Jump to: navigation, search

ReleaseNotes/Essex

Revision as of 02:35, 5 April 2012 by Esker (talk) (addition of NetApp Nova Volume driver)

Release Notes, Essex

<<TableOfContents()>>

New Features

OpenStack Object Storage (Swift)

Release Overview

Swift has release version 1.4.4 through 1.4.8 during the Essex release cycle. The complete changelog is on GitHub .

Several important new features have been added to swift. Swift now supports expiring objects, HTML form POSTs with teporary signed URLs, and the Openstack auth 2.0 API in the swift CLI. Other new features include new config options, optional functionality in middleware, and more ops tools.

Expiring objects allow a swift user to set an expiry time or a TTL on an object, after which the object is no longer accessible and will be deleted from the system. This feature enables new use cases for swift. For example, this feature could be used by a document managements system with data retention requirements.

The new formpost and tempurl middleware modules allow a swift user to create a URL with write access and then use that URL as the target of an HTML form POST. This feature is aimed at a control panel use case. Since swift uses an auth method based on information in request headers, browsers typically can't access swift directly. With these two new middleware modules, someone building a swift control panel can have the browser directly upload content into the swift cluster. Since the requests are going directly to swift and don't have to be proxied through the control panel web servers for auth, the control panel deployer only has to scale infrastructure based on the control panel usage, not swift usage.

In addition to new features, many bugs have been squashed as well. Swift developers have found and fixed memory leaks, improved data corruption detection, improved replication, and improved the way rings are built.

Upgrade Notes

The process is generally as follows:

  • Shutdown background jobs, such as; updater, replicator, auditor, crond ... etc. (You can do that with swift-init rest stop and /etc/init.d/crond stop)
  • Upgrade Swift packages.
  • Upgrade other packages as needed.
  • Reload the servers (swift-init main reload)
  • Restart the background jobs (swift-init rest start and /etc/init.d/crond start)

OpenStack Compute (Nova)

Volumes

Security

Authorization and Authentication

Hypervisor-specific

API

Network

Messaging

Live migration

Orchestration and troubleshooting enhancements (for lack of a better term)

Console Access to VMs

OpenStack Image Registry and Delivery (Glance)

Authorization

API enhancements

Usability and performance improvements

OpenStack Dashboard (Horizon)

Release Overview

During the Essex release cycle, Horizon underwent a significant set of internal changes to allow extensibility and customization while also adding a significant number of new features and bringing much greater stability to every interaction with the underlying components.

Highlights

Extensibility

Making Horizon extensible for third-party developers was one of the core goals for the Essex release cycle. Massive strides have been made to allow for the addition of new "plug-in" components and customization of OpenStack Dashboard deployments.

To support this extensability, all the components used to build on Horizon's interface are now modular and reusable. Horizon's own dashboards use these components, and they have all been built with third-party developers in mind. Some of the main components are listed below.

Dashboards and Panels

Horizon's structure has been divided into logical groupings called dashboards and panels. Horizon's classes representing these concepts handle all the structural concerns associated with building a complete user interface (navigation, access control, url structure, etc.).

Data Tables

One of the most common activities in a dashboard user interface is simply displaying a list of resources or data and allowing the user to take actions on that data. To this end, Horizon abstracted the commonalities of this task into a reusable set of classes which allow developers to programmatically create displays and interactions for their data with minimal effort and zero boilerplate.

Tabs and TabGroups

Another extremely common user-interface element is the use of "tabs" to break down discrete groups of data into manageable chunks. Since these tabs often encompasse vastly different data, may have completely different access restrictions, and may sometimes be better-off being loaded dynamically rather than with the initial page load, Horizon includes tab and tab group classes for constructing these interfaces elegently and with no knowledge of the HTML, CSS or JavaScript involved.

Nova Features

Support for Nova's features has been greatly improved in Essex:

  • Support for Nova volumes, including:
    • Volumes creation and management.
    • Volume snapshots.
    • Realtime AJAX updating for volumes in transition states.
  • Improved Nova instance display and interactions, including:
    • Launching instances from volumes.
    • Pausing/suspending instances.
    • Displaying instance power states.
    • Realtime AJAX updating for instances in transition states.
  • Support for managing Floating IP address pools.
  • New instance and volume detail views.

Settings

A new "Settings" area was added that offers several userful functions:

  • EC2 credentials download.
  • OpenStack RC file download.
  • User language preference customization.

User Experience Improvements

  • Support for batch actions on multiple resources (e.g. terminating multiple
 instances at once).
  • Modal interactions throughout the entire UI.
  • AJAX form submission for in-place validation.
  • Improved in-context help for forms (tooltips and validation messages).

Community

  • Creation and publication of a set of Human Interface Guidelines (HIG).
  • Copious amounts of documentation for developers.

Under The Hood

  • Internationalization fully enabled, with all strings marked for translation.
  • Client library changes:
    • Full migration to python-novaclient from the deprecated openstackx library.
    • Migration to python-keystoneclient from the deprecated keystone portion
     of the python-novaclient library.
  • Client-side templating capabilities for more easily creating dynamic
 interactions.
  • Frontend overhaul to use the Bootstrap CSS/JS framework.
  • Centralized error handling for vastly improved stability/reliability
 across APIs/clients.
  • Completely revamped test suite with comprehensive test data.
  • Forward-compatibility with Django 1.4 and the option of cookie-based sessions.

Known Issues and Limitations

Quantum

Quantum support has been removed from Horizon for the Essex release. It will be restored in Folsom in conjunction with Quantum's first release as a core OpenStack project.

Keystone

Due to the mechanisms by which Keystone determines "admin"-ness for a user, an admin user interacting with the "Project" dashboard may see some inconsistent behavior such as all resources being listed instead of only those belonging to that project, or only being able to return to the "Admin" dashboard while accessing certain projects.

Exceptions during customization

Exceptions raised while overriding built-in Horizon behavior via the "customization_module" setting may trigger a bug in the error handling which will mask the original exception.

Backwards Compatibility

The Essex Horizon release is only partially backwards-compatible with Diablo OpenStack components. While it is largely possible to log in and interact, many functions in Nova, Glance and Keystone changed too substantially in Essex to maintain full compatibliity.

OpenStack Identity service (Keystone)

The implementation of the Identity service changed completely during the Essex release. Much of the design is precipitated from the expectation that the auth backends for most deployments will actually be shims in front of existing user systems. Documentation has been updated to support this change and migration paths are documented at http://keystone.openstack.org.

Key Highlights of the Keystone Transition

  • The external API - both "admin" and "user" facing has remained stable and identical to the Diablo release. In changing the underlying implementation, we were very careful to keep external components stable to allow us to progress quickly in the future.
  • The middleware components used by the other OpenStack projects were substantially rewritten to simply that code as well.
  • The implementation of authorization by services was changed from a single shared secret (previously called the "admin token") to a per-service account and password credential pair.
    • this implies configuration changes into nova, glance, swift, etc. specifically around the api-paste.ini files, where new values are now defined for those credentials, and they are now implementable per-service.
  • The Keystone service, and the middleware implementations now do considerably more logging for system administrators and openstack deployers to be able to debug authentication and authorization issues.
  • Keystone now supports S3 token validation and additional Swift storage features:
    • Swift ACL is now supported, you can allow/deny different users within a tenant.
    • Anoymous access via ACL to allow public access to container.
    • Reseller accounts support to give ability to nova to access swift and have it to replace nova-objectstore.

Known Issues and Limitations for Keystone

  • Using SSL certs for authorization instead of userid/credentials
  • Any API to drive policy definitions around role based access controls
  • Mapping identity to pre-existing LDAP backends
  • User facing APIs to support (when available) identity updates (i.e. a user changing their password, or "logging out")

Known packaged distributions

OpenSUSE 12.1 / SLES11 SP2

You can find all details about the repositories for OpenSUSE 12.1 and SLES11 SP2 on our packaging site in the wiki: Packaging/SUSE

Fedora 17 / Fedora 16 / EPEL 6

Ubuntu 12.04 Precise Pangolin LTS

All core Openstack Essex components are officially supported and available in the Main Precise Ubuntu archive:

~-Note: Horizon and Keystone are currently located in Universe as they undergo a security review before promotion to Main for the 12.04 Precise release (April 26th 2012)-~

Incubated projects Quantum and Melange are available for Precise in Universe

Essex can be deployed on Ubuntu Server using MAAS and Juju.

Martin Loschwitz has written a wonderful step-by-step guide for manually installing Essex on Ubuntu 12.04:

http://www.hastexo.com/resources/docs/installing-openstack-essex-4-ubuntu-1204-precise-pangolin

Debian GNU/Linux wheezy

All core Openstack Essex components are officially supported and available in the Main wheezy archive:

Essex can be deployed with a HOWTO and puppet modules.

Retrieved from "https://wiki.openstack.org/w/index.php?title=ReleaseNotes/Essex&oldid=3898"