vSphere Integrated Containers Engine Version v1.4.1

What's in the Release Notes

• Download Binaries
• Installation and Upgrade
• Using vSphere Integrated Containers
• Changes
  • New Features
  • Enhancements
  • Resolved Issues
• Known Issues
• Open Source Components

Download Binaries

• Official vSphere Integrated Containers release: http://www.vmware.com/go/download-vic
• Open-source vSphere Integrated Containers Engine project: https://storage.googleapis.com/vic-engine-releases/vic_v1.4.1.tar.gz

Installation and Upgrade

• For instructions about how to deploy and upgrade the vSphere Integrated Containers appliance, see Deploy the vSphere Integrated Containers Appliance and Upgrade the vSphere Integrated Containers Appliance.
• For instructions about how to deploy and upgrade virtual container hosts, see Deploy Virtual Container Hosts and Upgrade Virtual Container Hosts.

Using vSphere Integrated Containers

For more details on using vSphere Integrated Containers see the end user documentation at https://vmware.github.io/vic-product/#documentation.

• Overview of vSphere Integrated Containers
• vSphere Integrated Containers for vSphere Administrators
• vSphere Integrated Containers Management Portal Administration
• Using vSphere Integrated Containers as a DevOps Administrator, Developer, or Viewer
• Developing Applications with vSphere Integrated Containers

Changes

Full list of changes from 1.4.0.

New Features

This release includes the enhancements and bug fixes listed below.

Enhancements

This release includes the following enhancements to existing features:

• Added the ability to manage use of DRS VM affinity groups for existing VCHs using vic-machine configure.

Resolved Issues

The following issues that were documented as known issues in previous releases or reported by customers have been fixed in v1.4.1:

• docker exec always returns 0 and ignores the exit code of processes. #5692
  docker exec always returns 0, even if you specify -it. This issue is potentially due to a delay in vSphere host synchronization. If you configure command-based health checks in vSphere Integrated Containers Management Portal, the health checks are always successful for containers that are provisioned on affected VCHs, even if the user-specified command does not exist in the scope of the container. This is because command-based health checks are considered to be successful if the exit code of that command is 0.
• Concurrent docker exec on the same container causes conflict errors. #7410 (mitigation, not full fix)
  Concurrent dispatch of docker exec returns conflict errors. These errors are expected when multiple operations attempt to modify a containerVM at once; at least one should succeed, with the group as a whole making progress until all are cleanly dispatched. A combination of low level behaviours prevent that consistent progress from occurring, some of which are still under investigation or require work beyond the scope of a patch release to address.
  The 1.4.1 patch release includes some fixes and a change that serializes the initial dispatch of exec against the same container to mitigate this problem. It is only the dispatch of exec that is serialized, not the execution of them. Testing has been done up to 30 concurrent execs, but it's highly recommended to keep the number low. The time to complete a given number of execs is highly dependent on infrastructure and load, and some clients have been observed to hit HTTP connection timeouts if blocked for long during this operation.

Additionally, the following other issues have been addressed:

• Manually-configured DNS servers now override DHCP-provided DNS servers. #7824
  Previously, DNS servers configured on a VCH were combined with DNS servers provided via DHCP.
• Increased the maximum number of memory maps a container may use. #7790
  Previously, the maximum number of memory maps was limited to 65530. This was insufficient for some workloads (such as Elasticsearch).

See also the resolved issues for each of the other vSphere Integrated Containers components:

• vSphere Integrated Containers Appliance
• vSphere Integrated Containers Registry
• vSphere Integrated Containers Management Portal
• vSphere Integrated Containers Plug-In for vSphere Client

Known Issues

With the exception of issues resolved above, and the new known issue below, v1.4.1 has the same known issues as v1.4.0.

• NFS volume stores do not support FQDN. #8043
  When using FQDN to identify NFS shares, it is not possible to set a DNS-Search-List. Container VMs fail to start, with the error docker: Error response from daemon: Server error from portlayer: unable to wait for process launch status: container VM has unexpectedly powered off.

  Workaround: Always use IP addresses for NFS shares.

View all

• Create Virtual Container Host wizard plugin throws a parsing error when you specify only the gateway for the management or client networks. #7602
  When you provide a gateway for the management or client network, it is mandatory to provide at least one routing destination. The Create Virtual Container Host wizard does not conform to this behavior and has two separate fields for the Gateway and Routing destinations. If you do not fill in both the fields correctly, the wizard reports a parsing error.

• Attempts to change operations user permissions with vic-machine configure do not roll back in the event of a failure. #7814
  Changes to the operations user that are made during a failed vic-machine configure operation persist even after a rollback.

  Workaround: In the vSphere Client, go to Administration -> Roles and delete every role that begins with vch. WARNING: Only perform this workaround if there are no other VCHs running in vCenter Server that are configured with an operations user, as this removes the roles for all VCHs that are running in that vCenter Server instance.

• Containers time out while starting with the error context deadline exceeded. #4294
  When this occurs the container VM is not powered off but is left in the Starting state, and might not have a configured network interface. Also, docker-compose and other tools that perform operations based on container state might not handle starting correctly. In the case of docker-compose it does not stop the container before trying to remove it.

• Container start failure handled inconsistently. #4294

• Deleting multiple VCHs fails. #7020
  Deleting multiple VCHs at the same time fails with one of the following errors:

  • vic/pkg/trace.(*Operation).Err: vic-machine-linux error: context deadline exceeded.
  • ServerFaultCode: The method is disabled by 'VIC'

  Workaround: Try the delete operation again.

• vic-machine debug --rootpw option enables SSH. #6402
  If you specify the vic-machine debug --rootpw option without also specifying --enable-ssh, SSH access to the VCH is still enabled. This behavior is incorrect and will be fixed in a future release.
• Gateway information is missing from docker inspect. #6010
  If you configured a container network on a VCH, if this network uses DHCP, and if you did not specify --container-network-gateway, the gateway is configured correctly but does not show up in the output of docker inspect commands that are run on containers on that network.
• Schema 2 image manifests not supported. #5187
  vSphere Integrated Containers Engine does not support pulling images that only have schema 2 image manifests. If an ima...

vSphere Integrated Containers Engine Version v1.4.1-rc2

What's in the Release Notes

• Download Binaries
• Installation and Upgrade
• Using vSphere Integrated Containers
• Changes
  • New Features
  • Enhancements
  • Resolved Issues
• Known Issues
• Open Source Components

Download Binaries

• Official vSphere Integrated Containers release: http://www.vmware.com/go/download-vic
• Open-source vSphere Integrated Containers Engine project: https://storage.googleapis.com/vic-engine-releases/vic_v1.4.1-rc2.tar.gz

Installation and Upgrade

• For instructions about how to deploy and upgrade the vSphere Integrated Containers appliance, see Deploy the vSphere Integrated Containers Appliance and Upgrade the vSphere Integrated Containers Appliance.
• For instructions about how to deploy and upgrade virtual container hosts, see Deploy Virtual Container Hosts and Upgrade Virtual Container Hosts.

Using vSphere Integrated Containers

For more details on using vSphere Integrated Containers see the end user documentation at https://vmware.github.io/vic-product/#documentation.

• Overview of vSphere Integrated Containers
• vSphere Integrated Containers for vSphere Administrators
• vSphere Integrated Containers Management Portal Administration
• Using vSphere Integrated Containers as a DevOps Administrator, Developer, or Viewer
• Developing Applications with vSphere Integrated Containers

Changes

Full list of changes from 1.4.0.

See also:

• v1.4.1 information for vSphere Client Plug-Ins.

New Features

This release includes the enhancements and bug fixes listed below.

Enhancements

This release includes the following enhancements to existing features:

• Added the ability to manage use of DRS VM affinity groups for existing VCHs using vic-machine configure.

Resolved Issues

The following issues that were documented as known issues in previous releases or reported by customers have been fixed in v1.4.1-rc1 and v1.4.1-rc2:

• docker exec always returns 0 and ignores the exit code of processes. #5692
  docker exec always returns 0, even if you specify -it. This issue is potentially due to a delay in vSphere host synchronization. If you configure command-based health checks in vSphere Integrated Containers Management Portal, the health checks are always successful for containers that are provisioned on affected VCHs, even if the user-specified command does not exist in the scope of the container. This is because command-based health checks are considered to be successful if the exit code of that command is 0.
• Concurrent docker exec on the same container causes conflict errors. #7410 (mitigation, not full fix)
  Concurrent dispatch of docker exec returns conflict errors. These errors are expected when multiple operations attempt to modify a containerVM at once; at least one should succeed, with the group as a whole making progress until all are cleanly dispatched. A combination of low level behaviours prevent that consistent progress from occurring, some of which are still under investigation or require work beyond the scope of a patch release to address.
  The 1.4.1 patch release includes some fixes and a change that serializes the initial dispatch of exec against the same container to mitigate this problem. It is only the dispatch of exec that is serialized, not the execution of them. Testing has been done up to 30 concurrent execs, but it's highly recommended to keep the number low. The time to complete a given number of execs is highly dependent on infrastructure and load, and some clients have been observed to hit HTTP connection timeouts if blocked for long during this operation.

Additionally, the following other issues have been addressed:

• Manually-configured DNS servers now override DHCP-provided DNS servers. #7824
  Previously, DNS servers configured on a VCH were combined with DNS servers provided via DHCP.
• Increased the maximum number of memory maps a container may use. #7790
  Previously, the maximum number of memory maps was limited to 65530. This was insufficient for some workloads (such as Elasticsearch).

See also the resolved issues for each of the other vSphere Integrated Containers components:

• vSphere Integrated Containers Appliance
• vSphere Integrated Containers Registry
• vSphere Integrated Containers Management Portal
• vSphere Integrated Containers Plug-In for vSphere Client

Known Issues

With the exception of issues resolved above, v1.4.1-rc2 has the same known issues as v1.4.0.

View all

• Create Virtual Container Host wizard plugin throws a parsing error when you specify only the gateway for the management or client networks. #7602
  When you provide a gateway for the management or client network, it is mandatory to provide at least one routing destination. The Create Virtual Container Host wizard does not conform to this behavior and has two separate fields for the Gateway and Routing destinations. If you do not fill in both the fields correctly, the wizard reports a parsing error.

• Attempts to change operations user permissions with vic-machine configure do not roll back in the event of a failure. #7814
  Changes to the operations user that are made during a failed vic-machine configure operation persist even after a rollback.

  Workaround: In the vSphere Client, go to Administration -> Roles and delete every role that begins with vch. WARNING: Only perform this workaround if there are no other VCHs running in vCenter Server that are configured with an operations user, as this removes the roles for all VCHs that are running in that vCenter Server instance.

• Containers time out while starting with the error context deadline exceeded. #4294
  When this occurs the container VM is not powered off but is left in the Starting state, and might not have a configured network interface. Also, docker-compose and other tools that perform operations based on container state might not handle starting correctly. In the case of docker-compose it does not stop the container before trying to remove it.

• Container start failure handled inconsistently. #4294

• Deleting multiple VCHs fails. #7020
  Deleting multiple VCHs at the same time fails with one of the following errors:

  • vic/pkg/trace.(*Operation).Err: vic-machine-linux error: context deadline exceeded.
  • ServerFaultCode: The method is disabled by 'VIC'

  Workaround: Try the delete operation again.

• vic-machine debug --rootpw option enables SSH. #6402
  If you specify the vic-machine debug --rootpw option without also specifying --enable-ssh, SSH access to the VCH is still enabled. This behavior is incorrect and will be fixed in a future release.
• Gateway information is missing from docker inspect. #6010
  If you configured a container network on a VCH, if this network uses DHCP, and if you did not specify --container-network-gateway, the gateway is configured correctly but does not show up in the output of docker inspect commands that are run on containers on that network.
• Schema 2 image manifests not supported. #5187
  vSphere Integrated Containers Engine does not support pulling images that only have schema 2 image manifests. If an image registry offers only the schema 2 manifest for an image, pull operations fail. This is most commonly seen when pulling an image by digest.
• Container VMs deleted between upgrading and rolling back an upgrade on a VCH show up in docker ps. #5754
  If you upgrade a ...

vSphere Integrated Containers Engine Version v1.4.1-rc1

What's in the Release Notes

• Download Binaries
• Installation and Upgrade
• Using vSphere Integrated Containers
• Changes
  • New Features
  • Enhancements
  • Resolved Issues
• Known Issues
• Open Source Components

Download Binaries

• Official vSphere Integrated Containers release: http://www.vmware.com/go/download-vic
• Open-source vSphere Integrated Containers Engine project: https://storage.googleapis.com/vic-engine-releases/vic_v1.4.1-rc1.tar.gz

Installation and Upgrade

• For instructions about how to deploy and upgrade the vSphere Integrated Containers appliance, see Deploy the vSphere Integrated Containers Appliance and Upgrade the vSphere Integrated Containers Appliance.
• For instructions about how to deploy and upgrade virtual container hosts, see Deploy Virtual Container Hosts and Upgrade Virtual Container Hosts.

Using vSphere Integrated Containers

For more details on using vSphere Integrated Containers see the end user documentation at https://vmware.github.io/vic-product/#documentation.

• Overview of vSphere Integrated Containers
• vSphere Integrated Containers for vSphere Administrators
• vSphere Integrated Containers Management Portal Administration
• Using vSphere Integrated Containers as a DevOps Administrator, Developer, or Viewer
• Developing Applications with vSphere Integrated Containers

Changes

Full list of changes from 1.4.0.

See also:

• v1.4.1 information for vSphere Client Plug-Ins.

New Features

This release includes the enhancements and bug fixes listed below.

Enhancements

This release includes the following enhancements to existing features:

• Added the ability to manage use of DRS VM affinity groups for existing VCHs using vic-machine configure.

Resolved Issues

The following issues that were documented as known issues in previous releases or reported by customers have been fixed in v1.4.1-rc1:

• docker exec always returns 0 and ignores the exit code of processes. #5692
  docker exec always returns 0, even if you specify -it. This issue is potentially due to a delay in vSphere host synchronization. If you configure command-based health checks in vSphere Integrated Containers Management Portal, the health checks are always successful for containers that are provisioned on affected VCHs, even if the user-specified command does not exist in the scope of the container. This is because command-based health checks are considered to be successful if the exit code of that command is 0.

Additionally, the following other issues have been addressed:

• Manually-configured DNS servers now override DHCP-provided DNS servers. #7824
  Previously, DNS servers configured on a VCH were combined with DNS servers provided via DHCP.

See the resolved issues for each of the vSphere Integrated Containers components:

• vSphere Integrated Containers Appliance
• vSphere Integrated Containers Registry
• vSphere Integrated Containers Management Portal
• vSphere Integrated Containers Plug-In for vSphere Client

Known Issues

With the exception of issues resolved above, v1.4.1-rc1 has the same known issues as v1.4.0.

View all

• Create Virtual Container Host wizard plugin throws a parsing error when you specify only the gateway for the management or client networks. #7602
  When you provide a gateway for the management or client network, it is mandatory to provide at least one routing destination. The Create Virtual Container Host wizard does not conform to this behavior and has two separate fields for the Gateway and Routing destinations. If you do not fill in both the fields correctly, the wizard reports a parsing error.

• Attempts to change operations user permissions with vic-machine configure do not roll back in the event of a failure. #7814
  Changes to the operations user that are made during a failed vic-machine configure operation persist even after a rollback.

  Workaround: In the vSphere Client, go to Administration -> Roles and delete every role that begins with vch. WARNING: Only perform this workaround if there are no other VCHs running in vCenter Server that are configured with an operations user, as this removes the roles for all VCHs that are running in that vCenter Server instance.

• Containers time out while starting with the error context deadline exceeded. #4294
  When this occurs the container VM is not powered off but is left in the Starting state, and might not have a configured network interface. Also, docker-compose and other tools that perform operations based on container state might not handle starting correctly. In the case of docker-compose it does not stop the container before trying to remove it.

• Container start failure handled inconsistently. #4294

• Deleting multiple VCHs fails. #7020
  Deleting multiple VCHs at the same time fails with one of the following errors:

  • vic/pkg/trace.(*Operation).Err: vic-machine-linux error: context deadline exceeded.
  • ServerFaultCode: The method is disabled by 'VIC'

  Workaround: Try the delete operation again.

• vic-machine debug --rootpw option enables SSH. #6402
  If you specify the vic-machine debug --rootpw option without also specifying --enable-ssh, SSH access to the VCH is still enabled. This behavior is incorrect and will be fixed in a future release.

• Gateway information is missing from docker inspect. #6010
  If you configured a container network on a VCH, if this network uses DHCP, and if you did not specify --container-network-gateway, the gateway is configured correctly but does not show up in the output of docker inspect commands that are run on containers on that network.

• Schema 2 image manifests not supported. #5187
  vSphere Integrated Containers Engine does not support pulling images that only have schema 2 image manifests. If an image registry offers only the schema 2 manifest for an image, pull operations fail. This is most commonly seen when pulling an image by digest.

• Container VMs deleted between upgrading and rolling back an upgrade on a VCH show up in docker ps. #5754
  If you upgrade a VCH, perform vic-machine delete on container VMs, then use vic-machine upgrade --rollback to revert the VCH to the previous version, the cache information in the VCH is reverted. However, the deleted container VM cannot be reverted, so if you run docker ps, the deleted container VMs are listed.

  Workaround: Restart the VCH endpoint VM in the vSphere Client.

• docker diff does not fully work with all containers. #6059
  Running docker diff on certain containers, for example postgres, results in Error response from daemon: Server error from portlayer: Server error from portlayer: Server error from archive reader for device.

• docker info does not report secure registries. #6256
  Running docker info on a VCH reports any registries that you have whitelisted, but does not report secure registries that you specified with vic-machine create --registry-ca.

• Enabling content trust in Management Portal does not work if a VCH is in whitelist mode. #6258
  If you install a VCH with whiltelist mode enabled, attempting to a enable content trust on a vSphere Integrated Containers Registry in Management Portal does not update the whitelist, and you cannot pull from that registry.

• Publishing all exposed ports to ra...

vSphere Integrated Containers Engine Version v1.4.0

Changes from 1.3.1

What's in the Release Notes

• New Features
• Download Binaries
• Installation and Upgrade
• Using vSphere Integrated Containers
• Resolved Issues
• Known Issues
• Open Source Components

New Features

vSphere Integrated Containers appliance 1.4.0 includes the following new features in this release:

• Added the ability to add VCHs to DRS VM affinity groups. Read more.
• Softened the requirement for DRS to be enabled on clusters on which you deploy VCHs. Read more.
• Support for vSphere 6.7. Read more.
• Support for VMware vSphere Remote Office Branch Office (ROBO) Advanced deployments. Read more.
• Bug fixes listed in Resolved Issues below.

Download Binaries

• Official vSphere Integrated Containers release: http://www.vmware.com/go/download-vic
• Open-source vSphere Integrated Containers Engine project: https://storage.googleapis.com/vic-engine-releases/vic_v1.4.0.tar.gz

Installation and Upgrade

• For instructions about how to deploy and upgrade the vSphere Integrated Containers appliance, see Deploy the vSphere Integrated Containers Appliance and Upgrade the vSphere Integrated Containers Appliance.
• For instructions about how to deploy and upgrade virtual container hosts, see Deploy Virtual Container Hosts and Upgrade Virtual Container Hosts.

Using vSphere Integrated Containers

For more details on using vSphere Integrated Containers see the end user documentation at https://vmware.github.io/vic-product/#documentation.

• Overview of vSphere Integrated Containers
• vSphere Integrated Containers for vSphere Administrators
• vSphere Integrated Containers Management Portal Administration
• Using vSphere Integrated Containers as a DevOps Administrator, Developer, or Viewer
• Developing Applications with vSphere Integrated Containers

Resolved Issues

The following issues that were documented as known issues in previous releases or reported by customers have been fixed in 1.4.0:

• Failed upgrades create multiple snapshots. #7083
  If upgrade fails, the snapshot that is taken prior to the attempted upgrade is retained. Multiple attempts to upgrade can lead to multiple snapshots being created.
• Docker exec following a docker restart of a node container results in unknown task ID error. #6370
• Deleting multiple VCHs fails. #6079
  Deleting multiple VCHs at the same time fails with one of the following errors:
  • vic/pkg/trace.(*Operation).Err: vic-machine-linux error: context deadline exceeded.
  • ServerFaultCode: The method is disabled by 'VIC'
• IP range error while powering on containers. #6851
  Powering on container VMs results in the error Server error from portlayer: could not find IP range.
• vic-machine and VCH do not support creation of resources within inventory folders. #3619

See also the resolved issues sections of the release notes for each of the other vSphere Integrated Containers components:

• vSphere Integrated Containers Appliance
• vSphere Integrated Containers Registry
• vSphere Integrated Containers Management Portal
• vSphere Integrated Containers Plug-In for vSphere Client

Known Issues

• NFS volume stores do not support FQDN. #8043
  When using FQDN to identify NFS shares, it is not possible to set a DNS-Search-List. Container VMs fail to start, with the error docker: Error response from daemon: Server error from portlayer: unable to wait for process launch status: container VM has unexpectedly powered off.

  Workaround: Always use IP addresses for NFS shares.

• Create Virtual Container Host wizard plugin throws a parsing error when you specify only the gateway for the management or client networks. #7602
  When you provide a gateway for the management or client network, it is mandatory to provide at least one routing destination. The Create Virtual Container Host wizard does not conform to this behavior and has two separate fields for the Gateway and Routing destinations. If you do not fill in both the fields correctly, the wizard reports a parsing error.

• Attempts to change operations user permissions with vic-machine configure do not roll back in the event of a failure. #7814
  Changes to the operations user that are made during a failed vic-machine configure operation persist even after a rollback.

  Workaround: In the vSphere Client, go to Administration -> Roles and delete every role that begins with vch. WARNING: Only perform this workaround if there are no other VCHs running in vCenter Server that are configured with an operations user, as this removes the roles for all VCHs that are running in that vCenter Server instance.

• Containers time out while starting with the error context deadline exceeded. #4294
  When this occurs the container VM is not powered off but is left in the Starting state, and might not have a configured network interface. Also, docker-compose and other tools that perform operations based on container state might not handle starting correctly. In the case of docker-compose it does not stop the container before trying to remove it.

• Container start failure handled inconsistently. #4294

• Deleting multiple VCHs fails. #7020
  Deleting multiple VCHs at the same time fails with one of the following errors:

  • vic/pkg/trace.(*Operation).Err: vic-machine-linux error: context deadline exceeded.
  • ServerFaultCode: The method is disabled by 'VIC'

  Workaround: Try the delete operation again.

• vic-machine debug --rootpw option enables SSH. #6402
  If you specify the vic-machine debug --rootpw option without also specifying --enable-ssh, SSH access to the VCH is still enabled. This behavior is incorrect and will be fixed in a future release.
• Gateway information is missing from docker inspect. #6010
  If you configured a container network on a VCH, if this network uses DHCP, and if you did not specify --container-network-gateway, the gateway is configured correctly but does not show up in the output of docker inspect commands that are run on containers on that network.
• Schema 2 image manifests not supported. #5187
  vSphere Integrated Containers Engine does not support pulling images that only have schema 2 image manifests. If an image registry offers only the schema 2 manifest for an image, pull operations fail. This is most commonly seen when pulling an image by digest.
• docker exec always returns 0 and ignores the exit code of processes. #5692
  docker exec always returns 0, even if you specify -it. This issue is potentially due to a delay in vSphere host synchronization. If you configure command-based health checks in vSphere Integrated Containers Management Portal, the health checks are always successful for containers that are provisioned on affected VCHs, even if the user-specified command does not exist in the scope of the container. This is because command-based health checks are considered to be successful if the exit code of that command is 0.
• Container VMs deleted between upgrading and rolling back an upgrade on a VCH show up in docker ps. [#5754](https://github.com...

vSphere Integrated Containers Engine Version 1.5.0 Dev

This release tagged with the dev tag for the master branch and future release version. It will also serve as the location for our pre-release software bundles.

vSphere Integrated Containers Engine Version v1.4.0-rc2

Changes from v1.3.1

Changes from v1.4.0-rc1

New Features

vSphere Integrated Containers Engine 1.4.0 includes the following new features in this release:

• Support for vSphere 6.7
• Support for vSphere Remote Office Branch Office (ROBO) Advanced
• Support for Host Affinity

Download Binaries

Open-source vSphere Integrated Containers Engine project: https://storage.googleapis.com/vic-engine-releases/vic_v1.4.0-rc2.tar.gz

Installation and Upgrade

• For instructions about how to deploy the vSphere Integrated Containers appliance, see Deploy the vSphere Integrated Containers Appliance.
• For instructions about how to upgrade an existing vSphere Integrated Containers appliance, see Upgrade the vSphere Integrated Containers Appliance.

Using vSphere Integrated Containers

For more details on using vSphere Integrated Containers see the end user documentation at https://vmware.github.io/vic-product/#documentation.

NOTE: This documentation is a work-in-progress and has not yet been fully updated for 1.4.0.

• Overview of vSphere Integrated Containers
• Install, Deploy, and Maintain the vSphere Integrated Containers Infrastructure
• Configure and Manage vSphere Integrated Containers
• Develop Container Applications with vSphere Integrated Containers

Open Source Components

The copyright statements and licenses applicable to the open source software components distributed in vSphere Integrated Containers Engine are available in the LICENSE file.

Resolved Issues

For the list of issues that were documented as known issues in previous releases or that were reported by customers, that have been fixed in 1.4.0, see the Resolved Issues for 1.4.0 RC1.

Known Issues

For the list of known issues in 1.4.0, , see the Known Issues for 1.4.0 RC1.

See also the release notes for each of the other vSphere Integrated Containers components.

• vSphere Integrated Containers Appliance
• vSphere Integrated Containers Registry
• vSphere Integrated Containers Plug-In for vSphere Client

vSphere Integrated Containers Engine Version v1.4.0-rc1

Changes from 1.3.1

New Features

vSphere Integrated Containers Engine 1.4.0 includes the following new features in this release:

• Support for vSphere 6.7
• Support for vSphere Remote Office Branch Office (ROBO) Advanced

Resolved Issues

The following issues that were documented as known issues in previous releases or reported by customers have been fixed in 1.4.0:

• Failed upgrades create multiple snapshots. #7083
  If upgrade fails, the snapshot that is taken prior to the attempted upgrade is retained. Multiple attempts to upgrade can lead to multiple snapshots being created.
• Docker exec following a docker restart of a node container results in unknown task ID error. #6370
• Deleting multiple VCHs fails. #6079
  Deleting multiple VCHs at the same time fails with one of the following errors:
  • vic/pkg/trace.(*Operation).Err: vic-machine-linux error: context deadline exceeded.
  • ServerFaultCode: The method is disabled by 'VIC'
• IP range error while powering on containers. #6851
  Powering on container VMs results in the error Server error from portlayer: could not find IP range.
• vic-machine and VCH do not support creation of resources within inventory folders. #3619

See also the resolved issues sections of the release notes for each of the other vSphere Integrated Containers components:

• vSphere Integrated Containers Appliance
• vSphere Integrated Containers Registry
• vSphere Integrated Containers Plug-In for vSphere Client

Known Issues

• Containers time out while starting with the error context deadline exceeded. #4294
  When this occurs the container VM is not powered off but is left in the Starting state, and might not have a configured network interface. Also, docker-compose and other tools that perform operations based on container state might not handle starting correctly. In the case of docker-compose it does not stop the container before trying to remove it.

• Container start failure handled inconsistently. #4294

• Deleting multiple VCHs fails. #7020
  Deleting multiple VCHs at the same time fails with one of the following errors:

  • vic/pkg/trace.(*Operation).Err: vic-machine-linux error: context deadline exceeded.
  • ServerFaultCode: The method is disabled by 'VIC'

  Workaround: Try the delete operation again.

• vic-machine debug --rootpw option enables SSH. #6402
  If you specify the vic-machine debug --rootpw option without also specifying --enable-ssh, SSH access to the VCH is still enabled. This behavior is incorrect and will be fixed in a future release.

• Gateway information is missing from docker inspect. #6010
  If you configured a container network on a VCH, if this network uses DHCP, and if you did not specify --container-network-gateway, the gateway is configured correctly but does not show up in the output of docker inspect commands that are run on containers on that network.

• Schema 2 image manifests not supported. #5187
  vSphere Integrated Containers Engine does not support pulling images that only have schema 2 image manifests. If an image registry offers only the schema 2 manifest for an image, pull operations fail. This is most commonly seen when pulling an image by digest.

• docker exec always returns 0 and ignores the exit code of processes. #5692
  docker exec always returns 0, even if you specify -it. This issue is potentially due to a delay in vSphere host synchronization. If you configure command-based health checks in vSphere Integrated Containers Management Portal, the health checks are always successful for containers that are provisioned on affected VCHs, even if the user-specified command does not exist in the scope of the container. This is because command-based health checks are considered to be successful if the exit code of that command is 0.

• Container VMs deleted between upgrading and rolling back an upgrade on a VCH show up in docker ps. #5754
  If you upgrade a VCH, perform vic-machine delete on container VMs, then use vic-machine upgrade --rollback to revert the VCH to the previous version, the cache information in the VCH is reverted. However, the deleted container VM cannot be reverted, so if you run docker ps, the deleted container VMs are listed.

  Workaround: Restart the VCH endpoint VM in the vSphere Client.

• docker diff does not fully work with all containers. #6059
  Running docker diff on certain containers, for example postgres, results in Error response from daemon: Server error from portlayer: Server error from portlayer: Server error from archive reader for device.

• docker info does not report secure registries. #6256
  Running docker info on a VCH reports any registries that you have whitelisted, but does not report secure registries that you specified with vic-machine create --registry-ca.

• Enabling content trust in Management Portal does not work if a VCH is in whitelist mode. #6258
  If you install a VCH with whiltelist mode enabled, attempting to a enable content trust on a vSphere Integrated Containers Registry in Management Portal does not update the whitelist, and you cannot pull from that registry.

• Publishing all exposed ports to random ports with the -P option is not supported. #3000
  vSphere Integrated Containers Engine does not support docker create/run -P.

• Occasional disconnection during vMotion. #4484
  If you are attached to a container VM that is migrated by vMotion, the SSH connection to the container VM might drop when vMotion completes.

  Workaround: Perform docker attach after the vMotion completes to reattach to the container.

• Using volume labels with docker-compose causes a plugin error. #4540
  Setting a label in a volume in the Docker compose YML file results in error looking up volume plugin : plugin not found.

  Workaround: Set the volume driver explicitly as local or vsphere in the compose file. E.g.,

  volumes:
    volume_with_label:
      driver: local
  

• vSphere Integrated Containers Management Portal cannot pull images from an insecure vSphere Integrated Containers instance when creating a container using vSphere Integrated Containers Engine. #4706
  Creating a container in vSphere Integrated Containers Management Portal with vSphere Integrated Containers Engine as the only Docker host results in the error certificate signed by unknown authority.

  Workarounds: Specify the vSphere Integrated Containers Registry port when you set the vic-machine create--insecure-registry option, or provide a CA certificate in the --registry-ca option.

• Image store is in the wrong directory if the datastore already has a directory with the same name. #3365
  If the datastore already has a directory with the same name as the VCH, and the directory does not have a VM, vic-machine creates the VCH correctly names the folder a slightly different name. Example, folder "test_1" with vch named "test". The kvstore is located in "test_1" folder correctly, but image files are still in the "test" directory.

• Deployment with static IP takes a long time. #3436
  If you deploy a VCH with a static IP, the deployment might take longer than expected, resulting in timeouts.
  Workaround: Increase the timeout for the deployment when using static IP.

• Firewall status delayed on vCenter Server. #3139
  If you update the firewall rules on an ESXi host to allow access from specific IP addresses, and if that host is managed by vCenter Server, there might be a delay before vCenter Server takes the updated firewall rule into account. In this case, vCenter Server continues to use the old configuration for an indeterminate amount of time after you have made the update. vic-machine create can successfully deploy a VCH with an address that you have blocked, or else fail when you deploy a VCH with an address that you have permitted.

  Workaround: Wait a few minutes and run vic-machine create again.

• When you pull a large sized image from Harbor into a virtual container host,...

vSphere Integrated Containers Engine Version 1.4.0 Dev

This release tagged with the dev tag for the master branch and future release version. It will also serve as the location for our pre-release software bundles.

Latest binary downloads (pre-release):

Download Information

Download link	Engine	UI
Version	v1.4.0-dev-17875-2102886	1.3.1.1085
Changes	changes vs 1.3.1	changes vs 1.3.1

Testing

• Feature, Integration and vSphere Interop testing has been performed on the pre-releases
• Minimal testing has been done with Harbor and Admiral but those products should still work with the pre-releases

Support

• Community support only, do not use VMware support paths with these pre-releases
• Submit any issues via github issues
• Any questions can be raised on the VMware Code #vic-engine slack channel. Sign up here : https://code.vmware.com/join.

Past binary downloads (pre-release):

2018-04-02

Download link	Engine	UI
Version	v1.4.0-dev-17875-2102886	1.3.1.1085
Changes	changes vs 1.3.1	changes vs 1.3.1

2018-03-19

Download link	Engine	UI
Version	v1.4.0-dev-17605-6144b31	1.3.1.1045
Changes	changes vs 1.3.1	changes vs 1.3.1

2018-02-28

Download link	Engine	UI
Version	v1.4.0-dev-16486-08edfab	v1.3.1.815
Changes	changes vs 1.3.1	changes vs 1.3.1

vSphere Integrated Containers Engine Version v1.3.1

Changes from 1.3.0

New Features

This release includes the bug fixes listed in Resolved Issues below.

Resolved Issues

The following issues that were documented as known issues in previous releases or reported by customers have been fixed in 1.3.1:

• docker run -rm deletes named image volumes #7138
  Running docker run -rm should only delete anonymous volumes. However, running docker run -rm against a vSphere Integrated Containers container VM that uses named image volumes results in the deletion of the volume and the loss of all of its data.
• Using vic-machine create --grant-ops-perms option causes VCH deployment to fail. #7054
  This issue occured when the Platform Services Controller is connected to an Active Directory identity source, and has been fixed.
• Various issues resulting from upgrade from 1.2.x to 1.3.0. #7084 (Epic) The upgrade issues included in this Epic issue all had the same root cause, which has been fixed:
  • vic-machine inspect provides too much information 7091
  • docker-personality logs are filled with INFO Got an error trying to convert public port number to an int 7117
  • docker rmi returns Error response from daemon: No such image 7118
  • docker network create returns Error response from daemon: testnet has active endpoints 7137
• Named volumes are incorrectly detected as anonymous and aredeleted when a container is removed. #7138
  This has been fixed.

See also the resolved issues sections of the release notes for each of the other vSphere Integrated Containers components:

• vSphere Integrated Containers Appliance
• vSphere Integrated Containers Plug-In for vSphere Client

There are no changes to vSphere Integrated Containers Registry or Management Portal in this release. Full list of all issues fixed in 1.3.1 for all components (requires Zenhub plug-in for Github).

Known Issues

• Failed upgrades create multiple snapshots. #7083
  If upgrade fails, the snapshot that is taken prior to the attempted upgrade is retained. Multiple attempts to upgrade can lead to multiple snapshots being created.

• Containers time out while starting with the error context deadline exceeded. #4294
  When this occurs the container VM is not powered off but is left in the Starting state, and might not have a configured network interface. Also, docker-compose and other tools that perform operations based on container state might not handle starting correctly. In the case of docker-compose it does not stop the container before trying to remove it.

• Container start failure handled inconsistently. #4294

• Docker exec following a docker restart of a node container results in unknown task ID error. #6370

• Deleting multiple VCHs fails. #7020, #6079
  Deleting multiple VCHs at the same time fails with one of the following errors:

  • vic/pkg/trace.(*Operation).Err: vic-machine-linux error: context deadline exceeded.
  • ServerFaultCode: The method is disabled by 'VIC'

  Workaround: Try the delete operation again.

• IP range error while powering on containers. #6851
  Powering on container VMs results in the error Server error from portlayer: could not find IP range.

• Docker operations fail with the NotAuthenticated or session not authenticated errors. #6673
  This issue occurs after restarting vCenter or ESXi hosts because the keepalive duration for the authentication of the session is 20 seconds and the session might not have re-authenticated yet.

  Workaround: retry the operation after a few seconds.

• vic-machine debug --rootpw option enables SSH. #6402
  If you specify the vic-machine debug --rootpw option without also specifying --enable-ssh, SSH access to the VCH is still enabled. This behavior is incorrect and will be fixed in a future release.

• Gateway information is missing from docker inspect. #6010
  If you configured a container network on a VCH, if this network uses DHCP, and if you did not specify --container-network-gateway, the gateway is configured correctly but does not show up in the output of docker inspect commands that are run on containers on that network.

• Schema 2 image manifests not supported. #5187
  vSphere Integrated Containers Engine does not support pulling images that only have schema 2 image manifests. If an image registry offers only the schema 2 manifest for an image, pull operations fail. This is most commonly seen when pulling an image by digest.

• docker exec always returns 0 and ignores the exit code of processes. #5692
  docker exec always returns 0, even if you specify -it. This issue is potentially due to a delay in vSphere host synchronization. If you configure command-based health checks in vSphere Integrated Containers Management Portal, the health checks are always successful for containers that are provisioned on affected VCHs, even if the user-specified command does not exist in the scope of the container. This is because command-based health checks are considered to be successful if the exit code of that command is 0.

• Container VMs deleted between upgrading and rolling back an upgrade on a VCH show up in docker ps. #5754
  If you upgrade a VCH, perform vic-machine delete on container VMs, then use vic-machine upgrade --rollback to revert the VCH to the previous version, the cache information in the VCH is reverted. However, the deleted container VM cannot be reverted, so if you run docker ps, the deleted container VMs are listed.

  Workaround: Restart the VCH endpoint VM in the vSphere Client.

• docker diff does not fully work with all containers. #6059
  Running docker diff on certain containers, for example postgres, results in Error response from daemon: Server error from portlayer: Server error from portlayer: Server error from archive reader for device.

• Cannot delete images using image ID after restarting VCH. #6076
  If you pull images into a VCH, then restart that VCH, running docker rmi image_ID results in Error response from daemon: No such image.

  Workaround: Delete images by using the human-readable name.

• docker info does not report secure registries. #6256
  Running docker info on a VCH reports any registries that you have whitelisted, but does not report secure registries that you specified with vic-machine create --registry-ca.

• Enabling content trust in Management Portal does not work if a VCH is in whitelist mode. #6258
  If you install a VCH with whiltelist mode enabled, attempting to a enable content trust on a vSphere Integrated Containers Registry in Management Portal does not update the whitelist, and you cannot pull from that registry.

• Publishing all exposed ports to random ports with the -P option is not supported. #3000
  vSphere Integrated Containers Engine does not support docker create/run -P.

• Occasional disconnection during vMotion. #4484
  If you are attached to a container VM that is migrated by vMotion, the SSH connection to the container VM might drop when vMotion completes.

  Workaround: Perform docker attach after the vMotion completes to reattach to the container.

• Using volume labels with docker-compose causes a plugin error. #4540
  Setting a label in a volume in the Docker compose YML file results in error looking up volume plugin : plugin not found.

  Workaround: Set the volume driver explicitly as local or vsphere in the compose file. E.g.,

  volumes:
    volume_with_label:
      driver: local
  

• vSphere Integrated Containers Management Portal cannot pull images from an insecure vSphere Integrated Containers instance when creating a container using vSphere Integrated Containers Engine. #4706
  Creating a container in vSphere Integrated Containers Management Portal with vSphere Integrated Containers Engine as the only Docker ...

vSphere Integrated Containers Engine Version v1.3.1-rc2

No Changes from rc1. Tag is to pick up vic-ui rc2 for inclusion in vic-product rc3