How to Setup rkt Containers on Fedora 24

You might have heard about CoreOS and its Rocket containers. It is the competitor to docker but it has not seen much usage outside of CoreOS. Installation on other Linux distribution is sometimes challenging, especially on CentOS due to old kernel which has issues when running rkt. In this article we are going to use rocket containers in Fedora Workstation on my laptop. Package for easy installation is not available, so we are going to do a manual install.

Setting up rkt

Lets first download rkt:


downloading rkt

Then extract it:

tar xzvf rkt-v1.10.1.tar.gz

Next we cd into dir an copy the rkt binary into the /usr/bin

cd rkt-v1.10.1

cp rkt /usr/bin/

Then we move to creating a group and adding the your non-root user to a group. I will add myself, so you will need to change "miki" to your actual username. This will not give all privileges to non-root user like in docker, instead it will only allow easier image management and monitoring. For most commands, you would still need sudo or root.

groupadd rkt

gpasswd -a miki rkt && newgrp rkt

Then we need to setup data directory to /var/lib/rkt and luckily there is good script for that, distributed with rkt.


Now we need to copy stage1 images

mkdir -p /usr/lib/rkt/stage1-images

cp stage1-*.aci /usr/lib/rkt/stage1-images/

Then we  copy systemd services. Note that rkt actually don't have long running service to be started by systemd. Services that we are copying in following commands are for image management and garbage collection.

cp init/systemd/tmpfiles.d/rkt.conf /usr/lib/tmpfiles.d/

cp init/systemd/rkt-metadata.* /usr/lib/systemd/system/

cp init/systemd/rkt-gc.* /usr/lib/systemd/system/

systemctl daemon-reload

We are going to also build an image, so we need to download and install acbuild


tar xzvf acbuild-v0.4.0.tar.gz

cd acbuild-v0.4.0/

cp acbuild acbuild-chroot acbuild-script /usr/bin/

SElinux doesnt play well with rkt so lets set it to permissive mode

sed -i'' 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config
setenforce Permissive

After this, we should have rkt set up.

Using rkt to deploy httpd

We are going to use lightweight Alpine Linux to try out rkt application containers. We are going to deploy Apache httpd.

nano image-build

And then paste this script there

#!/usr/bin/env acbuild-script

# Start the build with an empty ACI

# Name the ACI

# Based on alpine
dep add

# Install apache
run -- apk update
run -- apk add apache2

run -- /bin/sh -c "echo 'ServerName localhost' >> /etc/apache2/httpd.conf"

# Add a port for http traffic on port 80
port add http tcp 80

# Add a mount point for files to serve
mount add html /var/www/localhost/htdocs

# Run apache, and remain in the foreground
set-exec -- /bin/sh -c "chmod 755 / && /usr/sbin/httpd -D FOREGROUND"

# Write the result
write --overwrite apache-latest-linux-amd64.aci

Then we will add the executable bit to the script

chmod +x image-build

And then we run the script


building image

Finally we can run our container and check if we have server running.

rkt run --dns --net=host apache-latest-linux-amd64.aci --insecure-options=image

It is important that this command is run in same dir where image is created, otherwise wont work. Lets then fire up browser and go to localhost:

Apache landing page

We see that it works, but Alpine Linux due to being lightweight doesn't sport usual Apache landing page.

Exploring the shell and deleting containers

If you don't want to run apache and want just to use shell in container, you can try this command in another container:

rkt run --interactive --dns --net=host

It will give you shell to work with. Instead alpine you could easily run fedora as well. Just execute this command so you get the shell inside fedora container:

rkt run --dns --interactive --net=host docker://fedora --insecure-options=image --exec=/bin/bash

After you finish working with containers, you would normally want to delete them so, we use garbage collector, command gc. This command has grace period of 30 minutes and on CoreOS it runs automatically, but we want to delete everything now. So we will use command with this flag:

rkt gc --grace-period=0s

garbage collection with rkt

This moves exited containers to garbage, and then after grace period expires, it deletes them. But sine our grace period is set to zero seconds, it does all at once.


So we now have basic setup and understanding of rkt containers on Fedora 24. Rocket containers can be also used with Kubernetes, or they can be set up in multitude of different ways. For detail documentation, visit this page. Be sure to check all the new developments as rkt is fast-moving technology and gets new features regularly. Thank you for reading, that is all for this article.

Mihajlo Milenovic 4:43 am

About Mihajlo Milenovic

Miki is a long time GNU/Linux user, Free Software advocate and a freelance system administrator from Serbia. Got introduced to GNU/Linux in year 2003 on old AMD Duron computer, and since than always eager to learn new stuff about this system. From 2016 writes for Linoxide to share his experiences with wider audience

Author Archive Page

Have anything to say?

Your email address will not be published. Required fields are marked *

All comments are subject to moderation.