The Definitive Guide to Deploying and Managing Docker on Rocky Linux

The integration of Docker into the Rocky Linux ecosystem represents a critical intersection between enterprise-grade stability and modern application agility. Docker is an application designed to simplify the execution of application processes within containers. These containers function similarly to virtual machines but are fundamentally different in their architectural approach; they are more portable, significantly more resource-friendly, and maintain a closer dependency on the host operating system's kernel. This shared-kernel architecture eliminates the overhead associated with hypervisors and guest operating systems, allowing for near-native performance and rapid scaling. For technical professionals, utilizing Rocky Linux as a host for Docker provides a predictable, reproducible, and secure environment that mirrors the characteristics of Red Hat Enterprise Linux (RHEL).

Rocky Linux itself is a community-supported distribution derived from sources provided by Red Hat for RHEL. Because it aims for functional compatibility with RHEL, it serves as an ideal base for those requiring a stable, no-cost environment that is free to redistribute. The Rocky Linux Project focuses on removing upstream vendor branding and artwork, ensuring that the core system remains an open, transparent implementation of the RHEL ecosystem. Each version of Rocky Linux is maintained for up to 10 years through security updates, with new versions released approximately every two years and periodic updates every six months to accommodate newer hardware. This level of long-term support is essential for enterprise environments where stability and security are non-negotiable.

When deploying Docker on Rocky Linux, administrators must navigate the nuances of repository management and user permissions. While the official Rocky Linux repositories may contain Docker packages, they are not guaranteed to be the latest versions. To ensure the deployment of the most current features and security patches, the official Docker repository must be utilized. This process involves configuring the DNF package manager to recognize Docker's external sources, which allows for the installation of the Docker Engine, the command-line interface (CLI), and essential plugins like containerd and Docker Compose.

Technical Infrastructure and Installation Procedures

The installation of Docker on Rocky Linux 9 requires a systematic approach to package management and system configuration. All operations should be performed by a non-root user equipped with sudo privileges to maintain system security and auditability.

The initial phase of installation involves preparing the package database to ensure that the system is aware of the most current software versions. The administrator must execute the following command to check for updates:

sudo dnf check-update

Following the update check, the official Docker repository must be added. Because Rocky Linux is functionally compatible with CentOS, it can utilize the CentOS repository provided by Docker. The specific command to add this repository is:

sudo dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

Alternatively, some documentation suggests the use of the RHEL-specific repository for Rocky Linux servers:

sudo dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo

Once the repository is successfully registered, the installation of the core Docker components is initiated. This includes the Docker Engine, the CLI, containerd, and critical plugins for image building and orchestration. The installation command is as follows:

sudo dnf -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

The technical layer of this process ensures that all necessary binaries are placed in the system path and that the container runtime (containerd) is correctly linked to the Docker Engine.

System Activation and Service Management

After the binary installation is complete, the Docker daemon (dockerd) must be started and configured to persist across system reboots. This is handled via the systemd manager using the systemctl utility.

To simultaneously enable the service for boot and start it immediately, the following command is used:

sudo systemctl --now enable docker

This action ensures that the Docker engine is operational and that any containers configured with a restart policy will automatically boot upon the server's restart, which is vital for maintaining high availability in production environments.

Advanced User Permission Configuration

By default, the Docker daemon binds to a Unix socket which is owned by the root user. This requires every docker command to be preceded by sudo, which can be inefficient and potentially risky for frequent administrative tasks. To mitigate this, a non-root user can be added to the docker group.

This configuration grants the user the ability to manage containers without needing elevated root privileges for every individual command. This is particularly useful when multiple developers need to manage containers on a shared server without being granted full sudo access to the entire host system.

To add the current user to the docker group, the following command is executed:

sudo usermod -a -G docker $(whoami)

Alternatively, to add a specific, different user, the command is:

sudo usermod -a -G docker custom-user

Another variation of this command is:

sudo usermod -aG docker $USER

It is important to note that these group membership changes do not take effect immediately. The user must log out of the current session and log back in for the operating system to recognize the new group assignment.

Utilizing Rocky Linux as a Container Image

Beyond using Rocky Linux as a host, it is frequently used as the base image for containers. This is highly beneficial for developers who need an environment that mirrors a RHEL-based production server.

The Rocky Linux container image available on Docker Hub is intentionally stripped down. It contains only the necessary tools for container deployment, meaning it lacks the full suite of utilities found in the server OS installation. This reduction in size ensures that the image is more efficient to pull and deploy.

The process of utilizing a Rocky Linux image involves several distinct steps:

  1. Pulling the Image: The image must be downloaded from the official Rocky Linux repository on Docker Hub.
    docker pull rockylinux/rockylinux

  2. Verifying the Image: After the pull is complete, the presence of the image is verified using:
    docker images

The output will typically show the image as rockylinux/rockylinux with a specific version tag and size, often around 196MB for the latest version.

  1. Deploying the Container: A new container instance is created and run in the background.
    docker run -it --name rocky -d rockylinux/rockylinux

  2. Accessing the Container: To enter the interactive shell of the running container, the execute command is used:
    docker exec -it --user root rocky /bin/bash

Once inside, the prompt will indicate root@, confirming the user is operating within the container's root environment.

Application Deployment Example: Apache Web Server

To demonstrate the utility of Rocky Linux containers, one can deploy a functional web server within the containerized environment. This process illustrates the ease of software installation and verification within a Dockerized Rocky Linux instance.

Once the user has accessed the container via the bash prompt, the Apache web server (httpd) can be installed using the DNF package manager:

dnf install httpd -y

After installation, the Apache daemon is started:

httpd

To verify that the web server is operational and serving content, a curl request is sent to the localhost:

curl localhost

The output will display the HTML content of the Apache welcome page, confirming the service is active. Once the verification is complete, the user can exit the container:

exit

This workflow allows developers to create a customized image. By installing specific software like Apache and then committing the changes to a new image, the developer creates a reusable template that includes both the base OS and the required application.

Docker Hub Ecosystem and Image Management

The Rocky Linux images are maintained by the Rocky Enterprise Software Foundation. While there is an Official Images program curated by the Docker team, there have been technical constraints preventing Rocky Linux from publishing updates directly through that specific channel. Consequently, users are advised to refer to the official Rocky Linux Docker Hub repository for the most up-to-date images.

One critical detail regarding the images is that the rockylinux:latest tag is intentionally missing. This is a deliberate design choice to encourage users to specify the exact version of Rocky Linux they require, ensuring that their environments remain predictable and do not unexpectedly update to a newer major version that could introduce breaking changes.

The Rocky Enterprise Software Foundation maintains several repositories on Docker Hub, including:

  • Toolbox images for Rocky Linux (linked to the containers/toolbox GitHub).
  • RockyLinux shim-review images.

These tools facilitate a wider range of containerization strategies, including the use of the Toolbox utility for creating development environments.

Alternative Containerization and Desktop Environments

While the Docker Engine is the primary focus for server-side workloads, there are other paths for containerization on Rocky Linux.

Docker Desktop can be installed on Rocky Linux, providing a graphical user interface and an integrated Kubernetes cluster. This is particularly useful for developers who prefer a GUI-based management system over the command line.

Additionally, the Rocky Linux community and documentation point toward other container solutions that may be suitable depending on the use case:

  • Podman: A daemonless container engine developed by Red Hat that is often seen as a direct alternative to Docker.
  • LXC/Incus: A fork of the original LXD project, providing system containers that behave more like full virtual machines than application containers.

These alternatives provide a broader spectrum of isolation and management styles, ranging from the application-centric approach of Docker to the system-centric approach of Incus.

Comparative Analysis of Installation Repositories

The choice of repository impacts the stability and update cycle of the Docker installation. The following table outlines the repository options available for Rocky Linux.

Repository Source Target OS Compatibility Recommended Use Case
official Rocky Linux Repo Rocky Linux Native General use, though potentially outdated
download.docker.com/linux/centos CentOS / Rocky High Latest Docker CE features
download.docker.com/linux/rhel RHEL / Rocky High Server-side native Docker workloads

Summary of Container Management Commands

The following list provides the essential commands required for the lifecycle management of Docker on Rocky Linux.

  • Update package database: sudo dnf check-update
  • Add CentOS repo: sudo dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
  • Install Docker suite: sudo dnf -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
  • Enable and start service: sudo systemctl --now enable docker
  • Add user to docker group: sudo usermod -a -G docker $(whoami)
  • Pull Rocky image: docker pull rockylinux/rockylinux
  • Run Rocky container: docker run -it --name rocky -d rockylinux/rockylinux
  • Access container bash: docker exec -it --user root rocky /bin/bash
  • List local images: docker images

Conclusion

The deployment of Docker on Rocky Linux is a strategic choice for organizations seeking the reliability of a RHEL-compatible environment paired with the flexibility of containerization. By utilizing the official Docker repositories and correctly configuring systemd and user group permissions, administrators can establish a robust foundation for microservices and application deployment. The transition from a base Rocky Linux image to a functional application server, as demonstrated with the Apache web server installation, highlights the agility provided by the Docker ecosystem.

The intentional absence of the latest tag in the official images emphasizes the project's commitment to stability and predictability, forcing a conscious choice of versioning that prevents the "silent" breakage often associated with automatic updates. Whether opting for the standard Docker Engine, the feature-rich Docker Desktop, or alternatives like Podman and Incus, Rocky Linux provides a secure, low-maintenance, and reproducible environment suitable for both development and production. The 10-year support window for each version ensures that these containerized workloads can remain operational and secure throughout their entire lifecycle, making Rocky Linux one of the most viable hosts for modern container orchestration.

Sources

  1. How to Install and Use Docker on Rocky Linux 9 - DigitalOcean
  2. Rocky Linux Official Image - Docker Hub
  3. Docker Gemstones - Rocky Linux Documentation
  4. Rocky Linux Organization - Docker Hub
  5. Start Developing with Rocky Linux as a Docker Container - The New Stack
  6. Docker Desktop on Rocky Linux - Rocky Linux Forums

Related Posts