Windows Part 2 - run windows containers

[jsturtevant]

Continuation of #184 to enable running Windows containers in #28. This add ability to run Windows Containers:

run a container (with image that is not pulled):

PS C:\projects\nerdctl> .\_output\nerdctl.exe run -d mcr.microsoft.com/oss/kubernetes/pause:3.4.1
mcr.microsoft.com/oss/kubernetes/pause:3.4.1:                                     resolved       |++++++++++++++++++++++++++++++++++++++|
index-sha256:e3b8c20681593c21b344ad801fbb8abaf564427ee3a57a9fcfa3b455f917ce46:    done           |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:60b0987a9a89932a59a30f4d896ba061a612b23444cadb34827802298cb9db31: done           |++++++++++++++++++++++++++++++++++++++|
config-sha256:3914de10243c46fdec6e1f4583301185a0b1ead4d6c8964f46984b130674bf14:   done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:a17285143420aa470f0b8c1addb73751bd647cf21979c011bf668130c513c4d0:    done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:2021f649dd34b8a57b0ea5620d3d32b08fe9c96e7dd2e4d7c357e2e1a30f92d2:    done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:1a142ed7c6984745b2f5e82416e73231992fa374e43d3b546d93ff44499e156c:    done           |++++++++++++++++++++++++++++++++++++++|
elapsed: 3.1 s                                                                    total:  1.4 Mi (461.7 KiB/s)
6f38e163e20d83a5c2a7f704a78711ec0f33bc826c4ff7489c7353cf90eabf04

interact with it:

PS C:\projects\nerdctl> .\_output\nerdctl.exe ps
CONTAINER ID    IMAGE                                           COMMAND         CREATED           STATUS    PORTS    NAMES
6f38e163e20d    mcr.microsoft.com/oss/kubernetes/pause:3.4.1    "/pause.exe"    15 seconds ago    Up
PS C:\projects\nerdctl> .\_output\nerdctl.exe exec -it 6f3 cmd /c ver

Microsoft Windows [Version 10.0.19042.746]
              
PS C:\projects\nerdctl> .\_output\nerdctl.exe exec -it 6f3 cmd /c dir
 Volume in drive C has no label.
 Volume Serial Number is 26D1-7C1B

 Directory of C:\Windows\system32

04/28/2021  09:41 PM    <DIR>          .
04/28/2021  09:41 PM    <DIR>          ..
01/09/2021  06:15 AM            15,160 3c7d1890-aab1-46fe-bae1-905efdef4d5f_win3
2kfull.dll
12/06/2019  11:42 PM            12,088 69fe178f-26e7-43a9-aa7d-2b616b672dde_even              

[AkihiroSuda]

Could you also create docs/windows.md, and document what works and what does not?

[jsturtevant]

Been a bit busy but still working through the docker cli options.

Could you also create docs/windows.md, and document what works and what does not?

Was wondering if it should be on the docs at https://github.com/containerd/nerdctl#command-reference? Could add another emoji for windows and put it next to the items that work? Up to you.

[AkihiroSuda]

SGTM, but I can't find an emoji that resembles windows https://github.com/ikatyang/emoji-cheat-sheet/blob/master/README.md

[AkihiroSuda]

Needs rebase

[AkihiroSuda]

ping 🙏 @jsturtevant

[jsturtevant]

@AkihiroSuda sorry for the delay (life got in the way 😏)

With a better understand I took a different approach than what I had before. Now a lot more code is shared and I was able to run a container on my Windows 11 machine. Let me know if this makes sense or should do something different. I will add the few windows specific options that I have commented out tomorrow.

nerdctl.exe run mcr.microsoft.com/windows/nanoserver:ltsc2022 -- cmd /c echo hello
hello                       

[AkihiroSuda]

Thank you! 👍

nerdctl.exe run mcr.microsoft.com/windows/nanoserver:ltsc2022 -- cmd /c echo hello

Can we test this on GitHub Actions or on Cirrus CI?

[jsturtevant]

I don't think so due to the fact you can't do containers in containers with Windows . I'll take a look though.

Containerd does run some some periodic jobs on VMs in Azure that we might be able to use since permission are already there https://github.com/containerd/containerd/blob/main/.github/workflows/windows-periodic.yml

[jsturtevant]

I got familiar with the testing framework. Interesting stuff.

I was able to get several of the tests in https://github.com/containerd/nerdctl/blob/master/cmd/nerdctl/run_test.go to pass. There were a lot of Linux assumptions in the tests but using an image we use for testing in k8s that provides some of the linux functionality, I got some of them pass with out modification.

I am thinking of splitting some of these into different test files so ones that are obviously Linux only run in GOOS=linux and then ones that should and can be run across both can.

[jsturtevant]

also looked into possible ci solutions. It looks like

nerdctl/.github/workflows/test.yml

Lines 134 to 135 in 08792cc

	VAGRANT_VAGRANTFILE: hack/Vagrantfile.fedora
	steps:

uses vagrant on MacOs (😄) which could be an option or we might be able to use https://cirrus-ci.org/guide/docker-builder-vm/#windows-support

[AkihiroSuda]

Is this PR ready to merge as-is, or do you plan to add more changes (such as tests) to this PR before merging?

[jsturtevant]

after fighting with configuration on cirrus, I got it running Windows tests! I will enable the tests that pass now and update the docs and we should be ready

=== RUN   TestRunEnvFile
--- PASS: TestRunEnvFile (27.53s)
PASS
ok  	github.com/containerd/nerdctl/cmd/nerdctl	27.619s

[jsturtevant]

something changed when I did the rebase. Looking into it...

[jsturtevant]

when I rebased I brought in this change from containerd: containerd/containerd@791e175 which is failing when trying to do the symlink.

[jsturtevant]

Windows tests passed! The integration failure looks like it was a curl issue not related to changes. I guess the others cancelled due to this one failing?

#50 8.501 curl: (18) transfer closed with 28113012 bytes remaining to read
#50 8.510 
#50 8.510 gzip: stdin: unexpected end of file
#50 8.510 tar: Unexpected EOF in archive
#50 8.510 tar: Unexpected EOF in archive
#50 8.510 tar: Error is not recoverable: exiting now


executor failed running [/bin/sh -c curl -L https://golang.org/dl/$(cat /GOVERSION).linux-${TARGETARCH:-amd64}.tar.gz | tar xzvC /usr/local]: exit code: 2
Error: Process completed with exit code 1.

[AkihiroSuda]

Thanks, merging

[AkihiroSuda]

This emoji doesn't seem included in Windows 10 (21H1)... 😅

[AkihiroSuda]

Maybe we should just use 田 ?

[AkihiroSuda]

Maybe ⊞ (SQUARED PLUS) is better than 田 (CJK UNIFIED IDEOGRAPH-7530)

https://en.wiktionary.org/wiki/%E2%8A%9E

[TBBle]

You could invert it, and use 🧱 to mark commands that don't run on Windows.

[jsturtevant]

ah sorry about that!

[gbraad]

田

This means 'field' and is a very common in both Chinese and Japanese, such as 田鼠 (fieldmouse) or even in brand names 田宫. Best to avoid use of CJK characters.

[yauhen-vastraknutau-epam]

Not sure how this should work. Got a latest Rancher Desktop 1.0 for Windows, default setup, Win11 on my laptop, receiving this for windows containers:
nerdctl.exe run mcr.microsoft.com/windows/nanoserver:ltsc2022 -- cmd /c echo hello mcr.microsoft.com/windows/nanoserver:ltsc2022: resolving |--------------------------------------| elapsed: 0.2 s total: 0.0 B (0.0 B/s) FATA[0000] no match for platform in manifest: not found

[lippertmarkus]

@yauhen-vastraknutau-epam That's no issue in nerdctl but rather in containerd. It's happening with ctr/crictl as well. It worked on Windows Server 2019 with 1809 for me however

[yauhen-vastraknutau-epam]

I see. Thanks for this explanation! That's very helpful.

[jsturtevant]

@yauhen-vastraknutau-epam multi archi manifests have some issues running on windows 11/10. See microsoft/Windows-Containers#179. Please open a new issue instead of posting on closed PR's. Thanks!

[AkihiroSuda]

Rancher Desktop 1.0 for Windows

Rancher edition of nerdctl.exe only supports Linux containers.