使用AWS re:Post即您表示您同意 AWS re:Post 使用条款

How do I install docker version 27.3.1 on Amazon Linux 2023?

0

My EC2 VM currently has Docker version 25.0.5, build 5dc9bcc installed, but this version has a security flaw that has been patched in versions 27.1.1 and above. I followed the instructions from https://docs.docker.com/engine/install/ for centos but when I try to install docker it tries to fetch the data from https://download.docker.com/linux/centos/2023.6.20241121/x86_64/stable/repodata/repomd.xml because the information is automatically populated for Amazon Linux 2023 and that release of CentOS obviously doesn't exist. I also tried https://docs.docker.com/engine/install/centos/#install-from-a-package installing directly from packages but docker was not working correctly. Has anyone had success installing Docker 27.x or a higher version that doesn't come as an available package with AL2023?

已提问 11 天前218 查看次数
3 回答
0

To install Docker version 27.3.1 on Amazon Linux 2023, you'll need to take a different approach than using the CentOS instructions, as Amazon Linux 2023 has its own package management system and repositories.

Here's a step-by-step process to install Docker 27.3.1 on Amazon Linux 2023:

  1. First, update your system packages: sudo dnf update -y

  2. Remove any existing Docker installations: sudo dnf remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine

  3. Install required dependencies: sudo dnf install -y yum-utils device-mapper-persistent-data lvm2

  4. Add the official Docker repository for Amazon Linux 2023: sudo dnf config-manager --add-repo https://download.docker.com/linux/amazonlinux/docker-ce.repo

  5. Install Docker CE version 27.3.1: sudo dnf install docker-ce-27.3.1 docker-ce-cli-27.3.1 containerd.io docker-buildx-plugin docker-compose-plugin

  6. Start and enable the Docker service: sudo systemctl start docker sudo systemctl enable docker

  7. Add your user to the docker group to run Docker commands without sudo: sudo usermod -aG docker $USER

  8. Log out and log back in for the group changes to take effect.

  9. Verify the installation: docker --version

This should show Docker version 27.3.1.

If you encounter any issues with this method, you may need to consider manually downloading the RPM packages for Docker 27.3.1 from the Docker repository and installing them using the rpm command. However, the method described above should work for most cases on Amazon Linux 2023.

Remember to test your Docker installation thoroughly after upgrading to ensure all your containers and Docker-related workflows are functioning correctly with the new version.
Sources
Introducing the Amazon Linux 2023 runtime for AWS Lambda | AWS Compute Blog
Docker tutorial for AWS Cloud9 - AWS Cloud9
How do I install NVIDIA GPU driver, CUDA toolkit and optionally NVIDIA Container Toolkit on Amazon Linux 2023 (AL2023)? | AWS re:Post

profile picture
已回答 11 天前
profile pictureAWS
专家
已审核 11 天前
0

I was able to create an ansible playbook that worked using centos packages.

---
- name: Install Docker components from RPM on Amazon Linux 2023
  hosts: bamboo
  become: yes
  vars:
    architecture: "el9.x86_64"
    buildx_version: "0.10.2-1"
    compose_version: "2.6.0-3"
    containerd_version: "1.7.23-3.1"
    docker_rpm_base_url: "https://download.docker.com/linux/centos/9/x86_64/stable/Packages"
    docker_version: "27.3.1-1"
    scan_version: "0.23.0-3"
  tasks:
    - name: Remove docker
      ansible.builtin.dnf:
        name: docker
        state: absent

    - name: Install required packages
      package:
        name: "{{ item }}"
        state: present
      loop:
        - iptables-libs
        - iptables-nft
        - libcgroup
        - libnetfilter_conntrack
        - libnfnetlink
        - libnftnl
        - runc
        - yum-utils

    - name: Install Docker components from RPMs
      ansible.builtin.dnf:
        name: "{{ docker_rpm_base_url }}/{{ item }}"
        state: present
        disable_gpg_check: true
      loop:
        - "containerd.io-{{ containerd_version }}.{{ architecture }}.rpm"
        - "docker-ce-cli-{{ docker_version }}.{{ architecture }}.rpm"
        - "docker-buildx-plugin-{{ buildx_version }}.{{ architecture }}.rpm"
        - "docker-ce-{{ docker_version }}.{{ architecture }}.rpm"
        - "docker-compose-plugin-{{ compose_version }}.{{ architecture }}.rpm"
        - "docker-scan-plugin-{{ scan_version }}.{{ architecture }}.rpm"
已回答 11 天前
0

My EC2 VM currently has Docker version 25.0.5, build 5dc9bcc installed, but this version has a security flaw that has been patched in versions 27.1.1 and above.

Are you referring to CVE-2024-41110? Affected versions include <= v25.0.5 and <= v27.1.0

You can refer to Amazon Linux Security Center ALAS-2024-674 which mentions

AWS is aware of CVE-2024-41110, an issue affecting the Moby open source project, packaged in Amazon Linux as "docker". Docker is a component of several open source container management systems.

Updated docker packages addressing the issue are available for Amazon Linux 2 (docker-20.10.25-1.amzn2.0.5 and docker-25.0.6-1.amzn2.0.1) and for Amazon Linux 2023 (docker-25.0.6-1amzn2023.0.1). AWS recommends that customers using docker upgrade to these or later versions. (CVE-2024-41110)

On my AL2023, docker 25.0.6 is installed

$ cat /etc/os-release | grep PRETTY
PRETTY_NAME="Amazon Linux 2023.6.20241121"

$ dnf info docker

Installed Packages
Name         : docker
Version      : 25.0.6
Release      : 1.amzn2023.0.2
Architecture : aarch64
Size         : 150 M
Source       : docker-25.0.6-1.amzn2023.0.2.src.rpm
Repository   : @System
From repo    : amazonlinux
Summary      : Automates deployment of containerized applications
URL          : http://www.docker.com
License      : ASL 2.0 and MIT and BSD and MPLv2.0 and WTFPL
Description  : Docker is an open-source engine that automates the deployment of any
             : application as a lightweight, portable, self-sufficient container that will
             : run virtually anywhere.
             :
             : Docker containers can encapsulate any payload, and will run consistently on
             : and between virtually any server. The same container that a developer builds
             : and tests on a laptop will run at scale, in production*, on VMs, bare-metal
             : servers, OpenStack clusters, public instances, or combinations of the above.
AWS
专家
已回答 9 天前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则