profile
viewpoint

Ask questionsNew-SmbGlobalMapping don't continued working in Container

<!-- If you are reporting a new issue, make sure that we do not have any duplicates already open. You can ensure this by searching the issue list for this repository. If there is a duplicate, please close your issue and add a comment to the existing issue instead.

If you suspect your issue is a bug, please edit your issue description to include the BUG REPORT INFORMATION shown below. If you fail to provide this information within 7 days, we cannot debug your issue and will close it. We will, however, reopen it if you later provide the information.

For more information about reporting issues, see https://github.com/moby/moby/blob/master/CONTRIBUTING.md#reporting-other-issues


GENERAL SUPPORT INFORMATION

The GitHub issue tracker is for bug reports and feature requests. General support for docker can be found at the following locations:

  • Docker Support Forums - https://forums.docker.com
  • Slack - community.docker.com #general channel
  • Post a question on StackOverflow, using the Docker tag

General support for moby can be found at the following locations:

  • Moby Project Forums - https://forums.mobyproject.org
  • Slack - community.docker.com #moby-project channel
  • Post a question on StackOverflow, using the Moby tag

BUG REPORT INFORMATION

Use the commands below to provide key information from your environment: You do NOT have to include this information if this is a FEATURE REQUEST -->

I have report same New-SmbGlobalMapping problem in here. Sorry, I don't know where is right area.

https://github.com/docker/for-win/issues/2606

<!-- Briefly describe the problem you are having in a few paragraphs. -->

Steps to reproduce the issue: Host 1: File Server

Server Core 1803

New-SmbShare -Name DocFiles -Path "D:\DocFiles\" -FullAccess  Everyone

Host 2: docker Host

$creds = Get-Credential
New-SmbGlobalMapping -RemotePath \\Host1\\DocFiles -Credential $creds -LocalPath Z:
  1. Run Swarm Service
docker service create `
--name docfiles `
--replicas=1 `
--constraint 'node.labels.osname == Host2' `
--mount "type=bind,source=Z:\images,destination=C:\inetpub\wwwroot\images" `
--publish published=8080,target=80,protocol=tcp `
microsoft/iis:windowsservercore-1803
  1. Run docker-compose
version: '3'
services:

  docfiles:
    container_name: docfiles
    image: microsoft/iis:windowsservercore-1803
    ports:
      - "7003:80"
    volumes:
      - Z:\images\:C:\inetpub\wwwroot\images\
  1. Run docker run
docker run -d -p 7003:80 -v Z:\images\:C:\inetpub\wwwroot\images\ microsoft/iis:windowsservercore-1803

Describe the results you received:

Now, I can access Host 2 images folder data from IIS service. but wait a minute, will get HTTP 500. ( swarm, compose, docker run same result)

Run docker exec into container, run dir C:\inetpub\wwwroot\ or dir C:\inetpub\wwwroot\images will get access deny message.

PS C:\inetpub\wwwroot> dir
dir : Access to the path 'C:\inetpub\wwwroot' is denied.
At line:1 char:1
+ dir
+ ~~~
    + CategoryInfo          : PermissionDenied: (C:\inetpub\wwwroot:String) [Get-ChildItem], UnauthorizedAccessException
    + FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Describe the results you expected:

Mount New-SmbGlobalMapping command disk (or folder) to container volume and continued working.

Additional information you deem important (e.g. issue happens only occasionally):

Output of docker version:

Client:
 Version:      18.03.1-ee-2
 API version:  1.37
 Go version:   go1.10.2
 Git commit:   ebbcd7e
 Built:        Tue Jul 10 21:32:32 2018
 OS/Arch:      windows/amd64
 Experimental: false

Server:
 Engine:
  Version:      18.03.1-ee-2
  API version:  1.37 (minimum version 1.24)
  Go version:   go1.10.2
  Git commit:   ebbcd7e
  Built:        Tue Jul 10 21:49:06 2018
  OS/Arch:      windows/amd64
  Experimental: true

Output of docker info:

Containers: 11
 Running: 9
 Paused: 0
 Stopped: 2
Images: 35
Server Version: 18.03.1-ee-2
Storage Driver: windowsfilter (windows) lcow (linux)
 Windows:
 LCOW:
Logging Driver: json-file
Plugins:
 Volume: local
 Network: ics l2bridge l2tunnel nat null overlay transparent
 Log: awslogs etwlogs fluentd gelf json-file local logentries splunk syslog
Swarm: active
 NodeID: katfcy8mm46drlotguaen45x3
 Is Manager: true
 ClusterID: mkzqq3nudssg6hlu9wkfc8bz8
 Managers: 3
 Nodes: 3
 Orchestration:
  Task History Retention Limit: 5
 Raft:
  Snapshot Interval: 10000
  Number of Old Snapshots to Retain: 0
  Heartbeat Tick: 1
  Election Tick: 10
 Dispatcher:
  Heartbeat Period: 5 seconds
 CA Configuration:
  Expiry Duration: 3 months
  Force Rotate: 0
 Autolock Managers: false
 Root Rotation In Progress: false
 Node Address: x.x.x.223
 Manager Addresses:
  x.x.x.223:2377
  x.x.x.224:2377
  x.x.x.225:2377
Default Isolation: process
Kernel Version: 10.0 17134 (17134.1.amd64fre.rs4_release.180410-1804)
Operating System: Windows Server Datacenter Version 1803 (OS Build 17134.112)
OSType: windows
Architecture: x86_64
CPUs: 8
Total Memory: 16GiB
Name: host2
ID: QBMU:FFGX:6VJK:XX4C:KLJX:A753:TRIS:THT3:OZAX:XAE2:HQ2Q:KF4M
Docker Root Dir: D:\docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: true
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

Additional environment details (AWS, VirtualBox, physical, etc.):

Docker Host is VM, Running Windows Server Core 1803

PS C:\WINDOWS\system32> systeminfo

Host Name:                 Host2
OS Name:                   Microsoft Windows Server Standard
OS Version:                10.0.17134 N/A Build 17134
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Member Server
OS Build Type:             Multiprocessor Free
moby/moby

Answer questions SheGe

I've experienced the same issue when I was testing IIS containers with application which requires access to the resources on SMB shares (Azure File Share). For now, the workaround could be running the containers with hyper-v isolation mode where the bind mount to the mapped drive seems to be working without any issues.

The process and hyperv isolation modes accessing a docker daemon host file system using different logic: read more what could suggest that on process mode something on docker host is recognizing the container process as not permitted for accessing the share drive and blocks this access. The Windows Defender is disabled and no other security tool is running on VM so this looks really strange.

Output of docker version:

Client: Docker Engine - Enterprise
 Version:           18.09.5
 API version:       1.39
 Go version:        go1.10.8
 Git commit:        be4553c277
 Built:             04/11/2019 06:44:52
 OS/Arch:           windows/amd64
 Experimental:      false

Server: Docker Engine - Enterprise
 Engine:
  Version:          18.09.5
  API version:      1.39 (minimum version 1.24)
  Go version:       go1.10.8
  Git commit:       be4553c277
  Built:            04/11/2019 06:43:04
  OS/Arch:          windows/amd64
  Experimental:     false

Output of docker info:

Containers: 10
 Running: 1
 Paused: 0
 Stopped: 9
Images: 389
Server Version: 18.09.5
Storage Driver: windowsfilter
 Windows:
Logging Driver: json-file
Plugins:
 Volume: local
 Network: ics l2bridge l2tunnel nat null overlay transparent
 Log: awslogs etwlogs fluentd gelf json-file local logentries splunk syslog
Swarm: inactive
Default Isolation: process
Kernel Version: 10.0 17763 (17763.1.amd64fre.rs5_release.180914-1434)
Operating System: Windows Server 2019 Datacenter Version 1809 (OS Build 17763.437)
OSType: windows
Architecture: x86_64
CPUs: 4
Total Memory: 16GiB
Name: xxxxxx
ID: WMGI:BKNH:5MRT:7ETP:DVRB:4M2M:VGYC:2VIW:YXLL:HBP6:YHQ7:GL3G
Docker Root Dir: C:\ProgramData\docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

Additional environment details (AWS, VirtualBox, physical, etc.):

Docker Host is Azure VM, Running Windows Server 2019 Datacenter Version 1809 (OS Build 17763.437)

PS C:\WINDOWS\system32> systeminfo

Host Name:                 xxxxxx
OS Name:                   Microsoft Windows Server 2019 Datacenter
OS Version:                10.0.17763 N/A Build 17763
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Member Server
OS Build Type:             Multiprocessor Free
Registered Owner:          N/A
Registered Organization:   N/A
Product ID:                00430-00000-00000-AA500
Original Install Date:     2/20/2019, 2:47:58 PM
System Boot Time:          4/25/2019, 2:24:02 PM
System Manufacturer:       Microsoft Corporation
System Model:              Virtual Machine
System Type:               x64-based PC
Processor(s):              1 Processor(s) Installed.
                           [01]: Intel64 Family 6 Model 79 Stepping 1 GenuineIntel ~2295 Mhz
BIOS Version:              American Megatrends Inc. 090007 , 6/2/2017
Windows Directory:         C:\windows
System Directory:          C:\windows\system32
Boot Device:               \Device\HarddiskVolume1
System Locale:             en-us;English (United States)
Input Locale:              en-us;English (United States)
Time Zone:                 (UTC) Coordinated Universal Time
Total Physical Memory:     16,384 MB
Available Physical Memory: 10,738 MB
Virtual Memory: Max Size:  18,816 MB
Virtual Memory: Available: 9,683 MB
Virtual Memory: In Use:    9,133 MB
Page File Location(s):     D:\pagefile.sys
Domain:                    xxxxx
Logon Server:              \\xxxxx
Hotfix(s):                 7 Hotfix(s) Installed.
                           [01]: KB4486553
                           [02]: KB4470788
                           [03]: KB4480056
                           [04]: KB4489907
                           [05]: KB4493478
                           [06]: KB4493510
                           [07]: KB4493509
Network Card(s):           3 NIC(s) Installed.
                           [01]: Microsoft Hyper-V Network Adapter
                                 Connection Name: Ethernet
                                 DHCP Enabled:    Yes
                                 DHCP Server:     xx.xx.xx.xx
                                 IP address(es)
                                 [01]: xx.xx.xx.xx
                                 [02]: xxxx::xxxx:xxxx:xxxx:xxxx
                           [02]: Mellanox ConnectX-3 Virtual Function Ethernet Adapter
                                 Connection Name: Ethernet 2
                                 DHCP Enabled:    No
                                 IP address(es)
                           [03]: Hyper-V Virtual Ethernet Adapter
                                 Connection Name: vEthernet (nat)
                                 DHCP Enabled:    No
                                 IP address(es)
                                 [01]: xx.xx.xx.xx
                                 [02]: xxxx::xxxx:xxxx:xxxx:xxxx
Hyper-V Requirements:      A hypervisor has been detected. Features required for Hyper-V will not be displayed.
useful!

Related questions

Swarm restarts all containers hot 2
integration: "error reading the kernel parameter" errors during CI hot 2
can not successfully install docker-ce on ubuntu 16.04 ? why ,Can you help me? hot 1
OCI runtime exec failed: exec failed: cannot exec a container that has stopped: unknown hot 1
Allow COPY command's --chown to be dynamically populated via ENV or ARG hot 1
windowsRS1 and windowsRS5-process are failing due to "Unable to delete '\gopath\src\github.com\docker\docker" hot 1
Panic: runtime error: invalid memory address or nil pointer dereference hot 1
Error response from daemon: rpc error: code = DeadlineExceeded desc = context deadline exceeded hot 1
one container in the overlay network not available hot 1
Containers on overlay network cannot reach other containers hot 1
&#34;initgroups, operation not permitted&#34; error in apache2-mpm-itk when inside Docker - moby hot 1
[Windows] windowsfilter folder impossible to delete hot 1
swarm node lost leader status hot 1
failed to export image: failed to create image: failed to get layer: layer does not exist hot 1
"docker stack deploy">"rpc error: code = 3 desc = name must be valid as a DNS name component" hot 1
Github User Rank List