-
Notifications
You must be signed in to change notification settings - Fork 85
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[howto] How to swap a running zerotier container with a new version of the image ? #25
Comments
Well, I can't speak for anyone else's experience but in my case, one of my Thus far, however, my concerns have proven unfounded. I can In terms of updating the
Even occasional reboots or power failures at the two ends have never caused a problem. Rock solid. Never been a fan of watchtower - and precisely because of that "worst case" scenario I mentioned above. To be perfectly honest, imagining my remote comms going haywire one day, me chasing my tail for a few hours, only to then realise that a watchtower-like service had installed a broken update - the stuff of nightmares. Talk about self-inflicted wounds. I'd kick myself seven ways into next week. I'd far rather do a manual "pull" so I always know what's about to change, then "up" containers one at a time so if anything breaks, I have a handle on the likely culprit. In case you're interested, my actual approach is:
Then, if a new image for (say) zerotier-router has come down, the pattern is going to be:
where the image with the Then I tag the old image by hand to keep it hanging around (so it won't be removed by a
Then I do the "up", after which the new image is running. If anything goes hinkey, I can change the service definition in
and "up" again. I don't need to go to Dockerhub to figure out explicit version tags or pull older images. Assigning my own tags is the quickest and most reliable way to revert a Docker container that I know of. Once I'm satisfied the new container is working properly, I can get rid of the old image:
Don't know if any of that helps... |
to not lose connectivity you could look into something like a multipath setup |
Stopping/recreating the container should work fine - I do it like that and have had no issues (yet) :) You can also prepare a post-mortem autorecovery; schedule something to reinstate the old working config (via cron or a one-off "sleep 20m; do-the-magic-to-restore-old-container"). If everything works out you just cancel it, but if you lock yourself out you can hope it'll trigger after a while and open the door for you. With zerotier containers you could go for a blue/green sort of setup I suppose. Have 2 (or more) containers, only update one at a time. I had a setup where I had zerotier running on more than one node in a remote network. One of those zerotier nodes would act as a gateway for meshing that network with the rest of my stuff. Which node was currently the gateway was decided by reassigning a special IP in zerotier central. Oh, and you could also consider running that second ingress channel through a separate product. E.g. tailscale. Opens up new surface area for malicious actors, but also offers some protection should the zerotier network go out for external reasons. |
Hello !!
Thank you for that project, it's so useful.
I want to update the zerotier container running on a remove device.
The issue is, I'm using the zerotier network to ssh into that device .
That mean I can't stop the container and restart it, as I will loose connectivity.
What would be your best suggestion ?
I could create a new zerotier container, but I don't know if it will work as the other one will still be running.
Side note: I will also add a watchtower label to it, so it's updated automatically in the future.
The text was updated successfully, but these errors were encountered: