Lifecycle on images

Asked by Kevin Wilson

Hi Glancers,...

I am investigating how to implement a patch process around images. So that critical Security patches can be applied and moved into the environment. With this background, I have been trying to understand how images can be managed in the envrionement.

IE if I have a new image with a critical security patch, is there a way to mark the old image as (out of service) or some other state identify so that the image can no longer be provisioned into a new environment while, existing deployments can continue to use the image at runtime.

Then once all nova instances are updated to use the new image, mark the exiting image as deprecated.

These life cycle states may apply to any object in the repository. Images, Templates and other objects may need to go through some sort of supportability lifecycle, and may have different concepts of accessibility during different lifecycle states.

Has anyone run into this or is there a practical solution for the near term vs. long term blueprint?


Question information

English Edit question
Glance Edit question
No assignee Edit question
Solved by:
Kevin Wilson
Last query:
Last reply:
Revision history for this message
Erno Kuvaja (jokke) said :

Hi Kevin,

For me it looks like best way to do this at the moment would be adding your own property tag into the image and add that property to the filters so the image does not show up in the lists. This way Nova would be still able access the image by ID for live migration etc.

This is not bullet proof solution, but best workaround I know for now.

- Erno

Revision history for this message
Kevin Wilson (kevin-l-wilson) said :

This is about where I thought it would stand.

Will look into creating a blueprint around this feture to create more of a enterprise class solution that will address this need. It can then be discussed and debated before implementation.

Thanks for the info.