From c7170b7ac7e7b702f7b9a007569b4afba5968723 Mon Sep 17 00:00:00 2001
From: James Slagle <jslagle@redhat.com>
Date: Wed, 2 Feb 2022 12:40:21 -0500
Subject: [PATCH] Skip podman purge on Undercloud

With the undercloud using ephemeral Heat, there will be images for
ephemeral Heat in the local container storage that do not have any
associated containers. Podman purge would delete these images, and they
then wouldn't be available for overcloud commands.

Instead, skip running the podman purge tasks on the Undercloud. This
means that the local container image storage will grow over time. Given
the reduced number of services on the undercloud, the storage usage is
not as bad as it was previously. However, operators will need to be
aware.

While "podman image prune" does have a --filter option to preserve
images, it does not work in the version of podman in
container-tools:3.0. When the needed patch[1] is available, the podman
purge tasks can be re-enabled, which would address the issue of growing
local storage.

[1] https://github.com/containers/podman/commit/a5ad36c65ea07d839fd9bf55a820c8cb9884eed1
[2] https://github.com/containers/podman/pull/10390

Change-Id: Ibd2200aa912960b267a9975571e05665a29e40f0
Signed-off-by: James Slagle <jslagle@redhat.com>
(cherry picked from commit 7eb280ace819e7fa7d8e16a6328a5b3ff6fa00a5)
---
 .../podman/podman-baremetal-ansible.yaml      | 22 +++++++++++++++++++
 ...man-purge-undercloud-a3a30b5ac3a0951b.yaml |  9 ++++++++
 2 files changed, 31 insertions(+)
 create mode 100644 releasenotes/notes/skip-podman-purge-undercloud-a3a30b5ac3a0951b.yaml

diff --git a/deployment/podman/podman-baremetal-ansible.yaml b/deployment/podman/podman-baremetal-ansible.yaml
index 4d52327814..b8b7996359 100644
--- a/deployment/podman/podman-baremetal-ansible.yaml
+++ b/deployment/podman/podman-baremetal-ansible.yaml
@@ -68,6 +68,10 @@ parameters:
                  additional ordering dependencies for the systemd
                  scopes associated to podman containers.
     type: boolean
+  deployment_source_hosts:
+    default: 'Undercloud'
+    type: string
+    description: Host or hostgroup that runs the deployment
 
 conditions:
   insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, []]}
@@ -221,19 +225,37 @@ outputs:
               when: pcs_stat.stat.exists
 
       post_upgrade_tasks:
+        # Podman purge tasks are disabled on the undercloud since the ephemeral
+        # Heat images need to be kept. When commit
+        # https://github.com/containers/podman/commit/a5ad36c65ea07d839fd9bf55a820c8cb9884eed1
+        # is available in the podman version used by TripleO, the ephemeral
+        # Heat images could be labeled in a way that they could be kept with
+        # --fitler, and these tasks could be re-enabled on the undercloud.
         - name: Purge Podman
           when:
             - (step | int) == 3
             - container_cli == 'podman'
+            - deployment_source_hosts not in group_names
           include_role:
             name: tripleo_podman
             tasks_from: tripleo_podman_purge.yml
+          vars:
+            deployment_source_hosts: {get_param: deployment_source_hosts}
 
       post_update_tasks:
+        # Podman purge tasks are disabled on the undercloud since the ephemeral
+        # Heat images need to be kept. When commit
+        # https://github.com/containers/podman/commit/a5ad36c65ea07d839fd9bf55a820c8cb9884eed1
+        # is available in the podman version used by TripleO, the ephemeral
+        # Heat images could be labeled in a way that they could be kept with
+        # --fitler, and these tasks could be re-enabled on the undercloud.
         - name: Purge Podman
           when:
             - (step | int) == 3
             - container_cli == 'podman'
+            - deployment_source_hosts not in group_names
           include_role:
             name: tripleo_podman
             tasks_from: tripleo_podman_purge.yml
+          vars:
+            deployment_source_hosts: {get_param: deployment_source_hosts}
diff --git a/releasenotes/notes/skip-podman-purge-undercloud-a3a30b5ac3a0951b.yaml b/releasenotes/notes/skip-podman-purge-undercloud-a3a30b5ac3a0951b.yaml
new file mode 100644
index 0000000000..e2ad1facce
--- /dev/null
+++ b/releasenotes/notes/skip-podman-purge-undercloud-a3a30b5ac3a0951b.yaml
@@ -0,0 +1,9 @@
+---
+other:
+  - |
+    "podman image prune" is no longer used on the undercloud to remove unused
+    images during the undercloud update/upgrade. With the usage of ephemeral
+    Heat, not all images will always be used by running or stopped containers,
+    so "podman image prune" should not be used to clean up the local container
+    image storage. Images that are no longer being used can still be removed
+    individually with "podman rmi".