diff --git a/playbooks/filesystem/common/etc/systemd/user/pod-service-auto-update.service b/playbooks/filesystem/common/etc/systemd/user/pod-service-auto-update.service new file mode 100644 index 0000000..a846a84 --- /dev/null +++ b/playbooks/filesystem/common/etc/systemd/user/pod-service-auto-update.service @@ -0,0 +1,9 @@ +[Unit] +Description=Pod service auto-update service +Documentation=man:podman(1) +Wants=network.target +After=network-online.target + +[Service] +Type=oneshot +ExecStart=/usr/local/sbin/pod-service-auto-update diff --git a/playbooks/filesystem/common/etc/systemd/user/pod-service-auto-update.timer b/playbooks/filesystem/common/etc/systemd/user/pod-service-auto-update.timer new file mode 100644 index 0000000..ef03b4f --- /dev/null +++ b/playbooks/filesystem/common/etc/systemd/user/pod-service-auto-update.timer @@ -0,0 +1,9 @@ +[Unit] +Description=Pod service auto-update timer + +[Timer] +OnCalendar=daily +Persistent=true + +[Install] +WantedBy=timers.target diff --git a/playbooks/filesystem/common/etc/systemd/user/podman-image-prune.service b/playbooks/filesystem/common/etc/systemd/user/podman-image-prune.service index d2408fc..064f040 100644 --- a/playbooks/filesystem/common/etc/systemd/user/podman-image-prune.service +++ b/playbooks/filesystem/common/etc/systemd/user/podman-image-prune.service @@ -1,7 +1,7 @@ [Unit] Description=Prune dangling podman images Documentation=man:podman-image-prune(1) -Before=podman-auto-update.service +Before=pod-service-auto-update.service [Service] Type=oneshot @@ -9,4 +9,4 @@ ExecStart=/usr/bin/podman container prune -f ExecStart=/usr/bin/podman image prune -f [Install] -WantedBy=podman-auto-update.service +WantedBy=pod-service-auto-update.service diff --git a/playbooks/filesystem/common/usr/local/sbin/pod-service-auto-update b/playbooks/filesystem/common/usr/local/sbin/pod-service-auto-update new file mode 100644 index 0000000..fc277b9 --- /dev/null +++ b/playbooks/filesystem/common/usr/local/sbin/pod-service-auto-update @@ -0,0 +1,44 @@ +#!/usr/bin/env python3 + +"""This script replaces `podman auto-update`. If a digest in a registry has been updated, `podman +pull` may not necessarily pull the image for quite some time. However, `auto-update` will still try +every day, but since it doesn't check if the new digest has actually been pulled it will restart the +service again and again. This script attempts to solve the problem by explicitly checking the digest +after the pull. However, it assumes that there is only service that needs restarting on updates and +that its called .service so it is not (yet) a drop-in replacement for `podman +auto-update`. + +""" + +import getpass +import json +import subprocess + +if __name__ == "__main__": + out = subprocess.run(["podman", "images", "--format", "json"], capture_output=True, check=True) + images = json.loads(out.stdout) + + updated = [] + for image in images: + if not image["Names"]: + continue + if len(image["Names"]) > 1: + raise ValueError(f"Multiple names available for image: {image['Names']}") + name = image["Names"][0] + + subprocess.run(["podman", "pull", name], capture_output=True, check=True) + + out = subprocess.run(["podman", "inspect", "--format", "json", name], + capture_output=True, check=True) + inspect = json.loads(out.stdout) + assert inspect + if len(inspect) > 1: + raise ValueError("Podman inspect returned multiple entries") + + if inspect[0]["Digest"] != image["Digest"]: + updated.append(name) + + if updated: + print(f"The following images have been updated: {updated}") + subprocess.run(["systemctl", "--user", "restart", f"{getpass.getuser()}.service"], + check=True) diff --git a/playbooks/tasks/services/a-common/04-systemd-user.yml b/playbooks/tasks/services/a-common/04-systemd-user.yml index 7f02c10..ae637dc 100644 --- a/playbooks/tasks/services/a-common/04-systemd-user.yml +++ b/playbooks/tasks/services/a-common/04-systemd-user.yml @@ -1,16 +1,23 @@ -- name: Copy systemd auto-update service for user +- name: Copy the pod-service update script copy: - src: "/usr/lib/systemd/system/podman-auto-update.service" - dest: "/etc/systemd/user/podman-auto-update.service" - remote_src: yes + src: "./filesystem/common/usr/local/sbin/pod-service-auto-update" + dest: "/usr/local/sbin/pod-service-auto-update" + mode: 0755 -- name: Copy systemd auto-update timer for user +- name: Copy the pod-service update service copy: - src: "/usr/lib/systemd/system/podman-auto-update.timer" - dest: "/etc/systemd/user/podman-auto-update.timer" - remote_src: yes + src: "./filesystem/common/etc/systemd/user/pod-service-auto-update.service" + dest: "/etc/systemd/user/pod-service-auto-update.service" + mode: 0644 + +- name: Copy the pod-service update timer + copy: + src: "./filesystem/common/etc/systemd/user/pod-service-auto-update.timer" + dest: "/etc/systemd/user/pod-service-auto-update.timer" + mode: 0644 - name: Copy systemd image prune service for user copy: src: "./filesystem/common/etc/systemd/user/podman-image-prune.service" dest: "/etc/systemd/user/podman-image-prune.service" + mode: 0644 diff --git a/playbooks/tasks/services/b-user/service-user/01-user.yml b/playbooks/tasks/services/b-user/service-user/01-user.yml index 7f8d91d..c7ddc18 100644 --- a/playbooks/tasks/services/b-user/service-user/01-user.yml +++ b/playbooks/tasks/services/b-user/service-user/01-user.yml @@ -105,9 +105,9 @@ daemon_reload: true scope: user - - name: Enable podman auto-update + - name: Enable pod-service auto-update systemd: - name: podman-auto-update.timer + name: pod-service-auto-update.timer enabled: yes state: started scope: user