The integration of Docker into the CentOS ecosystem represents a pivotal shift in how system administrators and DevOps engineers deploy application processes. Docker is an application designed to simplify the execution of processes within containers. These containers function similarly to virtual machines in that they isolate an application and its dependencies; however, they are significantly more portable and resource-friendly because they share the host operating system's kernel rather than emulating a full hardware stack. This dependency on the host OS allows for near-native performance while maintaining a layer of abstraction that ensures consistency across different environments. For those operating within the CentOS landscape, understanding the nuances of Docker installation, versioning, and image management is critical for maintaining a stable and reproducible Linux environment.
Technical Prerequisites and System Requirements
Before initiating the installation of Docker on CentOS, certain hardware and software benchmarks must be met to ensure system stability and compatibility.
- Architecture: Docker requires a 64-bit version of CentOS 7. This is a fundamental requirement because the Docker Engine relies on 64-bit CPU instruction sets for its virtualization and isolation capabilities.
- Kernel Version: The system must be running a kernel version equal to or greater than 3.10. The kernel is the core of the operating system that manages hardware and memory; Docker leverages specific kernel features like control groups (cgroups) and namespaces to create isolated containers. Standard 64-bit CentOS 7 installations, such as the default DigitalOcean Droplets, typically meet these requirements natively.
- User Privileges: To maintain security best practices, all Docker commands should be executed by a non-root user. When administrative privileges are required to modify system files or start services, the
sudocommand must be used. This prevents accidental system-wide changes and adheres to the principle of least privilege.
Comprehensive Docker Engine Installation Strategies
There are multiple pathways to deploying Docker on CentOS, depending on whether the user is utilizing an existing installation or automating the creation of a new server.
Installation on Existing Systems
For users with an active CentOS installation, the process begins with preparing the package manager. While Docker may be available in the official CentOS 7 repositories, these versions are often outdated. To obtain the latest features and security patches, users should install Docker from the official Docker repository.
The initial step involves updating the package database to ensure the system is aware of the latest available versions:
sudo yum check-update
Automated Deployment via Docker Machine
An alternative method for those who do not wish to manually configure an existing server is using Docker Machine. This tool automates the process of spinning up a new server and automatically installs Docker upon creation, reducing the manual overhead associated with initial configuration.
Modern Installation on CentOS Stream
For those utilizing more recent versions of the distribution, such as CentOS Stream 9 or CentOS Stream 10, the installation process utilizes the dnf package manager. A critical requirement for these versions is that the centos-extras repository must be enabled. This repository provides additional packages that are not part of the core distribution but are necessary for the functionality of the Docker Engine. If it was previously disabled, it must be re-enabled before proceeding.
Conflict Resolution and Cleanup Procedures
Before installing the official Docker Engine, it is mandatory to remove any conflicting packages. Linux distributions often provide unofficial Docker packages that can clash with the official releases provided by Docker.
To ensure a clean installation, the following command is used to remove existing Docker-related packages:
sudo dnf remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
It is important to note that running this removal command does not wipe all Docker data. Images, containers, volumes, and networks stored in the /var/lib/docker/ directory are not automatically removed during the uninstallation process. This allows users to upgrade or reinstall the engine without losing their persistent data.
Advanced Installation and Version Control
Users have two primary methods for installing the Docker Engine: using the repository system or manual RPM installation.
Repository-Based Installation
The recommended approach is setting up Docker's official repositories. This method simplifies the installation process and makes future upgrades significantly easier, as the package manager can track version updates automatically.
To install a specific version of Docker, the user must first list the available versions in the repository to identify the exact version string:
dnf list docker-ce --showduplicates | sort -r docker-ce.x86_64
The output of this command will display versions such as 3:29.4.1-1.el9. The suffix .el9 indicates the version is specific to Enterprise Linux 9. To install a specific version, the user combines the package name docker-ce with the version string, separated by a hyphen. For example, to install version 29.4.1, the command would be:
sudo dnf install docker-ce-3:29.4.1-1.el9 docker-ce-cli-3:29.4.1-1.el9 containerd.io docker-buildx-plugin docker-compose-plugin
Manual RPM Installation
For environments with restricted internet access or specific compliance requirements, users can download the RPM package and install it manually. However, this approach requires the user to manage all future upgrades manually, as the automated repository tracking is bypassed.
Post-Installation Configuration and Service Management
The installation of the Docker package does not automatically start the Docker Engine, nor does it configure user permissions for the Docker socket.
Starting the Docker Engine
To manage the Docker service, systemctl is used. There are two primary ways to start the engine:
- For automatic startup on boot:
sudo systemctl enable --now docker - For a manual start without enabling boot-time persistence:
sudo systemctl start docker
User Group Management
During installation, a docker group is created. By default, no users are added to this group. Users who wish to run Docker commands without using sudo must be added to this group.
Installation Verification
To verify that the Docker Engine is functioning correctly, users can run the hello-world test image:
sudo docker run hello-world
This command triggers the engine to download a small test image from the registry and execute it in a container, confirming that the image pulling and execution pipeline is operational.
Navigating the CentOS Docker Hub Images
The CentOS Project provides official images on Docker Hub, which allow users to run a CentOS environment as a container.
Image Tagging and Versions
The CentOS project utilizes different tagging strategies for its images:
centos:latest: This tag always points to the most recent version currently available.- Major Version Tags: Tags like
centos:6orcentos:7provide rolling updates for that specific major release, which are typically updated monthly or for emergency fixes. - Minor Version Tags: Tags such as
centos:5.11orcentos:6.6correspond to the original installation media. These images do not receive rolling updates. Consequently, if these images are used, it is highly recommended to include the following command in the Dockerfile to address security vulnerabilities:
RUN yum -y update && yum clean all
Lifecycle Status
It is critical for administrators to note that as of June 30, 2024, all tags of the CentOS Linux images are officially End of Life (EOL). While some updates occurred as recently as November 16, 2020, the official support window has closed. Users must adjust their usage and migration strategies accordingly.
Operational Guide for CentOS Containers
Running a CentOS container requires an understanding of how the container interacts with the user and the underlying filesystem.
Interactive Execution
Running a basic CentOS container using docker run centos often results in the container starting and immediately shutting down. This happens because the container has no active process to keep it open. To access the container interactively, users must specify flags for a pseudo-TTY and interactive mode:
docker run -i -t centos
-ior--interactive: Allocates a pseudo-TTY, allowing the user to interact with the shell.-tor--tty: Provides a terminal interface.
Once executed, the user is placed in a root shell inside the container, indicated by the prompt [root@container_id /]#.
Container Management Commands
To see which containers are currently active, the following command is used:
docker container ls
If the container has exited, it will not appear in this list unless the -a (all) flag is added.
Technical Deep Dive: Storage and System Management
OverlayFS and Backend Storage
Recent versions of Docker (1.13 and onwards) support the overlayfs backend, which is enabled by default on most distributions. On CentOS 6 and 7, this backend requires the yum-plugin-ovl package to be installed and enabled.
To prevent errors related to rpmdb checksum failures, users must ensure that the plugins=1 option is retained in the /etc/yum.conf file. If this file is updated and the option is removed, the system may encounter critical failures during package operations.
Managing Image Size and Documentation
CentOS containers are built using the nodocs option in yum to minimize the overall image size. This is a strategic choice to keep the image lightweight and portable. However, if a user installs a package and finds that the necessary documentation files are missing, they must modify the configuration:
- Edit
/etc/yum.confand comment out the linetsflags=nodocs. - Reinstall the required package.
Systemd Integration
systemd is included in both the centos:7 and centos:latest base containers. However, it is not active by default. This means that services relying on systemctl will not function unless the container is started with specific privileges and configurations that allow the init system to manage the process lifecycle.
Summary of Technical Specifications and Requirements
The following table summarizes the core requirements and configurations for Docker on CentOS.
| Requirement/Component | Specification | Note |
|---|---|---|
| CPU Architecture | 64-bit | Mandatory for Docker Engine |
| Kernel Version | $\ge$ 3.10 | Required for cgroups and namespaces |
| OS Version | CentOS 7 / Stream 9 / Stream 10 | Must be a maintained version |
| Essential Repository | centos-extras |
Must be enabled for Docker Engine |
| Storage Backend | overlayfs |
Requires yum-plugin-ovl on CentOS 6/7 |
| Package Manager | yum (CentOS 7) / dnf (Stream) |
Used for installation and updates |
| Default Image Tag | centos:latest |
Points to most recent version |
| EOL Date | June 30, 2024 | All CentOS Linux images are EOL |
Conclusion
The deployment of Docker on CentOS transforms the server into a versatile platform for microservices and portable application delivery. By adhering to the strict requirements of 64-bit architecture and kernel version 3.10, administrators can ensure a stable foundation. The choice between using the official Docker repositories and manual RPM installation allows for a balance between ease of maintenance and strict environment control. While the CentOS Linux images have reached their end-of-life status as of June 2024, the technical framework for running these containers—including the use of interactive TTYs and the management of overlayfs via yum-plugin-ovl—remains a fundamental skillset for any professional operating in a Red Hat-derived ecosystem. The shift toward CentOS Stream further emphasizes the need for dnf-based management and the strategic use of the centos-extras repository to maintain a modern, secure, and reproducible container environment.