Skip to content

PODMAN AUTO-UPDATES VIA SYSTEMD

Systemd can auto-update podman containers! Yes! Here is the detailed version on making that happen. Condensed version below.

DETAILED METHOD

  1. First we need to create a temporary container. So invoke your run script or manually run it:

    sudo podman container run -d -t -p 80:80 --name demo -v web-volume:/usr/local/apache2/htdocs/:Z docker.io/library/httpd:2.4
    
  2. Once the container is started, validate it as running:

    sudo podman container ls
    
  3. Next we create the unitfile. Take a look at it and make any changes that are necessary:

    sudo podman generate systemd --new --name --files demo
    
  4. Move the newly create unitfile to the SystemD directory:

    sudo mv -Z container-demo.service /etc/systemd/system/
    
  5. Stop and remove our temporary container:

    sudo podman container rm -f demo
    
  6. Reload systemd:

    sudo systemctl daemon-reload
    
  7. Enable and start the service:

    sudo systemctl enable --now container-demo
    
  8. Verify it started:

    sudo podman container ls | grep container
    sudo systemctl status container-demo
    
  9. Now we enable updates. Edit the unitfile and paste into the podman command somewhere the following bit:

    --label "io.containers.autoupdate=registry"
    
  10. Reload systemd and restart the service:

    sudo systemctl daemon-reload
    sudo systemctl restart container-demo
    
  11. Now we can manually update the container, or all enabled as such containers, with the following command:

    sudo podman auto-update
    
  12. To make this automatic every day at midnight (default timer), do the following:

    sudo systemctl enable --now podman-auto-update.timer
    
  13. To edit the time:

    sudo systemctl edit podman-auto-update.timer
    

There is the long way to do it.

CONDENSED METHOD

If you comprehend the above, then this would be the condensed version:

sudo systemctl enable --now podman-auto-update.timer
sudo podman container run -d -t -p 80:80 --name demo --label "io.containers.autoupdate=registry" -v web-volume:/usr/local/apache2/htdocs/:Z docker.io/library/httpd:2.4
sudo podman generate systemd --new --name --files demo
sudo mv -Z container-demo.service /etc/systemd/system/
sudo podman container rm -f demo
sudo systemctl daemon-reload
sudo systemctl enable --now container-demo

CUSTOM TIMER TIMES

To use a custom timer, rather than use the podman-auto-update, I have chosen to avoid rolling the rpm-update dice and have instead gone with a custom unitfile set to get the job done.

The timer file (setting to 15m):

$ cat /etc/systemd/system/container-updater.timer
[Timer]
OnActiveSec=15m
OnUnitActiveSec=15m

[Install]
WantedBy=timers.target

Timer command service:

$ cat /etc/systemd/system/container-updater.service
[Unit]
Description=Podman container updater, customized by Andrew.

[Service]
Type=oneshot
ExecStart=/usr/bin/podman auto-update
ExecStartPost=/usr/bin/podman image prune -f

[Install]
WantedBy=multi-user.target default.target

And to enable and verify:

sudo systemctl daemon-reload
sudo systemctl enable --now container-updater.timer
systemctl list-timers | grep container-updater.timer

The last command above, which lists your systemd timers, should output something akin to the following if enabled correctly:

$ systemctl list-timers | grep container
Fri 2022-03-11 07:33:30 CST  8min left     n/a                          n/a          container-updater.timer      container-updater.service

In my case, my 15m timer has spent 7m waiting, and has 8m left before it fires off the commands in the service file.

REFERENCES