Mirantis Container Runtime enables native Docker containers on Windows Server. Windows Server 2016 and later versions are supported. The Mirantis Container Runtime installation package includes everything you need to run Docker on Windows Server. This topic describes pre-install considerations, and how to download and install Mirantis Container Runtime.
Windows OS requirements around specific CPU and RAM requirements also need to be met as specified in the Windows Server Requirements. This provides information for specific CPU and memory specs and capabilities (instruction sets like CMPXCHG16b, LAHF/SAHF, and PrefetchW, security: DEP/NX, etc.).
To install the Mirantis Container Runtime on your hosts, Docker provides a OneGet PowerShell Module.
Open an elevated PowerShell command prompt, and type the following commands.
Install-Module DockerMsftProvider -Force
Install-Package Docker -ProviderName DockerMsftProvider -Force
Check if a reboot is required, and if yes, restart your instance.
(Install-WindowsFeature Containers).RestartNeeded
If the output of this command is Yes, then restart the server with:
Restart-Computer
Test your Mirantis Container Runtime installation by running the
hello-world
container.
Windows Server 2019
docker run hello-world:nanoserver
Windows Server 2016
docker run hello-world:nanoserver-sac2016
The container starts, prints the hello message, and then exits.
Unable to find image 'hello-world:nanoserver' locally
nanoserver: Pulling from library/hello-world
bce2fbc256ea: Pull complete
3ac17e2e6106: Pull complete
8cac44e17f16: Pull complete
5e160e4d8db3: Pull complete
Digest: sha256:25eac12ba40f7591969085ab3fb9772e8a4307553c14ea72d0e6f98b2c8ced9d
Status: Downloaded newer image for hello-world:nanoserver
Hello from Docker!
This message shows that your installation appears to be working correctly.
Some advanced Docker features, such as swarm mode, require the fixes included in KB4015217 (or a later cumulative patch).
sconfig
Select option 6) Download and Install Updates
.
Federal Information Processing Standards (FIPS) Publication 140-2 is a United States Federal security requirement for cryptographic modules.
With Mirantis Container Runtime Basic license for versions 18.09 and later, Docker provides FIPS 140-2 support in Windows Server. This includes a FIPS supported cryptographic module. If the Windows implementation already has FIPS support enabled, FIPS is automatically enabled in the Docker engine.
Note
FIPS 140-2 is only supported in the Mirantis Container Runtime engine. MKE and MSR currently do not have support for FIPS 140-2.
To enable FIPS 140-2 compliance on a system that is not in FIPS 140-2 mode, execute the following command in PowerShell:
[System.Environment]::SetEnvironmentVariable("DOCKER_FIPS", "1", "Machine")
FIPS 140-2 mode may also be enabled via the Windows Registry. To update the pertinent registry key, execute the following PowerShell command as an Administrator:
Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\" -Name "Enabled" -Value "1"
Restart the Docker service by running the following command.
net stop docker
net start docker
To confirm Docker is running with FIPS-140-2 enabled, run the
docker info
command:
Labels:
com.docker.security.fips=enabled
Note
If the system has the FIPS-140-2 cryptographic module
installed on the operating system, it is possible to disable
FIPS-140-2 compliance. To disable FIPS-140-2 in Docker but not the
operating system, set the value "DOCKER_FIPS","0"
in the
[System.Environment]
.``
Use the following guide if you wanted to install the Mirantis Container Runtime manually, via a script, or on air-gapped systems.
In a PowerShell command prompt, download the installer archive on a machine that has a connection.
# On an online machine, download the zip file.
Invoke-WebRequest -UseBasicParsing -OutFile {{ filename }} {{ download_url }}
If you need to download a specific Mirantis Container Runtime release, all URLs can be found on this JSON index.
Copy the zip file to the machine where you want to install Docker. In a PowerShell command prompt, use the following commands to extract the archive, register, and start the Docker service.
# Stop Docker service
Stop-Service docker
# Extract the archive.
Expand-Archive {{ filename }} -DestinationPath $Env:ProgramFiles -Force
# Clean up the zip file.
Remove-Item -Force {{ filename }}
# Install Docker. This requires rebooting.
$null = Install-WindowsFeature containers
# Add Docker to the path for the current session.
$env:path += ";$env:ProgramFiles\docker"
# Optionally, modify PATH to persist across sessions.
$newPath = "$env:ProgramFiles\docker;" +
[Environment]::GetEnvironmentVariable("PATH",
[EnvironmentVariableTarget]::Machine)
[Environment]::SetEnvironmentVariable("PATH", $newPath,
[EnvironmentVariableTarget]::Machine)
# Register the Docker daemon as a service.
dockerd --register-service
# Start the Docker service.
Start-Service docker
Test your Mirantis Container Runtime installation by running the
hello-world
container.
Windows Server 2019
docker container run hello-world:nanoserver
Windows Server 2016
docker container run hello-world:nanoserver-sac2016
To install a specific version, use the RequiredVersion
flag:
Install-Package -Name docker -ProviderName DockerMsftProvider -Force -RequiredVersion 19.03
...
Name Version Source Summary
---- ------- ------ -------
Docker 19.03 Docker Contains Docker Engine - Enterprise for use with Windows Server...
Installing specific Mirantis Container Runtime versions may require an update to previously installed DockerMsftProvider modules. To update:
Update-Module DockerMsftProvider
Then open a new PowerShell session for the update to take effect.
To update Mirantis Container Runtime to the most recent release, specify
the -RequiredVersion
and -Update
flags:
Install-Package -Name docker -ProviderName DockerMsftProvider -RequiredVersion 19.03 -Update -Force
The required version number must match a version available on the JSON index
Use the following commands to completely remove the Mirantis Container Runtime from a Windows Server:
Leave any active Docker Swarm.
docker swarm leave --force
Remove all running and stopped containers.
docker rm -f $(docker ps --all --quiet)
Prune container data.
docker system prune --all --volumes
Uninstall Docker PowerShell Package and Module.
Uninstall-Package -Name docker -ProviderName DockerMsftProvider
Uninstall-Module -Name DockerMsftProvider
Clean up Windows Networking and file system.
Get-HNSNetwork | Remove-HNSNetwork
Remove-Item -Path "C:\ProgramData\Docker" -Recurse -Force
To add a Windows Server host to an existing Mirantis Kubernetes Engine cluster please follow the list of prerequisites and joining instructions.
Looking for information on using Mirantis Container Runtime containers?