Docker-ce on CentOS 8

As people would have noticed, there’s some errors when you try to install docker-ce:

 Problem: package docker-ce-3:19.03.2-3.el7.x86_64 requires containerd io >= 1.2.2-3, but none of the providers can be installed
  - cannot install the best candidate for the job
  - package is excluded
  - package is excluded
  - package is excluded
  - package is excluded
  - package is excluded

To work around this you need to manually install containerd:

yum -y install https://download.docke

Took me a while to figure that out.


However, RedHat have done something to block Docker from working ANYWAY, even when you do manage to install containerd .io - All DNS is broken.

[root@c8 ~]# docker run --rm -it alpine:latest /bin/sh
/ # ping
/ # ping
PING ( 56 data bytes
64 bytes from seq=0 ttl=58 time=9.804 ms
64 bytes from seq=1 ttl=58 time=9.560 ms
--- ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 9.560/9.682/9.804 ms
/ # [root@c8 ~]# docker --version
Docker version 19.03.2, build 6a30dfc
[root@c8 ~]#

After a suggestion from reddit, there’s this tiny hint at the bottom of iptables-save:

# Table `firewalld' is incompatible, use 'nft' tool.

Run systemctl disable firewalld and reboot, and it all starts working again. The next problem is that I actually DO want my docker hosts to be firewalled, but that’s a problem for tomorrow.

+1 for RHEL 8 / CentOS 8 support :sunglasses:

It works perfectly on RHEL8, as long as you disable firewalld. There’s nothing for docker to do. RedHat need to fix DNF so it installs containerd automatically, without it needing to be manually installed.

lol wut?

There are no RHEL8 packages yet. If by “install” you mean either installing a RPM by hand or “hacking” an RHEL7 repo into RHEL8, then thats not installing, thats a dirty workarround.

Docker needs to provide packages for RHEL8, not RedHat.

Um, that’s not how RPMs work. Nor is the filename relevant to the OS. The last bit - the arch - IS relevant.

This is why you can happily run el6 RPMs on el7, and happily run el7 rpms on el8. Or Fedora rpms, or whatever. RPMs have dependancies inside them. The file name makes no difference.

Theoretically yes, practially you opend a thread because of unresolved dependencies.

Theese packages are designed to run unter RHEL7, not 8.

If you want to workarround this, go ahead, but this is nothing you can call “supported”, its a workaround, nothing more, nothing less. You might want to use in dev environments, but never in production…


that’s what I call a Frankendocker installation ^^

I would be surprised if RHEL8 will be supported at all. Earlerier when a EE subscription was claimed, the getting started links used to cover RHEL, now the link to the RHEL gettings started is not linked anymore… Furthermore, RedHat does ship podman and buildah as a direct replacement for Docker in RHEL8 - their repositories don’t provide packages for Docker.

I would appreciate an official statement from Docker Inc. about the situation. I run Docker EE on RHEL in severall environments and patch management policies will enventualy force us to move over to RHEL8 or complety replace the OS with another enterprise grade Linux Distributation.


No. I opened the thread because libsolv in RHEL8 has a bug that is marking containerd as excluded not incompatible. There’s a really significant and important difference that you seem to be skipping over there.

I’m not going to try to teach people, yet again, how RPMs work, so instead, I’m going to ask you to please point to what, specifically, in the spec file ‘designs’ them to run on RHEL7.

When you can’t find anything, please retract your statement.

In the interim, you’ll have to work around the bug in libsolv, which is blocking containerd from installing via dnf. Once you install that manually, everything else installs properly.

I wont call excluding packages for another major version a bug.

It does not matter if its technically possible, the only important thing is that its not supported. If you want unsupported stuff, you dont want to install an enterprise OS.

No. That’s incompatible.

Look, I realise you think you know what you’re saying, but you’re wrong. Please go look at the spec file, and learn a bit about rpms. You think you know what you’re saying, but you’re missing a pretty fundamental chunk of understanding on how rpms, dnf, and libsolv works.

If you’d actually try it, you’d realise you’re wrong. You’re taking a religious viewpoint (‘I refuse to change my views in the face of differing facts’) to a technical issue.

You can install your unsupported stuff if you want. Everybody in actual enterprise environment will laugh.

What has that got to do with anything? Docker-ce is not supported, at all. If you want support, you pay for docker-ee.

Dude, just admit you were wrong, and stop trying to dig yourself out of the hole you’ve dug yourself into. Geez.

Let’s recap this thread, shall we?

Me: hey, there’s a bug in libsolv on C8 that is erroniously blocking containerd from installing, here’s how to work around it, oh, and firewalld now uses nft, which means you have to turn it off.

You: Raging about random things that are unrelated to a libsolv bug.


My Goal is getting RHEL8 support for booth.

Now let the big guys play and enjoy your unsupported install.

Well, I suggest you start with the NFT issue, as that’s the primary issue. Here’s the ticket:

Pull requests welcome!

Any more patronising you want to do?

You can suggest whatever you want. But im not your personal Developer, but since you turn arround my words let me put it a way you unterstand: my goal is to get a statement from the docker devs if and when booth, CE and EE will support RHEL8.

And now stop your “mimimi but you can install RPMs by hand” bullcrap and get your bleeding edge distro.

When I (or someone else) patches them to work with nft. Any other questions?

“When i Patch them”

Are you speaking for you as contributor or any representing position of Docker Inc?

You have a statement. Your goal is achieved. Please feel free to go away and harass some other open source developers that aren’t dancing to your tune exactly.