-
Notifications
You must be signed in to change notification settings - Fork 886
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docker containers with hash-only image cannot be updated #1050
Comments
Thanks to @amarcu5 filing docker-archive/compose-cli#1983, this should be solved (merged in docker-archive/compose-cli#1997) in upcoming releases. Until then, use the "vanilla" |
I'm sorry, I'm a real noob. How can I solve this with my RPi4 ? What's the "vanilla" docker compose ? I have the exact same stack running on an amd64 in portainer and it works great
|
It should only be a matter of running
|
Thank you for your answer. Shouldn't this be working ? |
I guess if you're using Portainer on the latest version, it's using docker-compose v2 internally. Can someone confirm it? |
Yes, I can confirm it: portainer/portainer#5799 (comment) |
So is there a workaround for people using portainer 2.9.1 like me ? |
AFAIK not using portainer to deploy your stack(s) is the only workaround ATM. That is what I'm doing, I deploy the stack with "docker-compose up -d" on the CLI and then use Portainer to manage the created stack(s). It gives you almost all Portainer functions except stack creation. |
Thanks for the suggestion. I did that, but I face the exact same problem o_O |
If you're having the same problem from the CLI it must mean that you're using docker compose (as portainer is) and not docker-compose (mind the space and the -). You should try with docker-compose from https://github.com/linuxserver/docker-docker-compose/releases and install it like that :
Mind the release number and the plateform amd64/arm64 or armhf, depending on your hardware
It may also be a problem with the docker-compose version, here is the one working for me: docker-compose version 1.27.4, build 40524192 |
Thanks for your answer. I do use docker-compose (version 1.28.4, build cabd5cfb). Would a more recent version break things up ? |
I'm not sure but I think it should be ok, the problem is with docker compose from docker CLI, not docker-compose... |
Is there a solution for this yet, can someone please help me with this, I am facing the same issue. |
A work-around is editing the container. Set the image container url in the config, and save it. That will solve it temporarily. I personally use portainer to deploy images, etc. and update the container image. Just replace the hash with image name. For example: linuxserver/portainer |
@Smiggel Thanks for the response. Can you please let me know where can we find the config for container? |
I use Portainer. In Portainer I go to "Containers" in the left menu. Then I click on an image. You see several buttons on top of the page and press "Duplicate/Edit". Under "Image" you can set the "Image configuration". Behind "Docker.io" just type for example "containrrr/watchtower" or what ever you need there. Just make sure you replace the sha256 hash there. When you do that and update the image, Watchtower will be able to find new versions. |
@Smiggel, thank you so much this makes sense a lot. |
this works but as far as I understand this is only a workaround as soon as watchtower will update the container or you update the container it will be set back to the hash? |
I only let watchtower send me a message and not update the container. So, I update it when I have time and just rebuild the container with pulling the last image. |
guess that's the best solution for now, thanks |
This doesn't happen to me when deploying a stack in Portainer with version "3.3". It keeps the chosen image names and watchtower is able to update the containers |
Looks like the latest portainer is using docker-compose instead of docker compose @Trony71 . That will be very helpful actually. |
It does not work for every stack I have tested it with |
I use version: '3.3' and when I update the watchtower stack initially, the image does not get a hash. As soon as I change the stack, e.g. update env variable, the image gets the sha hash as a name, although the image is not downloaded again. Anyone have an idea why? Unfortunately, no scan is performed even with the correct image name, I'm not sure yet whether it is related to this problem |
This comment has been minimized.
This comment has been minimized.
@mbourd25 I don't think this is related to hash-only images. Please create a new Discussion for this. That being said, the current hash is |
As a workaround, could you put a label with the container image? labels:
"com.centurylinklabs.watchtower.image": "containrrr/watchtower:latest" |
time="2022-02-01T18:00:08Z" level=info msg="Watchtower 1.4.0" |
Any updates on fixing this? I'm also running into this issue with a stack running on portainer which refers to some ghcr.io docker images. |
For anyone who uses portainers, this solved my problem: Now the images have the correct names again and no longer hashes |
@devedse This is not something that can be fixed by watchtower. The information necessary for watchtower to function (what the name of the image is) has been omitted, so we have no idea what to check for updates for. |
@piksel , understandable that if the image name is missing watchtower can't pull it. As a workaround though, could we think of any of the solutions mentioned above? Or do you have any idea why this fix is supposed to work?:
|
I have no idea why the fix works, I suppose there was a problem in docker-compose for ARM, and deleting the file leads to the rebuild/copy/download of the new docker-compose without the bug. For me the problem is solved and I'm on ARM64. |
@davtur19 , I'm using 64bit. Could you show me your Edit, I actually just found out that |
|
Apparently I was looking at the wrong image field. The one containing the Image name seems to be in .Config.Image:
This now shows: Edit:
This does display image names now correctly for stacks that I created. |
Yeah, |
In my case, i use watchtower with portainer (2.11.1). The image won't update with watchtower if you don't specify a tag in the docker-compose definition. Just add |
@Fizcko, it might be the case that it pins the image to a version if you omit the tag. Or it was using a version of docker-compose v2 before that used the image hashes, and now it doesn't? In any case, I added an additional check for image hashes to give a better error message for pinned images in #1277. Now it will instead inform that the image is pinned and as such cannot be updated by watchtower. That is a lot more helpful than errors about |
@piksel I don't really know. Now it works with the tag. |
Recently, containers without an image tag has been encountered by watchtower users:
docker compose
cannot be updated #1019Since the containers' configurations does not contain the necessary information for updating, watchtower cannot check for updates or recreate them.
Since #1027 (available in
watchtower:latest-dev
) it should at least no longer crash, but just skip said containers.One source of these containers seem to be
docker compose
(with no dash), but it's unclear whether they can be created in some other fashion (you could of course just manually specify thesha256:xxx
hash indocker run
, but then, what would you expect?)To verify that containers does not have any named image, you can run
docker ps
:In the second column (
IMAGE
), instead of the image tag, it shows just a short image id hash.I made a PoC attempting to retrieve the image tag based on the ID, and it is possible to do so under some conditions, but it's highly volatile.
If this is a permanent change in future Docker versions, it may render watchtower unusable... 😩
Add a comment if you know anything more about the source of these containers!
The text was updated successfully, but these errors were encountered: