What's in the Release Notes
- Download Binaries
- Installation and Upgrade
- Using vSphere Integrated Containers
- Changes
- New Features
- Enhancements
- Resolved Issues
- Known Issues
- Open Source Components
Download Binaries
Official vSphere Integrated Containers release: http://www.vmware.com/go/download-vic
Open-source vSphere Integrated Containers Engine project: https://github.com/vmware/vic/archive/v1.5.6.zip
Installation and Upgrade
- For instructions about how to deploy and upgrade the vSphere Integrated Containers appliance, see Deploy the vSphere Integrated Containers Appliance and Upgrade the vSphere Integrated Containers Appliance.
- For instructions about how to deploy and upgrade virtual container hosts, see Deploy Virtual Container Hosts and Upgrade Virtual Container Hosts.
Using vSphere Integrated Containers
For more details on using vSphere Integrated Containers see the end user documentation at https://vmware.github.io/vic-product/#documentation.
- Overview of vSphere Integrated Containers
- vSphere Integrated Containers for vSphere Administrators
- vSphere Integrated Containers Management Portal Administration
- Using vSphere Integrated Containers as a DevOps Administrator, Developer, or Viewer
- Developing Applications with vSphere Integrated Containers
Changes
New Features
vSphere Integrated Containers 1.5.6 includes the following new features:
- Support for vCenter Server version 7.0u1.
- TLS 1.1 is disabled. TLS 1.2 has already been supported for several releases. Read more.
Enhancements
vSphere Integrated Containers Engine 1.5.6 includes the bug fixes listed in Resolved Issues below.
Resolved Issues
The following issues that were documented as known issues in previous releases or reported by customers have been fixed in v1.5.6:
docker-compose up -d
fails when network already exists. #6405
Full list of changes from 1.5.5.
See also the resolved issues for each of the other vSphere Integrated Containers components:
- vSphere Integrated Containers Appliance
- vSphere Integrated Containers Registry
- vSphere Integrated Containers Management Portal
- vSphere Integrated Containers Plug-In for vSphere Client
Known Issues
vSphere Integrated Containers 1.5.6 has the same known issues as v1.5.5.
Workaround: Use the same approach as was necessary before Docker changed the behavior:
Attempts to change operations user permissions with Workaround: In the vSphere Client, go to Administration -> Roles and delete every role that begins with Deleting multiple VCHs fails. #7020 Workaround: Try the delete operation again.
Schema 2 image manifests not supported. #5187 Container VMs deleted between upgrading and rolling back an upgrade on a VCH show up in Workaround: Restart the VCH endpoint VM in the vSphere Client.
Enabling content trust in Management Portal does not work if a VCH is in whitelist mode. #6258 Occasional disconnection during vMotion. #4484 Workaround: Perform Using volume labels with Workaround: Set the volume driver explicitly as vSphere Integrated Containers Management Portal cannot pull images from an insecure vSphere Integrated Containers instance when creating a container using vSphere Integrated Containers Engine. #4706 Workarounds: Specify the vSphere Integrated Containers Registry port when you set the Image store is in the wrong directory if the datastore already has a directory with the same name. #3365 Deployment with static IP takes a long time. #3436 Firewall status delayed on vCenter Server. #3139 Workaround: Wait a few minutes and run View all
docker exec
should use working directory of container image by default . #8166docker exec
was updated to use the container image working directory as part of the shift to containerd
. vSphere Integrated Containers does not yet implement the exec -w
option, so does not behave consistently with Docker.
sh -c "cd /desired/dir && command-to-run
vic-machine configure
do not roll back in the event of a failure. #7814
Changes to the operations user that are made during a failed vic-machine configure
operation persist even after a rollback.
vch
. WARNING: Only perform this workaround if there are no other VCHs running in vCenter Server that are configured with an operations user, as this removes the roles for all VCHs that are running in that vCenter Server instance.
Deleting multiple VCHs at the same time fails with one of the following errors:
vic/pkg/trace.(*Operation).Err: vic-machine-linux error: context deadline exceeded
.
ServerFaultCode: The method is disabled by 'VIC'
vic-machine debug --rootpw
option enables SSH. #6402
If you specify the vic-machine debug --rootpw
option without also specifying --enable-ssh
, SSH access to the VCH is still enabled. This behavior is incorrect and will be fixed in a future release.
vSphere Integrated Containers Engine does not support pulling images that only have schema 2 image manifests. If an image registry offers only the schema 2 manifest for an image, pull
operations fail. This is most commonly seen when pulling an image by digest.
docker ps
. #5754
If you upgrade a VCH, perform vic-machine delete
on container VMs, then use vic-machine upgrade --rollback
to revert the VCH to the previous version, the cache information in the VCH is reverted. However, the deleted container VM cannot be reverted, so if you run docker ps
, the deleted container VMs are listed.
docker diff
does not fully work with all containers. #6059
Running docker diff
on certain containers, for example postgres
, results in Error response from daemon: Server error from portlayer: Server error from portlayer: Server error from archive reader for device
.
docker info
does not report secure registries. #6256
Running docker info
on a VCH reports any registries that you have whitelisted, but does not report secure registries that you specified with vic-machine create --registry-ca
.
If you install a VCH with whiltelist mode enabled, attempting to a enable content trust on a vSphere Integrated Containers Registry in Management Portal does not update the whitelist, and you cannot pull from that registry.
If you are attached to a container VM that is migrated by vMotion, the SSH connection to the container VM might drop when vMotion completes.
docker attach
after the vMotion completes to reattach to the container.
docker-compose
causes a plugin error. #4540
Setting a label in a volume in the Docker compose YML file results in error looking up volume plugin : plugin not found
.
local
or vsphere
in the compose file. E.g.,
volumes:
volume_with_label:
driver: local
Creating a container in vSphere Integrated Containers Management Portal with vSphere Integrated Containers Engine as the only Docker host results in the error certificate signed by unknown authority
.
vic-machine create--insecure-registry
option, or provide a CA certificate in the --registry-ca
option.
If the datastore already has a directory with the same name as the VCH, and the directory does not have a VM, vic-machine creates the VCH correctly names the folder a slightly different name. Example, folder "test_1" with vch named "test". The kvstore is located in "test_1" folder correctly, but image files are still in the "test" directory.
If you deploy a VCH with a static IP, the deployment might take longer than expected, resulting in timeouts.
Workaround: Increase the timeout for the deployment when using static IP.
If you update the firewall rules on an ESXi host to allow access from specific IP addresses, and if that host is managed by vCenter Server, there might be a delay before vCenter Server takes the updated firewall rule into account. In this case, vCenter Server continues to use the old configuration for an indeterminate amount of time after you have made the update. vic-machine create
can successfully deploy a VCH with an address that you have blocked, or else fail when you deploy a VCH with an address that you have permitted.
vic-machine create
again.
docker: Failed to fetch image blob: weblogic/test_domain/sha256:3bf21a5a3fdf6586732efc8c64581ae1b4c75e342b210c1b6f799a64bffd7924 returned download failed: write /tmp/3bf21a5a3fdf346188145: no space left on device.
Workaround: Deploy the virtual container host with --endpoint-memory=4096
which increases the appliance memory configuration.
vSphere Integrated Containers only attempts to pull the latest tagged images.
The system attempts to restart a finite number of times, then reports an error, leaving the VCH up and running to download logs. Instead, VCH immediately reboots.
Error response from daemon: scope type not supported
The VCH cannot get an IP address on the management network or does not have a route to the specified target.
docker pull
results an "already exists" error #1409
If a context deadline exceeded error occurs on the port layer while performing an image pull, it causes an inconsistent state for the image. Pulls can also take a very long time with a slow network connection.
See also the known issues for each of the vSphere Integrated Containers components:
- vSphere Integrated Containers Appliance
- vSphere Integrated Containers Registry
- vSphere Integrated Containers Management Portal
- vSphere Integrated Containers Plug-In for vSphere Client
Open Source Components
The copyright statements and licenses applicable to the open source software components distributed in vSphere Integrated Containers Engine are available in the LICENSE file.