Difference between revisions of "ReleaseNotes/Liberty/ko"
(Created page with "Scheduler에 대한 아키텍쳐 진화는 계속 진행중이며, 주요 버그 픽스는: * Launch 요청 스펙에 object 모델 추가 (일부 완료) (https://blueprints....") |
(Created page with "* Nova와 Cinder 사이에서 볼륨 검색 및 제거에 대한 논리(logic)의 공유할 수 있도록 Libvirt 볼륨 드라이버에서 "os-brick"을 사용하여 이전 (...") |
||
Line 132: | Line 132: | ||
===== Libvirt ===== | ===== Libvirt ===== | ||
− | * | + | * Nova와 Cinder 사이에서 볼륨 검색 및 제거에 대한 논리(logic)의 공유할 수 있도록 Libvirt 볼륨 드라이버에서 "os-brick"을 사용하여 이전 (http://specs.openstack.org/openstack/nova-specs/specs/liberty/implemented/use-os-brick-library.html) |
* Added ''live_migration_completion_timeout'' and ''live_migration_progress_timeout'' configuration keys to assist with capping the maximum time a live migration should be allowed to run, particularly when progress has halted (https://launchpad.net/bugs/1429220). | * Added ''live_migration_completion_timeout'' and ''live_migration_progress_timeout'' configuration keys to assist with capping the maximum time a live migration should be allowed to run, particularly when progress has halted (https://launchpad.net/bugs/1429220). | ||
* Added logic to manage and scale the maximum downtime setting during live migration to provide larger guest sizes with a better chance of completing migration successfully (https://launchpad.net/bugs/1429220). | * Added logic to manage and scale the maximum downtime setting during live migration to provide larger guest sizes with a better chance of completing migration successfully (https://launchpad.net/bugs/1429220). |
Revision as of 06:05, 1 November 2015
OpenStack Liberty 릴리즈 노트
Contents
- 1 OpenStack Liberty 릴리즈 노트
- 1.1 OpenStack Object Storage (Swift)
- 1.2 OpenStack Networking (Neutron)
- 1.3 OpenStack Compute (Nova)
- 1.4 OpenStack Telemetry (Ceilometer)
- 1.5 OpenStack Identity (Keystone)
- 1.6 OpenStack Block Storage (Cinder)
- 1.7 OpenStack Orchestration (Heat)
- 1.8 OpenStack Data Processing (Sahara)
- 1.9 OpenStack Search (Searchlight)
- 1.10 OpenStack DNS (Designate)
- 1.11 OpenStack Messaging Service (Zaqar)
- 1.12 OpenStack Dashboard (Horizon)
- 1.13 OpenStack Trove (DBaaS)
- 1.14 OpenStack Bare metal (Ironic)
- 1.15 OpenStack Key Manager (Barbican)
- 1.16 OpenStack Image Service (Glance)
- 1.17 OpenStack Shared File System (Manila)
OpenStack Object Storage (Swift)
전체 릴리즈 노트는 https://github.com/openstack/swift/blob/master/CHANGELOG 에서 확인하세요.
새로운 기능
- object-server 및/또는 복제 서버 구성을 위한 [DEFAULT] 구성 섹션 내 "servers_per_port" 에서, 새로운 0보다 큰 정수 구성 값을 활성화함으로써 1개 이상의 object-servers-per-disk 배포를 허용합니다. 설정하는 정수 값은 링에서 유일한 단일 로컬 포트 임의 값에 대해 서로 다른 object-server worker가 얼마나 많이 요청을 처리하는지에 따라 결정됩니다. 해당 모드에서는, 부모 swift-object-server 프로세스는 본래 사용자 (low-port 바인딩을 필요로 할 때는 root)로 계속하여 실행합니다. Ring에 정의된 모든 포트에 바인딩합니다. 그리고 나서 listen하는 소켓 당 worker에 대한 지정된 개수만큼 fork가 이루어집니다. 포트 당 자식 서버는 권한을 버리고 object-server worker가 항상 한 가지 예외: 'ring은 디스크 당 유일한 포트를 가지고, object-server는 단일 디스크에 대한 요청만을 처리함'을 가지는 방식으로 동작합니다. 부모 프로세스는 죽은 서버를 찾아 재시작시킵니다 (올바른 listen 소켓과 함께). 갱신된 ring 파일을 서버 상의 장치 및 새로운 포트와 함께 발견하였을 때 빠빈 서버들을 시작시킵니다. Ring 파일들은 "ring_check_interval"에 설정된 매개변수 값 (디폴트 15초) 마다 object-server에 구성된 일정에 따라 시작됩니다. 테스트에서는, 해당 배포 구성 (값이 3으로 설정됨)은 요청 latency를 줄이고, 초당 요청을 개선하며, 기존 "workers" 설정과 비교했을 때 느린 디스크 IO를 격리시킵니다. 이를 사용하기 위해서는, 각 장치는 서로 다른 포트를 사용하여 ring에 추가되어야만 합니다.
- object 서버에서 "container_update_timeout" 설정 (디폴트 1초)을 포함합니다. 해당 값은 object 서버가 object PUT 동작에 대한 상태를 반환하기 전 목록을 갱신하기 위해 컨테이너 container 서버를 기다리는 초에 대한 숫자 값입니다. 이전에는, object 서버는 container 서버 응답에 대해 최대 3초까지 기다릴 수 있었습니다. 새로운 기능은 클러스터 내 container 서버들이 busy 상태일 때 object PUT 지연을 극적으로 감소시킵니다 (예: container가 매우 클 때). 해당 값을 너무 적은 값으로 설정하면 클라이언트에서 object에 PUT을 하고 있으면서도 목록에서 바로 찾을 수 없는 결과를 초래할 수 있습니다. 해당 값을 너무 높게 설정하면 container 서버가 busy 상태일 때 클라이언트에 대한 지연이 증가할 것입니다.
- 정적 대규모 객체 (SLO) 세그먼트에 대한 범위를 지정하는 기능이 추가되었습니다.
- SLO PUT이 세그먼트 당 무결성 체크를 하지 않는 것을 허용합니다. 이전에는, 매니페스트에서 참조되는 각 세그먼트가 올바른 etag 및 바이트 설정 또한 필요로 하고 있었습니다. 이제 해당 필드에 "null" 값을 허용하여 주어진 세그먼트에 대한 특정 검사를 생략할 수 있게 되었습니다.
- Replicator 구성에서 이제 "rsync_module" 값을 지원하여 장치당 rsync 모듈을 사용할 수 있습니다. 해당 설정은 운영자가 Swift 클러스터에서 트래픽을 상세히 조정하여 복제하여 특정 장치에 대해 복제 디스크 IO를 격리하도록 해 줍니다. 자세한 정보 및 예제에 대해서는 문서 및 샘플 구성 파일을 살펴봅니다.
- Ring에서의 변경 사항
- 파티션을 배치시키는 데에 있어 포트 번호가 더 이상 사용되지 않습니다. 이는 드라이브 당 하나의 object server를 실행하는 작은 클러스터에서 분산을 향상하며, 서버 당 하나의 object server를 클러스터 안에서의 분산에는 영향을 미치지 않습니다.
- 일련의 Ring 관리 작업을 보다 쇱게 테스트하고 분석하는 ring-builder-analyzer 도구가 추가되었습니다.
- Ring 검증시 이제 하나의 배치된 파티션이 같은 장치에 여러번 할당되는 경우 경고를 발생합니다. 이는 ring 내 장치가 균형있게 이루어지지 않았을 때 발생합니다 (예: 두 서버 중 한 서버가 상당히 많은 가용 용량을 더 가지고 있는 경우).
- TempURL 문제가 수정되었습니다 (CVE-2015-5223 닫힘)
Do not allow PUT tempurls to create pointers to other data. Specifically, disallow the creation of DLO object manifests via a PUT tempurl. This prevents discoverability attacks which can use any PUT tempurl to probe for private data by creating a DLO object manifest and then using the PUT tempurl to head the object.
- Swift는 이제 per-policy 기준으로 StatsD 통계를 출력합니다.
- 만약 서비스 토큰이 요청에 포함되지 않은 경우, 서비스 계정에서 COPY 요청까지 성공할 수 있는 Keystone 통합 문제를 수정하였습니다.
- 대량(bulk) 업로드는 이제 그 결과로 생성된 object에서 object 메타데이터로 주어진 아카이브(archive)에 있는 파일에 사용자 xattrs를 처리합니다.
- 만약 "handoffs_first"나 "handoff_delete" 설정이 되어있는 경우, object 복제에서 warning 로그를 뿜습니다.
- swift-recon에서 object 복제 실패 횟수를 설정할 수 있습니다.
- 분산(dispersion) 도구에서 storage 정책 지원이 추가되었습니다.
- swift-dispersion에서 keystone v3 도메인을 지원합니다.
-
/info
엔드포인트에서domain_remap
정보가 추가되었습니다. -
domain_remap
미들웨어 구성에서 "default_reseller_prefix"를 지원합니다. - rsync를 "rsync_compress" 구성을 통하여 압축하여 사용하도록 허용합니다. 만약 true로 설정되었다면, 압축은 다른 region에 있는 장치에만 rsync를 사용할 수 있습니다. 어떤 경우에서는 이러한 cross-region 복제 데이터 전송 속도를 올릴 수 있습니다.
- swift-recon에서 동기화 시간을 확인할 수 있습니다. ( --time 옵션)
- Account reaper 는 거대한 accounts 에서도 더욱더 빠르게 작동합니다.
- 여러가지 다른 minor 버그 수정 과 개선이 있었습니다.
업그레이드 노트
- 의존성 변경
- six 라이브러리가 필요 조건으로 추가되었습니다. 파이썬 3 지원을 위한 사항입니다.
- 파이썬 2.6 버전은 더이상 지원하지 않습니다.
- 구성 변경
- 파이썬 최신버전에서는 요청에 대한 허용 헤더 수 제한을 합니다 (기본 100). 이 숫자는 사용자 정의 미들웨어를 사용하는데 적은 수일수 있습니다. swift.conf에 새로운
extra_header_count
구성 값을 사용하여 허용 헤더 수를 수정할 수 있습니다. - "run_pause"의 이름이 "interval"로 변경되었습니다 (현재 구성에서는 "run_pause"와 같이 사용할 수 있습니다). 추후 버전에서는 "run_pause" 설정은 삭제됩니다.
- 파이썬 최신버전에서는 요청에 대한 허용 헤더 수 제한을 합니다 (기본 100). 이 숫자는 사용자 정의 미들웨어를 사용하는데 적은 수일수 있습니다. swift.conf에 새로운
- Versioned writes 기능은 리팩토링되고 미들웨어로 재구현되었습니다. 프록시 pipeline에 "versioned_writes" 미들웨어를 추가하여야 하나, 만약 활성화된 경우라면, 기존 container 서버 구성 설정에서 삭제하거나 비활성되지 않습니다 ("allow_versions"). 기존 container 서버 구성 설정은 지속적인 사용가능 한 버전으로 기존 container를 활성화합니다. 더 많은 기능업그레이드에 대한 노트는 http://swift.openstack.org/middleware.html#how-to-enable-object-versioning-in-a-swift-cluster 를 참조하십시오.
OpenStack Networking (Neutron)
새로운 기능
- Neutron은 IPv6 서브넷에 CIDR을 자동 할당하기 위해 이제 IPv6 접두어 위임을 지원합니다. 해당 기능에 대한 사용법 및 구성에 대한 자세한 정보는, OpenStack Networking Guide를 살펴봅니다.
- Neutron이 이제 포트 수준에 대한 bandwidth 제한을 제공하는 QoS API를 처음 선보입니다. 해당 API, CLI, 구성 및 자세한 정보는 여기[1]에서 확인할 수 있습니다.
- 라우터 고가용성 (L3 HA / VRRP)이 이제 2계층 population (l2pop)이 활성화되었을 때 동작합니다 [2].
- VPNaaS 레퍼런스 드라이브가 이제 HA 라우터과 함께 동작합니다.
- HA 라우터를 위한 VRRP 트래픽에 사용되던 네트워크가 이제 특정 세그멘테이션 유형 또는 물리 네트워크 태그를 사용하도록 구성할 수 있습니다 [3].
- OVS 에이전트가 데이터 계층 연결에 영향을 미치지 않으면서 재시작 가능합니다.
- Neutron이 이제 네트워크를 위한 역할 기반의 액세스 제어 (RBAC)를 제공합니다 [4].
- LBaaS V2 레퍼런스 드라이버가 이제 운영급으로 확장 가능하고 안정적인 로드 밸런서 플랫폼인 Octavia를 기반으로 합니다.
- LBaaS V2 API가 더 이상 실험적인 상태가 아닙니다. 이제 안정 버전입니다.
- Neutron이 이제 수동으로 에이전트를 스케줄링하도록 관리하기 위한 방식을 제공하여, 호스트 자원들이 tenant 사용을 위하 활성화 되기 전에 테스트 가능합니다 [5].
- Neutron이 이제 플러그인이 가능한 IP 주소 관리 프레임워크를 가짐으로써, 대체 가능한 또는 제3의 IPAM 사용을 가능하도록 합니다. 본래 버전에는 플러그인이 불가능한 버전의 IPAM이 기본으로 활성화되어 있습니다.
사용하지 않거나 제거된 플러그인 및 드라이버
- 메타 플러그인이 Liberty 릴리즈에서 제거되었습니다.
- IBM SDN-VE monolithic 플러그인이 Liberty 릴리즈에서 제거되었습니다.
- Cisco N1kV monolithic 플러그인이 Liberty 릴리즈에서 제거되었습니다 (ML2 메커니즘 드라이버로 대체됨).
- Embrane 플러그인은 사용하지 않으며 Mitaka 릴리즈에서 제거 예정입니다.
사용하지 않는 기능
- FWaaS API는 Liberty에서 실험 상태입니다. 그리고 현재 API는 Mitaka에서 제거될 예정이며 해당 팀에서 개발 진행 중인 새로운 FWaaS API로 대체될 예정입니다.
- LBaaS V1 API가 사용하지 않는 상태로 정해졌으며 향후 릴리즈에서 제거 예정이니, LBaaS V2 API를 사용하시면됩니다.
- L3 에이전트를 위한 'external_network_bridge' 옵션은 사용되지 않는 상태이며 physnet에 bridge_mapping 사용을 권장합니다. 자세한 정보는, 네트워킹 가이드에서 해당 시나리오에 대한 "네트워크 노드" 섹션을 살펴 봅니다: http://docs.openstack.org/networking-guide/scenario_legacy_ovs.html
성능에 대한 고려 사항
- 정체된 상태의 Trusty Tahr 커널 (3.13)은 네임스페이스 개수 증가함에 따라 "ip netns exec"를 실행할 때 비례하는 성능 저하를 보입니다. 확장이 중요한 경우, 이후 버전의 커널 (예: 3.19)가 사용되어야만 합니다. [3.13의 어떤 버전에서 보였는지 확인 필요. 대부분 버전들은 이미 수정된 상태일 것입니다.]
노트: 해당 성능 저하는 3.13.0-36.63 및 이후 커널 버전에서 수정되었을 것입니다. 자세한 레퍼런스를 위해서는 다음을 살펴봅니다 : https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1328088
- 하드웨어 가상화가 없는 환경에서 Neutron-LBaaS 로드 밸런서를 생성하면 Octavia 드라이버 사용시 느려질 수 있습니다. 이는 하드웨어 가상화가 사용 가능하지 않은 환경에서 KVM 가속기 대신 TCG 가속기를 사용하는 QEMU에 의한 것입니다. Compute 노드에서 하드웨어 가상화를 활성화하거나 가상 환경 안에서 Octavia 드라이버를 사용시에는 중첩 가상화를 사용할 것을 권장합니다. KVM 내 실행하는 DevStack을 위한 중첩 가상화를 설정하는 법에 대한 자세한 정보를 다음 링크에서 살펴봅니다: : http://docs.openstack.org/developer/devstack/guides/devstack-with-nested-kvm.html.
OpenStack Compute (Nova)
새로운 기능
API
- 모든 endpoint에 대한 기본 값이 v2.1로 변경되었습니다. 새로운 호환 모드를 사용하여 v2.0과 v1.1을 사용하는 기존 API 사용자들도 사용할 수 있도록 변환하였습니다.(https://blueprints.launchpad.net/nova/+spec/api-relax-validation)
- Evacuate made가 더 강력해졌습니다. (일부만) (https://blueprints.launchpad.net/nova/+spec/robustify-evacuate)
- 외부 HA 도구에서 Host 장애 발생시 Nova로 알리기위한 "mark host down" / "force down" API가 새롭게 추가되었습니다 (http://specs.openstack.org/openstack/nova-specs/specs/liberty/approved/mark-host-down.html).
- 콘솔 사용 API 통합 (https://blueprints.launchpad.net/nova/+spec/consolidate-console-api)
-
os-fixed-ips
API에서 'reserved' 상태 확인 (https://blueprints.launchpad.net/nova/+spec/show-reserved-status-in-os-fixed-ips-api) - non-admin에서 ip6 서버 검색 허용 (https://blueprints.launchpad.net/nova/+spec/allow-ip6-search-for-non-admin)
- Tenant 접근 추가 전 flavor 타입 확인 (https://blueprints.launchpad.net/nova/+spec/check-flavor-type-before-add-tenant)
-
rebuild_instance
에서on_shared_storage
플래그 옵션을 사용할 수 있습니다. (https://blueprints.launchpad.net/nova/+spec/optional-on-shared-storage-flag-in-rebuild-instance) - 데이터베이스 레이어에서 정책(policy) 확인이 제거되고 API 레이어에서만 확인합니다. (https://blueprints.launchpad.net/nova/+spec/nova-api-policy-final-part)
- 가상 인터페이스 목록 API 응답에 VIF net-id가 추가되었습니다. (https://blueprints.launchpad.net/nova/+spec/add-vif-net-id-in-vif-list)
- NovaObject에 glance 이미지 메타 속성 변환 (부분적으로) (https://blueprints.launchpad.net/nova/+spec/convert-image-meta-into-nova-object)
- 서버 get응답에서 locking 정보 추가 (https://blueprints.launchpad.net/nova/+spec/add-locking-information-in-server-get-response)
- admin 사용자는 어떤 키패어든 확인할 수 있습니다. (https://blueprints.launchpad.net/nova/+spec/admin-query-any-keypair)
- 메타데이터:
liberty-versioned
메타데이터에서project_id
추가 (https://blueprints.launchpad.net/nova/+spec/project-id-in-metadata) - 메타데이터: 네트워크 템프릿 엔진에 라우터 추가 (https://blueprints.launchpad.net/nova/+spec/network-template-routes-injection)
- 메타데이터: API: 게스트 인스턴스에서 프록시 neturon 구성 (부분적으로) (https://blueprints.launchpad.net/nova/+spec/metadata-service-network-info)
Scheduler
Scheduler에 대한 아키텍쳐 진화는 계속 진행중이며, 주요 버그 픽스는:
- Launch 요청 스펙에 object 모델 추가 (일부 완료) (https://blueprints.launchpad.net/nova/+spec/request-spec-object)
- 리소스 할당율이 scheduler에서 리소스 tracker로 이동 (https://blueprints.launchpad.net/nova/+spec/allocation-ratio-to-resource-tracker)
- 호스트간 인스턴트 이동 운영에 대한 리소스 tracker 수정 (https://blueprints.launchpad.net/nova/+spec/migration-fix-resource-tracking)
- Scheduler에서 "NoValidHost"를 반환할때 향상된 사용자 피드백 반환 (http://specs.openstack.org/openstack/nova-specs/specs/liberty/approved/add_exceeded_max_retries_exception.html)
Cells v2
Cells v2 의 경우, 아직은 사용하지 않습니다. 그러나 일부 인프라에서 지원하도록 추가했습니다:
- Cells host mapping (https://blueprints.launchpad.net/nova/+spec/cells-host-mapping)
- Cells instance migration (https://blueprints.launchpad.net/nova/+spec/cells-instance-migration)
Compute 드라이버 기능
Libvirt
- Nova와 Cinder 사이에서 볼륨 검색 및 제거에 대한 논리(logic)의 공유할 수 있도록 Libvirt 볼륨 드라이버에서 "os-brick"을 사용하여 이전 (http://specs.openstack.org/openstack/nova-specs/specs/liberty/implemented/use-os-brick-library.html)
- Added live_migration_completion_timeout and live_migration_progress_timeout configuration keys to assist with capping the maximum time a live migration should be allowed to run, particularly when progress has halted (https://launchpad.net/bugs/1429220).
- Added logic to manage and scale the maximum downtime setting during live migration to provide larger guest sizes with a better chance of completing migration successfully (https://launchpad.net/bugs/1429220).
- Limit parallel live migrations in progress (https://launchpad.net/bugs/1478108).
- Optionally enable the scaling of VirtIO queues in relation to guest vCPUs if the hw_vif_multiqueue_enabled image property is set to 'true' (default: 'false') providing enhanced network performance for guests with more than one vCPU, many concurrent connections, and/or relatively large packet sizes (http://specs.openstack.org/openstack/nova-specs/specs/liberty/implemented/libvirt-virtiomq.html).
- Allow admin to set guest Administrator/root password if QEMU guest agent is installed and enabled via the hw_qemu_guest_agent image property (http://specs.openstack.org/openstack/nova-specs/specs/liberty/approved/libvirt-set-admin-password.html).
- New VIF type to allow routing VM data instead of bridging it (https://blueprints.launchpad.net/nova/+spec/vif-type-tap)
- Add support for InfiniBand SR-IOV for libvirt virtualization (https://blueprints.launchpad.net/nova/+spec/vif-driver-ib-passthrough)
- Add MacVTap as new virtual interface type for libvirt virtualization (https://blueprints.launchpad.net/nova/+spec/libvirt-macvtap-vif)
- Consolidate FS-style libvirt drivers (https://blueprints.launchpad.net/nova/+spec/consolidate-libvirt-fs-volume-drivers)
- EMC ScaleIO Data Client (SDC) Libvirt Volume Driver (https://blueprints.launchpad.net/nova/+spec/emc-sdc-libvirt-volume-driver)
- Implementation of remote FS driver based on `rsync` for libvirt (https://blueprints.launchpad.net/nova/+spec/remote-fs-driver)
- Virtuozzo containers boot from volume (https://blueprints.launchpad.net/nova/+spec/virtuozzo-container-boot-from-volume)
- Add HGST volume type support w/os-brick (https://blueprints.launchpad.net/nova/+spec/add-os-brick-volume-driver-hgst-solutions)
- virtio-net multiqueue (partial) (https://blueprints.launchpad.net/nova/+spec/libvirt-virtio-net-multiqueue)
VMware
- VMware 드라이버 도메인 메타데이타 (https://blueprints.launchpad.net/nova/+spec/vmware-driver-domain-metadata)
- 메모리, 디스크, vNIC 제한 설정 가능 (부분적) (https://blueprints.launchpad.net/nova/+spec/vmware-limits)
- VMware Native HTML5 콘솔 (https://blueprints.launchpad.net/nova/+spec/vmware-webmks-console)
- VMware 드라이버에서 스왑 디스크 지원 (https://blueprints.launchpad.net/nova/+spec/vmware-swap-support)
- VMware NSXv 지원 (https://blueprints.launchpad.net/nova/+spec/vmware-nsxv-support)
- VMware: VMware 드라이버에서 콘솔 로그 지원 (부분적) (https://blueprints.launchpad.net/nova/+spec/vmware-console-log)
Hyper-V
- Hyper-V 유닛 테스트 리펙토링 (진행중이며 부분적) (https://blueprints.launchpad.net/nova/+spec/hyper-v-test-refactoring-liberty)
Ironic
- Ironic 드라이버에서 인스턴스 이름을 전달 (https://blueprints.launchpad.net/nova/+spec/pass-down-instance-name-to-ironic-driver)
기타 기능
- "AggregateTypeAffinityFilter"에서 다중 "instance_type" 이름을 지정할 수 있는 기능 추가 (https://blueprints.launchpad.net/nova/+spec/aggregatetypeaffinityfilter-multi-value-support).
- 실험적인 온라인 DB 스키마 변경 옵션 추가 (https://blueprints.launchpad.net/nova/+spec/online-schema-changes)
- 개선된 예제 구성 파일 생성 (https://blueprints.launchpad.net/nova/+spec/oslo-config-generator)
- 백엔드 데이터베이스에 대한 옵션으로 DB2 추가 (https://blueprints.launchpad.net/nova/+spec/db2-database)
- Cells: different_cells 스케쥴러 필터 (https://blueprints.launchpad.net/nova/+spec/cells-scheduler-anti-affinity-filter)
- 파이썬 3.4 지원 시작 (https://blueprints.launchpad.net/nova/+spec/nova-python3)
- 일부 Nova 서비스를 Apache2 서버에 넣어 구동하도록 수정 (https://blueprints.launchpad.net/nova/+spec/run-nova-services-under-apache2)
- 인프라 업그레이드: 유니버셜 서비스 버전 수정 (https://blueprints.launchpad.net/nova/+spec/service-version-number)
- rootwrap 데몬 기능으로 Nova 구동 (https://blueprints.launchpad.net/nova/+spec/nova-rootwrap-daemon-mode)
- Nova 인스턴스 테블에서 'scheduled_at' 칼럼 삭제 (https://blueprints.launchpad.net/nova/+spec/cleanup-scheduled-at)
- A new config option "handle_virt_lifecycle_events" in the DEFAULT group was added to allow disabling the event callback handling for instance lifecycle events from the virt driver (which is only implemented by the libvirt and hyper-v drivers in Liberty). This mostly serves as a workaround in case the callbacks are racing under heavy load and causing problems like shutting down running instances. See https://review.openstack.org/#/c/159275/ for details.
- Virt 드라이버에서부터 발생하는 인스턴스 lifecycle 이벤트에대한 이벤트 콜백 조정을 끌 수 있는 DEFAULT 그룹에 새로운 구성 옵션 "handle_virt_lifecycle_events"가 추가되었습니다 (사용하려면 Liberty에서 libvirt와 hyper-v 드라이버로만 가능합니다).
업그레이드 노트
- If you are coming from Kilo stable, please make sure you have fully upgraded to the latest release of that lineage before deploying Liberty. Due to bug https://bugs.launchpad.net/nova/+bug/1474074 versions of Kilo from before the fix will be problematic when talking to Liberty nodes.
- Allocation ratios for RAM and CPU are now defined within the nova-compute service (so per compute node). Ratios also need to be provided for the scheduler service. Depending on whether a compute node is running Kilo or Liberty, the allocation ratios will behave differently : if the compute node is running Kilo then the CPU and RAM allocation ratios for that compute node will be the ones defaulted in the controller's nova.conf file.Or, if the compute node is Liberty then you'll be able to set a per-compute allocation ratio for both CPU and RAM. In order to leave the operator providing the allocation ratios to all the compute nodes, the default allocation ratio will be set in nova.conf to 0.0 (even for the controller). That doesn't mean that allocation ratios will actually be 0.0, just that the operator needs to provide those before the next release (ie. Mitaka). To be clear, the default allocation ratios are still 16.0 for cpu_allocation_ratio and 1.5 for ram_allocation_ratio.
- nova-compute should be upgraded to Liberty code before upgrading Neutron services per the new "network-vif-deleted" event: https://review.openstack.org/#/c/187871/
- Rootwrap filters must be updated after release to add the 'touch' command.
- There is a race condition between imagebackend and imagecache mentioned in the Launchpad Bug 1256838.
- In this case if base image is deleted by ImageCacheManager while imagebackend is copying the image to instance path, then the instance goes in to error state.
- In order to resolve this issue, there is a need to add 'touch' command in compute.filters along with the change https://review.openstack.org/#/c/217579/.
- In case of a race condition, when libvirt has changed the base file ownership to libvirt-qemu while imagebackend is copying the image, then we get permission denied error on updating the file access time using os.utime. To resolve this error we need to update the base file access time with root user privileges using 'touch' command.
- The DiskFilter is now part of the scheduler_default_filters in Liberty per https://review.openstack.org/#/c/207942/ .
- Per https://review.openstack.org/#/c/103916/ you can now only map one vCenter cluster to a single nova-compute node.
- The Libvirt driver parallels has been renamed to virtuozzo
- Orphaned tables - iscsi_targets, volumes - have been removed.
- The default paste.ini has been updated to use the new v2.1 API for all endpoints, and the v3 endpoint has been removed. A compatibility mode middlewear is used to relax the v2.1 validation for the /v2 and /v1.1 endpoints.
- The code for DB schema downgrades has now been removed: https://blueprints.launchpad.net/nova/+spec/nova-no-downward-sql-migration
- The default DB driver we test against is now pymysql rather than Python-MySQL
- The "powervm" hv_type shim has been removed. This only affects users of the PowerVC driver on stackforge which are using older images with hv_type=powervm in the image metadata.
- The minimum required version of libvirt in the Mitaka release will be 0.10.2. Support for libvirt < 0.10.2 is deprecated in Liberty: https://review.openstack.org/#/c/183220/
- The libvirt.remove_unused_kernels config option is deprecated for removal and now defaults to True: https://review.openstack.org/#/c/182315/
사용하지 않는 기능
- The ability to disable in tree API extensions has been deprecated (https://blueprints.launchpad.net/nova/+spec/nova-api-deprecate-extensions)
- The novaclient.v1_1 module has been deprecated [[6]][[7]] since 2.21.0 and we are going to remove it in the first python-novaclient release in Mitaka.
- Method `novaclient.client.get_client_class` is deprecated [[8]] since 2.29.0. The method will be removed in Mitaka.
- The mute_weight_value option on weighers has been deprecated, including for use with Cells.
- The remove_unused_kernels configuration option for the Libvirt driver is now deprecated.
- The minimum recommended version of vCenter for use with the vcenter driver is now 5.1.0. In Liberty this is logged as a warning, in Mitaka support for versions lower than 5.1.0 will be removed.
- API v3 specific components have all been deprecated and removed from the default paste.ini
OpenStack Telemetry (Ceilometer)
Key New Features
- Creation of Aodh to handle alarming service.
- Metadata caching - reduced load of nova API polling.
- Declarative meters
- Ability to generate meters by defining meter definition template.
- Ability to define specific SNMP meters to poll.
- Support for data publishing from Ceilometer to Gnocchi.
- Mandatory limit - limit restricted querying is enforced. The limit must be explicitly provided on queries, otherwise the result set is restricted to a default limit.
- Distributed, coordinated notification agents - support for workload partitioning across multiple notification agents.
- Events RBAC support.
- PowerVM hypervisor support.
- Improved MongoDB query support - performance improvement to statistic calculations.
- Additional meter support:
- Magnum meters
- DBaaS meters
- DNSaaS meters
Gnocchi Features
- Initial influxdb driver implemented.
Aodh Features
- Event alarms - ability to trigger an action when an event is received.
- Trust support in alarms link.
Upgrade Notes
- The name of some middleware used by ceilometer changed in a backward incompatible way. Before upgrading, edit the
paste.ini
file for ceilometer to changeoslo.middleware
tooslo_middleware
. For example, using sed -ri 's/oslo\.middleware/oslo_middleware/' api_paste.ini - The notification agent is a core service to collecting data in Ceilometer. It now handles all transformations and publishing. Polling agents now defer all processing to notification agents, and must be deployed in tandem.
- A mandatory limit is applied to each request. If no limit is given, it will be restricted to a default limit.
Deprecated Features
- Ceilometer Alarms is deprecated in favour or Aodh.
- RPC publisher and collector is deprecated in favour of a topic based notifier publisher.
- Non-metric meters are still deprecated, and are to be removed in a future release.
OpenStack Identity (Keystone)
새로운 주요 기능
- Experimental: Domain specific configuration options can be stored in SQL instead of configuration files, using the new REST APIs.
- Experimental: Keystone now supports tokenless authorization with X.509 SSL client certificate.
- Configuring per-Identity Provider WebSSO is now supported.
-
openstack_user_domain
andopenstack_project_domain
attributes were added to SAML assertion in order to map user and project domains, respectively. - The credentials list call can now have its results filtered by credential type.
- Support was improved for out-of-tree drivers by defining stable Driver Interfaces.
- Several features were hardened, including Fernet tokens, Federation, domain specific configurations from database and role assignments.
- Certain variables in keystone.conf now have options, which determine if the user's setting is valid.
업그레이드 노트
- The EC2 token middleware, deprecated in Juno, is no longer available in keystone. It has been moved to the keystonemiddleware package.
- The
compute_port configuration
option, deprecated in Juno, is no longer available. - The XML middleware stub has been removed, so references to it must be removed from the
keystone-paste.ini
configuration file. - stats_monitoring and stats_reporting paste filters have been removed, so references to it must be removed from the
keystone-paste.ini
configuration file. - The external authentication plugins ExternalDefault, ExternalDomain, LegacyDefaultDomain, and LegacyDomain, deprecated in Icehouse, are no longer available.
-
keystone.conf
now references entrypoint names for drivers. For example, the drivers are now specified as "sql", "ldap", "uuid", rather than the full module path. See the sample configuration file for other examples. - We now expose entrypoints for the
keystone-manage
command instead of a file. - Schema downgrades via
keystone-manage db_sync
are no longer supported. Only upgrades are supported. - Features that were "extensions" in previous releases (OAuth delegation, Federated Identity support, Endpoint Policy, etc) are now enabled by default.
- A new
secure_proxy_ssl_header
configuration option is available when running keystone behind a proxy. - Several configuration options have been deprecated, renamed, or moved to new sections in the
keystone.conf
file. - Domain name information can now be used in policy rules with the attribute
domain_name
.
사용하지 않는 기능
- Running Keystone in Eventlet remains deprecated and will be removed in the Mitaka release.
- Using LDAP as the resource backend, i.e for projects and domains, is now deprecated and will be removed in the Mitaka release.
- Using the full path to the driver class is deprecated in favor of using the entrypoint. In the Mitaka release, the entrypoint must be used.
- In the [resource] and [role] sections of the
keystone.conf
file, not specifying the driver and using the assignment driver is deprecated. In the Mitaka release, the resource and role drivers will default to the SQL driver. - In
keystone-paste.ini
, usingpaste.filter_factory
is deprecated in favor of the "use" directive, specifying an entrypoint. - Not specifying a domain during a create user, group or project call, which relied on falling back to the default domain, is now deprecated and will be removed in the N release.
- Certain deprecated methods from the assignment manager were removed in favor of the same methods in the [resource] and [role] manager.
OpenStack Block Storage (Cinder)
Key New Features
- A generic image caching solution, so popular VM images can be cached and copied-on-write to a new volume. Read docs for more info
- Non-disruptive backups Read docs for more info.
- Ability to clone consistency groups of volumes Read docs for more info.
- List capabilities of a volume backend (fetch extra-specs).
- Nested quotas.
- Default LVM backends to be thin provisioned if available.
- Corrected cinder service-list to show as Down when a driver fails to initialize.
- Improved volume migration management:
- Able to see if previous migration attempt was successful
- Admins able to monitor migrations via cinder list
- New volume status of 'maintenance' to prevent operations being attempted while migration is occurring
- Improve backend volume name/id consistency after migration completes
Upgrade Notes
- A change in parameters to RPC APIs and work on object conversion prevent running Liberty c-vol or c-api services with Kilo or earlier versions of either service.
Deprecated Features
- Removed Simple and Chance Schedulers.
- Removed deprecated HDS HUS iSCSI driver.
- Removed Coraid driver.
- Remove Solaris iSCSI driver.
- Removed --force option for allowing upload of image to attached volume.
- Marked the v1 API as deprecated.
OpenStack Orchestration (Heat)
새로운 기능
Convergence
Convergence is a new orchestration engine maturing in the heat tree. In Liberty, the benefits of using the convergence engine are:
- Greater parallelization of resource actions (for better scaling of large templates)
- The ability to do a stack-update while there is already an update in-progress
- Better handling of heat-engine failures (still WIP)
The convergence engine can be enabled by setting /etc/heat/heat/conf [DEFAULT] convergence_engine=true, then restarting heat-engine. Once this has been done, any subsequent created stack will use the convergence engine, while operations on existing stacks will continue to use the traditional engine.
Convergence has not been production tested and thus should be considered beta quality - use with caution. For the Liberty release, we recommend enabling convergence for the purposes of evaluation and scale testing. We will be considering making convergence the default engine in the Mitaka cycle. Convergence specific bugs are tracked in launchpad with the convergence-bugs tag.
Conditional resource exposure
Only resources actually installed in the cloud services are made available to users. Operators can further control resources available to users with standard policy rules in policy.json on per-resource type basis.
heat_template_version: 2015-10-15
2015-10-15 indicates that the YAML document is a HOT template and it may contain features added and/or removed up until the Liberty release.
- Removes the Fn::Select function (path based get_attr/get_param references should be used instead).
- If no <attribute name> is specified for calls to get_attr, a dict of all attributes is returned, e.g. { get_attr: [<resource name>]}.
- Adds new str_split intrinsic function
- Adds support for passing multiple lists to the existing list_join function.
- Adds support for parsing map/list data to str_replace and list_join (they will be json serialized automatically)
REST API/heatclient additions
- Stacks can now be assigned with a set of tags, and stack-list can filter and sort through those tags
- "heat stack-preview ..." will return a preview of changes for a proposed stack-update
- "heat template-validate --show-nested ..." will also validate all template resources and return nested data useful for building user interfaces
- "heat resource-type-template --template-type hot ..." generates a template in HOT format
- "heat resource-type-list" only shows types available to the user, and can filter results by name, version and support_status
- "heat template-version-list" lists available template versions
- "heat template-function-list ..." lists available functions for a template version
Enhancements to existing resources
- Software deployments can now use Zaqar for deploying software data and signalling back to Heat
- Stack actions are now performed on remote OS::Heat::Stack resources
- OS::Nova::Server now supports deletion_policy: Snapshot
- OS::Heat::ResourceGroup update_policy now supports specifying batch_create and rolling_update options
New resources
The following new resources are now distributed with the Heat release:
- OS::Barbican::Order [1]
- OS::Barbican::Secret [1]
- OS::Ceilometer::GnocchiAggregationByMetricsAlarm [1]
- OS::Ceilometer::GnocchiAggregationByResourcesAlarm [1]
- OS::Ceilometer::GnocchiResourcesAlarm [1]
- OS::Cinder::VolumeType [2]
- OS::Designate::Domain
- OS::Designate::Record
- OS::Heat::None
- OS::Heat::TestResource
- OS::Keystone::Endpoint
- OS::Keystone::Group [2]
- OS::Keystone::GroupRoleAssignment
- OS::Keystone::Project [2]
- OS::Keystone::Role [2]
- OS::Keystone::Service
- OS::Keystone::User [2]
- OS::Keystone::UserRoleAssignment
- OS::Magnum::BayModel
- OS::Manila::SecurityService
- OS::Manila::Share
- OS::Manila::ShareNetwork
- OS::Manila::ShareType
- OS::Mistral::CronTrigger
- OS::Mistral::Workflow
- OS::Monasca::AlarmDefinition [4]
- OS::Monasca::Notification [4]
- OS::Neutron::ExtraRoute [3]
- OS::Nova::Flavor [2]
- OS::Sahara::DataSource
[1] These existed Kilo as contrib resources as they were for non-integrated projects. These resources are now distributed with Heat as Big Tent projects.
[2] These existed Kilo as contrib resources as they require a user with an admin role. They are now distributed with Heat. Operators now have ability to hide them from under-privileged users by modifyig policy.json (for reference, OS::Nova::Flavor is hidden from non-admin users in default policy file supplied).
[3] These existed in Kilo as contrib resources as they used an approach not endorsed by the Heat project. They are now distributed with heat and documented as UNSUPPORTED.
[4] These resources are for projects which are not yet OpenStack Big Tent projects, so are documented as UNSUPPORTED
With the new OS::Keystone::* resources it is now be possible for cloud operators to use heat templates to manage Keystone service catalog entries and users.
Deprecated Resource Properties
Many resource properties have previously been documented as DEPRECATED. 15 of these properties are now flagged as HIDDEN, which means they will no longer be documented, but existing stacks and templates will continue to work after a heat upgrade. The [ http://docs.openstack.org/developer/heat/template_guide/openstack.html Resource Type Reference] should be consulted to determine available resource properties and attributes.
업그레이드 노트
Configuration Changes
Notable changes to the /etc/heat/heat.conf [DEFAULT] section:
- hidden_stack_tags has been added, and stacks containing these tag names will be hidden from stack-list results (defaults to data-processing-cluster, which hides sahara-created stacks)
- instance_user was deprecated, and is now removed entirely. Nova servers created with OS::Nova::Server resource will now boot configured with the default user set up with the cloud image. AWS::EC2::Instance still creates "ec2-user"
- max_resources_per_stack can now be set to -1 to disable enforcement
- enable_cloud_watch_lite is now false by default as this REST API is deprecated
- default_software_config_transport has gained the option ZAQAR_MESSAGE
- default_deployment_signal_transport has gained the option ZAQAR_SIGNAL
- auth_encryption_key is now documented as requiring exactly 32 characters
- list_notifier_drivers was deprecated and is now removed
- policy options have moved to the [oslo_policy] section
- use_syslog_rfc_format is deprecated and now defaults to true
Notable changes to other sections of heat.conf:
- [clients_keystone] auth_uri has been added to specify the unversioned keystone url
- [heat_api] workers now defaults to 4 (was previously 0, which created a worker per host CPU)
The policy file /etc/heat/policy.json can now be configured with per-resource-type access policies, for example:
"resource_types:OS::Nova::Flavor": "rule:context_is_admin"
Upgrading from Kilo to Liberty
Progress has been made on supporting live sql migrations, however it is still recommended to bring down the heat service for the duration of the upgrade. Downward SQL schema migrations are no longer supported. A rollback to Kilo will require restoring a snapshot of the pre-upgrade database.
OpenStack Data Processing (Sahara)
새로운 주요 기능
- New plugins and versions:
- Ambari plugin with supports HDP 2.2 / 2.3
- Apache Hadoop 2.7.1 was added, Apache Hadoop 2.6.0 was deprecated
- CDH 5.4.0 was added with HA support for NameNode and ResourceManager
- MapR 5.0.0 was added
- Spark 1.3.1 was added, Spark 1.0.0 was deprecated
- HDP 1.3.2 and Apache Hadoop 1.2.1 was removed
- Added support for using Swift with Spark EDP jobs
- Added support for Spark EDP jobs in CDH and Ambari plugins
- Added support for public and protected resources
- Started integration with OpenStack client
- Added support for editing all Sahara resources
- Added automatic Hadoop configuration for clusters
- Direct engine is deprecated and will be removed in Mitaka release
- Added OpenStack manila NFS shares as a storage backend option for job binaries and data sources
- Added support for definition and use of configuration interfaces for EDP job templates
사용하지 않는 기능
- Direct provisioning engine
- Apache Hadoop 2.6.0
- Spark 1.0.0
- 모든 Hadoop 1.X 버전 삭제
OpenStack Search (Searchlight)
This is the first release for Searchlight. Searchlight is intended to dramatically improving the search capabilities and performance of various OpenStack cloud services by offloading user search queries. It provides Keystone RBAC based searches across OpenStack services by indexing their data into ElasticSearch and providing a security layer on top of incoming search queries. ElasticSearch is a search server based on Lucene. It provides a distributed, scalable, near real-time, faceted, multitenant-capable, and full-text search engine with a RESTful web interface.
Key New Features
- Searchlight Search API OpenStack Resource Type based API providing native ElasticSearch query support
- Bulk Indexing CLI searchlight-manage indexing command line interface
- Incremental Notification based updates
- Resource Type Plugin system for adding and managing resource indexing and searches
- Devstack deployment
New Resource Types Indexed
- OS::Nova::Server Nova server instances
- OS::Glance::Image & OS::Glance::Metadef Glance Images and Metadata Definitions
- OS::Designate::Zone & OS::Designate::RecordSet Designate Domain and Record Sets
업그레이드 노트
N/A
사용하지 않는 기능
N/A
OpenStack DNS (Designate)
새로운 주요 기능
- Experimental: Hook Point API
- Horizon Plugin moved out of tree
- Purging deleted domains
- Ceilometer "exists" periodic event per domain
- ASync actions
- Import
- Export
- Active /passive failover for designate-pool-manager periodic tasks
- OpenStack client integration
Addtional DNS Server Backends
- InfoBlox
- Designate
업그레이드 노트
- New service
designate-zone-manager
- It is recommended to use a supported tooz backend.
- ZooKeeper is recommended, or anything supported by tooz.
- If a tooz backend is not used, all zone-managers will assume ownership of all zones, and there will be 'n' "exists" messages per hour, where 'n' is the number of zone-manager processes.
-
designate-pool-manager
can do active/passive failover for periodic tasks.- It is recommended to use a supported tooz backend.
- If a tooz backend is not used, all pool-managers will assume ownership of the pool, and multiple periodic tasks will run. This can result in unforeseen consequences.
사용하지 않는 기능
- V1 API
- An initial notice of intent, as there are operations that still require the Designate CLI interface which talks to V1, and Horizon panels that only talk to V1.
OpenStack Messaging Service (Zaqar)
Key New Features
- Pre-signed URL - A new REST API endpoint to support pre-signed URL, which provides enough control over the resource being shared, without compromising security.
- Email Notification - A new task driver for notification service, which can take a Zaqar subscriber's email address. When there is a new message posted to the queue, the subscriber will receive the message by email.
- Policy Support - Support fine-grained permission control with the
policy.json
file like most of the other OpenStack components. - Persistent Transport - Added support for websocket as a persistent transport alternative for Zaqar. Now users will be able to establish long-lived connections between their applications and Zaqar to interchange large amounts of data without the connection setup adding overhead.
OpenStack Dashboard (Horizon)
새로운 주요 기능
- 새로운 네트워크 토폴로지 - 네트워크 토폴로지 다이어그램을 조립식(collapsible) 네트워크를 포함하는 인터랙티브 그래프로 대체하고, 대규모 배포 구성에서 더 안정적인 확장성을 보여줍니다. (https://blueprints.launchpad.net/horizon/+spec/curvature-network-topology)
- 플러그인 개선 - Horizon에서 포함(inclusion)한 JavaScript 파일을 자동으로 확인(discover)하고, SCSS와 Django 템플릿을 덮어쓸 수 있는 플러그인 매커니즘을 가지고 있습니다.
- Compute (Nova)
- Support for shelving and unshelving of instances (https://blueprints.launchpad.net/horizon/+spec/horizon-shelving-command).
- Support for v2 block device mapping, falling back to v1 when unavailable (https://blueprints.launchpad.net/horizon/+spec/horizon-block-device-mapping-v2).
- Networking (Neutron)
- Added support for subnet allocation via subnet pools (https://blueprints.launchpad.net/horizon/+spec/neutron-subnet-allocation).
- Added actions to easily associate LBaaS VIP with a floating IP (https://blueprints.launchpad.net/horizon/+spec/lbaas-vip-fip-associate).
- Images (Glance)
- The metadata editor has been updated with AngularJS (https://blueprints.launchpad.net/horizon/+spec/angularize-metadata-update-modals).
- Compute images metadata can now be edited from the Project dashboard, using the new metadata editor (https://blueprints.launchpad.net/horizon/+spec/project-images-metadata).
- Block Storage (Cinder)
- Enabled support for migrating volumes (https://blueprints.launchpad.net/horizon/+spec/volume-migration).
- Volume types can be now edited, and include description fields (https://blueprints.launchpad.net/horizon/+spec/volume-type-description).
- Orchestration (Heat)
- Improvements to the heat topology, making more resources identifiable where previously they had no icons and were displayed as unknown resources (https://blueprints.launchpad.net/horizon/+spec/heat-topology-display-improvement).
- Data Processing (Sahara)
- Unified job interface map. This is a human readable method for passing in configuration data that a job may require or accept (https://blueprints.launchpad.net/horizon/+spec/unified-job-interface-map-ui).
- Added editing capabilities for job binaries (https://blueprints.launchpad.net/horizon/+spec/allow-editing-of-job-binaries).
- Added editing capabilities for data sources (https://blueprints.launchpad.net/horizon/+spec/allow-editing-of-data-sources).
- Added editing capabilities for job templates (https://blueprints.launchpad.net/horizon/+spec/data-processing-edit-templates).
- Exposed event log for clusters (https://blueprints.launchpad.net/horizon/+spec/sahara-event-log).
- Added support for shell job types (https://blueprints.launchpad.net/horizon/+spec/sahara-shell-action-form).
- Databases (Trove)
- Added initial support for database cluster creation and management. Vertica and MongoDB are currently supported (https://blueprints.launchpad.net/horizon/+spec/database-clustering-support).
- Identity (Keystone)
- Added mapping for Identity Provider and Protocol specific WebSSO (https://github.com/openstack/horizon/commit/3b4021c0ad0e8d7b10aa8c2dcd8c13a5717c450c).
- Configurable token hashing (https://github.com/openstack/django_openstack_auth/commit/ece924a79d27ede1a8475d7f98e6d66bc3cffd6c and https://github.com/openstack/horizon/commit/48e651d05cbe9366884868c5331d49a501945adc).
- Horizon (internal improvements)
- Full support for translation in AngularJS, along with simpler tooling (https://blueprints.launchpad.net/horizon/+spec/angular-translate-makemessages).
- Added Karma for JavaScript testing (https://blueprints.launchpad.net/horizon/+spec/karma).
- Added ESLint for JavaScript linting, using the eslint-config-openstack rules (https://blueprints.launchpad.net/horizon/+spec/jscs-cleanup).
- Horizon now supports overriding of existing Django templates (https://blueprints.launchpad.net/horizon/+spec/horizon-theme-templates).
- JavaScript files are now automatically included (https://blueprints.launchpad.net/horizon/+spec/auto-js-file-finding).
업그레이드 노트
- Django 1.8 is now supported, and Django 1.7 is our minimum supported version (https://blueprints.launchpad.net/horizon/+spec/drop-django14-support).
- Database-backed sessions will likely not persist across upgrades due to a change in their structure (https://github.com/openstack/django_openstack_auth/commit/8c64de92f4148d85704b10ea1f7bc441db2ddfee and https://github.com/openstack/horizon/commit/ee2771ab1a855342089abe5206fc6a5071a6d99e).
- Horizon no longer uses QUnit in testing, and it has been removed from our requirements (https://blueprints.launchpad.net/horizon/+spec/replace-qunit-tests-with-jasmine).
- Horizon now has multiple configuration options for the default web URL (
WEBROOT
), static file location (STATIC_ROOT
) and static file URL (STATIC_URL
) in its settings files. - Themes have moved location from
openstack_dashboard/static/themes
, toopenstack_dashboard/themes
. Paths may need to be updated accordingly. Furthermore, Horizon is aligning closer with Bootstrap markup, and themes should be built around this ideology; see the top bar and side navigation for details. - The deprecated
OPENSTACK_QUANTUM_NETWORK
configuration option has been removed. If you still use it, replace it withOPENSTACK_NEUTRON_NETWORK
- There is now an
OPENSTACK_NOVA_EXTENSIONS_BLACKLIST
option in the settings, to disable selected extensions for performance reasons (https://github.com/openstack/horizon/commit/18f4b752b8653c9389f8b0471eccaa0659707ebe). - Trove and Sahara panels now reside in
openstack_dashboard/contrib
. This is to provide separation for reviews provided mostly by the service teams. In the future, these panels may become plugins rather than being kept in Horizon (https://blueprints.launchpad.net/horizon/+spec/plugin-sanity). - Horizon requires both a
volume
andvolumev2
endpoint for Cinder, even if only using v2.
OpenStack Trove (DBaaS)
새로운 주요 기능
- Redis
- Configuration Groups for Redis
- Cluster support
- MongoDB
- Backup and restore for a single instance
- User and database management
- Configuration Groups
- Percona XtraDB Cluster Server
- Cluster support
- Allow deployer to associate instance flavors with specific datastores
- Horizon support for database clusters
- Management API for datastore and versions
- Ability to deploy Trove instances in a single admin tenant, so that the nova instances are hidden from the user
OpenStack Bare metal (Ironic)
Ironic has switched to an intermediate release model and released version 4.0 during Liberty, followed by two minor updates. Version 4.2 forms the basis for the OpenStack Integrated Liberty release and will receive stable updates.
Please see full release notes here: http://docs.openstack.org/developer/ironic/releasenotes/index.html
새로운 기능
- Added "ENROLL" hardware state, which is the default state for newly created nodes.
- Added "abort" verb, which allows a user to interrupt certain operations while they are in progress.
- Improved query and filtering support in the REST API.
- Added support for CORS middleware.
하드웨어 드라이버
- Added a new BootInterface for hardware drivers, which splits functionality out of the DeployInterface.
- iLO virtual media drivers can work without Swift.
- Added Cisco IMC driver.
- Added OCS Driver.
- Added UCS Driver.
- Added Wake-On-Lan Power Driver.
- ipmitool driver supports IPMI v1.5.
- Added support to SNMP driver for “APC MasterSwitchPlus” series PDU’s.
- pxe_ilo driver now supports UEFI Secure Boot (previous releases of theiLO driver only supported this for agent_ilo and iscsi_ilo).
- Added Virtual Media support to iRMC Driver.
- Added BIOS configuration to DRAC Driver.
- PXE drivers now support GRUB2.
사용하지 않는 기능
- The "vendor_passthru" and "driver_vendor_passthru" methods of the DriverInterface have been removed. These were deprecated in Kilo and replaced with the @passthru decorator.
- The migration tools to import data from a Nova "baremetal" deployment have been removed.
- Deprecated the "parallel" option to periodic task decorator.
- Removed deprecated ‘admin_api’ policy rule.
- Support for the original "bash" deploy ramdisk is deprecated and will be removed in two cycles. The ironic-python-agent project should be used for all deploy drivers.
업그레이드 노트
- Newly created nodes default to the new ENROLL state. Previously, nodes defaulted to AVAILABLE, which could lead to hardware being exposed prematurely to Nova.
- The addition of API version headers in Kilo means that any client wishing to interact with the Liberty API must pass the appropriate version string in each HTTP request. Current API version is 1.14.
OpenStack Key Manager (Barbican)
새로운 기능
- Added the ability for project administrators to create certificate authorities per project. Also, project administrators are able to define and manage a set of preferred certificate authorities (CAs) per project. This allows projects to achieve project specific security domains.
- Barbican now has per project quota support for limiting number of Barbican resources that can be created under a project. By default the quota is set to unlimited and can be overridden in Barbican configuration.
- Support for a rotating master key which is used for wrapping project level keys. In this lightweight approach, only the project level key (KEK) is re-wrapped with new master key (MKEK). This is currently applicable only for the PKCS11 plug-in. (http://specs.openstack.org/openstack/barbican-specs/specs/liberty/add-crypto-mkek-rotation-support-lightweight.html)
- Updated Barbican's root resource to return version information matching Keystone, Nova and Manila format. This is used by keystoneclient's versioned endpoint discovery feature.
- Removed administrator endpoint as all operations are available on a regular endpoint. No separate endpoint is needed as access restrictions are enforced via Oslo policy.
- Added configuration for enabling sqlalchemy pool for the management of SQL connections.
- Added ability to list secrets which are accessible via ACL using GET /v1/secrets?acl-only=true request.
- Improved functional test coverage around Barbican APIs related to ACL operations, RBAC policy and secrets.
- Fixed issues around creation of SnakeOil CA plug-in instance.
- Barbican client CLI can now take a Keystone token for authentication. Earlier only username and password based authentication was supported.
- Barbican client now has ability to create and list certificate orders.
업그레이드 노트
- Removed project secret association table. Secret project relationship is maintained by foreign key. For more detail, see http://specs.openstack.org/openstack/barbican-specs/specs/liberty/data-remove-tenant-secret-assoc.html .
- Renamed barbican configuration file to
barbican.conf
.
OpenStack Image Service (Glance)
Updated project guide that includes some details on operating, installing, configuring, developing to and using the service: http://docs.openstack.org/developer/glance/
새로운 주요 기능
- Added support for uploading signed images. For more information, see http://specs.openstack.org/openstack/glance-specs/specs/liberty/image-signing-and-verification-support.html .
- Scrubbing of images in parallel is now possible. For more information, see http://specs.openstack.org/openstack/glance-specs/specs/liberty/scrub-images-in-parallel.html .
- The health of a Glance node can be monitored using the healthcheck middleware. For more information, see http://specs.openstack.org/openstack/glance-specs/specs/liberty/healtcheck-middleware.html .
- The EXPERIMENTAL Artifacts API is now available for use. Please note, it is subject to change in the future until it becomes a standard API.
- S3 store now has proxy support. For more information, see http://specs.openstack.org/openstack/glance-specs/specs/liberty/http-proxy-support-for-s3.html .
- Swift store now has v3 authentication support.
- python-glanceclient now support some advanced aspects of keystone sessions.
- python-glanceclient now supports tags for Metadata Definition Catalog.
업그레이드 노트
- python-glanceclient는 Glance API v2를 기본으로 사용합니다. 만약 v2를 사용할 수 없다면 v1으로 작업하게 됩니다.
- Dependencies for backend stores are now optionally installed corresponding to each store specified.
- Swift, s3, vmware와 같은 스토리지를 Python3로 사용 가능합니다.
- 소스코드와 일부 새로운 업데이트뿐만 아니라 기본 메타 정의 ship을 했습니다. (Some new as well as updated default metadata definitions ship with the source code.)
- 추가적으로 Glance API는 Python3를 지원합니다. 그리고 지속적인 호환성 지원을 위해 시험 기능이 계속 추가됩니다.
- 배엔드 MySQL DB에서 utf-8이 기본 문자셋입니다.
- Migration scripts have been updated to perform a sanity check for the table charset.
- 'ram_disk' and 'kernel' properties can now be null in the schema and 'id' is now read only attribute for v2 API.
- A configuration option
client_socket_timeout
has been added to take advantage of the recent eventlet socket timeout behaviour. - A configuration option
scrub_pool_size
has been added to set the number of parallel threads that a scrubber should run and defaults to 1. - An important bug that allowed to change the image status using the Glance v1 API has now been fixed.
사용하지 않는 기능
- 실험용 카탈로그 인덱스 서비스는 삭제되고 새롭게 Searchlight로 변경되었습니다.
- Scrubber에 대한 파일 백업 큐링이 삭제되고 구성 옵션에서
scrubber_datadir
,cleanup_scrubber
,cleanup_scrubber_time
가 삭제되었습니다.
새로운 기능
- 가용 구역을 구성하여 사용할 수 있습니다.
- Share 인스턴스에서 관리자 API 구성 요소가 추가되었습니다.
- 기존 공유 서버를 Manila scheduler를 통해 pool에서 새로운 공유 위치를 변경하는 poll weigher가 추가되었습니다.
- hostpool에서 다른 hostpoll로 share에 대한 마이그레이션을 지원합니다. (테스트중).
- 일반 드라이버에서 확장된 용량을 공유할 수 있도록 추가되었습니다. (Added shared extend capability in the generic driver.)
- 동일한 시점에 생성된 여러 파일시스템 share에 대한 스냅샷을 생성할 수 있는 정합성(consistency) 그룹 추가를 지원합니다. (테스트중) (Support for adding consistency groups, which allow snapshots for multiple filesystem shares to created at the same point in time (experimental).)
- NetApp cDOT 드라이버와 일반 드라이버에서 정합성(consistency) 그룹을 지원합니다.
- 씬 프로비저닝(thin provisioning)에서 oversubscription에대해 지원합니다.
- 새로운 Windows SMB 드라이버:
- Windows 서비스 인스턴스와 추출된(exporting) SMB share에 대한 핸들링을 지원합니다.
- Manila API 서비스에서 전체 처리량에 대한 새로운
osapi_share_workers
구성 옵션이 추가되었습니다. - Share 드라이브 메서드 콜(각 'N' 틱에 대해 추가로 주기적인 훅 콜) 전과 후에 어떠한 작업을 진행(action)하고 드라이버 작업(action) 결과를 업데이트할 수 있는 share 훅 기능이 추가되었습니다.
- NetApp cDOT 드라이버가 개선되었습니다:
- 새로운 Manila 공유 백업을 FlexVol으로 생성할때, 변수
netapp:dedup
,netapp:compression
가 추가되었습니다. - 관리(manage)/관리안함(unmanage) 지원과 shrink_share 지원이 추가되었습니다.
-
extended_share
API 구성 요소에대해 지원합니다. - 스토리지 배열(array)과 통신하는 netapp-lib PyPI 프로젝트를 지원합니다.
- 새로운 Manila 공유 백업을 FlexVol으로 생성할때, 변수
- HP 3PAR 드라이버가 개선되었습니다:
- 중복 제거(dedupe), 씬 프로비저닝 (thin provisioning) 및 hp3par_flash_cache 기능에대한 리포팅이 추가되었습니다. 공유 유형과 요청된 기능를 이용하여 호스트에 share를 위치시키는 CapabilitiesFilter를 사용할 수 있습니다.
- 공유 서버 지원이 추가되었습니다.
- Huawei Manila 드라이버가 개선되었습니다:
- 스토리지 pool, extend_share, manage_existing, shrink_share, read-only share, smartcache, smartpartition에 대한 지원이 추가되었습니다.
- 중복 제거(dedupe), 씬 프로비저닝 (thin provisioning) 및 압축 기능에 대한 리포팅이 추가되었습니다.
- NVX Manila 드라이버에대해 접근 레벨(access-level) 지원이 추가되었습니다.
- Manila HDS HNAS 드라이버 지원이 추가되었습니다.
- GlusterFS 네이티브 드라이버가 추가되었습니다.
- GlusterFS 드라이버는 호환되는 share 레이아웃 목록에서 새롭게 지정할 수 있습니다.
- Microversion 지원이 추가되었습니다 (v2 API).
사용하지 않는 기능
-
share_reset_status
API 구성 요소는 사용하지 않으며,share_instance_reset_status
로 대신합니다.