Debugging Virtual Container Host Deployment
If you experience problems when deploying virtual container hosts (VCHs), you can specify additional
vic-machine create options to help you to debug the deployment. You can also configure a VCH so that it sends its logs to an external syslog endpoint.
Deploy the VCH with more verbose levels of logging, and optionally modify the behavior of
vic-machine for troubleshooting purposes. Specifying the
--debug option increases the verbosity of the logging for all aspects of VCH operation, not just deployment. For example, by setting the
--debug option, you increase the verbosity of the logging for VCH initialization, VCH services, container VM initialization, and so on. If not specified, the
--debug value is set to 0 and verbose logging is disabled.
NOTE: Do not confuse the
vic-machine create --debug option with the
vic-machine debug command, that enables access to the VCH endpoint VM. For information about
vic-machine debug, see Debugging the VCH.
When you specify
vic-machine create --debug, you set a debugging level of 1, 2, or 3. Setting
--debug to 2 or 3 changes the behavior of
vic-machine create as well as increasing the level of verbosity of the logs:
--debug 1Provides verbosity in the logs, with no other changes to
vic-machinebehavior. This is the default setting.
--debug 2Exposes servers on more interfaces, launches
pprofin container VMs.
--debug 3Disables recovery logic and logs sensitive data. Disables the restart of failed components and prevents container VMs from shutting down. Logs environment details for user application, and collects application output in the log bundle.
Additionally, deploying a VCH with a
--debug 3 enables SSH access to the VCH endpoint VM console by default, with a root password of
password, without requiring you to run the
vic-machine debug command. This functionality enables you to perform targeted interactive diagnostics in environments in which a VCH endpoint VM failure occurs consistently and in a fashion that prevents
vic-machine debug from functioning.
IMPORTANT: There is no provision for persistently changing the default root password. Only use this configuration for debugging in a secured environment.
vic-machine create to ignore warnings and non-fatal errors and continue with the deployment of a VCH. Errors such as an incorrect compute resource still cause the deployment to fail.
CAUTION: Specifying the
--force option bypasses safety checks, including certificate thumbprint verification. Using
--force in this way can expose VCHs to the risk of man-in-the-middle attacks, in which attackers can learn vSphere credentials. Using
--force can result in unexpected deployment topologies that would otherwise fail with an error. Do not use
--force in production environments.
Short name: none
The timeout period for uploading the vSphere Integrated Containers Engine files and ISOs to the ESXi host, and for powering on the VCH. Specify a value in the format
XmYs if the default timeout of 3m0s is insufficient.
Short name: None
Configure a VCH so that it sends the logs in the
/var/log/vic folder on the VCH endpoint VM to a syslog endpoint that is not located in the VCH. The VCH also sends container logs to the same syslog endpoint.
You specify the address and port of the syslog endpoint in the
--syslog-address option. You must also specify whether the transport protocol is UDP or TCP. If you do not specify a port, the default port is 514.
This example deploys a VCH with the following configuration:
- Specifies the user name, password, image store, cluster, bridge network, and name for the VCH.
- Secures connections to the Docker API with an automatically generated server certificate, without client certificate verification, by setting
- Sets the deployment debugging level to 3.
- Bypasses certain checks and errors by setting the
- Increases the timeout for
vic-machine createoperations to 15 minutes.
- Sends logs to an external syslog endpoint.
vic-machine-operating_system create --target 'Administrator@vsphere.local':password@vcenter_server_address/dc1 --compute-resource cluster1 --image-store datastore1 --bridge-network vch1-bridge --name vch_registry --thumbprint vcenter_server_certificate_thumbprint --no-tlsverify --debug 3 --force --timeout 15m0s --syslog-address tcp://syslog_host_address