[Openstack-operators] How to handle updates of public images?
Abel Lopez
alopgeek at gmail.com
Thu Feb 5 14:39:21 UTC 2015
That is a very real concern. This I systems from images being named very
uniquely, with versions, dates, etc. To the end user this is ALMOST as hard
as a UUID.
Easy/generic names encourage users to use them, but there is an aspect of
documentation and user training/education on the proper use of name-based
automation.
On Thursday, February 5, 2015, Marc Heckmann <marc.heckmann at ubisoft.com>
wrote:
> On Thu, 2015-02-05 at 06:02 -0800, Abel Lopez wrote:
> > I always recommend the following:
> > All public images are named generically enough that they can be
> > replaced with a new version of the same name. This helps new instances
> > booting.
> > The prior image is renamed with -OLD-$date. This lets users know that
> > their image has been deprecated. This image is made private so no new
> > instances can be launched.
> > All images include an updated motd that indicates available security
> > updates.
>
> I like this approach, but I have the following caveat: What if users are
> using the uuid of the image instead of the name in some automation
> scripts that they might have? If we make the "-OLD-$date" images
> private, then we just broke their scripts.
>
> >
> >
> > We're discussing baking the images with automatic updates, but still
> > haven't reached an agreement.
> >
> > On Thursday, February 5, 2015, Tim Bell <Tim.Bell at cern.ch <javascript:;>>
> wrote:
> > > -----Original Message-----
> > > From: George Shuklin [mailto:george.shuklin at gmail.com
> <javascript:;>]
> > > Sent: 05 February 2015 14:10
> > > To: openstack-operators at lists.openstack.org <javascript:;>
> > > Subject: [Openstack-operators] How to handle updates of
> > public images?
> > >
> > > Hello everyone.
> > >
> > > We are updating our public images regularly (to provide them
> > to customers in
> > > up-to-date state). But there is a problem: If some instance
> > starts from image it
> > > becomes 'used'. That means:
> > > * That image is used as _base for nova
> > > * If instance is reverted this image is used to recreate
> > instance's disk
> > > * If instance is rescued this image is used as rescue base
> > > * It is redownloaded during resize/migration (on a new
> > compute node)
> > >
> > > One more (our specific):
> > > We're using raw disks with _base on slow SATA drives (in
> > comparison to fast SSD
> > > for disks), and if that SATA fails, we replace it (and nova
> > redownloads stuff in
> > > _base).
> > >
> > > If image is deleted, it causes problems with nova (nova
> > can't download _base).
> > >
> > > The second part of the problem: glance disallows to update
> > image (upload new
> > > image with same ID), so we're forced to upload updated image
> > with new ID and
> > > to remove the old one. This causes problems described above.
> > > And if tenant boots from own snapshot and removes snapshot
> > without removing
> > > instance, it causes same problem even without our activity.
> > >
> > > How do you handle public image updates in your case?
> > >
> >
> > We have a similar problem. For the Horizon based end users,
> > we've defined a panel using image meta data. Details are at
> >
> http://openstack-in-production.blogspot.ch/2015/02/choosing-right-image.html
> .
> >
> > For the CLI users, we propose to use the sort options from
> > Glance to find the latest image of a particular OS.
> >
> > It would be good if there was a way of marking an image as
> > hidden so that it can still be used for snapshots/migration
> > but would not be shown in image list operations.
> >
> > > Thanks!
> > >
> > > _______________________________________________
> > > OpenStack-operators mailing list
> > > OpenStack-operators at lists.openstack.org <javascript:;>
> > >
> >
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
> >
> > _______________________________________________
> > OpenStack-operators mailing list
> > OpenStack-operators at lists.openstack.org <javascript:;>
> >
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
> > _______________________________________________
> > OpenStack-operators mailing list
> > OpenStack-operators at lists.openstack.org <javascript:;>
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150205/7cfabc0a/attachment.html>
More information about the OpenStack-operators
mailing list