Thursday, October 19, 2017

vSphere Integrated Containers – working with variables

If you play long enough with vSphere Integrated Containers (VIC), sooner you will realize how long and tedious are the vic-machine commands.

Do you know you can make use of VIC variables to simplify those day to day activities?!?

Taking as an example the simple task of listing all your created VCHs, you would need a command like that:

vic-machine ls --target vcenter.vsphere.local --user administrator@vsphere.local --password Secure123 --thumbprint 2F:C3:3C:5D:99:B6:31:87:77:58:4D:8F:2F:75:D9:0C:01:F8:FE:6B

As I said….loooong !!!!
What if I tell you can just run: vic-machine ls instead
Much simpler, right ?!?!

Well, that’s all possible setting up the VIC variables, that will store your values and use them on future commands; these are the ones:

  • VIC_MACHINE_TARGET: that’s the variable that tells which is your target vCenter to use;  
  • VIC_MACHINE_USER: the username with privileges to run commands against your target vCenter;   
  • VIC_MACHINE_PASSWORD: the password for the username you just specified with VIC_MACHINE_USER;
  • THUMBPRINT: the variable that contains the thumbprint of your target vCenter;

You just need to set your environment variables to make it works.
Depending on your operations system the command to set environment variables are different;
For Linux:       export “variable”=”value”
For Windows: set “variable”=”value”

Now, let’s see how our example will looks like:

Run: export VIC_MACHINE_TARGET=vcenter.vsphere.local
Run: export VIC_MACHINE_PASSWORD=Secure123
Run: Export VIC_MACHINE_THUMBPRINT=2F:C3:3C:5D:99:B6:31:87:77:58:4D:8F:2F:75:D9:0C:01:F8:FE:6B
Run: vic-machine ls

Now you can just run vic-machine commands like ls, create, delete, configure and others without having to provide the same information over and over again.

Since we are talking about making your life easier, do you know Docker has it’s own variables too?

To check the information of your docker host you would run a command like that:
docker –H --tls --tlscacert /home/vch01/ca.pem --tlscert /home/vch01/cert.pem --tlskey /home/vch01/key.pem info

Would it not be better just run: docker info

Yes you can, it works the same way, setting up DOCKER variables, these are the most common ones;

  • DOCKER_HOST: set your target docker host or VCH in our case; 
  • DOCKER_TLS_VERIFY: set your docker client to check for TLS, set to 1 to enable verification; 
  • DOCKER_CERT_PATH: the path where docker host certificate and keys could be found, keep all certificates for the same docker host on the same folder, that makes things easier down the road;   
  • DOCKER_CONTENT_TRUST: when set to 1, it enables content trust;  
  • DOCKER_CONTENT_TRUST_SERVER: set your notary server for content trust verification and signature;
 Give it a shot, I bet you will feel more productive and less tedious.

See you next.


Ketan Risbud said...

Another awesome tip! Just an addition - These env variables are not persistent. The user can either set them globally in the /etc/profile or by creating a script for your variable in /etc/profile.d

Example: while using PhotonOS edit /etc/profile and add your variables under

# Setup some environment variables.
export HISTSIZE=1000
export HISTIGNORE="&:[bf]g:exit"
export VIC_MACHINE_TARGET=vcenter.vsphere.local
export VIC_MACHINE_USER=administrator@vsphere.local

Keep up the good work Eduardo.

I was hoping you can post an article on Networking in VIC. The ones posted are high level. While deploying containers, especially DCH in VIC and then deploying a swarm as mentioned in this article -

I tried this in my lab and got the DCH swarm running. My VCH used Bridged network port group with no VLAN tagged and a container network pool which was backed by a port group and a VLAN. The worker nodes did get IPs from the container network pool and I was able to ping them as well.

After getting the swarm up and the services running, the ports 5000 & 5001 did not map the container port 80. Any help is appreciated.


Eduardo Meirelles da Rocha said...

Can you provide the specification you use to create your swarm service ?

Ketan Risbud said...

Thanks for the quick reply Eduardo. Last night after carefully redeploying the swarm I resolved the issue. The issue was the way my network is setup. I had to combine bridge network with container network to get it working. Once again keep up the good work. Always looking fwd to read your blog.


Ketan Risbud said...

Hi Eduardo, thanks to your blogs I finally started writing again. Here is my first one after ages.

Any inputs are welcome. Thanks !

Eduardo Meirelles da Rocha said...

Hi Ketan,

I know how hard it is to keep blogging, specially if you do that on your own free time.
Keep writing....we all appreciate that.

Post a Comment

Who am I

My photo
I’m an IT specialist with over 15 years of experience, working from IT infrastructure to management products, troubleshooting and project management skills from medium to large environments. Nowadays I'm working for VMware as a Consulting Architect, helping customers to embrace the Cloud Era and make them successfully on their journey. Despite the fact I'm a VMware employee these postings reflect my own opinion and do not represents VMware's position, strategies or opinions. Reach me at @dumeirell

Most Viewed Posts

Blog Archive