I set up Nextcloud (alongside MariaDB) in a Podman container (behind Caddy as a reverse proxy). I use the “community-maintained” image from Docker Hub, not the official AIO setup. It all works well. I also set up podman-auto-update, so my containers are automatically updated whenever there’s a new image on Docker Hub. That part seems to work fine as well, since both my MariaDB container and the Nextcloud container were already updated.
Nevertheless, my question is, how podman-auto-update can be used in a reliable fashion. What happens, e.g., if podman-auto-update updates a container while my Nextcloud client on my phone is syncing photos? Should I enable maintenance mode before podman-auto-update runs?
I suspect that after updating the Nextcloud container, the updater will automatically enter maintenance mode, if it detects a version mismatch and the update process start. But what if it’s not the Nextcloud container, but the MariaDB container that is updated by podman-auto-update?
To be fair, I’m not overly worried. At the moment podman-auto-update is set to run in the middle of the night. So, my phone (or my wife’s) should be finished uploading any new files by then. I also have snapshots of the containers and volumes so I can roll back if needed. But still, I’m trying to set it up it a way that is as reliable and maintenance-friendly as possible.
It all works well. I also set up podman-auto-update, so my containers are automatically updated whenever there’s a new image on Docker Hub.
In general I discourage any sort of true auto-update.
I can’t speak to podman-auto-update itself since I’ve never used that mechanism, but if you’re going to insist of any sort of automatic updating (or even manual updating) of images:
Pin your Nextcloud image to at least a major version tag (i.e. don’t use an empty tag or the latest tag). This still permits easy updating to maintenance releases (for a given major), but won’t blindly update your environment when there may be breaking changes (e.g. those that require config changes or maybe introduce incompatibilities with some of your installed apps) to avoid service interruptions) to a new major. I also suggest pinning even if you’re not auto-updating.
Pin your MariaDB image to a major version (and make sure it’s one listed in the Nextcloud System Requirements in the Admin Manual as supported by Nextcloud). Or, generally fine also, to the lts tag (btw: only run lts releases of MariaDB unless you know what you’re doing and why). Same reasoning as for the Nextcloud image.
use depends_on (or the equivalent in podman) to declare the dependencies of services/containers (e.g. your nextcloud and nextcloud-cron containers depends on db, redis containers). Any auto-update mechanism that doesn’t pay attention to dependency declarations in a container/services environment is probably best avoided.
What happens, e.g., if podman-auto-update updates a container while my Nextcloud client on my phone is syncing photos? Should I enable maintenance mode before podman-auto-update runs?
For the most part, the syncing/uploading should just pick up where it left off. Networks go down. Things happen. There is resilience built in.
But, yes, if the db container randomly disappears for an update Nextcloud is not going to like that.
Ideally maintenance mode is activated prior to any, well, maintenance activity. It’ll warn away clients from attempting any further actions while in maintenance mode and stop some activities from occurring.
The Nextcloud managed upgrade bits do their best to enable maintenance mode whenever possible. But the Docker image upgrade process takes place through what is effectively a “reboot” of the container, which is a bit different than a bare metal/Archive based installation (i.e. the Docker image doesn’t use the regular Updater).
With a single app container, the clients should all behave fine. If/when they don’t, it’s a area of needed improvement so report it.
I guess (in order of priority) of the top of my head what I’d be concerned about:
Avoiding database container upgrades while the Nextcloud app container is running
Avoiding memory cache container (e.g. redis) upgrades while the Nextcloud app container is running
Avoiding Nextcloud container upgrades from one major version to another without a human present to review the Critical Changes section of the Release Notes in the Admin Manual first to avoid service interruptions
Avoiding database container upgrades to unsupported versions
