Merge pull request #5480 from vrothberg/auto-updates

auto update containers in systemd units

2 files changed, 47 insertions, 0 deletions

diff --git a/docs/source/markdown/podman-auto-update.1.md b/docs/source/markdown/podman-auto-update.1.md
new file mode 100644
index 000000000..93ad22f76
--- /dev/null
+++ b/docs/source/markdown/podman-auto-update.1.md
@@ -0,0 +1,46 @@
+% podman-auto-update(1)
+
+## NAME
+podman-auto-update - Auto update containers according to their auto-update policy
+
+## SYNOPSIS
+**podman auto-update**
+
+## DESCRIPTION
+`podman auto-update` looks up containers with a specified "io.containers.autoupdate" label (i.e., the auto-update policy).
+
+If the label is present and set to "image", Podman reaches out to the corresponding registry to check if the image has been updated.
+An image is considered updated if the digest in the local storage is different than the one of the remote image.
+If an image must be updated, Podman pulls it down and restarts the systemd unit executing the container.
+
+At container-creation time, Podman looks up the "PODMAN_SYSTEMD_UNIT" environment variables and stores it verbatim in the container's label.
+This variable is now set by all systemd units generated by `podman-generate-systemd` and is set to `%n` (i.e., the name of systemd unit starting the container).
+This data is then being used in the auto-update sequence to instruct systemd (via DBUS) to restart the unit and hence to restart the container.
+
+Note that `podman auto-update` relies on systemd and requires a fully-qualified image reference (e.g., quay.io/podman/stable:latest) to be used to create the container.
+This enforcement is necessary to know which image to actually check and pull.
+If an image ID was used, Podman would not know which image to check/pull anymore.
+
+## EXAMPLES
+
+```
+# Start a container
+$ podman run -d busybox:latest top
+bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d
+
+# Generate a systemd unit for this container
+$ podman generate systemd --new --files bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d
+/home/user/containers/libpod/container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.service
+
+# Load the new systemd unit and start it
+$ mv ./container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.service ~/.config/systemd/user
+$ systemctl --user daemon-reload
+$ systemctl --user start container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.service
+
+# Auto-update the container
+$ podman auto-update
+container-bc219740a210455fa27deacc96d50a9e20516492f1417507c13ce1533dbdcd9d.service
+```
+
+## SEE ALSO
+podman(1), podman-generate-systemd(1), podman-run(1), systemd.unit(5)
diff --git a/docs/source/markdown/podman.1.md b/docs/source/markdown/podman.1.md
index 86d246e87..5797535f7 100644
--- a/docs/source/markdown/podman.1.md
+++ b/docs/source/markdown/podman.1.md
@@ -154,6 +154,7 @@ the exit codes follow the `chroot` standard, see below:
 | Command                                          | Description                                                                 |
 | ------------------------------------------------ | --------------------------------------------------------------------------- |
 | [podman-attach(1)](podman-attach.1.md)           | Attach to a running container.                                              |
+| [podman-auto-update(1)](podman-auto-update.1.md) | Auto update containers according to their auto-update policy                |
 | [podman-build(1)](podman-build.1.md)             | Build a container image using a Containerfile.                              |
 | [podman-commit(1)](podman-commit.1.md)           | Create new image based on the changed container.                            |
 | [podman-container(1)](podman-container.1.md)     | Manage containers.                                                          |