tripleo

Services need an imagePull policy for a t-h-t configuration stage and runtime

Bug #1694241 reported by Bogdan Dobrelya
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Won't Fix
High
Unassigned
tripleo pike-2 "pike-2"

Bug Description

Like k8s provides for apps imagePullPolicy https://kubernetes.io/docs/concepts/containers/images/ , we need to make services configurable to pull (or not) its docker images on startup.

Related docker (moby) issue https://github.com/moby/moby/issues/13331 blocks us with managing this runtime for docker daemon. So runtime policy seems can't be implemented w/o COEs like k8s.

But at least we could implement this for deployments configuration management steps, with heat docker agent hooks or t-h-t host prep steps to ensure the wanted policy for services, then templating the imagePullPolicy for t-h-t services.

This impacts in-place upgrade/update stories for containerized services

See original description
Bogdan Dobrelya (bogdando)
Changed in tripleo:
importance: Undecided → High
milestone: none → pike-2
description: updated
tags: added: containers upgrade
Changed in tripleo:
status: New → Triaged
description: updated
Revision history for this message
Jiří Stránský (jistr) wrote :

Docker-puppet.py refreshes the config images each time it seems:

https://github.com/openstack/tripleo-heat-templates/blob/a482e69d8fd312f817bee75e0ecae968c7fd5ca4/docker/docker-puppet.py#L205

But i don't think Paunch does the same, or at least i haven't been able to find it.

Revision history for this message
Bogdan Dobrelya (bogdando) wrote :

@jistr @shardy So does paunch replace docker-puppet.py? Let's update the bug description please, I'm not aware of the paunch integration state.

Revision history for this message
Steve Baker (steve-stevebaker) wrote :

I don't think we need a imagePullPolicy yet, I think we should be following the documented[1] best practice of using version based tags rather than stable tags like :latest.

I would actually like docker-puppet.py to stop pulling images before the run, I'll be proposing this change soon.

What I would rather see is a template driven overcloud-containers.yaml, and a tool which queries a registry and generates a real overcloud-containers.yaml based on discovered latest version tags.

[1] https://kubernetes.io/docs/concepts/configuration/overview/#container-images

Revision history for this message
Steven Hardy (shardy) wrote :

> a tool which queries a registry and generates a real overcloud-containers.yaml based on discovered latest version tags.

+1 this is what we need for updates to work, in addition to detecting when the config generated by docker-puppet.py changes and thus the container needs restarting (https://review.openstack.org/#/c/467581/ is my WIP patch that will do that)

> So does paunch replace docker-puppet.py

No, it currently only replaces the docker-cmd hook, see https://review.openstack.org/#/c/462211

Bogdan Dobrelya (bogdando)
Changed in tripleo:
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.