This year I've been ramping up my work with containers via the Docker Desktop application. When Windows Server 2016 was in preview Microsoft tried out some PowerShell cmdlets for working with containers but they never went anywhere. Essentially, the docker command line has become the defacto management tool. There are some modules in the PowerShell Gallery that I've seen but I think many of them are wrappers for the docker commands. For now I'll stick with learning docker. Eventually, if I move to a PowerShell tool I'll have a solid understanding of the underlying technology. One of those challenges was figuring out PowerShell remoting with a Windows server container.
ManageEngine ADManager Plus - Download Free Trial
Exclusive offer on ADManager Plus for US and UK regions. Claim now!
Creating a Container
I've already pulled the official microsoft/windowserver image from docker on my Windows 10 desktop. I then created a new network so that I have more control over the container I intend to create.
docker network create --driver nat --internal --subnet 192.168.4.0/24 company
I then created a container assigning an IP address and host name.
docker container create --name srv4 --interactive --dns 1.1.1.1 --network company --memory (2gb) --ip 192.168.4.20 --hostname SRV4 microsoft/windowsservercore docker start srv4
At this point, the container is running. I can ping it just fine.
Configuring the Container
Next, I decided to update the image. I have no idea what the administrator is, but using docker I can run commands to add a new local administrator account.
docker exec srv4 net user localadmin P@ssw0rd /add docker exec srv4 net localgroup administrators localadmin /add
You might also need to adjust your trusted hosts setting to allow remoting access to the container name or IP address. You might also want to add an entry in an LMHOSTS file to facilitate name resolution. From all appearances, this looks promising.
Connecting to the Container
Because I have a local admin account it is simple to set up a CIMSession and use it to query the container.
$cs = new-cimsession -ComputerName 192.168.4.20 -Credential localadmin
Most cmdlets that have a Cimsession parameter should work just fine.
Excellent. So a PSSession should work as well.
This puzzled me. I used the same credential for the Cimsession with no error. This is where you need to remember that a container is not a virtual machine. It is not a complete server with a full operating system. In looking at the help I discovered there is a parameter for a container id. Those of you who have been to one of my conference sessions or classes know that I am always talking about the importance of reading and re-reading help. Here's a great example.
Connecting a Container PSSession
This seems pretty straightforward. I've seen the container id with the docker ps command.
For now, I'll just copy and paste and try the new syntax.
Again, I was puzzled and had to resort to reading a bit more about the docker commands. That's when I learned that the container ID is actually a much longer value. The docker ps command is giving me a truncated version. I needed to tell docker to give me the full value.
That's a lot of type and copying and pasting obviously won't scale. Fortunately, I found a docker command to display only the id.
$id = docker container ls -q --no-trunc
In my case, this works just fine because I only have 1 container running. Eventually, I'll need to find a better way that scales. But for now, let's try this out.
It isn't a speedy connection but it works. As you can see I am connected using the container administrator account. Once I have the container ID I can also use it with Invoke-Command.
I'm not sure there's much more value here over using the native docker exec command.
Using Invoke-Command took 14 seconds and the docker command took 11. Still, it's nice to know how to connect and use a PSSession to a docker container if I need it.
Have you been diving into containers? Trying to integrate your PowerShell work? What have you learned? What are the gotchas? I know I'd love to hear about them.
They used to have powershell module where all those things you run into was solved. Even though it was a wrapper it still did not kick you in a guts like moving from powershell to docker CLI does. Unfortunately they abandoned it (https://github.com/Microsoft/Docker-PowerShell)