Build OpenStack container images with TCIB¶
TCIB (The Container Image Build) is the tool created by the OpenStack k8s operators project to build the OpenStack services container images used by the operators. The images are built on top of a base EL9 (CentOS Stream 9, i.e.) image and use RPM packages from RDO or similar repositories. TCIB supports RDO versions since Antelope.
The operators project maintains public OpenStack images in the Quay registry for certain RDO versions:
- RDO Trunk Antelope (default): https://quay.io/organization/podified-antelope-centos9
- RDO Trunk Master (development branch): https://quay.io/organization/podified-master-centos9
This document provides instructions to build the images locally which allow to build container for other untested OpenStack releases or apply customizations. A brief introduction to the operators architecture can be found in this doc.
Build TCIB container images locally¶
This procedure requires a CentOS Stream 9 system where the images will be built.
- In your CentOS Stream 9 server, install the desired RDO repos. In this example, the RDO CloudSIG Bobcat 2023.2 will be used:
$ sudo dnf install -y centos-release-openstack-bobcat
$ sudo dnf install -y centos-release-opstools
$ sudo dnf config-manager --enable crb
The container images require some Ceph packages from the Storage SIG. Follow the instructions in the RDO Webpage to enable and configure epel:
$ sudo dnf install epel-release
$ sudo dnf config-manager --disable epel-next
$ sudo dnf config-manager --disable epel-cisco-openh264
$ sudo dnf config-manager --setopt epel.priority=100 --save epel
$ sudo dnf config-manager --setopt epel.includepkgs="libarrow*,parquet*,python3-asyncssh,re2,python3-grpcio,grpc*,abseil*" --save epel
- Install the required packages:
$ sudo dnf install -y buildah podman python3-tcib
- Build the container images:
$ openstack tcib container image build --base quay.io/centos/centos:stream9 --distro centos --release 9 --namespace openstack --tag cloudsig-bobcat
You can use your preferred namespace and tag.
Note: in some cases you may want to build only a subset of the images. In that case,
copy the /usr/share/tcib/container-images/containers.yaml
file, edit it to leave only
the desired images and add --config-file < path to custom containers.yaml>
to the build command.
This command will create the containers in the local registry as root. You can check them with command:
$ sudo podman images
- Push the images to an external registry
Tipically, the container images needs to be available in a registry to be pulled from
the OKD cluster where the operators are deployed. You can use podman push
for that after creating the images locally or tcib can do it for you when building
them if you add options --push --registry <registry destination>
to the build command.
Note that you must login into the registry before building the images.
For example, following commands will push the cloudsig-bobcat images to the registry running in a OKD server deployed using CRC:
$ sudo podman login -u kubeadmin -p $(oc whoami -t) default-route-openshift-image-registry.apps-crc.testing --tls-verify=false
$ openstack tcib container image build --base quay.io/centos/centos:stream9 --distro centos --release 9 --namespace openstack --tag cloudsig-bobcat --push --registry default-route-openshift-image-registry.apps-crc.testing
Note: make sure the namespace exists in the OpenShift cluster, otherwise tcib will fail in pushing the images to the OpenShift registry.