This post is a refresh of James Bulpin’s “Using Windows Server Containers in WS2016TP5 with XenServer 7.0” with the latest updates for the release version of Windows Server 2016.
For those of you who haven’t heard about containers, they are a technology that enables rapid development and deployment of web-scale applications. One of the companies at the center of the container movement is Docker, which has recently partnered up with Microsoft to integrate Docker containers into Windows.
As a new member of the XenServer engineering team, I jumped at the opportunity to test “the most exciting new Windows feature” (Docker’s words), but this excitement was short lived, as I discovered that recent changes in Windows Server 2016 meant that the documentation for the XenServer integration needed to be updated.
This is when my team informed me of the ‘finders, keepers’ policy when it comes to such required improvements (not an actual Citrix policy), which meant that I was responsible for fixing the problem. Fortunately, after a number of small tweaks, we have restored XenServer integration.
Since we first added support for Windows Server 2016 TP5, a number of improvements have been made that simplify the docker experience and further integrate it into the Windows UI. With XenServer support for Docker we continue the simplification theme by enabling you to manage and monitor containers as easily as you can a VM.
Before we look at how to set up Windows containers and use the XenServer Docker integration, let’s take a quick look at some of the benefits of the XenServer Container integration:
Monitoring and visibility – knowing which VMs are in use for Docker hosting and which containers on them are actually running. Today’s interface is more of a “pets” than “cattle” one but it is fine for small-to-medium scale deployments and evaluations.
Diagnostics – easy access to basic container information such as forwarded network ports and originating Docker image name. This can help accelerate investigations into problems where either or both of the infrastructure and application layers may be implicated.
Runtime management – using XenCenter you can start, stop and pause application containers. This feature has a number of use cases in both evaluation and deployment scenarios including rapidly terminating problematic applications.
Demo
The first step is to set-up a XenServer 7.0 environment, applying the latest hotfixes is not strictly required for this demo but is strongly recommended. Next you need to install the Container Management Supplemental Pack (customer login is required to download), otherwise known as XS Container. The supplemental pack is installed using XenCenter’s update wizard (“Tools” menu, “Install Update…”). Once you browse to find the supplemental pack ISO file all you have to do is follow the wizard through.
When the installation is complete, we will
If you haven’t already, you can now install a Windows Server 2016 VM (core and normal are both fine) in the same way you would normally. I opted for a VM with 2GB of memory and 4 vCPUs. Once this is setup we need to install XenServer Tools (agent and device drivers) in the normal manner.
Now that we have a running VM the next step is to install docker. To do this we use the process documented by Microsoft. Note that the commands used in this blog post are based on the Microsoft instructions as of 07/12/16, I strongly recommend referring to the Microsoft documentation to ensure that you are using the up-to-date process.
First we open Windows PowerShell and install the OneGet module:
Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
Next we install the latest version of docker:
Install-Package -Name docker -ProviderName DockerMsftProvider
Then restart the VM:
Restart-Computer –Force
The final step to set up docker is to ensure that you system is up to date. Although we have found that only ‘Cumulative Update for Windows Server 2016 for x64-based Systems’ (KB 3192366 or newer) is needed, Microsoft recommend installing all available updates so this is what we will do. The update can be done through the Windows GUI or by using the following commands:
sconfig 6 A A |
At this point docker should now be working on your VM. You can test it at this point by typing:
docker info
Or by creating your first container using:
docker run microsoft/dotnet-samples:dotnetapp-nanoserver
Next we need to enable the VM for XenServer’s container management. This is similar in concept to the mechanism used for Linux Docker VMs however for Windows we use TLS connections to connect to the Docker daemon instead of tunnelling over SSH as in the Linux case. To set this up, we can use the host’s console to query the VM’s UUID and run the prepare script. We have the option of providing our own TLS certificates however in this case we’ll have the script generate its own self-signed certificates.
The script will automatically create a CD image (ISO) containing the certificates to be added to the Windows Server 2016 VM and a script to install them; it will then prompt us to switch back to the VM to run this script.
We now go back to the VM and run the script:
Then create a file called ‘daemon.json’ in the folder ‘C:\ProgramData\docker\config’ with the following contents:
{
"hosts": ["tcp://0.0.0.0:2376", "npipe://"],
"tlsverify": true,
"tlscacert": "C:\\ProgramData\\docker\\certs.d\\ca.pem",
"tlscert": "C:\\ProgramData\\docker\\certs.d\\server-cert.pem",
"tlskey": "C:\\ProgramData\\docker\\certs.d\\server-key.pem"
}
At this stage, you should also check your firewall settings to ensure that there is an exception for port 2376 which is used for Docker TLS. Once this is done, you can return to the host console to complete the setup script. If the setup is successful, we can check the integration is working by looking for the “Docker Information” section of the VM’s “General” tab.
To get started with docker I used the Microsoft/nanoserver image as it is only 625 mb compared to the 7.58 gb required for micrsoft/iis.
docker run –i -t microsoft/nanoserver cmd
There are a number of more detailed tutorials available including this one from Microsoft which covers the basics of running webserver containers. It’s possible to run multiple webserver containers on the same host on different TCP ports. To do this, we use static port mapping between the TCP of the container host (81/82) and TCP of the container (80) as demonstrated below. Further information the topic is documented by Microsoft.
docker run --name iisdemo81 -i -t -p 81:80 windows/iis cmd
docker run --name iisdemo82 -i -t -p 82:80 windows/iis cmd
Once we have a few containers running we can see the effect of the XenServer Docker integration. The key items to notice are:
The containers showing in the infrastructure tree view showing the relationship between containers and VMs.
|
|
Lifecycle operations buttons allowing administrator control of each container.
|
|
Per-container detailed information including port mappings to help with diagnostics. |
This concludes the demo of Windows Server Containers on XenServer 7.0. All the downloads you need to get started have been provided throughout the blog so there is no excuse not to try it for yourself.