Jump to: navigation, search

Difference between revisions of "ReleaseNotes/Essex"

(Fixes TOC nesting)
Line 198: Line 198:
 
* Install/Setup notes for Essex are at http://fedoraproject.org/wiki/Getting_started_with_OpenStack_on_Fedora_17
 
* Install/Setup notes for Essex are at http://fedoraproject.org/wiki/Getting_started_with_OpenStack_on_Fedora_17
 
* An unofficial Essex repository for Fedora 16 is available at http://repos.fedorapeople.org/repos/apevec/openstack-preview/fedora-16/noarch/
 
* An unofficial Essex repository for Fedora 16 is available at http://repos.fedorapeople.org/repos/apevec/openstack-preview/fedora-16/noarch/
 +
 +
=== Ubuntu 12.04 Precise Pangolin LTS ===
 +
 +
All core Openstack Essex components are officially supported and available in the Main Precise Ubuntu archive:
 +
 +
* [https://launchpad.net/ubuntu/+source/nova Nova]
 +
* [https://launchpad.net/ubuntu/+source/glance Glance]
 +
* [https://launchpad.net/ubuntu/+source/swift Swift]
 +
* [https://launchpad.net/ubuntu/+source/keystone Keystone]
 +
* [https://launchpad.net/ubuntu/+source/horizon Horizon]
 +
 +
~-Note: Horizon and Keystone are currently located in Universe as they undergo
 +
a security review before promotion to Main for the 12.04 Precise release (April 26th 2012)-~
 +
 +
Incubated projects Quantum and Melange are available for Precise in Universe
 +
 +
* [https://launchpad.net/ubuntu/+source/quantum Quantum]
 +
* [https://launchpad.net/ubuntu/+source/melange Melange]
 +
 +
Essex can be deployed on Ubuntu Server using MAAS and Juju.
 +
 +
Martin Loschwitz has written a wonderful step-by-step guide for manually installing Essex on Ubuntu 12.04:
 +
 +
http://www.hastexo.com/resources/docs/installing-openstack-essex-4-ubuntu-1204-precise-pangolin

Revision as of 20:26, 4 April 2012

Release Notes, Essex

<<TableOfContents()>>

New Features

OpenStack Object Storage (Swift)

swift (1.4.4)

swift (1.4.5)

swift (1.4.6)

  • TempURL and FormPost middleware added
  • Added memcache.conf option
  • Dropped eval-based json parser fallback
  • Properly lose all groups when dropping privileges
  • Fix permissions when creating files
  • Fixed bug regarding negative Content-Length in requests
  • Consistent formatting on Last-Modified response header
  • Added timeout option to swift-recon
  • Allow arguments to be passed to nosetest
  • Removed tools/rfc.sh
  • Other minor bug fixes

swift (1.4.7)

  • Improvements to account and container replication.
  • Fix for account servers allowing .pending to exist before .db.
  • Fixed possible key-guessing exploit in formpost.
  • Fixed bug in ring builder when removing a large percentage of devices.
  • Swift CLI tool now supports openstack-standard CLI flags.
  • New JSON output option for swift-dispersion-report.
  • Removed old stats tools.
  • Other bug fixes and documentation updates.

swift (1.4.8)

  • Added optional max_containers_per_account restriction
  • Added alternate metadata header removal method
  • Added optional name_check middleware filter
  • Added support for venv-based test runs with tox
  • StaticWeb behavior change with X-Web-Mode: true and non-StaticWeb-enabled containers (immediately 404s instead of passing the request on down the WSGI pipeline).
  • Fixed typo in swift-dispersion-report JSON output.
  • Swift-Recon-related fix to create temporary files on the same disk as their final destinations.
  • Updated return codes in swift3 middleware
  • Fixed swift3 middleware to allow Content-Range header in response
  • Updated swift.common.client and swift CLI tool with auth 2.0 changes
  • Swift CLI tool now supports common openstack auth args
  • Body of HTTP responses now included in error messages of swift CLI tool
  • Refactored some ring building functions for clarity and simplicity

OpenStack Compute (Nova)

Volumes

Security

Authorization and Authentication

Hypervisor-specific

API

Network

Messaging

Live migration

Orchestration and troubleshooting enhancements (for lack of a better term)

Console Access to VMs

OpenStack Image Registry and Delivery (Glance)

Authorization

API enhancements

Usability and performance improvements

OpenStack Dashboard (Horizon)

The Dashboard interface has improved in many ways this release.

OpenStack Identity service (Keystone)

The implementation of the Identity service changed completely during the Essex release. Much of the design is precipitated from the expectation that the auth backends for most deployments will actually be shims in front of existing user systems. Documentation has been updated to support this change and migration paths are documented at http://keystone.openstack.org.

Key Highlights of the Keystone Transition

  • The external API - both "admin" and "user" facing has remained stable and identical to the Diablo release. In changing the underlying implementation, we were very careful to keep external components stable to allow us to progress quickly in the future.
  • The middleware components used by the other OpenStack projects were substantially rewritten to simply that code as well.
  • The implementation of authorization by services was changed from a single shared secret (previously called the "admin token") to a per-service account and password credential pair.
    • this implies configuration changes into nova, glance, swift, etc. specifically around the api-paste.ini files, where new values are now defined for those credentials, and they are now implementable per-service.
  • The Keystone service, and the middleware implementations now do considerably more logging for system administrators and openstack deployers to be able to debug authentication and authorization issues.
  • Keystone now supports S3 token validation and additional Swift storage features:
    • Swift ACL is now supported, you can allow/deny different users within a tenant.
    • Anoymous access via ACL to allow public access to container.
    • Reseller accounts support to give ability to nova to access swift and have it to replace nova-objectstore.

Known Issues and Limitations for Keystone

  • Using SSL certs for authorization instead of userid/credentials
  • Any API to drive policy definitions around role based access controls
  • Mapping identity to pre-existing LDAP backends
  • User facing APIs to support (when available) identity updates (i.e. a user changing their password, or "logging out")

Known packaged distributions

OpenSUSE 12.1 / SLES11 SP2

You can find all details about the repositories for OpenSUSE 12.1 and SLES11 SP2 on our packaging site in the wiki: Packaging/SUSE

Fedora 17 / Fedora 16 / EPEL 6

Ubuntu 12.04 Precise Pangolin LTS

All core Openstack Essex components are officially supported and available in the Main Precise Ubuntu archive:

~-Note: Horizon and Keystone are currently located in Universe as they undergo a security review before promotion to Main for the 12.04 Precise release (April 26th 2012)-~

Incubated projects Quantum and Melange are available for Precise in Universe

Essex can be deployed on Ubuntu Server using MAAS and Juju.

Martin Loschwitz has written a wonderful step-by-step guide for manually installing Essex on Ubuntu 12.04:

http://www.hastexo.com/resources/docs/installing-openstack-essex-4-ubuntu-1204-precise-pangolin