Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

How to create container with runhcs #435

Closed
olljanat opened this issue Dec 20, 2018 · 3 comments
Closed

How to create container with runhcs #435

olljanat opened this issue Dec 20, 2018 · 3 comments

Comments

@olljanat
Copy link

olljanat commented Dec 20, 2018
edited
Loading

I have been tracking down moby/moby#30950 to hcsshim and I would like to be try if same issue happens with runhcs.

I have broken Windows Server 2016 where even just build version of moby gives this error when I'm trying to start new container (with command docker run -it --rm microsoft/nanoserver cmd):

C:\Program Files\Docker\docker.exe: Error response from daemon: hcsshim::CreateComputeSystem e1e6f65e0ca089489bccc62b8932bf7ff0a46d92b7213e89e6998cf5db00e209: Insufficient system resources exist to complete the requested service.
(extra info: 
{
	"SystemType": "Container",
	"Name": "e1e6f65e0ca089489bccc62b8932bf7ff0a46d92b7213e89e6998cf5db00e209",
	"Owner": "docker",
	"VolumePath": "\\\\?\\Volume{6b9a436d-0465-11e9-b3e9-005056946adc}",
	"IgnoreFlushesDuringBoot": true,
	"LayerFolderPath": "C:\\ProgramData\\docker\\windowsfilter\\e1e6f65e0ca089489bccc62b8932bf7ff0a46d92b7213e89e6998cf5db00e209",
	"Layers": [
		{
			"ID": "e498afab-37ca-5c38-b2d7-af8b6803358c",
			"Path": "C:\\ProgramData\\docker\\windowsfilter\\b96bc989586f7c91240c36156b2ba034816440727354534830516af3a26ce776"
		},
		{
			"ID": "15573d3c-2c12-5583-b6f0-9ee5e6587c64",
			"Path": "C:\\ProgramData\\docker\\windowsfilter\\84eda3c719e6ede7de73473d76a0271b0d9dad9a65b12fce59a63710cdf01a18"
		}
	],
	"HostName": "e1e6f65e0ca0",
	"HvPartition": false,
	"EndpointList": [
		"34aefc8c-88bc-427f-8f92-e0816595d01f"
	],
	"AllowUnqualifiedDNSQuery": true
}

But actually do that with runhcs.exe?
@jterry75
Copy link
Contributor

runhcs.exe isn't really meant to be run by an end user. It is a process with a cmdline but its hard to get all the inputs right by hand.

The basic gist is that you need to create a bundle with a config.json matching the container you want to run:

C:\> mkdir TestBundle
C:\> notepad TestBundle\config.json

Update the LayerFolders area of the json to point to the read-only base layers of (in your example) microsoft/nanoserver. You can find this by doing a docker inspect microsoft/nanoserver which will show the layer paths. Once you have this you can do:

C:\> runhcs.exe create -b TestBundle TestContainer
C:\> runhcs.exe start TestContainer
C:\> runhcs.exe kill TestConatiner
C:\> runhcs.exe delete TestContainer

Take a look at for a simple example of how our tests do it: https://github.com/Microsoft/hcsshim/blob/master/test/runhcs/e2e_matrix_test.go#L165

@olljanat
Copy link
Author

Thanks @jterry75 I got it working :)

As info for anyone who might read this. Template config can be found from: https://github.com/Microsoft/hcsshim/blob/d0b3bfc2ea9303a6a506da319f67fe827530b91e/test/functional/assets/defaultwindowsspec.json#L1-L11

It is easiest play with this is use machine where you have only one image. Then you can detect layers on C:\ProgramData\Docker\windowsfilter folder on way that (at least on case nanoserver):

  • Layer which does not have any .vhdx -files is base layer (and this one path you can also see with command docker inspect ...
  • Layer which have does is scratch layer.

Before you can create container you need create new layer which is based on scratch layer. You can do that with command:
wclayer.exe create --layer C:\ProgramData\Docker\windowsfilter\<scratch-id> TestBundle

After that you can use commands above.

Btw. I got same Insufficient system resources exist to complete the requested service. error out from this one so there is definitely something from very wrong on that server which I'm debugging but at least I know now for sure that issue is not caused by Docker.

@olljanat olljanat mentioned this issue Dec 21, 2018
Closed
@olljanat
Copy link
Author

Here is also fully working PowerShell script which does all needed steps.
It only uses Docker to parse image details but after that create containers using wclayer and runhcs:

# Settings
$ImageTag = "microsoft/nanoserver:latest"
$BundleName = "TestBundle"
$ContainerName = "TestContainer"

##########################################
$DockerImage = docker images -q $ImageTag
if (!($DockerImage)) { throw "Cannot find image: $ImageTag" }

$ImageInspect = docker image inspect $ImageTag | ConvertFrom-JSON
$BaseLayer = $ImageInspect.GraphDriver.Data.dir
$ScratchLayer = Get-Content "$BaseLayer\layerchain.json" | ConvertFrom-Json

cd $PSScriptRoot
$BundlePath = "$PSScriptRoot\$BundleName"
New-Item -ItemType Directory -Path $BundleName
.\wclayer.exe create --layer $ScratchLayer $BundleName

$Config = @"
{
    `"ociVersion`": `"1.0.1`",
    `"process`": {
        `"args`": null,
        `"env`": [],
        `"cwd`": `"c:\\`",u	
        `"args`": [
            `"cmd`"
        ]
    },
    `"windows`": {
        `"layerFolders`": [
               `"$($ScratchLayer -replace '\\','\\')`",
               `"$($BundlePath -replace '\\','\\')`"
       ]
    }
}
"@
$Config | Out-File -Encoding ASCII -FilePath "$BundlePath\config.json"

.\runhcs.exe create -b $BundleName $ContainerName
.\runhcs.exe list
.\runhcs.exe start $ContainerName
Start-Sleep -Seconds 5
.\runhcs.exe kill $ContainerName
.\runhcs.exe delete $ContainerName

@christian-korneck christian-korneck mentioned this issue Aug 14, 2020
Closed
@mtelvers mtelvers mentioned this issue Jun 6, 2024
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jterry75 @olljanat