I wanted to write a quick post on creating a PhotonOS VM with the Docker remote API Enabled. I ran into an issue where I couldn’t add my PhotonOS docker host to Admiral since the API was not enabled and I found the follow post from Ryan Kelly on how to enable the remote API. I figured while I was writing this post, I would also run through the steps of deploying a new PhotonOS and configuring a static IP address.
First, Deploy the PhotonOS OVA. You can download the file from here.
Open the console and login with the credentials:
- user: root
- password: changeme
You will be required to change the password upon first login; once you are in run the following command to create a static IP configuration file. We are removing the default DHCP file as it will resort to using that file upon boot so we need to get rid of it if we aren’t using DHCP.
mv /etc/systemd/network/10-dhcp-en.network /etc/systemd/network/10-static-en.network
Edit the new file via your favorite text editor.
Place the following configuration in the file, specifying your IP, Gateway, DNS, and optionally domain.
[Match] Name=eth0 [Network] Address=172.16.10.28/24 Gateway=172.16.10.1 DNS=172.16.10.2 Domain=corp.local
Also, confirm that PermitRootLogin is yes in the configuration file /etc/ssh/sshd_config. In the past you had to change this file, but the new OVAs have allow by default. Reboot the VM and login in via SSH.
Run the following commands to stop docker and create a new file called docker in the directory listed.
systemctl stop docker vi /etc/default/docker
Add the following line to the docker file.
DOCKER_OPTS="-H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock"
Finally, run the last two commands. We will need to edit IP Tables to allow incoming connections on tcp 2375.
iptables -A INPUT -p tcp --dport 2375 -j ACCEPT systemctl start docker
To confirm the steps were completed successfully, run a test by opening a browser to http://IPofFQDN:2375/info should see docker info..
Note: When adding the host to Admiral, use HTTP not HTTP – This is insecure but it’s for lab purposes.