If later on my_image is automatically updated, is there any way, by querying some properties of the running my_container to know that the image it was created from is now outdated?
Related to that, I don’ even know how to retrieve the image from the containers, i.e., I couldn’t see any property in my_container that relates to my_image (or it’s fingerprint).
Indeed, unfortunately that doesn’t work since for my custom images I don’t have the image.os or image.release properties. Moreover, I don’t know how that could uniquely identify an image, since several of my images share the same underlying OS.
Thank you very much for your help.
Thinking a bit more about it I have managed to have a working (albeit hacky) solution. I post it here in case it is useful for other people:
Context: we create our images with packer. Packer is driven by some automatic job that get’s triggered everytime there is a change in the image creation scripts. When a new image is created the old image is “overwritten”. The key here is that the old image loses the alias, which is now assigned to a the image. In other words: The first time we have image with fingerprint abababab and alias my_image, and when there is an update of the image we have images abababa without alias and new image bcbcbcbc with my_image alias.
The way to check whether the container runs an outdated image is to check the fingerprint in image volatile.base_image. Then we check whether the image with that fingerprint has an alias or not. If it doesn’t have an alias is because a new image has replaced it and hence the container runs an outdated image.
In a few lines of quick shell script:
cont_name=my_container
image_fingerprint=`lxc config get $cont_name volatile.base_image`
image_alias=`lxc image info pps_lxd_images:$image_fingerprint | grep -A 1 Aliases: | grep -v ":"`
if [ -z "$image_alias" ]; then
echo " Container $cont_name runs outdated image $image_fingerprint"
else
echo "Container runs the last image version"
fi
A small improvement could be to have the image info in JSON so that is machine readable.