Fedora 34, 38, and 29, as well as Ubuntu 22.04 now have canned guest images.
Containers and Kubernetes
The Shaken Fist client can now orchestrate K3S Kubernetes clusters for you. The
lifecycle support is relatively simple at the moment, with cluster creation and
deletion supported, as well as fetching the kubectl configuration from the
cluster. This will be expanded over time. This support is implemented entirely
in the Shaken Fist python client, and heavily utilises the in guest agent
added in v0.7. The client side nature of the orchestration makes it easy for you
to customize the orchestration if desired without having to alter the main
IP address management has moved to a new baseobject called IPAM. Events are
therefore recorded for address management as you would expect.
Addresses released on any network (including the floating network) are now
quarantined for IP_DELETION_HALO_DURATION seconds after deletion before they
can be reused. The only exception to this is if a network is heavily congested
and an allocation attempt will fail. In that case the halo is temporarily
reduced to 30 seconds and a warning log message is emitted.
You can now list the addresses in use for a given network with the
sf-client network addresses ...uuid... command.
In order to support the K3S Kubernetes orchestration, the concept of routed
IPs was introduced. A routed IP is an address from the floating address pool
which uses routing to deliver traffic to the relevant virtual network. An
interface on the virtual network must then have been configured by the user to
answer ARP requests for that address. This works well with metallb, which our
K3S orchestration uses to expose services.
Network orchestration now waits for iptables locks, instead of failing
commands in high load situations.
Shaken Fist can now capture screenshots of instance consoles.
Pause and unpause are now retried several times on failure, as sometimes libvirt
does not respond correctly.
Specifying an incorrect disk bus now returns a more helpful error.
When you refer to an artifact by name, and there is more than one match then
the match in your local namespace (if any) is now preferred instead of returning
We no longer reset the authentication secret used to generate authentication
tokens on upgrade. This means tokens from before an upgrade will continue to work
for their normal lifetime.
We now lock versions of upstream Ansible Galaxy dependencies.
Events are no longer queued via etcd unless the eventlog node is down at the
time of the event. This reduces the number of etcd writes significantly during
CI runs and therefore improves the reliability of etcd. The new approach is
to make gRPC calls directly to the eventlog node if it is available.
We now use gRPC calls to compact etcd, instead of relying on a python client
wrapper. This means we can now update our gRPC and protobuf dependencies to
much more recent versions.
CI has been moved from relatively unreliable scraping of the instance serial
console over telnet to using the Shaken Fist in-guest agent to inspect the
state of instances for correctness.
The slow lock warning threshold is no longer configurable (SLOW_LOCK_THRESHOLD).
Instead, a warning is emitted if a lot takes more than half of the specified
timeout period to be acquired. This change was made because in some places we
expect to wait a long time for a lock -- for example serialized fetches of a
single resource from outside the cluster, but we also wanted to enforce locks
didn't take a long time to acquire in CI.
Shaken Fist now uses Renovate to keep the dependencies of the develop
branch up to date. This means that locking requirements at release time is no
longer required, and is therefore more reliable.
The qemu commands generated now vary based on the version of qemu installed
on the machine. This was required to support the newer qemu version in