As per Red Hat documentation Docker is not supported in RHEL 8.
The Podman, Skopeo, and Buildah tools were developed to replace Docker command features. Each tool in this scenario is more lightweight and focused on a subset of features.
For my latest work project, however, where we will be deploying Kubernetes clusters with Rancher we need RHEL8 and Docker.
Manual Install
Following https://linuxconfig.org/how-to-install-docker-in-rhel-8
Add and enable the docker-ce repo with dnf config-manager. Verify with repolist:
$ sudo dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
[ec2-user@ip-192-169-2-20 ~]$ sudo dnf repolist -v | grep docker-ce-stable -A10
repo: using cache for: docker-ce-stable
docker-ce-stable: using metadata from Wed 02 Jun 2021 07:27:37 PM UTC.
....
Repo-id : docker-ce-stable
Repo-name : Docker CE Stable - x86_64
Repo-revision : 1622662057
Repo-updated : Wed 02 Jun 2021 07:27:37 PM UTC
Repo-pkgs : 38
Repo-available-pkgs: 38
Repo-size : 937 M
Repo-baseurl : https://download.docker.com/linux/centos/8/x86_64/stable
Repo-expire : 172,800 second(s) (last: Tue 15 Jun 2021 03:49:08 PM UTC)
Repo-filename : /etc/yum.repos.d/docker-ce.repoDisplay available versions and install with dnf and the –nobest flag:
[ec2-user@ip-192-169-2-20 ~]$ sudo dnf list docker-ce --showduplicates | sort -r
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Last metadata expiration check: 0:40:11 ago on Tue 15 Jun 2021 03:49:08 PM UTC.
docker-ce.x86_64 3:20.10.7-3.el8 docker-ce-stable
docker-ce.x86_64 3:20.10.6-3.el8 docker-ce-stable
docker-ce.x86_64 3:20.10.5-3.el8 docker-ce-stable
docker-ce.x86_64 3:20.10.4-3.el8 docker-ce-stable
docker-ce.x86_64 3:20.10.3-3.el8 docker-ce-stable
docker-ce.x86_64 3:20.10.2-3.el8 docker-ce-stable
docker-ce.x86_64 3:20.10.1-3.el8 docker-ce-stable
docker-ce.x86_64 3:20.10.0-3.el8 docker-ce-stable
docker-ce.x86_64 3:19.03.15-3.el8 docker-ce-stable
docker-ce.x86_64 3:19.03.14-3.el8 docker-ce-stable
docker-ce.x86_64 3:19.03.13-3.el8 docker-ce-stable
Available Packages
[ec2-user@ip-192-169-2-20 ~]$ sudo dnf install --nobest docker-ce
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Last metadata expiration check: 0:40:17 ago on Tue 15 Jun 2021 03:49:08 PM UTC.
Dependencies resolved.
===============================================================================================================================================
Package Architecture Version Repository Size
===============================================================================================================================================
Installing:
docker-ce x86_64 3:20.10.7-3.el8 docker-ce-stable 27 M
Installing dependencies:
container-selinux noarch 2:2.162.0-1.module+el8.4.0+11311+9da8acfb rhui-rhel-8-appstream-rhui-rpms 52 k
containerd.io x86_64 1.4.6-3.1.el8 docker-ce-stable 34 M
docker-ce-cli x86_64 1:20.10.7-3.el8 docker-ce-stable 33 M
docker-ce-rootless-extras x86_64 20.10.7-3.el8 docker-ce-stable 9.2 M
docker-scan-plugin x86_64 0.8.0-3.el8 docker-ce-stable 4.2 M
fuse-common x86_64 3.2.1-12.el8 rhui-rhel-8-baseos-rhui-rpms 21 k
fuse-overlayfs x86_64 1.4.0-3.module+el8.4.0+11311+9da8acfb rhui-rhel-8-appstream-rhui-rpms 72 k
fuse3 x86_64 3.2.1-12.el8 rhui-rhel-8-baseos-rhui-rpms 50 k
fuse3-libs x86_64 3.2.1-12.el8 rhui-rhel-8-baseos-rhui-rpms 94 k
iptables x86_64 1.8.4-10.el8 rhui-rhel-8-baseos-rhui-rpms 581 k
libcgroup x86_64 0.41-19.el8 rhui-rhel-8-baseos-rhui-rpms 70 k
libnetfilter_conntrack x86_64 1.0.6-5.el8 rhui-rhel-8-baseos-rhui-rpms 65 k
libnfnetlink x86_64 1.0.1-13.el8 rhui-rhel-8-baseos-rhui-rpms 33 k
libnftnl x86_64 1.1.5-4.el8 rhui-rhel-8-baseos-rhui-rpms 83 k
libslirp x86_64 4.3.1-1.module+el8.4.0+11311+9da8acfb rhui-rhel-8-appstream-rhui-rpms 69 k
policycoreutils-python-utils noarch 2.9-9.el8 rhui-rhel-8-baseos-rhui-rpms 251 k
slirp4netns x86_64 1.1.8-1.module+el8.4.0+11311+9da8acfb rhui-rhel-8-appstream-rhui-rpms 51 k
Enabling module streams:
container-tools rhel8
Transaction Summary
===============================================================================================================================================
Install 18 Packages
Total download size: 108 M
Installed size: 441 M
Is this ok [y/N]: y
Downloading Packages:
firewalld is already disabled so we don’t need to disable it to address concerns about DNS resolution working inside Docker containers.
Add my user to the docker group and start/enable the docker daemon.
$ sudo usermod -aG docker ec2-user
$ sudo systemctl enable --now docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
$ systemctl is-active docker
active
$ systemctl is-enabled docker
enabled
[ec2-user@ip-192-169-2-20 ~]$ cat /etc/redhat-release && docker --version
Red Hat Enterprise Linux release 8.4 (Ootpa)
Docker version 20.10.7, build f0df350
Test docker with hello-world.
Automated Install with Ansible
As I have a number of servers to repeat the installation on, I’ll use an ansible playbook.
[ec2-user@ip-192-169-2-108 ansible-rhel8]$ ansible --version
ansible 2.9.10
config file = None
configured module search path = ['/home/ec2-user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.6/site-packages/ansible
executable location = /usr/local/bin/ansible
python version = 3.6.8 (default, Mar 18 2021, 08:58:41) [GCC 8.4.1 20200928 (Red Hat 8.4.1-1)]
[ec2-user@ip-192-169-2-108 ansible-rhel8]$ cat /etc/hosts | grep Rancher | awk '{print $2}' > inv
[ec2-user@ip-192-169-2-108 ansible-rhel8]$ vi inv
[ec2-user@ip-192-169-2-108 ansible-rhel8]$ cat inv
[rancher]
DevRHEL8-Rancher-01
DevRHEL8-Rancher-02
DevRHEL8-Rancher-03In the playbook I’m also taking care of some Rancher prerequisites and other tasks
[ec2-user@ip-192-169-2-108 ansible-rhel8]$ cat docker-rancher/tasks/main.yaml
---
- name: Upgrade all packages
dnf:
name: "*"
state: latest
tags: [update_packages]
- name: Install packages
dnf:
name:
- psacct
- git
- yum-utils
- device-mapper-persistent-data
- lvm2
- vim
state: present
tags: [dnf_installs]
- name: Enable docker-ce repo
shell: dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
tags: [docker_repo]
- name: Install docker
dnf:
name: docker-ce
state: present
tags: [docker_install]
- name: enable docker service
systemd:
name: docker
state: restarted
enabled: yes
daemon_reload: yes
tags: [docker_restart]
- name: Update sshd_config AllowAgentForwarding
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^#AllowAgentForwarding yes'
line: 'AllowAgentForwarding yes'
tags: [rancher-prereq]
- name: Update sshd_config AllowTcpForwarding
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^#AllowTcpForwarding yes'
line: 'AllowTcpForwarding yes'
tags: [rancher-prereq]
- name: Update sshd_config GatewayPorts
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^#GatewayPorts no'
line: 'GatewayPorts yes'
tags: [rancher-prereq]
- name: check bridge networking is allowed
shell: modprobe br_netfilter
tags: [bridge]
- name: check bridge networking is allowed bridge-nf-call-iptables
shell: echo "1" > /proc/sys/net/bridge/bridge-nf-call-iptables
tags: [bridge]
- name: Add Kubernetes repo
yum_repository:
name: kubernetes
description: Kubernetes repo
file: kubernetes
baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled: yes
gpgcheck: 1
repo_gpgcheck: 1
gpgkey: https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
tags: [k8srepo]
- name: Install packages
dnf:
name:
- kubectl
state: present
tags: [kubectl_install]
- name: Update /etc/hosts
copy:
src: /etc/hosts
dest: /etc/hosts
mode: '0644'
tags: [hosts_file]Running the playbook:
[ec2-user@ip-192-169-2-108 ansible-rhel8]$ ansible-playbook -i ./inv docker-rancher.yaml -b
PLAY [rancher] ********************************************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************************************
ok: [DevRHEL8-Rancher-03]
ok: [DevRHEL8-Rancher-02]
ok: [DevRHEL8-Rancher-01]
TASK [docker-rancher : Upgrade all packages] **************************************************************************************************
changed: [DevRHEL8-Rancher-02]
changed: [DevRHEL8-Rancher-03]
changed: [DevRHEL8-Rancher-01]
TASK [docker-rancher : Install packages] ******************************************************************************************************
changed: [DevRHEL8-Rancher-03]
changed: [DevRHEL8-Rancher-02]
changed: [DevRHEL8-Rancher-01]
TASK [docker-rancher : Enable docker-ce repo] *************************************************************************************************
[WARNING]: Consider using the dnf module rather than running 'dnf'. If you need to use command because dnf is insufficient you can add 'warn:
false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message.
changed: [DevRHEL8-Rancher-03]
changed: [DevRHEL8-Rancher-02]
changed: [DevRHEL8-Rancher-01]
TASK [docker-rancher : Install docker] ********************************************************************************************************
changed: [DevRHEL8-Rancher-03]
changed: [DevRHEL8-Rancher-01]
changed: [DevRHEL8-Rancher-02]
TASK [docker-rancher : enable docker service] *************************************************************************************************
changed: [DevRHEL8-Rancher-03]
changed: [DevRHEL8-Rancher-02]
changed: [DevRHEL8-Rancher-01]
TASK [docker-rancher : Update sshd_config AllowAgentForwarding] *******************************************************************************
changed: [DevRHEL8-Rancher-03]
changed: [DevRHEL8-Rancher-01]
changed: [DevRHEL8-Rancher-02]
TASK [docker-rancher : Update sshd_config AllowTcpForwarding] *********************************************************************************
changed: [DevRHEL8-Rancher-01]
changed: [DevRHEL8-Rancher-03]
changed: [DevRHEL8-Rancher-02]
TASK [docker-rancher : Update sshd_config GatewayPorts] ***************************************************************************************
changed: [DevRHEL8-Rancher-02]
changed: [DevRHEL8-Rancher-03]
changed: [DevRHEL8-Rancher-01]
TASK [docker-rancher : check bridge networking is allowed] ************************************************************************************
changed: [DevRHEL8-Rancher-03]
changed: [DevRHEL8-Rancher-02]
changed: [DevRHEL8-Rancher-01]
TASK [docker-rancher : check bridge networking is allowed bridge-nf-call-iptables] ************************************************************
changed: [DevRHEL8-Rancher-03]
changed: [DevRHEL8-Rancher-02]
changed: [DevRHEL8-Rancher-01]
TASK [docker-rancher : Add Kubernetes repo] ***************************************************************************************************
changed: [DevRHEL8-Rancher-03]
changed: [DevRHEL8-Rancher-02]
changed: [DevRHEL8-Rancher-01]
TASK [docker-rancher : Install packages] ******************************************************************************************************
changed: [DevRHEL8-Rancher-03]
changed: [DevRHEL8-Rancher-02]
changed: [DevRHEL8-Rancher-01]
TASK [docker-rancher : Update /etc/hosts] *****************************************************************************************************
changed: [DevRHEL8-Rancher-03]
changed: [DevRHEL8-Rancher-01]
changed: [DevRHEL8-Rancher-02]
PLAY RECAP ************************************************************************************************************************************
DevRHEL8-Rancher-01 : ok=14 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
DevRHEL8-Rancher-02 : ok=14 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
DevRHEL8-Rancher-03 : ok=14 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0Test as before with ‘docker run hello-world’ and verify docker version:
[ec2-user@ip-192-169-2-7 ~]$ cat /etc/redhat-release && docker --version
Red Hat Enterprise Linux release 8.4 (Ootpa)
Docker version 20.10.7, build f0df350Scripted Install
Rancher provide a handy install script available at https://releases.rancher.com/install-docker/20.10.sh
[ec2-user@ip-192-169-2-250 ~]$ curl https://releases.rancher.com/install-docker/20.10.sh | sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 17683 100 17683 0 0 46904 0 --:--:-- --:--:-- --:--:-- 46904
# Executing docker install script, commit: 7cae5f8b0decc17d6571f9f52eb840fbc13b2737
+ sudo -E sh -c 'yum install -y -q yum-utils'
+ sudo -E sh -c 'yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo'
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Adding repo from: https://download.docker.com/linux/centos/docker-ce.repo
+ '[' stable '!=' stable ']'
+ '[' rhel = rhel ']'
+ adjust_repo_releasever 8.2
+ DOWNLOAD_URL=https://download.docker.com
+ case $1 in
+ releasever=8
+ for channel in "stable" "test" "nightly"
+ sudo -E sh -c 'yum-config-manager --setopt=docker-ce-stable.baseurl=https://download.docker.com/linux/centos/8/\$basearch/stable --save'
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
+ sudo -E sh -c 'yum-config-manager --setopt=docker-ce-stable-debuginfo.baseurl=https://download.docker.com/linux/centos/8/debug-\$basearch/stable --save'
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
+ sudo -E sh -c 'yum-config-manager --setopt=docker-ce-stable-source.baseurl=https://download.docker.com/linux/centos/8/source/stable --save'
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
+ for channel in "stable" "test" "nightly"
+ sudo -E sh -c 'yum-config-manager --setopt=docker-ce-test.baseurl=https://download.docker.com/linux/centos/8/\$basearch/test --save'
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
+ sudo -E sh -c 'yum-config-manager --setopt=docker-ce-test-debuginfo.baseurl=https://download.docker.com/linux/centos/8/debug-\$basearch/test --save'
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
+ sudo -E sh -c 'yum-config-manager --setopt=docker-ce-test-source.baseurl=https://download.docker.com/linux/centos/8/source/test --save'
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
+ for channel in "stable" "test" "nightly"
+ sudo -E sh -c 'yum-config-manager --setopt=docker-ce-nightly.baseurl=https://download.docker.com/linux/centos/8/\$basearch/nightly --save'
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
+ sudo -E sh -c 'yum-config-manager --setopt=docker-ce-nightly-debuginfo.baseurl=https://download.docker.com/linux/centos/8/debug-\$basearch/nightly --save'
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
+ sudo -E sh -c 'yum-config-manager --setopt=docker-ce-nightly-source.baseurl=https://download.docker.com/linux/centos/8/source/nightly --save'
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
+ [[ 8.2 =~ 7\. ]]
+ '[' 8.2 == 7 ']'
+ sudo -E sh -c 'yum makecache'
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Docker CE Stable - x86_64 137 kB/s | 14 kB 00:00
Red Hat Update Infrastructure 3 Client Configuration Server 8 35 kB/s | 2.1 kB 00:00
Red Hat Enterprise Linux 8 for x86_64 - AppStream from RHUI (RPMs) 22 kB/s | 2.8 kB 00:00
Red Hat Enterprise Linux 8 for x86_64 - BaseOS from RHUI (RPMs) 24 kB/s | 2.4 kB 00:00
Metadata cache created.
INFO: Searching repository for VERSION '20.10.7'
INFO: yum list --showduplicates 'docker-ce' | grep '20.10.7.*el' | tail -1 | awk '{print $2}'
+ '[' -n 20.10.7-3.el8 ']'
+ sudo -E sh -c 'yum install -y -q docker-ce-cli-20.10.7-3.el8'
warning: /var/cache/dnf/docker-ce-stable-fa9dc42ab4cec2f4/packages/docker-ce-cli-20.10.7-3.el8.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY
Importing GPG key 0x621E9F35:
Userid : "Docker Release (CE rpm) <docker@docker.com>"
Fingerprint: 060A 61C5 1B55 8A7F 742B 77AA C52F EB6B 621E 9F35
From : https://download.docker.com/linux/centos/gpg
Installed:
docker-ce-cli-1:20.10.7-3.el8.x86_64 docker-scan-plugin-0.8.0-3.el8.x86_64
+ sudo -E sh -c 'yum install -y -q docker-ce-20.10.7-3.el8'
Installed:
container-selinux-2:2.162.0-1.module+el8.4.0+11311+9da8acfb.noarch containerd.io-1.4.6-3.1.el8.x86_64
docker-ce-3:20.10.7-3.el8.x86_64 docker-ce-rootless-extras-20.10.7-3.el8.x86_64
fuse-common-3.2.1-12.el8.x86_64 fuse-overlayfs-1.4.0-3.module+el8.4.0+11311+9da8acfb.x86_64
fuse3-3.2.1-12.el8.x86_64 fuse3-libs-3.2.1-12.el8.x86_64
iptables-1.8.4-10.el8.x86_64 libcgroup-0.41-19.el8.x86_64
libnetfilter_conntrack-1.0.6-5.el8.x86_64 libnfnetlink-1.0.1-13.el8.x86_64
libnftnl-1.1.5-4.el8.x86_64 libslirp-4.3.1-1.module+el8.4.0+11311+9da8acfb.x86_64
policycoreutils-python-utils-2.9-9.el8.noarch slirp4netns-1.1.8-1.module+el8.4.0+11311+9da8acfb.x86_64
+ '[' -n 1 ']'
+ sudo -E sh -c 'yum install -y -q docker-ce-rootless-extras-20.10.7-3.el8'
+ command_exists iptables
+ command -v iptables
+ start_docker
+ '[' '!' -z ']'
+ '[' -d /run/systemd/system ']'
+ sudo -E sh -c 'systemctl start docker'
+ sudo -E sh -c 'docker version'
Client: Docker Engine - Community
Version: 20.10.7
API version: 1.41
Go version: go1.13.15
Git commit: f0df350
Built: Wed Jun 2 11:56:24 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.7
API version: 1.41 (minimum version 1.12)
Go version: go1.13.15
Git commit: b0f5bc3
Built: Wed Jun 2 11:54:48 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.6
GitCommit: d71fcd7d8303cbf684402823e425e9dd2e99285d
runc:
Version: 1.0.0-rc95
GitCommit: b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7
docker-init:
Version: 0.19.0
GitCommit: de40ad0
================================================================================
To run Docker as a non-privileged user, consider setting up the
Docker daemon in rootless mode for your user:
dockerd-rootless-setuptool.sh install
Visit https://docs.docker.com/go/rootless/ to learn about rootless mode.
To run the Docker daemon as a fully privileged service, but granting non-root
users access, refer to https://docs.docker.com/go/daemon-access/
WARNING: Access to the remote API on a privileged Docker daemon is equivalent
to root access on the host. Refer to the 'Docker daemon attack surface'
documentation for details: https://docs.docker.com/go/attack-surface/
================================================================================
[ec2-user@ip-192-169-2-250 ~]$
https://releases.rancher.com/install-docker/20.10.shVerify as before:
[ec2-user@ip-192-169-2-250 ~]$ cat /etc/redhat-release && docker --version
Red Hat Enterprise Linux release 8.4 (Ootpa)
Docker version 20.10.7, build f0df350I’ll use this script in later versions of the ansible playbook.
Wrapping Up
I didn’t expect the process of installing docker on RHEL8 to be so easy, I expected to hit dependency issues, but it seems with the later versions of Docker 20.10 many of the install issues are fixed https://medium.com/nttlabs/docker-20-10-59cc4bd59d37 .
It is still not an ideal situation, Red Hat are unlikely to help with any container related issues on opening a support case where we are running docker and not podman on RHEL8, but docker appears to be stable.