VMware just hit the next milestone of Project Photon: Photon OS Technology Preview 2 (TP2).  There are numerous enhancements, especially around deployment and management.  One welcome feature is support for guest OS customization in vSphere – now it is possible to deploy by cloning a VM template or from the new Content Library. DHCP as well as static IP addressing are supported, along with the expected guest naming capabilities.

In addition to that, Photon OS TP2 supports network booting via PXE, which can be scripted. Let’s take a look.

Network Installation

First, download the TP2 ISO from the link above and extract the contents in a convenient location.  Files will need to be copied to a few different destinations, depending on how you have your PXE boot server set up.

The boot files, as with other Linux distributions, are served up via tftp.  Place initrd.img and vmlinuz in a suitable subdirectory of tftpboot.

The RPM package repository (the “RPMS” directory on the ISO) must be served through HTTP, typically in a location resembling /var/www/html/photontp2-RPMS/.

After those files are in place, edit the PXE menu (e.g., pxelinux.cfg/default) to add an entry reflecting the locations in your environment:

From there you can install manually over the network after booting an empty VM.  The full installation should take less than a minute, it’s very small!

Scripted Installation

Once the manual PXE installation is working in your environment, it’s easy enough to automate the process.  Photon OS TP2 supports a simple scripted install, kind of like kickstart.  There are a few differences, though.  The most obvious is the format – instead of a plain text file, TP2 uses JSON.  This is easy enough to edit by hand, but would also facilitate automation in the future if necessary for your use case.

The scripted install file must also be served through HTTP, so place it on an accessible server in a location such as: /var/www/html/ks/photon_tp2_crypt.cfg.

There are sample configuration files included with the distribution and below you see the various elements that can be customized.

Photon OS TP2 scripted installation file

The file above should be fairly self-explanatory, but let’s walk through the highlights:

  • The root password can be specified in plain text or via encryption hash
  • Install type can be minimal (includes Docker) or full
  • Additional packages can be specified by adding elements to that JSON array
  • Post install allows running of a simple script at the conclusion – add a comma and more elements as needed
    • Note that in this sample I am using the systemctl command that enables the Docker service on boot
  • Public key is for SSH root login

Create another entry on your PXE menu that points to the installation script, like so:

Generating a Password Hash

There are several ways to generate a password hash and multiple algorithms are supported. In my environment, SHA-512 with a random salt worked great.  Either copy an existing hash from another system or generate a new one.  One easy way to do this is to use the mkpasswd command, found in the whois package on Ubuntu systems.  If you want an easy way to try it, this Docker container should do the trick:


Photon OS is a small, fast, container runtime that is optimized for VMware vSphere infrastructure.  Paravirtualized drivers and VMware Tools are included and make setup a snap.  Enhancements in TP2, such as guest OS customization, make Photon OS even more attractive for your container needs.  Network installation and automation are other great additions for operationalizing this open source element of your cloud-native infrastructure.


Tags: , , ,

Project Photon from VMware is a small-footprint Linux container runtime.  Technology Preview 1, released on April 20, shipped with Docker 1.5 – but with a few simple commands it is easy to update to Docker 1.6.  This is done with the Photon package manager, TDNF.  For those that were not aware, Yum is Dead and being replaced by DNF.  TDNF is a VMware innovation that offers DNF-compatible package management without a massive Python footprint.

All that is needed to move up to the latest Docker is to verify that the Photon repository is accessible, update the docker package, and restart appropriate components.

Prepare the Repository

Photon comes configured with several RPM repositories, one of which is the ISO image that can be handy when Internet connectivity is not available.  However, if your Photon instance does have access to the net, it is more convenient to use the online repositories than to mount an ISO.  Regardless, since the goal here is to get a package that has been updated since the ISO was created, Internet access is required.

Disable the ISO repository with the following command:

After that, update the metadata cache:

Update Docker with TDNF

First, verify that an updated version of Docker is available:

Then, run the update command:

If everything goes according to plan, this should be the experience:

Update Docker with TDNF

Restart the Docker Daemon

Photon uses systemd, so use the following commands to restart the docker daemon and complete the update:

Now your Photon instance is on the current Docker release.  Use the hello-world container to verify:


Docker 1.6 Hello World

Easy as that. The procedure described above should work for future releases, too.


Tags: , ,

Project Lightwave is an open source identity and access management platform from VMware. One of the many capabilities offered is authentication of SSH logins, eliminating the need to manage local user accounts on Photon container runtime instances.  This article walks through the basic steps required to enable this feature — please see the quick start guide for instructions on how to set up a Lightwave server and join a client to the domain.

Once configured, it is possible to ssh into Photon using Lightwave directory credentials and even use sudo to run privileged commands:

SSH into Photon with your Lightwave directory credentials

Photon Configuration

After the Lightwave components and dependencies are installed, run these commands:

Enable SUDO for the Lightwave Account

This is an optional step.  If you would like the user logging in via Lightwave credentials to be able to run privileged commands, add the account to sudoers by doing the following:

Use SSH to log in from another system

In order to log into the Photon instance, the the Lightwave account must be specified by using one of the following variations:

Run your containers

After logging in, docker containers can be executed as needed:


Project Lightwave has much more to offer, so please stay tuned for more information on technical capabilities and feature demos.  Also be sure to check out the vSphere blog for an overview of Photon and Lightwave.


Tags: , ,

Last month, VMware held a launch event for Cloud-Native Applications and announced two open source projects in support of this initiative.  Project Photon and Project Lightwave are infrastructure components focused on running and securing apps that leverage Linux containers.

Project Lightwave source code was just released on GitHub, but binary RPMs are also available and quite easy to install on a Photon instance if you would like to take it for a spin.  In this post you will see how to add the Lightwave repositories to Photon and perform the initial configuration for a server and client.

Environment Preparation

You will need to create two Photon VMs.  There are several options, ranging from VMware Fusion with Vagrant to vSphere to public clouds.  Ensure that each VM has a unique name.  If necessary, the hostname of a Photon instance can be changed by editing these files:

Update the hostname value stored in /etc/hostname by running:

Verify by using the ‘hostnamectl’ command after rebooting.

Configure RPM Repositories

Lightwave binary RPMs are available for download, use the following procedure to enable the repositories on both the server and client Photon instances.  Log in as root or use sudo -i before executing the commands below.

First disable the Photon ISO repo if it is not connected to prevent errors during subsequent procedures:

Note that you will need to edit some files.  This can be done using the installed ‘nano’ text editor, which is installed by default, or by adding the ‘vim’ package with the following command:

Paste the following script into the terminal window to create two new RPM repositories on Photon:

Run the following command to verify four repositories are enabled:


Install Lightwave Server Components

There are several dependencies needed for Lightwave but the tdnf package manager will take care of installation. The vmware-lightwave-server package is actually a meta-RPM that pulls everything down with a single command.  Packages can also be installed individually if something interferes with the simplified process.


The next step is to promote this first server to become a domain controller:

Ensure the process is successful as shown above.


Install Lightwave Client Components and Join Domain

The client components are also covered by a single meta-RPM called vmware-lightwave-clients.  Jump over to the client Photon instance and execute the following command:

After installing the packages, one last step is needed to join the domain created in the previous step:



Next Steps

It’s easy enough to stand up a prototype Lightwave domain, but there are many more capabilities beyond this simple deployment, such as adding additional servers to the domain in order to enable multi-master replication.

Up next we will walk through enabling SSH authentication to log into the client using domain credentials.  Stay tuned.

Tags: , ,

OpenStack is an incredibly popular technology these days, but contrary to popular belief it is not an alternative to VMware, nor is it the final solution to avoiding vendor lock-in — even if that may have been one of the early, albeit misguided, goals.  In fact, VMware is one of the top contributors to this open source project and the real appeal of OpenStack is the API that allows developers to build the type of modern, scale-out apps that have become popular on Amazon Web Services.

Since OpenStack is fundamentally an API for consuming cloud computing resources, the real question facing datacenter architects today is: what resources should be made available for consumption?  Thanks to efforts from VMware, along with other contributors, support for vSphere has substantially matured and is now a strong alternative to KVM, which was popular initially due to the open source nature of this project.

According to a recently-published performance study, an OpenStack infrastructure based on VMware technology is faster and less expensive than an equivalent stack built from Red Hat products, concluding:

  • VMware VSAN delivers 159% more IOPS than Red Hat Storage Server (GlusterFS)
  • A 16-node Cassandra NoSQL database performs 53% better on vSphere than on Red Hat KVM
  • The total cost of infrastructure hardware and software is 26% lower on VMware than on Red Hat

Thanks to the vSphere/VSAN hyper-converged infrastructure, there is no need to build dedicated clusters of shared storage like there is with GlusterFS.  Instead, shared storage functionality is provided by pooling disks and SSDs that are directly attached to hypervisor hosts.  This offers capacity and performance for a range of applications as well as flexible redundancy options — administrators can configure policies to accommodate one or more replicas of critical data across the cluster or even opt for no replication on non-essential workloads.

In addition to better performance at a lower cost, VMware also delivers a platform that is suitable for all workloads — not just design-for-fail cloud applications.  Applications running on a vSphere cluster benefit from VMware HA and DRS, reducing downtime and increasing performance as VMs are balanced according to shifting resource demands.  Don’t forget that the purpose-built ESXi hypervisor also has much broader guest operating system support and a smaller attack surface that translates into reduced host downtime for patching and maintenance.

Now you can give your developers the agile cloud API offered by OpenStack with the trusted reliability and proven performance of vSphere — the best virtual infrastructure for any application.

Tags: , , , , ,

« Older entries