Comment

Comment on [OC] mag37/dockcheck - CLI tool to automate docker image updates.

This is a great tool, thanks for the continued support.

Personally, I don’t actually use dockcheck to perform updates, I only use it for its update check functionality, along with a custom plugin which, in cooperation with a python script of mine, serves a REST API that lists all containers on all of my systems with available updates. That then gets pulled into homepage using their custom API function to make something like this: imgur.com/a/tAaJ6xf

So at a glance I can see any containers that have updates available, then I can hope into Dockge to actually apply them on my own schedule.

source

Sort:hotnew top

mag37@lemmy.ml ⁨1⁩ ⁨month⁩ ago
Thank you! Oh! That’s pretty cool, do you mind sharing bits of how this is done? Would be nice to incorporate into a notify-template in the future.

source
- suicidaleggroll@lemm.ee ⁨1⁩ ⁨month⁩ ago
  Sure, it’s a bit hack-and-slash, but not too bad. Honestly the dockcheck portion is already pretty complete, I’m not sure what all you could add to improve it. The custom plugin I’m using does nothing more than dump the array of container names with available updates to a comma-separated list in a file. In addition to that I also have a wrapper for dockcheck which does two things:
  
  dockcheck plugins only run when there’s at least one container with available updates, so the wrapper is used to handle cases when there are no available updates.
  
  Some containers aren’t handled by dockcheck because they use their own management system, two examples are bitwarden and mailcow. The wrapper script can be modified as needed to support handling those as well, but that has to be one-off since there’s no general-purpose way to handle checking for updates on containers that insist on doing things in their own custom way.
  
  Basically there are 5 steps to the setup:
  
  Enable Prometheus metrics from Docker (this is just needed to get running/stopped counts, if those aren’t needed it can skipped). To do that, add the following to /etc/docker/daemon.json (create it if necessary) and restart Docker:
  
  { "metrics-addr": "127.0.0.1:9323" }
  
  Once running, you should be able to run curl http://localhost:9323/metrics and see a dump of Prometheus metrics
  
  Clone dockcheck, and create a custom plugin for it at dockcheck/notify.sh:
  
  send_notification() { Updates=("$@") UpdToString=$(printf ", %s" "${Updates[@]}") UpdToString=${UpdToString:2} File=updatelist_local.txt echo -n $UpdToString > $File }
  
  Create a wrapper for dockcheck:
  
  #!/bin/bash cd $(dirname $0) ./dockcheck/dockcheck.sh -mni if [[ -f updatelist_local.txt ]]; then mv updatelist_local.txt updatelist.txt else echo -n "None" > updatelist.txt fi
  
  At this point you should be able to run your script, and at the end you’ll have the file “updatelist.txt” which will either contain a comma-separated list of all containers with available updates, or “None” if there are none. Add this script into cron to run on whatever cadence you want, I use 4 hours.
  
  The main Python script:
  
  #!/usr/bin/python3 from flask import Flask, jsonify import os import time import requests import json app = Flask(__name__) # Listen addresses for docker metrics dockerurls = ['http://127.0.0.1:9323/metrics'] # Other dockerstats servers staturls = [] # File containing list of pending updates updatefile = '/path/to/updatelist.txt' @app.route('/metrics', methods=['GET']) def get_tasks(): running = 0 stopped = 0 updates = "" for url in dockerurls: response = requests.get(url) if (response.status_code == 200): for line in response.text.split("\n"): if 'engine_daemon_container_states_containers{state="running"}' in line: running += int(line.split()[1]) if 'engine_daemon_container_states_containers{state="paused"}' in line: stopped += int(line.split()[1]) if 'engine_daemon_container_states_containers{state="stopped"}' in line: stopped += int(line.split()[1]) for url in staturls: response = requests.get(url) if (response.status_code == 200): apidata = response.json() running += int(apidata['results']['running']) stopped += int(apidata['results']['stopped']) if (apidata['results']['updates'] != "None"): updates += ", " + apidata['results']['updates'] if (os.path.isfile(updatefile)): st = os.stat(updatefile) age = (time.time() - st.st_mtime) if (age < 86400): f = open(updatefile, "r") temp = f.readline() if (temp != "None"): updates += ", " + temp else: updates += ", Error" else: updates += ", Error" if not updates: updates = "None" else: updates = updates[2:] status = { 'running': running, 'stopped': stopped, 'updates': updates } return jsonify({'results': status}) if __name__ == '__main__': app.run(host='0.0.0.0')
  
  The neat thing about this program is it’s nestable, meaning if you run steps 1-4 independently on all of your Docker servers (assuming you have more than one), then you can pick one of the machines to be the “master” and update the “staturls” variable to point to the other ones, allowing it to collect all of the data from other copies of itself into its own output. If the output of this program will only need to be accessed from localhost, you can change the host variable in app.run to 127.0.0.1 to lock it down. Once this is running, you should be able to run curl http://localhost:5000/metrics and see the running and stopped container counts and available updates for the current machine and any other machines you’ve added into “staturls”. You can then turn this program into a service or launch it @reboot in cron or in /etc/rc.local, whatever fits with your management style to start it up on boot.
  
  Finally, the Homepage custom API to pull the data into the dashboard:
  
  widget: type: customapi url: http://localhost:5000/metrics refreshInterval: 2000 display: list mappings: - field: results: running label: Running format: number - field: results: stopped label: Stopped format: number - field: results: updates label: Updates
  
  source
  - mag37@lemmy.ml ⁨1⁩ ⁨month⁩ ago
    Thats really nice! Thank you so much for the writeup.
    
    Would you mind if I added this as a discussion (crediting you and this post!) in the github project? Or if you’d like to copypaste it yourself to get the credit and be a part of the discussion.
    
    source
    suicidaleggroll@lemm.ee ⁨5⁩ ⁨weeks⁩ ago
    
    Would you mind if I added this as a discussion (crediting you and this post!) in the github project?
    
    Yeah that would be fine
    
    source
    -> View More Comments
Kuvwert@lemm.ee ⁨1⁩ ⁨month⁩ ago
Neat!

source