Docker containers for applications on Linux
Docker is an open-source project that automates the deployment of applications inside software containers, by providing an additional layer of abstraction and automation of operating-system-level virtualization on Linux. Docker uses resource isolation features of the Linux kernel such as cgroups and kernel namespaces to allow independent “containers” to run within a single Linux instance, avoiding the overhead of starting and maintaining virtual machines.
Docker_Hub: A centralized place to build and share Docker container images, collaborate with friends and colleagues, and automate pipelines.
Installing docker requires root priviledges.
For CentOS hosts see Installing Docker - CentOS-7:
yum install docker systemctl start docker systemctl enable docker
To get the latest stable official CentOS image on Docker_Hub:
docker pull centos
To test this Docker container:
docker run centos cat /etc/centos-release
man docker-run manual page.
To display running containers:
docker ps docker ps -a
To stop a running container:
docker stop <CONTAINER-ID>
Running docker as non-root user
In many places you will see this bad advice about adding users to the docker group:
To permit a named user to user Docker:
DON'T DO THIS: usermod -a -G docker <your-user>
On RHEL7/CentOS7 this is not permitted for security reasons. In Bug 1214104 - /var/run/docker.sock permissions this is explained:
We don't want to allow docker access from non privileged users since this is the equivalent of allowing these users root access with no logging. We would prefer that you set them up to use sudo. We will not fix this issue until we have proper logging and Access Control built into docker.
Conclusion: Users must use sudo to run docker, or docker must be run by root.
Setting up sudo to run docker
Advice for running docker via sudo:
First install the sudo RPM:
yum install sudo
Then use the command
visudo to edit
/etc/sudoers to include a line for user XXX:
XXX ALL=(ALL) /usr/bin/docker
To run an interactive shell with a pseudo-tty:
docker run -i -t centos /bin/bash
Running Apache httpd server on CentOS container: https://registry.hub.docker.com/u/jdeathe/centos-ssh-apache-php/
Fedora dockerfile for httpd: https://github.com/fedora-cloud/Fedora-Dockerfiles/tree/master/apache