openstack/ironic
Code Issues Proposed changes

Merge "Add release note on conntrack issue on bionic"

Browse Source
This commit is contained in:
Zuul 2019-03-20 12:45:53 +00:00 committed by Gerrit Code Review
commit 1027dbab51
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
releasenotes/notes/issue-conntrack-bionic-7483671771cf2e82.yaml Normal file
View File

@ -0,0 +1,13 @@
---
issues:
- |
As good security practice[0], in Ubuntu Bionic the ``nf_conntrack_helper``
is disabled.
This causes an issue when using the ``pxe`` boot interface with the PXE
environment that breaks some of the Ironic CI tests, since Ironic needs
conntrack for TFTP traffic.
It's still possible to use Ironic with PXE on Ubuntu Xenial, and it's also
possible to use Ironic with PXE on Ubuntu Bionic using a workaround based
on custom firewall rules as shown in [0].
[0] https://home.regit.org/netfilter-en/secure-use-of-helpers/