From d95e237f3df6671a156a5ba807ae18d033db6796 Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Tue, 2 Aug 2022 11:20:29 +0100 Subject: [PATCH] Persist Bifrost's autogenerated passwords By default Bifrost generates passwords for use by services, and stores them in files in /root/.config/bifrost/ in the container. This directory is not persistent, so the passwords are lost if the container is recreated. This is generally not a problem, because recreating the container is generally done when redeploying Bifrost, and new passwords will be generated and written to configuration files. However, if you access the Ironic or Inspector APIs outside of the Bifrost playbooks, the credentials will have changed. This change fixes the issue by persisting the credentials directory in a Docker volume. Note that applying this change will cause existing credentials to be removed. Closes-Bug: #1983356 Change-Id: I45a899e228b7634ba86fab5822139252c48a7f07 --- ansible/roles/bifrost/tasks/start.yml | 1 + .../bifrost-persistent-passwords-0f30bc0e7f864669.yaml | 8 ++++++++ 2 files changed, 9 insertions(+) create mode 100644 releasenotes/notes/bifrost-persistent-passwords-0f30bc0e7f864669.yaml diff --git a/ansible/roles/bifrost/tasks/start.yml b/ansible/roles/bifrost/tasks/start.yml index 2425c887c4..eca4deb039 100644 --- a/ansible/roles/bifrost/tasks/start.yml +++ b/ansible/roles/bifrost/tasks/start.yml @@ -17,3 +17,4 @@ - "bifrost_ironic:/var/lib/ironic/" - "bifrost_mariadb:/var/lib/mysql/" - "bifrost_tftpboot:/tftpboot/" + - "bifrost_config:/root/.config/bifrost/" diff --git a/releasenotes/notes/bifrost-persistent-passwords-0f30bc0e7f864669.yaml b/releasenotes/notes/bifrost-persistent-passwords-0f30bc0e7f864669.yaml new file mode 100644 index 0000000000..7a2310bdd9 --- /dev/null +++ b/releasenotes/notes/bifrost-persistent-passwords-0f30bc0e7f864669.yaml @@ -0,0 +1,8 @@ +--- +fixes: + - | + Fixes an issue in the ``bifrost_deploy`` container where passwords + generated by Bifrost were not persistent beyond the lifetime of the + container. This is generally not a problem unless you access the Ironic or + Inspector APIs outside of the Bifrost playbooks. `LP#1983356 + `_