Software Factory 3.1

Prelude

This new release adds support for tenant deployment and Zuul configuration management from the resources.

Doc

Here is the documentation of the 3.1 release.

Release Notes (2018-10-16)

Fixes

  • A bug in graph-render prevented grafana auto configuration when nodepool wasn't configured with any cloud provider.

Updated Packages

  • sf-config-3.1.2-4.el7

Release Notes (2018-08-20)

Security

Updated Packages

  • cgit-1.2.1-2.el7

Release Notes (2018-08-08)

Fixes

  • A bug in openstacksdk prevented nodepool to recover from cloud failure.

Upgrade Notes

  • Update the packages and restart the nodepool services:
    • ansible -m yum -a "name=* state=latest" nodepool-launcher:nodepool-builder
    • ansible -m service -a "name=rh-python35-nodepool-launcher state=restarted" nodepool-launcher
    • ansible -m service -a "name=rh-python35-nodepool-builder state=restarted" nodepool-builder

Updated Packages

  • rh-python35-python-cryptography-2.1.4-1.el7
  • rh-python35-python-openstacksdk-0.17.2-1.el7

Release Notes (2018-08-03)

sf-config-3.1.1

New Features

  • A new zuul.ara_report option in sfconfig.yaml lets operators set the default behavior to copy ara report database. Set it to 'failure' to only copy the result when a job fails.
  • sfconfig checks for correct hostnames and sets them if needed before installing services to prevent DNS issues.
  • New tls_cert_file, tls_chain_file and tls_key_file sfconfig.yaml option let user set cutom TLS certificates.
  • A new cgit component is available to host a fast web frontend for gerrit repositories at https://fqdn/cgit.
  • A new default-tenant-name setting in sfconfig.yaml lets operators change the "local" tenant name.
  • A new config-location setting enables deployments where the config and jobs repository are hosted remotely, for example on an external gerrit or github.
  • SSL is enabled on zuul gearman service. A gearman-client script is installed on the scheduler host to enable direct connection.
  • A new app_name setting is added to sfconfig.yaml's github_connections list to auto-configure the github gate pipeline.
  • A new label_name setting is added to sfconfig.yaml's github_connections list to auto-configure a label requirement to github gate.
  • A tenant object is managed in config resources. It defines the local default tenant and the configured connections.
  • A new log-classify tech-preview post action is available and can be de-activated using the logclassify_optin job variable. Job reports can be injected as a job result using the logclassify_report job variable
  • A new sfconfig.yaml option called clouds_file enables setting user-defined os-client-config clouds.yaml file.
  • Regular Expressions for the pre-release and release pipelines are now configurable via sfconfig.yaml, use the setting prerelease_regexp and release_regexp. Default values are set to be compliant with Semantic Versioning.
  • A SAML2-enabled Identity Provider can be configured as an authentication backend.
  • New tenant-deployment settings enables deployment where zuul and nodepool are running remotely.
  • The canonical hostname can be set in sfconfig.yaml for zuul connections.
  • Github App key can be defined as a file path instead of inlined content in sfconfig.yaml
  • The Zuul MQTT driver is automatically configured when the firehose component is enabled. The default topic can be updated with the custom-vars, zuul_mqtt_start_topic, zuul_mqtt_success_topic and zuul_mqtt_failure_topic.
  • Services public keys are now available on https://fqdn/keys.

Known Issues

  • Gerrit users are no longer deleted through the managesf API. To fully delete a gerrit user, a new 'delete-gerrit-user.sh' script is provided.
  • The SAML session is discarded immediately after the authentication is successful, the session is still handled by auth_pubtkt in cauth. This means that terminating a user's session on the Identity Provider will not terminate it on Software Factory. The administrator should configure Software Factory's cookie timeout to match the Identity Provider's own session timeout.

Upgrade Notes

  • The ceph repository needs to be manually removed before installing the 3.1 repository using this command: yum remove -y centos-release-ceph-jewel
  • The ansible version provided by CentOS extras is replaced by the one already packaged in scl for Zuul.
  • The hypervisor-oci component is renamed hypervisor-runc. Any nodesets using the default centos-oci needs to be adapted to use the new runc-centos label.
  • A _internal.yaml file is created with the default managed config/resources. Config project and acls are removed from common files.
  • The nodepool-builder service package upgrades may fail when there is a dedicated mountpoint for /var/opt/rh/rh-python35/cache/nodepool that contains leaked dib mounts. Make sure the nodepool cache is un-mounted and update your fstab to use /var/cache/nodepool instead.
  • Gerrit HTTP passwords are removed during the upgrade. The Gerrit REST API is now available using the API key provided by cauth. Users need to re-generate an API key (this can be done from the user settings page) and replace the old password using the new key.

Deprecation Notes

  • The --zuul-ssh-key, --zuul-upstream-zuul-jobs and --zuul-external-gerrit sfconfig command line arguments are no longer supported. Use the sfconfig.yaml configuration file to configure those options.

Bug Fixes

  • Zuul scheduler keys are now properly backed up
  • Install-server restore now keeps the desired target arch.yaml
  • The default admin password is now automatically set to a random string.

Other Notes

  • Gerrit All-projects project.config Software Factory default ACLs additions are checked/updated at every sfconfig run.

cauth-0.12.1

  • API keys are now set to gerrit http password when the service is available.
  • A gerrit option 'register_user' has been added to toggle user creation.
  • The GitHub OAuth application doesn't request organization read access when the allowed_organizations restriction is not set.

managesf-0.18.1

New Features

  • The resources model got a new connection object to fully describe repository location.
  • The resources model got a new tenant object, the root model object for the Tenant capability of Software Factory.

Upgrade Notes

  • HTTP password controller is removed, this is now managed by Cauth's API key.

Other Notes

Updated Packages

  • ara-0.15.0-1.el7
  • bubblewrap-0.2.1-1.el7
  • cauth-0.12.1-8.el7
  • gerrit-2.14.7-1.el7
  • gerritbot-0.4.0-1.el7
  • lecm-0.0.7-3.el7
  • lodgeit-0.2-1.el7
  • managesf-0.18.1-6.el7
  • python-log2gearman-0.1-3.20171211gitc646602.el7
  • python-pkginfo-1.4.2-1.el7
  • python-requests-toolbelt-0.8.0-1.el7
  • python-sfmanager-0.5.0-4.el7
  • python-testinfra-1.14.1-1.el7
  • python-twine-1.11.0-1.el7
  • repoxplorer-1.3.1-1.20180726.a05b6af.el7
  • rh-python35-GitPython-2.1.10-1.el7
  • rh-python35-ansible-2.5.5-1.el7
  • rh-python35-ara-0.15.0-1.el7
  • rh-python35-diskimage-builder-2.15.1-1.el7
  • rh-python35-dlrn-0.8.0-1.el7
  • rh-python35-nodepool-3.2.0-2.el7
  • rh-python35-python-APScheduler-3.5.1-1.el7
  • rh-python35-python-CacheControl-0.12.4-1.el7
  • rh-python35-python-gear-0.12.0-1.el7
  • rh-python35-python-gitdb-2.0.3-1.el7
  • rh-python35-python-jwt-1.6.4-1.el7
  • rh-python35-python-keystoneauth1-3.8.0-1.el7
  • rh-python35-python-openstacksdk-0.16.0-1.el7
  • rh-python35-python-psutil-5.4.5-1.el7
  • rh-python35-python-pyasn1-0.4.3-1.el7
  • rh-python35-python-pycparser-2.18-1.el7
  • rh-python35-python-shade-1.28.0-1.el7
  • rh-python35-python-uvloop-0.9.1-1.el7
  • rh-python35-python-webob-1.8.2-1.el7
  • rh-python35-rdopkg-0.46.3-2.el7
  • rh-python35-zuul-3.2.0-3.el7
  • rh-python35-zuul-jobs-0.1-0.12.20180731git5e5ecdb.el7
  • sf-config-3.1.1-4.el7
  • sf-docs-3.1.0-1.el7
  • sf-elements-0.6.0-2.el7
  • sf-release-3.1.2-3.el7
  • sf-web-assets-1.0-5.el7

New Packages

  • cgit-1.1-8.el7
  • python-tqdm-4.19.6-1.el7
  • rh-python35-Cython-0.28.3-1.el7
  • rh-python35-dlrnapi-client-0.5.0-1.el7
  • rh-python35-logreduce-0.1.3-1.el7
  • rh-python35-python-SecretStorage-3.0.1-1.el7
  • rh-python35-python-bottle-0.12.13-1.el7
  • rh-python35-python-cachetools-2.0.1-1.el7
  • rh-python35-python-cherrypy-8.9.1-3.el7
  • rh-python35-python-dictdiffer-0.7.1-1.el7
  • rh-python35-python-fasteners-0.14.1-10.el7
  • rh-python35-python-future-0.16.0-1.el7
  • rh-python35-python-gevent-1.2.2-2.el7
  • rh-python35-python-gflags-2.0-10.el7
  • rh-python35-python-google-auth-1.4.2-1.el7
  • rh-python35-python-greenlet-0.4.13-2.el7
  • rh-python35-python-httplib2-0.10.3-2.el7
  • rh-python35-python-jeepney-0.3-1.el7
  • rh-python35-python-keyring-11.0.0-2.el7
  • rh-python35-python-kubernetes-6.0.0-3.el7
  • rh-python35-python-oauth2client-4.1.2-2.el7
  • rh-python35-python-oauthlib-2.0.1-4.el7
  • rh-python35-python-openshift-0.6.0-2.el7
  • rh-python35-python-os-service-types-1.2.0-2.el7
  • rh-python35-python-pycurl-7.43.0-14.el7
  • rh-python35-python-repoze-lru-0.4-17.el7
  • rh-python35-python-requests-oauthlib-0.8.0-3.el7
  • rh-python35-python-routes-2.4.1-4.el7
  • rh-python35-python-rsa-3.4.2-4.el7
  • rh-python35-python-ruamel-yaml-0.13.14-1.el7
  • rh-python35-python-string-utils-0.6.0-1.el7
  • rh-python35-python-tornado-4.5.2-2.el7
  • rh-python35-python-websocket-client-0.47.0-1.el7
  • rh-python35-python-ws4py-0.5.1-1.el7

Digest

The packages are signed with this key: E46E04A2344803E5A808BDD7E8C203A71C3BAE4B - release@softwarefactory-project.io

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

8deb28380c6dc537077650023a0a576b809099d784fa92211ef206d1d5c6238a  sf-release-3.1.2-3.el7.noarch.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJbYuSPAAoJEOjCA6ccO65LTD4P/iXOxFGTj8SUgKjYo6/gnWY7
8Nlbw0kqhDUTg4ufFwzQ3AFA+1E5DFkEolkXVgXksIlukK+c6ilwWGrbVcc82OQo
WKuSEDzPmOGX8b9Mb1kZv9L8B13fmH9DT8aAyIZzZvEDRrPheKnk0tp6gTFqmTx6
vBRXh7jrAU5UbypxJ/7bxZGza+AKTDaujwtngibBc/0V+iWpbhZtQDkDJ6Up1yCv
Ydqd6qPzUgLTiqJIQTCIZbdSDDslIetc17RgAtT0x203pj1xpCVyI//l7o3b5OUf
PRx03tqEOR7sB5975fz5zyEl7RkR7uuSpHQQDq08A2BnDdmIJ/eOP8+NwivuigHT
p3uwDGcQN5Jw0ItIhDUDlurbhokm53/2FWLi5mA2VM1LmCY9RhoNGAq1jT6CmjJJ
GCQiYWaTEs/gpMwhlF2Iu41xYXr9/UYABq+4UnbVoopDg89n3CctSrHipjIkziVw
SRTDqw+S5m53eADLOFmFezaPJLRaOixUsQ1MNvsIU2Jh/HWwYy4M0wtaFxFFyZTT
zY/sbq6aBIZHraS5idyes+fYxlm590PhjuVZphETeHWe2gLlyXPixhw8e33+Ztvl
IWJ8R9li7527c7VSRsQI2DRvlFffNX8SXqfZpWS7mxEm4e152HtR4cWUu1outkiX
27++v8At5aPoz+Edfe7D
=dhQf
-----END PGP SIGNATURE-----