ironic/releasenotes/notes/issue-conntrack-bionic-7483671771cf2e82.yaml
Riccardo Pittau e3c606d4ef Add release note on conntrack issue on bionic
Adding a release note explaining the issue with Ironic CI
and conntrack on ubuntu bionic.

Change-Id: Ie25c8d9117072020bb84a5c6e6f63191ff632870
2019-03-19 16:46:06 +01:00

14 lines
569 B
YAML

---
issues:
- |
As good security practice[0], in Ubuntu Bionic the ``nf_conntrack_helper``
is disabled.
This causes an issue when using the ``pxe`` boot interface with the PXE
environment that breaks some of the Ironic CI tests, since Ironic needs
conntrack for TFTP traffic.
It's still possible to use Ironic with PXE on Ubuntu Xenial, and it's also
possible to use Ironic with PXE on Ubuntu Bionic using a workaround based
on custom firewall rules as shown in [0].
[0] https://home.regit.org/netfilter-en/secure-use-of-helpers/