster, type or select and drag the text to the PuTTY window

./vic-machine-linux ls -t vcsa-01a.corp.local -u administrator -p VMware1! -r VIC --thumbprint25:CE:76:57:A1:C4:3B:56:06:68:2D:7D:9C:E1:5B:1E:E0:8E:53:74

and press enter.

Inspect the VCH

You can find out basic connectivity and log server information about a VCH by using theinspect command. This is useful information to give to the developers that need to usethe VCH for their application development.

From the vicMgr PuTTY session, type or select and drag the text to the PuTTY window

./vic-machine-linux inspect -t vcsa-01a.corp.local -u administrator -p VMware1! -r VIC--thumbprint 25:CE:76:57:A1:C4:3B:56:06:68:2D:7D:9C:E1:5B:1E:E0:8E:53:74 -n VCH01

and press enter. NOTE: The IP address you see here may be different than what is inyour lab. Please record the IP address from your lab.

HOL-1730-USE-1


Open PuTTY

From the current PuTTY window

1. Click on the PuTTY icon2. Select New Session

HOL-1730-USE-1


Open the Docker Client VM

Double click the Docker_client saved session. We will be using this PuTTY session tosimulate the environment of a developer's desktop.

HOL-1730-USE-1


Attach the Docker Client VM to the VCH

To attach the Docker Client VM to the VCH, you will need the VCH ip address and portnumber. This was given to you either by the create command or inspect commandoutput.

Do not select and drag this command, type

export DOCKER_HOST=tcp://192.168.100.xxx:2376

and press enter. NOTE: Be sure to have the _ in DOCKER_HOST. The DOCKER_HOST IPaddress used in this manual may be different then your lab. Please use your lab IPaddress.

Create a container

To create this container we will use the run command to pull the image from our Dockerregistry, harbor.corp.local. Type or select and drag the text to the PuTTY window

docker --tls run -it --name plain harbor.corp.local/library/busybox

and press enter.

HOL-1730-USE-1


Open Hosts and Clusters in the vSphere Web Client


HOL-1730-USE-1


Container in vCenter

First take note that the name we gave the container, plain, has been appended to thecontainer ID. Expand Related Objects with the drop down arrow. Notice this VCH isconnected to the default bridged network. Because the container was created without anetworking option, it will use the default bridged network. This is the default behavior ofa container.

Verify Container IP address

Go back to the Docker_client PuTTY session. Type or select and drag the text to thePuTTY window

HOL-1730-USE-1


ip a

and press enter. Notice that from within the container, the IP address is from the fromthe bridge adapter, which would be a 172.16.0.0/16 address.

Type or select and drag the text to the PuTTY windows

exit

and press enter.

Delete the VCH

Switch to the vicMgr PuTTY session. To delete the VCH type or select and drag the textto the PuTTY window

./vic-machine-linux delete -t vcsa-01a.corp.local -u administrator -p VMware1! -r VIC--thumbprint 25:CE:76:57:A1:C4:3B:56:06:68:2D:7D:9C:E1:5B:1E:E0:8E:53:74 -n VCH01

and press enter.

Clean Up : Close the PuTTY sessions for both vicMgr and Docker_client VMs and closethe browser.

HOL-1730-USE-1


ConclusionIn this module you setup VMware Harbor for use with a user and assigned specific RBACand then created a Virtual Container Host (VCH). You were able to see it in vCenter aswell as through a Docker command. You were also able to pull a Docker image andcreate a container. You will able to change the power state of that container from withinvCenter. VIC gives the developers the same Docker look and feel they are used to andthe VMware administrators a way to manage containers because they are VMs.



If you are looking for additional information on vSphere Integrated Containers, try one ofthese:

• Click on this http://vmware.github.io/vic/

Proceed to any module below which interests you most. [Add any custom/optionalinformation for your lab manual.]





HOL-1730-USE-1


http://vmware.github.io/vic/

How to End Lab


HOL-1730-USE-1


Module 5 - Building anApplication with vSphereIntegrated Containers (30

Minutes)

HOL-1730-USE-1


IntroductionThis module contains the following lesson:

• Creating a simple NGINX app with VIC

HOL-1730-USE-1


Creating a simple NGINX app with VICIn this lesson you will create 2 virtual container hosts (VCH). 1 VCH with have apersistent volume that we will use to customize and store the NGINX webpage. And theother VCH will have a external IP address so we can display the customized NGINXwebpage on a corporate IP address and not hidden behind the docker0 bridge adapter.

NOTE: All text in the CLI Commands can be selected and dragged into the PuTTYsession from the manual. If you don't want to type out the command please select thetext from the manual and drag to the PuTTY window.

Open PuTTY

First we need to attach to the VIC Manager VM. Double click on the PuTTY icon on thedesktop of the Main Console.

HOL-1730-USE-1


Open the VIC Manager VM

1. Double click on the VIC Manager saved session.

Create a VCH Using Volume Stores

The first VCH we are creating in this lesson will be used to customize the index.html fileof an NGINX webpage and copy it to an external volume stored on one of the vSpheredatastores.

At the command prompt, log in as the VIC admin user. Type or select and drag the textto the PuTTY window.

su - vicadmin

Then change directory to the VIC folder

cd vic

Create the VIC engine

HOL-1730-USE-1


./vic-machine-linux create -t vcsa-01a.corp.local -u administrator -p VMware1! -r VIC --pnVM-Site01-vDS-External -b VM-Site01-vDS-Bridge -b ds-site01-iscsi --vs ds-site01-iscsi/HOL1730DockerVols:dVols --insecure-registry harbor.corp.local --no-tls --thumbprint25:CE:76:57:A1:C4:3B:56:06:68:2D:7D:9C:E1:5B:1E:E0:8E:53:74-n VCH-dev

and press enter. Please record the IP address listed here. NOTE: The IP address in thisscreen shot may be different then what you see in your lab. We have also disabled thesecurity (--no-tls) for this lab to make things a little easier.

HOL-1730-USE-1


Open PuTTY

From the current PuTTY window

1. Click on the PuTTY icon2. Select New Session

HOL-1730-USE-1


Open the Docker Client VM

Double click the Docker_client saved session. We will be using this PuTTY session tosimulate the environment of a developers desktop.

HOL-1730-USE-1


Attach the Docker Client VM to VCH-dev

To attach the Docker_client VM to the VCH, you will need the VCH ip address and portnumber recorded earlier in this lesson. Type


and press Enter. NOTE: Be sure to have the _ between DOCKER_HOST. You will needto replace 'xxx' with the last octet of your IP address noted above.


docker info

and press enter. Verify that the VCH Name and VolumeStores match the labels used inthe creation command line.

HOL-1730-USE-1


Create a Volume in the Volume Store

We need to create a volume for the containers to use from the volume store we setupwith on the container host VCH-dev

docker volume create --opt VolumeStore=dVols --name nHTML

and press enter

List the Container Volumes

We can now list the volumes for the containers to use. This volume will be available toall the VCHs that attach to this datastore/volume store.


docker volume ls

and press enter.

HOL-1730-USE-1


Pull NGINX image from the registry

To create a container, we first need to pull an image file down from our Docker registry.NOTE: This lab does not have access to the internet so we will be using a private

registry harbor.corp.local/library.

To pull the NGINX image from our registry, type or select and drag the text to the PuTTYwindow


and press enter.

Run a NGINX Container

Now we can create/run a container from the NGINX image we just pulled down.


docker run -it --name devWeb -v nHTML:/scripts -p 80:80 harbor.corp.local/library/nginx /bin/bash

and press Enter. NOTE: Because this is running in a nested environment the containercreation can take a couple of seconds to complete. Also you may have to press enteragain to get the bash shell prompt.

NOTE: If you are not at the root@#######:/# prompt, type or select and drag thetext to the PuTTY window

docker attach devWeb

and press enter

mount

HOL-1730-USE-1


and press enter. Here we see that this container has another drive mounted to themount point /scripts.

Customize NGINX and Make the Data Persistent

In this step we will customize the default NGINX web page and copy it to the volumestore we created with this VCH. Type or select and drag each of the command lines tothe PuTTY window one at a time. Be sure to press enter after each line.

sed -i s/"Welcome to nginx"/"Welcome to HOL-1730-USE-1"/g /usr/share/nginx/html/index.html

sed -i s/"using nginx"/"using HOL-1730-USE-1"/g /usr/share/nginx/html/index.html

These 2 sed commands replace the word NGINX with HOL-1730-USE-1 on the defaultweb page.

cp /usr/share/nginx/html/* /scripts/

This command copies the alternate index.html to the volume store so we can use it withanother VCH.

ls /scripts/

Verify that at least the 50x.html and index.html files are in the /scripts/ folder.

exit

HOL-1730-USE-1


This command will exit you from the running container. It is important to note that wecopied the index.html file to the /scripts/ folder to store it safely on our persistentstorage. By default containers do not preserve any data unless pushed to someexternal data or a new image is created from the original container.

HOL-1730-USE-1


Create a VCH Using a Container Network

Now we must create a VCH that is attached to the corporate network, ie..containernetwork, and the same volume store as the previous VCH. Go back to the vicMgr PuTTYsession and type or select and drag the text to the PuTTY window. Note that sometimesthe '/' character does not work well with the select/drag functionality between the labmanual and the lab console. If the command does not copy completely to the labconsole, use Ctrl-C to cancel the command then copy the command from the manualand use the SEND TEXT function just above the lab console window to paste in thecommand.

./vic-machine-linux create -t vcsa-01a.corp.local -u administrator -p VMware1! -r VIC -pnVM-Site01-vDS-External -b VM-Site01-vDS-Bridge -i ds-site01-iscsi --vs ds-site01-iscsi/HOL1730DockerVols:dVols --insecure-registry harbor.corp.local --no-tls --thumbprint25:CE:76:57:A1:C4:3B:56:06:68:2D:7D:9C:E1:5B:1E:E0:8E:53:74 -n VCH-prod

and press enter. Take note of the IP address for the DOCKER_HOST. This IP may bedifferent in your lab. Please record this IP address as we will use it in a couple of steps.

Attach the Docker Client VM to VCH-prod

Go back to the Docker_client PuTTY session. Verify that you can see the volume(dVols) and network (cNet) drivers when we created VCH-prod.

HOL-1730-USE-1


Do not cut and paste, type


and press enter. NOTE: Be sure to have the _ in DOCKER_HOST. Be sure to use theVCH-prod IP address and port number recorded in the previous step.


docker info

and press enter.

List the Container Volumes

Again let's verify that the container volume can be seen from this VCH. Type or selectand drag the text to the PuTTY window

HOL-1730-USE-1


docker volume ls

and press enter.

Pull the NGINX image from the registry

We must pull the NGINX container image from our private registry again. Type or selectand drag the text to the PuTTY window


and press enter.

Run the NGINX container with external networkattachment

We will now run another NGINX container on the new VCH (VCH-prod). Type or selectand drag the text to the PuTTY window

docker run -d --name prodWeb -v nHTML:/usr/share/nginx/html -p 80:80 harbor.corp.local/library/nginx

and press enter. Notice that we specified the container network (cNet) that we definedwhen creating VCH-prod. Also notice that we did not define a port. This is because wewill be using an IP address assigned by the corporate DHCP server.

HOL-1730-USE-1


Open a web browser

Click on the Google Chrome icon on the Main Console desktop

Log into vCenter

To log onto vCenter:

1. Username : Administrator2. Password : VMware1!3. Click on Login

HOL-1730-USE-1


Open Hosts and Clusters


HOL-1730-USE-1


Our VCHs in vCenter - Networking

Take note of the 2 VCHs we created. Both are resource pools (vSphere vApps) under theVIC cluster. The container we used to modify the NGINX config (index.html) is in theVCH-dev host but we are now using it in the VCH-prod host because we are using theshared volume between the 2 VCHs You will see the web page in a couple of steps. Wehave also included the names of the containers that were assigned during creation. Thiswill give you the ability to use dynamic groups for security policies. Notice the IPaddress for the VCH-Prod container host. We will use this IP address to see our NGINXweb page changes. NOTE: the IP address list here may be different that in your lab.

Our VCHs in vCenter - Volume Stores

The Volume Store that we defined is actually a VMDK. Let's take a look:

1. Click on the datastore tab2. Click on the manage tab

HOL-1730-USE-1


3. Click on files4. Open the datastore drop down and find HOL1730DockerVols5. Expand down until you find the nHTML, which is the container volume we saw in

our volume list.

HOL-1730-USE-1


Open the NGINX web page

To see our customized NGINX web page:

1. Click on the new tab button2. Type the IP address you recorded in a previous step in the address bar. Use this

format http://192.168.100.xxx and press enter. NOTE: your IP address maybe different

Take note that this is the customized NGINX webpage that we modified earlier.

Installing Admiral

In this step we will install Admiral from the container image we have pre-staged in ourHarbor registry. NOTE: Because this lab is not connected to the internet we will not beable to pull down the latest version of Admiral.

Open a putty connection to the Dev_Desktop vm and type or select and drag the text tothe PuTTY window

docker run -d -p 8282:8282 --name Admiral harbor.corp.local/library/admiral

and press enter. Because the Admiral container images is not in the local cache on thisVCH, this command will pull it local and run it all in one step.

To see the docker running, type or select and drag the text to the PuTTY window

docker ps

and press enter.

HOL-1730-USE-1



exit

and press enter, to close this PuTTY windows.

Login to the Admiral Management Portal

Return to the browser window

1. Open a new tab2. Enter http://192.168.110.81:8282 in the address bar, and press enter.

Add our VCH

To start managing our newly created VCH:

HOL-1730-USE-1


http://192.168.110.81:8282

Click on Add a Host

1. Type in the VCH URL: https://192.168.100.xxx:2375. NOTE: This IP address is ofthe VCH-prod container engine. To find that IP address, select the VCH-prod VMin vCenter.

2. Select the Placement zone. We need to define the placement zone, which is theresource pool where the VCH is defined. For this lab it is VCH-prod.

3. Click on New Placement Zone

Add a Placement Zone

1. Resource Name: VCH-prod2. Click on the check mark

HOL-1730-USE-1


https://192.168.100.xxx:2376.https://192.168.100.xxx:2376.https://192.168.100.xxx:2376.

Our Container Host (VCH)

We have added the VCH to Admiral. We can now take a look

Documents

Table of Contents - VMware · • vSphere Integrated Containers- Run containers alongside existing workloads in vSphere vSphere Integrated Containers Engine (VIC) vSphere Integrated