Victoria Series Release Notes¶
Add programming method to Deployable API. This method supports dynamic programming of Intel FPGAs. And it requires Intel OPAE(Open Programmable Acceleration Engine).
project_idfor Accelerator Requests (arq) PATCH API from microversion 2.1 in order to control operations of accelerator requests with different roles.
The inspur-fpga-driver-proposal spec provides the first proposal of an inspur fpga driver. Currently only discover operation is supported, the program function and virtualization will be supported in Wallaby.
The cyborg-intel-qat-driver-proposal spec defines the Intel QAT accelerator driver managed by Cyborg. Intel QAT card is an accelerator that can accelerate encrytion and compression/decompression operation in data center. It also support SR-IOV technology, each physical card can be virtualized into mulitiple VFs.
In the Victoria release, cyborg introduced the new scoped RBAC policy authorization for API access, and partially implemented the blueprints. What implemented are new default rules in base policy and device_profile policy.
During the development period(victoria and wallaby releases), the new and old policy will both work because a deployment sets
cyborg.conf [oslo_policy] enforce_scope = Falseas the default set. Although users can set
cyborg.conf [oslo_policy] enforce_scope = Trueby default in their deployment, if they want to ignore old rules and support new rules only. After we implement all the features, we’ll give two cycles transition period for operators. For specification of new policy, please refer to policy default refresh.
scope_typeto protect each policy. Cyborg support two types of
sope_typewith their combination.
To know each policy
scope_type, please refer the Policy Reference
This feature is disabled by default can be enabled via config option
New Defaults Configuration
Policies are default to Admin, Member and Reader roles. Old roles are also supproted. You can switch to new defaults via config option
New Base policy roles
Cyborg introduced seven basic roles based on the new defaults combined with different scope_types.
New Defaults for device_profile APIs
Rewrite check string(authorization rules) using new personas for device profile APIs.
Added policy configuration guide on cyborg doc page
Please refer to policy configuration guide
The default value of
[oslo_policy] policy_fileconfig option has been changed from
policy.yaml. Cyborg policy new defaults since 5.0.0 and current default value of
[oslo_policy] policy_fileconfig option (
policy.json) does not work when
policy.jsonis generated by oslopolicy-sample-generator tool. Refer to bug 1875418 for more details. Also check oslopolicy-convert-json-to-yaml tool to convert the JSON to YAML formatted policy file in backward compatible way.
cyborg.image.download.modulesextension point and support for
allow_direct_url_schemesconfiguration setting, which have been deprecated since the Queens release, have been removed.
The old basic personas below are marked as deprecated rules in base policy.
Intel OPAE driver dependency is removed from the devstack installation dependencies due to the following reasons: 1) In the kolla cyborg-agent image we install OPAE, but OPAE is not available for CentOS 8 for the moment. This will make the cyborg-agent image unbuildable in Ussuri. 2) In devstack, due to the fact that OPAE packages depend on libjson0, which is not available after Ubuntu 16.04, so cyborg can’t be installed on Ubuntu higher than 16.04 now(unless disable dependency manually). Moreover,from cyborg’s perspective, it does not need to contain any hardware driver dependency, we can assume the admin should know about it and install the correct version.