Is there a recommended way of using a specific version of docker (aka, moby-engine)?

CoreOS has a moby-engine package, which can be convenient but also means you’re stuck using whatever version is shipped.

The moby-engine package seems lacking in volunteers and receives little maintenance: it doesn’t keep up with patch releases, current package is 24.0.5 though upstream has 24.0.9. (This isn’t a complaint, just an observation. I gather packaging it is hard.)

Occasionally there are massive version jumps (ie, 20.10.x to 24.0.x in F39) where you don’t have a choice but to upgrade. On regular Fedora you have a grace period to stay on the current Fedora release until EOL, but on CoreOS you have no such option.

I suppose you can do rpm-ostree override remove moby-engine and install docker-ce from upstream, but I’m not sure if overriding base packages is such a sensible idea? Has anyone taken this approach? Is there a better or recommended way to resolve this?

Hello @shuffle and welcome to :fedora: !

Here is an Bugzilla issue you can follow: 2237925 – moby-engine-26.0.0 is available.

In that case, perhaps it is, although AFAIK not recommended, entirely at your own risk.

Personally, I’m not, because when I have an explicit need for Docker (for learning and testing) I use an Ubuntu VM.

I would suggest you consider using Podman if you haven’t already.

Hi Hristo, thanks for your reply!

This bugzilla page doesn’t really provide a solution, where the problem is that the package is not as useful as it could be because (a) it’s lacking volunteers, (b) it’s not kept up to date, and (c) the upgrade path is awkwardly forced upon users.

To be clear, I’m not trying to disparage the maintainers, nor am I demanding anything from anyone.

But perhaps it actually makes some sense to not have moby-engine in the base image?

This is unfortunately my impression too!

I appreciate that Red Hat’s focus is Podman, and that’s perfectly reasonable. Unfortunately, Podman doesn’t support Swarm and doesn’t have any built-in alternative, so I’m not able to switch.

This is how I would do it right now.

yeah. ultimately Fedora is built by the community and FCOS for the most part we are just taking the bits that are available and providing them in a nice package. We ship moby-engine (docker) and podman to offer users the choice. There have been times where shipping moby-engine was at risk, but we had some maintainers step up.

Gotcha!

I suppose a follow up question I have is what the actual risks/impacts are from removing a base package. I gather it’s not recommended or supported, but it’s not clear what users should be aware of if they have to go down this route (ie, what will break?).

Yeah, I can see it’s convenient for some users to have docker available from the moment you login to your CoreOS instance. But I feel this can in some cases disadvantage more serious users of CoreOS, who perhaps need:

  1. Control over when the moby-engine package receives major version upgrades, and/or
  2. Control over the moby-engine version in general for either bug fixes or compliance/security (eg, there are security fixes in upstream 24.0.7 from October, meanwhile the package on Fedora is stuck at 24.0.5).

It’s not that I’m pondering whether moby-engine should be a Fedora package, because clearly it does provide some convenience, but I’m pondering about whether having it as a default package in the base CoreOS image actually creates more problems than it solves.