This guide covers setting up Docker on CentOS 7 and explains how Docker images work internally.

System Requirements

CentOS 7 requires a kernel version of 3.10 or higher.

Installation Steps

1. Check Current Kernel Version

uname -r

2. Update All Packages

Ensure all existing packages are updated to their latest versions:

yum -y update

You can monitor CPU usage with the top command. Press q to exit.

3. Remove Old Docker Versions (Optional)

If an older Docker version exists, remove it first:

yum remove docker docker-common docker-selinux docker-engine

4. Install Required Dependencies

Install the necessary packages. The yum-utils package provides the yum-config-manager utility, while device-mapper-persistent-data and lvm2 are required for the devicemapper storage driver:

yum install -y yum-utils device-mapper-persistent-data lvm2

5. Configure Docker Repository

Add the official Docker repository:

yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

For faster downloads, use a mirror located in China:

yum-config-manager \
> --add-repo \
> https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

6. List Available Docker Versions

View all available Docker versions in the repositories:

yum list docker-ce --showduplicates | sort -r

7. Instal Docker Engine

Install the desired Docker version:

sudo yum install -y docker-ce

8. Start Docker and Enable Automatic Startup

systemctl start docker
systemctl enable docker

9. Verify Installation

Check that Docker is running correctly:

docker version

This command displays both the client and server components.

Configuring Docker Registry Mirrors

When pulling images from Docker Hub, the default registry is located outside China, which often results in slow download speeds. Configuring a mirror accelerator significantly improves performance.

Available Mirror Options

Several mirror services are available:

• USTC Mirror: https://docker.mirrors.ustc.edu.cn/
• NetEase: https://hub-mirror.c.163.com/
• Aliyun: https://.mirror.aliyuncs.com
• Qiniu: https://reg-mirror.qiniu.com

If one mirror fails to work, try switching to another. Most cloud service providers in China offer Docker acceleration services.

Obtaining an Aliyun Mirror

Log in to the Aliyun console, navigate to the Container Registry service, and select "Mirror Accelerator" from the menu to retrieve your personal mirror URL.

For example, you're mirror URL might be: https://z4qyv576.mirror.aliyuncs.com

Configuration Steps

sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://z4qyv576.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

Verify Mirror Configuration

docker info

Test Pull Speed

docker pull tomcat:9

The download should complete significantly faster with the mirror configured.

Understanding Docker Images

What Is a Docker Image?

When running Tomcat inside Docker, you don't need to manually configure JDK environment variables. The image handles all dependencies internally.

A Docker image is a lightweight, executable software package that includes everything needed to run an application: code, runtime environment, libraries, environment variables, and configuration files.

Image Composition

Images are built using a Dockerfile, which defines the setup instructions.

For example, a Tomcat image might include:

• Tomcat server files (approximately 100MB)
• JDK (approximately 200MB)
• Base Linux distribution like CentOS (approximately 200MB)

Image Loading Mechanism

Linux file systems consist of two main components:

• bootfs: Contains the bootloader and kernel
• rootfs: Contains the root file system with standard directories like /dev, /proc, /bin, /etc

Different Linux distributions share similar bootfs but have different rootfs implementations.

Union File System

Docker images are built using multiple layered file systems through UnionFS technology. The layers are stacked together, appearing as a single unified file system.

Layer structure:

1. bootfs (bottom layer): Uses the host machine's boot file system, which is shared
2. rootfs (second layer): The base image file system, such as CentOS
3. Additional layers (叠加的其他镜像): Can include JDK, Tomcat, and other dependencies

When you launch a container from an image, Docker adds a writable layer on top of the read-only image layers. All modifications are made to this writable layer rather than the underlying image.

Why Images Appear Large

When pulling a Tomcat image that appears to be 600MB, it actually contains multiple base images:

• Tomcat files
• JDK (depends on the parent image)
• CentOS base (depends on the rootfs)

The base CentOS image is small because it reuses the host's bootfs, containing only the rootfs portion. Therefore, the complete Tomcat image stacks these layers together, presenting as a single 600MB image to the user.

When running a container, Docker combines all these read-only layers with a thin writable layer. The container operates as if it has access to the complete file system while the underlying images remain unchanged.

Useful Commands

Command	Description
docker pull <image>	Download an image from registry
docker images	List local images
docker run <image>	Create and run a container
docker ps	List running containers