Jump to: navigation, search

ReleaseNotes/Essex

Revision as of 21:02, 4 April 2012 by Dachary (talk) (Add Debian GNU/Linux to the list of distributions)

Release Notes, Essex

<<TableOfContents()>>

New Features

OpenStack Object Storage (Swift)

Release Overview

Swift has release version 1.4.4 through 1.4.8 during the Essex release cycle. The complete changelog is on GitHub .

Several important new features have been added to swift. Swift now supports expiring objects, HTML form POSTs with teporary signed URLs, and the Openstack auth 2.0 API in the swift CLI. Other new features include new config options, optional functionality in middleware, and more ops tools.

Expiring objects allow a swift user to set an expiry time or a TTL on an object, after which the object is no longer accessible and will be deleted from the system. This feature enables new use cases for swift. For example, this feature could be used by a document managements system with data retention requirements.

The new formpost and tempurl middleware modules allow a swift user to create a URL with write access and then use that URL as the target of an HTML form POST. This feature is aimed at a control panel use case. Since swift uses an auth method based on information in request headers, browsers typically can't access swift directly. With these two new middleware modules, someone building a swift control panel can have the browser directly upload content into the swift cluster. Since the requests are going directly to swift and don't have to be proxied through the control panel web servers for auth, the control panel deployer only has to scale infrastructure based on the control panel usage, not swift usage.

In addition to new features, many bugs have been squashed as well. Swift developers have found and fixed memory leaks, improved data corruption detection, improved replication, and improved the way rings are built.

Upgrade Notes

The process is generally as follows:

  • Shutdown background jobs, such as; updater, replicator, auditor, crond ... etc. (You can do that with swift-init rest stop and /etc/init.d/crond stop)
  • Upgrade Swift packages.
  • Upgrade other packages as needed.
  • Reload the servers (swift-init main reload)
  • Restart the background jobs (swift-init rest start and /etc/init.d/crond start)

OpenStack Compute (Nova)

Volumes

Security

Authorization and Authentication

Hypervisor-specific

API

Network

Messaging

Live migration

Orchestration and troubleshooting enhancements (for lack of a better term)

Console Access to VMs

OpenStack Image Registry and Delivery (Glance)

Authorization

API enhancements

Usability and performance improvements

OpenStack Dashboard (Horizon)

The Dashboard interface has improved in many ways this release.

OpenStack Identity service (Keystone)

The implementation of the Identity service changed completely during the Essex release. Much of the design is precipitated from the expectation that the auth backends for most deployments will actually be shims in front of existing user systems. Documentation has been updated to support this change and migration paths are documented at http://keystone.openstack.org.

Key Highlights of the Keystone Transition

  • The external API - both "admin" and "user" facing has remained stable and identical to the Diablo release. In changing the underlying implementation, we were very careful to keep external components stable to allow us to progress quickly in the future.
  • The middleware components used by the other OpenStack projects were substantially rewritten to simply that code as well.
  • The implementation of authorization by services was changed from a single shared secret (previously called the "admin token") to a per-service account and password credential pair.
    • this implies configuration changes into nova, glance, swift, etc. specifically around the api-paste.ini files, where new values are now defined for those credentials, and they are now implementable per-service.
  • The Keystone service, and the middleware implementations now do considerably more logging for system administrators and openstack deployers to be able to debug authentication and authorization issues.
  • Keystone now supports S3 token validation and additional Swift storage features:
    • Swift ACL is now supported, you can allow/deny different users within a tenant.
    • Anoymous access via ACL to allow public access to container.
    • Reseller accounts support to give ability to nova to access swift and have it to replace nova-objectstore.

Known Issues and Limitations for Keystone

  • Using SSL certs for authorization instead of userid/credentials
  • Any API to drive policy definitions around role based access controls
  • Mapping identity to pre-existing LDAP backends
  • User facing APIs to support (when available) identity updates (i.e. a user changing their password, or "logging out")

Known packaged distributions

OpenSUSE 12.1 / SLES11 SP2

You can find all details about the repositories for OpenSUSE 12.1 and SLES11 SP2 on our packaging site in the wiki: Packaging/SUSE

Fedora 17 / Fedora 16 / EPEL 6

Ubuntu 12.04 Precise Pangolin LTS

All core Openstack Essex components are officially supported and available in the Main Precise Ubuntu archive:

~-Note: Horizon and Keystone are currently located in Universe as they undergo a security review before promotion to Main for the 12.04 Precise release (April 26th 2012)-~

Incubated projects Quantum and Melange are available for Precise in Universe

Essex can be deployed on Ubuntu Server using MAAS and Juju.

Martin Loschwitz has written a wonderful step-by-step guide for manually installing Essex on Ubuntu 12.04:

http://www.hastexo.com/resources/docs/installing-openstack-essex-4-ubuntu-1204-precise-pangolin

Debian GNU/Linux wheezy

All core Openstack Essex components are officially supported and available in the Main wheezy archive:

Essex can be deployed with a HOWTO and puppet modules.