Automate Your Docker Container Updates: A Step-by-Step Guide
Keep your Docker environment secure and up-to-date with minimal effort
Why Automate Docker Updates?
Docker containers are the backbone of modern application deployment, but outdated containers can introduce security risks and instability. Manual updates are time-consuming and error-prone. This guide shows you how to automate Docker container updates using a simple script and systemd timers.
The Docker-Updater Script
Here’s the script that does the heavy lifting. Save it as docker-updater.sh
:
#!/bin/bash
# Simple Docker Compose Updater
DOCKER_DIR="$HOME/Docker"
LOG_FILE="$DOCKER_DIR/update.log"
# Projects to update (empty = all projects)
allowed_projects=("project1" "project2")
echo "=== Update started: $(date) ===" >> "$LOG_FILE"
for project in "$DOCKER_DIR"/*/; do
project_name=$(basename "$project")
# Skip projects not in allow list
if [[ ${#allowed_projects[@]} -gt 0 ]] &&
[[ ! " ${allowed_projects[@]} " =~ " $project_name " ]]; then
continue
fi
# Find compose file
compose_file="$project/docker-compose.yaml"
[ -f "$compose_file" ] || compose_file="$project/docker-compose.yml"
# Update sequence
docker compose -f "$compose_file" down
docker compose -f "$compose_file" pull
docker compose -f "$compose_file" up -d
echo "$project_name updated" >> "$LOG_FILE"
done
echo "=== Update completed: $(date) ===" >> "$LOG_FILE"
Key Features:
- Updates containers in
~/Docker
directory - Supports
.yaml
and.yml
compose files - Optional allow list for selective updates
- Logs results to
update.log
Systemd Setup for Monthly Automation
We’ll use systemd to schedule monthly updates at 4 AM.
1. Service File
Create /etc/systemd/system/docker-updater.service
:
[Unit]
Description=Docker Container Updater
After=network.target docker.service
[Service]
Type=oneshot
User=pi #Enter your username
ExecStart=/home/pi/Scripts/docker-updater.sh # Script location
WorkingDirectory=/home/pi/Scripts # Script directory
Environment="PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin"
This service will run once and then be removed after execution. This is configured by the use of 'oneshot' Type
2. Timer File
Create /etc/systemd/system/docker-updater.timer
:
[Unit]
Description=Monthly Docker Update Timer
[Timer]
OnCalendar=*-*-1 04:00:00
Persistent=true
[Install]
WantedBy=timers.target
3. Activate the Timer
sudo systemctl daemon-reload
sudo systemctl enable docker-updater.timer
sudo systemctl start docker-updater.timer
Since the service and timer share the same name, the timer will schedule the execution of the service.
Verification:
sudo systemctl start docker-updater.service
Use this to test that the script works as intended and check the logs at Docker/update.log
systemctl list-timers | grep docker-updater
Troubleshooting Common Issues
1. Permission Denied
sudo chmod +x /path/to/docker-updater.sh
sudo chown pi:pi /path/to/docker-updater.sh
2. Docker Connection Errors
sudo usermod -aG docker $USER
3. View Logs
journalctl -u docker-updater.service
Why This Setup Works
- Consistent Updates
Runs on the 1st of every month at 4 AM, even after reboots (Persistent=true
). - Project Isolation
Processes each project’s containers separately to avoid conflicts. - Safety Net
Theallowed_projects
array lets you exclude critical containers. - Transparency
Detailed logs in~/Docker/update.log
show exactly what changed.
Next Steps
- Add Notifications
Integrate email/Slack alerts usingcurl
in the script. - Version Pinning
Add version checks for critical containers. - Backup Integration
Trigger backups before updating sensitive projects.
Final Thoughts
Automating Docker updates saves time and reduces human error. This 15-minute setup ensures your containers stay updated while you focus on development. Test it with non-critical projects first, then expand to your entire Docker ecosystem.
"The best system administrator is a lazy system administrator – automate everything!"
– Ancient DevOps Proverb
Like this guide? Share it with your team! 🚀