Chapter 27. Performing advanced container image management
The default container image configuration suits most environments. In some situations, your container image configuration might require some customization, such as version pinning.
27.1. Pinning container images for the undercloud
In certain circumstances, you might require a set of specific container image versions for your undercloud. In this situation, you must pin the images to a specific version. To pin your images, you must generate and modify a container configuration file, and then combine the undercloud roles data with the container configuration file to generate an environment file that contains a mapping of services to container images. Then include this environment file in the custom_env_files
parameter in the undercloud.conf
file.
Procedure
-
Log in to the undercloud host as the
stack
user. Run the
openstack tripleo container image prepare default
command with the--output-env-file
option to generate a file that contains the default image configuration:$ sudo openstack tripleo container image prepare default \ --output-env-file undercloud-container-image-prepare.yaml
Modify the
undercloud-container-image-prepare.yaml
file according to the requirements of your environment.-
Remove the
tag:
parameter so that director can use thetag_from_label:
parameter. Director uses this parameter to identify the latest version of each container image, pull each image, and tag each image on the container registry in director. - Remove the Ceph labels for the undercloud.
-
Ensure that the
neutron_driver:
parameter is empty. Do not set this parameter toOVN
because OVN is not supported on the undercloud. Include your container image registry credentials:
ContainerImageRegistryCredentials: registry.redhat.io myser: 'p@55w0rd!'
NoteYou cannot push container images to the undercloud registry on new underclouds because the
image-serve
registry is not installed yet. You must set thepush_destination
value tofalse
, or use a custom value, to pull images directly from source. For more information, see Container image preparation parameters.
-
Remove the
Generate a new container image configuration file that uses the undercloud roles file combined with your custom
undercloud-container-image-prepare.yaml
file:$ sudo openstack tripleo container image prepare \ -r /usr/share/openstack-tripleo-heat-templates/roles_data_undercloud.yaml \ -e undercloud-container-image-prepare.yaml \ --output-env-file undercloud-container-images.yaml
The
undercloud-container-images.yaml
file is an environment file that contains a mapping of service parameters to container images. For example, OpenStack Identity (keystone) uses theContainerKeystoneImage
parameter to define its container image:ContainerKeystoneImage: undercloud.ctlplane.localdomain:8787/rhosp-rhel8/openstack-keystone:16.2.4-5
Note that the container image tag matches the
{version}-{release}
format.-
Include the
undercloud-container-images.yaml
file in thecustom_env_files
parameter in theundercloud.conf
file. When you run the undercloud installation, the undercloud services use the pinned container image mapping from this file.
27.2. Pinning container images for the overcloud
In certain circumstances, you might require a set of specific container image versions for your overcloud. In this situation, you must pin the images to a specific version. To pin your images, you must create the containers-prepare-parameter.yaml
file, use this file to pull your container images to the undercloud registry, and generate an environment file that contains a pinned image list.
For example, your containers-prepare-parameter.yaml
file might contain the following content:
parameter_defaults: ContainerImagePrepare: - push_destination: true set: name_prefix: openstack- name_suffix: '' namespace: registry.redhat.io/rhosp-rhel8 neutron_driver: ovn tag_from_label: '{version}-{release}' ContainerImageRegistryCredentials: registry.redhat.io: myuser: 'p@55w0rd!'
The ContainerImagePrepare
parameter contains a single rule set
. This rule set
must not include the tag
parameter and must rely on the tag_from_label
parameter to identify the latest version and release of each container image. Director uses this rule set
to identify the latest version of each container image, pull each image, and tag each image on the container registry in director.
Procedure
Run the
openstack tripleo container image prepare
command, which pulls all images from the source defined in thecontainers-prepare-parameter.yaml
file. Include the--output-env-file
to specify the output file that will contain the list of pinned container images:$ sudo openstack tripleo container image prepare -e /home/stack/templates/containers-prepare-parameter.yaml --output-env-file overcloud-images.yaml
The
overcloud-images.yaml
file is an environment file that contains a mapping of service parameters to container images. For example, OpenStack Identity (keystone) uses theContainerKeystoneImage
parameter to define its container image:ContainerKeystoneImage: undercloud.ctlplane.localdomain:8787/rhosp-rhel8/openstack-keystone:16.2.4-5
Note that the container image tag matches the
{version}-{release}
format.Include the
containers-prepare-parameter.yaml
andovercloud-images.yaml
files in that specific order with your environment file collection when you run theopenstack overcloud deploy
command:$ openstack overcloud deploy --templates \ ... -e /home/stack/containers-prepare-parameter.yaml \ -e /home/stack/overcloud-images.yaml \ ...
The overcloud services use the pinned images listed in the overcloud-images.yaml
file.