Someone recommended it for keeping my containers up to date automatically. I checked out the repo and it seems too good to be true. It just updates your containers when a new image is available and everything just works out of the box? I’m a bit scared of just leaving it alone in case it might break something. The fact that it doesn’t come with a gui also scares me a bit.
Does anyone here use it and can recommend it? Any horror stories?
I’ve been using watchtower for more than a year on all my containers and no issues so far. I have read many warnings against automating the updates, but it has never broken anything in my case. I’m talking about 3 VMs (on Proxmox) and 2 Synology boxes. 5 instances of watchtower keeping a total of 84 containers updated.
Nonetheless I try to play it on the safe side and make daily backups in case something breaks. I’ve had a couple of containers breaking (nothing related to watchtower, AFAIK) and I have recovered easily restoring the latest backup.
- 3 VMs in Proxmox hosting 70 containers get backed up everyday with ProxmoxBackupServer (VM in my primary NAS) to a NFS mounted folder on my primary NAS
- Primary NAS (with 7 containers) gets backed up with Snapshot replication to my secondary NAS everyday.
- Secondary NAS (with 7 containers) gets backed up with Snapshot replication to my primay NAS everyday.
- And once a month I backup my primary NAS (not the whole thing,only the important folders) to a USB drive that I store at a friends house.
Using Watchtower for approximately 2 years on about 20 Containers. I had 1 issue, where a container would not start after the update. The Error Message said I had an unsupported entry in the configuration file of the app. I looked up the changelog of that app, and found out that the option was removed and replaced by something else. Had to change one line in the configuration. Not really a problem for me.
Though I decided to exclude my Home Automation Container and my kasm container ( my gateway to my network, a bit like guacamole ). Those may pose problems if they are offline unexpected.
There are risk, that a newer version of an image will accidentally, break things, apply breaking changes and so on.
Good, frequent, tested backups, could be a mitigation to this. If an image breaks, you just restore your data from the backup, and pull the older image.
I use the klausmeyer/docker-registry-browser
, and that recently broke, but it just needed me to provide an additional configuration variable.
I use advplyr/audiobookshelf
, which upgraded to a different database engine and schema a couple months ago. For some small subset of people (including me) the migration to the new database didn’t go well. But I had a backup from 6 hours before the update, so restoring and then using the older image until the fixes were released was easy.
Even with the occasional issues I prefer letting watchtower automatically update most of my images for my home. I don’t really want to spend my time manually applying updates when 98% of the time it will be fine. But again, having a reliable and tested backup system is an essential part of why I am comfortable doing this.
My primary ‘backup’, or easy recovery method is that I use ZFS, and take snapshots via sanoid frequently. I have a mydumper jump making backups of my mariadb server. I use syncoid to doing sends to external storage. So most things can just be fixed by copying the files from an older snapshot.
I also have a completely separate backups of my system made using borg to storage I have at borgbase.com, but this only happens a couple times a week, and is only my ‘important’ data and not large things like downloaded video/music/etc. I am thinking about switching borg out for restic though, since restic is also compatible with borgbase.
I have been using it for years and never had a single issue. I use it on a private server only I use, so even if an update fails in the future it would not be the end of the world. I would not use it in an company environment I guess where a lot depends on everything running smoothly.
Bee using it for a while no issues, only tim3 I had to manually revert the update was when plex broke transcoding…
You can add a flag to delete old images as well… otherwise they pile up and takes lot of space
I prefer to be there when container ar updated so that I can promptly fix anything that breaks.
I have 2 watchtower instances in a docker-compose, the first container ‘watchtower-monitor’ uses command: --monitor-only and warns me over gotify about the availability of updates but does not modify anything, the second ‘watchtower-once’ uses command: --run-once and it is usually inactive since it performs all updates once and than exits. When i am ready to update everything I just docker-compose start watchtower-once container to start the updates.