We love our LXC containers. They make it so easy to provide and update services – snapshots take most of the fear out of the process, as we have discussed previously here. But even so, we are instinctively lazy and are always looking for ways to make updates EASIER. Now it’s possible to fully automate the updating of a running service in an LXC container BUT a responsible administrator wants to know what’s going on when key applications are being updated. We created a compromise, a simple script that runs an interactive process to backup and update our containers. It saves us repetitively typing the same commands, but it still keeps us fully in control as we answer yes/no upgrade related questions. We thought our script is worth sharing. So, without further ado, here’s our script, which you can just copy and paste to a file in your home directory (called say ‘update-containers.sh’). Then just run the script when you want to update and upgrade your containers. Don’t forget to change the name(s) of your linux containers in the ‘names=…’ line of the script:
#!/bin/bash # # Simple Container Update Script # Interactively update lxc containers # Change THESE ENTRIES with container names and remote path: # names='container-name-1 c-name2 c-name3 name4 nameN' # Now we just run a loop until all containers are backed up & updated # for name in $names do echo "" echo "Creating a Snapshot of container:" $name lxc snapshot $name echo "Updating container:" $name lxc exec $name apt update lxc exec $name apt upgrade lxc exec $name apt autoremove echo "Container updated. Re-starting..." lxc restart $name echo "" done echo "All containers updated"
Also, after you save it, don’t forget to chmod the file if you run it as a regular script:
chmod +x container-update.sh
Now run the script:
Note – no need to run using ‘sudo’ i.e. as ROOT user- this is LXC, we like to be run with minimal privileges so as not to ever break anything important!
So this simple script, which runs in Ubuntu or equivalex distro, does the following INTERACTIVELY for every container you name:
lxc snapshot container #Make a full backup, in case the update fails apt update #Update the repositories apt upgrade #Upgrade everything possible apt autoremove #Free up space by deleting old files restart container #Make changes take effect
This process is repeated for every container that is named. The ‘lxc snapshot’ is very useful: sometimes an ‘apt upgrade’ breaks the system. In our case, we can then EASILY restore the container to its prior updated state using the ‘lxc restore command. All you have to do is firstly find out a containers snapshot name:
lxc info container-name
E.g. – here’s the output of ‘lxc info’ on one of our real live containers:
sysadmin@server1:~lxc info office Name: office Remote: unix:// Architecture: x86_64 Created: 2018/07/24 07:02 UTC Status: Running Type: persistent Profiles: default Pid: 21139 Ips: eth0: inet 192.168.1.28 eth0: inet6 fe80::216:3eff:feab:4453 lo: inet 127.0.0.1 lo: inet6 ::1 Resources: Processes: 198 Disk usage: root: 1.71GB Memory usage: Memory (current): 301.40MB Memory (peak): 376.90MB Network usage: eth0: Bytes received: 2.52MB Bytes sent: 1.12MB Packets received: 32258 Packets sent: 16224 lo: Bytes received: 2.81MB Bytes sent: 2.81MB Packets received: 18614 Packets sent: 18614 Snapshots: http-works (taken at 2018/07/24 07:07 UTC) (stateless) https-works (taken at 2018/07/24 09:59 UTC) (stateless) snap1 (taken at 2018/08/07 07:37 UTC) (stateless)
The snapshots are listed at the end of the info screen. This container has three: the most recent being called ‘snap1’. We can restore our container to that state by issuing:
lxc restore office snap1
…and then we have our container back just where it was before we tried (and hypothetically failed) to update it. So we could do more investigating to find out what’s breaking and then take corrective action.
The rest of the script is boiler-plate linux updating on Ubuntu, but it’s interactive in that you still have to accept proposed upgrade(s) – we call that “responsible upgrading”. Finally, each container is restarted so that the correct changes are propagated. This gives a BRIEF downtime of each container (typically 1-several seconds). Don’t do this if you cannot afford even a few seconds of downtime.
We run this script manually once a week or so, and it makes the whole container update process less-painful and thus EASIER.
Happy LXC container updating!