windows

references:

docker-ee

[!WARNING]

IMPORTANT - THIS PROVIDER IS NOW DEPRECATED

As of May 23rd 2023 the backing service for this provider has been shutdown. You can find alternative options at [Windows Container Documentation - Setup Environment](https://learn.microsoft.com/en-us/virtualization/windowscontainers/quick-start/set-up-environment?tabs=dockerce#windows-server-1). For more information on the deprecation please see the following blog posts: [Updates to the Windows Container Runtime support](https://techcommunity.microsoft.com/t5/containers/updates-to-the-windows-container-runtime-support/ba-p/2788799) [Reminder - Updates to Windows Container Runtime Support](https://techcommunity.microsoft.com/t5/containers/reminder-updates-to-windows-container-runtime-support/ba-p/3620989)

install

[!NOTE] references:

# optioinal: https://github.com/OneGet/MicrosoftDockerProvider/issues/65#issuecomment-734284852
> [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
> Install-PackageProvider -Name NuGet
> Install-Module DockerMsftProvider -Force
> Install-Package Docker -ProviderName DockerMsftProvider -Force

# or
> Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
> Install-Package -Name docker -ProviderName DockerMsftProvider
> Restart-Computer -Force

# or
> Install-Module DockerMsftProvider -Force
> Install-Package Docker -ProviderName DockerMsftProvider -Force
> Restart-Computer

  • install specific docker version

    > Install-Package -Name docker -ProviderName DockerMsftProvider -Force -RequiredVersion 17.06.2-ee-5

  • check

    > Get-Package -Name Docker -ProviderName DockerMsftProvider
Name                           Version          Source                           ProviderName
----                           -------          ------                           ------------
docker                         19.03.5          DockerDefault                    DockerMsftProvider

> Find-Package -Name Docker -ProviderName DockerMsftProvider
Name                           Version          Source           Summary
----                           -------          ------           -------
Docker                         20.10.9          DockerDefault    Contains docker-ee for use with Windows Server.

  • find package vis proxy

    > Find-Package -Name docker -ProviderName DockerMsftProvider  -Proxy http://squid.tls.renault.fr:911 -Verbose
VERBOSE: Using the provider 'DockerMsftProvider' for searching packages.
VERBOSE: Download size: 0.02MB
VERBOSE: Free space on the drive: 199788.78MB
VERBOSE: Downloading https://dockermsft.blob.core.windows.net/dockercontainer/DockerMsftIndex.json to C:\Users\Administrator\AppData\Local\Temp\DockerMsftProvider\DockerDefault_DockerSearchIndex.json
VERBOSE: About to download
VERBOSE: Finished downloading
VERBOSE: Downloaded in 0 hours, 0 minutes, 0 seconds.

Name                           Version          Source           Summary
----                           -------          ------           -------
Docker                         19.03.1          DockerDefault    Contains Docker EE for use with Windows Server.

  • check module and resource

    > Get-PackageSource -ProviderName DockerMsftProvider
Name                             ProviderName     IsTrusted  Location
----                             ------------     ---------  --------
DockerDefault                    DockerMsftPro... False      https://go.microsoft.com/fwlink/?LinkID=825636&clcid=0x409

> Get-Package -Name Docker -ProviderName DockerMsftProvider
Name                           Version          Source                           ProviderName
----                           -------          ------                           ------------
docker                         20.10.9          DockerDefault                    DockerMsftProvider

# info: C:\Program Files\WindowsPowerShell\Modules\DockerMsftProvider\1.0.0.8
> Get-InstalledModule -Name "DockerMsftProvider"
Version    Name                                Repository           Description
-------    ----                                ----------           -----------
1.0.0.8    DockerMsftProvider                  PSGallery            PowerShell module with commands fo...

  • update DockerMsftProvider

    > Update-Module DockerMsftProvider

  • upgrade to latest version

    > Install-Package -Name Docker -ProviderName DockerMsftProvider -Update -Force
  Name                           Version          Source           Summary
  ----                           -------          ------           -------
  Docker                         20.10.9          DockerDefault    Contains Docker EE for use with Windows Server.
> Get-Package -Name Docker -ProviderName DockerMsftProvider
  Name                           Version          Source                           ProviderName
  ----                           -------          ------                           ------------
  docker                         20.10.9          DockerDefault                    DockerMsftProvider
> docker --version
  Docker version 20.10.9, build 591094d

> Start-Service Docker

  • or to particular version

    > Install-Package -Name docker -ProviderName DockerMsftProvider -RequiredVersion 18.09 -Update -Force

  • uninstall

    # clean docker images and processes
> docker swarm leave --force
> docker rm -f $(docker ps --all --quiet)
> docker system prune --all --volumes

# uninstall
> Uninstall-Package -Name docker -ProviderName DockerMsftProvider
> Uninstall-Module -Name DockerMsftProvider

# clean up the network and filesystem
> Get-HNSNetwork | Remove-HNSNetwork
> Remove-Item -Path "C:\ProgramData\Docker" -Recurse -Force

# get package via
> Get-PackageProvider -Name *Docker*

  • Clean up Docker data and system components

    > Get-HNSNetwork | Remove-HNSNetwork
> Get-ContainerNetwork | Remove-ContainerNetwork
> Remove-Item "C:\ProgramData\Docker" -Recurse

# close Hyper-V
> Remove-WindowsFeature Containers
> Remove-WindowsFeature Hyper-V

# reboot
> Restart-Computer -Force

  • download docker manually

    [!NOTE]

    # On an online machine, download the zip file.
> Invoke-WebRequest -UseBasicParsing -OutFile docker-19.03.3.zip https://download.docker.com/components/engine/windows-server/19.03/docker-19.03.3.zip

# Stop Docker service if eralier version of Docker is already installed
> Stop-Service docker

# Extract the archive.
> Expand-Archive docker-19.03.3.zip -DestinationPath $Env:ProgramFiles -Force

# Clean up the zip file.
> Remove-Item -Force docker-19.03.3.zip

# Install Docker. This requires rebooting.
> $null = Install-WindowsFeature containers

> Restart-Computer -Force

# Add Docker to the path for the current session.
> $env:path += ';$env:ProgramFiles\docker'

# Optionally, modify PATH to persist across sessions.
> $newPath = '$env:ProgramFiles\docker;' +
  [Environment]::GetEnvironmentVariable('PATH', [EnvironmentVariableTarget]::Machine)
  [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine)

# Register the Docker daemon as a service.
> dockerd --register-service

# Start the Docker service.
> Start-Service docker

# verify
> docker pull hello-world:nanoserver
> docker images
> docker container run hello-world:nanoserver

  • pull and run windows image

    > docker pull mcr.microsoft.com/dotnet/samples:dotnetapp-nanoserver-2009
> docker run mcr.microsoft.com/dotnet/samples:dotnetapp-nanoserver-2009

# or
> docker pull mcr.microsoft.com/windows/servercore:ltsc2019
# inspired from http://man.hubwiz.com/docset/Docker.docset/Contents/Resources/Documents/docs.docker.com/install/windows/docker-ee.html

# On an online machine, download the zip file.
Invoke-WebRequest -UseBasicParsing -OutFile docker-18.09.5.zip https://download.docker.com/components/engine/windows-server/18.09/docker-18.09.5.zip
# Stop Docker service
Stop-Service docker

# Extract the archive.
Expand-Archive docker-18.09.5.zip -DestinationPath $Env:ProgramFiles -Force

# Clean up the zip file.
Remove-Item -Force docker-18.09.5.zip

# Install Docker. This requires rebooting.
$null = Install-WindowsFeature containers

# Add Docker to the path for the current session.
$env:path += ";$env:ProgramFiles\docker"

# Optionally, modify PATH to persist across sessions.
$newPath = "$env:ProgramFiles\docker;" +
[Environment]::GetEnvironmentVariable("PATH",
[EnvironmentVariableTarget]::Machine)

[Environment]::SetEnvironmentVariable("PATH", $newPath,
[EnvironmentVariableTarget]::Machine)

# Register the Docker daemon as a service.
dockerd --register-service

# Start the Docker service.
Start-Service docker

  • check

    [!NOTE]

    > Get-Process dockerd
Handles  NPM(K)    PM(K)      WS(K)     CPU(s)     Id  SI ProcessName
-------  ------    -----      -----     ------     --  -- -----------
    449      28   138348      45356       4.31  16192   0 dockerd

> Get-NetTCPConnection -LocalPort 2376
LocalAddress                        LocalPort RemoteAddress                       RemotePort State       AppliedSetting
------------                        --------- -------------                       ---------- -----       --------------
::                                  2376      ::                                  0          Listen
# or
> Get-NetTCPConnection -LocalPort 2376 -State Listen -ErrorVariable $err -ErrorAction SilentlyContinue

> Get-Service Docker
Status   Name               DisplayName
------   ----               -----------
Running  Docker             Docker Engine

install a specific version

> Install-Package -Name docker -ProviderName DockerMsftProvider -Force -RequiredVersion 18.09
...
Name                      Version               Source           Summary
----                      -------               ------           -------
Docker                    18.09                 Docker           Contains Docker Engine - Enterprise for use with Windows Server...

upgrade

> Install-Package -Name docker -ProviderName DockerMsftProvider -RequiredVersion 18.09 -Update -Force

# update module
> Update-Module DockerMsftProvider

uninstall

# Leave any active Docker Swarm
> docker swarm leave --force

# Remove all running and stopped containers
> docker rm -f $(docker ps --all --quiet)

# Prune container data
> docker system prune --all --volumes

# Uninstall Docker PowerShell Package and Module
> Uninstall-Package -Name docker -ProviderName DockerMsftProvider
> Uninstall-Module -Name DockerMsftProvider

# Clean up Windows Networking and file system
> Get-HNSNetwork | Remove-HNSNetwork
> Remove-Item -Path "C:\ProgramData\Docker" -Recurse -Force

remote access

via daemon.json

> $configfile = @"
{
  "tls": false,
  "hosts": ["tcp://0.0.0.0:2376", "npipe://"],
  "debug": true,
  "data-root": "E:\\docker_home",
  "storage-opts": []
}
"@

> $configfile | Out-File -FilePath C:\ProgramData\docker\config\daemon.json -Encoding ascii -Force
> Start-Service Docker

# or
> Restart-Service Docker

  • verify

    > docker info
...
Docker Root Dir: E:\docker_home
...
WARNING: API is accessible on http://0.0.0.0:2376 without encryption.
         Access to the remote API is equivalent to root access on the host. Refer
         to the 'Docker daemon attack surface' section in the documentation for
         more information: https://docs.docker.com/go/attack-surface/

> docker -H tcp://localhost:2376 images
REPOSITORY          TAG                    IMAGE ID       CREATED         SIZE
hello-world         nanoserver             e33d37034c87   33 hours ago    258MB

via SSL

  • allow inbound connections

    > New-NetFirewallRule -DisplayName 'Docker SSL Inbound' -Profile @('Domain', 'Public', 'Private') -Direction Inbound -Action Allow -Protocol TCP -LocalPort 2376

  • copy the files ca.pem, cert.pem and key.pem from your user's docker folder on your machine

    • e.g. c:\users\chris\.docker to you local machine.

  • confirm connection

    > docker -D -H tcp://wsdockerhost.southcentralus.cloudapp.azure.com:2376 \
         --tlsverify --tlscacert=c:\users\foo\.docker\client\ca.pem \
         --tlscert=c:\users\foo\.docker\client\cert.pem \
         --tlskey=c:\users\foo\.docker\client\key.pem \
         ps

  • tips

    • disable tls in c\programdata\docker\config\daemon.json

      {
    "tlsverify":  false,
}

    • connect via

      > docker -H tcp://wsdockerhost.southcentralus.cloudapp.azure.com:2376 \
         --tlsverify=0 \
         version

exec commands

[!NOTE|label:references:]

> docker exec a8 powershell -c "Get-CimInstance Win32_Process | Select-Object ProcessId, CommandLine"

tricky

running linux container in windows server

[!NOTE]

  • by enable experimental features in docker daemon.conf

    • Set LCOW_SUPPORTED Variable to 1 for enabled

      > [Environment]::SetEnvironmentVariable(“LCOW_SUPPORTED”, “1”, “Machine”)

    • enable experimental features in docker daemon.conf

      > $configfile = @"
{
    "experimental": true
}
"@

> $configfile | Out-File -FilePath C:\ProgramData\docker\config\daemon.json -Encoding ascii -Force

    • deploy LCOW for it to run

      > Invoke-WebRequest -Uri “https://github.com/linuxkit/lcow/releases/download/v4.14.35-v0.3.9/release.zip” -UseBasicParsing -OutFile release.zip
> Expand-Archive release.zip -DestinationPath “$Env:ProgramFiles\Linux Containers\.”

    • make Linux containers the Default

      > [Environment]::SetEnvironmentVariable(“LCOW_API_PLATFORM_IF_OMITTED”, “linux”, “Machine”)

  • by pre build docker-ee

    • uninstall current docker-ee

      > Uninstall-Package -Name docker -ProviderName DockerMSFTProvider

    • enable Nested Virtualization by using Linux Virtual Machine running on Hyper-V.

      > Get-VM WinContainerHost | Set-VMProcessor -ExposeVirtualizationExtensions $true

    • install pre build docker-ee

      > Install-Module DockerProvider
> Install-Package Docker -ProviderName DockerProvider -RequiredVersion preview

    • Enable LinuxKit system for running Linux containers

      > [Environment]::SetEnvironmentVariable("LCOW_SUPPORTED", "1", "Machine")

      • to Switch back to running Windows containers

        > [Environment]::SetEnvironmentVariable("LCOW_SUPPORTED", "$null", "Machine")

  • restart docker service

    > Restart-Service docker

  • check

    > docker run -it --rm ubuntu /bin/bash

FIPS 140-2 cryptographic module support

> [System.Environment]::SetEnvironmentVariable("DOCKER_FIPS", "1", "Machine")

# regedit
> Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\" -Name "Enabled" -Value "1"

> net stop docker
> net start docker

# check
> docker info
...
Labels:
  com.docker.security.fips=enabled
...

manual install docker-ee

[!NOTE]

  • download archive

    # On an online machine, download the zip file.
Invoke-WebRequest -UseBasicParsing -OutFile docker-19.03.3.zip https://download.docker.com/components/engine/windows-server/19.03/docker-19.03.3.zip

  • install

    # Stop Docker service if eralier version of Docker is already installed
> Stop-Service docker

# Extract the archive.
> Expand-Archive docker-19.03.3.zip -DestinationPath $Env:ProgramFiles -Force

# Clean up the zip file.
> Remove-Item -Force docker-19.03.3.zip

# Install Docker. This requires rebooting.
> $null = Install-WindowsFeature containers

> Restart-Computer -Force

# Add Docker to the path for the current session.
> $env:path += ';$env:ProgramFiles\docker'

# Optionally, modify PATH to persist across sessions.
> $newPath = '$env:ProgramFiles\docker;' +
  [Environment]::GetEnvironmentVariable('PATH', [EnvironmentVariableTarget]::Machine)
  [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine)

# Register the Docker daemon as a service.
> dockerd --register-service

# Start the Docker service.
> Start-Service docker

  • another

    # download
> Start-BitsTransfer -Source https://dockermsft.blob.core.windows.net/dockercontainer/docker-1-12-2-cs2-ws-beta.zip -Destination /docker.zip
# get sha256
> Get-FileHash -Path /docker.zip -Algorithm SHA256

# install
> cp .\docker.zip C:\Users\Administrator\AppData\Local\Temp\DockerMsftProvider\Docker-1-12-2-cs2-ws-beta.zip
> cd C:\Users\Administrator\AppData\Local\Temp\DockerMsftProvider\
> Install-Package -Name docker -ProviderName DockerMsftProvider -Verbose

# restart
> Restart-Computer -Force

  • or

    > $downloadURL = 'https://dockermsft.blob.core.windows.net/dockercontainer/docker-17-06-2-ee-13.zip'
> $destination = 'C:\Users\ADMINI~1\AppData\Local\Temp\2\DockerMsftProvider\Docker-17-06-2-ee-13.zip'
> Invoke-WebRequest -Uri $downloadURL -OutFile $destination
> Install-Package Docker -ProviderName DockerMsftProvider -RequiredVersion $RequiredVersion -Verbose

  • install from private DockerMsftProvider

    $paths = $env:psmodulePath.Split(';')
$modulePath = Join-Path $paths[0] "DockerMsftProvider"
if (!(Test-Path $modulePath)) {
  New-Item -Path $modulePath -ItemType Directory
}
$outfile = Join-Path $modulePath 'DockerMsftProvider.psm1'
Invoke-WebRequest -UseBasicParsing -OutFile $outfile -Uri https://raw.githubusercontent.com/ajkauffmann/MicrosoftDockerProvider/master/DockerMsftProvider.psm1
$outfile = Join-Path $modulePath 'DockerMsftProvider.psd1'
Invoke-WebRequest -UseBasicParsing -OutFile $outfile https://raw.githubusercontent.com/ajkauffmann/MicrosoftDockerProvider/master/DockerMsftProvider.psd1
Install-Package Docker -ProviderName DockerMsftProvider -Force

DockerMsftIndex.json

[!NOTE]

> Invoke-WebRequest -Uri "https://dockermsft.azureedge.net/dockercontainer/DockerMsftIndex.json" `
                    -OutFile $env:USERPROFILE\AppData\Local\Temp\DockerMsftProvider\DockerDefault_DockerSearchIndex.json

# mark to read-only
(Get-Item $env:USERPROFILE\AppData\Local\Temp\DockerMsftProvider\DockerDefault_DockerSearchIndex.json).Attributes = [IO.FileAttributes]::ReadOnly

dockerfile

[!NOTE|label:references:]

  • sample

    # Sample Dockerfile

# Indicates that the windowsservercore image will be used as the base image.
FROM mcr.microsoft.com/windows/servercore:ltsc2019

# Metadata indicating an image maintainer.
LABEL maintainer="jshelton@contoso.com"

# Uses dism.exe to install the IIS role.
RUN dism.exe /online /enable-feature /all /featurename:iis-webserver /NoRestart

# Creates an HTML file and adds content to this file.
RUN echo "Hello World - Dockerfile" > c:\inetpub\wwwroot\index.html

# Sets a command or process that will run each time a container is run from the new image.
CMD [ "cmd" ]

  • sample

    FROM mcr.microsoft.com/dotnet/framework/sdk:4.8-windowsservercore-ltsc2019
RUN Install-PackageProvider NuGet -Force
RUN Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
RUN Import-Packageprovider -Name DockerMsftProvider -Force
RUN Find-Package -ProviderName DockerMsftProvider | Install-Package -Verbose -Force; exit 0
RUN Find-Package -ProviderName DockerMsftProvider | Install-Package -Verbose -Force

  • or

    FROM mcr.microsoft.com/windows/servercore:ltsc2019
USER ContainerAdministrator
SHELL ["powershell", "-command"]
RUN Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
RUN Install-PackageProvider -Name NuGet -Force
RUN Install-Module -Name DockerMsftProvider -Force
RUN Import-Module -Name DockerMsftProvider -Force
RUN Import-Packageprovider -Name DockerMsftProvider -Force
RUN Install-Package -Name docker -ProviderName DockerMsftProvider -Verbose -Update -Force

Hyper-V

[!TIP]

install

in windows servers

[!TIP] If you're connected locally to the server, run the command without -ComputerName <computer_name>.

  • via commands

    > Install-WindowsFeature -Name Hyper-V [-ComputerName <computer_name>] -IncludeManagementTools -Restart

    • check

      > Get-WindowsFeature -ComputerName <computer_name>

  • manually

    1. In Server Manager, on the Manage menu, click Add Roles and Features.

    2. On the Before you begin page, verify that your destination server and network environment are prepared for the role and feature you want to install. Click Next.

    3. On the Select installation type page, select Role-based or feature-based installation and then click Next.

    4. On the Select destination server page, select a server from the server pool and then click Next.

    5. On the Select server roles page, select Hyper-V.

    6. To add the tools that you use to create and manage virtual machines, click Add Features. On the Features page, click Next.

    7. On the Create Virtual Switches page, Virtual Machine Migration page, and Default Stores page, select the appropriate options.

    8. On the Confirm installation selections page, select Restart the destination server automatically if required, and then click Install.

    9. When installation is finished, verify that Hyper-V installed correctly. Open the All Servers page in Server Manager and select a server on which you installed Hyper-V. Check the Roles and Features tile on the page for the selected server.

in windows 10

[!NOTE] references:

  • via powershell

    > Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All

    • check

      > Get-WindowsOptionalFeature -Online [| Where-Object {$_.State -eq "Enabled"}] [| format-table]

  • via cmd and dism

    > DISM /Online /Enable-Feature /All /FeatureName:Microsoft-Hyper-V

  • via manually

    1. win -> Apps and Features

    2. select Programs and Features

    3. select Turn Windows Features on or off

    4. Select Hyper-V and click OK

  • others

    • shortcut located in : shell:Common Administrative Tools ( C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools )

    • Hyper-V Quick Create : %ProgramFiles%\Hyper-V\VMCreate.exe

    • Hyper-V Manager : %windir%\System32\mmc.exe "%windir%\System32\virtmgmt.msc"

Windows Docker Container Hyper-V Isolation

> docker run -it --isolation=hyperv mcr.microsoft.com/windows/servercore:ltsc2019

# check
> get-process -Name vmwp

create a virtual machine with powershell by Hyper-V

# Set VM Name, Switch Name, and Installation Media Path.
$VMName = 'TESTVM'
$Switch = 'External VM Switch'
$InstallMedia = 'C:\Users\Administrator\Desktop\en_windows_10_enterprise_x64_dvd_6851151.iso'

# Create New Virtual Machine
New-VM -Name $VMName -MemoryStartupBytes 2147483648 -Generation 2 -NewVHDPath "D:\Virtual Machines\$VMName\$VMName.vhdx" -NewVHDSizeBytes 53687091200 -Path "D:\Virtual Machines\$VMName" -SwitchName $Switch

# Add DVD Drive to Virtual Machine
Add-VMScsiController -VMName $VMName
Add-VMDvdDrive -VMName $VMName -ControllerNumber 1 -ControllerLocation 0 -Path $InstallMedia

# Mount Installation Media
$DVDDrive = Get-VMDvdDrive -VMName $VMName

# Configure Virtual Machine to Boot from DVD
Set-VMFirmware -VMName $VMName -FirstBootDevice $DVDDrive

troubleshooting

[!NOTE]

could not read CA certificate

  • solution

    [Environment]::SetEnvironmentVariable("DOCKER_CERT_PATH", $null, "User")
[Environment]::SetEnvironmentVariable("DOCKER_HOST", $null, "User")
[Environment]::SetEnvironmentVariable("DOCKER_MACHINE_NAME", $null, "User")
[Environment]::SetEnvironmentVariable("DOCKER_TLS_VERIFY", $null, "User")
[Environment]::SetEnvironmentVariable("DOCKER_TOOLBOX_INSTALL_PATH", $null, "User")

  • or

    SET DOCKER_CERT_PATH= $null, "User"
SET DOCKER_HOST= $null, "User"
SET DOCKER_MACHINE_NAME= $null, "User"
SET DOCKER_TLS_VERIFY= $null, "User"
SET DOCKER_TOOLBOX_INSTALL_PATH= $null, "User"
PrevioustrickyNextcrio

Last updated