vSphere Integrated Containers 1.3 – Part 1, VIC Installation

In this series of post, we’re going to deploy and configure VIC 1.3. Keep in mind, my LAB environment is not very complex so my setup will be pretty basic. My main goal here is really just to be able to deploy some container VM’s through vRA. The full documentation for VIC Install and Config is located at the link below. I would certainly follow the official VMware deployment guide if you plan on deploying this in a Production environment.

The first step is of course to download and deploy the VIC OVA. I did not document that process. It’s a normal OVA deployment, so pretty straight forward.

The next step is to crank up the new VIC VM you just created from the OVA deployment. If you did not change the port assignment in the OVA setup, your Getting Started port will be 9443 and the Admin port will be 8282.

It may take it a few minutes to fully startup (mine seemed to take about 3-5 min), but keep hitting the getting started page/port until you see this pop-up:

Enter your vCenter information and hit continue to initialize the configuration. Now we need to deploy the VIC engine bundle. This can be dowloaded to any machine that you will use to manage your infrastructure. In my case, I’m just going to download it to my Mac.

Download the Zip file and unpack it, you will be left with a directory that looks like the one below. The command you will use for future commands depends on the OS you’re on, so for me it will be “vic-machine-darwin” since I’m on a Mac. We’ll be using these commands quite a bit, so you’ll get to know them pretty well.

More info on these files and what they all do is here: https://vmware.github.io/vic-product/assets/files/html/1.3/vic_vsphere_admin/vic_engine_bundle.html

One thing we need to do next is open the required firewall ports on the ESXi Hosts. Port 2337 and 443 need to be open or we will not be able to communicate with the virtual container hosts (VCH). We can do this using the commands we just talked about above. This is the command you can run against the vCenter Server to open all the required ports. You can also run this against your ESXi hosts individually instead of hitting your vCenter Server, see documentation for those commands as they are different.

$ vic-machine-operating_system update firewall
--target vcenter_server_address/datacenter
--user "Administrator@vsphere.local"
--password vcenter_server_password
--compute-resource cluster_name
--thumbprint thumbprint

Helpful hint: Run this command without the “—thumbprint” line and it will actually return the thumbprint you need. The command and the resulting output would look like this:

Now that you have the vCenter thumbprint, run the command again with all required info and it should open all the required ports. If you do not see it successfully open the ports, you may need to go back and check your command syntax.

Next we need to install the Plugin into the vSphere Client. This is pretty easy and the Official Docs actually lay this out pretty well so I’m just going to point you there. See here for the steps to follow to get the Plugin installed:

You can confirm that it worked by going to your HTML5 vSphere Web Client. You should now see the VIC Shortcut in your inventory.

And last, but not least we need to create a new distributed portgroup for the VIC Bridge network(s). This is the network that the container VM’s will use to communicate with each other. By default this network range is the standard docker range of, but this can be changed if that range is already in use in your network. You will create 1 bridge network per VCH that you plan on deploying, and you should tag those with VLANs to keep traffic separated. You could technically use the same bridge network across multiple VCHs, but you could end up with container VM’s with IP address conflicts so it is not recommended.

In my case, I will probably deploy 2 VCH’s, so I created 2 distributed port groups (vch1-bridge and vch2-bridge) and I tagged them as VLAN 1001 and 1002.

VIC Networking can get complicated, so this is a worthwhile read on containers and networking.

This concludes Part 1! VIC is now installed and we’re ready to deploy some container hosts… we’ll cover that in Part 2 of this series.

Leave a Reply

%d bloggers like this: