iCompaas Support

Profile Applicability:

• Level 1 
  

Description:

Docker's live restore feature allows containers to continue running even when the Docker daemon is restarted. Enabling this feature ensures minimal disruption to running containers during Docker daemon restarts.

Rationale:

Enabling live restore minimizes downtime for containers in production environments. It allows containers to maintain their state and continue operating seamlessly even if the Docker daemon is restarted, ensuring high availability and reducing service disruption.

Impact:

Pros:

• Prevents container downtime during Docker daemon restarts.
• Enhances availability and resilience of containerized applications.

Cons:

• Requires additional configuration and may involve a slight overhead for managing state during daemon restarts.

Default Value:
By default, Docker does not enable live restore, and containers are paused when the daemon is restarted.

Pre-requisites:

• Docker installed and running.

• Administrative privileges to modify Docker configuration.

Remediation

Test Plan:

Using AWS Console:

1. Log in to the EC2 instance running Docker.

2. Check if live restore is enabled by inspecting the Docker daemon configuration:

docker info | grep "Live Restore Enabled"

Using AWS CLI:

1. Connect to the EC2 instance where Docker is running.

2. Run the following command to check if live restore is enabled:
   

   docker info | grep "Live Restore Enabled"

Implementation Plan:

Using AWS Console:

1. Log in to the EC2 instance.

2. Modify the Docker configuration file /etc/docker/daemon.json to enable live restore:
   
   

   {
     "live-restore": true
   }

3. Restart Docker to apply the changes:
   

   sudo systemctl restart docker

Using AWS CLI:

1. Use SSM to enable live restore and restart Docker:

   aws ssm send-command --document-name "AWS-RunShellScript" --targets "Key=instanceIds,Values=instance_id" --parameters 'commands=["echo \'{\"live-restore\": true}\' > /etc/docker/daemon.json && sudo systemctl restart docker"]'

Backout Plan:

Using AWS Console:

1. Log in to the EC2 instance.

2. Revert the live restore setting by editing the /etc/docker/daemon.json file and removing or setting "live-restore": false.

3. Restart Docker:
   

   sudo systemctl restart docker

Using AWS CLI:

1. Use SSM to revert the live restore setting and restart Docker:

aws ssm send-command --document-name "AWS-RunShellScript" --targets "Key=instanceIds,Values=instance_id" --parameters 'commands=["echo \'{\"live-restore\": false}\' > /etc/docker/daemon.json && sudo systemctl restart docker"]'

References:

• Docker Live Restore Documentation

• CIS Docker Benchmark