Installing AlmaLinux, a CentOS-Compatible Distribution

Reasons for Choosing AlmaLinux and the Impact of CentOS Discontinuation

AlmaLinux is a Linux distribution that is fully binary-compatible with RHEL (Red Hat Enterprise Linux) and CentOS. CentOS was a reliable operating system for many companies and developers, but in December 2020, it was announced that the stable release of CentOS would be discontinued and transitioned to CentOS Stream. CentOS Stream is a rolling-release distribution designed to develop the next version of RHEL, making it difficult for some users to use it as a stable version.

As a result, AlmaLinux, which maintains stability and reliability while being compatible with RHEL, is increasingly being chosen as an alternative to CentOS. AlmaLinux is designed to facilitate the migration from CentOS, allowing existing applications and tools running in CentOS environments to be used as they are, which is a significant advantage.

https://almalinux.org/ja

How to Install AlmaLinux

Prerequisites: Preparing Docker and SSH

This article explains how to create an AlmaLinux container using Docker on a server with Ubuntu 24.04 installed. The server is on a cloud service with an arm64 CPU architecture, and operations are performed using SSH. First, execute the following command to check the server’s CPU architecture:

uname -m

This command is used to verify which CPU architecture (e.g., x86_64 or arm64) the current system is using.

Obtaining the Docker Image and Creating a Container

1. Obtaining the Docker Image

First, you need to obtain the AlmaLinux Docker image from Docker Hub. This image file contains the AlmaLinux operating system and will be used to create the container. Run the following command to download the image:

docker pull almalinux:latest

This command downloads the latest AlmaLinux image from Docker’s registry. The latest tag indicates that it is the most recent stable image.

Supplementary Explanation: This step involves saving the necessary base image locally to create a container. In the next step, you will create a container using this image, but if you already have the image on hand, you can skip this step.

2. Creating and Starting the Container

Next, create and start a container using the downloaded AlmaLinux image. Use the following command:

docker run -d -p 8888:80 --name alma <Image ID>

Here’s a brief explanation of the options used in this command:

  • The -d option runs the container in the background.
  • -p 8888:80 maps port 8888 on the host to port 80 in the container. This allows you to access the web server inside the container by connecting to port 8888 on the host.
  • --name alma assigns the name “alma” to the container, making it easier to identify later.

Handling Errors

Sometimes, the container may not start even after running the command. Possible issues might include:

  • The container doesn’t start.
  • The error message isn’t displayed, making it difficult to identify the cause.

In such cases, use the following command to remove the failed container and create a new one:

docker rm <Container ID>

You can find the container ID by running the docker ps -a command.

Then, try running the following command again:

docker run -d -p 8888:80 --name alma <Image ID> /sbin/init

By specifying /sbin/init, the system initialization process will run within the container, which may help it operate more smoothly.

Supplementary Explanation: There can be various reasons why a container fails to start. For example, the CPU architecture being used might not be suitable, or there could be an issue with the image itself. This guide explains how to avoid problems by using /sbin/init, but there are other approaches you can take as well.

3. Executing Commands Inside the Container

Once the container starts successfully, you can enter the container with the following command:

docker exec -it alma bash

From here, you might try to manage services using the systemctl command within the container. However, you may encounter the following error:

System has not been booted with systemd as init system (PID 1). Can’t operate.
Failed to connect to bus: Host is down

This error occurs because the container is not started with systemd. Typically, containers are lightweight and do not include a full initialization system like systemd. To resolve this, you need to start the container with the --privileged option, allowing it to access the host system’s devices.

Resolving systemd Errors and Restarting the Container

1. systemd Errors and Their Solutions

In the previous step, I briefly mentioned the error encountered when attempting to use the systemctl command within the container. This error occurs because the container is not using systemd (the Linux initialization system).

System has not been booted with systemd as init system (PID 1). Can’t operate.
Failed to connect to bus: Host is down

This error indicates that the systemctl command is not functioning correctly because the container was not started with systemd. Even if you install systemd, this error will not disappear because the container is not fully designed to support systemd.

2. Stopping and Removing the Container

To resolve the error, you first need to stop and remove the current container. Use the following commands:

docker stop alma
docker rm alma
  • docker stop alma stops the specified container (in this case, “alma”).
  • docker rm alma removes the stopped container.

This prepares the environment for recreating the container with new settings.

3. Restarting the Container in Privileged Mode

Next, restart the container using the --privileged option. This option allows the container to access all devices on the host, enabling systemd to function properly.

docker run -d --privileged -p 8888:80 --name alma <Image ID> /sbin/init
  • The --privileged option ensures that the container has access to the host system’s resources and devices, allowing services like systemd to operate correctly.

Supplementary Explanation: Normal containers are designed to access only limited resources on the host system, but using the --privileged option grants the container access to most of the host’s resources. This option comes with security risks, so it is recommended to use it only when necessary.

4. Retrying Commands Inside the Container

After the container has restarted, re-enter the container and retry the commands that previously caused an error.

docker exec -it alma bash
systemctl

This time, the command should work without any errors, and you will be able to manage services and check their status using the systemctl command.

systemctl status

This command allows you to confirm whether the services are running correctly.

Privileged Mode and Causes of Errors

Using Docker’s privileged mode (--privileged option) allows containers to have extensive access to the host OS’s resources and devices. While this can be very convenient, it can also lead to errors. Below are some key points to be aware of when using privileged mode, along with potential causes of errors.

  1. Impact of Security SettingsLinux distributions like Ubuntu often have enhanced security settings by default, which can prevent privileged mode from working correctly. In such cases, you may need to review and adjust the host OS’s settings.
  2. Resource ContentionWhen using privileged mode, containers gain access to many of the host system’s resources, which can lead to resource contention and subsequent errors. This is particularly important to consider if memory or CPU usage is high.
  3. Full Support for systemdTypically, containers include only lightweight initialization systems, but even with privileged mode, a full-fledged initialization system like systemd may not work correctly. In these cases, additional configuration on the host side may be necessary.

Key Points

Understanding the reasons for using privileged mode and its associated risks is crucial. Below are some important points to consider regarding privileged mode.

The Necessity of Privileged Mode

Privileged mode is used when system initialization or access to specific hardware is required within a container. However, due to security risks, it should be used sparingly. In this article, we use privileged mode for system management, but it is not recommended for general use.

Troubleshooting Errors

If errors occur, start by checking the host OS’s settings and resource contention. Specifically, using commands like dmesg or journalctl to review system logs can help identify the root cause. Depending on your environment, you may need to troubleshoot issues that are beyond the scope of this guide.

Ubuntu-Specific Settings

On security-focused operating systems like Ubuntu, privileged mode may not function properly. In such cases, consulting with a system administrator or exploring alternative solutions may be necessary.


What is Privileged Mode?

Privileged mode is a Docker feature that grants containers the same level of permissions as the host OS. This allows containers to access parts of the host OS that are normally inaccessible. Privileged mode is typically needed in the following scenarios:

  • Running Special Software: Some software requires direct access to the host OS’s resources.
  • Direct Access to Devices: Privileged mode is necessary when a container needs direct access to specific hardware, such as GPUs or network cards.
  • Running Docker Inside a Container: Privileged mode is required when using Docker-in-Docker setups.

Precautions When Using Privileged Mode

When using privileged mode, keep the following points in mind:

  • Security Risks: Privileged mode is very powerful but can expose the entire host OS to security risks. It is recommended to use it only when absolutely necessary and for the shortest duration possible.
  • Resource Consumption: Containers running in privileged mode may consume significant host OS resources. Monitoring resource usage is crucial during operation.
  • Potential for Errors: Using privileged mode can lead to unexpected errors due to system resource or security settings.

Alternatives to Using Privileged Mode

There are ways to achieve the necessary functionality without using privileged mode:

  • Volume Mounts: By mounting the host file system into the container, you can share the required files.
  • Setting Capabilities: Fine-tuning the permissions granted to a container using options like --cap-add=NET_ADMIN can secure the necessary functionality while reducing security risks.
  • Multi-Stage Builds: Removing unnecessary files and reducing the image size can lead to more efficient operations.

Why AlmaLinux is Rarely Used for WordPress and Other CMS Containers

  1. Popularity of Debian-Based DistributionsMany open-source software projects, including WordPress, are predominantly developed and deployed on Debian-based distributions (especially Ubuntu). Due to the widespread adoption of Debian-based package managers (apt) and the user-friendliness of these distributions, many developers and hosting providers prefer Debian-based systems.
  2. Support and CommunityUbuntu and Debian have vast user communities, with extensive support resources and documentation readily available online. This makes these distributions appealing to users of all experience levels, from beginners to advanced users.
  3. Container Base ImagesMany Docker images and containers are designed to operate with minimal resource usage. Debian-based images are often lightweight, making them a popular choice for keeping the overall system footprint low.
  4. Compatibility IssuesDebian-based and Red Hat-based distributions (like AlmaLinux and CentOS) differ in software management and system configuration, which can lead to compatibility issues. Especially with applications like WordPress, which are extensively tested on Debian-based systems, Debian-based distributions are often preferred.
  5. Commercial Support and Enterprise UseAlmaLinux, as a Red Hat-based distribution, is often used in environments where commercial support and enterprise-level reliability are critical. On the other hand, WordPress and similar CMSs are more commonly used for general users or small-scale sites, where Debian-based distributions tend to be more popular.

Reasons Why AlmaLinux is Particularly Suitable or Even Necessary for Certain Containers

  1. Stability and Enterprise-Grade ReliabilityAlmaLinux, as a Red Hat Enterprise Linux (RHEL) compatible distribution, emphasizes reliability and stability in enterprise environments. It is particularly suitable for mission-critical environments or systems that require long-term stable operations.
  2. Software Compatibility and SupportSome enterprise software and libraries are developed with the assumption that they will run on RHEL-based distributions. In such cases, AlmaLinux becomes the best choice for environments that rely on these software packages.
  3. Security and Update ManagementAlmaLinux uses Security-Enhanced Linux (SELinux) by default, a powerful tool for enhancing overall system security. In environments where security is a priority, AlmaLinux is recommended. Additionally, AlmaLinux offers long-term support and stable updates, making it particularly suitable for projects requiring extended operational periods.
  4. Specific Network Settings and Kernel OptionsFor applications and services that rely heavily on network stability, AlmaLinux’s network settings and kernel options may provide more stable performance. In cases like SoftEther VPN, where Ubuntu’s network stack has known bugs or issues, AlmaLinux may be a better fit. This has been confirmed in practice.
  5. Kernel Version and Module SupportSome hardware support or kernel modules depend on RHEL-based kernel versions. In such cases, using AlmaLinux can improve hardware compatibility and performance.
Please share if you like it!
TOC