centos 8 logo

Docker di centos 8, belum sepenuhnya support oleh docker.io masih ada beberapa package yang belum compatible seperti versi dari containerd.io > 1.2.0-3.el7 dan ada beberapa problem lagi yaitu firewalld akan memblock comunication antar container, bagaimana cara menghandlenya. ok sekarang langsung ja kita install.

Set selinux = permissive

Edit file /etc/selinux/config ganti SELINUX=permissive menjadi seperti berikut:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.

Kemudian restart / reboot servernya, setelah itu baru install dependency

Install Dependency

Sebelum kita install docker-ce package kita install dulu dependencynya seperti berikut:

dnf install dnf-utils device-mapper-persistent-data lvm2 fuse-overlayfs wget

Add docker-ce repository for centos

Kemudian kita tambahkan repository docker-ce untuk centos dengan perintah seperti berikut:

yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

hasilnya seperti berikut:

[root@dev01 ~]# ls /etc/yum.repos.d/docker-ce.repo

[root@dev01 ~]# cat /etc/yum.repos.d/docker-ce.repo
name=Docker CE Stable - $basearch

Install Docker CE

Setelah itu kita Downloads dan Install dulu package containerd.io dengan perintah berikut:

dnf install containerd.io-1.2.13-3.2.el7.x86_64

Setelah terinstall baru kita, install package docker-ce

dnf install docker-ce docker-ce-cli

(Optional) expose dockerd via http

Kita edit file /lib/systemd/system/docker.service tambahkan host tcp:// seperti berikut:

Description=Docker Application Container Engine
After=network-online.target firewalld.service containerd.service

# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// -H tcp://  --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID

# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.

# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.

# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.

# set delegate yes so that systemd does not reset the cgroups of docker containers

# kill only the docker process, not all processes in the cgroup


(Optional) add insecure registry

Untuk menambahkan insecure registry kita buat file / edit pada /etc/docker/daemon.json seperti berikut:

	"insecure-registries": [
	"debug": true,
	"experimental": false

Start service docker

Kemudian kita jalankan service dockernya dengan perintah seperti berikut:

systemctl enable --now docker

Ok di tahap ini install docker udah selesai, sekarang kita setting supaya DNS (Domain Names Server) bisa dikenali routenya dengan cara disable firewald atau dengan cara berikut:

# Allows container to container communication, the solution to the problem
firewall-cmd --zone=public --add-masquerade --permanent

# Allow port 2375 expose to outside network
firewall-cmd --zone=public --add-port=2375/tcp --permanent

# reload the firewall
firewall-cmd --reload