How to Enable Remote Management for Docker in VMware Photon

It’s an exciting news that VMware got into container business with the release of Photon. The Photon project is not container engine like Docker and Rocket, but more like the CentOS which is a bare minimum version of Linux. The idea is exactly the same as that of the ESXi – the less it does, the more secure a hypervisor or OS is. Sometimes it’s true for people in certain companies and organizations too. :) It’s a culture thing that is beyond this article.

Anyway, I decided to give it a try. By following the “Using Project Photon on VMware Fusion/Workstation”, I found the installation process was quite easy, straight-forward, and fast. Before I realized, the installation was done.

Bothered by SLOW Web UI to manage vSphere? Want to manage ALL your VMware vCenters, AWS, Azure, Openstack, container behind a SINGLE pane of glass? Want to search, analyze, report, visualize VMs, hosts, networks, datastores, events as easily as Google the Web? Find out more about vSearch 3.0: the search engine for all your private and public clouds.

Thumbs up to the authors of the above document! A big difference for it to stand out from normal or traditional VMware documents is that it has many screen shots. When I was working at VMware years ago, I was told that it’s a policy that no screen shot should be included in any tech doc. No one could explain why it should be the case, but still it was a policy. Glad that positive changes started to happen at VMware.

OK, let’s get back to our main topic.

By default the Docker is included in the full installation, but it’s not turned on. It’s not hard to turn it on and make it persistent across system reboot. Arguably, it should be the other way around: enable Docker by default, and allows easy disabling Docker if needed. My guess is that VMware may be heat debating whether it should help Docker to be its real competitor. On one side, it does not have much choice given the existing popularity of Docker. On the other side, it wants to help Docker competitors like Rocket. When there is no clear leader in the container technology, VMware wins in a big way.

# systemctl start docker
# systemctl enable docker

At this point, you can run any docker commands as you want from the Photon VM console. While it’s nice, it does not allow the remote management using the REST APIs via command lines or programming languages.

Because Photon is not a typical Linux OS, the way the Docker is installed and configured is different from others. The docker configuration file can normally be found as /etc/init/docker.conf does not exist in Photon. Neither does the file /usr/lib/systemd/system/docker.service or /etc/sysconfig/docker exist. Without changing these files, you can probably set up environment variables. But I think it’s better to change the configuration so that it can easily persist over rebooting.

It turned out there is still a docker.service file, but it is hidden in /etc directory with this full path: /etc/systemd/system/ Using the vim command (yes, there is vim) to change the ExecStart line as follows:

ExecStart=/bin/docker -H tcp:// -H unix:///usr/run/docker.sock -s overlay

Per Docker convention as described here, “It is conventional to use port 2375 for un-encrypted, and port 2376 for encrypted communication with the daemon.” Unless the port is already taken, use the default ports. I noticed some suggested to use 4243 port. Although it’s perfectly OK, I would recommend to use what Docker recommends because that is what most people will follow. By following the convention, life would be easier along the way.

After restarting the docker daemon again, the remote API will work. To verify it, open an browser and type in the following IP address:

The content of the browser should be a JSON string as follows: (to make it easy to read, I format it)

    "Containers": 1,
    "Debug": 0,
    "DockerRootDir": "/var/lib/docker",
    "Driver": "overlay",
    "DriverStatus": [["Backing Filesystem", "extfs"]],
    "ExecutionDriver": "native-0.2",
    "ID": "VAFK:FHXG:77NU:SZ7P:FFQX:7CS2:T7HJ:4J63:4D32:633V:6ECG:6AMN",
    "IPv4Forwarding": 1,
    "Images": 23,
    "IndexServerAddress": "",
    "InitPath": "/bin/docker",
    "InitSha1": "",
    "KernelVersion": "3.19.2",
    "Labels": null,
    "MemTotal": 364720128,
    "MemoryLimit": 1,
    "NCPU": 1,
    "NEventsListener": 0,
    "NFd": 20,
    "NGoroutines": 25,
    "Name": "photon",
    "OperatingSystem": "\u003cunknown\u003e",
    "RegistryConfig": {
        "IndexConfigs": {
            "": {
                "Mirrors": null,
                "Name": "",
                "Official": true,
                "Secure": true
        "InsecureRegistryCIDRs": [""]
    "SwapLimit": 1

Congratulations. Your configuration for remote management is done. I will show you how to remotely manage Docker using Java and maybe other language bindings. Stay tuned.

This entry was posted in Cloud Computing and tagged , , . Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

One Comment

  1. russt
    Posted June 19, 2015 at 11:51 am | Permalink

    This config worked for me:

    ExecStart=/bin/docker -d -H tcp:// -s overlay

    Note the change in syntax for port specification.
    Adding the second arg (-H unix:///usr/run/docker.sock) generates an error:

    FATA[0001] Shutting down due to ServeAPI error: listen unix /usr/run/docker.sock: bind: no such file or directory

    I updated docker to 1.6.0 in the photon vm using yum update:

    root [ ~ ]# docker --version
    Docker version 1.6.0, build 4749651

Post a Comment

Your email is never published nor shared. Required fields are marked *


You may use these HTML tags and attributes <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>


    My company has created products like vSearch ("Super vCenter"), vijavaNG APIs, EAM APIs, ICE tool. We also help clients with virtualization and cloud computing on customized development, training. Should you, or someone you know, need these products and services, please feel free to contact me: steve __AT__

    Me: Steve Jin, VMware vExpert who authored the VMware VI and vSphere SDK by Prentice Hall, and created the de factor open source vSphere Java API while working at VMware engineering. Companies like Cisco, EMC, NetApp, HP, Dell, VMware, are among the users of the API and other tools I developed for their products, internal IT orchestration, and test automation.