From 7015ced8ea10a4476043e58cadaff067b4aabaf4 Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Sat, 18 Jan 2025 07:27:20 +0000 Subject: [PATCH] [3.2] Additional release-note updates (#543) * Add kiwi builder to 3.2 release notes * release-notes: Add some new features * release-notes: Update SBOM examples for 3.2 image * release-notes: Add Metal3 upgrade information * Update asciidoc/edge-book/releasenotes.adoc Co-authored-by: Atanas Dinov --- asciidoc/edge-book/releasenotes.adoc | 31 +++++++++++++++++++++------- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/asciidoc/edge-book/releasenotes.adoc b/asciidoc/edge-book/releasenotes.adoc index f24ef283..144c6c45 100644 --- a/asciidoc/edge-book/releasenotes.adoc +++ b/asciidoc/edge-book/releasenotes.adoc @@ -31,13 +31,16 @@ NOTE: SUSE Edge z-stream releases are tightly integrated and thoroughly tested a [#release-notes-3-2-0] = Release 3.2.0 -Availability Date: TBC +Availability Date: 20th January 2025 Summary: SUSE Edge 3.2.0 is the first release in the SUSE Edge 3.2 release stream. == New Features -TBC +* Updated to Kubernetes 1.31, and Rancher Prime 2.10 +* Updated Rancher Turtles, Cluster API and Metal3/Ironic versions +* A container image is now provided which enables building updated SUSE Linux Micro images. See <> for more details. +* Deployment of dual-stack downstream clusters is now possible via the directed network provisioning flow as a technology preview. == Bug & Security Fixes @@ -147,6 +150,7 @@ registry.suse.com/rancher/system-upgrade-controller:v0.14.2 registry.suse.com/edge/3.2/upgrade-controller:0.1.1 + registry.suse.com/edge/3.2/kubectl:1.30.3 + registry.suse.com/edge/3.2/release-manifest:3.2.0 +| Kiwi Builder | 10.1.16.0 | N/A | registry.suse.com/edge/3.2/kiwi-builder:10.1.16.0 |====== = Technology previews @@ -172,17 +176,17 @@ Verify the container image hash, for example using `crane`: [,bash] ---- -> crane digest registry.suse.com/edge/3.1/baremetal-operator:0.6.1 -sha256:cacd1496f59c47475f3cfc9774e647ef08ca0aa1c1e4a48e067901cf7635af8a +> crane digest registry.suse.com/edge/3.2/baremetal-operator:0.8.0 +sha256:d85c1bcd286dec81a3806a8fb8b66c0e0741797f23174f5f6f41281b1e27c52f ---- Verify with `cosign`: [,bash] ---- -> cosign verify-attestation --type spdxjson --key key.pem registry.suse.com/edge/3.1/baremetal-operator@sha256:cacd1496f59c47475f3cfc9774e647ef08ca0aa1c1e4a48e067901cf7635af8a > /dev/null +> cosign verify-attestation --type spdxjson --key key.pem registry.suse.com/edge/3.2/baremetal-operator@sha256:d85c1bcd286dec81a3806a8fb8b66c0e0741797f23174f5f6f41281b1e27c52f > /dev/null # -Verification for registry.suse.com/edge/3.1/baremetal-operator@sha256:cacd1496f59c47475f3cfc9774e647ef08ca0aa1c1e4a48e067901cf7635af8a -- +Verification for registry.suse.com/edge/3.2/baremetal-operator@sha256:d85c1bcd286dec81a3806a8fb8b66c0e0741797f23174f5f6f41281b1e27c52f -- The following checks were performed on each of these signatures: - The cosign claims were validated - The claims were present in the transparency log @@ -190,11 +194,11 @@ The following checks were performed on each of these signatures: - The signatures were verified against the specified public key ---- -Extract SBOM data as described at the https://www.suse.com/support/security/sbom/[upstream documentation]: +Extract SBOM data as described at the https://www.suse.com/support/security/sbom/[SUSE SBOM documentation]: [,bash] ---- -> cosign verify-attestation --type spdxjson --key key.pem registry.suse.com/edge/3.1/baremetal-operator@sha256:cacd1496f59c47475f3cfc9774e647ef08ca0aa1c1e4a48e067901cf7635af8a | jq '.payload | @base64d | fromjson | .predicate' +> cosign verify-attestation --type spdxjson --key key.pem registry.suse.com/edge/3.2/baremetal-operator@sha256:d85c1bcd286dec81a3806a8fb8b66c0e0741797f23174f5f6f41281b1e27c52f | jq '.payload | @base64d | fromjson | .predicate' ---- = Upgrade Steps @@ -211,6 +215,17 @@ Systems upgraded to 6.0 from 5.x carry over the old behavior. New installations It is recommended to create a non-root user or use key based authentication, but if necessary installing the package `openssh-server-config-rootlogin` restores the old behavior and allows password-based login for the root user. +== Metal^3^ chart changes + +In Edge 3.2 the Metal^3^ chart changes some default behavior, chart configuration changes may be required if you require the previous default behavior: + +* The Ironic deployment has been rebased to more closely align with the upstream image, which includes several fixes and security improvements: +** Removal of the deprecated `idrac-wsman` driver +** Removal of the `ironic-inspector` API (inspection is now handled via the Ironic API) +** More restrictive access rules for the Ironic HTTP server +* MariaDB is now optional and disabled by default; on upgrade the MariaDB deployment will be replaced by SQLite unless the new `enable_mariadb` chart variable is specified. +* Persistent storage for the Ironic shared volume is now optional and disabled by default - on upgrade it will be necessary to ensure the `size` and `storageClass` persistence values are specified if you wish to retain a PVC in the deployment + = Product Support Lifecycle SUSE Edge is backed by award-winning support from SUSE, an established technology leader with a proven history of delivering enterprise-quality support services. For more information, see https://www.suse.com/lifecycle[https://www.suse.com/lifecycle] and the Support Policy page at https://www.suse.com/support/policy.html[https://www.suse.com/support/policy.html]. If you have any questions about raising a support case, how SUSE classifies severity levels, or the scope of support, please see the Technical Support Handbook at https://www.suse.com/support/handbook/[https://www.suse.com/support/handbook/].