本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# 在中管理软件包和操作系统更新 AL2023
与之前版本的亚马逊 Linux 不同,它 AL2023 AMIs 被锁定到特定版本的亚马逊 Linux 存储库。要对 AL2023 实例应用安全修复和错误修复,请将DNF配置更新到最新的可用发行版本。或者,启动一个较新的 AL2023 实例。
本部分介绍如何在运行的实例上管理 DNF 软件包和存储库。另外,还将介绍如何根据用户数据脚本来配置 DNF,以在启动时启用最新可用的 Amazon Linux 存储库。有关更多信息,请参阅 [DNF 命令参考](https://dnf.readthedocs.io/en/latest/command_ref.html)。
建议应用新 AL2023版本中的*所有*可用更新。仅选择安全更新或仅特定更新应是例外而非规则。要列出哪些 [安全通告](alas.md) 与特定实例相关,请参阅 [列出适用的通告](listing-applicable-advisories.md)。有关安装*仅*与特定[通告](alas.md)相关的更新的信息,请参阅 [原地应用安全更新](security-inplace-update.md)。
**重要**
如果您想报告漏洞或对 Amazon 云服务或开源项目有安全疑虑,请使用 “[漏洞报告” 页面](https://www.amazonaws.cn/security/vulnerability-reporting/)与 Amazon 安全部门联系
**Topics**
+ [查看可用的软件包更新](#dnf-package-updates)
+ [使用 DNF 和存储库版本应用安全更新](#apply-security-updates)
+ [(安全)更新后自动重启服务](#automatic-restart-services)
+ [何时需要重启以应用安全更新?](#reboot)
+ [启动已启用最新存储库版本的实例](#launch-an-instance-repo-version)
+ [获取程序包支持信息](#dnf-support-info-plugin)
+ [使用 `dnf check-release-update` 检查较新的存储库版本](#dnf-repository-updates)
+ [添加、启用或禁用新存储库](#dnf-repo-addition)
+ [使用 cloud-init 添加存储库](#cloud-init-repo-update)
## 查看可用的软件包更新
您可以使用 `dnf check-update` 命令查看有关您的系统的任何更新。对于 AL2023,我们建议您在命令中添加该`--releasever=version-number`选项。
添加此选项后,DNF 还会查看有关更高版本的存储库的更新。例如,当您运行 `dnf check-update` 命令后,使用最新返回的版本作为 `version-number` 的值。
如果实例更新为使用存储库的最新版本,输出将包括所有要更新的程序包列表。
**注意**
如果您没有在 `dnf check-update` 命令中使用可选标志来指定发布版本,则只查看当前配置的存储库版本。这意味着不会查看存储库的更高版本中的软件包。
------
#### [ Updates in a specific version ]
在此示例中,我们将查看如果启动了一个 [2023.0.20230315](https://docs.amazonaws.cn/linux/al2023/release-notes/relnotes-2023.0.20230315.html) 发布的容器,在 [2023.1.20230628](https://docs.amazonaws.cn/linux/al2023/release-notes/relnotes-2023.1.20230628.html) 发布中有哪些更新可用。
**注意**
[此示例使用 [2023.0.20230315 和 2023.1.20230](https://docs.amazonaws.cn/linux/al2023/release-notes/relnotes-2023.0.20230315.html)[628](https://docs.amazonaws.cn/linux/al2023/release-notes/relnotes-2023.1.20230628.html) 版本,*它们不是*最新版本的最新版本。有关最新版本, AL2023请参阅包含最新安全更新的发行说明。AL2023 ](https://docs.amazonaws.cn/linux/al2023/release-notes/)
在此示例中,我们将从 [2023.0.20230315](https://docs.amazonaws.cn/linux/al2023/release-notes/relnotes-2023.0.20230315.html) 发布的容器映像开始。
首先,我们从容器注册表获取此容器映像。末尾的 `.0` 表示特定发布的映像版本;此映像版本通常为零。
```
$ docker pull public.ecr.aws/amazonlinux/amazonlinux:2023.0.20230315.0
2023.0.20230315.0: Pulling from amazonlinux/amazonlinux
b76f3b09316a: Pull complete
Digest: sha256:94e7183b0739140dbd5b639fb7600f0a2299cec5df8780c26d9cb409da5315a9
Status: Downloaded newer image for public.ecr.aws/amazonlinux/amazonlinux:2023.0.20230315.0
public.ecr.aws/amazonlinux/amazonlinux:2023.0.20230315.0
```
我们现在可以在容器内生成一个 shell,并从中检查更新。
```
$ docker run -it public.ecr.aws/amazonlinux/amazonlinux:2023.0.20230315.0
bash-5.2#
```
现在使用 `dnf check-update` 命令检查 [2023.1.20230628](https://docs.amazonaws.cn/linux/al2023/release-notes/relnotes-2023.1.20230628.html) 发布中可用的更新。
**注意**
应用程序包更新是一项特权操作。尽管在容器中运行时通常不需要提升特权,但如果在非容器化环境(例如 Amazon EC2 实例)中运行,您可以在不提升特权的情况下*检查*更新。
```
$ dnf check-update --releasever=2023.1.20230628
Amazon Linux 2023 repository 60 MB/s | 15 MB 00:00
Last metadata expiration check: 0:00:02 ago on Mon Jul 22 17:25:34 2024.
amazon-linux-repo-cdn.noarch 2023.1.20230628-0.amzn2023 amazonlinux
ca-certificates.noarch 2023.2.60-1.0.amzn2023.0.2 amazonlinux
curl-minimal.x86_64 8.0.1-1.amzn2023 amazonlinux
glib2.x86_64 2.74.7-688.amzn2023.0.1 amazonlinux
glibc.x86_64 2.34-52.amzn2023.0.3 amazonlinux
glibc-common.x86_64 2.34-52.amzn2023.0.3 amazonlinux
glibc-minimal-langpack.x86_64 2.34-52.amzn2023.0.3 amazonlinux
gnupg2-minimal.x86_64 2.3.7-1.amzn2023.0.4 amazonlinux
keyutils-libs.x86_64 1.6.3-1.amzn2023 amazonlinux
libcap.x86_64 2.48-2.amzn2023.0.3 amazonlinux
libcurl-minimal.x86_64 8.0.1-1.amzn2023 amazonlinux
libgcc.x86_64 11.3.1-4.amzn2023.0.3 amazonlinux
libgomp.x86_64 11.3.1-4.amzn2023.0.3 amazonlinux
libstdc++.x86_64 11.3.1-4.amzn2023.0.3 amazonlinux
libxml2.x86_64 2.10.4-1.amzn2023.0.1 amazonlinux
ncurses-base.noarch 6.2-4.20200222.amzn2023.0.4 amazonlinux
ncurses-libs.x86_64 6.2-4.20200222.amzn2023.0.4 amazonlinux
openssl-libs.x86_64 1:3.0.8-1.amzn2023.0.3 amazonlinux
python3-rpm.x86_64 4.16.1.3-12.amzn2023.0.6 amazonlinux
rpm.x86_64 4.16.1.3-12.amzn2023.0.6 amazonlinux
rpm-build-libs.x86_64 4.16.1.3-12.amzn2023.0.6 amazonlinux
rpm-libs.x86_64 4.16.1.3-12.amzn2023.0.6 amazonlinux
rpm-sign-libs.x86_64 4.16.1.3-12.amzn2023.0.6 amazonlinux
system-release.noarch 2023.1.20230628-0.amzn2023 amazonlinux
tzdata.noarch 2023c-1.amzn2023.0.1 amazonlinux
bash-5.2#
```
`system-release` 程序包的版本显示了 `dnf upgrade` 命令将更新到的发布,即 `dnf check-update --releasever=2023.1.20230628` 命令中请求的 [2023.1.20230628](https://docs.amazonaws.cn/linux/al2023/release-notes/relnotes-2023.1.20230628.html) 发布。
------
#### [ Updates in the latest version ]
在这个例子中,我们将看看 AL2023 如果我们启动了 [2023.4.20](https://docs.amazonaws.cn/linux/al2023/release-notes/relnotes-2023.4.20240319.html) 2403 `latest` 19 版本的容器,那么版本中有哪些可用的更新。在撰写本文时,`latest` 发布为 [2023.5.20240708](https://docs.amazonaws.cn/linux/al2023/release-notes/relnotes-2023.5.20240708.html),因此此示例中列出的更新将截至该发布。
**注意**
此示例使用 [2023.4.20240319](https://docs.amazonaws.cn/linux/al2023/release-notes/relnotes-2023.4.20240319.html) 和 [2023.5.20240708](https://docs.amazonaws.cn/linux/al2023/release-notes/relnotes-2023.5.20240708.html) 发布,后者是*在撰写本文时*的最新发布。有关最新版本的更多信息,请参阅[AL2023 发行说明](https://docs.amazonaws.cn/linux/al2023/release-notes/)。
在此示例中,我们将从 [2023.4.20240319](https://docs.amazonaws.cn/linux/al2023/release-notes/relnotes-2023.4.20240319.html) 发布的容器映像开始。
首先,我们从容器注册表获取此容器映像。末尾的 `.1` 表示特定发布的映像版本。虽然映像版本通常为零,但此示例使用的发布的映像版本为一。
```
$ docker pull public.ecr.aws/amazonlinux/amazonlinux:2023.4.20240319.1
2023.4.20240319.1: Pulling from amazonlinux/amazonlinux
6de065fda9a2: Pull complete
Digest: sha256:b4838c4cc9211d966b6ea158dacc9eda7433a16ba94436508c2d9f01f7658b4e
Status: Downloaded newer image for public.ecr.aws/amazonlinux/amazonlinux:2023.4.20240319.1
public.ecr.aws/amazonlinux/amazonlinux:2023.4.20240319.1
```
我们现在可以在容器内生成一个 shell,并从中检查更新。
```
$ docker run -it public.ecr.aws/amazonlinux/amazonlinux:2023.4.20240319.1
bash-5.2#
```
现在使用 `dnf check-update` 命令检查 `latest` 发布中可用的更新,该发布*在撰写本文时*为 [2023.5.20240708](https://docs.amazonaws.cn/linux/al2023/release-notes/relnotes-2023.5.20240708.html)。
**注意**
应用程序包更新是一项特权操作。尽管在容器中运行时通常不需要提升特权,但如果在非容器化环境(例如 Amazon EC2 实例)中运行,您可以在不提升特权的情况下*检查*更新。
```
$ dnf --releasever=latest check-update
Amazon Linux 2023 repository 78 MB/s | 25 MB 00:00
Last metadata expiration check: 0:00:04 ago on Mon Jul 22 17:39:13 2024.
amazon-linux-repo-cdn.noarch 2023.5.20240708-1.amzn2023 amazonlinux
curl-minimal.x86_64 8.5.0-1.amzn2023.0.4 amazonlinux
dnf.noarch 4.14.0-1.amzn2023.0.5 amazonlinux
dnf-data.noarch 4.14.0-1.amzn2023.0.5 amazonlinux
expat.x86_64 2.5.0-1.amzn2023.0.4 amazonlinux
glibc.x86_64 2.34-52.amzn2023.0.10 amazonlinux
glibc-common.x86_64 2.34-52.amzn2023.0.10 amazonlinux
glibc-minimal-langpack.x86_64 2.34-52.amzn2023.0.10 amazonlinux
krb5-libs.x86_64 1.21-3.amzn2023.0.4 amazonlinux
libblkid.x86_64 2.37.4-1.amzn2023.0.4 amazonlinux
libcurl-minimal.x86_64 8.5.0-1.amzn2023.0.4 amazonlinux
libmount.x86_64 2.37.4-1.amzn2023.0.4 amazonlinux
libnghttp2.x86_64 1.59.0-3.amzn2023.0.1 amazonlinux
libsmartcols.x86_64 2.37.4-1.amzn2023.0.4 amazonlinux
libuuid.x86_64 2.37.4-1.amzn2023.0.4 amazonlinux
openssl-libs.x86_64 1:3.0.8-1.amzn2023.0.12 amazonlinux
python3.x86_64 3.9.16-1.amzn2023.0.8 amazonlinux
python3-dnf.noarch 4.14.0-1.amzn2023.0.5 amazonlinux
python3-libs.x86_64 3.9.16-1.amzn2023.0.8 amazonlinux
system-release.noarch 2023.5.20240708-1.amzn2023 amazonlinux
yum.noarch 4.14.0-1.amzn2023.0.5 amazonlinux
bash-5.2#
```
`system-release` 程序包的版本显示了 `dnf upgrade` 命令将更新到的发布。
------
对于此命令,如果有更新的软件包可用,则返回码为 100。如果没有更新的软件包可用,则返回码为 0。此外,输出中还会列出所有要更新的软件包。
## 使用 DNF 和存储库版本应用安全更新
新的软件包更新和安全更新仅适用于新的存储库版本。对于从早期 AL2023 AMI 版本启动的实例,必须先更新存储库版本,然后才能安装安全更新。`dnf check-release-update` 命令包括一个示例更新命令,可将系统上安装的所有软件包更新为较新存储库中的版本。
**注意**
如果您没有在 `dnf check-update` 命令中使用可选标志来指定发布版本,则只查看当前配置的存储库版本。这意味着存储库任何后续版本中对已安装程序包的任何更新都不会被应用。
这部分涵盖推荐的升级路径,即应用所有可用更新,而不是挑选单个更新或仅标记为安全更新的更新。通过应用所有更新,现有实例将迁移至与启动更新的 AMI 相同的程序包集。这种一致性减少了整个实例集中程序包版本的差异。有关应用特定更新的更多信息,请参阅 [原地应用安全更新](security-inplace-update.md)。
------
#### [ Applying updates in a specific version ]
在此示例中,如果启动了一个 [2023.0.20230315](https://docs.amazonaws.cn/linux/al2023/release-notes/relnotes-2023.0.20230315.html) 发布的容器,我们将应用 [2023.1.20230628](https://docs.amazonaws.cn/linux/al2023/release-notes/relnotes-2023.1.20230628.html) 发布中可用的更新。
**注意**
[此示例使用 [2023.0.20230315 和 2023.1.20230](https://docs.amazonaws.cn/linux/al2023/release-notes/relnotes-2023.0.20230315.html)[628](https://docs.amazonaws.cn/linux/al2023/release-notes/relnotes-2023.1.20230628.html) 版本,*它们不是*最新版本的最新版本。有关最新版本, AL2023请参阅包含最新安全更新的发行说明。AL2023 ](https://docs.amazonaws.cn/linux/al2023/release-notes/)
在此示例中,我们将从 [2023.0.20230315](https://docs.amazonaws.cn/linux/al2023/release-notes/relnotes-2023.0.20230315.html) 发布的容器映像开始。
首先,我们从容器注册表获取此容器映像。末尾的 `.0` 表示特定发布的映像版本;此映像版本通常为零。
```
$ docker pull public.ecr.aws/amazonlinux/amazonlinux:2023.0.20230315.0
2023.0.20230315.0: Pulling from amazonlinux/amazonlinux
b76f3b09316a: Pull complete
Digest: sha256:94e7183b0739140dbd5b639fb7600f0a2299cec5df8780c26d9cb409da5315a9
Status: Downloaded newer image for public.ecr.aws/amazonlinux/amazonlinux:2023.0.20230315.0
public.ecr.aws/amazonlinux/amazonlinux:2023.0.20230315.0
```
我们现在可以在容器内生成一个 shell,并从中应用更新。
```
$ docker run -it public.ecr.aws/amazonlinux/amazonlinux:2023.0.20230315.0
bash-5.2#
```
现在使用 `dnf upgrade` 命令应用 [2023.1.20230628](https://docs.amazonaws.cn/linux/al2023/release-notes/relnotes-2023.1.20230628.html) 发布中包含的所有更新。
**注意**
应用程序包更新是一项特权操作。尽管在容器中运行时通常不需要提升特权,但如果在非容器化环境(例如 Amazon EC2 实例)中运行,您将需要以 `root` 用户身份运行 `dnf upgrade` 命令。这可以使用 `sudo` 或 `su` 命令来完成。
```
$ dnf upgrade --releasever=2023.1.20230628
Amazon Linux 2023 repository 38 MB/s | 15 MB 00:00
Last metadata expiration check: 0:00:02 ago on Mon Jul 22 17:49:08 2024.
Dependencies resolved.
=================================================================================
Package Arch Version Repository Size
=================================================================================
Upgrading:
amazon-linux-repo-cdn noarch 2023.1.20230628-0.amzn2023 amazonlinux 18 k
ca-certificates noarch 2023.2.60-1.0.amzn2023.0.2 amazonlinux 829 k
curl-minimal x86_64 8.0.1-1.amzn2023 amazonlinux 150 k
glib2 x86_64 2.74.7-688.amzn2023.0.1 amazonlinux 2.7 M
glibc x86_64 2.34-52.amzn2023.0.3 amazonlinux 1.9 M
glibc-common x86_64 2.34-52.amzn2023.0.3 amazonlinux 307 k
glibc-minimal-langpack x86_64 2.34-52.amzn2023.0.3 amazonlinux 35 k
gnupg2-minimal x86_64 2.3.7-1.amzn2023.0.4 amazonlinux 421 k
keyutils-libs x86_64 1.6.3-1.amzn2023 amazonlinux 33 k
libcap x86_64 2.48-2.amzn2023.0.3 amazonlinux 67 k
libcurl-minimal x86_64 8.0.1-1.amzn2023 amazonlinux 249 k
libgcc x86_64 11.3.1-4.amzn2023.0.3 amazonlinux 105 k
libgomp x86_64 11.3.1-4.amzn2023.0.3 amazonlinux 280 k
libstdc++ x86_64 11.3.1-4.amzn2023.0.3 amazonlinux 744 k
libxml2 x86_64 2.10.4-1.amzn2023.0.1 amazonlinux 706 k
ncurses-base noarch 6.2-4.20200222.amzn2023.0.4 amazonlinux 60 k
ncurses-libs x86_64 6.2-4.20200222.amzn2023.0.4 amazonlinux 328 k
openssl-libs x86_64 1:3.0.8-1.amzn2023.0.3 amazonlinux 2.2 M
python3-rpm x86_64 4.16.1.3-12.amzn2023.0.6 amazonlinux 88 k
rpm x86_64 4.16.1.3-12.amzn2023.0.6 amazonlinux 486 k
rpm-build-libs x86_64 4.16.1.3-12.amzn2023.0.6 amazonlinux 90 k
rpm-libs x86_64 4.16.1.3-12.amzn2023.0.6 amazonlinux 309 k
rpm-sign-libs x86_64 4.16.1.3-12.amzn2023.0.6 amazonlinux 21 k
system-release noarch 2023.1.20230628-0.amzn2023 amazonlinux 29 k
tzdata noarch 2023c-1.amzn2023.0.1 amazonlinux 433 k
Transaction Summary
=================================================================================
Upgrade 25 Packages
Total download size: 12 M
Is this ok [y/N]:
```
`system-release` 程序包的版本显示了 `dnf upgrade` 命令将更新到的发布,即 `dnf upgrade --releasever=2023.1.20230628` 命令中请求的 [2023.1.20230628](https://docs.amazonaws.cn/linux/al2023/release-notes/relnotes-2023.1.20230628.html) 发布。
默认情况下,`dnf` 会要求您确认是否希望应用更新。您可以通过使用 `dnf` 的 `-y` 标志来绕过此提示。在此示例中,`dnf upgrade -y --releasever=2023.1.20230628` 命令在应用更新前不会请求确认。这在脚本或其他自动化环境中非常有用。
一旦确认要应用更新,`dnf` 就会应用它们。
```
Is this ok [y/N]:y
Downloading Packages:
(1/25): libcap-2.48-2.amzn2023.0.3.x86_64.rpm 1.5 MB/s | 67 kB 00:00
(2/25): python3-rpm-4.16.1.3-12.amzn2023.0.6.x86 2.1 MB/s | 88 kB 00:00
(3/25): libcurl-minimal-8.0.1-1.amzn2023.x86_64. 2.6 MB/s | 249 kB 00:00
(4/25): glib2-2.74.7-688.amzn2023.0.1.x86_64.rpm 26 MB/s | 2.7 MB 00:00
(5/25): glibc-minimal-langpack-2.34-52.amzn2023. 1.3 MB/s | 35 kB 00:00
(6/25): rpm-build-libs-4.16.1.3-12.amzn2023.0.6. 2.8 MB/s | 90 kB 00:00
(7/25): rpm-libs-4.16.1.3-12.amzn2023.0.6.x86_64 6.6 MB/s | 309 kB 00:00
(8/25): libgcc-11.3.1-4.amzn2023.0.3.x86_64.rpm 3.9 MB/s | 105 kB 00:00
(9/25): glibc-common-2.34-52.amzn2023.0.3.x86_64 11 MB/s | 307 kB 00:00
(10/25): glibc-2.34-52.amzn2023.0.3.x86_64.rpm 31 MB/s | 1.9 MB 00:00
(11/25): rpm-sign-libs-4.16.1.3-12.amzn2023.0.6. 877 kB/s | 21 kB 00:00
(12/25): gnupg2-minimal-2.3.7-1.amzn2023.0.4.x86 15 MB/s | 421 kB 00:00
(13/25): openssl-libs-3.0.8-1.amzn2023.0.3.x86_6 35 MB/s | 2.2 MB 00:00
(14/25): libxml2-2.10.4-1.amzn2023.0.1.x86_64.rp 14 MB/s | 706 kB 00:00
(15/25): curl-minimal-8.0.1-1.amzn2023.x86_64.rp 4.2 MB/s | 150 kB 00:00
(16/25): rpm-4.16.1.3-12.amzn2023.0.6.x86_64.rpm 11 MB/s | 486 kB 00:00
(17/25): libgomp-11.3.1-4.amzn2023.0.3.x86_64.rp 7.0 MB/s | 280 kB 00:00
(18/25): libstdc++-11.3.1-4.amzn2023.0.3.x86_64. 14 MB/s | 744 kB 00:00
(19/25): keyutils-libs-1.6.3-1.amzn2023.x86_64.r 1.6 MB/s | 33 kB 00:00
(20/25): ncurses-libs-6.2-4.20200222.amzn2023.0. 10 MB/s | 328 kB 00:00
(21/25): tzdata-2023c-1.amzn2023.0.1.noarch.rpm 11 MB/s | 433 kB 00:00
(22/25): amazon-linux-repo-cdn-2023.1.20230628-0 781 kB/s | 18 kB 00:00
(23/25): ca-certificates-2023.2.60-1.0.amzn2023. 16 MB/s | 829 kB 00:00
(24/25): system-release-2023.1.20230628-0.amzn20 1.5 MB/s | 29 kB 00:00
(25/25): ncurses-base-6.2-4.20200222.amzn2023.0. 3.1 MB/s | 60 kB 00:00
---------------------------------------------------------------------------------
Total 28 MB/s | 12 MB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Upgrading : libgcc-11.3.1-4.amzn2023.0.3.x86_64 1/50
Running scriptlet: libgcc-11.3.1-4.amzn2023.0.3.x86_64 1/50
Upgrading : system-release-2023.1.20230628-0.amzn2023.noarch 2/50
Upgrading : amazon-linux-repo-cdn-2023.1.20230628-0.amzn2023.no 3/50
Upgrading : ncurses-base-6.2-4.20200222.amzn2023.0.4.noarch 4/50
Upgrading : tzdata-2023c-1.amzn2023.0.1.noarch 5/50
Upgrading : glibc-common-2.34-52.amzn2023.0.3.x86_64 6/50
Running scriptlet: glibc-2.34-52.amzn2023.0.3.x86_64 7/50
Upgrading : glibc-2.34-52.amzn2023.0.3.x86_64 7/50
Running scriptlet: glibc-2.34-52.amzn2023.0.3.x86_64 7/50
Upgrading : glibc-minimal-langpack-2.34-52.amzn2023.0.3.x86_64 8/50
Upgrading : libcap-2.48-2.amzn2023.0.3.x86_64 9/50
Upgrading : gnupg2-minimal-2.3.7-1.amzn2023.0.4.x86_64 10/50
Upgrading : libgomp-11.3.1-4.amzn2023.0.3.x86_64 11/50
Running scriptlet: ca-certificates-2023.2.60-1.0.amzn2023.0.2.noarch 12/50
Upgrading : ca-certificates-2023.2.60-1.0.amzn2023.0.2.noarch 12/50
Running scriptlet: ca-certificates-2023.2.60-1.0.amzn2023.0.2.noarch 12/50
Upgrading : openssl-libs-1:3.0.8-1.amzn2023.0.3.x86_64 13/50
Upgrading : libcurl-minimal-8.0.1-1.amzn2023.x86_64 14/50
Upgrading : curl-minimal-8.0.1-1.amzn2023.x86_64 15/50
Upgrading : rpm-libs-4.16.1.3-12.amzn2023.0.6.x86_64 16/50
Upgrading : rpm-4.16.1.3-12.amzn2023.0.6.x86_64 17/50
Upgrading : rpm-build-libs-4.16.1.3-12.amzn2023.0.6.x86_64 18/50
Upgrading : rpm-sign-libs-4.16.1.3-12.amzn2023.0.6.x86_64 19/50
Upgrading : python3-rpm-4.16.1.3-12.amzn2023.0.6.x86_64 20/50
Upgrading : glib2-2.74.7-688.amzn2023.0.1.x86_64 21/50
Upgrading : libxml2-2.10.4-1.amzn2023.0.1.x86_64 22/50
Upgrading : libstdc++-11.3.1-4.amzn2023.0.3.x86_64 23/50
Upgrading : keyutils-libs-1.6.3-1.amzn2023.x86_64 24/50
Upgrading : ncurses-libs-6.2-4.20200222.amzn2023.0.4.x86_64 25/50
Cleanup : glib2-2.73.2-680.amzn2023.0.3.x86_64 26/50
Cleanup : libstdc++-11.3.1-4.amzn2023.0.2.x86_64 27/50
Cleanup : libxml2-2.10.3-2.amzn2023.0.1.x86_64 28/50
Cleanup : python3-rpm-4.16.1.3-12.amzn2023.0.5.x86_64 29/50
Cleanup : rpm-build-libs-4.16.1.3-12.amzn2023.0.5.x86_64 30/50
Cleanup : rpm-sign-libs-4.16.1.3-12.amzn2023.0.5.x86_64 31/50
Cleanup : rpm-libs-4.16.1.3-12.amzn2023.0.5.x86_64 32/50
Cleanup : libcap-2.48-2.amzn2023.0.2.x86_64 33/50
Cleanup : gnupg2-minimal-2.3.7-1.amzn2023.0.3.x86_64 34/50
Cleanup : ncurses-libs-6.2-4.20200222.amzn2023.0.3.x86_64 35/50
Cleanup : libgomp-11.3.1-4.amzn2023.0.2.x86_64 36/50
Cleanup : rpm-4.16.1.3-12.amzn2023.0.5.x86_64 37/50
Cleanup : curl-minimal-7.88.1-1.amzn2023.0.1.x86_64 38/50
Cleanup : libcurl-minimal-7.88.1-1.amzn2023.0.1.x86_64 39/50
Cleanup : openssl-libs-1:3.0.8-1.amzn2023.0.1.x86_64 40/50
Cleanup : keyutils-libs-1.6.1-2.amzn2023.0.2.x86_64 41/50
Cleanup : amazon-linux-repo-cdn-2023.0.20230315-1.amzn2023.no 42/50
Cleanup : system-release-2023.0.20230315-1.amzn2023.noarch 43/50
Cleanup : ca-certificates-2023.2.60-1.0.amzn2023.0.1.noarch 44/50
Cleanup : ncurses-base-6.2-4.20200222.amzn2023.0.3.noarch 45/50
Cleanup : glibc-minimal-langpack-2.34-52.amzn2023.0.2.x86_64 46/50
Cleanup : glibc-2.34-52.amzn2023.0.2.x86_64 47/50
Cleanup : glibc-common-2.34-52.amzn2023.0.2.x86_64 48/50
Cleanup : tzdata-2022g-1.amzn2023.0.1.noarch 49/50
Cleanup : libgcc-11.3.1-4.amzn2023.0.2.x86_64 50/50
Running scriptlet: libgcc-11.3.1-4.amzn2023.0.2.x86_64 50/50
Running scriptlet: ca-certificates-2023.2.60-1.0.amzn2023.0.2.noarch 50/50
Running scriptlet: rpm-4.16.1.3-12.amzn2023.0.6.x86_64 50/50
Running scriptlet: libgcc-11.3.1-4.amzn2023.0.2.x86_64 50/50
Verifying : libcurl-minimal-8.0.1-1.amzn2023.x86_64 1/50
Verifying : libcurl-minimal-7.88.1-1.amzn2023.0.1.x86_64 2/50
Verifying : libcap-2.48-2.amzn2023.0.3.x86_64 3/50
Verifying : libcap-2.48-2.amzn2023.0.2.x86_64 4/50
Verifying : glib2-2.74.7-688.amzn2023.0.1.x86_64 5/50
Verifying : glib2-2.73.2-680.amzn2023.0.3.x86_64 6/50
Verifying : python3-rpm-4.16.1.3-12.amzn2023.0.6.x86_64 7/50
Verifying : python3-rpm-4.16.1.3-12.amzn2023.0.5.x86_64 8/50
Verifying : glibc-minimal-langpack-2.34-52.amzn2023.0.3.x86_64 9/50
Verifying : glibc-minimal-langpack-2.34-52.amzn2023.0.2.x86_64 10/50
Verifying : rpm-libs-4.16.1.3-12.amzn2023.0.6.x86_64 11/50
Verifying : rpm-libs-4.16.1.3-12.amzn2023.0.5.x86_64 12/50
Verifying : rpm-build-libs-4.16.1.3-12.amzn2023.0.6.x86_64 13/50
Verifying : rpm-build-libs-4.16.1.3-12.amzn2023.0.5.x86_64 14/50
Verifying : glibc-2.34-52.amzn2023.0.3.x86_64 15/50
Verifying : glibc-2.34-52.amzn2023.0.2.x86_64 16/50
Verifying : libgcc-11.3.1-4.amzn2023.0.3.x86_64 17/50
Verifying : libgcc-11.3.1-4.amzn2023.0.2.x86_64 18/50
Verifying : glibc-common-2.34-52.amzn2023.0.3.x86_64 19/50
Verifying : glibc-common-2.34-52.amzn2023.0.2.x86_64 20/50
Verifying : rpm-sign-libs-4.16.1.3-12.amzn2023.0.6.x86_64 21/50
Verifying : rpm-sign-libs-4.16.1.3-12.amzn2023.0.5.x86_64 22/50
Verifying : openssl-libs-1:3.0.8-1.amzn2023.0.3.x86_64 23/50
Verifying : openssl-libs-1:3.0.8-1.amzn2023.0.1.x86_64 24/50
Verifying : gnupg2-minimal-2.3.7-1.amzn2023.0.4.x86_64 25/50
Verifying : gnupg2-minimal-2.3.7-1.amzn2023.0.3.x86_64 26/50
Verifying : libxml2-2.10.4-1.amzn2023.0.1.x86_64 27/50
Verifying : libxml2-2.10.3-2.amzn2023.0.1.x86_64 28/50
Verifying : curl-minimal-8.0.1-1.amzn2023.x86_64 29/50
Verifying : curl-minimal-7.88.1-1.amzn2023.0.1.x86_64 30/50
Verifying : rpm-4.16.1.3-12.amzn2023.0.6.x86_64 31/50
Verifying : rpm-4.16.1.3-12.amzn2023.0.5.x86_64 32/50
Verifying : libstdc++-11.3.1-4.amzn2023.0.3.x86_64 33/50
Verifying : libstdc++-11.3.1-4.amzn2023.0.2.x86_64 34/50
Verifying : libgomp-11.3.1-4.amzn2023.0.3.x86_64 35/50
Verifying : libgomp-11.3.1-4.amzn2023.0.2.x86_64 36/50
Verifying : keyutils-libs-1.6.3-1.amzn2023.x86_64 37/50
Verifying : keyutils-libs-1.6.1-2.amzn2023.0.2.x86_64 38/50
Verifying : ncurses-libs-6.2-4.20200222.amzn2023.0.4.x86_64 39/50
Verifying : ncurses-libs-6.2-4.20200222.amzn2023.0.3.x86_64 40/50
Verifying : ca-certificates-2023.2.60-1.0.amzn2023.0.2.noarch 41/50
Verifying : ca-certificates-2023.2.60-1.0.amzn2023.0.1.noarch 42/50
Verifying : tzdata-2023c-1.amzn2023.0.1.noarch 43/50
Verifying : tzdata-2022g-1.amzn2023.0.1.noarch 44/50
Verifying : amazon-linux-repo-cdn-2023.1.20230628-0.amzn2023.no 45/50
Verifying : amazon-linux-repo-cdn-2023.0.20230315-1.amzn2023.no 46/50
Verifying : system-release-2023.1.20230628-0.amzn2023.noarch 47/50
Verifying : system-release-2023.0.20230315-1.amzn2023.noarch 48/50
Verifying : ncurses-base-6.2-4.20200222.amzn2023.0.4.noarch 49/50
Verifying : ncurses-base-6.2-4.20200222.amzn2023.0.3.noarch 50/50
Upgraded:
amazon-linux-repo-cdn-2023.1.20230628-0.amzn2023.noarch
ca-certificates-2023.2.60-1.0.amzn2023.0.2.noarch
curl-minimal-8.0.1-1.amzn2023.x86_64
glib2-2.74.7-688.amzn2023.0.1.x86_64
glibc-2.34-52.amzn2023.0.3.x86_64
glibc-common-2.34-52.amzn2023.0.3.x86_64
glibc-minimal-langpack-2.34-52.amzn2023.0.3.x86_64
gnupg2-minimal-2.3.7-1.amzn2023.0.4.x86_64
keyutils-libs-1.6.3-1.amzn2023.x86_64
libcap-2.48-2.amzn2023.0.3.x86_64
libcurl-minimal-8.0.1-1.amzn2023.x86_64
libgcc-11.3.1-4.amzn2023.0.3.x86_64
libgomp-11.3.1-4.amzn2023.0.3.x86_64
libstdc++-11.3.1-4.amzn2023.0.3.x86_64
libxml2-2.10.4-1.amzn2023.0.1.x86_64
ncurses-base-6.2-4.20200222.amzn2023.0.4.noarch
ncurses-libs-6.2-4.20200222.amzn2023.0.4.x86_64
openssl-libs-1:3.0.8-1.amzn2023.0.3.x86_64
python3-rpm-4.16.1.3-12.amzn2023.0.6.x86_64
rpm-4.16.1.3-12.amzn2023.0.6.x86_64
rpm-build-libs-4.16.1.3-12.amzn2023.0.6.x86_64
rpm-libs-4.16.1.3-12.amzn2023.0.6.x86_64
rpm-sign-libs-4.16.1.3-12.amzn2023.0.6.x86_64
system-release-2023.1.20230628-0.amzn2023.noarch
tzdata-2023c-1.amzn2023.0.1.noarch
Complete!
bash-5.2#
```
------
#### [ Updates in the latest version ]
在此示例中, AL2023 如果我们启动了 [2023.4.20](https://docs.amazonaws.cn/linux/al2023/release-notes/relnotes-2023.4.20240319.html) 2403 `latest` 19 版本的容器,我们将应用版本中可用的更新。在撰写本文时,`latest` 发布为 [2023.5.20240708](https://docs.amazonaws.cn/linux/al2023/release-notes/relnotes-2023.5.20240708.html),因此此示例中列出的更新将截至该发布。
**注意**
此示例使用 [2023.4.20240319](https://docs.amazonaws.cn/linux/al2023/release-notes/relnotes-2023.4.20240319.html) 和 [2023.5.20240708](https://docs.amazonaws.cn/linux/al2023/release-notes/relnotes-2023.5.20240708.html) 发布,后者是*在撰写本文时*的最新发布。有关最新版本的更多信息,请参阅[AL2023 发行说明](https://docs.amazonaws.cn/linux/al2023/release-notes/)。
在此示例中,我们将从 [2023.4.20240319](https://docs.amazonaws.cn/linux/al2023/release-notes/relnotes-2023.4.20240319.html) 发布的容器映像开始。
首先,我们从容器注册表获取此容器映像。末尾的 `.1` 表示特定发布的映像版本。虽然映像版本通常为零,但此示例使用的发布的映像版本为一。
```
$ docker pull public.ecr.aws/amazonlinux/amazonlinux:2023.4.20240319.1
2023.4.20240319.1: Pulling from amazonlinux/amazonlinux
6de065fda9a2: Pull complete
Digest: sha256:b4838c4cc9211d966b6ea158dacc9eda7433a16ba94436508c2d9f01f7658b4e
Status: Downloaded newer image for public.ecr.aws/amazonlinux/amazonlinux:2023.4.20240319.1
public.ecr.aws/amazonlinux/amazonlinux:2023.4.20240319.1
```
我们现在可以在容器内生成一个 shell,并从中应用更新。
```
$ docker run -it public.ecr.aws/amazonlinux/amazonlinux:2023.4.20240319.1
bash-5.2#
```
现在使用 `dnf upgrade` 命令应用 `latest` 发布中可用的更新,该发布*在撰写本文时*为 [2023.5.20240708](https://docs.amazonaws.cn/linux/al2023/release-notes/relnotes-2023.5.20240708.html)。
**注意**
应用程序包更新是一项特权操作。尽管在容器中运行时通常不需要提升特权,但如果在非容器化环境(例如 Amazon EC2 实例)中运行,您将需要以 `root` 用户身份运行 `dnf upgrade` 命令。这可以使用 `sudo` 或 `su` 命令来完成。
默认情况下,`dnf` 会要求您确认是否希望应用更新。在此示例中,我们通过使用 `dnf` 的 `-y` 标志来绕过此提示。
```
$ dnf -y --releasever=latest update
Amazon Linux 2023 repository 75 MB/s | 25 MB 00:00
Last metadata expiration check: 0:00:04 ago on Mon Jul 22 18:00:10 2024.
Dependencies resolved.
=================================================================================
Package Arch Version Repository Size
=================================================================================
Upgrading:
amazon-linux-repo-cdn noarch 2023.5.20240708-1.amzn2023 amazonlinux 17 k
curl-minimal x86_64 8.5.0-1.amzn2023.0.4 amazonlinux 160 k
dnf noarch 4.14.0-1.amzn2023.0.5 amazonlinux 460 k
dnf-data noarch 4.14.0-1.amzn2023.0.5 amazonlinux 34 k
expat x86_64 2.5.0-1.amzn2023.0.4 amazonlinux 117 k
glibc x86_64 2.34-52.amzn2023.0.10 amazonlinux 1.9 M
glibc-common x86_64 2.34-52.amzn2023.0.10 amazonlinux 295 k
glibc-minimal-langpack x86_64 2.34-52.amzn2023.0.10 amazonlinux 23 k
krb5-libs x86_64 1.21-3.amzn2023.0.4 amazonlinux 758 k
libblkid x86_64 2.37.4-1.amzn2023.0.4 amazonlinux 105 k
libcurl-minimal x86_64 8.5.0-1.amzn2023.0.4 amazonlinux 275 k
libmount x86_64 2.37.4-1.amzn2023.0.4 amazonlinux 132 k
libnghttp2 x86_64 1.59.0-3.amzn2023.0.1 amazonlinux 79 k
libsmartcols x86_64 2.37.4-1.amzn2023.0.4 amazonlinux 62 k
libuuid x86_64 2.37.4-1.amzn2023.0.4 amazonlinux 26 k
openssl-libs x86_64 1:3.0.8-1.amzn2023.0.12 amazonlinux 2.2 M
python3 x86_64 3.9.16-1.amzn2023.0.8 amazonlinux 27 k
python3-dnf noarch 4.14.0-1.amzn2023.0.5 amazonlinux 409 k
python3-libs x86_64 3.9.16-1.amzn2023.0.8 amazonlinux 7.3 M
system-release noarch 2023.5.20240708-1.amzn2023 amazonlinux 28 k
yum noarch 4.14.0-1.amzn2023.0.5 amazonlinux 32 k
Transaction Summary
=================================================================================
Upgrade 21 Packages
Total download size: 14 M
Downloading Packages:
(1/21): amazon-linux-repo-cdn-2023.5.20240708-1. 345 kB/s | 17 kB 00:00
(2/21): dnf-4.14.0-1.amzn2023.0.5.noarch.rpm 6.8 MB/s | 460 kB 00:00
(3/21): dnf-data-4.14.0-1.amzn2023.0.5.noarch.rp 1.6 MB/s | 34 kB 00:00
(4/21): expat-2.5.0-1.amzn2023.0.4.x86_64.rpm 4.6 MB/s | 117 kB 00:00
(5/21): glibc-2.34-52.amzn2023.0.10.x86_64.rpm 38 MB/s | 1.9 MB 00:00
(6/21): glibc-common-2.34-52.amzn2023.0.10.x86_6 8.8 MB/s | 295 kB 00:00
(7/21): glibc-minimal-langpack-2.34-52.amzn2023. 1.7 MB/s | 23 kB 00:00
(8/21): curl-minimal-8.5.0-1.amzn2023.0.4.x86_64 998 kB/s | 160 kB 00:00
(9/21): libblkid-2.37.4-1.amzn2023.0.4.x86_64.rp 4.1 MB/s | 105 kB 00:00
(10/21): krb5-libs-1.21-3.amzn2023.0.4.x86_64.rp 16 MB/s | 758 kB 00:00
(11/21): libmount-2.37.4-1.amzn2023.0.4.x86_64.r 7.9 MB/s | 132 kB 00:00
(12/21): libnghttp2-1.59.0-3.amzn2023.0.1.x86_64 5.6 MB/s | 79 kB 00:00
(13/21): libsmartcols-2.37.4-1.amzn2023.0.4.x86_ 4.4 MB/s | 62 kB 00:00
(14/21): libcurl-minimal-8.5.0-1.amzn2023.0.4.x8 7.1 MB/s | 275 kB 00:00
(15/21): libuuid-2.37.4-1.amzn2023.0.4.x86_64.rp 1.1 MB/s | 26 kB 00:00
(16/21): python3-3.9.16-1.amzn2023.0.8.x86_64.rp 1.5 MB/s | 27 kB 00:00
(17/21): python3-dnf-4.14.0-1.amzn2023.0.5.noarc 19 MB/s | 409 kB 00:00
(18/21): system-release-2023.5.20240708-1.amzn20 1.9 MB/s | 28 kB 00:00
(19/21): yum-4.14.0-1.amzn2023.0.5.noarch.rpm 1.6 MB/s | 32 kB 00:00
(20/21): openssl-libs-3.0.8-1.amzn2023.0.12.x86_ 26 MB/s | 2.2 MB 00:00
(21/21): python3-libs-3.9.16-1.amzn2023.0.8.x86_ 59 MB/s | 7.3 MB 00:00
---------------------------------------------------------------------------------
Total 34 MB/s | 14 MB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Upgrading : glibc-common-2.34-52.amzn2023.0.10.x86_64 1/42
Upgrading : glibc-minimal-langpack-2.34-52.amzn2023.0.10.x86_64 2/42
Running scriptlet: glibc-2.34-52.amzn2023.0.10.x86_64 3/42
Upgrading : glibc-2.34-52.amzn2023.0.10.x86_64 3/42
Running scriptlet: glibc-2.34-52.amzn2023.0.10.x86_64 3/42
Upgrading : libuuid-2.37.4-1.amzn2023.0.4.x86_64 4/42
Upgrading : openssl-libs-1:3.0.8-1.amzn2023.0.12.x86_64 5/42
Upgrading : krb5-libs-1.21-3.amzn2023.0.4.x86_64 6/42
Upgrading : libblkid-2.37.4-1.amzn2023.0.4.x86_64 7/42
Running scriptlet: libblkid-2.37.4-1.amzn2023.0.4.x86_64 7/42
Upgrading : expat-2.5.0-1.amzn2023.0.4.x86_64 8/42
Upgrading : python3-3.9.16-1.amzn2023.0.8.x86_64 9/42
Upgrading : python3-libs-3.9.16-1.amzn2023.0.8.x86_64 10/42
Upgrading : libnghttp2-1.59.0-3.amzn2023.0.1.x86_64 11/42
Upgrading : libcurl-minimal-8.5.0-1.amzn2023.0.4.x86_64 12/42
Upgrading : system-release-2023.5.20240708-1.amzn2023.noarch 13/42
Upgrading : amazon-linux-repo-cdn-2023.5.20240708-1.amzn2023.no 14/42
Upgrading : dnf-data-4.14.0-1.amzn2023.0.5.noarch 15/42
Upgrading : python3-dnf-4.14.0-1.amzn2023.0.5.noarch 16/42
Upgrading : dnf-4.14.0-1.amzn2023.0.5.noarch 17/42
Running scriptlet: dnf-4.14.0-1.amzn2023.0.5.noarch 17/42
Upgrading : yum-4.14.0-1.amzn2023.0.5.noarch 18/42
Upgrading : curl-minimal-8.5.0-1.amzn2023.0.4.x86_64 19/42
Upgrading : libmount-2.37.4-1.amzn2023.0.4.x86_64 20/42
Upgrading : libsmartcols-2.37.4-1.amzn2023.0.4.x86_64 21/42
Cleanup : yum-4.14.0-1.amzn2023.0.4.noarch 22/42
Running scriptlet: dnf-4.14.0-1.amzn2023.0.4.noarch 23/42
Cleanup : dnf-4.14.0-1.amzn2023.0.4.noarch 23/42
Running scriptlet: dnf-4.14.0-1.amzn2023.0.4.noarch 23/42
Cleanup : python3-dnf-4.14.0-1.amzn2023.0.4.noarch 24/42
Cleanup : amazon-linux-repo-cdn-2023.4.20240319-1.amzn2023.no 25/42
Cleanup : libmount-2.37.4-1.amzn2023.0.3.x86_64 26/42
Cleanup : curl-minimal-8.5.0-1.amzn2023.0.2.x86_64 27/42
Cleanup : libcurl-minimal-8.5.0-1.amzn2023.0.2.x86_64 28/42
Cleanup : krb5-libs-1.21-3.amzn2023.0.3.x86_64 29/42
Cleanup : libblkid-2.37.4-1.amzn2023.0.3.x86_64 30/42
Cleanup : libnghttp2-1.57.0-1.amzn2023.0.1.x86_64 31/42
Cleanup : libsmartcols-2.37.4-1.amzn2023.0.3.x86_64 32/42
Cleanup : system-release-2023.4.20240319-1.amzn2023.noarch 33/42
Cleanup : dnf-data-4.14.0-1.amzn2023.0.4.noarch 34/42
Cleanup : python3-3.9.16-1.amzn2023.0.6.x86_64 35/42
Cleanup : python3-libs-3.9.16-1.amzn2023.0.6.x86_64 36/42
Cleanup : openssl-libs-1:3.0.8-1.amzn2023.0.11.x86_64 37/42
Cleanup : libuuid-2.37.4-1.amzn2023.0.3.x86_64 38/42
Cleanup : expat-2.5.0-1.amzn2023.0.3.x86_64 39/42
Cleanup : glibc-2.34-52.amzn2023.0.8.x86_64 40/42
Cleanup : glibc-minimal-langpack-2.34-52.amzn2023.0.8.x86_64 41/42
Cleanup : glibc-common-2.34-52.amzn2023.0.8.x86_64 42/42
Running scriptlet: glibc-common-2.34-52.amzn2023.0.8.x86_64 42/42
Verifying : amazon-linux-repo-cdn-2023.5.20240708-1.amzn2023.no 1/42
Verifying : amazon-linux-repo-cdn-2023.4.20240319-1.amzn2023.no 2/42
Verifying : curl-minimal-8.5.0-1.amzn2023.0.4.x86_64 3/42
Verifying : curl-minimal-8.5.0-1.amzn2023.0.2.x86_64 4/42
Verifying : dnf-4.14.0-1.amzn2023.0.5.noarch 5/42
Verifying : dnf-4.14.0-1.amzn2023.0.4.noarch 6/42
Verifying : dnf-data-4.14.0-1.amzn2023.0.5.noarch 7/42
Verifying : dnf-data-4.14.0-1.amzn2023.0.4.noarch 8/42
Verifying : expat-2.5.0-1.amzn2023.0.4.x86_64 9/42
Verifying : expat-2.5.0-1.amzn2023.0.3.x86_64 10/42
Verifying : glibc-2.34-52.amzn2023.0.10.x86_64 11/42
Verifying : glibc-2.34-52.amzn2023.0.8.x86_64 12/42
Verifying : glibc-common-2.34-52.amzn2023.0.10.x86_64 13/42
Verifying : glibc-common-2.34-52.amzn2023.0.8.x86_64 14/42
Verifying : glibc-minimal-langpack-2.34-52.amzn2023.0.10.x86_64 15/42
Verifying : glibc-minimal-langpack-2.34-52.amzn2023.0.8.x86_64 16/42
Verifying : krb5-libs-1.21-3.amzn2023.0.4.x86_64 17/42
Verifying : krb5-libs-1.21-3.amzn2023.0.3.x86_64 18/42
Verifying : libblkid-2.37.4-1.amzn2023.0.4.x86_64 19/42
Verifying : libblkid-2.37.4-1.amzn2023.0.3.x86_64 20/42
Verifying : libcurl-minimal-8.5.0-1.amzn2023.0.4.x86_64 21/42
Verifying : libcurl-minimal-8.5.0-1.amzn2023.0.2.x86_64 22/42
Verifying : libmount-2.37.4-1.amzn2023.0.4.x86_64 23/42
Verifying : libmount-2.37.4-1.amzn2023.0.3.x86_64 24/42
Verifying : libnghttp2-1.59.0-3.amzn2023.0.1.x86_64 25/42
Verifying : libnghttp2-1.57.0-1.amzn2023.0.1.x86_64 26/42
Verifying : libsmartcols-2.37.4-1.amzn2023.0.4.x86_64 27/42
Verifying : libsmartcols-2.37.4-1.amzn2023.0.3.x86_64 28/42
Verifying : libuuid-2.37.4-1.amzn2023.0.4.x86_64 29/42
Verifying : libuuid-2.37.4-1.amzn2023.0.3.x86_64 30/42
Verifying : openssl-libs-1:3.0.8-1.amzn2023.0.12.x86_64 31/42
Verifying : openssl-libs-1:3.0.8-1.amzn2023.0.11.x86_64 32/42
Verifying : python3-3.9.16-1.amzn2023.0.8.x86_64 33/42
Verifying : python3-3.9.16-1.amzn2023.0.6.x86_64 34/42
Verifying : python3-dnf-4.14.0-1.amzn2023.0.5.noarch 35/42
Verifying : python3-dnf-4.14.0-1.amzn2023.0.4.noarch 36/42
Verifying : python3-libs-3.9.16-1.amzn2023.0.8.x86_64 37/42
Verifying : python3-libs-3.9.16-1.amzn2023.0.6.x86_64 38/42
Verifying : system-release-2023.5.20240708-1.amzn2023.noarch 39/42
Verifying : system-release-2023.4.20240319-1.amzn2023.noarch 40/42
Verifying : yum-4.14.0-1.amzn2023.0.5.noarch 41/42
Verifying : yum-4.14.0-1.amzn2023.0.4.noarch 42/42
Upgraded:
amazon-linux-repo-cdn-2023.5.20240708-1.amzn2023.noarch
curl-minimal-8.5.0-1.amzn2023.0.4.x86_64
dnf-4.14.0-1.amzn2023.0.5.noarch
dnf-data-4.14.0-1.amzn2023.0.5.noarch
expat-2.5.0-1.amzn2023.0.4.x86_64
glibc-2.34-52.amzn2023.0.10.x86_64
glibc-common-2.34-52.amzn2023.0.10.x86_64
glibc-minimal-langpack-2.34-52.amzn2023.0.10.x86_64
krb5-libs-1.21-3.amzn2023.0.4.x86_64
libblkid-2.37.4-1.amzn2023.0.4.x86_64
libcurl-minimal-8.5.0-1.amzn2023.0.4.x86_64
libmount-2.37.4-1.amzn2023.0.4.x86_64
libnghttp2-1.59.0-3.amzn2023.0.1.x86_64
libsmartcols-2.37.4-1.amzn2023.0.4.x86_64
libuuid-2.37.4-1.amzn2023.0.4.x86_64
openssl-libs-1:3.0.8-1.amzn2023.0.12.x86_64
python3-3.9.16-1.amzn2023.0.8.x86_64
python3-dnf-4.14.0-1.amzn2023.0.5.noarch
python3-libs-3.9.16-1.amzn2023.0.8.x86_64
system-release-2023.5.20240708-1.amzn2023.noarch
yum-4.14.0-1.amzn2023.0.5.noarch
Complete!
bash-5.2#
```
------
要发现 AL2023 更新,请执行以下一项或多项操作:
+ 运行 `dnf check-update` 命令。这将检查您锁定的 Amazon Linux 版本中任何未应用的更新。如果您仅更新了 `system-release` 程序包,改变了实例锁定的存储库版本但未应用其中的任何可用更新,则仍可能会显示更新。
+ 订阅 Amazon Linux 存储库更新 SNS 主题 (`arn:aws:sns:us-east-1:137112412989:amazon-linux-2023-ami-updates`)。有关更多信息,请参阅《Amazon Simple Notification Service 开发人员指南》**中的[订阅 Amazon SNS 主题](https://docs.amazonaws.cn/sns/latest/dg/sns-create-subscribe-endpoint-to-topic.html)。
+ 定期参阅[AL2023发行说明](https://docs.amazonaws.cn/linux/al2023/release-notes/relnotes.html)。
+ 通过 [使用 `dnf check-release-update` 检查较新的存储库版本](#dnf-repository-updates) 发现新版本。
**重要**
AL2023 包含安全更新的新版本经常发布。请务必及时了解相关的安全补丁。
## (安全)更新后自动重启服务
Amazon Linux 现在随附 [smart-restart](https://github.com/amazonlinux/smart-restart) 程序包。`Smart-restart` 在使用系统程序包管理器安装或删除程序包时,会在系统更新后重启 systemd 服务。这在每次执行 `dnf (update|upgrade|downgrade)` 时都会发生。
`Smart-restart` 使用来自 `dnf-utils` 的 `needs-restarting` 程序包和自定义拒绝列表机制来确定需要重启哪些服务以及是否建议系统重启。如果建议系统重启,则会生成一个重启提示标记文件(`/run/smart-restart/reboot-hint-marker`)。
**要安装 `smart-restart`,请执行以下操作**
运行以下 DNF 命令(就像处理任何其他程序包一样)。
```
$ sudo dnf install smart-restart
```
安装后,后续的事务将触发 `smart-restart` 逻辑。
**拒绝列表**
可以指示 `Smart-restart` 阻止重启某些服务。被阻止的服务将不会影响是否需要重启的决定。要阻止其他服务,请按以下示例所示,在 `/etc/smart-restart-conf.d/` 中添加一个后缀为 `-denylist` 的文件。
```
$ cat /etc/smart-restart-conf.d/custom-denylist
# Some comments
myservice.service
```
**注意**
在决定是否需要重启时,所有 `*-denylist` 文件都会被读取和评估。
**自定义钩子**
除了拒绝列表,`smart-restart` 还提供了一种机制,在尝试重启服务之前和之后运行自定义脚本。自定义脚本可用于手动执行准备步骤,或通知其他组件重启是否剩余或已完成。
所有在 `/etc/smart-restart-conf.d/` 中带有后缀 `-pre-restart` 或 `-post-restart` 的脚本都会被执行。如果顺序重要,请为所有脚本添加数字前缀以确保执行顺序,如下例所示。
```
$ ls /etc/smart-restart-conf.d/*-pre-restart
001-my-script-pre-restart
002-some-other-script-pre-restart
```
## 何时需要重启以应用安全更新?
在某些情况下,Amazon Linux 需要重启以应用更新:
+ Linux 内核程序包的更新需要重启以激活带有最新安全更新的新内核。内核实时修补可能允许您在有限时间内推迟安全更新。有关详细信息,请参阅 [AL2023 上的内核实时修补](live-patching.md)。
+ 在 EC2 Metal 实例上,Amazon Linux 提供微码更新(通过英特尔的`microcode_ctl`软件`amd-ucode-firmware`包 CPUs 和 AMD CPU 的软件包)。这些微码更新只会在后续实例重启时激活。对于虚拟化 EC2 实例,底层的 [Amazon Nitro 系统](https://docs.amazonaws.cn/whitepapers/latest/security-design-of-aws-nitro-system/security-design-of-aws-nitro-system.html)会为您处理微码更新。
+ 一些正在运行的 systemd 服务只有在系统完全重启后才能正常工作。`smart-restart` 机制将通过显示重启提示来通知您此类情况。请参阅[(安全)更新后自动重启服务](#automatic-restart-services)。
## 启动已启用最新存储库版本的实例
您可以在用户数据脚本中添加 DNF 命令,以控制当 Amazon Linux AMI 启动时,其上可以安装哪些 RPM 软件包。在以下示例中,使用用户数据脚本来确保通过其启动的任何实例都安装了同样的软件包更新。
```
#!/bin/bash
dnf upgrade --releasever=2023.0.20230210
# Additional setup and install commands below
dnf install httpd php7.4 mysql80
```
您必须以超级用户(根用户)的身份来运行此脚本。为此,请运行以下命令。
```
$ sudo sh -c "bash nameofscript.sh"
```
有关更多信息,请参阅*《Amazon EC2 用户指南》*中的[用户数据和 shell 脚本](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/user-data.html#user-data-shell-scripts)。
**注意**
您也可以不使用用户数据脚本,而是启动最新的 Amazon Linux AMI 或基于 Amazon Linux AMI 的自定义 AMI。最新的 Amazon Linux AMI 已安装了所有必要的更新,并且被配置为指向特定的存储库版本。
## 获取程序包支持信息
AL2023 包含许多不同的开源软件项目。这些项目中的每一个都独立于 Amazon Linux 进行管理,并且有不同的发布和 end-of-support时间表。为了向您提供有关这些不同软件包的 Amazon Linux 特定信息,DNF `supportinfo` 插件提供了软件包的元数据。在以下示例中,**dnf supportinfo** 命令返回 `glibc` 软件包的元数据。
```
$ sudo dnf supportinfo --pkg glibc
Last metadata expiration check: 0:07:56 ago on Wed Mar 1 23:21:49 2023.
Name : glibc
Version : 2.34-52.amzn2023.0.2
State : installed
Support Status : supported
Support Periods : from 2023-03-15 : supported
: from 2028-03-15 : unsupported
Support Statement : Amazon Linux 2023 End Of Life
Link : https://aws.amazon.com/amazon-linux-ami/faqs/
Other Info : This is the support statement for AL2023. The
...: end of life of Amazon Linux 2023 would be March 2028.
...: From this point, the Amazon Linux 2023 packages (listed
...: below) will no longer, receive any updates from AWS.
```
Package 支持信息也可以在[AL2023 发行说明](https://docs.amazonaws.cn/linux/al2023/release-notes/)的[支持声明](https://docs.amazonaws.cn/linux/al2023/release-notes/support-info-by-support-statement.html)部分中找到。
## 使用 `dnf check-release-update` 检查较新的存储库版本
在 AL2023 实例中,您可以使用该DNF实用程序来管理存储库和应用更新的RPM软件包。可以从 Amazon Linux 存储库获得这些软件包。您可以使用 DNF 命令 `dnf check-release-update` 来查看 DNF 存储库的新版本。
**注意**
AL2023 默认情况下,容器镜像不包含该`dnf check-release-update`命令。
```
$ dnf check-release-update
No such command: check-release-update. Please use /usr/bin/dnf --help
It could be a DNF plugin command, try: "dnf install 'dnf-command(check-release-update)'"
```
当运行 `dnf install 'dnf-command(check-release-update)'` 时,`dnf` 将安装提供 `check-release-update` 命令的程序包,即 `dnf-plugin-release-notification` 程序包。在以下示例中,向 `dnf` 提供了 `-q` 参数以使其具有静默输出。
```
$ dnf -y -q install 'dnf-command(check-release-update)'
Installed:
dnf-plugin-release-notification-1.2-1.amzn2023.0.2.noarch
```
在非容器化环境(例如 Amazon EC2 实例)中,默认包含 `check-release-update` 命令。
```
$ sudo dnf check-release-update
WARNING:
A newer release of "Amazon Linux" is available.
Available Versions:
Version 2023.0.20230210:
Run the following command to update to 2023.0.20230210:
dnf upgrade --releasever=2023.0.20230210
Release notes:
https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes.html
```
这将返回所有可用的 DNF 存储库的更新版本的完整列表。如果未返回任何内容,则说明 DNF 当前已配置为使用最新的可用版本。当前安装的 `system-release` 软件包版本设置 `releasever` DNF 变量。要查看当前存储库版本,请运行以下命令。
```
$ rpm -q system-release --qf "%{VERSION}\n"
```
当您运行 DNF 软件包事务(例如安装、更新或删除命令)时,会出现一条警告消息,告知您有任何新的存储库版本。例如,如果您将`httpd`软件包安装在从旧版本启动的实例上 AL2023,则会返回以下输出。
```
$ sudo dnf install httpd -y
Last metadata expiration check: 0:16:52 ago on Wed Mar 1 23:21:49 2023.
Dependencies resolved.
====================================================================
Package Arch Version Repository Size
====================================================================
Installing:
httpd x86_64 2.4.54-3.amzn2023.0.4 amazonlinux 46 k
Installing dependencies:
apr x86_64 1.7.2-2.amzn2023.0.2 amazonlinux 129 k
apr-util x86_64 1.6.3-1.amzn2023.0.1 amazonlinux 98 k
generic-logos-httpd
noarch 18.0.0-12.amzn2023.0.3 amazonlinux 19 k
httpd-core x86_64 2.4.54-3.amzn2023.0.4 amazonlinux 1.3 M
httpd-filesystem noarch 2.4.54-3.amzn2023.0.4 amazonlinux 13 k
httpd-tools x86_64 2.4.54-3.amzn2023.0.4 amazonlinux 80 k
libbrotli x86_64 1.0.9-4.amzn2023.0.2 amazonlinux 315 k
mailcap noarch 2.1.49-3.amzn2023.0.3 amazonlinux 33 k
Installing weak dependencies:
apr-util-openssl x86_64 1.6.3-1.amzn2023.0.1 amazonlinux 17 k
mod_http2 x86_64 1.15.24-1.amzn2023.0.3 amazonlinux 152 k
mod_lua x86_64 2.4.54-3.amzn2023.0.4 amazonlinux 60 k
Transaction Summary
====================================================================
Install 12 Packages
Total download size: 2.3 M
Installed size: 6.8 M
Downloading Packages:
(1/12): apr-util-openssl-1.6.3-1.am 212 kB/s | 17 kB 00:00
(2/12): apr-1.7.2-2.amzn2023.0.2.x8 1.1 MB/s | 129 kB 00:00
(3/12): httpd-core-2.4.54-3.amzn202 8.9 MB/s | 1.3 MB 00:00
(4/12): mod_http2-1.15.24-1.amzn202 1.9 MB/s | 152 kB 00:00
(5/12): apr-util-1.6.3-1.amzn2023.0 1.7 MB/s | 98 kB 00:00
(6/12): mod_lua-2.4.54-3.amzn2023.0 1.4 MB/s | 60 kB 00:00
(7/12): httpd-2.4.54-3.amzn2023.0.4 1.5 MB/s | 46 kB 00:00
(8/12): libbrotli-1.0.9-4.amzn2023. 4.4 MB/s | 315 kB 00:00
(9/12): mailcap-2.1.49-3.amzn2023.0 753 kB/s | 33 kB 00:00
(10/12): httpd-tools-2.4.54-3.amzn2 978 kB/s | 80 kB 00:00
(11/12): httpd-filesystem-2.4.54-3. 210 kB/s | 13 kB 00:00
(12/12): generic-logos-httpd-18.0.0 439 kB/s | 19 kB 00:00
--------------------------------------------------------------------
Total 6.6 MB/s | 2.3 MB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : apr-1.7.2-2.amzn2023.0.2.x86_64 1/12
Installing : apr-util-openssl-1.6.3-1.amzn2023.0.1. 2/12
Installing : apr-util-1.6.3-1.amzn2023.0.1.x86_64 3/12
Installing : mailcap-2.1.49-3.amzn2023.0.3.noarch 4/12
Installing : httpd-tools-2.4.54-3.amzn2023.0.4.x86_ 5/12
Installing : generic-logos-httpd-18.0.0-12.amzn2023 6/12
Running scriptlet: httpd-filesystem-2.4.54-3.amzn2023.0.4 7/12
Installing : httpd-filesystem-2.4.54-3.amzn2023.0.4 7/12
Installing : httpd-core-2.4.54-3.amzn2023.0.4.x86_6 8/12
Installing : mod_http2-1.15.24-1.amzn2023.0.3.x86_6 9/12
Installing : libbrotli-1.0.9-4.amzn2023.0.2.x86_64 10/12
Installing : mod_lua-2.4.54-3.amzn2023.0.4.x86_64 11/12
Installing : httpd-2.4.54-3.amzn2023.0.4.x86_64 12/12
Running scriptlet: httpd-2.4.54-3.amzn2023.0.4.x86_64 12/12
Verifying : apr-1.7.2-2.amzn2023.0.2.x86_64 1/12
Verifying : apr-util-openssl-1.6.3-1.amzn2023.0.1. 2/12
Verifying : httpd-core-2.4.54-3.amzn2023.0.4.x86_6 3/12
Verifying : mod_http2-1.15.24-1.amzn2023.0.3.x86_6 4/12
Verifying : apr-util-1.6.3-1.amzn2023.0.1.x86_64 5/12
Verifying : mod_lua-2.4.54-3.amzn2023.0.4.x86_64 6/12
Verifying : libbrotli-1.0.9-4.amzn2023.0.2.x86_64 7/12
Verifying : httpd-2.4.54-3.amzn2023.0.4.x86_64 8/12
Verifying : httpd-tools-2.4.54-3.amzn2023.0.4.x86_ 9/12
Verifying : mailcap-2.1.49-3.amzn2023.0.3.noarch 10/12
Verifying : httpd-filesystem-2.4.54-3.amzn2023.0.4 11/12
Verifying : generic-logos-httpd-18.0.0-12.amzn2023 12/12
Installed:
apr-1.7.2-2.amzn2023.0.2.x86_64
apr-util-1.6.3-1.amzn2023.0.1.x86_64
apr-util-openssl-1.6.3-1.amzn2023.0.1.x86_64
generic-logos-httpd-18.0.0-12.amzn2023.0.3.noarch
httpd-2.4.54-3.amzn2023.0.4.x86_64
httpd-core-2.4.54-3.amzn2023.0.4.x86_64
httpd-filesystem-2.4.54-3.amzn2023.0.4.noarch
httpd-tools-2.4.54-3.amzn2023.0.4.x86_64
libbrotli-1.0.9-4.amzn2023.0.2.x86_64
mailcap-2.1.49-3.amzn2023.0.3.noarch
mod_http2-1.15.24-1.amzn2023.0.3.x86_64
mod_lua-2.4.54-3.amzn2023.0.4.x86_64
Complete!
```
## 添加、启用或禁用新存储库
**警告**
仅添加设计用于的存储库 AL2023。
虽然为其他发行版设计的存储库现在可以使用,但不能保证在任何软件包更新 AL2023 或存储库不是为与之配合使用而设计的,它们会继续运行 AL2023。
要从默认 Amazon Linux 存储库以外的其他存储库安装程序包,您需要配置 `DNF` 程序包管理系统以告知其存储库的位置。
要告知 `dnf` 有关程序包存储库的信息,请将存储库信息添加到 `/etc/yum.repos.d/` 目录中该存储库的配置文件中。许多第三方存储库要么提供配置文件内容,要么提供一个包含配置文件的可安装的程序包。
**注意**
虽然可以直接在 `/etc/dnf/dnf.conf` 文件中配置存储库,但不建议这样做。建议每个存储库在 `/etc/yum.repos.d/` 目录下的各自文件中进行配置。
**要了解当前启用了哪些存储库,可以运行以下命令:**
```
$ dnf repolist all --verbose
Loaded plugins: builddep, changelog, config-manager, copr, debug, debuginfo-install, download, generate_completion_cache, groups-manager, needs-restarting, playground, release-notification, repoclosure, repodiff, repograph, repomanage, reposync, supportinfo
DNF version: 4.12.0
cachedir: /var/cache/dnf
Last metadata expiration check: 0:00:02 ago on Wed Mar 1 23:40:15 2023.
Repo-id : amazonlinux
Repo-name : Amazon Linux 2023 repository
Repo-status : enabled
Repo-revision : 1677203368
Repo-updated : Fri Feb 24 01:49:28 2023
Repo-pkgs : 12632
Repo-available-pkgs: 12632
Repo-size : 12 G
Repo-mirrors : https://al2023-repos-us-west-2-de612dc2.s3.dualstack.us-west-2.amazonaws.com/core/mirrors/2023.0.20230222/x86_64/mirror.list
Repo-baseurl : https://al2023-repos-us-west-2-de612dc2.s3.dualstack.us-west-2.amazonaws.com/core/guids/cf9296325a6c46ff40c775a8e2d632c4c3fd9d9164014ce3304715d61b90ca8e/x86_64/
: (0 more)
Repo-expire : 172800 second(s) (last: Wed Mar 1 23:40:15
: 2023)
Repo-filename : /etc/yum.repos.d/amazonlinux.repo
Repo-id : amazonlinux-debuginfo
Repo-name : Amazon Linux 2023 repository - Debug
Repo-status : disabled
Repo-mirrors : https://al2023-repos-us-west-2-de612dc2.s3.dualstack.us-west-2.amazonaws.com/core/mirrors/2023.0.20230222/debuginfo/x86_64/mirror.list
Repo-expire : 21600 second(s) (last: unknown)
Repo-filename : /etc/yum.repos.d/amazonlinux.repo
Repo-id : amazonlinux-source
Repo-name : Amazon Linux 2023 repository - Source packages
Repo-status : disabled
Repo-mirrors : https://al2023-repos-us-west-2-de612dc2.s3.dualstack.us-west-2.amazonaws.com/core/mirrors/2023.0.20230222/SRPMS/mirror.list
Repo-expire : 21600 second(s) (last: unknown)
Repo-filename : /etc/yum.repos.d/amazonlinux.repo
Repo-id : kernel-livepatch
Repo-name : Amazon Linux 2023 Kernel Livepatch repository
Repo-status : disabled
Repo-mirrors : https://al2023-repos-us-west-2-de612dc2.s3.dualstack.us-west-2.amazonaws.com/kernel-livepatch/mirrors/al2023/x86_64/mirror.list
Repo-expire : 172800 second(s) (last: unknown)
Repo-filename : /etc/yum.repos.d/kernel-livepatch.repo
Repo-id : kernel-livepatch-source
Repo-name : Amazon Linux 2023 Kernel Livepatch repository -
: Source packages
Repo-status : disabled
Repo-mirrors : https://al2023-repos-us-west-2-de612dc2.s3.dualstack.us-west-2.amazonaws.com/kernel-livepatch/mirrors/al2023/SRPMS/mirror.list
Repo-expire : 21600 second(s) (last: unknown)
Repo-filename : /etc/yum.repos.d/kernel-livepatch.repo
Total packages: 12632
```
**注意**
如果不添加 `--verbose` 选项标志,则输出仅包含 `Repo-id`、`Repo-name` 和 `Repo-status` 信息。
**将 `yum` 存储库添加到 `/etc/yum.repos.d` 目录**
1. 查找 `.repo` 文件的位置。在本示例中,`.repo` 文件位于 `https://www.example.com/repository.repo`。
1. 使用 `dnf config-manager` 命令添加存储库。
```
$ sudo dnf config-manager --add-repo https://www.example.com/repository.repo
Loaded plugins: priorities, update-motd, upgrade-helper
adding repo from: https://www.example.com/repository.repo
grabbing file https://www.example.com/repository.repo to /etc/yum.repos.d/repository.repo
repository.repo | 4.0 kB 00:00
repo saved to /etc/yum.repos.d/repository.repo
```
安装存储库后,必须按照以下过程启用存储库。
****要在中启用`yum`存储库`/etc/yum.repos.d`,请使用带有`--enable`标志和*repository*名称的`dnf config-manager`命令。
```
$ sudo dnf config-manager --enable repository
```
**注意**
要禁用存储库,请使用同样的命令语法,但在命令中将 `--enable` 替换为 `--disable`。
## 使用 cloud-init 添加存储库
除了使用前面的方法添加存储库,您还可以使用 `cloud-init` 框架添加新的存储库。
要添加新的软件包存储库,建议您使用以下模板。考虑将此文件保存在本地。
```
#cloud-config
yum_repos:
repository.repo:
baseurl: https://www.example.com/
enabled: true
gpgcheck: true
gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EXAMPLE
name: Example Repository
```
**注意**
使用 `cloud-init` 的一个好处是,您可以在配置文件中添加一个 `packages:` 部分。在该部分中,您可以包括要安装的软件包的名称。您可以安装来自默认存储库或来自您在 `cloud-config` 文件中添加的新存储库的软件包。
有关 YAML 文件结构的更多具体信息,请参阅《`cloud-init` 文档》中的[添加 YUM 存储库](https://cloudinit.readthedocs.io/en/22.2.2/topics/examples.html#adding-a-yum-repository)。**
设置 YAML 格式文件后,可以在 Amazon CLI中在 `cloud-init` 框架中运行该文件。确保包含 `--userdata` 选项和 `.yml` 文件的名称,以便调用所需操作。
```
$ aws ec2 run-instances \
--image-id \
resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64 \
--instance-type m5.xlarge \
--region us-east-1 \
--key-name aws-key-us-east-1 \
--security-group-ids sg-004a7650 \
--user-data file://cloud-config.yml
```