containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Give `auto-update` ability to use per-container authfile specified by label. 

Signed-off-by: Ondřej Kraus <neverberlerfellerer@gmail.com>
This commit is contained in:
Ondřej Kraus 2020-05-12 13:09:11 +02:00
parent 343ab99b39
commit 9177c89edd
No known key found for this signature in database
GPG Key ID: 87B3A72902B17BB2
2 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/source/markdown/podman-auto-update.1.md
View File

@ -13,6 +13,8 @@ If the label is present and set to "image", Podman reaches out to the correspond
An image is considered updated if the digest in the local storage is different than the one of the remote image.
If an image must be updated, Podman pulls it down and restarts the systemd unit executing the container.
If "io.containers.autoupdate.authfile" label is present, Podman reaches out to corresponding authfile when pulling images.
At container-creation time, Podman looks up the "PODMAN_SYSTEMD_UNIT" environment variables and stores it verbatim in the container's label.
This variable is now set by all systemd units generated by `podman-generate-systemd` and is set to `%n` (i.e., the name of systemd unit starting the container).
This data is then being used in the auto-update sequence to instruct systemd (via DBUS) to restart the unit and hence to restart the container.
@ -35,7 +37,9 @@ environment variable. `export REGISTRY_AUTH_FILE=path`
```
# Start a container
$ podman run --label "io.containers.autoupdate=image" -d busybox:latest top
$ podman run --label "io.containers.autoupdate=image" \
--label "io.containers.autoupdate.autfile=/some/authfile.json" \
-d busybox:latest top
bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d
# Generate a systemd unit for this container

9
pkg/autoupdate/autoupdate.go
View File

@ -23,6 +23,10 @@ import (
// container labels.
const Label = "io.containers.autoupdate"
// Label denotes the container label key to specify authfile in
// container labels.
const AuthfileLabel = "io.containers.autoupdate.authfile"
// Policy represents an auto-update policy.
type Policy string
@ -144,6 +148,11 @@ func AutoUpdate(runtime *libpod.Runtime, options Options) ([]string, []error) {
if rawImageName == "" {
errs = append(errs, errors.Errorf("error auto-updating container %q: raw-image name is empty", ctr.ID()))
}
labels := ctr.Labels()
authFilePath, exists := labels[AuthfileLabel]
if exists {
options.Authfile = authFilePath
}
needsUpdate, err := newerImageAvailable(runtime, image, rawImageName, options)
if err != nil {
errs = append(errs, errors.Wrapf(err, "error auto-updating container %q: image check for %q failed", ctr.ID(), rawImageName))