Locking the version of the docker package on Red Hat Enterprise Linux Atomic Host

Solution Verified - Updated

Environment

  • Red Hat Enterprise Linux Atomic Host 7.4.5
  • Red Hat Enterprise Linux Atomic Host 7.5
  • Red Hat OpenShift Container Plaftorm 3.6
  • Red Hat OpenShift Container Plaftorm 3.7

Issue

  • Red Hat Enterprise Linux Atomic Host 7.4.5 and newer ship with docker version 1.13
  • Red Hat OpenShift Container Platform version 3.6/3.7 require docker version 1.12.6
  • Can the docker package in Red Hat Enterprise Linux Atomic Host be locked to version 1.12?

Resolution

The docker packages can be locked at version 1.12 using the rpm-ostree override functionality. The following process will ensure that RHEL Atomic Host upgrades will keep the required version of the docker container engine.

NOTE: This process has been tested with RHEL Atomic Host versions 7.4.4, 7.4.5, and 7.5.0. It will not work with older versions of RHEL Atomic Host, before the override option was added to the rpm-ostree command.

Download the required docker packages

You can download the required docker packages using yumdownloader, found in the rhel-tools container image. On the RHEL Atomic Host machine, launch the rhel-tools image:

# atomic run rhel7/rhel-tools

Once in the rhel-tools image, configure the proper repositories and download the required packages into a directory on the RHEL Atomic Host

# mkdir /host/tmp/docker
# yumdownloader --destdir=/host/tmp/docker/ --disablerepo=\* --enablerepo=rhel-7-server-extras-rpms docker-1.12.6-71.git3e8e77d.el7.x86_64 docker-common-1.12.6-71.git3e8e77d.el7.x86_64 docker-novolume-plugin-1.12.6-71.git3e8e77d.el7.x86_64 docker-client-1.12.6-71.git3e8e77d.el7.x86_64 docker-lvm-plugin-1.12.6-71.git3e8e77d.el7.x86_64 docker-rhel-push-plugin-1.12.6-71.git3e8e77d.el7.x86_64
# exit

Remove the docker-latest packages

Due to a dependency on the docker-common package, the docker-latest package needs to be removed before the docker package can be locked to the 1.12 version.

# rpm-ostree override remove docker-latest docker-client-latest
# systemctl reboot

Install the docker version 1.12 packages

On the host, use rpm-ostree replace to install the packages that were downloaded to /tmp/docker:

# cd /tmp/docker
# rpm-ostree override replace docker*rpm
# systemctl reboot

NOTE: If you start with RHEL Atomic Host 7.4.4, you will see this during the rpm-ostree override replace docker*rpm command:

Inactive base replacements:
  docker-rhel-push-plugin-2:1.12.6-71.git3e8e77d.el7.x86_64
  docker-2:1.12.6-71.git3e8e77d.el7.x86_64
  docker-lvm-plugin-2:1.12.6-71.git3e8e77d.el7.x86_64
  docker-novolume-plugin-2:1.12.6-71.git3e8e77d.el7.x86_64
  docker-client-2:1.12.6-71.git3e8e77d.el7.x86_64
  docker-common-2:1.12.6-71.git3e8e77d.el7.x86_64

This is because the packages specified in the override match the packages already installed in the RHEL Atomic Host 7.4.4 image. If you run atomic host status before upgrading to 7.4.5, you will not see the 6 docker packages in the "ReplacedBasePackages" section. However, they will appear once you update the machine to 7.4.5 or 7.5.0.

Once the system has been upgraded to RHEL Atomic Host 7.4.5 or newer, running atomic host status should show both the removed and replaced packages. For example:

● rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard
                   Version: 7.4.5 (2018-03-01 19:18:33)
                BaseCommit: 6cb4d618030f69aa4a5732aa0795cb7fe2c167725273cffa11d0357d80e5eef0
       RemovedBasePackages: docker-client-latest-1.13.1-53.git774336d.el7.x86_64, docker-latest-1.13.1-53.git774336d.el7.x86_64
       ReplacedBasePackages: docker-rhel-push-plugin docker docker-lvm-plugin docker-novolume-plugin docker-common docker-client 2:1.13.1-53.git774336d.el7 -> 2:1.12.6-71.git3e8e77d.el7

Resetting to the original base ostree image

Once the need for a locked version of the docker package has passed, the ostree image can be reset to its default state with the following commands:

# rpm-ostree override reset --all
# systemctl reboot

Root Cause

Specific combinations of OpenShift and RHEL atomic host create a version/dependency mismatch as documented by the OpenShift Tested Configurations Matrix.

This procedure is provided to allow OpenShift to remain supported on the 7.4 RHEL minor stream as it pertains to RHEL atomic host.

  • Note: the version conflicts seen with RHEL Atomic Host are not seen with RPM installs, due to yum execute rules provided by the OpenShift packages.
SBR
Product(s)
Components
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.