Installing Docker on silverblue

Hi,
I am new to fedora silverblue. I have encountered some issues when setting up my dev environment when installing docker on my host.
First I am setting up the docker repositories:

sudo dnf -y install dnf-plugins-core
sudo dnf config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo

Since I am on silver blue I “translated” the commands to

rpm-ostree -y install dnf-plugins-core
systemctl reboot
ostree remote add docker-ce https://download.docker.com/linux/fedora/docker-ce.repo
sudo rpm-ostree cleanup -m
sudo rpm-ostree refresh-md

Then I continued with docker desktop installation according to the official guide

I downloaded the latest docker rpm package and run “rpm-ostree install ./docker-desktop-4.30.0-x86_64.rpm”.
First it failed because it could not locate “docker-ce-cli”. After some looking around it looks like the docker repo was not added correctly? I have no idea why. Since I really don’t know much about how fedora and fedora silverblue works, I consulted chat-gpt and added previously missing “/etc/yum.repos.d/docker-ce.repo” with the following configuration:

[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://download.docker.com/linux/fedora/gpg

After that, clearing some cache and reboot (just to be sure) the Docker repo was finally enabled and docker-ce-cli was found.
So I run “rpm-ostree install ./docker-desktop-4.30.0-x86_64.rpm” again but this time it fails with:

Checking out tree 1a1bee9… done
Enabled rpm-md repositories: fedora-cisco-openh264 updates fedora rpmfusion-free-updates rpmfusion-free rpmfusion-nonfree-updates rpmfusion-nonfree copr:copr.fedorainfracloud.org:phracek:PyCharm google-chrome rpmfusion-nonfree-nvidia-driver rpmfusion-nonfree-steam docker-ce-stable updates-archive
Importing rpm-md… done

Resolving dependencies… done
Will download: 140 packages (55.7 MB)
Downloading from ‘fedora’… done
Downloading from ‘updates’… done
Importing packages… done
Checking out packages… done
error: Checkout docker-desktop-4.30.0-149282.x86_64: opendir(local): No such file or directory

And here I am lost. Not really sure why this is happening or how should I fix it.
Does anyone know why the error happens?

Also is this correct way to install docker on the host machine? Or is it recommended to just use it in toolboxes? I wanted to share the docker installation between toolboxes, because I work with docker often so I chose to install it on host.

That won’t work. See Troubleshooting :: Fedora Docs for adding external repositories.

Then rpm-ostree install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin should do it.

You can not install it in a toolbox. You need it on the host.

Also, have you tried podman? :slight_smile:

1 Like

@majk-runs-linux Welcome to :fedora: :handshake:t5:

Basically the same commands as Docker too. Also can use your Dockerfile

So here is a list of commands.

Fetch the .repo file:

curl -O https://download.docker.com/linux/fedora/docker-ce.repo

Place the .repo file to the yum.repos.d:

sudo install -o 0 -g 0 -m644 docker-ce.repo /etc/yum.repos.d/docker-ce.repo

Then just install docker with rpm-ostree:

rpm-ostree install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin 

If you want to manage gpg by yourself you manually download .gpg file, the only difference to the previous command is the ending, but here it is:

curl -O https://download.docker.com/linux/fedora/docker-ce.gpg

And place it to the pki/rpm-gpg, with:

sudo install -o 0 -g 0 -m644 docker-ce.gpg /etc/pki/rpm-gpg/docker-ce.gpg

Then you need modify the /etc/yum.repos.d/docker-ce.repo file to point the gpgkey field to the /etc/pki/rpm-gpg/docker-ce.gpg in each package. There are a couple of packages in the repo, so there will be some hand work to do. Here is example for docker-ce-nightly:

...
[docker-ce-nightly]
name=Docker CE Nightly - $basearch
baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/docker-ce.gpg
...

After you’ll need to enable the service to run on boot:

systemctl enable docker

And restart the system:

systemctl reboot
2 Likes

But why would I use Docker though. . . :thinking:

Sorry, I selected the wrong person in the reply. The Podman vs. Docker discussion is another discussion. From the Fedora Silverblue perspective, Podman comes pre-installed with the system, which is an advantage.

1 Like

I thought there was an ostree command to add another repo? It seems it isnt?

Indeed. I’m new to Fedora. So it seems you can achieve the same with rpm-ostree install <url>. So with following should do the same as above.

sudo rpm-ostree install https://download.docker.com/linux/fedora/docker-ce.repo
1 Like

You will most likely need to reboot first and then sudo systemctl enable --now docker.service. Also, to allow unprivileged users to run Docker commands, you will need to add your user to the docker group, which grants root-level privileges to the user.

1 Like

Personally I have to because in our company the whole app development is based on docker and docker-compose. I know I know podman also has the same commands. But they are differences here and there that make it unfeasible for me to use it. Simply aliasing podman to docker is not solution for me. I have tried that and whole lot of things in our scripts crumbled. And I can’t invest the time to rewriting everything and making sure it works as it did before.

1 Like

Thanks everyone for help.
I had some other issues with silverblue - not understanding the mindset and workflow enough I guess.
So I decided to first try “standard” fedora experience with the workstation edition and maybe try silverblue later.
On workstation I managed to install docker fine.

2 Likes

I think it’s a matter of ideology. We would all like to use Podman, but the truth is that the entire corporate world is deeply entrenched in Docker. Even open source projects like my own are still using Docker, and cutting over to Podman would cost me a lot of time. Time that I’d much rather use building features for my users.

Moreover, IIRC, testing frameworks like Testcontainers do not support podman.

1 Like

Testcontainers do not support podman

Correct, but there workarounds with export TESTCONTAINERS_RYUK_DISABLED=true

To use “Docker” without needing docker on the host, I start the Podman socket, and set the DOCKER_HOST to point to the Podman socket. Then in a toolbox, I install Docker, which actually uses Podman on the host.

systemctl --user enable --now podman.socket
# In toolbox, with `docker` installed
export DOCKER_HOST="unix://$XDG_RUNTIME_DIR/podman/podman.sock" # Consider adding to ~/.bashrc
docker run hello-world

No matter our ideologies, there are differences between Docker and Podman. Docker supports more extensive build caching with e.g. --from=local, and Podman fails parsing various Compose directives, which Docker handles without issue (e.g. extends on services withdepends_on).

Also, the Docker Client TUI is prettier and nicer (purty colours :star_struck:)

1 Like

FWIW, now this works:

ostree remote add docker-ce https://download.docker.com/linux/fedora/docker-ce.repo
rpm-ostree cleanup -m
rpm-ostree refresh-md
rpm-ostree install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo rpm-ostree apply-live --allow-replacement

GROUP="docker"
grep -E "^$GROUP:" /usr/lib/group | sudo tee -a /etc/group && sudo usermod -aG "GROUP" "$USER"

# after reboot (logout _might_ be enough):
sudo systemctl enable --now docker.service

From @majk-runs-linux’s original post, the official docker docs, and Fedora’s Silverblue troubleshooting docs for adding external repos and adding groups.

1 Like

Apologies, wrong thread :point_up: :laughing:

Thank you for your solution. It finally worked for me here.
I got stuck with the definite addition to the docker group to the user, but this finally fixed.

There is a small error in your command tho:

grep -E "^$GROUP:" /usr/lib/group | sudo tee -a /etc/group && sudo usermod -aG "$GROUP" "$USER"

Thank you very much