Persist Bifrost's autogenerated passwords

By default Bifrost generates passwords for use by services, and stores
them in files in /root/.config/bifrost/ in the container. This directory
is not persistent, so the passwords are lost if the container is
recreated. This is generally not a problem, because recreating the
container is generally done when redeploying Bifrost, and new passwords
will be generated and written to configuration files. However, if you
access the Ironic or Inspector APIs outside of the Bifrost playbooks,
the credentials will have changed.

This change fixes the issue by persisting the credentials directory in a
Docker volume. Note that applying this change will cause existing
credentials to be removed.

Closes-Bug: #1983356

Change-Id: I45a899e228b7634ba86fab5822139252c48a7f07

ansible/roles/bifrost/tasks/start.yml

@@ -17,3 +17,4 @@
       - "bifrost_ironic:/var/lib/ironic/"
       - "bifrost_mariadb:/var/lib/mysql/"
       - "bifrost_tftpboot:/tftpboot/"
+      - "bifrost_config:/root/.config/bifrost/"

releasenotes/notes/bifrost-persistent-passwords-0f30bc0e7f864669.yaml

@@ -0,0 +1,8 @@
+---
+fixes:
+  - |
+    Fixes an issue in the ``bifrost_deploy`` container where passwords
+    generated by Bifrost were not persistent beyond the lifetime of the
+    container. This is generally not a problem unless you access the Ironic or
+    Inspector APIs outside of the Bifrost playbooks. `LP#1983356
+    <https://bugs.launchpad.net/kolla-ansible/+bug/1983356>`_