Forum Discussion

doctordns's avatar
doctordns
Brass Contributor
Mar 21, 2021

[server 20303] Issues running containers

I have installed containers on my host ( a Hyper-V VM named CH1. After installation and installing PWSH and VS Code, I used this script to configure the server for docker: 

https://github.com/doctordns/PACKT-PS7/blob/master/scripts/Ch%2012%20-%20Containers/Recipe%2012.1%20-%20Setting%20up%20a%20container%20host.ps1

 

After installation and reboot, all looks well - I can docker pull, docker search etc. However if I attempt to run the hello-world container, I see this:

 

 

PS C:\Foo> docker run hello-world
docker: Error response from daemon: hcsshim::CreateComputeSystem 90142433e8cebe0abaa7e2e99b026a835008d93f4c9dfd28d83b53184bd01431: The container operating system does not match the host operating system.
(extra info: {"SystemType":"Container","Name":"90142433e8cebe0abaa7e2e99b026a835008d93f4c9dfd28d83b53184bd01431","Owner":"docker","VolumePath":"\\\\?\\Volume{d7ea90db-8134-45c0-9ccf-15b742c39627}","IgnoreFlushesDuringBoot":true,"LayerFolderPath":"C:\\ProgramData\\docker\\windowsfilter\\90142433e8cebe0abaa7e2e99b026a835008d93f4c9dfd28d83b53184bd01431","Layers":[{"ID":"b4536180-60ed-5a6d-86d7-a37ed5ce5b11","Path":"C:\\ProgramData\\docker\\windowsfilter\\40283115b35607b66b4d8d7695efcb7458a8d257b436b3f7a390953f43c04fbe"},{"ID":"42828790-7ad8-5ecf-807f-b3e273827547","Path":"C:\\ProgramData\\docker\\windowsfilter\\902d2a8dccd4e30470ae472bdad3eb46ac6e086b06fc80192081fb940c0fbb0c"},{"ID":"a9a80d15-dd55-508d-852d-6cf117cf34a9","Path":"C:\\ProgramData\\docker\\windowsfilter\\811d69326ffcce5cace299f3e56e2fb721528576a1bcb07106dd942e7d19dcc6"}],"HostName":"90142433e8ce","HvPartition":false,"EndpointList":["fd49e246-152a-460c-85b5-95064b53aced"],"AllowUnqualifiedDNSQuery":true}).

 

 

i understand that this is because WIndows and docker have different versions. But if I attempt to run this with hyper-v, it fails too - like this:

 

 

S C:\Foo> docker run hello-world --isolation-hyperv

docker: Error response from daemon: hcsshim::CreateComputeSystem 112d3c21fa74f58019e3cea40302a17b4775c454515468e1531d05b14d61b86c: The container operating system does not match the host operating system.
(extra info: {"SystemType":"Container","Name":"112d3c21fa74f58019e3cea40302a17b4775c454515468e1531d05b14d61b86c","Owner":"docker","VolumePath":"\\\\?\\Volume{7005aac7-0fc8-4f1c-a498-7bd5a777ce70}","IgnoreFlushesDuringBoot":true,"LayerFolderPath":"C:\\ProgramData\\docker\\windowsfilter\\112d3c21fa74f58019e3cea40302a17b4775c454515468e1531d05b14d61b86c","Layers":[{"ID":"b4536180-60ed-5a6d-86d7-a37ed5ce5b11","Path":"C:\\ProgramData\\docker\\windowsfilter\\40283115b35607b66b4d8d7695efcb7458a8d257b436b3f7a390953f43c04fbe"},{"ID":"42828790-7ad8-5ecf-807f-b3e273827547","Path":"C:\\ProgramData\\docker\\windowsfilter\\902d2a8dccd4e30470ae472bdad3eb46ac6e086b06fc80192081fb940c0fbb0c"},{"ID":"a9a80d15-dd55-508d-852d-6cf117cf34a9","Path":"C:\\ProgramData\\docker\\windowsfilter\\811d69326ffcce5cace299f3e56e2fb721528576a1bcb07106dd942e7d19dcc6"}],"HostName":"112d3c21fa74","HvPartition":false,"EndpointList":["4fff9c4f-d11d-4307-acd2-6111c9ed7bef"],"AllowUnqualifiedDNSQuery":true}).

 

 

i know I am probably missing something trivial  - but would appreciate any clues!

 

  • doctordns 

     

    docker run hello-world --isolation-hyperv

     

    should be

     

     

    docker run --isolation=hyperv hello-world

     

     

     

    Things after the container name are taken as parameters to the container execution, and so docker isn't seeing the "--isolation-hyperv" parameter when you add it, or it would have told you that it was an unknown parameter, as it needs to be "--isolation=hyperv" or "--isolation hyperv".

     

    The hello-world container will need to run with Hyper-V isolation for you, because it's based on nanoserver:1809, i.e. Windows Server LTSC 2019. If you're following a guide for Windows 10, note that on Windows 10, Hyper-V isolation is the default for Docker, so they won't use --isolation=hyperv in examples like this.

     

    To use process isolation, you'll need to use an insider container image base matching the installed build, e.g. mcr.microsoft.com/windows/nanoserver/insider:10.0.20303.1 . Sadly, I don't think many (or any) image sources in the wild produce builds based on the insider versions, so if you're not building your own containers, you'll need to use Hyper-V isolation until this version of Windows Server is shipped, and container builders add it to their CI pipelines.

  • TBBle's avatar
    TBBle
    Copper Contributor

    doctordns 

     

    docker run hello-world --isolation-hyperv

     

    should be

     

     

    docker run --isolation=hyperv hello-world

     

     

     

    Things after the container name are taken as parameters to the container execution, and so docker isn't seeing the "--isolation-hyperv" parameter when you add it, or it would have told you that it was an unknown parameter, as it needs to be "--isolation=hyperv" or "--isolation hyperv".

     

    The hello-world container will need to run with Hyper-V isolation for you, because it's based on nanoserver:1809, i.e. Windows Server LTSC 2019. If you're following a guide for Windows 10, note that on Windows 10, Hyper-V isolation is the default for Docker, so they won't use --isolation=hyperv in examples like this.

     

    To use process isolation, you'll need to use an insider container image base matching the installed build, e.g. mcr.microsoft.com/windows/nanoserver/insider:10.0.20303.1 . Sadly, I don't think many (or any) image sources in the wild produce builds based on the insider versions, so if you're not building your own containers, you'll need to use Hyper-V isolation until this version of Windows Server is shipped, and container builders add it to their CI pipelines.

  • The version issue is not related to docker and Windows, but to the container host version and the container image. First, see that Windows container hosts can only run Windows images. Also, the host and container image versions must match. See more details at: https://docs.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/version-compatibility?tabs=windows-server-20H2%2Cwindows-10-20H2

    As for the hyper-v isolation, since you're using a VM, you'll need to enable nested virtualization on that VM so the container can run with hypervisor isolation.
    Regards,
    Vinicius
    Twitter.com/vrapolinario
    • doctordns's avatar
      doctordns
      Brass Contributor

      Thsanks for your reply

      1. Regarding enabling virtualization - I have already set nested virtualization:

      PS C:\Foo> Get-VM -VMName ch1
      Name State CPUUsage(%) MemoryAssigned(M) Uptime   Status             Version
      ---- ----- ----------- ----------------- ------   ------             -------
      CH1  Off   0           0                 00:00:00 Operating normally 10.0
      
      PS C:\Foo> Get-VMProcessor -vmname  ch1 | fl *virt*
      ExposeVirtualizationExtensions : True

      So that is not a solution. 😞

       

      I do understand that the issue is between the container host version and the container image, but so far, I can find actually ZERO containers that can run with Windows Server 2022, with or without virtualization. 

       

      If you look at the scripts I have tested, none of them works, whereas these all worked to a degree with 

      Windows Server 2019. This feels like a regression in 2022.

       

      Are containers actually tested prior to Insiders released? If so, can you share the tests so I can see how to get containers to run successfully??

       

Resources