Updating docker engine and docker compose plugin in Amazon Linux 2?

I have an Amazon AWS EC2 instance running Amazon Linux 2. It has Docker engine 25.0.5 installed (which is an old version that comes with Docker compose v2.3.3).

Via yum, the docker package is already up to date.

There exists a vulnerability in this version of Docker Engine (Docker Engine < 23.0.15 / 26.x < 26.1.5 / 27.x < 27.1.1 Authen...<!-- --> | Tenable®)

I need to update Docker to a newer version, preferably 27.1.1 to mitigate this vulnerability.

I cannot do so using the existing repo as 25.0.5 is the most up to date version.

I am trying to manually add the repo mentioned here: RHEL | Docker Docs

But I receive the following error when trying to check for updates:

Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
amzn2-core
https://download.docker.com/linux/centos/2/x86_64/stable/repodata/repomd.xml: [Errno 14] HTTPS Error 404 - Not Found
Trying other mirror.


 One of the configured repositories failed (Docker CE Stable - x86_64),
 and yum doesn't have enough cached data to continue. At this point the only
 safe thing yum can do is fail. There are a few ways to work "fix" this:

     1. Contact the upstream for the repository and get them to fix the problem.

     2. Reconfigure the baseurl/etc. for the repository, to point to a working
        upstream. This is most often useful if you are using a newer
        distribution release than is supported by the repository (and the
        packages for the previous distribution release still work).

     3. Run the command with the repository temporarily disabled
            yum --disablerepo=docker-ce-stable ...

     4. Disable the repository permanently, so yum won't use it by default. Yum
        will then just ignore the repository until you permanently enable it
        again or use --enablerepo for temporary usage:

            yum-config-manager --disable docker-ce-stable
        or
            subscription-manager repos --disable=docker-ce-stable

     5. Configure the failing repository to be skipped, if it is unavailable.
        Note that yum will try to contact the repo. when it runs most commands,
        so will have to try and fail each time (and thus. yum will be be much
        slower). If it is a very temporary problem though, this is often a nice
        compromise:

            yum-config-manager --save --setopt=docker-ce-stable.skip_if_unavailable=true

failure: repodata/repomd.xml from docker-ce-stable: [Errno 256] No more mirrors to try.
https://download.docker.com/linux/centos/2/x86_64/stable/repodata/repomd.xml: [Errno 14] HTTPS Error 404 - Not Found

How can I fix this issue? The repo config looks as follows:


[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://download.docker.com/linux/centos/$releasever/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg

[docker-ce-stable-debuginfo]
name=Docker CE Stable - Debuginfo $basearch
baseurl=https://download.docker.com/linux/centos/$releasever/debug-$basearch/stable
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg

[docker-ce-stable-source]
name=Docker CE Stable - Sources
baseurl=https://download.docker.com/linux/centos/$releasever/source/stable
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg

[docker-ce-test]
name=Docker CE Test - $basearch
baseurl=https://download.docker.com/linux/centos/$releasever/$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg

[docker-ce-test-debuginfo]
name=Docker CE Test - Debuginfo $basearch
baseurl=https://download.docker.com/linux/centos/$releasever/debug-$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg

[docker-ce-test-source]
name=Docker CE Test - Sources
baseurl=https://download.docker.com/linux/centos/$releasever/source/test
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg

[docker-ce-nightly]
name=Docker CE Nightly - $basearch
baseurl=https://download.docker.com/linux/centos/$releasever/$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg

[docker-ce-nightly-debuginfo]
name=Docker CE Nightly - Debuginfo $basearch
baseurl=https://download.docker.com/linux/centos/$releasever/debug-$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg

[docker-ce-nightly-source]
name=Docker CE Nightly - Sources
baseurl=https://download.docker.com/linux/centos/$releasever/source/nightly
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg

It looks like you tried CentOS 2. I have no idea if that ever existed and I have no idea how centos could possibly appear when you follow the RHEL instructions.

If there is an Amazon Linux forum, maybe someone knows how the latest Docker can be installed. Or you can try the binaries or add the right repositories manually not using variables that will contain the version of the Amazon Linux distribution which has nothing to do with CentOS or RHEL

Ah yeah I forgot to mention, Amazon Linux 2 is based on RHEL 7, and I think I tried both this and CentOS to no avail.

The issue seems to be the release version is resolving to 2 instead of 7: Docker install failing in linux with error [Errno 14] HTTPS Error 404 - Not Found - Stack Overflow

Of course, since you have version 2. How would your OS or anything know that you meant CentOS or RHEL, instead of your actual distribution? :slight_smile: That is why I suggested setting the versions and the full repo url manually.

I figured it out, but Ubuntu is based on Debian, yet the documentation has separate instructions for Debian and Ubuntu, so you can’t just use another distribution’s repository. Sometimes you can, but the best people to tell you if that is possible is the community of the distribution you are using.

Even if you replace $releasever with the static value 7, the latest version in the repo is docker-ce-cli-26.1.4-1, and chances are high that dependencies might be missing if you don’t add additional centos repositories. You might end up replacing additional os packages with those of centos, or even end up in dependency conflicts. If you really want to walk down that road, make sure to create a snapshot of your ebs volume, so you can return to the previous state in case it doesn’t work.

Personally, I would wait until Amazon releases a fix. Furthermore, It is time to plan the migration from AL2 to AL2023, as AL2 support will reach EOL in 7 months.

1 Like