VMware Cloud Community
rszymczak
Hot Shot
Hot Shot

Coopto - a vRO Plugin for Docker integration

Hello community!

I'm thrilled to present to you the very first public beta release of Coopto - a vRO Plugin for integrateing Docker into your VMware stack!

You'll get all details on the projects home page at GitHub. Purpose of this project is to create a community process of plug-in development for vRealize Orchestrator (vRO) by fully integrating Docker into the VMware stack. So, please feel free to work with us on this.


Please note that this is a very first public beta and we do need your help to get any bugs fixed that might slipped trough our quality management.


About

Coopto is a plug-in for VMware’s orchestration engine vRealize Orchestrator. It aims to provide full Docker functionality within the central automation component of the VMware stack in order to utilize and combine the power of container technology with virtualization technology.

We think that containers and VM may not only coexist but greatly benefit from each other. Parts where virtualization alone so far has greatly failed due to the high variation of competing formats in a very dynamic market can be moved to the shiny parts or container technology, e.g. the independent and therefore shiftable format. Other aspects of cluster computation where virtualization has matured and proven enterprise ready within the last years can furthermore be implemented on the trusted and well known virtualization stack currently in use in most modern datacenter.


Digging in deeper the combination of both can result in an even more powerful computation stack then possible with just one of the technologies. A typical real world use-case would be providing a persistent storage to a container by leveraging existing vSphere storage APIs to create and attach a virtual HDD exclusively for that container, implicitly simplifying container management and backup for business critical data.

In order to bring both worlds together we use a simple to use and yet very common orchestration engine: vRealize Orchestrator. In fact: if you’re running on a vSphere stack, you probably already own vRealize Orchestrator.

coopto-scope.png

From our point of view both technologies, virtualization and containerization, currently have their advantages and disadvantages and therefore a right to exist. Time will show how both develop and eventually one will be the winner or both will merge into a new, even more powerful technology. However this will turn out, within the here and now we want to combine the best of the two technologies. That’s where Coopto comes in – and due to its open source nature you can be a part of it, if you wish to.



Download

The download along with download and install instructions can be found on VMware Solution Exchange

17 Replies
gkostova
VMware Employee
VMware Employee

Hi,

I have a question related with docker integration. Following the instruction on the page https://github.com/m451/coopto/ I've succeeded to build the plugin and import the plugin wfs to my vRO. But when I added the docker node it remains in status OFFLINE. I tried to configure the docker deamon to listen to the specified IP-address and port (docker -H tcp://192.168.59.103:2375) but seems that it was not successful. I use the Windows docker installation on Windows 7. Also docker remote API version is 1.16. May it is a stupid question but any help will be appreciated. Thanks!

Regards,

Galina

Reply
0 Kudos
rszymczak
Hot Shot
Hot Shot

Hi gkostova,

I'm running on CoreOS here so I never really ran into that issue. But since this is already the 3rd question reaching me regarding Boot2Docker I decided to look into it.

In 99 out of 100 cases it's a network issue you're faceing. So when installing Boot2Docker - tested on Windows and documentation says it's the same config on OSx - you end up with a pre-configured VirtualBox that by default ->should<- have NAT rules configured so that it'll automaticly expose the VMs ports. I verified this and it seems to be true in my case.

Also by default the Docker deamon within the VM will start the Remote API and listen on :::2376. Also that was true for me, but if you want to verify you should run

netstat -tulpen

within your Boot2Docker install which will list all ip:port combinations the VM listens to (again: since you're within a VM you have to make sure the NAT config of VirtualBox is working if you want to reach your VM from your local computer. This was true for me by default but it has not to be true in your case as e.g. conficting IP-addressing on your local machines network setup may prevent VirtualBox from creating the adapter). Please note that by default, even though the VM is listening on all IP binding, only the virtual NAT adapter will be used (using some 192.168.59.0/24 IP).

Now the issue I had is that by default Boot2Docker - since the current release is useing docker 1.4.1 - has TLS enabled and will not allow any unencrypted connections. Docker added this feature with the 1.3 release. This means that you can have heavily encrypted TLS connections but it also means quite alot of configuration (plus: not yet supported by coopto 🙂 still fiddeling around to find the best way for the certs to be imported and saved when adding a new node). That said: for dev and testing purpose it's not worth the hassle. So what to do about it? Simple! Just do the following within your Boot2Docker console:

cp /etc/init.d/docker ~/docker.bak

sudo sed -i 's/DOCKER_TLS:=auto/DOCKER_TLS:=no/1' /etc/init.d/docker

sudo /etc/init.d/docker stop

sudo /etc/init.d/docker start

This will disable TLS and restart Docker. So, once you've done that, if you re-run netstat -tulpen you should now see your Docker deamon listening on port 2375 (non-TLS) instead of 2376 (TLS). Now it's time for testing. Get your 192.168.59.0/24 interface IP by running ifconfig in your Boot2Docker. In my case it was 192.168.59.103. Next open the following URL in a browser of your choice on your computer hosting Boot2Docker: http://192.168.59.103:2375/info

You should see something like the following returned:

{"Containers":0,"Debug":1,"DockerRootDir":"/mnt/sda1/var/lib/docker","Driver":"aufs","DriverStatus":[["Root Dir","/mnt/sda1/var/lib/docker/aufs"],["Dirs","0"]],"ExecutionDriver":"native-0.2","ID":"V3OD:UNDR:RFCZ:SJOZ:ZP6N:DOYA:YISQ:YJWC:5DYZ:HHG6:JCH2:NVBE","IPv4Forwarding":1,"Images":0,"IndexServerAddress":"https://index.docker.io/v1/","InitPath":"/usr/local/bin/docker","InitSha1":"","KernelVersion":"3.16.7-tinycore64","Labels":null,"MemTotal":2105585664,"MemoryLimit":1,"NCPU":8,"NEventsListener":0,"NFd":10,"NGoroutines":11,"Name":"boot2docker","OperatingSystem":"Boot2Docker 1.4.1 (TCL 5.4); master : 86f7ec8 - Tue Dec 16 23:11:29 UTC 2014","SwapLimit":1}

If you don't see that, then there is still a network problem between your Boot2Docker host and your Boot2Docker VM that you should fix first. If it's working, than atleast Docker is configured corretly.


Next step would be to verify connection between your Docker host and your Orchestrator host. I'm not sure where your Orchestrator is running at, but if you're using Boot2Docker you only probably have NAT rules set between the VM and your local system. This means you probably won't be able to connect to the Boot2Docker VM from outside without further configuration of your network setup (this depends on your system network setup - it's worth a shot after you disabled TLS, just press the "refresh" button within your orchestrator client's inventory and see if it still remains "OFFLINE").

This will probably also be the case if you have Orchestrator running on an another Hypervisor (e.g. VMware Workstation) since Orchestrator in that case will be running on a different network adapter and dosn't know how to reach the Boot2Docker instance by default (this depends on your network config). You can verify that your network is setup correctly by connecting to your Orchestrator host using SSH and simply doing a

wget --spider http://192.168.59.103:2375/info

If it's working, you should get a response like "Connecting to 192.168.59.103:2375... connected." if it's not you'll see a "connected.failed: Connection refused". If it's working and the plugin still lists coopto as "OFFLINE" (after you refreshed vRO inventory), then please reach out to me and I'll look into it.

btw.: even if you can only choose 1.15 as the remote API version in the "add a docker node" workflow, 1.16 should work with it too. If you want the latest up-to-date version that will allow you to select 1.16 (and fixes a issue still existing in the first release) then you should build your plugin package from the latest commit ( https://github.com/m451/coopto/archive/master.zip ) instead of the latest release. However, as I said: I tested basic functionality and it's working with 1.16 even if you build from the release. So you should be fine.

Hope that clearifys things. I'll add a section about that to the projects wiki the next days.

Greetings

Robert

Reply
0 Kudos
gkostova
VMware Employee
VMware Employee

Thank you very match, Robert, for the detailed explanation:) It is very useful at all. I will try this and let you know..

Regards,

Galina

Reply
0 Kudos
gkostova
VMware Employee
VMware Employee

Hi again,

I followed the instructions that you sent for disabling TLS and now I see that the tsp port is 2375 - see screenshot. But I still not able to see nothing here http://192.168.59.103:2375/info - "The connection has timed out"...

Also when I enter in orchestrator ssh wget --spider http://192.168.59.103:2375/info I also receive "connection timed out".


For the worklow "Add a docker node" I can change it adding new apiVersion string 1.16, but I think that it will work with 1.15 if everything with the connection is fine.


Regards,

Galina

Reply
0 Kudos
rszymczak
Hot Shot
Hot Shot

Hi gkostova,

uhm, did you try "http://192.168.59.103:2375/info"? You'll need to use the IP address that your Boot2Docker is useing that will probably different from the IP that I was using in my example. You'll get it listed among the IPs when useing ifconfig within Boot2Docker. It should start with 192.168.X.X.

Regards

Robert

Reply
0 Kudos
gkostova
VMware Employee
VMware Employee

Yes, I did ifconfig and my IP is the same like yours - 192.168.59.103...Also I could not ping this IP from my orchestrator, also from my local machine where Boot2Docker is installed.

Regards,

Galina

Reply
0 Kudos
rszymczak
Hot Shot
Hot Shot

Hi,

it seems that you're faceing some network issue. Without further information about your network setup I unfortunately will not be able to help you 😞

But I attached a screenshot showing my (working) configuration that you can use as reference how it should look like in order to work. I'll give a quick explanation on the screenshot parts:

- the first screenshot is showing the boot2docker vm console and as you can see eth1 is setup with ip 192.168.59.103 and is up

- in the second part you see the virtual network adapter setup by virtualbox. in my case eth1 links to "VirtualBox Host-Only Network #2"

- the next part shows the configuration of that adapter in the virtualbox configuration page that was installed when you installed boot2docker.

- and the last screenshot displays the ip-route configuration of my host machine, where you can see that my host is aware of the route to 192.168.59.0/24 via the IP that is assigned to my "VirtualBox Host-Only Network #2" adapter (using it as a gateway to the VM).

Hope that helps you troubleshooting your connection issue. With a setup like that you should be able to connect to http://your-boot2docker-ip:2375/info

Another thing that I didn't think about yet: you should check if some local firewall is blocking the communication to the "untrusted" network that is attached to the virtual box adapter.

Reply
0 Kudos
rszymczak
Hot Shot
Hot Shot

@gkostova

Hope you've been able to get the plug-in running. I added a connection test to the latest source which will verify the connection from vCO to your Docker host which should make the issue more obvious and help troubleshooting.

Now when you try to add a new Docker node that can't be reached on the specified ip-address:port the "add a Docker node" workflow will fail after 15 seconds. Boot2Docker wiki is here too.


The changes will be included in the next VSX release 0.0.3 which I scheduled for release within the next days. If you want to try it out just right now you'll have to compile the latest source yourself.




Oh, btw: there have been questions regarding the license used I heared about. Good news on this front: license has been changed from GPLv3 to LGPLv3 which now also allows linking Coopto with proprietary software under Lesser General Public License v3.

Reply
0 Kudos
opoet3
Enthusiast
Enthusiast

Hi

I installed coopto plugin in orchestrator and add a docker host.

i can run coopto workflow in orchestrator but when i want add a custom resource in automation, orchestrator type filed not show any coopto resources

need to do something before adding custom resource?

Thank you

Reply
0 Kudos
rszymczak
Hot Shot
Hot Shot

Hi,

yes you have to add the new resources first. I attached a image showing the basic steps.

If the "orchestrator type" doesn't show the resource when you start typeing "coopto:" then probably there's an connection issue from vRA to vRO. Double check you added vRO as a ASD endpoint.

opoet3
Enthusiast
Enthusiast

Thank you so much

My connection from vRA to vRO have a problem i solved that and all thing work correctly

Reply
0 Kudos
HariRajan
Hot Shot
Hot Shot

Hello .

This plugin is not available in solution exchange , can you please help me to get the plugin.

Regards

Hari Rajan

Thanks & Regards in Plenteous . Hari Rajan
Reply
0 Kudos
rszymczak
Hot Shot
Hot Shot

Hello HariRajan,

unfortunately the account hosting the plugin has been disabled in the solution exchange. Thus, the plugin is not available there anymore. AFAIK VMware is currently working on enableing the account again but till then I'm afraid you'll have to wait.

I'm not allowed to host the plugin elsewhere since it contains libraries copyrighted by vmware.

regards

Robert

Reply
0 Kudos
HariRajan
Hot Shot
Hot Shot

Thanks for your quick answer,  you are quick like docker :smileygrin: .

Can you please try to expedite the process by talking to the VMware on this , I also would like to hear some more information from you regarding

the API version of Docker ,which "coopto" will support.

Thanks & Regards in Plenteous . Hari Rajan
Reply
0 Kudos
rszymczak
Hot Shot
Hot Shot

Hi HariRajan,

I attached the plugin documentation file to the thread. Within there you can find everything about the requirements.

Note that the current version of the plugin is not supported with vRealize Orchestrator 7. While it will install and "look" fine, some features (e.g. image download) will not work as expected.

I'm currently working on a updated version of the plugin supporting vRO 7 and adding tons of features but with my limited time this probably will take some weeks if not months till it's ready to be released.

Note that if you want the current state of the plugin you can always compile it yourself from source. Instructions can be found in the repository

regards

Robert

Reply
0 Kudos
HariRajan
Hot Shot
Hot Shot

Hi Robert ,

Thanks for the update and we will wait.

Thanks & Regards in Plenteous . Hari Rajan
Reply
0 Kudos
rszymczak
Hot Shot
Hot Shot

FYI: the vRO 6.x version is back online in the solution exchange. Cloud Management Marketplace | Solution Exchange

Work on the updated version for vRO 7.x is currently stuck due to daily business 😞

However I had a great talk with Tom Schwaller who is working on the VIC project and I'm planning for VIC integration. Main goal would be to have VIC with all it's benefits (e.g. vSphere Storage and Networking) to be fully integrated within Coopto. Since VIC claims to be Docker API compatible the challanges here are more of vSphere nature (having the workflows basicly do everything e.g. provision a vVOL for you once you create a new container and so on).


Since I'm not sure what functionality will be provided by VIC yet (had no time to dig in deeper, but bintray has a alpha available already) I'll have to go for that first and adopt workflows for it. I had plans to integrate Flocker a while ago but using vSphere datastores along with VIC makes kinda more sense in a vRO context right now. Using Docker Volumes will make it possible to expose a generic volume interface, so in theory you should be free to use whatever storage you like. The benefit with VIC and vSphere datastores would be that it'll handle the mangement of your datastore infrastructure for you as well. Ahhh, so much stuff, so little time 😕


So long story short: I'm working on it but it'll probably take a while till you see a new version. Unfortunately open source dosn't pay the bills 😞


Reply
0 Kudos