mirror of
https://github.com/containers/podman.git
synced 2025-06-18 07:28:57 +08:00
0ef5def0be
Clarify in the help message and the man page that auto updates only work with systemd units that are similar to the ones from `generate systemd --new`. Units that merely start/stop a container do not work as they will use the same image. Fixes: #6793 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
64 lines
3.2 KiB
Markdown
64 lines
3.2 KiB
Markdown
% podman-auto-update(1)
|
|
|
|
## NAME
|
|
podman-auto-update - Auto update containers according to their auto-update policy
|
|
|
|
## SYNOPSIS
|
|
**podman auto-update** [*options*]
|
|
|
|
## DESCRIPTION
|
|
`podman auto-update` looks up containers with a specified "io.containers.autoupdate" label (i.e., the auto-update policy).
|
|
|
|
If the label is present and set to "image", Podman reaches out to the corresponding registry to check if the image has been updated.
|
|
An image is considered updated if the digest in the local storage is different than the one of the remote image.
|
|
If an image must be updated, Podman pulls it down and restarts the systemd unit executing the container.
|
|
|
|
If "io.containers.autoupdate.authfile" label is present, Podman reaches out to corresponding authfile when pulling images.
|
|
|
|
At container-creation time, Podman looks up the "PODMAN_SYSTEMD_UNIT" environment variables and stores it verbatim in the container's label.
|
|
This variable is now set by all systemd units generated by `podman-generate-systemd` and is set to `%n` (i.e., the name of systemd unit starting the container).
|
|
This data is then being used in the auto-update sequence to instruct systemd (via DBUS) to restart the unit and hence to restart the container.
|
|
|
|
Note that `podman auto-update` relies on systemd and requires a fully-qualified image reference (e.g., quay.io/podman/stable:latest) to be used to create the container.
|
|
This enforcement is necessary to know which image to actually check and pull.
|
|
If an image ID was used, Podman would not know which image to check/pull anymore.
|
|
|
|
Moreover, the systemd units are expected to be generated with `podman-generate-systemd --new`, or similar units that create new containers in order to run the updated images.
|
|
Systemd units that start and stop a container cannot run a new image.
|
|
|
|
## OPTIONS
|
|
|
|
**--authfile**=*path*
|
|
|
|
Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`.
|
|
If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`. (Not available for remote commands)
|
|
|
|
Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
|
|
environment variable. `export REGISTRY_AUTH_FILE=path`
|
|
|
|
## EXAMPLES
|
|
|
|
```
|
|
# Start a container
|
|
$ podman run --label "io.containers.autoupdate=image" \
|
|
--label "io.containers.autoupdate.authfile=/some/authfile.json" \
|
|
-d busybox:latest top
|
|
bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d
|
|
|
|
# Generate a systemd unit for this container
|
|
$ podman generate systemd --new --files bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d
|
|
/home/user/containers/libpod/container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.service
|
|
|
|
# Load the new systemd unit and start it
|
|
$ mv ./container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.service ~/.config/systemd/user
|
|
$ systemctl --user daemon-reload
|
|
$ systemctl --user start container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.service
|
|
|
|
# Auto-update the container
|
|
$ podman auto-update
|
|
container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.service
|
|
```
|
|
|
|
## SEE ALSO
|
|
podman(1), podman-generate-systemd(1), podman-run(1), systemd.unit(5)
|