Chapter 14. Managing containers with Ansible
This feature is available in this release as a Technology Preview, and therefore is not fully supported by Red Hat. It should only be used for testing, and should not be deployed in a production environment. For more information about Technology Preview features, see Scope of Coverage Details.
Red Hat OpenStack Platform 16.2 uses Paunch to manage containers. However, you can also use the Ansible role tripleo-container-manage
to perform management operations on your containers. If you want to use the tripleo-container-manage
role, you must first disable Paunch. With Paunch disabled, director uses the Ansible role automatically, and you can also write custom playbooks to perform specific container management operations:
-
Collect the container configuration data that heat generates. The
tripleo-container-manage
role uses this data to orchestrate container deployment. - Start containers.
- Stop containers.
- Update containers.
- Delete containers.
- Run a container with a specific configuration.
Although director performs container management automatically, you might want to customize a container configuration, or apply a hotfix to a container without redeploying the overcloud.
This role supports only Podman container management.
Prerequisites
- A successful undercloud installation. For more information, see Section 4.8, “Installing director”.
14.1. Enabling the tripleo-container-manage Ansible role on the undercloud
This feature is available in this release as a Technology Preview, and therefore is not fully supported by Red Hat. It should only be used for testing, and should not be deployed in a production environment. For more information about Technology Preview features, see Scope of Coverage Details.
Paunch is the default container management mechanism in Red Hat OpenStack Platform 16.2. However, you can also use the tripleo-container-manage
Ansible role. If you want to use this role, you must disable Paunch.
Prerequisites
-
A host machine with a base operating system and the
python3-tripleoclient
package installed. For more information, see Chapter 3, Preparing for director installation.
Procedure
-
Log in to the undercloud host as the
stack
user. Set the
undercloud_enable_paunch
parameter tofalse
in theundercloud.conf
file:undercloud_enable_paunch: false
Run the
openstack undercloud install
command:$ openstack undercloud install
14.2. Enabling the tripleo-container-manage Ansible role on the overcloud
This feature is available in this release as a Technology Preview, and therefore is not fully supported by Red Hat. It should only be used for testing, and should not be deployed in a production environment. For more information about Technology Preview features, see Scope of Coverage Details.
Paunch is the default container management mechanism in Red Hat OpenStack Platform 16.2. However, you can also use the tripleo-container-manage
Ansible role. If you want to use this role, you must disable Paunch.
Prerequisites
- A successful undercloud installation. For more information, see Chapter 4, Installing director on the undercloud.
Procedure
-
Log in to the undercloud host as the
stack
user. Source the
stackrc
credentials file:$ source ~/stackrc
Include the
/usr/share/openstack-tripleo-heat-templates/environments/disable-paunch.yaml
file in the overcloud deployment command, along with any other environment files that are relevant for your deployment:(undercloud) [stack@director ~]$ openstack overcloud deploy --templates \ -e /usr/share/openstack-tripleo-heat-templates/environments/disable-paunch.yaml -e <other_environment_files> ...
14.3. Performing operations on a single container
This feature is available in this release as a Technology Preview, and therefore is not fully supported by Red Hat. It should only be used for testing, and should not be deployed in a production environment. For more information about Technology Preview features, see Scope of Coverage Details.
You can use the tripleo-container-manage
role to manage all containers, or a specific container. If you want to manage a specific container, you must identify the container deployment step and the name of the container configuration JSON file so that you can target the specific container with a custom Ansible playbook.
Prerequisites
- A successful undercloud installation. For more information, see Chapter 4, Installing director on the undercloud.
Procedure
-
Log in to the undercloud as the
stack
user. Source the
overcloudrc
credential file:$ source ~/overcloudrc
-
Identify the container deployment step. You can find the container configuration for each step in the
/var/lib/tripleo-config/container-startup-config/step_{1,2,3,4,5,6}
directory. -
Identify the JSON configuration file for the container. You can find the container configuration file in the relevant
step_*
directory. For example, the configuration file for the HAProxy container in step 1 is/var/lib/tripleo-config/container-startup-config/step_1/haproxy.json
. Write a suitable Ansible playbook. For example, to replace the HAProxy container image, use the following sample playbook:
- hosts: localhost become: true tasks: - name: Manage step_1 containers using tripleo-ansible block: - name: "Manage HAproxy container at step 1 with tripleo-ansible" include_role: name: tripleo-container-manage vars: tripleo_container_manage_systemd_order: true tripleo_container_manage_config_patterns: 'haproxy.json' tripleo_container_manage_config: "/var/lib/tripleo-config/container-startup-config/step_1" tripleo_container_manage_config_id: "tripleo_step1" tripleo_container_manage_config_overrides: haproxy: image: registry.redhat.io/tripleomaster/<HAProxy-container>:hotfix
For more information about the variables that you can use with the
tripleo-container-manage
role, see Section 14.4, “tripleo-container-manage role variables”.Run the playbook:
(overcloud) [stack@director]$ ansible-playbook <custom_playbook>.yaml
If you want to execute the playbook without applying any changes, include the
--check
option in theansible-playbook
command:(overcloud) [stack@director]$ ansible-playbook <custom_playbook>.yaml --check
If you want to identify the changes that your playbook makes to your containers without applying the changes, include the
--check
and--diff
options in theansible-playbook
command:(overcloud) [stack@director]$ ansible-playbook <custom_playbook>.yaml --check --diff
14.4. tripleo-container-manage role variables
This feature is available in this release as a Technology Preview, and therefore is not fully supported by Red Hat. It should only be used for testing, and should not be deployed in a production environment. For more information about Technology Preview features, see Scope of Coverage Details.
The tripleo-container-manage
Ansible role contains the following variables:
Name | Default value | Description |
---|---|---|
tripleo_container_manage_check_puppet_config | false |
Use this variable if you want Ansible to check Puppet container configurations. Ansible can identify updated container configuration using the configuration hash. If a container has a new configuration from Puppet, set this variable to |
tripleo_container_manage_cli | podman |
Use this variable to set the command line interface that you want to use to manage containers. The |
tripleo_container_manage_concurrency | 1 | Use this variable to set the number of containers that you want to manage concurrently. |
tripleo_container_manage_config | /var/lib/tripleo-config/ | Use this variable to set the path to the container configuration directory. |
tripleo_container_manage_config_id | tripleo |
Use this variable to set the ID of a specific configuration step. For example, set this value to |
tripleo_container_manage_config_patterns | *.json | Use this variable to set the bash regular expression that identifies configuration files in the container configuration directory. |
tripleo_container_manage_debug | false |
Use this variable to enable or disable debug mode. Run the |
tripleo_container_manage_healthcheck_disable | false | Use this variable to enable or disable healthchecks. |
tripleo_container_manage_log_path | /var/log/containers/stdouts | Use this variable to set the stdout log path for containers. |
tripleo_container_manage_systemd_order | false | Use this variable to enable or disable systemd shutdown ordering with Ansible. |
tripleo_container_manage_systemd_teardown | true | Use this variable to trigger the cleanup of obsolete containers. |
tripleo_container_manage_config_overrides | {} | Use this variable to override any container configuration. This variable takes a dictionary of values where each key is the container name and the parameters that you want to override, for example, the container image or user. This variable does not write custom overrides to the JSON container configuration files and any new container deployments, updates, or upgrades revert to the content of the JSON configuration file. |
tripleo_container_manage_valid_exit_code | [] |
Use this variable to check if a container returns an exit code. This value must be a list, for example, |