Chapter 14. Managing containers with Ansible

Note

This feature is available in this release as a Technology Preview, and therefore is not fully supported by Red Hat. It should only be used for testing, and should not be deployed in a production environment. For more information about Technology Preview features, see Scope of Coverage Details.

Red Hat OpenStack Platform 16.1 uses Paunch to manage containers. However, you can also use the Ansible role tripleo-container-manage to perform management operations on your containers. If you want to use the tripleo-container-manage role, you must first disable Paunch. With Paunch disabled, director uses the Ansible role automatically, and you can also write custom playbooks to perform specific container management operations:

  • Collect the container configuration data that heat generates. The tripleo-container-manage role uses this data to orchestrate container deployment.
  • Start containers.
  • Stop containers.
  • Update containers.
  • Delete containers.
  • Run a container with a specific configuration.

Although director performs container management automatically, you might want to customize a container configuration, or apply a hotfix to a container without redeploying the overcloud.

Note

This role supports only Podman container management.

Prerequisites

14.1. Enabling the tripleo-container-manage Ansible role on the undercloud

Note

This feature is available in this release as a Technology Preview, and therefore is not fully supported by Red Hat. It should only be used for testing, and should not be deployed in a production environment. For more information about Technology Preview features, see Scope of Coverage Details.

Paunch is the default container management mechanism in Red Hat OpenStack Platform 16.1. However, you can also use the tripleo-container-manage Ansible role. If you want to use this role, you must disable Paunch.

Prerequisites

Procedure

  1. Log in to the undercloud host as the stack user.
  2. Set the undercloud_enable_paunch parameter to false in the undercloud.conf file:

    undercloud_enable_paunch: false
  3. Run the openstack undercloud install command:

    $ openstack undercloud install

14.2. Enabling the tripleo-container-manage Ansible role on the overcloud

Note

This feature is available in this release as a Technology Preview, and therefore is not fully supported by Red Hat. It should only be used for testing, and should not be deployed in a production environment. For more information about Technology Preview features, see Scope of Coverage Details.

Paunch is the default container management mechanism in Red Hat OpenStack Platform 16.1. However, you can also use the tripleo-container-manage Ansible role. If you want to use this role, you must disable Paunch.

Prerequisites

Procedure

  1. Log in to the undercloud host as the stack user.
  2. Source the stackrc credentials file:

    $ source ~/stackrc
  3. Include the /usr/share/openstack-tripleo-heat-templates/environments/disable-paunch.yaml file in the overcloud deployment command, along with any other environment files that are relevant for your deployment:

    (undercloud) [stack@director ~]$ openstack overcloud deploy --templates \
      -e /usr/share/openstack-tripleo-heat-templates/environments/disable-paunch.yaml
      -e <other_environment_files>
      ...

14.3. Performing operations on a single container

Note

This feature is available in this release as a Technology Preview, and therefore is not fully supported by Red Hat. It should only be used for testing, and should not be deployed in a production environment. For more information about Technology Preview features, see Scope of Coverage Details.

You can use the tripleo-container-manage role to manage all containers, or a specific container. If you want to manage a specific container, you must identify the container deployment step and the name of the container configuration JSON file so that you can target the specific container with a custom Ansible playbook.

Prerequisites

Procedure

  1. Log in to the undercloud as the stack user.
  2. Source the overcloudrc credential file:

    $ source ~/overcloudrc
  3. Identify the container deployment step. You can find the container configuration for each step in the /var/lib/tripleo-config/container-startup-config/step_{1,2,3,4,5,6} directory.
  4. Identify the JSON configuration file for the container. You can find the container configuration file in the relevant step_* directory. For example, the configuration file for the HAProxy container in step 1 is /var/lib/tripleo-config/container-startup-config/step_1/haproxy.json.
  5. Write a suitable Ansible playbook. For example, to replace the HAProxy container image, use the following sample playbook:

    - hosts: localhost
      become: true
      tasks:
        - name: Manage step_1 containers using tripleo-ansible
          block:
            - name: "Manage HAproxy container at step 1 with tripleo-ansible"
              include_role:
                name: tripleo-container-manage
              vars:
                tripleo_container_manage_systemd_order: true
                tripleo_container_manage_config_patterns: 'haproxy.json'
                tripleo_container_manage_config: "/var/lib/tripleo-config/container-startup-config/step_1"
                tripleo_container_manage_config_id: "tripleo_step1"
                tripleo_container_manage_config_overrides:
                  haproxy:
                    image: registry.redhat.io/tripleomaster/<HAProxy-container>:hotfix

    For more information about the variables that you can use with the tripleo-container-manage role, see Section 14.4, “tripleo-container-manage role variables”.

  6. Run the playbook:

    (overcloud) [stack@director]$ ansible-playbook <custom_playbook>.yaml

    If you want to execute the playbook without applying any changes, include the --check option in the ansible-playbook command:

    (overcloud) [stack@director]$ ansible-playbook <custom_playbook>.yaml --check

    If you want to identify the changes that your playbook makes to your containers without applying the changes, include the --check and --diff options in the ansible-playbook command:

    (overcloud) [stack@director]$ ansible-playbook <custom_playbook>.yaml --check --diff

14.4. tripleo-container-manage role variables

Note

This feature is available in this release as a Technology Preview, and therefore is not fully supported by Red Hat. It should only be used for testing, and should not be deployed in a production environment. For more information about Technology Preview features, see Scope of Coverage Details.

The tripleo-container-manage Ansible role contains the following variables:

Table 14.1. Role variables

NameDefault valueDescription

tripleo_container_manage_check_puppet_config

false

Use this variable if you want Ansible to check Puppet container configurations. Ansible can identify updated container configuration using the configuration hash. If a container has a new configuration from Puppet, set this variable to true so that Ansible can detect the new configuration and add the container to the list of containers that Ansible must restart.

tripleo_container_manage_cli

podman

Use this variable to set the command line interface that you want to use to manage containers. The tripleo-container-manage role supports only Podman.

tripleo_container_manage_concurrency

1

Use this variable to set the number of containers that you want to manage concurrently.

tripleo_container_manage_config

/var/lib/tripleo-config/

Use this variable to set the path to the container configuration directory.

tripleo_container_manage_config_id

tripleo

Use this variable to set the ID of a specific configuration step. For example, set this value to tripleo_step2 to manage containers for step two of the deployment.

tripleo_container_manage_config_patterns

*.json

Use this variable to set the bash regular expression that identifies configuration files in the container configuration directory.

tripleo_container_manage_debug

false

Use this variable to enable or disable debug mode. Run the tripleo-container-manage role in debug mode if you want to run a container with a specific one-time configuration, to output the container commands that manage the lifecycle of containers, or to run no-op container management operations for testing and verification purposes.

tripleo_container_manage_healthcheck_disable

false

Use this variable to enable or disable healthchecks.

tripleo_container_manage_log_path

/var/log/containers/stdouts

Use this variable to set the stdout log path for containers.

tripleo_container_manage_systemd_order

false

Use this variable to enable or disable systemd shutdown ordering with Ansible.

tripleo_container_manage_systemd_teardown

true

Use this variable to trigger the cleanup of obsolete containers.

tripleo_container_manage_config_overrides

{}

Use this variable to override any container configuration. This variable takes a dictionary of values where each key is the container name and the parameters that you want to override, for example, the container image or user. This variable does not write custom overrides to the JSON container configuration files and any new container deployments, updates, or upgrades revert to the content of the JSON configuration file.

tripleo_container_manage_valid_exit_code

[]

Use this variable to check if a container returns an exit code. This value must be a list, for example, [0,3].