►
From YouTube: VMworld 2017 CNA2547BU - VMware vSphere Integrated Containers Deep Dive: Cool Hacks, Debugging,
Description
VMworld 2017 CNA2547BU - VMware vSphere Integrated Containers Deep Dive: Cool Hacks, Debugging,
A
Thank
you
so
much
for
coming
I'm
really
gratified
to
see
so
many
people
here.
That's
really
great
people
who
want
to
explore
Vick
and
explore
what
it
can
do.
I
promised
to
give
you
a
bunch
of
demos
today
and
that's
exactly
what
I'm
going
to
do
I'm
going
to
spend
most
of
my
time,
almost
all
of
my
time
in
the
live
demos.
So
I
don't
know
if
you
guys
saw
the
dot-com
thing
where
they
touched.
A
Some
horns
to
appease
the
demo
gods
I
have
no
no
such
no
such
way
of
appeasing
them,
but
I
will
be
talking
over
my
VPN
to
a
cluster
of
Mac
minis
running
ESX
and
vSphere
on
my
desk
in
San
Francisco,
we'll
see
how
that
goes.
Okay,
I
do
have
some
backups,
but
yeah.
We're
basically
was
gonna.
Spend
this
whole
time
in
demos.
A
The
kinds
of
things
that
it
can
do,
the
other
thing
I'm
gonna
be
doing-
is
previewing
Vic
1.2,
which
is
there's
a
release
candidate
out
and
it's
about
two
weeks
away
from
being
g8
or
GA
before
VMware
Barcelona,
or
maybe
a
PMO
bus
on
it
around
that
time.
So
giving
you
a
sneak
peek
of
what
we're
doing
while
we're
going
so
I'm,
actually
gonna
get
straight
out
of
the
presentation,
we'll
get
back
into
presentation
in
a
second.
So,
let's
just
start
by
looking
at
my
environment,
so
I
have
this.
A
Fortunately,
I
have
the
ability
to
zoom
I.
Have
this
cluster
of
Mac,
minis
and
I?
Have
the
Vic
OVA
installed
to
that
cluster?
Now
terms
of
storage,
I
have
v
s--
and
datastore
and
I
have
ice.
Cozy
data
still
we're
going
to
explore
this
a
little
bit
more
in
a
second,
but
that's
my
basic
cluster
and
what
I'm
gonna
do
is
I'm,
going
to
install
a
virtual
container
host
to
that
cluster.
Now,
I'm
gonna.
A
Do
it
and
then
tell
you
what
it
is
interesting
all
right,
so
I'm
gonna
take
Vic
machine,
which
is
our
way
of
installing
a
virtual
container
host.
Now
those
of
you
speak
machine
you'll
see,
there's
something
a
little
bit
different
about
what
I'm
doing
here,
taking
our
master
branch
and
I'm
gonna
install
a
configuration
than
calling
deaf
certs
and
then
I'm
gonna
call
create.
So
that's
now
going
to
go
off
and
run
Vic
machine
and
install
it
to
this
virtual
container
host
now
you'll
see
the
output
that
is
giving
here.
A
It's
basically
checking
the
firewall
status,
it's
checking
the
networks,
but
what
is
a
virtual
container
host
testing
that
I'm
installing
well
I
would
do
this
as
an
admin.
This
is
my
way
of
delegating
an
endpoint
for
a
tenant
to
use
into
my
VCO
cluster
that
they
can
consume
the
docker
client.
So
this
is
an
admin
tasks.
In
order
to
do
this,
I
need
vSphere
credentials
to
be
able
to
install
the
virtual
container
host
you'll,
see
in
the
background
here.
It
has
installed.
A
You'll
see
here,
deficit,
it's
running
a
VM
that
has
a
doctor
engine
in
it.
That
is
the
endpoint
that
I'm
going
to
connect
to
from
my
docker
client.
So
that's
now
installed
now
what
I'm
going
to
do
is
I'm
going
to
pull
two
images,
and
these
two
images
are
gonna,
take
a
little
while
to
pull
so
while
we're
doing
that,
and
then
it
we're
going
to
examine
a
few
more
things,
so
I'm
pulling
WordPress
and
I'm
pulling
my
sequel,
and
you
know
what
I
need
to
cancel
out
because
I'm
pulling
it
to
the
wrong
docker.
A
The
first
thing
I
need
to
do
having
installed
the
VCH
is
to
actually
point
my
docker
client
at
the
thing
that
I've
just
installed.
So
what
I
need
to
do
is
I
need
to
take
these
environment
variables
here
that
the
Vic
mean
told
me,
and
what
are
these
do?
But
these
are
basically
just
put
this
this
back
in
here
copy
that
there
we
go
so
these
environment
variables.
A
Do
three
things
they
setup
TLS
verification,
because,
as
an
admin
want
to
install
this
VCH
I
got
some
certificates
as
a
result
of
installing
a
TCH
or
I
use
my
own
certificates,
but
regardless
your
way
of
authenticating
as
a
tenant
to
this
virtual
container
host,
is
using
these
certificates
and
so
by
setting
these
environment
variables,
I've
basically
stole
docker
client
to
use.
Tls
verification
use
these
certificates,
and
this
is
what
I'm
going
to
point
the
dark
client
to.
So
what
am
I
doing
now?
A
I'm
pulling
down
WordPress
and
I'm,
pulling
down
in
my
sequel
from
docker
hub,
okay,
so
we're
starting
out
just
pulling
things
down
from
docker
hub
and
what
it's
doing
is
it's
extracting
these
images
out
to
a
data
store?
Now
remember
we
looked
at
the
data
stores
that
I
have
here
we
have,
as
I
mentioned,
we
have
a
v-sign
datastore
and
we
have
this
I
scuzzy
data
store
on
the
ice.
Cozy
data
store
is
running
on
an
Intel
nook
again,
it's
very
low
Phi
low
Phi
hardware
that
I'm
working
with
here.
A
A
That's
that's
on
a
bin,
a
portrait
of
each
type
or
group
as
an
admin
I
can
assign
pour
groups
to
you
as
a
tenant
to
connect
container
work
clothes
directly
to,
for
example,
so
there's
real
like
deep
integration
between
the
docker
experience
and
the
vSphere
experience,
and
we're
going
to
be
seeing
details
of
that
in
a
second.
Let
me
quickly
show
you
the
first
hack
and
I'm
going
to
go.
A
Let's
go
so
you
might
want
to
note
down
my
github
repository
is
Ben's
doings,
Corey,
B,
slash
Ben's
doings
and
a
lot
of
the
hacks
that
I'm
going
to
be
showing
you're.
Actually
in
this
kit
and
repository
the
one
that
I
just
showed
you,
which
was
which
was
which
looked
like
a
script
that
was
starting
Vic
machine
is
actually
a
thing
that
I
did
was
just
born
out
of
my
own
frustration
with
Vig
machine.
It
takes
a
lot
of
arguments
right
and
it's
kind
of
it's
it's
it.
A
I
specified
that
I'm
going
to
be
getting
to
the
outside
world
on
an
external
network.
Called
external
network
specified
that
I'm
going
to
allow
the
the
containers
to
connect
directly
to
this
external
network.
As
a
container
network
you'll
see
my
volume
stores
here,
I
have
a
volume
store
that
I've
labeled,
backed
up
encrypted
on
the
vfan
datastore
and
another
volume
store
on
my
ice
cozy
data
store.
So
there's
a
bunch
of
there's
a
bunch
of
useful
configuration
in
here
and
what
I
can
do
is
I
can
use
and
actually
that's
bundled
as
a
docker
image.
A
So
I
can
basically
install
Vic
machine
from
docker
using
that
little
strip
that
I
showed
you
and
it
just
makes
life
really
really
easy,
because
all
the
commands
create
delete,
inspect
debug
are
just
they're,
just
all
pars
out
of
that
manifest.
So
if
you
want
to
know
how
to
do
that,
Vic
machine
in
here
will
tell
you
all
about
how
to
do
it
now.
A
The
most
recent
addition
that
I
made
to
this
is
how
to
run
an
NFS
server
in
vic
to
actually
export
vSphere
volume
as
a
first-class
citizen,
but
that
is
also
readwrite
shared
storage.
Okay.
Now,
if
we
get
time
I'll
show
you
actually
deploy
that
and
show
you
how
to
do
that
at
the
end.
But
it's
worth
noting
that
that's
there,
the
reason
I
did.
That
is
because
one
of
the
new
capabilities
in
Vic
1.2
is
the
ability
to
mount
to
have
a
volume
store.
A
That's
an
NFS
mount,
so
you
can
actually
make
volumes
available
to
containers
as
shared
read/write
storage
from
an
NFS
share,
which
is
really
really
cool.
So,
let's
take
a
step
back,
let's
see
how
our
poly
coming
on.
Okay,
our
pool
is
completed
so
now
we
have,
we
have
a
my
sequel
and
we
have
so
if
we
type
docket
images.
So
these
two
images
now
and
all
the
layers,
those
images
are
on
that
data
store.
That
I
asked
them
to
download
to
then
not
in
Linux
they're,
not
using
you
know,
they're,
not
in
a
Linux
VM.
A
They
do
their
first-class
citizens
in
a
vSphere
data
store
and
what
I'm
going
to
do
now,
let's
say
I:
do
let's
create
a
couple
of
volumes?
So
if
I
go
back
to
my
no
that's,
not
what
I
wanted.
If
I
go
back
to
my
thing
here,
okay,
I'm
gonna,
create
two
volumes
and
I'll
show
you
what
what
they're
gonna
be.
A
So
the
first
volume
in
crating
is
on
my
visa
and
data
store
and
the
reason
that
I
that
you
can
tell
that
is
because
I've
selected
volume
store
equals
and
then
the
label
that
I
gave
it
which
is
backed
up
encrypted
and
then
the
second
volume
uncrating
is
on
the
default
data
store,
which
is
on
the
ice.
Cozy
data
store
now
again
remember:
I
am
the
tenant
and
I
don't
have
any
I'm
doing
this
without
any
vSphere
credentials.
A
I
am
creating
discs
on
data
stores
without
vSphere
credentials,
because
the
admin
has
pre
authorized
me
to
do
this
by
installing
the
VCH
right.
The
VCH
is
myself
provisioning
endpoint
that
I
that
I
as
a
tenant
can
get
access
to
via
the
certificates.
That
I
showed
you
earlier
on.
So
so
I've
created
two
volumes
now
I
created
my
database
data
volume
on
my
v-sign
datastore,
because
that's
really
really
important
to
me.
A
I
want
to
make
sure
that
that's
encrypted
I
want
to
make
sure
that
it's
replicated
and
I
want
to
have
the
option
to
back
it
up,
and
that
volume
is
a
first-class
citizen
on
Visa.
The
second
volume
I've
put
on
my
nice
cozy
datastore,
because
it
has
more
space
because
I've
decided
that's
where
it's
going
to
go
and
because
it
makes
for
a
demo.
So
the
next
thing
going
to
do
is
I'm.
Actually,
gonna
start
now.
I
keep
going
to
this,
and
it's
not
that
okay
I'm
gonna
start.
A
Oh
I'm
gonna
create
a
ducking
network,
so
doctor
Network
creates
DB
net
and
if
we
do
docker
Network
unless
you'll
see
you'll
see
it
in
the
doctor
networks
down
here.
Sorry,
the
people,
if
you
can't
see
because
it's
quite
low
you'll,
see
the
external
network,
which
is
the
port
group,
that
the
VC
admin
specified
is
now
available
as
a
docker
network.
So
I
can
connect
docker
work
clothes
directly
to
that
external
network
and
then
any
traffic
will
go
directly
through
the
v-neck
to
the
external
network
and
there's
no
there's
no
Nats.
A
There's
no
there's
no
port
mapping.
There's
no
translation,
there's
no
latency
there.
It
just
goes
directly
onto
that
network.
The
default
Bridge
network
is
also
a
port
group
and
then
this
DP
net
network
that
I've
created
is
like
a
network
within
that
pool
group.
It's
it's
not
strongly
isolated.
We
do
have
the
ability
to
do
that
with
NSX,
but
in
this
particular
case
I'm,
not
using
NSX.
A
So
it's
using
IPAM
segregation,
so
any
container
that
I
deploy
into
that
network
I've
created
I
can
reference
by
name
and
that's
that's
quite
a
convenient
thing
to
be
able
to
do.
But
the
architecture
I'm
going
for
here
is
I.
Want
my
database
to
be
on
a
private
network.
That's
not
accessible
from
the
outside
world
and
I
want
my
web
container
to
be
on
this
external
network
and
get
its
own
IP
address,
but
also
be
on
this
private
network
so
that
it
can
talk
to
the
database.
A
Okay,
it's
a
kind
of
classic
setup
where
you
know
you're
limiting
what
can
see
what's
available
to
the
outside
world,
so
I've
created
my
network
and
now
I'm
going
to
create
the
my
sequel
container.
Now
I've
used
some
environment
variables
here
that
I
set
earlier
on
in
my
in
my
shell,
just
just
to
make
sure
that
this
works
and
just
for
ease
of
use,
but
just
to
run
through
this
command
line
quickly.
We're
starting
this.
A
This
database
is
a
demon
we're
using
the
DB
net
network
that
I
mentioned
we're
mapping
the
DB
data
volume
on
V
SAN
into
the
container
at
Val,
live
my
sequel,
we're
setting
Verret
we're
setting
one
v
CPU
to
gig
around
various
passwords
and
and
that's
it
right
and
then
and
then
the
container
ID,
so
that
that's
now
started.
And
if
we
go
back
into
vSphere,
you
will
see
you
will
see
you
can
go
to
hosts
and
clusters
and
expand
this
out.
A
There
is
my
database
and,
if
I,
look
at
the
characteristics
of
my
database,
you'll
see
it's
on
that
debt
whole
group
that
we
specified
as
the
bridge
network
in
the
in
our
JSON
configuration.
So
it's
on
the
right
network.
It's
not
exposed
externally!
That's
good!
It's
also.
If
we
look
at
data
stores,
you'll
see
it's
connected
to
the
V
San
data
store,
as
well
as
the
I
scuzzy
data
store,
because
the
images
that
it's
running
from
Iran
the
I
scuzzy
data
store
the
volume
that
it's
writing
to
is
on
the
V
sound
data
store.
A
So
that's
why
it's
connected
to
those
two
things
so
I
hope
you're
getting
starting
to
get
the
the
impression
that
I
am
controlling
vSphere
from
my
daughter,
client
right.
That's
that's
the
whole
premise
of
what
I'm
doing
here
and,
of
course,
I'm
spinning
up
VMs
that
are
very
opinionated.
Alright,
these
VMs
behave
just
like
containers,
but
these
VMs
that
we're
starting
up
don't
have
docker
engine
in
them.
A
It's
not
that
we're
starting
up
a
VM
with
docker
in
and
they're
just
starting
a
single
container
we're
starting
the
VM
as
a
container
right,
we're
literally
just
booting
the
docker
image.
That's
what
we're
doing
so
database
is
running.
Let's
get
the
the
WordPress
running
now
you
can
do
this
using
docker
compose
by
the
way
and
if
I
have
time,
I'll
show
you
that
the
reason
I'm
not
doing
this
using
docker
compose
is
because
it's
it's
easier
to
talk
through
it
as
we
go
along.
A
So
what
have
I
done
here,
I've
created
my
web
container
I
haven't
started
it
though
the
reason
I
haven't
started.
It
is
because
in
docker,
if
you
want
to
put
a
container
on
multiple
networks,
you've
got
to
create
it
and
then
attach
it
to
the
network
and
then
start
it.
It's
kind
of
convoluted,
but
that's
just
the
way
the
docker
client
works.
So
next
I'm
going
to
do
is
I'm
going
to
connect
it
to
the
private
network,
so
it
can
talk
to
the
database
and
then
we're
going
to
start.
A
It
now
remember
I
mentioned
that
you
can
refer
to
containers
by
name
and
you
can
resolve
them
by
name
you'll
notice
here
in
this
command
line
for
the
web.
The
a
container,
if
I
can
find
that.
Where
is
it?
Where
is
it?
Where
is
it?
Where
is
it
somewhere
in
here
yeah?
No,
not
the
name
I'm
actually
referencing,
to
contain
an
a
the
DB
name.
A
It's
not
that
it's
DB
gosh!
Where
is
it?
No?
It
should
be
there
where.
Where
am
I
configuring?
Oh
yes,
here
it
is
WordPress
DB
host
equals
DB,
container
name,
okay,
so
I'm
setting
an
environment
variable
here,
there's
telling
WordPress
you
can
resolve
the
database
at
the
name
of
the
container
and
port
3306,
and
because
it's
on
this
network
it
can
do
that
resolution
because
that's
again
how
docker
works.
A
So
if
we
do
docker
PS
here
are
my
two
containers
running
okay,
so
the
docker
view
of
what's
going
on
is
a
completely
consistent
with
the
vSphere
view
of
what's
going
on
so
again
here
you
see
the
two
containers
we
have
web.
Now,
if
we
look
at
web
and
we
look
at
the
web
networks-
you'll
see
it's
on
external
network
as
well
as
being
on
the
dev
support
group,
which
is
exactly
what
we
wanted.
So
next
step
is
to
find
out
what
the
IP
address
of
this
thing
is.
A
So
I
can
type
docker
inspect
web,
which
is
what
we
called
our
web
container
you'll
see.
Then
you
see
the
names
on
the
right-hand
side
there
and
I'm
gonna,
just
grep
IPA
and
that's
going
to
show
me
the
IP,
addresses
and
you'll
see
it
has
two
IP
addresses
one
on
the
private
network,
one
on
the
external
network.
So
now
I
can
basically
take
this
IP
address
and
go
to
a
chrome
sticking
in
and
we
should
see
WordPress
there
we
go.
There's
WordPress,
okay.
So
it's
important
to
remember
what
I've
done
there
right.
A
I
have
basically
provisioned
a
database
and
WordPress
to
vSphere
in
five
minutes
right
and
it's
it's.
This
is
one
of
the
great
things
about
Vic
is
because
the
pulling
and
pushing
from
docker
image
registries
and
because
the
docker
image
format
is
so
so
pleasant
to
work
with
the
fact
that
we
can
now
deploy
VMs
using
the
docker
image
format,
which
is
basically
what
this
is
is
is
a
great
step
forward,
because
I
can
now
deploy
anything
from
Dhaka
VCA.
A
You
might
not
want
to
Thanks
and
we're
gonna
look
at
the
vulnerability
scanning
in
a
minute
that
we've
introduced
in
Vic
one
or
two,
but
that's
that's
the
basic
premise,
so
we're
gonna
leave
that
running
and
we're
gonna
switch
into
if
I
had
longer.
I
would
bring
up
veeam
and
show
you
how
we
could
back
up
those
those
disks
but
I'm
sure
you
can
imagine
how
you
could
see
the
data
service
and
data
store
and
back
those
disks
up.
A
So
all
of
the
users
and
the
roles
in
this
Vic
management
appliance
are
users
from
vSphere
and
you'll
see
I'm
logged
in
currently,
as
as
an
administrator,
you
know
using
that
same
single
sign-on
and
you'll,
see
if
you,
if
you've
seen
the
previous
version.
This
is
a
little
different.
We've
combined
the
registry
in
there
and
the
management
you
might
together.
A
You
know
our
back
to
have
Vanar
ability
scanning
all
the
various
features
that
you
get
with
this
built-in
registry
and
by
the
way,
this
is
also
deployed
to
V
Sam
right.
So
all
of
the
images
on
this
OVA
are
being
stored
on
a
VMDK.
That's
on
V
San,
which
again
is
a
candidate
for
replication,
backup
and
encryption.
A
So
what
I'm
gonna
do
is
I'm
going
to
create
a
new
project,
so
I'm
going
to
click
into
administration,
click
on
new
project
and
I'm,
going
to
call
this
VM
whoops,
no
I'm
gonna
call
this
VM
wild
2017
and
I'm
gonna.
Give
myself
pub
public
access
to
the
to
the
registry.
Now
now
that
I've
got
this
project,
I
need
to
configure
it
so
I'm
gonna,
add
a
user
and
I'm
gonna.
Add
myself
as
a
user,
so
be
curry
at
vSphere,
dot,
local.
That
is
my.
A
That
is
another
identity
that
I
put
into
vSphere
itself
when
I,
add
myself
as
an
administrator,
so
I
can
do
everything
for
this
project,
so
there
I
am
now
there's
a
few
other
options
we
have.
If
we
switch
over
to
configuration.
If
I
zoom
down
a
little
bit
you'll
see
the
new
vulnerability
scanning
feature.
I
can
automatically
scan
images
on
every
push
so
anytime,
I
push
a
doctor
image.
This
repository
and
we'll
see
see
that
working
I
can
I
can
scan
it
with
the
vulnerability
scanning.
You'll
see
also
this
content
trust
now
as
well.
A
So
we
have
notary
support,
so
you
can
make
sure
that
if
you
don't
you
can
you
can
set
it.
So
you
can
only
deploy
images
that
have
been
signed,
so
you
know
the
provenance.
So
these
are
some
useful
security
features
that
we've
introduced,
and
hopefully
we
can
now
switch.
This
project
know
the
n-well
2017
and,
let's
just
double,
check,
yep.
That's
right,
one
user,
it's
public!
Okay!
Everything
is
good,
so
the
very
first
thing
I'm
gonna
do
is
I'm
gonna
push
something
to
this
repository
now,
what
am
I
going
to
push?
Well
the
whole.
A
The
rest
of
my
demo,
at
least
as
much
as
we're
gonna
get
through,
is
showing
you
Jenkins
integration
with
Vic,
because,
partly
because
it's
Jenkins
world
at
the
moment
going
on
in
San
Francisco,
which
is
kind
of
kind
of
funny,
partly
because
it's
something
I've
been
meaning
to
do
for
a
long
time
and
partly
because
it
really
speaks
the
value
of
of
what
Vic
can
do.
Okay,
so
the
first
thing
I'm
going
to
do
is
take
the
Jenkins
container
from
docker
hub.
So
let's
go
into
a
different,
different
shell
here
now
this
should
be
yeah.
A
This
is
just
a
regular
docker
right
here
and
what
I'm
gonna
do
is
I'm
gonna,
do
docker
pull
Jenkins
slash,
Jenkins
:,
LTS
Alpine,
which
is
the
version
of
Jenkins
that
runs
on
Alpine.
Now,
I've
already
done
this
previously,
it's
already
in
my
image
cache.
So
what
I
want
to
do
is
I
want
to
push
this
to
my
to
my
right
to
my
registry
and
Vic,
and
why
do
I
want
to
do
that?
Well,
the
first
reason
I
want
to
do.
A
That
is
because
I
want
it
to
be
scan
for
vulnerabilities,
and
the
second
reason
is
because
I
don't
want
anyone
deploying
stuff
straight
either.
Docker
hub
I
want
to
make
sure
that
stuff
is,
is
scanned
and
in
a
private
registry
and
that
I've
blessed
those
images
so
that
you
can
deploy
them
as
and
when
you
want
to
so.
Let's,
let's,
let's
do
that
now
in
order
to
push
it,
we
need
to
tag
in.
So
if
we
go
to
the
the
repositories
thing
here
and
we
select
push
image,
it
helps
us.
A
It
tells
us
what
we
need
to
do
in
order
to
tag
it
to
push
this
image.
So
if
we
copy
this
and
go
back
here,
I'm
gonna
do
docker
it's
just
a
docker
tag.
Can
you
guys
see
this
okay?
Is
it
too
low
down?
Should
I
move
it
up
a
little
so
that
it's
a
better
docker
tag,
the
image
name,
which
is
okay?
That's
what
I'm
gonna
need
so
I'm
gonna
take
the
image
name
here.
A
It's
a
docker
tag
that
so
that's
the
thing
that
I
just
pulled
so
doc,
a
tag
that
and
then
I'm
gonna
call
this
new
image,
or
at
least
the
new
tag
for
it,
I'm
going
to
call
it
Jenkins,
LTS,
Alpine,
okay,
so
I've
now
tied
that
this
IP
address
is
the
IP
address
of
the
registry
VM.
Well,
2017
is
my
project
name,
so
that
makes
perfect
sense.
So
what
I'm
gonna
do
now
is
I'm
going
to
do
the
docker
push
and
push
that
to
the
registry.
So
Doka
push
now
I've
already
authenticated
with
this
registry.
A
We
have
information
online,
how
to
do
that.
That
would
have
just
been
too
painful
to
demo,
just
because
it's
just
you
know,
copying
keys
and
all
this
kind
of
stuff,
but
just
bear
in
mind.
I
skipped
over
that
I
anytime,
I
kind
of
skim
over
something
I
want
to
make
sure
you
at
least
know
I
skimmed
over
it
right.
So
now
it's
pushed
let's
go
and
have
a
look
and
see
what
it
tells
us.
A
So
if
we
refresh
this
okay,
there
is
vmworld
2017,
Jenkins
and
okay,
so
it's
scanned
it
for
vulnerabilities,
and
it's
shown
that
we
have.
We
have
a
high
high
vulnerability.
Okay,
so
Wow
I'm
gonna
do
with
that.
I'm
gonna
show
you
what
we
can
do
with
that
in
a
minute
while
Jenkins
is
deploying
so
I'm
going
to
come
back
to
that.
A
But
that's
really
helpful
information
for
me,
because,
if
I
click
on
this,
it's
basically
showing
me
that
the
the
Zed
Lib
library
in
Alpine,
in
this
particular
version
of
Alpine,
has
some
high
vulnerabilities
in
there
and
what
I
can
do
is
I.
Can
just
click
on
that
it'll.
Take
me
straight
to
the
web.
It'll
tell
me
all
about
the
vulnerability
all
about.
You
know
what.
Why
is
this
a
vulnerability?
What
are
the
problems?
A
Add
that
virtual
container
host
that
I
created
as
a
container
host
so
I'm
gonna,
add
it
in
here
so
I'm
gonna
call
it
test.
Pch,
it's
of
type
V,
CH
and
I'm
gonna.
Take
the
I
need
to
get
the
environment
variable
that
I
set
right
at
the
start,
which
is
the
docker
host
environment
variable
that,
basically,
is
the
address
of
the
endpoint.
A
That
I
meant
that
I've
been
talking
to
okay,
so
I'm
going
to
pass
that
in
there
and
then
they
need
to
specify
the
same
certificate
that
the
docker
client
was
using,
which
again
is
one
thing
that
I
did
ahead
of
time,
because
you
know
again
it's
just
kind
of
a
pain
to
do
so.
I'm
gonna
save
that
and
that's
gonna
now
appear
as
a
container
host
that
I
can
deploy
things
to
now.
It
will
take
a
second
just
to
just
to
tell
me
about
itself
but
yeah.
A
Now
it's
telling
me:
okay,
you've
you're
already
using
up
eight
gigabytes
of
memory
in
this
container
host
and
it's
not
doing
any
CPU.
Well,
that
is
the
the
WordPress
that
we're
already
running
in
there.
It's
picked
that
up,
and
it's
telling
us
that
that's
that's
already
running
so
now
we
can
talk
to
this
container
host
from
our
management
UI
and
we
can
deploy
things
to
it.
So
this
is
an
alternate.
This
is
an
alternate
way
to
deploy
things.
A
If
you
don't
like
using
the
command-line
personally,
I
prefer
the
command-line,
but
if
you
would
rather
do
it
graphically,
you
can
do
it
graphically
and
and-
and
this
is
how
you
do
it
okay.
So
this
is
just
an
alternative
way
to
achieve
the
same
goal.
So
if
we
go
to
public
repositories
and
we
type
in
vm
world
to
2017,
so
we
can
search
for
our
image
there.
A
It
is
okay,
VM,
well
27,
slash
2017,
slash,
Jenkins,
there's
my
image
so
I'm
going
to
provision
that
image
to
to
that
virtual
container
host,
so
I
should
be
able
to
find
my
tag,
which
is
LTS
Alpine.
That's
right!
There
now
I'm
going
to
go
through
and
just
configure
a
couple
of
things
in
fact,
I'm
going
to
save
it
as
a
template,
so
that
when
I
make
configuration,
changes,
I
can
go
back
to
them
and
they'll
still
be
there
and
and
and
I
can
just
keep
changing
it.
A
We'll
save
that
now,
if
I
have
not
forgotten
anything
which
I
hope
I
haven't
so
we've
got
Network
storage,
so
in
terms
of
storage,
Jenkins
is
just
going
to
create
a
default
anonymous
volume
for
the
purpose
of
this
demo.
We
don't
care
to
set
a
volume
necessarily,
but
again
it's
going
to
create
it
on
that
default
volume
store,
which
is
that
I
scuzzy
data
store.
A
So,
let's
save
that
and
let's
provision
that
so
now
this
is
gonna
cause
that
virtual
container
host
to
pull
down
that
Jenkins
LTS
image
from
this
private
registry
instead
of
pulling
it
down
from
docker
hub
and
that's
going
to
take
it
a
couple
of
minutes
and
while
it's
doing
that,
let's
talk
about
these
vulnerabilities
and
what
we
can
do
about
it.
So
if
we
go
to
go
back
to
our
registry,
let's
say
that
we
look
at
this
and
we
go
okay.
Well,
maybe
maybe
the
problem
here
is
Alpine.
A
A
This
is
Debian
based
so,
and
it
has
Java
in
it
has
a
various
other
things
in
it.
You
can
go
to
docker
hub
and
you
can
look
at
exactly
who
look
at
the
docker
file
and
you
can
look
at
exactly
what
is
in
this
image
and
what
it's
based
off
of,
but
actually
going
to
docker
hub
and
trying
to
trace
all
the
way
back
through
the
image
stack
is
really
painful.
It's
not
particularly
easy
to
do.
It's
not
particularly
easy
to
visualize.
A
So
one
of
the
nice
things
about
these
vulnerability
scanning
capabilities
and
by
the
way
this
is
built
off
the
claire
project
from
core
OS
one
of
the
nice
things
about
these.
Those
capabilities.
Is
you?
Don't
have
to
go
all
the
way
back
up
that
image.
You
can
the
vulnerability
scanning,
we'll
figure
it
out
for
you,
okay.
So
let's
refresh
this
now
now
you
see
we
have
two
tags
and
this
is
Jenkins
latest
Wow.
Okay,
that's
that's
even
worse,
all
right!
So
we
have
let's
just
order
these
by
severity.
A
We
have
eight
high
vulnerabilities
and
each
one
of
them
is
in
a
different
package:
chillip
C,
n
cursors
shadow
SQLite
like
and
so,
and
the
thing
that
surprised
me
about
this
honestly
when
I
was
preparing
this
demo
is
that
almost
none
of
these
are
actually
upgradeable
in
this
version
of
Debian
right.
You
actually
need
to
go
to
the
next
version
of
Debian
to
be
able
to
get
these
packages
to
be
able
to
get
these
packages
upgraded
and-
and
that
surprised
me
so
so
maybe
I
do
this
and
maybe
I
go
okay.
A
Maybe
maybe
Alpine
is
better
and
it's
interesting
because
Alpine
has
less
packages
in
it.
You'll
see
when
we,
when
we
scanned
it,
it
shows
overall
there's
less
packages
and
so
in
some
respects,
there's
an
argument
for
having
less
packages
in
terms
of
having
a
lower
attack,
surface
and
potentially
less
vulnerabilities
and
that's
an
interesting
perspective.
So
what
I'm
gonna
do
is
I'm
gonna
I'm
gonna
go
back
to
Alpine,
I'm
gonna
fix
the
vulnerabilities
in
Alpine,
and
then
we
can
all
cheer
and
feel
good
about
ourselves.
So
I'm
gonna
do
that
it
is
pretty
straightforward.
A
What
I'm
gonna
do
is
I'm
just
gonna
make
mugged
ear.
Temp.
Is
this
all
right?
My
dear
build
temp
alright
build
no,
not
build
tap
okay,
I'm
going
to
create
a
docker
file,
doc
file
and
I'm
gonna
do
from
Jenkins
Jenkins,
LTS
Alpine
and
the
thing
I'm
gonna
run
is
I'm,
gonna
run
a
PK
update
and
then
a
PK
upgrade,
and
only
because
I've
done
this
before
and
I
know
that
it
will
fail.
A
I
have
to
add
user'
routes
in
order
to
be
able
to
do
that,
because
in
the
Jenkins
image
Jenkins
is
the
default
user
and
then
I
need
to
set
the
user
back
to
Jenkins,
so
run
that
so
now
I
can
do
docker
build
dash,
T,
I'm
gonna
call
it
I'm
gonna.
Call
it
something
meaningful,
so
I'm,
just
gonna
copy
this
I'm
going
to
call
it
Jenkins,
LTS
Alpine
upgrade
raid,
okay
and
I
just
need
to
add
a
dot
to
tell
it
to
build
in
this
current
directory.
Okay,
he's
now
built
this
now
it.
A
This
was
actually
in
my
cache
from
having
done
it
before
so
you're,
not
gonna,
see
too
much
pretty
build
output,
but
trust
me.
It's
run
apk.
It's
done!
The
updates
done
the
upgrade
so
now
I'm
gonna
push
this
thing
that
I
just
built
to
my
registry,
okay
and
you'll
notice
that
pretty
much
all
of
it
already
exists
because
I've
built
it
off
the
previous
one.
It
didn't
have
to
push
everything
all
over
again.
A
It's
only
pushed
my
little
change
and
if
we
refresh
that
we
should
see
array
there,
we
go
I
have
the
completely
clean
Jenkins.
Now,
with
no
vulnerabilities
in
it,
this
completely
green
okay.
So,
hopefully
that's
helpful
illustration
of
from
an
admin
perspective,
not
only
why
having
a
private
registry
is
good
and
a
private
registry
that
I
can
control
and
I
can
control
access
to,
but
also
being
able
to
bless
images
and
making
sure
that
I'm
deploying
things
that
are
that
are
that
I'm
happy
with
right
and
that
I'm
comfortable
with
so
we
should.
A
We
go
back
to
containers,
okay,
praise
the
Lord,
our
Jenkins
container
is
running.
Everything
is
fine,
I
didn't
miss
configure
anything.
So
let's
have
a
look
and
see
what
we
can
do
with
this.
A
So
if
I
can
click
on
the
container-
and
it
will
show
me
some
information-
it
will
show
me
CPU
its
using
and
show
me
the
memory
its
using,
and
it
will
also
show
me
the
logs,
which
is
a
really
really
nice
feature
of
this
UI
so,
and
the
thing
I
actually
need
from
the
logs,
which
is
really
important
to
deploy
Jenkins
is
it
sets
up
a
temporary
admin
password
that
we're
gonna
need
as
soon
as
we
get
Jenkins
up?
So
what
is
the
address
for
Jenkins?
The
dress
is
basically
going
to
be
this.
A
A
So
let's
go
back
here
and
let's
copy
this
password,
because
that's
the
that's
what
it
needs
so
we'll
copy
the
administrator
password
in
here
and
hopefully
it'll
think
about
it
great
awesome.
So
now
we
can
go
ahead
and
install
the
suggested
plug-ins
for
Jenkins.
This
will
take.
It
doesn't
take
too
long.
It
takes
about
a
minute
or
so
our
Jenkins
has
a
lot
of
plugins
and
part
of
my
journey
with
configuring.
Jenkins
of
the
Vick
was
just
learning
that
there's
almost
more
plugins
around
docker
than
I
have
time
to
investigate.
A
So
what
I've
done
in
terms
of
this
particular
demo
is
I've
just
gone
with
the
default
cloudBees
plugin
that
they
have
I
also
haven't
yet
had
time
to
write
this
stuff
up.
But
in
a
week
or
two
I'm
hoping
to
write
up
some
list
work
I've
done
with
Jenkins
in
my
github,
so
that
you
can
go
and
see
and
and
experiment
with
it
and
play
with
it.
But
what
I'm
gonna
demo
in
Jenkins?
A
Obviously
we've
provisioned
Jenkins
in
Vik,
which
is
cool
but
I'm,
also
going
to
show
how
you
can
use
Vik
as
a
cloud
for
Jenkins
slaves.
So
you
basically
run
jobs
in
Jenkins
and
it
will
just
pick
off
container
VMs
using
a
virtual
container
host
to
run
jobs
on
those
container
VMS,
and
then
it
will
automatically
just
get
rid
of
them
again.
So
it
it
really
means
that
you
can
use
your
vSphere
compute
capacity
as
completely
ephemeral,
compute
very
much
in
a
kind
of
intensive
cloud
vein,
so
admin
admin
bypass
was
gonna,
be
admin.
A
My
full
name
is
admin,
and
my
email
address
is
admin
Abed,
calm?
Okay,
yes,
okay,
so
we
have
Jenkins
running
up.
You
start
using
Jenkins,
so
the
next
step
is
gonna
be
to
add
in
the
plug-in
that
I
want
so
I'm
gonna
go
to
manage
Jenkins
zoom
in
a
little
bit
again,
because
I
know
that
this
is
slightly
slightly
low
resolution
or
high
resolution
I
shaved,
your
eyes
on
the
resolution
so
hit
configure
Jenkins.
Here
we
go
so
actually.
No.
That
was
not
what
I
wanted
to
go
to.
A
I
wanted
to
go
to
manage
plugins
first,
so
I'm
gonna
go
and
look
for
the
docker.
Plugins
are
available
if
I
type
docker
here
and
select
this
docker
plug-in
and
I'm
gonna
install
without
restart.
So
it's
just
gonna
install
that
plug-in.
Now
that
plug-in
is
gonna.
Allow
me
to
basically
talk
to
docker,
as
if
it
were
an
iOS
API.
Basically,
that's
great!
That's
working!
So
that's
now
install!
A
So
if
we
go
back
here
to
our
manage
Jenkins
so
now,
I'm
going
to
now
configure
a
Vic
cloud
now,
what
I'm
actually
gonna
do
is
I'm
gonna
install
a
new
VCH
for
that
for
no
reason
other
than
you
may
well
want
this
to
be
a
you
know,
isolated
and
it
may
be
in
a
different
place,
may
be
using.
Cheaper
storage
may
be
using
whatever.
So.
A
In
this
particular
example,
I'm
gonna
run
a
VIP
machine,
I'm
gonna
run
version
1.1
to
1
dev
ESX,
which
is
going
to
install
this
to
a
single
ESX
host
rather
than
to
a
VCO
cluster
and
create,
and
that
didn't
work
because
I'm
in
the
wrong
directory.
Okay,
okay,
so
this
is
gonna,
do
exactly
what
you
just
saw,
but
this
is
just
installing
to
a
single
ESX
host
and
a
single
sxs
is
just
it.
Just
has
an
SSD
datastore,
it's
a
really
cheap
storage.
It's
it!
It's
fast!
It's
really
fast!
A
It's
it's
faster
than
the
shared
data
stores
are
because
there's
a
lot
less
in
the
way.
So,
let's
set
this
export
docker
host.
Ok!
So
this
is
our
docker
host
for
this
now
you'll
notice.
I
haven't
set
any
credentials
for
this.
That's
a
bit
naughty.
It
just
makes
it
simpler
for
now
so
I'm
connected
if
I
type
docker
info
by
the
way,
it'll
it'll
give
me
information
about
the
thing
that
I'm
connected
to.
But
this
isn't
running
on
my
my
until
nook,
that's
also
hosting
the
ice
cozy
free
now
server.
A
So
that's
that's
running
so
now
what
I'm
gonna
do
is
I'm
gonna.
Take
that
IP
address
actually,
while
I'm
doing
that
I'm
just
gonna
do
docker
pull
varga
Jenkins
slave.
Now
this
image
is
an
image
on
docker
hub
and
it's
very
basic.
It
has
SSH
into
unit
it
has
Java
in
it.
It
operates
as
a
Jenkins
slave.
It's
just
nice
to
know
that
Vic
will
just
run
this
just
straight
out
of
docker
hub
and
it
just
does
the
right
thing.
A
A
So
the
configuration
in
Jenkins
that
I
need
to
do
is
come
all
the
way
down
the
bottom
here
and
you
see,
add
a
new
cloud
down
the
bottom
there
and
it
gives
me
the
option
to
add
a
docker
cloud
now
what
a
cloud
mean
in
this
context
will
cloud,
basically
it's
just
I
as
API,
so
means
of
spinning
up
slaves
right
in
this
case.
If
you
installed
regular
docker,
it
would
spin
up
slaves
as
containers
within
within
a
single
with
Vic.
A
What
it's
going
to
do
is
it's
going
to
spin
up
at
each
slave
as
a
vm
so
to
the
name.
I'm
gonna
put
test
VCH.
The
dr.
URL
is
the
thing
that
we
just
saw,
which
I
think
I
copied
yep
now
I
need
to
just
remove
that
and
type
a
TCP
okay.
So
that's
the
docker
URL
that
we
didn't
set
any
credential,
so
there's
no
credentials
to
set
and
now
I
can
test
the
connection
to
that
VCH
and
it
should
yeah.
We
go
it's
good.
We
have
a
connection
version,
one
at
one-to-one,
API
version
185.
A
So
what
am
I
gonna
do
now
well
well,
in
this
cloud.
I
can
now
basically
add
things
called
templates
and
a
template
basically
is
a
means
of
having
different
kinds
of
docker
image
for
different
kinds
of
builds
or
tests
or
jobs
right
so
I'm
gonna.
Actually,
if
we
get
to
it,
I'm
gonna
add
two,
but
for
now
we're
just
gonna,
keep
it
to
one
I'm.
Gonna,
add
in
that
evaru
slash
Jenkins
slave,
which
is
the
name
of
the
doctor
image
that
I
want.
There's
no
funky
settings
that
I
need
to
add
to
that.
A
A
A
So
again,
remember
this
is
Jenkins
controlling
vSphere
to
spin
up
VM
to
do
to
do
build
jobs
and
it
will
just
control
the
scheduling
of
those
VMs
as
it
feels
it
needs
to
number
of
executors.
Let's
say
5,
because
that
means
you
know
we
can
actually
run.
5
builds
in
this
in
this
VM
or
5
things
in
this
VM
and
we
need
to
add
credentials.
We
need
to
add
some
credentials
to
be
able
to
log
into
this,
because
it's
using
SSH
as
the
launcher.
A
So
if
we
add
some
credentials,
the
varga
image
uses
Jenkins
Jenkins
this
imaginative
okay.
So
we
should
be
good
now.
So
we've
added
in
this
this
this
these
details.
So,
let's
save
that
okay,
we've
added
in
the
details-
and
hopefully
this
is
gonna
work
now
what
I'm
gonna
do
is
actually
gonna
go
and
run
this
manually
in
this
VCH.
Just
so
you
can
see
how
it
works.
We
do
docket
images,
that's
not
the
right
window!
A
Sorry,
though,
about
that
so
docker
images
there,
you
see
a
varga
Jenkins
slave,
let's
just
run
that
so
docker
run
D
and
then
P.
Let's
give
it
seven,
seven,
seven,
seven
as
a
port
and
I'm
gonna
map
it
to
port
22,
but
as
we're
talking
to
it
over
SSH
and
so
Eve
fogger
Jenkins
slave,
and
that
should
be
everything
that
I
need.
Okay,
so
I'm
gonna
run
that
so
that
should
be
running
okay,
so
docker
PS.
A
We
see
it
running
with
the
ports
now,
if
I
do
docker,
if
I
do
SSH
Jenkins
at
and
then
this
IP
address
and
then
P,
seven,
seven,
seven,
seven
good
good!
That's
what
I
wanted
so
I
verified
that
I
can
actually
SSH
into
this
thing,
which
is
what
this
is.
What
Jenkins
is
gonna?
Do
it's
going
to
SSH
into
this
with
those
credentials
use
Java
to
set
up
it's
it's
its
agent,
the
agents
going
to
talk
back
to
Jenkins
and
it's
gonna
work
that
way.
A
So
let's
do
docker
stop.
Let's
just
stop
this
one
docker
stopped
to
BB
and
what
did
I
get
wrong?
There's
two
BD!
Okay,
that's
just
the
first
three
of
the
container
ID
by
the
way
in
case
you
wonder
what
that
is,
you
can
you
can
you
can
shorten
it,
which
is
useful,
so
let's
create
a
new
Jenkins
job.
So,
let's
click
on
create
new
jobs.
Let's
create
the
freestyle
project,
we're
gonna,
call
it
a
HelloWorld
of
course.
Of
course,
every
container
demo
is
always
hello
world
right.
It's
it's,
never
anything
more
complex
than
that.
A
So
what
I'm
gonna
do
is
I'm.
Gonna,
basically
say
run
this
job
on
any
any
node
with
the
label-
shell,
which
is
what
we
put
in
earlier,
and
it
is
telling
us
labeled.
Shell
is
serviced
by
no
nodes
in
one
cloud,
which
is
good.
It's
recognized
that
and
then
down
here,
I'm
gonna,
add
a
build
step
and
I'm.
Just
gonna
do
execute
shell
and,
in
my
in
the
command
I'm
just
gonna
put
echo
hello,
VM
world
okay,
so
it's
pretty
trivial,
save
that
I
now
have
a
job.
A
So
if
we
go
back
to
our
window
here
and
if
we
do
docker
PS,
yes,
you
see
it
started
to
slave,
so
there's
a
slave
running,
and
now
what
it's
doing
is
its
SS
inching
into
that
slave
is
installing
its
agent,
which
is
Java
agent
and
as
soon
as
it's
done
that
we
should
see
it
appear
as
an
executor
in
Jenkins.
Now,
while
we're
waiting
for
that
here's
another
cool
thing,
you
can
do
with
Vick
in
1.2,
we
introduced
the
ability
to
do
docker,
exec
and
docker
CP
and
dr.
A
exec
with
it
being
interactive
as
well,
and
this
is
huge
for
VMs.
Let
me
explain
why,
when
you,
when
you
run
a
container,
a
container
should
just
be
one
thing
right:
it
should
be
Jenkins
or
it
should
be
WordPress
whatever
it
is
whatever
it
is,
that
you're
running
it
should
be
one
thing
now.
Let's
say
you
want
to
get
a
shell
into
that
container.
You
shouldn't
have
to
put
sshd
in
that
Jenkins
container,
because
that's
such
a
mixing
of
you
know
it's
it's
it's
it's
not
what
it's
for
right.
That
should
be
an
infrastructure
capability.
A
Let's
say
you
want
to
have
an
NFS
mount
in
that
container
again,
you
shouldn't
have
to
have
the
NFS
client
libraries
loaded
in
that
container
in
order
to
have
an
NFS
map,
which
is
why
we
have
this
n,
effective
volume
support.
These
things
are,
should
be
at
a
layer
below
and
should
be
made
available
to
the
Container
without
needing
those
other
capabilities.
A
So
what
this
means
is
I
can
type
Dakka,
Dakka,
exec,
IT
and
then
the
container
ID
and
then
slash
bin
slash,
bash
I,
installed
version
1.1
dot,
one
that
doesn't
have
exec
support
in
it.
At
least
it
gave
me
a
helpful
message.
What
we'll
do
is
we
will
go
back
to
our
other
version,
which
is
1.2
and
we'll
do
the
same
thing:
docker
PS!
A
So
here's
this
list,
let's
just
get
a
shell
in
tor
Jenkins.
So
if
we
do
docker
exec
IT
and
then
the
idea
of
our
Jenkins
and
then
slash
bin
slash
bash,
yes,
ok!
So
what
we've
done
is
from
the
docker
clients.
We've
now
got
a
shell
into
this
VM
without
sshd
being
in
that
right,
which
is
really
really
cool,
and
it's
not
it's
not
just
the
shell
capability.
I
could
basically
run
it
without
the
shell
and
I
could
just
run.
A
I
could
just
run
PS
EF,
for
example,
and
just
see
what's
running
so
psdf,
and
it
will
run
that
and
give
me
the
output
right.
So
this
is
really
really
useful
because
you've
never
been
able
to
do
this
to
the
VM
and
because
docker
is
like
opinionated
and
gives
us
these
capabilities.
We've
been
able
to
do
that,
the
same
for
docker
CP.
So
again,
if
you
want
to
copy
data
in
and
out
of
a
VM,
do
you
want
to
have
you
know?
An
SCP
capability
is
tilde
there
for
security
reasons.
A
Maybe
you
don't,
but
also
as
I
say,
for
you
know,
for
other
reasons,
you
may
not
want
to
have
that.
So
now
we
can
copy
stuff
in
and
out
of
the
container
without
needing
to
of
sshd
in
there
without
even
to
have
SCP.
We
can
do
the
same
trick.
So,
let's
get
back
and
look
at
how
this
is
this
clearly
hasn't
hasn't
worked,
and
this
is
this
is
the
one
yeah
it's
still
waiting
for
her
for
an
executor.
I've
almost
certainly
configured
something
badly.
A
Let's,
let's
go
debug
this
so
because
we
do
have
a
few
minutes
left
and
if
I
really
can't
debug,
this
will
will
switch
over
to
looking
at
the
NFS
thing,
but
I'm
determined
to
make
this
work.
So
if
we
look
at
no,
it's
interesting,
that's
it's
actually!
No!
This
is
the
wrong
window.
Giacobbe,
yes,
okay!
This
is
the
slave
that
it
started.
Let's
just
double
check
that
we
can
as
a
section
to
this
slave,
because
I
was
seeing
some
weird
Network
glitches
when
I
was
practicing
this
that
I
couldn't
explain.
A
A
A
A
Andry
pull
it
well
this
this
will
pull
it.
We
don't
need
to
pull
it
explicitly.
This
will
this.
Will
this
will
pull
it
anyway.
So,
let's
stop
that?
Let's
go
back
here!
Let's
go
back
here!
Okay,
so
that's
stopped!
So
let's
let
now
this
is
running
again!
It's
the
same
IP
address,
so
we
don't
have
to
change
a
thing.
Okay,
let's
try
rerunning
this,
so
this
Jenkins
will
now
pull
that
image.
It
will
run
the
image.
A
A
A
It's
here,
I
called
it
backed
up
encrypted
now
I
could
find
that
out
from
typing
docket
info,
but
I'm
already
in
the
middle
of
typing,
so
volume
store
equals,
backed
up
encrypted
and
then
I'm
gonna
just
do
opt
capacity,
equals
five
G,
so
I'm
creating
a
fire.
What's
wrong
with
that,
I
didn't
give
it
a
name.
Dokka
volume
create,
let's
call
it
NFS
vol,
and
what
I
did
to
get
wrong
there
dark
rate
oops
I'm
iam
store?
Would
they
get
wrong
there?
It
doesn't.
A
A
What
did
I
get
wrong?
Oh,
oh
sorry,
opt
yeah,
you're,
right,
hurray.
Okay,
thank
you
for
helping
me.
So
I've
now
created
a
5
gigabyte
disk
on
the
Visan
datastore.
That's
what
I've
just
done
right
so
dhoka,
dhoka
volume
LS
will
show
me
that
and
in
fact,
I
can
see
the
volumes
in
here
as
well.
If
I
go
to
here
and
to
click
on
networks,
volumes
I
see
the
volumes
in
here
as
well.
Okay
I
need
to
refresh
this,
but
the
volume
should
show
up
in
there.
A
It
should
show
up
in
there.
It
will
eventually
show
up
in
there
all
right,
so
I
have
my
inner
festival.
So
I'm
gonna
go
back
to
my
go
back
to
my
my
my
github
page
and
I'm,
going
to
show
you
how
simple
it
is
to
run
this
NFS
server.
So
if
we
and
what
I'm
going
to
do
is
I'm
going
to
use
this
version
of
the
command
here
and
if
we
cut
and
paste
that
in
so
let's
just
make
sure
this
is
right,
so
docker
run
we're
going
to
run
it
as
a
daemon.
A
Another
feature
in
vSphere
1.2
is
we
have
a
firewall
configuration
on
the
container
networks,
so
you
have
to
explicitly
open
ports
on
the
container
networks
in
order
to
be
able
to
to
to
have
to
have
invisible,
there's
other
ways
we
can
configure
that
firewall
and
then
I
basically
told
the
container
that
the
folder
I
wanna
export
is
stash
NFS
mount
session
fs4,
and
this
is
the
name
of
the
image.
So
let's
run
that
it's
gonna
have
to
pull
that
down
from
from
docker
hub.
A
While
it's
doing
that,
let's
go
back
to
Jenkins
and
see
if
we've
had
more
joy
with
this,
yes
well,
okay,
it
appears
to
have
created
it
peers
to
create
an
agent,
but
the
agent
is
offline
for
some
reason
see
log
for
more
details.
Yes,
it
just
couldn't
login,
that's
odd!
That's
really!
Frustrating
I
there'll
be
a
video
of
this
and
in
the
video
this
will
work
and
to
be
fair,
this
has
gone
pretty
well
so
far.
A
A
A
So
you
can
get
Vic
to
deploy
a
regular
docker
host
as
a
container,
and
then
you
can
have
that
do
docker
builds,
so
you
can
basically
have
this
cloud
of
VMS
that
have
docker
running
in
them
that
you
can
use
to
create
images
and
and
the
final
sort
of
dennou
more
at
the
end
of
the
you
know,
what
will
be
the
video
will
be
this
kind
of
a
full
workflow
of
build
test,
deploy
where
we're
using
nested
docker
to
build
we're
using.
You
know
we're
using
Vic
to
test
and
then
we're
deploying
it
to
Vic.
A
A
A
What
I'm
gonna
do
is
delete
that
and
what
I'm
gonna
do
is
I'm.
This
NFS
share
that
I've
just
created
I'm
gonna,
add
as
a
volume
store
to
this
new
VCH,
so
that
I
can
then
create
volumes
for
containers
on
that
NFS
share.
So
what
I
need
to
do
is
I
need
to
edit
the
configuration
for
this.
So
if
we'd
get
going
to
dev
such
ESX
and
config'
you'll
see
this
is
my
config
for
my
ESX
VCH.
A
So
what
I'm
going
to
do
is
I'm
going
to
add
in
a
volume
still
here
and
the
volume
stir
I'm
gonna
add
in
is
at
you
know,
and
I'm
gonna
cheat
a
little
bit
and
just
cut
and
paste
out
of
here,
because
this
is
gonna
be
way
way
easier.
So
because
I
tell
you
how
to
do
it
in
here,
and
so
often
I
refer
to
my
own
documentation
for
reminding
myself
how
to
do
things
so
yeah.
It's
that's
right!
Okay,
so
I'm
going
to
copy
this
out
of
here
and
I'm
gonna
put
it
into
here.
A
So
this
is
how
we
refer
to
an
NFS
volume
store.
So
we
basically
have
the
IP
address
of
the
NFS
server
the
amount
point,
and
then
user
ID
group,
ID
and
the
actual
label
for
that
volume
store
that
it's
gonna
that
it's
going
to
be
exposed
as
in
the
VCH,
so
I
need
to
make
sure
this
IP
address
is
right
because
it
almost
certainly
won't
be.
So
if
we
do
docker
PS
you'll
see
my
NFS
server.
Is
this
container
here
0
9
B,
so
they
do
docker
in
docker,
inspect
0
9b
grep
IPA.
A
A
Let's
just
double
check,
I
called
it.
The
mount
was
called
MNT
NFS
of
all
and
that's
what
it
said
to
Amenti
NFS
fault.
Ok,
this
should
work.
So
let's
do
Vic
machine
now.
We
need
to
use
the
latest
version,
because
that
has
the
support
for
this.
In
so
master
dev
ESX
create
I.
Don't
need
to
be
in
this
folder
here,
ok,
so
this
is
now
creating
a
new
virtual
container
host
that
is
going
to
have
that
NFS
share
as
a
volume
store
now.
A
Another
feature
introduced
in
Vic
1.2
is
the
ability
to
reconfigure
a
virtual
container
after
it's
been
deployed,
resetting
passwords,
creating
new
volume
stores
making
what
vacations,
so
you
don't
have
to
just
you
know,
have
to
uninstall.
It
me
install
it.
You
can
reconfigure
it
to
do
that
and
actually
a
cool
trick
is
you
can
use
reconfigure
to
expose
expose
an
officiate
as
a
volume
store
in
the
same
VCH,
which
is
actually
kind
of
anything
to
be
able
to
do
so.
Let's
do
docker
info.
We
should
see
the
volume
store
in
here.
A
We
do
volume
stores
you
see
here
default
and
NFS
store.
So
the
last
thing
I
want
to
show
you
is,
or
what
can
I
do
with
this
now?
So,
if
I
do
docker
volume
create
NFS
one
and
opt
volumes
store,
I
got
this
root.
I'm
doing
this
is
wrong
again
right,
it's
got
to
be
opt
first,
docker
create
opt
volume,
store,
equals,
NFS
store
and
then
I'm
gonna
call
it
NFS
share
one
excellent,
so
I
now
have
a
new
volume
for
do.
Docker
by
do
docker
volume,
LS
I
should
see
NFS
share
one
in
there.
A
D
yeah:
let's
do
docker,
run
D
Debian
and
then
I'm
gonna
run
sleep
in
this.
Just
just
get
it
to
sleep,
just
that
it
sort
of
runs.
I'm
gonna
mount
the
volume,
so
V
NFS
share
one
I'm
gonna
mount
it
to
slash
data
that
needs
that
there,
so
that
should
work
okay.
So
it's
gonna
pull
W
down,
because
this
is
a
new
VCH.
We
deleted
the
image
cache
when
we
deleted
it.
A
So
now,
I
have
Debian
my
one
minute
away
from
the
end
of
the
talk,
so
this
this
should
be
just
the
right
amount
of
time.
So
now
that's
running
and
I'm
gonna
run
a
second
one,
exactly
the
same,
which
should
run
pretty
fast.
There
we
go
so
there's
the
two
new
VMs
running
with
this
NFS
share
mounted
slash
data.
So
if
we
do
docker
PS
we'll
see
them
there.
A
A
Alright,
I'm
bang
on
time,
I'm
really
glad
that
I
got
through
as
much
as
I
was
able
to
thank
you
for
sticking
with
me
as
I,
say,
I
promise
to
make
a
video
this,
so
you
can
examine
it
in
more
detail
and
put
that
online.
Yeah
I
hope
this
was
informative
and
enjoyable
and
do
come
and
chat
to
me
afterwards.
Thank
you.