diff --git a/centos/README.md b/centos/README.md index 3593c0c62..3a0dad16f 100644 --- a/centos/README.md +++ b/centos/README.md @@ -15,23 +15,103 @@ repo](https://github.com/docker-library/official-images). # CentOS -CentOS (abbreviated from Community Enterprise Operating System) is a Linux -distribution that attempts to provide a free, enterprise-class, -community-supported computing platform which aims to be 100% binary compatible -with its upstream source, Red Hat Enterprise Linux (RHEL). In January 2014, it -was announced that CentOS was officially joining forces with Red Hat while -staying independent from RHEL, under a new CentOS Governing Board. +CentOS Linux is a community-supported distribution derived from sources +freely provided to the public by [Red Hat](ftp://ftp.redhat.com/pub/redhat/linux/enterprise/) +for Red Hat Enterprise Linux (RHEL). As such, CentOS Linux aims to be +functionally compatible with RHEL. The CentOS Project mainly changes +packages to remove upstream vendor branding and artwork. CentOS Linux +is no-cost and free to redistribute. Each CentOS Linux version is maintained +for up to 10 years (by means of security updates -- the duration of the +support interval by Red Hat has varied over time with respect to Sources +released). A new CentOS Linux version is released approximately every 2 years +and each CentOS Linux version is periodically updated (roughly every 6 months) +to support newer hardware. This results in a secure, low-maintenance, +reliable, predictable, and reproducible Linux environment. -> [wikipedia.org/wiki/CentOS](https://en.wikipedia.org/wiki/CentOS) -This is the official CentOS image, and will be updated on a regular schedule or -as needed for emergency fixes. - -The `centos:latest` tag will always point to the most recent version currently -available, and `centos:centos6` will point to the latest version of the CentOS 6 tree. +> [wiki.centos.org](https://wiki.centos.org/FrontPage) ![logo](https://raw.githubusercontent.com/docker-library/docs/master/centos/logo.png) +# CentOS image documentation + +The `centos:latest` tag is always the most recent version currently +available. + +The CentOS Project offers regularly updated images for all active releases. +These images will be updated monthly or as needed for emergency fixes. These +rolling updates are tagged with the major version number only. +For example: `docker pull centos:6` or `docker pull centos:7` + +Additionally, images that correspond to install media are also offered. These +images DO NOT recieve updates as they are intended to match installation iso +contents. If you choose to use these images it is highly recommended that you +include `RUN yum -y update && yum clean all` in your Dockerfile, or otherwise +address any potential security concerns. To use these images, please specify +the minor version tag: + +For example: `docker pull centos:5.11` or `docker pull centos:6.6` + + +# Systemd integration + +Currently, systemd in CentOS 7 has been removed and replaced with a +`fakesystemd` package for dependency resolution. This is due to systemd +requiring the `CAP_SYS_ADMIN` capability, as well as being able to read +the host's cgroups. If you wish to replace the fakesystemd package and +use systemd normally, please follow the steps below. + +## Dockerfile for systemd base image + + FROM centos:7 + MAINTAINER "you" + ENV container docker + RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs + RUN yum -y update; yum clean all; \ + (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == + systemd-tmpfiles-setup.service ] || rm -f $i; done); \ + rm -f /lib/systemd/system/multi-user.target.wants/*;\ + rm -f /etc/systemd/system/*.wants/*;\ + rm -f /lib/systemd/system/local-fs.target.wants/*; \ + rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ + rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ + rm -f /lib/systemd/system/basic.target.wants/*;\ + rm -f /lib/systemd/system/anaconda.target.wants/*; + VOLUME [ "/sys/fs/cgroup" ] + CMD ["/usr/sbin/init"] + +This Dockerfile swaps out fakesystemd for the real package, but deletes a +number of unit files which might cause issues. From here, you are ready +to build your base image. + + docker build --rm -t local/c7-systemd . + +## Example systemd enabled app container + +In order to use the systemd enabled base container created above, you will +need to create your `Dockerfile` similar to the one below. + + FROM local/c7-systemd + RUN yum -y install httpd; yum clean all; systemctl enable httpd.service + EXPOSE 80 + CMD ["/usr/sbin/init"] + +Build this image: + + docker build --rm -t local/c7-systemd-httpd + +## Running a systemd enabled app container + +In order to run a container with systemd, you will need to use the +`--privileged` option mentioned earlier, as well as mounting the cgroups +volumes from the host. Below is an example command that will run the +systemd enabled httpd container created earlier. + + docker run --privileged -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -p 80:80 local/c7-systemd-httpd + +This container is running with systemd in a limited context, but it must +always be run as a privileged container with the cgroups filesystem mounted. + # Supported Docker versions This image is officially supported on Docker version 1.4.1. diff --git a/centos/content.md b/centos/content.md index b0f3b9d0a..ac823f7dd 100644 --- a/centos/content.md +++ b/centos/content.md @@ -1,18 +1,98 @@ # CentOS -CentOS (abbreviated from Community Enterprise Operating System) is a Linux -distribution that attempts to provide a free, enterprise-class, -community-supported computing platform which aims to be 100% binary compatible -with its upstream source, Red Hat Enterprise Linux (RHEL). In January 2014, it -was announced that CentOS was officially joining forces with Red Hat while -staying independent from RHEL, under a new CentOS Governing Board. +CentOS Linux is a community-supported distribution derived from sources +freely provided to the public by [Red Hat](ftp://ftp.redhat.com/pub/redhat/linux/enterprise/) +for Red Hat Enterprise Linux (RHEL). As such, CentOS Linux aims to be +functionally compatible with RHEL. The CentOS Project mainly changes +packages to remove upstream vendor branding and artwork. CentOS Linux +is no-cost and free to redistribute. Each CentOS Linux version is maintained +for up to 10 years (by means of security updates -- the duration of the +support interval by Red Hat has varied over time with respect to Sources +released). A new CentOS Linux version is released approximately every 2 years +and each CentOS Linux version is periodically updated (roughly every 6 months) +to support newer hardware. This results in a secure, low-maintenance, +reliable, predictable, and reproducible Linux environment. -> [wikipedia.org/wiki/CentOS](https://en.wikipedia.org/wiki/CentOS) -This is the official CentOS image, and will be updated on a regular schedule or -as needed for emergency fixes. - -The `centos:latest` tag will always point to the most recent version currently -available, and `centos:centos6` will point to the latest version of the CentOS 6 tree. +> [wiki.centos.org](https://wiki.centos.org/FrontPage) %%LOGO%% + +# CentOS image documentation + +The `centos:latest` tag is always the most recent version currently +available. + +The CentOS Project offers regularly updated images for all active releases. +These images will be updated monthly or as needed for emergency fixes. These +rolling updates are tagged with the major version number only. +For example: `docker pull centos:6` or `docker pull centos:7` + +Additionally, images that correspond to install media are also offered. These +images DO NOT recieve updates as they are intended to match installation iso +contents. If you choose to use these images it is highly recommended that you +include `RUN yum -y update && yum clean all` in your Dockerfile, or otherwise +address any potential security concerns. To use these images, please specify +the minor version tag: + +For example: `docker pull centos:5.11` or `docker pull centos:6.6` + + +# Systemd integration + +Currently, systemd in CentOS 7 has been removed and replaced with a +`fakesystemd` package for dependency resolution. This is due to systemd +requiring the `CAP_SYS_ADMIN` capability, as well as being able to read +the host's cgroups. If you wish to replace the fakesystemd package and +use systemd normally, please follow the steps below. + +## Dockerfile for systemd base image + + FROM centos:7 + MAINTAINER "you" + ENV container docker + RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs + RUN yum -y update; yum clean all; \ + (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == + systemd-tmpfiles-setup.service ] || rm -f $i; done); \ + rm -f /lib/systemd/system/multi-user.target.wants/*;\ + rm -f /etc/systemd/system/*.wants/*;\ + rm -f /lib/systemd/system/local-fs.target.wants/*; \ + rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ + rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ + rm -f /lib/systemd/system/basic.target.wants/*;\ + rm -f /lib/systemd/system/anaconda.target.wants/*; + VOLUME [ "/sys/fs/cgroup" ] + CMD ["/usr/sbin/init"] + +This Dockerfile swaps out fakesystemd for the real package, but deletes a +number of unit files which might cause issues. From here, you are ready +to build your base image. + + docker build --rm -t local/c7-systemd . + +## Example systemd enabled app container + +In order to use the systemd enabled base container created above, you will +need to create your `Dockerfile` similar to the one below. + + FROM local/c7-systemd + RUN yum -y install httpd; yum clean all; systemctl enable httpd.service + EXPOSE 80 + CMD ["/usr/sbin/init"] + +Build this image: + + docker build --rm -t local/c7-systemd-httpd + +## Running a systemd enabled app container + +In order to run a container with systemd, you will need to use the +`--privileged` option mentioned earlier, as well as mounting the cgroups +volumes from the host. Below is an example command that will run the +systemd enabled httpd container created earlier. + + docker run --privileged -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -p 80:80 local/c7-systemd-httpd + +This container is running with systemd in a limited context, but it must +always be run as a privileged container with the cgroups filesystem mounted.