Release Notes, Diablo
- 1 Release Notes, Diablo
- 1.1 New Features
- 1.2 Upgrade notes
- 1.3 Known Issues and Limitations
- 1.4 Blueprints implemented during the Diablo release
OpenStack Object Storage (Swift)
- Additional quarantine catching code.
- Added client_ip to all proxy log lines not otherwise containing it.
- Content-Type is now application/xml for "GET services/bucket" swift3 middleware requests.
- Alpha release of the Swift Recon Experiment
- Fix last modified date for swift3 middleware.
- Fix to clear account/container metadata on account/container deletion.
- Fix for corner case regarding X-Newest.
- Fix for object auditor running out of file descriptors.
- Fix to return all proper headers for manifest objects.
- Fix to the swift tool to strip any leading slashes on file names when uploading.
- Removed stats/logging code from Swift [now in separate slogging project].
- Container Synchronization Feature - First Edition
- Fix swift3 authentication bug about the Date and X-Amz-Date handling.
- Changing ratelimiting so that it only limits PUTs/DELETEs.
- Object POSTs are implemented as COPYs now by default (you can revert to previous implementation with conf object_post_as_copy = false)
- You can specify X-Newest: true on GETs and HEADs to indicate you want Swift to query all backend copies and return the newest version retrieved.
- Object COPY requests now always copy the newest object they can find.
- Account and container GETs and HEADs now shuffle the nodes they use to balance load.
- Fixed the infinite charset: utf-8 bug
- This fixes the bug that drop_buffer_cache() doesn't work on systems where off_t isn't 64 bits.
- st renamed to swift
- swauth was separated from swift. It is now its own project and can be found at https://github.com/gholt/swauth.
- tempauth middleware added as an extremely limited auth system for dev work.
- Account and container listings now properly labeled UTF-8 (previously the label was "utf8").
- Accounts are auto-created if an auth token is valid when the account_autocreate proxy config parameter is set to true.
- swift-bench now cleans up containers it creates.
- WSGI servers now load WSGI filters and applications after forking for better plugin support.
- swauth-cleanup-tokens now handles 404s on token containers and tokens better.
- Proxy logs the remote IP address as the client IP in the absence of X-Forwarded-For and X-Cluster-Client-IP headers instead of - like it did before.
- Swift3 WSGI middleware added support for param-signed URLs.
- swauth- scripts now exit with proper exit codes.
- Fixed a bug where allowed_headers weren't honored for HEAD requests.
- Double quarantining of corrupted sqlite3 databases now works.
- Fix for Object replicator breaking when running object replicator with no objects on the server.
- Added the Accept-Ranges header to GET and HEAD requests.
- When a single object has multiple async pending updates on a single device, only latest async pending is now sent.
- Fixed issue of Swift3 WSGI middleware not working correctly with '/' in object names.
- Renamed swift-stats-* to swift-dispersion-* to avoid confusion with log stats stuff.
- Added X-Trans-Id transaction id header to every response.
- Fixed a Python 2.7 compatibility problem.
- Now using bracketed notation for ip literals in rsync calls, so compressed ipv6 literals work.
- Added a container stats collector and refactoring some of the stats code.
- Changed subdir nodes in XML formatted object listings to align with object nodes. Now: <subdir name="foo"><name>foo</name></subdir> Before: <subdir name="foo" />.
- Fixed bug in Swauth to support for multiple swauth instances.
- swift-ring-builder: Added list_parts command which shows common partitions for a given list of devices.
- Object auditor now shows better statistics updates in the logs.
- Stats uploaders now allow overrides for source_filename_pattern and new_log_cutoff values.
OpenStack Compute (Nova)
- Distributed scheduling across zones
- Snapshot, clone and boot from volumes
- Integration with Keystone authentication
- OpenStack API 1.1 (including floating IP support)
- Configuration drive
- KVM Pause/Suspend support
- Instance migration
- Notification system
- Instance types and capabilities-based scheduling
- Multiple NICs
- KVM Block migration support
- HA mode for FlatDHCP network model
- Support for Virtual Storage Arrays
- Global firewall rules
- Support for multiple volume types
- Quantum NaaS integration points
OpenStack Image Registry and Delivery service (Glance)
- API Enhancements
- * Versioning in the API
- * Custom ordering of results
- * Results filtering
- * Results limiting and pagination
- * New ISO disk format
- Usability and performance improvements
- * Local filesystem LRU cache
- * Delayed deletion of images
- * Integration with Keystone authentication
- * Sharing images between tenants
- * Event notifications
- * Internationalization of error and output messages
Swift can be upgraded in-place with no impact to connected users. It is best to upgrade one zone at a time so that any potential problems can be seen without affecting cluster uptime. Various config files have changed between swift 1.2 (openstack cactus) and swift 1.4.3 (openstack diablo). Be sure to read the changelog and understand the changes being made before upgrading a production cluster. It is strongly advised to test your upgrade process in staging before production.
Basic process for upgrading swift
Obviously these instructions are not comprehensive. They are meant as a rough guide for how to upgrade a running cluster.
- Shutdown background jobs, such as; updater, replicator, auditor, crond ... etc.
You can do that with swift-init rest stop and /etc/init.d/crond stop
- Upgrade Swift packages and dependencies.
- Install python-slogging package and swauth package (if needed).
- Update config files
- Reload servers.
You can do that with with swift-init <server> reload
- Restart background jobs.
You can do that with swift-init rest start and /etc/init.d/crond start
Upgrading from Cactus to Diablo is outlined in Migrating from Cactus to Diablo. There are additional considerations mentioned here as well.
- The default value of --use_deprecated_auth flag is True, which is the auth used for euca- tools and is contained in the project zip files in a novarc file. Please note that the Ubuntu packages turn on old-style auth by default, so if you install from ppa packages, you will still be using the older Cactus-style auth. Refer to Configuring Authentication for additional information and authentication options.
- A separate command is available to migrate users from the deprecated auth system to the Identity Service, 'nova-manage shell export users.txt' where users.txt is the name of the export file. Within the Identity Service code base (the Keystone project) there is a keystone-import script that you can run to import these users.
- The nova-manage network command requires an additional label parameter, changing the usage to nova-manage network create private CIDR/nn n n where "private" is a label for the network.
- The nova-manage network command requires a bridge parameter for flatdhcp mode if --flat_network_bridge is not set. It used to default to br100. You can mantain the old behavior by adding --flat_network_bridge=br100 in your flagfile.
- The nova-manage floating create <hostname> 184.108.40.206/31 command no longer takes the hostname parameter, changing the usage to nova-manage floating create 220.127.116.11/31.
- Server create requests through the v1.1 API now use flavorRef and imageRef attributes instead of flavorId and imageId. This is in preparation to support remote resources in a future release.
- The --glance_host and --glance_port flags were changed to a single flag: --glance_api_servers. It needs to contain the IP address and port value for the Glance API server. The default is '$my_ip:9292'.
- The flag --allow_project_net_traffic was renamed to --allow_same_net_traffic. This flag will allow all traffic from other vms (and host machines) in the same network. It defaults to true. If you would prefer to block all vm-vm traffic and use security groups to manage vm-vm traffic, set this flag to false.
- The nova implementation of security groups is slightly different than other cloud implementations. Traffic within a security group is not automatically enabled. If you want to allow ports (or all traffic) within a given security group, you can create a rule using the same source and destination group.
Feature Disparity KVM vs XenServer
- KVM only features:
- Block Device Mapping
- Live migration
- Block migration
- Security groups
- XenServer-only features:
- Reset root password
Upgrading from a Cactus installation involves downloading and installing the new Diablo Glance packages, running a glance-manage db_sync to migrate the registry database schema, and updating various configuration files. If using authentication with Keystone, some additional setup with Keystone is required, as well as some changes in your Glance configuration files. you can read more about authentication in Glance using Keystone in the Glance manual.
The Glance configuration files contain lots of documentation and commented-out pieces that are explained in the configuration files.
Known Issues and Limitations
- XenServer and KVM handle local storage differently: the XenServer code resizes the root drive to the size used in local storage, while the KVM code resizes the root drive up to 10G if it is less than that (but doesn't mess with partitions), then attaches a disk the size of local_gb as a second drive (Bug 834189)
- The Hyper-V hypervisor was not updated to match the new features in Diablo, therefore its use is discouraged (Bug 843704)
- XenServer VDI is not resized to the correct local_gb specified in instance_type on the initial boot. On subsequent resizes, the disk is corrected (Bug 845714)
OpenStack API 1.1 issues
- Instances still show both ids and UUIDs in responses (Bug 804093)
- Image details do not include minDisk and minRam settings (Bug 819990)
- Cannot specify desired version of the API via content-type header (Bug 844905)
- Pagination links are missing in several collection resources (Bug 844912)
- Flavor resource missing some filtering options (Bug 844926)
- The Glance PTL mistakenly forgot to include the patch for an important bug fix in the Diablo final package. This patches fixes bug 845788. The patch has made it into the Oneiric Ubuntu release, and will be in the next package uploaded to PyPI.