[Deployment] [Container] containerize
Make Honolulu available as a container image. This would be helpful for creation on semi-annual servers.
Ryen Tang commented
Seems like without getting pass the "Entrypoint: CreateFirewallRule", we would not be seeing WAC install on ServerCore container.
Ayan Mullick commented
One could also deploy a WAC container image on Azure WebApp
Kurt Roggen [BE] commented
We are considering running multiple WACs dedicated to different security/administration tiers (Tier 0 - ADDS, Tier 1 - Servers, Tier 2 - Workstations) to separate the mgmt of each tier. Containers would be a nice (resource) optimization here...
Dave Medvitz commented
Running into the same FW error trying to install in core:1709,
Would be better if this could run in a nano container.....
Phillip Hardy commented
Project Honolulu running as a windows container would be a great start to allow for better management and upgrade cycles for the management tool - ideally deployable and destroyable by PowerShell.
Andre van den Berg commented
Project Honolulu gateway running out of a docker of windows container
Andrew Beard commented
I've been playing around with installing Project Honolulu within a Windows docker container and it seems like the installer has a dependency on the Windows Firewall:
MSI (s) (5C:C0) [02:39:38:376]: Created Custom Action Server with PID 2304 (0x900).
MSI (s) (5C:A8) [02:39:38:407]: Running as a service.
MSI (s) (5C:A8) [02:39:38:423]: Hello, I'm your 32bit Elevated Non-remapped custom action server.
ExecFirewallExceptions: Installing firewall exception2 SmeInboundOpenException on port 443, protocol 6
ExecFirewallExceptions: Error 0x800706d9: failed trying to find existing port rule
ExecFirewallExceptions: Error 0x800706d9: failed to add/update port exception for name 'SmeInboundOpenException' on port 443, protocol 6
CustomAction WixExecFirewallExceptionsInstall returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
It looks like the installer insists on trying to open a hole in the firewall for port 443 (the port I specified to msiexec) and since the firewall isn't running on server core containers the install fails. It seems like Project Honolulu is a good fit for running in a container as opposed to a full VM, but this installer issue prevents it from working correctly.
Mike Nelson commented
Despite the fact that it's missing a few key tools, I believe it offers a standardized format to better manage core servers...at least until there's a higher comfort level using command line tools.