watchtower: Docker containers with hash-only image cannot be updated
Recently, containers without an image tag has been encountered by watchtower users:
Since the containers’ configurations does not contain the necessary information for updating, watchtower cannot check for updates or recreate them.
Since #1027 (available in watchtower:latest-dev) it should at least no longer crash, but just skip said containers.
One source of these containers seem to be docker compose (with no dash), but it’s unclear whether they can be created in some other fashion (you could of course just manually specify the sha256:xxx hash in docker run, but then, what would you expect?)
To verify that containers does not have any named image, you can run docker ps:
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fb0c2a735c38 4cdc5dd7eaad "/docker-entrypoint.…" 18 minutes ago Up 20 seconds 80/tcp
In the second column (IMAGE), instead of the image tag, it shows just a short image id hash.
I made a PoC attempting to retrieve the image tag based on the ID, and it is possible to do so under some conditions, but it’s highly volatile. If this is a permanent change in future Docker versions, it may render watchtower unusable… 😩
Add a comment if you know anything more about the source of these containers!
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Reactions: 2
- Comments: 40 (6 by maintainers)
For anyone who uses portainers, this solved my problem: https://github.com/portainer/portainer/issues/5799#issuecomment-1040214389
Now the images have the correct names again and no longer hashes
As a workaround, could you put a label with the container image? something like that:
This doesn’t happen to me when deploying a stack in Portainer with version “3.3”. It keeps the chosen image names and watchtower is able to update the containers
I use Portainer. In Portainer I go to “Containers” in the left menu. Then I click on an image. You see several buttons on top of the page and press “Duplicate/Edit”. Under “Image” you can set the “Image configuration”. Behind “Docker.io” just type for example “containrrr/watchtower” or what ever you need there.
Just make sure you replace the sha256 hash there. When you do that and update the image, Watchtower will be able to find new versions.
Apparently I was looking at the wrong image field. The one containing the Image name seems to be in .Config.Image:
This now shows:
devedse/coolimage:latestEdit: You can use this command to show all image names:
This does display image names now correctly for stacks that I created.
@mbourd25 I don’t think this is related to hash-only images. Please create a new Discussion for this.
That being said, the current hash is
sha256:a66d4579ef01e017d7c7af3da9d462388fc824ade4c6be1efe7521d34d314349and the hash for the image in dockerhub issha256:a66d4579ef01e017d7c7af3da9d462388fc824ade4c6be1efe7521d34d314349, so there is no update. Also, when looking at dockerhub, it seems like thelatesttag hasn’t been updated for a monthIt does not work for every stack I have tested it with
@Smiggel, thank you so much this makes sense a lot.
So is there a workaround for people using portainer 2.9.1 like me ?
Yes, I can confirm it: https://github.com/portainer/portainer/issues/5799#issuecomment-931609255
Thanks to @amarcu5 filing https://github.com/docker/compose-cli/issues/1983, this should be solved (merged in https://github.com/docker/compose-cli/pull/1997) in upcoming releases.
Until then, use the “vanilla”
docker-composecommand to enable watchtower support. Note: If you have enabledDocker Compose V2in Docker Desktop, usedocker-compose disable-v2to disable it.