How to run Containers as a Service – Part 2
In ‘How to run Containers as a Service – Part 1‘ I talked about how easy it is to run containers in a development environment and the difficulty of moving containers into production. In this post I will show you how to run Containers as a Service by building a container host on VMware’s Photon OS and how to deploy and manage container hosts including multi-container applications in production using VMware vRealize Automation 7.2
This will be a long article, so I split it up into three pieces:
- Create a PhotonOS container host template.
- Create and deploy a container host blueprint and configure container placement.
- Create and deploy a multi-container application blueprint.
Note: VMware vRealize Automation version 7.2 including some basic administration skills are required for the second and third part of the post!
Prepare Photon OS and create a vSphere template
To run containers as a service first we need to setup the Photon OS correctly and create a vSphere template to use in our later steps.
Download the latest Photon OS OVA from Github here.
Import and deploy the OVA, start up Photon OS and open the remote console. Login with root/changeme and change your password.
If you don’t have DHCP in your environment, you need to configure the IP address for the Photon OS machine. Do this by edit the network file under /etc/systemd/network. Change the file name from dhcp to static.
mv /etc/systemd/network/10-dhcp-eth0.network /etc/systemd/network/10-static-eth0.network
Input the following attributes and save it.
Restart the network service.
systemctl restart systemd-networkd.service
systemctl enable sshd
systemctl start sshd
Update all software packages on Photon OS.
tdnf distro-sync –y
Reboot and login to Photon OS with SSH for further configuration.
Configure (insecure) Docker remote access.
systemctl stop docker
Add the following line to the Docker file and save it.
DOCKER_OPTS="-H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock"
Open (insecure) Docker port in the firewall.
Add the following lines at the end of the iptables file and save it.
#Enable insecure docker connections
iptables -A INPUT -p tcp --dport 2375 -j ACCEPT
systemctl restart iptables
Remove Docker ID to start with a clean system and start the Docker engine.
rm -f /etc/docker/key.json
systemctl enable docker
systemctl start docker
Install Docker Volume Service for vSphere. This enables you to address persistent storage requirements for Docker containers in vSphere environments and be able to consume vSphere Storage (vSAN, VMFS, NFS) to stateful containers.
Download the Docker Volume Driver (rpm) here and upload the latest release to the tmp directory on your Photon OS instance. Use the rpm command to install the volume driver.
systemctl stop docker
rpm -ivh docker-volume-vsphere-x.xx.x.xxxxxxx-x.x86_64.rpm
systemctl restart docker-volume-vsphere
systemctl start docker
To use Docker Volume Driver, ESXi has to be enabled and installation of a VIB is needed. Get it here and upload the latest release to the tmp directory on your ESXi host(s). Use the esxcli software command to install the VIB.
esxcli software vib install --no-sig-check -v /tmp/vmware-esx-vmdkops-x.xx.x.xxxxxxx-x.vib
Shutdown the Photon OS machine and convert it to a vSphere template.
Create a container host Blueprint and configure Container Placement
Now that we have a PhotonOS template to run containers as a service we need to configure the host blueprint and the container placement as follows.
Login to the vRealize Automation console with a user having the appropriate rights.
Create a custom Property Group for your Photon OS container host. The group properties are used during deployment or disposing, to automatically (de-)register a container host under vRealize Automation container management.
The easiest way is to go to Administration, Property Dictionary, Property Groups, create a copy of “Container host properties with user/password authentication” and change the following properties.
- Container.Auth.User = root
- Container.Auth.Password = <your Photon OS root password>
- Container.Connection.Port = 2375
- Container.Connection.Scheme = http
Give your new Photon OS Property Group a name and save it.
Go to Design, Blueprints, and create a new blueprint using your Photon OS template. The attached network can have DHCP or using fixed IP addresses. In my case, I use the IPAM functionality in vRealize Automation to reserve and give the new container host a fixed IP address using a Network Profile. Also use a machine prefix to easy recognise your deployed container host(s). And use the ability to deploy multiple Photon OS instances during request and to easily scale up and scale down afterwards.
Save and publish your blueprint, add it to your Catalog and entitle it for a specific Business Group.
Go to your Service Catalog, request and deploy multiple container hosts using your blueprint.
Once your container hosts are deployed successfully, configure Container Placement and edit your container hosts.
First go to the Containers tab and hit Enter.
Under Hosts you should see your newly deployed container hosts.
Select Placements and create two Placement Zones. In my case, one for the Development team and one for the Operations team.
Then go back to Hosts and edit your container hosts. Assign the new Placement zones and add a tag.
Verify and update your hosts.
Go back to Placements and create two Placements. In my case, one for the Development team and one for the Operations team.
Use the created Placement zones and available Business Groups for the Development and Operations team. Optional, you can limit container instances, CPU and memory utilization.
Now you’re ready to deploy containers!
Under the Containers tab, go to Templates, select a container template, select a Business Group and provision it.
After provisioning, go to Resources, Containers and select the provisioned container application. In my case, NGINX.
Notice that because we selected the Operations Business Group, the container is placed in the Operations Placement Zone and therefore runs on the container host related to this zone. In my case, container host vch-002.
Select container details and click on the http link to confirm NGINX is working.
Create a container Application Blueprint to run containers as a service
Now that we have configured the host blueprint and container placement we need to build the actual IT service which enables our users to run containers as a service.
Go to Design, Blueprints and create a WordPress blueprint consisting of two container instances connected together via a container network. Also add a dependency between the second and the first container.
Select the first (database) container. Name it mariadb and search for the official mariadb image available in the Docker Hub registry.
Under the Network tab add your container network and publish all ports.
Under the Environment tab add the variables available for this image to configure the WordPress database.
Go back to the blueprint and select the second (webserver) container. Name it wordpress and search for the official wordpress image available in the Docker Hub registry.
Under the Network tab add your container network, add a Port Binding between Container port 80 and Host port 86 and publish all ports.
Under the Environment tab add the variables available for this image to configure the WordPress webserver. Use Binding to select the mariadb container as your WordPress database host.
Save your blueprint, publish it and add it to your catalog.
Go to Administration, Catalog, Entitlements and create/use a entitlement for the same Business Group as in your container Placement. In my case, the Development team.
Add the WordPress blueprint to the Entitled Items and save the entitlement.
Go to the Service Catalog and request the WordPress application.
After successful deployment go to the Containers tab, Resources, Applications and select WordPress. This will show the containers and container network associated with the WordPress application.
Notice that because I entitled the WordPress blueprint to the Development Business Group, the containers are placed in the Development Placement Zone and therefore runs on the container host related to this zone. In my case, container host vch-001.
Go back to Containers, select the WordPress container and show details.
Click on the http link to confirm WordPress is working and you can publish a website.
This is how easy it is! Using VMware Photon OS, or vSphere Integrated Containers which is also supported, together with vRealize Automation is a great combination to run Containers as a Service in a production environment.
Other articles in the series vRealize Automation:
- Infoblox & vRealize Automation, Setup IPAM endpoint
- Infoblox & vRealize Automation, Install Infoblox IPAM plugin
- Setup provisioning of vCloud Air workloads
- Setup a vCloud Air Endpoint in vRealize Automation
- Setup Postgres database high availability for vRealize Automation
- Setup vRealize Automation Cost profiles & currency
- Speed up vRealize Automation life cycle updates
- Configure vRealize Automation not to delete virtual machines
- Track infrastructure changes with vRealize Automation Data Collection
- MS SQL high availability support for vRealize Automation
- Setup the vRealize Automation prerequisites for IaaS
- vRealize Automation: How to …
- Downgrade the vRealize Automation license
- vRealize Automation 7 – New Architecture & Installation
- vRealize Automation 7 – Improved Authentication
- vRealize Automation 7 – Converged Blueprints
- vRealize Automation 7 – LifeCycle Extensibility
- How to transfer vRealize Automation payload to Orchestrator
- Automation is not difficult with vRealize Automation 7
- vRA custom host name using Orchestrator and Event Broker
- How to deliver Database-as-a-Service with vRealize Automation
- Prepare Windows for vRA software deployment
- Missing endpoints after upgrading to vRealize Automation 7.3
- How to run Containers as a Service – Part 1
- How to run Containers as a Service – Part 2
- Infoblox & vRealize Automation, IP Address Management (IPAM) made easy
- How to run Containers as a Service – Secure Docker communications
- Create a new database user using vRealize Automation XaaS
- Infoblox & vRealize Automation, Infoblox NIOS setup
- Infoblox & vRealize Automation, vRA setup
- vRealize Automation failed requests monitoring
- vRealize Automation 7.2 released
- How to specify a deployment target when using vRealize Automation
- vRealize Suite just became a lot easier with Lifecycle Manager
- VMworld 2015: VMware launches vSphere Integrated Containers by Erik Scholten
- Introducing vmwareapis.com: a Hosted Project Platypus by Martijn Smit
- Secure Cloud Native Applications with Lightwave by Erik Scholten
- Cloud Native Applications powered by Photon by Erik Scholten
- Containers Containers Containers even in 2017? by Alex Muetstege
Dimitri de Swart
Dimitri is an IT professional with more than 16 years of experience. He now works for VMware as a Cloud Management Specialist SE but started out as a Telecom Engineer and progressed to a experienced and skilled Pre-sales Consultant/Solution Architect with broad and in-depth knowledge of SDDC solutions, Private-, Public- and Hybrid Cloud. Dimitri is VMware VSP, VTSP, VCP and VCAP certified.