centos
Estimated reading time: 7 minutesThe official build of CentOS.
GitHub repo: https://github.com/CentOS/sig-cloud-instance-images
Library reference
This content is imported from the official Docker Library docs, and is provided by the original uploader. You can view the Docker Hub page for this image at https://hub.docker.com/images/centos
Supported tags and respective Dockerfile
links
latest
,centos7
,7
(docker/Dockerfile)centos6
,6
(docker/Dockerfile)centos7.6.1810
,7.6.1810
(docker/Dockerfile)centos7.5.1804
,7.5.1804
(docker/Dockerfile)centos7.4.1708
,7.4.1708
(docker/Dockerfile)centos7.3.1611
,7.3.1611
(docker/Dockerfile)centos7.2.1511
,7.2.1511
(docker/Dockerfile)centos7.1.1503
,7.1.1503
(docker/Dockerfile)centos7.0.1406
,7.0.1406
(docker/Dockerfile)centos6.10
,6.10
(docker/Dockerfile)centos6.9
,6.9
(docker/Dockerfile)centos6.8
,6.8
(docker/Dockerfile)centos6.7
,6.7
(docker/Dockerfile)centos6.6
,6.6
(docker/Dockerfile)
Quick reference
-
Where to get help:
the Docker Community Forums, the Docker Community Slack, or Stack Overflow -
Where to file issues:
https://bugs.centos.org or GitHub -
Maintained by:
The CentOS Project -
Supported architectures: (more info)
amd64
,arm32v7
,arm64v8
,i386
,ppc64le
-
Published image artifact details:
repo-info repo’srepos/centos/
directory (history)
(image metadata, transfer size, etc) -
Image updates:
official-images PRs with labellibrary/centos
official-images repo’slibrary/centos
file (history) -
Source of this description:
docs repo’scentos/
directory (history) -
Supported Docker versions:
the latest release (down to 1.6 on a best-effort basis)
CentOS
CentOS Linux is a community-supported distribution derived from sources freely provided to the public by Red Hat for Red Hat Enterprise Linux (RHEL). As such, CentOS Linux aims to be functionally compatible with RHEL. The CentOS Project mainly changes packages to remove upstream vendor branding and artwork. CentOS Linux is no-cost and free to redistribute. Each CentOS Linux version is maintained for up to 10 years (by means of security updates -- the duration of the support interval by Red Hat has varied over time with respect to Sources released). A new CentOS Linux version is released approximately every 2 years and each CentOS Linux version is periodically updated (roughly every 6 months) to support newer hardware. This results in a secure, low-maintenance, reliable, predictable, and reproducible Linux environment.
CentOS image documentation
The centos:latest
tag is always the most recent version currently available.
Rolling builds
The CentOS Project offers regularly updated images for all active releases. These images will be updated monthly or as needed for emergency fixes. These rolling updates are tagged with the major version number only. For example: docker pull centos:6
or docker pull centos:7
Minor tags
Additionally, images with minor version tags that correspond to install media are also offered. These images DO NOT receive updates as they are intended to match installation iso contents. If you choose to use these images it is highly recommended that you include RUN yum -y update && yum clean all
in your Dockerfile, or otherwise address any potential security concerns. To use these images, please specify the minor version tag:
For example: docker pull centos:5.11
or docker pull centos:6.6
Overlayfs and yum
Recent Docker versions support the overlayfs backend, which is enabled by default on most distros supporting it from Docker 1.13 onwards. On Centos 6 and 7, that backend requires yum-plugin-ovl to be installed and enabled; while it is installed by default in recent centos images, make it sure you retain the plugins=1
option in /etc/yum.conf
if you update that file; otherwise, you may encounter errors related to rpmdb checksum failure - see Docker ticket 10180 for more details.
Package documentation
By default, the CentOS containers are built using yum’s nodocs
option, which helps reduce the size of the image. If you install a package and discover files missing, please comment out the line tsflags=nodocs
in /etc/yum.conf
and reinstall your package.
Systemd integration
Systemd is now included in both the centos:7 and centos:latest base containers, but it is not active by default. In order to use systemd, you will need to include text similar to the example Dockerfile below:
Dockerfile for systemd base image
FROM centos:7
ENV container docker
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == \
systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]
This Dockerfile deletes a number of unit files which might cause issues. From here, you are ready to build your base image.
$ docker build --rm -t local/c7-systemd .
Example systemd enabled app container
In order to use the systemd enabled base container created above, you will need to create your Dockerfile
similar to the one below.
FROM local/c7-systemd
RUN yum -y install httpd; yum clean all; systemctl enable httpd.service
EXPOSE 80
CMD ["/usr/sbin/init"]
Build this image:
$ docker build --rm -t local/c7-systemd-httpd .
Running a systemd enabled app container
In order to run a container with systemd, you will need to mount the cgroups volumes from the host. Below is an example command that will run the systemd enabled httpd container created earlier.
$ docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -p 80:80 local/c7-systemd-httpd
This container is running with systemd in a limited context, with the cgroups filesystem mounted. There have been reports that if you’re using an Ubuntu host, you will need to add -v /tmp/$(mktemp -d):/run
in addition to the cgroups mount.
A note about vsyscall
CentOS 6 binaries and/or libraries are built to expect some system calls to be accessed via vsyscall
mappings. Some linux distributions have opted to disable vsyscall
entirely (opting exclusively for more secure vdso
mappings), causing segmentation faults.
If running docker run --rm -it centos:centos6.7 bash
immediately exits with status code 139
, check to see if your system has disabled vsyscall:
$ cat /proc/self/maps | egrep 'vdso|vsyscall'
7fffccfcc000-7fffccfce000 r-xp 00000000 00:00 0 [vdso]
$
vs
$ cat /proc/self/maps | egrep 'vdso|vsyscall'
7fffe03fe000-7fffe0400000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
If you do not see a vsyscall
mapping, and you need to run a CentOS 6 container, try adding vsyscall=emulated
to the kernel options in your bootloader
Further reading : lwn.net
License
View license information for the software contained in this image.
As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
Some additional license information which was able to be auto-detected might be found in the repo-info
repository’s centos/
directory.
As for any pre-built image usage, it is the image user’s responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.