vSphere Integrated Containers Engine Version v0.8.0-rc3

Changes from v0.7.0 v0.7.0...v0.8.0-rc3

This release is primarily addressing quality and security issues.

Features:

• Security Enhancements and improved Harbor interop
  • HTTP and HTTPS proxies for fetching images
  • custom CA cert bundle for validating registries
  • allow for VCH operations user instead of deployment credentials
  • vic-admin server supports pass-through authentication using vSphere credentials
• Improved detection of vSphere issues during deployment of the Virtual Container Host (VCH)

Of note:
If a container is started and subsequently attached to, only output generated by the container after the attach completes will be seen - docker logs can be used to obtain the entire output over the life of the container.

If an attach is done prior to start, e.g. run -it or start -ai, we delay launching the container process until the attach has completed as we infer from the operation ordering a desire to receive all output from process launch onward.

Attaching to a containerVM inhibits that VM from vMotioning, detaching removes that inhibition:

• to launch a container without attaching, use start or run -d
• to detach from a TTY enabled container, using Ctrl-P Ctrl-Q
• to detach from a non-TTY enabled container, kill the docker client via a different terminal
• issues still exist with container logs when vMotioning containers

Resolved Issues

• Virtual container host does not work if management interface is not Layer 2 adjacent to vSphere management endpoints. #3081
• Setting a static IP address on the virtual container host without specifying --dns-server defaults to the specified gateway. #3060
• A single image cannot currently contain multiple tags. #1638
• rmi on VSAN fails with error "Cannot delete file" #2384
  
• Inconsistent license check reporting between vic-machine and vic-admin #2305
  
• vic-machine does not support secure test registries. #2103
  
• Allowing and configuring insecure registries is not supported. #1486
  

Known Issues

• Firewall status delayed on vCenter Server. #3139
  If you update the firewall rules on an ESXi host to allow access from specific IP addresses, and if that host is managed by vCenter Server, there might be a delay before vCenter Server takes the updated firewall rule into account. In this case, vCenter Server continues to use the old configuration for an indeterminate amount of time after you have made the update. vic-machine create can successfully deploy a VCH with an address that you have blocked, or else fail when you deploy a VCH with an address that you have permitted.

  Workaround: Wait a few minutes and run vic-machine create again.

• Piping information into busybox fails. #3017
  If you attempt to pipe information into busybox, for example by running echo test | docker run -i busybox cat, the operation fails with the following error:

  Error response from daemon: Server error from portlayer: 
  ContainerWaitHandler(container_id) 
  Error: context deadline exceeded
  

• Deleting a VCH from an ESXi host does not remove the bridge network if it was created with a custom name. #3193
  If you deploy a VCH to an ESXi host and use the --bridge-network option to create a bridge network with a custom name, vic-machine delete does not remove the bridge network if you delete the VCH.

  Workaround: Manually delete the bridge network from the ESXi host.

• Running docker ps -aq reports containers that have been removed. #3196
  Listing containers by running docker ps -aq can include containers that have been removed. Attempting to perform an operation on a container that was included in the output of docker ps -aq, for example docker rm -f, results in the error Error response from daemon: No such container.

  Workaround: Run docker rm -f again.

• VCH Admin shows network failure when virtual container host uses a proxy. #3213
  If a virtual container host is configured to use a proxy, the VCH Admin status page shows a network failure even if connectivity through the proxy is working.

• vic-machine delete does not recognize virtual container hosts that were not fully created. #2981
  vic-machine delete fails when you run it on a virtual container host that was not fully created.

  Workaround: Manually delete any components of a partial installation, for example, the virtual container host vApp, the endpoint VM, and datastore folders.

• Incorrect gateway example in --container-network-gateway help 1741
  
  The help text for vic-machine's option --container-network-gateway value, --cng incorrectly gives the example of a network range instead of the actual gateway address. A more proper example is e.g. vsphere-net:172.16.1.1/16. In additon, please note that we will be removing the CIDR specification from the gateway configuration in a future release.

• Container fails to shut down with Error response from daemon: server error from portlayer : [DELETE /containers/{id}][500] containerRemoveInternalServerError. #1823
  
  Workaround: Developers: run docker create again. Administrators: Un-register and re-register the VM in the vSphere UI.

• Mounting directories as a data volume using the -v option is not supported. #2303
  

• When you pull a large sized image from Harbor into a virtual container host, you get an error that the /tmp partition reached capacity. #2595
  
  docker: Failed to fetch image blob: weblogic/test_domain/sha256:3bf21a5a3fdf6586732efc8c64581ae1b4c75e342b210c1b6f799a64bffd7924 returned download failed: write /tmp/3bf21a5a3fdf346188145: no space left on device.
  
  Workaround: Deploy the virtual container host with --appliance-memory=4096 which increases the appliance memory configuration.

• Installing the virtual container host using a short hostname fails. #2582
  Workaround:

  • The IP address that you provide to vic-machine create target must be reachable on the management network.
  • If you use a DNS name instead of an IP address, the virtual container host endpoint VM must be able to resolve the name using the DNS server that is configured either by DHCP or by the vic-machine create --dns-server option. There is no default search domain, so use the FQDN.

• Pulling all tagged images in a repository is not supported. #2724
  
  vSphere Integrated Containers only attempts to pull the latest tagged images.

• Misleading error message appears when you run out of memory on ESXi. #2840
  

• vSphere Integrated Containers fails to delete the vApp that remains after a virtual container host creation fails. #2853
  

• The docker personality is currently tied to API 1.23, which corresponds to CLI 1.11. #2368
  
• Virtual Container Host is unresponsive in a cluster with DRS and HA enabled. #2298
  
  DRS and HA are not supported in this release.
• Container VM fails to start on VIC backed by a VVOL datastore. #2242
  
  VVOL datastores are not supported in this release.
• Attaching the same container from multiple terminals causes problems. #2214
  
• vic-machine create prompts you for a password without allowing time to enter it and the VCH deployment fails with an incorrect username and password error. #2152
  
• --net=none is not supported. #2108
  
• VCH restarts if required process cannot be restarted. #2099
  
  The system attempts to restart a finite number of times, then reports an error, leaving the VCH up and running to download logs. Instead, VCH immediately reboots.
• vic-machine incorrectly assumes conf.ImageStores[0] is the appliance datastore. #1884
  
• When some of the hosts in the cluster are not attached to the dVS and do not have access to the bridge network, the error message is not easily readable. #1647
  
• Image manifest validation for pulled images is not supported. #1331
  
• Setting up overlay networks is not supported. #1222
  
  Error response from daemon: scope type not supported
• vic-machine can connect to the target but the VCH appliance cannot. #1160
  
  The VCH cannot get an IP address on the man...

vSphere Integrated Containers Engine Version v0.8.0-rc2

Changes from v0.7.0 v0.7.0...v0.8.0-rc2

This release is primarily addressing functional and usability issues.

Features:

• To be updated

Of note:
Do we want to keep this?
If a container is started and subsequently attached to, only output generated by the container after the attach completes will be seen - docker logs can be used to obtain the entire output over the life of the container.

If an attach is done prior to start, e.g. run -it or start -ai, we delay launching the container process until the attach has completed as we infer from the operation ordering a desire to receive all output from process launch onward.

Attaching to a containerVM inhibits that VM from vMotioning, detaching removes that inhibition:

• to launch a container without attaching, use start or run -d
• to detach from a TTY enabled container, using Ctrl-P Ctrl-Q
• to detach from a non-TTY enabled container, kill the docker client via a different terminal
• issues still exist with container logs when vMotioning containers

Resolved Issues

• Virtual container host does not work if management interface is not Layer 2 adjacent to vSphere management endpoints. #3081
• Setting a static IP address on the virtual container host without specifying --dns-server defaults to the specified gateway. #3060
• A single image cannot currently contain multiple tags. #1638
• rmi on VSAN fails with error "Cannot delete file" #2384
  
• Inconsistent license check reporting between vic-machine and vic-admin #2305
  
• vic-machine does not support secure test registries. #2103
  
• Allowing and configuring insecure registries is not supported. #1486
  

Known Issues

• Firewall status delayed on vCenter Server. #3139
  If you update the firewall rules on an ESXi host to allow access from specific IP addresses, and if that host is managed by vCenter Server, there might be a delay before vCenter Server takes the updated firewall rule into account. In this case, vCenter Server continues to use the old configuration for an indeterminate amount of time after you have made the update. vic-machine create can successfully deploy a VCH with an address that you have blocked, or else fail when you deploy a VCH with an address that you have permitted.

  Workaround: Wait a few minutes and run vic-machine create again.

• Piping information into busybox fails. #3017
  If you attempt to pipe information into busybox, for example by running echo test | docker run -i busybox cat, the operation fails with the following error:

  Error response from daemon: Server error from portlayer: 
  ContainerWaitHandler(container_id) 
  Error: context deadline exceeded
  

• Deleting a VCH from an ESXi host does not remove the bridge network if it was created with a custom name. #3193
  If you deploy a VCH to an ESXi host and use the --bridge-network option to create a bridge network with a custom name, vic-machine delete does not remove the bridge network if you delete the VCH.

  Workaround: Manually delete the bridge network from the ESXi host.

• Running docker ps -aq reports containers that have been removed. #3196
  Listing containers by running docker ps -aq can include containers that have been removed. Attempting to perform an operation on a container that was included in the output of docker ps -aq, for example docker rm -f, results in the error Error response from daemon: No such container.

  Workaround: Run docker rm -f again.

• VCH Admin shows network failure when virtual container host uses a proxy. #3213
  If a virtual container host is configured to use a proxy, the VCH Admin status page shows a network failure even if connectivity through the proxy is working.

• vic-machine delete does not recognize virtual container hosts that were not fully created. #2981
  vic-machine delete fails when you run it on a virtual container host that was not fully created.

  Workaround: Manually delete any components of a partial installation, for example, the virtual container host vApp, the endpoint VM, and datastore folders.

• Incorrect gateway example in --container-network-gateway help 1741
  
  The help text for vic-machine's option --container-network-gateway value, --cng incorrectly gives the example of a network range instead of the actual gateway address. A more proper example is e.g. vsphere-net:172.16.1.1/16. In additon, please note that we will be removing the CIDR specification from the gateway configuration in a future release.

• Container fails to shut down with Error response from daemon: server error from portlayer : [DELETE /containers/{id}][500] containerRemoveInternalServerError. #1823
  
  Workaround: Developers: run docker create again. Administrators: Un-register and re-register the VM in the vSphere UI.

• Mounting directories as a data volume using the -v option is not supported. #2303
  

• When you pull a large sized image from Harbor into a virtual container host, you get an error that the /tmp partition reached capacity. #2595
  
  docker: Failed to fetch image blob: weblogic/test_domain/sha256:3bf21a5a3fdf6586732efc8c64581ae1b4c75e342b210c1b6f799a64bffd7924 returned download failed: write /tmp/3bf21a5a3fdf346188145: no space left on device.
  
  Workaround: Deploy the virtual container host with --appliance-memory=4096 which increases the appliance memory configuration.

• Installing the virtual container host using a short hostname fails. #2582
  Workaround:

  • The IP address that you provide to vic-machine create target must be reachable on the management network.
  • If you use a DNS name instead of an IP address, the virtual container host endpoint VM must be able to resolve the name using the DNS server that is configured either by DHCP or by the vic-machine create --dns-server option. There is no default search domain, so use the FQDN.

• Pulling all tagged images in a repository is not supported. #2724
  
  vSphere Integrated Containers only attempts to pull the latest tagged images.

• Misleading error message appears when you run out of memory on ESXi. #2840
  

• vSphere Integrated Containers fails to delete the vApp that remains after a virtual container host creation fails. #2853
  

• The docker personality is currently tied to API 1.23, which corresponds to CLI 1.11. #2368
  
• Virtual Container Host is unresponsive in a cluster with DRS and HA enabled. #2298
  
  DRS and HA are not supported in this release.
• Container VM fails to start on VIC backed by a VVOL datastore. #2242
  
  VVOL datastores are not supported in this release.
• Attaching the same container from multiple terminals causes problems. #2214
  
• vic-machine create prompts you for a password without allowing time to enter it and the VCH deployment fails with an incorrect username and password error. #2152
  
• --net=none is not supported. #2108
  
• VCH restarts if required process cannot be restarted. #2099
  
  The system attempts to restart a finite number of times, then reports an error, leaving the VCH up and running to download logs. Instead, VCH immediately reboots.
• vic-machine incorrectly assumes conf.ImageStores[0] is the appliance datastore. #1884
  
• When some of the hosts in the cluster are not attached to the dVS and do not have access to the bridge network, the error message is not easily readable. #1647
  
• Image manifest validation for pulled images is not supported. #1331
  
• Setting up overlay networks is not supported. #1222
  
  Error response from daemon: scope type not supported
• vic-machine can connect to the target but the VCH appliance cannot. #1160
  
  The VCH cannot get an IP address on the management network or does not have a route to the specified target.
• Adding folder options to vic-machine is not yet implemented. #773
  
• Adding mapped vSphere networks to running containers is not yet implemented. #745
  
• Adding bridge net...

vSphere Integrated Containers Engine Version v0.8.0-rc1

Changes from v0.7.0 v0.7.0...v0.8.0-rc1

Download Binaries

https://storage.googleapis.com/vic-engine-releases/vic_0.8.0-rc1.tar.gz

Installation

vic-machine reports this as version v0.7.0-7145

needs updating

For instructions about how to deploy a vSphere Integrated Containers Engine v0.8.0 virtual container host, see vSphere Integrated Containers Engine Installation HTML | PDF | Source.

Using vSphere Integrated Containers Engine

needs updating

For more details on using vSphere Integrated Containers Engine v0.8.0 see the general usage doc in Github, or the current drafts of the end user documentation on https://vmware.github.io/vic:

• vSphere Integrated Containers Engine Installation HTML | PDF | Source.
• vSphere Integrated Containers Engine for vSphere Administrators HTML | PDF | Source
• Developing Container Applications with vSphere Integrated Containers Engine HTML | PDF | Source

Open Source Components

The copyright statements and licenses applicable to the open source software components distributed in vSphere Integrated Containers Engine are available in the LICENSE file.

vSphere Integrated Containers Engine Version v0.7.0

Changes from v0.6.0 v0.6.0...v0.7.0

This release is primarily addressing functional and usability issues.

Features:

• support for static IP addresses for the API endpoint
• proxy support for pulling images
• client authentication via TLS certificates - also secures the vicadmin server via client certificate
• initial support for restart/upgrade of the endpoint VM
• specify container cpu and memory during creation

Of note:
If a container is started and subsequently attached to, only output generated by the container after the attach completes will be seen - docker logs can be used to obtain the entire output over the life of the container.

If an attach is done prior to start, e.g. run -it or start -ai, we delay launching the container process until the attach has completed as we infer from the operation ordering a desire to receive all output from process launch onward.

Attaching to a containerVM inhibits that VM from vMotioning, detaching removes that inhibition:

• to launch a container without attaching, use start or run -d
• to detach from a TTY enabled container, using Ctrl-P Ctrl-Q
• to detach from a non-TTY enabled container, kill the docker client via a different terminal
• issues still exist with container logs when vMotioning containers

Resolved Issues

• VIC Engine UI is not functioning [#2410]
  
• Virtual machine does not shut down as expected. #2393
  
• Property collector error: context deadline exceeded on container start #2372
  
• Docker inspect and docker list and other functions do not include an exit time for containers in this release. #2366
  
• Short lived containers might get into a state where docker rm does not remove the container.#2344
  
• Docker inspect container does not get the container IP address. #2328
  
• Container start fails to start a container with error. #2327
  
• Containers fail to connect to each other using exposed ports in a network. #2295
  
• Container names not resolved in a bridge network. #2294
  
• Unable to wait for process launch status #1878
  
• docker info does not show set limits on CPU and memory values. #1838
  
• docker ps does not show ports #1701
  
• Restarting a stopped container from attach fails with "already bound" #1086
  
• CPU and Memory in info do not reflect resource pool limits. #861
  

Known Issues

• VCH Admin shows network failure when virtual container host uses a proxy. #3213
  If a virtual container host is configured to use a proxy, the VCH Admin status page shows a network failure even if connectivity through the proxy is working.

• Virtual container host does not work if management interface is not Layer 2 adjacent to vSphere management endpoints. #3081
  In vSphere Integrated Containers 0.7.0 one of the interfaces and gateways that you configure on the networks is selected randomly to serve as the default route on the virtual container host. However, the external interface should have the default route. As a consequence, if the external interface gateway is selected as the default route, all vSphere management traffic that is not L2 adjacent to the management interface of the virtual container host is routed out of the external interface. In all reasonable security configurations, this traffic will not reach the target.

  Workaround:

  1. Use vic-machine debug to enable SSH access to the virtual container host.
  2. Login to the VCH via SSH
  3. Ensure the default route is on the external interface.
  4. Add routes to the management network as required.

  # ip addr
  <list of interfaces>
  # route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.1.254 dev eth1 
  

  • Replace eth1 with the interface that has the management IP in the address list returned by the ip addr command.
  • Replace 192.168.2.0 with the network address of the network to route over the management gateway.
  • Replace 255.255.255.0 with the netmask for the network to route over the management gateway.
  • Replace 192.168.1.254 with the IP address of the management gateway.

• vic-machine delete does not recognize virtual container hosts that were not fully created. #2981
  vic-machine delete fails when you run it on a virtual container host that was not fully created.

  Workaround: Manually delete any components of a partial installation, for example, the virtual container host vApp, the endpoint VM, and datastore folders.

• Setting a static IP address on the virtual container host without specifying --dns-server defaults to the specified gateway. #3060
  
  The DNS server should default to 8.8.8.8 and 8.8.4.4 if --dns-server if it is not specified.

  Workaround: When setting a fixed IP address use --dns-server 8.8.8.8 and --dns-server 8.8.4.4 to set the DNS server explicitly.

• A single image cannot currently contain multiple tags. #1638
  
  You cannot tag the same image with multiple repositories.

• Incorrect gateway example in --container-network-gateway help 1741
  
  The help text for vic-machine's option --container-network-gateway value, --cng incorrectly gives the example of a network range instead of the actual gateway address. A more proper example is e.g. vsphere-net:172.16.1.1/16. In additon, please note that we will be removing the CIDR specification from the gateway configuration in a future release.

• Container fails to shut down with Error response from daemon: server error from portlayer : [DELETE /containers/{id}][500] containerRemoveInternalServerError. #1823
  
  Workaround: Developers: run docker create again. Administrators: Un-register and re-register the VM in the vSphere UI.

• Mounting directories as a data volume using the -v option is not supported. #2303
  

• When you pull a large sized image from Harbor into a virtual container host, you get an error that the /tmp partition reached capacity. #2595
  
  docker: Failed to fetch image blob: weblogic/test_domain/sha256:3bf21a5a3fdf6586732efc8c64581ae1b4c75e342b210c1b6f799a64bffd7924 returned download failed: write /tmp/3bf21a5a3fdf346188145: no space left on device.
  
  Workaround: Deploy the virtual container host with --appliance-memory=4096 which increases the appliance memory configuration.

• Installing the virtual container host using a short hostname fails. #2582
  Workaround:

  • The IP address that you provide to vic-machine create target must be reachable on the management network.
  • If you use a DNS name instead of an IP address, the virtual container host endpoint VM must be able to resolve the name using the DNS server that is configured either by DHCP or by the vic-machine create --dns-server option. There is no default search domain, so use the FQDN.

• Pulling all tagged images in a repository is not supported. #2724
  
  vSphere Integrated Containers only attempts to pull the latest tagged images.

• Misleading error message appears when you run out of memory on ESXi. #2840
  

• vSphere Integrated Containers fails to delete the vApp that remains after a virtual container host creation fails. #2853
  

• rmi on VSAN fails with error "Cannot delete file" #2384
  
• The docker personality is currently tied to API 1.23, which corresponds to CLI 1.11. #2368
  
• Inconsistent license check reporting between vic-machine and vic-admin #2305
  
• Virtual Container Host is unresponsive in a cluster with DRS and HA enabled. #2298
  
  DRS and HA are not supported in this release.
• Container VM fails to start on VIC backed by a VVOL datastore. #2242
  
  VVOL datastores are not supported in this release.
• Attaching the same container from multiple terminals causes problems. #2214
  
• vic-machine create prompts you for a password without allowing time to enter it and the VCH deployment fails with an incorrect username and password error. #2152
  
• --net=none is not supported. #2108
  
• VCH restarts if required process cannot be restarted. #2099
  
  The system attempts to r...

vSphere Integrated Containers Engine Version v0.6.0

Changes from v0.5.5 v0.5.5...v0.6.0

This release is primarily addressing functional and usability issues.

Features:

• docker logs --follow
• docker wait

Resolved Issues

The following issues found in vSphere Integrated Containers Engine 0.5.5 have been resolved in 0.6.0:

• volume create throws createVolumeInternalServerError #1974
  The following error occurs when the "default" volume store location cannot be found by the backend. This can occur if the specified datastore isn't accessible from the cluster specified during deployment via the compute-resource argument.
• vic-machine delete leaves container remnants #1787
  
  Some container remnants are tagged as invalid, indicating that the corresponding datastore files have been deleted. Resource pools are also deleted before the container VM is deleted.
• containerRemoveInternalServerError #1823

  [DELETE /containers/{id}][500] containerRemoveInternalServerError`

• Context deadline exceeded #1822
• After restarting a container manually and running docker ps, a port layer error occurs #1767
  
• When pulling from a private registry, the registry prefix is missing from the tag #1638
  
• Specifying docker volume create with a bad driver succeeds #1564
  
  Instead of showing an error that the driver is not found, a fake driver is created.
• vSphere Integrated Containers Engine does not support creation of volumes with auto-generated names #1560
  
  You see the error Server error from Portlayer: Name in body is required
• vic-machine create fails when using a slow connection #1557
  
  The timeout option is set to 3 minutes by default.
  
• A container that is not fully started cannot be stopped #1541
  
  A mapped network that does not have DHCP results in containers not starting cleanly because the network configuration could not be applied. The container process is not launched and cannot be stopped even though docker ps shows that it is running.
• Datastore is not cleaned after removing a stopped container #1313
  
• Force remove of a container fails #1312
  
  When you try to force remove a container with docker ${params} rm -f ${container}, you get an error daemon: server error from portlayer.
• Do not use docker run -it and docker start -ai for short-lived commands. #1429
  For example, do not use docker run -it busybox /bin/ls.
  docker run does not currently delay the start of a command until attach has completed, resulting in Docker missing early output or the command exiting prior to attach. In the latter case this may block Docker until a timeout occurs due to docker attach semantics.

Known Issues

• VIC Engine UI is not functioning [#2410]
  
• Cannot use vic-machine from 0.6.0 on VCHs created by an older version.
  
  Due to an implementation change in 0.6.0, you cannot use the vic-machine delete, inspect, or ls commands from version 0.6.0 onwards on VCHs that you created with an older version of vic-machine. If you use vic-machine delete, inspect, or ls, you will get an an error stating that the VM is not a VCH.
  
  Workaround: To delete a VCH that was created by an older version of vic-machine, manually power off and delete the VCH endpoint VM and its resource pool. Manually delete the image store and any volume store folders from the datastores.
• Virtual machine does not shut down as expected. #2393
  
  In some cases, powering down the VM from vSphere can cause the container to panic. Perform a VM detach and force delete through the vSphere interface.
• rmi on VSAN fails with error "Cannot delete file" #2384
  
• Property collector error: context deadline exceeded on container start #2372
  
  When attempting to start a container, it might fail with context deadline exceeded especially on a loaded system. Wait until the system is less loaded and retry.
• The docker personality is currently tied to API 1.23, which corresponds to CLI 1.11. #2368
  
• Docker inspect and docker list and other functions do not include an exit time for containers in this release. #2366
  
• Short lived containers might get into a state where docker rm does not remove the container.#2344
  
  Workaround: Attempt to detach and destroy the container VM through the vSphere UI.
• Docker inspect container does not get the container IP address. #2328
  
• Container start fails to start a container with error. #2327
  
  failed to apply network endpoint config: unable to acquire reference to link 192: more than one eth.
  This error results in a failure to start a container.
  Workaround: wait until the system is less loaded and try again.
• Inconsistent license check reporting between vic-machine and vic-admin #2305
  
• Virtual Container Host is unresponsive in a cluster with DRS and HA enabled. #2298
  
  DRS and HA are not supported in this release.
• Containers fail to connect to each other using exposed ports in a network. #2295
  
• Container names not resolved in a bridge network. #2294
  
  Pinging containers in a bridge network fails.
• Container VM fails to start on VIC backed by a VVOL datastore. #2242
  
  VVOL datastores are not supported in this release.
• Attaching the same container from multiple terminals causes problems. #2214
  
• vic-machine create prompts you for a password without allowing time to enter it and the VCH deployment fails with an incorrect username and password error. #2152
  
• --net=none is not supported. #2108
  
• VCH restarts if required process cannot be restarted. #2099
  
  The system attempts to restart a finite number of times, then reports an error, leaving the VCH up and running to download logs. Instead, VCH immediately reboots.
• vic-machine does not support secure test registries. #2103
  
• vic-machine incorrectly assumes conf.ImageStores[0] is the appliance datastore. #1884
  
• docker info does not show set limits on CPU and memory values. #1838
  
• When some of the hosts in the cluster are not attached to the dVS and do not have access to the bridge network, the error message is not easily readable. #1647
  
• Allowing and configuring insecure registries is not supported. #1486
  
• Image manifest validation for pulled images is not supported. #1331
  
• Setting up overlay networks is not supported. #1222
  
  Error response from daemon: scope type not supported
• vic-machine can connect to the target but the VCH appliance cannot. #1160
  
  The VCH cannot get an IP address on the management network or does not have a route to the specified target.
• Adding folder options to vic-machine is not yet implemented. #773
  
• Adding mapped vSphere networks to running containers is not yet implemented. #745
  
• Adding bridge networks to running containers is not yet implemented. #743
  
• Mapping an existing vSphere level network into the Docker network to explicitly provide a container with a route not through the VCH appliance is not yet implemented. #441
  

• Unable to wait for process launch status #1878

  unable to wait for process launch status:
  
  Post https://192.168.31.13/sdk: EOF

• volume ls ignores filters #1718
  
• docker ps does not show ports #1701
  
• docker run busybox behaves incorr...

vSphere Integrated Containers Engine Version v0.5.5

Changes from v0.5.0 v0.5.0...v0.5.5

This release is primarily addressing functional and usability issues.

Features:

• Adds registry login support

Resolved Issues

The following issues found in vSphere Integrated Containers Engine 0.5 have been resolved in 0.5.5:

• The container-network-gateway/dns/ip-range options allow either a distributed port group name or a network name #1602
  
  When you specify --container-network-gateway/dns/ip-range, vic-machine create allows you to specify either the distributed port group name or the descriptive network name that you specify in --container-network. If you use the descriptive network name, deployment succeeds and containers appear to be using the correct network, but creating a container that uses that network results in errors. Only the distributed port group name works correctly. This has been fixed.
• Miscellaneous errors:
  • unable to wait for process launch status: Post https://192.168.31.13/sdk: EOF #1878, #1870 This has been fixed.
  • Failed to ping portlayer: Get http://127.0.0.1:8080/_ping: dial tcp 127.0.0.1:8080: getsockopt: connection refused #1109 This has been fixed.
• When creating a virtual container host, the container network DNS and gateway are not populated #1715
  This has been fixed.
• vic-machine create fails when using a slow connection #1557
  
  This has been fixed.
• docker network ls --no-trunc returns 32 characters instead of 64 #1225
  This has been fixed.
• Deleting of a virtual container host deletes pre-existing files and folders #1210
  
  When deleting a virtual container host by using vic-machine delete, all files and folders in the volume store paths that you specified during creation are deleted, even if they existed prior to the creation of the virtual container host. This has been fixed.
• Pulling a nonexistent image produces incorrect output #757
  
  When you try to pull a nonexistent image, you get the error daemon: exit status 1. The error should be Not found or Not Authorized. This has been fixed.
• Do not use docker run -it and docker start -ai for short-lived commands. #1429
  For example, do not use docker run -it busybox /bin/ls.
  docker run does not currently delay the start of a command until attach has completed, resulting in Docker missing early output or the command exiting prior to attach. In the latter case this may block Docker until a timeout occurs due to docker attach semantics. This has been fixed.

Known Issues

• volume create throws createVolumeInternalServerError #1974
  The following error occurs when the "default" volume store location cannot be found by the backend. This can occur if the specified datastore isn't accessible from the cluster specified during deployment via the compute-resource argument.

  Error response from daemon: [POST /storage/volumes/][500] 
  createVolumeInternalServerError 
  &{Code:0xc82000f540 Message:volumestore 
  (http://VCH-0-8191/storage/volumes/default) not found}

• Miscellaneous errors:

  • Unable to wait for process launch status #1878

    unable to wait for process launch status:
    
    Post https://192.168.31.13/sdk: EOF

  • containerRemoveInternalServerError #1823

    [DELETE /containers/{id}][500] containerRemoveInternalServerError`

  • Context deadline exceeded #1822

• vic-machine delete leaves container remnants #1787
  
  Some container remnants are tagged as invalid, indicating that the corresponding datastore files have been deleted. Resource pools are also deleted before the container VM is deleted.

• After restarting a container manually and running docker ps, a port layer error occurs #1767
  

• volume ls ignores filters #1718
  

• docker ps does not show ports #1701
  

• docker run busybox behaves incorrectly #1687
  
  The container configuration between vSphere Integrated Containers Engine and Docker containers is different in that vSphere Integrated Containers Engine attempts to attach to a container and Docker exits immediately.

• When pulling from a private registry, the registry prefix is missing from the tag #1638
  

• Specifying docker volume create with a bad driver succeeds #1564
  
  Instead of showing an error that the driver is not found, a fake driver is created.

• vSphere Integrated Containers Engine does not support creation of volumes with auto-generated names #1560
  
  You see the error Server error from Portlayer: Name in body is required

• vic-machine create fails when using a slow connection #1557
  
  The timeout option is set to 3 minutes by default.
  
  Workaround: Set the timeout option to 10 minutes.

• docker ps -n shows stopped containers that have been created, but not started, for the state of the container #1545
  

• A container that is not fully started cannot be stopped #1541
  
  A mapped network that does not have DHCP results in containers not starting cleanly because the network configuration could not be applied. The container process is not launched and cannot be stopped even though docker ps shows that it is running.

• Incorrect image digest format sent to Docker client #1484
  
  docker images --digests is not supported.

  Workaround: Pull images by tag instead.

• After a fresh virtual container host deployment, containers sometimes start up and shut down immediately #1457
  

• docker pull results an "already exists" error #1409
  
  When performing docker pull busybox, a context deadline occurs on the port layer, causing an inconsistent state. Pulls can take a very long time with a slow network connection.

• Datastore is not cleaned after removing a stopped container #1313
  

• vic-machine create validation fails if a dvSwitch exists on an ESXi target #729
  

• Force remove of a container fails #1312
  
  When you try to force remove a container with docker ${params} rm -f ${container}, you get an error daemon: server error from portlayer.

• Restarting a stopped container from attach fails with "already bound" #1086
  
  Workaround: Calling stop on an already stopped container allows subsequent start operations to succeed. stop returns an error that you can ignore.

• Root user support #1279
  
  vSphere Integrated Containers Engine does not support root users inside containers.

• Default base disk size is 8GB #159

• Do not use docker run -it and docker start -ai for short-lived commands. #1429
  For example, do not use docker run -it busybox /bin/ls.
  docker run does not currently delay the start of a command until attach has completed, resulting in Docker missing early output or the command exiting prior to attach. In the latter case this may block Docker until a timeout occurs due to docker attach semantics.

  Workaround: Use the docker start and docker attach commands to make the current behavior explicit:

• The log server does not require authentication and might expose sensitive system information.
  
  Debug logging is enabled in this release. This can potentially expose the path and identity of system resources over HTTP via the vicadmin portal. Plain-text passwords are not exposed.

• CPU and Memory in info do not reflect resource pool limits. #861
  
  Current values for CPU and memory do not reflect the resource pool limits that are the actual resource boundaries of a virtual container host.

• Using anonymous volumes
  
  To use anonymous volumes with docker create -V, you must specify a default volume store when you run vic-machine create to create the virtual container host. For example, ...

vSphere Integrated Containers Version v0.5.0

Changes from v0.4.0 v0.4.0...v0.5.0

Known Issues

• unable to wait for process launch status: Post https://192.168.31.13/sdk: EOF #1878, #1870

• [DELETE /containers/{id}][500] containerRemoveInternalServerError #1823

• context deadline exceeded #1822

• Failed to ping portlayer: Get http://127.0.0.1:8080/_ping: dial tcp 127.0.0.1:8080: getsockopt: connection refused #1109
  
  

• vic-machine delete leaves container remnants #1787
  
  Some container remnants are tagged as invalid, indicating that the corresponding datastore files have been deleted. Resource pools are also deleted before the container VM is deleted.

• After restarting a container manually and running docker ps, a port layer error occurs #1767
  

• volume ls ignores filters #1718
  

• When creating a virtual container host, the container network DNS and gateway are not populated #1715
  

• docker ps does not show ports #1701
  

• docker run busybox behaves incorrectly #1687
  
  The container configuration between vSphere Integrated Containers and Docker containers is different in that vSphere Integrated Containers attempts to attach to a container and Docker exits immediately.

• When pulling from a private registry, the registry prefix is missing from the tag #1638
  

• The container-network-gateway/dns/ip-range options allow either a distributed port group name or a network name #1602
  
  When you specify --container-network-gateway/dns/ip-range, vic-machine create allows you to specify either the distributed port group name or the descriptive network name that you specify in --container-network. If you use the descriptive network name, deployment succeeds and containers appear to be using the correct network, but creating a container that uses that network results in errors. Only the distributed port group name works correctly.

• Specifying docker volume create with a bad driver succeeds #1564
  
  Instead of showing an error that the driver is not found, a fake driver is created.

• vSphere Integrated Containers does not support creation of volumes with auto-generated names #1560
  
  You see the error Server error from Portlayer: Name in body is required

• vic-machine create fails when using a slow connection #1557
  
  The timeout option is set to 3 minutes by default.
  
  Workaround: Set the timeout option to 10 minutes.

• docker ps -n shows stopped containers that have been created, but not started, for the state of the container #1545
  

• A container that is not fully started cannot be stopped #1541
  
  A mapped network that does not have DHCP results in containers not starting cleanly because the network configuration could not be applied. The container process is not launched and cannot be stopped even though docker ps shows that it is running.

• Incorrect image digest format sent to Docker client #1484
  
  docker images --digests is not supported.

  Workaround: Pull images by tag instead.

• After a fresh virtual container host deployment, containers sometimes start up and shut down immediately #1457
  

• docker pull results an "already exists" error #1409
  
  When performing docker pull busybox, a context deadline occurs on the port layer, causing an inconsistent state. Pulls can take a very long time with a slow network connection.

• Datastore is not cleaned after removing a stopped container #1313
  

• docker network ls --no-trunc returns 32 characters instead of 64 #1225
  

• vic-machine create validation fails if a dvSwitch exists on an ESXi target #729
  

• Force remove of a container fails #1312
  
  When you try to force remove a container with docker ${params} rm -f ${container}, you get an error daemon: server error from portlayer.

• Restarting a stopped container from attach fails with "already bound" #1086
  
  Workaround: Calling stop on an already stopped container allows subsequent start operations to succeed. stop returns an error that you can ignore.

• Root user support #1279
  
  vSphere Integrated Containers does not support root users inside containers.

• Deleting of a virtual container host deletes pre-existing files and folders #1210
  
  When deleting a virtual container host by using vic-machine delete, all files and folders in the volume store paths that you specified during creation are deleted, even if they existed prior to the creation of the virtual container host.

• Pulling a nonexistent image produces incorrect output #757
  
  When you try to pull a nonexistent image, you get the error daemon: exit status 1. The error should be Not found or Not Authorized.

• Default base disk size is 8GB #159

• Do not use docker run -it and docker start -ai for short-lived commands. #1429
  For example, do not use docker run -it busybox /bin/ls.
  docker run does not currently delay the start of a command until attach has completed, resulting in Docker missing early output or the command exiting prior to attach. In the latter case this may block Docker until a timeout occurs due to docker attach semantics.

  Workaround: Use the docker start and docker attach commands to make the current behavior explicit:

• The log server does not require authentication and might expose sensitive system information.
  
  Debug logging is enabled in this release. This can potentially expose the path and identity of system resources over HTTP via the vicadmin portal. Plain-text passwords are not exposed.

• SSH is disabled in the virtual container host appliance. #1218
  
  To re-enable SSH on the appliance:

  1. In the vCenter Client, open the console for the virtual container host VM.
     
  2. Log in with username root and password password.
     
  3. Type systemctl start sshd.

• CPU and Memory in info do not reflect resource pool limits. #861
  
  Current values for CPU and memory do not reflect the resource pool limits that are the actual resource boundaries of a virtual container host.

• Using anonymous volumes
  
  To use anonymous volumes with docker create -V, you must specify a default volume store when you run vic-machine create to create the virtual container host. For example, ./vic-machine create <...> --volume-store default:datastore1/anonymousVolumes

Download

https://storage.googleapis.com/vic-engine-releases/vic_0.5.0.tar.gz

Installation

For instructions about how to deploy a vSphere Integrated Containers v0.5.0 virtual container host, see vSphere Integrated Containers Installation HTML | PDF | Source.

Using vSphere Integrated Containers

For more details on using vSphere Integrated Containers v0.5.0 see the general usage doc in Github, or the current drafts of the end user documentation on https://vmware.github.io/vic:

• vSphere Integrated Containers Installation HTML | PDF | Source.
• vSphere Integrated Containers for vSphere Administrators HTML | PDF | Source
• Developing Container Applications with vSphere Integrated Containers HTML | [PDF](https://vmware.github.io/vic...

vSphere Integrated Containers Version v0.4.0

Changes from v0.3.0 v0.3.0...v0.4.0

Adds:

• vic-machine create - significantly increases scope of configuration validation and simplifies arguments
• vic-machine delete - delete a VCH, including containers, images, and volumes
• vic-machine inspect - point in time data about a VCH such as current DOCKER_HOST value
• support for short IDs and names in most locations
• improved vCenter support (still experimental)
• early volume support
• link and alias support (container networking)
• direct mapping of vSphere networks

The function is still basic and there are some specific limitations worth pulling out:

• stop is not polite - it currently powers off the VM directly without providing for filesystem sync (see #438)
• port forwarding is not available (see #938)
• run does not block the process from starting until attach is complete so may result in missed output and attempt to attach to stopped container
• no volume ls support or mechanism to list volume store locations

Known Issues

Force remove of a container fails. #1312

When you try to force remove a container with docker ${params} rm -f ${container}, you get an error from daemon: server error from portlayer

Restarting a stopped container from attach fails with "already bound". #1086

Workaround: calling stop on the already stopped container allows subsequent start operations to succeed. Stop will return an error that can be ignored.

Root User Support #1279

vSphere Integrated Containers supports root users inside containers. Non-root users will be supported in a later release.

Deletion of a VCH #1210

When deleting a VCH with vic-machine delete, all files and folders in the volume-store paths specified during creation will be deleted, even if they existed prior to VCH creation.

Pulling a nonexistent image produces incorrect output #757

When you try to pull a nonexistent image, you get an error from daemon: exit status 1

Error should be: Not found or Not Authorized.

Default base disk size is 8GB #159

Do not use docker run -it and docker start -ai for short-lived commands. Eg. docker run -it busybox /bin/ls.#1429

docker run does not currently delay start of the command until attach has completed, resulting in missing early output or command exit prior to attach. In the latter case this may block until a timeout occurs due to docker attach semantics.

Use the following commands to make the current behavior explicitly evident:


docker start

docker attach


The log server does not require authentication and might expose sensitive system information.

Debug logging is enabled in this release and can potentially expose the path and identity of system resources over HTTP via the vicadmin server. Plain-text passwords are not exposed.

SSH is disabled in the appliance.#1218

To re-enable SSH on the appliance:

1. In the vCenter Client, open the console for the VCH.
   
2. Log in with username root and password password.
   
3. Type systemctl start sshd.

CPU and Memory in info do not reflect resource pool limits. 861

Current values for CPU and memory do not reflect the resource pool limits that are the actual resource boundaries of the VCH.

Using anonymous volumes

To use anonymous volumes with docker create -V, you must specify a default volumestore location with vic-machine when creating the VCH.

Eg. ./vic-machine create <...> --volume-store default:datastore1/anonymousVolumes

For more information, see vSphere Integrated Containers documentation

Ctrl-C does not kill a running container 1501

If you attempt to kill a running container by pressing Ctrl-C, the container continues running and the message Cannot kill container container_id: vSphere Integrated Containers does not implement container.ContainerKill appears in init.log.

Workaround: Use docker stop.

Download

https://storage.googleapis.com/vic-engine-releases/vic_0.4.0.tar.gz

Installation

For instructions about how to deploy a vSphere Integrated Containers v0.4.0 virtual container host, see vSphere Integrated Containers Installation HTML | PDF | Source.

Using vSphere Integrated Containers

For more details on using vSphere Integrated Containers v0.4.0 see the general usage doc in Github, or the current drafts of the end user documentation:

• vSphere Integrated Containers Installation HTML | PDF | Source.
• vSphere Integrated Containers for vSphere Administrators HTML | PDF | Source
• Developing Container Applications with vSphere Integrated Containers HTML | PDF | Source

Open Source Components

The copyright statements and licenses applicable to the open source software components distributed in vSphere Integrated Containers are available in the LICENSE file.

---

Copyright © 2016 VMware, Inc. All rights reserved.

vSphere Integrated Containers Version v0.3.0

What's in vSphere Integrated Containers v0.3.0

Changes from v0.1.1 v0.1.1...v0.3.0

These changes can be summarized as:

• now provides the basic function for most of the core lifecycle operations: pull, create, start, attach, run, stop, rm
• installer is now multi-platform
• early experimental vCenter support

The function is still basic and there are some specific limitations worth pulling out:

• there is a known issue when installing to vSphere targets where a network is misconfigured, please only use ESX targets for this release
• stop is not polite - it currently powers off the VM directly without providing for filesystem sync
• short IDs are not supported in commands
• port forwarding is not available (however containers are created with a NIC
• there is a known issue with attach when pushing continuous data

Download

https://storage.googleapis.com/vic-engine-releases/vic_0.3.0.tar.gz

Installation

For instructions about how install vSphere Integrated Containers and deploy a virtual container host, see https://github.com/vmware/vic/blob/master/doc/user_doc/vic_installation/SUMMARY.md

Using vSphere Integrated Containers

For more details on using vSphere Integrated Containers v0.3.0 see https://github.com/vmware/vic/tree/master/doc/user_doc

Open Source Components

The copyright statements and licenses applicable to the open source software components distributed in vSphere Integrated Containers are available in the LICENSE file.

---

Copyright © 2016 VMware, Inc. All rights reserved.

vSphere Integrated Containers Version 0.1.1

What's in vSphere Integrated Containers 0.1.1

Patch release for v 0.1.0

Changes from v0.1.0 v0.1.0...v0.1.1

See https://github.com/vmware/vic/releases/tag/v0.1.0 for more details

Download

https://storage.googleapis.com/vic-engine-releases/vic_0.1.1.tar.gz

Installation

For instructions about how to build vSphere Integrated Containers and deploy a virtual container host, see the README file.

Using vSphere Integrated Containers

For more details on using vSphere Integrated Containers v0.1.1 see the usage file.

Open Source Components

The copyright statements and licenses applicable to the open source software components distributed in vSphere Integrated Containers are available in the LICENSE file.

---

Copyright © 2016 VMware, Inc. All rights reserved.