VMware Fusion Project Nautilus 小記
OS: macOS Mojave (10.14.6)
VMware: VMware Fusion 15.5.5
vctl: 1.0.0
這邊 Blog 來自於在 VMware Fusion Blog 的一篇文章
裡面有提到 Project Nautilus
Project Nautilus enables Fusion to run OCI compliant containers on the Mac in a different way than folks might be used to. Our initial release can run containers, but as we grow we’re working towards being able to declare full kubernetes clusters on the desktop.
By leveraging innovations we’re making in Project Pacific, and a bevy of incredible open source projects such as runC, containerD, Cri-O, Kubernetes and more, we’re aiming to make containers first-class citizens, in both Fusion and Workstation, right beside virtual machines.
Currently a command-line oriented user-experience, we’ve introduced a new tool for controlling containers and the necessary system services in VMware Fusion and Workstation: vctl.
簡單來說, Project Nautilus 就是讓 VMware Fusion + 日後的 VMware Workstation 上面可以執行符合 OCI (Open Container Initiative) 的容器標準的架構. 從另外一個方面來說, 裝了 VMware Fusion 之後, 就可以在 Mac 上面執行容器的指令來管理與執行容器, 而不一定要裝 docker 應用程式.
第一個想法一定是, 我有安裝 Docker for Mac, 那爲何要使用 Nautilus ? 差異在那邊呢?
根據 VMware Fusion blog 的介紹 ”we’ve created a very special, ultra-lightweight virtual machine-like process for isolating the container host kernel from the Host system. We call that process a PodVM or a ‘Native Pod’”. 有空也可以看看這篇 Project Pacific Technical Overview for New Users
Each Container get’s its own Pod, and each Pod gets its own IP address from a custom VMnet, which can be easily seen when inspecting the container’s details after it launches. Meaning, we can easily consume running services without have to deal with port forwarding back to localhost.
It also means that while today we deploy the container image in a pod on a custom vmnet, we can conceivably change that to a bridged network… Meaning you could start a container, the pod would would get an IP from the LAN, and you can then immediately share that IP to anyone else on the LAN to consume that service, without port forwarding.
One of our goals is to bring to bear a new model for design much more complex deployments. We see a future where we can define, within a single file, a multi container + VM + kubernetes cluster deployment, allowing users to accelerate their application modernization.
這篇介紹 Nautilus 的文章是 2020年 1 月份的文章, 那個時候 Nautilus 是在 Tech Preview 20H1 取得, 但是目前是 VMware Fusion 15.5.5 與 20H2 都有包含
vctl' is included with Fusion 11.5.5 and the 20H2 Tech Preview of VMware Fusion
可以參考 VMware Fusion 15.5.5 的 Release notes (2020/5/28)
https://docs.vmware.com/en/VMware-Fusion/11.5.0/rn/VMware-Fusion-1155-Release-Notes.html
Container Support: pull, push, build images and run containers with the vctl command.
所以這樣就很有動力將我的 VMware Fusion Pro 升級到 15.5.5, 原本是 15.5但是沒啥動力升級 :)
將 VMware Fusion Pro 升級到 15.5.5 之後就可以來進行測試了
首先打開 Mac 的終端機, 輸入 vctl
$ vctl
vctl - A CLI tool for the Nautilus Container Engine powered by VMware Fusion
vctl Highlights:
• Build and run OCI containers.
• Push and pull container images between remote registries & local storage.
• Use a lightweight virtual machine (CRX VM) based on VMware Photon OS to host a container. Use 'vctl system config -h' to learn more.
• Easy shell access into virtual machine that hosts container. See 'vctl execvm’.
USAGE:
vctl COMMAND [OPTIONS]
COMMANDS:
build Build a container image from a Dockerfile.
create Create a new container from a container image.
describe Show details of a container.
exec Execute a command within a running container.
execvm Execute a command within a running virtual machine that hosts container.
help Help about any command.
images List container images.
ps List containers.
pull Pull a container image from a registry.
push Push a container image to a registry.
rm Remove one or more containers.
rmi Remove one or more container images.
run Run a new container from a container image.
start Start an existing container.
stop Stop a container.
system Manage the Nautilus Container Engine.
tag Tag container images.
version Print the version of vctl.
Run 'vctl COMMAND --help' for more information on a command.
OPTIONS:
-h, --help Help for vctl
這邊針對 vctl 進行說明還有列出相關指令
首先關注的是 vctl system
首先先觀察相關資訊
$ vctl system info
Container runtime is stopped.
Use 'vctl system start' to start.
Container runtime path: /Applications/VMware Fusion.app/Contents/Library/vkd/bin/containerd
Log file: not set
Log level: info
Config: /Users/max/.vctl/config.toml
Virtual machine CPU (cores): 2
Virtual machine memory (MB): 1024
Host network:
DMG file: /Users/max/.vctl/Fusion Container Storage.sparseimage
Storage mount point: /Users/max/.vctl/storage
這邊可以看到目前 服務還沒有啟動, 後續可以透過 vctl system start 來啓動
相關設定會在 ~/.vctl/config.toml
Runtime 使用 containerd
觀察設定檔
$ cat ~/.vctl/config.toml
root = "/Users/max/.vctl/storage/containerd/root"
state = "/Users/max/.vctl/storage/containerd/state"
[GRPC]
address = "/Users/max/.vctl/storage/containerd/run/containerd/containerd.sock"
uid = 501
gid = 20
[Debug]
address = "/Users/max/.vctl/storage/containerd/run/containerd/debug.sock"
uid = 501
gid = 20
level = "Debug"
[plugins.opt]
path = "/Users/max/.vctl/opt/containerd"
啟動服務
$ vctl system start
Preparing storage...
Container storage has been prepared successfully under /Users/max/.vctl/storage
Preparing container network, you may be prompted to input password for administrative operations...
Password: 輸入密碼
Container network has been prepared successfully using vmnet: vmnet9
Launching container runtime...
Container runtime has been started.
這邊會設定 storage 與網路, 這個跟直接下 vctl system config 作用應該是一樣
啟動之後, 可以觀察到桌面上會出現 Fusion Container Storage 的磁碟
如果有進行比對的話, 這個磁碟的內容就等於是 ~/.vctl/storage/ 的內容 :)
再次觀察相關資訊
$ vctl system info
Container runtime is running.
Use 'vctl system stop' to stop.
Container runtime path: /Applications/VMware Fusion.app/Contents/Library/vkd/bin/containerd
Process ID: 20064
Log file: /Users/max/.vctl/containerd.log
Log level: info
Config: /Users/max/.vctl/config.toml
Virtual machine CPU (cores): 2
Virtual machine memory (MB): 1024
Host network: vmnet9
DMG file: /Users/max/.vctl/Fusion Container Storage.sparseimage
Storage mount point: /Users/max/.vctl/storage
這邊可以看到 containerd 執行的 PID / Log file / Log level
接下來我們來列出目前的 container image
$ vctl images
──── ───────────── ────
NAME CREATION TIME SIZE
──── ───────────── ────
這邊有兩個意義, 一個是先觀察是否有 image, 另外也看看 docker 套件的 images 是否看得到 :)
嘗試下載 image
$ vctl pull nginx
INFO Pulling from index.docker.io/library/nginx:latest
─ ────── ────────
REF STATUS PROGRESS
─── ────── ────────
index-sha256:21f32f6c08406306d822a0e6e8b7dc81f53f336570e852e25fbe1e3e3d0d0133 Done 100% (1862/1862)
manifest-sha256:0efad4d09a419dc6d574c3c3baacb804a530acd61d5eba72cb1f14e1f5ac0c8f Done 100% (1362/1362)
layer-sha256:1e22bfa8652e0db3a316e2c946ea048b60560630d4faa58405da4c5fcdb3ff07 Done 100% (672/672)
layer-sha256:8d69e59170f7dac013ef436408ed9ddc688dd9ad3bc030bd868add55a77e25f8 Done 100% (26212264/26212264)
config-sha256:2622e6cca7ebbb6e310743abce3fc47335393e79171b9d76ba9d4f446ce7b163 Done 100% (7510/7510)
layer-sha256:3f9f1ec1d262b2889a5fc19bf295f48346dbd8238e22f3eb3dd8a907ca002372 Done 100% (538/538)
layer-sha256:8559a31e96f442f2c7b6da49d6c84705f98a39d8be10b3f5f14821d0ee8417df Done 100% (27098265/27098265)
layer-sha256:d1f5ff4f210df5d5f6bf48438d33ba0d086c4e08a803acf22292ccd4ede92bd2 Done 100% (902/902)
INFO Unpacking nginx:latest...
INFO done
這邊可以觀察到如果不指定 container registry 路徑, 預設會從 docker.io 抓
觀察相關資訊
$ vctl images
──── ───────────── ────
NAME CREATION TIME SIZE
──── ───────────── ────
nginx:latest 2020-06-26T16:00:32+08:00 50.9 MiB
這邊其實比較好奇的是 nginx in nautilus 的 size 顯示比 docker 來的小 ?
下載的 image 看起來會存放在剛剛掛載起來的 Fusion Container Storage, 有興趣的可以觀察相關內容
接下來進行執行 container 的準備
$ vctl run --help
Run a new container from a container image.
Create and start a container with the given name, from the specified container image, then run a command in it.
* Every container runs in a separate virtual machine (CRX VM), the virtual machine is created with the same name as the container and starts up when a container starts. It shuts down and is removed when the container stops.
* Use '--memory' and '--cpus' to make specific configurations to the CPU and memory that is available to the container.
* A container running in a virtual machine shares the memory with its hosting virtual machine. (e.g. Within a virtual machine with 1024MB memory, max memory available for the container will be 512MB, and rest of the memory are reserved for the operating system.)
* Use 'vctl system config' to manage the default settings of the virtual machine hosting container. (e.g. vctl system config --vm-mem 2048)
* If no COMMAND is provided, the default command from the image will be executed.
* When '--keepVM' is used, use 'vmrun stop VMX' to manually stop the host virtual machine before using the container again.
USAGE:
vctl run [OPTIONS] IMAGE [COMMAND] [ARGUMENTS...]
OPTIONS:
-c, --cpus int Number of CPU cores (default 2)
-d, --detach Run the container in background
--entrypoint string Override the default entrypoint of the container image
-e, --env strings Environment variables to set in the container
-h, --help Help for run
--hostname string Host name of the container
-i, --interactive Keep STDIN open even if not attached
--keepVM [EXPERIMENTAL] Keep the host virtual machine running after container stops
-l, --label strings Set additional labels to the container (e.g. foo=bar)
-m, --memory int Limit on memory available to the container (in MB, must be a multiple of 4) (default 512)
-n, --name string Assign a name to the container
-r, --privileged Run the container with extended privileges
-p, --publish strings Bind host network ports to container ports
-t, --tty Allocate a terminal for the container
-v, --volume strings Bind host folders to container folders
-w, --workdir string Working directory of the new process
這邊比較不一樣的就是, Nautilus 在啟動 container 的時候. 會在個別的 VM 內(名稱一樣)
所以開始執行前先來觀察一下 VM 以及 container
$ vmrun list
Total running VMs: 0
$ vctl ps
──── ───── ─────── ── ───── ────── ─────────────
NAME IMAGE COMMAND IP PORTS STATUS CREATION TIME
──── ───── ─────── ── ───── ────── ─────────────
來執行 container 試試看
$ vctl run -d nginx
INFO container nginx-08e4 started and detached from current session
觀察資訊
$ vmrun list
Total running VMs: 1
/Users/max/.vctl/.r/vms/nginx-08e4/nginx-08e4.vmx
$ vctl ps
──── ───── ─────── ── ───── ────── ─────────────
NAME IMAGE COMMAND IP PORTS STATUS CREATION TIME
──── ───── ─────── ── ───── ────── ─────────────
nginx-08e4 nginx:latest /docker-entrypoint.s... 172.16.1.128 n/a running 2020-06-26T16:56:22+08:00
這邊可以觀察到 container 建立起來之後, 會建立一個同樣名稱的VM, 然後跟 docker 套件底下不同的是, container 是拿到 vmnet9 子網路的 IP 172.16.1.128 ( 可以使用NAT ), 而不是透過 本機 localhost 去做 port forward 方式
然後該 container 的磁碟也會被掛載起來並顯示
觀察 container 詳細資訊
$ vctl describe nginx-08e4
Name: nginx-08e4
Status: running
Command: /docker-entrypoint.sh nginx -g daemon off;
Container rootfs in host: /Users/max/.vctl/storage/containerd/state/io.containerd.runtime.v2.task/vctl/nginx-08e4/rootfs
IP address: 172.16.1.128
Creation time: 2020-06-26T16:56:22+08:00
Image name: nginx:latest
Image size: 50.9 MiB
Host virtual machine: /Users/max/.vctl/.r/vms/nginx-08e4/nginx-08e4.vmx
Container rootfs in VM: /.containers/nginx-08e4
Access in host VM: vctl execvm --sh -c nginx-08e4
Exec in host VM: vctl execvm -c nginx-08e4 /bin/ls
嘗試連入操作
$ vctl execvm --sh -c nginx-08e4
sh-4.4# ls
bin dev lib proc run sys usr
cgroup etc lib64 rootfs sbin tmp var
sh-4.4# exit
接下來嘗試停止 container
$ vctl stop nginx-08e4
INFO container nginx-08e4 has been stopped
$ vctl ps -a
──── ───── ─────── ── ───── ────── ─────────────
NAME IMAGE COMMAND IP PORTS STATUS CREATION TIME
──── ───── ─────── ── ───── ────── ─────────────
nginx-08e4 nginx:latest /docker-entrypoint.s... n/a n/a stopped 2020-06-26T16:56:22+08:00
$ vmrun list
Total running VMs: 0
這邊可以觀察一個有趣的現象, container 被停止後, VM 就被移除了
接下來移除 container
$ vctl rm nginx-08e4
──── ────── ──────
NAME RESULT REASON
──── ────── ──────
nginx-08e4 REMOVED
$ vctl run -d -p 80:80 nginx
INFO setting up port forwardings. you may be prompted to input password for administrative operations
Password: 輸入密碼
INFO container nginx-b589 started and detached from current session
這邊因為要做 port forwardings, 所以會要求輸入密碼
網路上看到有人是 VMware Fusion 而不是 VMware Fusion Pro 無法轉 port, 因為我是 VMware Fusion Pro 所以無法驗證
$ vctl ps
──── ───── ─────── ── ───── ────── ─────────────
NAME IMAGE COMMAND IP PORTS STATUS CREATION TIME
──── ───── ─────── ── ───── ────── ─────────────
nginx-b589 nginx:latest /docker-entrypoint.s... 172.16.1.129 80:80 running 2020-06-26T17:24:53+08:00
開啟瀏覽器測試
快樂的看到 nginx 首頁
就代表這次的小記可以收工了
最後小結一下心得
在 Mac 環境可以多一種測試 container 的工具, 如果本來就有 VMware Fusion 的話非常方便
不需要處理 localhost 的 port forward, 因為 Nautilus 會針對每個 container 開台獨立的 VM, 連線或是相關處理應該會變得簡單
~ enjoy it
Reference
https://blogs.vmware.com/teamfusion/2020/01/fusion-tp20h1-introducing-nautilus.html
https://medium.com/@lnmei/project-pacific-technical-overview-for-new-users-b7b32a8c2e35
https://github.com/VMwareFusion/nautilus/blob/master/docs/getting-started.md
https://blogs.vmware.com/teamfusion/2020/05/fusion-11-5-now-supports-containers.html
https://www.techcrumble.net/2020/02/start-working-with-vmware-fusion-project-nautilus/
https://medium.com/@jeff.wu.junfei/project-nautilus-a-new-container-runtime-d7c3574d2ae0