Installing Docker on CentOS
Warning: Do not use the yum command to install Docker if you have not configured the Docker YUM repository.
Preparation
System Requirements
Docker supports 64-bit versions of CentOS 7/8, and requires the kernel version to be 3.10 or higher. CentOS 7 meets the minimum kernel requirement, but since the kernel version is relatively low, some features (such as the overlay2 storage driver) cannot be used, and some features may be less stable.
Uninstall Old Versions
The old version of Docker is called docker or docker-engine. Use the following command to uninstall the old version:
$ sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-selinux \
docker-engine-selinux \
docker-engine
Install Using yum
Execute the following command to install the dependency packages:
$ sudo yum install -y yum-utils
Execute the following command to add the yum software repository:
# Official repository
$ sudo yum install -y yum-utils
$ sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
If you need to install the test version of Docker, execute the following command:
$ sudo yum-config-manager --enable docker-ce-test
Install Docker
Update the yum software repository cache, and install docker-ce.
$ sudo yum install docker-ce docker-ce-cli containerd.io
Additional Settings for CentOS8
Since CentOS8 uses nftables for the firewall, but Docker does not yet support nftables, we can use the following settings to use iptables:
Change /etc/firewalld/firewalld.conf
# FirewallBackend=nftables
FirewallBackend=iptables
or execute the following command:
$ firewall-cmd --permanent --zone=trusted --add-interface=docker0
$ firewall-cmd --reload
Install Using Automatic Script
In test or development environments, Docker provides a set of convenient installation scripts to simplify the installation process. On CentOS systems, you can use this script for installation, and you can also use the --mirror option to use a domestic source:
If you want to install the test version of Docker, get the script from test.docker.com
# $ curl -fsSL test.docker.com -o get-docker.sh
$ curl -fsSL get.docker.com -o get-docker.sh
$ sudo sh get-docker.sh --mirror Aliyun
# $ sudo sh get-docker.sh --mirror AzureChinaCloud
After executing this command, the script will automatically complete all the preparation work and install the stable version of Docker on the system.
Start Docker
$ sudo systemctl enable docker
$ sudo systemctl start docker
Create Docker User Group
By default, the docker command uses a Unix socket to communicate with the Docker engine. Only the root user and users in the docker group can access the Unix socket of the Docker engine. For security reasons, the root user is generally not used directly on Linux systems. Therefore, a better practice is to add the user who needs to use docker to the docker user group.
Create the docker group:
$ sudo groupadd docker
Add the current user to the docker group:
$ sudo usermod -aG docker $USER
Log out of the current terminal and log in again, then perform the following test.
Test if Docker is Installed Correctly
$ docker run --rm hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
b8dfde127a29: Pull complete
Digest: sha256:308866a43596e83578c7dfa15e27a73011bdd402185a84c5cd7f32a88b501a24
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
If the above information is displayed normally, it means the installation was successful.
Add Kernel Parameters
If you see the following warning messages when using Docker on CentOS:
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Please add kernel configuration parameters to enable these features.
$ sudo tee -a /etc/sysctl.conf <<-EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
Then reload sysctl.conf
$ sudo sysctl -p