Containerizing open-vm-tools - Part 2: Atomic CLI and Converting to a Systems Container

The content of the previous post discussed creating the open-vm-tools container’s Dockerfile and automating its started up via systemd with a unit file.

Open-vm-tools as a service might need to start before the docker runtime or even the network stack, this leads us to runc and system containers. If you’ve finished the first article you have a running open-vm-tools Docker container.

docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
5428906cd366        open-vm-tools         "/bin/sh -c /usr/bin/"   13 seconds ago      Up 7 seconds                            admiring_easley

Once you have a local running Docker container, you can import that container into a system container utilizing the atomic CLI. Alternatively, you can install the full container from a registry like; registry.access.redhat.com.  

atomic pull --storage=ostree docker:open-vm-tools
atomic install --system open-vm-tools
systemctl start open-vm-tools
# This will pull the container from a registry
atomic pull --storage ostree registry.access.redhat.com/rhel7/open-vm-tools
atomic install --system registry.access.redhat.com/rhel7/open-vm-tools
systemctl start open-vm-tools

This process creates a root filesystem under /var/lib/containers/atomic/open-vm-tools for the container’s use. The atomic command additionally creates the systemd unit file and enables the service for subsequent restarts.

runc list
ID              PID         STATUS      BUNDLE                                       CREATED
open-vm-tools   725         running     /var/lib/containers/atomic/open-vm-tools.0   2017-05-22T16:18:45.054839866Z

cat /etc/systemd/system/open-vm-tools.service 

[Unit]
Description=Service for virtual machines hosted on VMware
Documentation=http://github.com/vmware/open-vm-tools
ConditionVirtualization=vmware

[Service]
ExecStart=/bin/runc --systemd-cgroup run 'open-vm-tools'
ExecStop=/bin/runc --systemd-cgroup kill 'open-vm-tools'
WorkingDirectory=/var/lib/containers/atomic/open-vm-tools.0

[Install]
WantedBy=multi-user.target

The open-vm-t0ols vmware-toolbox can be accessed via a runc exec or docker exec as well. Create a wrapper with the command below. This allows vmware-toolbox-cmd and other open-vm-tools commands run from the atomic host without the need to exec into the running container. If you

# runc system container wrapper
echo 'runc exec -t open-vm-tools vmware-toolbox-cmd "$@"' > /usr/local/bin/vmware-toolbox-cmd
chmod +x/usr/local/bin/vmware-toolbox-cmd

# or Docker container
echo 'docker exec -t open-vm-tools vmware-toolbox-cmd "$@"' > /usr/local/bin/vmware-toolbox-cmd
chmod +x/usr/local/bin/vmware-toolbox-cmd
vmware-toolbox-cmd --version
10.0.5.52125 (build-3227872)

The concludes the second part of the containerizing open-vm-tools guide. Installing open-vm-tools as a container in atomic will extend its manageability and functionality on a VMware platform.