PODMAN AUTO-UPDATES VIA SYSTEMD
Systemd can auto-update podman containers! Yes! Here is the detailed version on making that happen. Condensed version below.
DETAILED METHOD
There are three things that are needed to allow a container to auto-update via systemd:
- Container is running with auto-update flag enabled
- Container is managed by systemd
- Podman auto-updates are enabled via systemd
ENABLING AUTO-UPDATES IN THE CONTAINER
-
First we create our container, adding the auto-update feature "--label "io.containers.autoupdate=registry":
sudo podman container run -d -t --rm \ -p 80:80 \ --label "io.containers.autoupdate=registry" \ --name demo \ -v web-volume:/usr/local/apache2/htdocs/:Z \ docker.io/library/httpd:2.4 -
Once the container is started, validate it as running:
sudo podman container ls
ENALBING CONTAINER VIA SYSTEMD
-
The container must be currently running to create the unitfile, so start it if it is not. Take a look at it and make any changes that are necessary:
sudo podman generate systemd --new --name --files demo -
Move the newly create unitfile to the SystemD directory:
sudo mv -Z container-demo.service /etc/systemd/system/ -
Stop and remove our temporary container:
sudo podman container rm -f demo -
Reload systemd:
sudo systemctl daemon-reload -
Enable and start the service:
sudo systemctl enable --now container-demo -
Verify it started:
sudo podman container ls | grep container sudo systemctl status container-demo
ENALBE PODMAN AUTO-UPDATES VIA SYSTEMD
-
Now we can manually update the container, or all enabled as such containers, with the following command:
sudo podman auto-update -
To make this automatic every day at midnight (default timer), do the following:
sudo systemctl enable --now podman-auto-update.timer -
To edit the time:
sudo systemctl edit podman-auto-update.timer
There is the long way to do it.
CONDENSED METHOD
If you comprehend the above, then this would be the condensed version:
sudo systemctl enable --now podman-auto-update.timer
sudo podman container run -d -t --rm \
-p 80:80 \
--name demo \
--label "io.containers.autoupdate=registry" \
-v web-volume:/usr/local/apache2/htdocs/:Z \
docker.io/library/httpd:2.4
sudo podman generate systemd --new --name --files demo
sudo mv -Z container-demo.service /etc/systemd/system/
sudo podman container rm -f demo
sudo systemctl daemon-reload
sudo systemctl enable --now container-demo
CUSTOM TIMER TIMES
To use a custom timer, rather than use the podman-auto-update, I have chosen to avoid rolling the rpm-update dice and have instead gone with a custom unitfile set to get the job done.
The timer file (setting to 15m):
$ cat /etc/systemd/system/container-updater.timer
[Timer]
OnActiveSec=15m
OnUnitActiveSec=15m
[Install]
WantedBy=timers.target
Timer command service:
$ cat /etc/systemd/system/container-updater.service
[Unit]
Description=Podman container updater, customized by Andrew.
[Service]
Type=oneshot
ExecStart=/usr/bin/podman auto-update
ExecStartPost=/usr/bin/podman image prune -f
[Install]
WantedBy=multi-user.target default.target
And to enable and verify:
sudo systemctl daemon-reload
sudo systemctl enable --now container-updater.timer
systemctl list-timers | grep container-updater.timer
The last command above, which lists your systemd timers, should output something akin to the following if enabled correctly:
$ systemctl list-timers | grep container
Fri 2022-03-11 07:33:30 CST 8min left n/a n/a container-updater.timer container-updater.service
In my case, my 15m timer has spent 7m waiting, and has 8m left before it fires off the commands in the service file.
REFERENCES
-
Feodra Magazine - Auto updating podman containers with Systemd
-
leethax.org : systemd timers - how to restart a service every X hours : Take note, this needs a few tweaks for RHEL/Fedora, such as the timer.target->timers.target. But a very well written and useful reference nonetheless.