vSphere Integrated Containers Engine v1.5.8

What's in the Release Notes

• Download Binaries
• Installation and Upgrade
• Using vSphere Integrated Containers
• Changes
  • New Features
  • Enhancements
  • Resolved Issues
• Known Issues
• Open Source Components

Download Binaries

Official vSphere Integrated Containers release: http://www.vmware.com/go/download-vic

Open-source vSphere Integrated Containers Engine project: https://github.com/vmware/vic/archive/v1.5.8.zip

Installation and Upgrade

• For instructions about how to deploy and upgrade the vSphere Integrated Containers appliance, see Deploy the vSphere Integrated Containers Appliance and Upgrade the vSphere Integrated Containers Appliance.
• For instructions about how to deploy and upgrade virtual container hosts, see Deploy Virtual Container Hosts and Upgrade Virtual Container Hosts.

Using vSphere Integrated Containers

For more details on using vSphere Integrated Containers see the end user documentation at https://vmware.github.io/vic-product/#documentation.

• Overview of vSphere Integrated Containers
• vSphere Integrated Containers for vSphere Administrators
• vSphere Integrated Containers Management Portal Administration
• Using vSphere Integrated Containers as a DevOps Administrator, Developer, or Viewer
• Developing Applications with vSphere Integrated Containers

Changes

New Features

vSphere Integrated Containers 1.5.8 resolves an issue in which when vCenter Server is inaccessible, for example due to upgrade or backup and restore operations, and container creation or deletion operations are in progress, vSphere Integrated Containers cannot find those containers, and reports No such container errors in the log.

Resolved Issues

The following issues that were documented as known issues in previous releases or reported by customers have been fixed in v1.5.8:

Full list of changes from 1.5.7.

See also the resolved issues for each of the other vSphere Integrated Containers components:

• vSphere Integrated Containers Appliance
• vSphere Integrated Containers Registry
• vSphere Integrated Containers Management Portal
• vSphere Integrated Containers Plug-In for vSphere Client

Known Issues

vSphere Integrated Containers 1.5.8 has the same known issues as v1.5.7.

View all

• docker exec should use working directory of container image by default . #8166
  docker exec was updated to use the container image working directory as part of the shift to containerd. vSphere Integrated Containers does not yet implement the exec -w option, so does not behave consistently with Docker.

  Workaround: Use the same approach as was necessary before Docker changed the behavior:

  sh -c "cd /desired/dir && command-to-run

• Attempts to change operations user permissions with vic-machine configure do not roll back in the event of a failure. #7814
  Changes to the operations user that are made during a failed vic-machine configure operation persist even after a rollback.

  Workaround: In the vSphere Client, go to Administration -> Roles and delete every role that begins with vch. WARNING: Only perform this workaround if there are no other VCHs running in vCenter Server that are configured with an operations user, as this removes the roles for all VCHs that are running in that vCenter Server instance.

• Deleting multiple VCHs fails. #7020
  Deleting multiple VCHs at the same time fails with one of the following errors:

  • vic/pkg/trace.(*Operation).Err: vic-machine-linux error: context deadline exceeded.
  • ServerFaultCode: The method is disabled by 'VIC'

  Workaround: Try the delete operation again.

• vic-machine debug --rootpw option enables SSH. #6402
  If you specify the vic-machine debug --rootpw option without also specifying --enable-ssh, SSH access to the VCH is still enabled. This behavior is incorrect and will be fixed in a future release.

• Schema 2 image manifests not supported. #5187
  vSphere Integrated Containers Engine does not support pulling images that only have schema 2 image manifests. If an image registry offers only the schema 2 manifest for an image, pull operations fail. This is most commonly seen when pulling an image by digest.

• Container VMs deleted between upgrading and rolling back an upgrade on a VCH show up in docker ps. #5754
  If you upgrade a VCH, perform vic-machine delete on container VMs, then use vic-machine upgrade --rollback to revert the VCH to the previous version, the cache information in the VCH is reverted. However, the deleted container VM cannot be reverted, so if you run docker ps, the deleted container VMs are listed.

  Workaround: Restart the VCH endpoint VM in the vSphere Client.

• docker diff does not fully work with all containers. #6059
  Running docker diff on certain containers, for example postgres, results in Error response from daemon: Server error from portlayer: Server error from portlayer: Server error from archive reader for device.

• docker info does not report secure registries. #6256
  Running docker info on a VCH reports any registries that you have whitelisted, but does not report secure registries that you specified with vic-machine create --registry-ca.

• Enabling content trust in Management Portal does not work if a VCH is in whitelist mode. #6258
  If you install a VCH with whiltelist mode enabled, attempting to a enable content trust on a vSphere Integrated Containers Registry in Management Portal does not update the whitelist, and you cannot pull from that registry.

• Occasional disconnection during vMotion. #4484
  If you are attached to a container VM that is migrated by vMotion, the SSH connection to the container VM might drop when vMotion completes.

  Workaround: Perform docker attach after the vMotion completes to reattach to the container.

• Using volume labels with docker-compose causes a plugin error. #4540
  Setting a label in a volume in the Docker compose YML file results in error looking up volume plugin : plugin not found.

  Workaround: Set the volume driver explicitly as local or vsphere in the compose file. E.g.,

  volumes:
    volume_with_label:
      driver: local
  

• vSphere Integrated Containers Management Portal cannot pull images from an insecure vSphere Integrated Containers instance when creating a container using vSphere Integrated Containers Engine. #4706
  Creating a container in vSphere Integrated Containers Management Portal with vSphere Integrated Containers Engine as the only Docker host results in the error certificate signed by unknown authority.

  Workarounds: Specify the vSphere Integrated Containers Registry port when you set the vic-machine create--insecure-registry option, or provide a CA certificate in the --registry-ca option.

• Image store is in the wrong directory if the datastore already has a directory with the same name. #3365
  If the datastore already has a directory with the same name as the VCH, and the directory does not have a VM, vic-machine creates the VCH correctly names the folder a slightly different name. Example, folder "test_1" with vch named "test". The kvstore is located in "test_1" folder correctly, but image files are still in the "test" directory.
• Deployment with static IP takes a long time. #3436
  If you depl...

vSphere Integrated Containers Engine v1.5.7

What's in the Release Notes

• Download Binaries
• Installation and Upgrade
• Using vSphere Integrated Containers
• Changes
  • New Features
  • Enhancements
  • Resolved Issues
• Known Issues
• Open Source Components

Download Binaries

Official vSphere Integrated Containers release: http://www.vmware.com/go/download-vic

Open-source vSphere Integrated Containers Engine project: https://github.com/vmware/vic/archive/v1.5.7.zip

Installation and Upgrade

• For instructions about how to deploy and upgrade the vSphere Integrated Containers appliance, see Deploy the vSphere Integrated Containers Appliance and Upgrade the vSphere Integrated Containers Appliance.
• For instructions about how to deploy and upgrade virtual container hosts, see Deploy Virtual Container Hosts and Upgrade Virtual Container Hosts.

Using vSphere Integrated Containers

For more details on using vSphere Integrated Containers see the end user documentation at https://vmware.github.io/vic-product/#documentation.

• Overview of vSphere Integrated Containers
• vSphere Integrated Containers for vSphere Administrators
• vSphere Integrated Containers Management Portal Administration
• Using vSphere Integrated Containers as a DevOps Administrator, Developer, or Viewer
• Developing Applications with vSphere Integrated Containers

Changes

New Features

vSphere Integrated Containers 1.5.7 includes the following new features:

• Support for vSphere 7u2. To use the vSphere Integrated Containers UI plugin with vSphere 7u2, you must use vSphere Integrated Containers v1.5.7. Version 1.5.6 is not compatible with vSphere 7u2.
• Support for Harbor 1.7.8, which resolves an issue with an expired sudo version. See goharbor/harbor#11633 for details.
• Bug fixes and Security updates.

Enhancements

vSphere Integrated Containers Engine 1.5.7 includes the bug fixes listed in Resolved Issues below.

Resolved Issues

The following issues that were documented as known issues in previous releases or reported by customers have been fixed in v1.5.7:

Full list of changes from 1.5.6.

See also the resolved issues for each of the other vSphere Integrated Containers components:

• vSphere Integrated Containers Appliance
• vSphere Integrated Containers Registry
• vSphere Integrated Containers Management Portal
• vSphere Integrated Containers Plug-In for vSphere Client

Known Issues

vSphere Integrated Containers 1.5.7 has the same known issues as v1.5.6.

View all

• docker exec should use working directory of container image by default . #8166
  docker exec was updated to use the container image working directory as part of the shift to containerd. vSphere Integrated Containers does not yet implement the exec -w option, so does not behave consistently with Docker.

  Workaround: Use the same approach as was necessary before Docker changed the behavior:

  sh -c "cd /desired/dir && command-to-run

• Attempts to change operations user permissions with vic-machine configure do not roll back in the event of a failure. #7814
  Changes to the operations user that are made during a failed vic-machine configure operation persist even after a rollback.

  Workaround: In the vSphere Client, go to Administration -> Roles and delete every role that begins with vch. WARNING: Only perform this workaround if there are no other VCHs running in vCenter Server that are configured with an operations user, as this removes the roles for all VCHs that are running in that vCenter Server instance.

• Deleting multiple VCHs fails. #7020
  Deleting multiple VCHs at the same time fails with one of the following errors:

  • vic/pkg/trace.(*Operation).Err: vic-machine-linux error: context deadline exceeded.
  • ServerFaultCode: The method is disabled by 'VIC'

  Workaround: Try the delete operation again.

• vic-machine debug --rootpw option enables SSH. #6402
  If you specify the vic-machine debug --rootpw option without also specifying --enable-ssh, SSH access to the VCH is still enabled. This behavior is incorrect and will be fixed in a future release.

• Schema 2 image manifests not supported. #5187
  vSphere Integrated Containers Engine does not support pulling images that only have schema 2 image manifests. If an image registry offers only the schema 2 manifest for an image, pull operations fail. This is most commonly seen when pulling an image by digest.

• Container VMs deleted between upgrading and rolling back an upgrade on a VCH show up in docker ps. #5754
  If you upgrade a VCH, perform vic-machine delete on container VMs, then use vic-machine upgrade --rollback to revert the VCH to the previous version, the cache information in the VCH is reverted. However, the deleted container VM cannot be reverted, so if you run docker ps, the deleted container VMs are listed.

  Workaround: Restart the VCH endpoint VM in the vSphere Client.

• docker diff does not fully work with all containers. #6059
  Running docker diff on certain containers, for example postgres, results in Error response from daemon: Server error from portlayer: Server error from portlayer: Server error from archive reader for device.

• docker info does not report secure registries. #6256
  Running docker info on a VCH reports any registries that you have whitelisted, but does not report secure registries that you specified with vic-machine create --registry-ca.

• Enabling content trust in Management Portal does not work if a VCH is in whitelist mode. #6258
  If you install a VCH with whiltelist mode enabled, attempting to a enable content trust on a vSphere Integrated Containers Registry in Management Portal does not update the whitelist, and you cannot pull from that registry.

• Occasional disconnection during vMotion. #4484
  If you are attached to a container VM that is migrated by vMotion, the SSH connection to the container VM might drop when vMotion completes.

  Workaround: Perform docker attach after the vMotion completes to reattach to the container.

• Using volume labels with docker-compose causes a plugin error. #4540
  Setting a label in a volume in the Docker compose YML file results in error looking up volume plugin : plugin not found.

  Workaround: Set the volume driver explicitly as local or vsphere in the compose file. E.g.,

  volumes:
    volume_with_label:
      driver: local
  

• vSphere Integrated Containers Management Portal cannot pull images from an insecure vSphere Integrated Containers instance when creating a container using vSphere Integrated Containers Engine. #4706
  Creating a container in vSphere Integrated Containers Management Portal with vSphere Integrated Containers Engine as the only Docker host results in the error certificate signed by unknown authority.

  Workarounds: Specify the vSphere Integrated Containers Registry port when you set the vic-machine create--insecure-registry option, or provide a CA certificate in the --registry-ca option.

• Image store is in the wrong directory if the datastore already has a directory with the same name. #3365
  If the datastore already has a directory with the same name as the VCH, and the directory does not have a VM, vic-machine creates the VCH correctly names the folder a sligh...

vSphere Integrated Containers Engine v1.5.6

What's in the Release Notes

• Download Binaries
• Installation and Upgrade
• Using vSphere Integrated Containers
• Changes
  • New Features
  • Enhancements
  • Resolved Issues
• Known Issues
• Open Source Components

Download Binaries

Official vSphere Integrated Containers release: http://www.vmware.com/go/download-vic

Open-source vSphere Integrated Containers Engine project: https://github.com/vmware/vic/archive/v1.5.6.zip

Installation and Upgrade

• For instructions about how to deploy and upgrade the vSphere Integrated Containers appliance, see Deploy the vSphere Integrated Containers Appliance and Upgrade the vSphere Integrated Containers Appliance.
• For instructions about how to deploy and upgrade virtual container hosts, see Deploy Virtual Container Hosts and Upgrade Virtual Container Hosts.

Using vSphere Integrated Containers

For more details on using vSphere Integrated Containers see the end user documentation at https://vmware.github.io/vic-product/#documentation.

• Overview of vSphere Integrated Containers
• vSphere Integrated Containers for vSphere Administrators
• vSphere Integrated Containers Management Portal Administration
• Using vSphere Integrated Containers as a DevOps Administrator, Developer, or Viewer
• Developing Applications with vSphere Integrated Containers

Changes

New Features

vSphere Integrated Containers 1.5.6 includes the following new features:

• Support for vCenter Server version 7.0u1.
• TLS 1.1 is disabled. TLS 1.2 has already been supported for several releases. Read more.

Enhancements

vSphere Integrated Containers Engine 1.5.6 includes the bug fixes listed in Resolved Issues below.

Resolved Issues

The following issues that were documented as known issues in previous releases or reported by customers have been fixed in v1.5.6:

• docker-compose up -d fails when network already exists. #6405

Full list of changes from 1.5.5.

See also the resolved issues for each of the other vSphere Integrated Containers components:

• vSphere Integrated Containers Appliance
• vSphere Integrated Containers Registry
• vSphere Integrated Containers Management Portal
• vSphere Integrated Containers Plug-In for vSphere Client

Known Issues

vSphere Integrated Containers 1.5.6 has the same known issues as v1.5.5.

View all

• docker exec should use working directory of container image by default . #8166
  docker exec was updated to use the container image working directory as part of the shift to containerd. vSphere Integrated Containers does not yet implement the exec -w option, so does not behave consistently with Docker.

  Workaround: Use the same approach as was necessary before Docker changed the behavior:

  sh -c "cd /desired/dir && command-to-run

• Attempts to change operations user permissions with vic-machine configure do not roll back in the event of a failure. #7814
  Changes to the operations user that are made during a failed vic-machine configure operation persist even after a rollback.

  Workaround: In the vSphere Client, go to Administration -> Roles and delete every role that begins with vch. WARNING: Only perform this workaround if there are no other VCHs running in vCenter Server that are configured with an operations user, as this removes the roles for all VCHs that are running in that vCenter Server instance.

• Deleting multiple VCHs fails. #7020
  Deleting multiple VCHs at the same time fails with one of the following errors:

  • vic/pkg/trace.(*Operation).Err: vic-machine-linux error: context deadline exceeded.
  • ServerFaultCode: The method is disabled by 'VIC'

  Workaround: Try the delete operation again.

• vic-machine debug --rootpw option enables SSH. #6402
  If you specify the vic-machine debug --rootpw option without also specifying --enable-ssh, SSH access to the VCH is still enabled. This behavior is incorrect and will be fixed in a future release.

• Schema 2 image manifests not supported. #5187
  vSphere Integrated Containers Engine does not support pulling images that only have schema 2 image manifests. If an image registry offers only the schema 2 manifest for an image, pull operations fail. This is most commonly seen when pulling an image by digest.

• Container VMs deleted between upgrading and rolling back an upgrade on a VCH show up in docker ps. #5754
  If you upgrade a VCH, perform vic-machine delete on container VMs, then use vic-machine upgrade --rollback to revert the VCH to the previous version, the cache information in the VCH is reverted. However, the deleted container VM cannot be reverted, so if you run docker ps, the deleted container VMs are listed.

  Workaround: Restart the VCH endpoint VM in the vSphere Client.

• docker diff does not fully work with all containers. #6059
  Running docker diff on certain containers, for example postgres, results in Error response from daemon: Server error from portlayer: Server error from portlayer: Server error from archive reader for device.

• docker info does not report secure registries. #6256
  Running docker info on a VCH reports any registries that you have whitelisted, but does not report secure registries that you specified with vic-machine create --registry-ca.

• Enabling content trust in Management Portal does not work if a VCH is in whitelist mode. #6258
  If you install a VCH with whiltelist mode enabled, attempting to a enable content trust on a vSphere Integrated Containers Registry in Management Portal does not update the whitelist, and you cannot pull from that registry.

• Occasional disconnection during vMotion. #4484
  If you are attached to a container VM that is migrated by vMotion, the SSH connection to the container VM might drop when vMotion completes.

  Workaround: Perform docker attach after the vMotion completes to reattach to the container.

• Using volume labels with docker-compose causes a plugin error. #4540
  Setting a label in a volume in the Docker compose YML file results in error looking up volume plugin : plugin not found.

  Workaround: Set the volume driver explicitly as local or vsphere in the compose file. E.g.,

  volumes:
    volume_with_label:
      driver: local
  

• vSphere Integrated Containers Management Portal cannot pull images from an insecure vSphere Integrated Containers instance when creating a container using vSphere Integrated Containers Engine. #4706
  Creating a container in vSphere Integrated Containers Management Portal with vSphere Integrated Containers Engine as the only Docker host results in the error certificate signed by unknown authority.

  Workarounds: Specify the vSphere Integrated Containers Registry port when you set the vic-machine create--insecure-registry option, or provide a CA certificate in the --registry-ca option.

• Image store is in the wrong directory if the datastore already has a directory with the same name. #3365
  If the datastore already has a directory with the same name as the VCH, and the directory does not have a VM, vic-machine creates the VCH correctly names the folder a slightly different na...

vSphere Integrated Containers Engine v1.5.5

What's in the Release Notes

• Download Binaries
• Installation and Upgrade
• Using vSphere Integrated Containers
• Changes
  • New Features
  • Enhancements
  • Resolved Issues
• Known Issues
• Open Source Components

Download Binaries

Official vSphere Integrated Containers release: http://www.vmware.com/go/download-vic

Open-source vSphere Integrated Containers Engine project: https://github.com/vmware/vic/archive/v1.5.5.zip

Installation and Upgrade

• For instructions about how to deploy and upgrade the vSphere Integrated Containers appliance, see Deploy the vSphere Integrated Containers Appliance and Upgrade the vSphere Integrated Containers Appliance.
• For instructions about how to deploy and upgrade virtual container hosts, see Deploy Virtual Container Hosts and Upgrade Virtual Container Hosts.

Using vSphere Integrated Containers

For more details on using vSphere Integrated Containers see the end user documentation at https://vmware.github.io/vic-product/#documentation.

• Overview of vSphere Integrated Containers
• vSphere Integrated Containers for vSphere Administrators
• vSphere Integrated Containers Management Portal Administration
• Using vSphere Integrated Containers as a DevOps Administrator, Developer, or Viewer
• Developing Applications with vSphere Integrated Containers

Changes

New Features

vSphere Integrated Containers Engine 1.5.5 includes support for vCenter Server version 7.0.

Enhancements

vSphere Integrated Containers Engine 1.5.5 includes the bug fixes listed in Resolved Issues below.

Resolved Issues

The following issues that were documented as known issues in previous releases or reported by customers have been fixed in v1.5.5:

• docker-compose up -d fails when network already exists. #6405

Full list of changes from 1.5.4.

See also the resolved issues for each of the other vSphere Integrated Containers components:

• vSphere Integrated Containers Appliance
• vSphere Integrated Containers Registry
• vSphere Integrated Containers Management Portal
• vSphere Integrated Containers Plug-In for vSphere Client

Known Issues

vSphere Integrated Containers 1.5.5 has the same known issues as v1.5.4.

View all

• docker exec should use working directory of container image by default . #8166
  docker exec was updated to use the container image working directory as part of the shift to containerd. vSphere Integrated Containers does not yet implement the exec -w option, so does not behave consistently with Docker.

  Workaround: Use the same approach as was necessary before Docker changed the behavior:

  sh -c "cd /desired/dir && command-to-run

• Attempts to change operations user permissions with vic-machine configure do not roll back in the event of a failure. #7814
  Changes to the operations user that are made during a failed vic-machine configure operation persist even after a rollback.

  Workaround: In the vSphere Client, go to Administration -> Roles and delete every role that begins with vch. WARNING: Only perform this workaround if there are no other VCHs running in vCenter Server that are configured with an operations user, as this removes the roles for all VCHs that are running in that vCenter Server instance.

• Deleting multiple VCHs fails. #7020
  Deleting multiple VCHs at the same time fails with one of the following errors:

  • vic/pkg/trace.(*Operation).Err: vic-machine-linux error: context deadline exceeded.
  • ServerFaultCode: The method is disabled by 'VIC'

  Workaround: Try the delete operation again.

• vic-machine debug --rootpw option enables SSH. #6402
  If you specify the vic-machine debug --rootpw option without also specifying --enable-ssh, SSH access to the VCH is still enabled. This behavior is incorrect and will be fixed in a future release.

• Schema 2 image manifests not supported. #5187
  vSphere Integrated Containers Engine does not support pulling images that only have schema 2 image manifests. If an image registry offers only the schema 2 manifest for an image, pull operations fail. This is most commonly seen when pulling an image by digest.

• Container VMs deleted between upgrading and rolling back an upgrade on a VCH show up in docker ps. #5754
  If you upgrade a VCH, perform vic-machine delete on container VMs, then use vic-machine upgrade --rollback to revert the VCH to the previous version, the cache information in the VCH is reverted. However, the deleted container VM cannot be reverted, so if you run docker ps, the deleted container VMs are listed.

  Workaround: Restart the VCH endpoint VM in the vSphere Client.

• docker diff does not fully work with all containers. #6059
  Running docker diff on certain containers, for example postgres, results in Error response from daemon: Server error from portlayer: Server error from portlayer: Server error from archive reader for device.

• docker info does not report secure registries. #6256
  Running docker info on a VCH reports any registries that you have whitelisted, but does not report secure registries that you specified with vic-machine create --registry-ca.

• Enabling content trust in Management Portal does not work if a VCH is in whitelist mode. #6258
  If you install a VCH with whiltelist mode enabled, attempting to a enable content trust on a vSphere Integrated Containers Registry in Management Portal does not update the whitelist, and you cannot pull from that registry.

• Occasional disconnection during vMotion. #4484
  If you are attached to a container VM that is migrated by vMotion, the SSH connection to the container VM might drop when vMotion completes.

  Workaround: Perform docker attach after the vMotion completes to reattach to the container.

• Using volume labels with docker-compose causes a plugin error. #4540
  Setting a label in a volume in the Docker compose YML file results in error looking up volume plugin : plugin not found.

  Workaround: Set the volume driver explicitly as local or vsphere in the compose file. E.g.,

  volumes:
    volume_with_label:
      driver: local
  

• vSphere Integrated Containers Management Portal cannot pull images from an insecure vSphere Integrated Containers instance when creating a container using vSphere Integrated Containers Engine. #4706
  Creating a container in vSphere Integrated Containers Management Portal with vSphere Integrated Containers Engine as the only Docker host results in the error certificate signed by unknown authority.

  Workarounds: Specify the vSphere Integrated Containers Registry port when you set the vic-machine create--insecure-registry option, or provide a CA certificate in the --registry-ca option.

• Image store is in the wrong directory if the datastore already has a directory with the same name. #3365
  If the datastore already has a directory with the same name as the VCH, and the directory does not have a VM, vic-machine creates the VCH correctly names the folder a slightly different name. Example, folder "test_1" with vch named "test". The kvstore is located in "test_1" folder correctly, but image files are still in the "test" directory.
• Deployment with static IP takes a long time. [#3436](https://github.c...

vSphere Integrated Containers Engine v1.5.4

What's in the Release Notes

• Download Binaries
• Installation and Upgrade
• Using vSphere Integrated Containers
• Changes
  • New Features
  • Enhancements
  • Resolved Issues
• Known Issues
• Open Source Components

Download Binaries

Official vSphere Integrated Containers release: http://www.vmware.com/go/download-vic

Open-source vSphere Integrated Containers Engine project: https://github.com/vmware/vic/archive/v1.5.4.zip

Installation and Upgrade

• For instructions about how to deploy and upgrade the vSphere Integrated Containers appliance, see Deploy the vSphere Integrated Containers Appliance and Upgrade the vSphere Integrated Containers Appliance.
• For instructions about how to deploy and upgrade virtual container hosts, see Deploy Virtual Container Hosts and Upgrade Virtual Container Hosts.

Using vSphere Integrated Containers

For more details on using vSphere Integrated Containers see the end user documentation at https://vmware.github.io/vic-product/#documentation.

• Overview of vSphere Integrated Containers
• vSphere Integrated Containers for vSphere Administrators
• vSphere Integrated Containers Management Portal Administration
• Using vSphere Integrated Containers as a DevOps Administrator, Developer, or Viewer
• Developing Applications with vSphere Integrated Containers

Changes

New Features

vSphere Integrated Containers Engine 1.5.4 includes support for vCenter Server version 6.7 update 3.

Enhancements

vSphere Integrated Containers Engine 1.5.4 includes the bug fixes listed in Resolved Issues below.

Resolved Issues

The following issues that were documented as known issues in previous releases or reported by customers have been fixed in v1.5.4:

• docker-compose up -d fails when network already exists. #6405

Full list of changes from 1.5.3.

See also the resolved issues for each of the other vSphere Integrated Containers components:

• vSphere Integrated Containers Appliance
• vSphere Integrated Containers Registry
• vSphere Integrated Containers Management Portal
• vSphere Integrated Containers Plug-In for vSphere Client

Known Issues

vSphere Integrated Containers 1.5.4 has the same known issues as v1.5.3.

View all

• docker exec should use working directory of container image by default . #8166
  docker exec was updated to use the container image working directory as part of the shift to containerd. vSphere Integrated Containers does not yet implement the exec -w option, so does not behave consistently with Docker.

  Workaround: Use the same approach as was necessary before Docker changed the behavior:

  sh -c "cd /desired/dir && command-to-run

• Attempts to change operations user permissions with vic-machine configure do not roll back in the event of a failure. #7814
  Changes to the operations user that are made during a failed vic-machine configure operation persist even after a rollback.

  Workaround: In the vSphere Client, go to Administration -> Roles and delete every role that begins with vch. WARNING: Only perform this workaround if there are no other VCHs running in vCenter Server that are configured with an operations user, as this removes the roles for all VCHs that are running in that vCenter Server instance.

• Deleting multiple VCHs fails. #7020
  Deleting multiple VCHs at the same time fails with one of the following errors:

  • vic/pkg/trace.(*Operation).Err: vic-machine-linux error: context deadline exceeded.
  • ServerFaultCode: The method is disabled by 'VIC'

  Workaround: Try the delete operation again.

• vic-machine debug --rootpw option enables SSH. #6402
  If you specify the vic-machine debug --rootpw option without also specifying --enable-ssh, SSH access to the VCH is still enabled. This behavior is incorrect and will be fixed in a future release.

• Schema 2 image manifests not supported. #5187
  vSphere Integrated Containers Engine does not support pulling images that only have schema 2 image manifests. If an image registry offers only the schema 2 manifest for an image, pull operations fail. This is most commonly seen when pulling an image by digest.

• Container VMs deleted between upgrading and rolling back an upgrade on a VCH show up in docker ps. #5754
  If you upgrade a VCH, perform vic-machine delete on container VMs, then use vic-machine upgrade --rollback to revert the VCH to the previous version, the cache information in the VCH is reverted. However, the deleted container VM cannot be reverted, so if you run docker ps, the deleted container VMs are listed.

  Workaround: Restart the VCH endpoint VM in the vSphere Client.

• docker diff does not fully work with all containers. #6059
  Running docker diff on certain containers, for example postgres, results in Error response from daemon: Server error from portlayer: Server error from portlayer: Server error from archive reader for device.

• docker info does not report secure registries. #6256
  Running docker info on a VCH reports any registries that you have whitelisted, but does not report secure registries that you specified with vic-machine create --registry-ca.

• Enabling content trust in Management Portal does not work if a VCH is in whitelist mode. #6258
  If you install a VCH with whiltelist mode enabled, attempting to a enable content trust on a vSphere Integrated Containers Registry in Management Portal does not update the whitelist, and you cannot pull from that registry.

• Occasional disconnection during vMotion. #4484
  If you are attached to a container VM that is migrated by vMotion, the SSH connection to the container VM might drop when vMotion completes.

  Workaround: Perform docker attach after the vMotion completes to reattach to the container.

• Using volume labels with docker-compose causes a plugin error. #4540
  Setting a label in a volume in the Docker compose YML file results in error looking up volume plugin : plugin not found.

  Workaround: Set the volume driver explicitly as local or vsphere in the compose file. E.g.,

  volumes:
    volume_with_label:
      driver: local
  

• vSphere Integrated Containers Management Portal cannot pull images from an insecure vSphere Integrated Containers instance when creating a container using vSphere Integrated Containers Engine. #4706
  Creating a container in vSphere Integrated Containers Management Portal with vSphere Integrated Containers Engine as the only Docker host results in the error certificate signed by unknown authority.

  Workarounds: Specify the vSphere Integrated Containers Registry port when you set the vic-machine create--insecure-registry option, or provide a CA certificate in the --registry-ca option.

• Image store is in the wrong directory if the datastore already has a directory with the same name. #3365
  If the datastore already has a directory with the same name as the VCH, and the directory does not have a VM, vic-machine creates the VCH correctly names the folder a slightly different name. Example, folder "test_1" with vch named "test". The kvstore is located in "test_1" folder correctly, but image files are still in the "test" directory.
• Deployment with static IP takes a long time. [#3436](https:/...

vSphere Integrated Containers Engine v1.5.3

What's in the Release Notes

• Download Binaries
• Installation and Upgrade
• Using vSphere Integrated Containers
• Changes
  • New Features
  • Enhancements
  • Resolved Issues
• Known Issues
• Open Source Components

Download Binaries

Official vSphere Integrated Containers release: http://www.vmware.com/go/download-vic

Open-source vSphere Integrated Containers Engine project: https://storage.googleapis.com/vic-engine-releases/vic_v1.5.3.tar.gz

Installation and Upgrade

• For instructions about how to deploy and upgrade the vSphere Integrated Containers appliance, see Deploy the vSphere Integrated Containers Appliance and Upgrade the vSphere Integrated Containers Appliance.
• For instructions about how to deploy and upgrade virtual container hosts, see Deploy Virtual Container Hosts and Upgrade Virtual Container Hosts.

Using vSphere Integrated Containers

For more details on using vSphere Integrated Containers see the end user documentation at https://vmware.github.io/vic-product/#documentation.

• Overview of vSphere Integrated Containers
• vSphere Integrated Containers for vSphere Administrators
• vSphere Integrated Containers Management Portal Administration
• Using vSphere Integrated Containers as a DevOps Administrator, Developer, or Viewer
• Developing Applications with vSphere Integrated Containers

Changes

New Features

vSphere Integrated Containers Engine 1.5.3 includes the following new features:

• Support for vCenter Server versions 6.7 up to and including 6.7 update 2. Read more.
• Support for NSX-T Data Center version 2.4. Read more.
• New option to reconfigure the appliance settings to change the TLS certificates after you have deployed it. Read more.
• Option to configure the path to an existing ca.pem file in the vic-machine configure command. Read more.
• Option to roll back the VCH configuration changes to the previous settings. Read more.
• The --registry-ca option of the the vic-machine configure command replaces certificates instead of just adding them. Read more.

Enhancements

vSphere Integrated Containers Engine 1.5.3 includes the bug fixes listed in Resolved Issues below.

Resolved Issues

The following issues that were documented as known issues in previous releases or reported by customers have been fixed in v1.5.3:

• Container displays label from another container. #8545
• DDNS update on container network. #8397
• registry-ca configure behaviour should replace instead of add. #8176
• Fixed " CVE-2018-15664: Docker".

Full list of changes from 1.5.2.

See also the resolved issues for each of the other vSphere Integrated Containers components:

• vSphere Integrated Containers Appliance
• vSphere Integrated Containers Registry
• vSphere Integrated Containers Management Portal
• vSphere Integrated Containers Plug-In for vSphere Client

Known Issues

vSphere Integrated Containers 1.5.3 has the same known issues as v1.5.2.

View all

• docker exec should use working directory of container image by default . #8166
  docker exec was updated to use the container image working directory as part of the shift to containerd. vSphere Integrated Containers does not yet implement the exec -w option, so does not behave consistently with Docker.

  Workaround: Use the same approach as was necessary before Docker changed the behavior:

  sh -c "cd /desired/dir && command-to-run

• Attempts to change operations user permissions with vic-machine configure do not roll back in the event of a failure. #7814
  Changes to the operations user that are made during a failed vic-machine configure operation persist even after a rollback.

  Workaround: In the vSphere Client, go to Administration -> Roles and delete every role that begins with vch. WARNING: Only perform this workaround if there are no other VCHs running in vCenter Server that are configured with an operations user, as this removes the roles for all VCHs that are running in that vCenter Server instance.

• Deleting multiple VCHs fails. #7020
  Deleting multiple VCHs at the same time fails with one of the following errors:

  • vic/pkg/trace.(*Operation).Err: vic-machine-linux error: context deadline exceeded.
  • ServerFaultCode: The method is disabled by 'VIC'

  Workaround: Try the delete operation again.

• vic-machine debug --rootpw option enables SSH. #6402
  If you specify the vic-machine debug --rootpw option without also specifying --enable-ssh, SSH access to the VCH is still enabled. This behavior is incorrect and will be fixed in a future release.

• Schema 2 image manifests not supported. #5187
  vSphere Integrated Containers Engine does not support pulling images that only have schema 2 image manifests. If an image registry offers only the schema 2 manifest for an image, pull operations fail. This is most commonly seen when pulling an image by digest.

• Container VMs deleted between upgrading and rolling back an upgrade on a VCH show up in docker ps. #5754
  If you upgrade a VCH, perform vic-machine delete on container VMs, then use vic-machine upgrade --rollback to revert the VCH to the previous version, the cache information in the VCH is reverted. However, the deleted container VM cannot be reverted, so if you run docker ps, the deleted container VMs are listed.

  Workaround: Restart the VCH endpoint VM in the vSphere Client.

• docker diff does not fully work with all containers. #6059
  Running docker diff on certain containers, for example postgres, results in Error response from daemon: Server error from portlayer: Server error from portlayer: Server error from archive reader for device.

• docker info does not report secure registries. #6256
  Running docker info on a VCH reports any registries that you have whitelisted, but does not report secure registries that you specified with vic-machine create --registry-ca.

• Enabling content trust in Management Portal does not work if a VCH is in whitelist mode. #6258
  If you install a VCH with whiltelist mode enabled, attempting to a enable content trust on a vSphere Integrated Containers Registry in Management Portal does not update the whitelist, and you cannot pull from that registry.

• Occasional disconnection during vMotion. #4484
  If you are attached to a container VM that is migrated by vMotion, the SSH connection to the container VM might drop when vMotion completes.

  Workaround: Perform docker attach after the vMotion completes to reattach to the container.

• Using vo...

vSphere Integrated Containers Engine v1.5.2

What's in the Release Notes

• Download Binaries
• Installation and Upgrade
• Using vSphere Integrated Containers
• Changes
  • New Features
  • Enhancements
  • Resolved Issues
• Known Issues
• Open Source Components

Download Binaries

• Official vSphere Integrated Containers release: http://www.vmware.com/go/download-vic
• Open-source vSphere Integrated Containers Engine project: https://storage.googleapis.com/vic-engine-releases/vic_v1.5.2.tar.gz

Installation and Upgrade

• For instructions about how to deploy and upgrade the vSphere Integrated Containers appliance, see Deploy the vSphere Integrated Containers Appliance and Upgrade the vSphere Integrated Containers Appliance.
• For instructions about how to deploy and upgrade virtual container hosts, see Deploy Virtual Container Hosts and Upgrade Virtual Container Hosts.

Using vSphere Integrated Containers

For more details on using vSphere Integrated Containers see the end user documentation at https://vmware.github.io/vic-product/#documentation.

• Overview of vSphere Integrated Containers
• vSphere Integrated Containers for vSphere Administrators
• vSphere Integrated Containers Management Portal Administration
• Using vSphere Integrated Containers as a DevOps Administrator, Developer, or Viewer
• Developing Applications with vSphere Integrated Containers

Changes

Full list of changes from 1.5.0.

New Features

vSphere Integrated Containers Engine 1.5.2 includes the following new features:

• New option to set subnet masks on user-defined bridge networks. Read more
• New option to limit the number of container VMs that a VCH can host. Read more

Enhancements

vSphere Integrated Containers Engine 1.5.2 includes the bug fixes listed in Resolved Issues below.

Resolved Issues

The following issues that were documented as known issues in previous releases or reported by customers have been fixed in v1.5.2:

• Containers time out while starting with the error context deadline exceeded. #4294
  When this occurs the container VM is not powered off but is left in the Starting state, and might not have a configured network interface. Also, docker-compose and other tools that perform operations based on container state might not handle starting correctly. In the case of docker-compose it does not stop the container before trying to remove it.

See also the resolved issues for each of the other vSphere Integrated Containers components:

• vSphere Integrated Containers Appliance
• vSphere Integrated Containers Registry
• vSphere Integrated Containers Management Portal
• vSphere Integrated Containers Plug-In for vSphere Client

Known Issues

With the exception of issues resolved above, v1.5.2 has the same known issues as v1.4.3.

View all

• docker exec should use working directory of container image by default . #8166
  docker exec was updated to use the container image working directory as part of the shift to containerd. vSphere Integrated Containers does not yet implement the exec -w option, so does not behave consistently with Docker.

  Workaround: Use the same approach as was necessary before Docker changed the behavior:

  sh -c "cd /desired/dir && command-to-run

• Attempts to change operations user permissions with vic-machine configure do not roll back in the event of a failure. #7814
  Changes to the operations user that are made during a failed vic-machine configure operation persist even after a rollback.

  Workaround: In the vSphere Client, go to Administration -> Roles and delete every role that begins with vch. WARNING: Only perform this workaround if there are no other VCHs running in vCenter Server that are configured with an operations user, as this removes the roles for all VCHs that are running in that vCenter Server instance.

• Deleting multiple VCHs fails. #7020
  Deleting multiple VCHs at the same time fails with one of the following errors:

  • vic/pkg/trace.(*Operation).Err: vic-machine-linux error: context deadline exceeded.
  • ServerFaultCode: The method is disabled by 'VIC'

  Workaround: Try the delete operation again.

• vic-machine debug --rootpw option enables SSH. #6402
  If you specify the vic-machine debug --rootpw option without also specifying --enable-ssh, SSH access to the VCH is still enabled. This behavior is incorrect and will be fixed in a future release.

• Schema 2 image manifests not supported. #5187
  vSphere Integrated Containers Engine does not support pulling images that only have schema 2 image manifests. If an image registry offers only the schema 2 manifest for an image, pull operations fail. This is most commonly seen when pulling an image by digest.

• Container VMs deleted between upgrading and rolling back an upgrade on a VCH show up in docker ps. #5754
  If you upgrade a VCH, perform vic-machine delete on container VMs, then use vic-machine upgrade --rollback to revert the VCH to the previous version, the cache information in the VCH is reverted. However, the deleted container VM cannot be reverted, so if you run docker ps, the deleted container VMs are listed.

  Workaround: Restart the VCH endpoint VM in the vSphere Client.

• docker diff does not fully work with all containers. #6059
  Running docker diff on certain containers, for example postgres, results in Error response from daemon: Server error from portlayer: Server error from portlayer: Server error from archive reader for device.

• docker info does not report secure registries. #6256
  Running docker info on a VCH reports any registries that you have whitelisted, but does not report secure registries that you specified with vic-machine create --registry-ca.

• Enabling content trust in Management Portal does not work if a VCH is in whitelist mode. #6258
  If you install a VCH with whiltelist mode enabled, attempting to a enable content trust on a vSphere Integrated Containers Registry in Management Portal does not update the whitelist, and you cannot pull from that registry.

• Occasional disconnection during vMotion. #4484
  If you are attached to a container VM that is migrated by vMotion, the SSH connection to the container VM might drop when vMotion completes.

  Workaround: Perform docker attach after the vMotion completes to reattach to the container.

• Using volume labels with docker-compose causes a plugin error. #4540
  Setting a label in a volume in the Docker compose YML file results in error looking up volume plugin : plugin not found.

  Workaround: Set the volume driver explicitly as local or vsphere in the compose file. E.g.,

  volumes:
    volume_with_label:
      driver: local
  

• vSphere Integrated Containers Management Portal cannot pull images from an insecure vSphere Integrated Containers instance when creating a container using vSphere Integrated Containers Engine. #4706
  Creating a container in vSphere Integrated Containers Management Portal with vSphere Integrated Containers Engine as the only Docker host results in the error certificate signed by unknown authority.

...

vSphere Integrated Containers Engine Version v1.5.0

What's in the Release Notes

• Download Binaries
• Installation and Upgrade
• Using vSphere Integrated Containers
• Changes
  • New Features
  • Enhancements
  • Resolved Issues
• Known Issues
• Open Source Components

Download Binaries

• Open-source vSphere Integrated Containers Engine project: https://storage.googleapis.com/vic-engine-releases/vic_v1.5.0.tar.gz

Installation and Upgrade

• For instructions about how to deploy and upgrade the vSphere Integrated Containers appliance, see Deploy the vSphere Integrated Containers Appliance and Upgrade the vSphere Integrated Containers Appliance.
• For instructions about how to deploy and upgrade virtual container hosts, see Deploy Virtual Container Hosts and Upgrade Virtual Container Hosts.

Using vSphere Integrated Containers

For more details on using vSphere Integrated Containers see the end user documentation at https://vmware.github.io/vic-product/#documentation.

• Overview of vSphere Integrated Containers
• vSphere Integrated Containers for vSphere Administrators
• vSphere Integrated Containers Management Portal Administration
• Using vSphere Integrated Containers as a DevOps Administrator, Developer, or Viewer
• Developing Applications with vSphere Integrated Containers

Changes

Full list of changes from 1.4.3.

New Features

vSphere Integrated Containers Engine 1.5.0 includes the following new features:

• Support for the use of NSX-T Data Center logical switches for all VCH networks. Read more.
• Support for the use of an alternative Linux kernel ISO from which to boot container VMs. Read more.
• Upgraded the OS of all vSphere Integrated Containers components to Photon OS 2.0. Read more.
• Addition of the --storage-quota option to vic-machine create and configure, to set a limit on the amount of storage that a VCH can consume. Read more.

Enhancements

vSphere Integrated Containers Engine 1.5.0 includes the following improvements:

• Added COMPOSE_TLS_VERSION in the env file that is generated during VCH deployment. Read more.
• Security and bug fixes listed in Resolved Issues below.

Resolved Issues

The following issues that were documented as known issues in previous releases or reported by customers have been fixed in v1.5.0:

• NFS volume stores do not support FQDN. #8043
  When using FQDN to identify NFS shares, it is not possible to set a DNS-Search-List. Container VMs fail to start, with the error docker: Error response from daemon: Server error from portlayer: unable to wait for process launch status: container VM has unexpectedly powered off.
• Gateway information is missing from docker inspect. #6010
  If you configured a container network on a VCH, if this network uses DHCP, and if you did not specify --container-network-gateway, the gateway is configured correctly but does not show up in the output of docker inspect commands that are run on containers on that network.

See also the resolved issues for each of the other vSphere Integrated Containers components:

• vSphere Integrated Containers Appliance
• vSphere Integrated Containers Registry
• vSphere Integrated Containers Management Portal
• vSphere Integrated Containers Plug-In for vSphere Client

Known Issues

With the exception of issues resolved above, v1.5.0 has the same known issues as v1.4.3.

View all

• docker exec should use working directory of container image by default . #8166
  docker exec was updated to use the container image working directory as part of the shift to containerd. vSphere Integrated Containers does not yet implement the exec -w option, so does not behave consistently with Docker.

  Workaround: Use the same approach as was necessary before Docker changed the behavior:

  sh -c "cd /desired/dir && command-to-run

• Attempts to change operations user permissions with vic-machine configure do not roll back in the event of a failure. #7814
  Changes to the operations user that are made during a failed vic-machine configure operation persist even after a rollback.

  Workaround: In the vSphere Client, go to Administration -> Roles and delete every role that begins with vch. WARNING: Only perform this workaround if there are no other VCHs running in vCenter Server that are configured with an operations user, as this removes the roles for all VCHs that are running in that vCenter Server instance.

• Containers time out while starting with the error context deadline exceeded. #4294
  When this occurs the container VM is not powered off but is left in the Starting state, and might not have a configured network interface. Also, docker-compose and other tools that perform operations based on container state might not handle starting correctly. In the case of docker-compose it does not stop the container before trying to remove it.

• Container start failure handled inconsistently. #4294

• Deleting multiple VCHs fails. #7020
  Deleting multiple VCHs at the same time fails with one of the following errors:

  • vic/pkg/trace.(*Operation).Err: vic-machine-linux error: context deadline exceeded.
  • ServerFaultCode: The method is disabled by 'VIC'

  Workaround: Try the delete operation again.

• vic-machine debug --rootpw option enables SSH. #6402
  If you specify the vic-machine debug --rootpw option without also specifying --enable-ssh, SSH access to the VCH is still enabled. This behavior is incorrect and will be fixed in a future release.

• Schema 2 image manifests not supported. #5187
  vSphere Integrated Containers Engine does not support pulling images that only have schema 2 image manifests. If an image registry offers only the schema 2 manifest for an image, pull operations fail. This is most commonly seen when pulling an image by digest.

• Container VMs deleted between upgrading and rolling back an upgrade on a VCH show up in docker ps. #5754
  If you upgrade a VCH, perform vic-machine delete on container VMs, then use vic-machine upgrade --rollback to revert the VCH to the previous version, the cache information in the VCH is reverted. However, the deleted container VM cannot be reverted, so if you run docker ps, the deleted container VMs are listed.

  Workaround: Restart the VCH endpoint VM in the vSphere Client.

• docker diff does not fully work with all containers. #6059
  Running docker diff on certain containers, for example postgres, results in Error response from daemon: Server error from portlayer: Server error from portlayer: Server error from archive reader for device.

• docker info does not report secure registries. #6256
  Running docker info on a VCH reports any registries that you have whitelisted, but does not report secure registries that you specified with vic-machine create --registry-ca.

• Enabling content trust in Management Portal doe...

vSphere Integrated Containers Engine Version v1.4.3

What's in the Release Notes

• Download Binaries
• Installation and Upgrade
• Using vSphere Integrated Containers
• Changes
  • New Features
  • Enhancements
  • Resolved Issues
• Known Issues
• Open Source Components

Download Binaries

• Official vSphere Integrated Containers release: http://www.vmware.com/go/download-vic
• Open-source vSphere Integrated Containers Engine project: https://storage.googleapis.com/vic-engine-releases/vic_v1.4.3.tar.gz

Installation and Upgrade

• For instructions about how to deploy and upgrade the vSphere Integrated Containers appliance, see Deploy the vSphere Integrated Containers Appliance and Upgrade the vSphere Integrated Containers Appliance.
• For instructions about how to deploy and upgrade virtual container hosts, see Deploy Virtual Container Hosts and Upgrade Virtual Container Hosts.

Using vSphere Integrated Containers

For more details on using vSphere Integrated Containers see the end user documentation at https://vmware.github.io/vic-product/#documentation.

• Overview of vSphere Integrated Containers
• vSphere Integrated Containers for vSphere Administrators
• vSphere Integrated Containers Management Portal Administration
• Using vSphere Integrated Containers as a DevOps Administrator, Developer, or Viewer
• Developing Applications with vSphere Integrated Containers

Changes

Full list of changes from 1.4.1.

New Features

vSphere Integrated Containers Engine 1.4.3 includes the following new features:

• Added vic-machine create --no-proxy option to skip proxying for certain URLs or domains. Read more.
• Added shell auto-complete function to vic-machine. Read more.

Enhancements

vSphere Integrated Containers Engine 1.4.3 includes the following improvements:

• Added VM ID to the output of vic-machine create and inspect. Read more.
• Removed UI packages from vSphere Integrated Containers Engine bundle. Read more.
• Bug fixes listed in Resolved Issues below.

Resolved Issues

The following issues that were documented as known issues in previous releases or reported by customers have been fixed in v1.4.3:

• Create Virtual Container Host wizard plugin throws a parsing error when you specify only the gateway for the management or client networks. #7602
  When you provide a gateway for the management or client network, it is mandatory to provide at least one routing destination. The Create Virtual Container Host wizard does not conform to this behavior and has two separate fields for the Gateway and Routing destinations. If you do not fill in both the fields correctly, the wizard reports a parsing error.
• Adding folder options to vic-machine is not yet implemented. #773
• mssql container fails to start. #8141
  When you run the mssql container in a VCH, the container VM fails to start, with the error This program has encountered a fatal error and cannot continue running.
• 'docker kill' has different behavior in versions 1.4.0 and 1.2.1. #8152
  vSphere Integrated Containers Engine now behaves like the Docker server when dealing with kill and stop commands. When a kill command is sent to a container, only the top process receives the signal. When a stop command is sent to a container the stop signal is sent to the top process, and after 10 seconds a SIGKILL signal is sent to all the member of the process group.
• VCH endpoint VM becomes unresponsive after several hours. #7680
  VCH endpoint VMs would become unresponsive with the following errors showing in the logs.

  Linux systemd[1]: vic-init.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
  Linux systemd[1]: vic-init.service: Unit entered failed state.
  Linux systemd[1]: vic-init.service: Failed with result 'exit-code'.

  This was due to a DHCP lease failure on the management network, after 64 contiguous failures to renew a DHCP lease.
• --https-proxy option does not permit HTTP traffic. #6767
  If you have a proxy that only listens on HTTP port 8080, but is capable of proxying both HTTP and HTTPS traffic, attempts to configure that proxy for both --http-proxy and --https-proxy fail with the error Could not parse HTTPS proxy - expected format https://fqnd_or_ip:port: http://proxy.gsoa.ddau:8080.
• Concurrent docker exec on the same container causes conflict errors. #8180, #7410
  Concurrent dispatch of docker exec returns conflict errors. These errors are expected when multiple operations attempt to modify a containerVM at once; at least one should succeed, with the group as a whole making progress until all are cleanly dispatched. A combination of low level behaviours prevent that consistent progress from occurring. This was mitigated in #7410 in 1.4.1, and is fully fixed in #8180.
• Updated Photon OS kernel packages. #8211
  Updated PhotonOS kernel packages to address
  https://www.vmware.com/security/advisories/VMSA-2018-0021.htm.
• Concurrent container auto remove orphans containers on vSphere. #6342
  Running concurrent containers with docker run -d --rm does not remove all container VMs after the run. Additionally, containers can be orphaned on vSphere, meaning that they are removed from the Docker persona, but the container VM remains in the vCenter Server inventory.
• docker pull on Docker store fails. #8138This regression was caused by the implementation of content trust and is now fixed.

See also the resolved issues for each of the other vSphere Integrated Containers components:

• vSphere Integrated Containers Appliance
• vSphere Integrated Containers Registry
• vSphere Integrated Containers Management Portal
• vSphere Integrated Containers Plug-In for vSphere Client

Known Issues

With the exception of issues resolved above, and the new known issues below, v1.4.3 has the same known issues as v1.4.1.

• NFS volume stores do not support FQDN. #8043
  When using FQDN to identify NFS shares, it is not possible to set a DNS-Search-List. Container VMs fail to start, with the error docker: Error response from daemon: Server error from portlayer: unable to wait for process launch status: container VM has unexpectedly powered off.

  Workaround: Always use IP addresses for NFS shares.

• docker exec should use working directory of container image by default . #8166
  docker exec was updated to use the container image working directory as part of the shift to containerd. vSphere Integrated Containers does not yet implement the exec -w option, so does not behave consistently with Docker.

  Workaround: Use the same approach as was necessary before Docker changed the behavior:

  sh -c "cd /desired/dir && command-to-run

View all

• Attempts to change operations user permissions with vic-machine configure do not roll back in the event of a failure. #7814
  ...

vSphere Integrated Containers Engine Version v1.4.3-rc1

Download Binaries

• Official vSphere Integrated Containers release: http://www.vmware.com/go/download-vic
• Open-source vSphere Integrated Containers Engine project: https://storage.googleapis.com/vic-engine-releases/vic_v1.4.3-rc1.tar.gz