Join Log in
Score:8
Gilles 'SO- stop being evil' avatar Ubuntu

Docker upgrade failure: The aufs storage-driver is no longer supported

tr flag
Gilles 'SO- stop being evil'

I have an Ubuntu machine with Docker installed. (The Ubuntu version is 20.04, but this also affects 18.04, and possibly non-LTS versions as well.) The upgrade of the docker.io package to the current version from focal-security fails:

Preparing to unpack .../docker.io_20.10.7-0ubuntu1~20.04.1_amd64.deb ...
The aufs storage-driver is no longer supported.
Please ensure that none of your containers are
using the aufs storage driver, remove the directory
/var/lib/docker/aufs and try again.
dpkg: error processing archive /var/cache/apt/archives/docker.io_20.10.7-0ubuntu1~20.04.1_amd64.deb (--unpack):
 new docker.io package pre-installation script subprocess returned error exit status 1
dpkg: error while cleaning up:
 installed docker.io package post-installation script subprocess returned error exit status 1

This is a known bug, but the bug has been marked as “won't fix” based on the Ubuntu Docker packaging policy.

Quoting multiple people here:

This is a breaking change for an update that should not happen on an LTS version.

An upgrade requiring so much manual intervention like this should never happen in an LTS release.

You're correct about this in the general case. Unfortunately Docker is an exception. (…)

So, as an exception for Docker, we update to newer upstream releases without concern for backwards compatibility of the behaviour of Docker itself, instead relying entirely on upstream's decisions. In this case and based solely on the analysis already presented by others here, this means that we don't expect to be patching the aufs storage driver back in to our packaging ourselves. (…)

Following the policy as it stands, this isn't something we expect to fix, and therefore I'm marking this bug Won't Fix.

I find the reasoning baffling — if I'm using a stable distribution, I expect upgrades to be seamless, and I don't expect to have the latest version of programs. If I want a rolling release, I know where to find it, and it won't be called LTS. But this isn't the venue for this discussion.

My question here is, what do I do next? How do I “ensure that none of [my] containers are using the aufs storage driver”? Keeping an older, unmaintained version of Docker is a no-starter. I need to have security updates.

None of my containers use advanced features that would depend on the storage driver. I'm perfectly happy with upgrading or migrating my containers. How do I do that?

2492
1 + 10
Artur Meinild avatar
vn flag
Artur Meinild
How about installing Docker from the [official repos](https://docs.docker.com/engine/install/ubuntu/) instead of Canonicals version (docker.io)? I'm doing this, and running latest version with no problems.
0
Reply
Gilles 'SO- stop being evil' avatar
tr flag
Gilles 'SO- stop being evil'
@ArturMeinild The problem is not running the latest version, it's upgrading the version I currently have.
0
Reply
Artur Meinild avatar
vn flag
Artur Meinild
What's the contents of `/var/lib/docker/aufs`?
0
Reply
Gilles 'SO- stop being evil' avatar
tr flag
Gilles 'SO- stop being evil'
@ArturMeinild `diff` containing directories whose names are 64 hex digits (some with a `-init` suffix) and whose contents are, as far as I can tell, files modified from the base image. `layers` containing files with similar names whose contents are text files with 64 hex digits per line. `mnt` with empty directories.
0
Reply
Gilles 'SO- stop being evil' avatar
tr flag
Gilles 'SO- stop being evil'
@ArturMeinild This page is not helpful to me at all. It explains how storage drivers work, but I don't care about that. I need to upgrade my _existing_ system. I have containers that are currently using aufs. How to I migrate them to overlayfs?
1
Reply
BjornW avatar
cn flag
BjornW
Got hit by this as well now. Can you hold docker.io at the old version? I have a workstation with dozens of containers that aren't trivial to rebuild and can't waste hours doing it either because of an LTS (!) upgrade... :/
1
Reply
Gilles 'SO- stop being evil' avatar
tr flag
Gilles 'SO- stop being evil'
@BjornW Yes, you can hold the docker package. But that means you're staying with whatever security vulnerabilities might be discovered in that version.
0
Reply
BjornW avatar
cn flag
BjornW
Yes managed to hold it now and complete upgrading the other packages.. sometimes reality interferes and forces you to postpone some drastic upgrades like this (that at least IMO never should have been forced upon people in the first place without a migration tool, which apparently would have been possible to make as others have posted scripts that can migrate the containers). Thanks for the reply and btw I'm not directing this rant at you of course :)
0
Reply
Gilles 'SO- stop being evil' avatar
tr flag
Gilles 'SO- stop being evil'
@BjornW If you've found a way to automatically migrate containers, please post an answer here!
0
Reply
BjornW avatar
cn flag
BjornW
@Gilles'SO-stopbeingevil' I wonder if this works: https://stackoverflow.com/questions/44745304/how-to-move-images-of-docker-in-aufs-directory-to-overlay2 using docker save / docker load
0
Reply
haventchecked avatar
mk flag
haventchecked
Looks like I'm staying with 20.04.6 LTS forever, lol.
0
Reply
Score:6
Artur Meinild avatar Ubuntu
vn flag
Artur Meinild

From the official Docker documentation - how to configure your storage driver to use OverlayFS instead of AUFS.

  1. Stop Docker.

    sudo systemctl stop docker

  2. Copy the contents of /var/lib/docker to a temporary location.

    cp -au /var/lib/docker /var/lib/docker.bk

  3. Edit /etc/docker/daemon.json. If it does not yet exist, create it. Assuming that the file was empty, add the following contents.

    {
   "storage-driver": "overlay2" 
}

    Docker does not start if the daemon.json file contains badly-formed JSON.

  4. Start Docker.

    sudo systemctl start docker

  5. Verify that the daemon is using the overlay2 storage driver. Use the docker info command and look for Storage Driver and Backing filesystem.

    $ docker info

Containers: 0
Images: 0
Storage Driver: overlay2
 Backing Filesystem: xfs
 Supports d_type: true
 Native Overlay Diff: true
<...>

Docker is now using the overlay2 storage driver.

You then need to recreate your containers and fetch all images again with the new storage driver in place. Mapped container data in volumes should be unaltered.

After this, you can remove the directory /var/lib/docker/aufs and proceed with upgrading the Docker package.

0 + 3
Gilles 'SO- stop being evil' avatar
tr flag
Gilles 'SO- stop being evil'
I'm confused about “You then need to recreate your containers and fetch all images again with the new storage driver in place. Mapped container data in volumes should be unaltered.” I don't know what “mapped container data in volumes” means. What is preserved at this step? I find it weird that I'd be re-downloading the base images, which are not modified by the choice of storage driver, but local modifications would be, even though that's what the storage driver is about?
2
Reply
Artur Meinild avatar
vn flag
Artur Meinild
Now I don't know your complete Docker setup, but hopefully your persistent data is separate from the Docker data. The runtime data that uses the storage driver should "only" be temporary data, everything that you want to be persistent should be mapped elsewhere as volumes (named or direct paths). I'm assuming this, because if that's not the case, migrating your containers will be very difficult.
1
Reply
Artur Meinild avatar
vn flag
Artur Meinild
Think of this as creating all your containers from scratch, but with the persistent data in place.
0
Reply
in flag
Brunis
Has the aufs driver been removed entirely from the LTS docker.io upgrade? .. or can i temp set the storage backend to "overlay2" and upgrade and just switch back?
0
Reply
in flag
Brunis
I've looked at several image backup/restore and container backup/restore guides and absolutely none of them explain how to restore your containers the way they were so you can just continue where you left off..
1
Reply
Mave avatar
id flag
Mave
@Brunis Have you ever found an answer? I've just lost all my images and containers :|
0
Reply
in flag
Brunis
@Mave i migrated everything to docker-compose. Took me several days until i could just recreate my containers and the pgsql image was mapped properly to the filesystem where my db files were. What a nightmare. Not waiting for LTS releases again, what a joke that there is no upgrade path from LTS -> LTS ..
0
Reply
dB. avatar
pw flag
dB.
After reading all of the above I am unclear whether 1) there's an upgrade path without losing data 2) whether `rm -rf /var/lib/docker/aufs` is safe in my setup 3) how to "re-recreate containers" in my setup. I use Dokku, opened https://github.com/dokku/dokku/issues/5523 to ask there too.
1
Reply
Score:0
avatar Ubuntu
in flag
dgiffone

Please note that if you should have moved the data directory to a different location (i.e.: via "data-root" option in daemon.json) you need to remove both aufs directories, the one under the new data-root and the one under /var/lib/docker before proceeding with installing the package

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.