Use custom script for podman auto-update
This commit is contained in:
parent
db079ed1ef
commit
6d547182a8
@ -0,0 +1,9 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Pod service auto-update service
|
||||||
|
Documentation=man:podman(1)
|
||||||
|
Wants=network.target
|
||||||
|
After=network-online.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
ExecStart=/usr/local/sbin/pod-service-auto-update
|
@ -0,0 +1,9 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Pod service auto-update timer
|
||||||
|
|
||||||
|
[Timer]
|
||||||
|
OnCalendar=daily
|
||||||
|
Persistent=true
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=timers.target
|
@ -1,7 +1,7 @@
|
|||||||
[Unit]
|
[Unit]
|
||||||
Description=Prune dangling podman images
|
Description=Prune dangling podman images
|
||||||
Documentation=man:podman-image-prune(1)
|
Documentation=man:podman-image-prune(1)
|
||||||
Before=podman-auto-update.service
|
Before=pod-service-auto-update.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
@ -9,4 +9,4 @@ ExecStart=/usr/bin/podman container prune -f
|
|||||||
ExecStart=/usr/bin/podman image prune -f
|
ExecStart=/usr/bin/podman image prune -f
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=podman-auto-update.service
|
WantedBy=pod-service-auto-update.service
|
||||||
|
@ -0,0 +1,44 @@
|
|||||||
|
#!/usr/bin/env python3
|
||||||
|
|
||||||
|
"""This script replaces `podman auto-update`. If a digest in a registry has been updated, `podman
|
||||||
|
pull` may not necessarily pull the image for quite some time. However, `auto-update` will still try
|
||||||
|
every day, but since it doesn't check if the new digest has actually been pulled it will restart the
|
||||||
|
service again and again. This script attempts to solve the problem by explicitly checking the digest
|
||||||
|
after the pull. However, it assumes that there is only service that needs restarting on updates and
|
||||||
|
that its called <username>.service so it is not (yet) a drop-in replacement for `podman
|
||||||
|
auto-update`.
|
||||||
|
|
||||||
|
"""
|
||||||
|
|
||||||
|
import getpass
|
||||||
|
import json
|
||||||
|
import subprocess
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
out = subprocess.run(["podman", "images", "--format", "json"], capture_output=True, check=True)
|
||||||
|
images = json.loads(out.stdout)
|
||||||
|
|
||||||
|
updated = []
|
||||||
|
for image in images:
|
||||||
|
if not image["Names"]:
|
||||||
|
continue
|
||||||
|
if len(image["Names"]) > 1:
|
||||||
|
raise ValueError(f"Multiple names available for image: {image['Names']}")
|
||||||
|
name = image["Names"][0]
|
||||||
|
|
||||||
|
subprocess.run(["podman", "pull", name], capture_output=True, check=True)
|
||||||
|
|
||||||
|
out = subprocess.run(["podman", "inspect", "--format", "json", name],
|
||||||
|
capture_output=True, check=True)
|
||||||
|
inspect = json.loads(out.stdout)
|
||||||
|
assert inspect
|
||||||
|
if len(inspect) > 1:
|
||||||
|
raise ValueError("Podman inspect returned multiple entries")
|
||||||
|
|
||||||
|
if inspect[0]["Digest"] != image["Digest"]:
|
||||||
|
updated.append(name)
|
||||||
|
|
||||||
|
if updated:
|
||||||
|
print(f"The following images have been updated: {updated}")
|
||||||
|
subprocess.run(["systemctl", "--user", "restart", f"{getpass.getuser()}.service"],
|
||||||
|
check=True)
|
@ -1,16 +1,23 @@
|
|||||||
- name: Copy systemd auto-update service for user
|
- name: Copy the pod-service update script
|
||||||
copy:
|
copy:
|
||||||
src: "/usr/lib/systemd/system/podman-auto-update.service"
|
src: "./filesystem/common/usr/local/sbin/pod-service-auto-update"
|
||||||
dest: "/etc/systemd/user/podman-auto-update.service"
|
dest: "/usr/local/sbin/pod-service-auto-update"
|
||||||
remote_src: yes
|
mode: 0755
|
||||||
|
|
||||||
- name: Copy systemd auto-update timer for user
|
- name: Copy the pod-service update service
|
||||||
copy:
|
copy:
|
||||||
src: "/usr/lib/systemd/system/podman-auto-update.timer"
|
src: "./filesystem/common/etc/systemd/user/pod-service-auto-update.service"
|
||||||
dest: "/etc/systemd/user/podman-auto-update.timer"
|
dest: "/etc/systemd/user/pod-service-auto-update.service"
|
||||||
remote_src: yes
|
mode: 0644
|
||||||
|
|
||||||
|
- name: Copy the pod-service update timer
|
||||||
|
copy:
|
||||||
|
src: "./filesystem/common/etc/systemd/user/pod-service-auto-update.timer"
|
||||||
|
dest: "/etc/systemd/user/pod-service-auto-update.timer"
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
- name: Copy systemd image prune service for user
|
- name: Copy systemd image prune service for user
|
||||||
copy:
|
copy:
|
||||||
src: "./filesystem/common/etc/systemd/user/podman-image-prune.service"
|
src: "./filesystem/common/etc/systemd/user/podman-image-prune.service"
|
||||||
dest: "/etc/systemd/user/podman-image-prune.service"
|
dest: "/etc/systemd/user/podman-image-prune.service"
|
||||||
|
mode: 0644
|
||||||
|
@ -105,9 +105,9 @@
|
|||||||
daemon_reload: true
|
daemon_reload: true
|
||||||
scope: user
|
scope: user
|
||||||
|
|
||||||
- name: Enable podman auto-update
|
- name: Enable pod-service auto-update
|
||||||
systemd:
|
systemd:
|
||||||
name: podman-auto-update.timer
|
name: pod-service-auto-update.timer
|
||||||
enabled: yes
|
enabled: yes
|
||||||
state: started
|
state: started
|
||||||
scope: user
|
scope: user
|
||||||
|
Loading…
Reference in New Issue
Block a user