Red Hat SummitChapter 27. Performing advanced container image management
The default container image configuration suits most environments. In some situations, your container image configuration might require some customization, such as version pinning.
27.1. Pinning container images for the undercloud
In certain circumstances, you might require a set of specific container image versions for your undercloud. In this situation, you must pin the images to a specific version. To pin your images, you must generate and modify a container configuration file, and then combine the undercloud roles data with the container configuration file to generate an environment file that contains a mapping of services to container images. Then include this environment file in the custom_env_files parameter in the undercloud.conf file.
Procedure
-
Log in to the undercloud host as the
stackuser. Run the
openstack tripleo container image prepare defaultcommand with the--output-env-fileoption to generate a file that contains the default image configuration:sudo openstack tripleo container image prepare default \ --output-env-file undercloud-container-image-prepare.yaml
$ sudo openstack tripleo container image prepare default \ --output-env-file undercloud-container-image-prepare.yamlCopy to Clipboard Copied! Toggle word wrap Toggle overflow Modify the
undercloud-container-image-prepare.yamlfile according to the requirements of your environment.-
Remove the
tag:parameter so that director can use thetag_from_label:parameter. Director uses this parameter to identify the latest version of each container image, pull each image, and tag each image on the container registry in director. - Remove the Ceph labels for the undercloud.
-
Ensure that the
neutron_driver:parameter is empty. Do not set this parameter toOVNbecause OVN is not supported on the undercloud. Include your container image registry credentials:
ContainerImageRegistryCredentials: registry.redhat.io: myser: 'p@55w0rd!'ContainerImageRegistryCredentials: registry.redhat.io: myser: 'p@55w0rd!'Copy to Clipboard Copied! Toggle word wrap Toggle overflow NoteYou cannot push container images to the undercloud registry on new underclouds because the
image-serveregistry is not installed yet. You must set thepush_destinationvalue tofalse, or use a custom value, to pull images directly from source. For more information, see Container image preparation parameters.
-
Remove the
Generate a new container image configuration file that uses the undercloud roles file combined with your custom
undercloud-container-image-prepare.yamlfile:sudo openstack tripleo container image prepare \ -r /usr/share/openstack-tripleo-heat-templates/roles_data_undercloud.yaml \ -e undercloud-container-image-prepare.yaml \ --output-env-file undercloud-container-images.yaml
$ sudo openstack tripleo container image prepare \ -r /usr/share/openstack-tripleo-heat-templates/roles_data_undercloud.yaml \ -e undercloud-container-image-prepare.yaml \ --output-env-file undercloud-container-images.yamlCopy to Clipboard Copied! Toggle word wrap Toggle overflow The
undercloud-container-images.yamlfile is an environment file that contains a mapping of service parameters to container images. For example, OpenStack Identity (keystone) uses theContainerKeystoneImageparameter to define its container image:ContainerKeystoneImage: undercloud.ctlplane.localdomain:8787/rhosp-rhel9/openstack-keystone:17.0
ContainerKeystoneImage: undercloud.ctlplane.localdomain:8787/rhosp-rhel9/openstack-keystone:17.0Copy to Clipboard Copied! Toggle word wrap Toggle overflow Note that the container image tag matches the
{version}-{release}format.-
Include the
undercloud-container-images.yamlfile in thecustom_env_filesparameter in theundercloud.conffile. When you run the undercloud installation, the undercloud services use the pinned container image mapping from this file.
27.2. Pinning container images for the overcloud
In certain circumstances, you might require a set of specific container image versions for your overcloud. In this situation, you must pin the images to a specific version. To pin your images, you must create the containers-prepare-parameter.yaml file, use this file to pull your container images to the undercloud registry, and generate an environment file that contains a pinned image list.
For example, your containers-prepare-parameter.yaml file might contain the following content:
The ContainerImagePrepare parameter contains a single rule set. This rule set must not include the tag parameter and must rely on the tag_from_label parameter to identify the latest version and release of each container image. Director uses this rule set to identify the latest version of each container image, pull each image, and tag each image on the container registry in director.
Procedure
Run the
openstack tripleo container image preparecommand, which pulls all images from the source defined in thecontainers-prepare-parameter.yamlfile. Include the--output-env-fileto specify the output file that will contain the list of pinned container images:sudo openstack tripleo container image prepare -e /home/stack/templates/containers-prepare-parameter.yaml --output-env-file overcloud-images.yaml
$ sudo openstack tripleo container image prepare -e /home/stack/templates/containers-prepare-parameter.yaml --output-env-file overcloud-images.yamlCopy to Clipboard Copied! Toggle word wrap Toggle overflow The
overcloud-images.yamlfile is an environment file that contains a mapping of service parameters to container images. For example, OpenStack Identity (keystone) uses theContainerKeystoneImageparameter to define its container image:ContainerKeystoneImage: undercloud.ctlplane.localdomain:8787/rhosp-rhel9/openstack-keystone:17.0
ContainerKeystoneImage: undercloud.ctlplane.localdomain:8787/rhosp-rhel9/openstack-keystone:17.0Copy to Clipboard Copied! Toggle word wrap Toggle overflow Note that the container image tag matches the
{version}-{release}format.Include the
containers-prepare-parameter.yamlandovercloud-images.yamlfiles in that specific order with your environment file collection when you run theopenstack overcloud deploycommand:openstack overcloud deploy --templates \ ... -e /home/stack/containers-prepare-parameter.yaml \ -e /home/stack/overcloud-images.yaml \ ...$ openstack overcloud deploy --templates \ ... -e /home/stack/containers-prepare-parameter.yaml \ -e /home/stack/overcloud-images.yaml \ ...Copy to Clipboard Copied! Toggle word wrap Toggle overflow
The overcloud services use the pinned images listed in the overcloud-images.yaml file.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}