Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Update Docker on CoreOS using torcx
#!/bin/bash -e
# Select which Docker version to use on CoreOS with torcx.
# Specify the available Docker version to enable.
version=17.09
# Create modifiable torcx paths if they don't exist already.
mkdir -p /etc/torcx/profiles /var/lib/torcx/store
# Download the torcx manifest file for the currently running OS version.
. /usr/share/coreos/release
manifest="https://tectonic-torcx.release.core-os.net/manifests/$COREOS_RELEASE_BOARD/$COREOS_RELEASE_VERSION/torcx_manifest.json"
wget -P /tmp "$manifest".asc "$manifest"
# Verify its signature with the CoreOS application signing key.
export GNUPGHOME=$(mktemp -d)
trap 'rm -fr "$GNUPGHOME"' EXIT
gpg2 --keyserver pool.sks-keyservers.net --recv-keys 18AD5014C99EF7E3BA5F6CE950BDD3E0FC8A365E
gpg2 --verify /tmp/torcx_manifest.json.asc /tmp/torcx_manifest.json
# Download the selected Docker image at its URL in the manifest.
wget -P /var/lib/torcx/store $(jq -r ".value.packages[] | select(.name == \"docker\") | .versions[] | select(.version == \"${version}\") | .locations[] | select(.url).url" < /tmp/torcx_manifest.json)
test "x$(jq -r ".value.packages[] | select(.name == \"docker\") | .versions[] | select(.version == \"${version}\") | .hash" < /tmp/torcx_manifest.json)" = "xsha512-$(sha512sum "/var/lib/torcx/store/docker:${version}.torcx.tgz" | sed 's/ .*//')"
# Write a new profile named "docker" that selects the desired version on boot.
sed "s/com.coreos.cl/$version/g" /usr/share/torcx/profiles/vendor.json > /etc/torcx/profiles/docker.json
echo docker > /etc/torcx/next-profile
# Reboot to start using the new version.
reboot
@redbaron
Copy link

redbaron commented Mar 6, 2018

@dm0- , If I'd like to use 17.03, which is already listed in manifest (https://tectonic-torcx.release.core-os.net/manifests/amd64-usr/1688.2.0/torcx_manifest.json) , is it possible to just "choose" it somehow at Ignition stage?

@dm0-
Copy link
Author

dm0- commented Mar 16, 2018

@redbaron There isn't an easy way since you'd have to look up the CAS URL for each OS version. Here's a script that will output an Ignition file. (Note that it uses the OS-version-specific store directory; drop the $coreos component from the path if you want to continue using the same Docker image after upgrades.)

#!/bin/bash -e
# Output an Ignition file to select a Docker version.

# Specify the versions of Docker and the OS on the command-line.
docker=${1:-17.03}
coreos=${2:-current}
board=${3:-amd64-usr}

# Create a temporary location for downloads etc.
tmp=$(mktemp -d)
trap 'rm -fr "$tmp"' EXIT

# Fetch the CoreOS CI and application signing keys for verifying downloads.
export GNUPGHOME="$tmp/gnupg"
mkdir -pm 0700 "$GNUPGHOME"
gpg2 --keyserver pool.sks-keyservers.net --recv-keys \
    04127D0BFABEC8871FFB2CCE50E0885593D2DCB4 \
    18AD5014C99EF7E3BA5F6CE950BDD3E0FC8A365E

# If the OS version wasn't given, assume current stable.
if [ "x$coreos" = xcurrent ]
then
        wget -qP "$tmp" "https://stable.release.core-os.net/$board/current/version.txt"{.sig,}
        gpg2 --quiet --verify "$tmp/version.txt"{.sig,}
        coreos=$(sed -n 's/^COREOS_VERSION=//p' "$tmp/version.txt")
fi

# Download the torcx manifest file for the given OS version.
wget -qP "$tmp" "https://tectonic-torcx.release.core-os.net/manifests/$board/$coreos/torcx_manifest.json"{.asc,}
gpg2 --quiet --verify "$tmp/torcx_manifest.json"{.asc,}

# Find the URL and hash of the Docker image in the manifest.
url=$(jq -r ".value.packages[] | select(.name == \"docker\") | .versions[] | select(.version == \"${docker}\") | .locations[] | select(.url).url" < "$tmp/torcx_manifest.json")
hash=$(jq -r ".value.packages[] | select(.name == \"docker\") | .versions[] | select(.version == \"${docker}\") | .hash" < "$tmp/torcx_manifest.json")

# Output an ignition file with these values.
cat << EOF
{
  "ignition": { "version": "2.1.0" },
  "storage": {
    "files": [
      {
        "filesystem": "root",
        "path": "/etc/torcx/next-profile",
        "mode": 420,
        "contents": { "source": "data:,docker" }
      },
      {
        "filesystem": "root",
        "path": "/var/lib/torcx/store/$coreos/docker:$docker.torcx.tgz",
        "mode": 420,
        "contents": {
          "source": "$url",
          "verification": { "hash": "$hash" }
        }
      },
      {
        "filesystem": "root",
        "path": "/etc/torcx/profiles/docker.json",
        "mode": 420,
        "contents": { "source": "data:,%7B%22kind%22%3A%22profile-manifest-v0%22%2C%22value%22%3A%7B%22images%22%3A%5B%7B%22name%22%3A%22docker%22%2C%22reference%22%3A%22$docker%22%7D%5D%7D%7D" }
      }
    ]
  }
}
EOF

@rushins
Copy link

rushins commented Aug 4, 2018

hello my coreos tectonic installer failing with this similar erorr as docker is not running. Tectonic installer 1.96 and this issue seems matching..can you guys help what i need to do.

basically my nodes after boot the docker is not running and hyperkube is exited.

@lpil
Copy link

lpil commented Nov 21, 2019

Is there a way to do this for Docker 19? It seems Docker 18 is the newest in the manifest given above

@dm0-
Copy link
Author

dm0- commented Nov 21, 2019

@lpil No, Container Linux is in maintenance mode and stopped updating Docker. You could try building your own torcx image from the upstream release binaries, but Fedora CoreOS is the actively maintained distro.

@lpil
Copy link

lpil commented Nov 21, 2019

Hi @dm0- , thank you for your help!

I was under the impression that Fedora CoreOS is not yet released and is unsuitable for production use at this time? Perhaps I'm wrong. There doesn't seem to be an AMI on AWS for it.

I was unable to find any information on how to make a torcx image, could you point me in the right direction?

Thanks!

@dm0-
Copy link
Author

dm0- commented Nov 21, 2019

@lpil I think Fedora CoreOS only has "preview" releases at the moment, but I no longer work for Red Hat / IBM so I don't know the status anymore.

The easiest way to build a new torcx image is probably just to extract the existing Docker image and recreate its layout with the new binaries. There are some specs in the torcx repo that might help, and I wrote an example from scratch a while ago.

@mikekuzak
Copy link

mikekuzak commented Apr 6, 2020

How do you remove the torcx config if you want to go back to OS included Docker version ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment