The Quest For Process Isolation, Part 2

 Introduction

This continues from my previous post regarding the system requirements of Sitecore Container development, as well as Process Isolation.

We established that current constraints with Windows Containers means you need exactly the same version of Windows as the host OS to be able to make use of Process Isolation, as per the compatibility table from Microsoft.

In this post I will explain the workaround that can be used until:
  • Sitecore supports versions of Windows other than 'ltsc2019' and '1909' in the base images
  • If you use Azure Kubernetes Service, until it supports versions of Windows other than 'ltsc2019'. Currently, only Process Isolation with said version is supported.
To ensure consistency, you should build on only one version throughout all your environments, and stick to one isolation type if possible. It is unlikely that you will run into issues if don't, but it is good practice to rule out any possibility of compatibility issues.

As mentioned in my previous post, you can install a Windows Server 2019 virtual machine, run Process Isolation and your journey will end here.

If you meet any of the following criteria, read on.
  • You can't install any other version of Windows on your machine due to company IT policy
  • You do all your development in virtual machines and have a version of Windows mismatching the desired version for process isolation, e.g. Windows 10 2004
  • You have a Visual Studio subscription and have access to Windows Server 2019 or Windows Server Core installation images for development purposes.
  • You run macOS or Linux and are interested in minimising resource usage or avoid using nested virtualisation.
In the sections below I will include instructions on how to install Windows Server Core 1909 with the Docker Daemon from Docker Desktop in a Hyper-V virtual machine. Consult the relevant equivalent documentation if you aren't using exactly the same software e.g. Docker EE on Windows Server 2019.

Prerequisites

Before you start, you will need the following:
  • Virtualisation software. For Windows, Hyper-V works best and comes with Windows 10 Pro. For other operating systems, VirtualBox or VMware Workstation will work fine.
  • Windows Server 2019 or Windows Server Core 1909 installation image. You can download it from the Downloads section of the Visual Studio Subscriptions site.
  • Docker Daemon for Windows. You can get it from an existing installation of Docker Desktop on Windows and that is what I'll be using in this guide.
    • You can also download the Docker Desktop installer and extract it using 7-zip or a similar archiving application.
  • Sitecore Commerce Containers SDK and installation guide from https://dev.sitecore.net/Downloads/Sitecore_Commerce/100/Sitecore_Experience_Commerce_100.aspx

Why Windows Server Core?

Someone might ask why I am using Windows Server Core instead of a full blown installation of Windows Server 2019.

You should use the version that works best for you. As mentioned previously, Windows Server 2019 is currently the only supported version of Windows on Azure Kubernetes Service. 

I would like to use the later Windows Server Core 1909 as the sole purpose of the virtual machine is to run my Sitecore Docker containers. I have no need for any features other than the ability to run the Docker Daemon.

Windows Server Core is a minimalist version of Windows Server that has much lower system requirements than the full blown version. This will help us achieve our goal of maximum efficiency of resource utilisation on our system.

Phase I - Configure Windows Server VM

In this phase we will install and configure our Windows Server Virtual Machine. Starting off in Hyper-V Manager:
  1. Configure Hyper-V with bridged networking, instead of the default NAT networking. This is required so that you can make incoming connections to servers listening on your new virtual machine.
  2. Use the New Virtual Machine Wizard to create a virtual machine. It should have the following specifications:
    Generation 2
    100GB+ disk space
    16GB+ memory
    12+ virtual processors
    Network Adapter: <Bridged network switch you created earlier>
  3. Attach the installation media into the virtual DVD drive:
  4. Enable nested virtualisation for the new virtual machine. In other virtualisation products this is normally a checkbox or option, but Microsoft have gone to lengths to hide such powerful features from end users. Launch a Powershell with Administrator privileges and type the following:

    Set-VMProcessor <VMName> -ExposeVirtualizationExtensions $true

    You need to do this because not all containers can be run with Process Isolation mode.

  5. Start the VM and follow the standard installation process for installing Windows Server Core or Windows Server 2019. Not much to it but here is a step-by-step guide: https://c-nergy.be/blog/?p=13108
  6. Once the installation has been completed, you need to configure the networking. From the command prompt, type:

    Sconfig.cmd

    This will open a text-based configuration utility for Windows Server Core.



    Note down the Computer Name which is the hostname. You will need this to connect to the Docker daemon, remote desktop etc.

  7. Configure (disable) the firewall. You can also configure the specific ports for Docker, SQL, HTTP etc. but as this is only running on my local network I don't feel like this is a high value activity. Run the following command at the command prompt:

    netsh advfirewall set allprofiles state off

  8. Enable Hyper-V in the Windows Server virtual machine. Again, this is required so you can still use Hyper-V isolation for the containers that require it.

    Install-WindowsFeature -Name Hyper-V -Restart

    The machine will restart. After running Get-WindowsFeature you should see the following:



  9. Enable Containers in the Windows Server virtual machine. This is required to be able to run the Docker Daemon.

    Install-WindowsFeature Containers -Restart

  10. As you may have noticed Windows Server Core comes with little more than the Administrator Command prompt. It might be a good idea to install some Chocolatey and get some useful amenities installed:
  • A text editor such as Vim or Notepad++. VS Code won't work due to a dependency on DirectX.
  • A file manager such as Explorer++. CMD / Powershell are rather crude and provide too little in the way of functionality.

Phase II - Configure the Docker Daemon

You are now ready to "install" Docker Daemon on your Windows Server virtual machine. This will involve creating a Windows Service that executes the Docker daemon and tells it to listen on a TCP socket. A standard installation of Docker Desktop or EE will only listen on a named pipe.

  1. From an existing Docker installation, or from the Docker Desktop installation package, the copy Docker program directory. It should be located at C:\Program Files\Docker\Docker and looks like this:


  2. Copy the directory to the virtual machine, to C:\Program Files\Docker\Docker:


  3. Create a new group to allow the Docker Daemon to only allow users in that group to access it via the named pipe.

    net localgroup docker-users /add
    net localgroup docker-users "%username%" /add

  4. Create the Windows Service that will execute the Docker Daemon, listening on both a named pipe, and on a TCP socket on port 2375, with Process Isolation as the default isolation mode.

    sc create docker binPath= "C:\Program Files\Docker\Docker\resources\dockerd.exe -H tcp://0.0.0.0:2375 -H npipe:// -G docker-users --exec-opt isolation=process --run-service" start= auto

    After running that command, run sc.exe qc docker to verify that you have created the service correctly:



  5. Start the Docker Daemon service and check that it is running as expected: 

    sc start docker
    sc query docker



Summary

In this post we installed a Windows Server 2019 / Windows Server Core 1909 virtual machine and configured the Docker Daemon so it will accept connections from TCP. In the next post we will configure and install Sitecore Commerce using the Docker instance we created.

References

Comments