Hi,
Thanks Sebastien for answering some questions.
Right now we're using CentOS for the base image
for Ceph containers.
Now that CentOS is moving to a rolling-upgrade-esque style release
with CentOS Stream, it's an open question if we should stick with it.
A more stable base image that gets reliable security fixes would be
preferable. One thought is to use Red Hat's Universal Base Image (UBI)
[1] which is just RHEL-lite with a target audience of upstream
projects. Or perhaps we can select another base image.
That's a question I started to think about at the start of this year
(before my parental leave).
And the answer is really tied with the decision about how we will ship el8
packages.
Before thinking about the base container image, we should decide what we
should use as a base distro for building the el8 packages.
The solution for the container image will likely follow the same path.
As of today, here are my thoughts on the possible solutions:
- centos stream : could be the easiest solution but with a rolling release
distro, we might have more issues with recent distro updates.
I guess centos stream will be a good choice to start testing el9 earlier.
- ubi8 : I guess that's a no go even if this is close to the Red Hat
downstream image.
The ubi repositories available from the image aren't enough for installing
the ceph packages.
You still need to deal with subscription manager or other.
- almalinux [1][2] / rockylinux [3][4] : both are really CentOS clones and
available as a base container image on x86_64 and arm64.
When I made some tests few months ago, the almalinux image (rockylinux
wasn't released yet) only required a one line patch to the ceph-container
project.
[1]
https://almalinux.org/
[2]
https://hub.docker.com/_/almalinux
[3]
https://rockylinux.org/
[4]
https://hub.docker.com/r/rockylinux/rockylinux
Regards,
Dimitri
On Thu, Jun 24, 2021 at 9:38 AM Sebastien Han <shan(a)redhat.com> wrote:
All dot releases from Nautilus to Pacific.
Thanks!
–––––––––
Sébastien Han
Senior Principal Software Engineer, Storage Architect
"Always give 100%. Unless you're giving blood."
On Thu, Jun 24, 2021 at 3:35 PM Sage Weil <sage(a)newdream.net> wrote:
Does this happen for all dot releases, or just the most recent one?
On Thu, Jun 24, 2021 at 8:16 AM Sebastien Han <shan(a)redhat.com> wrote:
AFAIR for each stable release of Nautilus/Octopus/Pacific available on
download.ceph.com we will check if the base image changed and rebuild
in consequence.
On rebuild the suffix with the build date will be appended, resulting
in an image called: ceph/ceph-amd64:v14.2.6-20201116
Thanks!
–––––––––
Sébastien Han
Senior Principal Software Engineer, Storage Architect
"Always give 100%. Unless you're giving blood."
On Thu, Jun 24, 2021 at 2:53 PM Sage Weil <sage(a)newdream.net> wrote:
I have a related question about how we currently build release
containers. Clearly when an actual release is made we build a fresh
container for that release, based on the latest version of the base
image (with all of the latest security updates).
When the base image is updated, do we also rebuild past release
containers? Which ones?
sage