diff --git a/doc/source/introduction/index-intro-27197f27ad41.rst b/doc/source/introduction/index-intro-27197f27ad41.rst index a33e985f0..328db6863 100644 --- a/doc/source/introduction/index-intro-27197f27ad41.rst +++ b/doc/source/introduction/index-intro-27197f27ad41.rst @@ -68,17 +68,23 @@ Supporting projects and repositories: For additional information about project teams, refer to the `StarlingX wiki `_. ----------------------------- -New features in this version ----------------------------- +----------------------------- +New features in StarlingX 9.0 +----------------------------- .. include:: /releasenotes/index.rst - :start-after: start-new-features-r8 - :end-before: end-new-features-r8 + :start-after: start-new-features-r9 + :end-before: end-new-features-r9 + +----------------------------- +New features in StarlingX 8.0 +----------------------------- + +**See**: https://docs.starlingx.io/r/stx.8.0/releasenotes/index.html#release-notes ----------------------------- New features in StarlingX 7.0 ----------------------------- -See: https://docs.starlingx.io/r/stx.7.0/releasenotes/r7-0-release-notes-85446867da2a.html#new-features-and-enhancements +**See**: https://docs.starlingx.io/r/stx.7.0/releasenotes/index.html#new-features-and-enhancements diff --git a/doc/source/releasenotes/index.rst b/doc/source/releasenotes/index.rst index 24fb6279d..426dcf4cf 100644 --- a/doc/source/releasenotes/index.rst +++ b/doc/source/releasenotes/index.rst @@ -6,9 +6,17 @@ .. _r8-0-release-notes-6a6ef57f4d99: -================================ -Release Notes (upcoming version) -================================ +================== +R9.0 Release Notes +================== + +.. rubric:: |context| + +StarlingX is a fully integrated edge cloud software stack that provides +everything needed to deploy an edge cloud on one, two, or up to 100 servers. + +This section describes the new capabilities, Known Limitations and Workarounds, +Defects fixed and deprecated information in StarlingX 9.0 Release. .. contents:: :local: @@ -18,581 +26,470 @@ Release Notes (upcoming version) ISO image --------- -The pre-built ISO (Debian) for StarlingX Release 8.0 are located at the +The pre-built ISO (Debian) for StarlingX Release 9.0 is located at the ``StarlingX mirror`` repo: -https://mirror.starlingx.windriver.com/mirror/starlingx/release/8.0.0/debian/monolithic/outputs/iso/ +https://mirror.starlingx.windriver.com/mirror/starlingx/release/9.0.0/debian/monolithic/outputs/iso/ ------------------------------------- -Source Code for StarlingX Release 8.0 +Source Code for StarlingX Release 9.0 ------------------------------------- -The source code for StarlingX Release 8.0 is available on the r/stx.8.0 +The source code for StarlingX Release 9.0 is available on the r/stx.9.0 branch in the `StarlingX repositories `_. ---------- Deployment ---------- -To deploy StarlingX Release 8.0, see `Consuming StarlingX `_. +To deploy StarlingX Release 9.0, see `Consuming StarlingX `_. -For detailed installation instructions, see `StarlingX 8.0 Installation Guides `_. +For detailed installation instructions, see `StarlingX 9.0 Installation Guides `_. ----------------------------- New Features and Enhancements ----------------------------- -.. start-new-features-r8 +.. start-new-features-r9 -The sections below provides a detailed list of new features and links to the +The sections below provide a detailed list of new features and links to the associated user guides (if applicable). -.. https://storyboard.openstack.org/#!/story/2010452 +********************* +Kubernetes up-version +********************* -********* -Debian OS -********* +In StarlingX 9.0, the Kubernetes version that is supported is in the range +of v1.24 to v1.27. -StarlingX Release 8.0 (and onwards) will only support a Debian-based Solution; -full StarlingX functionality is supported. StarlingX R8 release runs Debian -Bullseye (11.3) with the 5.10 kernel version from the Yocto project. +**************************************** +Platform Application Components Revision +**************************************** -Debian is a well-established Linux Distribution supported by a large and mature -open-source community and used by hundreds of commercial organizations, -including Google. |deb-prev-prods| has full functional equivalence to the -earlier CentOS-based versions of |deb-prev-prods|. From |prod-long| Release 8.0 -Debian OS is the only supported OS in |prod-long|. +.. Need updated versions for this section wherever applicable -Major features of Debian-based |prod| 8.0 include: +The following applications have been updated to a new version in StarlingX Release 9.0. +All platform application up-versions are updated to remain current and address +security vulnerabilities in older versions. -* Linux 5.10 Yocto-based kernel ( https://www.yoctoproject.org/ ) +- app-sriov-fec-operator: 2.7.1 - The Yocto Project Kernel: +- cert-manager: 1.11.1 - * tracks stable kernel updates very closely; staying very current with the - stable kernel, +- metric-server: 1.0.18 - * provides a reliable implementation of the preempt-rt patchset (see: - https://archive.kernel.org/oldwiki/rt.wiki.kernel.org/), and +- nginx-ingress-controller: 1.9.3 - * provides predictable and searchable |CVE| handling. +- oidc-dex: 2.37.0 -|org| leverages its existing relationships with the Yocto Project to -enhance development, bug fixes and other activities in the Yocto Project kernel -to drive |prod| quality and feature content. +- vault: 1.14.8 -* Debian Bullseye (11.3) +- portieris: 0.13.10 - Debian is a well-established Linux Distribution supported by a large and - mature open-source community. +- istio: 1.19.4 -* OSTree ( https://ostree.readthedocs.io/en/stable/manual/introduction/ ) +- kiali: 1.75.0 - OSTree provides for robust and efficient versioning, packaging and - upgrading of Linux-based systems. +****************** +FluxCD Maintenance +****************** +FluxCD helm-controller is upgraded from v0.27.0 to v0.35.0 and is compatible +with Helm version up to v3.12.1 and Kubernetes v1.27.3. -* An updated Installer to seamlessly adapt to Debian and OSTree - -* Updated software patching and upgrades for Debian and OSTree. - -***************************** -Operational Impacts of Debian -***************************** - -The operational impacts of Debian-based |prod| are: - -* Functional equivalence with CentOS-based |prod| - -* Use of the |prod| CLIs and APIs will remain the same: - - * |prod| on Debian will provide the same CLIs and APIs as |prod| on CentOS. - - * |prod| on Debian will run on a 5.10 based kernel. - - * |prod| on Debian will support the same set of Kubernetes APIs used in - |prod| on CentOS. - - * The procedure to install hosts will be unchanged by the migration from - CentOS to Debian. Only the ``grub`` menu has been modified. - - * The CLIs used for software updates (patching) will be unchanged by - the migration from CentOS to Debian. - -* User applications running in containers on CentOS should run on Debian - without modification. Re-validation of containers on Debian is encouraged to - identify any exceptions. - -* A small subset of operating system-specific commands will differ. Some of - these changes result from the switch in distributions while others are - generic changes that have accumulated since the release of the CentOS - distribution currently used. For example: - - * The Debian installation requires new pxeboot grub menus. See - :ref:`PXE Boot Controller-0 `. - - * Some prompt strings will be slightly different (for example: ssh login, - passwd command, and others). - - * Many 3rd-party software packages are running a newer version in Debian - and this may lead to minor changes in syntax, output, config files, and - logs. - - * The URL to expose keystone service does not have the version appended. - - * On Debian, interface and static routes need to be handled using system-API - (host-route-\*, host-if-\* and host-addr-\*). - - * Do not edit configuration files in ``/etc/network/`` as they are - regenerated from sysinv database after a system reboot. Any changes - directly done there will be lost. - - * The static routes configuration file is ``/etc/network/routes`` - - * Interface configuration files are located in - ``/etc/network/interfaces.d/`` - - * Debian stores network information in ``/etc/network`` instead of - ``/etc/sysconfig/network-scripts`` location used in CentOS. However, the - |prod| ``system`` commands are unchanged. |deb-update-iso| - - * Patching on Debian is done using ostree commits rather than individual - RPMs. - - You can see which packages are updated by ostree using the :command:`dpkg - -l` instead of :command:`rpm -qa` used on CentOS. - - * The patching CLI commands and Horizon interactions are the same as for - CentOS. - - * The supported patching CLI commands for |deb-release-ver| are: - - * ``sw-patch upload`` - * ``sw-patch upload-dir`` - * ``sw-patch apply`` - * ``sw-patch remove`` - * ``sw-patch delete`` - -******************************************************** -Change in Login for Systems installed from Prestaged ISO -******************************************************** - -In |prod-long| Systems installed using prestaging ISO has a -sysadmin account, and the default initial password is ``sysadmin`` -(default login / password combination is ``sysadmin/sysadmin``). The initial -password must be changed immediately after logging in to the host for the -first time. Follow the steps below: - -1. login: sysadmin - -2. password: sysadmin - -3. Current password: sysadmin - -4. New Password: - -5. Re-enter New Password: +FluxCD source-controller is upgraded from v0.32.1 to v1.0.1 and is compatible +with Helm version up to v3.12.1 and Kubernetes v1.27.3. **************** -CVSS v3 Adoption +Helm Maintenance **************** -|prod-long| is now using CVSS v3 instead of CVSS v2 as a fix criteria to evaluate -CVEs that need to be fixed. +Helm has been upgraded to v3.12.2 in StarlingX Release 9.0. -On a monthly basis, the |prod| is scanned for |CVE|'s and the reports that are -generated are reviewed by the Security team. +******************************************* +Support for Silicom TimeSync Server Adaptor +******************************************* -**See**: :ref:`cve-maintenance-723cd9dd54b3` for details. +The Silicom network adapter provides local time sync support via a local |GNSS| +module which is based on the Intel Columbiaville device. +- ``cvl-4.10`` Silicom driver bundle + - ice driver: 1.10.1.2 + - i40e driver: 2.21.12 + - iavf driver: 4.6.1 -******************************************************************** -Single Physical Core for Platform Function in All-In-One Deployments -******************************************************************** + .. note:: -The platform core usage is optimized to operate on a single physical core (with -two logical cores with Hyper-Threading enabled) for |AIO| deployments. + `cvl-4.10` is only recommended if the Silicom STS2 card is used. + +********************************************* +Kubernetes Upgrade Optimization - AIO-Simplex +********************************************* + +**Configure Kubernetes Multi-Version Upgrade Cloud Orchestration for AIO-SX** + +You can configure Kubernetes multi-version upgrade orchestration strategy using +the :command:`sw-manager` command. This feature is enabled from +|prod| |k8s-multi-ver-orch-strategy-release| and is supported only for the +|AIO-SX| system. + +**See**: :ref:`Configure Kubernetes Multi-Version Upgrade Cloud Orchestration for AIO-SX ` + +**Manual Kubernetes Multi-Version Upgrade in AIO-SX** + +|AIO-SX| now supports multi-version Kubernetes upgrades. In this model, +Kubernetes is upgraded by two or more versions after disabling applications and +then applications are enabled again. This is faster than upgrading Kubernetes +one version at a time. Also, the upgrade can be aborted and reverted to the +original version. This feature is supported only for |AIO-SX|. + +**See**: :ref:`Manual Kubernetes Multi-Version Upgrade in AIO-SX ` + +*********************************** +Platform Admin Network Introduction +*********************************** + +The newly introduced admin network is an optional network that is used to +monitor and control internal |prod| between the subclouds and system controllers +in a Distributed Cloud environment. This function is performed by the management +network in the absence of an admin network. However, the admin network is more +easily reconfigured to handle subnet and IP address network parameter changes +after initial configuration. + +In deployment configurations, static routes from the management or admin +interface of subclouds controller nodes to the system controller's management +subnet must be present. This ensures that the subcloud comes online after deployment. .. note:: - The use of single physical core for platform function is only suitable for - Intel® 4th Generation Xeon® Scalable Processors or above and should not be - configured for previous Intel® Xeon® CPU families. For All-In-One systems - with older generation processors, two physical cores (or more) must be - configured. + The admin network is optional. The default management network will be used + if it is not present. + +You can manage an optional admin network on a subcloud for IP connectivity to +the system controller management network where the IP addresses of the admin +network can be changed. **See**: -- :ref:`single-physical-core-for-platform-function-in-all-in-one-deployments-bec61d5a13f4` +- :ref:`Common Components ` +- :ref:`Manage Subcloud Network Parameters ` -************************************************** -AIO memory reserved for the platform has increased -************************************************** +**************************************************** +L3 Firewalls for all |prod-long| Platform Interfaces +**************************************************** -The amount of memory reserved for the platform for |prod| Release 8.0 on -an |AIO| controller has increased to 11 GB for hosts with 2 numa nodes. +|prod| incorporates default firewall rules for the platform networks (|OAM|, +management, cluster-host, pxeboot, admin, and storage). You can configure +additional Kubernetes Network Policies to augment or override the default rules. -************************************************* -Resizing platform-backup partition during install -************************************************* +**See**: -During Installation: If a platform-backup partition exists, it will no -longer be wiped in normal installation operations. The platform-backup -partition can be resized during the install; although it can only be increased -in size, not reduced in size. +- :ref:`Modify Firewall Options ` -.. caution:: +- :ref:`Default Firewall Rules ` - Attempts to install using a smaller partition size than the existing - partition will result in installation failures. +**************************************************** +app-sriov-fec-operator upgrade to FEC operator 2.7.1 +**************************************************** -During Installation and Provisioning of a Subcloud: For subcloud install operations, -the ``persistent-size`` install value in the subcloud ``install-values.yaml`` file -used during subcloud installation, controls platform-backup partition sizing. -Since the platform-backup partition is non-destructive, this value can only be -increased from previous installs. In this case, the partition size is extended -and the filesystem is resized. - -.. caution:: - - Any "persistent-size" values smaller than the existing partition - will cause installation failures, with the partition remaining in place. - -**Recommended**: For new installations where a complete reinstall is being -performed it may be preferable to wipe the disks before the fresh install. - -**************************** -Optimized Backup and Restore -**************************** +A new version of the FEC Operator v2.7.1 (for all Intel hardware accelerators) +is supported to include ``igb_uio`` along with making the accelerator resource +names configurable and enabling accelerator device configuration using +``igb_uio`` driver when secure boot is enabled in the BIOS. .. note:: - The backup in earlier |prod-long| releases are not compatible with the - Optimized Restore functionality introduced in |prod| Release 8.0. + |FEC| operator is now running on the |prod| platform core. -Backup from one release to another release is not supported, except for an -|AIO-SX| upgrade. +**See**: :ref:`Configure Intel Wireless FEC Accelerators using SR-IOV FEC operator ` -Optimized Backup +************************************** +Redundant System Clock Synchronization +************************************** + +The ``phc2sys`` application can be configured to accept multiple source clock +inputs. The quality of these sources are compared to user-defined priority +values and the best available source is selected to set the system time. + +The quality of the configured sources is continuously monitored by ``phc2sys`` +application and will select a new best source if the current source degrades +or if another source becomes higher quality. + +**See**: :ref:`Redundant System Clock Synchronization `. + +******************************************************* +Configure Intel E810 NICs using Intel Ethernet Operator +******************************************************* + +You can install and use **Intel Ethernet** operator to orchestrate and manage +the configuration and capabilities provided by Intel E810 Series network +interface cards (NICs). + +**See**: :ref:`Configure Intel E810 NICs using Intel Ethernet Operator `. + +**************** +AppArmor Support **************** -The extra var `backup_registry_filesystem` can now be used to backup users images -in the registry backup (mainly for backup for reinstall usage scenario). +AppArmor is a Mandatory Access Control (MAC) system built on Linux's LSM (Linux +Security Modules) interface. In practice, the kernel queries AppArmor before +each system call to know whether the process is authorized to do the given +operation. Through this mechanism, AppArmor confines programs to a limited set +of resources. -Optimized Restore +AppArmor helps administrators in running a more secure kubernetes deployment +by restricting what operations containers/pods are allowed, and/or provide better +auditing through system logs. The access needed by a container/pod is +configured through profiles tuned to allow access such as Linux capabilities, +network access, file permissions, etc. + +**See**: :ref:`About AppArmor `. + +***************** +Support for Vault ***************** -The new optimized restore method will support restore with registry backup only. -It will obtain from the prestaged images the required platform images. If no -prestaged images are available, it would need to resort to pulling from the -registry. +This release re-introduces support for Vault as it was intermittently +unavailable in |prod|. The supported version vault: 1.14.8 or later / +vault-k8s: 1.2.1 / helm-chart: 0.25.0 after the helm-v3 up-version to 3.6+ -**See**: :ref:`node-replacement-for-aiominussx-using-optimized-backup-and-restore-6603c650c80d` for details. +|prod| integrates open source Vault containerized security application +(Optional) into the |prod| solution, that requires |PVCs| as a storage +backend to be enabled. -***************************************************************** -Enhancements for Generic Error Tolerance in Redfish Virtual Media -***************************************************************** +**See**: :ref:`Vault Overview `. -Redfish virtual media operations have been observed to fail with transient -errors. While the conditions for those failures are not always known -(network, BMC timeouts, etc), it has been observed that if the Subcloud -install operation is retried, the operation is successful. +********************* +Support for Portieris +********************* -To alleviate the transient conditions, the robustness of the Redfish media -operations are improved by introducing automatic retries. +|prod| now supports version 0.13.10. Portieris is an open source Kubernetes +admission controller which ensures only policy-compliant images, such as signed +images from trusted registries, can run. The Portieris application uses images +from the ``icr.io registry``. You must configure service parameters for the +``icr.io registry`` prior to applying the Portieris application, +see: :ref:`About Changing External Registries for StarlingX Installation `. +For Distributed Cloud deployments, the images must be present on the System +Controller registry. -*************************************** -Centralized Subcloud Backup and Restore -*************************************** - -The |prod-long| Backup and Restore feature allows for essential system data -(and optionally some additional information, such as container registry images, -and OpenStack application data) to be backed up, so that it can be used to -restore the platform to a previously working state. - -The user may backup system data, or restore previously backed up data into it, -by running a set of ansible playbooks. They may be run either locally within -the system, or from a remote location. The backups are saved as a set of -compressed files, which can then be used to restore the system to the same -state as it was when backed up. - -The subcloud's system backup data can either be stored locally on the subcloud -or on the System Controller. The subcloud's container image backup -(from registry.local) can only be stored locally on the subcloud to avoid -overloading the central storage and the network with large amount of data -transfer. - -**See**: - -- :ref:`Backup and Restore ` for details. - -******************************************************** -Improved Subcloud Deployment / Upgrading Error Reporting -******************************************************** - -In |prod-long| Release 8.0 provides enhanced support for subcloud deployments -and upgrading error reporting. - -Key error messages from subcloud deployment or upgrade failures can now be -accessed via RESTAPIs, the CLI or the GUI (Horizon). - -Full logs for subcloud deployments and upgrades are still accessible by -using SSH to the System Controller; however, this should no longer be required -in most error scenarios. - -**See**: :ref:`Distributed Cloud Guide ` for details. - -******************************* -Kubernetes Pod Coredump Handler -******************************* - -A new Kubernetes aware core dump handler has been added in |prod| Release 8.0. - -Individual pods can control the core dump handling by specifying Kubernetes Pod -annotations that will instruct the core dump handler for specific applications. - -**See**: :ref:`kubernetes-pod-coredump-handler-54d27a0fd2ec` for details. - -************************************************************ -Enhancements for Subcloud Rehoming without controller reboot -************************************************************ - -|prod-long| Release 8.0 supports rehoming a subcloud to a new system controller -without requiring a lock and unlock of the subcloud controller(s). - -When the System Controller needs to be reinstalled, or when the subclouds from -multiple System Controllers are being consolidated into a single System -Controller, you can rehome an already deployed subcloud to a different System -Controller. - -**See**: :ref:`rehoming-a-subcloud` for details. - -******** -KubeVirt -******** - -The KubeVirt system application in |prod-long| includes; KubeVirt, Containerized -Data Importer (CDI) and the ``Virtctl`` client tool. - -KubeVirt is an open source project that allows |VMs| to be run -and managed as pods inside a Kubernetes cluster. This is a particularly -important innovation as traditional VM workloads can be moved into Kubernetes -alongside already containerized workloads, thereby taking advantage of -Kubernetes as an orchestration engine. - -The |CDI| is an open source project that provides facilities for enabling |PVCs| -to be used as disks for KubeVirt |VMs| by way of DataVolumes. - -The Virtctl client tool is an open source tool distributed with -KubeVirt and required to use advanced features such as serialand graphical -console access. It also provides convenience commands for starting/stopping |VMs|, -live migrating |VMs|, cancelling live migrations and uploading |VM| disk images. - -.. note:: - - Limited testing of KubeVirt on |prod-long| has been performed, along with - some simple examples on creating a Linux |VM| and a Windows |VM|. In future - releases, high performance capabilities of KubeVirt will be validated on - |prod-long|. - -**See**: - -- :ref:`introduction-bb3a04279bf5` - -- :ref:`create-a-windows-vm-82957181df02` - -- :ref:`create-an-ubuntu-vm-fafb82ec424b` - -- `https://kubevirt.io/user-guide `_ - - -********************************************************************* -Support for Intel Wireless FEC Accelerators using SR-IOV FEC operator -********************************************************************* - -The |SRIOV| |FEC| Operator for Intel Wireless |FEC| Accelerators supports the -following |vRAN| |FEC| accelerators: - -- Intel® vRAN Dedicated Accelerator ACC100. - -- Intel® |FPGA| Programmable Acceleration Card N3000. - -- Intel® vRAN Dedicated Accelerator ACC200. - -You can enable and configure detailed FEC parameters for an ACC100/ACC200 eASIC -card so that it can be used as a hardware accelerator by hosted |vRAN| -containerized workloads on |prod-long|. - -**See**: - -- :ref:`enabling-mount-bryce-hw-accelerator-for-hosted-vram-containerized-workloads` - -- :ref:`configure-sriov-fec-operator-to-enable-hw-accelerators-for-hosted-vran-containarized-workloads` - -******************************* -Multiple Driver Version Support -******************************* - -|prod-long| supports multiple driver versions for the ice, i40e, -and iavf drivers. - -**See**: :ref:`intel-multi-driver-version-5e23e989daf5` for details. - - -**************************************************************************************** -Intel 4th Generation Intel(R) Xeon(R) Scalable Processor Kernel Feature Support (5G ISA) -**************************************************************************************** - -Introduction of the 5G ISA (Instruction Set Architecture) will facilitate an -acceleration for |vRAN| workloads to improve performance and capacity for |RAN| -solutions specifically compiled for the 4th Generation Intel(R) Xeon(R) Scalable -Processor target with the 5G instruction set (AVX512-FP16) enabled. +**See**: :ref:`Portieris Overview `. ************************** -vRAN Intel Tools Container +Configurable Power Manager ************************** -|prod-long| Release 8.0 supports OpenSource |vRAN| tools that are being -delivered in the ``docker.io/starlingx/stx-debian-tools-dev:stx.8.0-v1.0.3`` -container. +Configurable Power Manager focuses on containerized applications that use power +profiles individually by the core and/or the application. -**See**: :ref:`vran-tools-2c3ee49f4b0b` for details. +|prod| has the capability to regulate the frequency of the entire processor. +However, this control is primarily directed towards the classification of the +core, distinguishing between application and platform cores. Consequently, if a +user requires to control over an individual core, such as Core 10 in a +24-core CPU, adjustments must be applied to all cores collectively. In the +context of containerized operations, it becomes imperative to establish +personalized configurations. This entails assigning each container the +requisite power configuration. In essence, this involves providing specific and +individualized power configurations to each core or group of cores. -*********************************** -Quartzville iqvlinux driver support -*********************************** +**See**: :ref:`Configurable Power Manager `. -This OpenSource Quartzville driver is included in |prod-long| in support of a -user building a container with the Quartzville tools from Intel, using -``docker.io/starlingx/stx-debian-tools-dev:stx.8.0-v1.0.3`` as a base container, -as described in :ref:`vran-tools-2c3ee49f4b0b` . +****************************************************** +Technology Preview - Install Power Metrics Application +****************************************************** -**See**: :ref:`vran-tools-2c3ee49f4b0b` for details. +The Power Metrics app deploys two containers, cAdvisor and Telegraf that +collect metrics about hardware usage. -********************************* -Pod Security Admission Controller -********************************* +**See**: :ref:`Install Power Metrics Application `. -The |PSA| Controller is the |PSP| replacement which is supported in Kubernetes -v1.24 in StarlingX Release 8.0. It replaces the deprecated |PSP|; |PSP| will be -REMOVED in StarlingX Release 9.0 with Kubernetes v1.25. -The |PSA| controller acts on creation and modification of the pod and -determines if it should be admitted based on the requested security context and -the policies defined by Pod Security Standards. It provides a more usable -k8s-native solution to enforce Pod Security Standards. +******************************************************* +Install Node Feature Discovery (NFD) |prod| Application +******************************************************* -.. note:: +Node Feature Discovery (NFD) version 0.15.0 detects hardware features available +on each node in a kubernetes cluster and advertises those features using +Kubernetes node labels. This procedure walks you through the process of +installing the |NFD| |prod| Application. - StarlingX users should migrate their security policy configurations from |PSP| - to |PSA| in StarlingX Release 8.0 . +**See**: :ref:`Install Node Feature Discovery Application `. + +**************************************************************************** +Partial Disk (Transparent) Encryption Support via Software Encryption (LUKS) +**************************************************************************** + +A new encrypted filesystem using Linux Unified Key Setup (LUKS) is created +automatically on all hosts to store security-sensitive files. This is mounted +at '/var/luks/stx/luks_fs' and the files kept in '/var/luks/stx/luks_fs/controller' +directory are replicated between controllers. + +************************************************************* +K8s API/CLI OIDC (Dex) Authentication with Local LDAP Backend +************************************************************* + +|prod| offers |LDAP| commands to create and manage |LDAP| Linux groups as part +of a StarlingX local |LDAP| server (serving the local StarlingX cluster and, +in the case of Distributed Cloud, the entire Distribute Cloud System). + +StarlingX provides procedures to configure the **oidc-auth-apps** |OIDC| +Identity Provider (Dex) system application to use the StarlingX local |LDAP| +server (in addition to, or in place of the already supported remote Windows +Active Directory) to authenticate users of the Kubernetes API. **See**: -- :ref:`pod-security-admission-controller-8e9e6994100f` +- :ref:`Overview of LDAP Servers ` +- :ref:`Create LDAP Linux Groups ` +- :ref:`Configure Kubernetes Client Access ` -- `https://kubernetes.io/docs/concepts/security/pod-security-admission/ `__ +************************ +Create LDAP Linux Groups +************************ + +|prod| offers |LDAP| commands to create and manage |LDAP| Linux groups as part +of the `ldapscripts` library. -**************************************************** -SSH integration with remote Windows Active Directory -**************************************************** - -By default, |SSH| to |prod| hosts supports authentication using the 'sysadmin' -Local Linux Account and |prod| Local |LDAP| Linux User Accounts. |SSH| can -also be optionally configured to support authentication with one or more remote -|LDAP| identity providers (such as Windows Active Directory (WAD)). Internally, -|SSH| uses |SSSD| service to provide NSS and PAM interfaces and a backend -system able to remotely connect to multiple different |LDAP| domains. - -|SSSD| provides a secure solution by using data encryption for |LDAP| user -authentication. |SSSD| supports authentication only over an encrypted channel. - -**See**: :ref:`sssd-support-5fb6c4b0320b` for details. - -********************** -Keystone Account Roles -********************** - -``reader`` role support has been added for |prod| commands: system, fm, -swmanager and dcmanager. - -Roles: - -- ``admin`` role in the admin projet can execute any action in the system - -- ``reader`` role in the admin project has access to only read-only type commands; - i.e. list, query, show, summary type commands - -- ``member`` role is currently equivalent to reader role; this may change in the - future. - -**See**: :ref:`keystone-account-roles-64098d1abdc1` for details. +***************************************** +StarlingX OpenStack now supports Antelope +***************************************** +Currently stx-openstack has been updated and now deploys OpenStack services +based on the Antelope release. ******************* -O-RAN O2 Compliance +Pod Security Policy ******************* -In the context of hosting a |RAN| Application on |prod|, the |O-RAN| O2 -Application provides and exposes the |IMS| and |DMS| service APIs of the O2 -interface between the O-Cloud (|prod|) and the Service Management and -Orchestration (SMO), in the |O-RAN| Architecture. +|PSP| ONLY applies if running on Kubernetes v1.24 or earlier. |PSP| is +deprecated as of Kubernetes v1.21 and is removed in Kubernetes v1.25. +Instead of using |PSP|, you can enforce similar restrictions on Pods using +:ref:`Pod Security Admission Controller `. -The O2 interfaces enable the management of the O-Cloud (|prod|) infrastructure -and the deployment life-cycle management of |O-RAN| cloudified |NFs| that run on -O-Cloud (|prod|). See `O-RAN O2 General Aspects and Principles 2.0 -`__, and `INF O2 -documentation `__. +Since it has been introduced |PSP| has had usability problems. The way |PSPs| +are applied to pods has proven confusing especially when trying to use them. +It is easy to accidentally grant broader permissions than intended, and +difficult to inspect which |PSPs| apply in a certain situation. Kubernetes +offers a built-in |PSA| controller that will replace |PSPs| in the future. -The |O-RAN| O2 application is integrated into |prod| as a system application. -The |O-RAN| O2 application package is saved in |prod| during system -installation, but it is not applied by default. +************************************************* +|WAD| users sudo and local linux group assignment +************************************************* -.. note:: +StarlingX 9.0 supports and provides procedures for centrally configured +Window Active Directory (WAD) Users with sudo access and local linux group +assignments; i.e. with only |WAD| configuration changes. - |prod-long| Release 8.0 O2 IMS and O2 DMS with Kubernetes profiles are - compliant with the October 2022 version of the O-RAN standards. +**See**: -**See**: :ref:`oran-o2-application-b50a0c899e66` for details. +- :ref:`Create LDAP Linux Accounts ` +- :ref:`Local LDAP Certificates ` +- :ref:`SSH User Authentication using Windows Active Directory ` -******************************************** -O-RAN Spec Compliant Timing API Notification -******************************************** -|prod-long| provides ``ptp-notification`` to support applications that rely on -|PTP| for time synchronization and require the ability to determine if the system -time is out of sync. ``ptp-notification`` provides the ability for user applications -to query the sync state of hosts as well as subscribe to push notifications for -changes in the sync status. +******************************************* +Subcloud Error Root Cause Correction Action +******************************************* -PTP-notification consists of two main components: +This feature provides a root cause analysis of the subcloud +deployment / upgrade failure. This includes: -- The ``ptp-notification`` system application can be installed on nodes - using |PTP| clock synchronization. This monitors the various time services - and provides the v1 and v2 REST API for clients to query and subscribe to. +- existing 'deploy_status' that provides progress through phases of subcloud + deployment and, on error, the phase that failed -- The ``ptp-notification`` sidecar. This is a container image which can be - configured as a sidecar and deployed alongside user applications that wish - to use the ``ptp-notification`` API. User applications only need to be - aware of the sidecar, making queries and subscriptions via its API. - The sidecar handles locating the appropriate ``ptp-notification`` endpoints, - executing the query and returning the results to the user application. +- introduces ``deploy_error_desc`` attribute that provides a summary of the + key deployment/upgrade errors -**See**: :ref:`ptp-notifications-overview` for details. +- Additional text that is added at the end of the 'deploy_error_desc' error + message, with information on: -.. end-new-features-r8 + - trouble shooting commands + + - root cause of the errors and + + - suggested recovery action + +**See**: :ref:`Manage Subclouds Using the CLI ` + +************************************ +Patch Orchestration Phase Operations +************************************ + +The distributed cloud patch orchestration has the option to separate the upload +from the apply, remove, install and reboot operations. This facilitates +performing the upload operations outside of the system maintenance window +to reduce the total execution time during the patch activation that occurs +during the maintenance window. With the separation of operations, systems can +be prestaged with the updates prior to applying the changes to the system. + +**See**: :ref:`Distributed Cloud Guide ` + +**************************************************** +Long Latency Between System Controller and Subclouds +**************************************************** + +Rehoming procedure of a subcloud that has been powered off for a long period of +time will differ from the regular rehoming procedure. Based on how long the +subcloud has been offline, the platform certificates will expire and will +need to be regenerated. + +**See**: :ref:`Rehoming Subcloud with Expired Certificates ` + +************** +GEO Redundancy +************** + +|prod| may be deployed across a geographically distributed set of regions. A +region consists of a local Kubernetes cluster with local redundancy and access +to high-bandwidth, low-latency networking between hosts within that region. + +|prod-long| Distributed Cloud GEO redundancy configuration supports the ability +to recover from a catastrophic event that requires subclouds to be rehomed away +from the failed system controller site to the available site(s) which have +enough spare capacity. This way, even if the failed site cannot be restored in +short time, the subclouds can still be rehomed to available peer system +controller(s) for centralized management. + +In this release, the following items are addressed: + +* 1+1 GEO redundancy + + - Active-Active redundancy model + - Total number of subclouds should not exceed 1K + +* Automated operations + + - Synchronization and liveness check between peer systems + - Alarm generation if peer system controller is down + +* Manual operations + + - Batch rehoming from alive peer system controller + +**See**: :ref:`GEO Redundancy ` + +******************************** +Redfish Virtual Media Robustness +******************************** + +Redfish virtual media operations has been observed to frequently fail with +transient errors. While the conditions for those failures are not always known +(network, BMC timeouts, etc), it has been observed that if the Subcloud install +operation is retried, the operation is successful. + +To alleviate the transient conditions, the robustness of the Redfish virtual +media controller (RVMC) is improved by introducing additional error +handling and retry attempts. + +**See**: :ref:`Install a Subcloud Using Redfish Platform Management Service ` + +.. end-new-features-r9 ---------------- Hardware Updates ---------------- -The following hardware is now supported in |prod-long| 8.0: - -4th Generation Intel® Xeon® Scalable Processor with and without built-in -accelerator. - **See**: - :ref:`Kubernetes Verified Commercial Hardware ` @@ -606,22 +503,51 @@ Fixed bugs ********** This release provides fixes for a number of defects. Refer to the StarlingX bug -database to review the R8.0 `Fixed Bugs `_. +database to review the R9.0 `Fixed Bugs `_. -.. All please confirm if any Limitations need to be removed / added for Stx 8.0 +.. All please confirm if any Limitations need to be removed / added for Stx 9.0. --------------------------------- Known Limitations and Workarounds --------------------------------- The following are known limitations you may encounter with your |prod| Release -8.0 and earlier releases. Workarounds are suggested where applicable. +9.0 and earlier releases. Workarounds are suggested where applicable. .. note:: These limitations are considered temporary and will likely be resolved in a future release. +************************************************ +Suspend/Resume on VMs with SR-IOV (direct) Ports +************************************************ + +When using VMs with SR-IOV ports created with the -vnic-type=direct option +after a Suspend action, if one wants to Resume the instance it might come up +with all virtual NICs created but missing the IP Address of the vNIC connected +to the SR-IOV port. + +**Workaround**: Manually Power-Off and Power-On (or Hard-Reboot) the instance +and the IP should be assigned correctly again (no information is lost). + +***************************************** +Error on Restoring OpenStack after Backup +***************************************** + +The ansible command for restoring the app will fail with |prod-long| +Release 22.12 Patch 4 (MR2) with an error message mentioning the absence of an +Armada directory. + +**Workaround**: Manually change the backup tarball adding the Armada directory +using the following the steps: + +.. code-block:: none + + tar -xzf wr_openstack_backup_file.tgz # this will create a opt directory + cp -r opt/platform/fluxcd/ opt/platform/armada # copy fluxd to armada + tar -czf new_wr-openstack_backu.tgz opt/ # tar the opt directory into a new backup tarball + ***************************************** Subcloud Upgrade with Kubernetes Versions ***************************************** @@ -1136,7 +1062,7 @@ includes the following, but not limited to these packages. - i40e - ice -**Workaround**: Wind River recommends not to use BPF with real time kernel. +**Workaround**: It is recommended not to use BPF with real time kernel. If required it can still be used, for example, debugging only. ***************** @@ -1429,9 +1355,7 @@ Windows Active Directory - **Limitation**: The refresh token does not work. **Workaround**: If the token expires, manually replace the ID token. For - more information, see how to retrieve a token using the browser at - :ref:`Configure Kubernetes Client Access - `. + more information, see, :ref:`Configure Kubernetes Client Access `. - **Limitation**: TLS error logs are reported in the **oidc-dex** container on subclouds. These logs should not have any system impact. @@ -1567,6 +1491,8 @@ under the specified that have the same 'digest' as the specified Deprecated Notices ------------------ +.. All please confirm if all these have been removed from the StarlingX 9.0 Release? + **************************** Airship Armada is deprecated **************************** @@ -1599,105 +1525,3 @@ Kubernetes APIs that will be removed in K8s 1.25 are listed below: **See**: https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-25 - -******************* -Pod Security Policy -******************* - -|PSP| is deprecated as of Kubernetes v1.21 and will be -removed in Kubernetes v1.25. |PSP| will continue to be fully functional for -|prod-long| Release 8.0. - -Since it has been introduced |PSP| has had usability problems. The way |PSPs| -are applied to pods has proven confusing especially when trying to use them. -It is easy to accidentally grant broader permissions than intended, and -difficult to inspect which |PSPs| apply in a certain situation. Kubernetes -offers a built-in |PSA| controller that will replace |PSPs| in the future. - -**See**: - -- :ref:`Pod Security Policy ` - --------------------------------- -Release Notes for other versions --------------------------------- - - -You can find details about a release on the specific release page. - -.. list-table:: - - * - Version - - Release Date - - Notes - - Status - - Kubernetes Version - - OpenStack Version - * - StarlingX R8.0 - - 2023-02 - - https://docs.starlingx.io/r/stx.8.0/releasenotes/index.html - - Maintained - - V1.23, 1.24 - - Ussuri - * - StarlingX R7.0 - - 2022-07 - - https://docs.starlingx.io/r/stx.7.0/releasenotes/index.html - - Maintained - - V1.21, 1.22, 1.23 - - Ussuri - * - StarlingX R6.0 - - 2021-12 - - https://docs.starlingx.io/r/stx.6.0/releasenotes/index.html - - Maintained - - V1.18, 1.19, 1.20, 1.21 - - Ussuri - * - StarlingX R5.0.1 - - 2021-09 - - https://docs.starlingx.io/r/stx.5.0/releasenotes/index.html - - :abbr:`EOL (End of Life)` - - V1.18 - - Ussuri - * - StarlingX R5.0 - - 2021-05 - - https://docs.starlingx.io/r/stx.5.0/releasenotes/index.html - - :abbr:`EOL (End of Life)` - - V1.18 - - Ussuri - * - StarlingX R4.0 - - 2020-08 - - - - :abbr:`EOL (End of Life)` - - V1.18 - - Train - * - StarlingX R3.0 - - 2019-12 - - - - :abbr:`EOL (End of Life)` - - V1.16 - - Train - * - StarlingX R2.0.1 - - 2019-10 - - - - :abbr:`EOL (End of Life)` - - V1.16 - - Stein - * - StarlingX R2.0 - - 2019-09 - - - - :abbr:`EOL (End of Life)` - - V1.16 - - Stein - * - StarlingX R1.0 - - 2018-10 - - - - :abbr:`EOL (End of Life)` - - NA - - Pike - - -StarlingX follows the release maintenance timelines in the `StarlingX Release -Plan `_. - -The Status column uses `OpenStack maintenance phase `_ definitions. - diff --git a/doc/source/releasenotes/r1_release.unused b/doc/source/releasenotes/r1_release.unused deleted file mode 100644 index 29038b317..000000000 --- a/doc/source/releasenotes/r1_release.unused +++ /dev/null @@ -1,108 +0,0 @@ -================== -R1.0 Release Notes -================== - -These are the release notes for StarlingX R1.0. - -.. contents:: - :local: - :depth: 1 - ---------- -ISO Image ---------- - -You can find a pre-built image for R1.0 at the -`StarlingX mirror -`__. - ------------- -New Features ------------- - -+-----------------------------------+-----------------------------------+ -| StoryBoard ID | Feature | -+===================================+===================================+ -| N/A | ovs-dpdk integration | -+-----------------------------------+-----------------------------------+ -| 2002820 | Support for external Ceph backend | -+-----------------------------------+-----------------------------------+ -| 2202821 | Support for adding compute nodes | -| | to all-in-one duplex deployments | -+-----------------------------------+-----------------------------------+ -| 2002822 | Support remote client for Windows | -| | and Mac OS | -+-----------------------------------+-----------------------------------+ -| 2003115 | Deprecate proprietary Cinder | -| | volume backup and restore | -+-----------------------------------+-----------------------------------+ -| 2002825 | Support Gnocchi storage backend | -| | for OpenStack telemetry | -+-----------------------------------+-----------------------------------+ -| 2002847 | Add ntfs-3g packages | -+-----------------------------------+-----------------------------------+ -| 2002826 | Memcached integration | -+-----------------------------------+-----------------------------------+ -| 2002935 | Support for Precision Time | -| | Protocol (PTP) | -+-----------------------------------+-----------------------------------+ -| 2003087 | Generalized interface and network | -| | configuration | -+-----------------------------------+-----------------------------------+ -| 2003518 | Enable Swift on controllers | -+-----------------------------------+-----------------------------------+ -| 2002712 | StarlingX API documentation | -+-----------------------------------+-----------------------------------+ - -------------- -Other changes -------------- - -+-----------------------------------+-----------------------------------+ -| StoryBoard ID | Change | -+===================================+===================================+ -| 2002827 | Decouple Service Management REST | -| | API from sysinv | -+-----------------------------------+-----------------------------------+ -| 2002828 | Decouple Fault Management from | -| | stx-config | -+-----------------------------------+-----------------------------------+ -| 2002829 | Decouple Guest-server/agent from | -| | stx-metal | -+-----------------------------------+-----------------------------------+ -| 2002832 | Replace compute-huge init script | -+-----------------------------------+-----------------------------------+ -| 2002834 | Add distributed cloud repos to | -| | StarlingX | -+-----------------------------------+-----------------------------------+ -| 2002846 | Python Optimization | -+-----------------------------------+-----------------------------------+ -| 2003389, 2003596 | Upgrade kernel and srpm/rpms to | -| | CentOS 7.5 | -+-----------------------------------+-----------------------------------+ -| 3003396, 2003339 | Upgrade libvirt to 4.7.0 | -+-----------------------------------+-----------------------------------+ -| 3002891 | Stx-gui plug-in for Horizon | -+-----------------------------------+-----------------------------------+ -| Many | Build enhancements, cleanups and | -| | optimizations | -+-----------------------------------+-----------------------------------+ -| Many | Enable basic zuul checks and | -| | linters | -+-----------------------------------+-----------------------------------+ -| Many | Python 2 to 3 upgrade for | -| | stx-update, stx-metal, stx-fault, | -| | stx-integ | -+-----------------------------------+-----------------------------------+ - -------- -Testing -------- - -Review the R1.0 -`test plan `__ -for a list of tests executed on the R1.0 release. - -View the -`testing summary `__ -to see the status of testing for the R1.0 release. diff --git a/doc/source/releasenotes/r2_0_1_release.unused b/doc/source/releasenotes/r2_0_1_release.unused deleted file mode 100644 index f9eae9510..000000000 --- a/doc/source/releasenotes/r2_0_1_release.unused +++ /dev/null @@ -1,64 +0,0 @@ -==================== -R2.0.1 Release Notes -==================== - -.. contents:: - :local: - :depth: 1 - ---------- -ISO image ---------- - -You can find pre-built ISO and Docker images for stx.2.0.1 at the -`StarlingX mirror, -`_ - ------- -Branch ------- - -The source code for stx.2.0.1 is available in the r/stx.2.0 branch -in the StarlingX git repositories. The exact source code can be cloned by: - -:: - - repo init -u https://opendev.org/starlingx/manifest -b refs/tags/2.0.1b - repo sync --force-sync - ----------- -Deployment ----------- - -A full system install is required to deploy stx.2.0.1. There is no upgrade -patch from StarlingX release 2.0. - -------- -Changes -------- - -The StarlingX 2.0.1 release provides fixes for the following bugs: - -* `1817936 `_ - Periodic message loss seen between VIM and OpenStac REST APIs -* `1827246 `_ - Access to VM console not working as Horizon redirects to - novncproxy.openstack.svc.cluster.local -* `1830736 `_ - Ceph osd process was not recovered after lock and unlock on storage - node with journal disk -* `1843915 `_ - Cannot apply a chart with a local registry -* `1843453 `_ - Calico configuration file has yaml format error -* `1836638 `_ - RT kernel memory leak when creating/deleting pods -* `1840771 `_ - CVE-2018-14618:NTLM buffer overflow via integer overflow -* `1836685 `_ - CVE: integer overflow in the Linux kernel when handling TCP - Selective Acknowledgments (SACKs) -* `1837919 `_ - dbmon timeouts are too low -* `1838692 `_ - ansible replay fails if kubeadm init was not successful diff --git a/doc/source/releasenotes/r2_release.unused b/doc/source/releasenotes/r2_release.unused deleted file mode 100644 index 28343ff3f..000000000 --- a/doc/source/releasenotes/r2_release.unused +++ /dev/null @@ -1,203 +0,0 @@ -================== -R2.0 Release Notes -================== - -.. contents:: - :local: - :depth: 1 - ---------- -ISO image ---------- - -You can find a pre-built ISO and Docker images for StarlingX release 2.0 at the -`StarlingX mirror -`_. - ------- -Branch ------- - -The source code for StarlingX release 2.0 is available in the r/stx.2.0 branch -in the StarlingX git repositories. - ----------- -Deployment ----------- - -A full system install is required to deploy the StarlingX release 2.0. -There is no upgrade path from StarlingX release 1.0 (stx.2018.10) - ------------------------------ -New features and enhancements ------------------------------ - -The main feature in the StarlingX R2.0 release is the re-structuring of the -software to provide a containerized OpenStack cloud on top of a bare metal -Kubernetes cluster. In R2.0 StarlingX manages the - -* Dedicated physical servers -* Kubernetes services -* Containerized OpenStack services - -This allows StarlingX to support the hosting of applications in multiple -scenarios. For example: - -* On bare metal servers using OpenStack Ironic -* On virtual machines using OpenStack Nova -* In containers using Kubernetes - -StarlingX 2.0 eliminates patches against upstream OpenStack. The 1.0 release of StarlingX included many patches against OpenStack Pike. The 2.0 release contains -about 5 patches against Nova and is otherwise running completely unmodified Stein. - -The 5 patches are back ports of the NUMA live migration fixes that were recently -accepted into upstream for OpenStack Train. This means that the next release of StarlingX will run completely unmodified OpenStack. - -***************************** -R2.0 feature list and stories -***************************** - -The list below provides a detailed list of features with the associated -StoryBoard entries for the features. - -* Kubernetes container platform: - - `2002843, `_ - `2004273, `_ - `2004712, `_ - `2004642, `_ - `2004022, `_ - `2003907, `_ - `2003909, `_ - `2004760, `_ - `2005350, `_ - `2003908, `_ - `2004520, `_ - `2005249, `_ - `2004763, `_ - `2002844, `_ - `2005193, `_ - `2002840, `_ - `2005066, `_ - `2004711, `_ - `2004762, `_ - `2005198, `_ - `2004470, `_ - `2003087, `_ - `2004710, `_ - `2004447, `_ - `2004007, `_ - `2003491, `_ - `2002845, `_ - `2002841, `_ - `2002839 `_ - -* Containerized Openstack services: - - `2002876, `_ - `2003910, `_ - `2004751, `_ - `2005424, `_ - `2004764, `_ - `2004433, `_ - `2005074 `_ - -* Containerized OVS support as the default virtual switch: - - `2004649 `_ - -* SR-IOV network device plug-in support: - - `2005208 `_ - -* Ansible bootstrap deployment: - - `2004695 `_ - -* Collected integration for platform resource monitoring: - - `2002823 `_ - -* OVS-DPDK integration enhancements: - - `2004472, `_ - `2002944, `_ - `2002947 `_ - -* CentOS upgrade to 7.6: - - `2004521, `_ - `2004522, `_ - `2004516, `_ - `2004901, `_ - `2004743, `_ - `2003597 `_ - -* qemu/libvirt updates: - - `2003395, `_ - `2005212 `_ - -* Ceph upgrade to mimic: - - `2004540, `_ - `2003605 `_ - -* Openstack rebase to Stein: - - `2004765, `_ - `2004583, `_ - `2004455, `_ - `2004751, `_ - `2004765, `_ - `2006167, `_ - `2005750 `_ - -* StarlingX-specific source patch removal: - - `2003857, `_ - `2004583, `_ - `2004600, `_ - `2004869, `_ - `2004610, `_ - `2004607, `_ - `2004427, `_ - `2004386, `_ - `2004312, `_ - `2003394, `_ - `2003112, `_ - `2004455, `_ - `2005212, `_ - `2004557, `_ - `2004477, `_ - `2004406, `_ - `2004404, `_ - `2004216, `_ - `2004203, `_ - `2004135, `_ - `2004133, `_ - `2004109, `_ - `2004108, `_ - `2004020, `_ - `2004019, `_ - `2003803, `_ - `2003767, `_ - `2003765, `_ - `2003759, `_ - `2003758, `_ - `2003757 `_ - -* DevStack enablement: - - `2005285, `_ - `2003160, `_ - `2003163, `_ - `2004370, `_ - `2003161, `_ - `2003159, `_ - `2003126 `_ - -* Miscellaneous build enhancements: - - `2004013, `_ - `2004043 `_ diff --git a/doc/source/releasenotes/r3_release.unused b/doc/source/releasenotes/r3_release.unused deleted file mode 100644 index 15a1f402d..000000000 --- a/doc/source/releasenotes/r3_release.unused +++ /dev/null @@ -1,145 +0,0 @@ -================== -R3.0 Release Notes -================== - -.. contents:: - :local: - :depth: 1 - ---------- -ISO image ---------- - -You can find a pre-built ISO and Docker images for StarlingX release 3.0 at the -`StarlingX mirror -`_. - ------- -Branch ------- - -The source code for StarlingX release 3.0 is available in the r/stx.3.0 branch -in the StarlingX Git repositories. - ----------- -Deployment ----------- - -A system install is required to deploy the StarlingX release 3.0. There is no -upgrade path from previous StarlingX releases. - ------------------------------ -New features and enhancements ------------------------------ - -The list below provides a detailed list of features with the associated -StoryBoard entries for the features. - -* Infrastructure and Cluster Monitoring - - `2005733 `_ - -* Integrate with Openstack Train - - `2006544 `_ - -* Integrate Distributed Cloud with containers - - `2004766 `_ - -* Integrate Backup & Restore with containers - - `2004761 `_ - -* Intel FPGA K8s Device Plugin Initial Integration - - `2006495 `_ - -* Intel GPU K8s Device Plugin Integration - - `2005937 `_ - -* Intel QAT K8s Device Plugin Integration - - `2005514 `_ - -* Layered Build Prep - - `2006166 `_ - -* Redfish Integration - - `2005861 `_ - -* Support for authenticated registry for bootstrap and application apply - - `2006274 `_ - -* Support for OpenID connect authentication parameters for bootstrap - - `2006235 `_ - -* Support for floating and pinned workloads on worker nodes - - `2006565 `_ - -* Support for NTP and PTP co-existence - - `2006499 `_ - -* Time Sensitive Networking for VMs - - `2005516 `_ - -* Upversion container components - - `2005860, `_ - - `2006347 `_ - -------------------------- -Known limitations in R3.0 -------------------------- - -The following are known limitations in the StarlingX R3.0 release. Workarounds -are suggested where applicable. Note that these limitations are considered -temporary and will likely be resolved in a future release. - -******************************** -Changing Keystone admin password -******************************** - -After the Keystone admin password is changed, kube-system namespace registry -secrets must be manually updated. -Tracking Launchpad: https://bugs.launchpad.net/starlingx/+bug/1853017 - -It is recommended that the Keystone admin password not be changed unless necessary. - -**Workaround:** If you must update the WRCP's Keystone admin user password in R3.0, -you must also manually update the kube-system namespace's registry secrets that -hold the admin password for image pulls: - -#. Update the WRCP Keystone admin user password: - - :: - - openstack user set --password newP@ssw0rd admin - -#. Update the kube-system namespace's `registry-local-secret` secret: - - :: - - kubectl -n kube-system create secret docker-registry registry-local-secret --docker-server=registry.local:9001 --docker-username=admin --docker-password=newP@ssw0rd -o yaml --dry-run=true > registry-local-secret-update.yaml - kubectl -n kube-system replace secret registry-local-secret -f registry-local-secret-update.yaml - -#. Update the kube-system namespace's `default-registry-key` secret: - - :: - - kubectl -n kube-system create secret docker-registry default-registry-key --docker-server=registry.local:9001 --docker-username=admin --docker-password=newP@ssw0rd -o yaml --dry-run=true > default-registry-key-update.yaml - kubectl -n kube-system replace secret default-registry-key -f default-registry-key-update.yaml - -In a distributed cloud deployment, the registry secrets must also be updated on -all subclouds in the system. - - diff --git a/doc/source/releasenotes/r4_release.unused b/doc/source/releasenotes/r4_release.unused deleted file mode 100644 index 4531a2af0..000000000 --- a/doc/source/releasenotes/r4_release.unused +++ /dev/null @@ -1,181 +0,0 @@ -================== -R4.0 Release Notes -================== - -.. contents:: - :local: - :depth: 1 - ---------- -ISO image ---------- - -The pre-built ISO and Docker images for StarlingX release 4.0 are located at the -`StarlingX mirror -`_. - ------- -Branch ------- - -The source code for StarlingX release 4.0 is available in the r/stx.4.0 -branch in the `StarlingX repositories `_. - ----------- -Deployment ----------- - -A system install is required to deploy StarlingX release 4.0. There is no -upgrade path from previous StarlingX releases. For detailed instructions, see -the `Installation guides for R5.0 and older releases -`_. - ------------------------------ -New features and enhancements ------------------------------ - -The list below provides a detailed list of new features and links to the -associated user guides (if applicable). - -* Intel FPGA support for Kubernetes - - The Intel N3000 FPGA Programmable Acceleration Card is now supported - in StarlingX, including support for orchestrating updates to the - card's firmware. - - Guide: :doc:`Host FPGA Configuration for the Intel N3000 FPGA Programmable - Acceleration Card ` - -* Kata Containers - - Workloads can now be deployed in Kata Containers by StarlingX, which - provides a higher degree of isolation than workloads in generic containers. - - Guide: :doc:`How to run Kata Containers with Kubernetes on StarlingX - ` - -* Active Directory Integration for Kubernetes APIs - - StarlingX administrators can now deploy an optional system application - to support using Windows Active Directory for authentication of the - Kubernetes API. - - Guide: :doc:`Authenticate Kubernetes Users with Windows Active Directory - Server ` - -* Certificate Manager Integration - - StarlingX now provides a Certification Manager to enable automated - certificate issuance, monitor certificate expiration dates, and configure - an auto-renew process. - - Guide: :doc:`Enable secure HTTPS access and manage certificates ` - -* Time-Sensitive Networking (TSN) in Kata Containers - - Time-Sensitive Networking has been enabled for workloads running in Kata - Containers. - - Guide: :doc:`Enable TSN in Kata Containers - ` - -* Upversion OpenStack services - - The built-in OpenStack services, including Keystone, Horizon, Barbican, and - others, have been updated to Train. For more details, consult the - `OpenStack documentation for Train `_. - -* Upversion OpenStack application - - The built-in OpenStack application has been updated to Ussuri. For - more details, consult the `OpenStack documentation for Ussuri - `_. - -* Kubernetes support in backup and restore functionality - - Back up and restore is now available for workloads running in - Kubernetes pods. - - Guide: :doc:`Backup and restore your deployment ` - -* Kubernetes manual upgrade capability - - StarlingX now has the capability of updating the Kubernetes images - installed on the platform. - - Guide: :doc:`Upgrade your Kubernetes version ` - -* Redfish virtual media support - - StarlingX now supports the Redfish Virtual Media Controller to - support a secure BMC based ISO image boot. - -* Kernel rebase to 4.18 - - The Linux kernel used by StarlingX has been upgraded to version 4.18 as - provided in CentOS 8. - -* Upversion Kubernetes components - - Kubernetes was upversioned to v1.18.1, Calico was upversioned to v3.12, and - Helm was upversioned to v3. - -* Layered build - - StarlingX builds have been monolithic and time consuming. The new Layered - build system decomposes the system into separate layers that can be built - independently. Both Layered and Monolithic builds are supported in this - release. - - Guides: :doc:`Layered build reference (overview) ` - and :doc:`Layered build guide (step by step instructions) ` - -* Open Platform Communications Unified Architecture (OPC UA) support - - OPC UA is a data exchange standard for industrial communication in the - Industrial IoT (IIoT) category. StarlingX now supports OPC UA. - - Guide: :doc:`How to enable OPC UA on StarlingX ` - ----------- -Bug status ----------- - -********** -Fixed bugs -********** - -This release provides fixes for a number of defects. Refer to the StarlingX bug -database to review the `R4.0 fixed defects -`_. - -********* -Open bugs -********* - -Use the StarlingX bug database to review `R4.0 open bugs -`_. - -At the time of release, the following R4.0 bugs were open: - -* `1890350 `_ -* `1887589 `_ -* `1870999 `_ -* `1879018 `_ -* `1881915 `_ -* `1886429 `_ -* `1888546 `_ - ------------------ -Known limitations ------------------ - -The following are known limitations in this release. Workarounds -are suggested where applicable. Note that these limitations are considered -temporary and will likely be resolved in a future release. - -* `1887589 `_ Creating a - new instance with Horizon fails. - - -