Using the add-image Command with the MAAS provider

I have a few blockers to discuss around maas/juju/snapcraft.

The situation is this:

1. We have a snap that uses system-usernames.

   • We got backed into the system-usernames corner because we need to support the seteuid and setegid operations that run in the slurm application code. Using the snap_daemon user/system-usernames is how setegid/seteuid operations are facilitated in a strictly confined snap.
   • Centos7 doesn’t support system-usernames because its toolchain (including snapd) is built with libseccomp < 2.4.
   • This is organically resolved in cento8 because it uses a toolchain and snapd that is built with libseccomp > 2.4.

2. We have a hard requirement that our slurm snap and charms run on centos8 (per above).

   • We have taken advantage of the operator framework paired with a snapped application to accommodate more easily deploying a centos based workload using Juju.
   • MAAS doesn’t support centos8 out of the box.
   • We can bake our own centos8 image and upload it to MAAS, but there is no way to deploy it using Juju.
     • MAAS provider lacks support for add-image needed for us to be able to deploy a centos8 workload.

This said, we seem to be blocked in making progress in getting our workload deployed.

I feel like this is a good example use case for the work being done right now revolving around os agnostic workloads. I am hoping we can use this use case to drive the new workload agnostic functionality to a usable state.

I have a bug filed for this here

Does anyone have insight for how we might be able to use the add-image command to use our custom image with Juju ?

Thanks!

(Update)

We have talked this through and have come up with a few possible paths forward.

• centos7

  • Maintain classic snap for use with centos7 workloads.
    • We will need to deploy centos7 for some workloads that are not able to be migrated to centos8, so having the capability to deploy centos7 workloads is something we need to be able to do anyway.
    • As far as we can see this would be our only workaround for getting our snap deployed on centos7.
  • Use the centos7 image available in maas
    • We can install the python epel-release dependency needed to run a charm on centos via the cloudinit-userdata and avoid having to bake our own images here, removing the dependency of having to use a custom image altogether.

• centos8

  • To the best of our knowledge we would need support for centos8 in maas or support for add-image in Juju in order to facilitate using centos8 or any other custom image with Juju.

Also highlighting the problem with maas/juju not being able to target custom or arbitrary “series” images in the backing cloud is central here.

I can not have 2 different “centos7” in MAAS, identified for example by UUID or fingerprint, very much like lxd allows for. E.g. if I need two different images both with centos7, I can’t have that to my knowledge. MAAS will pick the first in line as returned from the database table of images with the name “centos7”.

Perhaps MAAS developers might know more and correct details?

I checked with the MAAS folks and unfortunately, MAAS only supports one image for any distro series. You ask for “bionic” and you get the image MAAS serves up to you. Unlike say AWS, there’s no choice of image so add-image is not relevant for MAAS.

With centos8, that’s currently in progress and support will be forthcoming “soon”.

Yeah, this limitation is a huge problem since it will force users to have a single image for all possible workloads backed by a particular os. This limitation then leads up to a situation where a single maas instance more or less will be bound to a specific workload. You then end up in having to maintain multiple maas clouds if you have more use-cases and thus missing out sharing your hardware pool across multiple use-cases. That’s a fail.

As a thought on resolution here; What if maas could implement a feature very much like lxd uses with fingerprint images?

Maybe worth raising this topic on the MAAS Discourse.

I syndicated this to a post on the maas discourse.

@oscarf ^

@wallyworld can you give us any kind of timeframe for the centos8 support in juju?

It should be in the upcoming 2.8.1 release.
We aim to have a candidate out by mid next week.

Amazing and looking forward to it! We have a few items in the pipe for 2.8.1 which will hopefully resolve some issues we have.

The conversation here seems pertinent. Possibly if MAAS gets an image management overhaul it will better support custom image management from juju point of view also.