Custom containers¶
This section covers configuration of the user-defined containers deployment functionality that runs on the seed, infrastructure VMs, overcloud and Ansible control hosts.
Configuration¶
For example, to deploy a squid container image:
seed.yml¶seed_containers:
squid:
image: "docker.io/stackhpc/squid"
pre: "{{ kayobe_env_config_path }}/containers/squid/pre.yml"
post: "{{ kayobe_env_config_path }}/containers/squid/post.yml"
pre_destroy: "{{ kayobe_env_config_path }}/containers/squid/pre_destroy.yml"
post_destroy: "{{ kayobe_env_config_path }}/containers/squid/post_destroy.yml"
tag: "3.5.20-1"
Please notice the optional pre, post, pre_destroy, and post_destroy Ansible task
files - those need to be created in kayobe-config path. The table below describes
when they will run:
Hook |
Trigger point |
|---|---|
pre |
Before container deployment |
post |
After container deployment |
pre_destroy |
Before container is destroyed |
post_destroy |
After container is destroyed |
Possible options for container deployment:
seed_containers:
containerA:
capabilities:
command:
comparisons:
detach:
env:
network_mode:
image:
init:
ipc_mode:
pid_mode:
ports:
privileged:
restart_policy:
shm_size:
sysctls:
tag:
ulimits:
user:
volumes:
For a detailed explanation of each option - please see Ansible docker_container module page.
List of Kayobe applied defaults to required docker_container variables:
---
# Action to perform: One of: "deploy", "destroy".
manage_containers_action: "deploy"
#TODO(mattcrees): remove deploy_containers_defaults in Hibiscus cycle
manage_containers_defaults: "{{ deploy_containers_defaults }}"
deploy_containers_defaults:
comparisons:
image: strict
env: strict
volumes: strict
detach: True
network_mode: "host"
init: True
privileged: False
restart_policy: "unless-stopped"
manage_custom_containers: []
#TODO(mattcrees): remove deploy_containers_docker_api_timeout in Hibiscus cycle.
manage_containers_docker_api_timeout: "{{ deploy_containers_docker_api_timeout | default(120) }}"
manage_containers_registry:
manage_containers_registry_username:
manage_containers_registry_password:
manage_containers_registry_attempt_login: "{{ manage_containers_registry_username is truthy and manage_containers_registry_password is truthy }}"
Docker registry¶
Custom containers can be pulled from a docker registry deployed on the seed. This is possible since the docker registry deployment step precedes the custom container deployment step.
It is also possible to deploy a custom containerised docker registry as a custom seed container. In this case, basic authentication login attempts can be disabled by setting:
seed.yml¶seed_manage_containers_registry_attempt_login: false
infra-vms.yml¶infra_vm_manage_containers_registry_attempt_login: false
controllers.yml¶controller_manage_containers_registry_attempt_login: false
storage.yml¶storage_manage_containers_registry_attempt_login: false
monitoring.yml¶monitoring_manage_containers_registry_attempt_login: false
ansible-control.yml¶ansible_control_manage_containers_registry_attempt_login: false
Without this setting, the login will fail because the registry has not yet been deployed.
More information on deploying a docker registry can be found here.
