Docker Community Forums

Share and learn in the Docker community.

Docker-ce on CentOS 8

I wont call excluding packages for another major version a bug.

It does not matter if its technically possible, the only important thing is that its not supported. If you want unsupported stuff, you dont want to install an enterprise OS.

No. That’s incompatible.

Look, I realise you think you know what you’re saying, but you’re wrong. Please go look at the spec file, and learn a bit about rpms. You think you know what you’re saying, but you’re missing a pretty fundamental chunk of understanding on how rpms, dnf, and libsolv works.

If you’d actually try it, you’d realise you’re wrong. You’re taking a religious viewpoint (‘I refuse to change my views in the face of differing facts’) to a technical issue.

You can install your unsupported stuff if you want. Everybody in actual enterprise environment will laugh.

What has that got to do with anything? Docker-ce is not supported, at all. If you want support, you pay for docker-ee.

Dude, just admit you were wrong, and stop trying to dig yourself out of the hole you’ve dug yourself into. Geez.

Let’s recap this thread, shall we?

Me: hey, there’s a bug in libsolv on C8 that is erroniously blocking containerd from installing, here’s how to work around it, oh, and firewalld now uses nft, which means you have to turn it off.

You: Raging about random things that are unrelated to a libsolv bug.


My Goal is getting RHEL8 support for booth.

Now let the big guys play and enjoy your unsupported install.

Well, I suggest you start with the NFT issue, as that’s the primary issue. Here’s the ticket:

Pull requests welcome!

Any more patronising you want to do?

You can suggest whatever you want. But im not your personal Developer, but since you turn arround my words let me put it a way you unterstand: my goal is to get a statement from the docker devs if and when booth, CE and EE will support RHEL8.

And now stop your “mimimi but you can install RPMs by hand” bullcrap and get your bleeding edge distro.

When I (or someone else) patches them to work with nft. Any other questions?

“When i Patch them”

Are you speaking for you as contributor or any representing position of Docker Inc?

You have a statement. Your goal is achieved. Please feel free to go away and harass some other open source developers that aren’t dancing to your tune exactly.

Hi @xrobau

In RHEL8 you have the concept of modularity

Module streams can distribute packages with lower versions than available in the repositories available to the operating system. To make such packages available for installs and upgrades, the non-modular packages are filtered out when they match by name with modular packages from any existing stream.

What is happening here is that containerd packages are “providing” runc but are non-modular, and RHEL8 also has a runc package that is modular.
Before modular packages (RHEL7) if you install containerd, then install podman, podman will use containerd runc so you might have weird bug. Now dnf prevents that, but without a good error message.

See also

1 Like

Also CentOS 8 ships with iptables v1.8.x (nf_tables), and not iptables v1.8.x (legacy) ie iptables binary talks nf_tables kernel part and not x_tables.
Some distros like Debian switched to iptables (nf_tables) but you can still switch to legacy. In CentOS 8 you don’t have the option.
My speculation is that RedHat don’t want to support x_tables for 10 more years and be able to ship improvements based on nf_tables

Didnt know you are the devS.

I’m looking at SuSE or even Ubuntu to run as docker host for a cloud production env. Can’t wait forever either. Might as well start looking when to jump ship. :\

Lucky you that Ubuntu is an option for you. My companies policies allow either RHEL or SuSE…

If you read the documentation, RHEL 7 is the first and most well documented way of running Docker, and Docker CE. There’s no REASON to update to RHEL 8 right now. Stick on 7. It’s supported until at least 2024.

When libnetwork is updated to support nft-based firewalld, and libsolv is fixed to not incorrectly exclude some versions of containerd, you’ll be able to upgrade fine.

Thank you for your input. Though, it is not realy up to me what our patch management policies govern and if/when they will force our os-level manged machines to be updated to RHEL8. At least RHEL 7.7 finaly appeared in the compatibility matrix for EE3.0.

I understand you sentiment when policies are in the way. 2024 is around the corner in for an enterprise. Knowing that our junk will run smoothly on Centos8 would give piece of mind to the engineers who have to implement it. Make changes to the codebase as early as possible makes shipping it less chaotic.

Looks like we have to wait for the devs figure out nftables and modularity.

Is enabling masquerade for the firewall zone the way forward with this?

for this to work, I had to enable masquerading. It looked like dockerd already did this through iptables , but apparently this needs to be specifically enabled for the firewall zone for iptables masquerading to work