Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

podman_image: using force is required to pull locally existing changed image from registry #879

Open
cwchristerw opened this issue Dec 2, 2024 · 11 comments
Labels
enhancement New feature or request

Comments

@cwchristerw
Copy link

cwchristerw commented Dec 2, 2024

I think using pull with this module should check from registry if it has newer image or digest has changed, then pull image only when it has changed. I would like to not use force parameter, because it will waste limited quota very fast. In my own registry there is no quota and I can continue to use force: true, but in case of Docker Hub this isn't possible.

I will build my own versions of these images in single machine and then push them to my own Gitea instance.

This might be related to issue in the past #153.

@cwchristerw cwchristerw changed the title podman_image: using force is required to pull existing changed image from registry podman_image: using force is required to pull locally existing changed image from registry Dec 2, 2024
@cwchristerw
Copy link
Author

There is no module to get latest image information from repository, which causes this problem to be currently only solvable by using uri module and using HEAD request.

@sshnaidm
Copy link
Member

sshnaidm commented Dec 2, 2024

Podman doesn't support such functionality, there is a Skopeo tool for this. I don't think image module should require a Skopeo.
But I'm open to a separate Skopeo module.

@sshnaidm sshnaidm added the enhancement New feature or request label Dec 2, 2024
@sshnaidm
Copy link
Member

sshnaidm commented Dec 2, 2024

related to #876 as well

@cwchristerw
Copy link
Author

If its not possible to make it with podman itself then skopeo module would be good solution to make.

@sshnaidm
Copy link
Member

sshnaidm commented Dec 3, 2024

Yeah, I'd like to have it. Would you like to prepare a patch 😄 ?

@cwchristerw
Copy link
Author

cwchristerw commented Dec 4, 2024

Unfortunately I have no time and original reason why I suggested this wasn't solution to my real problem with Docker Hub quota. Docker Hub requires clients to login when getting digest in HEAD request from images and I'm not aware of what scope should be in login request to get info about all public images with one login request. But in current documentation of Docker Hub API it will have scope of one image and this will consume quota as fast as issuing podman pull directly. I'm not sure if skopeo has solved this quota issue itself somehow, if they have then it could be solution, but currently I have too much work todo before the end of the year.

@sgflt
Copy link

sgflt commented Dec 30, 2024

I wanted to achieve similar results, but failed.

pull: newer | always
recreate: false | true
force: false | true - couldn't find this config in documentation

recreate: true - always recreates container even if image stays the same 🔴
pull: newer - does nothing, remote image is newer and local is stale. Even podman pull myimage:latest on machine and then repeated run of ansible task does not recreate container with new image. 🔴

ansible-playbook [core 2.16.12]
python version = 3.13.0 (main, Oct 8 2024, 00:00:00) [GCC 14.2.1 20240912 (Red Hat 14.2.1-3)]
jinja version = 3.1.4

Used task:

- name: Deploy applications
  containers.podman.podman_container:
    name: "{{ item.name }}"
    image: "{{ item.name }}:{{ item.version | default('latest') }}"
    restart_policy: unless-stopped
    pull: newer
  with_items: "{{ applications }}"

@sshnaidm
Copy link
Member

sshnaidm commented Dec 30, 2024

@sgflt in order to use the newest image that exists locally with same tag exactly you need to use image_strict: true:
https://github.com/containers/ansible-podman-collections/blob/main/plugins/modules/podman_container.py#L589
Probably I need to make it true by default

@sshnaidm
Copy link
Member

I've started to work on HEAD requests for dockerhub in podman_image, thinking about what option to use for this in podman_container

@sgflt
Copy link

sgflt commented Dec 30, 2024

I have tested your recommendation, but still it does not discover newer image in registry.

Even following combination does not redeploy changed image: 🔴

pull: always
image_strict: true

But if I pull manually and then run playbook, then only the updated image is redeployed. 🟠

@sshnaidm
Copy link
Member

sshnaidm commented Dec 30, 2024

I have tested your recommendation, but still it does not discover newer image in registry.

Yes, this is exactly what I meant. It will discover it locally, currently it doesn't communicate with a registry.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants