Difference between revisions of "ReleaseNotes/Essex"
(Add Debian GNU/Linux to the list of distributions) |
(Added complete Horizon release notes) |
||
Line 117: | Line 117: | ||
=== [[OpenStack]] Dashboard (Horizon) === | === [[OpenStack]] Dashboard (Horizon) === | ||
− | + | ==== Release Overview ==== | |
− | + | During the Essex release cycle, Horizon underwent a significant set of internal | |
− | * | + | changes to allow extensibility and customization while also adding a significant |
− | * | + | number of new features and bringing much greater stability to every interaction |
− | * | + | with the underlying components. |
− | * | + | |
− | * | + | ==== Highlights ==== |
− | * | + | |
− | * | + | '''Extensibility''' |
− | * | + | |
− | * | + | Making Horizon extensible for third-party developers was one of the core |
− | + | goals for the Essex release cycle. Massive strides have been made to allow | |
+ | for the addition of new "plug-in" components and customization of [[OpenStack]] | ||
+ | Dashboard deployments. | ||
+ | |||
+ | To support this extensability, all the components used to build on Horizon's | ||
+ | interface are now modular and reusable. Horizon's own dashboards use these | ||
+ | components, and they have all been built with third-party developers in mind. | ||
+ | Some of the main components are listed below. | ||
+ | |||
+ | ''Dashboards and Panels'' | ||
+ | |||
+ | Horizon's structure has been divided into logical groupings called dashboards | ||
+ | and panels. Horizon's classes representing these concepts handle all the | ||
+ | structural concerns associated with building a complete user interface | ||
+ | (navigation, access control, url structure, etc.). | ||
+ | |||
+ | ''Data Tables'' | ||
+ | |||
+ | One of the most common activities in a dashboard user interface is simply | ||
+ | displaying a list of resources or data and allowing the user to take actions on | ||
+ | that data. To this end, Horizon abstracted the commonalities of this task into a | ||
+ | reusable set of classes which allow developers to programmatically create | ||
+ | displays and interactions for their data with minimal effort and zero | ||
+ | boilerplate. | ||
+ | |||
+ | ''Tabs and [[TabGroups]]'' | ||
+ | |||
+ | Another extremely common user-interface element is the use of "tabs" to break | ||
+ | down discrete groups of data into manageable chunks. Since these tabs often | ||
+ | encompasse vastly different data, may have completely different access | ||
+ | restrictions, and may sometimes be better-off being loaded dynamically rather | ||
+ | than with the initial page load, Horizon includes tab and tab group classes for | ||
+ | constructing these interfaces elegently and with no knowledge of the HTML, CSS | ||
+ | or [[JavaScript]] involved. | ||
+ | |||
+ | '''Nova Features''' | ||
+ | |||
+ | Support for Nova's features has been greatly improved in Essex: | ||
+ | |||
+ | * Support for Nova volumes, including: | ||
+ | ** Volumes creation and management. | ||
+ | ** Volume snapshots. | ||
+ | ** Realtime AJAX updating for volumes in transition states. | ||
+ | * Improved Nova instance display and interactions, including: | ||
+ | ** Launching instances from volumes. | ||
+ | ** Pausing/suspending instances. | ||
+ | ** Displaying instance power states. | ||
+ | ** Realtime AJAX updating for instances in transition states. | ||
+ | * Support for managing Floating IP address pools. | ||
+ | * New instance and volume detail views. | ||
+ | |||
+ | '''Settings''' | ||
+ | |||
+ | A new "Settings" area was added that offers several userful functions: | ||
+ | |||
+ | * EC2 credentials download. | ||
+ | * [[OpenStack]] RC file download. | ||
+ | * User language preference customization. | ||
+ | |||
+ | '''User Experience Improvements''' | ||
+ | |||
+ | * Support for batch actions on multiple resources (e.g. terminating multiple | ||
+ | instances at once). | ||
+ | * Modal interactions throughout the entire UI. | ||
+ | * AJAX form submission for in-place validation. | ||
+ | * Improved in-context help for forms (tooltips and validation messages). | ||
+ | |||
+ | '''Community''' | ||
+ | |||
+ | * Creation and publication of a set of Human Interface Guidelines (HIG). | ||
+ | * Copious amounts of documentation for developers. | ||
+ | |||
+ | '''Under The Hood''' | ||
+ | |||
+ | * Internationalization fully enabled, with all strings marked for translation. | ||
+ | * Client library changes: | ||
+ | ** Full migration to python-novaclient from the deprecated openstackx library. | ||
+ | ** Migration to python-keystoneclient from the deprecated keystone portion | ||
+ | of the python-novaclient library. | ||
+ | * Client-side templating capabilities for more easily creating dynamic | ||
+ | interactions. | ||
+ | * Frontend overhaul to use the Bootstrap CSS/JS framework. | ||
+ | * Centralized error handling for vastly improved stability/reliability | ||
+ | across APIs/clients. | ||
+ | * Completely revamped test suite with comprehensive test data. | ||
+ | * Forward-compatibility with Django 1.4 and the option of cookie-based sessions. | ||
+ | |||
+ | ==== Known Issues and Limitations ==== | ||
+ | |||
+ | '''Quantum''' | ||
+ | |||
+ | Quantum support has been removed from Horizon for the Essex release. It will be | ||
+ | restored in Folsom in conjunction with Quantum's first release as a core | ||
+ | [[OpenStack]] project. | ||
+ | |||
+ | '''Keystone''' | ||
+ | |||
+ | Due to the mechanisms by which Keystone determines "admin"-ness for a user, an | ||
+ | admin user interacting with the "Project" dashboard may see some inconsistent | ||
+ | behavior such as all resources being listed instead of only those belonging to | ||
+ | that project, or only being able to return to the "Admin" dashboard while | ||
+ | accessing certain projects. | ||
+ | |||
+ | '''Exceptions during customization''' | ||
+ | |||
+ | Exceptions raised while overriding built-in Horizon behavior via the | ||
+ | "customization_module" setting may trigger a bug in the error handling | ||
+ | which will mask the original exception. | ||
+ | |||
+ | ==== Backwards Compatibility ==== | ||
+ | |||
+ | The Essex Horizon release is only partially backwards-compatible with Diablo | ||
+ | [[OpenStack]] components. While it is largely possible to log in and interact, many | ||
+ | functions in Nova, Glance and Keystone changed too substantially in Essex to | ||
+ | maintain full compatibliity. | ||
=== [[OpenStack]] Identity service (Keystone) === | === [[OpenStack]] Identity service (Keystone) === |
Revision as of 01:43, 5 April 2012
Release Notes, Essex
<<TableOfContents()>>
New Features
OpenStack Object Storage (Swift)
Release Overview
Swift has release version 1.4.4 through 1.4.8 during the Essex release cycle. The complete changelog is on GitHub .
Several important new features have been added to swift. Swift now supports expiring objects, HTML form POSTs with teporary signed URLs, and the Openstack auth 2.0 API in the swift CLI. Other new features include new config options, optional functionality in middleware, and more ops tools.
Expiring objects allow a swift user to set an expiry time or a TTL on an object, after which the object is no longer accessible and will be deleted from the system. This feature enables new use cases for swift. For example, this feature could be used by a document managements system with data retention requirements.
The new formpost and tempurl middleware modules allow a swift user to create a URL with write access and then use that URL as the target of an HTML form POST. This feature is aimed at a control panel use case. Since swift uses an auth method based on information in request headers, browsers typically can't access swift directly. With these two new middleware modules, someone building a swift control panel can have the browser directly upload content into the swift cluster. Since the requests are going directly to swift and don't have to be proxied through the control panel web servers for auth, the control panel deployer only has to scale infrastructure based on the control panel usage, not swift usage.
In addition to new features, many bugs have been squashed as well. Swift developers have found and fixed memory leaks, improved data corruption detection, improved replication, and improved the way rings are built.
Upgrade Notes
The process is generally as follows:
- Shutdown background jobs, such as; updater, replicator, auditor, crond ... etc. (You can do that with swift-init rest stop and /etc/init.d/crond stop)
- Upgrade Swift packages.
- Upgrade other packages as needed.
- Reload the servers (swift-init main reload)
- Restart the background jobs (swift-init rest start and /etc/init.d/crond start)
OpenStack Compute (Nova)
Volumes
Security
Authorization and Authentication
- Authorization - Can <user> <do something> to <some resource>?
- Enable euca-upload-bundle and euca-register through X509 Cert management
- Rewrite the keystone export to work properly
Hypervisor-specific
- KVM and Xen Disk Management Parity
- Unify a common path for VNC Consoles for XenServer or KVM
- XenAPI support for Security Groups
- Support KVM booting from ISO images
- Support for XenServer 5.6 and high availablilty networking added to DevStack
- Report capabilities to ZoneManager for KVM to match capability of XenServer
- Libvirt File Injection
- Libvirt/KVM resize
- Remove Hyper-V support
- Security group driver code for XenAPI for firewalls
- Fast image cloning support for Xenserver
API
- Separate Nova Admin API
- Console log now available through Compute API
- Return request ids in responses to enable better troubleshooting
- Refactor extensions to eliminate ExtensionMiddleware and LazySerializationMiddleware to call extensions directly
- Validate EC2 API parameters upon execution
- Improve VM state management to constrain state transitions
- Volume snapshot and backup API extension
- Separate nova metadata service
- Remove non-standard ec2 extensions for roles, user, project, vpn in an "admin" EC2 API
Network
- Changes to network representations in nova database (Untie the Nova network models)
- Move cloudpipe calls to a Compute API extension
- Support multiple floating IP ranges
- Manage DNS entries for instances, for floating IPs, for different DNS servers
- Add floating IP support to QuantumManager
- Compute Network info copy for performance improvement
- Bandwidth rate multipliers and base limits
- Add support for NAT to QuantumManager
Messaging
Live migration
Orchestration and troubleshooting enhancements (for lack of a better term)
- Ensure uuids internally to references instances
- Adds ability to get the last error using a nova-manage command
- Remove callbacks from virt drivers
- Network info model for nova
- Host aggregates, a mechanism to further partitioning an availability zone, i.e. into multiple groups of hosts that share common resources like storage and network.
- Improvements for Scaling Zones
- Add Image Cache Management to Compute Nodes
- Bare-metal provisioning with Tilera tiled-processor back-end
- Optional Host and Admin VM information
Console Access to VMs
OpenStack Image Registry and Delivery (Glance)
Authorization
API enhancements
Usability and performance improvements
- Add option to allow custom directory for data buffering
- Show progress bar for uploading an image
- Allow images to be uploaded to glance from an external location via the X-Image-Meta-Copy-From header
- Support Qpid for glance notifications over AMPQ
- Support sendfile(2) to remove userspace copying of image file data
OpenStack Dashboard (Horizon)
Release Overview
During the Essex release cycle, Horizon underwent a significant set of internal changes to allow extensibility and customization while also adding a significant number of new features and bringing much greater stability to every interaction with the underlying components.
Highlights
Extensibility
Making Horizon extensible for third-party developers was one of the core goals for the Essex release cycle. Massive strides have been made to allow for the addition of new "plug-in" components and customization of OpenStack Dashboard deployments.
To support this extensability, all the components used to build on Horizon's interface are now modular and reusable. Horizon's own dashboards use these components, and they have all been built with third-party developers in mind. Some of the main components are listed below.
Dashboards and Panels
Horizon's structure has been divided into logical groupings called dashboards and panels. Horizon's classes representing these concepts handle all the structural concerns associated with building a complete user interface (navigation, access control, url structure, etc.).
Data Tables
One of the most common activities in a dashboard user interface is simply displaying a list of resources or data and allowing the user to take actions on that data. To this end, Horizon abstracted the commonalities of this task into a reusable set of classes which allow developers to programmatically create displays and interactions for their data with minimal effort and zero boilerplate.
Tabs and TabGroups
Another extremely common user-interface element is the use of "tabs" to break down discrete groups of data into manageable chunks. Since these tabs often encompasse vastly different data, may have completely different access restrictions, and may sometimes be better-off being loaded dynamically rather than with the initial page load, Horizon includes tab and tab group classes for constructing these interfaces elegently and with no knowledge of the HTML, CSS or JavaScript involved.
Nova Features
Support for Nova's features has been greatly improved in Essex:
- Support for Nova volumes, including:
- Volumes creation and management.
- Volume snapshots.
- Realtime AJAX updating for volumes in transition states.
- Improved Nova instance display and interactions, including:
- Launching instances from volumes.
- Pausing/suspending instances.
- Displaying instance power states.
- Realtime AJAX updating for instances in transition states.
- Support for managing Floating IP address pools.
- New instance and volume detail views.
Settings
A new "Settings" area was added that offers several userful functions:
- EC2 credentials download.
- OpenStack RC file download.
- User language preference customization.
User Experience Improvements
- Support for batch actions on multiple resources (e.g. terminating multiple
instances at once).
- Modal interactions throughout the entire UI.
- AJAX form submission for in-place validation.
- Improved in-context help for forms (tooltips and validation messages).
Community
- Creation and publication of a set of Human Interface Guidelines (HIG).
- Copious amounts of documentation for developers.
Under The Hood
- Internationalization fully enabled, with all strings marked for translation.
- Client library changes:
- Full migration to python-novaclient from the deprecated openstackx library.
- Migration to python-keystoneclient from the deprecated keystone portion
of the python-novaclient library.
- Client-side templating capabilities for more easily creating dynamic
interactions.
- Frontend overhaul to use the Bootstrap CSS/JS framework.
- Centralized error handling for vastly improved stability/reliability
across APIs/clients.
- Completely revamped test suite with comprehensive test data.
- Forward-compatibility with Django 1.4 and the option of cookie-based sessions.
Known Issues and Limitations
Quantum
Quantum support has been removed from Horizon for the Essex release. It will be restored in Folsom in conjunction with Quantum's first release as a core OpenStack project.
Keystone
Due to the mechanisms by which Keystone determines "admin"-ness for a user, an admin user interacting with the "Project" dashboard may see some inconsistent behavior such as all resources being listed instead of only those belonging to that project, or only being able to return to the "Admin" dashboard while accessing certain projects.
Exceptions during customization
Exceptions raised while overriding built-in Horizon behavior via the "customization_module" setting may trigger a bug in the error handling which will mask the original exception.
Backwards Compatibility
The Essex Horizon release is only partially backwards-compatible with Diablo OpenStack components. While it is largely possible to log in and interact, many functions in Nova, Glance and Keystone changed too substantially in Essex to maintain full compatibliity.
OpenStack Identity service (Keystone)
The implementation of the Identity service changed completely during the Essex release. Much of the design is precipitated from the expectation that the auth backends for most deployments will actually be shims in front of existing user systems. Documentation has been updated to support this change and migration paths are documented at http://keystone.openstack.org.
Key Highlights of the Keystone Transition
- The external API - both "admin" and "user" facing has remained stable and identical to the Diablo release. In changing the underlying implementation, we were very careful to keep external components stable to allow us to progress quickly in the future.
- The middleware components used by the other OpenStack projects were substantially rewritten to simply that code as well.
- The implementation of authorization by services was changed from a single shared secret (previously called the "admin token") to a per-service account and password credential pair.
- this implies configuration changes into nova, glance, swift, etc. specifically around the api-paste.ini files, where new values are now defined for those credentials, and they are now implementable per-service.
- The Keystone service, and the middleware implementations now do considerably more logging for system administrators and openstack deployers to be able to debug authentication and authorization issues.
- Keystone now supports S3 token validation and additional Swift storage features:
- Swift ACL is now supported, you can allow/deny different users within a tenant.
- Anoymous access via ACL to allow public access to container.
- Reseller accounts support to give ability to nova to access swift and have it to replace nova-objectstore.
Known Issues and Limitations for Keystone
- Using SSL certs for authorization instead of userid/credentials
- Any API to drive policy definitions around role based access controls
- Mapping identity to pre-existing LDAP backends
- User facing APIs to support (when available) identity updates (i.e. a user changing their password, or "logging out")
Known packaged distributions
OpenSUSE 12.1 / SLES11 SP2
- https://build.opensuse.org/project/show?project=isv:B1-Systems:OpenStack:release:Essex
- https://build.opensuse.org/project/show?project=isv:B1-Systems:OpenStack:release:Essex:requirements
You can find all details about the repositories for OpenSUSE 12.1 and SLES11 SP2 on our packaging site in the wiki: Packaging/SUSE
Fedora 17 / Fedora 16 / EPEL 6
- Fedora 17 (May 2012) will ship with OpenStack Essex
- The Extra Packages for Enterprise Linux repository supporting RHEL >= 6.2 and derivatives will update from Diablo to Essex
- You can get Fedora/EPEL OpenStack package details at https://apps.fedoraproject.org/packages/s/openstack
- Install/Setup notes for Essex are at http://fedoraproject.org/wiki/Getting_started_with_OpenStack_on_Fedora_17
- An unofficial Essex repository for Fedora 16 is available at http://repos.fedorapeople.org/repos/apevec/openstack-preview/fedora-16/noarch/
Ubuntu 12.04 Precise Pangolin LTS
All core Openstack Essex components are officially supported and available in the Main Precise Ubuntu archive:
~-Note: Horizon and Keystone are currently located in Universe as they undergo a security review before promotion to Main for the 12.04 Precise release (April 26th 2012)-~
Incubated projects Quantum and Melange are available for Precise in Universe
Essex can be deployed on Ubuntu Server using MAAS and Juju.
Martin Loschwitz has written a wonderful step-by-step guide for manually installing Essex on Ubuntu 12.04:
http://www.hastexo.com/resources/docs/installing-openstack-essex-4-ubuntu-1204-precise-pangolin
Debian GNU/Linux wheezy
All core Openstack Essex components are officially supported and available in the Main wheezy archive:
Essex can be deployed with a HOWTO and puppet modules.