Uploaded image for project: 'Container Tools'
  1. Container Tools
  2. RUN-1534

System Role for Container Tools - RHEL 8.8/9.0

XMLWordPrintable

    • False
    • None
    • False
    • RHELBU-1588 - Ansible System Role for Container Tools
    • rhel-sst-container-tools
    • RUN 232

      Description

      Create the preliminary pass of the RHEL System Role for Container Tools.

      By providing a RHEL System Role for Container Tools, Red Hat can:

      • Automate the handling of configuration files like policy.json, containers.conf, registries.conf, etc
      • Automate the creation and distribution of systemd unit files which control the start/stop/auto-updates of containerized applications
      • Prune images in the storage cache
      • Help troubleshoot problems on a production container host

      Requirements

      A list of specific needs or objectives that a Feature must deliver to satisfy the Feature.. Some requirements will be flagged as MVP. If an MVP gets shifted, the feature shifts.  If a non MVP requirement slips, it does not shift the feature.

      requirement Notes  isMvp?
      Onboard Container Tools team with RHEL System Roles process/overview   yes
      Groomed: Design and build a System Role for Container Tools  This system role would:
      1.   Configure the containers.conf file which is used by podman
      2.   Talk to podman to generate the systemd unit file
      3.   Talk to systemd to configure which containers are started by systemd
      4.   Deploy the containers.conf, storage.conf, registries.conf and policy.json across a cluster
        1. If possible, arbitrary config options should be configurable by the role so that all options are configurable, and so that the role doesn't have to constantly be updated as Podman adds new configuration options in the future
        2. As example, see implementation of "cockpit_config" in Cockpit system role:  https://github.com/linux-system-roles/cockpit
      5.   Use podman to generate systemd unit files
      6.   Deploy the systemd unit file
        The https://github.com/ikke-t/podman-container-systemd project implements several of these requirements already, and it has been discussed that the RHEL System Role would be based on this upstream project.
      		  yes
      Ansible Idempotency - ensure role is idempotent   yes
      Managed node support Should support RHEL 9 and RHEL 8 managed nodes.    RHEL 7 is out of scope due to it only having Podman version 1 (this version of Podman also has no API).  
       
      If user attempts to run role on RHEL 7, it should fail with error message indicating that RHEL 7 is not supported      		 yes
      Control node support This automation should be executable from control nodes:
      • RHEL
      • Satellite
      • Ansible Automation Controller
      		 yes
        Podman should continue to do real-time things like:
      1.   Run the app
      2.   Handle auto-updates/auto-rollback
      		  
      Still grooming: Design and build Ansible automation for building container images Ansible would likely call out to Podman to do things like (The upstream Ansible Podman Collections code might serve as the basis for this build functionality):
      1. Build container images with applications in them in a blue printed way (Dockerfile/Containerfile)
      		 no

      Acceptance Criteria

      A list of specific needs or objectives must be delivered to satisfy the epic.

      See the "Groomed: Design and build a System Role for Container Tools" section in the table above.  The functionality discussed there needs to be created, completed and preliminarily tested by the Container Tools QE team.

      What SSTs and Layered Product teams should review this?  RHEL System Roles (Rich Megginson) and RHEL Podman.

              vrothber@redhat.com Valentin Rothberg
              tsweeney@redhat.com Tom Sweeney
              Thom Carlin
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: