Comparative analysis of the Docker Engine on Windows Server and Linux platforms
The Ignite conference in Atlanta, which was held at the end of September this year, was an important event for Microsoft and Docker Inc. Namely, then the final public release of Windows Server 2016 was released, where you can find a lot of new features. Windows Server has become smarter, it has improved security and support for cloud solutions, improved performance, improved network tools. We should not forget about the improved support for clustering. A very interesting new lightweight version of the OS - Nano Server. This distribution is intended for use in cloud services. At the same time, Microsoft System Center 2016 was announced, something became known about the new Azure Stack cloud platform, the capabilities of which can be used next year. This platform will allow organizations to host basic Azure services in their own data centers.
There was a lot of news at the conference. But perhaps the hottest was the news about the partnership Docker Inc. and Microsoft in the Docker Engine support area on the Windows Server 2016 platform.
As part of this partnership, Microsoft will allow Windows Server 2016 users to work with the Docker Engine for free and provide basic technical support. Docker Inc. technical support will deal with difficult problems.
')
Windows Server 2016 now has built-in support for Docker containers and offers two ways to deploy containers: Windows Server Containers and Hyper-V Containers, which provides an additional level of isolation for multi-tenant environments. Docker support is integrated into Microsoft's wide range of development tools, operating systems and cloud infrastructure, including the following technologies:
If you are a Linux supporter like me, then you must be eager to find out how much the Docker Engine differs on Windows Server and Linux platforms. In this article I am going to talk about architectural differences, about the command line interface that works under both platforms, about building images with the help of Dockerfile, about some other features of working with Docker on the Windows platform.
Let's start with the architectural differences between Windows and Linux containers.
If you look at the Docker Engine on the Linux platform, you immediately notice the command line tools like Docker Compose, Docker Client, Docker Registry, and so on, which use the Docker REST API. Users interact with the Docker Engine, and in turn, the Docker Engine works with the containerd daemon. The daemon uses runC or another OCI-compatible runtime environment to launch containers.
At the core of this architecture are kernel functions, like namespaces, that insulate containers. There are also control groups and other low-level mechanisms. All this allows to realize isolation of containers, distribution and restriction of resources. As a result, each container can be allocated the necessary share of memory, processor time, and disk storage resources. At the same time, which is very important, a separate container cannot disrupt the operation of the system, individually capturing one of these resources.
Docker Engine on Linux
On Windows, things are a little different. The architecture of most high-level components looks exactly the same as on Linux. This and the same Remote API, the same working tools (Docker Compose, for example), but deeper, closer to the kernel, everything is not the same as in Linux. Here, for those who are not very well versed in matters related to the Windows kernel, I want to note that the Windows and Linux kernels are far from the same thing. The fact is that Microsoft uses a slightly different approach to kernel design than the one followed by the Linux community. Namely, the term “kernel mode” in the Microsoft language refers not only to the system core itself, but also to the level of hardware abstractions (hal.dll), and to various system services. There are modules designed to manage objects, processes, memory, security, cache, PnP technology, power supply, settings, I / O operations. All together this is called the Windows Executive (Windows Executive, ntoskrnl.exe).
There are no namespaces and control groups among the kernel features in Windows. Instead, the Microsoft team, working on a new version of Windows Server 2016, introduced the so-called “Compute Service Layer”, an additional layer of services at the operating system level, which provides namespace functions, resource management, and features similar to UFS. In addition, as you will see below, on the Windows platform there is nothing corresponding to the containerd daemon and the runC environment. The Compute Service Layer provides a public interface to the container and is responsible for managing the containers, for performing operations like starting and stopping them, but it does not control their state as such. In a nutshell, it replaces containerd with Windows and abstracts the low-level capabilities that the kernel provides.
Docker Engine on Windows
The figure below shows the Windows kernel mechanisms created to support containers. At the bottom is the shared kernel, the same thing we've already seen on Linux. The Host User Mode block is a Windows host system, mainly system processes. Much more important components are located on the right side of the figure - these are System Processes and Application Processes, system processes and application processes in Windows Server containers, which, compared to Linux, work differently. The usual Linux practice is good documentation of the system call mechanism, as well as a guarantee of its stability for different kernel versions. In Windows, the system call mechanism is not documented, nor are we talking about guarantees for its uniform behavior. The only way to make a system call in Windows is to access ntdll.dll. Windows containers include many interrelated processes that call each other, so they are quite large in size.
Containers in Windows Server (source: DockerCon 2016)
It is important to note that the “FROM scratch” command is not used in the Dockerfile files for Windows, that is, there is no such thing as an “empty image”. This is because of the large number of interconnected system processes necessary to provide basic functionality. Microsoft made its basic images in the following two versions:
In Windows, there is no concept of “namespaces” corresponding to namespaces in Linux. However, the Linux namespace is very similar to the concept of command receivers (silos) - an extension to the Windows Job Objects (Windows Job objects) - a set of processes whose resources can be managed. At the same time, there appears what is called the namespace of the process, user, object, network, and so on. The object namespace is a system-level namespace that is hidden from the user. Like Linux, Windows has a root folder (\) at the NT level for all devices. For example, "C \ Windows" is displayed on \ DosDevices \ C: \ Windows, or on \ Device \ Tcp, if we are talking about a network.
Please note that in order to test what I’ll tell you now, you will need Windows 2016 Server Evaluation build 14393. If you try to follow the standard Docker installation procedure on the old version of Windows 2016 TP5, you will receive an error message.
Error message
Do not forget that updating the TP5 system to the new version will not work. Therefore, in order to try the latest Docker 1.12.2, you will need to install Windows Server Evaluation, which can be downloaded from here .
When the correct version of Windows Server is installed, execute the commands below, following their sequence:
In most cases, these commands will be enough to install Docker and not encounter any problems.
By the way, on November 10, I learned that Windows 2016 Final Release and Nano Server are available on the Azure platform.
Getting started with containers in Windows Server 2016, in which the corresponding component is installed, check whether the Docker service is running:
If you encounter error messages like the ones shown below that I’ve seen, run the following command:
Error Messages and Docker Launch
Now you can find Windows applications prepared for Docker using the following command:
Here, for example, that managed to find me.
Application Search Results
You can also use this command:
In response, the system will display something like this:
Application Search Results
On the Windows Server platform, you can create containers using Dockerfile files. Take an example of such a file for MySQL and build a MySQL container based on it. I got the appropriate file somewhere on GitHub and I decided to take a look at how the image creation engine using Dockerfile works on Windows. This file looks like this:
Everything worked as expected, the MySQL image was assembled quickly and without problems. Here is my “docked” MySQL for Windows repository (though I still need to fill out its description).
MySQL for Windows
Docker for Windows is a very young technology, so it does not yet support all the features that the Linux version has. However, existing developments, the efforts of companies and independent developer communities, inspire hope that the full use of Docker on the Windows platform is a matter for the near future.
By the way, if you want to continue exploring Docker for Windows, take a look at this regularly updated and updated set of materials from Microsoft.
There was a lot of news at the conference. But perhaps the hottest was the news about the partnership Docker Inc. and Microsoft in the Docker Engine support area on the Windows Server 2016 platform.
As part of this partnership, Microsoft will allow Windows Server 2016 users to work with the Docker Engine for free and provide basic technical support. Docker Inc. technical support will deal with difficult problems.
')
Windows Server 2016 now has built-in support for Docker containers and offers two ways to deploy containers: Windows Server Containers and Hyper-V Containers, which provides an additional level of isolation for multi-tenant environments. Docker support is integrated into Microsoft's wide range of development tools, operating systems and cloud infrastructure, including the following technologies:
- Windows Server 2016
- Hyper-v
- Visual studio
- Microsoft Azure
If you are a Linux supporter like me, then you must be eager to find out how much the Docker Engine differs on Windows Server and Linux platforms. In this article I am going to talk about architectural differences, about the command line interface that works under both platforms, about building images with the help of Dockerfile, about some other features of working with Docker on the Windows platform.
Let's start with the architectural differences between Windows and Linux containers.
Docker Engine on Linux
If you look at the Docker Engine on the Linux platform, you immediately notice the command line tools like Docker Compose, Docker Client, Docker Registry, and so on, which use the Docker REST API. Users interact with the Docker Engine, and in turn, the Docker Engine works with the containerd daemon. The daemon uses runC or another OCI-compatible runtime environment to launch containers.
At the core of this architecture are kernel functions, like namespaces, that insulate containers. There are also control groups and other low-level mechanisms. All this allows to realize isolation of containers, distribution and restriction of resources. As a result, each container can be allocated the necessary share of memory, processor time, and disk storage resources. At the same time, which is very important, a separate container cannot disrupt the operation of the system, individually capturing one of these resources.
Docker Engine on Linux
Docker Engine on Windows
On Windows, things are a little different. The architecture of most high-level components looks exactly the same as on Linux. This and the same Remote API, the same working tools (Docker Compose, for example), but deeper, closer to the kernel, everything is not the same as in Linux. Here, for those who are not very well versed in matters related to the Windows kernel, I want to note that the Windows and Linux kernels are far from the same thing. The fact is that Microsoft uses a slightly different approach to kernel design than the one followed by the Linux community. Namely, the term “kernel mode” in the Microsoft language refers not only to the system core itself, but also to the level of hardware abstractions (hal.dll), and to various system services. There are modules designed to manage objects, processes, memory, security, cache, PnP technology, power supply, settings, I / O operations. All together this is called the Windows Executive (Windows Executive, ntoskrnl.exe).
There are no namespaces and control groups among the kernel features in Windows. Instead, the Microsoft team, working on a new version of Windows Server 2016, introduced the so-called “Compute Service Layer”, an additional layer of services at the operating system level, which provides namespace functions, resource management, and features similar to UFS. In addition, as you will see below, on the Windows platform there is nothing corresponding to the containerd daemon and the runC environment. The Compute Service Layer provides a public interface to the container and is responsible for managing the containers, for performing operations like starting and stopping them, but it does not control their state as such. In a nutshell, it replaces containerd with Windows and abstracts the low-level capabilities that the kernel provides.
Docker Engine on Windows
The figure below shows the Windows kernel mechanisms created to support containers. At the bottom is the shared kernel, the same thing we've already seen on Linux. The Host User Mode block is a Windows host system, mainly system processes. Much more important components are located on the right side of the figure - these are System Processes and Application Processes, system processes and application processes in Windows Server containers, which, compared to Linux, work differently. The usual Linux practice is good documentation of the system call mechanism, as well as a guarantee of its stability for different kernel versions. In Windows, the system call mechanism is not documented, nor are we talking about guarantees for its uniform behavior. The only way to make a system call in Windows is to access ntdll.dll. Windows containers include many interrelated processes that call each other, so they are quite large in size.
Containers in Windows Server (source: DockerCon 2016)
It is important to note that the “FROM scratch” command is not used in the Dockerfile files for Windows, that is, there is no such thing as an “empty image”. This is because of the large number of interconnected system processes necessary to provide basic functionality. Microsoft made its basic images in the following two versions:
- Microsoft / windowsservercore is a standard Windows Server with .NET 4.5, it occupies 9.3 GB, which is quite a lot, it supports existing Windows applications.
- Microsoft / nanoserver - the size of this image is much smaller, about 600 MB, it does not provide a graphical environment. This server is fast, requires less memory, but provides less API and may be incompatible with some existing applications.
A few words about namespaces in Windows
In Windows, there is no concept of “namespaces” corresponding to namespaces in Linux. However, the Linux namespace is very similar to the concept of command receivers (silos) - an extension to the Windows Job Objects (Windows Job objects) - a set of processes whose resources can be managed. At the same time, there appears what is called the namespace of the process, user, object, network, and so on. The object namespace is a system-level namespace that is hidden from the user. Like Linux, Windows has a root folder (\) at the NT level for all devices. For example, "C \ Windows" is displayed on \ DosDevices \ C: \ Windows, or on \ Device \ Tcp, if we are talking about a network.
Getting started with Docker on Windows 2016 Server
Please note that in order to test what I’ll tell you now, you will need Windows 2016 Server Evaluation build 14393. If you try to follow the standard Docker installation procedure on the old version of Windows 2016 TP5, you will receive an error message.
Error message
Do not forget that updating the TP5 system to the new version will not work. Therefore, in order to try the latest Docker 1.12.2, you will need to install Windows Server Evaluation, which can be downloaded from here .
When the correct version of Windows Server is installed, execute the commands below, following their sequence:
Invoke-WebRequest "https://download.docker.com/components/engine/windows-server/cs-1.12/docker.zip" -OutFile "$env:TEMP\docker.zip" -UseBasicParsing Expand-Archive -Path "$env:TEMP\docker.zip" -DestinationPath $env:ProgramFiles [Environment]::SetEnvironmentVariable("Path", $env:Path + ";C:\Program Files\Docker", [EnvironmentVariableTarget]::Machine) dockerd --register-service Start-Service Docker In most cases, these commands will be enough to install Docker and not encounter any problems.
By the way, on November 10, I learned that Windows 2016 Final Release and Nano Server are available on the Azure platform.
Getting started with containers in Windows Server 2016, in which the corresponding component is installed, check whether the Docker service is running:
docker version If you encounter error messages like the ones shown below that I’ve seen, run the following command:
Start-Service Docker Error Messages and Docker Launch
Now you can find Windows applications prepared for Docker using the following command:
docker search microsoft Here, for example, that managed to find me.
Application Search Results
You can also use this command:
docker search windows In response, the system will display something like this:
Application Search Results
About Docker restrictions on Windows
- Linux containers will not work on the Windows platform. Here is what the system reports about this:
Docker on Windows and Linux containers - On the Windows platform, DTR is still not supported.
- You cannot, with the help of the
docker commitchanges to the executing container and create a new image based on it (on Linux this is a common thing). - Docker for Windows does not yet support Swarm Mode.
Using Dockerfile on Windows and MySQL Image
On the Windows Server platform, you can create containers using Dockerfile files. Take an example of such a file for MySQL and build a MySQL container based on it. I got the appropriate file somewhere on GitHub and I decided to take a look at how the image creation engine using Dockerfile works on Windows. This file looks like this:
FROM microsoft/windowsservercore LABEL Description="MySql" Vendor="Oracle" Version="5.6.29″ RUN powershell -Command \ $ErrorActionPreference = 'Stop'; \ Invoke-WebRequest -Method Get -Uri https://dev.mysql.com/get/Downloads/MySQL-5.6/mysql-5.6.29-winx64.zip -OutFile c:\mysql.zip ; \ Expand-Archive -Path c:\mysql.zip -DestinationPath c:\ ; \ Remove-Item c:\mysql.zip -Force RUN SETX /M Path %path%;C:\mysql-5.6.29-winx64\bin RUN powershell -Command \ $ErrorActionPreference = 'Stop'; \ mysqld.exe –install ; \ Start-Service mysql ; \ Stop-Service mysql ; \ Start-Service mysql RUN type NUL > C:\mysql-5.6.29-winx64\bin\foo.mysql RUN echo UPDATE user SET Password=PASSWORD('mysql123′) WHERE User='root'; FLUSH PRIVILEGES; .> C:\mysql-5.6.29-winx64\bin\foo.mysql RUN mysql -u root mysql < C:\mysql-5.6.29-winx64\bin\foo.mysql Everything worked as expected, the MySQL image was assembled quickly and without problems. Here is my “docked” MySQL for Windows repository (though I still need to fill out its description).
MySQL for Windows
Results
Docker for Windows is a very young technology, so it does not yet support all the features that the Linux version has. However, existing developments, the efforts of companies and independent developer communities, inspire hope that the full use of Docker on the Windows platform is a matter for the near future.
By the way, if you want to continue exploring Docker for Windows, take a look at this regularly updated and updated set of materials from Microsoft.
Source: https://habr.com/ru/post/315220/
All Articles