Skip to content

Instantly share code, notes, and snippets.

Last active April 6, 2020 17:12
  • Star 8 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Update Docker on CoreOS using torcx
#!/bin/bash -e
# Select which Docker version to use on CoreOS with torcx.
# Specify the available Docker version to enable.
# Create modifiable torcx paths if they don't exist already.
mkdir -p /etc/torcx/profiles /var/lib/torcx/store
# Download the torcx manifest file for the currently running OS version.
. /usr/share/coreos/release
wget -P /tmp "$manifest".asc "$manifest"
# Verify its signature with the CoreOS application signing key.
export GNUPGHOME=$(mktemp -d)
trap 'rm -fr "$GNUPGHOME"' EXIT
gpg2 --keyserver --recv-keys 18AD5014C99EF7E3BA5F6CE950BDD3E0FC8A365E
gpg2 --verify /tmp/torcx_manifest.json.asc /tmp/torcx_manifest.json
# Download the selected Docker image at its URL in the manifest.
wget -P /var/lib/torcx/store $(jq -r ".value.packages[] | select(.name == \"docker\") | .versions[] | select(.version == \"${version}\") | .locations[] | select(.url).url" < /tmp/torcx_manifest.json)
test "x$(jq -r ".value.packages[] | select(.name == \"docker\") | .versions[] | select(.version == \"${version}\") | .hash" < /tmp/torcx_manifest.json)" = "xsha512-$(sha512sum "/var/lib/torcx/store/docker:${version}.torcx.tgz" | sed 's/ .*//')"
# Write a new profile named "docker" that selects the desired version on boot.
sed "s/$version/g" /usr/share/torcx/profiles/vendor.json > /etc/torcx/profiles/docker.json
echo docker > /etc/torcx/next-profile
# Reboot to start using the new version.
Copy link

redbaron commented Mar 6, 2018

@dm0- , If I'd like to use 17.03, which is already listed in manifest ( , is it possible to just "choose" it somehow at Ignition stage?

Copy link

dm0- commented Mar 16, 2018

@redbaron There isn't an easy way since you'd have to look up the CAS URL for each OS version. Here's a script that will output an Ignition file. (Note that it uses the OS-version-specific store directory; drop the $coreos component from the path if you want to continue using the same Docker image after upgrades.)

#!/bin/bash -e
# Output an Ignition file to select a Docker version.

# Specify the versions of Docker and the OS on the command-line.

# Create a temporary location for downloads etc.
tmp=$(mktemp -d)
trap 'rm -fr "$tmp"' EXIT

# Fetch the CoreOS CI and application signing keys for verifying downloads.
export GNUPGHOME="$tmp/gnupg"
mkdir -pm 0700 "$GNUPGHOME"
gpg2 --keyserver --recv-keys \
    04127D0BFABEC8871FFB2CCE50E0885593D2DCB4 \

# If the OS version wasn't given, assume current stable.
if [ "x$coreos" = xcurrent ]
        wget -qP "$tmp" "$board/current/version.txt"{.sig,}
        gpg2 --quiet --verify "$tmp/version.txt"{.sig,}
        coreos=$(sed -n 's/^COREOS_VERSION=//p' "$tmp/version.txt")

# Download the torcx manifest file for the given OS version.
wget -qP "$tmp" "$board/$coreos/torcx_manifest.json"{.asc,}
gpg2 --quiet --verify "$tmp/torcx_manifest.json"{.asc,}

# Find the URL and hash of the Docker image in the manifest.
url=$(jq -r ".value.packages[] | select(.name == \"docker\") | .versions[] | select(.version == \"${docker}\") | .locations[] | select(.url).url" < "$tmp/torcx_manifest.json")
hash=$(jq -r ".value.packages[] | select(.name == \"docker\") | .versions[] | select(.version == \"${docker}\") | .hash" < "$tmp/torcx_manifest.json")

# Output an ignition file with these values.
cat << EOF
  "ignition": { "version": "2.1.0" },
  "storage": {
    "files": [
        "filesystem": "root",
        "path": "/etc/torcx/next-profile",
        "mode": 420,
        "contents": { "source": "data:,docker" }
        "filesystem": "root",
        "path": "/var/lib/torcx/store/$coreos/docker:$docker.torcx.tgz",
        "mode": 420,
        "contents": {
          "source": "$url",
          "verification": { "hash": "$hash" }
        "filesystem": "root",
        "path": "/etc/torcx/profiles/docker.json",
        "mode": 420,
        "contents": { "source": "data:,%7B%22kind%22%3A%22profile-manifest-v0%22%2C%22value%22%3A%7B%22images%22%3A%5B%7B%22name%22%3A%22docker%22%2C%22reference%22%3A%22$docker%22%7D%5D%7D%7D" }

Copy link

rushins commented Aug 4, 2018

hello my coreos tectonic installer failing with this similar erorr as docker is not running. Tectonic installer 1.96 and this issue seems matching..can you guys help what i need to do.

basically my nodes after boot the docker is not running and hyperkube is exited.

Copy link

lpil commented Nov 21, 2019

Is there a way to do this for Docker 19? It seems Docker 18 is the newest in the manifest given above

Copy link

dm0- commented Nov 21, 2019

@lpil No, Container Linux is in maintenance mode and stopped updating Docker. You could try building your own torcx image from the upstream release binaries, but Fedora CoreOS is the actively maintained distro.

Copy link

lpil commented Nov 21, 2019

Hi @dm0- , thank you for your help!

I was under the impression that Fedora CoreOS is not yet released and is unsuitable for production use at this time? Perhaps I'm wrong. There doesn't seem to be an AMI on AWS for it.

I was unable to find any information on how to make a torcx image, could you point me in the right direction?


Copy link

dm0- commented Nov 21, 2019

@lpil I think Fedora CoreOS only has "preview" releases at the moment, but I no longer work for Red Hat / IBM so I don't know the status anymore.

The easiest way to build a new torcx image is probably just to extract the existing Docker image and recreate its layout with the new binaries. There are some specs in the torcx repo that might help, and I wrote an example from scratch a while ago.

Copy link

How do you remove the torcx config if you want to go back to OS included Docker version ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment