I have an Ubuntu machine with Docker installed. (The Ubuntu version is 20.04, but this also affects 18.04, and possibly non-LTS versions as well.) The upgrade of the docker.io package to the current version from focal-security fails:
Preparing to unpack .../docker.io_20.10.7-0ubuntu1~20.04.1_amd64.deb ...
The aufs storage-driver is no longer supported.
Please ensure that none of your containers are
using the aufs storage driver, remove the directory
/var/lib/docker/aufs and try again.
dpkg: error processing archive /var/cache/apt/archives/docker.io_20.10.7-0ubuntu1~20.04.1_amd64.deb (--unpack):
new docker.io package pre-installation script subprocess returned error exit status 1
dpkg: error while cleaning up:
installed docker.io package post-installation script subprocess returned error exit status 1
This is a known bug, but the bug has been marked as “won't fix” based on the Ubuntu Docker packaging policy.
Quoting multiple people here:
This is a breaking change for an update that should not happen on an LTS version.
An upgrade requiring so much manual intervention like this should never happen in an LTS release.
You're correct about this in the general case. Unfortunately Docker is an exception. (…)
So, as an exception for Docker, we update to newer upstream releases without concern for backwards compatibility of the behaviour of Docker itself, instead relying entirely on upstream's decisions. In this case and based solely on the analysis already presented by others here, this means that we don't expect to be patching the aufs storage driver back in to our packaging ourselves. (…)
Following the policy as it stands, this isn't something we expect to fix, and therefore I'm marking this bug Won't Fix.
I find the reasoning baffling — if I'm using a stable distribution, I expect upgrades to be seamless, and I don't expect to have the latest version of programs. If I want a rolling release, I know where to find it, and it won't be called LTS. But this isn't the venue for this discussion.
My question here is, what do I do next? How do I “ensure that none of [my] containers are using the aufs storage driver”? Keeping an older, unmaintained version of Docker is a no-starter. I need to have security updates.
None of my containers use advanced features that would depend on the storage driver. I'm perfectly happy with upgrading or migrating my containers. How do I do that?
From the official Docker documentation - how to configure your storage driver to use
OverlayFSinstead ofAUFS.Stop Docker.
Copy the contents of
/var/lib/dockerto a temporary location.Edit
/etc/docker/daemon.json. If it does not yet exist, create it. Assuming that the file was empty, add the following contents.Docker does not start if the daemon.json file contains badly-formed JSON.
Start Docker.
Verify that the daemon is using the overlay2 storage driver. Use the docker info command and look for Storage Driver and Backing filesystem.
Docker is now using the
overlay2storage driver.You then need to recreate your containers and fetch all images again with the new storage driver in place. Mapped container data using "bind mounts" should be unaltered (this is mounts that point to data outside the Docker filesystem, as opposed to volumes - see here for more info).
After this, you can remove the directory
/var/lib/docker/aufsand proceed with upgrading the Docker package.Please note that if you should have moved the data directory to a different location (i.e.: via "
data-root" option indaemon.json) you need to remove both aufs directories, the one under the newdata-rootand the one under/var/lib/dockerbefore proceeding with installing the package