Skip to content

vSphere Integrated Containers Engine Version v1.2.1 GA
Compare
Choose a tag to compare
@mhagen-vmware mhagen-vmware released this 27 Sep 22:21
v1.2.1
c3db65f

v1.2.1 is tagged on releases/1.2.1 branch

Changes from v1.1.1 v1.1.1...v1.2.1

New Features

This release adds fixes for issues found in 1.2.0, and a new vic-machine create option, --container-name-convention.

Resolved Issues

The following issues found in previous releases have been fixed in 1.2.1:

  • docker stop fails with error about collision of concurrent operations. #6236
    Error response from daemon: Conflict error from portlayer... collision of concurrent operations. This error is due vSphere Integrated Containers Engine not obtaining the up-to-date power state of the container VM from vCenter Sever in a slow environment. The container VM is already powered off but vCenter Server assumes that it is running, which causes the conflict error. vSphere Integrated Containers Engine obtains the latest power state of the container VM after some time.
  • Container with container-network gets assigned bogus port mappings after VCH restart #6091
  • Fix panic when vSphere session goes away #6280
  • Reduce WAN check timeout #6290
  • docker-compose integration tests not cleaning up on failures #5948
  • VIC endpoint delay or error in releasing explicit port mapping #6197
  • support use-rp option in vic-machine create/inspect/configure/upgrade #6272
  • Attach sessions hang (both attach and exec for new and existing containers) #6281
  • Adds basic name convention support [full ci] #6265
  • docker run ls of a volume mounted folder does not exit #6371
  • docker info should not be unresponsive if admiral is slow responding #6346
  • Incorrect construction of target URL string for tag service #6347
  • RegistryCheck should have a much lower timeout and failure modes should be different #6348

Known Issues

  • vic-machine debug --rootpw option enables SSH. #6402
    If you specify the vic-machine debug --rootpw option without also specifying --enable-ssh, SSH access to the VCH is still enabled. This behavior is incorrect and will be fixed in a future release.

  • Gateway information is missing from docker inspect. #6010
    If you configured a container network on a VCH, if this network uses DHCP, and if you did not specify --container-network-gateway, the gateway is configured correctly but does not show up in the output of docker inspect commands that are run on containers on that network.

  • Schema 2 image manifests not supported. #5187
    vSphere Integrated Containers Engine does not support pulling images that only have schema 2 image manifests. If an image registry offers only the schema 2 manifest for an image, pull operations fail. This is most commonly seen when pulling an image by digest.

  • docker exec always returns 0 and ignores the exit code of processes. #5692
    docker exec always returns 0, even if you specify -it. This is potentially due to a delay in vSphere host synchronization.

  • Container VMs deleted between upgrading and rolling back an upgrade on a VCH show up in docker ps. #5754
    If you upgrade a VCH, perform vic-machine delete on container VMs, then use vic-machine upgrade --rollback to revert the VCH to the previous version, the cache information in the VCH is reverted. However, the deleted container VM cannot be reverted, so if you run docker ps, the deleted container VMs are listed.

    Workaround: Restart the VCH endpoint VM in the vSphere Client.

  • docker diff does not fully work with all containers. #6059
    Running docker diff on certain containers, for example postgres, results in Error response from daemon: Server error from portlayer: Server error from portlayer: Server error from archive reader for device.

  • Cannot delete images using image ID after restarting VCH. #6076
    If you pull images into a VCH, then restart that VCH, running docker rmi image_ID results in Error response from daemon: No such image.

    Workaround: Delete images by using the human-readable name.

  • docker info does not report secure registries. #6256
    Running docker info on a VCH reports any registries that you have whitelisted, but does not report secure registries that you specified with vic-machine create --registry-ca.

  • Enabling content trust in Management Portal does not work if a VCH is in whitelist mode. #6258
    If you install a VCH with whiltelist mode enabled, attempting to a enable content trust on a vSphere Integrated Containers Registry in Management Portal does not update the whitelist, and you cannot pull from that registry.

  • Running docker create results in InvalidDeviceSpec. #4666
    When attempting to create a VMDK for the read-write layer of a container during docker create, the parent VMDK sometimes cannot be accessed or located, resulting in an InvalidDeviceSpec fault. This is specific to vSAN datastores.

    Workaround: Attempt to create the container again.

  • Publishing all exposed ports to random ports with the -P option is not supported. #3000
    vSphere Integrated Containers Engine does not support docker create/run -P.

  • Occasional disconnection during vMotion. #4484
    If you are attached to a container VM that is migrated by vMotion, the SSH connection to the container VM might drop when vMotion completes.

    Workaround: Perform docker attach after the vMotion completes to reattach to the container.

  • Using volume labels with docker-compose causes a plugin error. #4540
    Setting a label in a volume in the Docker compose YML file results in error looking up volume plugin : plugin not found.

    Workaround: Set the volume driver explicitly as local or vsphere in the compose file. E.g.,

    volumes:
  volume_with_label:
    driver: local

  • vSphere Integrated Containers Management Portal cannot pull images from an insecure vSphere Integrated Containers instance when creating a container using vSphere Integrated Containers Engine. #4706
    Creating a container in vSphere Integrated Containers Management Portal with vSphere Integrated Containers Engine as the only Docker host results in the error certificate signed by unknown authority.

    Workarounds: Specify the vSphere Integrated Containers Registry port when you set the vic-machine create--insecure-registry option, or provide a CA certificate in the --registry-ca option.

  • Deployment fails if you configure a VCH to use 4 NICs. #2802
    A VCH supports a maximum of 3 distinct network interfaces. The bridge network requires its own port group, at least two of the public, client, and management networks must share a network interface and therefore a port group. Container networks do not go through the VCH, so they are not subject to this limitation. This limitation will be removed in a future release.

  • vic-machine and VCH do not support creation of resources within inventory folders. #3619
    This capability will be added in a future release.

  • Image store is in the wrong directory if the datastore already has a directory with the same name. #3365
    If the datastore already has a directory with the same name as the VCH, and the directory does not have a VM, vic-machine creates the VCH correctly names the folder a slightly different name. Example, folder "test_1" with vch named "test". The kvstore is located in "test_1" folder correctly, but image files are still in the "test" directory.

  • Deployment with static IP takes a long time. #3436
    If you deploy a VCH with a static IP, the deployment might take longer than expected, resulting in timeouts.
    Workaround: Increase the timeout for the deployment when using static IP.

  • Firewall status delayed on vCenter Server. #3139
    If you update the firewall rules on an ESXi host to allow access from specific IP addresses, and if that host is managed by vCenter Server, there might be a delay before vCenter Server takes the updated firewall rule into account. In this case, vCenter Server continues to use the old configuration for an indeterminate amount of time after you have made the update. vic-machine create can successfully deploy a VCH with an address that you have blocked, or else fail when you deploy a VCH with an address that you have permitted.

    Workaround: Wait a few minutes and run vic-machine create again.

  • Piping information into busybox fails. #3017
    If you attempt to pipe information into busybox, for example by running echo test | docker run -i busybox cat, the operation fails with the following error:

    Error response from daemon: Server error from portlayer: 
ContainerWaitHandler(container_id) 
Error: context deadline exceeded

  • vic-machine delete does not recognize virtual container hosts that were not fully created. #2981
    vic-machine delete fails when you run it on a virtual container host that was not fully created.

    Workaround: Manually delete any components of a partial installation, for example, the virtual container host vApp, the endpoint VM, and datastore folders.

  • When you pull a large sized image from Harbor into a virtual container host, you get an error that the /tmp partition reached capacity. #3624

    docker: Failed to fetch image blob: weblogic/test_domain/sha256:3bf21a5a3fdf6586732efc8c64581ae1b4c75e342b210c1b6f799a64bffd7924 returned download failed: write /tmp/3bf21a5a3fdf346188145: no space left on device.

    Workaround: Deploy the virtual container host with --endpoint-memory=4096 which increases the appliance memory configuration.

  • Installing the virtual container host using a short hostname fails. #2582
    Workaround:

    • The IP address that you provide to vic-machine create target must be reachable on the management network.
    • If you use a DNS name instead of an IP address, the virtual container host endpoint VM must be able to resolve the name using the DNS server that is configured either by DHCP or by the vic-machine create --dns-server option. There is no default search domain, so use the FQDN.

  • Pulling all tagged images in a repository is not supported. #2724

    vSphere Integrated Containers only attempts to pull the latest tagged images.

  • vSphere Integrated Containers fails to delete the vApp that remains after a virtual container host creation fails. #2853

  • Container VM fails to start on VIC backed by a VVOL datastore. #2242

    VVOL datastores are not supported in this release.
  • Attaching the same container from multiple terminals causes problems. #2214
  • --net=none is not supported. #2108
  • VCH restarts if required process cannot be restarted. #2099

    The system attempts to restart a finite number of times, then reports an error, leaving the VCH up and running to download logs. Instead, VCH immediately reboots.
  • vic-machine incorrectly assumes conf.ImageStores[0] is the appliance datastore. #1884
  • When some of the hosts in the cluster are not attached to the dVS and do not have access to the bridge network, the error message is not easily readable. #1647
  • Image manifest validation for pulled images is not supported. #1331
  • Setting up overlay networks is not supported. #1222

    Error response from daemon: scope type not supported
  • vic-machine can connect to the target but the VCH appliance cannot. #3479

    The VCH cannot get an IP address on the management network or does not have a route to the specified target.
  • Adding folder options to vic-machine is not yet implemented. #773
  • Adding mapped vSphere networks to running containers is not yet implemented. #745
  • Adding bridge networks to running containers is not yet implemented. #743
  • Mapping an existing vSphere level network into the Docker network to explicitly provide a container with a route not through the VCH appliance is not yet implemented. #441
  • docker pull results an "already exists" error #1409

    If a context deadline exceeded error occurs on the port layer while performing an image pull, it causes an inconsistent state for the image. Pulls can also take a very long time with a slow network connection.
  • vic-machine create validation fails if a dvSwitch exists on an ESXi target #729

Download Binaries

Installation

For instructions about how to deploy a vSphere Integrated Containers Engine virtual container host, see Using vic-machine to Deploy Virtual Container Hosts in vSphere Integrated Containers for vSphere Administrators.

Using vSphere Integrated Containers Engine

For more details on using vSphere Integrated Containers Engine see the end user documentation at https://vmware.github.io/vic-product/index.html#getting-started.

Open Source Components

The copyright statements and licenses applicable to the open source software components distributed in vSphere Integrated Containers Engine are available in the LICENSE file.

Assets 2
Loading