-
Table of ContentsLab Overview - HOL-SDC-1630 - Cloud Native Apps
......................................................... 2
Lab Guidance
..........................................................................................................
3Module 1 - Introduction to Microservices
..........................................................................
5
What's this 3rd Platform Thing?
..............................................................................
6Introduction to Containers
....................................................................................
19Introduction to
Kubernetes....................................................................................
25
Module 2 - Introducing Cloud-Native Apps
......................................................................
27Introduction - Photon OS and Lightwave with AppCatalyst
...................................28Installation - Photon OS and
Lightwave with AppCatalyst
.....................................33Working with Lightwave
........................................................................................
34
Module 3 - Getting started with Cloud-Native Apps
........................................................ 45From
Zero to Docker in 90 seconds!
.....................................................................
46Working with Photon
OS........................................................................................
47Working with Docker
.............................................................................................
53
Module 4 - vSphere Integrated Containers
.....................................................................
64Module Overview
..................................................................................................
65Deploying vSphere Integrated Containers
............................................................
66vSphere Integrated Containers Introduction
......................................................... 67vSphere
Integrated Containers Management Appliance
.......................................72Managing vSphere
Integrated
Containers.............................................................
89
Module 5 - Managing and Monitoring
Containers............................................................
95vRealize Operations - Monitoring Containers
........................................................ 96vRealize
Log Insight - Monitoring Containers
...................................................... 110
HOL-SDC-1630
Page 1HOL-SDC-1630
-
Lab Overview - HOL-SDC-1630 - Cloud Native
Apps
HOL-SDC-1630
Page 2HOL-SDC-1630
-
Lab GuidanceDevOps, Containers, Docker, Mesos, Kubernetes,
microservices, 12-factor applications,3rd platform, oh my! Modern
application architecture and lifecycle is changing fast andthat
means even more demands on IT. While some have argued that this
newapplication approach calls for a whole new infrastructure, you
will learn how to addressthese new business-driven demands head on,
leveraging your existing investment whilestill delivering the
highest SLAs – performance, availability, security, compliance,
anddisaster recovery. You will discover how the emerging 3rd
Platform Application stack notonly fits into your existing SDDC
infrastructure investments but is actually the bestplace to run
containers and emerging 3rd platform applications.
Lab Module List:
• Module 1 - Introduction to Microservices (30 minutes)• Module
2 - Introduction to Cloud-Native Apps (15 minutes)• Module 3 -
Getting started with Cloud-Native Apps (30 minutes)• Module 4 -
vSphere Integrated Containers (30 minutes)• Module 5 - Managing and
Monitoring Containers (45 minutes)
Lab Captains: Randy Carson, Pontus Rydin and Michael West
This lab manual can be downloaded from the Hands-on Labs
Document site found here:
http://docs.hol.pub/catalog/
This lab may be available in other languages. To set your
language preference and havea localized manual deployed with your
lab, you may utilize this document to help guideyou through the
process:
http://docs.hol.vmware.com/announcements/nee-default-language.pdf
Activation Prompt or Watermark
When you first start your lab, you may notice a watermark on the
desktop indicatingthat Windows is not activated. One of the major
benefits of virtualization is that virtualmachines can be moved and
run on any platform. The Hands-on Labs utilizes thisbenefit and we
are able to run the labs out of multiple datacenters. However,
thesedatacenters may not have identical processors, which triggers
a Microsoft activationcheck through the Internet.Rest assured,
VMware and the Hands-on Labs are in fullcompliance with Microsoft
licensing requirements. The lab that you are using is a
self-contained pod and does not have full access to the Internet,
which is required forWindows to verify the activation. Without full
access to the Internet, this automatedprocess fails and you see
this watermark.This cosmetic issue has no effect on your lab.If you
have any questions or concerns, please feel free to use the support
madeavailable to you either at VMworld in the Hands-on Labs area,
in your Expert-led
HOL-SDC-1630
Page 3HOL-SDC-1630
http://docs.hol.pub/catalog/http://docs.hol.vmware.com/announcements/nee-default-language.pdfhttp://docs.hol.vmware.com/announcements/nee-default-language.pdf
-
Workshop, or online via the survey comments as we are always
looking for ways toimprove your hands on lab experience.
HOL-SDC-1630
Page 4HOL-SDC-1630
-
Module 1 - Introduction toMicroservices
HOL-SDC-1630
Page 5HOL-SDC-1630
-
What's this 3rd Platform Thing?WARNING - this section is all
reading! There are no lab components! If you want to getright to
the keyboard, you can skip this Module, but you'll miss some
glorious andfascinating sentences. Everyone good? Okay, let's
go!
3rd Platform! Microservices! What the heck are they? Put simply,
the 3rd platform is thisis a new paradigm for architecting
applications to operate in a distributed fashion. Whilethe 1st
platform was designed around mainframes and the 2nd platform was
designedaround client-server, the 3rd platform is designed around
the cloud. In other words,applications are designed and built to
live in the cloud. We can effectively think of thisas pushing many
of the core infrastructure concepts (like availability and scale)
into thearchitecture of the application itself with containers
being a large part of this; they canbe thought of as lightweight
runtimes for these applications. With proper
applicationarchitecture and a rock solid foundation either
on-premise or in the cloud, applicationscan scale on demand, new
versions can be pushed quickly, components can be rebuiltand
replaced easily, as well as many other benefits discussed
below.
Does this mean you should immediately move all of your
applications to this model? Notso fast! While 3rd Platform
architectures are exciting and extremely useful, they will notbe
the answer for everyone. A thorough understanding of the benefits
and, moreimportantly the complexities in this new world are
extraordinarily important. VMware'sCloud-Native Apps group is
dedicated to ensuring our customers are well informed inthis space
and can adopt this technology confidently and securely when the
time isright.
HOL-SDC-1630
Page 6HOL-SDC-1630
-
Application Development and Delivery
If we look at the Outcomes Delivered from a new model of IT,
Businesses are increasingtheir focus on App and Infrastructure
Delivery Automation throughout thedatacenter.
App and Infrastructure Delivery Automation
IT is making strides to provide the ability to enable faster
delivery of application and ITServices leveraging capabilities
derived from automated infrastructure and
applicationprovisioning.
HOL-SDC-1630
Page 7HOL-SDC-1630
-
New Business Imperative
Competitive businesses are delivering new applications to market
in increasingly fastercycles, ushering in technologies like Linux
containers and microservices. Next-generation applications are
being built on infrastructure assumed to be dynamic andelastic. To
keep our customers agile, our Cloud-Native Apps group builds
infrastructuretechnologies to open, common standards that preserve
security, performance, andease-of-use, from developer desktop to
the production stack.
HOL-SDC-1630
Page 8HOL-SDC-1630
-
Moving Faster Requires Design and Culture Changes
To move faster, businesses implement a variety of cultural,
design, and engineeringchanges. At VMware, we are striving to make
the Developer a first class citizen of theData Center and help
align them with IT's journey to achieve streamlined App
andInfrastructure Delivery Automation.
HOL-SDC-1630
Page 9HOL-SDC-1630
-
History of Platforms
1st Platform systems were based around mainframes and
traditional servers withoutvirtualization. Consolidation was a
serious issue and it was normal to run one applicationper physical
server.
2nd Platform architectures have been the standard mode for quite
a while. This is thetraditional Client/Server/Database model with
which you are likely very familiar,leveraging the virtualization of
x86 hardware to increase consolidation ratios, add highavailability
and extremely flexible and powerful management of workloads.
3rd Platform moves up the stack, standardizing on Linux
Operating Systems primarily,which allows developers to focus on the
application exclusively. Portability, scalabilityand highly dynamic
environments are valued highly in this space. We will focus on
thisfor the rest of the module.
3rd Platform - Microservice Architecture
Microservices are growing in popularity, due in no small part to
companies like Netflixand Paypal that have embraced this relatively
new model. When we considermicroservices, we need to understand
both the benefits and the limitations inherent inthe model, as well
as ensure we fully understand the business drivers.
At its heart, microservice architecture is about doing one thing
and doing it well. Eachmicroservice has one job. This is clearly in
stark contrast to the monolithic applicationsmany of us are used
to; using microservices, we can update components of theapplication
quickly without forcing a full recompile of the entire application.
But it is nota "free ride" - this model poses new challenges to
application developers and operationsteams as many assumptions no
longer hold true.
HOL-SDC-1630
Page 10HOL-SDC-1630
-
The recent rise of containerization has directly contributed to
the uptake ofmicroservices, as it is now very easy to quickly spin
up a new, lightweight run-timeenvironments for the application.
The ability to provide single-purpose components with clean APIs
between them is anessential design requirement for microservices
architecture. At their core, microserviceshave two main
characteristics; they are stateless and distributed. To achieve
this, let'stake a closer look at the Twelve-Factor App methodology
in more detail to help explainmicroservices architecture as a
whole.
The Twelve-Factor App
To allow the developer maximum flexibility in their choice of
programming languagesand back-end services, Software-as-a-Service
web applications should be designed withthe following
characteristics:
• Use of a declarative format to attempt to minimize or
eliminate side effects bydescribing what the program should
accomplish, rather than describing how to goabout it. At a high
level it's the variance between a section of code and
aconfiguration file.
• Clean Contract with the underlying Operating Systems which
enables portabilityto run and execute on any infrastructure. API's
are commonly used to achieve thisfunctionality.
• Ability to be deployed into modern cloud platforms; removing
the dependencieson underlying hardware and platform.
• Keep development, staging, and production as similar as
possible. Minimize thedeviation between the two environments for
continuous development.
HOL-SDC-1630
Page 11HOL-SDC-1630
-
• Ability to scale up (and down) as the application requires
without needing tochange the tool sets, architecture or development
practices.
At a high level, the 12 Factors that are used to achieve these
characteristics are:
1. Codebase - One codebase tracked in revision control, many
deploys2. Dependencies - Explicitly declare and isolate
dependencies3. Config - Store config in the environment4. Backing
Services - Treat backing services as attached resources5. Build,
release, run - Strictly separate build and run stages6. Process -
Execute the app as one or more stateless processes7. Port Binding -
Export services via port binding8. Concurrency - Scale out via the
process model9. Disposability - Maximize robustness with fast
startup and graceful shutdown
10. Dev/Pro Parity - Keep development, staging, and production
as similar aspossible
11. Logs - Treat logs as event streams12. Admin Process - Run
admin/management tasks as one-off processes
For additional detailed information on these factors, check out
12factor.net.
HOL-SDC-1630
Page 12HOL-SDC-1630
-
Benefits of Microservices
Microservice architecture has benefits and challenges. If the
development and operatingmodels in the company do not change, or
only partially change, things could getmuddled very quickly.
Decomposing an existing app into hundreds of independentservices
requires some choreography and a well thought-out plan. So why are
teamsconsidering this move? Because there are considerable
benefits!
HOL-SDC-1630
Page 13HOL-SDC-1630
-
Resilience
With a properly architected microservice-based application, the
individual services willfunction similarly to a bulkhead in a ship.
Individual components can fail, but this doesnot mean the ship will
sink. The following tenet is held closely by many developmentteams
- "Fail fast, fail often." The quicker a team is able to identify a
malfunctioningmodule, the faster they can repair it and return to
full operation.
Consider an online music player application - as a user, I might
only care about playingartists in my library. The loss of the
search functionality may not bother me at all. In theevent that the
Search service goes down, it would be nice if the rest of the
applicationstays functional. The dev team is then able to fix the
misbehaving featureindependently of the rest of the
application.
Defining "Service Boundaries" is important when architecting a
microservice-basedapplication!
HOL-SDC-1630
Page 14HOL-SDC-1630
-
Scaling
If a particular service is causing latency in your application,
it's trivial to scale upinstances of that specific service if the
application is designed to take full advantage ofmicroservices.
This is a huge improvement over monolithic applications.
Similar to the Resilience topic, with a monolithic application,
one poorly-performingcomponent can slow down the entire
application. With microservices, it is almost trivialto scale up
the service that is causing the latency. Once again, this
scalability must bebuilt into the application's DNA to function
properly.
HOL-SDC-1630
Page 15HOL-SDC-1630
-
Deployment
Once again, microservices allow components to be upgraded and
even changed out forentirely new, heterogeneous pieces of
technology without bringing down the entireapplication. Netflix
pushes updates constantly to production code in exactly
thismanner.
Misbehaving code can be isolated and rolled back immediately.
Upgrades can be pushedout, tested, and either rolled back or pushed
out further if they have been successful.
HOL-SDC-1630
Page 16HOL-SDC-1630
-
Organizational
"Organizations which design systems ... are constrained to
produce designs which arecopies of the communication structures of
these organizations" --Melvin Conway
The underlying premise here is that the application should align
to the business drivers,not to the fragmentation of the teams.
Microservices allow for the creation of right-sized, more flexible
teams that can more easily align to the business drivers behind
theapplication. Hence, ideas like the "two pizza rule" in which
teams should be limited tothe number of people that can finish two
pizzas in a sitting (conventional wisdom saysthis is eight or
less...though my personal research has proved two pizzas do not
feedmore than four people.)
No Silver Bullet!
Microservices can be accompanied by additional operations
overhead compared to themonolithic application provisioned to a
application server cluster. When each service isseparately built
out, they could each potentially require clustering for fail over
and highavailability. When you add in load balancing, logging and
messaging layers betweenthese services, the real-estate starts to
become sizable even in comparison to a largeoff the shelf
application. Microservices also require a considerable amount of
DevOpsand Release Automation skills. The responsibility of
ownership of the application doesnot end when the code is released
into production, the Developer of the applicationessentially owns
the application until it is retired. The natural evolution of the
code and
HOL-SDC-1630
Page 17HOL-SDC-1630
-
collaborative style in which it is developed can lend itself to
challenges when making amajor change to the components of the
application. This can be partially solved withbackwards
compatibility but it is not the panacea that some in the industry
may claim.
Microservices can only be utilized in certain use cases and even
then, Microservicesopen up a world of new possibilities that come
with new challenges and operationalhurdles. How do we handle
stateful services? What about orchestration? What is thebest way to
store data in this model? How do we guarantee a data persistence
model?Precisely how do I scale an application properly? What about
"simple" things like DNSand content management? Some of these
questions do not have definitive solutionsyet. A distributed system
can also introduce a new level of complexity that may nothave been
such a large concern like network latency, fault tolerance,
versioning, andunpredictable loads in the application. The
operational cost of application developersneeding to consider these
potential issues in new scenarios can be high and should beexpected
throughout the development process.
When considering the adoption of a Microservices, ensure that
the use case is sound,the team is aware of the potential challenges
and above all, the benefits of this modeloutweigh the cost.
Recommended reading: If you would like to learn more about the
operational andfeasibility considerations of Microservices, look up
Benjamin Wootton and read someof his publications on the topic,
specifically 'Microservices - Not A Free Lunch!'.
HOL-SDC-1630
Page 18HOL-SDC-1630
-
Introduction to ContainersIn this Chapter, we will explain
containers and how they enable 3rd Platform
applicationarchitectures to be run efficiently in distributed
environments.
Brief History of Containers
While containers are certainly a very popular topic right now,
containers themselves arenot new. They have existed for many years.
FreeBSD, Solaris Zones, LXC...there aremany incarnations of
containerization technology.
You may ask - then why is Docker so popular? For a few good
reasons, but mainlybecause Docker created a very easy to use
framework for deploying and sharingcontainers on standard Linux
builds.
There are still many challenges to address in this space,
however! Security, isolationand data persistence are areas that are
arguably not ready for the Enterprise just yet.We will discuss this
more throughout the lab.
What are Containers?
Containers are an OS-level virtualization method in which the
kernel of an operatingsystem allows for multiple isolated
user-space instances, instead of just one. Theprimary benefits of
using containers include limited overhead, increased flexibility
andefficient use of storage; the container looks like a regular OS
instance from the user's
HOL-SDC-1630
Page 19HOL-SDC-1630
-
perspective. Changes to the image can be made very quickly and
pushed to a repositoryto share with others for further development
and utilization.
HOL-SDC-1630
Page 20HOL-SDC-1630
-
What is Docker?
Docker containers wrap up a piece of software in a complete
filesystem that containseverything it needs to run: code, runtime,
system tools, system libraries – anything youcan install on a
server. This guarantees that it will always run the same,
regardless ofthe environment it is running in.
Containers running on a single machine all share the same
operating system kernel sothey start instantly and make more
efficient use of RAM. Images are constructed fromlayered
filesystems so they can share common files, making disk usage and
imagedownloads much more efficient. Docker containers are based on
open standardsallowing containers to run on all major Linux
distributions and Microsoft operatingsystems.
Containers include the application and all of its dependencies,
but share the kernel withother containers. They run as an isolated
process in userspace on the host operatingsystem.
Docker is a natural fit for microservice-based
architectures.
HOL-SDC-1630
Page 21HOL-SDC-1630
-
How do Containers and Virtual Machines Differ?
A container is intended to run a single application. Containers
are typically very specific,intended to run MySQL, Nginx, Redis, or
some other application. So what happens if youneed to run two
distinct applications or services in a containerized environment?
Therecommendation is usually to use two separate containers. The
low overhead and quickstart-up times make running multiple
containers trivial, thus they are typically scoped toa single
application.
A VM, on the other hand, has a broader range, and can run almost
any operatingsystem. As you are likely aware, the VM serves as an
extremely firm boundary betweenOS instances that's enforced by a
robust hypervisor, and connects to Enterprise-levelstorage, network
and compute systems in a trusted, well-defined and secure
manner.VMs have traditionally lent themselves to running 2nd
Platform (Web - App - Database)applications that compromise 99% of
the application space today.
HOL-SDC-1630
Page 22HOL-SDC-1630
-
Virtual machines and containers: better together
Containers provide great application portability, enabling the
consistent provisioning ofthe application across infrastructures.
However, applications and data alone are rarelythe major barrier to
workload mobility. Instead, operational requirements such
asperformance and capacity management, security, and various
management toolintegrations can make redeploying workloads to new
environments a significantchallenge. So while containers help with
portability, they’re again only a piece of abigger puzzle.
Due to the fundamental differences in architecture (namely the
ESXi hypervisor used byVMs versus the shared kernel space leveraged
by containers), Linux containers will notachieve the same level of
isolation and security. Furthermore, the toolsets available inthe
VM ecosystem are battle-tested and Enterprise-grade, enabling
scores of benefits(stability, compliance, integrated operations,
etc) that are indispensable to operationsand infrastructure
teams.
For these reasons, VMware provides the best of both worlds by
offering an optimized OSbuilt for containers to run with minimal
overhead. By dedicating an extremelylightweight OS to run
containerized workloads, we don't have to choose one or the other-
we can have both! By taking advantage of memory sharing, a core
feature of the ESXihypervisor, we drastically reduce the OS
overhead while enabling the applicationflexibility promised by
containers.
In Module 6, we will look at some of our newer solutions,
including Bonneville, whichseamlessly integrates containers and VMs
into a single fluid and dynamic deploymentoperation! This will
surely be one of the most exciting announcements at VMworld,
soplease make sure to look over that Module!
HOL-SDC-1630
Page 23HOL-SDC-1630
-
HOL-SDC-1630
Page 24HOL-SDC-1630
-
Introduction to KubernetesIn this Chapter, we take a quick look
at Kuberentes and how it fits into the world ofcontainers.
What is Kubernetes?
Kubernetes is an open source system for managing containerized
applications acrossmultiple hosts, providing basic mechanisms for
deployment, maintenance, and scalingof applications. It’s APIs are
intended to serve as the foundation for an open ecosystemof tools,
automations systems, and higher-level API layers.
Kubernetes, at its basic level, is a system for managing
containerized applicationsacross a cluster of nodes. In many ways,
Kubernetes was designed to address thedisconnect between the way
that modern, clustered infrastructure is designed, andsome of the
assumptions that most applications and services have about
theirenvironments.
Most clustering technologies strive to provide a uniform
platform for applicationdeployment. The user should not have to
care much about where work is scheduled.The unit of work presented
to the user is at the "service" level and can be accomplishedby any
of the member nodes.
However, in many cases, it does matter what the underlying
infrastructure looks like.When scaling an app out, an administrator
cares that the various instances of a serviceare not all being
assigned to the same host.
On the other side of things, many distributed applications build
with scaling in mind areactually made up of smaller component
services. These services must be scheduled onthe same host as
related components if they are going to be configured in a trivial
way.This becomes even more important when they rely on specific
networking conditions inorder to communicate appropriately.
While it is possible with most clustering software to make these
types of schedulingdecisions, operating at the level of individual
services is not ideal. Applicationscomprised of different services
should still be managed as a single application in mostcases.
Kubernetes provides a layer over the infrastructure to allow for
this type ofmanagement.
Master Server:
The controlling unit in a Kubernetes cluster is called the
master server. It serves as themain management contact point for
administrators, and it also provides many cluster-wide systems for
the relatively dumb worker nodes.
HOL-SDC-1630
Page 25HOL-SDC-1630
-
The master server runs a number of unique services that are used
to manage thecluster's workload and direct communications across
the system.
Minion Server:
In Kubernetes, servers that perform work are known as minions.
Minion servers have afew requirements that are necessary to
communicate with the master, configure thenetworking for
containers, and run the actual workloads assigned to them.
Kubernetes Work Units:
While containers are the used to deploy applications, the
workloads that define eachtype of work are specific to
Kubernetes:
Services:
We have been using the term service throughout this guide in a
very loose fashion, butKubernetes actually has a very specific
definition for the word when describing workunits. A service, when
described this way, is a unit that acts as a basic load balancerand
ambassador for other containers.
Labels:
A Kubernetes organizational concept outside of the work-based
units is labeling. A labelis basically an arbitrary tag that can be
placed on the above work units to mark them asa part of a group.
These can then be selected for management purposes and
actiontargeting.
Source: (Digitalocean.com,. 'An Introduction To Kubernetes |
Digitalocean'. N.p., 2015.Web. 4 Aug. 2015)
HOL-SDC-1630
Page 26HOL-SDC-1630
-
Module 2 - IntroducingCloud-Native Apps
HOL-SDC-1630
Page 27HOL-SDC-1630
-
Introduction - Photon OS andLightwave with AppCatalystAn
introduction to two of the latest Cloud-Native innovations from
VMware.
HOL-SDC-1630
Page 28HOL-SDC-1630
-
Introduction to VMware Photon OS
Photon OS is a lightweight Linux operating system for
Cloud-Native apps. Photon OS isoptimized for vSphere and vCloud
Air, providing an easy way for our customers toextend their current
platform with VMware and run modern, distributed applicationsusing
containers.
Photon provides the following benefits:
• Support for the most popular Linux container formats including
Docker, rkt, andGarden from Pivotal
• Minimal footprint (approximately 300MB), to provide an
efficient environment forrunning containers
• Seamless migration of container workloads from development to
production• All the security, management, and orchestration
benefits already provided with
vSphere offering system administrators with operational
simplicity
We have open sourced Photon OS to encourage widespread
contributions and testingfrom customers, partners, prospects, and
the developer community at large. It isavailable today on GitHub
for forking and experimentation; the binary is also availableon
JFrog Bintray. We’re even making it easily accessible to developers
by packaging itwith Vagrant and making it available through Atlas
with our friends at HashiCorp.
By offering Photon OS, we are able to provide integrated support
for all aspects of theinfrastructure, adding to the leading
compute, storage, networking, and managementfound today. Customers
will benefit from end-to-end testing, compatibility,
andinteroperability with the rest of our software-defined data
center and End UserComputing product portfolios. Through
integration between Photon and Lightwave,customers can enforce
security and governance on container workloads, for example,by
ensuring only authorized containers are run on authorized hosts by
authorizedusers.
Introduction to VMware Lightwave
Lightwave is an open source project comprised of
standards-based, enterprise-grade,identity and access management
services targeting critical security, governance, andcompliance
challenges for cloud-native apps. Here are a few of its
features:
HOL-SDC-1630
Page 29HOL-SDC-1630
-
• Multi-tenancy to simplify governance and compliance across the
infrastructureand application stack and across all stages of
application development lifecycle
• Support for SASL, OAuth, SAML, LDAP v3, Kerberos, X.509, and
WS-Trust• Extensible authentication and authorization using
username and password,
tokens and PKI infrastructure for users, computers, containers
and user definedobjects
Lightwave pairs well with Photon OS, to provide an enforcement
layer for identity andaccess management via VMware vSphere and
vCloud Air.
Introduction to VMware AppCatalyst
VMware AppCatalyst is a desktop hypervisor for developers –
currently available as atechnology preview. As we spoke with
development teams the last few months, itbecame clear that there
was a gap in the market. Most developers use some form ofhypervisor
on their desktop - typically either VMware Fusion or Oracle
VirtualBox – andthey use these tools every day. But these tools
were not specifically designed to supportdeveloper workflows, and
there are many developer use cases where we thought wecould do a
lot better.
VMware AppCatalyst is an API and Command Line Interface
(CLI)-driven Mac hypervisorthat is purpose-built for developers,
with the goal of bringing the datacenterenvironment to the desktop.
Currently a technology preview, VMware AppCatalyst offersdevelopers
a fast and easy way to replicate a private cloud locally on their
desktop forbuilding and testing containerized and
microservices-based applications. The toolfeatures Project Photon,
an open source minimal Linux container host, Docker Machineand
integration with Vagrant. AppCatalyst uses MacOS as its host
operating system (i.e.,the user must use MacOS 10.9 or later as
their host operating system to useAppCatalyst).
One of the most common use cases for the desktop hypervisor is
with Docker. Docker isfundamentally a Linux technology, but most
developers we talk to are using Macs sothey need some form of
hypervisor to run a Docker engine. But to do this you need to
a)download a hypervisor, b) select a Linux distribution, c)
download and install said Linuxdistribution, then d) setup Docker.
All just to get to the point where you can start usingDocker.
AppCatalyst comes pre-bundled with Photon OS - VMware’s compact
container hostLinux distribution. When you download AppCatalyst,
you can point docker-machine at it,
HOL-SDC-1630
Page 30HOL-SDC-1630
-
start up a Photon instance almost instantly (since there’s no
Linux ISO to download),and start using Docker. This saves a lot of
time getting started.
Another common use of the desktop hypervisor is with Vagrant.
Developers buildVagrant files and then Vagrant up their deployment.
AppCatalyst ships with a Vagrantprovider so you can start using it
with Vagrant immediately.
Our long term goal is to turn AppCatalyst into a data center on
the desktop: anyprogram or utility that you use against your
production data center should be able torun in dev/test mode on
your laptop. To do this we’ll be adding storage and
networkingabstractions to AppCatalyst, and moving towards API
parity with the data center. Wehave a ways to go to get there, and
this initial tech preview is just the first step.
Introduction to VMware Photon Controller
Photon Controller, part of the broader Photon Project, is a
hyper-scale distributedcontrol plane built for multi-tenant
deployments enabling anybody to deploy andoperate a cloud. In
addition to basic Infrastructure-as-a-Service (IaaS)
consumptionscenarios to create, manage and destroy virtual machines
and related resources, PhotonController is optimized for 3rd
Platform application development and deploymentparadigms such
as:
HOL-SDC-1630
Page 31HOL-SDC-1630
-
• Container clusters (K8, Mesos, Docker/ Swarm)• PaaS (Cloud
Foundry Bosh CPI)• Openstack• Big Data
HOL-SDC-1630
Page 32HOL-SDC-1630
-
Installation - Photon OS and Lightwavewith AppCatalystThis demo
shows an AppCatalyst-based installation of Photon, along with
Lightwave.
Click here to view an interactive demo of an AppCatalyst-based
installation of PhotonOS, along with Lightwave. The demo will open
in a new browser tab or window, and youcan continue with the lab
after the demo is finished.
HOL-SDC-1630
Page 33HOL-SDC-1630
http://www.googledrive.com/host/0BwKvJQgQjgwdfkYwb3VaLXpxMHA5SWF0YVMwTUR2bW1KNTdEVXE1UWhrVzN2M25wbGpSX2M/HOL-SDC-1630-PhotonLightwave.htmhttp://www.googledrive.com/host/0BwKvJQgQjgwdfkYwb3VaLXpxMHA5SWF0YVMwTUR2bW1KNTdEVXE1UWhrVzN2M25wbGpSX2M/HOL-SDC-1630-PhotonLightwave.htmhttp://www.googledrive.com/host/0BwKvJQgQjgwdfkYwb3VaLXpxMHA5SWF0YVMwTUR2bW1KNTdEVXE1UWhrVzN2M25wbGpSX2M/HOL-SDC-1630-PhotonLightwave.htm
-
Working with LightwaveIn this section, we will configure two
hosts as Domain Controllers for the"lightwave.local" domain. By
deploying two Domain Controllers, we add additionalresiliency and
high availability.
Configuring the primary Domain Controller
1. From the Windows start menu, select "PuTTY"2. In the list of
saved sessions, double click on "lightwave-01a.corp.local"
HOL-SDC-1630
Page 34HOL-SDC-1630
-
Promote lightwave-01a to domain controller
In this step, we will promote the current host (lightwave-01a)
to Domain Controller (DC)for the domain "lightwave.local".
1. Click inside the PuTTY window you opened in the previous
step.2. Type /opt/vmware/bin/ic-promote --domain lightwave.local
--password
VMware1! followed by Enter3. Check the output. Make sure it ends
with "Domain Controller setup was
successful".
Create a new user in lightwave
1. Stay within the same PuTTY window as you did for the previous
step(lightwave-01a).
2. Type /opt/vmware/bin/dir-cli user create --account amy
--first-name Amy --last-name Wu --user-password VMware1! --password
VMware1! followedby enter.
3. We have now created an account for Amy Wu with the login
"amy".
HOL-SDC-1630
Page 35HOL-SDC-1630
-
Configure the secondary Domain Controller
1. From the Windows start menu, select "PuTTY"2. In the list of
saved sessions, double click on "lightwave-02a.corp.local"
HOL-SDC-1630
Page 36HOL-SDC-1630
-
Promote lightwave-02a to Domain Controller and pair itwith
lightwave-01a
In this step, we will promote the current host (lightwave-02a)
to Domain Controller (DC)for the domain "lightwave.local".
1. Click inside the PuTTY window you opened in the previous
step.2. Type /opt/vmware/bin/ic-promote --partner
lightwave-01a.corp.local --
domain lightwave.local --password VMware1! followed by Enter.3.
Check the output. Make sure it ends with "Domain Controller setup
was
successful".4. Type exit followed by enter to log out.
HOL-SDC-1630
Page 37HOL-SDC-1630
-
Verify installation
1. From the Windows start menu, select "PuTTY"2. In the list of
saved sessions, double click on "application-01a.corp.local"3. When
asked for username, type root followed by enter4. When asked for
password, type VMware1! followed by enter.
Join the lightwave.local domain
1. Click inside the PuTTY window you opened in the previous
step.2. Type /opt/vmware/bin/ic-join --domain lightwave.local
--domain-controller
lightwave-01a.corp.local --password VMware1! followed by Enter3.
Check the output. Make sure it ends with "Domain Join was
successful".4. Do not close this Putty Window.
HOL-SDC-1630
Page 38HOL-SDC-1630
-
Enable SSH authentication against lightwave
1. Stay within the same PuTTY window as you did for the previous
step(application-01a).
2. Type cd /root followed by enter.3. To enable lightwave
authentication, we are going to run a short script that
contains the necessary commands.4. Type cat init_pam.sh followed
by enter to review the script. This script plugs in
lightwave authentication as a PAM (Pluggable Authentication
Module).5. Type ./init_pam.sh followed by enter to run the
script.6. After the lsass command completes type exit.
HOL-SDC-1630
Page 39HOL-SDC-1630
-
Login using your lightwave credentials
1. From the Windows start menu, select "PuTTY"2. In the list of
saved sessions, double click on "application-01a.corp.local"3. When
asked for username, type [email protected] followed
by
enter4. When asked for password, type VMware1! followed by
enter.
Check who is logged in
1. Click inside the PuTTY window you opened in the previous
step.2. Type who followed by enter.3. You will see a list of
logged-in users. The first line is the "root" user you logged
in
as at the start of this exercise. The second line is the the
lightwave user we justlogged in as.
HOL-SDC-1630
Page 40HOL-SDC-1630
-
Run a Docker command
1. Stay within the same PuTTY window as you did for the previous
step(application-01a).
2. Type docker run -t -i docker-hub:5000/centos:latest followed
by enter3. Type whoami followed by enter. This prints the current
user in Docker. Notice
that Docker thinks you are "root". This is due to the isolation
between the Dockercontainer and the host operating system.
4. Type exit followed by enter to exit the Docker container.5.
Type exit followed by enter to finish the terminal session. The
PuTTY window will
close.
HOL-SDC-1630
Page 41HOL-SDC-1630
-
Login as a non-privileged user
1. From the Windows start menu, select "PuTTY"2. In the list of
saved sessions, double click on "application-01a.corp.local"3. When
asked for username, type [email protected] followed by enter4.
When asked for password, type VMware1! followed by enter.
Attempt to run a Docker command
1. Type docker run docker-hub:5000/centos:latest followed by
enter.2. You will notice that amy was not given permission to run
Docker commands and
therefore Docker returned an error.3. Type exit followed by
enter to close the session. The PuTTY window will close.
HOL-SDC-1630
Page 42HOL-SDC-1630
-
Delete a user
1. From the Windows start menu, select "PuTTY"2. In the list of
saved sessions, double click on "lightwave-01a.corp.local"
Delete user from directory
1. Click inside the PuTTY window you opened in the previous
step.2. Type /opt/vmware/bin/dir-cli user delete --account amy
--password
VMware1! followed by enter.3. Type exit followed by enter to log
out.
Attempt to login as deleted user
1. From the Windows start menu, select "PuTTY"2. In the list of
saved sessions, double click on "application-01a.corp.local"3. When
asked for username, type [email protected] followed by enter4.
When asked for password, type VMware1! followed by enter.
HOL-SDC-1630
Page 43HOL-SDC-1630
-
5. Notice that Amy is no longer allowed to log in6. Close the
terminal window by clicking the X on the upper right hand
corner.
HOL-SDC-1630
Page 44HOL-SDC-1630
-
Module 3 - Gettingstarted with Cloud-Native
Apps
HOL-SDC-1630
Page 45HOL-SDC-1630
-
From Zero to Docker in 90 seconds!Photon was designed to install
and start extremely quickly. The following is ademonstration of an
installation from scratch all the way to a running
dockerizedapplication.
As you will see, the installation itself completes in a mere 8
seconds on a standardVMware corporate laptop. The entire process,
including VM creation, installation,activation of docker and
download of a simple docker container takes less than 90seconds.
This allows users to spin up docker containers with all the
benefits of isolationand manageability that a virtual machine
offers in almost the same time as it wouldtake to spin it up on an
existing system.
Bringing up a Docker host in 90 seconds
An error occurred.Try watching this video on www.youtube.com, or
enableJavaScript if it is disabled in your browser.
HOL-SDC-1630
Page 46HOL-SDC-1630
-
Working with Photon OSPhotonOS™ is a technology preview of a
minimal Linux container host. It is designed tohave a small
footprint and boot extremely quickly on VMware platforms. PhotonOS™
isintended to invite collaboration around running containerized
applications in avirtualized environment.
• Optimized for vSphere - Validated on VMware product and
provider platforms.• Container support - Supports Docker, rkt, and
the Pivotal Garden container
specifications.• Efficient lifecycle management - contains a
new, open-source, yum-compatible
package manager that will help make the system as small as
possible, butpreserve the robust yum package management
capabilities.
Activation Prompt or Watermark
When you first start your lab, you may notice a watermark on the
desktop indicatingthat Windows is not activated. One of the major
benefits of virtualization is that virtualmachines can be moved and
run on any platform. The Hands-on Labs utilizes thisbenefit and we
are able to run the labs out of multiple datacenters. However,
thesedatacenters may not have identical processors, which triggers
a Microsoft activationcheck through the Internet.Rest assured,
VMware and the Hands-on Labs are in fullcompliance with Microsoft
licensing requirements. The lab that you are using is a
self-contained pod and does not have full access to the Internet,
which is required forWindows to verify the activation. Without full
access to the Internet, this automatedprocess fails and you see
this watermark.This cosmetic issue has no effect on your lab.If you
have any questions or concerns, please feel free to use the support
made
available to you either at VMworld in the Hands-on Labs area, in
your Expert-ledWorkshop, or online via the survey comments as we
are always looking for ways toimprove your hands on lab
experience.
Login to Application-01a
Lauch Putty from the taskbar at the bottom.
HOL-SDC-1630
Page 47HOL-SDC-1630
-
1. Select application-01a.corp.local2. Click Open.
HOL-SDC-1630
Page 48HOL-SDC-1630
-
TDNF Help
Login as user root using:
username: root
password: VMware1!
For a list of the main commands type:
tdnf --help
This will show you all available TDNF commands. Updating or
downloading a package issimple using tdnf install , but we won't do
that yet since we're notconnected to the internet!
Examine repositories
Next, we will navigate to the repo directory and examine the
configuration files.
Change your working directory to /etc/yum.repos.d using:
cd /etc/yum.repos.d
List the contents of the directory using:
HOL-SDC-1630
Page 49HOL-SDC-1630
-
ls
To examine the contents of the ligtwave.repo type:
more lightwave.repo
These files will indicate where packages are pulled from. These
can be remote or localsources. As you can see, the baseurl in the
above screenshot is pointing
tohttps://dl.bintray.com/vmware/lightwave which is where the
lightwave packages arestored.
To learn more about package management in Photon OS™, please
seehttps://github.com/vmware/tdnf
Package Management
PhotonOS™ uses a modified YUM repository for package management
called TDNF (TinyDaNdiFied Yum). The project is on Git here:
https://github.com/vmware/tdnf
TDNF is easy to use, very similar to Yum, and can be used to
manage local and remoterepositories.
Service and Systemd
If you are familiar with common flavours of Linux, you will
likely know the Servicecommand can be used to start and stop
services. Some newer versions of popular
HOL-SDC-1630
Page 50HOL-SDC-1630
https://dl.bintray.comhttps://github.com/vmware/tdnfhttps://github.com/vmware/tdnf
-
flavours have moved from Service to Systemd, as this service
managementframework yields many benefits outside the scope of this
lab.
Using systemctl
In your putty session:
Try the following command:
service
The command will not be found, so we need to use something
else!
Try using systemctl instead to look for details on the docker
service using:
systemctl status docker
The usage of systemctl is required in Photon for service
management. If you want toknow more about its usage, type systemctl
--help and press enter. If you need to stop,start or restart a
service, the syntax is systemctl stop|start|restart
Journalctl
Coupled with Systemd, Journald is a daemon that handles messages
produced by thekernel, initrd, services and more. The jounalctl
utility is used to access these logscentrally. A full explanation
of journal is beyond the scope of this lab, but we will showhow it
can be used in Photon to quickly find specific log files.
HOL-SDC-1630
Page 51HOL-SDC-1630
-
Grep for a log
Let's say you want to have a look at SSH activity in the logs.
With journalctl, this is quiteeasy. In your putty session,
type:
journalctl | grep ssh
and press enter.
All logs related to SSH are displayed. This can be used with
containers as well!
(Optional) - to examine the options available to this utility
type:
journalctl --help
HOL-SDC-1630
Page 52HOL-SDC-1630
-
Working with DockerDocker Overview
Docker is a popular container solution that allows developers
and sysadmins an easy-to-use engine, runtime, and packaging tool.
Docker manages content through DockerHub,which allows users to
share images and applications easily.
In this exercise, we will look at some key use cases of Docker.
First, we will run a verysimple container. Then we will discuss how
to package and application as a Dockerimage and finally we'll look
at a more realistic, multi-node application. For the last partof
the exercise, we'll deploy a fully functioning MediaWiki-site.
Some key concepts
Container - A running instance of an image. A container provides
an encapsulatedruntime environment for an application, as well as
hosting the application itself.
HOL-SDC-1630
Page 53HOL-SDC-1630
-
Docker Daemon - The background process that manages a Docker
host. Implementsall of the basic functionality of Docker and
provides the runtime environment forcontainers.
Docker Host - A machine (virtual or physical) hosting one or
more running dockercontainers.
Image - A fully packaged, self-contained application or
application component that canbe instantiated on a Docker host. A
running instance of an image is known as acontainer. An image is
implemented as a layered file system.
Layered file system - A way of representing a docker image as
the union of severalcontributing overlaid file systems. The image
above shows a the layered file system in atypical container. At the
bottom is a set of files needed to emulate a certain OSenvironment.
On top of that, the application designed can layer various
componentsand applications. The layered file system is completely
transparent to applicationsrunning inside the container.
Repository - A catalog of images for use with Docker.
Repositories can be public orprivate and can be hosted locally as
well as centrally.
Connect to the linux machine
1. Open Putty from the windows taskbar2. Click on
application-01a.corp.local3. You will be automatically logged in
without having to enter a password.
HOL-SDC-1630
Page 54HOL-SDC-1630
-
HOL-SDC-1630
Page 55HOL-SDC-1630
-
Docker Run "Hello World"
Let's make sure that our Docker environment is working by
running a small testapplication. All this does is to print a simple
message to the console and exit. Noticehow the docker repo wasn't
available locally and was automatically pulled down from acentral
registry.
1. Type docker run hello-world followed by Enter.2. Examine the
output. It should look similar to the screenshot above.
Run a webserver
Let's try a slightly more meaningful example by spinning up a
simple web server. Youwill notice we have added the -d (Daemon
mode) flag to the command. This allows ourapplication to continue
running in the background after the docker command hasfinished. In
this case, we're running a simple web application that listens to
port 80(HTTP). The -p argument tells Docker to wire port 80 inside
the container to port 80 onthe host. This allows us to expose the
web application to the outside world.
1. At the command prompt, type docker run -dt -p 80:80
httpd:latest followedby Enter.
2. You should see a long hexadecimal string, similar to the one
in the screen shot.
HOL-SDC-1630
Page 56HOL-SDC-1630
-
Load the webpage
Let's verify that it worked by loading the webpage!
1. Open Firefox2. In the URL field, type http://192.168.120.4
followed by Enter3. You should see a web page similar to above. If
you get an error while loading
the page, try refreshing. It is possible that the application
didn't havetime to fully initialize before you tried to hit the web
page.
Kill the running container
Since we started the container in daemon mode, it will keep
running until we explicitlykill it. To do that, we first need to
find its container ID. This is similar to a process ID inan
operating system.
1. Type docker ps followed by Enter.2. You will see output
similar to the screenshot above. Notice the hex-string at the
beginning of the line! This is the container ID we need in order
to kill thecontainer.
3. Type docker kill CONTAINERID followed by Enter. You need to
replace'CONTAINERID' with the container ID from the docker ps
command. Note that youcan specify a substring of the container ID
as long as it is unique.
The Dockerfile
OK, that wasn't very hard, was it? But what if we want to build
our own customizedimage? Let's say, for example, that we'd like to
build a simple webserver that serves upsome static content that
we've created. We want this little application to be
distributedusing Docker.
HOL-SDC-1630
Page 57HOL-SDC-1630
-
To do that, we need some kind of "source code" instructing
Docker how to create andconfigure such an image. Let's have a look
at what a docker file might look like. In theterminal window for
application-01, type the following:
1. Type cd /root/website followed by Enter2. Type cat Dockerfile
followed by Enter.
You should see something similar to the screen shot above. Let's
walk through it!
• The FROM statement specifies the base image. So the build
process for thisimage starts with pulling down the latest version
of an Apache HTTP daemon.
• Next, we use the ADD statement to transfer a file to the
image. In our example,the static content of the site is stored in
the file index.html. Of course, in a morerealistic example, you'd
transfer more than one file or transfer a ZIP or TAR thatyou expand
in the target.
• Finally, we use the ENTRYPOINT keyword to specify the command
the containershould run when it starts up. The command
httpd-foreground simply starts aHTTP daemon and blocks until it's
explicitly killed.
For more information about the Dockerfile and its keywords,
refer to this
page:https://docs.docker.com/engine/reference/builder/
HOL-SDC-1630
Page 58HOL-SDC-1630
https://docs.docker.com/engine/reference/builder/
-
Building an image from a Dockerfile
Since the Dockerfile itself is just the "source code" for our
image, we need to run adocker command that builds an actual image
from it. This is where "docker build" comesinto the picture. Let's
try it out!
Type the following:
1. Type cd /root/website followed by Enter2. Type ls Followed by
Enter. You should see two files: The Dockerfile and an
index.html containing the static content for the site.3. Type
docker build -t my-website /root/website followed by enter. You
should
see output similar to above.
The docker build command takes two parameters: -t my-website
tags the image andgives it the name "my-website". This is what
we'll refer to when we'll run the image. Thesecond parameter
specifies where to find the Dockerfile and the content.
Starting our new website
Let's start our new website to see what it looks like!
1. Type docker run -d -p 80:80 my-website:latest followed by
enter.
You should see output similar to the first screen shot
above.
If you get a message saying "Bind for 0.0.0.0:80 failed: port is
alreadyallocated", you missed the step above where kill the
webserver from our firstfew steps. Go back to the step "Killing the
running container" and try again!
HOL-SDC-1630
Page 59HOL-SDC-1630
-
Testing our new website
Go to the web browser and enter the address
"http://192168.120.4" You should see apage similar to the screen
shot above. The content you're seeing comes from the HTML-file we
injected using our Dockerfile. You may have to reload the page to
see this!
HOL-SDC-1630
Page 60HOL-SDC-1630
cme-export/hol-sdc-1630_pdf_en/"http:/192168.120.4".
-
A two-tier application
Unfortunately, all applications aren't as simple as the one we
just built. Most of the time,you need multiple tiers residing in
multiple containers. In our example, we're going tobuild a
wiki-site with the web-server and app-server residing in one image
and thedatabase resides in another image.
Ideally, we'd like to deploy the appserver container and the
database on some kind ofinternal network not visible outside the
application. This way, we don't have to botherwith allocating
IP-addresses for the database and keeping track of how the
applicationconnects to the database. It would also be nice from a
security aspect, since thedatabase wouldn't expose any ports to the
outside world.
Luckily, Docker allows us to do this by linking containers.
Let's try it out!
Spinning up the database
To spin up the database, the the following in the application-01
terminal window:
1. docker run --name wiki-db -d -e
MYSQL_ROOT_PASSWORD=secretmysql:latest followed by Enter.
There are two things to note here. First, we're giving the
container a name, "wiki-db".We're going to use this when we're
linking the database to the appserver/webservercontainer. The other
thing is the -e parameter. This simply sends an environmentvariable
to the container, which, in this case, allows us to set the root
password for ourdatabase instance to "secret".
HOL-SDC-1630
Page 61HOL-SDC-1630
-
You may want to type a docker ps followed by Enter to make sure
the database isrunning before you continue.
Spinning up the appserver/webserver
Let's spin up the appserver/webserver! Type the following in the
application-01 terminalwindow:
1. Type docker run --link wiki-db:mysql -p 8080:80 -d
synctree/mediawikifollowed by Enter.
We're starting to get used to "docker run" commands by now.
Let's examine what makesthis one special. Most of it should be
familiar by now. We're running it in daemon modeand we're exposing
internal port 80 as external port 8080. But let's focus on the
--linkparameter.
This parameter tells docker that we're dependent on the
"wiki-db" container we justspun up. It also tells us to expose it
to the appserver/webserver as "mysql". Thisessentially does two
things:
• It makes the appserver/webserver inherit all environment
variables from thedatabase. Notice how we didn't have to specify
any password for the databaseand how it all "just worked". That's
because the wiki-image knows how to pick upthat variable from the
database and use if it wasn't specified when spinning upthe
appserver/webserver.
• It creates an ad-hoc network between the two containers and
establishes namemapping between the containers. The wiki
appserver/webserver internally refersto a host called "mysql" for
its database. The --link wiki-db:mysql parametermaps the name
"mysql" to the address of the database server on the
internalnetwork we just created.
HOL-SDC-1630
Page 62HOL-SDC-1630
-
Testing the wiki
1. In a web browser, enter the address
http://192.168.120.4:8080
You should see a site similar to the screenshot above. This is
what a fresh install lookslike and you're welcome to click on the
"set up the wiki" link if you want to explore itfurther.
It may take a few moment for the application to start, so if
you're getting atimeout, just try reloading the site a few times.
It should come up within aminute.
Summary
In this chapter, we have introduced some of the basic concepts
in Docker. We've testeda couple of simple cases and finally
deployed a Wiki site, representing a more realisticapplication. You
should now have a basic understanding of the various components
andconstructs in Docker to start thinking about some of the
challenges around this model.
For example, how do we secure containers? A virtualized network
on the same host andgeographic area is fine, but what if we want to
geographically disperse containers andstill abstract away the
network? How do you automate and coordinate containers?Remember
that the best practice is to keep containers small and nimble, but
what about"container sprawl"? How do you deal with thousands or
tens of thousands of containers?
Keep going in the lab to review and test out VMware's vision on
how to harness thepower of this exciting technology!
HOL-SDC-1630
Page 63HOL-SDC-1630
http://192.168.120.4:8080
-
Module 4 - vSphereIntegrated Containers
HOL-SDC-1630
Page 64HOL-SDC-1630
-
Module OverviewThis module will give you an overview of the
design principles and the implementationstrategy of vSphere
Integrated Containers.
In this module we will NOT go through the VIC installation. We
will go through:
• Deploy and Connect to a container host• Show how a container
relates to a VM• Create a simple application
HOL-SDC-1630
Page 65HOL-SDC-1630
-
Deploying vSphere IntegratedContainersDeploying vSphere
Integrated Containers is as simple as deploying an OVA into
yourvSphere Infrastructure. The video below will walk you through
the process.
vSphere Integrated Containers Installation
An error occurred.Try watching this video on www.youtube.com, or
enableJavaScript if it is disabled in your browser.
HOL-SDC-1630
Page 66HOL-SDC-1630
-
vSphere Integrated ContainersIntroductionIn this section, we
will walk you through how we made vSphere a container host.
The concept behind vSphere Integrated Containers
VIC is a solution for current VMware customers that need to find
a way to provide theirdevelopers with containers and allows their
VMware admins the ability to manage thosecontainers as if they were
a VM.
Developers can now create applications using standard docker
commands to build andrun their applications. They only need to
point their current docker client to the vSpherecontainer host.
VMware admins can now see each container as a VM. They will now
be able to managethose container just like any other VM by
determining which storage, network, andresource pool those
containers will run on.
How can VMware do this? We setup a VM as a container host and
then use our forkingtechnology build into vSphere 6 to rapidly
deploy VMs as the docker run command isissued. By forking of a VM
instead of deploying one from a template we give thedevelopers the
instant deployment they expect with containers but yet give the
VMwareadmins the VM they know how to manage.
Let's go through this in a little more detail
HOL-SDC-1630
Page 67HOL-SDC-1630
-
A Linux Container Host
A traditional container host, runs on a linux machine, physical
or virtual. The containerkernel modules are loaded, in our case the
docker daemon. Using commands from thedocker client, traditionally
on the same host, container images are pulled from thedocker hub or
created from scratch using a DockerFile.
• shows the Linux host OS• Docker API + Daemon• Container images
that• Multiple containers sharing the same OS kernel
HOL-SDC-1630
Page 68HOL-SDC-1630
-
Traditional container host on ESXi
In the traditional deployment of container hosts today, the
VMware admins give thedevelopers a linux VM. The developers load up
the daemon and run multiple containersinside that linux VM to build
their application. The issues this can present are:
1. No visibility into those VMs and containers to help with
resource contention,security or advanced networking to allow those
containers to communicate withlegacy application or databases
outside of those linux VMs.
2. Limited resource scaling of the containers because they are
bond to one VM, thecontainer host.
3. Inefficient resource utilization on the vSphere host because
those VMs are stillusing resources even when the containers are
shutdown.
4. Wasting resources on each VMs because container images are
most likelyduplicated on each container host.
vSphere Integrated Container on ESXi
In this new model, VMware treats each container as a VM. This
helps with each listedpreviously.
HOL-SDC-1630
Page 69HOL-SDC-1630
-
1. There is complete visibility of the containers. We can see
the resources beingused and help aviod contention, apply the
currently established networking andsecurity models build in the
underlying vSphere infrastructure.
2. Container scaling is only limited by the resources in the
cluster, but is also easilyexpanded by adding more hosts to the
cluster
3. When containers are shutdown those resources are given back
to the cluster foruse somewhere else.
4. Because of the scalability of the containers, you can reduce
container hoststherefore reducing the number of duplicate
images.
HOL-SDC-1630
Page 70HOL-SDC-1630
-
vSphere Integrated Containers Architecture
The vSphere Integrated Containers architecture is simple. The
Bonneville appliance is aVM running on a host in the vCenter
cluster. This VM has the kernel space that eachcontainer shares.
Within vSphere Integrated Containers, the Bonnecville VM runs
thedocker daemon and translates the container creation commands
into a vSphere forkcommand, which is how each container becomes a
VM. This appliance is also the localimage repository for all the
containers associated with that container host.
HOL-SDC-1630
Page 71HOL-SDC-1630
-
vSphere Integrated ContainersManagement ApplianceLaunch the
Firefox browser
Double Click on the Internet Explorer Icon on the desktop
Log Into vCenter
Username: Administrator
Password: VMware1!
1. Click on Login
HOL-SDC-1630
Page 72HOL-SDC-1630
-
Verifying the vSphere Integrated containers managementappliance
is installed
1. Verify the ip address of the vSphere integrated containers
management appliance
Install the vSphere Integrated Containers plugin
1. Type "http://vic-01a.corp.local/register-plugin" in the
address bar (without thequotes).
2. Press ENTER
HOL-SDC-1630
Page 73HOL-SDC-1630
cme-export/hol-sdc-1630_pdf_en/"http:/vic-01a.corp.local/register-plugin"
-
Fill in the vCenter information
1. Be sure Install is selected
2. Registration information
vCenter Server host name or IP address: vcsa-01.corp.local
User Name: [email protected]
Password: VMware1!
Cloud Native Extensions Package URL: ALREADY FILLED IN - DO NOT
REPLACE
3. Click on Submit
HOL-SDC-1630
Page 74HOL-SDC-1630
-
Confirmation of plugin install
1. When the plugin is finished installing you will see this
message.
2. Close the Install Cloud Native Extensions tab
3. Close the browser, so you can log back in.
HOL-SDC-1630
Page 75HOL-SDC-1630
-
Logout of vCenter
Launch the Firefox browser
Double Click on the Internet Explorer Icon on the desktop
Log back into vCenter
Username: Administrator
Password: VMware1!
1. Click on Login
HOL-SDC-1630
Page 76HOL-SDC-1630
-
vSphere Integrated Containers management console
From the Home screen of vCenter, double-click on the vSphere
IntegratedContainers icon
HOL-SDC-1630
Page 77HOL-SDC-1630
-
Create a Virtual Container Host
1. Be sure the Getting Started tab is selected
2. Double click on the Create a Virtual Container Host under
Basic Tasks
HOL-SDC-1630
Page 78HOL-SDC-1630
-
Virtual Container Host vApp/host name
1. Enter the name of the Virtual Container Host: VCH01,
2. Click Next
HOL-SDC-1630
Page 79HOL-SDC-1630
-
Virtual Container Host cluster resource
1. Select the cluster to install the container host into, in
this case select Cluster Site A
2. Click Next
HOL-SDC-1630
Page 80HOL-SDC-1630
-
Virtual Container Host storage resource
1. Select the datastore for the virtual container host and all
the containers on this host.In our case select ds-site-a-nfs02
2. Click Next
HOL-SDC-1630
Page 81HOL-SDC-1630
-
Virtual Container Host network resource
1. Select the External Network, this network is what the
containers will use to bridgeto for outside connectivity. In our
case and is the default, select VM Network from thedrop down
menu
2. Select the Internal Network, this network is what the
container host uses forinternal communication. In our case, select
the Management Network from the dropdown menu.
3. Click Next
HOL-SDC-1630
Page 82HOL-SDC-1630
-
Virtual Container Host Static IP
** NOTE this ip does not need to be set, DHCP can be used** The
ip address for theDocker Host will be displayed in both the notes
field of vCenter and on the VHC console
1. Click Next
HOL-SDC-1630
Page 83HOL-SDC-1630
-
Virtual Container Host default container configuration
You can set the default container size, we will be taking the
defaults for this lab.
1. Click Next
HOL-SDC-1630
Page 84HOL-SDC-1630
-
Virtual Container Host customer participation program
Please participate in the customer improvement program so we can
get your feedback.For this lab we will disable it.
1. Uncheck the check box
2. Click Next
HOL-SDC-1630
Page 85HOL-SDC-1630
-
Review and deploy
Review the configuration.
** For this lab we will NOT be building a VCH. Please DO NOT
select Finish **
1. Click Cancel
HOL-SDC-1630
Page 86HOL-SDC-1630
-
Review Virtual Container Host deployment
1. Select Host and Clusters under the Home menu
HOL-SDC-1630
Page 87HOL-SDC-1630
-
Look for the deployed host
Find the virtual container host and the template VMs used to
fork off the container VMson this host. Be sure that there are as
many template VMs as there are vSphere hostsin the cluster.
In this screen shot you will also see there is more than 1
container host in this cluster,more on that in the next section of
this module
HOL-SDC-1630
Page 88HOL-SDC-1630
-
Managing vSphere IntegratedContainersIn this section we will be
using our virtual container host to creating containers and
runbasic web applications. We will be using multiple virtual
container host(s) to show howmultiple teams can have their own
virtual container host to create, build, and run
theircontainers
Multiple Virtual Container host(s) per cluster
Please note that there are 2 different virtual container hosts
running in this cluster, eachwith their own set of templates for
each host in the cluster.
1. Virtual Container Hosts
2. Container template for esx-01a
3. Container template for esx-02a
** Temporary Fix ** restarting docker daemon
If you look at either virtual container host (proj_Atlas or
proj_Zeus), and see that onlythe container host is started:
1. Open the console
HOL-SDC-1630
Page 89HOL-SDC-1630
-
2. type this command: sudo -- sh -c '/opt/bootsync.sh;
/opt/dockerd.sh'
** Temporary Fix ** error "OK"
1. This error is only temporary but ok. Please verify in the
next step.
** Temporary Fix ** refresh vCenter
1. click on the refresh button
HOL-SDC-1630
Page 90HOL-SDC-1630
-
** Temporary Fix ** verify daemon has started
The template container VMs should now be running.
*** Please repeat for 2nd container host if needed ***
Get the IP address of the proj_Atlas virtual container host
Make note of this command, specifically the virtual container
host IP Address.
HOL-SDC-1630
Page 91HOL-SDC-1630
-
Open a terminal to the docker client
From the ControlCenter desktop, double click on the Putty
icon
Launch the Docker_client putty session
1. Select the Docker_client session
2. Click Open
HOL-SDC-1630
Page 92HOL-SDC-1630
-
Log into the docker client putty session and attach to thedocker
host
Username: root
Password: VMware1!
Attach the Docker_client to the proj_Atlas virtual
containerhost
Type the export command in the Docker client:
exportDOCKER_HOST=tcp://192.168.100.137:2376 , Press Enter
HOL-SDC-1630
Page 93HOL-SDC-1630
cme-export/hol-sdc-1630_pdf_en/DOCKER_HOST=tcp:/192.168.100.137:2376
-
Check virtual container host connectivity
Type Docker info and press Enter. Here you will see information
about the vSpherebacking of the virtual container host.
Notice: the Name of the virtual container host, the total memory
and available CPUof this container host
Currently no docker applications configured.
Please see Module 2 for docker single and multitier application
setup.
HOL-SDC-1630
Page 94HOL-SDC-1630
-
Module 5 - Managing andMonitoring Containers
HOL-SDC-1630
Page 95HOL-SDC-1630
-
vRealize Operations - MonitoringContainersIn this Module, we
will use our Enterprise performance, management and
compliancesolution vRealize Operations to retrieve metrics from
containerized workloads. Thisrequires adapter installation which
has been done for you. To fully understand andexperience vRealize
Operations, please see HOL-SDC-1601 and 1602. Building alertsand
automatic remediation steps is not in the scope of this lab, but is
certainly possible!
Note: you may need to reduce the resolution in your Chrome or
Firefox window to seethe bottom of the vR Ops windows in some
steps.
HOL-SDC-1630
Page 96HOL-SDC-1630
-
Overview of vRealize Operations
vRealize Operations is a core component in VMware's vRealize
Suite, functioning as ahub for performance, capacity and compliance
information, correlating that informationacross the Enterprise, and
providing easy to understand dashboards as seen above.vRealize
Operations functions primarily by way of adapters, using dedicated
instancesto gather information from the target systems such as
vCenter, Hyperic, ConfigurationManager or third party systems.
Docker is just another endpoint for an adapter, so wewill use an
adapter to pull container metrics from Docker.
Start a Container
HOL-SDC-1630
Page 97HOL-SDC-1630
-
Login to Application-01a
If you don't already have a putty session open to
Application-01a.corp.local, please openone now. Login with root and
VMware1!
HOL-SDC-1630
Page 98HOL-SDC-1630
-
Start a Container (if one isn't already up)
1. Type docker ps and press enter.2. If there are no containers
running (as pictured above) then proceed to step 3. If
there ARE containers running, skip the remaining instructions in
thisstep.
3. Type docker run -d -p 80:80
docker-hub:5000/k8s-example-guestbook-php-redis
4. Type docker ps and ensure you have at least one container
running.
Working with Adapters
HOL-SDC-1630
Page 99HOL-SDC-1630
-
Log in to vRealize Operations
Type admin / VMware1! in the username and password fields. Click
Login.
HOL-SDC-1630
Page 100HOL-SDC-1630
-
Navigate to Solutions
1. Click the Solutions icon.2. Ensure Solutions is
highlighted.3. The Management Pack has already been installed for
you. Remember this is a
beta version of the Docker MP!!4. You will see an adapter
instance has already been configured for testing. We are
going to create another instance now. We have left the first one
in place in caseyou want to inspect it, but notice that the adapter
is reporting Object down. Thisis because the test adapter's
endpoint is powered off. Also notice the Collector iscollecting.
This information is useful for troubleshooting purposes!
5. Click the gear icon to edit the Adapter.
Configure a New Instance of the Adapter
1. Click the + sign.2. Name the new adapter application-01a3.
Type application-01a.corp.local in the Docker Host field.
HOL-SDC-1630
Page 101HOL-SDC-1630
-
4. Click the + button for credentials.
HOL-SDC-1630
Page 102HOL-SDC-1630
-
Credentials
1. Select Docker SSH Credentials. Notice API connectivity is
possible as well.2. Type appRoot for the Credential Name3. Type
root for Username4. Type VMware1! for Password.5. Click OK.
HOL-SDC-1630
Page 103HOL-SDC-1630
-
Test Connection
Once the credentials are saved:
1. Click Test Connection2. This should be successful. If it is
not, ensure you have a docker container
running on application-01a and the credentials are correct.3.
Save Settings. If this button is not visible, reduce your browser's
resolution.4. Click Close.
View the Environment
Docker Dashboards
Notice the Home screen now has two Docker Dashboards! It may
take a couple minutesto populate this as the adapter retrieves
information from Docker. Please be patient andrefresh the web page
after a minute or two.
1. Click Home (if you aren't already there).2. Click Docker
Relationship3. Click an Image or a Container. Your choice!
HOL-SDC-1630
Page 104HOL-SDC-1630
-
4. Notice the Object Relationship populate. Feel free to click
other objects tounderstand this interaction.
HOL-SDC-1630
Page 105HOL-SDC-1630
-
Navigate to Environment Overview
1. Click the globe icon to navigate to Environment.2. Notice the
Docker inventory items. Docker World.
Examine the Docker objects
NOTE - the screen may not look exactly as it is displayed here
depending on the state ofyour environment after doing other
labs.
1. Ensure Docker is selected.2. Click the Troubleshooting tab.3.
Click All Metrics.4. Notice the Related Objects. Select Docker.5.
Select the adapter instance you just build,
application-01a.corp.local. Notice
the test adapter deployed with the lab appears here to
demonstrate thehierarchy.
HOL-SDC-1630
Page 106HOL-SDC-1630
-
6. Click the plus sign on Memory, scroll to pgfault and
doubleclick. It shoulddisplay in the metric viewer.
While this adapter is still in development, we wanted to offer
VMworld attendees aglimpse into the direction we are heading.
vRealize Operations team will continuedeveloping this adapter to
ensure Operations and Infrastructure admins have a clearview into
containerized workloads.
Looking at Containers
Feel free to explore these objects!
1. Click Containers2. Click one of the containers in your
inventory. Please note this screen capture may
look different from your environment. Choose any object you
like.3. Explore using the metric selector as in the previous
step.
HOL-SDC-1630
Page 107HOL-SDC-1630
-
What do you notice about the objects? Do we pull the same
metrics from images as wedo from containers? Examine the hierarchy
of objects to better understand how dockerimages and containers are
related to the docker host!
If you are interested in furthering your knowledge and are
well-versed in vRealizeOperations, please feel free to explore the
creation of alerts based on container metrics.This is purely an
optional step for fun. Assuming you think that kind of thing is
fun. Ithink it's fun. :)
HOL-SDC-1630
Page 108HOL-SDC-1630
-
Docker Cleanup
Stop the existing container by using the docker stop
command:
Type docker stop . Note that you only have to type the first
couplecharacters of the Container ID that make it unique. Your
Container ID will be unique inthis lab.
Type docker ps and ensure that you do not have any other
container running beforecontinuing on to the next module, as shown
in the image above.
HOL-SDC-1630
Page 109HOL-SDC-1630
-
vRealize Log Insight - MonitoringContainersConfigure Integration
with vR Ops
In this Module, the integration between Log Insight and vRealize
Operations has alreadybeen performed. If you would like a deeper
dive into Log Insight with vRealizeOperations, please see
HOL-SDC-1601.
Log into Log Insight
Please open a browser tab/window and click the link to Log
Insight. The credentialsshould be stored, but if they are not,
enter admin / VMware1! and click Login.
HOL-SDC-1630
Page 110HOL-SDC-1630
-
Observe the Agent Configuration
Examine the Agent dashboard. Notice that we only have one agent
running forcontrolcenter. We will return to this after we configure
the Linux agent!
1. Use the drop down and select Administration2. Click
Agents
Configure Linux Agent
In this step, the Log-Insight agent has already been installed
for you, but we still need toactivate the daemon.
1. If you do not already have a session open, Putty into
application-01a using root/ VMware1!
2. Type /usr/bin/docker-insight
-agent="$GOPATH/src/github.com/JeremyOT/docker-insight/liagent"
-api="http://log-01a.corp.local:9000"and pressEnter. (Ignore the
hyperlink in the lab module, this is an unavoidable artifact.)
HOL-SDC-1630
Page 111HOL-SDC-1630
cme-export/hol-sdc-1630_pdf_en/-api="http:/log-01a.corp.local:9000"
-
You have just launched the daemon. We have done this manually to
show how the agentis started, but one could easily put this into a
boot script to execute every time. Leavethis window open for the
next steps.
HOL-SDC-1630
Page 112HOL-SDC-1630
-
Login to application-01a in a New Window
Leaving the agent session running, launch another Putty session
and login with root /VMware1!
Organize your Putty windows so you can see both clearly on your
screen as per below!
HOL-SDC-1630
Page 113HOL-SDC-1630
-
Start a Container
Launch a simple container to see the log output:
1. In the new Putty session, type docker run -d -p 80:80
docker-hub:5000/k8s-example-guestbook-php-redis
2. Notice the new entry on the right? It may look different than
the picturedepending on what you have been doing previously! The
goal here is to noticethe docker commands are registering with the
agent, and being pushed to LogInsight.
HOL-SDC-1630
Page 114HOL-SDC-1630
-
Examine in Log Insight
Return to your browser window with Log Insight. If you closed it
previously, please re-open the browser and navigate to the Log
Insight link in the toolbar.
1. Click the pull down menu and select Administration.2. Click
Agents.3. Notice DockerAgent running on application-01a. There may
be more than one
if you restarted the agent during the previous step! Notice the
Events Sentnumber. You should see at least 1 or 2 events already
streaming from Docker.
4. Optional - Notice the file locations in the Agent
Configuration? These can beconfigured to monitor directories in the
containers themselves. If you want achallenge, configure the agent
to monitor container directories! Remember tosave the
configuration. The challenge will be generating logs which we will
notcover in this lab, so this step is optional!
5. When satisfied, click application-01a (the most recently
updated if there aremore than one) .
HOL-SDC-1630
Page 115HOL-SDC-1630
-
View the Environment
You should now be in the Interactive Analysis of Log Insight. If
you clicked correctly, youshould see a filter in place for
application-01a.
1. Change the time filter to Latest 24 hours of data.2. Notice
the events! We are now seeing Docker logs and application logs from
the
container itself! If you do not see this right away, give it no
more than fiveminutes. You should see some logs generating,
provided you have started yourcontainers properly in the previous
steps. You may need to refresh the window.
Docker Cleanup
Stop the existing container by using the docker stop
command:
Type docker stop . Note that you only have to type the first
couplecharacters of the Container ID that make it unique. Your
Container ID will be unique inthis lab.
HOL-SDC-1630
Page 116HOL-SDC-1630
-
Type docker ps and ensure that you do not have any other
container running beforecontinuing on to the next module, as shown
in the image above.
Summary
There are many, many more features in vRealize Operations and
Log Insight. If this areais of interest, we encourage you to take
those labs as they go much further into how onecan leverage logs to
create Alerts in vR Ops and configure remediation activities
basedon these alerts.
Remember that these adapters are still in beta, and we can
expect more features andfunctionality in the near future!
HOL-SDC-1630
Page 117HOL-SDC-1630
-
ConclusionThank you for participating in the VMware Hands-on
Labs. Be sure to visithttp://hol.vmware.com/ to continue your lab
experience online.
Lab SKU: HOL-SDC-1630
Version: 20160301-042707
HOL-SDC-1630
Page 118HOL-SDC-1630
http://hol.vmware.com/
Table of ContentsLab Overview - HOL-SDC-1630 - Cloud Native
AppsLab GuidanceActivation Prompt or Watermark
Module 1 - Introduction to MicroservicesWhat's this 3rd Platform
Thing?Application Development and DeliveryApp and Infrastructure
Delivery AutomationNew Business ImperativeMoving Faster Requires
Design and Culture ChangesHistory of Platforms3rd Platform -
Microservice ArchitectureThe Twelve-Factor AppBenefits of
MicroservicesResilienceScalingDeploymentOrganizationalNo Silver
Bullet!
Introduction to ContainersBrief History of ContainersWhat are
Containers?What is Docker?How do Containers and Virtual Machines
Differ?Virtual machines and containers: better together
Introduction to KubernetesWhat is Kubernetes?
Module 2 - Introducing Cloud-Native AppsIntroduction - Photon OS
and Lightwave with AppCatalystIntroduction to VMware Photon
OSIntroduction to VMware LightwaveIntroduction to VMware
AppCatalystIntroduction to VMware Photon Controller
Installation - Photon OS and Lightwave with AppCatalystWorking
with LightwaveConfiguring the primary Domain ControllerPromote
lightwave-01a to domain controllerCreate a new user in
lightwaveConfigure the secondary Domain ControllerPromote
lightwave-02a to Domain Controller and pair it with
lightwave-01aVerify installationJoin the lightwave.local
domainEnable SSH authentication against lightwaveLogin using your
lightwave credentialsCheck who is logged inRun a Docker
commandLogin as a non-privileged userAttempt to run a Docker
commandDelete a userDelete user from directoryAttempt to login as
deleted user
Module 3 - Getting started with Cloud-Native AppsFrom Zero to
Docker in 90 seconds!Bringing up a Docker host in 90 seconds
Working with Photon OSActivation Prompt or WatermarkLogin to
Application-01aTDNF HelpExamine repositoriesPackage
ManagementService and SystemdUsing systemctlJournalctlGrep for a
log
Working with DockerDocker OverviewSome key conceptsConnect to
the linux machineDocker Run "Hello World"Run a webserverLoad the
webpageKill the running containerThe DockerfileBuilding an image
from a DockerfileStarting our new websiteTesting our new websiteA
two-tier applicationSpinning up the databaseSpinning up the
appserver/webserverTesting the wikiSummary
Module 4 - vSphere Integrated ContainersModule OverviewDeploying
vSphere Integrated ContainersvSphere Integrated Containers
Installation
vSphere Integrated Containers IntroductionThe concept behind
vSphere Integrated ContainersA Linux Container HostTraditional
container host on ESXivSphere Integrated Container on ESXivSphere
Integrated Containers Architecture
vSphere Integrated Containers Management ApplianceLaunch the
Firefox browserLog Into vCenterVerifying the vSphere Integrated
containers management appliance is installedInstall the vSphere
Integrated Containers pluginFill in the vCenter
informationConfirmation of plugin installLogout of vCenterLaunc