Update Docker to 20.10.14 (#10677)
* Upgrade docker version from 20.10.7 to 20.10.14, and pin containerd.io Update the Docker engine version from 20.10.7 to 20.10.14. This brings in some CVE and bug fixes. Additionally, pin the version of containerd.io to a specific version, mainly for consistency/reproducibility. Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com> * Remove the containerd ordering change to docker.service This appears to be already present in the current docker.service. Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com> * Remove use of apt-key apt-key is considered deprecated, and the current practice is to just add the key into /etc/apt/trusted.gpg.d/. Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com> * Upgrade docker container in Bullseye slave to 20.10.14 Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
This commit is contained in:
parent
850e45601b
commit
313cced32b
@ -31,7 +31,8 @@ set -x -e
|
|||||||
CONFIGURED_ARCH=$([ -f .arch ] && cat .arch || echo amd64)
|
CONFIGURED_ARCH=$([ -f .arch ] && cat .arch || echo amd64)
|
||||||
|
|
||||||
## docker engine version (with platform)
|
## docker engine version (with platform)
|
||||||
DOCKER_VERSION=5:20.10.7~3-0~debian-$IMAGE_DISTRO
|
DOCKER_VERSION=5:20.10.14~3-0~debian-$IMAGE_DISTRO
|
||||||
|
CONTAINERD_IO_VERSION=1.5.11-1
|
||||||
LINUX_KERNEL_VERSION=5.10.0-8-2
|
LINUX_KERNEL_VERSION=5.10.0-8-2
|
||||||
|
|
||||||
## Working directory to prepare the file system
|
## Working directory to prepare the file system
|
||||||
@ -233,17 +234,12 @@ if [[ $CONFIGURED_ARCH == armhf ]]; then
|
|||||||
# update ssl ca certificates for secure pem
|
# update ssl ca certificates for secure pem
|
||||||
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT c_rehash
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT c_rehash
|
||||||
fi
|
fi
|
||||||
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT curl -o /tmp/docker.gpg -fsSL https://download.docker.com/linux/debian/gpg
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT curl -o /tmp/docker.asc -fsSL https://download.docker.com/linux/debian/gpg
|
||||||
sudo LANG=C chroot $FILESYSTEM_ROOT apt-key add /tmp/docker.gpg
|
sudo LANG=C chroot $FILESYSTEM_ROOT mv /tmp/docker.asc /etc/apt/trusted.gpg.d/
|
||||||
sudo LANG=C chroot $FILESYSTEM_ROOT rm /tmp/docker.gpg
|
|
||||||
sudo LANG=C chroot $FILESYSTEM_ROOT add-apt-repository \
|
sudo LANG=C chroot $FILESYSTEM_ROOT add-apt-repository \
|
||||||
"deb [arch=$CONFIGURED_ARCH] https://download.docker.com/linux/debian $IMAGE_DISTRO stable"
|
"deb [arch=$CONFIGURED_ARCH] https://download.docker.com/linux/debian $IMAGE_DISTRO stable"
|
||||||
sudo LANG=C chroot $FILESYSTEM_ROOT apt-get update
|
sudo LANG=C chroot $FILESYSTEM_ROOT apt-get update
|
||||||
if dpkg --compare-versions ${DOCKER_VERSION} ge "18.09"; then
|
sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install docker-ce=${DOCKER_VERSION} docker-ce-cli=${DOCKER_VERSION} containerd.io=${CONTAINERD_IO_VERSION}
|
||||||
sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install docker-ce=${DOCKER_VERSION} docker-ce-cli=${DOCKER_VERSION}
|
|
||||||
else
|
|
||||||
sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install docker-ce=${DOCKER_VERSION}
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Uninstall 'python3-gi' installed as part of 'software-properties-common' to remove debian version of 'PyGObject'
|
# Uninstall 'python3-gi' installed as part of 'software-properties-common' to remove debian version of 'PyGObject'
|
||||||
# pip version of 'PyGObject' will be installed during installation of 'sonic-host-services'
|
# pip version of 'PyGObject' will be installed during installation of 'sonic-host-services'
|
||||||
@ -271,8 +267,6 @@ fi
|
|||||||
sudo mkdir -p $FILESYSTEM_ROOT/etc/systemd/system/docker.service.d/
|
sudo mkdir -p $FILESYSTEM_ROOT/etc/systemd/system/docker.service.d/
|
||||||
## Note: $_ means last argument of last command
|
## Note: $_ means last argument of last command
|
||||||
sudo cp files/docker/docker.service.conf $_
|
sudo cp files/docker/docker.service.conf $_
|
||||||
## Fix systemd race between docker and containerd
|
|
||||||
sudo sed -i '/After=/s/$/ containerd.service/' $FILESYSTEM_ROOT/lib/systemd/system/docker.service
|
|
||||||
|
|
||||||
## Create default user
|
## Create default user
|
||||||
## Note: user should be in the group with the same name, and also in sudo/docker/redis groups
|
## Note: user should be in the group with the same name, and also in sudo/docker/redis groups
|
||||||
|
@ -504,7 +504,7 @@ RUN add-apt-repository \
|
|||||||
$(lsb_release -cs) \
|
$(lsb_release -cs) \
|
||||||
stable"
|
stable"
|
||||||
RUN apt-get update
|
RUN apt-get update
|
||||||
RUN apt-get install -y docker-ce=5:20.10.7~3-0~debian-bullseye docker-ce-cli=5:20.10.7~3-0~debian-bullseye
|
RUN apt-get install -y docker-ce=5:20.10.14~3-0~debian-bullseye docker-ce-cli=5:20.10.14~3-0~debian-bullseye containerd.io=1.5.11-1
|
||||||
RUN echo "DOCKER_OPTS=\"--experimental --storage-driver=vfs {{ DOCKER_EXTRA_OPTS }}\"" >> /etc/default/docker
|
RUN echo "DOCKER_OPTS=\"--experimental --storage-driver=vfs {{ DOCKER_EXTRA_OPTS }}\"" >> /etc/default/docker
|
||||||
RUN update-alternatives --set iptables /usr/sbin/iptables-legacy
|
RUN update-alternatives --set iptables /usr/sbin/iptables-legacy
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user