Instantly share code, notes, and snippets.

Embed
What would you like to do?
Update Docker on CoreOS using torcx
#!/bin/bash -e
# Select which Docker version to use on CoreOS with torcx.
# Specify the available Docker version to enable.
version=17.09
# Create modifiable torcx paths if they don't exist already.
mkdir -p /etc/torcx/profiles /var/lib/torcx/store
# Download the torcx manifest file for the currently running OS version.
. /usr/share/coreos/release
manifest="https://tectonic-torcx.release.core-os.net/manifests/$COREOS_RELEASE_BOARD/$COREOS_RELEASE_VERSION/torcx_manifest.json"
wget -P /tmp "$manifest".asc "$manifest"
# Verify its signature with the CoreOS application signing key.
export GNUPGHOME=$(mktemp -d)
trap 'rm -fr "$GNUPGHOME"' EXIT
gpg2 --keyserver pool.sks-keyservers.net --recv-keys 18AD5014C99EF7E3BA5F6CE950BDD3E0FC8A365E
gpg2 --verify /tmp/torcx_manifest.json.asc /tmp/torcx_manifest.json
# Download the selected Docker image at its URL in the manifest.
wget -P /var/lib/torcx/store $(jq -r ".value.packages[] | select(.name == \"docker\") | .versions[] | select(.version == \"${version}\") | .locations[] | select(.url).url" < /tmp/torcx_manifest.json)
test "x$(jq -r ".value.packages[] | select(.name == \"docker\") | .versions[] | select(.version == \"${version}\") | .hash" < /tmp/torcx_manifest.json)" = "xsha512-$(sha512sum "/var/lib/torcx/store/docker:${version}.torcx.tgz" | sed 's/ .*//')"
# Write a new profile named "docker" that selects the desired version on boot.
sed "s/com.coreos.cl/$version/g" /usr/share/torcx/profiles/vendor.json > /etc/torcx/profiles/docker.json
echo docker > /etc/torcx/next-profile
# Reboot to start using the new version.
reboot
@redbaron

This comment has been minimized.

Copy link

redbaron commented Mar 6, 2018

@dm0- , If I'd like to use 17.03, which is already listed in manifest (https://tectonic-torcx.release.core-os.net/manifests/amd64-usr/1688.2.0/torcx_manifest.json) , is it possible to just "choose" it somehow at Ignition stage?

@dm0-

This comment has been minimized.

Copy link
Owner Author

dm0- commented Mar 16, 2018

@redbaron There isn't an easy way since you'd have to look up the CAS URL for each OS version. Here's a script that will output an Ignition file. (Note that it uses the OS-version-specific store directory; drop the $coreos component from the path if you want to continue using the same Docker image after upgrades.)

#!/bin/bash -e
# Output an Ignition file to select a Docker version.

# Specify the versions of Docker and the OS on the command-line.
docker=${1:-17.03}
coreos=${2:-current}
board=${3:-amd64-usr}

# Create a temporary location for downloads etc.
tmp=$(mktemp -d)
trap 'rm -fr "$tmp"' EXIT

# Fetch the CoreOS CI and application signing keys for verifying downloads.
export GNUPGHOME="$tmp/gnupg"
mkdir -pm 0700 "$GNUPGHOME"
gpg2 --keyserver pool.sks-keyservers.net --recv-keys \
    04127D0BFABEC8871FFB2CCE50E0885593D2DCB4 \
    18AD5014C99EF7E3BA5F6CE950BDD3E0FC8A365E

# If the OS version wasn't given, assume current stable.
if [ "x$coreos" = xcurrent ]
then
        wget -qP "$tmp" "https://stable.release.core-os.net/$board/current/version.txt"{.sig,}
        gpg2 --quiet --verify "$tmp/version.txt"{.sig,}
        coreos=$(sed -n 's/^COREOS_VERSION=//p' "$tmp/version.txt")
fi

# Download the torcx manifest file for the given OS version.
wget -qP "$tmp" "https://tectonic-torcx.release.core-os.net/manifests/$board/$coreos/torcx_manifest.json"{.asc,}
gpg2 --quiet --verify "$tmp/torcx_manifest.json"{.asc,}

# Find the URL and hash of the Docker image in the manifest.
url=$(jq -r ".value.packages[] | select(.name == \"docker\") | .versions[] | select(.version == \"${docker}\") | .locations[] | select(.url).url" < "$tmp/torcx_manifest.json")
hash=$(jq -r ".value.packages[] | select(.name == \"docker\") | .versions[] | select(.version == \"${docker}\") | .hash" < "$tmp/torcx_manifest.json")

# Output an ignition file with these values.
cat << EOF
{
  "ignition": { "version": "2.1.0" },
  "storage": {
    "files": [
      {
        "filesystem": "root",
        "path": "/etc/torcx/next-profile",
        "mode": 420,
        "contents": { "source": "data:,docker" }
      },
      {
        "filesystem": "root",
        "path": "/var/lib/torcx/store/$coreos/docker:$docker.torcx.tgz",
        "mode": 420,
        "contents": {
          "source": "$url",
          "verification": { "hash": "$hash" }
        }
      },
      {
        "filesystem": "root",
        "path": "/etc/torcx/profiles/docker.json",
        "mode": 420,
        "contents": { "source": "data:,%7B%22kind%22%3A%22profile-manifest-v0%22%2C%22value%22%3A%7B%22images%22%3A%5B%7B%22name%22%3A%22docker%22%2C%22reference%22%3A%22$docker%22%7D%5D%7D%7D" }
      }
    ]
  }
}
EOF
@rushins

This comment has been minimized.

Copy link

rushins commented Aug 4, 2018

hello my coreos tectonic installer failing with this similar erorr as docker is not running. Tectonic installer 1.96 and this issue seems matching..can you guys help what i need to do.

basically my nodes after boot the docker is not running and hyperkube is exited.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment