Empty File
-
-
Save jason-bivins/f6e40f3b778a6476de4267c9efc7191f to your computer and use it in GitHub Desktop.
docker pull georgyturevich/tomcat:choco_install; ` | |
docker version; ` | |
docker info; ` | |
mkdir C:\test_volume; ` | |
$CountContainers = 200; ` | |
docker stop $(docker ps -af name=gturevich-test --format "{{.Names}}"); ` | |
docker rm $(docker ps -af name=gturevich-test --format "{{.Names}}");` | |
$MaintStartTime = Get-Date; ` | |
for ($I=1; $I -le $CountContainers; $I++) { ` | |
$Start = Get-Date; echo "$Start`: Runing #$I (of $CountContainers) ..."; ` | |
$Ports = "$(11000+$I)`:80"; ` | |
docker run --name "gturevich-test-$I" -p $Ports --restart=always -e "JAVA_OPTS=-Xms512M -Xmx512M" -v C:\test_volume:C:\volume -d georgyturevich/tomcat:choco_install; ` | |
$Stop = Get-Date; echo "$stop`: #$I (of $CountContainers) started in $(($Stop - $Start).TotalSeconds) s. Full time is: $(($Stop - $MaintStartTime).TotalMinutes) m."; ` | |
}` | |
echo "$(date): Containers count before restart: $((docker ps -q).count). Stopping Docker service ...";` | |
Stop-Service docker; ` | |
echo "$(date): Docker stopped. Dismounting ...";` | |
date; Get-Disk | ? {$_.Location -like "*docker*"} | foreach { Write-Host "Dismounting" $_.Location; Dismount-VHD -DiskNumber $_.Number}; date; ` | |
Sleep 3; ` | |
echo "$(date): Starting docker ...";` | |
Start-Service docker;` | |
echo "$(date): Started."; | |
$K=0; while($K -lt 20) { ` | |
$K++;` | |
echo "$(date): Requesting containers list ..."; ` | |
$Start = Get-Date; echo " Containers count after restart: $((docker ps -q).count); Current date: $(date)";` | |
$Stop = Get-Date; echo "$(date): Result was received in $(($Stop - $Start).TotalSeconds) s. Full time is: $(($Stop - $MaintStartTime).TotalMinutes) m."; Sleep 5; ` | |
} |
## open up permissions and install Azure powershell modules to your local machine | |
Set-ExecutionPolicy Unrestricted | |
Install-Module -Name Az -AllowClobber -Scope AllUsers | |
Import-Module Az.Network | |
## login to azure portal | |
## need to look into using a service principal instead | |
## https://docs.microsoft.com/en-us/powershell/azure/create-azure-service-principal-azureps?view=azps-2.6.0 | |
Connect-AzAccount | |
## you only need these next two if you have multiple azure subsriptions - skip if you only have one default sub | |
#Get-AzSubscription | |
#Select-AzSubscription -Subscription "subscriptionid" | |
#enter location and resource group | |
$locationName = "azure location" | |
$ResourceGroupName = "resource group name" | |
#Leave these AS-IS | |
$nicName = "NIC-" | |
$vnet = Get-AzVirtualNetwork -Name $NetworkName -ResourceGroupName $ResourceGroupName | |
## Networking | |
$DNSNameLabel = "mydnsname" # mydnsname.westus.cloudapp.azure.com | |
$PublicIPAddressName = "MyPIP" | |
$PIP = New-AzPublicIpAddress -Name $PublicIPAddressName -DomainNameLabel $DNSNameLabel -ResourceGroupName $ResourceGroupName -Location $LocationName -AllocationMethod Dynamic | |
$networkName = "vnet name" | |
#VM names -- OS and VM size | |
$computerName = @("win01","win03","win02") | |
$vmSize = 'Standard_DS3_v2' | |
$publisherName = "MicrosoftWindowsServer" | |
#-DataDiskSizeInGb | |
# https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes-general#dsv3-series-1 | |
Get-AzVMImageSku -PublisherName $publisherName -Offer $offer | Select Skus | |
#Get-AzVMImage -PublisherName $publisherName -Offer $offer -Sku $skuName | Select Version | |
$offer = "WindowsServer" | |
$skus = "2019-Datacenter" | |
# enter the creds you want to use -- not sure how to linux this? | |
$VMLocalAdminUser = "LocalAdminUser" | |
$VMLocalAdminSecurePassword = ConvertTo-SecureString "Password" -AsPlainText -Force | |
$credential = New-Object System.Management.Automation.PSCredential ($VMLocalAdminUser, $VMLocalAdminSecurePassword); | |
## Networking | |
$DNSNameLabel = "mydnsname" # mydnsname.westus.cloudapp.azure.com | |
$PublicIPAddressName = "MyPIP" | |
$PIP = New-AzPublicIpAddress -Name $PublicIPAddressName -DomainNameLabel $DNSNameLabel -ResourceGroupName $ResourceGroupName -Location $LocationName -AllocationMethod Dynamic | |
#Loops through the computer names you provide and provisions one at a time | |
#as-job command? | |
for($i = 0; $i -le $ComputerName.count -1; $i++) | |
{ | |
$NIC = New-AzNetworkInterface -Name ($NICName+$ComputerName[$i]) ` | |
-ResourceGroupName $ResourceGroupName ` | |
-Location $LocationName ` | |
-SubnetId $Vnet.Subnets[0].Id | |
$VirtualMachine = New-AzVMConfig -VMName $ComputerName[$i] ` | |
-VMSize $VMSize | |
$VirtualMachine = Set-AzVMOperatingSystem -VM $VirtualMachine ` | |
-Windows ` | |
-ComputerName $ComputerName[$i] ` | |
-Credential $Credential ` | |
-ProvisionVMAgent ` | |
-EnableAutoUpdate | |
$VirtualMachine = Add-AzVMNetworkInterface -VM $VirtualMachine ` | |
-Id $NIC.Id | |
$VirtualMachine = Set-AzVMSourceImage -VM $VirtualMachine ` | |
-PublisherName $publisherName ` | |
-Offer $offer ` | |
-Skus $skus ` | |
-Version latest | |
New-AzVM -ResourceGroupName $ResourceGroupName ` | |
-Location $LocationName ` | |
-VM $VirtualMachine ` | |
-Verbose | |
} |
FROM mcr.microsoft.com/azure-cli | |
COPY "run.sh" . | |
RUN ["chmod", "+x", "./run.sh"] | |
ENTRYPOINT [ "./run.sh" ] | |
Contents of run.sh: | |
#!/bin/bash | |
echo "Login to Azure" | |
az login | |
echo "What is the name of your resource group?" | |
read resourcegroup | |
echo "What is the name of your NSG (network security group)" | |
read nsg | |
echo "Name of the VM?" | |
read vmname | |
echo "VM user name" | |
read username | |
echo "Set your VM password (recommend using 1password to create this)" | |
read pwd | |
echo "Set your location - example: eastus2, centralus (must be a valid azure location)" | |
read location | |
size="Standard_D4s_v3" | |
osdisksize=250 | |
urn="MicrosoftWindowsDesktop:windows-11:win11-21h2-pro:22000.2416.230902" | |
win10="MicrosoftWindowsDesktop:Windows-10:win10-22h2-pro:19045.3448.230831" | |
buntu="Canonical:0001-com-ubuntu-pro-jammy:pro-22_04-lts-gen2:22.04.202305160" | |
echo "Username=${username}" | |
echo "Password=${pwd}" | |
echo "RDP to ${vmname}.${location}.cloudapp.azure.com" | |
az vm show -g $resourcegroup -n $vmname -d -o table | |
# Set the default command to start the Azure CLI shell | |
CMD ["az", "interactive"] | |
CMD prompt user for stuff and write to something? | |
# list vms and status | |
RUN az vm list -g $resourcegroup -d -o table | |
# delete selected vm | |
RUN az vm delete --force-deletion y -g $resourcegroup -n $vmname --yes --no-wait | |
RUN az extension add --name vm | |
# Create a VM | |
RUN az vm create --name $vmname -g $resourcegroup --image $winurn --public-ip-sku Standard --admin-username $username --admin-password $pwd --os-disk-size-gb $osdisksize --public-ip-address-dns-name $vmname --size $size --nsg $nsg --nic-delete-option delete --os-disk-delete-option delete --no-wait | |
#customize the VM on creation | |
RUN az vm run-command invoke --command-id RunPowerShellScript --name $vmname -g $resourcegroup --scripts @windowsconfig.ps1 | |
#diplay the VM information | |
RUN az vm show -g $resourcegroup -n $vmname -d -o table |
# enable nested virtualization | |
Set-VMProcessor TestVM -ExposeVirtualizationExtensions $true | |
https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/vm-custom-script-windows | |
#Install Chocolatey | |
https://chocolatey.org/install | |
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1')) | |
#switch Desktop modes | |
& $Env:ProgramFiles\Docker\Docker\DockerCli.exe -SwitchDaemon | |
## Good Links | |
# docker EE | |
https://docs.microsoft.com/en-us/virtualization/windowscontainers/quick-start/set-up-environment?tabs=Windows-Server#install-docker | |
https://codebase.cloudaix.com/developer-setup/docker-for-mac-limit-memory-allocation/ | |
##Add user to docker-users group | |
Add-LocalGroupMember -Group docker-users -member domain\user | |
Add-LocalGroupMember -Group docker-users -member rctest\desktop | |
##Mac not starting | |
#problem | |
MacBook Pro M1. | |
Get the following error: cannot install symlinks in /usr/local/bin (stage 5) | |
#explanation | |
There appears to be a protocol mismatch talking to com.docker.vmnetd. Since there’s a version number check at the beginning, perhaps the user used to have a test PR build installed and now it’s confused? | |
#fix | |
sudo launchctl unload /Library/LaunchDaemons/com.docker.vmnetd.plist | |
## powershell for diagnostics | |
Invoke-WebRequest -UseBasicParsing -uri https://nurse.internal.dckr.io/diagnostics/any/B0D85877-67D5-4446-8CB0-0F300D908F36/20220428185515 -Outfile c:\diags\diags.zip | |
unzip to ? | |
delete .zip | |
open in VScode | |
## install desktop using cli | |
"Docker Desktop Installer.exe" install --accept-license --allowed-org=dockersales --backend=hyper-v --quiet | |
net localgroup docker-users <user> /add | |
## didnt work | |
Start-Process '.\win\build\Docker Desktop Installer.exe' -Wait install --verbose --accept-license --allowed-org=dockersales --backend=hyper-v | |
## did work | |
& '.\Docker Desktop Installer.exe' install --accept-license --allowed-org=dockersales --backend=hyper-v --quiet | |
## get folder permissions | |
get-acl -path c:\programdata\ | format-list | |
## disable defender real-time | |
Set-MpPreference -DisableRealtimeMonitoring $true | |
A list of all programs installed on the nodes - you can use this powershell command to generate a .txt file | |
Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Format-Table –AutoSize >Installed-programs.txt | |
download procdump from sysinternals and generate a dump for vmpcompute.exec | |
https://docs.microsoft.com/en-us/sysinternals/downloads/procdump | |
Find PID of vmcompute.exe (not dockerd.exe) | |
Run: procdump64.exe -mk PID | |
Please provide windows event viewer logs - I prefer the application logs from event viewer, exported as a .evtx file - but for core versions of Windows you can use this in Powershell: | |
Get-EventLog -LogName Application -Source Docker | Sort-Object Index | Format-Table Index,TimeWritten,Message | Out-File ~/EventLog_Docker.csv | |
# Stop all running containers | |
docker ps --quiet | ForEach-Object {docker stop $_} | |
# Remove all containers and images | |
docker system prune --volumes --all | |
az group list --tag delete --query [].name -o tsv | xargs -otl az group delete --no-wait -n |
Empty File
Hi, Thanks for your question. | |
It is possible to use Docker Desktop to run your Jenkins deployment, but it is not the best solution and will not be in line with current best practices for production infrastructure. Docker Desktop is not supported as a production runtime, and is not supported on Server platforms. Best practices say that you should use a Server platform, and the docker EE engine version. | |
https://docs.docker.com/desktop/windows/troubleshoot/#what-is-not-supported | |
See here for directions on setting up the Docker engine on Windows or Linux server platforms. | |
https://docs.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/system-requirements | |
https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-20-04 | |
Once you have either Linux or Windows servers setup, you can configure Jenkins pipelines to use the server remotely - | |
https://www.jenkins.io/doc/book/pipeline/docker/#using-a-remote-docker-server | |
https://docs.microsoft.com/en-us/azure/devops/pipelines/release/integrate-jenkins-pipelines-cicd?view=azure-devops&tabs=yaml | |
If you plan to use Docker Desktop as part of your Jenkins deployment instead of following best practices, you do not need to use a subscription seat. | |
https://www.docker.com/pricing/faq/ | |
Thanks! | |
Docker Support | |
/library/application support/com.docker.docker/
~/Library/Containers/com.docker.docker/Data/vms/0/data/Docker.raw
/Users/username/Library/Group%20Containers/group.com.docker/settings.json
/library/application support/com.docker.docker/settings.json
/Library/Application Support/com.docker.docker/registry.json
version: '3.3' | |
services: | |
win16: | |
image: mcr.microsoft.com/windows/servercore/iis:windowsservercore-ltsc2016 | |
deploy: | |
endpoint_mode: dnsrr | |
networks: | |
- net | |
win19: | |
image: mcr.microsoft.com/windows/servercore/iis:windowsservercore-ltsc2019 | |
deploy: | |
endpoint_mode: dnsrr | |
networks: | |
- net | |
lin01: | |
image: nginx:alpine | |
deploy: | |
endpoint_mode: dnsrr | |
networks: | |
- net | |
lin02: | |
image: redis:latest | |
deploy: | |
endpoint_mode: dnsrr | |
networks: | |
- net | |
networks: | |
net: |
Empty File |
Mac is supposed to auto-detect system proxies, but you can set them as variables and manually in the GUI | |
Windows is more complicated | |
I'll split this answer into two sections, ingress and proxy egress | |
Ingress: incoming connections to the docker engine | |
You can configure the engine to only accept secure connections on specific ports, and also enforce TLS policies with certs. | |
https://docs.docker.com/engine/security/protect-access/ | |
Egress: | |
You can configure Docker to send docker engine requests through a proxy. Proxy settings will not be propagated into the containers you start. If you wish to set the proxy settings for your containers, you need to define environment variables for them, | |
Proxy settings are done in the Docker Desktop GUI - under the Resources tab. | |
https://docs.docker.com/desktop/windows/#resources | |
You can also configure proxy settings through the daemon.json or through Environment variables. | |
https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-docker/configure-docker-daemon | |
https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-docker/configure-docker-daemon#proxy-configuration |
set GITHUB_TOKEN=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 | |
$Env:GITHUB_TOKEN="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" | |
# Set progress preference to silent | |
$ProgressPreference = 'SilentlyContinue' | |
$dockerComposePath = "C:\Program Files\Docker\cli-plugins\" | |
Set-Location -Path = "C:\Program Files\Docker\cli-plugins" | |
FOR /L %i IN (1,1,35) DO docker run -d mcr.microsoft.com/windows/servercore/iis:windowsservercore-ltsc2019 sh -c "ping host.docker.internal" | |
FOR /L %i IN (1,1,65) DO docker run -d docker pull cimg/android:2024.04.1-node sh -c "ping host.docker.internal" | |
# Define paths | |
$dockerComposePath = "C:\Program Files\Docker\cli-plugins\docker-compose.exe" | |
$dockerComposeOldPath = "C:\Program Files\Docker\cli-plugins\docker-compose.old" | |
$downloadUrl = "https://github.com/docker/compose/releases/download/v2.22.0/docker-compose-windows-x86_64.exe" | |
https://github.com/docker/compose-desktop/releases/download/v2.22.0-desktop.2/docker-compose-windows-x86_64.exe | |
# Rename the existing docker-compose.exe to docker-compose.old | |
if (Test-Path $dockerComposePath) { | |
Rename-Item -Path $dockerComposePath -NewName $dockerComposeOldPath -Force | |
} | |
# Download the new docker-compose.exe | |
Invoke-WebRequest -Uri $downloadUrl -OutFile $dockerComposePath | |
# Restore progress preference | |
$ProgressPreference = 'Continue' | |
$Env:<variable-name> = "<new-value>" | |
## stop and rm all containers | |
docker rm $(docker ps -a -q) | |
https://docker.slack.com/archives/C0W4XJVFW/p1611755648205800?thread_ts=1611746566.196800&cid=C0W4XJVFW | |
https://docker.slack.com/archives/C0326G3P08M/p1670597619711999 | |
docker context create --docker host=ssh://docker-user@host1.example.com \ | |
--description="Remote engine" \ | |
my-remote-engine | |
Hi Juan, thanks for working with us to investigate the problem. | |
We were able to analyze the diagnostics you shared, but we are still unable to find a root cause. We can see in the logs that any attempt by the Docker runtime to read or access a file inside the "C:\ProgramData\DockerDesktop" folder, it results in an UnauthorizedAccessException error. | |
How are you deploying the registry.json file? Are you copying it to the user's local machine using SCCM, or are you having the Docker Desktop installer create it using the `--allowed-orgs` flag? | |
https://docs.docker.com/docker-hub/configure-sign-in/ | |
We are unable to recreate the error in our lab - but our domain is using default security policies and no specific GPO's are applied. | |
Please provide the output of these two powershell commands | |
Get-Acl -verbose -Path C:\programdata\DockerDesktop\ | Format-List | |
Get-Acl -verbose -Path C:\programdata\DockerDesktop\registry.json | Format-List | |
Make sure the local Users group has the correct permissions set on the DockerDesktop folder: | |
Specifically the BUILTIN\USER permissions for the C:\ProgramData\DockerDesktop folder should be "Read and Execute, List Folder Contents, Read" | |
The BUILTIN\USER permissions for the C:\ProgramData\DockerDesktop.registry.json file should be "Read and Execute, Read" | |
Please let us know if you have any questions, or if you need any details. We have seen this issue in the past caused by SCCM security policies, but we would be glad to help troubleshoot to make sure Docker Desktop is working properly. | |
Thanks! | |
Docker Support | |
stop and unregister docker-desktop-data delete files | |
wsl --unregister docker-desktop-data | |
wsl -d docker-desktop-data -e /wsl-keepalive | |
ls \\wsl$\docker-desktop-data | |
C:\Users\dave\AppData\local\Docker\wsl\data | |
Hi , thanks for reaching out to us. | |
We'll need a few more details to troubleshoot this for you, please send us a diagnostics ID at your convenience. Screenshots may be helpful too. | |
You mentioned that Docker Desktop can't start, so here are the instructions for gathering the diagnostic data from the CLI. | |
https://docs.docker.com/desktop/windows/troubleshoot/#diagnosing-from-the-terminal | |
https://docs.docker.com/desktop/mac/troubleshoot/#diagnosing-from-the-terminal | |
Thanks! | |
Docker | |
Hi, thanks for reaching out to us. | |
You've submitted your request to the Docker Hub support page, but it looks like you have questions on Docker Desktop. | |
For Docker Desktop support, please resubmit your ticket to the Docker Desktop support page along with a diagnostic ID for us to analyze. | |
https://hub.docker.com/support/desktop/ | |
You can find instructions on how to create the diagnostics bundle from the command line here: | |
https://docs.docker.com/desktop/windows/troubleshoot/#diagnosing-from-the-terminal | |
https://docs.docker.com/desktop/mac/troubleshoot/#diagnosing-from-the-terminal | |
Thanks! | |
Docker | |
https://docs.docker.com/desktop/windows/troubleshoot/#running-docker-desktop-in-nested-virtualization-scenarios | |
https://docs.docker.com/desktop/windows/troubleshoot/#in-app-diagnostics | |
PAT | |
85fef730-e774-4f5e-ba02-c68f7a0c4acd | |
https://docs.docker.com/desktop/windows/troubleshoot/#diagnosing-from-the-terminal | |
Please download and install the update to the latest release, and then restart your machine. | |
Please note that there are two installers, based on your system. | |
https://docs.docker.com/desktop/mac/install/ | |
If your problems persist - please submit a new diagnostics ID for us to analyze. | |
https://docs.docker.com/desktop/mac/troubleshoot/#diagnosing-from-the-terminal | |
Hi, thanks for reaching out to us. | |
We can only provide support for recent releases of Docker Desktop, your version is V.v.V and the most recent version is V.v.V | |
https://docs.docker.com/support/#what-docker-desktop-versions-are-supported | |
Please download and install the update to the latest release, and then restart your machine. Please note that there are two installers, based on your system. | |
https://docs.docker.com/desktop/mac/install/ | |
If your problems persist after upgrading - please submit a new diagnostics ID for us to analyze. | |
https://docs.docker.com/desktop/mac/troubleshoot/#diagnosing-from-the-terminal | |
Please reboot your machine, then download and install the most recent release. | |
https://docs.docker.com/desktop/windows/install/ | |
If your problems persist after upgrading, you can find instructions on how to create a fresh diagnostics bundle here: | |
https://docs.docker.com/desktop/windows/troubleshoot/#diagnosing-from-the-terminal | |
Thanks! | |
Docker Support | |
Hi Eric, thanks for reaching out to us. | |
You're installing an older version of Docker Desktop, and the prerequisites may not be configured correctly. | |
First, check the status of WSL by using the wsl --status command | |
If WSL is not installed, then you'll need to set it up by following these steps. You can use any distro you like instead of ubuntu | |
Open up a CMD prompt as admin | |
wsl --install -d ubuntu | |
wsl --update | |
#restart | |
shutdown /r /t 0 | |
Please reboot your machine, then download and install the most recent release. | |
https://docs.docker.com/desktop/windows/install/ | |
If there are problems with the fresh installer, you can find instructions on how to create the diagnostics bundle from the command line here: | |
https://docs.docker.com/desktop/windows/troubleshoot/#diagnosing-from-the-terminal | |
Thanks! | |
Docker Support | |
Hi Peter, thanks for your questions. | |
Please see here for microsoft's documentation on securing the windows container engine with certificates. It also has a section on the edits you'll need to make to the Windows daemon.json | |
https://learn.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/container-security | |
https://learn.microsoft.com/en-us/virtualization/windowscontainers/manage-docker/configure-docker-daemon?source=recommendations#configure-docker-with-a-configuration-file | |
We'll go ahead and close this ticket out now since your issues don't seem to be related to Docker Desktop. Feel free to open a new ticket along with a diagnostics ID if you have any Docker Desktop issues or questions. | |
https://docs.docker.com/support/#what-is-not-supported | |
Thanks! | |
Docker Support | |
At this point, the diagnostics are expired on our side, and we have included some fixes in the latest release that should help to resolve this for you. | |
Can you download and run the installer for the latest version, 4.71 - and then reboot your machine? | |
Hi, thanks for reaching out to us. Currently there is no directly supported way to run Linux containers on Windows Server platforms. | |
Hi, thanks for reaching out to us. | |
Docker Desktop is not supported on any Server platform, and support for Docker Desktop on Server platforms is explicitly exluded in our support policy. Please see our system requirements and our support policy page for more details. | |
https://docs.docker.com/desktop/windows/install/#system-requirements | |
https://docs.docker.com/desktop/windows/troubleshoot/#what-is-not-supported | |
The docker runtime itself is actually licensed as part of Windows Server, so you do have the ability use the engine only version on your servers. See here for directions on setting up the Docker engine on Windows server platforms. | |
https://docs.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/system-requirements | |
Thanks! | |
Docker | |
We do have a bit of information that may help in our troubleshooting FAQ's - but due to the limitations of nested virtualization and networking, we're not able to provide direct support. | |
https://docs.docker.com/desktop/windows/troubleshoot/#running-docker-desktop-in-nested-virtualization-scenarios | |
If your Windows server is capable of running Hyper-V, then you can run a Linux VM inside Hyper-V - and then run your linux containers from your preferred distribution. | |
See here for directions on setting up the Docker engine on Windows or Linux server platforms. | |
https://docs.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/system-requirements | |
https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-20-04 | |
## complete docker unininstall | |
full uninstall and cleanup of all docker system files | |
-- Uninstall Docker Desktop through Windows > Programs and Features | |
-- Shutdown WSL | |
wsl --shutdown | |
-- Delete the below files (note that the below commands are destructive, meaning it will delete all your images, volumes, and any Docker related files on your system) | |
Remove-Item -Recurse C:\ProgramData\Docker | |
Remove-Item -Recurse C:\ProgramData\DockerDesktop | |
Remove-Item -Recurse C:\Program Files\Docker | |
Remove-Item -Recurse C:\Users\<your user name>\.docker | |
Remove-Item -Recurse C:\Users\<your user name>\AppData\Local\Docker | |
Remove-Item -Recurse C:\Users\<your user name>\AppData\Roaming\Docker | |
Remove-Item -Recurse C:\Users\<your user name>\AppData\Roaming\Docker Desktop | |
Remove-Item C:\ProgramData\Docker | |
Remove-Item C:\ProgramData\DockerDesktop | |
Remove-Item C:\Program Files\Docker | |
Remove-Item C:\Users\azureuser.rctest\.docker | |
Remove-Item C:\Users\azureuser.rctest\AppData\Local\Docker | |
Remove-Item C:\Users\azureuser.rctest\AppData\Roaming\Docker | |
Remove-Item C:\Users\azureuser.rctest\AppData\Roaming\Docker Desktop | |
-- Reinstall Docker Desktop | |
https://docs.docker.com/desktop/release-notes/ | |
windows version doesnt support teh newer wsl backend: | |
windows build version 19041 is almost out of service, need to run Windows updates | |
https://learn.microsoft.com/en-us/windows/release-health/supported-versions-windows-client | |
after windows updates, run wsl --update | |
https://docs.docker.com/desktop/install/windows-install/#wsl-2-backend | |
requirements are not enabled, need to enable containers | |
Enable-WindowsOptionalFeature -online -FeatureName containers | |
docker run -it -v ${HOME}/.ssh:/root/.ssh mcr.microsoft.com/azure-cli | |
$ProgressPreference = 'SilentlyContinue' | |
# create temp working directory | |
New-Item -ItemType Directory -Force -Path C:\dockerconfig | |
Set-Location -Path c:\dockerconfig | |
Invoke-WebRequest -UseBasicParsing -Uri "https://desktop-stage.docker.com/win/main/amd64/148260/DockerDesktop.msi" -OutFile "DockerDesktop.msi" | |
https://desktop-stage.docker.com/win/main/amd64/148260/DockerDesktop.msi | |
Invoke-WebRequest -UseBasicParsing -Uri "https://desktop-stage.docker.com/win/main/amd64/148260/Docker%20Desktop%20Installer.exe" -OutFile "DockerDesktopInstaller.exe" | |
If the mayoclinicplatform Org is removed from the mayoclinicenterprise/mayoclinicorg structure, | |
and the mayoclinicenterprise SSO setup is set to Enforce SCIM, | |
how would this affect non-SSO @mayo.edu user sign-ins to that disconnected mayoclinicplatform Org? | |
https://desktop-stage.docker.com/win/main/amd64/appcast.xml | |
https://desktop-stage.docker.com/win/main/amd64/appcast.xml | |
https://desktop-stage.docker.com/mac/main/amd64/appcast.xml | |
https://desktop-stage.docker.com/mac/main/arm64/appcast.xml | |
https://desktop.com/mac/main/arm64/appcast.xml | |
https://desktop.docker.com/linux/main/amd64/appcast.xml | |
https://desktop.docker.com/linux/main/arm64/appcast.xml | |
https://download.docker.com/linux/rhel/9/ |
version: "3.7" | |
services: | |
lin01: | |
image: nginx | |
deploy: | |
endpoint_mode: vip | |
networks: | |
- net4 | |
networks: | |
net4: | |
healthcheck: | |
test: ["CMD", "curl", "-f", "http://localhost"] | |
interval: 1m30s | |
timeout: 10s | |
retries: 3 | |
start_period: 40s |
https://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos | |
## update server | |
sudo apt-get update && sudo apt-get dist-upgrade && sudo apt-get autoremove && sudo apt-get autoclean | |
## install msktutil | |
sudo apt-get install msktutil | |
## krb5.conf | |
sudo nano /etc/krb5.conf | |
[libdefaults] | |
default_realm = jbiv.local | |
dns_lookup_kdc = yes | |
dns_lookup_realm = no | |
default_keytab_name = /etc/krb5.keytab | |
; for Windows 2003 | |
default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 | |
default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 | |
permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 | |
; for Windows 2008 with AES | |
; default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 | |
; default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 | |
; permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 | |
; | |
; for MIT/Heimdal kdc no need to restrict encryption type | |
[realms] | |
jbiv.local = { | |
kdc = adcoreserv.jbiv.local | |
admin_server = adcoreserv.eastus2.cloudapp.azure.com | |
} | |
[domain_realm] | |
.linux.home = WIN2003R2.HOME | |
.win2003r2.home = WIN2003R2.HOME | |
win2003r2.home = WIN2003R2.HOME | |
[logging] | |
kdc = FILE:/var/log/kdc.log | |
admin_server = FILE:/var/log/kadmin.log | |
default = FILE:/var/log/krb5lib.log |
##Tickets that need attention
https://docker.lightning.force.com/lightning/r/Case/5005Y00002NzW0oQAF/view user had data on different drives, but docker aint happy. how to redirect docker to the correct folders?
https://docker.lightning.force.com/lightning/r/Case/5005Y00002O1LngQAF/view user says they used to be able to see kube PV and PVC in the docker GUI but cant now they can see them using kubectl I have not setup and repro'ed yet. but any tips, or is this expected ?
Empty File |
# make sure wsl is up to date | |
wsl --install -d ubuntu --no-launch | |
# install nice things to have like choco and sysinternals | |
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1')) | |
choco feature enable -n allowGlobalConfirmation | |
choco install psql | |
choco install rsat -params '"/AD /DNS"' | |
choco install firefox | |
choco install chromium | |
choco install vscode | |
choco install visualstudio2019professional | |
choco install git | |
choco install sysinternals | |
choco install wireshark | |
# scheduled task to config on reboot | |
$User= "NT AUTHORITY\SYSTEM" | |
# The name of your scheduled task. | |
$taskName = "vmconfig" | |
# Describe the scheduled task. | |
Stop-ScheduledTask -TaskName $TaskName | |
Unregister-ScheduledTask -Taskname $TaskName -Confirm:$false | |
#Restart-Computer -Force |
Empty File |
Here is the specific error message we get from Hyper-V and Docker Desktop when it fails to start. The gui app logs are also showing that the child processes ended unexpectedly.
The Hyper-V Virtual Machine Management service encountered an unexpected error: Logon failure: the user has not been granted the requested logon type at this computer
There are GPO policies that prevent the local system user from being able to access Hyper-V. This could be intentional, or unintentional.
Please see Microsoft's troubleshooting guide on the error for details on how to resolve it. https://docs.microsoft.com/en-us/troubleshoot/windows-server/virtualization/starting-or-live-migrating-hyper-v-vms-fails#symptoms
C:\ProgramData is a protected folder in Windows and has special permission sets. Docker in Hyper-V or WSL Linux mode writes and stores data in C:\ProgramData\DockerDesktop and we set special file permissions on this folder at install (will probably change soon) In Windows container mode it writes to C:\ProgramData\Docker and we don't set special permissions for this
If the user is blocked by security policy from editing files in C:\ProgramData\Docker - then Windows container mode will fail to start because it can't create or edit anything in the root directory.
Best practices say that the GPO will need to be adjusted. But you can also edit the specific user or the local docker-users group and grant read/write and more specifically edit access to the C:\ProgramData\Docker folder
[2022-05-04T05:22:26.937857400Z][WindowsContainersController][Warning] C:\ProgramData\Docker\image\windowsfilter\imagedb: Attempted to perform an unauthorized operation.
[2022-05-04T05:22:26.937857400Z][WindowsContainersController][Warning] C:\ProgramData\Docker\image\windowsfilter\imagedb: Access to the path 'C:\ProgramData\Docker\image\windowsfilter\imagedb' is denied.
[2022-05-04T05:22:26.937857400Z][WindowsContainersController][Warning] C:\ProgramData\Docker\image\windowsfilter\imagedb: Access to the path 'C:\ProgramData\Docker\image\windowsfilter\imagedb' is denied.
[2022-05-04T05:22:26.937857400Z][WindowsContainersController][Warning] C:\ProgramData\Docker\network: Attempted to perform an unauthorized operation.
[2022-05-04T05:22:26.937857400Z][WindowsContainersController][Warning] C:\ProgramData\Docker\network: Access to the path 'C:\ProgramData\Docker\network' is denied.
[2022-05-04T05:22:26.937857400Z][WindowsContainersController][Warning] C:\ProgramData\Docker\network: Access to the path 'C:\ProgramData\Docker\network' is denied.
[2022-05-04T05:22:26.937857400Z][WindowsContainersController][Warning] C:\ProgramData\Docker\tmp: Attempted to perform an unauthorized operation.
[2022-05-04T05:22:26.937857400Z][WindowsContainersController][Warning] C:\ProgramData\Docker\tmp: Access to the path 'C:\ProgramData\Docker\tmp' is denied.
[2022-05-04T05:22:26.937857400Z][WindowsContainersController][Warning] C:\ProgramData\Docker\tmp: Access to the path 'C:\ProgramData\Docker\tmp' is denied.
# create temp working directory | |
New-Item -ItemType Directory -Force -Path C:\dockerconfig | |
Set-Location -Path c:\dockerconfig | |
$ProgressPreference = 'SilentlyContinue' | |
Invoke-WebRequest -UseBasicParsing -Uri "https://desktop-stage.docker.com/win/main/amd64/156455/Docker%20Desktop%20Installer.exe" -OutFile "Docker Desktop Installer.exe" | |
Get-ItemProperty 'HKCU:\Control Panel\Mouse' | Select SwapMouseButtons | |
Set-ItemProperty 'HKCU:\Control Panel\Mouse' -Name SwapMouseButtons -Value 1 | |
# enable ssh | |
# enable system requirements | |
# hyper-v | |
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All -NoRestart | |
# containers: | |
Enable-WindowsOptionalFeature -online -FeatureName containers -NoRestart | |
#virtual machine platform | |
Enable-WindowsOptionalFeature -Online -FeatureName VirtualMachinePlatform -All -NoRestart | |
# reboot | |
Restart-Computer -Force |
Cant pull from private registry, daemon returns x509 error
Error response from daemon: Get "https://YOURREGISTRYURL/v2/": x509: certificate signed by unknown
cert is not recognized by windows, needs to be installed to trusted root
download the ca.crt file curl -k https://YOURREGISTRYURL/ca.crt invoke-webrequest -usebasicparsing -url blah -outfile ca.crt
install it to Windows Certificate Store run certmgr.msc and import the cert to trusted root or right click the ca.crt file and choose Install. I like to run it twice and add to the local machine and to the user
run docker logout command, then reboot