File | Purpose |
---|---|
/etc/compose/docker-compose.yml |
Compose file describing what to deploy |
/etc/systemd/system/docker-compose-reload.service |
Executing unit to trigger reload on docker-compose.service |
/etc/systemd/system/docker-compose-reload.timer |
Timer unit to plan the reloads |
/etc/systemd/system/docker-compose.service |
Service unit to start and manage docker compose |
Put the above mentioned files in the corresponding places and let systemd load them:
# systemctl daemon-reload
# systemctl enable --now docker-compose.service docker-compose-reload.timer
The method shown here is also available as an Ansible role here: luzifer-ansible/docker-compose
If you don't want automated updates you can either pin the specific image (
image: alpine:3.9
), then only that specific tag will be used (that's the way I'm using for unstable software) or you can disable the timer which does not fully save you from updates as docker-compose itself has update-checks built in and even though local versions are preferred there might be updates.The most safe way to guarantee nothing changes is to use sha-pinning:
image: sha256:965ea09ff2ebd2b9eeec88cd822ce156f6674c7e99be082c7efac3c62f3ff652
(Though the last method is possible I wouldn't use it as then even security updates for the tag are no longer possible.)