Hi,

Thanks Sebastien for answering some questions.

> Right now we're using CentOS for the base image for Ceph containers.
> Now that CentOS is moving to a rolling-upgrade-esque style release
> with CentOS Stream, it's an open question if we should stick with it.
> A more stable base image that gets reliable security fixes would be
> preferable. One thought is to use Red Hat's Universal Base Image (UBI)
> [1] which is just RHEL-lite with a target audience of upstream
> projects. Or perhaps we can select another base image.

That's a question I started to think about at the start of this year (before my parental leave).

And the answer is really tied with the decision about how we will ship el8 packages.

Before thinking about the base container image, we should decide what we should use as a base distro for building the el8 packages.

The solution for the container image will likely follow the same path.

As of today, here are my thoughts on the possible solutions:

- centos stream : could be the easiest solution but with a rolling release distro, we might have more issues with recent distro updates.

I guess centos stream will be a good choice to start testing el9 earlier.

- ubi8 : I guess that's a no go even if this is close to the Red Hat downstream image.

The ubi repositories available from the image aren't enough for installing the ceph packages.

You still need to deal with subscription manager or other.

- almalinux [1][2] / rockylinux [3][4] : both are really CentOS clones and available as a base container image on x86_64 and arm64.

When I made some tests few months ago, the almalinux image (rockylinux wasn't released yet) only required a one line patch to the ceph-container project.

[1] https://almalinux.org/

[2] https://hub.docker.com/_/almalinux

[3] https://rockylinux.org/

[4] https://hub.docker.com/r/rockylinux/rockylinux

Regards,

Dimitri

On Thu, Jun 24, 2021 at 9:38 AM Sebastien Han <shan@redhat.com> wrote:

All dot releases from Nautilus to Pacific.
Thanks!
–––––––––
Sébastien Han
Senior Principal Software Engineer, Storage Architect

"Always give 100%. Unless you're giving blood."

On Thu, Jun 24, 2021 at 3:35 PM Sage Weil <sage@newdream.net> wrote:
>
> Does this happen for all dot releases, or just the most recent one?
>
> On Thu, Jun 24, 2021 at 8:16 AM Sebastien Han <shan@redhat.com> wrote:
> >
> > AFAIR for each stable release of Nautilus/Octopus/Pacific available on
> > download.ceph.com we will check if the base image changed and rebuild
> > in consequence.
> > On rebuild the suffix with the build date will be appended, resulting
> > in an image called: ceph/ceph-amd64:v14.2.6-20201116
> >
> > Thanks!
> > –––––––––
> > Sébastien Han
> > Senior Principal Software Engineer, Storage Architect
> >
> > "Always give 100%. Unless you're giving blood."
> >
> > On Thu, Jun 24, 2021 at 2:53 PM Sage Weil <sage@newdream.net> wrote:
> > >
> > > I have a related question about how we currently build release
> > > containers. Clearly when an actual release is made we build a fresh
> > > container for that release, based on the latest version of the base
> > > image (with all of the latest security updates).
> > >
> > > When the base image is updated, do we also rebuild past release
> > > containers? Which ones?
> > >
> > > sage
> > >
> >
>