Reasons for Choosing AlmaLinux and the Impact of CentOS Discontinuation
AlmaLinux is a Linux distribution that is fully binary-compatible with RHEL (Red Hat Enterprise Linux) and CentOS. CentOS was a reliable operating system for many companies and developers, but in December 2020, it was announced that the stable release of CentOS would be discontinued and transitioned to CentOS Stream. CentOS Stream is a rolling-release distribution designed to develop the next version of RHEL, making it difficult for some users to use it as a stable version.
As a result, AlmaLinux, which maintains stability and reliability while being compatible with RHEL, is increasingly being chosen as an alternative to CentOS. AlmaLinux is designed to facilitate the migration from CentOS, allowing existing applications and tools running in CentOS environments to be used as they are, which is a significant advantage.
How to Install AlmaLinux
Prerequisites: Preparing Docker and SSH
This article explains how to create an AlmaLinux container using Docker on a server with Ubuntu 24.04 installed. The server is on a cloud service with an arm64 CPU architecture, and operations are performed using SSH. First, execute the following command to check the server’s CPU architecture:
uname -m
This command is used to verify which CPU architecture (e.g., x86_64 or arm64) the current system is using.
Obtaining the Docker Image and Creating a Container
1. Obtaining the Docker Image
First, you need to obtain the AlmaLinux Docker image from Docker Hub. This image file contains the AlmaLinux operating system and will be used to create the container. Run the following command to download the image:
docker pull almalinux:latest
This command downloads the latest AlmaLinux image from Docker’s registry. The latest
tag indicates that it is the most recent stable image.
Supplementary Explanation: This step involves saving the necessary base image locally to create a container. In the next step, you will create a container using this image, but if you already have the image on hand, you can skip this step.
2. Creating and Starting the Container
Next, create and start a container using the downloaded AlmaLinux image. Use the following command:
docker run -d -p 8888:80 --name alma <Image ID>
Here’s a brief explanation of the options used in this command:
- The
-d
option runs the container in the background. -p 8888:80
maps port 8888 on the host to port 80 in the container. This allows you to access the web server inside the container by connecting to port 8888 on the host.--name alma
assigns the name “alma” to the container, making it easier to identify later.
Handling Errors
Sometimes, the container may not start even after running the command. Possible issues might include:
- The container doesn’t start.
- The error message isn’t displayed, making it difficult to identify the cause.
In such cases, use the following command to remove the failed container and create a new one:
docker rm <Container ID>
You can find the container ID by running the docker ps -a
command.
Then, try running the following command again:
docker run -d -p 8888:80 --name alma <Image ID> /sbin/init
By specifying /sbin/init
, the system initialization process will run within the container, which may help it operate more smoothly.
Supplementary Explanation: There can be various reasons why a container fails to start. For example, the CPU architecture being used might not be suitable, or there could be an issue with the image itself. This guide explains how to avoid problems by using /sbin/init
, but there are other approaches you can take as well.
3. Executing Commands Inside the Container
Once the container starts successfully, you can enter the container with the following command:
docker exec -it alma bash
From here, you might try to manage services using the systemctl
command within the container. However, you may encounter the following error:
System has not been booted with systemd as init system (PID 1). Can’t operate.
Failed to connect to bus: Host is down
This error occurs because the container is not started with systemd
. Typically, containers are lightweight and do not include a full initialization system like systemd
. To resolve this, you need to start the container with the --privileged
option, allowing it to access the host system’s devices.
Resolving systemd Errors and Restarting the Container
1. systemd Errors and Their Solutions
In the previous step, I briefly mentioned the error encountered when attempting to use the systemctl
command within the container. This error occurs because the container is not using systemd (the Linux initialization system).
System has not been booted with systemd as init system (PID 1). Can’t operate.
Failed to connect to bus: Host is down
This error indicates that the systemctl
command is not functioning correctly because the container was not started with systemd. Even if you install systemd, this error will not disappear because the container is not fully designed to support systemd.
2. Stopping and Removing the Container
To resolve the error, you first need to stop and remove the current container. Use the following commands:
docker stop alma
docker rm alma
docker stop alma
stops the specified container (in this case, “alma”).docker rm alma
removes the stopped container.
This prepares the environment for recreating the container with new settings.
3. Restarting the Container in Privileged Mode
Next, restart the container using the --privileged
option. This option allows the container to access all devices on the host, enabling systemd to function properly.
docker run -d --privileged -p 8888:80 --name alma <Image ID> /sbin/init
- The
--privileged
option ensures that the container has access to the host system’s resources and devices, allowing services like systemd to operate correctly.
Supplementary Explanation: Normal containers are designed to access only limited resources on the host system, but using the --privileged
option grants the container access to most of the host’s resources. This option comes with security risks, so it is recommended to use it only when necessary.
4. Retrying Commands Inside the Container
After the container has restarted, re-enter the container and retry the commands that previously caused an error.
docker exec -it alma bash
systemctl
This time, the command should work without any errors, and you will be able to manage services and check their status using the systemctl
command.
systemctl status
This command allows you to confirm whether the services are running correctly.
Privileged Mode and Causes of Errors
Using Docker’s privileged mode (--privileged
option) allows containers to have extensive access to the host OS’s resources and devices. While this can be very convenient, it can also lead to errors. Below are some key points to be aware of when using privileged mode, along with potential causes of errors.
- Impact of Security SettingsLinux distributions like Ubuntu often have enhanced security settings by default, which can prevent privileged mode from working correctly. In such cases, you may need to review and adjust the host OS’s settings.
- Resource ContentionWhen using privileged mode, containers gain access to many of the host system’s resources, which can lead to resource contention and subsequent errors. This is particularly important to consider if memory or CPU usage is high.
- Full Support for systemdTypically, containers include only lightweight initialization systems, but even with privileged mode, a full-fledged initialization system like systemd may not work correctly. In these cases, additional configuration on the host side may be necessary.
Key Points
Understanding the reasons for using privileged mode and its associated risks is crucial. Below are some important points to consider regarding privileged mode.
The Necessity of Privileged Mode
Privileged mode is used when system initialization or access to specific hardware is required within a container. However, due to security risks, it should be used sparingly. In this article, we use privileged mode for system management, but it is not recommended for general use.
Troubleshooting Errors
If errors occur, start by checking the host OS’s settings and resource contention. Specifically, using commands like dmesg
or journalctl
to review system logs can help identify the root cause. Depending on your environment, you may need to troubleshoot issues that are beyond the scope of this guide.
Ubuntu-Specific Settings
On security-focused operating systems like Ubuntu, privileged mode may not function properly. In such cases, consulting with a system administrator or exploring alternative solutions may be necessary.
What is Privileged Mode?
Privileged mode is a Docker feature that grants containers the same level of permissions as the host OS. This allows containers to access parts of the host OS that are normally inaccessible. Privileged mode is typically needed in the following scenarios:
- Running Special Software: Some software requires direct access to the host OS’s resources.
- Direct Access to Devices: Privileged mode is necessary when a container needs direct access to specific hardware, such as GPUs or network cards.
- Running Docker Inside a Container: Privileged mode is required when using Docker-in-Docker setups.
Precautions When Using Privileged Mode
When using privileged mode, keep the following points in mind:
- Security Risks: Privileged mode is very powerful but can expose the entire host OS to security risks. It is recommended to use it only when absolutely necessary and for the shortest duration possible.
- Resource Consumption: Containers running in privileged mode may consume significant host OS resources. Monitoring resource usage is crucial during operation.
- Potential for Errors: Using privileged mode can lead to unexpected errors due to system resource or security settings.
Alternatives to Using Privileged Mode
There are ways to achieve the necessary functionality without using privileged mode:
- Volume Mounts: By mounting the host file system into the container, you can share the required files.
- Setting Capabilities: Fine-tuning the permissions granted to a container using options like
--cap-add=NET_ADMIN
can secure the necessary functionality while reducing security risks. - Multi-Stage Builds: Removing unnecessary files and reducing the image size can lead to more efficient operations.
Why AlmaLinux is Rarely Used for WordPress and Other CMS Containers
- Popularity of Debian-Based DistributionsMany open-source software projects, including WordPress, are predominantly developed and deployed on Debian-based distributions (especially Ubuntu). Due to the widespread adoption of Debian-based package managers (apt) and the user-friendliness of these distributions, many developers and hosting providers prefer Debian-based systems.
- Support and CommunityUbuntu and Debian have vast user communities, with extensive support resources and documentation readily available online. This makes these distributions appealing to users of all experience levels, from beginners to advanced users.
- Container Base ImagesMany Docker images and containers are designed to operate with minimal resource usage. Debian-based images are often lightweight, making them a popular choice for keeping the overall system footprint low.
- Compatibility IssuesDebian-based and Red Hat-based distributions (like AlmaLinux and CentOS) differ in software management and system configuration, which can lead to compatibility issues. Especially with applications like WordPress, which are extensively tested on Debian-based systems, Debian-based distributions are often preferred.
- Commercial Support and Enterprise UseAlmaLinux, as a Red Hat-based distribution, is often used in environments where commercial support and enterprise-level reliability are critical. On the other hand, WordPress and similar CMSs are more commonly used for general users or small-scale sites, where Debian-based distributions tend to be more popular.
Reasons Why AlmaLinux is Particularly Suitable or Even Necessary for Certain Containers
- Stability and Enterprise-Grade ReliabilityAlmaLinux, as a Red Hat Enterprise Linux (RHEL) compatible distribution, emphasizes reliability and stability in enterprise environments. It is particularly suitable for mission-critical environments or systems that require long-term stable operations.
- Software Compatibility and SupportSome enterprise software and libraries are developed with the assumption that they will run on RHEL-based distributions. In such cases, AlmaLinux becomes the best choice for environments that rely on these software packages.
- Security and Update ManagementAlmaLinux uses Security-Enhanced Linux (SELinux) by default, a powerful tool for enhancing overall system security. In environments where security is a priority, AlmaLinux is recommended. Additionally, AlmaLinux offers long-term support and stable updates, making it particularly suitable for projects requiring extended operational periods.
- Specific Network Settings and Kernel OptionsFor applications and services that rely heavily on network stability, AlmaLinux’s network settings and kernel options may provide more stable performance. In cases like SoftEther VPN, where Ubuntu’s network stack has known bugs or issues, AlmaLinux may be a better fit. This has been confirmed in practice.
- Kernel Version and Module SupportSome hardware support or kernel modules depend on RHEL-based kernel versions. In such cases, using AlmaLinux can improve hardware compatibility and performance.