Yay!
When you have brainspace after firefighting (always fun) - maybe we should find a time to talk about whether our image building and publishing automation could help you out here. No rush - this is one of those “we’ve got some tools we might be able to leverage to help” - just ping me whenever.
Hey Monty,
The CI team is presently busy with CentOS 8 fires but I would be happy to help and work together on convergence.
Maybe I can start by explaining how our process works, then you can do the same and we see where we can collaborate.
The TL;DR is that we have built TripleO CLI and Ansible roles to consume Kolla tooling and build our images.
1) How a TripleO user would build an image?
By using the "openstack overcloud container image build" command ("overcloud" is here by legacy, please ignore it).
The magic happens here:
It's basically wrapping out the kolla-build CLI; with proper options for us.
In fact, since podman/buildah, we only use kolla-build to render Kolla Dockerfiles templates to merge them with our TripleO overrides:
kolla-build would generate directories for each image and inside you would have their Dockerfiles.
We don't use kolla-build to build the containers because Kolla doesn't support Buildah, and none of us has taken the time to do it yet.
To build the images from Dockerfiles, we use that code:
It's basically running "buildah bud" with concurrency (to make it faster). This code could be converted to an Ansible module eventually; which could be consumed by more than us.
Once images are built, the code runs "buildah push"; to push it to a remote (or local) registry.
That's it, that's all. If we resume, we use kolla-build to generate Dockerfiles for our containers (since TripleO images use Kolla format) and then we have our own crap to use Buildah to build & push the image. I guess the second part is something we could share.
2) How TripleO CI builds containers?
We have an Ansible role for that:
It basically:
- Install repositories needed to deploy TripleO
- Deploy a local docker registry with ansible-role-container-registry (also used in production when Docker is deployed, so before Stein)
- Install and configure Kolla
- Runs "openstack overcloud container image build" (which was described earlier) to build, tag and push images
I skipped a few details but this is the big picture. I'm sure there is a lot where we can share and I would be more than happy to contribute in that effort, please let me know how it works on your side and we'll find ways to collaborate.
Thanks,