Docker on CentOS 7

Essentially a “quickstart” for Docker on CentOS 7.

Install Docker

It is in the OS default repositories, so simply:

yum -y install docker

Create a group

By default, only root can access docker. This may be desirable as access to docker is equivalent to having root but if you want to compromise security for convenience:

# Create a group (-r to create as a system (low GID) group)
groupadd -r docker
# Add user(s)
gpasswd -a someuser docker

Making it work behind a proxy

If (as I am) you are on a network with no direct internet access and a (non-transparent) proxy, the Docker daemon needs telling how to get out in order to fetch containers. This is in the docker systemd documentation and is easy to do if your current environment has the proxy setup (e.g. via /etc/profile.d):

mkdir -p /etc/systemd/system/docker.service.d
# Instead of 'cat - ...' you can use
# sudo tee /etc/systemd/system/docker.service.d/http-proxy.conf <<EOF
# if you want to do this with sudo instead
cat - >/etc/systemd/system/docker.service.d/http-proxy.conf <<EOF
[Service]
Environment="http_proxy=$http_proxy"
Environment="https_proxy=$http_proxy"
Environment="no_proxy=.azurecr.io"
EOF
# As the unit configuration has changed, tell systemd to re-read it
systemctl daemon-reload

N.B. by-passing the proxy for *.azurecr.io is necessary if you have a private registry in Azure (I do) and it is accessed via a private endpoint (mine is).

You can verify the settings are correct by running:

systemctl show --property=Environment docker

Enable and start the daemon

systemctl enable docker
systemctl start docker

If you created a docker group, the daemon will automatically create a unix socket owned by that group (otherwise it will be the root group) without any configuration.

Enjoy

Now you can run the hello-world container:

docker hello-world

Working with a docker registry

This bit was new to me, so I made a few notes about this too (this is not OS-specific).

First thing to do is to login to the registry:

docker login registry_url.domain.tld

Next, tag a local image to point to the registry

docker tag hello-world registry_url.domain.tld/hello-world
# The docker documentation has this command instead (above is from MS Azure's documentation):
#docker image tag hello-world registry_url.domain.tld/hello-world

…and push it:

docker push registry_url.domain.tld/hello-world

Finally, test pulling it back (should say it is already up to date):

docker pull registry_url.domain.tld/hello-world