standards icon indicating copy to clipboard operation
standards copied to clipboard
verified publisher icon SovereignCloudStack

[Feature Request] Ability to phase out old OS images

Open martinmo opened this issue 1 year ago • 5 comments

Motivated by https://github.com/SovereignCloudStack/standards/pull/682#discussion_r1701933446.

We need to discuss:

  • Should SCS standards enforce phasing out (or even banning) old OS images which are not maintained anymore?
  • If so, how? Suggestion by @mbuechse is to introduce new status values in the YAML specified by the standard images standard: discouraged and forbidden.
  • How should deletion be implemented? e.g., move to visibility community

martinmo avatar Aug 02 '24 14:08 martinmo

@martinmo assigned this to you -- please bring this before Team IaaS, or reassign it to me if you think I should do it.

mbuechse avatar Aug 02 '24 18:08 mbuechse

@martinmo just FYI, this change does not require a new major version; however, we should probably also extend https://docs.scs.community/standards/scs-0104-v1-standard-images#yaml-lifecycle to include the case that some formerly optional image becomes forbidden, in which case a new yaml would have to be created.

mbuechse avatar Aug 05 '24 15:08 mbuechse

Discussed in the IaaS call today:

  • general tendency to enforce this in the certification was "no"
  • real deletion should be avoided (that's why I left open the "implementation" of that in my initial comment, such as with visibility community)
    • another approach is using os_hidden
    • deletion is almost certainly not possible because of clone dependencies e.g. in Ceph
  • warnings should be avoided (warning fatigue)
  • state discouraged could be ok

OpenStack API docs about os_hidden property:

This field controls whether an image is displayed in the default image-list response. A “hidden” image is out of date somehow (for example, it may not have the latest updates applied) and hence should not be a user’s first choice, but it’s not deleted because it may be needed for server rebuilds. By hiding it from the default image list, it’s easier for end users to find and use a more up-to-date version of this image. (Since Image API v2.7)

OpenStack API docs about community visibility:

Any user may read the image and its data payload, but the image does not appear in the default image list of any user other than the owner.

(This visibility value was added in the Image API v2.5)

source: https://docs.openstack.org/api-ref/image/v2/#create-image

martinmo avatar Aug 07 '24 09:08 martinmo

And:

  • Users might have extended license for dists that are EOL for the general public.
  • Be optimistic: image contain the version, rely on user to choose latest version.

martinmo avatar Aug 07 '24 09:08 martinmo

I think there may be use cases for this, just not EOL

mbuechse avatar Aug 07 '24 09:08 mbuechse