Getting Started with Mirantis Container Runtime on Windows Server

If you’re a Windows Server container developer who uses Docker Swarm, relies on security features like FIPS 140-2 support, or simply runs in production, you may find yourself needing to migrate to Mirantis Container Runtime.  Not to worry—we’ve got you covered. Mirantis provides support for enterprise users of Mirantis Container Runtime, and special offers are available through 12/31/2021 for Microsoft customers using Windows containers. In this walkthrough, we’ll show you how to get started with Mirantis Container Runtime (MCR) in a matter of minutes, so you can focus on development. We’ll also help you set up the FIPS 140-2 cryptographic module and update the runtime.

System Requirements

MCR runs on Windows Server 2019 or later. Refer to the most up-to-date system requirements for Windows Server.  For Windows Server 2022, your physical or virtual machine will need at least 512 RAM for the Server Core (or 2 GB for the Server with Desktop Experience)  and at least 32 GB of storage. Of course, your deployments may require resources over and above these minimum system requirements.

Installing Mirantis Container Runtime

From PowerShell, run the following installation helper script:
Invoke-WebRequest -Uri -o install.ps1
Run the install script:
screenshot of install script in Windows server terminal At this point, you’ll need to restart the machine:
In order to test your installation, you can run the hello-world container:
docker run hello-world:nanoserver
If everything is working properly, you should see the hello-world readout: screenshot of hello-world readout within a Windows server terminal Note: if you need to make an air-gapped installation, use the helper script as above and then run the installer with the -DownloadOnly flag:
.\install.ps1 -DownloadOnly
Then, simply copy the install.ps1 file to your air-gapped machine and run the installer in offline mode:
.\install.ps1 -Offline

Enabling FIPS 140-2 Support for Mirantis Container Runtime

The Federal Information Processing Standards (FIPS) Publication 140-2 specifies security requirements for cryptographic modules. To enable FIPS 140-2 support in MCR, simply run the following command once your MCR installation is up and running:
[System.Environment]::SetEnvironmentVariable("DOCKER_FIPS", "1", "Machine")
Restart the Docker service to apply the changes, then run docker info to ensure that FIPS 140-2 support is enabled.
Stop-Service docker

Start-Service docker

docker info
You should see the following in the docker info readout:
screenshot of docker info readout with arrow pointing to FIPS=enabled in the Windows server terminal

Enabling or Disabling Telemetry

By default, MCR monitors data in your installation in order to help us understand operational patterns and improve service for our users. If you would like to disable this data collection, it only takes a modification of the daemon.json file in your Docker config folder.  On Windows Server, the default root directory is C:\ProgramData\docker\config -- if you don’t already have a daemon.json file in this directory, you may need to create one. In this file, simply enter or change the following setting:
{"features":{"telemetry": false}}
If you wish to re-enable telemetry, you can change the setting back to true.

Updating Mirantis Container Runtime

Updates are made from the install.ps1 installer file. Just download and run the latest version of the installer as above to update your installation. 
Invoke-WebRequest -Uri -o install.ps1

For further information, including installer parameters for customizing your configuration, see the documentation for Mirantis Container Runtime on Windows Server. Now that you’re up and running, you’re ready to explore the full range of MCR’s features and capabilities.

Eric Gregory

Eric Gregory is a Senior Technical Writer at Mirantis, based out of North Carolina.