openstack
/
ironic
Code Issues Proposed changes

Add release note on conntrack issue on bionic 

Adding a release note explaining the issue with Ironic CI
and conntrack on ubuntu bionic.

Change-Id: Ie25c8d9117072020bb84a5c6e6f63191ff632870
This commit is contained in:
Riccardo Pittau 2019-03-19 10:58:13 +01:00
parent 5b4c929c96
commit e3c606d4ef
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
releasenotes/notes/issue-conntrack-bionic-7483671771cf2e82.yaml Normal file
View File

@ -0,0 +1,13 @@
---
issues:
- |
As good security practice[0], in Ubuntu Bionic the ``nf_conntrack_helper``
is disabled.
This causes an issue when using the ``pxe`` boot interface with the PXE
environment that breaks some of the Ironic CI tests, since Ironic needs
conntrack for TFTP traffic.
It's still possible to use Ironic with PXE on Ubuntu Xenial, and it's also
possible to use Ironic with PXE on Ubuntu Bionic using a workaround based
on custom firewall rules as shown in [0].
[0] https://home.regit.org/netfilter-en/secure-use-of-helpers/