1podman-auto-update(1)()                                podman-auto-update(1)()
2
3
4

NAME

6       podman-auto-update - Auto update containers according to their auto-up‐
7       date policy
8
9

SYNOPSIS

11       podman auto-update [options]
12
13

DESCRIPTION

15       podman auto-update looks up containers with  a  specified  "io.contain‐
16       ers.autoupdate" label (i.e., the auto-update policy).
17
18
19       If  the  label  is present and set to "registry", Podman reaches out to
20       the corresponding registry to check if the image has been updated.  The
21       label  "image" is an alternative to "registry" maintained for backwards
22       compatibility.  An image is considered updated if the digest in the lo‐
23       cal storage is different than the one of the remote image.  If an image
24       must be updated, Podman pulls it down and restarts the systemd unit ex‐
25       ecuting the container.
26
27
28       The  registry  policy requires a fully-qualified image reference (e.g.,
29       quay.io/podman/stable:latest) to be used to create the container.  This
30       enforcement  is  necessary  to  know  which image to actually check and
31       pull.  If an image ID was used, Podman would not know  which  image  to
32       check/pull anymore.
33
34
35       Alternatively,  if  the autoupdate label is set to "local", Podman will
36       compare the image a container is using to the image with it's raw  name
37       in  local  storage.   If  an  image  is  updated locally, Podman simply
38       restarts the systemd unit executing the container.
39
40
41       If "io.containers.autoupdate.authfile" label is present, Podman reaches
42       out to corresponding authfile when pulling images.
43
44
45       At  container-creation  time, Podman looks up the "PODMAN_SYSTEMD_UNIT"
46       environment variables and stores it verbatim in the container's  label.
47       This  variable is now set by all systemd units generated by podman-gen‐
48       erate-systemd and is set to %n (i.e., the name of systemd unit starting
49       the  container).   This  data is then being used in the auto-update se‐
50       quence to instruct systemd (via DBUS) to restart the unit and hence  to
51       restart the container.
52
53
54       Note  thatpodman  auto-update  relies on systemd. The systemd units are
55       expected to be generated with podman-generate-systemd --new, or similar
56       units  that  create  new containers in order to run the updated images.
57       Systemd units that start and stop a container cannot run a new image.
58
59
60   Systemd Unit and Timer
61       Podman ships with a podman-auto-update.service systemd unit.  This unit
62       is  triggered daily at midnight by the podman-auto-update.timer systemd
63       timer.  The timer can be altered for custom time-based updates  if  de‐
64       sired.   The  unit can further be invoked by other systemd units (e.g.,
65       via  the  dependency  tree)  or  manually  via  systemctl  start   pod‐
66       man-auto-update.service.
67
68

OPTIONS

70   --authfile=path
71       Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/contain‐
72       ers/auth.json, which is set using podman login.  If  the  authorization
73       state  is  not found there, $HOME/.docker/config.json is checked, which
74       is set using docker login.
75
76
77       Note: You can also override the default path of the authentication file
78       by  setting  the  REGISTRY_AUTH_FILE  environment variable. export REG‐
79       ISTRY_AUTH_FILE=path
80
81

EXAMPLES

83       Autoupdate with registry policy
84
85
86              # Start a container
87              $ podman run --label "io.containers.autoupdate=registry" \
88                  --label "io.containers.autoupdate.authfile=/some/authfile.json" \
89                  -d busybox:latest top
90              bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d
91
92              # Generate a systemd unit for this container
93              $ podman generate systemd --new --files bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d
94              /home/user/containers/libpod/container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.service
95
96              # Load the new systemd unit and start it
97              $ mv ./container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.service ~/.config/systemd/user
98              $ systemctl --user daemon-reload
99
100              # If the previously created containers or pods are using shared resources, such as ports, make sure to remove them before starting the generated systemd units.
101              $ podman stop bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d
102              $ podman rm bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d
103
104              $ systemctl --user start container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.service
105
106              # Auto-update the container
107              $ podman auto-update
108              container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.service
109
110
111
112       Autoupdate with local policy
113
114
115              # Start a container
116              $ podman run --label "io.containers.autoupdate=local" \
117                  -d busybox:latest top
118              be0889fd06f252a2e5141b37072c6bada68563026cb2b2649f53394d87ccc338
119
120              # Generate a systemd unit for this container
121              $ podman generate systemd --new --files be0889fd06f252a2e5141b37072c6bada68563026cb2b2649f53394d87ccc338
122              /home/user/containers/libpod/container-be0889fd06f252a2e5141b37072c6bada68563026cb2b2649f53394d87ccc338.service
123
124              # Load the new systemd unit and start it
125              $ mv ./container-be0889fd06f252a2e5141b37072c6bada68563026cb2b2649f53394d87ccc338.service ~/.config/systemd/user
126              $ systemctl --user daemon-reload
127
128              # If the previously created containers or pods are using shared resources, such as ports, make sure to remove them before starting the generated systemd units.
129              $ podman stop be0889fd06f252a2e5141b37072c6bada68563026cb2b2649f53394d87ccc338
130              $ podman rm be0889fd06f252a2e5141b37072c6bada68563026cb2b2649f53394d87ccc338
131
132              $ systemctl --user start container-be0889fd06f252a2e5141b37072c6bada68563026cb2b2649f53394d87ccc338.service
133
134              # Get the name of the container
135              $ podman ps
136              CONTAINER ID  IMAGE                             COMMAND  CREATED        STATUS            PORTS   NAMES
137              01f5c8113e84  docker.io/library/busybox:latest  top      2 seconds ago  Up 3 seconds ago          inspiring_galileo
138
139              # Modify the image
140              $ podman commit --change CMD=/bin/bash inspiring_galileo busybox:latest
141
142              # Auto-update the container
143              $ podman auto-update
144              container-be0889fd06f252a2e5141b37072c6bada68563026cb2b2649f53394d87ccc338.service
145
146
147

SEE ALSO

149       podman(1), podman-generate-systemd(1), podman-run(1), systemd.unit(5)
150
151
152
153                                                       podman-auto-update(1)()
Impressum