Difference between revisions of "ReleaseNotes/Havana"
(→Key New Features) |
(→Key New Features) |
||
| Line 51: | Line 51: | ||
=== Key New Features === | === Key New Features === | ||
| − | * Authorization data (tenants/projects, roles, role assignments; e.g. SQL) can now be stored in a separate backend, as determined by the "assignments" driver, from authentication data (users, groups; e.g. LDAP), as determined by the "identity" driver | + | * Improved deployment flexibility |
| − | * Credentials (e.g. ec2 tokens) can now be stored in a separate backend, as determined by the "credentials" driver, from authentication data | + | ** Authorization data (tenants/projects, roles, role assignments; e.g. SQL) can now be stored in a separate backend, as determined by the "assignments" driver, from authentication data (users, groups; e.g. LDAP), as determined by the "identity" driver |
| − | * Ability to specify more granular RBAC policy rules ( | + | ** Credentials (e.g. ec2 tokens) can now be stored in a separate backend, as determined by the "credentials" driver, from authentication data |
| − | * | + | ** Ability to specify more granular RBAC policy rules (for example, based on attributes in the API request / response body) |
| − | * Ability to cache the results of driver calls in a | + | ** Pluggable handling of external authentication using REMOTE_USER |
| − | * keystone-manage token_flush command to help purge expired tokens | + | ** First-class support for deployment behind Apache httpd |
| − | * | + | |
| − | * | + | * New deployment features |
| − | * Unicode i18n support for API error messages based on HTTP Accept-Language headers | + | ** Ability to cache the results of driver calls in a key-value store (for example, memcached or redis) |
| − | * Aggregated role assignments API | + | ** keystone-manage token_flush command to help purge expired tokens |
| − | + | ||
| + | * New API features | ||
| + | ** Delegated role-based authorization to arbitrary consumers using OAuth 1.0a | ||
| + | ** API clients can now opt out of the service catalog being included in a token response | ||
| + | ** Unicode i18n support for API error messages based on HTTP Accept-Language headers | ||
| + | ** Domain role assignments can now be inherited by that domain's projects | ||
| + | ** Aggregated role assignments API | ||
| + | |||
* Event notifications emitted for user and project/tenant create, update, and delete operations | * Event notifications emitted for user and project/tenant create, update, and delete operations | ||
| − | |||
* General performance improvements | * General performance improvements | ||
| + | |||
* https://blueprints.launchpad.net/keystone/+spec/pluggable-token-format | * https://blueprints.launchpad.net/keystone/+spec/pluggable-token-format | ||
* https://blueprints.launchpad.net/keystone/+spec/authenticate-role-rationalization | * https://blueprints.launchpad.net/keystone/+spec/authenticate-role-rationalization | ||
Revision as of 05:10, 19 September 2013
Contents
- 1 OpenStack 2013.2 (Havana) Release Notes
OpenStack 2013.2 (Havana) Release Notes
General Upgrade Notes
OpenStack Object Storage (Swift)
Key New Features
Known Issues
None
Upgrade Notes
OpenStack Compute (Nova)
Key New Features
Known Issues
Upgrade Notes
- Note that periodic tasks will now run more often than before. The frequency of periodic task runs has always been configurable. However, the timer for when to run the task again was previously started after the last run of the task completed. The tasks now run at a constant frequency, regardless of how long a given run takes. This makes it much more clear for when tasks are supposed to run. However, the side effect is that tasks will now run a bit more often by default. (https://review.openstack.org/#/c/26448/)
- The security_groups_handler option has been removed from nova.conf. It was added for Quantum and is no longer needed. (https://review.openstack.org/#/c/28384/)
- This change should not affect upgrades, but it is a change in behavior for all new deployments. Previous versions created the default m1.tiny flavor with a disk size of 0. The default value is now 1. 0 means not to do any disk resizing and just use whatever disk size is set up in the image. 1 means to impose a 1 GB limit. The special value of 0 is still supported if you would like to create or modify flavors to use it. (https://review.openstack.org/#/c/27991/).
- https://review.openstack.org/#/c/33595
- https://review.openstack.org/#/c/33143
- https://review.openstack.org/#/c/35264/
- https://review.openstack.org/#/c/28750/
- https://review.openstack.org/#/c/27160
- https://review.openstack.org/#/c/35425/
- https://review.openstack.org/#/c/33996/
- https://review.openstack.org/#/c/43268/ - the vmware configuration variable 'nvc_password' is now deprecated. A user will no longer be required to enter as password to have VNC access. This now works like all other virt drivers.
OpenStack Image Service (Glance)
Key New Features
Known Issues
Upgrade Notes
OpenStack Dashboard (Horizon)
Key New Features
Known Issues
Upgrade Notes
OpenStack Identity (Keystone)
Key New Features
- Improved deployment flexibility
- Authorization data (tenants/projects, roles, role assignments; e.g. SQL) can now be stored in a separate backend, as determined by the "assignments" driver, from authentication data (users, groups; e.g. LDAP), as determined by the "identity" driver
- Credentials (e.g. ec2 tokens) can now be stored in a separate backend, as determined by the "credentials" driver, from authentication data
- Ability to specify more granular RBAC policy rules (for example, based on attributes in the API request / response body)
- Pluggable handling of external authentication using REMOTE_USER
- First-class support for deployment behind Apache httpd
- New deployment features
- Ability to cache the results of driver calls in a key-value store (for example, memcached or redis)
- keystone-manage token_flush command to help purge expired tokens
- New API features
- Delegated role-based authorization to arbitrary consumers using OAuth 1.0a
- API clients can now opt out of the service catalog being included in a token response
- Unicode i18n support for API error messages based on HTTP Accept-Language headers
- Domain role assignments can now be inherited by that domain's projects
- Aggregated role assignments API
- Event notifications emitted for user and project/tenant create, update, and delete operations
- General performance improvements
- https://blueprints.launchpad.net/keystone/+spec/pluggable-token-format
- https://blueprints.launchpad.net/keystone/+spec/authenticate-role-rationalization
- https://blueprints.launchpad.net/keystone/+spec/authentication-tied-to-token
- https://blueprints.launchpad.net/keystone/+spec/unified-logging-in-keystone
- https://blueprints.launchpad.net/keystone/+spec/db-sync-models-with-migrations
- https://blueprints.launchpad.net/keystone/+spec/endpoint-filtering
- https://blueprints.launchpad.net/keystone/+spec/multiple-sql-migrate-repos
Known Issues
Upgrade Notes
OpenStack Network Service (Neutron)
Key New Features
Known Issues
None yet.
Upgrade Notes
- Changes to neutron-dhcp-agent require you to first upgrade your dhcp-agents. Then wait untill the dhcp_lease time has expired. After waiting atleast dhcp_lease time, update neutron-server. Failure to do this may lead to cases where an instance is deleted and the dnsmasq process has not released the lease and neturon allocates that ip to a new port. (https://review.openstack.org/#/c/37580/)
OpenStack Block Storage (Cinder)
Key New Features
Known Issues
None yet
Upgrade Notes
None yet
