So I was checking for a couple of days how to easily update HA running in Docker with Version integration.
Now I have a working solution. It is not the best, but does not require any in-depth knowledge of networking and SSH to host the machine from Docker.
Instead, it relies on a variable file (in my case called var.txt) in the config folder.
But from the start, I am using Version integration to show in the dashboard if a new docker version is available. (I also use it for dummy notification that there is some new update, this part could be improved with actionable events)
Dashboard:
views:
- title: 'Updates'
path: updates
badges: []
cards:
- type: entities
entities:
- entity: sensor.current_version
- entity: sensor.docker_hub
- entity: binary_sensor.docker_hub_update_available
title: Home Assistant Version
- type: markdown
content: |-
[Release notes](https://www.home-assistant.io/blog/categories/core/)
- show_name: true
show_icon: false
type: button
tap_action:
action: call-service
service: shell_command.update_ha_tonight
target: {}
confirmation:
text: You want to update HA tonight at 01:00?
icon: mdi:download
name: Update HA tonight
show_state: false
type: vertical-stack
Dashboard has 3 cards one showing the current local and docker versions, one linking release notes, and the last one using shell script (more about it below)
I am using shell command integration so this needs to be added to configuration.yaml
shell_command:
update_ha_tonight: bash /config/shell/update_ha_tonight.sh
And this is shell script behind:
#!/bin/bash
echo "YES" > ./shell/var.txt
Thats all? You ask, well yes, but no.
There is also another shell script that is checking value of var.txt which is triggered from cron.
pull_and_restart.sh
#! /bin/bash
script_path=/home/pi/homeassistant/shell
compose_path=/home/pi/compose.yml
#set -x
date
grep -q "YES" $script_path/var.txt && docker compose -f $compose_path pull homeassistant && docker compose -f $compose_path up -d
echo "NO" > $script_path/var.txt
And cron.d file looks like this:
0 1 * * * root /home/pi/homeassistant/shell/pull_and_restart.sh >/tmp/update_script.log 2>&1
So every day at 01:00 cron is run and it executes pull_and_restart.sh script, which checks var.txt if it is set to YES it pulls a new stable version of the docker image and restarts the container using docker compose commands, it also “logs” the time of a execution and then it set var.txt to NO
So in case there is a new docker version I will receive a persistent notification then I check the release notes from the dashboard and if I am happy with the changes I can trigger an update by using 3rd card button, which calls the shell command which changes var.txt to YES so when cron is run during the night it will pull and restart the container.
Is it a clean solution no, is it best, I think also no. But it is working and I wanted to have those notifications and triggers in HA without the headache of the networking hell I was reading about.
And by using this approach I hope I am not creating new attack vectors. (take with big grain of salt I know almost nothing about security, but I am happy to learn more if this approach is somehow worse that ssh from docker to host, which for me introduce new attack vector)