CentOS 8 comes with its own tools, buildah and podman, which are compatible with existing docker images and work without relying on a daemon, allowing the creation of containers as normal users, without the need of special permissions.
These tools still have some limitations, so in this tutorial, we will see how to install and run the original Docker CE on Centos 8 by using the official Docker repository.
What is Docker ?
Docker is an open-source project which allows the creation and distribution of applications inside containers, which are standardized environments that can be easily replicated, independently from the host system.
Adding the Docker repository
First, we must add an external repository to obtain the Docker CE. We will use the official Docker CE CentOS repository.
The DNF config-manager utility let us, among the other things, to easily enable or disable a repository in our CentOS. By default, only the appstream and baseos repositories are enabled on CentOS 8. The next step is to add and enable the docker-ce repo too. All we need to do to accomplish this task is to run the following:
$ sudo dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo Adding repo from: https://download.docker.com/linux/centos/docker-ce.repo
We can verify that the repository has been enabled by typing the following dnf command:
$ sudo dnf repolist -v .... Repo-id : docker-ce-stable Repo-name : Docker CE Stable - x86_64 Repo-revision: 1567619328 Repo-updated : Wed 04 Sep 2019 05:48:48 PM UTC Repo-pkgs : 51 Repo-size : 1.1 G Repo-baseurl : https://download.docker.com/linux/centos/7/x86_64/stable Repo-expire : 172,800 second(s) (last: Mon 30 Sep 2019 09:28:09 PM UTC) Repo-filename: /etc/yum.repos.d/docker-ce.repo
Installing docker-ce package
The repository contains several versions of the docker-ce package, to display all of them, we can run:
$ dnf list docker-ce --showduplicates | sort -r Extra Packages for Enterprise Linux 8 - x86_64 501 kB/s | 2.3 MB 00:04 docker-ce.x86_64 3:19.03.4-3.el7 docker-ce-stable docker-ce.x86_64 3:19.03.3-3.el7 docker-ce-stable docker-ce.x86_64 3:19.03.2-3.el7 docker-ce-stable docker-ce.x86_64 3:19.03.1-3.el7 docker-ce-stable docker-ce.x86_64 3:19.03.0-3.el7 docker-ce-stable docker-ce.x86_64 3:18.09.9-3.el7 docker-ce-stable docker-ce.x86_64 3:18.09.8-3.el7 docker-ce-stable docker-ce.x86_64 3:18.09.7-3.el7 docker-ce-stable docker-ce.x86_64 3:18.09.6-3.el7 docker-ce-stable docker-ce.x86_64 3:18.09.5-3.el7 docker-ce-stable docker-ce.x86_64 3:18.09.4-3.el7 docker-ce-stable docker-ce.x86_64 3:18.09.3-3.el7 docker-ce-stable docker-ce.x86_64 3:18.09.2-3.el7 docker-ce-stable docker-ce.x86_64 3:18.09.1-3.el7 docker-ce-stable docker-ce.x86_64 3:18.09.0-3.el7 docker-ce-stable docker-ce.x86_64 18.06.3.ce-3.el7 docker-ce-stable docker-ce.x86_64 18.06.2.ce-3.el7 docker-ce-stable docker-ce.x86_64 18.06.1.ce-3.el7 docker-ce-stable docker-ce.x86_64 18.06.0.ce-3.el7 docker-ce-stable docker-ce.x86_64 18.03.1.ce-1.el7.centos docker-ce-stable docker-ce.x86_64 18.03.0.ce-1.el7.centos docker-ce-stable docker-ce.x86_64 17.12.1.ce-1.el7.centos docker-ce-stable docker-ce.x86_64 17.12.0.ce-1.el7.centos docker-ce-stable docker-ce.x86_64 17.09.1.ce-1.el7.centos docker-ce-stable docker-ce.x86_64 17.09.0.ce-1.el7.centos docker-ce-stable docker-ce.x86_64 17.06.2.ce-1.el7.centos docker-ce-stable docker-ce.x86_64 17.06.1.ce-1.el7.centos docker-ce-stable docker-ce.x86_64 17.06.0.ce-1.el7.centos docker-ce-stable docker-ce.x86_64 17.03.3.ce-1.el7 docker-ce-stable docker-ce.x86_64 17.03.2.ce-1.el7.centos docker-ce-stable docker-ce.x86_64 17.03.1.ce-1.el7.centos docker-ce-stable docker-ce.x86_64 17.03.0.ce-1.el7.centos docker-ce-stable
At the time being, installation of containerd.io > 1.2.0-3.el7 is blocked, which is a dependency of docker-ce. Because of this, we have to work around this problem. However, another problem is present. As long as firewalld, the system firewall manager is enabled, DNS resolution inside docker containers does not work.
For the time being this is the only way to install docker-ce. We will update the article once the proper centos 8 package becomes available.
We will now install the docker with the following command:
$ sudo dnf -y install docker-ce --nobest
Last metadata expiration check: 0:35:54 ago on Sun 20 Oct 2019 05:17:37 PM UTC.
Dependencies resolved.
Problem: package docker-ce-3:19.03.4-3.el7.x86_64 requires containerd.io >= 1.2.2-3, but none of the providers can be installed
- cannot install the best candidate for the job
- package containerd.io-1.2.10-3.2.el7.x86_64 is excluded
- package containerd.io-1.2.2-3.3.el7.x86_64 is excluded
- package containerd.io-1.2.2-3.el7.x86_64 is excluded
- package containerd.io-1.2.4-3.1.el7.x86_64 is excluded
- package containerd.io-1.2.5-3.1.el7.x86_64 is excluded
- package containerd.io-1.2.6-3.3.el7.x86_64 is excluded
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
docker-ce x86_64 3:18.09.1-3.el7 docker-ce-stable 19 M
Installing dependencies:
container-selinux noarch 2:2.94-1.git1e99f1d.module_el8.0.0+58+91b614e7
AppStream 43 k
libcgroup x86_64 0.41-19.el8 BaseOS 70 k
containerd.io x86_64 1.2.0-3.el7 docker-ce-stable 22 M
docker-ce-cli x86_64 1:19.03.4-3.el7 docker-ce-stable 39 M
Enabling module streams:
container-tools rhel8
Skipping packages with broken dependencies:
docker-ce x86_64 3:19.03.4-3.el7 docker-ce-stable 24 M
Transaction Summary
================================================================================
Install 5 Packages
Skip 1 Package
Total download size: 80 M
Installed size: 338 M
Downloading Packages:
(1/5): container-selinux-2.94-1.git1e99f1d.modu 314 kB/s | 43 kB 00:00
(2/5): libcgroup-0.41-19.el8.x86_64.rpm 470 kB/s | 70 kB 00:00
(3/5): containerd.io-1.2.0-3.el7.x86_64.rpm 3.1 MB/s | 22 MB 00:07
(4/5): docker-ce-18.09.1-3.el7.x86_64.rpm 2.6 MB/s | 19 MB 00:07
(5/5): docker-ce-cli-19.03.4-3.el7.x86_64.rpm 2.6 MB/s | 39 MB 00:15
--------------------------------------------------------------------------------
Total 4.5 MB/s | 80 MB 00:17
warning: /var/cache/dnf/docker-ce-stable-091d8a9c23201250/packages/containerd.io-1.2.0-3.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY
Docker CE Stable - x86_64 1.4 kB/s | 1.6 kB 00:01
Importing GPG key 0x621E9F35:
Userid : "Docker Release (CE rpm) "
Fingerprint: 060A 61C5 1B55 8A7F 742B 77AA C52F EB6B 621E 9F35
From : https://download.docker.com/linux/centos/gpg
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : docker-ce-cli-1:19.03.4-3.el7.x86_64 1/5
Running scriptlet: docker-ce-cli-1:19.03.4-3.el7.x86_64 1/5
Installing : containerd.io-1.2.0-3.el7.x86_64 2/5
Running scriptlet: containerd.io-1.2.0-3.el7.x86_64 2/5
Running scriptlet: libcgroup-0.41-19.el8.x86_64 3/5
Installing : libcgroup-0.41-19.el8.x86_64 3/5
Running scriptlet: libcgroup-0.41-19.el8.x86_64 3/5
Installing : container-selinux-2:2.94-1.git1e99f1d.module_el8.0.0 4/5
Running scriptlet: container-selinux-2:2.94-1.git1e99f1d.module_el8.0.0 4/5
Running scriptlet: docker-ce-3:18.09.1-3.el7.x86_64 5/5
Installing : docker-ce-3:18.09.1-3.el7.x86_64 5/5
Running scriptlet: docker-ce-3:18.09.1-3.el7.x86_64 5/5
Verifying : container-selinux-2:2.94-1.git1e99f1d.module_el8.0.0 1/5
Verifying : libcgroup-0.41-19.el8.x86_64 2/5
Verifying : containerd.io-1.2.0-3.el7.x86_64 3/5
Verifying : docker-ce-3:18.09.1-3.el7.x86_64 4/5
Verifying : docker-ce-cli-1:19.03.4-3.el7.x86_64 5/5
Installed:
docker-ce-3:18.09.1-3.el7.x86_64
container-selinux-2:2.94-1.git1e99f1d.module_el8.0.0+58+91b614e7.noarch
libcgroup-0.41-19.el8.x86_64
containerd.io-1.2.0-3.el7.x86_64
docker-ce-cli-1:19.03.4-3.el7.x86_64
Skipped:
docker-ce-3:19.03.4-3.el7.x86_64
Complete!
Now we must enable docker service:
$ sudo systemctl enable --now docker Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
We can check if the service is running as it should:
$ systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor pres>
Active: active (running) since Sun 2019-10-20 18:00:45 UTC; 2min 12s ago
Docs: https://docs.docker.com
Main PID: 2856 (dockerd)
Tasks: 21
Memory: 53.2M
CGroup: /system.slice/docker.service
├─2856 /usr/bin/dockerd -H fd://
└─2873 containerd --config /var/run/docker/containerd/containerd.tom>
From this, we can see that everything is ok.
Adding user to docker group
The docker group is created, but no users are added to the group. Add your user to this group to run docker commands without sudo.
$ sudo usermod -aG docker $USER $ id $USER uid=1000(vagrant) gid=1000(vagrant) groups=1000(vagrant),988(docker)
Logout and Login again to use Docker without sudo. We can check the docker version with:
$ newgrp docker $ docker version Client: Docker Engine - Community Version: 19.03.4 API version: 1.39 (downgraded from 1.40) Go version: go1.12.10 Git commit: 9013bf583a Built: Fri Oct 18 15:52:22 2019 OS/Arch: linux/amd64 Experimental: false Server: Docker Engine - Community Engine: Version: 18.09.1 API version: 1.39 (minimum version 1.12) Go version: go1.10.6 Git commit: 4c52b90 Built: Wed Jan 9 19:06:30 2019 OS/Arch: linux/amd64 Experimental: false
Test docker installation by pulling the test image
We can now pull the alpine docker container image to test our installed docker:
$ docker pull alpine Using default tag: latest latest: Pulling from library/alpine 9d48c3bd43c5: Pull complete Digest: sha256:72c42ed48c3a2db31b7dafe17d275b634664a708d901ec9fd57b1529280f01fb Status: Downloaded newer image for alpine:latest docker.io/library/alpine:latest
List downloaded container images:
$ docker images REPOSITORY TAG IMAGE ID CREATED SIZE alpine latest 961769676411 2 months ago 5.58MB
Verify that Docker CE is working correctly by running the alpine container from the downloaded image.
$ docker run -it --rm alpine /bin/sh / # apk update fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/main/x86_64/APKINDEX.tar.gz ERROR: http://dl-cdn.alpinelinux.org/alpine/v3.10/main: temporary error (try again later) WARNING: Ignoring APKINDEX.00740ba1.tar.gz: No such file or directory fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/community/x86_64/APKINDEX.tar.gz ERROR: http://dl-cdn.alpinelinux.org/alpine/v3.10/community: temporary error (try again later) WARNING: Ignoring APKINDEX.d8b2a6f4.tar.gz: No such file or directory 2 errors; 14 distinct packages available / # exit
We see here that we get errors trying to update with "apk update".
As said before, in order to make DNS resolution work inside Docker containers, we must disable firewalld (a system reboot may be also needed):
$ sudo systemctl disable firewalld Removed /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
After reboot we will try again apk update:
$ docker run -it --rm alpine /bin/sh
/ # apk update
fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/community/x86_64/APKINDEX.tar.gz
v3.10.2-189-g393dc02e8c [http://dl-cdn.alpinelinux.org/alpine/v3.10/main]
v3.10.2-189-g393dc02e8c [http://dl-cdn.alpinelinux.org/alpine/v3.10/community]
OK: 10337 distinct packages available
/ # exit
And now it works. This is not a good solution, but for now, this is the only way. Now you can ssh into docker and start using it.
Conclusion
At this time there is no official Centos 8 docker package. For now, we have to use this workaround to use the official Docker. In this tutorial, we have learned how to install and use Docker and docker images with the only workaround known at this time.
Instead of disabling firewalld I did the following, which worked for me:
firewall-cmd --permanent --zone=trusted --change-interface=docker0
firewall-cmd --permanent --zone=trusted --add-port=4243/tcp
firewall-cmd --reload
Hi Bibi,
Nice. Glad to hear that it worked for you.
I get errors trying to update with "apk update" after disable firewalld and reboot
Hi LLL,
What errors you are getting?
Agreed with LLL; the below steps were taken, after pulling down the firewalld and running the reboot command:
[root@localhost ~]# docker run -it --rm alpine /bin/sh
/ # apk update
fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/main/x86_64/APKINDEX.tar.gz
ERROR: http://dl-cdn.alpinelinux.org/alpine/v3.11/main: temporary error (try again later)
WARNING: Ignoring APKINDEX.70f61090.tar.gz: No such file or directory
fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/community/x86_64/APKINDEX.tar.gz
ERROR: http://dl-cdn.alpinelinux.org/alpine/v3.11/community: temporary error (try again later)
WARNING: Ignoring APKINDEX.ca2fea5b.tar.gz: No such file or directory
2 errors; 14 distinct packages available
As we stated in the article, this is just a workaround... There are issues with Docker in Centos8 and Fedora which enforces the cgroups v2 and others uses v1. You can try podman instead.
Thanks For this tutorial for Docker CE installation