Which docker repo should I install

Greetings, I tried to install docker for production, unfortunately I didn’t find “rocky linux”, shall I go with CentOS version or Rhel? Thanks in advance :slight_smile:

In Redhat base I think you can use podman, it is already installed in Rocky Linux

Hi, Thank you for taking a time to answer my question. After couple of research, I tried installing centos version and so far it works as it supposed to be. Stay safe & stay health.

1 Like
podman search rocky
podman pull docker.io/rockylinux/rockylinux

Hi there,

Thank you for giving a suggestion for me, I have never heard about podman, can’t wait to try it :slight_smile:

You can just dnf install podman-docker and then using ‘docker command’ instead of ‘podman’ :

docker pull 

Red Hat did describe podman when it did release RHEL 8.

IMHO, Docker is a nightmare. It needs daemon. It needs elevated privileges, which is a security issue.

Podman (and singularity) do not run as daemon. They can be run as regular user.

@berlin @jlehtone

I don’t know how to express my gratitude for your kindness. To be fair, I haven’t deeply read podman documentation https://docs.podman.io/en/latest/Introduction.html. But I notice, they said

podman <statement>

instead of using docker <command>
So, as far as I understand, podman is just the “better” version of docker with the same application?

1 Like

The “better” is always subjective. Podman is compatible; it can use Docker image format, and thus existing Docker repositories and images.

The singularity is different. It has tools to generate singularity images from Docker images (if you are root), but not use Docker images directly.

Hi @jlehtone,
it’s been a while, I have been using podman for almost 2 weeks, and I am loving it! Thank you very much for the insight :wink:

After 30 years of Unix systems, I didn’t know that having a “daemon” is considered a nightmare.
By the way, Docker can be configured in rootless mode and its client / server communication can be protected through SSL.

Also, some notes:

  1. There is no “docker image format”. Docker uses OCI image format, so nothing specific to Docker.
  2. Same for the repositories. The docker registry is not something specific to Docker itself, it’s just an OCI image repository.
  3. Podman can run images but can’t build them. Docker can be used to configure build farms, thanks to its daemon, which is a fairly powerful concept.
  4. Docker is the de facto standard in container management.

Docker has hopefully improved.

Our use case has been multiple users on SLURM cluster. They submit jobs and SLURM executes those jobs on some nodes of the cluster. The users never ever have root privileges. Back when we first looked at containers for running applications that don’t run on CentOS 7 natively, Docker was not feasible.

I have tried it and many issue arise and hardly to debug. Instead of doing heavy tweaks, I enable selinux for docker daemon, so every file that doesn’t labeled as libvirt can’t be read or modified by docker. I think it is significantly reduce attack surface, while having “normal working docker”.