docs: Pin docker to version 18.06 #374

jodh-intel · 2019-02-05T10:30:42Z

Docker 18.09 removed devicemapper support but did not provide an
alternative. This can cause problems for users so update the install
docs to install Docker at version 18.06 (the last version that supports
devicemapper).

This is a temporary solution until either docker provide an alternative
or we find a way to work around the Docker feature being removed.

Fixes #373.

Signed-off-by: James O. D. Hunt [email protected]

jodh-intel · 2019-02-05T10:46:18Z

And now for the caveats...

I cannot test RHEL or SLES so we'll need input from others on that
(@GabyCT, @marcov, @flavio, @mssola).
fwics, docker 18.06 is not / no longer available for Fedora 29:

https://download.docker.com/linux/fedora/29/x86_64/stable/Packages

I've added in a minimal fix to deal with that but the summary is: if you're running F29, you'll be running Docker 18.09 (meaning no devicemapper).

/cc @egernst.

jodh-intel · 2019-02-05T11:01:11Z

/test

jodh-intel · 2019-02-05T11:18:16Z

Some of the CI builds are failing with:

Cloning into 'tests'...
/home/centos/tests/.ci/lib.sh: line 19: GOPATH: unbound variable

jodh-intel · 2019-02-05T11:33:49Z

/retest

jodh-intel · 2019-02-05T12:05:29Z

Fedora CI:

[kata-containers-documentation-fedora-PR] $ /bin/bash /tmp/jenkins7239932866990890670.sh
Cloning into 'tests'...
/home/fedora/tests/.ci/lib.sh: line 19: GOPATH: unbound variable
Build step 'Execute shell' marked build as failure
Setting status of 85dc9c7d17f69987e7512e9395e5ff7e4c8e4e06 to FAILURE with url http://jenkins.katacontainers.io/job/kata-containers-documentation-fedora-PR/50/ and message: 'Build finished. '
Using context: jenkins-ci-fedora
Finished: FAILURE

CentOS CI:

[kata-containers-documentation-centos-7-4-PR] $ /bin/bash /tmp/jenkins1058249980225164497.sh
Cloning into 'tests'...
/home/centos/tests/.ci/lib.sh: line 19: GOPATH: unbound variable
Build step 'Execute shell' marked build as failure
Setting status of 85dc9c7d17f69987e7512e9395e5ff7e4c8e4e06 to FAILURE with url http://jenkins.katacontainers.io/job/kata-containers-documentation-centos-7-4-PR/56/ and message: 'Build finished. '
Using context: jenkins-ci-centos-7-4
Finished: FAILURE

jodh-intel · 2019-02-05T12:09:30Z

Blocked on kata-containers/tests#1134, which should fix the GOPATH error.

jodh-intel · 2019-02-05T13:39:36Z

This PR is effectively also blocked on kata-containers/tests#1136 I think as we need to tweak the CI scripts to remove docker between running each documentation test.

marcov · 2019-02-05T16:02:48Z

install/docker/opensuse-docker-install.md


   ```bash
   $ sudo zypper -n install libcgroup1
-   $ sudo zypper -n install docker
+   $ sudo zypper -n install -f docker-18.06.1_ce-51.1


Another neat way to do this without hard coding a specific docker version is:

docker -n install docker<18.09'

This is going to work on SLES too.

Thanks @marcov - I've updated the branch for opensuse + sles.

GabyCT · 2019-02-05T16:20:27Z

@jodh-intel tested on OpenSuse and it is working, I do not have a license anymore of RHEL.

marcov · 2019-02-05T16:57:33Z

@jodh-intel fyi the docker packages for SUSE/SLE are built with a custom commands, and the devicemapper storage driver is still available in the 18.09 version we distribute.

chavafg · 2019-02-06T03:35:28Z

kata-containers/tests#1134 merged

Now I see this error:

1 upgraded, 1 newly installed, 0 to remove and 125 not upgraded.
E: Held packages were changed and -y was used without --allow-change-held-packages.
Build step 'Execute shell' marked build as failure

jodh-intel · 2019-02-06T09:06:29Z

@chavafg - yep, I need to update the doc CI tests on this PR to remove docker between running each doc test now that kata-containers/tests#1136 is merged...

jodh-intel · 2019-02-06T09:52:46Z

/test

jodh-intel · 2019-02-06T10:02:32Z

@fatherlinux, @mrguitar, @lsm5 - could you provide any input from the RHEL perspective? We don't have licenses any more and therefore cannot test updates to the RHEL install docs here.

jodh-intel · 2019-02-06T10:02:54Z

/retest

jodh-intel · 2019-02-06T11:25:24Z

Now blocked on kata-containers/tests#1144.

chavafg · 2019-02-06T17:06:28Z

/test

jodh-intel · 2019-02-06T17:19:17Z

/retest

jodh-intel · 2019-02-06T17:44:04Z

/retest

jodh-intel · 2019-02-06T17:56:29Z

Huzzah! Atlast we have a CI pass for this PR! ;)

@chavafg, @GabyCT - btw, I spotted this in the Jenkins logs:

Switched to branch 'PR_374'
Current branch PR_374 is up to date.
bash: .ci/hypervisors//filter_docker_.sh: No such file or directory
make -C cmd/checkcommits

grahamwhaley · 2019-02-06T18:06:25Z

Yeah, I think that is because we don't check that $HYPERVISOR or ARCH or similar is not "" before we try to deref it and find the filter file. That occurred to me as I saw the PR fly by earlier in the week. @GabyCT - can we add a null/non-exist check to avoid that pls?

grahamwhaley · 2019-02-06T18:08:11Z

hmm, maybe I need to enable github ack checks on this repo..... can I get an ack from @marcov maybe before we actually press the button?
I'm going to DNM it until that point, but am v.happy if others agree that is over cautions and go ahead and merge....

jodh-intel · 2019-02-08T12:00:14Z

@marcov, @mssola, @flavio - could you comment on this?

@egernst - I know you were keen to see this land so could you also ptal?

egernst

@jodh-intel - this looks good to me. Hopefully we'll be able to get this fixed soon and move to latest.

krsna1729 · 2019-02-11T21:49:36Z

Quick question @jodh-intel - Any reason why we don't install as shown below, which supports several distros, other than friends don't let friends do curl-pipe-bash :P

curl -fsSL https://get.docker.com | VERSION=18.06 sh

krsna1729 · 2019-02-11T23:55:51Z

also 18.06.2 vs 18.06.1 in the current changes to use the one patched for the runc CVE?
https://docs.docker.com/engine/release-notes/#18062

jcvenegas · 2019-02-12T18:34:24Z

@jodh-intel please rebase this PR.

Docker 18.09 removed devicemapper support but did not provide an alternative. This can cause problems for users so update the install docs to install Docker at version 18.06 (the last version that supports devicemapper). This is a temporary solution until either docker provide an alternative or we find a way to work around the Docker feature being removed. Note the extra logic required for Fedora since 18.06 is not available for that release. Fixes kata-containers#373. Signed-off-by: James O. D. Hunt <[email protected]>

jodh-intel · 2019-02-18T09:04:14Z

@jcvenegas - branch updated.

@krsna1729 - Updated for 18.06.2. Regarding your comment about using get.docker.com, that needs a lot more discussion and is not appropriate for this PR imho. You are of course free to install docker how you wish. However, although the get.docker.com approach is convenient, I'm not convinced many users would be happy running an opaque script downloaded off the web as root, particularly on a server. Yes, I know you can browse to that site and see the script, but it could change. Or the site could get hacked, or, or, or... By providing clear instructions in our installation guides, admins comfortable with shell script can see exactly what is happening.

If you wish to raise a PR using the get.docker.com approach, we can maybe force the issue and get more input from the rest of the community.

jodh-intel · 2019-02-26T10:03:20Z

Ping @kata-containers/documentation - The dnm was added by @grahamwhaley to get an extra review or two I think but this should have landed long ago. Please review.

klynnrif

Scrubbed for grammar, structure, and flow. One suggested line rewrite the is duplicated in the Notes section. Thanks!

klynnrif · 2019-02-28T20:20:59Z

install/docker/centos-docker-install.md

+   > - This step is only required if Docker is not installed on the system.
+   > - Newer versions of Docker have
+   >   [removed devicemapper support](https://github.com/kata-containers/documentation/issues/373)
+   >   so the commands below install the latest version which includes
