|
|
@@ -15,22 +15,102 @@ repo](https://github.com/docker-library/official-images).
|
|
|
|
|
|
# CentOS
|
|
|
|
|
|
-CentOS (abbreviated from Community Enterprise Operating System) is a Linux
|
|
|
-distribution that attempts to provide a free, enterprise-class,
|
|
|
-community-supported computing platform which aims to be 100% binary compatible
|
|
|
-with its upstream source, Red Hat Enterprise Linux (RHEL). In January 2014, it
|
|
|
-was announced that CentOS was officially joining forces with Red Hat while
|
|
|
-staying independent from RHEL, under a new CentOS Governing Board.
|
|
|
+CentOS Linux is a community-supported distribution derived from sources
|
|
|
+freely provided to the public by [Red Hat](ftp://ftp.redhat.com/pub/redhat/linux/enterprise/)
|
|
|
+for Red Hat Enterprise Linux (RHEL). As such, CentOS Linux aims to be
|
|
|
+functionally compatible with RHEL. The CentOS Project mainly changes
|
|
|
+packages to remove upstream vendor branding and artwork. CentOS Linux
|
|
|
+is no-cost and free to redistribute. Each CentOS Linux version is maintained
|
|
|
+for up to 10 years (by means of security updates -- the duration of the
|
|
|
+support interval by Red Hat has varied over time with respect to Sources
|
|
|
+released). A new CentOS Linux version is released approximately every 2 years
|
|
|
+and each CentOS Linux version is periodically updated (roughly every 6 months)
|
|
|
+to support newer hardware. This results in a secure, low-maintenance,
|
|
|
+reliable, predictable, and reproducible Linux environment.
|
|
|
+
|
|
|
+
|
|
|
+> [wiki.centos.org](https://wiki.centos.org/FrontPage)
|
|
|
|
|
|
-> [wikipedia.org/wiki/CentOS](https://en.wikipedia.org/wiki/CentOS)
|
|
|
+
|
|
|
|
|
|
-This is the official CentOS image, and will be updated on a regular schedule or
|
|
|
-as needed for emergency fixes.
|
|
|
+# CentOS image documentation
|
|
|
|
|
|
-The `centos:latest` tag will always point to the most recent version currently
|
|
|
-available, and `centos:centos6` will point to the latest version of the CentOS 6 tree.
|
|
|
+The `centos:latest` tag is always the most recent version currently
|
|
|
+available.
|
|
|
|
|
|
-
|
|
|
+The CentOS Project offers regularly updated images for all active releases.
|
|
|
+These images will be updated monthly or as needed for emergency fixes. These
|
|
|
+rolling updates are tagged with the major version number only.
|
|
|
+For example: `docker pull centos:6` or `docker pull centos:7`
|
|
|
+
|
|
|
+Additionally, images that correspond to install media are also offered. These
|
|
|
+images DO NOT recieve updates as they are intended to match installation iso
|
|
|
+contents. If you choose to use these images it is highly recommended that you
|
|
|
+include `RUN yum -y update && yum clean all` in your Dockerfile, or otherwise
|
|
|
+address any potential security concerns. To use these images, please specify
|
|
|
+the minor version tag:
|
|
|
+
|
|
|
+For example: `docker pull centos:5.11` or `docker pull centos:6.6`
|
|
|
+
|
|
|
+
|
|
|
+# Systemd integration
|
|
|
+
|
|
|
+Currently, systemd in CentOS 7 has been removed and replaced with a
|
|
|
+`fakesystemd` package for dependency resolution. This is due to systemd
|
|
|
+requiring the `CAP_SYS_ADMIN` capability, as well as being able to read
|
|
|
+the host's cgroups. If you wish to replace the fakesystemd package and
|
|
|
+use systemd normally, please follow the steps below.
|
|
|
+
|
|
|
+## Dockerfile for systemd base image
|
|
|
+
|
|
|
+ FROM centos:7
|
|
|
+ MAINTAINER "you" <[email protected]>
|
|
|
+ ENV container docker
|
|
|
+ RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs
|
|
|
+ RUN yum -y update; yum clean all; \
|
|
|
+ (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i ==
|
|
|
+ systemd-tmpfiles-setup.service ] || rm -f $i; done); \
|
|
|
+ rm -f /lib/systemd/system/multi-user.target.wants/*;\
|
|
|
+ rm -f /etc/systemd/system/*.wants/*;\
|
|
|
+ rm -f /lib/systemd/system/local-fs.target.wants/*; \
|
|
|
+ rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
|
|
|
+ rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
|
|
|
+ rm -f /lib/systemd/system/basic.target.wants/*;\
|
|
|
+ rm -f /lib/systemd/system/anaconda.target.wants/*;
|
|
|
+ VOLUME [ "/sys/fs/cgroup" ]
|
|
|
+ CMD ["/usr/sbin/init"]
|
|
|
+
|
|
|
+This Dockerfile swaps out fakesystemd for the real package, but deletes a
|
|
|
+number of unit files which might cause issues. From here, you are ready
|
|
|
+to build your base image.
|
|
|
+
|
|
|
+ docker build --rm -t local/c7-systemd .
|
|
|
+
|
|
|
+## Example systemd enabled app container
|
|
|
+
|
|
|
+In order to use the systemd enabled base container created above, you will
|
|
|
+need to create your `Dockerfile` similar to the one below.
|
|
|
+
|
|
|
+ FROM local/c7-systemd
|
|
|
+ RUN yum -y install httpd; yum clean all; systemctl enable httpd.service
|
|
|
+ EXPOSE 80
|
|
|
+ CMD ["/usr/sbin/init"]
|
|
|
+
|
|
|
+Build this image:
|
|
|
+
|
|
|
+ docker build --rm -t local/c7-systemd-httpd
|
|
|
+
|
|
|
+## Running a systemd enabled app container
|
|
|
+
|
|
|
+In order to run a container with systemd, you will need to use the
|
|
|
+`--privileged` option mentioned earlier, as well as mounting the cgroups
|
|
|
+volumes from the host. Below is an example command that will run the
|
|
|
+systemd enabled httpd container created earlier.
|
|
|
+
|
|
|
+ docker run --privileged -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -p 80:80 local/c7-systemd-httpd
|
|
|
+
|
|
|
+This container is running with systemd in a limited context, but it must
|
|
|
+always be run as a privileged container with the cgroups filesystem mounted.
|
|
|
|
|
|
# Supported Docker versions
|
|
|
|
Tianon Gravi