使用 kolla-ansible 时如何固定 openstack 容器版本?
[英]How to pin openstack container versions when using kolla-ansible?
问题描述
When installing openstack via kolla-ansible you specify openstack version in globals.yml, ie: openstack_release: "victoria".
通过 kolla-ansible 安装 openstack 时,您在 globals.yml 中指定 openstack 版本,即:openstack_release: "victoria"。 This is as specific as you can get, there are no point-in-time tags, just a moving target like "victoria".这是尽可能具体的,没有时间点标签,只是像“维多利亚”这样的移动目标。
In my experience containers are updated randomly, not all-at-once, and frequently.根据我的经验,容器是随机更新的,而不是一次性更新,而且是经常更新的。 Every time I rebuild I'm having to wait for docker to pull down things which have changed since my last deploy.每次我重建时,我都不得不等待 docker 拉下自上次部署以来发生变化的事情。 This is problematic for multiple reasons, most acutely:由于多种原因,这是有问题的,最严重的是:
- This is a fast-moving community-driven project.这是一个快速发展的社区驱动项目。 I'm having to work through new issues every few times I rebuild as a result of changes.由于更改,我每次重建时都必须解决新问题。
- If I deploy onto one set of hosts, then deploy onto more hosts hours later, I'm waiting again on updates, and my stack is running containers of different versions.如果我部署到一组主机上,然后在几个小时后部署到更多主机上,我将再次等待更新,并且我的堆栈正在运行不同版本的容器。
- These pulls take time and make my deployments vulnerable to timeouts and network problems.这些拉动需要时间,并使我的部署容易受到超时和网络问题的影响。
To emphasize what a problem the second issue is, usually I can reset a failed deployment and try again, but not always.为了强调第二个问题是什么问题,通常我可以重置失败的部署并重试,但并非总是如此。 There have been times where I had residual issues, and due to my noobness it was quicker to dump fresh disks and start over.有时我会遇到遗留问题,由于我的菜鸟,转储新磁盘并重新开始会更快。 I'm using external ceph (the only ceph option in kolla-ansible:victoria), colocated with the compute nodes.我正在使用与计算节点位于同一位置的外部 ceph(kolla-ansible:victoria 中唯一的 ceph 选项)。 Resetting pool / OSD state to an earlier point in time isn't in my toolbox yet, so I also wipe my OSD's and redo the ceph installation.将池 / OSD state 重置到更早的时间点还没有在我的工具箱中,所以我还擦除了我的 OSD 并重做 ceph 安装。 I can pin version on ceph containers, but I start to sweat once the kolla-ansible installation starts.我可以在 ceph 容器上固定版本,但是一旦 kolla-ansible 安装开始,我就会开始出汗。 For a 4-hour total install, there's a not-small chance that another container will change in this time.对于 4 小时的总安装,此时另一个容器发生更改的可能性不小。
The obvious answer for anybody who does IT or software professionally is to pin my kolla:* container versions to a specific point-in-time tag, and not "victoria".对于专业从事 IT 或软件的任何人来说,显而易见的答案是将我的 kolla:* 容器版本固定到特定的时间点标签,而不是“维多利亚”。 I could pin each container to a digest, but that's not supported in the playbooks as written.我可以将每个容器固定到摘要中,但这在剧本中不支持。 I'd need to edit ansible playboooks and add a variable for every container that I want to pin.我需要编辑 ansible 剧本并为我要固定的每个容器添加一个变量。 And then maintain that logic as new containers are added.然后在添加新容器时保持该逻辑。 I'm pulling 43 containers right now.我现在正在拉 43 个容器。 This approach feels like "2 trailer park girls go 'round the outside".这种方法感觉就像“2 个拖车公园女孩 go '围绕外面”。
A far simpler approach which I'm planning is to pull all the "victoria"-tagged containers, and then iterate through pushing them back into my own docker repo (eg, "victoria-feralcoder-20120321"), and then update globals.yml to use this stable tag.我计划的一个更简单的方法是拉出所有带有“victoria”标签的容器,然后通过将它们推回我自己的 docker 存储库(例如,“victoria-feralcoder-20120321”)进行迭代,然后更新全局变量。 yml 来使用这个稳定的标签。 I'm new to managing my own docker repos, so I don't know if I can retag images in a pull-through cache, or if I need to set up a private repo for that, so I may also have to switch kolla-ansible between docker.io and a private feralcoder repo, depending on whether I want to do a latest-pull or a pinned-pull.我是管理自己的 docker 存储库的新手,所以我不知道是否可以在拉出缓存中重新标记图像,或者是否需要为此设置私有存储库,所以我可能还必须切换 kolla - 可以在 docker.io 和私人 feralcoder 存储库之间进行操作,具体取决于我是要进行最新拉动还是固定拉动。 That would be a little "hey nineteen", cleaner and nicer, still not quite right...那会有点“嘿十九”,更干净,更好,但仍然不太正确......
I feel like this pull-retag-push-reconfigure-redeploy approach is hack jankery.我觉得这种 pull-retag-push-reconfigure-redeploy 方法是 hack jankery。 Does anybody have a better suggestion?有人有更好的建议吗? Like, to not check upstream for container changes if there's already a tag-match in the local mirror?比如,如果本地镜像中已经有标签匹配,不检查上游的容器更改? Or maybe a way to pull-thru-and-retag, at the registry level?或者也许是一种在注册表级别进行拉通和重新标记的方法?
Thanks, in advance, and also thanks to the kolla-ansible contributors for all their work, short of not providing version stability.在此先感谢,也感谢 kolla-ansible 贡献者所做的所有工作,除了不提供版本稳定性。
2 个解决方案
解决方案1
0 2021-03-22 01:40:34
This is my current preferred solution, which is still, admittedly, a hack:这是我目前首选的解决方案,诚然,它仍然是一个 hack:
Pull the latest images as a batch, then tag them and push them to a local registry.批量拉取最新图像,然后标记它们并将它们推送到本地注册表。
First, I need 2 docker registries: I can't push to a pull-through cache, so I also needed to set up a private registry, which I can push to.首先,我需要 2 个 docker 注册表:我无法推送到拉入式缓存,因此我还需要设置一个可以推送到的私有注册表。
I need to toggle settings in globals.yml back and forth during kolla-ansible deploy to achieve this:我需要在 kolla-ansible 部署期间来回切换 globals.yml 中的设置以实现此目的:
- When I run "kolla-ansible bootstrap-servers" I need the local registry configured, so that stack hosts are configured with appropriate insecure-registries configs.当我运行“kolla-ansible bootstrap-servers”时,我需要配置本地注册表,以便为堆栈主机配置适当的不安全注册表配置。
- I use "kolla-ansible pull" to prefetch the latest packages, when I want to update.当我想更新时,我使用“kolla-ansible pull”来预取最新的包。 For this I reconfigure globals.yml to point at kolla/*:victoria.为此,我将 globals.yml 重新配置为指向 kolla/*:victoria。
- After I fetch the latest containers, I run a loop on one of my stack hosts to pull them from my pull-through cache, tag them to my local registry with a date stamp tag, and push them to my local registry.在我获取最新的容器后,我在我的一个堆栈主机上运行一个循环,以从我的直通缓存中提取它们,使用日期戳标记将它们标记到我的本地注册表,然后将它们推送到我的本地注册表。
- Before I run the actual deploy I configure globals.yml to use my local registry and tags.在我运行实际部署之前,我配置 globals.yml 以使用我的本地注册表和标签。
These are the globals.yml settings of interest:这些是感兴趣的 globals.yml 设置:
## PINNED CONTAINER VERSIONS
#docker_registry: 192.168.127.220:4001
#docker_namespace: "feralcoder"
#openstack_release: "feralcoder-20210321"
# LATEST CONTAINER VERSIONS
docker_registry:
docker_registry_username: feralcoder
docker_namespace: "kolla"
openstack_release: "victoria"
My pseudocode is like this (intermediate steps pruned...):我的伪代码是这样的(中间步骤被剪掉了……):
use_localized_containers () {
cp $KOLLA_SETUP_DIR/files/kolla-globals-localpull.yml /etc/kolla/globals.yml
cat $KOLLA_SETUP_DIR/files/kolla-globals-remainder.yml >> /etc/kolla/globals.yml
}
use_latest_dockerhub_containers () {
# We switch to dockerhub container fetches, to get the latest "victoria" containers
cp $KOLLA_SETUP_DIR/files/kolla-globals-dockerpull.yml /etc/kolla/globals.yml
cat $KOLLA_SETUP_DIR/files/kolla-globals-remainder.yml >> /etc/kolla/globals.yml
}
localize_latest_containers () {
for CONTAINER in `ls $KOLLA_PULL_THRU_CACHE`; do
ssh_control_run_as_user root "docker image pull kolla/$CONTAINER:victoria" $PULL_HOST
ssh_control_run_as_user root "docker image tag kolla/$CONTAINER:victoria $LOCAL_REGISTRY/feralcoder/$CONTAINER:$TAG" $PULL_HOST
ssh_control_run_as_user root "docker image push $LOCAL_REGISTRY/feralcoder/$CONTAINER:$TAG" $PULL_HOST
done
}
use_localized_containers
kolla-ansible -i $INVENTORY bootstrap-servers
use_latest_dockerhub_containers
kolla-ansible -i $INVENTORY pull
localize_latest_containers
use_localized_containers
kolla-ansible -i $INVENTORY deploy
解决方案2
0 2021-03-22 17:05:41
Here is one answer, for an existing deployment:对于现有部署,这是一个答案:
If you have already pulled containers to all your hosts, you can edit some ansible or python so that docker_container.pull=false for all containers.如果您已经将容器拉到所有主机,您可以编辑一些 ansible 或 python 以便所有容器的 docker_container.pull=false。
This is the implementing module:这是实现模块:
.../lib/python3.6/site-packages/ansible/modules/cloud/docker/docker_container.py. .../lib/python3.6/site-packages/ansible/modules/cloud/docker/docker_container.py。
This file might be in /usr/local/share/kolla-ansible/, or.../venvs/kolla-ansible/.该文件可能位于 /usr/local/share/kolla-ansible/,或.../venvs/kolla-ansible/。 When false, if the container exists on the host it won't be repulled.为 false 时,如果容器存在于主机上,则不会被拉回。
This doesn't help the situation where a host hasn't yet pulled the package and you have a version already in your local mirror.这无助于主机尚未拉取 package 并且您的本地镜像中已有版本的情况。 In that situation, the stack host will pull the container, and your pull-through cache will pull down any container updates since last pull.在这种情况下,堆栈主机将拉取容器,而您的拉取缓存将拉取自上次拉取以来的所有容器更新。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.