home..

Ditch Watchtower! Podman has auto updates built in

May 2025

Watchtower was able to auto update my Podman containers, but it failed to restart them giving the error cannot set memory swappiness with cgroupv2: OCI runtime error in logs. There is a feature request on Github to add Watchtower support, but there is already a built in feature in Podman. There is probably a bug in Watchtower that doesn’t set the mem_swappiness attribute of the container, so it fails. Running podman-compose down && podman-compose up -d fixes the problem, but I don’t want to have to do this every couple days when my containers update. Also --cleanup doesn’t work and leaves an image named none under podman image ls. So lets migrate to a native solution.

First, I migrated all my containers to Quadlets, which wasn’t too bad. I used a tool called Podlet to help me generate .container files from my docker compose files. This won’t be plug and play!!! This command will fail on more complex compose files. Look at the error codes and fix. For me, it was mainly healthchecks. Not a big deal, just remove them and add them manually in the .container file after. These .container files are placed at ~/.config/containers/systemd. If this directory doesn’t exist make it with mkdir -p. You also need to make additional .network and .volume files for additional networking and volumes. Then run systemctl --user daemon-reload to generate the .service files for systemd.

Here are some sample .container, .network, and .volume files:

#name.container
[Unit]
Wants=network-online.target
After=network-online.target
Requires=put service dependancies here, specify the .service names if your container stack has multiple dependancies
 
[Container]
ContainerName=name
Environment="slap your env vars here"
Image=full path to image name including quay.io or docker.io
Network=name.network
PublishPort=3000:3000
HealthCmd=optional healthchecking command
AutoUpdate=registry #if you want auto updates
 
[Service]
Restart=always #change to what you want
 
[Install]
WantedBy=multi-user.target default.target #IMPORTANT or your containers wont start on boot

#name.volume
[Unit]
Description=put_good_description_here
 
[Volume]

#name.network
[Unit]
Description=same_thing

[Network]
IPv6=true #if you want IPv6

For auto updates to work, make sure you start and enable podman-auto-update.service and podman-auto-update.timer. The timer triggers the auto update service every 24 hours. Make sure to specify AutoUpdate=registry under each container you wish to auto update or the service won’t pick it up. A useful command to import data from an existing volume to the new volume in Quadlets: podman volume export oldmyvol | podman volume import myvol -. Make sure the container is stopped or you will corrupt the database and have to start over. For me, it was mainly Mongodb and Postgres dbs I needed to move over, quick and easy with this command.

© 2025 Wayne Zeng   •  Theme  Moonwalk