星期五, 6月 26, 2020

VMware Fusion Project Nautilus 小記

VMware Fusion Project Nautilus 小記



OS: macOS Mojave (10.14.6)

VMware:  VMware Fusion 15.5.5

vctl: 1.0.0 


這邊 Blog 來自於在 VMware Fusion Blog 的一篇文章


裡面有提到 Project Nautilus

  • 專案網頁: https://vmwarefusion.github.io/

  • Github: https://github.com/VMwareFusion/nautilus

  • Project Nautilus enables Fusion to run OCI compliant containers on the Mac in a different way than folks might be used to. Our initial release can run containers, but as we grow we’re working towards being able to declare full kubernetes clusters on the desktop.

  • By leveraging innovations we’re making in Project Pacific, and a bevy of incredible open source projects such as runC, containerD, Cri-O, Kubernetes and more, we’re aiming to make containers first-class citizens, in both Fusion and Workstation, right beside virtual machines.

  • Currently a command-line oriented user-experience, we’ve introduced a new tool for controlling containers and the necessary system services in VMware Fusion and Workstation: vctl.


簡單來說, Project Nautilus 就是讓 VMware Fusion + 日後的 VMware Workstation 上面可以執行符合 OCI (Open Container Initiative) 的容器標準的架構.  從另外一個方面來說, 裝了 VMware Fusion 之後, 就可以在 Mac 上面執行容器的指令來管理與執行容器, 而不一定要裝 docker 應用程式.


第一個想法一定是, 我有安裝 Docker for Mac, 那爲何要使用 Nautilus ? 差異在那邊呢?

  • 根據 VMware Fusion blog 的介紹 ”we’ve created a very special, ultra-lightweight virtual machine-like process for isolating the container host kernel from the Host system. We call that process a PodVM or a ‘Native Pod’”. 有空也可以看看這篇 Project Pacific Technical Overview for New Users

  • Each Container get’s its own Pod, and each Pod gets its own IP address from a custom VMnet, which can be easily seen when inspecting the container’s details after it launches. Meaning, we can easily consume running services without have to deal with port forwarding back to localhost.

  • It also means that while today we deploy the container image in a pod on a custom vmnet, we can conceivably change that to a bridged network… Meaning you could start a container, the pod would would get an IP from the LAN, and you can then immediately share that IP to anyone else on the LAN to consume that service, without port forwarding.

  • One of our goals is to bring to bear a new model for design much more complex deployments. We see a future where we can define, within a single file, a multi container + VM + kubernetes cluster deployment, allowing users to accelerate their application modernization.


這篇介紹 Nautilus 的文章是 2020年 1 月份的文章, 那個時候 Nautilus 是在 Tech Preview 20H1 取得, 但是目前是 VMware Fusion 15.5.5 與 20H2 都有包含 


所以這樣就很有動力將我的 VMware Fusion Pro 升級到 15.5.5, 原本是 15.5但是沒啥動力升級 :)


將 VMware Fusion Pro 升級到 15.5.5 之後就可以來進行測試了


首先打開 Mac 的終端機, 輸入 vctl


$ vctl 


vctl - A CLI tool for the Nautilus Container Engine powered by VMware Fusion

vctl Highlights:

• Build and run OCI containers.

• Push and pull container images between remote registries & local storage.

• Use a lightweight virtual machine (CRX VM) based on VMware Photon OS to host a container. Use 'vctl system config -h' to learn more.

• Easy shell access into virtual machine that hosts container. See 'vctl execvm’.


USAGE:

  vctl COMMAND [OPTIONS]


COMMANDS:

  build       Build a container image from a Dockerfile.

  create      Create a new container from a container image.

  describe    Show details of a container.

  exec        Execute a command within a running container.

  execvm      Execute a command within a running virtual machine that hosts container.

  help        Help about any command.

  images      List container images.

  ps          List containers.

  pull        Pull a container image from a registry.

  push        Push a container image to a registry.

  rm          Remove one or more containers.

  rmi         Remove one or more container images.

  run         Run a new container from a container image.

  start       Start an existing container.

  stop        Stop a container.

  system      Manage the Nautilus Container Engine.

  tag         Tag container images.

  version     Print the version of vctl.


Run 'vctl COMMAND --help' for more information on a command.


OPTIONS:

  -h, --help   Help for vctl


  • 這邊針對 vctl 進行說明還有列出相關指令


首先關注的是 vctl system


首先先觀察相關資訊

$ vctl  system  info


Container runtime is stopped.

Use 'vctl system start' to start.

Container runtime path:       /Applications/VMware Fusion.app/Contents/Library/vkd/bin/containerd

Log file:                     not set

Log level:                    info

Config:                       /Users/max/.vctl/config.toml

Virtual machine CPU (cores):  2

Virtual machine memory (MB):  1024

Host network:                 

DMG file:                     /Users/max/.vctl/Fusion Container Storage.sparseimage

Storage mount point:          /Users/max/.vctl/storage


  • 這邊可以看到目前 服務還沒有啟動, 後續可以透過 vctl system start 來啓動

  • 相關設定會在 ~/.vctl/config.toml

  • Runtime 使用 containerd


觀察設定檔

$ cat  ~/.vctl/config.toml 


root = "/Users/max/.vctl/storage/containerd/root"

state = "/Users/max/.vctl/storage/containerd/state"


[GRPC]

  address = "/Users/max/.vctl/storage/containerd/run/containerd/containerd.sock"

  uid = 501

  gid = 20


[Debug]

  address = "/Users/max/.vctl/storage/containerd/run/containerd/debug.sock"

  uid = 501

  gid = 20

  level = "Debug"


[plugins.opt]

  path = "/Users/max/.vctl/opt/containerd"


啟動服務


$ vctl  system start


Preparing storage...

Container storage has been prepared successfully under /Users/max/.vctl/storage

Preparing container network, you may be prompted to input password for administrative operations...

Password: 輸入密碼

Container network has been prepared successfully using vmnet: vmnet9

Launching container runtime...

Container runtime has been started.


  • 這邊會設定 storage 與網路, 這個跟直接下  vctl system config 作用應該是一樣


啟動之後, 可以觀察到桌面上會出現 Fusion Container Storage 的磁碟



如果有進行比對的話, 這個磁碟的內容就等於是 ~/.vctl/storage/ 的內容 :)

再次觀察相關資訊


$ vctl system info


Container runtime is running.

Use 'vctl system stop' to stop.

Container runtime path:       /Applications/VMware Fusion.app/Contents/Library/vkd/bin/containerd

Process ID:                   20064

Log file:                     /Users/max/.vctl/containerd.log

Log level:                    info

Config:                       /Users/max/.vctl/config.toml

Virtual machine CPU (cores):  2

Virtual machine memory (MB):  1024

Host network:                 vmnet9

DMG file:                     /Users/max/.vctl/Fusion Container Storage.sparseimage

Storage mount point:          /Users/max/.vctl/storage


  • 這邊可以看到 containerd 執行的 PID / Log file / Log level



接下來我們來列出目前的 container image


$ vctl  images


────   ─────────────   ────   

NAME   CREATION TIME   SIZE   

────   ─────────────   ────   


  • 這邊有兩個意義, 一個是先觀察是否有 image, 另外也看看 docker 套件的 images 是否看得到 :)


嘗試下載 image


$ vctl  pull  nginx


INFO Pulling from index.docker.io/library/nginx:latest 

─                                                                                ──────   ────────                   

REF                                                                                STATUS   PROGRESS                   

───                                                                                ──────   ────────                   

index-sha256:21f32f6c08406306d822a0e6e8b7dc81f53f336570e852e25fbe1e3e3d0d0133      Done     100% (1862/1862)           

manifest-sha256:0efad4d09a419dc6d574c3c3baacb804a530acd61d5eba72cb1f14e1f5ac0c8f   Done     100% (1362/1362)           

layer-sha256:1e22bfa8652e0db3a316e2c946ea048b60560630d4faa58405da4c5fcdb3ff07      Done     100% (672/672)             

layer-sha256:8d69e59170f7dac013ef436408ed9ddc688dd9ad3bc030bd868add55a77e25f8      Done     100% (26212264/26212264)   

config-sha256:2622e6cca7ebbb6e310743abce3fc47335393e79171b9d76ba9d4f446ce7b163     Done     100% (7510/7510)           

layer-sha256:3f9f1ec1d262b2889a5fc19bf295f48346dbd8238e22f3eb3dd8a907ca002372      Done     100% (538/538)             

layer-sha256:8559a31e96f442f2c7b6da49d6c84705f98a39d8be10b3f5f14821d0ee8417df      Done     100% (27098265/27098265)   

layer-sha256:d1f5ff4f210df5d5f6bf48438d33ba0d086c4e08a803acf22292ccd4ede92bd2      Done     100% (902/902)             

INFO Unpacking nginx:latest...                    

INFO done                                         


  • 這邊可以觀察到如果不指定 container registry 路徑, 預設會從 docker.io 抓


觀察相關資訊

$ vctl   images


────           ─────────────               ────       

NAME           CREATION TIME               SIZE       

────           ─────────────               ────       

nginx:latest   2020-06-26T16:00:32+08:00   50.9 MiB   


  • 這邊其實比較好奇的是 nginx in nautilus 的 size 顯示比 docker 來的小 ?


下載的 image 看起來會存放在剛剛掛載起來的 Fusion Container Storage, 有興趣的可以觀察相關內容


接下來進行執行 container 的準備


$ vctl  run --help


Run a new container from a container image.

Create and start a container with the given name, from the specified container image, then run a command in it.

* Every container runs in a separate virtual machine (CRX VM), the virtual machine is created with the same name as the container and starts up when a container starts. It shuts down and is removed when the container stops.

* Use '--memory' and '--cpus' to make specific configurations to the CPU and memory that is available to the container.

* A container running in a virtual machine shares the memory with its hosting virtual machine. (e.g. Within a virtual machine with 1024MB memory, max memory available for the container will be 512MB, and rest of the memory are reserved for the operating system.)

* Use 'vctl system config' to manage the default settings of the virtual machine hosting container. (e.g. vctl system config --vm-mem 2048)

* If no COMMAND is provided, the default command from the image will be executed.

* When '--keepVM' is used, use 'vmrun stop VMX' to manually stop the host virtual machine before using the container again.


USAGE:

  vctl run [OPTIONS] IMAGE [COMMAND] [ARGUMENTS...]


OPTIONS:

  -c, --cpus int            Number of CPU cores (default 2)

  -d, --detach              Run the container in background

      --entrypoint string   Override the default entrypoint of the container image

  -e, --env strings         Environment variables to set in the container

  -h, --help                Help for run

      --hostname string     Host name of the container

  -i, --interactive         Keep STDIN open even if not attached

      --keepVM              [EXPERIMENTAL] Keep the host virtual machine running after container stops

  -l, --label strings       Set additional labels to the container (e.g. foo=bar)

  -m, --memory int          Limit on memory available to the container (in MB, must be a multiple of 4) (default 512)

  -n, --name string         Assign a name to the container

  -r, --privileged          Run the container with extended privileges

  -p, --publish strings     Bind host network ports to container ports

  -t, --tty                 Allocate a terminal for the container

  -v, --volume strings      Bind host folders to container folders

  -w, --workdir string      Working directory of the new process


  • 這邊比較不一樣的就是, Nautilus 在啟動 container 的時候. 會在個別的 VM 內(名稱一樣)


所以開始執行前先來觀察一下 VM 以及 container


$ vmrun  list


Total running VMs: 0


$ vctl  ps 


────   ─────   ───────   ──   ─────   ──────   ─────────────   

NAME   IMAGE   COMMAND   IP   PORTS   STATUS   CREATION TIME   

────   ─────   ───────   ──   ─────   ──────   ─────────────   


來執行 container 試試看


$ vctl run -d nginx


INFO container nginx-08e4 started and detached from current session 


觀察資訊


$ vmrun list


Total running VMs: 1

/Users/max/.vctl/.r/vms/nginx-08e4/nginx-08e4.vmx


$ vctl ps


────         ─────          ───────                   ──             ─────   ──────    ─────────────               

NAME         IMAGE          COMMAND                   IP             PORTS   STATUS    CREATION TIME               

────         ─────          ───────                   ──             ─────   ──────    ─────────────               

nginx-08e4   nginx:latest   /docker-entrypoint.s...   172.16.1.128   n/a     running   2020-06-26T16:56:22+08:00   




  • 這邊可以觀察到 container 建立起來之後, 會建立一個同樣名稱的VM, 然後跟 docker 套件底下不同的是, container 是拿到 vmnet9 子網路的 IP 172.16.1.128 ( 可以使用NAT ), 而不是透過 本機 localhost 去做 port forward 方式

  • 然後該 container 的磁碟也會被掛載起來並顯示 


觀察 container 詳細資訊

$ vctl  describe  nginx-08e4


Name:                       nginx-08e4

Status:                     running

Command:                    /docker-entrypoint.sh nginx -g daemon off;

Container rootfs in host:   /Users/max/.vctl/storage/containerd/state/io.containerd.runtime.v2.task/vctl/nginx-08e4/rootfs

IP address:                 172.16.1.128

Creation time:              2020-06-26T16:56:22+08:00

Image name:                 nginx:latest

Image size:                 50.9 MiB

Host virtual machine:       /Users/max/.vctl/.r/vms/nginx-08e4/nginx-08e4.vmx

Container rootfs in VM:     /.containers/nginx-08e4

Access in host VM:          vctl execvm --sh -c nginx-08e4

Exec in host VM:            vctl execvm -c nginx-08e4 /bin/ls


嘗試連入操作

$ vctl  execvm --sh  -c  nginx-08e4


sh-4.4# ls

bin     dev  lib    proc    run   sys  usr  

cgroup  etc  lib64  rootfs  sbin  tmp  var  

sh-4.4#  exit


接下來嘗試停止 container

$ vctl  stop  nginx-08e4


INFO container nginx-08e4 has been stopped  



$ vctl  ps  -a


────         ─────          ───────                   ──    ─────   ──────    ─────────────               

NAME         IMAGE          COMMAND                   IP    PORTS   STATUS    CREATION TIME               

────         ─────          ───────                   ──    ─────   ──────    ─────────────               

nginx-08e4   nginx:latest   /docker-entrypoint.s...   n/a   n/a     stopped   2020-06-26T16:56:22+08:00   


$ vmrun list


Total running VMs: 0


  • 這邊可以觀察一個有趣的現象, container 被停止後, VM 就被移除了


接下來移除 container


$ vctl  rm nginx-08e4


────         ──────    ──────   

NAME         RESULT    REASON   

────         ──────    ──────   

nginx-08e4   REMOVED            



$ vctl  run -d -p 80:80 nginx


INFO setting up port forwardings. you may be prompted to input password for administrative operations 

Password: 輸入密碼

INFO container nginx-b589 started and detached from current session 


  • 這邊因為要做 port forwardings, 所以會要求輸入密碼

  • 網路上看到有人是 VMware Fusion 而不是 VMware Fusion Pro 無法轉 port, 因為我是 VMware Fusion Pro 所以無法驗證


$ vctl  ps


────         ─────          ───────                   ──             ─────   ──────    ─────────────               

NAME         IMAGE          COMMAND                   IP             PORTS   STATUS    CREATION TIME               

────         ─────          ───────                   ──             ─────   ──────    ─────────────               

nginx-b589   nginx:latest   /docker-entrypoint.s...   172.16.1.129   80:80   running   2020-06-26T17:24:53+08:00 



開啟瀏覽器測試



快樂的看到 nginx 首頁

就代表這次的小記可以收工了


最後小結一下心得

  • 在 Mac 環境可以多一種測試 container 的工具, 如果本來就有 VMware Fusion 的話非常方便 

  • 不需要處理 localhost 的 port forward, 因為 Nautilus 會針對每個 container 開台獨立的 VM, 連線或是相關處理應該會變得簡單


~ enjoy it



Reference