vmware/vic v1.5.6

vSphere Integrated Containers Engine v1.5.6

on GitHub

docker exec should use working directory of container image by default . #8166
docker exec was updated to use the container image working directory as part of the shift to containerd. vSphere Integrated Containers does not yet implement the exec -w option, so does not behave consistently with Docker.

Workaround: Use the same approach as was necessary before Docker changed the behavior:

sh -c "cd /desired/dir && command-to-run

Attempts to change operations user permissions with vic-machine configure do not roll back in the event of a failure. #7814
Changes to the operations user that are made during a failed vic-machine configure operation persist even after a rollback.

Workaround: In the vSphere Client, go to Administration -> Roles and delete every role that begins with vch. WARNING: Only perform this workaround if there are no other VCHs running in vCenter Server that are configured with an operations user, as this removes the roles for all VCHs that are running in that vCenter Server instance.

Deleting multiple VCHs fails. #7020
Deleting multiple VCHs at the same time fails with one of the following errors:

• vic/pkg/trace.(*Operation).Err: vic-machine-linux error: context deadline exceeded.
• ServerFaultCode: The method is disabled by 'VIC'

Workaround: Try the delete operation again.

vic-machine debug --rootpw option enables SSH. #6402
If you specify the vic-machine debug --rootpw option without also specifying --enable-ssh, SSH access to the VCH is still enabled. This behavior is incorrect and will be fixed in a future release.

Schema 2 image manifests not supported. #5187
vSphere Integrated Containers Engine does not support pulling images that only have schema 2 image manifests. If an image registry offers only the schema 2 manifest for an image, pull operations fail. This is most commonly seen when pulling an image by digest.

Container VMs deleted between upgrading and rolling back an upgrade on a VCH show up in docker ps. #5754
If you upgrade a VCH, perform vic-machine delete on container VMs, then use vic-machine upgrade --rollback to revert the VCH to the previous version, the cache information in the VCH is reverted. However, the deleted container VM cannot be reverted, so if you run docker ps, the deleted container VMs are listed.

Workaround: Restart the VCH endpoint VM in the vSphere Client.

docker diff does not fully work with all containers. #6059
Running docker diff on certain containers, for example postgres, results in Error response from daemon: Server error from portlayer: Server error from portlayer: Server error from archive reader for device.

docker info does not report secure registries. #6256
Running docker info on a VCH reports any registries that you have whitelisted, but does not report secure registries that you specified with vic-machine create --registry-ca.

Enabling content trust in Management Portal does not work if a VCH is in whitelist mode. #6258
If you install a VCH with whiltelist mode enabled, attempting to a enable content trust on a vSphere Integrated Containers Registry in Management Portal does not update the whitelist, and you cannot pull from that registry.

Occasional disconnection during vMotion. #4484
If you are attached to a container VM that is migrated by vMotion, the SSH connection to the container VM might drop when vMotion completes.

Workaround: Perform docker attach after the vMotion completes to reattach to the container.

Using volume labels with docker-compose causes a plugin error. #4540
Setting a label in a volume in the Docker compose YML file results in error looking up volume plugin : plugin not found.

Workaround: Set the volume driver explicitly as local or vsphere in the compose file. E.g.,

volumes:
  volume_with_label:
    driver: local

vSphere Integrated Containers Management Portal cannot pull images from an insecure vSphere Integrated Containers instance when creating a container using vSphere Integrated Containers Engine. #4706
Creating a container in vSphere Integrated Containers Management Portal with vSphere Integrated Containers Engine as the only Docker host results in the error certificate signed by unknown authority.

Workarounds: Specify the vSphere Integrated Containers Registry port when you set the vic-machine create--insecure-registry option, or provide a CA certificate in the --registry-ca option.

Image store is in the wrong directory if the datastore already has a directory with the same name. #3365
If the datastore already has a directory with the same name as the VCH, and the directory does not have a VM, vic-machine creates the VCH correctly names the folder a slightly different name. Example, folder "test_1" with vch named "test". The kvstore is located in "test_1" folder correctly, but image files are still in the "test" directory.

Deployment with static IP takes a long time. #3436
If you deploy a VCH with a static IP, the deployment might take longer than expected, resulting in timeouts.
Workaround: Increase the timeout for the deployment when using static IP.

Firewall status delayed on vCenter Server. #3139
If you update the firewall rules on an ESXi host to allow access from specific IP addresses, and if that host is managed by vCenter Server, there might be a delay before vCenter Server takes the updated firewall rule into account. In this case, vCenter Server continues to use the old configuration for an indeterminate amount of time after you have made the update. vic-machine create can successfully deploy a VCH with an address that you have blocked, or else fail when you deploy a VCH with an address that you have permitted.

Workaround: Wait a few minutes and run vic-machine create again.