Windows Server Summit 2024
Mar 26 2024 08:00 AM - Mar 28 2024 04:30 PM (PDT)
Microsoft Tech Community
LIVE
SOLVED

[server 20303] Issues running containers

Brass Contributor

I have installed containers on my host ( a Hyper-V VM named CH1. After installation and installing PWSH and VS Code, I used this script to configure the server for docker: 

https://github.com/doctordns/PACKT-PS7/blob/master/scripts/Ch%2012%20-%20Containers/Recipe%2012.1%20...

 

After installation and reboot, all looks well - I can docker pull, docker search etc. However if I attempt to run the hello-world container, I see this:

 

 

PS C:\Foo> docker run hello-world
docker: Error response from daemon: hcsshim::CreateComputeSystem 90142433e8cebe0abaa7e2e99b026a835008d93f4c9dfd28d83b53184bd01431: The container operating system does not match the host operating system.
(extra info: {"SystemType":"Container","Name":"90142433e8cebe0abaa7e2e99b026a835008d93f4c9dfd28d83b53184bd01431","Owner":"docker","VolumePath":"\\\\?\\Volume{d7ea90db-8134-45c0-9ccf-15b742c39627}","IgnoreFlushesDuringBoot":true,"LayerFolderPath":"C:\\ProgramData\\docker\\windowsfilter\\90142433e8cebe0abaa7e2e99b026a835008d93f4c9dfd28d83b53184bd01431","Layers":[{"ID":"b4536180-60ed-5a6d-86d7-a37ed5ce5b11","Path":"C:\\ProgramData\\docker\\windowsfilter\\40283115b35607b66b4d8d7695efcb7458a8d257b436b3f7a390953f43c04fbe"},{"ID":"42828790-7ad8-5ecf-807f-b3e273827547","Path":"C:\\ProgramData\\docker\\windowsfilter\\902d2a8dccd4e30470ae472bdad3eb46ac6e086b06fc80192081fb940c0fbb0c"},{"ID":"a9a80d15-dd55-508d-852d-6cf117cf34a9","Path":"C:\\ProgramData\\docker\\windowsfilter\\811d69326ffcce5cace299f3e56e2fb721528576a1bcb07106dd942e7d19dcc6"}],"HostName":"90142433e8ce","HvPartition":false,"EndpointList":["fd49e246-152a-460c-85b5-95064b53aced"],"AllowUnqualifiedDNSQuery":true}).

 

 

i understand that this is because WIndows and docker have different versions. But if I attempt to run this with hyper-v, it fails too - like this:

 

 

S C:\Foo> docker run hello-world --isolation-hyperv

docker: Error response from daemon: hcsshim::CreateComputeSystem 112d3c21fa74f58019e3cea40302a17b4775c454515468e1531d05b14d61b86c: The container operating system does not match the host operating system.
(extra info: {"SystemType":"Container","Name":"112d3c21fa74f58019e3cea40302a17b4775c454515468e1531d05b14d61b86c","Owner":"docker","VolumePath":"\\\\?\\Volume{7005aac7-0fc8-4f1c-a498-7bd5a777ce70}","IgnoreFlushesDuringBoot":true,"LayerFolderPath":"C:\\ProgramData\\docker\\windowsfilter\\112d3c21fa74f58019e3cea40302a17b4775c454515468e1531d05b14d61b86c","Layers":[{"ID":"b4536180-60ed-5a6d-86d7-a37ed5ce5b11","Path":"C:\\ProgramData\\docker\\windowsfilter\\40283115b35607b66b4d8d7695efcb7458a8d257b436b3f7a390953f43c04fbe"},{"ID":"42828790-7ad8-5ecf-807f-b3e273827547","Path":"C:\\ProgramData\\docker\\windowsfilter\\902d2a8dccd4e30470ae472bdad3eb46ac6e086b06fc80192081fb940c0fbb0c"},{"ID":"a9a80d15-dd55-508d-852d-6cf117cf34a9","Path":"C:\\ProgramData\\docker\\windowsfilter\\811d69326ffcce5cace299f3e56e2fb721528576a1bcb07106dd942e7d19dcc6"}],"HostName":"112d3c21fa74","HvPartition":false,"EndpointList":["4fff9c4f-d11d-4307-acd2-6111c9ed7bef"],"AllowUnqualifiedDNSQuery":true}).

 

 

i know I am probably missing something trivial  - but would appreciate any clues!

 

4 Replies

So with the latest build of Server 2022, I simply can not run any container either natively or via isolation.
I have a set of scripts at: https://github.com/doctordns/PACKT-PS7/tree/master/scripts/Ch%2012%20-%20Containers

ALL of them fail to run the container.
Each of these scripts worked with Server 2019 - and am happy to retest that if needed.

The version issue is not related to docker and Windows, but to the container host version and the container image. First, see that Windows container hosts can only run Windows images. Also, the host and container image versions must match. See more details at: https://docs.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/version-compatib...

As for the hyper-v isolation, since you're using a VM, you'll need to enable nested virtualization on that VM so the container can run with hypervisor isolation.
Regards,
Vinicius
Twitter.com/vrapolinario

Thsanks for your reply

1. Regarding enabling virtualization - I have already set nested virtualization:

PS C:\Foo> Get-VM -VMName ch1
Name State CPUUsage(%) MemoryAssigned(M) Uptime   Status             Version
---- ----- ----------- ----------------- ------   ------             -------
CH1  Off   0           0                 00:00:00 Operating normally 10.0

PS C:\Foo> Get-VMProcessor -vmname  ch1 | fl *virt*
ExposeVirtualizationExtensions : True

So that is not a solution. :(

 

I do understand that the issue is between the container host version and the container image, but so far, I can find actually ZERO containers that can run with Windows Server 2022, with or without virtualization. 

 

If you look at the scripts I have tested, none of them works, whereas these all worked to a degree with 

Windows Server 2019. This feels like a regression in 2022.

 

Are containers actually tested prior to Insiders released? If so, can you share the tests so I can see how to get containers to run successfully??

 

best response confirmed by doctordns (Brass Contributor)
Solution

@doctordns 

 

docker run hello-world --isolation-hyperv

 

should be

 

 

docker run --isolation=hyperv hello-world

 

 

 

Things after the container name are taken as parameters to the container execution, and so docker isn't seeing the "--isolation-hyperv" parameter when you add it, or it would have told you that it was an unknown parameter, as it needs to be "--isolation=hyperv" or "--isolation hyperv".

 

The hello-world container will need to run with Hyper-V isolation for you, because it's based on nanoserver:1809, i.e. Windows Server LTSC 2019. If you're following a guide for Windows 10, note that on Windows 10, Hyper-V isolation is the default for Docker, so they won't use --isolation=hyperv in examples like this.

 

To use process isolation, you'll need to use an insider container image base matching the installed build, e.g. mcr.microsoft.com/windows/nanoserver/insider:10.0.20303.1 . Sadly, I don't think many (or any) image sources in the wild produce builds based on the insider versions, so if you're not building your own containers, you'll need to use Hyper-V isolation until this version of Windows Server is shipped, and container builders add it to their CI pipelines.

1 best response

Accepted Solutions
best response confirmed by doctordns (Brass Contributor)
Solution

@doctordns 

 

docker run hello-world --isolation-hyperv

 

should be

 

 

docker run --isolation=hyperv hello-world

 

 

 

Things after the container name are taken as parameters to the container execution, and so docker isn't seeing the "--isolation-hyperv" parameter when you add it, or it would have told you that it was an unknown parameter, as it needs to be "--isolation=hyperv" or "--isolation hyperv".

 

The hello-world container will need to run with Hyper-V isolation for you, because it's based on nanoserver:1809, i.e. Windows Server LTSC 2019. If you're following a guide for Windows 10, note that on Windows 10, Hyper-V isolation is the default for Docker, so they won't use --isolation=hyperv in examples like this.

 

To use process isolation, you'll need to use an insider container image base matching the installed build, e.g. mcr.microsoft.com/windows/nanoserver/insider:10.0.20303.1 . Sadly, I don't think many (or any) image sources in the wild produce builds based on the insider versions, so if you're not building your own containers, you'll need to use Hyper-V isolation until this version of Windows Server is shipped, and container builders add it to their CI pipelines.

View solution in original post