This upgrade httpd design and openssl, currently on the market scanned repair security vulnerabilities.
purpose:
Upgrading from the docker httpd 2.4.6 to 2.4.39, openssl to upgrade from 1.0.2k-6 1.0.2k-19
1, based on ius source download httpd 2.4.39, the latest openssl taken based on Red Hat's official website
ius Address: HTTP S: //mirrors.tuna.tsinghua.edu.cn/ius/ius-release-el7.rpm
2, to copy the installation package container docker
docker cp update-httpd-openssl.tar portal:/home
3, is mounted into the container httpd upgrade
docker exec -it -u root portal bash cd /home tar -xvf update-httpd-openssl.tar cd update-httpd-openssl # Note: before you need to uninstall this upgrade before they can upgrade httpd yum remove -y httpd-tools-2.4.6-67.el7.centos.6.x86_64 yum install *
4, check whether the upgrade is successful
httpd -version
5, restart the container
Additional:
The method failed upgrade container rollback: extracting by kolla-docker-restart mode to start the script conventional container, the container generated in / tmp startup script, delete existing containers, running a startup script regenerated image.
kolla-docker-restart portal
#!/usr/bin/env bash # kolla-docker-restart [[ $# -ne 1 ]] && echo "Usage: $0 <container_name_or_id>" && exit 1 container_name_or_id=$1 run_file="/tmp/start-$container_name_or_id" cat > /tmp/docker-run.tpl <<'EOF' docker run \ --name={{.Name}} \ {{range $e := .Config.Env}}--env={{printf "%q" $e}} \ {{end}}{{range $p, $conf := .NetworkSettings.Ports}}{{with $conf}}-p {{(index $conf 0).HostIp}}:{{(index $conf 0).HostPort}}:{{$p}} \ {{end}}{{end}}{{range $n, $conf := .NetworkSettings.Networks}}{{with $conf}}--network {{printf "%q" $n}} \ {{range $conf.Aliases}}--network-alias {{printf "%q" .}} {{end}} \ {{end}}{{end}}{{range $v := .HostConfig.VolumesFrom}}--volumes-from={{printf "%q" .}} \ {{end}}{{range $v := .HostConfig.Binds}}--volume={{printf "%q" .}} \ {{end}}{{range $l, $v := .Config.Labels}}--label {{printf "%q" $l}}={{printf "%q" $v}} \ {{end}}{{range $v := .HostConfig.CapAdd}}--cap-add {{printf "%q" .}} \ {{end}}{{range $v := .HostConfig.CapDrop}}--cap-drop {{printf "%q" .}} \ {{end}}{{range $d := .HostConfig.Devices}}--device={{printf "%q" (index $d).PathOnHost}}:{{printf "%q" (index $d).PathInContainer}}:{{(index $d).CgroupPermissions}} \ {{end}}{{range $v := .Config.Entrypoint}}--entrypoint={{printf "%q" .}} \ {{end}}{{with .HostConfig.LogConfig}}--log-driver={{printf "%q" .Type}} \ {{range $o, $v := .Config}}--log-opt {{$o}}={{printf "%q" $v}} \ {{end}}{{end}}{{with .HostConfig.RestartPolicy}}--restart="{{.Name}}{{if eq .Name "on-failure"}}{{.MaximumRetryCount}}{{end}}" \ {{end}}{{if .Config.Tty}}-t \ {{end}}{{if .Config.OpenStdin}}-i \ {{end}}{{if not (.Config.AttachStdout)}}--detach=true \ {{end}}{{if .HostConfig.Privileged}}--privileged \ {{end}}{{printf "%q" .Config.Image}} \ {{range .Config.Cmd}}{{printf "%q" .}} {{end}} EOF docker inspect --format "$(</tmp/docker-run.tpl)" "$container_name_or_id" > "$run_file" docker rm -f "$container_name_or_id" sh "$run_file" rm /tmp/docker-run.tpl "$run_file"