1podman-auto-update(1)() podman-auto-update(1)()
2
3
4
6 podman-auto-update - Auto update containers according to their
7 auto-update policy
8
9
11 podman auto-update [options]
12
13
15 podman auto-update looks up containers with a specified "io.contain‐
16 ers.autoupdate" label (i.e., the auto-update policy).
17
18
19 If the label is present and set to "image", Podman reaches out to the
20 corresponding registry to check if the image has been updated. An
21 image is considered updated if the digest in the local storage is dif‐
22 ferent than the one of the remote image. If an image must be updated,
23 Podman pulls it down and restarts the systemd unit executing the con‐
24 tainer.
25
26
27 If "io.containers.autoupdate.authfile" label is present, Podman reaches
28 out to corresponding authfile when pulling images.
29
30
31 At container-creation time, Podman looks up the "PODMAN_SYSTEMD_UNIT"
32 environment variables and stores it verbatim in the container's label.
33 This variable is now set by all systemd units generated by podman-gen‐
34 erate-systemd and is set to %n (i.e., the name of systemd unit starting
35 the container). This data is then being used in the auto-update
36 sequence to instruct systemd (via DBUS) to restart the unit and hence
37 to restart the container.
38
39
40 Note that podman auto-update relies on systemd and requires a
41 fully-qualified image reference (e.g., quay.io/podman/stable:latest) to
42 be used to create the container. This enforcement is necessary to know
43 which image to actually check and pull. If an image ID was used, Pod‐
44 man would not know which image to check/pull anymore.
45
46
47 Moreover, the systemd units are expected to be generated with pod‐
48 man-generate-systemd --new, or similar units that create new containers
49 in order to run the updated images. Systemd units that start and stop
50 a container cannot run a new image.
51
52
53 Systemd Unit and Timer
54 Podman ships with a podman-auto-update.service systemd unit. This unit
55 is triggered daily at midnight by the podman-auto-update.timer systemd
56 timer. The timer can be altered for custom time-based updates if
57 desired. The unit can further be invoked by other systemd units (e.g.,
58 via the dependency tree) or manually via systemctl start pod‐
59 man-auto-update.service.
60
61
63 --authfile=path
64 Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/contain‐
65 ers/auth.json, which is set using podman login. If the authorization
66 state is not found there, $HOME/.docker/config.json is checked, which
67 is set using docker login.
68
69
70 Note: You can also override the default path of the authentication file
71 by setting the REGISTRY_AUTH_FILE environment variable. export REG‐
72 ISTRY_AUTH_FILE=path
73
74
76 # Start a container
77 $ podman run --label "io.containers.autoupdate=image" \
78 --label "io.containers.autoupdate.authfile=/some/authfile.json" \
79 -d busybox:latest top
80 bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d
81
82 # Generate a systemd unit for this container
83 $ podman generate systemd --new --files bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d
84 /home/user/containers/libpod/container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.service
85
86 # Load the new systemd unit and start it
87 $ mv ./container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.service ~/.config/systemd/user
88 $ systemctl --user daemon-reload
89 $ systemctl --user start container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.service
90
91 # Auto-update the container
92 $ podman auto-update
93 container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.service
94
95
96
98 podman(1), podman-generate-systemd(1), podman-run(1), systemd.unit(5)
99
100
101
102 podman-auto-update(1)()