Jump to: navigation, search

ReleaseNotes/Icehouse

Revision as of 14:48, 1 April 2014 by Russellb (talk | contribs) (Upgrade Notes)

OpenStack 2014.1 (Icehouse) Release Notes

General Upgrade Notes

tbd

OpenStack Object Storage (Swift)

Key New Features

Known Issues

None

Upgrade Notes

OpenStack Compute (Nova)

Key New Features

Compute Drivers

Libvirt (KVM)
  • The Libvirt compute driver now supports providing modified kernel arguments to booting compute instances. The kernel arguments are retrieved from the "os_command_line" key in the image metadata as stored in Glance, if a value for the key was provided. Otherwise the default kernel arguments are used.
  • The Libvirt driver now supports using VirtIO SCSI (virtio-scsi) instead of VirtIO Block (virtio-blk) to provide block device access for instances. Virtio SCSI is a para-virtualized SCSI controller device designed as a future successor to VirtIO Block and aiming to provide improved scalability and performance.
  • The Libvirt Compute driver now supports adding a Virtio RNG device to compute instances to provide increased entropy. Virtio RNG is a paravirtual random number generation device. It allows the compute node to provide entropy to the compute instances in order to fill their entropy pool. The default entropy device used is /dev/random, however use of a physical hardware RNG device attached to the host is also possible. The use of the Virtio RNG device is enabled using the hw_rng property in the metadata of the image used to build the instance.
  • The Libvirt driver now allows the configuration of instances to use video driver other than the default (cirros). This allows the specification of different video driver models, different amounts of video RAM, and different numbers of heads. These values are configured by setting the "hw_video_model", "hw_video_vram", and "hw_video_head" properties in the image metadata. Currently supported video driver models are "vga", "cirrus", "vmvga", "xen" and "qxl".
  • Watchdog support has been added to the Libvirt driver. The watchdog device used is "i6300esb". It is enabled by setting the "hw_watchdog_action" property in the image properties or flavor extra specifications ("extra_specs") to a value other than "disabled". Supported "hw_watchdog_action" property values, which denote the action for the watchdog device to take in the event of an instance failure, are "poweroff", "reset", "pause", and "none".
  • The High Precision Event Timer (HPET) is now disabled for instances created using the Libvirt driver. The use of this option was found to lead to clock drift in Windows guests when under heavy load.
VMware
  • The VMware Compute drivers now support the virtual machine diagnostics call. Diagnostics can be retrieved using the "nova diagnostics INSTANCE" command, where INSTANCE is replaced by an instance name or instance identifier.
  • The VMware Compute drivers now booting an instance from an ISO image.
  • The VMware Compute drivers now support the aging of cached images.
XenServer

TODO...

API

  • In OpenStack Compute, the OS-DCF:diskConfig API attribute is no longer supported in V3 of the nova API.
  • The Compute API currently supports both XML and JSON formats. Support for the XML format is now deprecated and will be retired in a future release.
  • The Compute API now exposes a mechanism for permanently removing decommissioned compute nodes. Previously these would continue to be listed even where the compute service had had been disabled and the system re-provisioned. This functionality is provided by the "ExtendedServicesDelete" API extension.
  • Separated the V3 API admin_actions plugin into logically separate plugins so operators can enable subsets of the functionality currently present in the plugin.
  • The Compute service now uses the tenant identifier instead of the tenant name when authenticating with OpenStack Networking (Neutron). This improves support for the OpenStack Identity API v3 which allows non-unique tenant names.
  • The Compute API now exposes the hypervisor IP address, allowing it to be retrieved by administrators using the "nova hypervisor-show" command.

Scheduler

  • The scheduler now includes an initial implementation of a caching scheduler driver. The caching scheduler uses the existing facilities for applying scheduler filters and weights but caches the list of available hosts. When a user request is passed to the caching scheduler it attempts to perform scheduling based on the list of cached hosts, with a view to improving scheduler performance.
  • A new scheduler filter, "AggregateImagePropertiesIsolation", has been introduced. The new filter schedules instances to hosts based on matching namespaced image properties with host aggregate properties. Hosts that do not belong to any host aggregate remain valid scheduling targets for instances based on all images. The new Compute service configuration keys "aggregate_image_properties_isolation_namespace" and "aggregate_image_properties_isolation_separator" are used to determine which image properties are examined by the filter.
  • Weight normalization in OpenStack Compute: See:
    • https://review.openstack.org/#/c/27160/ Weights are normalized, so there is no need to inflate multipliers artificially. The maximum weight that a weigher will put for a node is 1.0 and the minimum is 0.0.
    • nova.cells.weights.weight_offset.WeightOffsetWeigher introduces a new configuration option 'offset_weight_multiplier'
    • https://review.openstack.org/#/c/36417/ Introduce stacking flags for weighers. Negative multipliers should not be using for stacking, but the weighers are still compatible (the issue a deprecation warning message).

Other Features

  • Notifications are now generated upon the creation and deletion of keypairs.
  • Notifications are now generated when an Compute host is enabled, disabled, powered on, shut down, rebooted, put into maintenance mode and taken out of maintenance mode.
  • Compute services are now able to shutdown gracefully by disabling processing of new requests when a service shutdown is requested but allowing requests already in process to complete before terminating.
  • The Compute service determines what action to take when instances are found to be running that were previously marked deleted based on the value of the running_deleted_instance_action configuration key. A new shutdown value has been added. Using this new value allows administrators to optionally keep instances found in this state for diagnostics while still releasing the runtime resources.
  • File injection is now disabled by default in OpenStack Compute. Instead it is recommended that the ConfigDrive and metadata server facilities are used to modify guests at launch. To enable file injection modify the inject_key and inject_partition configuration keys in /etc/nova/nova.conf and restart the Compute services. The file injection mechanism is likely to be disabled in a future release.
  • A number of changes have been made to the expected format /etc/nova/nova.conf configuration file with a view to ensuring that all configuration groups in the file use descriptive names. A number of driver specific flags, including those for the Libvirt driver, have also been moved to their own option groups.

Known Issues

  • OpenStack Compute has some features that use newer API versions from other projects, but the following are the only API versions tested in Icehouse:
    • Keystone v2
    • Cinder v1
    • Glance v1

Upgrade Notes

  • https://review.openstack.org/50668 - The compute_api_class configuration option has been removed.
  • https://review.openstack.org/#/c/54290/ - The following deprecated configuration option aliases have been removed in favor of their new names:
    • service_quantum_metadata_proxy
    • quantum_metadata_proxy_shared_secret
    • use_quantum_default_nets
    • quantum_default_tenant_id
    • vpn_instance_type
    • default_instance_type
    • quantum_url
    • quantum_url_timeout
    • quantum_admin_username
    • quantum_admin_password
    • quantum_admin_tenant_name
    • quantum_region_name
    • quantum_admin_auth_url
    • quantum_api_insecure
    • quantum_auth_strategy
    • quantum_ovs_bridge
    • quantum_extension_sync_interval
    • vmwareapi_host_ip
    • vmwareapi_host_username
    • vmwareapi_host_password
    • vmwareapi_cluster_name
    • vmwareapi_task_poll_interval
    • vmwareapi_api_retry_count
    • vnc_port
    • vnc_port_total
    • use_linked_clone
    • vmwareapi_vlan_interface
    • vmwareapi_wsdl_loc
  • The PowerVM driver has been removed: https://review.openstack.org/#/c/57774/
  • The keystone_authtoken defaults changed in nova.conf: https://review.openstack.org/#/c/62815/
  • libvirt lvm names changed from using instance_name_template to instance uuid (https://review.openstack.org/#/c/76968). Possible manual cleanup required if using a non default instance_name_template.
  • rbd disk names changed from using instance_name_template to instance uuid. Manual cleanup required of old virtual disks after the transition. (TBD find review)
  • Icehouse brings libguestfs as a requirement. Installing icehouse dependencies on a system currently running havana may cause the havana node to begin using libguestfs and break unexpectedly. It is recommended that libvirt_inject_partition=-2 be set on havana nodes prior to starting an upgrade of packages on the system if the nova packages will be updated last.
  • Creating a private flavor now adds access to the tenant automatically. This was the documented behavior in Havana, but the actual mplementation in Havana and previous versions of Nova did not add the tenant automatically to private flavors.
  • Nova previously included a nova.conf.sample. This file was automatically generated and is no longer included directly. If you are packaging Nova and wish to include the sample config file, see etc/nova/README.nova.conf for instructions on how to generate the file at build time.
  • The following configuration options are marked as deprecated in this release. See nova.conf.sample for their replacements. [GROUP]/option<\tt>
    • <tt>[DEFAULT]/rabbit_durable_queues<\tt>
    • <tt>[rpc_notifier2]/topics<\tt>
    • <tt>[DEFAULT]/log_config<\tt>
    • <tt>[DEFAULT]/logfile<\tt>
    • <tt>[DEFAULT]/logdir<\tt>
    • <tt>[DEFAULT]/base_dir_name<\tt>
    • <tt>[DEFAULT]/instance_type_extra_specs<\tt>
    • <tt>[DEFAULT]/db_backend<\tt>
    • <tt>[DEFAULT]/sql_connection<\tt>
    • <tt>[DATABASE]/sql_connection<\tt>
    • <tt>[sql]/connection<\tt>
    • <tt>[DEFAULT]/sql_idle_timeout<\tt>
    • <tt>[DATABASE]/sql_idle_timeout<\tt>
    • <tt>[sql]/idle_timeout<\tt>
    • <tt>[DEFAULT]/sql_min_pool_size<\tt>
    • <tt>[DATABASE]/sql_min_pool_size<\tt>
    • <tt>[DEFAULT]/sql_max_pool_size<\tt>
    • <tt>[DATABASE]/sql_max_pool_size<\tt>
    • <tt>[DEFAULT]/sql_max_retries<\tt>
    • <tt>[DATABASE]/sql_max_retries<\tt>
    • <tt>[DEFAULT]/sql_retry_interval<\tt>
    • <tt>[DATABASE]/reconnect_interval<\tt>
    • <tt>[DEFAULT]/sql_max_overflow<\tt>
    • <tt>[DATABASE]/sqlalchemy_max_overflow<\tt>
    • <tt>[DEFAULT]/sql_connection_debug<\tt>
    • <tt>[DEFAULT]/sql_connection_trace<\tt>
    • <tt>[DATABASE]/sqlalchemy_pool_timeout<\tt>
    • <tt>[DEFAULT]/memcache_servers<\tt>
    • <tt>[DEFAULT]/libvirt_type<\tt>
    • <tt>[DEFAULT]/libvirt_uri<\tt>
    • <tt>[DEFAULT]/libvirt_inject_password<\tt>
    • <tt>[DEFAULT]/libvirt_inject_key<\tt>
    • <tt>[DEFAULT]/libvirt_inject_partition<\tt>
    • <tt>[DEFAULT]/libvirt_vif_driver<\tt>
    • <tt>[DEFAULT]/libvirt_volume_drivers<\tt>
    • <tt>[DEFAULT]/libvirt_disk_prefix<\tt>
    • <tt>[DEFAULT]/libvirt_wait_soft_reboot_seconds<\tt>
    • <tt>[DEFAULT]/libvirt_cpu_mode<\tt>
    • <tt>[DEFAULT]/libvirt_cpu_model<\tt>
    • <tt>[DEFAULT]/libvirt_snapshots_directory<\tt>
    • <tt>[DEFAULT]/libvirt_images_type<\tt>
    • <tt>[DEFAULT]/libvirt_images_volume_group<\tt>
    • <tt>[DEFAULT]/libvirt_sparse_logical_volumes<\tt>
    • <tt>[DEFAULT]/libvirt_images_rbd_pool<\tt>
    • <tt>[DEFAULT]/libvirt_images_rbd_ceph_conf<\tt>
    • <tt>[DEFAULT]/libvirt_snapshot_compression<\tt>
    • <tt>[DEFAULT]/libvirt_use_virtio_for_bridges<\tt>
    • <tt>[DEFAULT]/libvirt_iscsi_use_multipath<\tt>
    • <tt>[DEFAULT]/libvirt_iser_use_multipath<\tt>
    • <tt>[DEFAULT]/matchmaker_ringfile<\tt>
    • <tt>[DEFAULT]/agent_timeout<\tt>
    • <tt>[DEFAULT]/agent_version_timeout<\tt>
    • <tt>[DEFAULT]/agent_resetnetwork_timeout<\tt>
    • <tt>[DEFAULT]/xenapi_agent_path<\tt>
    • <tt>[DEFAULT]/xenapi_disable_agent<\tt>
    • <tt>[DEFAULT]/xenapi_use_agent_default<\tt>
    • <tt>[DEFAULT]/xenapi_login_timeout<\tt>
    • <tt>[DEFAULT]/xenapi_connection_concurrent<\tt>
    • <tt>[DEFAULT]/xenapi_connection_url<\tt>
    • <tt>[DEFAULT]/xenapi_connection_username<\tt>
    • <tt>[DEFAULT]/xenapi_connection_password<\tt>
    • <tt>[DEFAULT]/xenapi_vhd_coalesce_poll_interval<\tt>
    • <tt>[DEFAULT]/xenapi_check_host<\tt>
    • <tt>[DEFAULT]/xenapi_vhd_coalesce_max_attempts<\tt>
    • <tt>[DEFAULT]/xenapi_sr_base_path<\tt>
    • <tt>[DEFAULT]/target_host<\tt>
    • <tt>[DEFAULT]/target_port<\tt>
    • <tt>[DEFAULT]/iqn_prefix<\tt>
    • <tt>[DEFAULT]/xenapi_remap_vbd_dev<\tt>
    • <tt>[DEFAULT]/xenapi_remap_vbd_dev_prefix<\tt>
    • <tt>[DEFAULT]/xenapi_torrent_base_url<\tt>
    • <tt>[DEFAULT]/xenapi_torrent_seed_chance<\tt>
    • <tt>[DEFAULT]/xenapi_torrent_seed_duration<\tt>
    • <tt>[DEFAULT]/xenapi_torrent_max_last_accessed<\tt>
    • <tt>[DEFAULT]/xenapi_torrent_listen_port_start<\tt>
    • <tt>[DEFAULT]/xenapi_torrent_listen_port_end<\tt>
    • <tt>[DEFAULT]/xenapi_torrent_download_stall_cutoff<\tt>
    • <tt>[DEFAULT]/xenapi_torrent_max_seeder_processes_per_host<\tt>
    • <tt>[DEFAULT]/use_join_force<\tt>
    • <tt>[DEFAULT]/xenapi_ovs_integration_bridge<\tt>
    • <tt>[DEFAULT]/cache_images<\tt>
    • <tt>[DEFAULT]/xenapi_image_compression_level<\tt>
    • <tt>[DEFAULT]/default_os_type<\tt>
    • <tt>[DEFAULT]/block_device_creation_timeout<\tt>
    • <tt>[DEFAULT]/max_kernel_ramdisk_size<\tt>
    • <tt>[DEFAULT]/sr_matching_filter<\tt>
    • <tt>[DEFAULT]/xenapi_sparse_copy<\tt>
    • <tt>[DEFAULT]/xenapi_num_vbd_unplug_retries<\tt>
    • <tt>[DEFAULT]/xenapi_torrent_images<\tt>
    • <tt>[DEFAULT]/xenapi_ipxe_network_name<\tt>
    • <tt>[DEFAULT]/xenapi_ipxe_boot_menu_url<\tt>
    • <tt>[DEFAULT]/xenapi_ipxe_mkisofs_cmd<\tt>
    • <tt>[DEFAULT]/xenapi_running_timeout<\tt>
    • <tt>[DEFAULT]/xenapi_vif_driver<\tt>
    • <tt>[DEFAULT]/xenapi_image_upload_handler<\tt>

OpenStack Image Service (Glance)

Key New Features

Known Issues

Upgrade Notes

OpenStack Dashboard (Horizon)

Key New Features

Known Issues

Upgrade Notes

OpenStack Identity (Keystone)

Key New Features

  • New API features
    • /v3/OS-FEDERATION/ allows Keystone to consume federated authentication via Shibboleth for multiple Identity Providers, and mapping federated attributes into OpenStack group-based role assignments (see documentation).
    • POST /v3/users/{user_id}/password allows API users to update their own passwords (see documentation).
    • GET v3/auth/token?nocatalog allows API users to opt-out of receiving the service catalog when performing online token validation (see documentation).
    • /v3/regions provides a public interface for describing multi-region deployments (see documentation).
    • /v3/OS-SIMPLECERT/ now publishes the certificates used for PKI token validation (see documentation).
    • /v3/OS-TRUST/trusts is now capable of providing limited-use delegation via the remaining_uses attribute of trusts.
  • The assignments backend (the source of authorization data) has now been completely separated from the identity backend (the source of authentication data). This means that you can now back your deployment's identity data to LDAP, and your authorization data to SQL, for example.
  • KVS drivers are now capable of writing to persistent Key-Value stores such as Redis, Cassandra, or MongoDB.
  • Keystone's driver interfaces are now implemented as Abstract Base Classes (ABCs) to make it easier to track compatibility of custom driver implementations across releases.
  • Keystone's default etc/policy.json has been rewritten in an easier to read format.
  • Notifications are now emitted in response to create, update and delete events on roles, groups, and trusts.
  • Custom extensions and driver implementations may now subscribe to internal-only event notifications, including disable events (which are only exposed externally as part of update events).
  • Keystone now emits Cloud Audit Data Federation (CADF) event notifications in response to authentication events.
  • Additional plugins are provided to handle external authentication via REMOTE_USER with respect to single-domain versus multi-domain deployments.
  • policy.json can now perform enforcement on the target domain in a domain-aware operationusing, for example, %(target.{entity}.domain_id)s.
  • The LDAP driver for the assignment backend now supports group-based role assignment operations.
  • Keystone now publishes token revocation events in addition to providing continued support for token revocation lists. Token revocation events are designed to consume much less overhead (when compared to token revocation lists) and will enable Keystone eliminate token persistence during the Juno release.
  • Deployers can now define arbitrary limits on the size of collections in API responses (for example, GET /v3/users might be configured to return only 100 users, rather than 10,000). Clients will be informed when truncation has occurred.
  • Lazy translation has been enabled to translating responses according to the requested Accept-Language header.
  • Keystone now emits i18n-ready log messages.
  • Collection filtering is now performed in the driver layer, where possible, for improved performance.

Known Issues

  • Bug 1291157: If using the OS-FEDERATION extension, deleting an Identity Provider or Protocol does not result in previously-issued tokens being revoked. This will not be fixed in the stable/icehouse branch.

Upgrade Notes

  • The v2 API has been prepared for deprecation, but remains stable in the Icehouse release. It may be formally deprecated during the Juno release pending widespread support for the v3 API.
  • Backwards compatibility for keystone.middleware.auth_token has been removed. auth_token middleware module is no longer provided by Keystone itself, and must be imported from keystoneclient.middleware.auth_token instead.
  • The s3_token middleware module is no longer provided by Keystone itself, and must be imported from keystoneclient.middleware.s3_token instead. Backwards compatibility for keystone.middleware.s3_token will be removed in Juno.
  • The default token duration has been reduced from 24 hours to just 1 hour. This effectively reduces the number of tokens that must be persisted at any one time, and (for PKI deployments) reduces the overhead of the token revocation list.
  • keystone.contrib.access.core.AccessLogMiddleware has been deprecated in favor of either the eventlet debug access log or Apache httpd access log and may be removed in the K release.
  • keystone.contrib.stats.core.StatsMiddleware has been deprecated in favor of external tooling and may be removed in the K release.
  • keystone.middleware.XmlBodyMiddleware has been deprecated in favor of support for "application/json" only and may be removed in the K release.

OpenStack Network Service (Neutron)

Key New Features

Known Issues

None yet.

Upgrade Notes

OpenStack Block Storage (Cinder)

Key New Features

Known Issues

None yet

Upgrade Notes

OpenStack Metering (Ceilometer)

Key New Features

Known Issues

https://bugs.launchpad.net/ceilometer/+bug/1297528

Upgrade Notes

None yet

OpenStack Orchestration (Heat)

Key New Features

Known Issues

None yet

Upgrade Notes

None yet

OpenStack Database service (Trove)

Key New Features

Known Issues

None yet

Upgrade Notes

None yet

OpenStack Documentation

Key New Features

Known Issues

Upgrade Notes

None yet