In my Homelab stack, I’ve completely Dockerized a lot of my infrastructure services: Sonarr, Radarr, Jackett, Nextcloud, Redis, MariaDB, MySQL, and a lot more! I made sure to get a very good understanding of how to manually remove containers, remove images, add macvlans, and even inspect the network elements all within the command line and then built a Docker-Compose that I can easily bring up and down containers if needed but I wanted something that can automate all updates.
All Along the Watchtower
The fine devs over at Watchtower made a container that will peridoically check to see if your containers have updates and if there is an update it will do the process for you! The break down of my docker-compose section for Watchetower looks like this:
watchtower:
image: containrrr/watchtower
container_name: watchtower
environment:
- WATCHTOWER_NOTIFICATIONS=email
- WATCHTOWER_NOTIFICATION_EMAIL_FROM=fromemail@example.com
- WATCHTOWER_NOTIFICATION_EMAIL_TO=to@example.com
- WATCHTOWER_NOTIFICATION_EMAIL_SERVER=mail.example.com
- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=587
- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=user@example.com
- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD=Password
- WATCHTOWER_CLEANUP=true
- WATCHTOWER_LABEL_ENABLE=true
- WATCHTOWER_DEBUG=true
- WATCHTOWER_SCHEDULE=0 30 2 * * *
- TZ=America/New_York
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /etc/localtime:/etc/localtime:ro
labels:
- "com.centurylinklabs.watchtower.enable=true"
restart: unless-stopped
The first 3 lines are your standard variables, you set the name, the image, and the container name:
watchtower:
image: containrrr/watchtower
container_name: watchtower
Lines 4 – 11 are one of the most importantable parts these lines tell Watchtower to email you if there are any updates! Fill out the information for your own mail server and the connectivity should be fine as long as you’re using the right ports to services.
environment:
- WATCHTOWER_NOTIFICATIONS=email
- WATCHTOWER_NOTIFICATION_EMAIL_FROM=fromemail@example.com
- WATCHTOWER_NOTIFICATION_EMAIL_TO=to@example.com
- WATCHTOWER_NOTIFICATION_EMAIL_SERVER=mail.example.com
- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=587
- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=user@example.com
- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD=Password
Line 12 is the second most important function to me as this tells Watchtower to clean up old images after the update has completed
- WATCHTOWER_CLEANUP=true
Line 13 tells Watchtower to only update containers that have a label: “com.centurylinklabs.watchtower.enable=”true” or com.centurylinklabs.watchtower.enable=”false”. If the value is true it will update that container and if value is false it will simply ignore that container and move on.
- WATCHTOWER_LABEL_ENABLE=true
Line 14 is a simple turn debugging on, I don’t need this to be on but when I troubleshoot I like to look at more events than not.
- WATCHTOWER_DEBUG=true
Line 15 is the cron 6 field instead of the default 5 fields the only difference is the last field is the year in YYYY format.
- WATCHTOWER_SCHEDULE=0 30 2 * * *
Line 16 is to set the timezone to America/New_York
- TZ=America/New_York
Lines 17, 18, and 19 are the bind volumes and the most important one is making sure /var/run/docker.sock is on the host and container. I just happen to always mount my localtime to ensure the right timezone is presented to the cotainer.
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /etc/localtime:/etc/localtime:ro
Lines 20 and 21 are the labels that we turned on in Lime 13, this tells Watchtower to update its own image.
labels:
- "com.centurylinklabs.watchtower.enable=true"
Line 22 is the normal always restart a container unless it’s stopped manually or otherwise. It’s not restarted even if the docker daemon restarts.
restart: unless-stopped
Final thoughts: I want to see how well this works out and if I don’t run into any issues I want Watchtower to monitor my other remote Docker instances. Having automation handle this will save me a lot of time from manually doing but with anything that’s automated you have to learn how to it manually before you can automate it.
**UPDATE 2022-01-09** Working as intended I received the notification email from my scheduled job that there some updates which Watchtower updated the image, restarted the container, deleted the old image upon successful start, and send me an email.