Skip to content

Automate production of CAPI VM images #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 35 commits into
base: main
Choose a base branch
from
Open

Automate production of CAPI VM images #13

wants to merge 35 commits into from

Conversation

@vomba
Copy link

@vomba vomba commented Oct 21, 2025

Change description

  • Is this change including a new Provider or a new OS? (y/n) ____
  • If yes, has the Provider/OS matrix been updated in the readme? (y/n) ____
  • If adding a new provider, are you a representative of that provider? (y/n) ____

Related issues

  • Fixes #

Additional context

@vomba vomba changed the title add workflow Automate production of CAPI VM images Oct 27, 2025
elastisys-staffan
elastisys-staffan reviewed Oct 28, 2025
View reviewed changes
Copy link

@elastisys-staffan elastisys-staffan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work! 🎉 This doesn't actually push or publish the artifact anywhere right?

@vomba
Copy link
Author

vomba commented Oct 28, 2025

Nice work! 🎉 This doesn't actually push or publish the artifact anywhere right?

The openstack part now, azure does, since it creates a VM on there and all (it's the default behaviour).

HaoruiPeng
HaoruiPeng reviewed Oct 29, 2025
View reviewed changes
Copy link

@HaoruiPeng HaoruiPeng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good job!
But I have a question concerning Openstack.
What would the the follow-up steps after the image is created? The workflow stops here, I assume that means the image is gone when the runner is destroyed if you don't upload it anywhere.

Does it make sense to upload the image to the dev projects of all our Openstack infra providers? So we can share the images to production projects from there during maintenance.

Another idea is to have a self-hosted runner that does not get destroyed after the actions finish.

@vomba
Copy link
Author

vomba commented Oct 29, 2025

Good job! But I have a question concerning Openstack. What would the the follow-up steps after the image is created? The workflow stops here, I assume that means the image is gone when the runner is destroyed if you don't upload it anywhere.

Does it make sense to upload the image to the dev projects of all our Openstack infra providers? So we can share the images to production projects from there during maintenance.

Another idea is to have a self-hosted runner that does not get destroyed after the actions finish.

We will need credentials to upload and share the openStack images, that part is on hold until a decision is made about it.

@elastisys-staffan
Copy link

elastisys-staffan commented Oct 30, 2025

Apologies for not being able to look at this sooner. Do you think we could break the jobs up so that building is one job and publishing is another? The logs are quite long so that would make it easier to follow the process. Also, I think it would add some flexibility.

@vomba
Copy link
Author

vomba commented Oct 30, 2025

Apologies for not being able to look at this sooner. Do you think we could break the jobs up so that building is one job and publishing is another? The logs are quite long so that would make it easier to follow the process. Also, I think it would add some flexibility.

That can be done for openStack. Once we decide on how to handle the credentials.
For Azure, there is no publishing job. as it builds on the platform and stores it there by default.

@elastisys-staffan
Copy link

elastisys-staffan commented Oct 30, 2025

Apologies for not being able to look at this sooner. Do you think we could break the jobs up so that building is one job and publishing is another? The logs are quite long so that would make it easier to follow the process. Also, I think it would add some flexibility.

That can be done for openStack. Once we decide on how to handle the credentials. For Azure, there is no publishing job. as it builds on the platform and stores it there by default.

Would it make sense to use qemu or similar to build the Azure VHD locally and then publish it in a separate job? As I understand it that is how the Openstack flow works, so if we can make it work for Azure too they would harmonize nicely.

@vomba
Copy link
Author

vomba commented Oct 30, 2025

Apologies for not being able to look at this sooner. Do you think we could break the jobs up so that building is one job and publishing is another? The logs are quite long so that would make it easier to follow the process. Also, I think it would add some flexibility.

That can be done for openStack. Once we decide on how to handle the credentials. For Azure, there is no publishing job. as it builds on the platform and stores it there by default.

Would it make sense to use qemu or similar to build the Azure VHD locally and then publish it in a separate job? As I understand it that is how the Openstack flow works, so if we can make it work for Azure too they would harmonize nicely.

I don't know actually, but it feels like adding more work to us.

@elastisys-staffan
Copy link

elastisys-staffan commented Oct 30, 2025

I don't know actually, but it feels like adding more work to us.

It might be worth the effort actually.

I see several benefits:

  • increased consistency across provider implementations
  • breaking up build and push/publish = separation of concerns
  • separate push step gives us more flexibility to work out the authentication details
  • if the azure image is identical to the openstack image, we might only need to build a single image (that's a big IF, but would be neat)

Imagine we build the images here and push them to object storage or similar. Then, pushing and publishing them can be tied to some other process, like creating a capi release. We could even keep the step manual if we want to.

@Xartos
Copy link

Xartos commented Nov 3, 2025

I don't know actually, but it feels like adding more work to us.

It might be worth the effort actually.

I see several benefits:

* increased consistency across provider implementations

* breaking up build and push/publish = separation of concerns

* separate push step gives us more flexibility to work out the authentication details

* if the azure image is identical to the openstack image, we might only need to build a single image (that's a big IF, but would be neat)

Imagine we build the images here and push them to object storage or similar. Then, pushing and publishing them can be tied to some other process, like creating a capi release. We could even keep the step manual if we want to.

I like this, and we could add it as artifacts of the action. Then some other job could just download the images as the output of this action and push it wherever it needs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@HaoruiPeng HaoruiPeng HaoruiPeng left review comments

@elastisys-staffan elastisys-staffan elastisys-staffan left review comments

@Xartos Xartos Awaiting requested review from Xartos

@davidumea davidumea Awaiting requested review from davidumea

@lunkan93 lunkan93 Awaiting requested review from lunkan93

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@vomba @elastisys-staffan @Xartos @HaoruiPeng