Example: Cireson SCSM Portal on Docker Windows Containers
Seem all the cool peps are running Applications in containers these days, and considering I haven’t posted in a while - I thought I’d share a working example to quickly create instances of the Cireson Portal for your dev, test environments to help you be one of those cool peps .
Publish the different versions to your container repo to give you the ability to freely move the portal around your various environments to automate the deployment, recovery or scaling of the portal quickly.
- Creating the Docker Host
- Creating the GSMA Account, Credspec file and Permissions
- Building the Portal Docker Image
- Running the Image
On a Windows 2016 server, Start up a PowerShell command
window running as an administrator and run the following commands to download
and install the latest version of Docker:
Install-Module DockerMsftProvider -Force
Install-Package Docker -ProviderName DockerMsftProvider -Force
Step 2: Permissions
As docker does not yet have active directory support, we must configure a few things in AD and the docker host to have the portal permissions working happily as they would with a domain joined server. Using Group Managed Service Accounts on the host any service running on the nested container as LocalSystem can act as the the gMSA account as their domain indentity: (see https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/manage-serviceaccounts for more information)
- Create the gMSA account, in my example I created the account called GMSA_Docker (See https://blogs.technet.microsoft.com/askpfeplat/2012/12/16/windows-server-2012-group-managed-service-accounts/ for more information about creating gMSA Accounts)
New-ADServiceAccount -name GMSA_DOCKER -DNSHostName GMSA_DOCKER.EVALLAB.LOCAL -PrincipalsAllowedToRetrieveManagedPassword 'Domain Computers'
- Import AD Modules & Install the gMSA Account on the Docker Host
Add-WindowsFeature RSAT-AD-PowerShell Import-Module ActiveDirectory
- Create the CredentialSpec file using CredentialSpec.psm1
Import-Module ./CredentialSpec.psm1 New-CredentialSpec -Name GMSA_DOCKER -AccountName GMSA_DOCKER
- .Add GMSA_Docker to your SCSM Administrators group for SCSM, and grant GMSA_DOCKER$ permissions in SQL Server to ServiceManager & ServiceManagement (Or if creating a new portal database - grant sysadmin rights)