Someone recommended it for keeping my containers up to date automatically. I checked out the repo and it seems too good to be true. It just updates your containers when a new image is available and everything just works out of the box? I’m a bit scared of just leaving it alone in case it might break something. The fact that it doesn’t come with a gui also scares me a bit.
Does anyone here use it and can recommend it? Any horror stories?
I have been using it for years and never had a single issue. I use it on a private server only I use, so even if an update fails in the future it would not be the end of the world. I would not use it in an company environment I guess where a lot depends on everything running smoothly.
I’ve been using watchtower for more than a year on all my containers and no issues so far. I have read many warnings against automating the updates, but it has never broken anything in my case. I’m talking about 3 VMs (on Proxmox) and 2 Synology boxes. 5 instances of watchtower keeping a total of 84 containers updated.
Nonetheless I try to play it on the safe side and make daily backups in case something breaks. I’ve had a couple of containers breaking (nothing related to watchtower, AFAIK) and I have recovered easily restoring the latest backup.
- 3 VMs in Proxmox hosting 70 containers get backed up everyday with ProxmoxBackupServer (VM in my primary NAS) to a NFS mounted folder on my primary NAS
- Primary NAS (with 7 containers) gets backed up with Snapshot replication to my secondary NAS everyday.
- Secondary NAS (with 7 containers) gets backed up with Snapshot replication to my primay NAS everyday.
- And once a month I backup my primary NAS (not the whole thing,only the important folders) to a USB drive that I store at a friends house.
Using Watchtower for approximately 2 years on about 20 Containers. I had 1 issue, where a container would not start after the update. The Error Message said I had an unsupported entry in the configuration file of the app. I looked up the changelog of that app, and found out that the option was removed and replaced by something else. Had to change one line in the configuration. Not really a problem for me.
Though I decided to exclude my Home Automation Container and my kasm container ( my gateway to my network, a bit like guacamole ). Those may pose problems if they are offline unexpected.
There are risk, that a newer version of an image will accidentally, break things, apply breaking changes and so on.
Good, frequent, tested backups, could be a mitigation to this. If an image breaks, you just restore your data from the backup, and pull the older image.
I use the klausmeyer/docker-registry-browser
, and that recently broke, but it just needed me to provide an additional configuration variable.
I use advplyr/audiobookshelf
, which upgraded to a different database engine and schema a couple months ago. For some small subset of people (including me) the migration to the new database didn’t go well. But I had a backup from 6 hours before the update, so restoring and then using the older image until the fixes were released was easy.
Even with the occasional issues I prefer letting watchtower automatically update most of my images for my home. I don’t really want to spend my time manually applying updates when 98% of the time it will be fine. But again, having a reliable and tested backup system is an essential part of why I am comfortable doing this.
My primary ‘backup’, or easy recovery method is that I use ZFS, and take snapshots via sanoid frequently. I have a mydumper jump making backups of my mariadb server. I use syncoid to doing sends to external storage. So most things can just be fixed by copying the files from an older snapshot.
I also have a completely separate backups of my system made using borg to storage I have at borgbase.com, but this only happens a couple times a week, and is only my ‘important’ data and not large things like downloaded video/music/etc. I am thinking about switching borg out for restic though, since restic is also compatible with borgbase.
If you want highly available system, then you should perform updates with a custom made script, where you can control update issues. Otherwise watchtower is good.
My script looks like this: https://gist.github.com/dgalli1/010fb978bae509dda43a1f31145a530f
And is ment to update docker-compose.yml files.
I use it but only on containers where I can configure it to not do major updates, sadly most images don’t have the needed tags for this 😢