概要
- 今回は、Amazon Linux OS において、amazon-efs-utils パッケージのバージョンを 1.x→2.x にアップデートする方法を紹介します。
- amazon-efs-utils パッケージは、Amazon EFS のクライアントにインストールするEFS マウントヘルパーと呼ばれるソフトウェアであり、Amazon EFS のファイルシステムをマウントする際に使用します。
- アップデートの理由は、これまでAmazon Linux OS にamazon-efs-utils 1.x をインストールしていましたが、SSRF (Server Side Request Forgery) の脆弱性に対応するため、脆弱性を対策した IMDSv2 をサポートするバージョンのamazon-efs-utils 2.x へ更新を行うためです。
- 記事は、Amazon Linux 2 を前提に記載しております。Amazon Linux 2023 はIMDSv2 が必要であり、amazon-efs-utils 1.x→2.x アップデートのシチュエーションは起こらないかもしれません。
amazon-efs-utils 1.x→2.x は yum アップデートできない
- amazon-efs-utils パッケージはyumで導入、管理しますが、amazon-efs-utils 1.x→2.x は yum でアップデートができません。
- yum update を行うと、「Error: Multilib version problems found」のエラーが発生します。
[ec2-user@niikawa-test-linux ~]$ yum list installed | grep amazon-efs-utils
amazon-efs-utils.noarch 1.35.0-1.amzn2 @amzn2-core
[ec2-user@niikawa-test-linux ~]$ sudo yum update amazon-efs-utils
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
66 packages excluded due to repository priority protections
Resolving Dependencies
--> Running transaction check
---> Package amazon-efs-utils.noarch 0:1.35.0-1.amzn2 will be updated
---> Package amazon-efs-utils.noarch 0:1.35.2-1.amzn2 will be an update
---> Package amazon-efs-utils.x86_64 0:2.1.0-1.amzn2 will be an update
--> Finished Dependency Resolution
Error: Multilib version problems found. This often means that the root
cause is something else and multilib version checking is just
pointing out that there is a problem. Eg.:
1. You have an upgrade for amazon-efs-utils which is missing some
dependency that another package requires. Yum is trying to
solve this by installing an older version of amazon-efs-utils of the
different architecture. If you exclude the bad architecture
yum will tell you what the root cause is (which package
requires what). You can try redoing the upgrade with
--exclude amazon-efs-utils.otherarch ... this should give you an error
message showing the root cause of the problem.
2. You have multiple architectures of amazon-efs-utils installed, but
yum can only see an upgrade for one of those architectures.
If you don't want/need both architectures anymore then you
can remove the one with the missing update and everything
will work.
3. You have duplicate versions of amazon-efs-utils installed already.
You can use "yum check" to get yum show these errors.
...you can also use --setopt=protected_multilib=false to remove
this checking, however this is almost never the correct thing to
do as something else is very likely to go wrong (often causing
much more problems).
Protected multilib versions: amazon-efs-utils-1.35.2-1.amzn2.noarch != amazon-efs-utils-2.1.0-1.amzn2.x86_64
- 原因はアップデート先のパッケージ(amazon-efs-utils 2.x)と、既存のパッケージ(amazon-efs-utils 1.x)のアーキテクチャが異なるからです。
- 確認のため、yum list –showduplicatesコマンドを使用して、amazon-efs-utils パッケージのバージョンをリストアップします。amazon-efs-utils 1.x はアーキテクチャが “noarch” でビルドされていますが、amazon-efs-utils 2.x はアーキテクチャが “x86_64” でビルドされています。
[ec2-user@niikawa-test-linux ~]$ yum list --showduplicates amazon-efs-utils Loaded plugins: extras_suggestions, langpacks, priorities, update-motd 66 packages excluded due to repository priority protections Installed Packages amazon-efs-utils.noarch 1.35.0-1.amzn2 @amzn2-core Available Packages amazon-efs-utils.noarch 1.0-1.amzn2 amzn2-core amazon-efs-utils.noarch 1.1-1.amzn2 amzn2-core amazon-efs-utils.noarch 1.2-1.amzn2 amzn2-core amazon-efs-utils.noarch 1.3-1.amzn2 amzn2-core amazon-efs-utils.noarch 1.4-1.amzn2 amzn2-core amazon-efs-utils.noarch 1.5-1.amzn2 amzn2-core amazon-efs-utils.noarch 1.6-1.amzn2 amzn2-core amazon-efs-utils.noarch 1.7-1.amzn2 amzn2-core amazon-efs-utils.noarch 1.10-1.amzn2 amzn2-core amazon-efs-utils.noarch 1.18-1.amzn2 amzn2-core amazon-efs-utils.noarch 1.21-2.amzn2 amzn2-core amazon-efs-utils.noarch 1.23-2.amzn2 amzn2-core amazon-efs-utils.noarch 1.24-2.amzn2 amzn2-core amazon-efs-utils.noarch 1.24-3.amzn2 amzn2-core amazon-efs-utils.noarch 1.24-4.amzn2 amzn2-core amazon-efs-utils.noarch 1.25-1.amzn2 amzn2-core amazon-efs-utils.noarch 1.25-2.amzn2 amzn2-core amazon-efs-utils.noarch 1.25-3.amzn2 amzn2-core amazon-efs-utils.noarch 1.26-2.amzn2 amzn2-core amazon-efs-utils.noarch 1.26-3.amzn2 amzn2-core amazon-efs-utils.noarch 1.27.1-1.amzn2 amzn2-core amazon-efs-utils.noarch 1.28.1-1.amzn2 amzn2-core amazon-efs-utils.noarch 1.28.2-1.amzn2 amzn2-core amazon-efs-utils.noarch 1.29.1-1.amzn2 amzn2-core amazon-efs-utils.noarch 1.30.1-1.amzn2 amzn2-core amazon-efs-utils.noarch 1.31.1-1.amzn2 amzn2-core amazon-efs-utils.noarch 1.31.2-1.amzn2 amzn2-core amazon-efs-utils.noarch 1.31.3-1.amzn2 amzn2-core amazon-efs-utils.noarch 1.32.1-1.amzn2 amzn2-core amazon-efs-utils.noarch 1.32.1-2.amzn2 amzn2-core amazon-efs-utils.noarch 1.33.1-1.amzn2 amzn2-core amazon-efs-utils.noarch 1.33.2-1.amzn2 amzn2-core amazon-efs-utils.noarch 1.33.3-1.amzn2 amzn2-core amazon-efs-utils.noarch 1.34.1-1.amzn2 amzn2-core amazon-efs-utils.noarch 1.34.4-1.amzn2 amzn2-core amazon-efs-utils.noarch 1.34.5-1.amzn2 amzn2-core amazon-efs-utils.noarch 1.35.0-1.amzn2 amzn2-core amazon-efs-utils.noarch 1.35.1-1.amzn2 amzn2-core amazon-efs-utils.noarch 1.35.2-1.amzn2 amzn2-core amazon-efs-utils.x86_64 2.0.0-1.amzn2 amzn2-core amazon-efs-utils.x86_64 2.0.1-1.amzn2 amzn2-core amazon-efs-utils.x86_64 2.0.2-1.amzn2 amzn2-core amazon-efs-utils.x86_64 2.0.3-1.amzn2 amzn2-core amazon-efs-utils.x86_64 2.0.4-1.amzn2 amzn2-core amazon-efs-utils.x86_64 2.1.0-1.amzn2 amzn2-core
amazon-efs-utils 1.x→2.x アップデート方法
- 前述の通り、amazon-efs-utils 1.x と2.x はパッケージのアーキテクチャが異なるため互換性がなく、アップデートができません。対処方法として、Amazon Linux では、既存のパッケージ(amazon-efs-utils 1.x)をアンインストールして、新たにamazon-efs-utils 2.x をインストールします。
- 補足として、amazon-efs-utils のconf ファイル(efs-utils.conf) が /etc/amazon/efs 配下に配置されています。アンインストールした場合も、旧パッケージのconf ファイルは残ります。conf ファイルの内容を確認し、新パッケージをインストール後、必要に応じて設定を変更ください。
[ec2-user@niikawa-test-linux efs]$ sudo yum remove amazon-efs-utils Loaded plugins: extras_suggestions, langpacks, priorities, update-motd Resolving Dependencies --> Running transaction check ---> Package amazon-efs-utils.noarch 0:1.35.0-1.amzn2 will be erased --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Removing: amazon-efs-utils noarch 1.35.0-1.amzn2 @amzn2-core 216 k Transaction Summary ================================================================================ Remove 1 Package Installed size: 216 k Is this ok [y/N]: y Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Erasing : amazon-efs-utils-1.35.0-1.amzn2.noarch 1/1 Verifying : amazon-efs-utils-1.35.0-1.amzn2.noarch 1/1 Removed: amazon-efs-utils.noarch 0:1.35.0-1.amzn2 Complete! [ec2-user@niikawa-test-linux efs]$ yum list installed | grep amazon-efs-utils [ec2-user@niikawa-test-linux efs]$ sudo yum install amazon-efs-utils Loaded plugins: extras_suggestions, langpacks, priorities, update-motd amzn2-core | 3.6 kB 00:00 66 packages excluded due to repository priority protections Resolving Dependencies --> Running transaction check ---> Package amazon-efs-utils.x86_64 0:2.1.0-1.amzn2 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: amazon-efs-utils x86_64 2.1.0-1.amzn2 amzn2-core 1.2 M Transaction Summary ================================================================================ Install 1 Package Total size: 1.2 M Installed size: 3.9 M Is this ok [y/d/N]: y Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : amazon-efs-utils-2.1.0-1.amzn2.x86_64 1/1 Verifying : amazon-efs-utils-2.1.0-1.amzn2.x86_64 1/1 Installed: amazon-efs-utils.x86_64 0:2.1.0-1.amzn2 Complete! [ec2-user@niikawa-test-linux efs]$ yum list installed | grep amazon-efs-utils amazon-efs-utils.x86_64 2.1.0-1.amzn2 @amzn2-core
- これで最新のamazon-efs-utils パッケージにアップデートができました!
参考資料
https://github.com/aws/efs-utils?tab=readme-ov-file#on-other-linux-distributions
