New stable DebOps release, v3.0.0
by Maciej Delmanowski
Hello everyone,
DebOps v3.0.0 is here, finally. The release was meant to be done in January,
but as usual, a bit of a lag on my part, please forgive me. In this one we have
completely rewritten 'debops' scripts, full Ansible Collection compatibility,
cool new Ansible roles to play with and more. On with the show!
New DebOps release, v3.0.0
--------------------------
You can find the new version of DebOps on:
GitHub: https://github.com/debops/debops/releases/tag/v3.0.0
PyPI: https://pypi.python.org/pypi/debops/3.0.0
Galaxy: https://galaxy.ansible.com/debops/debops/
You can upgrade the Python-based installation by running the command:
pip3 install --upgrade debops
Installation instructions can be found here:
https://docs.debops.org/en/stable-3.0/introduction/install.html
The brief Changelog can also be found on the documentation page:
https://docs.debops.org/en/stable-3.0/news/changelog.html
Complete, detailed changelog can be viewed using the 'git log' command.
You can use the 'git log --no-merges' command to skip the "boring" merge
commits.
The DebOps documentation has a separate page which details important
changes from previous release in the Ansible inventory or on the remote
hosts which you might need to perform manually:
https://docs.debops.org/en/stable-3.0/news/upgrades.html
The Python packages available on PyPI, as well as the tarballs available
on GitHub are signed with my GPG key. You can get it from the OpenPGP
keyserver network using the command:
gpg --keyserver hkp://pool.sks-keyservers.net \
--recv-keys 27067A91D620EE91D50309D92DCCF53E9BC74BEC
The v3.0.0 development cycle finished with ~569 commits (without merges). It
was a bit longer, about 8 months give or take, so there's lots of commits. I'd
like to thank all of the contributors to this release:
245 Maciej Delmanowski
170 David Härdeman
41 Robin Schneider
37 Imre Jonk
22 Julien Lecomte
5 Andreas Zilian
4 Jan Kowalsky
4 Petr Boušek
4 Serge Victor
3 Alin Alexandru
3 Christoph Johannes Kleine
3 Jonathan Struebel
3 Émile Morel
2 Gabriel Lewertowski
2 Huynh Gia Hung
2 Stefan G. Weichinger
2 Thomas Danielsson
2 oxmie
1 Andrew Rowson
1 Ciril Troxler
1 Dan Sheridan
1 David Messingschlager
1 Deni
1 John Schmidt
1 Jérémy Rosen
1 Mathieu MD
1 Mohamed Tawfik
1 Patryk Ściborek
1 Rudy Gevaert
1 Sorin Sbarnea
1 Stuart Mumford
1 The Right Honourable Reverend
1 voidplayer
Thanks to everyone for bugfixes, new functionalities and improvements. See you
around in the commits next time!
Goals reached since previous release
------------------------------------
New DebOps scripts are finally here! I started working on them around 2020, so
it took some time... The current scripts should be functionally the same as the
old ones, apart from the small changes in CLI syntax, next iteration will start
to bring in new functionality and features.
I didn't have to time to check out the Ansible role arguments specification.
This will have to be done at a later date, but I still want to implement it at
some point. Stay tuned.
The 'stable-2.1' branch has been retired
----------------------------------------
The v2.1.x series of DebOps releases has been retired, no new updates will be
done on this branch. You should consider upgrading your environments to
a newer DebOps release; check the upgrade notes for important information
about changes required to be done by hand.
The v2.1.0 version was released on June 21th 2020, it had 9 patch releases
since then. The v2.1 release added support for InfluxDB and journald, among
other things. It was the first release with split Ansible Collections; it had
to be done because of the 2 MB limit for a collection tarball on Ansible
Galaxy. The REUSE Specification was also implemented at this time, to ensure
easy license compliance within the project.
New release highlights
----------------------
As usual, there are many interesting changes and new features in a DebOps
release. I suggest that you check out the Changelog of the latest release;
below you can find a list of highlights:
- New DebOps scripts is probably the biggest change this release. They come
with a new set of manual pages (check 'man debops' as a starting point). The
scripts are also documented on the usual documentation website[1]. One
important feature that's missing is an easy way to view role defaults via an
editor. Hopefully an alternative will be implemented at some point. Also,
'debops --version' finally works as expected. :-)
[1]: https://docs.debops.org/en/stable-3.0/user-guide/scripts/index.html
- The DebOps monorepo is now a "real" Ansible Collection, you can clone the
git repository directly and with a bit of work use it as a collection in
your own projects. The new scripts also treat it as an Ansible Collection,
so the usual mechanisms in Ansible that refer to 'debops.debops.*'
collection should still work in various playbooks and roles. You can check
the installation instructions on the documentation site to see various
methods of using the collection in more detail.
And I just noticed that the v3.0.0 version of DebOps published on Ansible
Galaxy does not contain custom plugins provided with DebOps... The new
release will be published shortly to fix that issue, sorry about that!
- There are 8 new Ansible roles included with this release. Fans of monitoring
tools should like the new debops.telegraf and debops.zabbix_agent roles,
debops.pdns will be interesting for DNS administrators, mail admins should
check out the debops.rspamd and debops.imapproxy roles. New goodies for
everyone. :-)
- The 'from_toml' and 'to_toml' custom filter plugins should help with
software which uses TOML as the configuration language (including DebOps
itself). A few roles already use them, more will be updated to use the new
plugins over time.
- The 'debops.reprepro' role was been refreshed and can now manage multiple
sets of APT repositories on subdomains. Repositories can be secured by HTTP
Basic Auth, and the 'debops.apt' and 'debops.keyring' roles can configure
login/password credentials for them as needed.
- Support for Elasticsearch clusters has been improved - roles can configure
TLS encryption within the cluster nodes, as well as set up Elasticsearch
user accounts and roles. See the role documentation for more details.
- The 'debops.pki' role now supports wildcard X.509 certificates via 'certbot'
integration. You can use multiple DNS providers to manage the authentication
to Let's Encrypt via ACME. The old 'acme-tiny' method of managing
certificates is still supported and preferred for non-wildcard certificates.
Plans for the next development cycle
------------------------------------
As mentioned elsewhere, I would like to add "role arguments specification" to
all DebOps roles at some point in the future. I still need to check this
functionality and see how it works.
Since Docker Hub moved parts of its publishing functionality to the paid tier,
DebOps Docker images haven't been published consistently. I plan to
investigate a way to do the publishing using GitHub Actions, this should make
them available via Docker Hub once more. For now, you can build them manually
from the DebOps monorepo.
There are a few roles I want to focus on during the next release cycle. The
'minio' role is a bit old now, and since its creation MinIO project made
significant changes, for example added authentication and authorization
support in the service itself. It's time to take a closer look and implement
new functionality. :)
GitLab support in DebOps also is a bit stale. Debian project now provides
a FastTrack APT repository[2] which contains frequently updated gitlab .deb
packages. I would like to recreate the current 'gitlab' role and use the
packages from FastTrack as the installation method. This should ensure an
easier upgrade path in the future.
[2]: https://fasttrack.debian.net/
That's it for now. Again, sorry for the delay. The next minor point release,
v3.1.0, is planned for June 2022. Hopefully I will be able to make it on time
then.
See you later,
Maciej
2 years, 10 months