ansible-nas icon indicating copy to clipboard operation
ansible-nas copied to clipboard

Published 20 hours ago verified publisher icon davestephens

Add Watchtower option for updating containers selectively

Open HitLuca opened this issue 3 years ago • 2 comments

I had some issues in the past when watchtower was enabled and started updating specific containers, which broke functionality. To me allowing the user to specify selected containers for updating (as well as updating everything as it is now) would be a nice addition, and I implemented it on my own ansible-nas fork.

What you basically need to do is: add a variable in watchtower like watchtower_label_enable (false by default), which would be a boolean and would enable updating only selected containers. Now the watchtower task becomes

- name: Watchtower Docker Container
  docker_container:
    name: watchtower
    ...
    env:
      ...
      WATCHTOWER_LABEL_ENABLE: "{{ watchtower_label_enable | ternary('1', '0') }}" #<- important, as watchtower expects 1 or 0, not true/false
    ...

Now every application needs a new variable, which I called *_watchtower_update_enabled which is also a boolean and set to false by default. Each app receives a new docker label in the form of

com.centurylinklabs.watchtower.enable: "{{ (watchtower_enabled and watchtower_label_enable) | ternary(*_watchtower_update_enabled, omit) | string }}"

The reasoning is the following:

  • watchtower_enabled: false: no containers are updated as usual
  • watchtower_enabled: true and watchtower_label_enable: false: all containers are updated, regardless of individual preferences
  • watchtower_enabled: true and watchtower_label_enable: true: a label is added for watchtower to monitor only if *_watchtower_update_enabled: true, otherwise the label is not added and the container doesn't get updated.

The setup has been tested on my two ansible-nas machines and works as expected.

Side note: you need to add recreate: true to each application task if not there already, as labels don't get updated without a container being recreated

HitLuca avatar Jul 22 '22 12:07 HitLuca

Let me know if it would be interesting and I can make a PR for it

HitLuca avatar Jul 22 '22 12:07 HitLuca

I agree with this approach and would like to see this added one way or another. On my Ansible-nas machine I have added a label per container: com.centurylinklabs.watchtower.enable: "{{ vaultwarden_watchtower_enable }}" to decide if I want this particular container getting updated or not. I works fine.

anarion80 avatar Jan 04 '23 09:01 anarion80