Docker Community Forums

Share and learn in the Docker community.

Using Powershell on Host to Connect to Container


(Codefanatic) #1

Hey there. I’m new to Docker.

I’m running a Win2016 container on a Win2016 host, which I launched as follows:

docker run -d --name goober --hostname goober modified-iis

My question is: Is there a way to enter a remote powershell session to manage the container? I’ve tried:

Enter-PSSession -ComputerName “goober”

…but get ‘access denied’. I also tried:

Enter-PSSession -ComputerName “goober” -Credential Administrator

to no avail. I also ran:

Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value “goober”

on the client (the host os) to make sure ‘goober’ is a trusted host. I’m out of ideas. It doesn’t appear to be an authentication issue. But I always receive the same “access denied” error. Could someone give me a run-through on how to complete this simple task?


(Michael Friis) #2

docker exec -ti goober powershell


(Codefanatic) #3

Thanks. I ran across the ‘exec’ command too and it works. I’m wondering though why the Enter-PSSession command always results in failure. The reason I’m interested specifically in the Enter-PSSession approach is that at some point I’m going to want to initiate a Powershell session with a container from a remote host, that is, a host other than the one on which the container lives. In that scenario, the ‘exec’ command wouldn’t work since the originating host knows nothing of the ‘goober’ container and in fact might not even have Docker installed at all.


(Michael Friis) #4

I haven’t checked, but I don’t think all the WinRM stuff is running inside the container (and neither is RDP). Further, I don’t know that you’d be able to correctly authenticate with WinRM inside of a container if you got it going.

Remember that a container is not like a full operating system or virtual machine. It’s just a bunch of processes running in an isolated context, and all containers share the same operating system.

For remote access, I think you’d be much better off using docker exec -H <remote-host> . You’d set up your Windows Docker hosts with the Docker engine API securely exposed and then you can jump into containers with exec at will.


(Codefanatic) #5

Thanks. This is great info!

For what it’s worth, when I tried to enable remote management at the container level I was notified that WinRM is already running. So it’s on there but I’ll follow your advice of just RDP’ing to the host and running docker exec from there to access the container.

A bit of a tangent but in response to your other comments… I guess I’m struggling to wrap my head around exactly what a container is. So it’s not like a VM with a full OS? It’s therefore conceivable that by running Windows Update on the host, I could break the functionality of my container-based apps that live on that host? I was thinking, perhaps incorrectly, that the containers were totally isolated in so far as I could give a container image to someone else running Windows 2016 at a totally different patch level and have everything run just as thought it were built on my machine. Is this not the case?

On a related topic, and this is motivated out of sheer curiosity, I take it that it’s not possible to copy a docker image to a Linux or Mac Docker host and run it?

Thanks again for the help!

Best,


(Michael Friis) #6

The semantics are a little bit different between containers running in Windows Server and Hyper-V isolation mode: https://msdn.microsoft.com/en-us/virtualization/windowscontainers/deployment/system_requirements#windows-server-containers

Nope, you need a Windows kernel to run Docker Windows container images, and similar for Linux.


(Artisticcheese) #7

This is how to do it

Enter-PSSession -ContainerId (get-container -Name goober).ID -RunAsAdministrator


(Codefanatic) #8

Hi Artistic Cheese,

Running that command on my Docker host yields the following error message:

get-container : The term ‘get-container’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:31

  • Enter-PSSession -ContainerId (get-container -Name goober).ID -RunAsAd …
  •                           ~~~~~~~~~~~~~
    
    • CategoryInfo : ObjectNotFound: (get-container:String) [], CommandNotFoundException
    • FullyQualifiedErrorId : CommandNotFoundException

Is it possible that I don’t have the correct library installed? These are the commands that I used to install Docker as described in the tutorial:

Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
Install-Package -Name docker -ProviderName DockerMsftProvider

Did I miss a step?


(Artisticcheese) #9

Yes. You need to install “docker” module from Microsoft. It’s using Docker REST API for all those calls which you normally do via docker.exe command. (Hate going back to MSDOS essentially what Microsoft pushing currently with this obsession with all examples reling on rememebering this switches etc).


(Codefanatic) #10

Thanks, I’ll check that out.

You hit on something that’s really been bugging me – this new obsession with obtuse command line instructions. I know Linux users have always preferred this type of interface (never understood why) but I’m kind of surprised to see Microsoft become so enamored with it. It seems like a throw-back to 1980’s-era DOS.


(Artisticcheese) #11

yes. This love for Linux coming from Microsoft in last year really pissing me off. It’s ok if they love it but on the way of too much love they turn away Windows admins they relied on and cherished all this years. They gave us powershell 10 years ago with a lot of celebration and effort invested into making sure Windows admins will be very capable in automation tasks. And then 10 years later decided to throw all of the in a trash and ask to start relearning MSDOS command line executable and similar to batch file syntax (dockerfile).


(Artisticcheese) #12

Also please +1 this thread to invest more into powershell docker management


(Codefanatic) #14

This worked, thank you!


(Daniel Heater) #15

I think I’m so close.

I get Enter-PSSession : The input ContainerId 9f128d8d1f3c does not exist, or the corresponding container is not running. whether I am running the container in interactive mode -it or after I have exited the container.

Can someone please point out what I’m doing wrong?


(Artisticcheese) #16

Please read how to do it properly step by step.


(Mark Richman) #17

Keep in mind you lose any environment variables passed via docker run if you use Enter-PSSession. Use docker exec as mentioned above.


(Daniel Heater) #18

@artisticcheese, I still get the same error trying to use Enter-PSSession. I can get in using docker exec -it <container id> with the same container id so I know I’ve got the right container.

Maybe something to do with Docker 17.03.0-ce-win1 (10296) on Windows 10. Regardless. after I get in, I have a script I need to run as a “real” administrator. I’ve done net user administrator /active:yes and set a password on the admin account, but when I try to runas /user:administrator powershell and enter the password. I am still left as user user manager\containeradministrator according to whoami and my script still fails to run.


(Artisticcheese) #19

That container ID which you are using is truncated, it’s actually like 128 bits long. Use Container name to access it instead inside enter-pssession. Again, read my walkthrough with details how to do that.


(Ssonam09) #20

Hi I am facing the same problem . Did you get solution of this problem?


(Ssonam09) #21

Hi I am facing the same problem . I also want to change the password of containerAdministrator