Auto update containers with podman #3575
Comments
openshift-ci-robot
added
the
kind/feature
|
Would a cron job/systemd timer work for this? Not sure what watchtower is, but it seems line it must be just checking periodically and pulling new images. |
|
After reading https://hub.docker.com/r/v2tec/watchtower/ it looks like this would be fairly easy to implement via a systemd timer. The issue would be if you wanted to make this general purpose. Launch a watcher on an existing container. Being able to get the command line executed, and gernate the CLI command based on it. |
|
Yeah, I want this to be general purpose for all my containers. Which is why I like that watchtower container so much, its a very simple solution to auto update all my containerised applications. |
|
Docker added |
|
I don't think this will help, although it is something we should add to Podman. @QiWang19 Could you add --pull for podman run and create. |
|
Or @abitrolly If you wanted to add the support that would be great also. |
|
This is being worked on. |
Requirement from containers#3575 (comment) Added --pull for podman create and pull to match the newly added flag in docker CLI. `missing`: default value, podman will pull the image if it does not exist in the local. `always`: podman will always pull the image. `never`: podman will never pull the image. Signed-off-by: Qi Wang <[email protected]>
|
This issue had no activity for 30 days. In the absence of activity or the "do-not-close" label, the issue will be automatically closed within 7 days. |
|
A friendly reminder that this issue had no activity for 30 days. |
In watchtower the behavior configureable over labels: https://containrrr.github.io/watchtower/container-selection/ |
|
@delight That's not what I want though. I want to have podman update all my containers just like watchtower does by default. |
|
@viggy96 anyways I think you are addressing your request to the wrong project though. IMO it's rather an implementation detail of watchtower. Right now watchtower is accessing the docker api via go. It's rather up to watchtower to support podman additionally. |
|
@delight I was just using watchtower as an example. I'm not expecting podman guys to support watchtower. I was asking for a similar solution that would work for podman. @vrothberg has already taken up this issue, so I'd say its very relevant to this project. |
|
+1 to having a mechanism to generate timers for this. That would be great. |
|
@vrothberg any progress on this? |
|
No. The v2 API has a higher priority. I will tackle it after my PTO along with the open systemd issues. |
|
I opened #5480 to support auto-updating containers. Feel free to play with it and provide feedback. |
Add support to auto-update containers running in systemd units as generated with `podman generate systemd --new`. `podman auto-update` looks up containers with a specified "io.containers.autoupdate" label (i.e., the auto-update policy). If the label is present and set to "image", Podman reaches out to the corresponding registry to check if the image has been updated. We consider an image to be updated if the digest in the local storage is different than the one of the remote image. If an image must be updated, Podman pulls it down and restarts the container. Note that the restarting sequence relies on systemd. At container-creation time, Podman looks up the "PODMAN_SYSTEMD_UNIT" environment variables and stores it verbatim in the container's label. This variable is now set by all systemd units generated by `podman-generate-systemd` and is set to `%n` (i.e., the name of systemd unit starting the container). This data is then being used in the auto-update sequence to instruct systemd (via DBUS) to restart the unit and hence to restart the container. Note that this implementation of auto-updates relies on systemd and requires a fully-qualified image reference to be used to create the container. This enforcement is necessary to know which image to actually check and pull. If we used an image ID, we would not know which image to check/pull anymore. Fixes: containers#3575 Signed-off-by: Valentin Rothberg <[email protected]>
Add support to auto-update containers running in systemd units as generated with `podman generate systemd --new`. `podman auto-update` looks up containers with a specified "io.containers.autoupdate" label (i.e., the auto-update policy). If the label is present and set to "image", Podman reaches out to the corresponding registry to check if the image has been updated. We consider an image to be updated if the digest in the local storage is different than the one of the remote image. If an image must be updated, Podman pulls it down and restarts the container. Note that the restarting sequence relies on systemd. At container-creation time, Podman looks up the "PODMAN_SYSTEMD_UNIT" environment variables and stores it verbatim in the container's label. This variable is now set by all systemd units generated by `podman-generate-systemd` and is set to `%n` (i.e., the name of systemd unit starting the container). This data is then being used in the auto-update sequence to instruct systemd (via DBUS) to restart the unit and hence to restart the container. Note that this implementation of auto-updates relies on systemd and requires a fully-qualified image reference to be used to create the container. This enforcement is necessary to know which image to actually check and pull. If we used an image ID, we would not know which image to check/pull anymore. Fixes: containers#3575 Signed-off-by: Valentin Rothberg <[email protected]>
Add support to auto-update containers running in systemd units as generated with `podman generate systemd --new`. `podman auto-update` looks up containers with a specified "io.containers.autoupdate" label (i.e., the auto-update policy). If the label is present and set to "image", Podman reaches out to the corresponding registry to check if the image has been updated. We consider an image to be updated if the digest in the local storage is different than the one of the remote image. If an image must be updated, Podman pulls it down and restarts the container. Note that the restarting sequence relies on systemd. At container-creation time, Podman looks up the "PODMAN_SYSTEMD_UNIT" environment variables and stores it verbatim in the container's label. This variable is now set by all systemd units generated by `podman-generate-systemd` and is set to `%n` (i.e., the name of systemd unit starting the container). This data is then being used in the auto-update sequence to instruct systemd (via DBUS) to restart the unit and hence to restart the container. Note that this implementation of auto-updates relies on systemd and requires a fully-qualified image reference to be used to create the container. This enforcement is necessary to know which image to actually check and pull. If we used an image ID, we would not know which image to check/pull anymore. Fixes: containers#3575 Signed-off-by: Valentin Rothberg <[email protected]>
github-actions
bot
added
the
locked - please file new issue/PR
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind feature
Description
Is there a method of automatically updating containers when a new version is available in the repository? I use watchtower to achieve this currently with docker, and that container requires mounting the docker unix socket to work, which of course, won't work for podman. Is there another method of achieving this, or is this feature on the roadmap?
The text was updated successfully, but these errors were encountered: