Introduction
Docker is free and open-source software that allows you to build, test and deploy applications through a container in the form of images. Docker uses images to build containers that are machine-like instances. Unlike virtual machines, when creating a docker container you do not have to specify the resources (RAM, CPU, and storage) for the instance. Instead, the system treats a container as an application thus it is intelligent enough to know when and amount of resources to allocate to a container. This is cost-effective as docker only uses resources when needed.
Pre-requisites
For you to be able to install Docker on CentOS, you should have the following;
- CentOS 7 server
- A non-root user with sudo privileges
With that, let’s embark on the installation of Docker.
Install Docker
There are a number of methods to install Docker on CentOS 7;
- Installation from Docker repositories
- Installing manually by downloading the RPM package
However, in this tutorial, we are going to install Docker from Docker repositories since the RPM package may not contain the latest version of Docker.
Step 1: System Update
Make sure your CentOS system is updated to its latest packages:
$ sudo yum check-update
Step 2: Set up the repository
To set up the repository, you need to install the
yum-utils
package which will provide the
yum-config-manager
utility.
$ sudo yum install -y yum-utils
Step 3: Add the official docker repository
The following command will add the official docker repository, it will download the latest docker version and install it afterward:
$ curl -fsSL https://get.docker.com/ | sh
Below output displays the installation process.
# Executing docker install script, commit: b2e29ef7a9a89840d2333637f7d1900a83e7153f
+ sudo -E sh -c 'yum install -y -q yum-utils'
Package yum-utils-1.1.31-54.el7_8.noarch already installed and latest version
+ sudo -E sh -c 'yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo'
Loaded plugins: fastestmirror
adding repo from: https://download.docker.com/linux/centos/docker-ce.repo
grabbing file https://download.docker.com/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo
+ '[' stable '!=' stable ']'
+ sudo -E sh -c 'yum makecache'
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
epel/x86_64/metalink | 60 kB 00:00
* base: mirror.aptus.co.tz
* epel: d2lzkl7pfhq30w.cloudfront.net
* extras: mirror.aptus.co.tz
* updates: mirror.aptus.co.tz
base | 3.6 kB 00:00
docker-ce-stable | 3.5 kB 00:00
extras | 2.9 kB 00:00
updates | 2.9 kB 00:00
(1/13): docker-ce-stable/7/x86_64/updateinfo | 55 B 00:00
(2/13): docker-ce-stable/7/x86_64/primary_db | 80 kB 00:00
(3/13): docker-ce-stable/7/x86_64/filelists_db | 33 kB 00:00
(4/13): docker-ce-stable/7/x86_64/other_db | 125 kB 00:00
(5/13): epel/x86_64/prestodelta | 873 B 00:01
(6/13): epel/x86_64/other_db | 3.4 MB 00:01
(7/13): base/7/x86_64/filelists_db | 7.2 MB 00:01
(8/13): extras/7/x86_64/other_db | 148 kB 00:00
(9/13): base/7/x86_64/other_db | 2.6 MB 00:02
(10/13): updates/7/x86_64/other_db | 1.1 MB 00:00
(11/13): extras/7/x86_64/filelists_db | 277 kB 00:00
(12/13): updates/7/x86_64/filelists_db | 9.1 MB 00:02
(13/13): epel/x86_64/filelists_db | 12 MB 00:20
Metadata Cache Created
+ sudo -E sh -c 'yum install -y -q docker-ce docker-ce-cli containerd.io docker-scan-plugin docker-compose-plugin docker-ce-rootless-extras'
warning: /var/cache/yum/x86_64/7/docker-ce-stable/packages/docker-ce-20.10.17-3.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY
Public key for docker-ce-20.10.17-3.el7.x86_64.rpm is not installed
Importing GPG key 0x621E9F35:
Userid : "Docker Release (CE rpm) <docker@docker.com>"
Fingerprint: 060a 61c5 1b55 8a7f 742b 77aa c52f eb6b 621e 9f35
From : https://download.docker.com/linux/centos/gpg
================================================================================
To run Docker as a non-privileged user, consider setting up the
Docker daemon in rootless mode for your user:
dockerd-rootless-setuptool.sh install
Visit https://docs.docker.com/go/rootless/ to learn about rootless mode.
To run the Docker daemon as a fully privileged service, but granting non-root
users access, refer to https://docs.docker.com/go/daemon-access/
WARNING: Access to the remote API on a privileged Docker daemon is equivalent
to root access on the host. Refer to the 'Docker daemon attack surface'
documentation for details: https://docs.docker.com/go/attack-surface/
Step 4: Start and verify the docker service
Docker daemon does not start automatically, therefore you should start it by running:
$ sudo systemctl start docker
Now check if docker is up and running:
$ sudo systemctl status docker
Your output will be similar to the one below showing that docker is active and running;
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since Qib 2022-07-05 10:43:58 EAT; 4s ago
Docs: https://docs.docker.com
Main PID: 10128 (dockerd)
Tasks: 8
Memory: 33.7M
CGroup: /system.slice/docker.service
└─10128 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
Step 5: Configure Docker to start up on boot
This will allow the docker service to start automatically every time the system reboots.
Run:
$ sudo systemctl enable docker
Docker is successfully installed. Let us now look at how you can run a docker container, execute docker commands, and so on.
Managing docker as a non-root user
By default, the Docker daemon runs as the root user. Therefore, to be able to run as a non-root user, you should preface the docker command with sudo, otherwise, the operation will not run.
However, you can avoid the task of prefacing the
docker
command sudo every time by creating a Unix group called docker and adding users to it. This way, you will be able to perform the commands without prefacing them with sudo. In other words, the docker group grants privilege the same to the root.
Let us try to run a docker command as non-root and see what happens;
$ docker run hello-world
You will get an error denying you permission to complete and run the command. This is because you don’t have the privileges.
docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/create": dial unix /var/run/docker.sock: connect: permission denied.
See 'docker run --help'.
Therefore we need to add you to the docker group to be able to run the command.
To create a docker group;
$ sudo groupadd docker
To add users to the docker group;
$ sudo usermod -aG docker $USER
To apply the new changes, run;
$ sudo newgrp docker
Now, let’s repeat our previous command and see if it will be successful now that the user is in the docker group;
$ docker run hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
This shows that you are able to run the docker command as a non-root user and without prefixing
sudo
before
docker
.
From here, we won’t be prefacing
docker
with
sudo
because we have the privilege to run the docker command without
sudo
.
Using Docker commands
First off, you have to understand the docker command-line utility which comes as a full package during the installation of docker. The docker command consists of a number of steps which include passing it through a chain of options and subcommands then followed by some arguments. A complete docker the command takes the form;
$ docker [option] [command] [arguments]
Now, to be able to view the system’s info, you can run the following command;
$ docker info
To see all available docker sub-commands run;
$ docker
The sub-commands may keep changing based on your docker version.
Commands:
attach Attach local standard input, output, and error streams to a running container
build Build an image from a Dockerfile
commit Create a new image from a container's changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
diff Inspect changes to files or directories on a container's filesystem
events Get real time events from the server
exec Run a command in a running container
export Export a container's filesystem as a tar archive
history Show the history of an image
images List images
import Import the contents from a tarball to create a filesystem image
info Display system-wide information
inspect Return low-level information on Docker objects
kill Kill one or more running containers
load Load an image from a tar archive or STDIN
login Log in to a Docker registry
logout Log out from a Docker registry
logs Fetch the logs of a container
pause Pause all processes within one or more containers
port List port mappings or a specific mapping for the container
ps List containers
pull Pull an image or a repository from a registry
push Push an image or a repository to a registry
rename Rename a container
restart Restart one or more containers
rm Remove one or more containers
rmi Remove one or more images
run Run a command in a new container
save Save one or more images to a tar archive (streamed to STDOUT by default)
search Search the Docker Hub for images
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop one or more running containers
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
top Display the running processes of a container
unpause Unpause all processes within one or more containers
update Update configuration of one or more containers
version Show the Docker version information
wait Block until one or more containers stop, then print their exit codes
Working with Docker images
A docker image is a set of instructions like file used to execute code in a docker container. These images are stored in a Docker hub- a cloud based registry run by docker-.
To search for an image in the docker hub repository, you use the
search
subcommand followed by the name of the image. For instance let’s try nd search for the CentOS 7 image;
$ docker search centos
Your output will be similar to this;
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
centos The official build of CentOS. 7219 [OK]
kasmweb/centos-7-desktop CentOS 7 desktop for Kasm Workspaces 21
continuumio/centos5_gcc5_base 3
dokken/centos-7 CentOS 7 image for kitchen-dokken 2
dokken/centos-stream-9 1
couchbase/centos7-systemd centos7-systemd images with additional debug… 1 [OK]
spack/centos7 CentOS 7 with Spack preinstalled 1
The
image pull
sub-command is used to download a docker image. Let us download the CentOS docker image;
$ docker image pull centos
You’ll get a similar output like the one below:
Using default tag: latest
latest: Pulling from library/centos
a1d0c7532777: Pull complete
Digest: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177
Status: Downloaded newer image for centos:latest
docker.io/library/centos:latest
Use the
run
sub-command to start the downloaded image. Since we’ve downloaded Centos image, let’s run it:
$ docker run centos
To view the downloaded images, run:
$ docker images
Our output will show our previously downloaded docker images:
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest feb5d9fea6a5 9 months ago 13.3kB
centos latest 5d0da3dc9764 9 months ago 231MB
Working with Docker containers
Docker containers are like virtual machines. You can be able to do operations inside the containers and exit the container. An example of a container is the
hello-world the
container we downloaded before.
For interactive shell access into the container, we use the combination of the -i and -t switches. Let’s run a container using the centos image:
$ docker run -it centos
The output will show that you are working from inside the container:
[root@de29d874a8e1 /]#
Now that you are inside the container, you can run any operation without prefixing
sudo
. This is because you have all the privileges in the container. The highlighted text in the output code is the container’s ID.
When you are done with the container, you simply log out using the
exit
command.
To list active containers, run:
$ docker ps
To list both active and in-active containers, run:
$ docker ps -a
The output will look like this:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
de29d874a8e1 centos "/bin/bash" 9 minutes ago Exited (0) 52 seconds ago gallant_buck
3854b6336cd9 centos "/bin/bash" 21 minutes ago Exited (0) 21 minutes ago cranky_ride
886a3e47821b hello-world "/hello" 2 hours ago Exited (0) 2 hours ago relaxed_margulis
123545b7ca4a hello-world "/hello" 2 hours ago Exited (0) 2 hours ago romantic_driscoll
To see the last container you created, run:
$ docker ps -l
The output will show the latest container created:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
de29d874a8e1 centos "/bin/bash" 13 minutes ago Exited (0) 4 minutes ago gallant_buck
To stop a running container:
$ docker stop container-id
You should now be in a position to work with the docker images and containers with much ease.
Conclusion
You successfully installed Docker on CentOS 7, we have also looked at several ways to manage docker images and containers. That should give you an added scope in your journey to start using and working with Docker. Thank you!
How to Install Docker in Ubuntu
One thought on “How to Install Docker Container Engine in CentOS 7”