vmware-archive / admiral Goto Github PK

Hi,

Can you make it possible to support custom container with more than 2 path components?
In docker specifications (https://github.com/docker/distribution/blob/master/docs/spec/api.md), it stands that image name CAN have more the two path components:

Classically, repository names have always been two path components where each path component is less than 30 characters. The V2 registry API does not enforce this. The rules for a repository name are as follows:

1. A repository name is broken up into path components. A component of a repository name must be at least one lowercase, alpha-numeric characters, optionally separated by periods, dashes or underscores. More strictly, it must match the regular expression [a-z0-9]+(?:[._-][a-z0-9]+)*.
2. If a repository name has two or more path components, they must be separated by a forward slash ("/").
3. The total length of a repository name, including slashes, must be less than 256 characters.

Now, admiral provisionning fails when I try to deploy an image with more than 2 paths with error "Invalid image format", probably in com/vmware/admiral/adapter/docker/util/DockerImage.java class.

Thank you in advance for your help!

Best regards,
Natalia

A feature like this would be very useful, for when i'm running a number of containers but need to change a single configuration variable. Docker by itself doesnt support this, but all I would need is a solution to copy an existing container's settings to an editable file to re-deploy after changing settings. Previous solutions have required me to memorize certain parameters when redeploying containers.

Templates are like docker compose, but this feature can extend their capability so that you can re-deploy containers much quicker than creating a new compose file and filling out the settings again manually.

• [BE] Restrict the delete API access to Cloud Admins
• [BE] Handle the case of deleting a Project with resources being used
• [UI] Create UI to delete a Project

I ran into an issue where I ran:

docker tag busybox harbor.local:80/library/busybox:1.0
docker push harbor.local:80/library/busybox:1.0

In the Admiral GUI, it showed the available image library/busybox. When I attempted to run it, however, it failed with this error:

Error: Error: image library/busybox not found; Reason: {"status":"Pulling repository harbor.local:80/library/busybox"}
 {"errorDetail":{"message":"Error: image library/busybox not found"},"error":"Error: image library/busybox not found"}

I was able to fix it by adding a non-tag tag and pushing it to harbor:

docker tag busybox harbor.local:80/library/busybox
docker push harbor.local:80/library/busybox
The push refers to a repository [harbor.local:80/library/busybox]
8ac8bfaff55a: Layer already exists
1.0: digest: sha256:a59906e33509d14c036c8678d687bd4eec81ed7c4b8ce907b888c607f6a1e0e6 size: 505
8ac8bfaff55a: Layer already exists
latest: digest: sha256:a59906e33509d14c036c8678d687bd4eec81ed7c4b8ce907b888c607f6a1e0e6 size: 505

The GUI didn't change in Admiral (still only showed library/busybox) but it provisioned correctly. Not sure if this is an Admiral or Harbor issue, but figure I'd start here.

It seems current version only support docker remote API 1.19. So i can't use it to add host which has docker 1.12.1 (remote API 1.24).

Thanks,

We need a service to register the assignments between projects, members & role.

• Add administrators and members groups to the project service
• Automatically create administrators and members groups when creating a new project
• Support for expanded project state (returns all project administrators and members on GET request for /projects/{id}?expand=true)
• Support for assignment/unassignment of one or multiple users with different roles to/from a project by a PATCH request to projects/{id}

See attached screenshot

More space between lines will prevent overlapping

• [BE] Restrict the list projects API access to DevOps Admins with filtering
• [UI] Update the list projects UI to list all my Projects (as DevOps Admin)

• [BE] Restrict the edit project API access to DevOps Admin
• [UI] Update the edit project UI (as DevOps Admin)

When Admiral starts for first time, a default project should be created.

• Command to register with PSC and get the client id
• Configuration file with PSC settings (saved by the command and loaded at boot time)

Hi, after some searching and try i got a 3 node cluster running using the xenon documentation about running multi node xenon application.
I've saw that some of the xenon api/webservices (like the log display and node-groups) works correctly but i cannot access the default xenon ui at http://servername:8282/core/ui/default
I saw that in the docker version there's a xenon-ui jar file so I was thinking it should work.
Is the link to interface different, there's any option to enable to see the xenon UI or the UI is just disabled and cannot be used?

I also saw that the swagger UI get an error after trying to start:
http://servername:8282/discovery/swagger/ui/

• Projects
• Templates
• Resources

• [BE] & [UI] (tasks to be split)

• [BE] Restrict the list projects API access to Cloud Admins
• [UI] Create UI to list all the Projects

The current Project management UI is accessible only when editing Placements. It should be moved as an independent item into the left panel, providing the same tile view for the list of projects and the edition capabilities like, for example, the container details view.

• [BE] Restrict the list projects API access to Developers with filtering
• [UI] Update the list projects UI to list all the Projects I belong to (as Developer)

• [BE] Expose Lightwave API to search users
• [BE] Expose Lightwave API to search groups
• [BE] Restrict the create project API access to Cloud Admins
• [BE] Create API to list users and groups with the DevOps Admin/Developer roles within a Project
• [BE] Create API to add the DevOps Admin/Developer roles to users and groups within a Project
• [BE] Create API to remove the DevOps Admin/Developer roles from users and groups within a Project
• [UI] Create UI to enable the list/add/remove members operations within a Project (task to be split)

Kubernetes is a very popular container orchestration platform. Can you put a short comparison in the readme?

We have to implement the mapping between the projects and roles being added in Admiral and the built-in Xenon AuthX model.

• Investigate the manual approach of adding explicit authorization calls to the different services and methods (e.g. all the stuff needed to provision a container)
• Investigate the pseudo-manual approach of adding the proper Xenon auth entities and queries and rely Xenon auth model to handle the authorization checks for particular services and methods (e.g. all the stuff needed to provision a container)

It would be helpful to auto remove leading and trailing spaces in the 'username' field.

Build: 6157
Commit ID: dee2a8b

I did the following steps:

1. select add host (host has TLS enabled)
2. do NOT specify server CA or server certificate
3. click on Verify

After this the dialog to accept the unverified server certificate pops up on each click. This makes it difficult to step back and add the server CA or server certificate.

recreating a VCH (same IP) but different keys consistently result in this error, while adding the host to admiral.

The current Project management back-end relies on the photon model's resource groups service. That must be changed and rely on a new Xenon service with support for the basic CRUD operations for Projects.

The logs view does not parse the ANSI formatting codes (as in the attached example).

It would be great to have the option in the logs view to:

• dump raw text (as it does today)
• remove escape codes
• apply escape codes (colors)

Hi, I'm testing the usage of admiral and the first problem i got is to being able to use a proxy to access docker registry.
I've tried to start the container with the JAVA_OPTS configuring the proxy but it seems that it don't work correctly.
This is what I use to start Admiral:

XENON_OPTS="--sandbox=/opt/admiral/data"
JAVA_OPTS="-Dconfiguration.properties=/opt/admiral/etc/conf.properties -Dhttp.proxyHost=myproxyhost -Dhttp.proxyPort=80 -Dhttps.proxyHost=myproxyhost -Dhttps.proxyPort=80"
docker run -d -p 8282:8282 --name admiral -e XENON_OPTS="$XENON_OPTS" -e JAVA_OPTS="$JAVA_OPTS" -v /opt/admiral:/opt/admiral vmware/admiral

There's something I'm doing wrong?

Hi,

I installed Admiral in a test environment, as a Docker container.
The engine from where it's running is the one Admiral himself is managing. Here is the output of a docker ps :

$ docker ps
CONTAINER ID        IMAGE                                              COMMAND                  CREATED             STATUS              PORTS                    NAMES
b5d3126319f7        vmware/admiral_agent:0.5.0                         "/bin/bash /entrypoin"   2 hours ago         Up About an hour                             admiral_agent
a0d96bb4dff5        vmware/admiral                                     "/entrypoint.sh"         5 hours ago         Up About an hour    0.0.0.0:8282->8282/tcp   admiral

I got a registry behind an Apache reverse proxy.
Once added in the WebUI, with the following informations :
IP/Hostname : https://my.private.domain
Name : My private registry
And some login credentials (my registry is using v2 with jwt auth, thanks to the reverse proxy)

But when I try to create a container with a custom image from my registry, I got the following :

Service http://172.17.0.1:2375/v1.19/images/create?fromImage=my.private.domain:5000/myrepo/myimage:latest&__sshHostKey=null returned error 500 for POST. id 60061; Reason: Get https://my.private.domain:5000/v1/_ping: x509: certificate signed by unknown authority

I actually added my certificates to Admiral (in the WebUI, you provide a menu for this), and there aren't self-signed certificates.
I saw that he was trying to get from /v1/ uri.
Instead of just clicking on "provision" and let Admiral fail, I used the "Enter additional info" menu. Here, I note that the specified URL for the image wasn't exactly the one I provided :
qlf-sesi-registry.inria.fr:5000/myrepo/myimage

I never specified the 5000 port, because that can't work with my Apache reverse proxy which is in charge of some rewriting rules (I'm using the ruby open-source solution Portus with my registry to provide some users & permissions management)
Still in the "Enter additional info" pane, I replaced

qlf-sesi-registry.inria.fr:5000/myrepo/myimage

by

qlf-sesi-registry.inria.fr/myrepo/myimage

then I was able to create my container without any error ;)

Thanks for reading,
It4.

Version: 0.9.2

The container details view lists the ip address and the ports (in a clickable URL) of the container.
Like:

Address 10.64.243.226
Ports http://docker.mydc.cns.mydomain:8500:8500/tcp

for one of my consul containers. Here Admiral seems to conclude, that the consul container resides on the same host as the docker daemon (and is reachable via that ip address). But that is not true. I'm testing Admiral against my local Triton lab (and its docker api endpoint). I guess, that it should be the same issue with VIC, where the virtual docker host does not necessarily has the same ip as containers which are started by it. From the docker inspect output I cannot find where Admiral finds the above URL. I would suggest, it should just use the ip address it has already acquired from the docker inspect output for that URL. That would make it mor accurate.

Implement modal dialogs as suggested by the UX team for better alignment with Clarity.

I get the below error when I try to open terminal of a deployed container from the admiral UI

//
{
"message": "connection timed out: /192.168.1.252:4200",
"stackTrace": [
"io.netty.channel.nio.AbstractNioChannel$AbstractNioUnsafe$1.run(AbstractNioChannel.java:269)",
"io.netty.util.concurrent.PromiseTask$RunnableAdapter.call(PromiseTask.java:38)",
"io.netty.util.concurrent.ScheduledFutureTask.run(ScheduledFutureTask.java:120)",
"io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:339)",
"io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:374)",
"io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:742)",
"java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)",
"java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)",
"java.lang.Thread.run(Thread.java:745)"
],
"statusCode": 500,
"documentKind": "com:vmware:xenon:common:ServiceErrorResponse"
}
//

Hi,

I´m using a Photon OS full installation as the build host so Maven and OpenJDK are installed by default with supported versions - additionally requirements I haven´t seen so far.
Build currently (had another one until a few minutes ago which was fixed with 14f89bb) fails at admiral-ui-app:

[ERROR] Failed to execute goal com.github.eirslett:frontend-maven-plugin:0.0.29:npm (npm install) on project admiral-ui-app: Failed to run task: 'npm install' failed. (error code 1) -> [Help 1]

Attached you will find the npm-debug.log

npm-debug.log.txt

One of the last few lines states Not compatible with your operating system or architecture if that´s indeed the reason, is there a way to get it working with Photon OS?

Thanks

Cheers
Gregor

• [BE] Restrict the edit project API access to Cloud Admins
• [UI] Create UI to edit a Project and its members

Mock-up located here:
https://vmware.invisionapp.com/share/NFAF81QP6#/screens/218513682

Build: 6157
Commit ID: dee2a8b

I have added a VCH host to Admiral, I selected the VCH type. I then waited a couple of minutes and hit refresh for the VCH host. No stats about CPUs and Memory are shown. The output from docker info is:

Containers: 1
Running: 1
Paused: 0
Stopped: 0
Images: 1
Server Version: v0.8.0-0-8575c8c
Storage Driver: vSphere Integrated Containers v0.8.0-0-8575c8c Backend Engine
VolumeStores: default
vSphere Integrated Containers v0.8.0-0-8575c8c Backend Engine: RUNNING
VCH CPU limit: 65212 MHz
VCH memory limit: 80 GiB
VCH CPU usage: 236 MHz
VCH memory usage: 3.95 GiB
VMware Product: VMware vCenter Server
VMware OS: linux-x64
VMware OS version: 6.5.0
Plugins:
Volume:
Network: bridge
Swarm: inactive
Security Options:
Operating System: linux-x64
OSType: linux-x64
Architecture: x86_64
CPUs: 65212
Total Memory: 80 GiB
Name: vch-luca-dtls-1
ID: vSphere Integrated Containers
Docker Root Dir:
Debug Mode (client): false
Debug Mode (server): false
Registry: registry-1.docker.io

Build: 6131

Click on Admiral Help and it goes to:

https://ensemble.vmware.com/#/second-screen

This should be fixed when part of the VIC product.

typing 'status:ERROR' (no empty space after colon) does not work,
while 'status: ERROR' works

• Host
• Projects
• Placements
• Templates?
• Registries?
• Resources?

• [BE] & [UI] (tasks to be split)

The reason for a container to be in 'Error' status is not clear, neither from the container list view:

nor from the container details view

It would be helpful to indicate the reason to help the user troubleshooting the problem

• Projects
• Templates
• Resources

• [BE] & [UI] (tasks to be split)

Is there a way in admiral to specify the amount of containers in a cluster that should always be running. So if fe one container in the cluster fails, another one is provisioned automatically?