With the release of vRealize Automation 7.2 we were introduced to the new Container Management Feature. Part of the functionality that comes with this feature is the ability to deploy new container hosts from a blueprint.
In this post I will cover how to prepare a Photon OS Container Host which can be deployed as a vRealize Automation Blueprint that automatically registers with Admiral on deployment.
Downloading Photon OS
Photon OS is a minimal Linux Container Host optimised to run on VMware platforms. It is available from the VMware Github page as an Open Source project. You can download it from here; https://vmware.github.io/photon/
From here I downloaded the .ova version
I then imported the .ova file into vSphere using vCenter and started the VM.
Configuring Photon OS
In order to utilise Photon OS as a Container Host Blueprint we will first make some configuration changes to start the Docker Engine and allow access via the remote API.
Setting the Password
Connect to the Photon OS VM using the Remote Console in vSphere. Login with the username root and the default password “changeme”
The password for the root account must be changed upon initial login. For security, Photon OS forbids common dictionary words for the root password.
Enabling the Docker Remote API
As you will want to deploy containers remotely using vRealize Automation you will need to enable the Docker Remote API. Run the following command to edit /etc/default/docker using vi
Add the following line to the file, if you’re not a fan of vi or just not overly familiar with it. Press I on the keyboard then enter the following;
DOCKER_OPTS="-H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock"
When done editing press the ESC key then hold Shift and press the Z key twice
You can specify a different port number, however the one shown; 2376 is the default port set in the custom properties of the Sample Blueprint. These port numbers need to match so that the host can be registered and monitored by Admiral. If you use something other than port 2376 then you will need to update the custom properties in the blueprint later.
Updating IP Tables Rules
You will need to update the IP Table rules to allow access to this port. Edit the file /etc/systemd/scripts/iptables by typing;
and add the following line after the line iptables -A INPUT -p tcp –dport 22 -j ACCEPT;
iptables -A INPUT -p tcp --dport 2376 -j ACCEPT
Again the ports should match.
Run the following command
systemctl restart iptables
Initialise the Docker engine;
systemctl start docker
To ensure that the docker service starts on each reboot, run the following command;
systemctl enable docker
You can now logout and close the Remote Console.
Preparing the VM for use as a Blueprint
Shut down the Photon OS VM and convert it to a template.
You will also need to create a Customisation Spec for the VM Template, the values I used can be viewed in the image below;
Creating the Blueprint
So now we have a Photon OS VM template prepared with the Docker engine and the Remote API enabled, we have also opened the firewall to allow traffic to the port we defined for the remote API access.
To create our Blueprint based on this VM template, Login to vRealize Automation and go to the Design tab.
Here you will see that VMware have kindly provided us with some Sample Blueprints, these are great as they already contain the required Custom Properties to allow for automatic registration of the Container Host in Admiral ready for Container deployment.
Do Not Try to Edit the Existing Sample Blueprints as all changes are reverted back following a reboot of the vRA Appliance.
Select the Docker – PhotonOS Blueprint and click Copy, update the Name and Description before clicking OK
You will want to define a network for the Container Host, Drag and Drop a Network Component onto the Canvas. In my example I am using the Existing Network Component and connecting to my default network. This could be a standard dvSwitch, Existing NSX Logical Switch, NSX On-Demand Routed or NAT’d network.
Now select the vSphere Machine Object on the canvas and navigate to the Build Information tab. In the Clone from: field select your previously created vSphere Template and enter the name of your Customisation Spec in the Customisation Spec Field.
Click the Network tab to connect the Container Host to the network you created earlier;
Let’s now take a look at the Custom Properties that register this Host within Admiral. Select the Properties Tab.
Here you will see the following properties;
- Container.Connection.Port – The value set here should match the port you defined for the Docker Remote API connection within your image.
- Container.Connection.Scheme – As I did not define a secure connection for the Docker Remote API, I have changed this value from https to http. I do not recommend doing this in a Production environment.
It is important to add the following custom properties to ensure correct host registration and disposal from Admiral, without them destroying the deployment does not correctly cleanup the Admiral registration.
- Extensibility.Lifecycle.Properties.VMPSMasterWorkflow32.MachineActivated – Set the value to Container
- Extensibility.Lifecycle.Properties.VMPSMasterWorkflow32.Disposing – Set the value to Container
Click Finish to Save your Blueprint.
Deploying the Container Host Blueprint
The Blueprint is can now be published and added to the Catalog, ready for deployment.
View the Registered Container Host in Admiral
Following deployment of the Container Host Blueprint, you can view and manage the Container Host VM in Admiral. The custom properties within the Blueprint allow for automatic registration of the deployed Container Host within Admiral.
To view your Container Host in Admiral, click the Containers tab in vRealize Automation and select the Hosts section. Your deployed Container Host Blueprint will appear here automatically.
You should now have a functioning Container Host Blueprint using Photon OS which is ready for Container Deployment. Be sure to come back for further posts on Container Management using vRealize Automation.