vSphere Integrated Containers Engine is a container runtime for vSphere.
Official vSphere Integrated Containers release: http://www.vmware.com/go/download-vic
Open-source vSphere Integrated Containers Engine project: https://github.com/vmware/vic/archive/v1.5.8.zip
For more details on using vSphere Integrated Containers see the end user documentation at https://vmware.github.io/vic-product/#documentation.
vSphere Integrated Containers 1.5.8 resolves an issue in which when vCenter Server is inaccessible, for example due to upgrade or backup and restore operations, and container creation or deletion operations are in progress, vSphere Integrated Containers cannot find those containers, and reports No such container errors in the log.
The following issues that were documented as known issues in previous releases or reported by customers have been fixed in v1.5.8:
Full list of changes from 1.5.7.
See also the resolved issues for each of the other vSphere Integrated Containers components:
vSphere Integrated Containers 1.5.8 has the same known issues as v1.5.7.
docker exec
should use working directory of container image by default . #8166docker exec
was updated to use the container image working directory as part of the shift to containerd
. vSphere Integrated Containers does not yet implement the exec -w
option, so does not behave consistently with Docker.
Workaround: Use the same approach as was necessary before Docker changed the behavior:
sh -c "cd /desired/dir && command-to-run
Attempts to change operations user permissions with vic-machine configure
do not roll back in the event of a failure. #7814
Changes to the operations user that are made during a failed vic-machine configure
operation persist even after a rollback.
Workaround: In the vSphere Client, go to Administration -> Roles and delete every role that begins with vch
. WARNING: Only perform this workaround if there are no other VCHs running in vCenter Server that are configured with an operations user, as this removes the roles for all VCHs that are running in that vCenter Server instance.
Deleting multiple VCHs fails. #7020
Deleting multiple VCHs at the same time fails with one of the following errors:
vic/pkg/trace.(*Operation).Err: vic-machine-linux error: context deadline exceeded
.ServerFaultCode: The method is disabled by 'VIC'
Workaround: Try the delete operation again.
vic-machine debug --rootpw
option enables SSH. #6402
If you specify the vic-machine debug --rootpw
option without also specifying --enable-ssh
, SSH access to the VCH is still enabled. This behavior is incorrect and will be fixed in a future release.
Schema 2 image manifests not supported. #5187
vSphere Integrated Containers Engine does not support pulling images that only have schema 2 image manifests. If an image registry offers only the schema 2 manifest for an image, pull
operations fail. This is most commonly seen when pulling an image by digest.
Container VMs deleted between upgrading and rolling back an upgrade on a VCH show up in docker ps
. #5754
If you upgrade a VCH, perform vic-machine delete
on container VMs, then use vic-machine upgrade --rollback
to revert the VCH to the previous version, the cache information in the VCH is reverted. However, the deleted container VM cannot be reverted, so if you run docker ps
, the deleted container VMs are listed.
Workaround: Restart the VCH endpoint VM in the vSphere Client.
docker diff
does not fully work with all containers. #6059
Running docker diff
on certain containers, for example postgres
, results in Error response from daemon: Server error from portlayer: Server error from portlayer: Server error from archive reader for device
.
docker info
does not report secure registries. #6256
Running docker info
on a VCH reports any registries that you have whitelisted, but does not report secure registries that you specified with vic-machine create --registry-ca
.
Enabling content trust in Management Portal does not work if a VCH is in whitelist mode. #6258
If you install a VCH with whiltelist mode enabled, attempting to a enable content trust on a vSphere Integrated Containers Registry in Management Portal does not update the whitelist, and you cannot pull from that registry.
Occasional disconnection during vMotion. #4484
If you are attached to a container VM that is migrated by vMotion, the SSH connection to the container VM might drop when vMotion completes.
Workaround: Perform docker attach
after the vMotion completes to reattach to the container.
Using volume labels with docker-compose
causes a plugin error. #4540
Setting a label in a volume in the Docker compose YML file results in error looking up volume plugin : plugin not found
.
Workaround: Set the volume driver explicitly as local
or vsphere
in the compose file. E.g.,
volumes:
volume_with_label:
driver: local
vSphere Integrated Containers Management Portal cannot pull images from an insecure vSphere Integrated Containers instance when creating a container using vSphere Integrated Containers Engine. #4706
Creating a container in vSphere Integrated Containers Management Portal with vSphere Integrated Containers Engine as the only Docker host results in the error certificate signed by unknown authority
.
Workarounds: Specify the vSphere Integrated Containers Registry port when you set the vic-machine create--insecure-registry
option, or provide a CA certificate in the --registry-ca
option.
Image store is in the wrong directory if the datastore already has a directory with the same name. #3365
If the datastore already has a directory with the same name as the VCH, and the directory does not have a VM, vic-machine creates the VCH correctly names the folder a slightly different name. Example, folder "test_1" with vch named "test". The kvstore is located in "test_1" folder correctly, but image files are still in the "test" directory.
Deployment with static IP takes a long time. #3436
If you deploy a VCH with a static IP, the deployment might take longer than expected, resulting in timeouts.
Workaround: Increase the timeout for the deployment when using static IP.
Firewall status delayed on vCenter Server. #3139
If you update the firewall rules on an ESXi host to allow access from specific IP addresses, and if that host is managed by vCenter Server, there might be a delay before vCenter Server takes the updated firewall rule into account. In this case, vCenter Server continues to use the old configuration for an indeterminate amount of time after you have made the update. vic-machine create
can successfully deploy a VCH with an address that you have blocked, or else fail when you deploy a VCH with an address that you have permitted.
Workaround: Wait a few minutes and run vic-machine create
again.
--endpoint-memory=4096
which increases the appliance memory configuration.docker pull
results an "already exists" error #1409See also the known issues for each of the vSphere Integrated Containers components:
The copyright statements and licenses applicable to the open source software components distributed in vSphere Integrated Containers Engine are available in the LICENSE file.
Official vSphere Integrated Containers release: http://www.vmware.com/go/download-vic
Open-source vSphere Integrated Containers Engine project: https://github.com/vmware/vic/archive/v1.5.7.zip
For more details on using vSphere Integrated Containers see the end user documentation at https://vmware.github.io/vic-product/#documentation.
vSphere Integrated Containers 1.5.7 includes the following new features:
vSphere Integrated Containers Engine 1.5.7 includes the bug fixes listed in Resolved Issues below.
The following issues that were documented as known issues in previous releases or reported by customers have been fixed in v1.5.7:
Full list of changes from 1.5.6.
See also the resolved issues for each of the other vSphere Integrated Containers components:
vSphere Integrated Containers 1.5.7 has the same known issues as v1.5.6.
docker exec
should use working directory of container image by default . #8166docker exec
was updated to use the container image working directory as part of the shift to containerd
. vSphere Integrated Containers does not yet implement the exec -w
option, so does not behave consistently with Docker.
Workaround: Use the same approach as was necessary before Docker changed the behavior:
sh -c "cd /desired/dir && command-to-run
Attempts to change operations user permissions with vic-machine configure
do not roll back in the event of a failure. #7814
Changes to the operations user that are made during a failed vic-machine configure
operation persist even after a rollback.
Workaround: In the vSphere Client, go to Administration -> Roles and delete every role that begins with vch
. WARNING: Only perform this workaround if there are no other VCHs running in vCenter Server that are configured with an operations user, as this removes the roles for all VCHs that are running in that vCenter Server instance.
Deleting multiple VCHs fails. #7020
Deleting multiple VCHs at the same time fails with one of the following errors:
vic/pkg/trace.(*Operation).Err: vic-machine-linux error: context deadline exceeded
.ServerFaultCode: The method is disabled by 'VIC'
Workaround: Try the delete operation again.
vic-machine debug --rootpw
option enables SSH. #6402
If you specify the vic-machine debug --rootpw
option without also specifying --enable-ssh
, SSH access to the VCH is still enabled. This behavior is incorrect and will be fixed in a future release.
Schema 2 image manifests not supported. #5187
vSphere Integrated Containers Engine does not support pulling images that only have schema 2 image manifests. If an image registry offers only the schema 2 manifest for an image, pull
operations fail. This is most commonly seen when pulling an image by digest.
Container VMs deleted between upgrading and rolling back an upgrade on a VCH show up in docker ps
. #5754
If you upgrade a VCH, perform vic-machine delete
on container VMs, then use vic-machine upgrade --rollback
to revert the VCH to the previous version, the cache information in the VCH is reverted. However, the deleted container VM cannot be reverted, so if you run docker ps
, the deleted container VMs are listed.
Workaround: Restart the VCH endpoint VM in the vSphere Client.
docker diff
does not fully work with all containers. #6059
Running docker diff
on certain containers, for example postgres
, results in Error response from daemon: Server error from portlayer: Server error from portlayer: Server error from archive reader for device
.
docker info
does not report secure registries. #6256
Running docker info
on a VCH reports any registries that you have whitelisted, but does not report secure registries that you specified with vic-machine create --registry-ca
.
Enabling content trust in Management Portal does not work if a VCH is in whitelist mode. #6258
If you install a VCH with whiltelist mode enabled, attempting to a enable content trust on a vSphere Integrated Containers Registry in Management Portal does not update the whitelist, and you cannot pull from that registry.
Occasional disconnection during vMotion. #4484
If you are attached to a container VM that is migrated by vMotion, the SSH connection to the container VM might drop when vMotion completes.
Workaround: Perform docker attach
after the vMotion completes to reattach to the container.
Using volume labels with docker-compose
causes a plugin error. #4540
Setting a label in a volume in the Docker compose YML file results in error looking up volume plugin : plugin not found
.
Workaround: Set the volume driver explicitly as local
or vsphere
in the compose file. E.g.,
volumes:
volume_with_label:
driver: local
vSphere Integrated Containers Management Portal cannot pull images from an insecure vSphere Integrated Containers instance when creating a container using vSphere Integrated Containers Engine. #4706
Creating a container in vSphere Integrated Containers Management Portal with vSphere Integrated Containers Engine as the only Docker host results in the error certificate signed by unknown authority
.
Workarounds: Specify the vSphere Integrated Containers Registry port when you set the vic-machine create--insecure-registry
option, or provide a CA certificate in the --registry-ca
option.
Image store is in the wrong directory if the datastore already has a directory with the same name. #3365
If the datastore already has a directory with the same name as the VCH, and the directory does not have a VM, vic-machine creates the VCH correctly names the folder a slightly different name. Example, folder "test_1" with vch named "test". The kvstore is located in "test_1" folder correctly, but image files are still in the "test" directory.
Deployment with static IP takes a long time. #3436
If you deploy a VCH with a static IP, the deployment might take longer than expected, resulting in timeouts.
Workaround: Increase the timeout for the deployment when using static IP.
Firewall status delayed on vCenter Server. #3139
If you update the firewall rules on an ESXi host to allow access from specific IP addresses, and if that host is managed by vCenter Server, there might be a delay before vCenter Server takes the updated firewall rule into account. In this case, vCenter Server continues to use the old configuration for an indeterminate amount of time after you have made the update. vic-machine create
can successfully deploy a VCH with an address that you have blocked, or else fail when you deploy a VCH with an address that you have permitted.
Workaround: Wait a few minutes and run vic-machine create
again.
--endpoint-memory=4096
which increases the appliance memory configuration.docker pull
results an "already exists" error #1409See also the known issues for each of the vSphere Integrated Containers components:
The copyright statements and licenses applicable to the open source software components distributed in vSphere Integrated Containers Engine are available in the LICENSE file.
Official vSphere Integrated Containers release: http://www.vmware.com/go/download-vic
Open-source vSphere Integrated Containers Engine project: https://github.com/vmware/vic/archive/v1.5.6.zip
For more details on using vSphere Integrated Containers see the end user documentation at https://vmware.github.io/vic-product/#documentation.
vSphere Integrated Containers 1.5.6 includes the following new features:
vSphere Integrated Containers Engine 1.5.6 includes the bug fixes listed in Resolved Issues below.
The following issues that were documented as known issues in previous releases or reported by customers have been fixed in v1.5.6:
docker-compose up -d
fails when network already exists. #6405
Full list of changes from 1.5.5.
See also the resolved issues for each of the other vSphere Integrated Containers components:
vSphere Integrated Containers 1.5.6 has the same known issues as v1.5.5.
docker exec
should use working directory of container image by default . #8166docker exec
was updated to use the container image working directory as part of the shift to containerd
. vSphere Integrated Containers does not yet implement the exec -w
option, so does not behave consistently with Docker.
Workaround: Use the same approach as was necessary before Docker changed the behavior:
sh -c "cd /desired/dir && command-to-run
Attempts to change operations user permissions with vic-machine configure
do not roll back in the event of a failure. #7814
Changes to the operations user that are made during a failed vic-machine configure
operation persist even after a rollback.
Workaround: In the vSphere Client, go to Administration -> Roles and delete every role that begins with vch
. WARNING: Only perform this workaround if there are no other VCHs running in vCenter Server that are configured with an operations user, as this removes the roles for all VCHs that are running in that vCenter Server instance.
Deleting multiple VCHs fails. #7020
Deleting multiple VCHs at the same time fails with one of the following errors:
vic/pkg/trace.(*Operation).Err: vic-machine-linux error: context deadline exceeded
.ServerFaultCode: The method is disabled by 'VIC'
Workaround: Try the delete operation again.
vic-machine debug --rootpw
option enables SSH. #6402
If you specify the vic-machine debug --rootpw
option without also specifying --enable-ssh
, SSH access to the VCH is still enabled. This behavior is incorrect and will be fixed in a future release.
Schema 2 image manifests not supported. #5187
vSphere Integrated Containers Engine does not support pulling images that only have schema 2 image manifests. If an image registry offers only the schema 2 manifest for an image, pull
operations fail. This is most commonly seen when pulling an image by digest.
Container VMs deleted between upgrading and rolling back an upgrade on a VCH show up in docker ps
. #5754
If you upgrade a VCH, perform vic-machine delete
on container VMs, then use vic-machine upgrade --rollback
to revert the VCH to the previous version, the cache information in the VCH is reverted. However, the deleted container VM cannot be reverted, so if you run docker ps
, the deleted container VMs are listed.
Workaround: Restart the VCH endpoint VM in the vSphere Client.
docker diff
does not fully work with all containers. #6059
Running docker diff
on certain containers, for example postgres
, results in Error response from daemon: Server error from portlayer: Server error from portlayer: Server error from archive reader for device
.
docker info
does not report secure registries. #6256
Running docker info
on a VCH reports any registries that you have whitelisted, but does not report secure registries that you specified with vic-machine create --registry-ca
.
Enabling content trust in Management Portal does not work if a VCH is in whitelist mode. #6258
If you install a VCH with whiltelist mode enabled, attempting to a enable content trust on a vSphere Integrated Containers Registry in Management Portal does not update the whitelist, and you cannot pull from that registry.
Occasional disconnection during vMotion. #4484
If you are attached to a container VM that is migrated by vMotion, the SSH connection to the container VM might drop when vMotion completes.
Workaround: Perform docker attach
after the vMotion completes to reattach to the container.
Using volume labels with docker-compose
causes a plugin error. #4540
Setting a label in a volume in the Docker compose YML file results in error looking up volume plugin : plugin not found
.
Workaround: Set the volume driver explicitly as local
or vsphere
in the compose file. E.g.,
volumes:
volume_with_label:
driver: local
vSphere Integrated Containers Management Portal cannot pull images from an insecure vSphere Integrated Containers instance when creating a container using vSphere Integrated Containers Engine. #4706
Creating a container in vSphere Integrated Containers Management Portal with vSphere Integrated Containers Engine as the only Docker host results in the error certificate signed by unknown authority
.
Workarounds: Specify the vSphere Integrated Containers Registry port when you set the vic-machine create--insecure-registry
option, or provide a CA certificate in the --registry-ca
option.
Image store is in the wrong directory if the datastore already has a directory with the same name. #3365
If the datastore already has a directory with the same name as the VCH, and the directory does not have a VM, vic-machine creates the VCH correctly names the folder a slightly different name. Example, folder "test_1" with vch named "test". The kvstore is located in "test_1" folder correctly, but image files are still in the "test" directory.
Deployment with static IP takes a long time. #3436
If you deploy a VCH with a static IP, the deployment might take longer than expected, resulting in timeouts.
Workaround: Increase the timeout for the deployment when using static IP.
Firewall status delayed on vCenter Server. #3139
If you update the firewall rules on an ESXi host to allow access from specific IP addresses, and if that host is managed by vCenter Server, there might be a delay before vCenter Server takes the updated firewall rule into account. In this case, vCenter Server continues to use the old configuration for an indeterminate amount of time after you have made the update. vic-machine create
can successfully deploy a VCH with an address that you have blocked, or else fail when you deploy a VCH with an address that you have permitted.
Workaround: Wait a few minutes and run vic-machine create
again.
--endpoint-memory=4096
which increases the appliance memory configuration.docker pull
results an "already exists" error #1409See also the known issues for each of the vSphere Integrated Containers components:
The copyright statements and licenses applicable to the open source software components distributed in vSphere Integrated Containers Engine are available in the LICENSE file.
Official vSphere Integrated Containers release: http://www.vmware.com/go/download-vic
Open-source vSphere Integrated Containers Engine project: https://github.com/vmware/vic/archive/v1.5.5.zip
For more details on using vSphere Integrated Containers see the end user documentation at https://vmware.github.io/vic-product/#documentation.
vSphere Integrated Containers Engine 1.5.5 includes support for vCenter Server version 7.0.
vSphere Integrated Containers Engine 1.5.5 includes the bug fixes listed in Resolved Issues below.
The following issues that were documented as known issues in previous releases or reported by customers have been fixed in v1.5.5:
docker-compose up -d
fails when network already exists. #6405
Full list of changes from 1.5.4.
See also the resolved issues for each of the other vSphere Integrated Containers components:
vSphere Integrated Containers 1.5.5 has the same known issues as v1.5.4.
docker exec
should use working directory of container image by default . #8166docker exec
was updated to use the container image working directory as part of the shift to containerd
. vSphere Integrated Containers does not yet implement the exec -w
option, so does not behave consistently with Docker.
Workaround: Use the same approach as was necessary before Docker changed the behavior:
sh -c "cd /desired/dir && command-to-run
Attempts to change operations user permissions with vic-machine configure
do not roll back in the event of a failure. #7814
Changes to the operations user that are made during a failed vic-machine configure
operation persist even after a rollback.
Workaround: In the vSphere Client, go to Administration -> Roles and delete every role that begins with vch
. WARNING: Only perform this workaround if there are no other VCHs running in vCenter Server that are configured with an operations user, as this removes the roles for all VCHs that are running in that vCenter Server instance.
Deleting multiple VCHs fails. #7020
Deleting multiple VCHs at the same time fails with one of the following errors:
vic/pkg/trace.(*Operation).Err: vic-machine-linux error: context deadline exceeded
.ServerFaultCode: The method is disabled by 'VIC'
Workaround: Try the delete operation again.
vic-machine debug --rootpw
option enables SSH. #6402
If you specify the vic-machine debug --rootpw
option without also specifying --enable-ssh
, SSH access to the VCH is still enabled. This behavior is incorrect and will be fixed in a future release.
Schema 2 image manifests not supported. #5187
vSphere Integrated Containers Engine does not support pulling images that only have schema 2 image manifests. If an image registry offers only the schema 2 manifest for an image, pull
operations fail. This is most commonly seen when pulling an image by digest.
Container VMs deleted between upgrading and rolling back an upgrade on a VCH show up in docker ps
. #5754
If you upgrade a VCH, perform vic-machine delete
on container VMs, then use vic-machine upgrade --rollback
to revert the VCH to the previous version, the cache information in the VCH is reverted. However, the deleted container VM cannot be reverted, so if you run docker ps
, the deleted container VMs are listed.
Workaround: Restart the VCH endpoint VM in the vSphere Client.
docker diff
does not fully work with all containers. #6059
Running docker diff
on certain containers, for example postgres
, results in Error response from daemon: Server error from portlayer: Server error from portlayer: Server error from archive reader for device
.
docker info
does not report secure registries. #6256
Running docker info
on a VCH reports any registries that you have whitelisted, but does not report secure registries that you specified with vic-machine create --registry-ca
.
Enabling content trust in Management Portal does not work if a VCH is in whitelist mode. #6258
If you install a VCH with whiltelist mode enabled, attempting to a enable content trust on a vSphere Integrated Containers Registry in Management Portal does not update the whitelist, and you cannot pull from that registry.
Occasional disconnection during vMotion. #4484
If you are attached to a container VM that is migrated by vMotion, the SSH connection to the container VM might drop when vMotion completes.
Workaround: Perform docker attach
after the vMotion completes to reattach to the container.
Using volume labels with docker-compose
causes a plugin error. #4540
Setting a label in a volume in the Docker compose YML file results in error looking up volume plugin : plugin not found
.
Workaround: Set the volume driver explicitly as local
or vsphere
in the compose file. E.g.,
volumes:
volume_with_label:
driver: local
vSphere Integrated Containers Management Portal cannot pull images from an insecure vSphere Integrated Containers instance when creating a container using vSphere Integrated Containers Engine. #4706
Creating a container in vSphere Integrated Containers Management Portal with vSphere Integrated Containers Engine as the only Docker host results in the error certificate signed by unknown authority
.
Workarounds: Specify the vSphere Integrated Containers Registry port when you set the vic-machine create--insecure-registry
option, or provide a CA certificate in the --registry-ca
option.
Image store is in the wrong directory if the datastore already has a directory with the same name. #3365
If the datastore already has a directory with the same name as the VCH, and the directory does not have a VM, vic-machine creates the VCH correctly names the folder a slightly different name. Example, folder "test_1" with vch named "test". The kvstore is located in "test_1" folder correctly, but image files are still in the "test" directory.
Deployment with static IP takes a long time. #3436
If you deploy a VCH with a static IP, the deployment might take longer than expected, resulting in timeouts.
Workaround: Increase the timeout for the deployment when using static IP.
Firewall status delayed on vCenter Server. #3139
If you update the firewall rules on an ESXi host to allow access from specific IP addresses, and if that host is managed by vCenter Server, there might be a delay before vCenter Server takes the updated firewall rule into account. In this case, vCenter Server continues to use the old configuration for an indeterminate amount of time after you have made the update. vic-machine create
can successfully deploy a VCH with an address that you have blocked, or else fail when you deploy a VCH with an address that you have permitted.
Workaround: Wait a few minutes and run vic-machine create
again.
--endpoint-memory=4096
which increases the appliance memory configuration.docker pull
results an "already exists" error #1409See also the known issues for each of the vSphere Integrated Containers components:
The copyright statements and licenses applicable to the open source software components distributed in vSphere Integrated Containers Engine are available in the LICENSE file.
Official vSphere Integrated Containers release: http://www.vmware.com/go/download-vic
Open-source vSphere Integrated Containers Engine project: https://github.com/vmware/vic/archive/v1.5.4.zip
For more details on using vSphere Integrated Containers see the end user documentation at https://vmware.github.io/vic-product/#documentation.
vSphere Integrated Containers Engine 1.5.4 includes support for vCenter Server version 6.7 update 3.
vSphere Integrated Containers Engine 1.5.4 includes the bug fixes listed in Resolved Issues below.
The following issues that were documented as known issues in previous releases or reported by customers have been fixed in v1.5.4:
docker-compose up -d
fails when network already exists. #6405
Full list of changes from 1.5.3.
See also the resolved issues for each of the other vSphere Integrated Containers components:
vSphere Integrated Containers 1.5.4 has the same known issues as v1.5.3.
docker exec
should use working directory of container image by default . #8166docker exec
was updated to use the container image working directory as part of the shift to containerd
. vSphere Integrated Containers does not yet implement the exec -w
option, so does not behave consistently with Docker.
Workaround: Use the same approach as was necessary before Docker changed the behavior:
sh -c "cd /desired/dir && command-to-run
Attempts to change operations user permissions with vic-machine configure
do not roll back in the event of a failure. #7814
Changes to the operations user that are made during a failed vic-machine configure
operation persist even after a rollback.
Workaround: In the vSphere Client, go to Administration -> Roles and delete every role that begins with vch
. WARNING: Only perform this workaround if there are no other VCHs running in vCenter Server that are configured with an operations user, as this removes the roles for all VCHs that are running in that vCenter Server instance.
Deleting multiple VCHs fails. #7020
Deleting multiple VCHs at the same time fails with one of the following errors:
vic/pkg/trace.(*Operation).Err: vic-machine-linux error: context deadline exceeded
.ServerFaultCode: The method is disabled by 'VIC'
Workaround: Try the delete operation again.
vic-machine debug --rootpw
option enables SSH. #6402
If you specify the vic-machine debug --rootpw
option without also specifying --enable-ssh
, SSH access to the VCH is still enabled. This behavior is incorrect and will be fixed in a future release.
Schema 2 image manifests not supported. #5187
vSphere Integrated Containers Engine does not support pulling images that only have schema 2 image manifests. If an image registry offers only the schema 2 manifest for an image, pull
operations fail. This is most commonly seen when pulling an image by digest.
Container VMs deleted between upgrading and rolling back an upgrade on a VCH show up in docker ps
. #5754
If you upgrade a VCH, perform vic-machine delete
on container VMs, then use vic-machine upgrade --rollback
to revert the VCH to the previous version, the cache information in the VCH is reverted. However, the deleted container VM cannot be reverted, so if you run docker ps
, the deleted container VMs are listed.
Workaround: Restart the VCH endpoint VM in the vSphere Client.
docker diff
does not fully work with all containers. #6059
Running docker diff
on certain containers, for example postgres
, results in Error response from daemon: Server error from portlayer: Server error from portlayer: Server error from archive reader for device
.
docker info
does not report secure registries. #6256
Running docker info
on a VCH reports any registries that you have whitelisted, but does not report secure registries that you specified with vic-machine create --registry-ca
.
Enabling content trust in Management Portal does not work if a VCH is in whitelist mode. #6258
If you install a VCH with whiltelist mode enabled, attempting to a enable content trust on a vSphere Integrated Containers Registry in Management Portal does not update the whitelist, and you cannot pull from that registry.
Occasional disconnection during vMotion. #4484
If you are attached to a container VM that is migrated by vMotion, the SSH connection to the container VM might drop when vMotion completes.
Workaround: Perform docker attach
after the vMotion completes to reattach to the container.
Using volume labels with docker-compose
causes a plugin error. #4540
Setting a label in a volume in the Docker compose YML file results in error looking up volume plugin : plugin not found
.
Workaround: Set the volume driver explicitly as local
or vsphere
in the compose file. E.g.,
volumes:
volume_with_label:
driver: local
vSphere Integrated Containers Management Portal cannot pull images from an insecure vSphere Integrated Containers instance when creating a container using vSphere Integrated Containers Engine. #4706
Creating a container in vSphere Integrated Containers Management Portal with vSphere Integrated Containers Engine as the only Docker host results in the error certificate signed by unknown authority
.
Workarounds: Specify the vSphere Integrated Containers Registry port when you set the vic-machine create--insecure-registry
option, or provide a CA certificate in the --registry-ca
option.
Image store is in the wrong directory if the datastore already has a directory with the same name. #3365
If the datastore already has a directory with the same name as the VCH, and the directory does not have a VM, vic-machine creates the VCH correctly names the folder a slightly different name. Example, folder "test_1" with vch named "test". The kvstore is located in "test_1" folder correctly, but image files are still in the "test" directory.
Deployment with static IP takes a long time. #3436
If you deploy a VCH with a static IP, the deployment might take longer than expected, resulting in timeouts.
Workaround: Increase the timeout for the deployment when using static IP.
Firewall status delayed on vCenter Server. #3139
If you update the firewall rules on an ESXi host to allow access from specific IP addresses, and if that host is managed by vCenter Server, there might be a delay before vCenter Server takes the updated firewall rule into account. In this case, vCenter Server continues to use the old configuration for an indeterminate amount of time after you have made the update. vic-machine create
can successfully deploy a VCH with an address that you have blocked, or else fail when you deploy a VCH with an address that you have permitted.
Workaround: Wait a few minutes and run vic-machine create
again.
--endpoint-memory=4096
which increases the appliance memory configuration.docker pull
results an "already exists" error #1409See also the known issues for each of the vSphere Integrated Containers components:
The copyright statements and licenses applicable to the open source software components distributed in vSphere Integrated Containers Engine are available in the LICENSE file.
Official vSphere Integrated Containers release: http://www.vmware.com/go/download-vic
Open-source vSphere Integrated Containers Engine project: https://storage.googleapis.com/vic-engine-releases/vic_v1.5.3.tar.gz
For more details on using vSphere Integrated Containers see the end user documentation at https://vmware.github.io/vic-product/#documentation.
vSphere Integrated Containers Engine 1.5.3 includes the following new features:
ca.pem
file in the vic-machine configure
command. Read more.--registry-ca
option of the the vic-machine configure
command replaces certificates instead of just adding them. Read more.vSphere Integrated Containers Engine 1.5.3 includes the bug fixes listed in Resolved Issues below.
The following issues that were documented as known issues in previous releases or reported by customers have been fixed in v1.5.3:
Full list of changes from 1.5.2.
See also the resolved issues for each of the other vSphere Integrated Containers components:
vSphere Integrated Containers 1.5.3 has the same known issues as v1.5.2.
docker exec
should use working directory of container image by default . #8166docker exec
was updated to use the container image working directory as part of the shift to containerd
. vSphere Integrated Containers does not yet implement the exec -w
option, so does not behave consistently with Docker.
Workaround: Use the same approach as was necessary before Docker changed the behavior:
sh -c "cd /desired/dir && command-to-run
Attempts to change operations user permissions with vic-machine configure
do not roll back in the event of a failure. #7814
Changes to the operations user that are made during a failed vic-machine configure
operation persist even after a rollback.
Workaround: In the vSphere Client, go to Administration -> Roles and delete every role that begins with vch
. WARNING: Only perform this workaround if there are no other VCHs running in vCenter Server that are configured with an operations user, as this removes the roles for all VCHs that are running in that vCenter Server instance.
Deleting multiple VCHs fails. #7020
Deleting multiple VCHs at the same time fails with one of the following errors:
vic/pkg/trace.(*Operation).Err: vic-machine-linux error: context deadline exceeded
.ServerFaultCode: The method is disabled by 'VIC'
Workaround: Try the delete operation again.
vic-machine debug --rootpw
option enables SSH. #6402
If you specify the vic-machine debug --rootpw
option without also specifying --enable-ssh
, SSH access to the VCH is still enabled. This behavior is incorrect and will be fixed in a future release.
Schema 2 image manifests not supported. #5187
vSphere Integrated Containers Engine does not support pulling images that only have schema 2 image manifests. If an image registry offers only the schema 2 manifest for an image, pull
operations fail. This is most commonly seen when pulling an image by digest.
Container VMs deleted between upgrading and rolling back an upgrade on a VCH show up in docker ps
. #5754
If you upgrade a VCH, perform vic-machine delete
on container VMs, then use vic-machine upgrade --rollback
to revert the VCH to the previous version, the cache information in the VCH is reverted. However, the deleted container VM cannot be reverted, so if you run docker ps
, the deleted container VMs are listed.
Workaround: Restart the VCH endpoint VM in the vSphere Client.
docker diff
does not fully work with all containers. #6059
Running docker diff
on certain containers, for example postgres
, results in Error response from daemon: Server error from portlayer: Server error from portlayer: Server error from archive reader for device
.
docker info
does not report secure registries. #6256
Running docker info
on a VCH reports any registries that you have whitelisted, but does not report secure registries that you specified with vic-machine create --registry-ca
.
Enabling content trust in Management Portal does not work if a VCH is in whitelist mode. #6258
If you install a VCH with whiltelist mode enabled, attempting to a enable content trust on a vSphere Integrated Containers Registry in Management Portal does not update the whitelist, and you cannot pull from that registry.
Occasional disconnection during vMotion. #4484
If you are attached to a container VM that is migrated by vMotion, the SSH connection to the container VM might drop when vMotion completes.
Workaround: Perform docker attach
after the vMotion completes to reattach to the container.
Using volume labels with docker-compose
causes a plugin error. #4540
Setting a label in a volume in the Docker compose YML file results in error looking up volume plugin : plugin not found
.
Workaround: Set the volume driver explicitly as local
or vsphere
in the compose file. E.g.,
volumes:
volume_with_label:
driver: local
vSphere Integrated Containers Management Portal cannot pull images from an insecure vSphere Integrated Containers instance when creating a container using vSphere Integrated Containers Engine. #4706
Creating a container in vSphere Integrated Containers Management Portal with vSphere Integrated Containers Engine as the only Docker host results in the error certificate signed by unknown authority
.
Workarounds: Specify the vSphere Integrated Containers Registry port when you set the vic-machine create--insecure-registry
option, or provide a CA certificate in the --registry-ca
option.
Image store is in the wrong directory if the datastore already has a directory with the same name. #3365
If the datastore already has a directory with the same name as the VCH, and the directory does not have a VM, vic-machine creates the VCH correctly names the folder a slightly different name. Example, folder "test_1" with vch named "test". The kvstore is located in "test_1" folder correctly, but image files are still in the "test" directory.
Deployment with static IP takes a long time. #3436
If you deploy a VCH with a static IP, the deployment might take longer than expected, resulting in timeouts.
Workaround: Increase the timeout for the deployment when using static IP.
Firewall status delayed on vCenter Server. #3139
If you update the firewall rules on an ESXi host to allow access from specific IP addresses, and if that host is managed by vCenter Server, there might be a delay before vCenter Server takes the updated firewall rule into account. In this case, vCenter Server continues to use the old configuration for an indeterminate amount of time after you have made the update. vic-machine create
can successfully deploy a VCH with an address that you have blocked, or else fail when you deploy a VCH with an address that you have permitted.
Workaround: Wait a few minutes and run vic-machine create
again.
--endpoint-memory=4096
which increases the appliance memory configuration.docker pull
results an "already exists" error #1409See also the known issues for each of the vSphere Integrated Containers components:
The copyright statements and licenses applicable to the open source software components distributed in vSphere Integrated Containers Engine are available in the LICENSE file.
For more details on using vSphere Integrated Containers see the end user documentation at https://vmware.github.io/vic-product/#documentation.
Full list of changes from 1.5.0.
vSphere Integrated Containers Engine 1.5.2 includes the following new features:
vSphere Integrated Containers Engine 1.5.2 includes the bug fixes listed in Resolved Issues below.
The following issues that were documented as known issues in previous releases or reported by customers have been fixed in v1.5.2:
context deadline exceeded
. #4294Starting
state, and might not have a configured network interface. Also, docker-compose
and other tools that perform operations based on container state might not handle starting correctly. In the case of docker-compose
it does not stop the container before trying to remove it.See also the resolved issues for each of the other vSphere Integrated Containers components:
With the exception of issues resolved above, v1.5.2 has the same known issues as v1.4.3.
docker exec
should use working directory of container image by default . #8166docker exec
was updated to use the container image working directory as part of the shift to containerd
. vSphere Integrated Containers does not yet implement the exec -w
option, so does not behave consistently with Docker.
Workaround: Use the same approach as was necessary before Docker changed the behavior:
sh -c "cd /desired/dir && command-to-run
Attempts to change operations user permissions with vic-machine configure
do not roll back in the event of a failure. #7814
Changes to the operations user that are made during a failed vic-machine configure
operation persist even after a rollback.
Workaround: In the vSphere Client, go to Administration -> Roles and delete every role that begins with vch
. WARNING: Only perform this workaround if there are no other VCHs running in vCenter Server that are configured with an operations user, as this removes the roles for all VCHs that are running in that vCenter Server instance.
Deleting multiple VCHs fails. #7020
Deleting multiple VCHs at the same time fails with one of the following errors:
vic/pkg/trace.(*Operation).Err: vic-machine-linux error: context deadline exceeded
.ServerFaultCode: The method is disabled by 'VIC'
Workaround: Try the delete operation again.
vic-machine debug --rootpw
option enables SSH. #6402
If you specify the vic-machine debug --rootpw
option without also specifying --enable-ssh
, SSH access to the VCH is still enabled. This behavior is incorrect and will be fixed in a future release.
Schema 2 image manifests not supported. #5187
vSphere Integrated Containers Engine does not support pulling images that only have schema 2 image manifests. If an image registry offers only the schema 2 manifest for an image, pull
operations fail. This is most commonly seen when pulling an image by digest.
Container VMs deleted between upgrading and rolling back an upgrade on a VCH show up in docker ps
. #5754
If you upgrade a VCH, perform vic-machine delete
on container VMs, then use vic-machine upgrade --rollback
to revert the VCH to the previous version, the cache information in the VCH is reverted. However, the deleted container VM cannot be reverted, so if you run docker ps
, the deleted container VMs are listed.
Workaround: Restart the VCH endpoint VM in the vSphere Client.
docker diff
does not fully work with all containers. #6059
Running docker diff
on certain containers, for example postgres
, results in Error response from daemon: Server error from portlayer: Server error from portlayer: Server error from archive reader for device
.
docker info
does not report secure registries. #6256
Running docker info
on a VCH reports any registries that you have whitelisted, but does not report secure registries that you specified with vic-machine create --registry-ca
.
Enabling content trust in Management Portal does not work if a VCH is in whitelist mode. #6258
If you install a VCH with whiltelist mode enabled, attempting to a enable content trust on a vSphere Integrated Containers Registry in Management Portal does not update the whitelist, and you cannot pull from that registry.
Occasional disconnection during vMotion. #4484
If you are attached to a container VM that is migrated by vMotion, the SSH connection to the container VM might drop when vMotion completes.
Workaround: Perform docker attach
after the vMotion completes to reattach to the container.
Using volume labels with docker-compose
causes a plugin error. #4540
Setting a label in a volume in the Docker compose YML file results in error looking up volume plugin : plugin not found
.
Workaround: Set the volume driver explicitly as local
or vsphere
in the compose file. E.g.,
volumes:
volume_with_label:
driver: local
vSphere Integrated Containers Management Portal cannot pull images from an insecure vSphere Integrated Containers instance when creating a container using vSphere Integrated Containers Engine. #4706
Creating a container in vSphere Integrated Containers Management Portal with vSphere Integrated Containers Engine as the only Docker host results in the error certificate signed by unknown authority
.
Workarounds: Specify the vSphere Integrated Containers Registry port when you set the vic-machine create--insecure-registry
option, or provide a CA certificate in the --registry-ca
option.
Image store is in the wrong directory if the datastore already has a directory with the same name. #3365
If the datastore already has a directory with the same name as the VCH, and the directory does not have a VM, vic-machine creates the VCH correctly names the folder a slightly different name. Example, folder "test_1" with vch named "test". The kvstore is located in "test_1" folder correctly, but image files are still in the "test" directory.
Deployment with static IP takes a long time. #3436
If you deploy a VCH with a static IP, the deployment might take longer than expected, resulting in timeouts.
Workaround: Increase the timeout for the deployment when using static IP.
Firewall status delayed on vCenter Server. #3139
If you update the firewall rules on an ESXi host to allow access from specific IP addresses, and if that host is managed by vCenter Server, there might be a delay before vCenter Server takes the updated firewall rule into account. In this case, vCenter Server continues to use the old configuration for an indeterminate amount of time after you have made the update. vic-machine create
can successfully deploy a VCH with an address that you have blocked, or else fail when you deploy a VCH with an address that you have permitted.
Workaround: Wait a few minutes and run vic-machine create
again.
--endpoint-memory=4096
which increases the appliance memory configuration.docker pull
results an "already exists" error #1409See also the known issues for each of the vSphere Integrated Containers components:
The copyright statements and licenses applicable to the open source software components distributed in vSphere Integrated Containers Engine are available in the LICENSE file.
For more details on using vSphere Integrated Containers see the end user documentation at https://vmware.github.io/vic-product/#documentation.
Full list of changes from 1.4.3.
vSphere Integrated Containers Engine 1.5.0 includes the following new features:
--storage-quota
option to vic-machine create
and configure
, to set a limit on the amount of storage that a VCH can consume. Read more.vSphere Integrated Containers Engine 1.5.0 includes the following improvements:
COMPOSE_TLS_VERSION
in the env
file that is generated during VCH deployment. Read more.The following issues that were documented as known issues in previous releases or reported by customers have been fixed in v1.5.0:
docker: Error response from daemon: Server error from portlayer: unable to wait for process launch status: container VM has unexpectedly powered off
.docker inspect
. #6010--container-network-gateway
, the gateway is configured correctly but does not show up in the output of docker inspect
commands that are run on containers on that network.See also the resolved issues for each of the other vSphere Integrated Containers components:
With the exception of issues resolved above, v1.5.0 has the same known issues as v1.4.3.
docker exec
should use working directory of container image by default . #8166docker exec
was updated to use the container image working directory as part of the shift to containerd
. vSphere Integrated Containers does not yet implement the exec -w
option, so does not behave consistently with Docker.
Workaround: Use the same approach as was necessary before Docker changed the behavior:
sh -c "cd /desired/dir && command-to-run
Attempts to change operations user permissions with vic-machine configure
do not roll back in the event of a failure. #7814
Changes to the operations user that are made during a failed vic-machine configure
operation persist even after a rollback.
Workaround: In the vSphere Client, go to Administration -> Roles and delete every role that begins with vch
. WARNING: Only perform this workaround if there are no other VCHs running in vCenter Server that are configured with an operations user, as this removes the roles for all VCHs that are running in that vCenter Server instance.
Containers time out while starting with the error context deadline exceeded
. #4294
When this occurs the container VM is not powered off but is left in the Starting
state, and might not have a configured network interface. Also, docker-compose
and other tools that perform operations based on container state might not handle starting correctly. In the case of docker-compose
it does not stop the container before trying to remove it.
Container start failure handled inconsistently. #4294
Deleting multiple VCHs fails. #7020
Deleting multiple VCHs at the same time fails with one of the following errors:
vic/pkg/trace.(*Operation).Err: vic-machine-linux error: context deadline exceeded
.ServerFaultCode: The method is disabled by 'VIC'
Workaround: Try the delete operation again.
vic-machine debug --rootpw
option enables SSH. #6402
If you specify the vic-machine debug --rootpw
option without also specifying --enable-ssh
, SSH access to the VCH is still enabled. This behavior is incorrect and will be fixed in a future release.
Schema 2 image manifests not supported. #5187
vSphere Integrated Containers Engine does not support pulling images that only have schema 2 image manifests. If an image registry offers only the schema 2 manifest for an image, pull
operations fail. This is most commonly seen when pulling an image by digest.
Container VMs deleted between upgrading and rolling back an upgrade on a VCH show up in docker ps
. #5754
If you upgrade a VCH, perform vic-machine delete
on container VMs, then use vic-machine upgrade --rollback
to revert the VCH to the previous version, the cache information in the VCH is reverted. However, the deleted container VM cannot be reverted, so if you run docker ps
, the deleted container VMs are listed.
Workaround: Restart the VCH endpoint VM in the vSphere Client.
docker diff
does not fully work with all containers. #6059
Running docker diff
on certain containers, for example postgres
, results in Error response from daemon: Server error from portlayer: Server error from portlayer: Server error from archive reader for device
.
docker info
does not report secure registries. #6256
Running docker info
on a VCH reports any registries that you have whitelisted, but does not report secure registries that you specified with vic-machine create --registry-ca
.
Enabling content trust in Management Portal does not work if a VCH is in whitelist mode. #6258
If you install a VCH with whiltelist mode enabled, attempting to a enable content trust on a vSphere Integrated Containers Registry in Management Portal does not update the whitelist, and you cannot pull from that registry.
Publishing all exposed ports to random ports with the -P option is not supported. #3000
vSphere Integrated Containers Engine does not support docker create/run -P
.
Occasional disconnection during vMotion. #4484
If you are attached to a container VM that is migrated by vMotion, the SSH connection to the container VM might drop when vMotion completes.
Workaround: Perform docker attach
after the vMotion completes to reattach to the container.
Using volume labels with docker-compose
causes a plugin error. #4540
Setting a label in a volume in the Docker compose YML file results in error looking up volume plugin : plugin not found
.
Workaround: Set the volume driver explicitly as local
or vsphere
in the compose file. E.g.,
volumes:
volume_with_label:
driver: local
vSphere Integrated Containers Management Portal cannot pull images from an insecure vSphere Integrated Containers instance when creating a container using vSphere Integrated Containers Engine. #4706
Creating a container in vSphere Integrated Containers Management Portal with vSphere Integrated Containers Engine as the only Docker host results in the error certificate signed by unknown authority
.
Workarounds: Specify the vSphere Integrated Containers Registry port when you set the vic-machine create--insecure-registry
option, or provide a CA certificate in the --registry-ca
option.
Image store is in the wrong directory if the datastore already has a directory with the same name. #3365
If the datastore already has a directory with the same name as the VCH, and the directory does not have a VM, vic-machine creates the VCH correctly names the folder a slightly different name. Example, folder "test_1" with vch named "test". The kvstore is located in "test_1" folder correctly, but image files are still in the "test" directory.
Deployment with static IP takes a long time. #3436
If you deploy a VCH with a static IP, the deployment might take longer than expected, resulting in timeouts.
Workaround: Increase the timeout for the deployment when using static IP.
Firewall status delayed on vCenter Server. #3139
If you update the firewall rules on an ESXi host to allow access from specific IP addresses, and if that host is managed by vCenter Server, there might be a delay before vCenter Server takes the updated firewall rule into account. In this case, vCenter Server continues to use the old configuration for an indeterminate amount of time after you have made the update. vic-machine create
can successfully deploy a VCH with an address that you have blocked, or else fail when you deploy a VCH with an address that you have permitted.
Workaround: Wait a few minutes and run vic-machine create
again.
--endpoint-memory=4096
which increases the appliance memory configuration.docker pull
results an "already exists" error #1409vic-machine create
validation fails if a dvSwitch exists on an ESXi target #729
See also the known issues for each of the vSphere Integrated Containers components:
The copyright statements and licenses applicable to the open source software components distributed in vSphere Integrated Containers Engine are available in the LICENSE file.
For more details on using vSphere Integrated Containers see the end user documentation at https://vmware.github.io/vic-product/#documentation.
Full list of changes from 1.4.1.
vSphere Integrated Containers Engine 1.4.3 includes the following new features:
vic-machine create --no-proxy
option to skip proxying for certain URLs or domains. Read more.vic-machine
. Read more.vSphere Integrated Containers Engine 1.4.3 includes the following improvements:
vic-machine create
and inspect
. Read more.The following issues that were documented as known issues in previous releases or reported by customers have been fixed in v1.4.3:
mssql
container fails to start. #8141mssql
container in a VCH, the container VM fails to start, with the error This program has encountered a fatal error and cannot continue running
.kill
and stop
commands. When a kill
command is sent to a container, only the top process receives the signal. When a stop
command is sent to a container the stop signal is sent to the top process, and after 10 seconds a SIGKILL
signal is sent to all the member of the process group.Linux systemd[1]: vic-init.service: Main process exited, code=exited, status=2/INVALIDARGUMENT Linux systemd[1]: vic-init.service: Unit entered failed state. Linux systemd[1]: vic-init.service: Failed with result 'exit-code'.This was due to a DHCP lease failure on the management network, after 64 contiguous failures to renew a DHCP lease.
--https-proxy
option does not permit HTTP traffic. #6767--http-proxy
and --https-proxy
fail with the error Could not parse HTTPS proxy - expected format https://fqnd_or_ip:port: http://proxy.gsoa.ddau:8080
.docker exec
returns conflict errors. These errors are expected when multiple operations attempt to modify a containerVM at once; at least one should succeed, with the group as a whole making progress until all are cleanly dispatched. A combination of low level behaviours prevent that consistent progress from occurring. This was mitigated in #7410 in 1.4.1, and is fully fixed in #8180.docker run -d --rm
does not remove all container VMs after the run. Additionally, containers can be orphaned on vSphere, meaning that they are removed from the Docker persona, but the container VM remains in the vCenter Server inventory.docker pull
on Docker store fails. #8138This regression was caused by the implementation of content trust and is now fixed.See also the resolved issues for each of the other vSphere Integrated Containers components:
With the exception of issues resolved above, and the new known issues below, v1.4.3 has the same known issues as v1.4.1.
NFS volume stores do not support FQDN. #8043
When using FQDN to identify NFS shares, it is not possible to set a DNS-Search-List. Container VMs fail to start, with the error docker: Error response from daemon: Server error from portlayer: unable to wait for process launch status: container VM has unexpectedly powered off
.
Workaround: Always use IP addresses for NFS shares.
docker exec
should use working directory of container image by default . #8166docker exec
was updated to use the container image working directory as part of the shift to containerd
. vSphere Integrated Containers does not yet implement the exec -w
option, so does not behave consistently with Docker.
Workaround: Use the same approach as was necessary before Docker changed the behavior:
sh -c "cd /desired/dir && command-to-run
Attempts to change operations user permissions with vic-machine configure
do not roll back in the event of a failure. #7814
Changes to the operations user that are made during a failed vic-machine configure
operation persist even after a rollback.
Workaround: In the vSphere Client, go to Administration -> Roles and delete every role that begins with vch
. WARNING: Only perform this workaround if there are no other VCHs running in vCenter Server that are configured with an operations user, as this removes the roles for all VCHs that are running in that vCenter Server instance.
Containers time out while starting with the error context deadline exceeded
. #4294
When this occurs the container VM is not powered off but is left in the Starting
state, and might not have a configured network interface. Also, docker-compose
and other tools that perform operations based on container state might not handle starting correctly. In the case of docker-compose
it does not stop the container before trying to remove it.
Container start failure handled inconsistently. #4294
Deleting multiple VCHs fails. #7020
Deleting multiple VCHs at the same time fails with one of the following errors:
vic/pkg/trace.(*Operation).Err: vic-machine-linux error: context deadline exceeded
.ServerFaultCode: The method is disabled by 'VIC'
Workaround: Try the delete operation again.
vic-machine debug --rootpw
option enables SSH. #6402
If you specify the vic-machine debug --rootpw
option without also specifying --enable-ssh
, SSH access to the VCH is still enabled. This behavior is incorrect and will be fixed in a future release.
Gateway information is missing from docker inspect
. #6010
If you configured a container network on a VCH, if this network uses DHCP, and if you did not specify --container-network-gateway
, the gateway is configured correctly but does not show up in the output of docker inspect
commands that are run on containers on that network.
Schema 2 image manifests not supported. #5187
vSphere Integrated Containers Engine does not support pulling images that only have schema 2 image manifests. If an image registry offers only the schema 2 manifest for an image, pull
operations fail. This is most commonly seen when pulling an image by digest.
Container VMs deleted between upgrading and rolling back an upgrade on a VCH show up in docker ps
. #5754
If you upgrade a VCH, perform vic-machine delete
on container VMs, then use vic-machine upgrade --rollback
to revert the VCH to the previous version, the cache information in the VCH is reverted. However, the deleted container VM cannot be reverted, so if you run docker ps
, the deleted container VMs are listed.
Workaround: Restart the VCH endpoint VM in the vSphere Client.
docker diff
does not fully work with all containers. #6059
Running docker diff
on certain containers, for example postgres
, results in Error response from daemon: Server error from portlayer: Server error from portlayer: Server error from archive reader for device
.
docker info
does not report secure registries. #6256
Running docker info
on a VCH reports any registries that you have whitelisted, but does not report secure registries that you specified with vic-machine create --registry-ca
.
Enabling content trust in Management Portal does not work if a VCH is in whitelist mode. #6258
If you install a VCH with whiltelist mode enabled, attempting to a enable content trust on a vSphere Integrated Containers Registry in Management Portal does not update the whitelist, and you cannot pull from that registry.
Publishing all exposed ports to random ports with the -P option is not supported. #3000
vSphere Integrated Containers Engine does not support docker create/run -P
.
Occasional disconnection during vMotion. #4484
If you are attached to a container VM that is migrated by vMotion, the SSH connection to the container VM might drop when vMotion completes.
Workaround: Perform docker attach
after the vMotion completes to reattach to the container.
Using volume labels with docker-compose
causes a plugin error. #4540
Setting a label in a volume in the Docker compose YML file results in error looking up volume plugin : plugin not found
.
Workaround: Set the volume driver explicitly as local
or vsphere
in the compose file. E.g.,
volumes:
volume_with_label:
driver: local
vSphere Integrated Containers Management Portal cannot pull images from an insecure vSphere Integrated Containers instance when creating a container using vSphere Integrated Containers Engine. #4706
Creating a container in vSphere Integrated Containers Management Portal with vSphere Integrated Containers Engine as the only Docker host results in the error certificate signed by unknown authority
.
Workarounds: Specify the vSphere Integrated Containers Registry port when you set the vic-machine create--insecure-registry
option, or provide a CA certificate in the --registry-ca
option.
Image store is in the wrong directory if the datastore already has a directory with the same name. #3365
If the datastore already has a directory with the same name as the VCH, and the directory does not have a VM, vic-machine creates the VCH correctly names the folder a slightly different name. Example, folder "test_1" with vch named "test". The kvstore is located in "test_1" folder correctly, but image files are still in the "test" directory.
Deployment with static IP takes a long time. #3436
If you deploy a VCH with a static IP, the deployment might take longer than expected, resulting in timeouts.
Workaround: Increase the timeout for the deployment when using static IP.
Firewall status delayed on vCenter Server. #3139
If you update the firewall rules on an ESXi host to allow access from specific IP addresses, and if that host is managed by vCenter Server, there might be a delay before vCenter Server takes the updated firewall rule into account. In this case, vCenter Server continues to use the old configuration for an indeterminate amount of time after you have made the update. vic-machine create
can successfully deploy a VCH with an address that you have blocked, or else fail when you deploy a VCH with an address that you have permitted.
Workaround: Wait a few minutes and run vic-machine create
again.
--endpoint-memory=4096
which increases the appliance memory configuration.docker pull
results an "already exists" error #1409vic-machine create
validation fails if a dvSwitch exists on an ESXi target #729
See also the known issues for each of the vSphere Integrated Containers components:
The copyright statements and licenses applicable to the open source software components distributed in vSphere Integrated Containers Engine are available in the LICENSE file.