Implenenting Containers on Windows Server 2016 and running IIS

So since TP3 was released yesterday, I have been quite busy trying to implement Containers on top of a Hyper-V host. Now Microsoft has been kind as enough to give us a simple Contain Image which makes the first part pretty easy.

In order to deploy Container we need a container host. The easiest way to get startet is download a finished script from Microsoft, which we can run directly from a Hyper-V host to be able to get a container host VM

NOTE: That Containers do not require Hyper-V, but this

wget -uri http://aka.ms/newcontainerhost -OutFile New-ContainerHost.ps1

This will generate a PowerShell Script from the URL, when we run it we need to define a couple of things, first of is name of the VM and password for the built-in administrator account and doing so the script which in essence will do a couple of things.

1: Download a finished Sysprepped Container Host image from http://aka.ms/ContainerOsImage which is in essence
WindowsServer_en-us_TP3_Container_VHD

2: Enables the Container feature on the host-vm  (Part of the unattend process) is in the last part of the script contains a unattend section which is being process against the container host-vm

3: Boot the VM as a Contained-host and do PowerShell direct session after the VM is booted and finish the setup.

After that you have a running container host setup, and we can connect to the VM using Hyper-V manager

image

Not much to see yet. Important to remember that the image will create a built-in NAT switch on the Docker host, with a predefined subnet range

image

Where the docker host will take the first IP in the range. Now if we run Get-ContainerHost and Get-ContainerImage we should get that the VM is a Containerhost and that we have a WindowsServerCore Image available.

Now in order to create a Container we need to run the following command

$container = New-Container -Name «MyContainer» -ContainerImageName WindowsServerCore -SwitchName «Virtual Switch»

The name of the switch needs to be identical to the one added. Can be viewed using get-vmswitch

Reason why we store it in a variable is because we need to reference it later when using PowerShell direct.

I can use the command get-container to see that it has been created. Now I have to start the container using start-container –name “MyContainer”

I can now see that the container is running and is attached to the NAT vSwitch

image

Great! so what now ? Smilefjes

As I mentioned earlier we needed to store the container variable in order to use it later, well this is the time. Now we need to do a PowerShell direct session to the Container. If not we can always use the $container = get-container –name to store it against.

By using the command

Enter-PSSession -ContainerId $container.ContainerId –RunAsAdministrator

We can now enter a remote session against the Container. We can also see that the container ID is shown at the start of the prompt

image

Also verify that is has gotten an IP-address from the NAT Network

image

So now what ? Let’s start by installing IIS on the container, this can be done by using the command Install-windowsfeature –name Web-Server

After that is installed and that the W3 service is running

get-service –name W3SVC

image

Now that we have deployed an IIS service on the Container, we need to setup a Static NAT rule to open for port 80. In my case I have a lab which resides on 192.168.0.0/24 but the NAT switch is on 172.16.0.0.

NOTE: Another option we can do is to enable the builtin-administrator account so that way we can use RDP against the Container in the future (Make sure you add the proper NAT rules)

net user administrator /active:yes

So in order to add a static forwarding rule on the containerhost vm just use the command to specify ports and IP-addreses. Add-NetNatStaticMapping -NatName «ContainerNat» -Protocol TCP -ExternalIPAddress 0.0.0.0 -InternalIPAddress 172.16.0.3 -InternalPort 80 -ExternalPort 80

Next I just do a nasty firewall disable edit

set-netfirewallprofile domain,public,private –Enabled false

Then by running Get-NatStaticMapping on the ContainerHost I can see the rules I created. I also added som new rules for RDP purposes.

image

Now my Docker host, is setup with two IP addresses (One which is 172.16.0.1) and the other is 192.168.0.10 (Which when I connect to that IP the NAT rules will kick in and forward me to my IIS service running on the Container)

Now I can see that I have a NAT session active

image

And that IIS opens on the Container

image

Now that I have an IIS installed Container I can shutdown the VM and create a new containerimage of it.

stop-container –name “test2”

By using the command

$newimage = New-ContainerImage -ContainerName test2 -Publisher Demo -Name newimage -Version 1.0

So this has been a first introduction to Containers running on TP3. Note that many utilities do not work formally with Containers, such as sconfig which tries to list out network interfaces, but they are not presented within a Container so some settings are not available.

#containers, #tp3, #windows-server-2016