Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo

How do I install docker version 27.3.1 on Amazon Linux 2023?

0

My EC2 VM currently has Docker version 25.0.5, build 5dc9bcc installed, but this version has a security flaw that has been patched in versions 27.1.1 and above. I followed the instructions from https://docs.docker.com/engine/install/ for centos but when I try to install docker it tries to fetch the data from https://download.docker.com/linux/centos/2023.6.20241121/x86_64/stable/repodata/repomd.xml because the information is automatically populated for Amazon Linux 2023 and that release of CentOS obviously doesn't exist. I also tried https://docs.docker.com/engine/install/centos/#install-from-a-package installing directly from packages but docker was not working correctly. Has anyone had success installing Docker 27.x or a higher version that doesn't come as an available package with AL2023?

posta 11 giorni fa218 visualizzazioni
3 Risposte
0

To install Docker version 27.3.1 on Amazon Linux 2023, you'll need to take a different approach than using the CentOS instructions, as Amazon Linux 2023 has its own package management system and repositories.

Here's a step-by-step process to install Docker 27.3.1 on Amazon Linux 2023:

  1. First, update your system packages: sudo dnf update -y

  2. Remove any existing Docker installations: sudo dnf remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine

  3. Install required dependencies: sudo dnf install -y yum-utils device-mapper-persistent-data lvm2

  4. Add the official Docker repository for Amazon Linux 2023: sudo dnf config-manager --add-repo https://download.docker.com/linux/amazonlinux/docker-ce.repo

  5. Install Docker CE version 27.3.1: sudo dnf install docker-ce-27.3.1 docker-ce-cli-27.3.1 containerd.io docker-buildx-plugin docker-compose-plugin

  6. Start and enable the Docker service: sudo systemctl start docker sudo systemctl enable docker

  7. Add your user to the docker group to run Docker commands without sudo: sudo usermod -aG docker $USER

  8. Log out and log back in for the group changes to take effect.

  9. Verify the installation: docker --version

This should show Docker version 27.3.1.

If you encounter any issues with this method, you may need to consider manually downloading the RPM packages for Docker 27.3.1 from the Docker repository and installing them using the rpm command. However, the method described above should work for most cases on Amazon Linux 2023.

Remember to test your Docker installation thoroughly after upgrading to ensure all your containers and Docker-related workflows are functioning correctly with the new version.
Sources
Introducing the Amazon Linux 2023 runtime for AWS Lambda | AWS Compute Blog
Docker tutorial for AWS Cloud9 - AWS Cloud9
How do I install NVIDIA GPU driver, CUDA toolkit and optionally NVIDIA Container Toolkit on Amazon Linux 2023 (AL2023)? | AWS re:Post

profile picture
con risposta 11 giorni fa
profile pictureAWS
ESPERTO
verificato 11 giorni fa
0

I was able to create an ansible playbook that worked using centos packages.

---
- name: Install Docker components from RPM on Amazon Linux 2023
  hosts: bamboo
  become: yes
  vars:
    architecture: "el9.x86_64"
    buildx_version: "0.10.2-1"
    compose_version: "2.6.0-3"
    containerd_version: "1.7.23-3.1"
    docker_rpm_base_url: "https://download.docker.com/linux/centos/9/x86_64/stable/Packages"
    docker_version: "27.3.1-1"
    scan_version: "0.23.0-3"
  tasks:
    - name: Remove docker
      ansible.builtin.dnf:
        name: docker
        state: absent

    - name: Install required packages
      package:
        name: "{{ item }}"
        state: present
      loop:
        - iptables-libs
        - iptables-nft
        - libcgroup
        - libnetfilter_conntrack
        - libnfnetlink
        - libnftnl
        - runc
        - yum-utils

    - name: Install Docker components from RPMs
      ansible.builtin.dnf:
        name: "{{ docker_rpm_base_url }}/{{ item }}"
        state: present
        disable_gpg_check: true
      loop:
        - "containerd.io-{{ containerd_version }}.{{ architecture }}.rpm"
        - "docker-ce-cli-{{ docker_version }}.{{ architecture }}.rpm"
        - "docker-buildx-plugin-{{ buildx_version }}.{{ architecture }}.rpm"
        - "docker-ce-{{ docker_version }}.{{ architecture }}.rpm"
        - "docker-compose-plugin-{{ compose_version }}.{{ architecture }}.rpm"
        - "docker-scan-plugin-{{ scan_version }}.{{ architecture }}.rpm"
con risposta 11 giorni fa
0

My EC2 VM currently has Docker version 25.0.5, build 5dc9bcc installed, but this version has a security flaw that has been patched in versions 27.1.1 and above.

Are you referring to CVE-2024-41110? Affected versions include <= v25.0.5 and <= v27.1.0

You can refer to Amazon Linux Security Center ALAS-2024-674 which mentions

AWS is aware of CVE-2024-41110, an issue affecting the Moby open source project, packaged in Amazon Linux as "docker". Docker is a component of several open source container management systems.

Updated docker packages addressing the issue are available for Amazon Linux 2 (docker-20.10.25-1.amzn2.0.5 and docker-25.0.6-1.amzn2.0.1) and for Amazon Linux 2023 (docker-25.0.6-1amzn2023.0.1). AWS recommends that customers using docker upgrade to these or later versions. (CVE-2024-41110)

On my AL2023, docker 25.0.6 is installed

$ cat /etc/os-release | grep PRETTY
PRETTY_NAME="Amazon Linux 2023.6.20241121"

$ dnf info docker

Installed Packages
Name         : docker
Version      : 25.0.6
Release      : 1.amzn2023.0.2
Architecture : aarch64
Size         : 150 M
Source       : docker-25.0.6-1.amzn2023.0.2.src.rpm
Repository   : @System
From repo    : amazonlinux
Summary      : Automates deployment of containerized applications
URL          : http://www.docker.com
License      : ASL 2.0 and MIT and BSD and MPLv2.0 and WTFPL
Description  : Docker is an open-source engine that automates the deployment of any
             : application as a lightweight, portable, self-sufficient container that will
             : run virtually anywhere.
             :
             : Docker containers can encapsulate any payload, and will run consistently on
             : and between virtually any server. The same container that a developer builds
             : and tests on a laptop will run at scale, in production*, on VMs, bare-metal
             : servers, OpenStack clusters, public instances, or combinations of the above.
AWS
ESPERTO
con risposta 9 giorni fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande