Rootless Linux containers on Windows

WSL 2 setup

First steps first

WSL 2 needs a windows 10 version equal to 2004 or a more recent one:

(Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").ReleaseId

Also, for performance reasons, disable the progress overlay when downloading ressources:

$ProgressPreference = 'SilentlyContinue' # don't ask

Install WSL2 and needed packages/features

Spin up a terminal with admin rights (or use sudo) and:

  • Install the Virtual Machine Platform feature:
# Check if the feature is already installed
Get-WindowsOptionalFeature -Online -FeatureName 'VirtualMachinePlatform'
# install it otherwise
dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart
  • Install Microsoft's Windows subsystem for Linux (WSL‘s handier though):
Get-WindowsOptionalFeature -Online -FeatureName 'Microsoft-Windows-Subsystem-Linux'
dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart
  • Install WSL 2 kernel update:
Invoke-WebRequest -Uri https://wslstorestorage.blob.core.windows.net/wslblob/wsl_update_x64.msi -UseBasicParsing -OutFile wsl_update_x64.msi
  • Reboot, and configure WSL to default to the version 2:
wsl --set-default-version 2

Use a distribution

Windows is annoying and will force you to go through the windows store. Fortunatly it's possible to bypass that and install distribution oustide of it. Here's 2 ways to get where you want to (without the Windows store in sight)

Ubuntu 18.04 through appx package

Invoke-WebRequest -Uri https://aka.ms/wsl-ubuntu-1804 -OutFile Ubuntu.appx
Add-AppPackage .\Ubuntu.appx

Then, launch the ubuntu app, and configure your user.

Ubuntu 20.04 through rootfs tarball

mkdir '.wsl_ubuntu.2004' # wsl data will be stored there
Invoke-WebRequest -Uri 'https://cloud-images.ubuntu.com/releases/focal/release/ubuntu-20.04-server-cloudimg-amd64-wsl.rootfs.tar.gz' -OutFile Ubuntu-2004.tar.gz
wsl --import 'Ubuntu-20.04' '.wsl_ubuntu.2004' Ubuntu-2004.tar.gz
# arguments are: distrib name, directory for your distrib and the archive to import

Using this technique may help to get distribution that are not available either as an Appx package or in the windows store but won't come with all tools you may need later on when using your distrib.

Also notice that upacking an archive will leave you with a pretty bare version of a distrib. You'll land directly into your distrib as root

First hand on WSL

You should have one or more distrib available now. The first one will boot if you just type wsl.

  • To list available distrib for WSL:
wsl --list
wsl --list --all # also list unavailable ones, those currently installing, etc.
  • To specify a user to run your WSL distrib:
wsl -u <some_user>

Install and run a rootless Linux container with Podman

Installing podman will just be done the same way as for any normal Linux systems. If you choosed Ubuntu as your WSL distrib, You can follow the podman doc and install it:

# copy pasted here for convinience out of the podman doc, rely on it if this become outdated
. /etc/os-release
sudo sh -c "echo 'deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list"
curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/Release.key | sudo apt-key add -
sudo apt-get update -qq
sudo apt-get -qq -y install podman

Now you should be able to run a container as a regular user:

podman run -it -p '8080:80' nginx

Eventual issues running WSL or Podman

  • Server execution failed:

    • Behavior: your WSL doesn't want to be configured or your distrib won't launch
    • Fix: you may have forgot to reboot your system
  • gpg: can't connect to the agent: IPC connect call failed:

    • Behavior: when importing a gpg key (like the repo key for Podman), the system might fail to do so
    • Fix: remove gpg and rely on gnupg1 instead, seems like a known issue when using Ubuntu 2004:
sudo apt autoremove -y gpg
sudo apt update -y
sudo apt install -y gnupg1
  • could not get runtime: cannot re-exec process:
    • Behavior: You're trying to spin up a container and it fails
    • Root cause: Well I faced this issue when I forgot to install the kernel update which is required by WSL 2
    • Fix: Install the missing bit.

Notes

Ubuntu (and maybe other distribs) doesn't use systemd when spawned through WSL. You can run services if you use the old init services scripts. For the same resons you won't be able to use snaps properly as it rely a lot on systemd mechanics

If you want to learn more about WSL, you can rely on these links:

Avatar
Julien Pericat
Linux Sysadmin, SysOps & DevOps friendly

Happily automating and putting things in containers.

Related