How to run Containers as a Service – Part 2
In ‘How to run Containers as a Service – Part 1‘ I talked about how easy it is to run containers in a development environment and the difficulty of moving containers into production. In this post I will show you how to run Containers as a Service by building a container host on VMware’s Photon OS and how to deploy and manage container hosts including multi-container applications in production using VMware vRealize Automation 7.2
This will be a long article, so I split it up into three pieces:
- Create a PhotonOS container host template.
- Create and deploy a container host blueprint and configure container placement.
- Create and deploy a multi-container application blueprint.
Note: VMware vRealize Automation version 7.2 including some basic administration skills are required for the second and third part of the post!
Prepare Photon OS and create a vSphere template
To run containers as a service first we need to setup the Photon OS correctly and create a vSphere template to use in our later steps.
Download the latest Photon OS OVA from Github here.
Import and deploy the OVA, start up Photon OS and open the remote console. Login with root/changeme and change your password.
If you don’t have DHCP in your environment, you need to configure the IP address for the Photon OS machine. Do this by edit the network file under /etc/systemd/network. Change the file name from dhcp to static.
mv /etc/systemd/network/10-dhcp-eth0.network /etc/systemd/network/10-static-eth0.network vi /etc/systemd/network/10-static-eth0.network
Input the following attributes and save it.
[Match] Name=eth0 [Network] Address=<Static IP>/24 Gateway=<Gateway IP> DNS=<DNS IP> Domains=<DNS Domain>
Restart the network service.
systemctl restart systemd-networkd.service
systemctl enable sshd systemctl start sshd
Update all software packages on Photon OS.
tdnf distro-sync –y
Reboot and login to Photon OS with SSH for further configuration.
Configure (insecure) Docker remote access.
systemctl stop docker vi /etc/default/docker
Add the following line to the Docker file and save it.
DOCKER_OPTS="-H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock"
Open (insecure) Docker port in the firewall.
cd /etc/systemd/scripts vi iptables
Add the following lines at the end of the iptables file and save it.
#Enable insecure docker connections iptables -A INPUT -p tcp --dport 2375 -j ACCEPT
systemctl restart iptables
Remove Docker ID to start with a clean system and start the Docker engine.
rm -f /etc/docker/key.json systemctl enable docker systemctl start docker
Install Docker Volume Service for vSphere. This enables you to address persistent storage requirements for Docker containers in vSphere environments and be able to consume vSphere Storage (vSAN, VMFS, NFS) to stateful containers.
Download the Docker Volume Driver (rpm) here and upload the latest release to the tmp directory on your Photon OS instance. Use the rpm command to install the volume driver.
systemctl stop docker cd /tmp rpm -ivh docker-volume-vsphere-x.xx.x.xxxxxxx-x.x86_64.rpm systemctl restart docker-volume-vsphere systemctl start docker
To use Docker Volume Driver, ESXi has to be enabled and installation of a VIB is needed. Get it here and upload the latest release to the tmp directory on your ESXi host(s). Use the esxcli software command to install the VIB.
esxcli software vib install --no-sig-check -v /tmp/vmware-esx-vmdkops-x.xx.x.xxxxxxx-x.vib
Shutdown the Photon OS machine and convert it to a vSphere template.
Create a container host Blueprint and configure Container Placement
Now that we have a PhotonOS template to run containers as a service we need to configure the host blueprint and the container placement as follows.
Login to the vRealize Automation console with a user having the appropriate rights.
Create a custom Property Group for your Photon OS container host. The group properties are used during deployment or disposing, to automatically (de-)register a container host under vRealize Automation container management.
The easiest way is to go to Administration, Property Dictionary, Property Groups, create a copy of “Container host properties with user/password authentication” and change the following properties.
- Container.Auth.User = root
- Container.Auth.Password = <your Photon OS root password>
- Container.Connection.Port = 2375
- Container.Connection.Scheme = http
Give your new Photon OS Property Group a name and save it.
Go to Design, Blueprints, and create a new blueprint using your Photon OS template. The attached network can have DHCP or using fixed IP addresses. In my case, I use the IPAM functionality in vRealize Automation to reserve and give the new container host a fixed IP address using a Network Profile. Also use a machine prefix to easy recognise your deployed container host(s). And use the ability to deploy multiple Photon OS instances during request and to easily scale up and scale down afterwards.
Save and publish your blueprint, add it to your Catalog and entitle it for a specific Business Group.
Go to your Service Catalog, request and deploy multiple container hosts using your blueprint.
Once your container hosts are deployed successfully, configure Container Placement and edit your container hosts.
First go to the Containers tab and hit Enter.
Under Hosts you should see your newly deployed container hosts.
Select Placements and create two Placement Zones. In my case, one for the Development team and one for the Operations team.
Then go back to Hosts and edit your container hosts. Assign the new Placement zones and add a tag.
Verify and update your hosts.
Go back to Placements and create two Placements. In my case, one for the Development team and one for the Operations team.
Use the created Placement zones and available Business Groups for the Development and Operations team. Optional, you can limit container instances, CPU and memory utilization.
Now you’re ready to deploy containers!
Under the Containers tab, go to Templates, select a container template, select a Business Group and provision it.
After provisioning, go to Resources, Containers and select the provisioned container application. In my case, NGINX.
Notice that because we selected the Operations Business Group, the container is placed in the Operations Placement Zone and therefore runs on the container host related to this zone. In my case, container host vch-002.
Select container details and click on the http link to confirm NGINX is working.
Create a container Application Blueprint to run containers as a service
Now that we have configured the host blueprint and container placement we need to build the actual IT service which enables our users to run containers as a service.
Go to Design, Blueprints and create a WordPress blueprint consisting of two container instances connected together via a container network. Also add a dependency between the second and the first container.
Select the first (database) container. Name it mariadb and search for the official mariadb image available in the Docker Hub registry.
Under the Network tab add your container network and publish all ports.
Under the Environment tab add the variables available for this image to configure the WordPress database.
Go back to the blueprint and select the second (webserver) container. Name it wordpress and search for the official wordpress image available in the Docker Hub registry.
Under the Network tab add your container network, add a Port Binding between Container port 80 and Host port 86 and publish all ports.
Under the Environment tab add the variables available for this image to configure the WordPress webserver. Use Binding to select the mariadb container as your WordPress database host.
Save your blueprint, publish it and add it to your catalog.
Go to Administration, Catalog, Entitlements and create/use a entitlement for the same Business Group as in your container Placement. In my case, the Development team.
Add the WordPress blueprint to the Entitled Items and save the entitlement.
Go to the Service Catalog and request the WordPress application.
After successful deployment go to the Containers tab, Resources, Applications and select WordPress. This will show the containers and container network associated with the WordPress application.
Notice that because I entitled the WordPress blueprint to the Development Business Group, the containers are placed in the Development Placement Zone and therefore runs on the container host related to this zone. In my case, container host vch-001.
Go back to Containers, select the WordPress container and show details.
Click on the http link to confirm WordPress is working and you can publish a website.
This is how easy it is! Using VMware Photon OS, or vSphere Integrated Containers which is also supported, together with vRealize Automation is a great combination to run Containers as a Service in a production environment.