1podman-auto-update(1)() podman-auto-update(1)()
2
6 podman-auto-update - Auto update containers according to their auto-up‐
7 date policy
8
11 podman auto-update [options]
12
15 podman auto-update looks up containers with a specified "io.contain‐
16 ers.autoupdate" label (i.e., the auto-update policy).
17 If the label is present and set to "registry", Podman reaches out to
20 the corresponding registry to check if the image has been updated. The
21 label "image" is an alternative to "registry" maintained for backwards
22 compatibility. An image is considered updated if the digest in the lo‐
23 cal storage is different than the one of the remote image. If an image
24 must be updated, Podman pulls it down and restarts the systemd unit ex‐
25 ecuting the container.
26 The registry policy requires a fully-qualified image reference (e.g.,
29 quay.io/podman/stable:latest) to be used to create the container. This
30 enforcement is necessary to know which image to actually check and
31 pull. If an image ID was used, Podman would not know which image to
32 check/pull anymore.
33 Alternatively, if the autoupdate label is set to "local", Podman will
36 compare the image a container is using to the image with it's raw name
37 in local storage. If an image is updated locally, Podman simply
38 restarts the systemd unit executing the container.
39 If "io.containers.autoupdate.authfile" label is present, Podman reaches
42 out to corresponding authfile when pulling images.
43 At container-creation time, Podman looks up the "PODMAN_SYSTEMD_UNIT"
46 environment variables and stores it verbatim in the container's label.
47 This variable is now set by all systemd units generated by podman-gen‐
48 erate-systemd and is set to %n (i.e., the name of systemd unit starting
49 the container). This data is then being used in the auto-update se‐
50 quence to instruct systemd (via DBUS) to restart the unit and hence to
51 restart the container.
52 Note thatpodman auto-update relies on systemd. The systemd units are
55 expected to be generated with podman-generate-systemd --new, or similar
56 units that create new containers in order to run the updated images.
57 Systemd units that start and stop a container cannot run a new image.
58 Systemd Unit and Timer
61 Podman ships with a podman-auto-update.service systemd unit. This unit
62 is triggered daily at midnight by the podman-auto-update.timer systemd
63 timer. The timer can be altered for custom time-based updates if de‐
64 sired. The unit can further be invoked by other systemd units (e.g.,
65 via the dependency tree) or manually via systemctl start pod‐
66 man-auto-update.service.
67
70 --authfile=path
71 Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/contain‐
72 ers/auth.json, which is set using podman login. If the authorization
73 state is not found there, $HOME/.docker/config.json is checked, which
74 is set using docker login.
75 Note: You can also override the default path of the authentication file
78 by setting the REGISTRY_AUTH_FILE environment variable. export REG‐
79 ISTRY_AUTH_FILE=path
80
83 Autoupdate with registry policy
84 # Start a container
87 $ podman run --label "io.containers.autoupdate=registry" \
88 --label "io.containers.autoupdate.authfile=/some/authfile.json" \
89 -d busybox:latest top
90 bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d
91 # Generate a systemd unit for this container
93 $ podman generate systemd --new --files bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d
94 /home/user/containers/libpod/container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.service
95 # Load the new systemd unit and start it
97 $ mv ./container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.service ~/.config/systemd/user
98 $ systemctl --user daemon-reload
99 # If the previously created containers or pods are using shared resources, such as ports, make sure to remove them before starting the generated systemd units.
101 $ podman stop bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d
102 $ podman rm bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d
103 $ systemctl --user start container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.service
105 # Auto-update the container
107 $ podman auto-update
108 container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.service
109 Autoupdate with local policy
113 # Start a container
116 $ podman run --label "io.containers.autoupdate=local" \
117 -d busybox:latest top
118 be0889fd06f252a2e5141b37072c6bada68563026cb2b2649f53394d87ccc338
119 # Generate a systemd unit for this container
121 $ podman generate systemd --new --files be0889fd06f252a2e5141b37072c6bada68563026cb2b2649f53394d87ccc338
122 /home/user/containers/libpod/container-be0889fd06f252a2e5141b37072c6bada68563026cb2b2649f53394d87ccc338.service
123 # Load the new systemd unit and start it
125 $ mv ./container-be0889fd06f252a2e5141b37072c6bada68563026cb2b2649f53394d87ccc338.service ~/.config/systemd/user
126 $ systemctl --user daemon-reload
127 # If the previously created containers or pods are using shared resources, such as ports, make sure to remove them before starting the generated systemd units.
129 $ podman stop be0889fd06f252a2e5141b37072c6bada68563026cb2b2649f53394d87ccc338
130 $ podman rm be0889fd06f252a2e5141b37072c6bada68563026cb2b2649f53394d87ccc338
131 $ systemctl --user start container-be0889fd06f252a2e5141b37072c6bada68563026cb2b2649f53394d87ccc338.service
133 # Get the name of the container
135 $ podman ps
136 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
137 01f5c8113e84 docker.io/library/busybox:latest top 2 seconds ago Up 3 seconds ago inspiring_galileo
138 # Modify the image
140 $ podman commit --change CMD=/bin/bash inspiring_galileo busybox:latest
141 # Auto-update the container
143 $ podman auto-update
144 container-be0889fd06f252a2e5141b37072c6bada68563026cb2b2649f53394d87ccc338.service
145
149 podman(1), podman-generate-systemd(1), podman-run(1), systemd.unit(5)
150 podman-auto-update(1)()