Software Factory 3.1


This new release adds support for tenant deployment and Zuul configuration management from the resources.


Here is the documentation of the 3.1 release.

Release Notes (2018-10-16)


  • A bug in graph-render prevented grafana auto configuration when nodepool wasn't configured with any cloud provider.

Updated Packages

  • sf-config-3.1.2-4.el7

Release Notes (2018-08-20)


Updated Packages

  • cgit-1.2.1-2.el7

Release Notes (2018-08-08)


  • A bug in openstacksdk prevented nodepool to recover from cloud failure.

Upgrade Notes

  • Update the packages and restart the nodepool services:
    • ansible -m yum -a "name=* state=latest" nodepool-launcher:nodepool-builder
    • ansible -m service -a "name=rh-python35-nodepool-launcher state=restarted" nodepool-launcher
    • ansible -m service -a "name=rh-python35-nodepool-builder state=restarted" nodepool-builder

Updated Packages

  • rh-python35-python-cryptography-2.1.4-1.el7
  • rh-python35-python-openstacksdk-0.17.2-1.el7

Release Notes (2018-08-03)


New Features

  • A new zuul.ara_report option in sfconfig.yaml lets operators set the default behavior to copy ara report database. Set it to 'failure' to only copy the result when a job fails.
  • sfconfig checks for correct hostnames and sets them if needed before installing services to prevent DNS issues.
  • New tls_cert_file, tls_chain_file and tls_key_file sfconfig.yaml option let user set cutom TLS certificates.
  • A new cgit component is available to host a fast web frontend for gerrit repositories at https://fqdn/cgit.
  • A new default-tenant-name setting in sfconfig.yaml lets operators change the "local" tenant name.
  • A new config-location setting enables deployments where the config and jobs repository are hosted remotely, for example on an external gerrit or github.
  • SSL is enabled on zuul gearman service. A gearman-client script is installed on the scheduler host to enable direct connection.
  • A new app_name setting is added to sfconfig.yaml's github_connections list to auto-configure the github gate pipeline.
  • A new label_name setting is added to sfconfig.yaml's github_connections list to auto-configure a label requirement to github gate.
  • A tenant object is managed in config resources. It defines the local default tenant and the configured connections.
  • A new log-classify tech-preview post action is available and can be de-activated using the logclassify_optin job variable. Job reports can be injected as a job result using the logclassify_report job variable
  • A new sfconfig.yaml option called clouds_file enables setting user-defined os-client-config clouds.yaml file.
  • Regular Expressions for the pre-release and release pipelines are now configurable via sfconfig.yaml, use the setting prerelease_regexp and release_regexp. Default values are set to be compliant with Semantic Versioning.
  • A SAML2-enabled Identity Provider can be configured as an authentication backend.
  • New tenant-deployment settings enables deployment where zuul and nodepool are running remotely.
  • The canonical hostname can be set in sfconfig.yaml for zuul connections.
  • Github App key can be defined as a file path instead of inlined content in sfconfig.yaml
  • The Zuul MQTT driver is automatically configured when the firehose component is enabled. The default topic can be updated with the custom-vars, zuul_mqtt_start_topic, zuul_mqtt_success_topic and zuul_mqtt_failure_topic.
  • Services public keys are now available on https://fqdn/keys.

Known Issues

  • Gerrit users are no longer deleted through the managesf API. To fully delete a gerrit user, a new '' script is provided.
  • The SAML session is discarded immediately after the authentication is successful, the session is still handled by auth_pubtkt in cauth. This means that terminating a user's session on the Identity Provider will not terminate it on Software Factory. The administrator should configure Software Factory's cookie timeout to match the Identity Provider's own session timeout.

Upgrade Notes

  • The ceph repository needs to be manually removed before installing the 3.1 repository using this command: yum remove -y centos-release-ceph-jewel
  • The ansible version provided by CentOS extras is replaced by the one already packaged in scl for Zuul.
  • The hypervisor-oci component is renamed hypervisor-runc. Any nodesets using the default centos-oci needs to be adapted to use the new runc-centos label.
  • A _internal.yaml file is created with the default managed config/resources. Config project and acls are removed from common files.
  • The nodepool-builder service package upgrades may fail when there is a dedicated mountpoint for /var/opt/rh/rh-python35/cache/nodepool that contains leaked dib mounts. Make sure the nodepool cache is un-mounted and update your fstab to use /var/cache/nodepool instead.
  • Gerrit HTTP passwords are removed during the upgrade. The Gerrit REST API is now available using the API key provided by cauth. Users need to re-generate an API key (this can be done from the user settings page) and replace the old password using the new key.

Deprecation Notes

  • The --zuul-ssh-key, --zuul-upstream-zuul-jobs and --zuul-external-gerrit sfconfig command line arguments are no longer supported. Use the sfconfig.yaml configuration file to configure those options.

Bug Fixes

  • Zuul scheduler keys are now properly backed up
  • Install-server restore now keeps the desired target arch.yaml
  • The default admin password is now automatically set to a random string.

Other Notes

  • Gerrit All-projects project.config Software Factory default ACLs additions are checked/updated at every sfconfig run.


  • API keys are now set to gerrit http password when the service is available.
  • A gerrit option 'register_user' has been added to toggle user creation.
  • The GitHub OAuth application doesn't request organization read access when the allowed_organizations restriction is not set.


New Features

  • The resources model got a new connection object to fully describe repository location.
  • The resources model got a new tenant object, the root model object for the Tenant capability of Software Factory.

Upgrade Notes

  • HTTP password controller is removed, this is now managed by Cauth's API key.

Other Notes

Updated Packages

  • ara-0.15.0-1.el7
  • bubblewrap-0.2.1-1.el7
  • cauth-0.12.1-8.el7
  • gerrit-2.14.7-1.el7
  • gerritbot-0.4.0-1.el7
  • lecm-0.0.7-3.el7
  • lodgeit-0.2-1.el7
  • managesf-0.18.1-6.el7
  • python-log2gearman-0.1-3.20171211gitc646602.el7
  • python-pkginfo-1.4.2-1.el7
  • python-requests-toolbelt-0.8.0-1.el7
  • python-sfmanager-0.5.0-4.el7
  • python-testinfra-1.14.1-1.el7
  • python-twine-1.11.0-1.el7
  • repoxplorer-1.3.1-1.20180726.a05b6af.el7
  • rh-python35-GitPython-2.1.10-1.el7
  • rh-python35-ansible-2.5.5-1.el7
  • rh-python35-ara-0.15.0-1.el7
  • rh-python35-diskimage-builder-2.15.1-1.el7
  • rh-python35-dlrn-0.8.0-1.el7
  • rh-python35-nodepool-3.2.0-2.el7
  • rh-python35-python-APScheduler-3.5.1-1.el7
  • rh-python35-python-CacheControl-0.12.4-1.el7
  • rh-python35-python-gear-0.12.0-1.el7
  • rh-python35-python-gitdb-2.0.3-1.el7
  • rh-python35-python-jwt-1.6.4-1.el7
  • rh-python35-python-keystoneauth1-3.8.0-1.el7
  • rh-python35-python-openstacksdk-0.16.0-1.el7
  • rh-python35-python-psutil-5.4.5-1.el7
  • rh-python35-python-pyasn1-0.4.3-1.el7
  • rh-python35-python-pycparser-2.18-1.el7
  • rh-python35-python-shade-1.28.0-1.el7
  • rh-python35-python-uvloop-0.9.1-1.el7
  • rh-python35-python-webob-1.8.2-1.el7
  • rh-python35-rdopkg-0.46.3-2.el7
  • rh-python35-zuul-3.2.0-3.el7
  • rh-python35-zuul-jobs-0.1-0.12.20180731git5e5ecdb.el7
  • sf-config-3.1.1-4.el7
  • sf-docs-3.1.0-1.el7
  • sf-elements-0.6.0-2.el7
  • sf-release-3.1.2-3.el7
  • sf-web-assets-1.0-5.el7

New Packages

  • cgit-1.1-8.el7
  • python-tqdm-4.19.6-1.el7
  • rh-python35-Cython-0.28.3-1.el7
  • rh-python35-dlrnapi-client-0.5.0-1.el7
  • rh-python35-logreduce-0.1.3-1.el7
  • rh-python35-python-SecretStorage-3.0.1-1.el7
  • rh-python35-python-bottle-0.12.13-1.el7
  • rh-python35-python-cachetools-2.0.1-1.el7
  • rh-python35-python-cherrypy-8.9.1-3.el7
  • rh-python35-python-dictdiffer-0.7.1-1.el7
  • rh-python35-python-fasteners-0.14.1-10.el7
  • rh-python35-python-future-0.16.0-1.el7
  • rh-python35-python-gevent-1.2.2-2.el7
  • rh-python35-python-gflags-2.0-10.el7
  • rh-python35-python-google-auth-1.4.2-1.el7
  • rh-python35-python-greenlet-0.4.13-2.el7
  • rh-python35-python-httplib2-0.10.3-2.el7
  • rh-python35-python-jeepney-0.3-1.el7
  • rh-python35-python-keyring-11.0.0-2.el7
  • rh-python35-python-kubernetes-6.0.0-3.el7
  • rh-python35-python-oauth2client-4.1.2-2.el7
  • rh-python35-python-oauthlib-2.0.1-4.el7
  • rh-python35-python-openshift-0.6.0-2.el7
  • rh-python35-python-os-service-types-1.2.0-2.el7
  • rh-python35-python-pycurl-7.43.0-14.el7
  • rh-python35-python-repoze-lru-0.4-17.el7
  • rh-python35-python-requests-oauthlib-0.8.0-3.el7
  • rh-python35-python-routes-2.4.1-4.el7
  • rh-python35-python-rsa-3.4.2-4.el7
  • rh-python35-python-ruamel-yaml-0.13.14-1.el7
  • rh-python35-python-string-utils-0.6.0-1.el7
  • rh-python35-python-tornado-4.5.2-2.el7
  • rh-python35-python-websocket-client-0.47.0-1.el7
  • rh-python35-python-ws4py-0.5.1-1.el7


The packages are signed with this key: E46E04A2344803E5A808BDD7E8C203A71C3BAE4B -

Hash: SHA1

8deb28380c6dc537077650023a0a576b809099d784fa92211ef206d1d5c6238a  sf-release-3.1.2-3.el7.noarch.rpm
Version: GnuPG v2.0.22 (GNU/Linux)