If given no argument, process all running containers.

Rationale: this is about security of any currently running service,
not about keeping services up.

Any service might have been put down for any reason.

tools/containers_check_update_rebuild_switch.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-set -euxv
+set -eu
 
 function fail_one()
 {
@@ -8,12 +8,32 @@ function fail_one()
     RC=1
 }
 
+cd -P "$(dirname "$(readlink -f "$0")" )"
+
+if [[ "$PWD" != "$(printf %q "$PWD" )" ]]
+then
+    echo >&2 "WARNING: path seems unsafe: $PWD"
+fi
+
+SCRIPT_ROOT="$PWD"
+cd ..
+INFRA_ROOT="$PWD"
+
+CONTAINER_IDS=( "$@" )
+
+if [[ "${#CONTAINER_IDS[@]}" == 0 ]]
+then
+    echo "No container ID supplied on command line, doing them all."
+    mapfile -t CONTAINER_IDS < <( docker ps --format "{{.ID}}" )
+fi
 
 RC=0
 
-for CONTAINER_ID
+echo Will process these containers:
-do
+printf '%s\n' "${CONTAINER_IDS[@]}"
 
+for CONTAINER_ID in "${CONTAINER_IDS[@]}"
+do
     echo "Processing $CONTAINER_ID"
     TMPFILE=$(mktemp)
     docker exec -u root $CONTAINER_ID bash -c "export LC_ALL=C ; apt-get update ; apt-get upgrade --dry-run" | tee $TMPFILE
@@ -30,5 +50,4 @@ do
     docker-compose pull || { fail_one "pull" ; continue ; }
     docker-compose build --no-cache || { fail_one "build" ; continue ; }
     docker-compose up -d || { fail_one "switch to newly built container" ; continue ; }
-
 done