Difference between revisions of "ReleaseNotes/Essex"
Line 194: | Line 194: | ||
http://www.hastexo.com/resources/docs/installing-openstack-essex-4-ubuntu-1204-precise-pangolin | http://www.hastexo.com/resources/docs/installing-openstack-essex-4-ubuntu-1204-precise-pangolin | ||
+ | |||
+ | === Debian GNU/Linux wheezy === | ||
+ | |||
+ | All core Openstack Essex components are officially supported and available in the Main wheezy archive: | ||
+ | |||
+ | * [http://packages.qa.debian.org/n/nova.html Nova] | ||
+ | * [http://packages.qa.debian.org/g/glance.html Glance] | ||
+ | * [http://packages.qa.debian.org/s/swift.html Swift] | ||
+ | * [http://packages.qa.debian.org/k/keystone.html Keystone] | ||
+ | * [http://packages.qa.debian.org/h/horizon.html Horizon] | ||
+ | * [http://packages.qa.debian.org/q/quatum.html Quantum] | ||
+ | * [http://packages.qa.debian.org/m/melange.html Melange] | ||
+ | |||
+ | Essex can be deployed with [http://wiki.debian.org/OpenStackHowto a HOWTO] and [https://github.com/puppetlabs/puppetlabs-openstack puppet modules]. |
Revision as of 21:01, 4 April 2012
Release Notes, Essex
<<TableOfContents()>>
New Features
OpenStack Object Storage (Swift)
Release Overview
Swift has release version 1.4.4 through 1.4.8 during the Essex release cycle. The complete changelog is on GitHub .
Several important new features have been added to swift. Swift now supports expiring objects, HTML form POSTs with teporary signed URLs, and the Openstack auth 2.0 API in the swift CLI. Other new features include new config options, optional functionality in middleware, and more ops tools.
Expiring objects allow a swift user to set an expiry time or a TTL on an object, after which the object is no longer accessible and will be deleted from the system. This feature enables new use cases for swift. For example, this feature could be used by a document managements system with data retention requirements.
The new formpost and tempurl middleware modules allow a swift user to create a URL with write access and then use that URL as the target of an HTML form POST. This feature is aimed at a control panel use case. Since swift uses an auth method based on information in request headers, browsers typically can't access swift directly. With these two new middleware modules, someone building a swift control panel can have the browser directly upload content into the swift cluster. Since the requests are going directly to swift and don't have to be proxied through the control panel web servers for auth, the control panel deployer only has to scale infrastructure based on the control panel usage, not swift usage.
In addition to new features, many bugs have been squashed as well. Swift developers have found and fixed memory leaks, improved data corruption detection, improved replication, and improved the way rings are built.
Upgrade Notes
The process is generally as follows:
- Shutdown background jobs, such as; updater, replicator, auditor, crond ... etc. (You can do that with swift-init rest stop and /etc/init.d/crond stop)
- Upgrade Swift packages.
- Upgrade other packages as needed.
- Reload the servers (swift-init main reload)
- Restart the background jobs (swift-init rest start and /etc/init.d/crond start)
OpenStack Compute (Nova)
Volumes
Security
Authorization and Authentication
- Authorization - Can <user> <do something> to <some resource>?
- Enable euca-upload-bundle and euca-register through X509 Cert management
- Rewrite the keystone export to work properly
Hypervisor-specific
- KVM and Xen Disk Management Parity
- Unify a common path for VNC Consoles for XenServer or KVM
- XenAPI support for Security Groups
- Support KVM booting from ISO images
- Support for XenServer 5.6 and high availablilty networking added to DevStack
- Report capabilities to ZoneManager for KVM to match capability of XenServer
- Libvirt File Injection
- Libvirt/KVM resize
- Remove Hyper-V support
- Security group driver code for XenAPI for firewalls
- Fast image cloning support for Xenserver
API
- Separate Nova Admin API
- Console log now available through Compute API
- Return request ids in responses to enable better troubleshooting
- Refactor extensions to eliminate ExtensionMiddleware and LazySerializationMiddleware to call extensions directly
- Validate EC2 API parameters upon execution
- Improve VM state management to constrain state transitions
- Volume snapshot and backup API extension
- Separate nova metadata service
- Remove non-standard ec2 extensions for roles, user, project, vpn in an "admin" EC2 API
Network
- Changes to network representations in nova database (Untie the Nova network models)
- Move cloudpipe calls to a Compute API extension
- Support multiple floating IP ranges
- Manage DNS entries for instances, for floating IPs, for different DNS servers
- Add floating IP support to QuantumManager
- Compute Network info copy for performance improvement
- Bandwidth rate multipliers and base limits
- Add support for NAT to QuantumManager
Messaging
Live migration
Orchestration and troubleshooting enhancements (for lack of a better term)
- Ensure uuids internally to references instances
- Adds ability to get the last error using a nova-manage command
- Remove callbacks from virt drivers
- Network info model for nova
- Host aggregates, a mechanism to further partitioning an availability zone, i.e. into multiple groups of hosts that share common resources like storage and network.
- Improvements for Scaling Zones
- Add Image Cache Management to Compute Nodes
- Bare-metal provisioning with Tilera tiled-processor back-end
- Optional Host and Admin VM information
Console Access to VMs
OpenStack Image Registry and Delivery (Glance)
Authorization
API enhancements
Usability and performance improvements
- Add option to allow custom directory for data buffering
- Show progress bar for uploading an image
- Allow images to be uploaded to glance from an external location via the X-Image-Meta-Copy-From header
- Support Qpid for glance notifications over AMPQ
- Support sendfile(2) to remove userspace copying of image file data
OpenStack Dashboard (Horizon)
The Dashboard interface has improved in many ways this release.
- Localization / Internationalization enabled including a Settings page for selecting a language
- Support for managing volumes
- Enable instance detail drill down
- A Human Interface Guidelines document has been established for the Dashboard
- Migrate to novaclient from openstackx
- Add launch from volume support
- Support for pause/suspend instance
- Support for displaying an instance power state
- Offer EC2 credentials download
- Offer support for volume snapshots
- Implement in-context help
OpenStack Identity service (Keystone)
The implementation of the Identity service changed completely during the Essex release. Much of the design is precipitated from the expectation that the auth backends for most deployments will actually be shims in front of existing user systems. Documentation has been updated to support this change and migration paths are documented at http://keystone.openstack.org.
Key Highlights of the Keystone Transition
- The external API - both "admin" and "user" facing has remained stable and identical to the Diablo release. In changing the underlying implementation, we were very careful to keep external components stable to allow us to progress quickly in the future.
- The middleware components used by the other OpenStack projects were substantially rewritten to simply that code as well.
- The implementation of authorization by services was changed from a single shared secret (previously called the "admin token") to a per-service account and password credential pair.
- this implies configuration changes into nova, glance, swift, etc. specifically around the api-paste.ini files, where new values are now defined for those credentials, and they are now implementable per-service.
- The Keystone service, and the middleware implementations now do considerably more logging for system administrators and openstack deployers to be able to debug authentication and authorization issues.
- Keystone now supports S3 token validation and additional Swift storage features:
- Swift ACL is now supported, you can allow/deny different users within a tenant.
- Anoymous access via ACL to allow public access to container.
- Reseller accounts support to give ability to nova to access swift and have it to replace nova-objectstore.
Known Issues and Limitations for Keystone
- Using SSL certs for authorization instead of userid/credentials
- Any API to drive policy definitions around role based access controls
- Mapping identity to pre-existing LDAP backends
- User facing APIs to support (when available) identity updates (i.e. a user changing their password, or "logging out")
Known packaged distributions
OpenSUSE 12.1 / SLES11 SP2
- https://build.opensuse.org/project/show?project=isv:B1-Systems:OpenStack:release:Essex
- https://build.opensuse.org/project/show?project=isv:B1-Systems:OpenStack:release:Essex:requirements
You can find all details about the repositories for OpenSUSE 12.1 and SLES11 SP2 on our packaging site in the wiki: Packaging/SUSE
Fedora 17 / Fedora 16 / EPEL 6
- Fedora 17 (May 2012) will ship with OpenStack Essex
- The Extra Packages for Enterprise Linux repository supporting RHEL >= 6.2 and derivatives will update from Diablo to Essex
- You can get Fedora/EPEL OpenStack package details at https://apps.fedoraproject.org/packages/s/openstack
- Install/Setup notes for Essex are at http://fedoraproject.org/wiki/Getting_started_with_OpenStack_on_Fedora_17
- An unofficial Essex repository for Fedora 16 is available at http://repos.fedorapeople.org/repos/apevec/openstack-preview/fedora-16/noarch/
Ubuntu 12.04 Precise Pangolin LTS
All core Openstack Essex components are officially supported and available in the Main Precise Ubuntu archive:
~-Note: Horizon and Keystone are currently located in Universe as they undergo a security review before promotion to Main for the 12.04 Precise release (April 26th 2012)-~
Incubated projects Quantum and Melange are available for Precise in Universe
Essex can be deployed on Ubuntu Server using MAAS and Juju.
Martin Loschwitz has written a wonderful step-by-step guide for manually installing Essex on Ubuntu 12.04:
http://www.hastexo.com/resources/docs/installing-openstack-essex-4-ubuntu-1204-precise-pangolin
Debian GNU/Linux wheezy
All core Openstack Essex components are officially supported and available in the Main wheezy archive:
Essex can be deployed with a HOWTO and puppet modules.