From d50143ae84dd580ff2254b15bbe48995ee1ed715 Mon Sep 17 00:00:00 2001 From: Ron Stone Date: Fri, 8 Mar 2024 13:26:16 +0000 Subject: [PATCH] Fix release notes linking The StX release notes contains a table with links to older versions of the notes, however, they point to local copies on the same branch, not the original copies on respective branches. These copies need to be deleted and the links corrected to point to the respective branches. Partial-Bug: 2056459 Signed-off-by: Ron Stone Change-Id: Ia1b961a9b2545be5fdfad37e96347aae81a6e3f0 --- doc/source/releasenotes/index.rst | 270 ++++++++++++++++-- doc/source/releasenotes/r1_release.rst | 108 ------- doc/source/releasenotes/r2_0_1_release.rst | 64 ----- doc/source/releasenotes/r2_release.rst | 203 ------------- doc/source/releasenotes/r3_release.rst | 147 ---------- doc/source/releasenotes/r4_release.rst | 183 ------------ doc/source/releasenotes/r5_0_1_release.rst | 73 ----- doc/source/releasenotes/r5_release.rst | 169 ----------- .../r6-0-release-notes-bc72d0b961e7.rst | 235 --------------- 9 files changed, 246 insertions(+), 1206 deletions(-) delete mode 100644 doc/source/releasenotes/r1_release.rst delete mode 100644 doc/source/releasenotes/r2_0_1_release.rst delete mode 100644 doc/source/releasenotes/r2_release.rst delete mode 100644 doc/source/releasenotes/r3_release.rst delete mode 100644 doc/source/releasenotes/r4_release.rst delete mode 100644 doc/source/releasenotes/r5_0_1_release.rst delete mode 100644 doc/source/releasenotes/r5_release.rst delete mode 100644 doc/source/releasenotes/r6-0-release-notes-bc72d0b961e7.rst diff --git a/doc/source/releasenotes/index.rst b/doc/source/releasenotes/index.rst index d8f0f9915..688247aa1 100644 --- a/doc/source/releasenotes/index.rst +++ b/doc/source/releasenotes/index.rst @@ -1,8 +1,243 @@ .. _release-notes: -============= -Release Notes -============= +================== +R6.0 Release Notes +================== + +.. contents:: + :local: + :depth: 1 + +--------- +ISO image +--------- + +The pre-built ISO and Docker images for StarlingX release 6.0 are located at +the `StarlingX mirror +`_. + +------ +Branch +------ + +The source code for StarlingX release 6.0 is available in the r/stx.6.0 +branch in the `StarlingX repositories `_. + +---------- +Deployment +---------- + +A system install is required to deploy StarlingX release 6.0. There is no +upgrade path from previous StarlingX releases. For detailed instructions, see +the :ref:`R6.0 Installation Guides `. + +----------------------------- +New features and enhancements +----------------------------- + +The list below provides a detailed list of new features and links to the +associated user guides (if applicable). + + +* Kernel Upversion to 5.10 + + |prod-long| now supports kernel version 5.10 to include |VRF| and the user + space tooling to configure the routing and forwarding interfaces. + + Guide: https://www.kernel.org/doc/Documentation/networking/vrf.txt + +* Platform Certificates Managed by Cert-Manager + + Platform services can now use cert-manager to simplify the management + (e.g. auto-renewals) of the following Platform certificates: + + * RESTAPI /GUI certificate + * registry.local certificate + * OIDC/DEX certificate + + Guides: + + * :ref:`Create a local CA Issuer ` + + * :ref:`Configure REST API Applications and Web Administration Server Certificate ` + + * :ref:`Configure Docker Registry Certificate ` + + * :ref:`Set up OIDC Auth Applications ` + + * :ref:`OIDC Client Dex Server Certificates ` + +* Management of Kubernetes Root CA Certificate + + You can update Kubernetes Root |CA| certificate on a running system, with + either an uploaded certificate or an auto-generated certificate. + Orchestration is also provided for both Cloud and Distributed Cloud. + + Guides: + + * :ref:`Manual Kubernetes Root CA Certificate Update ` + + * :ref:`Kubernetes Root CA Certificate Update Cloud Orchestration ` + +• Auditd support + + The Linux Auditing System helps system administrators track security + violation events based on preconfigured audit rules. The events are + recorded in a log file and the information in the log entries helps to + detect misuse or unauthorized activities. + + The Linux Audit daemon, **auditd**, is the main component of the Linux + Auditing System, and is responsible for writing the audit logs. + + Guide: :ref:`Linux Auditing System ` + +* Alarm Support for Expiring and Expired Certificates + + Expired certificates may prevent the proper operation of platform and + applications running on the platform. In order to avoid expired + certificates, |prod-long| generates alarms for certificates that are within + 30 days (default) of expiry or have already expired. + + Guide: :ref:`Expiring-Soon and Expired Certificate Alarms ` + +* Make a separate CA for Kubernetes and etcd + + This is the etcd Root |CA| certificate. It signs etcd server and client + certificates, and ``kube-apiserver`` etcd client certificate. This is also + the |CA| certificate used to verify various server and client certificates + signed by etcd Root |CA| certificate. You can now provide a separate Root + |CA| for Kubernetes and etcd. + + Guide: :ref:`Etcd Certificates ` + +* Support for stx-ceph-manager + +* Ceph upversion from Mimic to Nautilus + + Upgraded the supported Ceph version to Nautilus (14.2.22). + + Guide: N/A + +* Firmware Update for BMC and Retimer + + The firmware for Intel MAX 10 |BMC| and C827 retimer can now be updated + using the :command:`device-image-upload` command. A new option + ``--retimer-included `` has been added where a boolean + indicates whether the |BMC| firmware includes a retimer firmware. A new + parameter ``--bmc `` is added to specify the functional |BMC| + image (optional). + + Guide: :ref:`Update an N3000 FPGA Image ` + +* AIO-SX to AIO-DX Migration + + You can migrate an |AIO-SX| subcloud to an |AIO-DX| subcloud without + reinstallation. This operation involves updating the system mode, adding + the OAM unit IP addresses of each controller, and installing the second + controller. + + Guide: :ref:`Migrate an AIO-SX to an AIO-DX Subcloud ` + +* Distributed Cloud Subcloud Rehoming + + You can move subclouds from one Distributed Cloud system to another while + the current System Controller is reinstalled in a disaster recovery + scenario. Another use case for the subcloud rehoming process is to add + already deployed subclouds when the subclouds from multiple System + Controllers are being consolidated into a single System Controller, because + the rehoming playbook does not work with freshly installed/bootstrapped + subclouds. + + Guide: :ref:`Rehome a Subcloud ` + +* Container Component Upversion + + The default version of a fresh install for Kubernetes is 1.21.8, while for + an upgrade from 5.0, it will be 1.18.1. You will need to upgrade + Kubernetes to each version up to 1.21.8 in order to be ready to upgrade to + the next version of |prod|. + + Guide: :ref:`Manual Kubernetes Version Upgrade ` + +* Use pf-bb-config to configure Intel FPGA N3000 + + The **pf-bb-config** package is used to statically configure the baseband + device within N3000 devices. + + Guide: :ref:`N3000 FPGA Overview ` + +* AIO-SX: Support for pci device/NIC replacement without host reinstall + + For replacement of N3000 or ACC100 device on a host, without requiring a + host or system (in case of |AIO-SX|) re-install and re-configuration, in + the case of the replaced device having **different vendor** or **device + ID** information, see :ref:`N3000 and ACC100 replacement with different vendor or device-id `. + + For the replacement of a N3000 or ACC100 device on a host, without requiring + a host or system (in case of |AIO-SX|) re-install and re-configuration, in + the case of the replaced device having the **same vendor** and **device + ID** information, see :ref:`N3000 and ACC100 replacement with the same vendor and device-id `. + + For the replacement of a NIC on a host, without requiring a host or system + (in case of |AIO-SX|) re-install and re-configuration, in the case of the + replaced NIC having the same vendor or device ID information, see + :ref:`NIC replacement with the same vendor and device-id `. + + For the replacement of a NIC on a host, without requiring a host or system + (in case of |AIO-SX|) re-install and re-configuration, in the case of the + replaced NIC having different vendor or device ID information, see + :ref:`NIC replacement with a different vendor or device-id `. + +• Allow admin password change without controller host lock + + In a subcloud, if the |CLI| command returns an authentication after you + source the script ``/etc/platform/openrc``, you can verify the password on + the subcloud by using the :command:`env \| grep OS\_PASSWORD` command. If it + returns the old password, you will need to run the :command:`keyring set CGCS admin` + command and provide the new admin password. + +* Subcloud Deployment with Local Installation + + Subcloud Install is enhanced to support a local install option for Redfish + supported servers that are “Prestaged” with a valid install bundle. + + Prestaging can be done manually or automated by building a + self-installing “Prestaging ISO” image using the ``gen-prestaged-is.sh`` tool. + This tool accepts parameters that include install bundle components and + produces a “Prestaging ISO”. + + Guide: :ref:`Subcloud Deployment with Local Installation ` + + +---------- +Bug status +---------- + +********** +Fixed bugs +********** + +This release provides fixes for a number of defects. Refer to the StarlingX bug +database to review the `R6.0 fixed defects +`_. + + +----------------- +Known limitations +----------------- + +The following are known limitations in this release. Workarounds +are suggested where applicable. Note that these limitations are considered +temporary and will likely be resolved in a future release. + +* N/A + + + + +-------------------------------------- +Release Information for other versions +-------------------------------------- You can find details about a release on the specific release page. @@ -14,35 +249,35 @@ You can find details about a release on the specific release page. - Status * - StarlingX R6.0 - 2021-12 - - :ref:`r6-0-release-notes-bc72d0b961e7` + - https://docs.starlingx.io/r/stx.6.0/releasenotes/index.html - Maintained * - StarlingX R5.0.1 - 2021-09 - - :ref:`r5.0.1_release_rns` + - https://docs.starlingx.io/r/stx.5.0/releasenotes/index.html - Maintained * - StarlingX R5.0 - 2021-05 - - :ref:`r5_release_rns` + - https://docs.starlingx.io/r/stx.5.0/releasenotes/index.html - Maintained * - StarlingX R4.0 - 2020-08 - - :ref:`r4_release_rns` + - - :abbr:`EOL (End of Life)` * - StarlingX R3.0 - 2019-12 - - :ref:`r3_release_rns` + - - :abbr:`EOL (End of Life)` * - StarlingX R2.0.1 - 2019-10 - - :doc:`r2_0_1_release` + - - :abbr:`EOL (End of Life)` * - StarlingX R2.0 - 2019-09 - - :doc:`r2_release` + - - :abbr:`EOL (End of Life)` * - StarlingX R12.0 - 2018-10 - - :doc:`r1_release` + - - :abbr:`EOL (End of Life)` @@ -52,16 +287,3 @@ Plan `_ definitions. -.. toctree:: - :maxdepth: 1 - :hidden: - - r1_release - r2_release - r2_0_1_release - r3_release - r4_release - r5_release - r5_0_1_release - r6-0-release-notes-bc72d0b961e7 - diff --git a/doc/source/releasenotes/r1_release.rst b/doc/source/releasenotes/r1_release.rst deleted file mode 100644 index 29038b317..000000000 --- a/doc/source/releasenotes/r1_release.rst +++ /dev/null @@ -1,108 +0,0 @@ -================== -R1.0 Release Notes -================== - -These are the release notes for StarlingX R1.0. - -.. contents:: - :local: - :depth: 1 - ---------- -ISO Image ---------- - -You can find a pre-built image for R1.0 at the -`StarlingX mirror -`__. - ------------- -New Features ------------- - -+-----------------------------------+-----------------------------------+ -| StoryBoard ID | Feature | -+===================================+===================================+ -| N/A | ovs-dpdk integration | -+-----------------------------------+-----------------------------------+ -| 2002820 | Support for external Ceph backend | -+-----------------------------------+-----------------------------------+ -| 2202821 | Support for adding compute nodes | -| | to all-in-one duplex deployments | -+-----------------------------------+-----------------------------------+ -| 2002822 | Support remote client for Windows | -| | and Mac OS | -+-----------------------------------+-----------------------------------+ -| 2003115 | Deprecate proprietary Cinder | -| | volume backup and restore | -+-----------------------------------+-----------------------------------+ -| 2002825 | Support Gnocchi storage backend | -| | for OpenStack telemetry | -+-----------------------------------+-----------------------------------+ -| 2002847 | Add ntfs-3g packages | -+-----------------------------------+-----------------------------------+ -| 2002826 | Memcached integration | -+-----------------------------------+-----------------------------------+ -| 2002935 | Support for Precision Time | -| | Protocol (PTP) | -+-----------------------------------+-----------------------------------+ -| 2003087 | Generalized interface and network | -| | configuration | -+-----------------------------------+-----------------------------------+ -| 2003518 | Enable Swift on controllers | -+-----------------------------------+-----------------------------------+ -| 2002712 | StarlingX API documentation | -+-----------------------------------+-----------------------------------+ - -------------- -Other changes -------------- - -+-----------------------------------+-----------------------------------+ -| StoryBoard ID | Change | -+===================================+===================================+ -| 2002827 | Decouple Service Management REST | -| | API from sysinv | -+-----------------------------------+-----------------------------------+ -| 2002828 | Decouple Fault Management from | -| | stx-config | -+-----------------------------------+-----------------------------------+ -| 2002829 | Decouple Guest-server/agent from | -| | stx-metal | -+-----------------------------------+-----------------------------------+ -| 2002832 | Replace compute-huge init script | -+-----------------------------------+-----------------------------------+ -| 2002834 | Add distributed cloud repos to | -| | StarlingX | -+-----------------------------------+-----------------------------------+ -| 2002846 | Python Optimization | -+-----------------------------------+-----------------------------------+ -| 2003389, 2003596 | Upgrade kernel and srpm/rpms to | -| | CentOS 7.5 | -+-----------------------------------+-----------------------------------+ -| 3003396, 2003339 | Upgrade libvirt to 4.7.0 | -+-----------------------------------+-----------------------------------+ -| 3002891 | Stx-gui plug-in for Horizon | -+-----------------------------------+-----------------------------------+ -| Many | Build enhancements, cleanups and | -| | optimizations | -+-----------------------------------+-----------------------------------+ -| Many | Enable basic zuul checks and | -| | linters | -+-----------------------------------+-----------------------------------+ -| Many | Python 2 to 3 upgrade for | -| | stx-update, stx-metal, stx-fault, | -| | stx-integ | -+-----------------------------------+-----------------------------------+ - -------- -Testing -------- - -Review the R1.0 -`test plan `__ -for a list of tests executed on the R1.0 release. - -View the -`testing summary `__ -to see the status of testing for the R1.0 release. diff --git a/doc/source/releasenotes/r2_0_1_release.rst b/doc/source/releasenotes/r2_0_1_release.rst deleted file mode 100644 index dffa4a66f..000000000 --- a/doc/source/releasenotes/r2_0_1_release.rst +++ /dev/null @@ -1,64 +0,0 @@ -==================== -R2.0.1 Release Notes -==================== - -.. contents:: - :local: - :depth: 1 - ---------- -ISO image ---------- - -You can find pre-built ISO and Docker images for stx.2.0.1 at the -`StarlingX mirror, -`_ - ------- -Branch ------- - -The source code for stx.2.0.1 is available in the r/stx.2.0 branch -in the StarlingX git repositories. The exact source code can be cloned by: - -:: - - repo init -u https://opendev.org/starlingx/manifest -b refs/tags/2.0.1b - repo sync --force-sync - ----------- -Deployment ----------- - -A full system install is required to deploy stx.2.0.1. There is no upgrade -patch from StarlingX release 2.0. - -------- -Changes -------- - -The StarlingX 2.0.1 release provides fixes for the following bugs: - -* `1817936 `_ - Periodic message loss seen between VIM and OpenStac REST APIs -* `1827246 `_ - Access to VM console not working as Horion redirects to - novncproxy.openstack.svc.cluster.local -* `1830736 `_ - Ceph osd process was not recovered after lock and unlock on storage - node with journal disk -* `1843915 `_ - Cannot apply a chart with a local registry -* `1843453 `_ - Calico configuration file has yaml format error -* `1836638 `_ - RT kernel memory leak when creating/deleting pods -* `1840771 `_ - CVE-2018-14618:NTLM buffer overflow via integer overflow -* `1836685 `_ - CVE: integer overflow in the Linux kernel when handling TCP - Selective Acknowledgments (SACKs) -* `1837919 `_ - dbmon timeouts are too low -* `1838692 `_ - ansible replay fails if kubeadm init was not successful diff --git a/doc/source/releasenotes/r2_release.rst b/doc/source/releasenotes/r2_release.rst deleted file mode 100644 index 28343ff3f..000000000 --- a/doc/source/releasenotes/r2_release.rst +++ /dev/null @@ -1,203 +0,0 @@ -================== -R2.0 Release Notes -================== - -.. contents:: - :local: - :depth: 1 - ---------- -ISO image ---------- - -You can find a pre-built ISO and Docker images for StarlingX release 2.0 at the -`StarlingX mirror -`_. - ------- -Branch ------- - -The source code for StarlingX release 2.0 is available in the r/stx.2.0 branch -in the StarlingX git repositories. - ----------- -Deployment ----------- - -A full system install is required to deploy the StarlingX release 2.0. -There is no upgrade path from StarlingX release 1.0 (stx.2018.10) - ------------------------------ -New features and enhancements ------------------------------ - -The main feature in the StarlingX R2.0 release is the re-structuring of the -software to provide a containerized OpenStack cloud on top of a bare metal -Kubernetes cluster. In R2.0 StarlingX manages the - -* Dedicated physical servers -* Kubernetes services -* Containerized OpenStack services - -This allows StarlingX to support the hosting of applications in multiple -scenarios. For example: - -* On bare metal servers using OpenStack Ironic -* On virtual machines using OpenStack Nova -* In containers using Kubernetes - -StarlingX 2.0 eliminates patches against upstream OpenStack. The 1.0 release of StarlingX included many patches against OpenStack Pike. The 2.0 release contains -about 5 patches against Nova and is otherwise running completely unmodified Stein. - -The 5 patches are back ports of the NUMA live migration fixes that were recently -accepted into upstream for OpenStack Train. This means that the next release of StarlingX will run completely unmodified OpenStack. - -***************************** -R2.0 feature list and stories -***************************** - -The list below provides a detailed list of features with the associated -StoryBoard entries for the features. - -* Kubernetes container platform: - - `2002843, `_ - `2004273, `_ - `2004712, `_ - `2004642, `_ - `2004022, `_ - `2003907, `_ - `2003909, `_ - `2004760, `_ - `2005350, `_ - `2003908, `_ - `2004520, `_ - `2005249, `_ - `2004763, `_ - `2002844, `_ - `2005193, `_ - `2002840, `_ - `2005066, `_ - `2004711, `_ - `2004762, `_ - `2005198, `_ - `2004470, `_ - `2003087, `_ - `2004710, `_ - `2004447, `_ - `2004007, `_ - `2003491, `_ - `2002845, `_ - `2002841, `_ - `2002839 `_ - -* Containerized Openstack services: - - `2002876, `_ - `2003910, `_ - `2004751, `_ - `2005424, `_ - `2004764, `_ - `2004433, `_ - `2005074 `_ - -* Containerized OVS support as the default virtual switch: - - `2004649 `_ - -* SR-IOV network device plug-in support: - - `2005208 `_ - -* Ansible bootstrap deployment: - - `2004695 `_ - -* Collected integration for platform resource monitoring: - - `2002823 `_ - -* OVS-DPDK integration enhancements: - - `2004472, `_ - `2002944, `_ - `2002947 `_ - -* CentOS upgrade to 7.6: - - `2004521, `_ - `2004522, `_ - `2004516, `_ - `2004901, `_ - `2004743, `_ - `2003597 `_ - -* qemu/libvirt updates: - - `2003395, `_ - `2005212 `_ - -* Ceph upgrade to mimic: - - `2004540, `_ - `2003605 `_ - -* Openstack rebase to Stein: - - `2004765, `_ - `2004583, `_ - `2004455, `_ - `2004751, `_ - `2004765, `_ - `2006167, `_ - `2005750 `_ - -* StarlingX-specific source patch removal: - - `2003857, `_ - `2004583, `_ - `2004600, `_ - `2004869, `_ - `2004610, `_ - `2004607, `_ - `2004427, `_ - `2004386, `_ - `2004312, `_ - `2003394, `_ - `2003112, `_ - `2004455, `_ - `2005212, `_ - `2004557, `_ - `2004477, `_ - `2004406, `_ - `2004404, `_ - `2004216, `_ - `2004203, `_ - `2004135, `_ - `2004133, `_ - `2004109, `_ - `2004108, `_ - `2004020, `_ - `2004019, `_ - `2003803, `_ - `2003767, `_ - `2003765, `_ - `2003759, `_ - `2003758, `_ - `2003757 `_ - -* DevStack enablement: - - `2005285, `_ - `2003160, `_ - `2003163, `_ - `2004370, `_ - `2003161, `_ - `2003159, `_ - `2003126 `_ - -* Miscellaneous build enhancements: - - `2004013, `_ - `2004043 `_ diff --git a/doc/source/releasenotes/r3_release.rst b/doc/source/releasenotes/r3_release.rst deleted file mode 100644 index 61e220804..000000000 --- a/doc/source/releasenotes/r3_release.rst +++ /dev/null @@ -1,147 +0,0 @@ -.. _r3_release_rns: - -================== -R3.0 Release Notes -================== - -.. contents:: - :local: - :depth: 1 - ---------- -ISO image ---------- - -You can find a pre-built ISO and Docker images for StarlingX release 3.0 at the -`StarlingX mirror -`_. - ------- -Branch ------- - -The source code for StarlingX release 3.0 is available in the r/stx.3.0 branch -in the StarlingX Git repositories. - ----------- -Deployment ----------- - -A system install is required to deploy the StarlingX release 3.0. There is no -upgrade path from previous StarlingX releases. - ------------------------------ -New features and enhancements ------------------------------ - -The list below provides a detailed list of features with the associated -StoryBoard entries for the features. - -* Infrastructure and Cluster Monitoring - - `2005733 `_ - -* Integrate with Openstack Train - - `2006544 `_ - -* Integrate Distributed Cloud with containers - - `2004766 `_ - -* Integrate Backup & Restore with containers - - `2004761 `_ - -* Intel FPGA K8s Device Plugin Initial Integration - - `2006495 `_ - -* Intel GPU K8s Device Plugin Integration - - `2005937 `_ - -* Intel QAT K8s Device Plugin Integration - - `2005514 `_ - -* Layered Build Prep - - `2006166 `_ - -* Redfish Integration - - `2005861 `_ - -* Support for authenticated registry for bootstrap and application apply - - `2006274 `_ - -* Support for OpenID connet authentication parameters for bootstrap - - `2006235 `_ - -* Support for floating and pinned workloads on worker nodes - - `2006565 `_ - -* Support for NTP and PTP co-existence - - `2006499 `_ - -* Time Sensitive Networking for VMs - - `2005516 `_ - -* Upversion container components - - `2005860, `_ - - `2006347 `_ - -------------------------- -Known limitations in R3.0 -------------------------- - -The following are known limitations in the StarlingX R3.0 release. Workarounds -are suggested where applicable. Note that these limitations are considered -temporary and will likely be resolved in a future release. - -******************************** -Changing Keystone admin password -******************************** - -After the Keystone admin password is changed, kube-system namespace registry -secrets must be manually updated. -Tracking Launchpad: https://bugs.launchpad.net/starlingx/+bug/1853017 - -It is recommended that the Keystone admin password not be changed unless necessary. - -**Workaround:** If you must update the WRCP's Keystone admin user password in R3.0, -you must also manually update the kube-system namespace's registry secrets that -hold the admin password for image pulls: - -#. Update the WRCP Keystone admin user password: - - :: - - openstack user set --password newP@ssw0rd admin - -#. Update the kube-system namespace's `registry-local-secret` secret: - - :: - - kubectl -n kube-system create secret docker-registry registry-local-secret --docker-server=registry.local:9001 --docker-username=admin --docker-password=newP@ssw0rd -o yaml --dry-run=true > registry-local-secret-update.yaml - kubectl -n kube-system replace secret registry-local-secret -f registry-local-secret-update.yaml - -#. Update the kube-system namespace's `default-registry-key` secret: - - :: - - kubectl -n kube-system create secret docker-registry default-registry-key --docker-server=registry.local:9001 --docker-username=admin --docker-password=newP@ssw0rd -o yaml --dry-run=true > default-registry-key-update.yaml - kubectl -n kube-system replace secret default-registry-key -f default-registry-key-update.yaml - -In a distributed cloud deployment, the registry secrets must also be updated on -all subclouds in the system. - - diff --git a/doc/source/releasenotes/r4_release.rst b/doc/source/releasenotes/r4_release.rst deleted file mode 100644 index 6fd76efca..000000000 --- a/doc/source/releasenotes/r4_release.rst +++ /dev/null @@ -1,183 +0,0 @@ -.. _r4_release_rns: - -================== -R4.0 Release Notes -================== - -.. contents:: - :local: - :depth: 1 - ---------- -ISO image ---------- - -The pre-built ISO and Docker images for StarlingX release 4.0 are located at the -`StarlingX mirror -`_. - ------- -Branch ------- - -The source code for StarlingX release 4.0 is available in the r/stx.4.0 -branch in the `StarlingX repositories `_. - ----------- -Deployment ----------- - -A system install is required to deploy StarlingX release 4.0. There is no -upgrade path from previous StarlingX releases. For detailed instructions, see -the `Installation guides for R5.0 and older releases -`_. - ------------------------------ -New features and enhancements ------------------------------ - -The list below provides a detailed list of new features and links to the -associated user guides (if applicable). - -* Intel FPGA support for Kubernetes - - The Intel N3000 FPGA Programmable Acceleration Card is now supported - in StarlingX, including support for orchestrating updates to the - card's firmware. - - Guide: :doc:`Host FPGA Configuration for the Intel N3000 FPGA Programmable - Acceleration Card ` - -* Kata Containers - - Workloads can now be deployed in Kata Containers by StarlingX, which - provides a higher degree of isolation than workloads in generic containers. - - Guide: :doc:`How to run Kata Containers with Kubernetes on StarlingX - ` - -* Active Directory Integration for Kubernetes APIs - - StarlingX administrators can now deploy an optional system application - to support using Windows Active Directory for authentication of the - Kubernetes API. - - Guide: :doc:`Authenticate Kubernetes Users with Windows Active Directory - Server ` - -* Certificate Manager Integration - - StarlingX now provides a Certification Manager to enable automated - certificate issuance, monitor certificate expiration dates, and configure - an auto-renew process. - - Guide: :doc:`Enable secure HTTPS access and manage certificates ` - -* Time-Sensitive Networking (TSN) in Kata Containers - - Time-Sensitive Networking has been enabled for workloads running in Kata - Containers. - - Guide: :doc:`Enable TSN in Kata Containers - ` - -* Upversion OpenStack services - - The built-in OpenStack services, including Keystone, Horizon, Barbican, and - others, have been updated to Train. For more details, consult the - `OpenStack documentation for Train `_. - -* Upversion OpenStack application - - The built-in OpenStack application has been updated to Ussuri. For - more details, consult the `OpenStack documentation for Ussuri - `_. - -* Kubernetes support in backup and restore functionality - - Back up and restore is now available for workloads running in - Kubernetes pods. - - Guide: :doc:`Backup and restore your deployment ` - -* Kubernetes manual upgrade capability - - StarlingX now has the capability of updating the Kubernetes images - installed on the platform. - - Guide: :doc:`Upgrade your Kubernetes version ` - -* Redfish virtual media support - - StarlingX now supports the Redfish Virtual Media Controller to - support a secure BMC based ISO image boot. - -* Kernel rebase to 4.18 - - The Linux kernel used by StarlingX has been upgraded to version 4.18 as - provided in CentOS 8. - -* Upversion Kubernetes components - - Kubernetes was upversioned to v1.18.1, Calico was upversioned to v3.12, and - Helm was upversioned to v3. - -* Layered build - - StarlingX builds have been monolithic and time consuming. The new Layered - build system decomposes the system into separate layers that can be built - independently. Both Layered and Monolithic builds are supported in this - release. - - Guides: :doc:`Layered build reference (overview) ` - and :doc:`Layered build guide (step by step instructions) ` - -* Open Platform Communications Unified Architecture (OPC UA) support - - OPC UA is a data exchange standard for industrial communication in the - Industrial IoT (IIoT) category. StarlingX now supports OPC UA. - - Guide: :doc:`How to enable OPC UA on StarlingX ` - ----------- -Bug status ----------- - -********** -Fixed bugs -********** - -This release provides fixes for a number of defects. Refer to the StarlingX bug -database to review the `R4.0 fixed defects -`_. - -********* -Open bugs -********* - -Use the StarlingX bug database to review `R4.0 open bugs -`_. - -At the time of release, the following R4.0 bugs were open: - -* `1890350 `_ -* `1887589 `_ -* `1870999 `_ -* `1879018 `_ -* `1881915 `_ -* `1886429 `_ -* `1888546 `_ - ------------------ -Known limitations ------------------ - -The following are known limitations in this release. Workarounds -are suggested where applicable. Note that these limitations are considered -temporary and will likely be resolved in a future release. - -* `1887589 `_ Creating a - new instance with Horizon fails. - - - diff --git a/doc/source/releasenotes/r5_0_1_release.rst b/doc/source/releasenotes/r5_0_1_release.rst deleted file mode 100644 index 466ed7e1f..000000000 --- a/doc/source/releasenotes/r5_0_1_release.rst +++ /dev/null @@ -1,73 +0,0 @@ -.. _r5.0.1_release_rns: - -==================== -R5.0.1 Release Notes -==================== - -.. contents:: - :local: - :depth: 1 - ---------- -ISO image ---------- - -The pre-built ISO and Docker images for StarlingX release 5.0.1 are located at -the `StarlingX mirror -`_. - ------- -Branch ------- - -The source code for StarlingX release 5.0.1 is available in the r/stx.5.0.1 -branch in the `StarlingX repositories `_. - ----------- -Deployment ----------- - -A system install is required to deploy StarlingX release 5.0.1. There is no -upgrade path from previous StarlingX releases. - -Use the `R5.0 Installation Guides -`_ -to install R5.0.1. - ------------------------------ -New features and enhancements ------------------------------ - -None. - - ----------- -Bug status ----------- - -********** -Fixed bugs -********** - -This release provides fixes for the following bug. - -* `1940696 `_ Bootstrap of - controller-0 failing due to missing tag in gcr.io registry - - ------------------ -Known limitations ------------------ - -The following are known limitations in this release. Workarounds -are suggested where applicable. Note that these limitations are considered -temporary and will likely be resolved in a future release. - -* `1925668 `_ Bootstrap - replay fails when changing mgmt subnet - - This item is fixed in the master branch. - - Running the bootstrap playbook will fail if it is re-run after first running - it with one management subnet (default or specified) and then specifying a new - management subnet. diff --git a/doc/source/releasenotes/r5_release.rst b/doc/source/releasenotes/r5_release.rst deleted file mode 100644 index 9eb23ebca..000000000 --- a/doc/source/releasenotes/r5_release.rst +++ /dev/null @@ -1,169 +0,0 @@ -.. _r5_release_rns: - -================== -R5.0 Release Notes -================== - -.. contents:: - :local: - :depth: 1 - ---------- -ISO image ---------- - -The pre-built ISO and Docker images for StarlingX release 5.0 are located at -the `StarlingX mirror -`_. - ------- -Branch ------- - -The source code for StarlingX release 5.0 is available in the r/stx.5.0 -branch in the `StarlingX repositories `_. - ----------- -Deployment ----------- - -A system install is required to deploy StarlingX release 5.0. There is no -upgrade path from previous StarlingX releases. For detailed instructions, see -the 'r5 Installation Guide -`_. - - ------------------------------ -New features and enhancements ------------------------------ - -The list below provides a detailed list of new features and links to the -associated user guides (if applicable). - -* Rook / Ceph - - A new storage backend rook-ceph to provide storage service to StarlingX. - - Guide: :ref:`Install StarlingX Kubernetes on Bare Metal Standard with Rook - Storage ` - -* FPGA image update orchestration for distributed cloud - - Added support for orchestrating updates to the Intel N3000 FPGA Programmable - Acceleration Card across the subclouds in a distributed cloud configuration. - - Guide: :ref:`Device Image Update - Orchestration ` - -* Automatic certificate renewal for DC admin endpoints - - In Distributed Cloud configurations, ``admin`` endpoints for the platform - keystone services (e.g. Configuration API, DC Manager API, etc.) on - systemController and subclouds are HTTPS with internally generated - certificates. This feature adds support for automatically renewing the - certificates associated with these ``admin`` endpoints. - - Guide: :ref:`Certificate Management for Admin REST API Endpoints - ` - -* Vault integration for secret management support - - StarlingX now integrates the open source Vault secret management into the - StarlingX solution. The StarlingX integration of Vault uses open source Raft - (PVC-based) as its storage backend. For more information, refer to: - https://www.vaultproject.io/ - - The following services are supported: - - * Encryption-as-a-service / Secret Management: Vault provides data encryption - for applications and is used to store and access secrets. - * Vault-manager: The Vault-manager pod handles the initialization of Vault, - configuring Transport Layer Security (TLS) for all Vault communication that - provides the ability to automatically unseal Vault pods in deployments - where an external autounseal provider is not available. - - Guide: :ref:`Vault Overview ` - -* Support for container image signature validation - - StarlingX supports image security policies using the Portieris admission - controller. Portieris uses a Kubernetes Mutating Admission Webhook to modify - Kubernetes resources such as pods, deployments, and others, at the point of - creation, to ensure that Kubernetes runs only policy compliant images; for - example, only signed images. The StarlingX integration of Portieris is - integrated with cert-manager and works with external registries, with an - associated Notary server for holding images’ trust data. - - Guide: :ref:`Portieris Overview ` - -* Edgeworker for industrial deployments - - ``EdgeWorker`` is a new personality of nodes. Edgeworker nodes are typically - small systems running dedicated workloads with Ubuntu as its operating system. - They usually do not meet worker nodes' minimum requirements but now they can - be managed by StarlingX. - - Guide: :ref:`Deploy Edgeworker Nodes ` - -* SNMP v3 support - - StarlingX has updated its SNMP solution to be a containerized SNMP solution, - delivered as an optional system application. Net-SNMP is still used as the - underlying SNMP Agent. SNMP is configured through helm-overrides of the SNMP - system application. The SNMP system application now supports both SNMPv2c - and SNMPv3. - - Guide: :ref:`SNMP Overview ` - -* Distributed cloud scaling - - The distributed cloud deployment now supports up to 200 |AIO-SX| subclouds. - - Guide: :ref:`Distributed Cloud Architecture ` - -* Secure Device Onboard (SDO) - - |SDO| is open source software that automates the “onboard” process, which - occurs when an SDO device establishes the first trusted connection with a - device management service. This release adds support for the SDO Rendezvous - (RV) service. - - Guide: :doc:`Enable SDO Rendezvous Service ` - -* Hardware enablement - - Added support for Intel Ice Lake CPU, Intel Mt. Bryce eASIC (Pomona Lake), - and Intel Columbiaville NIC. - - Guides: :ref:`Configuring VF Interfaces Rate Limiting Using the CLI - ` and :ref:`Verified - Commercial Hardware ` - - ----------- -Bug status ----------- - -********** -Fixed bugs -********** - -This release provides fixes for a number of defects. Refer to the StarlingX bug -database to review the `R5.0 fixed defects -`_. - - ------------------ -Known limitations ------------------ - -The following are known limitations in this release. Workarounds -are suggested where applicable. Note that these limitations are considered -temporary and will likely be resolved in a future release. - -* `1925668 `_ This item is - fixed in the master branch. - - Running the bootstrap playbook will fail if it is re-run after first running - it with one management subnet (default or specified) and then specifying a new - management subnet. diff --git a/doc/source/releasenotes/r6-0-release-notes-bc72d0b961e7.rst b/doc/source/releasenotes/r6-0-release-notes-bc72d0b961e7.rst deleted file mode 100644 index 99a77e9dc..000000000 --- a/doc/source/releasenotes/r6-0-release-notes-bc72d0b961e7.rst +++ /dev/null @@ -1,235 +0,0 @@ -.. _r6-0-release-notes-bc72d0b961e7: - -================== -R6.0 Release Notes -================== - -.. contents:: - :local: - :depth: 1 - ---------- -ISO image ---------- - -The pre-built ISO and Docker images for StarlingX release 6.0 are located at -the `StarlingX mirror -`_. - ------- -Branch ------- - -The source code for StarlingX release 6.0 is available in the r/stx.6.0 -branch in the `StarlingX repositories `_. - ----------- -Deployment ----------- - -A system install is required to deploy StarlingX release 6.0. There is no -upgrade path from previous StarlingX releases. For detailed instructions, see -the :ref:`R6.0 Installation Guides `. - ------------------------------ -New features and enhancements ------------------------------ - -The list below provides a detailed list of new features and links to the -associated user guides (if applicable). - - -* Kernel Upversion to 5.10 - - |prod-long| now supports kernel version 5.10 to include |VRF| and the user - space tooling to configure the routing and forwarding interfaces. - - Guide: https://www.kernel.org/doc/Documentation/networking/vrf.txt - -* Platform Certificates Managed by Cert-Manager - - Platform services can now use cert-manager to simplify the management - (e.g. auto-renewals) of the following Platform certificates: - - * RESTAPI /GUI certificate - * registry.local certificate - * OIDC/DEX certificate - - Guides: - - * :ref:`Create a local CA Issuer ` - - * :ref:`Configure REST API Applications and Web Administration Server Certificate ` - - * :ref:`Configure Docker Registry Certificate ` - - * :ref:`Set up OIDC Auth Applications ` - - * :ref:`OIDC Client Dex Server Certificates ` - -* Management of Kubernetes Root CA Certificate - - You can update Kubernetes Root |CA| certificate on a running system, with - either an uploaded certificate or an auto-generated certificate. - Orchestration is also provided for both Cloud and Distributed Cloud. - - Guides: - - * :ref:`Manual Kubernetes Root CA Certificate Update ` - - * :ref:`Kubernetes Root CA Certificate Update Cloud Orchestration ` - -• Auditd support - - The Linux Auditing System helps system administrators track security - violation events based on preconfigured audit rules. The events are - recorded in a log file and the information in the log entries helps to - detect misuse or unauthorized activities. - - The Linux Audit daemon, **auditd**, is the main component of the Linux - Auditing System, and is responsible for writing the audit logs. - - Guide: :ref:`Linux Auditing System ` - -* Alarm Support for Expiring and Expired Certificates - - Expired certificates may prevent the proper operation of platform and - applications running on the platform. In order to avoid expired - certificates, |prod-long| generates alarms for certificates that are within - 30 days (default) of expiry or have already expired. - - Guide: :ref:`Expiring-Soon and Expired Certificate Alarms ` - -* Make a separate CA for Kubernetes and etcd - - This is the etcd Root |CA| certificate. It signs etcd server and client - certificates, and ``kube-apiserver`` etcd client certificate. This is also - the |CA| certificate used to verify various server and client certificates - signed by etcd Root |CA| certificate. You can now provide a separate Root - |CA| for Kubernetes and etcd. - - Guide: :ref:`Etcd Certificates ` - -* Support for stx-ceph-manager - -* Ceph upversion from Mimic to Nautilus - - Upgraded the supported Ceph version to Nautilus (14.2.22). - - Guide: N/A - -* Firmware Update for BMC and Retimer - - The firmware for Intel MAX 10 |BMC| and C827 retimer can now be updated - using the :command:`device-image-upload` command. A new option - ``--retimer-included `` has been added where a boolean - indicates whether the |BMC| firmware includes a retimer firmware. A new - parameter ``--bmc `` is added to specify the functional |BMC| - image (optional). - - Guide: :ref:`Update an N3000 FPGA Image ` - -* AIO-SX to AIO-DX Migration - - You can migrate an |AIO-SX| subcloud to an |AIO-DX| subcloud without - reinstallation. This operation involves updating the system mode, adding - the OAM unit IP addresses of each controller, and installing the second - controller. - - Guide: :ref:`Migrate an AIO-SX to an AIO-DX Subcloud ` - -* Distributed Cloud Subcloud Rehoming - - You can move subclouds from one Distributed Cloud system to another while - the current System Controller is reinstalled in a disaster recovery - scenario. Another use case for the subcloud rehoming process is to add - already deployed subclouds when the subclouds from multiple System - Controllers are being consolidated into a single System Controller, because - the rehoming playbook does not work with freshly installed/bootstrapped - subclouds. - - Guide: :ref:`Rehome a Subcloud ` - -* Container Component Upversion - - The default version of a fresh install for Kubernetes is 1.21.8, while for - an upgrade from 5.0, it will be 1.18.1. You will need to upgrade - Kubernetes to each version up to 1.21.8 in order to be ready to upgrade to - the next version of |prod|. - - Guide: :ref:`Manual Kubernetes Version Upgrade ` - -* Use pf-bb-config to configure Intel FPGA N3000 - - The **pf-bb-config** package is used to statically configure the baseband - device within N3000 devices. - - Guide: :ref:`N3000 FPGA Overview ` - -* AIO-SX: Support for pci device/NIC replacement without host reinstall - - For replacement of N3000 or ACC100 device on a host, without requiring a - host or system (in case of |AIO-SX|) re-install and re-configuration, in - the case of the replaced device having **different vendor** or **device - ID** information, see :ref:`N3000 and ACC100 replacement with different vendor or device-id `. - - For the replacement of a N3000 or ACC100 device on a host, without requiring - a host or system (in case of |AIO-SX|) re-install and re-configuration, in - the case of the replaced device having the **same vendor** and **device - ID** information, see :ref:`N3000 and ACC100 replacement with the same vendor and device-id `. - - For the replacement of a NIC on a host, without requiring a host or system - (in case of |AIO-SX|) re-install and re-configuration, in the case of the - replaced NIC having the same vendor or device ID information, see - :ref:`NIC replacement with the same vendor and device-id `. - - For the replacement of a NIC on a host, without requiring a host or system - (in case of |AIO-SX|) re-install and re-configuration, in the case of the - replaced NIC having different vendor or device ID information, see - :ref:`NIC replacement with a different vendor or device-id `. - -• Allow admin password change without controller host lock - - In a subcloud, if the |CLI| command returns an authentication after you - source the script ``/etc/platform/openrc``, you can verify the password on - the subcloud by using the :command:`env \| grep OS\_PASSWORD` command. If it - returns the old password, you will need to run the :command:`keyring set CGCS admin` - command and provide the new admin password. - -* Subcloud Deployment with Local Installation - - Subcloud Install is enhanced to support a local install option for Redfish - supported servers that are “Prestaged” with a valid install bundle. - - Prestaging can be done manually or automated by building a - self-installing “Prestaging ISO” image using the ``gen-prestaged-is.sh`` tool. - This tool accepts parameters that include install bundle components and - produces a “Prestaging ISO”. - - Guide: :ref:`Subcloud Deployment with Local Installation ` - - ----------- -Bug status ----------- - -********** -Fixed bugs -********** - -This release provides fixes for a number of defects. Refer to the StarlingX bug -database to review the `R6.0 fixed defects -`_. - - ------------------ -Known limitations ------------------ - -The following are known limitations in this release. Workarounds -are suggested where applicable. Note that these limitations are considered -temporary and will likely be resolved in a future release. - -* N/A - -