Docker – detecting out-of-date containers

Amazingly there isn’t a built-in mechanism to check if docker containers are up-to-date, you can only do a pull and see if anything is downloaded. By doing so the images are anyway updated, so if the container is recreated for any reason it will also use those new images.

There’s a tool called Skopeo which should do this, but I could not get it to run (the Go dependencies are too complex on my older Linux installation).

There’s also Watchtower which automates the checking but does not ensure images aren’t downloaded.

I decided to write my own bash script to read the local docker container / image details and compare them against the latest version in the repo using the API. This turned out to be pretty complex – in the case of Docker Hub because the URLs and authentication aren’t very intuitive, and in the case of Github because they use the newer manifest schema which requires multiple calls to get the information.

However… I got a script which works, confirming whether local images are up-to-date (at least for my set of containers).

My scenario is that I run this script each week with the settings to check all containers and only output those that are out-of-date. Any output is then sent to me by email so I can decide when to update.

It can be found on Github: https://github.com/pseudocoder/docker-check

Example output from my media server

% docker-check -a
paperless-ng_gotenberg_1 (thecodingmachine/gotenberg) is up-to-date
mariadb (linuxserver/mariadb:latest) is up-to-date
wireguard (ghcr.io/linuxserver/wireguard) is up-to-date
heimdall (linuxserver/heimdall:latest) is up-to-date
plex (linuxserver/plex:latest) is up-to-date
wordpress-gee-family (wordpress:latest) is up-to-date
wordpress-pseudocode (wordpress:latest) is up-to-date
cops (linuxserver/cops) is up-to-date
paperless-ng_webserver_1 (jonaswinkler/paperless-ng:latest) is up-to-date
filebrowser (filebrowser/filebrowser:latest) is up-to-date
deluge (linuxserver/deluge) is up-to-date
filerun (afian/filerun:latest) is up-to-date
calibre-web (linuxserver/calibre-web) is up-to-date
influxdb2 (influxdb:latest) is up-to-date
syncthing (linuxserver/syncthing:latest) is up-to-date
grafana (grafana/grafana:latest) is up-to-date
paperless-ng_db_1 (postgres:13) is up-to-date
paperless-ng_broker_1 (redis:6.0) is up-to-date
paperless-ng_tika_1 (apache/tika) is up-to-date
portainer (portainer/portainer-ce) is up-to-date

Docker Compose – automated updates

Using docker-compose makes updating images and containers very easy – a simple command downloads any new images:

docker-compose pull

And another stops, updates and restarts containers:

docker-compose up -d

But what if you want to know about updates, without actually doing them – for example, to do a daily check but only update during non-critical times or when you’re around to fix any issues?

Unfortunately, neither docker or docker-compose seem to provide a way of reporting out-of-date images – but a simple pair of commands can do something similar.

docker-compose pull -q
docker images | fgrep '<none>'

This pulls any new images, quietly without reporting anything, and then looks for any images not associated with a tag – since the new images will now have the “latest” tag, the older ones show up.

After the update (docker-compose up -d) you should also delete the old images:

docker image prune -f

Probably there’s a better way to do this, but it works fine on my media centre to tell me of updates while still having control over when they are applied.

TICK stack

I’ve been using the TelegrafInfluxDBChronograf-Kapacitor stack for a couple of months at home and at work, for monitoring the state of devices, process and home automation.

We actually I’ve been using the Telegraf-InfluxDB-Grafana stack – I have no idea why they decided to create Chronograf as a fork of Grafana, but it really is pretty rubbish in comparison.

That said, overall the solution is brilliant – Telegraf is pretty good at grabbing stats from your servers, and is highly configurable (at least on Linux – the Windows version could do with some work). The only area that really lets it down is the inability to sum up stats when monitoring processes, so anything that spawns child processes tends to make a mess of the stats.

Influx is very easy to use – the line protocol mechanism for adding data with a simple web request makes it very accessible, with a simple bash script and some sed reformatting able to create a data dump very easily. It seems pretty disk intensive, but I guess that’s always going to be the case with something writing datapoints every minute. Getting used to a timeseries database takes a bit of patience, with pretty limited options for querying, but it’s worth it for the performance and space saving. The only significant lack here is handling of offsets – it’s a very clear use-case to compare timeseries from two equivalent points in time, and surprising it isn’t supported.

Then Grafana tops it off with flexible and powerful visualisation.

I’d recommended anyone who is looking after any sort of IT system to have a play around with it.

Hosting Hassles

I’ve been using Vidahost for my web hosting for many years, and until the last couple of months their service was superb. But then I made the mistake of moving to a newer shared server – and everything went wrong.

I suspect the new host is just overloaded, but email was unusably slow several times each day, the (virtually unused) website similarly sluggish, and then the final straw they blocked my home IP address because of too many IMAP requests. OK, it was a bit high – but in a multi-device family that’s the new normal.

I’ve now moved to AWS for hosting and Infomaniak for email – so far so good, the “free” (for a year) EC2 server is much faster, as is the (not free) email.

Since I was moving, I also migrated to WordPress from Movable Type – seems OK, although it’s a lot less flexible in terms of accessing the underlying HTML.

Confluence User Cloud Macro

This user macro will display users in a specific group in a cloud-like format, as shown below.

## Macro Name: user-cloud
## Macro title: User Cloud
## Description: Displays a list of users in a cloud-like format
## Category: Confluence content
## Body processing: Unrendered

## @param Group:title=Group|type=string|required=true|desc=Group name
## @param MinWidth:title=Minimum Width|type=string|required=true|desc=Minimum width in CSS units (e.g. px)|default=120px
## @param PicSize:title=Picture Size|type=string|required=true|desc=Picture height in CSS units (e.g. px)|default=60px
## @param Border:title=Border Colour|type=string|required=false|desc=Border Colour
## @param Fill:title=Fill Colour|type=string|required=false|desc=Fill Colour

#foreach($user in $userAccessor.getMembers($userAccessor.getGroup($paramGroup)))
  <span style="background: $paramFill; min-width: $paramMinWidth; text-align: center; display: inline-block; border: 1px solid $paramBorder; padding: 6px; margin: 8px; border-radius: 4px">
    <img style="height: $paramPicSize; border-radius: 3px" src="$userAccessor.getUserProfilePicture($user).getUriReference()"><br/>
    <a href="/display/~$user.getName()">$user.getFullName()</a>
  </span>
#end

The layout can be customized for border, background, minimum width of block, and picture height; each item is a span which will flow depending on the width which in turn depends on the specified minimum and the name length.

Names are links to the user’s profile page.

The image below can be used as the icon.

Confluence – hiding content from PDF export

Confluence has the ability to produce reasonable PDF exports of pages, which can be further customized using CSS to add corporate logos, footers etc.

As a wiki much of the power comes from dynamic features such as links to related items, or making notes at the end of pages, but this is not always appropriate or useful in a static export.

The following macro adds a section to a page which will not be exported.

Creating the Macro

Create a new User Macro (Administration – Configuration – User Macros) with the following details

|Macro Name|hidden-pdf-panel| |Visibility|Visible to all users in the Macro Browser| |Macro Title|Hidden PDF Panel| |Description|A panel which will be hidden when exported to PDF| |Categories|Formatting| |Documentation URL|This page URL| |Macro Body Processing|Rendered|

Template code below

## Macro title: Hidden PDF Panel
## Macro has a body: Y
## Body processing: Rendered

## @noparams

<div class="pdfhidden" style="position: relative; margin: 0px -8px; border: 2px dashed #CCCCCC; padding: 4px"><div style="font-size: 10px; font-weight: bold; color: #CCCCCC; position: absolute; top: 0px; right: 2px">hidden</div>$body</div>

Setting the CSS for the PDF Export

Edit the Global PDF Styles (Administration – Look and Feel – PDF Stylesheet) to add the following CSS snippet at the end:

/* Hidden panels */
div.pdfhidden {
  display: none;
}

That’s it – you can now use the macro on pages to have non-PDF-exported content, like this:

Date from Unix Timestamp

I always have to fire up Excel to get a date/time from a Unix timestamp… so here’s a quick Javascript that does it:

 

Microsoft Spam !

You wouldn’t expect MS to send spam? No, neither would I – surely no major tech company is that dumb?

Well, they seem to have lost the plot on their Surface and OneNote emails.

Register your new Surface and you get a series of “helpful” emails telling you how to use it. Hmm, I don’t need this crap, if I want to know something I’ll Google it (yeah, not Bing!) – where’s the unsubscribe button?

OMG – no unsubscribe!

Must be something in my MS account – but no, it’s all set to the correct “don’t send me crap” settings. The not-well-known Profile Center also looks clean.

Grrr.

And then, I get an email from OneNote.

“Notebooks are social. So pass it on.” “Forward this email to family and friends so they can join the party!”

Ah, no. My notebook is absolutely not f*****g social, it’s my notebook, if I wanted it to be social I would have said so but the default setting should be as private as possible.

Microsoft, get a grip – I’m pretty sure most people who buy a Surface are not aiming to turn it into a social hub, and are quite happy to read the documentation in their own good time without being spammed.

MS Surface Pro 4

I’ve been using an old iPad for many years and generally find it OK for web browsing, watching videos and so on, but even with an external keyboard attached it sucks for “PC like” tasks. Maybe I’m just an MS slave, but the Office apps are hard to beat, and the limits on file access and sharing on the iPad make it really hard to do anything significant.

I considered upgrading my very old laptop, but then I’d also want to upgrade my iPad – so simple solution seemed to be get a Surface: laptop and tablet in one.

The model I got is a Pro 4, Core i7, 8MB memory 256GB disk – and it’s brilliant.

Type cover is as good as most laptop keyboards I’ve used, and has all the keys in the right layout unlike all the bluetooth iPad keyboards I’ve seen.

Speed is what you would expect of a Core i7 and an SSD – basically very quick, no lag on doing anything that I can see. Of course I’ll try to keep it light on servers and background crap that run on my main PC.

Pen is OK, but I don’t really use it much – the writing recognition is amazing (even with my dreadful scrawl), but I can simply type faster than I can write, and the keyboard + built-in full width stand is really comfortable on my knee because the whole thing is so light.

And the screen – wow, the text looks like it’s been laser printed. In fact it’s so clear it looks kind of “big” – I keep checking the font size against other screens and it’s comparable, but the clarity makes it stand out, even in paler colours that some people seem fond of using in emails.

So my conclusion is that it’s the best laptop I’ve owned by some margin (unbeatably light, easily powerful enough), and almost as good as an iPad as a tablet.