How to use auto-update in Podman

I have a Podman container that needs periodically manual update once in a while. I’d like this container to auto-update, and found that this was possible with podman auto-updates feature.

Essentially, I need to set a label for the container - --label io.containers.autoupdate=registry. More details with and very good explanation about this topic is available at a Red Hat Enable Sysadmin article titled “How to use auto-updates and rollbacks in Podman”.

However, one important missing from that article [1] is that for Podman auto-updates to work, we need to ensure that podman-auto-update.timer Systemd service needs to be running too. I noticed this when the gitea container on my server did not update to the newer version as expected. Let’s check out these finding together.

With Podman, we can run podman auto-update command to update a container, assuming that it has the correct label set. Podman figures out that the local gitea image is is outdated, and pulls down the newer image from the registry, and restarts pod-giteapod.service.

[git@banan ~]$ podman auto-update
...SNIP...

[git@banan ~]$ podman auto-update --format "{{.Unit}} {{.Updated}}"
pod-giteapod.service true

But as I wrote earlier, I wanted this process to be automated without having to login to the server and manually run podman auto-update.

Let’s check the podman-auto-date.time service:

[git@banan ~]$ systemctl --user status podman-auto-update.timer
○ podman-auto-update.timer - Podman auto-update timer
     Loaded: loaded (/usr/lib/systemd/user/podman-auto-update.timer; disabled; preset: disabled)
     Active: inactive (dead)
    Trigger: n/a
   Triggers: ● podman-auto-update.service

The above output showed that podman-auto-update.timer is disabled and inactive. This service would trigger the podman-auto-update.service, but it can’t trigger anything if it’s not running, isn’t it?

Let’s enable the podman-auto-update.timer service.

[git@banan ~]$ systemctl --user enable --now podman-auto-update.timer
Created symlink /srv/containervol/git/.config/systemd/user/timers.target.wants/podman-auto-update.timer → /usr/lib/systemd/user/podman-auto-update.timer.

Note that I run this service as a none root user, git, therefore the --user option is essential here. Now, let’s verify and finish off this blog post>

[git@banan ~]$ systemctl --user status podman-auto-update.timer
● podman-auto-update.timer - Podman auto-update timer
     Loaded: loaded (/usr/lib/systemd/user/podman-auto-update.timer; enabled; preset: disabled)
     Active: active (waiting) since Sat 2024-06-15 19:01:07 AEST; 3s ago
      Until: Sat 2024-06-15 19:01:07 AEST; 3s ago
    Trigger: Sun 2024-06-16 00:00:17 AEST; 4h 59min left
   Triggers: ● podman-auto-update.service

I hope this post will help someone who has had the same issue as me.

Reference:

• [1]How to use auto-updates and rollbacks in Podman