Use custom script for podman auto-update

This commit is contained in:
Wojciech Kozlowski 2022-11-26 14:13:13 +01:00
parent db079ed1ef
commit 6d547182a8
6 changed files with 81 additions and 12 deletions

View File

@ -0,0 +1,9 @@
[Unit]
Description=Pod service auto-update service
Documentation=man:podman(1)
Wants=network.target
After=network-online.target
[Service]
Type=oneshot
ExecStart=/usr/local/sbin/pod-service-auto-update

View File

@ -0,0 +1,9 @@
[Unit]
Description=Pod service auto-update timer
[Timer]
OnCalendar=daily
Persistent=true
[Install]
WantedBy=timers.target

View File

@ -1,7 +1,7 @@
[Unit]
Description=Prune dangling podman images
Documentation=man:podman-image-prune(1)
Before=podman-auto-update.service
Before=pod-service-auto-update.service
[Service]
Type=oneshot
@ -9,4 +9,4 @@ ExecStart=/usr/bin/podman container prune -f
ExecStart=/usr/bin/podman image prune -f
[Install]
WantedBy=podman-auto-update.service
WantedBy=pod-service-auto-update.service

View File

@ -0,0 +1,44 @@
#!/usr/bin/env python3
"""This script replaces `podman auto-update`. If a digest in a registry has been updated, `podman
pull` may not necessarily pull the image for quite some time. However, `auto-update` will still try
every day, but since it doesn't check if the new digest has actually been pulled it will restart the
service again and again. This script attempts to solve the problem by explicitly checking the digest
after the pull. However, it assumes that there is only service that needs restarting on updates and
that its called <username>.service so it is not (yet) a drop-in replacement for `podman
auto-update`.
"""
import getpass
import json
import subprocess
if __name__ == "__main__":
out = subprocess.run(["podman", "images", "--format", "json"], capture_output=True, check=True)
images = json.loads(out.stdout)
updated = []
for image in images:
if not image["Names"]:
continue
if len(image["Names"]) > 1:
raise ValueError(f"Multiple names available for image: {image['Names']}")
name = image["Names"][0]
subprocess.run(["podman", "pull", name], capture_output=True, check=True)
out = subprocess.run(["podman", "inspect", "--format", "json", name],
capture_output=True, check=True)
inspect = json.loads(out.stdout)
assert inspect
if len(inspect) > 1:
raise ValueError("Podman inspect returned multiple entries")
if inspect[0]["Digest"] != image["Digest"]:
updated.append(name)
if updated:
print(f"The following images have been updated: {updated}")
subprocess.run(["systemctl", "--user", "restart", f"{getpass.getuser()}.service"],
check=True)

View File

@ -1,16 +1,23 @@
- name: Copy systemd auto-update service for user
- name: Copy the pod-service update script
copy:
src: "/usr/lib/systemd/system/podman-auto-update.service"
dest: "/etc/systemd/user/podman-auto-update.service"
remote_src: yes
src: "./filesystem/common/usr/local/sbin/pod-service-auto-update"
dest: "/usr/local/sbin/pod-service-auto-update"
mode: 0755
- name: Copy systemd auto-update timer for user
- name: Copy the pod-service update service
copy:
src: "/usr/lib/systemd/system/podman-auto-update.timer"
dest: "/etc/systemd/user/podman-auto-update.timer"
remote_src: yes
src: "./filesystem/common/etc/systemd/user/pod-service-auto-update.service"
dest: "/etc/systemd/user/pod-service-auto-update.service"
mode: 0644
- name: Copy the pod-service update timer
copy:
src: "./filesystem/common/etc/systemd/user/pod-service-auto-update.timer"
dest: "/etc/systemd/user/pod-service-auto-update.timer"
mode: 0644
- name: Copy systemd image prune service for user
copy:
src: "./filesystem/common/etc/systemd/user/podman-image-prune.service"
dest: "/etc/systemd/user/podman-image-prune.service"
mode: 0644

View File

@ -105,9 +105,9 @@
daemon_reload: true
scope: user
- name: Enable podman auto-update
- name: Enable pod-service auto-update
systemd:
name: podman-auto-update.timer
name: pod-service-auto-update.timer
enabled: yes
state: started
scope: user