Greetings, I tried to install docker for production, unfortunately I didn’t find “rocky linux”, shall I go with CentOS version or Rhel? Thanks in advance
In Redhat base I think you can use podman, it is already installed in Rocky Linux
Hi, Thank you for taking a time to answer my question. After couple of research, I tried installing centos version and so far it works as it supposed to be. Stay safe & stay health.
podman search rocky podman pull docker.io/rockylinux/rockylinux
Thank you for giving a suggestion for me, I have never heard about podman, can’t wait to try it
You can just
dnf install podman-docker and then using ‘docker command’ instead of ‘podman’ :
Red Hat did describe podman when it did release RHEL 8.
IMHO, Docker is a nightmare. It needs daemon. It needs elevated privileges, which is a security issue.
Podman (and singularity) do not run as daemon. They can be run as regular user.
I don’t know how to express my gratitude for your kindness. To be fair, I haven’t deeply read podman documentation
https://docs.podman.io/en/latest/Introduction.html. But I notice, they said
instead of using
So, as far as I understand, podman is just the “better” version of docker with the same application?
The “better” is always subjective. Podman is compatible; it can use Docker image format, and thus existing Docker repositories and images.
The singularity is different. It has tools to generate singularity images from Docker images (if you are root), but not use Docker images directly.
it’s been a while, I have been using podman for almost 2 weeks, and I am loving it! Thank you very much for the insight
After 30 years of Unix systems, I didn’t know that having a “daemon” is considered a nightmare.
By the way, Docker can be configured in rootless mode and its client / server communication can be protected through SSL.
Also, some notes:
- There is no “docker image format”. Docker uses OCI image format, so nothing specific to Docker.
- Same for the repositories. The docker registry is not something specific to Docker itself, it’s just an OCI image repository.
- Podman can run images but can’t build them. Docker can be used to configure build farms, thanks to its daemon, which is a fairly powerful concept.
- Docker is the de facto standard in container management.
Docker has hopefully improved.
Our use case has been multiple users on SLURM cluster. They submit jobs and SLURM executes those jobs on some nodes of the cluster. The users never ever have root privileges. Back when we first looked at containers for running applications that don’t run on CentOS 7 natively, Docker was not feasible.
I have tried it and many issue arise and hardly to debug. Instead of doing heavy tweaks, I enable selinux for docker daemon, so every file that doesn’t labeled as libvirt can’t be read or modified by docker. I think it is significantly reduce attack surface, while having “normal working docker”.