Назад | Перейти на главную страницу

Можно ли добавить Active Directory в контейнер Windows?

В моей компании мы в настоящее время разрабатываем продукт, который в конечном итоге будет поддерживать аутентификацию через OpenLDAP и Active Directory. Мы настроили Windows Server 2016 и хотим создать изолированную среду с помощью контейнеров Windows для тестирования нашего приложения.

К сожалению, я упираюсь в стену, когда дело доходит до установки / включения функции AD в контейнере. Я получаю следующую ошибку:

Add-WindowsFeature : The request to add or remove features on the specified server failed.
The operation cannot be completed, because the server that you specified requires a restart.
At line:1 char:1
+ Add-WindowsFeature AD-Domain-Services
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : DeviceError: (@{Vhd=; Credent...Name=localhost}:PSObject) [Install-WindowsFeature], Exception
+ FullyQualifiedErrorId : DISMAPI_Error__Failed_Reboot_Required,Microsoft.Windows.ServerManager.Commands.AddWindowsFeatureCommand

Я что-то упускаю или это просто не работает?

Это мой Dockerfile

FROM microsoft/windowsservercore

RUN powershell Get-WindowsFeature
RUN powershell -Command Add-WindowsFeature AD-Domain-Services 

Полный журнал сборки:

PS C:\windows-ad> docker build --no-cache -t win-test .
Sending build context to Docker daemon   2.56kB
Step 1/3 : FROM microsoft/windowsservercore
 ---> be84290c2315
Step 2/3 : RUN powershell Get-WindowsFeature
 ---> Running in 5e5f83bb2c86

Display Name                                            Name
------------                                            ----
[ ] Active Directory Certificate Services               AD-Certificate
    [ ] Certification Authority                         ADCS-Cert-Authority
    [ ] Certificate Enrollment Policy Web Service       ADCS-Enroll-Web-Pol
    [ ] Certificate Enrollment Web Service              ADCS-Enroll-Web-Svc
    [ ] Certification Authority Web Enrollment          ADCS-Web-Enrollment
    [ ] Network Device Enrollment Service               ADCS-Device-Enrollment
    [ ] Online Responder                                ADCS-Online-Cert
[ ] Active Directory Domain Services                    AD-Domain-Services
[ ] Active Directory Federation Services                ADFS-Federation
[ ] Active Directory Lightweight Directory Services     ADLDS
[ ] Active Directory Rights Management Services         ADRMS
    [ ] Active Directory Rights Management Server       ADRMS-Server
    [ ] Identity Federation Support                     ADRMS-Identity
[ ] Device Health Attestation                           DeviceHealthAttestat...
[ ] DHCP Server                                         DHCP
[ ] DNS Server                                          DNS
[X] File and Storage Services                           FileAndStorage-Services
    [ ] File and iSCSI Services                         File-Services
        [ ] File Server                                 FS-FileServer
        [ ] BranchCache for Network Files               FS-BranchCache
        [ ] Data Deduplication                          FS-Data-Deduplication
        [ ] DFS Namespaces                              FS-DFS-Namespace
        [ ] DFS Replication                             FS-DFS-Replication
        [ ] File Server Resource Manager                FS-Resource-Manager
        [ ] File Server VSS Agent Service               FS-VSS-Agent
        [ ] iSCSI Target Server                         FS-iSCSITarget-Server
        [ ] iSCSI Target Storage Provider (VDS and V... iSCSITarget-VSS-VDS
        [ ] Server for NFS                              FS-NFS-Service
        [ ] Work Folders                                FS-SyncShareService
    [X] Storage Services                                Storage-Services
[ ] Host Guardian Service                               HostGuardianServiceRole
[ ] Hyper-V                                             Hyper-V
[ ] Network Controller                                  NetworkController
[ ] Print and Document Services                         Print-Services
    [ ] Print Server                                    Print-Server
    [ ] LPD Service                                     Print-LPD-Service
[ ] Remote Access                                       RemoteAccess
    [ ] DirectAccess and VPN (RAS)                      DirectAccess-VPN
    [ ] Routing                                         Routing
    [ ] Web Application Proxy                           Web-Application-Proxy
[ ] Remote Desktop Services                             Remote-Desktop-Services
    [ ] Remote Desktop Connection Broker                RDS-Connection-Broker
    [ ] Remote Desktop Licensing                        RDS-Licensing
    [ ] Remote Desktop Virtualization Host              RDS-Virtualization
[ ] Volume Activation Services                          VolumeActivation
[ ] Web Server (IIS)                                    Web-Server
    [ ] Web Server                                      Web-WebServer
        [ ] Common HTTP Features                        Web-Common-Http
            [ ] Default Document                        Web-Default-Doc
            [ ] Directory Browsing                      Web-Dir-Browsing
            [ ] HTTP Errors                             Web-Http-Errors
            [ ] Static Content                          Web-Static-Content
            [ ] HTTP Redirection                        Web-Http-Redirect
            [ ] WebDAV Publishing                       Web-DAV-Publishing
        [ ] Health and Diagnostics                      Web-Health
            [ ] HTTP Logging                            Web-Http-Logging
            [ ] Custom Logging                          Web-Custom-Logging
            [ ] Logging Tools                           Web-Log-Libraries
            [ ] ODBC Logging                            Web-ODBC-Logging
            [ ] Request Monitor                         Web-Request-Monitor
            [ ] Tracing                                 Web-Http-Tracing
        [ ] Performance                                 Web-Performance
            [ ] Static Content Compression              Web-Stat-Compression
            [ ] Dynamic Content Compression             Web-Dyn-Compression
        [ ] Security                                    Web-Security
            [ ] Request Filtering                       Web-Filtering
            [ ] Basic Authentication                    Web-Basic-Auth
            [ ] Centralized SSL Certificate Support     Web-CertProvider
            [ ] Client Certificate Mapping Authentic... Web-Client-Auth
            [ ] Digest Authentication                   Web-Digest-Auth
            [ ] IIS Client Certificate Mapping Authe... Web-Cert-Auth
            [ ] IP and Domain Restrictions              Web-IP-Security
            [ ] URL Authorization                       Web-Url-Auth
            [ ] Windows Authentication                  Web-Windows-Auth
        [ ] Application Development                     Web-App-Dev
            [ ] .NET Extensibility 3.5                  Web-Net-Ext
            [ ] .NET Extensibility 4.6                  Web-Net-Ext45
            [ ] Application Initialization              Web-AppInit
            [ ] ASP                                     Web-ASP
            [ ] ASP.NET 3.5                             Web-Asp-Net
            [ ] ASP.NET 4.6                             Web-Asp-Net45
            [ ] CGI                                     Web-CGI
            [ ] ISAPI Extensions                        Web-ISAPI-Ext
            [ ] ISAPI Filters                           Web-ISAPI-Filter
            [ ] Server Side Includes                    Web-Includes
            [ ] WebSocket Protocol                      Web-WebSockets
    [ ] FTP Server                                      Web-Ftp-Server
        [ ] FTP Service                                 Web-Ftp-Service
        [ ] FTP Extensibility                           Web-Ftp-Ext
    [ ] Management Tools                                Web-Mgmt-Tools
        [ ] IIS 6 Management Compatibility              Web-Mgmt-Compat
            [ ] IIS 6 Metabase Compatibility            Web-Metabase
            [ ] IIS 6 Scripting Tools                   Web-Lgcy-Scripting
            [ ] IIS 6 WMI Compatibility                 Web-WMI
        [ ] IIS Management Scripts and Tools            Web-Scripting-Tools
        [ ] Management Service                          Web-Mgmt-Service
[ ] Windows Server Essentials Experience                ServerEssentialsRole
[ ] Windows Server Update Services                      UpdateServices
    [ ] WID Connectivity                                UpdateServices-WidDB
    [ ] WSUS Services                                   UpdateServices-Services
    [ ] SQL Server Connectivity                         UpdateServices-DB
[ ] .NET Framework 3.5 Features                         NET-Framework-Features
    [ ] .NET Framework 3.5 (includes .NET 2.0 and 3.0)  NET-Framework-Core
    [ ] HTTP Activation                                 NET-HTTP-Activation
    [ ] Non-HTTP Activation                             NET-Non-HTTP-Activ
[X] .NET Framework 4.6 Features                         NET-Framework-45-Fea...
    [X] .NET Framework 4.6                              NET-Framework-45-Core
    [ ] ASP.NET 4.6                                     NET-Framework-45-ASPNET
    [X] WCF Services                                    NET-WCF-Services45
        [ ] HTTP Activation                             NET-WCF-HTTP-Activat...
        [ ] Message Queuing (MSMQ) Activation           NET-WCF-MSMQ-Activat...
        [ ] Named Pipe Activation                       NET-WCF-Pipe-Activat...
        [ ] TCP Activation                              NET-WCF-TCP-Activati...
        [X] TCP Port Sharing                            NET-WCF-TCP-PortShar...
[ ] Background Intelligent Transfer Service (BITS)      BITS
    [ ] Compact Server                                  BITS-Compact-Server
[ ] BitLocker Drive Encryption                          BitLocker
[ ] BranchCache                                         BranchCache
[ ] Client for NFS                                      NFS-Client
[ ] Containers                                          Containers
[ ] Data Center Bridging                                Data-Center-Bridging
[ ] Enhanced Storage                                    EnhancedStorage
[ ] Failover Clustering                                 Failover-Clustering
[ ] Group Policy Management                             GPMC
[ ] Host Guardian Hyper-V Support                       HostGuardian
[ ] I/O Quality of Service                              DiskIo-QoS
[ ] IIS Hostable Web Core                               Web-WHC
[ ] IP Address Management (IPAM) Server                 IPAM
[ ] iSNS Server service                                 ISNS
[ ] Management OData IIS Extension                      ManagementOdata
[ ] Media Foundation                                    Server-Media-Foundation
[ ] Message Queuing                                     MSMQ
    [ ] Message Queuing Services                        MSMQ-Services
        [ ] Message Queuing Server                      MSMQ-Server
        [ ] Directory Service Integration               MSMQ-Directory
        [ ] HTTP Support                                MSMQ-HTTP-Support
        [ ] Message Queuing Triggers                    MSMQ-Triggers
        [ ] Routing Service                             MSMQ-Routing
    [ ] Message Queuing DCOM Proxy                      MSMQ-DCOM
[ ] Multipath I/O                                       Multipath-IO
[ ] MultiPoint Connector                                MultiPoint-Connector
    [ ] MultiPoint Connector Services                   MultiPoint-Connector...
    [ ] MultiPoint Manager and MultiPoint Dashboard     MultiPoint-Tools
[ ] Network Load Balancing                              NLB
[ ] Peer Name Resolution Protocol                       PNRP
[ ] Quality Windows Audio Video Experience              qWave
[ ] Remote Differential Compression                     RDC
[ ] Remote Server Administration Tools                  RSAT
    [ ] Feature Administration Tools                    RSAT-Feature-Tools
        [ ] BitLocker Drive Encryption Administratio... RSAT-Feature-Tools-B...
        [ ] DataCenterBridging LLDP Tools               RSAT-DataCenterBridg...
        [ ] Failover Clustering Tools                   RSAT-Clustering
            [ ] Failover Cluster Module for Windows ... RSAT-Clustering-Powe...
            [ ] Failover Cluster Automation Server      RSAT-Clustering-Auto...
            [ ] Failover Cluster Command Interface      RSAT-Clustering-CmdI...
        [ ] IP Address Management (IPAM) Client         IPAM-Client-Feature
        [ ] Shielded VM Tools                           RSAT-Shielded-VM-Tools
        [ ] Storage Replica Module for Windows Power... RSAT-Storage-Replica
    [ ] Role Administration Tools                       RSAT-Role-Tools
        [ ] AD DS and AD LDS Tools                      RSAT-AD-Tools
            [ ] Active Directory module for Windows ... RSAT-AD-PowerShell
            [ ] AD DS Tools                             RSAT-ADDS
                [ ] Active Directory Administrative ... RSAT-AD-AdminCenter
                [ ] AD DS Snap-Ins and Command-Line ... RSAT-ADDS-Tools
            [ ] AD LDS Snap-Ins and Command-Line Tools  RSAT-ADLDS
        [ ] Hyper-V Management Tools                    RSAT-Hyper-V-Tools
            [ ] Hyper-V Module for Windows PowerShell   Hyper-V-PowerShell
        [ ] Windows Server Update Services Tools        UpdateServices-RSAT
            [ ] API and PowerShell cmdlets              UpdateServices-API
        [ ] DHCP Server Tools                           RSAT-DHCP
        [ ] DNS Server Tools                            RSAT-DNS-Server
        [ ] Network Controller Management Tools         RSAT-NetworkController
        [ ] Remote Access Management Tools              RSAT-RemoteAccess
            [ ] Remote Access module for Windows Pow... RSAT-RemoteAccess-Po...
[ ] RPC over HTTP Proxy                                 RPC-over-HTTP-Proxy
[ ] Setup and Boot Event Collection                     Setup-and-Boot-Event...
[ ] Simple TCP/IP Services                              Simple-TCPIP
[X] SMB 1.0/CIFS File Sharing Support                   FS-SMB1
[ ] SMB Bandwidth Limit                                 FS-SMBBW
[ ] SNMP Service                                        SNMP-Service
    [ ] SNMP WMI Provider                               SNMP-WMI-Provider
[ ] Software Load Balancer                              SoftwareLoadBalancer
[ ] Storage Replica                                     Storage-Replica
[ ] Telnet Client                                       Telnet-Client
[ ] VM Shielding Tools for Fabric Management            FabricShieldedTools
[X] Windows Defender Features                           Windows-Defender-Fea...
    [X] Windows Defender                                Windows-Defender
[ ] Windows Internal Database                           Windows-Internal-Dat...
[X] Windows PowerShell                                  PowerShellRoot
    [X] Windows PowerShell 5.1                          PowerShell
    [ ] Windows PowerShell 2.0 Engine                   PowerShell-V2
    [ ] Windows PowerShell Desired State Configurati... DSC-Service
    [ ] Windows PowerShell Web Access                   WindowsPowerShellWeb...
[ ] Windows Process Activation Service                  WAS
    [ ] Process Model                                   WAS-Process-Model
    [ ] .NET Environment 3.5                            WAS-NET-Environment
    [ ] Configuration APIs                              WAS-Config-APIs
[ ] Windows Server Backup                               Windows-Server-Backup
[ ] Windows Server Migration Tools                      Migration
[ ] Windows Standards-Based Storage Management          WindowsStorageManage...
[ ] WinRM IIS Extension                                 WinRM-IIS-Ext
[ ] WINS Server                                         WINS
[X] WoW64 Support                                       WoW64-Support


 ---> b891a0f5b277
Removing intermediate container 5e5f83bb2c86
Step 3/3 : RUN powershell -Command Add-WindowsFeature AD-Domain-Services
 ---> Running in 22724bfb2ee4
Add-WindowsFeature : The request to add or remove features on the specified
server failed.
The operation cannot be completed, because the server that you specified
requires a restart.
At line:1 char:1
+ Add-WindowsFeature AD-Domain-Services
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : DeviceError: (@{Vhd=; Credent...Name=localhost}:
   PSObject) [Install-WindowsFeature], Exception
    + FullyQualifiedErrorId : DISMAPI_Error__Failed_Reboot_Required,Microsoft.
   Windows.ServerManager.Commands.AddWindowsFeatureCommand

Success Restart Needed Exit Code      Feature Result
------- -------------- ---------      --------------
False   No             Failed         {}


The command 'cmd /S /C powershell -Command Add-WindowsFeature AD-Domain-Services' returned a non-zero code: 1

Контейнеры Windows не поставляются с поддержкой Active Directory и из-за своей природы не могут (пока) действовать как полноценные объекты, присоединенные к домену, но определенный уровень функциональности Active Directory может поддерживаться с помощью использования групповых управляемых учетных записей служб. '(gMSA).

https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/manage-serviceaccounts