Releases: gprocunier/calabi
Releases · gprocunier/calabi
Calabi v1.2.1
Calabi v1.2.1 (2026-04-18)
This maintenance release hardens bootstrap sequencing after v1.2.0, with the
most important fixes centered on authoritative DNS bring-up and the new
on-prem staged runner flow.
What Changed
DNS Bootstrap Reliability
- Taught the hypervisor uplink bootstrap to prefer authoritative IdM DNS as
soon as it is reachable, instead of hard-coding a single transition target. - Taught bastion host-side provisioning and bastion guest bootstrap to derive
DNS servers from the current bootstrap stage, preserving fallback behavior
until IdM DNS is actually available. - Reduced early bootstrap failures where bastion or hypervisor work could race
ahead of authoritative DNS availability.
Bastion And Guest Staging Hardening
- Added more robust bastion guest RHSM registration handling for both
activation-key and username/password paths. - Improved host-side bastion disk reseed handling by resolving the real block
device path and tolerating benign partition reread behavior. - Tightened supporting guest and host bootstrap tasks around staged package and
service preparation.
On-Prem Runner Flow
- Fixed on-prem bastion-stage inventory/runtime issues that could break
wrapper-drivensite-bootstrapruns. - Added on-prem runner scripts for tracked workstation, bastion, and remote
bastion execution:on-prem-openshift-demo/scripts/run_local_playbook.shon-prem-openshift-demo/scripts/run_bastion_playbook.shon-prem-openshift-demo/scripts/run_remote_bastion_playbook.sh
- Added
on-prem-openshift-demo/scripts/lab-dashboard.shsupport for tracked
runner state and operator visibility.
Docs And Publish Tree
- Updated AWS and on-prem docs to use tracked runner wrappers as the operator
entrypoints for the automation flow. - Published sanitized inventory defaults in the release tree so GitHub-facing
content does not carry local operator addresses or lab credentials. - Kept the validated AWS deployment path intact while documenting the on-prem
path as the alternate staged target.
Release Status
- Release tag:
v1.2.1 - Current validated release for the sanitized publish tree
- Includes bootstrap DNS reliability fixes and on-prem staged-flow hardening
Key Entry Points
- Main lab entry:
aws-metal-openshift-demo/README.md - Main docs map:
aws-metal-openshift-demo/docs/README.md - On-prem docs map:
on-prem-openshift-demo/docs/README.md - AWS bootstrap wrapper:
aws-metal-openshift-demo/scripts/run_local_playbook.sh - On-prem bootstrap wrapper:
on-prem-openshift-demo/scripts/run_local_playbook.sh
Notes
v1.2.1supersedesv1.2.0as the current release tag.- The GitHub Pages docs workflow remains functional on this release line.
Calabi v1.2.0
Calabi v1.2.0 (2026-04-09)
This release adds an experimental on-prem deployment mode while keeping the
validated AWS-target path intact.
What Changed
Experimental On-Prem Deployment Mode
- Added a new on-prem subtree:
on-prem-openshift-demo/
- Added on-prem entrypoints for:
playbooks/site-bootstrap.ymlplaybooks/site-lab.yml
- Added an on-prem host bootstrap path that assumes:
- a preinstalled RHEL hypervisor
- an operator-provided LVM volume group for guest storage
- Added on-prem guest disk provisioning that:
- validates volume-group existence
- validates free space before
lvcreate - creates the expected guest logical volumes
- publishes
/dev/ebs/*compatibility symlinks
AWS-Safe Isolation
- Reworked the on-prem implementation so the validated AWS codepath stays
pristine. - Kept all on-prem-specific behavior in local wrappers and on-prem-local
playbooks instead of modifyingaws-metal-openshift-demo/. - Added an explicit on-prem bastion-to-hypervisor handoff model with:
on_prem_bastion_hypervisor_hoston_prem_bastion_hypervisor_user
- Removed the runtime requirement for
ec2-useron the on-prem hypervisor.
On-Prem Docs
- Added an on-prem docs set under:
on-prem-openshift-demo/docs/
- Covered the early steps that differ materially from AWS:
- prerequisites
- automation flow
- manual process
- host sizing and resource policy
- portability and gap analysis
- Marked the on-prem path as experimental in the source docs.
- Added explicit handoff points back to the main AWS docs once bastion staging
is complete. - Tightened the on-prem prose so it reads like operator guidance rather than an
analysis memo.
GitHub Pages
- Added the on-prem docs to the rendered site as first-class Pages routes.
- Added an experimental on-prem entry from the main site flow while keeping the
primary top-level navigation unchanged:OPEN THE LABDOCS MAP
- Surfaced the on-prem path from:
- the repo root landing page
- the docs map
- Added a Pages-side experimental treatment for the on-prem subtree and kept
the docs handoff back to the main AWS docs clear.
Release Status
- Release tag:
v1.2.0 - Current validated clean-deploy release
- The validated AWS-target deployment path remains the primary release path
- The on-prem mode is included as an experimental alternate target
Key Entry Points
- Main lab entry:
aws-metal-openshift-demo/README.md - Main docs map:
aws-metal-openshift-demo/docs/README.md - On-prem docs map:
on-prem-openshift-demo/docs/README.md - On-prem bootstrap:
on-prem-openshift-demo/playbooks/site-bootstrap.yml - On-prem lab entry:
on-prem-openshift-demo/playbooks/site-lab.yml
Notes
v1.2.0supersedesv1.1.0as the current release tag.- The AWS-target path remains the validated baseline.
- The GitHub Pages workflow is functional, but the stock Actions dependencies
still emit a Node 20 deprecation advisory that should be cleaned up in a
future maintenance change.
Calabi v1.1.0
Calabi v1.1.0 (2026-04-09)
This release captures the merge of the calabi-ad-services feature branch into
main, plus the validation and documentation work needed to cut a clean
release from it.
What Changed
AD Services And Trust Flow
- Added the AD support-service path to the orchestration flow.
- Formalized the support-service order around:
- AD server
- IdM
- IdM/AD trust
- bastion join
- Codified the AD/IdM bridge data and the trust-side group mapping model that
feeds downstream auth consumers.
Authentication Model
- Kept OpenShift on the validated auth baseline of:
HTPasswdbreakglass- Keycloak OIDC
- group-based RBAC
- Replaced AAP direct LDAP auth with Keycloak OIDC as the clean-build path.
- Validated AD-backed user login to AAP on:
- the repaired in-place deployment path
- a clean AAP teardown and redeploy
Orchestration Hardening
- Hardened bastion-local generated workspace ownership handling for:
generated/ocpgenerated/tools
- Fixed stale tool-path and helper-path assumptions in post-install validation
and installer-binary publication. - Added bounded recovery to day-2 roles where a single bad pod or daemonset
member could strand a long deployment, including:- NMState
- Web Terminal
- AAP
- virtualization handler rollout
- Fixed multiple fresh-deploy defects discovered during validation runs, such as:
- missing mirror-registry Podman drop-in directory creation
- install-wait assumptions about rendezvous metadata
- post-install variable ordering and fact-default issues
Documentation And Pages
- Refreshed the runbooks and architecture docs to match the current validated
deployment shape. - Reworked
manual-process.mdto reflect the real support-service order,
trust checkpointing, clean-redeploy guidance, and the current auth baseline. - Published the GitHub Pages site for the docs set.
- Tightened the Pages structure around the repo’s authored reading flow:
- repo root README as the site entrypoint
OPEN THE LABDOCS MAP
- Fixed Mermaid rendering, linked inline repo paths back to source, and
cleaned up oversized or noisy rendered diagrams.
Release Status
- Release tag:
v1.1.0 - Current validated clean-deploy release
- Clean deployment confirmed on the current codebase
Key Entry Points
- Lab entry point:
aws-metal-openshift-demo/README.md - Docs map:
aws-metal-openshift-demo/docs/README.md - Build/rebuild order:
aws-metal-openshift-demo/docs/automation-flow.md - Manual runbook:
aws-metal-openshift-demo/docs/manual-process.md - Auth model:
aws-metal-openshift-demo/docs/authentication-model.md
Notes
v1.1.0supersedesv1.0.0as the current validated release.- The GitHub Pages workflow is functional, but the stock Actions dependencies
still emit a Node 20 deprecation advisory that should be cleaned up in a
future maintenance change.
Calabi v1.0.0
Calabi v1.0.0 (2026-04-05)
This is the first tagged release of Calabi.
Calabi is an Ansible-driven, single-host, fully disconnected OpenShift 4 lab
built on nested KVM. It is designed to let you demonstrate and iterate on
production-patterned installer and day-2 workflows while keeping the
infrastructure shape realistic.
What’s Included
aws-metal-openshift-demo/: the main lab implementation (AWS scaffolding,
hypervisor bootstrap, support guests, disconnected OpenShift install, day-2).cockpit/calabi-observer/: Cockpit plugin providing real-time observability
for the host resource management system onvirt-01(RPM spec included).- Documentation map and deep-dive guides under
aws-metal-openshift-demo/docs/.
Default Guest Sizing (Current)
- OpenShift
4.20.15 - 3 masters:
8 vCPU / 24 GiB - 3 infra:
16 vCPU / 64 GiB - 3 workers:
12 vCPU / 16 GiB
These values come from aws-metal-openshift-demo/vars/guests/openshift_cluster_vm.yml
and are discussed in aws-metal-openshift-demo/docs/host-resource-management.md.
See aws-metal-openshift-demo/docs/prerequisites.md for controller and input
expectations (including ansible-core 2.18 and a RHEL 10.1 guest image source).
Getting Started
- Entry point:
aws-metal-openshift-demo/README.md - Docs map:
aws-metal-openshift-demo/docs/README.md - Build/rebuild run order:
aws-metal-openshift-demo/docs/automation-flow.md
Security And Secrets
Calabi intentionally references secret inputs by path and keeps live credential
material out of Git. Start with:
aws-metal-openshift-demo/docs/secrets-and-sanitization.md
Notes
- This is an inaugural release; there are no prior version tags to upgrade
from. Future releases should add new entries toCHANGELOG.md.