Skip to content

Plan: Container Updates — May 2026

Status

State: Active Started: 2026-05-14

Context

The first run of check-updates.py report (from the shuttle branch) identified 9 available updates across 14 containers. Several images are significantly outdated:

Service Current Latest Gap Risk
timescaledb 2.7.1-pg14 2.19.3-pg14 +12 minor 🔴 high
homeassistant 2025.1.2 2025.12.5 +12 months 🟡 medium
esphome 2022.12.8 2026.4.5 +3.5 years 🟢 low
influxdb 2.8.0 2.9.1 +1 minor 🔴 high
seafile-mysql 11.8.5 11.8.6 patch 🔴 high
seafile-redis 8.4.0 8.6.3 +2 minor 🔴 high
grafana 11.4.0 11.6.14 +2 patch 🟢 low
borgmatic v1.1.10-1.4.21 v1.1.17-1.5.18 +1 patch 🟢 low
dns-ad-blocker latest armhf rolling 🟢 low (planned for replacement)

Shuttle applied similar updates successfully including grafana 11.4 → 11.6, authentik, photoprism, mosquitto.

Goals

  • [ ] Apply all patch-level updates (low risk) immediately
  • [ ] Apply minor updates after review and testing
  • [ ] Defer major version upgrades requiring migration paths (timescaledb major, homeassistant major)

Steps

Step 1: Patch-Level Updates (Low Risk)

These are within the same major/minor version track and can be applied directly:

Service Update Compose File
grafana 11.4.011.6.14 compose.grafana.yaml
borgmatic v1.1.10-1.4.21v1.1.17-1.5.18 compose.borgmatic.yaml
seafile-mysql 11.8.511.8.6 compose.seafile.yaml 
# For each update:
docker compose -f compose.<service>.yaml pull
docker compose -f compose.<service>.yaml up -d
docker compose -f compose.<service>.yaml ps  # verify healthy
  • Verification: docker ps shows (healthy), service responds correctly

Step 2: Minor Updates (Medium Risk)

Service Update Notes
influxdb 2.8.02.9.1 Compatible within 2.x series. Verify health.
homeassistant 2025.1.22025.12.5 Core automation — test in low-traffic window
seafile-redis 8.4.08.6.3 Compatible within 8.x. Verify Seafile still works.

Apply one at a time, verify health after each:

docker compose -f compose.<service>.yaml pull <service>
docker compose -f compose.<service>.yaml up -d <service>
docker logs --tail 20 <container>  # verify no errors
docker compose ps  # check healthy
  • Verification: Each service reports healthy, dependent services still connect

Step 3: Major Version Updates (Requires Planning)

Service Update Challenge
esphome 2022.12.82026.4.5 Dashboard at 6052, host networking. May have breaking config changes. Back up configs first.
timescaledb 2.7.1-pg142.19.3-pg14 PostgreSQL minor version jump (pg14). TimescaleDB upgrades can involve migration commands. Requires downtime.

timescaledb upgrade process: 1. Back up database: docker exec timescaledb pg_dumpall -U postgres > /tmp/timescaledb-backup.sql 2. Pull new image: docker compose pull timescaledb 3. Run upgrade tool if needed: TimescaleDB 2.7 → 2.19 may require timescaledb-tune 4. Upgrade: docker compose up -d timescaledb 5. Verify: check Grafana data sources and queries still work

esphome upgrade process: 1. Back up /opt/esphome/ configs 2. Compile a test device first to verify API compatibility 3. Update image tag, restart, check dashboard loads

  • Verification: Historical data still queryable, dashboards render, no data loss

Step 4: dns-ad-blocker

Skip updates — planned for full replacement (see separate plan: dns-ad-blocker-migration).

Step 5: Schedule Recurring Checks

Set up a cron job or systemd timer for weekly check-updates.py report:

# In /ansible/sepia/setup_crontab.yml or HERMES heartbeat
# Weekly: run check-updates.py report on Sunday morning at 8:00
  • Verification: Report appears weekly in REFERENCE/container-updates/

Rollback

For any failed update:

# Revert the image tag in the compose file via git
git checkout -- compose.<service>.yaml
docker compose -f compose.<service>.yaml up -d

For timescaledb data restore:

docker exec -i timescaledb psql -U postgres < /tmp/timescaledb-backup.sql
  • REFERENCE/container-updates/2026-05-14-container-updates.md
  • scripts/container-updates/check-updates.py
  • PLANS/active/dns-ad-blocker-migration.md

Created: 2026-05-14