Jump to: navigation, search

Difference between revisions of "ReleaseNotes/Juno/zh-hans"

(Created page with "==== 增加基于角色控制(RBAC)的支持 ==== 为了让Horizon更好的支持基于角色的访问控制(RBAC),几个服务的页面增加了RBAC的检查,来控制用...")
(Updating to match new version of source page)
 
(46 intermediate revisions by one other user not shown)
Line 1: Line 1:
 
<languages />
 
<languages />
 +
 +
[[Category:Juno|Release Note]]
 +
[[Category:Release Note|Juno]]
  
 
= OpenStack 2014.2 (Juno) 更新日志 =
 
= OpenStack 2014.2 (Juno) 更新日志 =
Line 9: Line 12:
 
== 升级提示 ==
 
== 升级提示 ==
  
* simplejson安作为大多数项目的可选的依赖,因此并没有列在所有项目的requirements.txt文件中。然而,如果你想使用他,比如在RHEL 6上的python 2.6上获得更好的性能,你需要安装高于2.2.0版本的simplejson。详情请参考:https://bugs.launchpad.net/oslo-incubator/+bug/1361230
+
* simplejson安装包作为大多数项目的可选的依赖,并没有列在所有项目的requirements.txt文件中。然而,如果你想使用他,比如在RHEL 6上的python 2.6上获得更好的性能,你需要安装高于2.2.0版本的simplejson。详情请参考:https://bugs.launchpad.net/oslo-incubator/+bug/1361230
  
 
== OpenStack对象存储(Swift) ==
 
== OpenStack对象存储(Swift) ==
Line 51: Line 54:
 
* 在实例拯救中(rescue),允许用户使用一个特定的镜像,而并非原始镜像。[https://blueprints.launchpad.net/nova/+spec/allow-image-to-be-specified-during-rescue launchpad] [http://specs.openstack.org/openstack/nova-specs/specs/juno/allow-image-to-be-specified-during-rescue specification]
 
* 在实例拯救中(rescue),允许用户使用一个特定的镜像,而并非原始镜像。[https://blueprints.launchpad.net/nova/+spec/allow-image-to-be-specified-during-rescue launchpad] [http://specs.openstack.org/openstack/nova-specs/specs/juno/allow-image-to-be-specified-during-rescue specification]
 
* 允许镜像指定config drive[https://blueprints.launchpad.net/nova/+spec/config-drive-image-property launchpad] [http://specs.openstack.org/openstack/nova-specs/specs/juno/config-drive-image-property specification]
 
* 允许镜像指定config drive[https://blueprints.launchpad.net/nova/+spec/config-drive-image-property launchpad] [http://specs.openstack.org/openstack/nova-specs/specs/juno/config-drive-image-property specification]
* 用户和管理员可以通过Flavor控制虚拟机CPU的拓扑。[https://blueprints.launchpad.net/nova/+spec/virt-driver-vcpu-topology launchpad] [http://specs.openstack.org/openstack/nova-specs/specs/juno/virt-driver-vcpu-topology specification]
+
* 用户和管理员可以通过Flavor控制虚拟机CPU的拓扑(核数和vCPU个数配置)。[https://blueprints.launchpad.net/nova/+spec/virt-driver-vcpu-topology launchpad] [http://specs.openstack.org/openstack/nova-specs/specs/juno/virt-driver-vcpu-topology specification]
 
* 在实例拯救中(Rescue)挂载所有的本地盘。[https://blueprints.launchpad.net/nova/+spec/rescue-attach-all-disks launchpad] [http://specs.openstack.org/openstack/nova-specs/specs/juno/rescue-attach-all-disks specification]
 
* 在实例拯救中(Rescue)挂载所有的本地盘。[https://blueprints.launchpad.net/nova/+spec/rescue-attach-all-disks launchpad] [http://specs.openstack.org/openstack/nova-specs/specs/juno/rescue-attach-all-disks specification]
  
Line 119: Line 122:
 
* python-novaclient的日志输出的[https://review.openstack.org/#/c/98443/ 小变化]来提高可读性。keystone token的sha1哈希被输出,取代之前输出token自身 - 这样减少了输出内容,但是仍然可以判断token不匹配的场景。另外,额外的'\n'字符被删除掉。''再次检查任何log解析器!''
 
* python-novaclient的日志输出的[https://review.openstack.org/#/c/98443/ 小变化]来提高可读性。keystone token的sha1哈希被输出,取代之前输出token自身 - 这样减少了输出内容,但是仍然可以判断token不匹配的场景。另外,额外的'\n'字符被删除掉。''再次检查任何log解析器!''
 
* libvirt.volume_drivers配置现在已经被nova.conf废弃,将在Lxxxx版本中删除掉。通常来讲,这只会影响一小部分在此驱动的开发者。如果恰好这里包含你,一个建议的解决方案是继续在nova代码库中继续你的工作。
 
* libvirt.volume_drivers配置现在已经被nova.conf废弃,将在Lxxxx版本中删除掉。通常来讲,这只会影响一小部分在此驱动的开发者。如果恰好这里包含你,一个建议的解决方案是继续在nova代码库中继续你的工作。
 +
 +
* A list of all updated, deprecated or removed options in Nova can be found at: http://docs.openstack.org/trunk/config-reference/content/nova-conf-changes-master.html
 +
* The nova-manage flavor subcommand is deprecated in Juno and will be removed in the 2015.1 (K) release: https://review.openstack.org/#/c/86122/
 +
* https://review.openstack.org/#/c/102212/
 +
* Minimum required libvirt version is now 0.9.11: https://review.openstack.org/#/c/58494/
 +
* Nova is now supporting the [https://review.openstack.org/#/c/43986/ Cinder V2 API]. The Cinder V1 API is deprecated in Juno and Nova will switch over to Cinder V2 by default in the "L" release.
 +
* Debug log output in python-novaclient has [https://review.openstack.org/#/c/98443/ changed slightly] to improve readability. The sha1 hash of the keystone token is now printed instead of the token itself - greatly shortening the amount of content being printed while still retaining the ability to determine token mismatch scenarios. In addition, some extra '\n' characters that were being added are removed. ''Double-check any log parsers!''
 +
* libvirt.volume_drivers config param for nova.conf is deprecated, to be removed in the Lxxxx release. In general, this should affect only a small number of developers working on drivers. If this is you, the recommended approach is to continue your work inside a nova tree.
  
 
== Openstack镜像服务 (Glance) ==
 
== Openstack镜像服务 (Glance) ==
Line 127: Line 138:
 
* 镜像下载限制策略
 
* 镜像下载限制策略
 
* 增强Scubber服务,允许单一实例服务在不同节点拥有多个glance-api服务
 
* 增强Scubber服务,允许单一实例服务在不同节点拥有多个glance-api服务
 +
 +
=== Key New Features ===
 +
 +
* Asynchronous Processing
 +
* Pull of glance.store into its own library
 +
* [http://docs.openstack.org/developer/glance/metadefs-concepts.html Metadata Definitions Catalog]
 +
* Restricted policy for downloading images.
 +
* Enhanced Scrubber service allows single instance services multiple glance-api servers cross nodes.
  
 
=== 已知问题 ===
 
=== 已知问题 ===
Line 134: Line 153:
 
* 默认情况下,只有管理员才能上传一个公共的镜像。如果仍然允许普通用户上传,需要修改etc/policy.json中的publicize_image标记,去掉角色限制。
 
* 默认情况下,只有管理员才能上传一个公共的镜像。如果仍然允许普通用户上传,需要修改etc/policy.json中的publicize_image标记,去掉角色限制。
 
* 数据库表的UTF-8字符集编码现在是必须的而且是强制检查的,运维人员需要将表和存在的数据手动的转为UTF-8,如果发现glance-image在同步过程中出现错误。
 
* 数据库表的UTF-8字符集编码现在是必须的而且是强制检查的,运维人员需要将表和存在的数据手动的转为UTF-8,如果发现glance-image在同步过程中出现错误。
 +
 +
*  A list of all updated, deprecated or removed options in Glance can be found at: http://docs.openstack.org/trunk/config-reference/content/glance-conf-changes-master.html
 +
* The ability to upload a public image is now admin-only by default. To continue to use the previous behaviour, edit the publicize_image flag in etc/policy.json to remove the role restriction.
 +
* The requirement and check on UTF-8 charset for DB tables is enforced, operator need to migration tables and existing data to UTF-8 manually if glance-manage complains it during the sync.
 +
* glance workers will now be equal to the number of CPUs available by default if not explicitly specified in glance-api.conf and/or glance-registry.conf
 +
** There is no upgrade impact to glance-api workers since glance-api.conf previously hard-coded the workers value to 1 so anyone upgrading to tihs will still get whatever value was set in glance-api.conf prior to this change. There is an upgrade impact to the glance-registry workers since glance-registry.conf did not hard-code the workers value to 1 before this change. So anyone upgrading to this change that does not have workers specified in glance-registry.conf will now be running multiple workers by default when they restart the glance registry service.
  
 
== OpenStack面板(Horizon) ==
 
== OpenStack面板(Horizon) ==
Line 141: Line 166:
 
==== Sahara ====
 
==== Sahara ====
 
OpenStack数据处理项目(Sahara)被正式的集成到Juno更新中,并且Horizon包含了此服务的面板。你能指定并建立用户指定数据类型的集群来跟踪这些任务的进度。
 
OpenStack数据处理项目(Sahara)被正式的集成到Juno更新中,并且Horizon包含了此服务的面板。你能指定并建立用户指定数据类型的集群来跟踪这些任务的进度。
 +
 +
The OpenStack Data Processing project (Sahara) was formally included into the integrated release in Juno and Horizon includes broad support for managing your data processing. You can specify and build clusters to utilize several data types with user specified jobs while tracking the progress of those jobs.
  
 
==== Neutron功能 ====
 
==== Neutron功能 ====
Line 147: Line 174:
 
* L3高可靠支持
 
* L3高可靠支持
 
* IPv6子网模式
 
* IPv6子网模式
 +
 +
Neutron added several new features in Juno, including:
 +
* DVR (Distributed Virtual Routing)
 +
* L3 HA support
 +
* IPv6 subnet modes
  
 
Horizon在Juno版本中提供对这些新功能的支持。这些功能在软件定义网络中提供更灵活的功能。
 
Horizon在Juno版本中提供对这些新功能的支持。这些功能在软件定义网络中提供更灵活的功能。
Line 154: Line 186:
 
==== Glance功能 ====
 
==== Glance功能 ====
 
在Juno中,Glance提供了metadata目录定义的功能,这样用户就可以将metadata用于多种资源类型,包含镜像、卷、集合和规格。Horizon中现在支持查看和编辑metadata便签的分配。
 
在Juno中,Glance提供了metadata目录定义的功能,这样用户就可以将metadata用于多种资源类型,包含镜像、卷、集合和规格。Horizon中现在支持查看和编辑metadata便签的分配。
 +
 +
In Juno, Glance introduced the ability to manage a catalog of metadata definitions where users can register the metadata definitions to be used on various resource types including images, aggregates, and flavors. Support for viewing and editing the assignment of these metadata tags is included in Horizon.
  
 
==== Cinder功能====
 
==== Cinder功能====
 
本着支持全部API功能的目的,一些已经在Cinder中支持的功能,现在在Juno版本中被Horizon所支持。用户在Horizon中可以使用swift存储卷的备份,也能从中恢复卷的备份。
 
本着支持全部API功能的目的,一些已经在Cinder中支持的功能,现在在Juno版本中被Horizon所支持。用户在Horizon中可以使用swift存储卷的备份,也能从中恢复卷的备份。
 +
 +
In a continued effort to provide fuller API support, several features supported by Cinder are now supported in Horizon in the Juno release. Users can now utilize swift to store volume backups from Horizon as well as restore volumes from these backups.
  
 
在Juno的Horizon中新增加的之前不支持的Cinder API功能包括:
 
在Juno的Horizon中新增加的之前不支持的Cinder API功能包括:
Line 167: Line 203:
 
==== Trove ====
 
==== Trove ====
 
Trove潜在支持多种数据存储,例如mysql、redis、mongodb。用户可以从云运维人员设定的数据存储列表中进行选择,创建所需要的数据库实例。
 
Trove潜在支持多种数据存储,例如mysql、redis、mongodb。用户可以从云运维人员设定的数据存储列表中进行选择,创建所需要的数据库实例。
 +
 +
Trove supports potentially using numerous different datastores, e.g., mysql, redis, mongodb. Users can now select from the list of datastores supported by the cloud operator when creating their database instances.
  
 
另外一个功能是从数据库增量备份中进行恢复。
 
另外一个功能是从数据库增量备份中进行恢复。
Line 174: Line 212:
 
==== Nova ====
 
==== Nova ====
 
用户可以通过新的实例面板查看该项目下所有的对实例的操作,哪些操作返回了错误的结果或者其他用户在这些实例上做了哪些操作。
 
用户可以通过新的实例面板查看该项目下所有的对实例的操作,哪些操作返回了错误的结果或者其他用户在这些实例上做了哪些操作。
 +
 +
The new nova instance actions panel provides a list of all actions taken on all instances in the current project allowing users to view resulting errors or actions taken by other users on those instances.
  
 
管理员现在可以撤离一台计算节点,这样就提供了在系统维护时,将该维护节点上所有的实例迁移到其他节点的能力。
 
管理员现在可以撤离一台计算节点,这样就提供了在系统维护时,将该维护节点上所有的实例迁移到其他节点的能力。
Line 185: Line 225:
 
* 修复排序问题
 
* 修复排序问题
 
* 许多其他的bug修复
 
* 许多其他的bug修复
 +
 +
The plugin system in Horizon continued to improve in the Juno release.
 +
Some of those improvements:
 +
 +
* Support for adding plugin specific AngularJS modules
 +
* Support for adding static files, e.g., CSS, JS, images
 +
* Ability to add exceptions
 +
* Fixing ordering issues
 +
* Numerous other bug fixes
  
 
==== 增加基于角色控制(RBAC)的支持 ====
 
==== 增加基于角色控制(RBAC)的支持 ====
 
为了让Horizon更好的支持基于角色的访问控制(RBAC),几个服务的页面增加了RBAC的检查,来控制用户的访问和性更为。最新支持的服务为计算、网络和编配(Heat)。这些改变允许操作人员实现更细粒度的访问控制,而不只是“用户”和“管理员”。
 
为了让Horizon更好的支持基于角色的访问控制(RBAC),几个服务的页面增加了RBAC的检查,来控制用户的访问和性更为。最新支持的服务为计算、网络和编配(Heat)。这些改变允许操作人员实现更细粒度的访问控制,而不只是“用户”和“管理员”。
  
The identity panels (domains, projects, users, roles, groups) have also been converted to support RBAC at the view level. The identity panels have been moved from the admin dashboard into their own 'Identity' dashboard and accessibility is determined by policies alone. This is the first step toward consolidating the near duplicate content of the project and admin dashboards into single views supporting a wide range of roles.
+
In an ongoing effort to support richer role based access control (RBAC) in Horizon, the views for several more services were enhanced with RBAC checks to determine user access to actions. The newly supported services are compute, network and orchestration. These changes allow operators to implement finer grained access control than just "member" and "admin".
 +
 
 +
鉴权面板(域、项目、用户、角色、组)已经支持RBAC的页面控制。鉴权面板已经从管理员面板到独立的“鉴权”控制面板,可访问性取决于独立的策略控制。这是支持更细粒度权限控制的第一步,将项目和管理员面板中重复的内容合并。
 +
 
 +
==== UX优化 ====
 +
Juno中,Horizon开始使用Bootstrap v3。Horizon在最近几次更新中一直使用旧版本的Bootstrap。这次升级能使Horizon修复一些BUG,以及在Bootstrap框架下进行整体优化。样式和感觉大体和Havana版本保持一致。
  
==== UX Changes ====
 
 
In Juno, Horizon transitioned to utilizing Bootstrap v3. Horizon had been pinned to an older version of Bootstrap for several releases. This change now allows Horizon to pick up numerous bug fixes and overall improvements in the Bootstrap framework. The look and feel remains mainly consistent with the Havana release.
 
In Juno, Horizon transitioned to utilizing Bootstrap v3. Horizon had been pinned to an older version of Bootstrap for several releases. This change now allows Horizon to pick up numerous bug fixes and overall improvements in the Bootstrap framework. The look and feel remains mainly consistent with the Havana release.
  
==== JavaScript Libraries Extracted ====
+
==== 提炼JavaScript库====
 +
作为Horizon团队正在努力的一个部分,他们将JavaScript移入更合理的地方,所有Horizon依赖的第三方JavaScript库从Horizon代码中删除掉并且开始使用python xstatic包。xstack格式可以被Django框架轻松使用。现在JavaScript库的使用可以像其他Horizon以来的python库一样使用。
 +
 
 
As part of the Horizon team's ongoing efforts to split the repository into more logical pieces, all the 3rd party JavaScript libraries that Horizon depends on have been removed from the Horizon code base and python xstatic packages have been utilized instead. The xstatic format allows for easy consumption by the Django framework Horizon is built on. Now JavaScript libraries are utilized like any other python dependency in Horizon.
 
As part of the Horizon team's ongoing efforts to split the repository into more logical pieces, all the 3rd party JavaScript libraries that Horizon depends on have been removed from the Horizon code base and python xstatic packages have been utilized instead. The xstatic format allows for easy consumption by the Django framework Horizon is built on. Now JavaScript libraries are utilized like any other python dependency in Horizon.
  
 
==== 使用SCSS替代LESS ====
 
==== 使用SCSS替代LESS ====
 
Horizon的样式部分现在从LESS变为SCSS。这个变化主要是由于python缺少LESS编译器的支持。这个变化可以使我们升级到Bootstrap 3,作为Bootstrap 3的一部分,现有的Python的LESS编译器不再提供支持。
 
Horizon的样式部分现在从LESS变为SCSS。这个变化主要是由于python缺少LESS编译器的支持。这个变化可以使我们升级到Bootstrap 3,作为Bootstrap 3的一部分,现有的Python的LESS编译器不再提供支持。
 +
 +
The supported stylesheets in Horizon have been converted to utilize SCSS rather than LESS. The change was necessary due to a prevalent lack of support for LESS compilers in python. This change also allowed us to upgrade to Bootstrap 3, as parts of the Bootstrap 3 LESS stylesheets were not supported by existing python based LESS compilers.
  
 
=== 已知问题 ===
 
=== 已知问题 ===
  
==== Rendering issues in extensions ====
+
==== 扩展之中渲染(Rendering)的问题====
 +
使用Bootstrap v3带来了基于Horizon之上的扩展的内容有渲染(Rendering)的问题。大多数这些问题的修复方法是使用一个简单的CSS名字的替换。出现的问题大多数集中在按钮和panel内容的宽度上。
 +
 
 
The conversion to utilizing Bootstrap v3 can cause content extensions written on top of Horizon to have rendering issues. Most of these are fixed by a simple CSS class name substitutions. These issues are primarily seen with buttons and panel content widths.
 
The conversion to utilizing Bootstrap v3 can cause content extensions written on top of Horizon to have rendering issues. Most of these are fixed by a simple CSS class name substitutions. These issues are primarily seen with buttons and panel content widths.
  
 
==== 在线压缩 ====
 
==== 在线压缩 ====
 
因为使用了SCSS,在非调试模式下使用在线压缩可能会出现一些问题。离线压缩和前一个版本工作方式无差异。
 
因为使用了SCSS,在非调试模式下使用在线压缩可能会出现一些问题。离线压缩和前一个版本工作方式无差异。
 +
 +
With the move to SCSS, there may be issues with utilizing online compression in non-DEBUG mode in Horizon. Offline compression continues to work as in previous releases.
  
 
==== Neutron L3高可靠 ====
 
==== Neutron L3高可靠 ====
 
HA的属性可以在UI中进行设置,但是自身迁移在Agent会失败。
 
HA的属性可以在UI中进行设置,但是自身迁移在Agent会失败。
 +
 +
The HA property is updateable in the UI, however, Neutron API does not allow the update operation because toggling HA support does not work.
 +
https://bugs.launchpad.net/horizon/+bug/1378525
  
 
=== 更新提示 ===
 
=== 更新提示 ===
 
* FLAVOR_EXTRA_KEYS被废弃。这个键值可以直接调用Nova和[http://docs.openstack.org/developer/glance/metadefs-concepts.html glance api] 替换。
 
* FLAVOR_EXTRA_KEYS被废弃。这个键值可以直接调用Nova和[http://docs.openstack.org/developer/glance/metadefs-concepts.html glance api] 替换。
 +
 +
* FLAVOR_EXTRA_KEYS setting deprecated.  The use of this key has been replaced with direct calls to the nova and [http://docs.openstack.org/developer/glance/metadefs-concepts.html glance api] as appropriate.
  
 
== OpenStack鉴权服务(Keystone) ==
 
== OpenStack鉴权服务(Keystone) ==
Line 218: Line 284:
 
=== 新功能 ===
 
=== 新功能 ===
  
* Keystone now has experimental support for [http://docs.openstack.org/developer/keystone/configure_federation.html#keystone-as-an-identity-provider-idp Keystone-to-Keystone federation], where one instance acts as an Identity Provider, and the other a Service Provider.
+
* Keystone现在有一个实验性功能[http://docs.openstack.org/developer/keystone/configure_federation.html#keystone-as-an-identity-provider-idp Keystone和Keystone的联合(federation)], 其中一个实例提供鉴权服务,另外一个为服务提供者。
* PKIZ is a new token provider available for users of PKI tokens, which simply adds zlib-based compression to traditional PKI tokens.
+
* PKIZ是一种新的token提供方式,可以为使用PKI token的用户提供服务,(与之前不同的是)在传统的PKI token中加入了基于zlib的压缩。
* The hashing algorithm used for PKI tokens has been made configurable (the default is still MD5, but the Keystone team recommends that deployments migrate to SHA256).
+
* PKI token所使用的哈希算法现在可以被配置了(默认使用MD5,Keystone团队建议部署中使用SHA256)
* Identity-driver-configuration-per-domain now supports Internet domain names of arbitrary hierarchical complexity (for example, <code>customer.cloud.example.com</code>).
+
* Identity-driver-configuration-per-domain现在支持任意复杂层次的内部域名(例如:<code>customer.cloud.example.com</code>)
* The LDAP identity backend now supports <code>description</code> as an attribute of users.
+
* 使用LDAP鉴权作为后端时支持<code>description</code>作为用户属性。
* Identity API v3 requests are now validated via JSON Schema.
+
* 鉴权服务的v3 API请求现在使用JSON Schema提供校验。
* In the case of multiple identity backends, Keystone can now map arbitrary resource IDs to arbitrary backends.
+
* 在使用多鉴权后端时,Keystone可以将任意的resource IDs映射到任意的后端。
* <code>keystoneclient.middleware.auth_token</code> has been moved into it's own repository, <code>keystonemiddleware.auth_token</code>.
+
* <code>keystoneclient.middleware.auth_token</code>现在移动到自己的库, <code>keystonemiddleware.auth_token</code>.
* Identity API v3 now supports a discrete call to retrieve a service catalog, <code>GET /v3/auth/catalog</code>.
+
* 鉴权服务的v3 API现在支持一个分离的请求获得服务目录(service catalog),<code>GET /v3/auth/catalog</code>
* Federated authentication events and local role assignment operations now result in CADF (audit) notifications.
+
* 联合(Federated)鉴权事件和本地的角色分配操作现在会触发CADF(审计)通知。
* Keystone can now associate a given policy blob with one or more endpoints.
+
* Keystone现在能将指定的策略集合和一个或多个endpoints关联。
* Keystone now provides JSON Home documents on the root API endpoints in response to <code>Accept: application/json-home</code> headers.
+
* Keystone现在在根API endpoints上提供JSON家文档(Home docuemtns),回复头<code>Accept: application/json-home</code>
* Hiding endpoints from client's service catalogs is now more easily manageable via <code>OS-EP-FILTER</code>.
+
* 现在可以很简单的通过<code>OS-EP-FILTER</code>从客户端的服务目录中(service catalogs)隐藏endpoints.
* The credentials collection API is now filterable per associated user (<code>GET /v3/credentials?user_id={user_id}</code>).
+
* 鉴权集合的API现在按照每一个关联用户过滤(<code>GET /v3/credentials?user_id={user_id}</code>).
* New, generic API endpoints are available for retrieving authentication-related data, such as a service catalog, available project scopes, and available domain scopes.
+
* 新的通用的API endpoints现在可以获取权限相关的数据,例如服务目录(service catalog),活跃的项目范围和活跃的域范围。
* Keystone now supports mapping the user <code>enabled</code> attribute to the <code>lock</code> attribute in LDAP (and inverting the corresponding boolean value accordingly).
+
* Keystone现在在LDAP中支持将用户的<code>enabled</code>属性映射到<code>lock</code>属性(自动进行布尔值转换)
* A CA certificate file is now configurable for LDAPS connections.
+
* 可以为LDAP链接配置CA证书文件。
* The templated catalog backend now supports generating service catalogs for Identity API v3.
+
* 模板(templated)目录后端现在支持为鉴权服务的v3 API生成服务目录。
* Service names were added to the v3 service catalog.
+
* 服务名称被添加到v3的服务目录中。
* Services can now be filtered by name (<code> GET /v3/services?name={service_name}</code>).
+
* 可以通过名称对服务进行过滤(<code> GET /v3/services?name={service_name}</code>)
 +
 
 +
=== 已知问题 ===
 +
==== LDAP页面搜索不支持python-ldap 2.4 ====
 +
当使用python-ldap 2.4并使用开启了页面搜索(paged search)的LDAP时,会发生AttributeErrors的错误。这是由于python-ldap中的不兼容导致的。可以通过以下几个方法绕过这个错误:
 +
* 在keystone.conf中关闭页面搜索功能,在[ldap]段中设置page_size为0。
 +
* 将python-ldap版本降为2.3.x。
  
=== Known Issues ===
 
 
==== LDAP paged search results don't work with python-ldap 2.4 ====
 
==== LDAP paged search results don't work with python-ldap 2.4 ====
 +
 
When using an LDAP backend with paged search results enabled, AttributeErrors will be encountered if python-ldap 2.4 is being used.  This is due to a backwards incompatible API change in python-ldap.  The issue can be worked around in a few ways:
 
When using an LDAP backend with paged search results enabled, AttributeErrors will be encountered if python-ldap 2.4 is being used.  This is due to a backwards incompatible API change in python-ldap.  The issue can be worked around in a few ways:
 
* Disabling paging of search results by setting ''page_size'' to ''0'' in the ''[ldap]'' section of keystone.conf.
 
* Disabling paging of search results by setting ''page_size'' to ''0'' in the ''[ldap]'' section of keystone.conf.
 
* Downgrade python-ldap to version 2.3.x.
 
* Downgrade python-ldap to version 2.3.x.
  
A fix for this issue has been proposed, which is expected to be made available in a stable update for Juno.  For more details see https://bugs.launchpad.net/keystone/+bug/1381768
+
这个问题的修复已经被提到议事日程,会在Juno的稳定版升级中得到解决。详情请参阅:https://bugs.launchpad.net/keystone/+bug/1381768
  
=== Upgrade Notes ===
+
=== 升级提示 ===
  
* Due to the simpler out-of-the-box experience, the default token provider is now UUID instead of PKI.
+
* 基于简化的开包即用的(out-of-the-box)经验,默认的token提供者使用UUID替换之前的PKI。
* Database migrations for releases prior to Havana have been dropped, meaning that you must upgrade to the Juno release from either a Havana or Icehouse deployment.
+
* 对于早于Havana版本的数据库迁移被抛弃了,这就意味着如果你必须从Havana或者Icehouse版本的升级到Juno。
* A comprehensive list of all updated, deprecated or removed options in Keystone can be found at: http://docs.openstack.org/trunk/config-reference/content/keystone-conf-changes-master.html
+
* 完整的更新,不推荐使用的或者被删除的Keystone选项列表,可以在这里看到:http://docs.openstack.org/trunk/config-reference/content/keystone-conf-changes-master.html
** All <code>token_api</code> methods are now deprecated.
+
** 所有<code>token_api</code>方法被废弃了。
** LDAP configuration options that previously contained the deprecated <code>tenant</code> terminology have been superseded by options using the term <code>project</code>.
+
** LDAP配置选项中之前包含废弃的<code>tenant</code>术语现在被<code>project</code>取代。
** Proxy methods from the identity backend to the assignment backend (created to provide backwards compatibility as a result of the split of the Assignment backend from the Identity backend), have been removed. This should only affect custom, out-of-tree API extensions.
+
** 从鉴权后端到分配后端的代理被删除了(创建提供后端兼容性,目的是将分配后端和鉴权后端分离)。这个改动只会影响定制的,out-of-tree(?)API扩展。
** Loading authentication plugins solely by class name in <code>keystone.conf</code> is now deprecated in favor of loading them by <code>custom-method-name = custom_package.CustomClass</code> pairs, and then defining the sequence of authentication methods as a list (<code>methods = custom-method-name, password</code>).
+
** 从keystone.conf中的类名称中加载鉴权插件的方法被废弃了,取而代之是通过<code>custom-method-name = custom_package.CustomClass</code>加载,然后定义一组鉴权的方式(<code>methods = custom-method-name, password</code>)
** In-tree token drivers (<code>keystone.token.backends</code>) have been moved to <code>keystone.token.persistence.backends</code>. Proxy objects exist to maintain compatibility. If a non-default value is used, it is recommended the value of the <code>driver</code> option in the <code>[token]</code> section of <code>keystone.conf</code> is updated to use the new location.
+
** 在树状token驱动中(<code>keystone.token.backends</code>)被移动到<code>keystone.token.persistence.backends</code>。代理对象可以保持运维的兼容性。如果没有设置值,建议将<code>keystone.conf</code>中的<code>[token]</code>段中的<code>driver</code>设置为新的位置。
* All KVS backends besides the <code>token</code> driver have been formally deprecated.
+
* 除了<code>token</code>驱动之外的所有KVS后端被废弃了。
* LDAP/AD configuration: All configuration options containing the term "tenant" have been deprecated in favor of similarly named configuration options using the term "project" (for example, <code>tenant_id_attribute</code> has been replaced by <code>project_id_attribute</code>).
+
* LDAP/AD配置:所有配置中包含"tenant"的术语被废弃了,现在建议使用"project"(例如:<code>tenant_id_attribute</code><code>project_id_attribute</code>替换)
  
== OpenStack Network Service (Neutron) ==
+
== OpenStack网络服务(Neutron) ==
=== Key New Features ===
+
=== 新功能 ===
* DB migration refactor and new timeline
+
* 重构数据库迁移和新的timeline
* Distributed Virtual Router Support (DVR)
+
* 分布式虚拟路由支持(DVR)
* Full IPV6 support for tenant networks
+
* 全面支持租户网络IPV6
* High Availability for the L3 Agent
+
* L3层代理高可靠
* ipset support for security groups in place of iptables (this option is configurable)
+
* 使用ipset替代iptables支持安全组(可配置)
* L3 agent performance improvements
+
* L3代理性能优化
* Migration to oslo.messaging library for RPC communication.
+
* 将RPC通讯迁移至oslo.messaging库
* Security group rules for devices RPC call refactoring (a huge performance improvement)
+
* 重构针对安全组的设备RPC调用(巨大的性能提升)
* New Plugins supported in Juno include the following:
+
* 在Juno版本中支持的新插件包含:
 
** A10 Networks LBaaS driver for the LBaaS V1 API
 
** A10 Networks LBaaS driver for the LBaaS V1 API
 
** Arista L3 routing plugin
 
** Arista L3 routing plugin
Line 281: Line 353:
 
** SR-IOV capable NIC ML2 Mechanism Driver
 
** SR-IOV capable NIC ML2 Mechanism Driver
  
=== Known Issues ===
+
=== 已知问题 ===
* This is the first release for DVR and HA L3. The Neutron team desires to designate these features as production ready in Kilo and requests that deployers test on non-critical workloads and report any issues.
+
* 这是针对DVR和L3高可靠第一个版本。Neutron团队明确这些功能完全可被用于生产环境是在Kilo版本,并且希望部署人员可以在非关键的负载下使用,并报告相关问题。
* FWaaS is still labeled as experimental, as it does not allow you to have more than one FW per tenant.
+
* 防火墙即服务(FWaas)仍然被标记为实验性功能,所以现在还不允许你在一个租户下有多余一个防火墙。
  
=== Upgrade Notes ===
+
=== 已知问题 ===
* A list of all updated, deprecated or removed options in neutron can be found at: http://docs.openstack.org/trunk/config-reference/content/neutron-conf-changes-master.html
+
* 完整的更新,不推荐使用的或者被删除的Neutron选项列表,可以在这里看到:http://docs.openstack.org/trunk/config-reference/content/neutron-conf-changes-master.html
* Attribute level policies dependent on resources are not enforced anymore. Meaning that some older policies from Icehouse are not needed. (e.g. "get_port:binding:vnic_type": "rule:admin_or_owner").
+
* 依赖于资源的属性级别的策略不在强制要求。意味着一些Icehouse版本中的旧策略不在需要(例如:"get_port:binding:vnic_type": "rule:admin_or_owner")
* The following plugins are deprecated in Juno:
+
* 下面的插件在Juno版本中被废弃:
** Cisco Nexus Sub-Plugin (The Nexus 1000V Sub-Plugin is still retained and supported in Juno).
+
** Cisco Nexus Sub-Plugin (The Nexus 1000V Sub-Plugin在Juno版本中仍然存在并支持。).
 
** Mellanox Plugin
 
** Mellanox Plugin
 
** Ryu Plugin
 
** Ryu Plugin
*XML support in the API is deprecated. Users and deployers should migrate to JSON for API interactions as soon as possible since the XML support will be removed in the Kilo (2015.1) release.
+
* API的XML支持被废弃了。用户和部署人员应当尽快将API开始使用JSON格式,XML将在Kilo(2015.1)中被彻底删除。
  
== OpenStack Block Storage (Cinder) ==
+
== OpenStack块存储服务(Cinder) ==
=== Key New Features ===
+
=== 新功能 ===
* Support for Volume Replication.
+
* 支持卷复制。
* Support for Consistency Groups and Snapshots of Consistency Groups.
+
* 支持一致性组(Consistency Groups)和一致性组的快照(Snapshots of Consistency Groups)。
* Support for Volume Pools.
+
* 支持卷资源池。
* Completion of i18n-enablement
+
* 完成i18n
* Honor Glance protected properties in Image Upload
+
* 在镜像上传中给Glance加入保护属性
* Enable ability to restrict bandwidth usage on volume-copy operations
+
* 可以在卷复制操作时限制带宽使用
* Add Volume Num Weigher Scheduling
+
* 加入卷数量Weigher的调度(算法)
  
=== New 驱动/插件 ===
+
=== 新驱动/插件 ===
 
* Datera
 
* Datera
 
* Fujitsu ETERNUS
 
* Fujitsu ETERNUS
Line 319: Line 391:
 
 
  
=== Upgrade Notes ===
+
=== 升级提示 ===
* A list of all updated, deprecated or removed options in Cinder can be found at: http://docs.openstack.org/trunk/config-reference/content/cinder-conf-changes-master.html
+
* 完整的更新,不推荐使用的或者被删除的Cinder选项列表,可以在这里看到:http://docs.openstack.org/trunk/config-reference/content/cinder-conf-changes-master.html
* Nova is now supporting the [https://review.openstack.org/#/c/43986/ Cinder V2 API]. The Cinder V1 API is deprecated in Juno and Nova will switch over to Cinder V2 by default in the "L" release.
+
* Nova现在开始支持[https://review.openstack.org/#/c/43986/ Cinder V2 API]。Cinder V1 API在Juno版本中被废弃,并且Nova将在L版本中全面切换到Cinder V2。
  
== OpenStack Telemetry (Ceilometer) ==
+
== OpenStack遥测(Ceilometer) ==
=== Key New Features ===
+
=== 新功能 ===
* Support for partitioning metric collection load across horizontally scaled-out central agents
+
* 在横向扩展的中心代理端支持度量指标集合的分区
* New method of partitioning alarm evaluation load using [https://github.com/stackforge/tooz tooz] coordination, as opposed to a hand-crafted protocol
+
* 告警评估(evaluation)负载使用新的[https://github.com/stackforge/tooz tooz]进行协调,与手工的协议相反
* Much improved SQLAlchemy storage performance & scalability, so that MySQL or PostgreSQL can be used as the metering store for PoCs or small deployments
+
* 对SQLAlchemy存储的性能和可扩展性进行了大量优化,所以MySQL和PostgreSQL可以被用于验证或小规模部署存储度量值
* Support for hardware-oriented monitoring of IPMI sensors via notifications from either Ironic or a new standalone agent
+
* 支持通过Ironic或者新的独立的代理端,通过通知的方式,经过IPMI传感器获取的面向硬件的监控
* More flexible & efficient SNMP monitoring:
+
* 更灵活、有效地SNMP监控:
** batching queries for multiple SNMP metrics into a single call to each daemon
+
** 将多个SNMP度量的多次查询归并为一个请求
** dynamic discovery of nodes deployed by TripleO for SNMP polling
+
** 通过TripleO部署的节点可以动态发现进行SNMP轮询
** the ability to more easily extend the range of SNMP metrics that ceilometer gathers
+
** 非常容易的扩展Ceilometer采集的SNMP度量指标
** the ability to derive new metrics from arithmetic transformations applied to multiple primary metrics
+
** 通过多个主要指标的算法运算得到新的度量指标
* Option to split off the alarms persistence into a separate database
+
* 可以讲告警的数据放入独立的数据库
* Option to use notifications instead of RPC for metering messages 
+
* 对于度量的消息可以使用通知替代RPC调用
* Metering of Neutron networking services: LBaaS, FWaaS & VPNaaS  
+
* Neutron网络度量服务:负载均衡即服务(LBaaS),防火墙即服务(FWaaS)和VPN即服务(VPNaaS)。
* New XenAPI compute inspector
+
* 新的XenAPI计算资源巡检
* Support for persisting events via the MongoDB & Hbase storage drivers (previously limited to SQLAlchemy)
+
* 支持通过MongoDB或者Hbase存储驱动(之前限制为SQLAlchemy)持久化事件
* Support for per-device metering of instance disks
+
* 支持对虚拟机磁盘的每一个硬盘单独的度量
* Use of ceilometer as a collector for os-profiler data
+
* 将Ceilometer作为系统分析数据的收集端
* New Telemetry section of the [http://docs.openstack.org/admin-guide-cloud/content/ch_admin-openstack-telemetry.html Cloud Administrator Guide]
+
* [http://docs.openstack.org/admin-guide-cloud/content/ch_admin-openstack-telemetry.html 云系统管理员指南]增加对遥测服务的段落
  
=== Known Issues ===
+
=== 已知问题 ===
* [https://bugs.launchpad.net/ceilometer/+bug/1381600 1381600] The new <code>ceilometer-agent-ipmi</code> fails to emit any samples when it encounters unparseable data from <code>ipmitool</code>.
+
* [https://bugs.launchpad.net/ceilometer/+bug/1381600 1381600]新的<code>ceilometer-agent-ipmi</code> 无法发出任何samples当从<code>ipmitool</code>获得数据无法被解析时。
  
=== Upgrade Notes ===
+
=== 升级提示 ===
*  A list of all updated, deprecated or removed options in ceilometer can be found at: http://docs.openstack.org/trunk/config-reference/content/ceilometer-conf-changes-master.html
+
完整的更新,不推荐使用的或者被删除的ceilometer选项列表,可以在这里看到:http://docs.openstack.org/trunk/config-reference/content/ceilometer-conf-changes-master.html
  
== OpenStack Orchestration (Heat) ==
+
== OpenStack 编排(Heat) ==
=== Key New Features ===
+
=== 新功能 ===
  
* Recovery from failures during stack updates
+
* 在stack更新失败时可以恢复
* API to cancel and roll back an in-progress stack update
+
* 使用API可以取消或者回滚一个正在更新的stack
* Implementation of new resource types:
+
* 实现了新的资源类型:
 
** OS::Glance::Image
 
** OS::Glance::Image
 
** OS::Heat::SwiftSignal
 
** OS::Heat::SwiftSignal
*** Provides the option to store Wait Condition (and Software Deployment) data in Swift
+
*** 提供在Swift中存储等待的条件(和软件部署)的选项
 
** OS::Heat::StructuredDeployments
 
** OS::Heat::StructuredDeployments
*** Groups code for multiple lifecycle events into a single deployment resource
+
*** 将多个生命周期事件的代码组装到一个部署资源中
 
** OS::Heat::SoftwareDeployments
 
** OS::Heat::SoftwareDeployments
*** Provides a way of avoiding circular dependencies when deploying an interdependent cluster of servers
+
*** 避免部署一个内部依赖的集群的服务器时产生循环依赖
 
** OS::Heat::SoftwareComponent
 
** OS::Heat::SoftwareComponent
 
** OS::Nova::ServerGroup
 
** OS::Nova::ServerGroup
 
** OS::Sahara::NodeGroupTemplate
 
** OS::Sahara::NodeGroupTemplate
 
** OS::Sahara::ClusterTemplate
 
** OS::Sahara::ClusterTemplate
* Remember the previously-supplied parameters when updating a stack
+
* 记住当更新一个stack时先提供参数
 
* Improved scalability
 
* Improved scalability
* Improved visibility into trees of nested stacks
+
* 优化扩展性
 +
* 优化嵌套stack的树的可视化
 +
 
 +
=== 已知问题 ===
 +
  
=== Known Issues ===
+
=== 升级提示 ===
None yet
+
完整的更新,不推荐使用的或者被删除的heat选项列表,可以在这里看到:http://docs.openstack.org/trunk/config-reference/content/heat-conf-changes-master.html
  
=== Upgrade Notes ===
+
== OpenStack数据库服务(Trove) ==
*   A list of all updated, deprecated or removed options in heat can be found at: http://docs.openstack.org/trunk/config-reference/content/heat-conf-changes-master.html
+
=== 新功能 ===
 +
* 在提供的mysql实例中提供异步复制(主-从复制)
 +
* 引入新的集群API,开始支持MongoDB集群
 +
* 支持使用Neutron网络的OpenStack解决方案中部署Trove。在这之前,只支持nova-network。
 +
* 支持提供PostgreSQL数据库的实例。
 +
* 支持Couchbase的备份和恢复。
 +
* 支持可选择强制使用Cinder作为Trove卷的后端。
 +
* 支持在Trove数据库中(使用mgmt API)自定义的数据存储配置参数
 +
* 用一个调用获取所有的数据存储类型和版本
  
== OpenStack Database service (Trove) ==
+
=== 其他的增加的改进 ===
=== Key New Features ===
+
* 在trove中增加日志审计来优化日志级别
* Support for Asynchronous Replication (master-slave replicas) between provisioned mysql instances.
+
* 加入stevedore来优化扩展加载的机制
* Introduction of a new Clustering API with initial support for MongoDB clusters.
+
* 使用卷存储数据现在可以基于每一个数据存储
* Support for deploying Trove on an OpenStack solution that is using Neutron for networking. Prior to this, only nova-network was supported.
+
* 在配置组列表和详细信息调用中增加创建、更新时间戳以及实例数量
* Support for provisioning PostgreSQL datastore instances.
 
* Backup and Restore support for Couchbase.
 
* Support to optionally restrict the Cinder backend used for Trove volumes.
 
* Support for defining custom datastore configuration parameters in the Trove database (using mgmt API).
 
* The ability to list all datastore types and versions in a single call
 
  
=== Other Incremental Improvements===
+
=== 已知问题 ===
* Logging audit to improve log levels throughout the trove components.  
+
* [https://bugs.launchpad.net/trove/+bug/1333852 1333852]: Trove还不支持使用规格(Flaovr)的UUID ——Trove规格API需要使用带有数字ID的Flavor,目的是与icehouse Trove的API返回保持一致
* The extensions loading mechanism was improved by adding support for stevedore.
 
* The ability to support volumes for data is now on a per datastore bases.
 
* Created and updated timestamps and instance count were added to configuration groups list and details calls.
 
  
=== Known Issues ===
 
 
* [https://bugs.launchpad.net/trove/+bug/1333852 1333852]: Trove does not support flavor UUIDs -- the Trove flavors API requires flavors with a numerical ID in order to be consistent with the API response for icehouse Trove.
 
* [https://bugs.launchpad.net/trove/+bug/1333852 1333852]: Trove does not support flavor UUIDs -- the Trove flavors API requires flavors with a numerical ID in order to be consistent with the API response for icehouse Trove.
  
 
=== 升级日志  ===
 
=== 升级日志  ===
 
 
 +
 +
* trove_api_workers and trove_conductor_workers will now be equal to the number of CPUs available by default if not explicitly specified in the trove configuration files.
 +
** Anyone upgrading to this change that does not have trove_api_workers or trove_conductor_workers specified in the trove configuration files will now be running multiple API and conductor workers by default when they restart the respective trove services.
  
 
== OpenStack数据处理(Sahara) ==
 
== OpenStack数据处理(Sahara) ==
 
=== 新功能 ===
 
=== 新功能 ===
  
* Data processing UI was fully merged into OpenStack Dashboard (horizon).
+
=== New Key Features ===
* Support of CDH 5.x was added.
+
 
* Support of Apache Spark was added. Supported versions are 0.9.1 and 1.0.0. Elastic data processing (EDP) engine was refactored a lot to support non-Oozie workflow engines.
+
* 数据处理的UI已经被完全整合到OpenStack控制面板中(Horizon)
* Support of Apache Hadoop 2.4.1 was added in addition to existing 1.2.1 and 2.3.0. Version 2.3.0 is deprecated in Juno.
+
* 增加对CDH 5.x的支持。
* Support of multi region deployments.
+
* 增加对Apache Spark的支持。支持的版本为0.9.1和1.0.0。弹性数据处理(EDP)引擎进行了大量重构,来支持non-zero工作流引擎。
* Hadoop Swift authentication using [http://docs.openstack.org/developer/sahara/userdoc/advanced.configuration.guide.html#domain-usage-for-swift-proxy-users keystone trust mechanism]. Now Hadoop can access data in Swift without storing credentials in config files.
+
* 在当前支持1.2.1和2.3.0版本的基础上,增加对Apache Hadoop 2.4.1支持。2.3.0版本在Juno版本废弃。
* [http://docs.openstack.org/developer/sahara/userdoc/configuration.guide.html#sahara-notifications-configuration Ceilometer integration] was added. Now Sahara notifies Ceilometer about all cluster state changes.
+
* 支持多域的部署。
* Cluster provisioning error handling was improved. If something goes wrong during scaling, cluster will rollback to original state.
+
* Hadoop Swift的鉴权使用[http://docs.openstack.org/developer/sahara/userdoc/advanced.configuration.guide.html#domain-usage-for-swift-proxy-users keystone信任机制]。现在Hadoop访问Swift数据无须在配置文件中存储鉴权信息。
* Added ability to [http://docs.openstack.org/developer/sahara/userdoc/features.html#security-group-management specify security groups for a node group]. Also Sahara could automatically create security group with only required ports open.
+
* 增加[http://docs.openstack.org/developer/sahara/userdoc/configuration.guide.html#sahara-notifications-configuration Ceilometer集成]。现在Sahara会通知Ceilometer所有集群的状态变化。
* Implemented [http://docs.openstack.org/developer/sahara/userdoc/features.html#running-sahara-in-distributed-mode distributed mode] for Sahara: sahara-all process is decoupled into sahara-api and sahara-engine. You can run several instances of sahara-api and sahara-engine on different hosts. Note that the feature implementation is considered to be in alpha-state.
+
* 集群的异常处理进行了改进。如果在扩展过程中出现错误,集群将会回退到原始状态。
 +
* [http://docs.openstack.org/developer/sahara/userdoc/features.html#security-group-management 为节点组设置安全组]。当然Sahara也可以自动的创建安全组并打开需要的端口。
 +
* 为Sahara实现[http://docs.openstack.org/developer/sahara/userdoc/features.html#running-sahara-in-distributed-mode 分布式模式]:sahara-all进程被分解为sahara-api和sahara-engine。你能在不同节点运行几个sahara-api和sahara-engine的实例。注意这个功能的实现仅仅在alpha阶段。
  
 
=== 已知问题 ===
 
=== 已知问题 ===
  
* [https://bugs.launchpad.net/sahara/+bug/1271349 Bug 1271349]: Sahara requires root privileges to access VMs via namespaces.
+
* [https://bugs.launchpad.net/sahara/+bug/1271349 Bug 1271349]: Sahara需要通过命名空间使用root权限访问虚拟机。
  
 
=== 升级提示 ===
 
=== 升级提示 ===
  
==== Main binary renamed to sahara-all ====
+
==== 将主程序命名为sahara-all ====
  
Please, note that you should use `sahara-all` instead of `sahara-api` to start
+
请注意,你需要使用sahara-all替代sahara-api来运行一个一体化(All-In-One)的Sahara环境。
the All-In-One Sahara.
 
  
==== sahara.conf upgrade ====
+
==== 更新sahara.conf ====
  
We've migrated from custom auth_token middleware config options to the common
+
我们已经将auth_token中间层配置移动到通用的配置选项中。更新你的配置文件时,需要用新选项替换旧的。
config options. To update your config file you should replace the following
 
old config opts with the new ones.
 
  
 
* "os_auth_protocol", "os_auth_host", "os_auth_port" -> "[keystone_authtoken]/auth_uri" and "[keystone_authtoken]/identity_uri"
 
* "os_auth_protocol", "os_auth_host", "os_auth_port" -> "[keystone_authtoken]/auth_uri" and "[keystone_authtoken]/identity_uri"
Line 435: Line 512:
 
* "os_admin_tenant_name" -> "[keystone_authtoken]/admin_tenant_name"
 
* "os_admin_tenant_name" -> "[keystone_authtoken]/admin_tenant_name"
  
We've replaced oslo code from sahara.openstack.common.db by usage of oslo.db library.
+
我们替换了sahara.openstack.common.db中oslo代码,开始使用oslo.db库。
  
Also sqlite database is not supported anymore. Please use MySQL or PostgreSQL
+
当然sqlite数据库不再被支持了。请使用MySQL或者PostgreSQL作为Sahara数据库后端。Sqlite被放弃主要是因为他现在不支持(以后也不会支持,详见 http://www.sqlite.org/omitted.html)ALTER
db backends for Sahara. Sqlite support was dropped because it doesn't support
+
COLUMN和DROP COLUMN数据库版本迁移时必须的命令。
(and not going to support, see http://www.sqlite.org/omitted.html) ALTER
 
COLUMN and DROP COLUMN commands required for DB migrations between versions.
 
  
You can find more info about config file options in Sahara repository in file
+
你能从Sahara库中的"etc/sahara/sahara.conf.sample"获取更多配置相关的信息。
"etc/sahara/sahara.conf.sample".
 
  
==== Sahara Dashboard was merged into OpenStack Dashboard ====
+
==== 将Sahara控制面板整合到OpenStack控制面板 ====
  
The Sahara Dashboard is not available in Juno release. Instead it's
+
Sahara控制面板在Juno版本中还不存在。取而代之的是在OpenStack控制面板之外提供功能。在OpenStack控制面板进入Sahara界面的方法:"Project" -> "Data Processing"
functionality is provided by OpenStack Dashboard out of the box.
 
The Sahara UI is available in OpenStack Dashboard in
 
"Project" -> "Data Processing" tab.
 
  
Note that you have to properly register Sahara in Keystone in
+
注意,你需要正确的在Keystone注册Sahara的信息,这样才能让Sahara UI正常工作。
order for Sahara UI in the Dashboard to work.
 
  
==== VM user name changed for HEAT infrastructure engine ====
+
==== HEAT基础架构引擎的虚拟机用户名变更 ====
  
We've updated HEAT infrastructure engine ("infrastructure_engine=heat") to
+
我们已经更新了HEAT基础架构引擎("infrastructure_engine=heat"),使用直接引擎(direct engine)中实例用户名同样的规则。在改变用户名之前,使用HEAT引擎,Sahara创建的虚拟机用户名总是‘ec2-user’。现在用户名从镜像注册中移除,正如文档描述的一样。
use the same rules for instance user name as in direct engine. Before the
 
change user name for VMs created by Sahara using HEAT engine was always
 
'ec2-user'. Now user name is taken from the image registry as it is described
 
in the documentation.
 
  
Note, this change breaks Sahara backward compatibility for clusters created
+
注意,这个变化破坏了Sahara向前的兼容性,在这之前通过HEAT创建的集群都会受到影响。集群仍然可以继续操作,但是并不建议进行规模上的操作。
using HEAT infrastructure engine before the change. Clusters will continue to
 
operate, but it is not recommended to perform scale operation over them.
 
  
==== Anti affinity implementation changed ====
+
==== 非依附(???Anti affinity)实现的变化 ====
  
Starting with Juno release anti affinity feature is implemented using server
+
从Juno版本开始非依附(???anti affinity)功能使用服务器组来实现。这和用户期望的Sahara行为没有太大区别,但是有一些小的变化:
groups. There should not be much difference in Sahara behavior from user
 
perspective, but there are internal changes:
 
  
* Server group object will be created if anti affinity feature is enabled.
+
* 如果非依附选项开启,服务器组对象会被创建
* New implementation doesn't allow several affected instances on the same host even if they don't have common processes. So, if anti affinity enabled for 'datanode' and 'tasktracker' processes, previous implementation allowed to have instance with 'datanode' process and other instance with 'tasktracker' process on one host. New implementation guarantees that  instances will be on different hosts.
+
* 新的实现中,不允许几个受影响的实例运行在同一个物理主机上,即使他们上面运行了非公共的进程。所以,一旦非依附选项为'datanode''tasktracker'进程开启,之前的实现中允许一个实例有'datanode'进程,另外一个进程有'tasktracker'进程,并且运行在同一个物理主机上。新的实现中保证了这些实例在不同的主机上。
  
Note, new implementation will be applied for new clusters only. Old implementation will be applied if user scales cluster created in Icehouse.
+
注意,新的实现只会对新创建的集群生效。原有实现会对用户在Icehouse版本中创建的集群起作用。
  
  

Latest revision as of 07:15, 15 March 2016

Other languages:
English • ‎فارسی • ‎日本語 • ‎한국어 • ‎中文(简体)‎ • ‎中文(台灣)‎

OpenStack 2014.2 (Juno) 更新日志

Contents

升级提示

  • simplejson安装包作为大多数项目的可选的依赖,并没有列在所有项目的requirements.txt文件中。然而,如果你想使用他,比如在RHEL 6上的python 2.6上获得更好的性能,你需要安装高于2.2.0版本的simplejson。详情请参考:https://bugs.launchpad.net/oslo-incubator/+bug/1361230

OpenStack对象存储(Swift)

新功能

Juno整合的更新包括三个版本的OpenStack的Swift:2.0.0,2.1.0和2.2.0。这些版本更新的日志请参阅:https://github.com/openstack/swift/blob/2.2.0.rc1/CHANGELOG#L1-L173。相信更新情况请参考以上文档。

以下是重要的更新内容。请阅读更新日志和相关文档。

  • 存储策略
  • 支持Keystone v3
  • 服务端账号到账号(account-to-account)复制
  • 当增加一个新的服务器(server),区域(zone)或者地域(region)时更合理分区布局
  • 使用splice()实现零拷贝(Zero-copy)GET响应
  • 并发对象审计


已知问题

升级提示

像往常一样,你可以零停机时间升级你的Swift集群,不影响最终用户。升级前请参考样例配置文件和文档。

  • 这里有一些日志方面的更新需要提一下。在所有情况中,正常的日志进程不会受到影响。
    • 存储节点(account, container, object)日志中会将进程的PID输出在日志每一行的末端。
    • Object守护进程现在使用他们进程的全名作为用户代理(user-agent)标识(例如obj现在替换为object)。
  • 一旦额外的存储策略被激活,回退到Swift 预览版2.0.0会引起被使用的附加存储策略失效。
  • 作为最终升级的一部分,更新Swift默认端口成为一个非IANA分配(non-IANA-assigned)的范围,bind_port现在是必须设定的。已经显示的设置了该端口的用户不会受到影响。然而,如果你还没有设置该端口,作为升级的一个部分,请确保你所有的*_server.conf中包含bind_port设置,并且匹配你的ring。
  • 注意:新的存储策略包含了一个新的守护进程,container-reconciler。
  • TempURL默认允许支持POST和DELETE。这就意味着可以为这些动作创建tempurls。而且不会影响现有的tempurls。
  • 完整的更新,不推荐使用的或者被删除的Swift选项列表,可以在这里看到:http://docs.openstack.org/trunk/config-reference/content/swift-conf-changes-master.html

OpenStack 计算服务(Nova)

实例功能

网络

调度

  • 可扩展的资源跟踪。Nova中资源跟踪的代码是hard code,这个更新使这个功能可扩展,允许增加新的插件支持在调度中跟踪新的类型的资源。launchpad specification
  • 支持整个host(虚拟机)的撤离(evacuated,实在没有太贴切的中文翻译,就是把虚拟机在其他的计算节点重新启动起来),但是需要经过scheduler为实例重新选择目标主机。launchpad specification
  • scheduler过滤器中支持host集合。launchpad:disk; instances; 和IO ops specification

其他

虚拟化驱动新增功能

Hyper-V

Ironic

libvirt

vmware

  • 使用oslo中的vmware library替代vmware驱动中的方法。launchpad specification
  • 支持vmware实例的网络接口热插拔。launchpad specification
  • 重构了vmware驱动中spawn方法,使之更容易维护。这个工作是内部的,在这里提及的目的是这个改动很明显的增强了VMWare驱动的支持力度。launchpad specification

已知问题

更新日志

  • 完整的更新,不推荐使用的或者被删除的Nova选项列表,可以在这里看到: http://docs.openstack.org/trunk/config-reference/content/nova-conf-changes-master.html
  • Nova-manage flavor子命令在Juno版本被废弃了,在2015.1(K)版本中会被删除掉。https://review.openstack.org/#/c/86122/
  • https://review.openstack.org/#/c/102212/
  • Libvirt最低版本现在是0.9.11: https://review.openstack.org/#/c/58494/
  • Nova现在支持使用Cinder V2 API. 在Juno版本中Cinder V1 API被废弃,在L版本中,Nova将默认切换到Cinder V2版本。
  • python-novaclient的日志输出的小变化来提高可读性。keystone token的sha1哈希被输出,取代之前输出token自身 - 这样减少了输出内容,但是仍然可以判断token不匹配的场景。另外,额外的'\n'字符被删除掉。再次检查任何log解析器!
  • libvirt.volume_drivers配置现在已经被nova.conf废弃,将在Lxxxx版本中删除掉。通常来讲,这只会影响一小部分在此驱动的开发者。如果恰好这里包含你,一个建议的解决方案是继续在nova代码库中继续你的工作。
  • A list of all updated, deprecated or removed options in Nova can be found at: http://docs.openstack.org/trunk/config-reference/content/nova-conf-changes-master.html
  • The nova-manage flavor subcommand is deprecated in Juno and will be removed in the 2015.1 (K) release: https://review.openstack.org/#/c/86122/
  • https://review.openstack.org/#/c/102212/
  • Minimum required libvirt version is now 0.9.11: https://review.openstack.org/#/c/58494/
  • Nova is now supporting the Cinder V2 API. The Cinder V1 API is deprecated in Juno and Nova will switch over to Cinder V2 by default in the "L" release.
  • Debug log output in python-novaclient has changed slightly to improve readability. The sha1 hash of the keystone token is now printed instead of the token itself - greatly shortening the amount of content being printed while still retaining the ability to determine token mismatch scenarios. In addition, some extra '\n' characters that were being added are removed. Double-check any log parsers!
  • libvirt.volume_drivers config param for nova.conf is deprecated, to be removed in the Lxxxx release. In general, this should affect only a small number of developers working on drivers. If this is you, the recommended approach is to continue your work inside a nova tree.

Openstack镜像服务 (Glance)

新功能

  • 异步处理
  • 将glance.store放入它自己的库中
  • Metadata定义目录
  • 镜像下载限制策略
  • 增强Scubber服务,允许单一实例服务在不同节点拥有多个glance-api服务

Key New Features

  • Asynchronous Processing
  • Pull of glance.store into its own library
  • Metadata Definitions Catalog
  • Restricted policy for downloading images.
  • Enhanced Scrubber service allows single instance services multiple glance-api servers cross nodes.

已知问题

升级日志

  • 完整的更新,不推荐使用的或者被删除的Glance选项列表,可以在这里看到:http://docs.openstack.org/trunk/config-reference/content/glance-conf-changes-master
  • 默认情况下,只有管理员才能上传一个公共的镜像。如果仍然允许普通用户上传,需要修改etc/policy.json中的publicize_image标记,去掉角色限制。
  • 数据库表的UTF-8字符集编码现在是必须的而且是强制检查的,运维人员需要将表和存在的数据手动的转为UTF-8,如果发现glance-image在同步过程中出现错误。
  • A list of all updated, deprecated or removed options in Glance can be found at: http://docs.openstack.org/trunk/config-reference/content/glance-conf-changes-master.html
  • The ability to upload a public image is now admin-only by default. To continue to use the previous behaviour, edit the publicize_image flag in etc/policy.json to remove the role restriction.
  • The requirement and check on UTF-8 charset for DB tables is enforced, operator need to migration tables and existing data to UTF-8 manually if glance-manage complains it during the sync.
  • glance workers will now be equal to the number of CPUs available by default if not explicitly specified in glance-api.conf and/or glance-registry.conf
    • There is no upgrade impact to glance-api workers since glance-api.conf previously hard-coded the workers value to 1 so anyone upgrading to tihs will still get whatever value was set in glance-api.conf prior to this change. There is an upgrade impact to the glance-registry workers since glance-registry.conf did not hard-code the workers value to 1 before this change. So anyone upgrading to this change that does not have workers specified in glance-registry.conf will now be running multiple workers by default when they restart the glance registry service.

OpenStack面板(Horizon)

新功能

Sahara

OpenStack数据处理项目(Sahara)被正式的集成到Juno更新中,并且Horizon包含了此服务的面板。你能指定并建立用户指定数据类型的集群来跟踪这些任务的进度。

The OpenStack Data Processing project (Sahara) was formally included into the integrated release in Juno and Horizon includes broad support for managing your data processing. You can specify and build clusters to utilize several data types with user specified jobs while tracking the progress of those jobs.

Neutron功能

  • Juno版本中,Neutron增加了如下新功能,包括:
  • DVR (分布式虚拟路由)
  • L3高可靠支持
  • IPv6子网模式

Neutron added several new features in Juno, including:

  • DVR (Distributed Virtual Routing)
  • L3 HA support
  • IPv6 subnet modes

Horizon在Juno版本中提供对这些新功能的支持。这些功能在软件定义网络中提供更灵活的功能。

Neutron中之前存在的MAC地址学习的扩展功能,现在已经在Horizon里支持了。

Glance功能

在Juno中,Glance提供了metadata目录定义的功能,这样用户就可以将metadata用于多种资源类型,包含镜像、卷、集合和规格。Horizon中现在支持查看和编辑metadata便签的分配。

In Juno, Glance introduced the ability to manage a catalog of metadata definitions where users can register the metadata definitions to be used on various resource types including images, aggregates, and flavors. Support for viewing and editing the assignment of these metadata tags is included in Horizon.

Cinder功能

本着支持全部API功能的目的,一些已经在Cinder中支持的功能,现在在Juno版本中被Horizon所支持。用户在Horizon中可以使用swift存储卷的备份,也能从中恢复卷的备份。

In a continued effort to provide fuller API support, several features supported by Cinder are now supported in Horizon in the Juno release. Users can now utilize swift to store volume backups from Horizon as well as restore volumes from these backups.

在Juno的Horizon中新增加的之前不支持的Cinder API功能包括:

  • 允许重设snapshot的状态
  • 允许重设volume的状态
  • 支持上传为镜像
  • 卷类型重定义
  • 支持Qos(服务质量)

Trove

Trove潜在支持多种数据存储,例如mysql、redis、mongodb。用户可以从云运维人员设定的数据存储列表中进行选择,创建所需要的数据库实例。

Trove supports potentially using numerous different datastores, e.g., mysql, redis, mongodb. Users can now select from the list of datastores supported by the cloud operator when creating their database instances.

另外一个功能是从数据库增量备份中进行恢复。

为了改善对Neutron的支持,当创建一个数据库实例时,用户能够指定网卡(NIC),用户可以直接访问实例。

Nova

用户可以通过新的实例面板查看该项目下所有的对实例的操作,哪些操作返回了错误的结果或者其他用户在这些实例上做了哪些操作。

The new nova instance actions panel provides a list of all actions taken on all instances in the current project allowing users to view resulting errors or actions taken by other users on those instances.

管理员现在可以撤离一台计算节点,这样就提供了在系统维护时,将该维护节点上所有的实例迁移到其他节点的能力。

改进插件支持

Juno版本持续对Horizon插件系统进行改进。 一些改进:

  • 支持增加插件如AngularJS模块
  • 支持增加静态文件如CSS、JS、图片
  • 增加添加异常的能力
  • 修复排序问题
  • 许多其他的bug修复

The plugin system in Horizon continued to improve in the Juno release. Some of those improvements:

  • Support for adding plugin specific AngularJS modules
  • Support for adding static files, e.g., CSS, JS, images
  • Ability to add exceptions
  • Fixing ordering issues
  • Numerous other bug fixes

增加基于角色控制(RBAC)的支持

为了让Horizon更好的支持基于角色的访问控制(RBAC),几个服务的页面增加了RBAC的检查,来控制用户的访问和性更为。最新支持的服务为计算、网络和编配(Heat)。这些改变允许操作人员实现更细粒度的访问控制,而不只是“用户”和“管理员”。

In an ongoing effort to support richer role based access control (RBAC) in Horizon, the views for several more services were enhanced with RBAC checks to determine user access to actions. The newly supported services are compute, network and orchestration. These changes allow operators to implement finer grained access control than just "member" and "admin".

鉴权面板(域、项目、用户、角色、组)已经支持RBAC的页面控制。鉴权面板已经从管理员面板到独立的“鉴权”控制面板,可访问性取决于独立的策略控制。这是支持更细粒度权限控制的第一步,将项目和管理员面板中重复的内容合并。

UX优化

Juno中,Horizon开始使用Bootstrap v3。Horizon在最近几次更新中一直使用旧版本的Bootstrap。这次升级能使Horizon修复一些BUG,以及在Bootstrap框架下进行整体优化。样式和感觉大体和Havana版本保持一致。

In Juno, Horizon transitioned to utilizing Bootstrap v3. Horizon had been pinned to an older version of Bootstrap for several releases. This change now allows Horizon to pick up numerous bug fixes and overall improvements in the Bootstrap framework. The look and feel remains mainly consistent with the Havana release.

提炼JavaScript库

作为Horizon团队正在努力的一个部分,他们将JavaScript移入更合理的地方,所有Horizon依赖的第三方JavaScript库从Horizon代码中删除掉并且开始使用python xstatic包。xstack格式可以被Django框架轻松使用。现在JavaScript库的使用可以像其他Horizon以来的python库一样使用。

As part of the Horizon team's ongoing efforts to split the repository into more logical pieces, all the 3rd party JavaScript libraries that Horizon depends on have been removed from the Horizon code base and python xstatic packages have been utilized instead. The xstatic format allows for easy consumption by the Django framework Horizon is built on. Now JavaScript libraries are utilized like any other python dependency in Horizon.

使用SCSS替代LESS

Horizon的样式部分现在从LESS变为SCSS。这个变化主要是由于python缺少LESS编译器的支持。这个变化可以使我们升级到Bootstrap 3,作为Bootstrap 3的一部分,现有的Python的LESS编译器不再提供支持。

The supported stylesheets in Horizon have been converted to utilize SCSS rather than LESS. The change was necessary due to a prevalent lack of support for LESS compilers in python. This change also allowed us to upgrade to Bootstrap 3, as parts of the Bootstrap 3 LESS stylesheets were not supported by existing python based LESS compilers.

已知问题

扩展之中渲染(Rendering)的问题

使用Bootstrap v3带来了基于Horizon之上的扩展的内容有渲染(Rendering)的问题。大多数这些问题的修复方法是使用一个简单的CSS名字的替换。出现的问题大多数集中在按钮和panel内容的宽度上。

The conversion to utilizing Bootstrap v3 can cause content extensions written on top of Horizon to have rendering issues. Most of these are fixed by a simple CSS class name substitutions. These issues are primarily seen with buttons and panel content widths.

在线压缩

因为使用了SCSS,在非调试模式下使用在线压缩可能会出现一些问题。离线压缩和前一个版本工作方式无差异。

With the move to SCSS, there may be issues with utilizing online compression in non-DEBUG mode in Horizon. Offline compression continues to work as in previous releases.

Neutron L3高可靠

HA的属性可以在UI中进行设置,但是自身迁移在Agent会失败。

The HA property is updateable in the UI, however, Neutron API does not allow the update operation because toggling HA support does not work. https://bugs.launchpad.net/horizon/+bug/1378525

更新提示

  • FLAVOR_EXTRA_KEYS被废弃。这个键值可以直接调用Nova和glance api 替换。
  • FLAVOR_EXTRA_KEYS setting deprecated. The use of this key has been replaced with direct calls to the nova and glance api as appropriate.

OpenStack鉴权服务(Keystone)

新功能

  • Keystone现在有一个实验性功能Keystone和Keystone的联合(federation), 其中一个实例提供鉴权服务,另外一个为服务提供者。
  • PKIZ是一种新的token提供方式,可以为使用PKI token的用户提供服务,(与之前不同的是)在传统的PKI token中加入了基于zlib的压缩。
  • PKI token所使用的哈希算法现在可以被配置了(默认使用MD5,Keystone团队建议部署中使用SHA256)。
  • Identity-driver-configuration-per-domain现在支持任意复杂层次的内部域名(例如:customer.cloud.example.com)
  • 使用LDAP鉴权作为后端时支持description作为用户属性。
  • 鉴权服务的v3 API请求现在使用JSON Schema提供校验。
  • 在使用多鉴权后端时,Keystone可以将任意的resource IDs映射到任意的后端。
  • keystoneclient.middleware.auth_token现在移动到自己的库, keystonemiddleware.auth_token.
  • 鉴权服务的v3 API现在支持一个分离的请求获得服务目录(service catalog),GET /v3/auth/catalog
  • 联合(Federated)鉴权事件和本地的角色分配操作现在会触发CADF(审计)通知。
  • Keystone现在能将指定的策略集合和一个或多个endpoints关联。
  • Keystone现在在根API endpoints上提供JSON家文档(Home docuemtns),回复头Accept: application/json-home
  • 现在可以很简单的通过OS-EP-FILTER从客户端的服务目录中(service catalogs)隐藏endpoints.
  • 鉴权集合的API现在按照每一个关联用户过滤(GET /v3/credentials?user_id={user_id}).
  • 新的通用的API endpoints现在可以获取权限相关的数据,例如服务目录(service catalog),活跃的项目范围和活跃的域范围。
  • Keystone现在在LDAP中支持将用户的enabled属性映射到lock属性(自动进行布尔值转换)
  • 可以为LDAP链接配置CA证书文件。
  • 模板(templated)目录后端现在支持为鉴权服务的v3 API生成服务目录。
  • 服务名称被添加到v3的服务目录中。
  • 可以通过名称对服务进行过滤( GET /v3/services?name={service_name})。

已知问题

LDAP页面搜索不支持python-ldap 2.4

当使用python-ldap 2.4并使用开启了页面搜索(paged search)的LDAP时,会发生AttributeErrors的错误。这是由于python-ldap中的不兼容导致的。可以通过以下几个方法绕过这个错误:

  • 在keystone.conf中关闭页面搜索功能,在[ldap]段中设置page_size为0。
  • 将python-ldap版本降为2.3.x。

LDAP paged search results don't work with python-ldap 2.4

When using an LDAP backend with paged search results enabled, AttributeErrors will be encountered if python-ldap 2.4 is being used. This is due to a backwards incompatible API change in python-ldap. The issue can be worked around in a few ways:

  • Disabling paging of search results by setting page_size to 0 in the [ldap] section of keystone.conf.
  • Downgrade python-ldap to version 2.3.x.

这个问题的修复已经被提到议事日程,会在Juno的稳定版升级中得到解决。详情请参阅:https://bugs.launchpad.net/keystone/+bug/1381768

升级提示

  • 基于简化的开包即用的(out-of-the-box)经验,默认的token提供者使用UUID替换之前的PKI。
  • 对于早于Havana版本的数据库迁移被抛弃了,这就意味着如果你必须从Havana或者Icehouse版本的升级到Juno。
  • 完整的更新,不推荐使用的或者被删除的Keystone选项列表,可以在这里看到:http://docs.openstack.org/trunk/config-reference/content/keystone-conf-changes-master.html
    • 所有token_api方法被废弃了。
    • LDAP配置选项中之前包含废弃的tenant术语现在被project取代。
    • 从鉴权后端到分配后端的代理被删除了(创建提供后端兼容性,目的是将分配后端和鉴权后端分离)。这个改动只会影响定制的,out-of-tree(?)API扩展。
    • 从keystone.conf中的类名称中加载鉴权插件的方法被废弃了,取而代之是通过custom-method-name = custom_package.CustomClass加载,然后定义一组鉴权的方式(methods = custom-method-name, password)。
    • 在树状token驱动中(keystone.token.backends)被移动到keystone.token.persistence.backends。代理对象可以保持运维的兼容性。如果没有设置值,建议将keystone.conf中的[token]段中的driver设置为新的位置。
  • 除了token驱动之外的所有KVS后端被废弃了。
  • LDAP/AD配置:所有配置中包含"tenant"的术语被废弃了,现在建议使用"project"(例如:tenant_id_attributeproject_id_attribute替换)。

OpenStack网络服务(Neutron)

新功能

  • 重构数据库迁移和新的timeline
  • 分布式虚拟路由支持(DVR)
  • 全面支持租户网络IPV6
  • L3层代理高可靠
  • 使用ipset替代iptables支持安全组(可配置)
  • L3代理性能优化
  • 将RPC通讯迁移至oslo.messaging库
  • 重构针对安全组的设备RPC调用(巨大的性能提升)
  • 在Juno版本中支持的新插件包含:
    • A10 Networks LBaaS driver for the LBaaS V1 API
    • Arista L3 routing plugin
    • Big Switch L3 routing plugin
    • Brocade L3 routing plugin
    • Cisco APIC ML2 Driver (including a L3 routing plugin).
    • Cisco CSR L3 routing plugin
    • Freescale SDN ML2 Mechanism Driver
    • Nuage Networks ML2 Mechanism Driver
    • SR-IOV capable NIC ML2 Mechanism Driver

已知问题

  • 这是针对DVR和L3高可靠第一个版本。Neutron团队明确这些功能完全可被用于生产环境是在Kilo版本,并且希望部署人员可以在非关键的负载下使用,并报告相关问题。
  • 防火墙即服务(FWaas)仍然被标记为实验性功能,所以现在还不允许你在一个租户下有多余一个防火墙。

已知问题

  • 完整的更新,不推荐使用的或者被删除的Neutron选项列表,可以在这里看到:http://docs.openstack.org/trunk/config-reference/content/neutron-conf-changes-master.html
  • 依赖于资源的属性级别的策略不在强制要求。意味着一些Icehouse版本中的旧策略不在需要(例如:"get_port:binding:vnic_type": "rule:admin_or_owner")。
  • 下面的插件在Juno版本中被废弃:
    • Cisco Nexus Sub-Plugin (The Nexus 1000V Sub-Plugin在Juno版本中仍然存在并支持。).
    • Mellanox Plugin
    • Ryu Plugin
  • API的XML支持被废弃了。用户和部署人员应当尽快将API开始使用JSON格式,XML将在Kilo(2015.1)中被彻底删除。

OpenStack块存储服务(Cinder)

新功能

  • 支持卷复制。
  • 支持一致性组(Consistency Groups)和一致性组的快照(Snapshots of Consistency Groups)。
  • 支持卷资源池。
  • 完成i18n
  • 在镜像上传中给Glance加入保护属性
  • 可以在卷复制操作时限制带宽使用
  • 加入卷数量Weigher的调度(算法)

新驱动/插件

  • Datera
  • Fujitsu ETERNUS
  • Fusion IO
  • Hitachi HBSD
  • Huawei
  • Nimble
  • Prophetstor
  • Pure
  • XtremIO
  • Oracle ZFS

已知问题

升级提示

OpenStack遥测(Ceilometer)

新功能

  • 在横向扩展的中心代理端支持度量指标集合的分区
  • 告警评估(evaluation)负载使用新的tooz进行协调,与手工的协议相反
  • 对SQLAlchemy存储的性能和可扩展性进行了大量优化,所以MySQL和PostgreSQL可以被用于验证或小规模部署存储度量值
  • 支持通过Ironic或者新的独立的代理端,通过通知的方式,经过IPMI传感器获取的面向硬件的监控
  • 更灵活、有效地SNMP监控:
    • 将多个SNMP度量的多次查询归并为一个请求
    • 通过TripleO部署的节点可以动态发现进行SNMP轮询
    • 非常容易的扩展Ceilometer采集的SNMP度量指标
    • 通过多个主要指标的算法运算得到新的度量指标
  • 可以讲告警的数据放入独立的数据库
  • 对于度量的消息可以使用通知替代RPC调用
  • Neutron网络度量服务:负载均衡即服务(LBaaS),防火墙即服务(FWaaS)和VPN即服务(VPNaaS)。
  • 新的XenAPI计算资源巡检
  • 支持通过MongoDB或者Hbase存储驱动(之前限制为SQLAlchemy)持久化事件
  • 支持对虚拟机磁盘的每一个硬盘单独的度量
  • 将Ceilometer作为系统分析数据的收集端
  • 云系统管理员指南增加对遥测服务的段落

已知问题

  • 1381600新的ceilometer-agent-ipmi 无法发出任何samples当从ipmitool获得数据无法被解析时。

升级提示

完整的更新,不推荐使用的或者被删除的ceilometer选项列表,可以在这里看到:http://docs.openstack.org/trunk/config-reference/content/ceilometer-conf-changes-master.html

OpenStack 编排(Heat)

新功能

  • 在stack更新失败时可以恢复
  • 使用API可以取消或者回滚一个正在更新的stack
  • 实现了新的资源类型:
    • OS::Glance::Image
    • OS::Heat::SwiftSignal
      • 提供在Swift中存储等待的条件(和软件部署)的选项
    • OS::Heat::StructuredDeployments
      • 将多个生命周期事件的代码组装到一个部署资源中
    • OS::Heat::SoftwareDeployments
      • 避免部署一个内部依赖的集群的服务器时产生循环依赖
    • OS::Heat::SoftwareComponent
    • OS::Nova::ServerGroup
    • OS::Sahara::NodeGroupTemplate
    • OS::Sahara::ClusterTemplate
  • 记住当更新一个stack时先提供参数
  • Improved scalability
  • 优化扩展性
  • 优化嵌套stack的树的可视化

已知问题

升级提示

完整的更新,不推荐使用的或者被删除的heat选项列表,可以在这里看到:http://docs.openstack.org/trunk/config-reference/content/heat-conf-changes-master.html

OpenStack数据库服务(Trove)

新功能

  • 在提供的mysql实例中提供异步复制(主-从复制)
  • 引入新的集群API,开始支持MongoDB集群
  • 支持使用Neutron网络的OpenStack解决方案中部署Trove。在这之前,只支持nova-network。
  • 支持提供PostgreSQL数据库的实例。
  • 支持Couchbase的备份和恢复。
  • 支持可选择强制使用Cinder作为Trove卷的后端。
  • 支持在Trove数据库中(使用mgmt API)自定义的数据存储配置参数
  • 用一个调用获取所有的数据存储类型和版本

其他的增加的改进

  • 在trove中增加日志审计来优化日志级别
  • 加入stevedore来优化扩展加载的机制
  • 使用卷存储数据现在可以基于每一个数据存储
  • 在配置组列表和详细信息调用中增加创建、更新时间戳以及实例数量

已知问题

  • 1333852: Trove还不支持使用规格(Flaovr)的UUID ——Trove规格API需要使用带有数字ID的Flavor,目的是与icehouse Trove的API返回保持一致
  • 1333852: Trove does not support flavor UUIDs -- the Trove flavors API requires flavors with a numerical ID in order to be consistent with the API response for icehouse Trove.

升级日志

  • trove_api_workers and trove_conductor_workers will now be equal to the number of CPUs available by default if not explicitly specified in the trove configuration files.
    • Anyone upgrading to this change that does not have trove_api_workers or trove_conductor_workers specified in the trove configuration files will now be running multiple API and conductor workers by default when they restart the respective trove services.

OpenStack数据处理(Sahara)

新功能

New Key Features

  • 数据处理的UI已经被完全整合到OpenStack控制面板中(Horizon)。
  • 增加对CDH 5.x的支持。
  • 增加对Apache Spark的支持。支持的版本为0.9.1和1.0.0。弹性数据处理(EDP)引擎进行了大量重构,来支持non-zero工作流引擎。
  • 在当前支持1.2.1和2.3.0版本的基础上,增加对Apache Hadoop 2.4.1支持。2.3.0版本在Juno版本废弃。
  • 支持多域的部署。
  • Hadoop Swift的鉴权使用keystone信任机制。现在Hadoop访问Swift数据无须在配置文件中存储鉴权信息。
  • 增加Ceilometer集成。现在Sahara会通知Ceilometer所有集群的状态变化。
  • 集群的异常处理进行了改进。如果在扩展过程中出现错误,集群将会回退到原始状态。
  • 为节点组设置安全组。当然Sahara也可以自动的创建安全组并打开需要的端口。
  • 为Sahara实现分布式模式:sahara-all进程被分解为sahara-api和sahara-engine。你能在不同节点运行几个sahara-api和sahara-engine的实例。注意这个功能的实现仅仅在alpha阶段。

已知问题

  • Bug 1271349: Sahara需要通过命名空间使用root权限访问虚拟机。

升级提示

将主程序命名为sahara-all

请注意,你需要使用sahara-all替代sahara-api来运行一个一体化(All-In-One)的Sahara环境。

更新sahara.conf

我们已经将auth_token中间层配置移动到通用的配置选项中。更新你的配置文件时,需要用新选项替换旧的。

  • "os_auth_protocol", "os_auth_host", "os_auth_port" -> "[keystone_authtoken]/auth_uri" and "[keystone_authtoken]/identity_uri"
  • "os_admin_username" -> "[keystone_authtoken]/admin_user"
  • "os_admin_password" -> "[keystone_authtoken]/admin_password"
  • "os_admin_tenant_name" -> "[keystone_authtoken]/admin_tenant_name"

我们替换了sahara.openstack.common.db中oslo代码,开始使用oslo.db库。

当然sqlite数据库不再被支持了。请使用MySQL或者PostgreSQL作为Sahara数据库后端。Sqlite被放弃主要是因为他现在不支持(以后也不会支持,详见 http://www.sqlite.org/omitted.html)ALTER COLUMN和DROP COLUMN数据库版本迁移时必须的命令。

你能从Sahara库中的"etc/sahara/sahara.conf.sample"获取更多配置相关的信息。

将Sahara控制面板整合到OpenStack控制面板

Sahara控制面板在Juno版本中还不存在。取而代之的是在OpenStack控制面板之外提供功能。在OpenStack控制面板进入Sahara界面的方法:"Project" -> "Data Processing"。

注意,你需要正确的在Keystone注册Sahara的信息,这样才能让Sahara UI正常工作。

HEAT基础架构引擎的虚拟机用户名变更

我们已经更新了HEAT基础架构引擎("infrastructure_engine=heat"),使用直接引擎(direct engine)中实例用户名同样的规则。在改变用户名之前,使用HEAT引擎,Sahara创建的虚拟机用户名总是‘ec2-user’。现在用户名从镜像注册中移除,正如文档描述的一样。

注意,这个变化破坏了Sahara向前的兼容性,在这之前通过HEAT创建的集群都会受到影响。集群仍然可以继续操作,但是并不建议进行规模上的操作。

非依附(???Anti affinity)实现的变化

从Juno版本开始非依附(???anti affinity)功能使用服务器组来实现。这和用户期望的Sahara行为没有太大区别,但是有一些小的变化:

  • 如果非依附选项开启,服务器组对象会被创建
  • 新的实现中,不允许几个受影响的实例运行在同一个物理主机上,即使他们上面运行了非公共的进程。所以,一旦非依附选项为'datanode'和'tasktracker'进程开启,之前的实现中允许一个实例有'datanode'进程,另外一个进程有'tasktracker'进程,并且运行在同一个物理主机上。新的实现中保证了这些实例在不同的主机上。

注意,新的实现只会对新创建的集群生效。原有实现会对用户在Icehouse版本中创建的集群起作用。


OpenStack文档

  • 这个版本中,OpenStack基金会出资,用五天的时间冲刺(five-day book sprint,翻译可能不准确)新写了一本OpenStack架构设计指南。这本书中提供了面向通用,面向计算,面向存储,面向网络,多节点,混合,大量的可扩展性和特殊云的架构。
  • 安装文档中做了清理和标准化:使用通用的消息队列(RabbitMQ),使用openstack-config(crudini)命令替代直接编辑配置文件来改善学习成本和一致性,使用了通用的SQL数据库,这样MariaDB或者MySQL能被替换,并且替换auth_port和auth_protocol为identity_uri,并且保持一致性。安装指南完全在每一个分布式节点进行了测试,并且直到正式的安装包发布前持续发布。
  • 高可靠指南现在有一个独立的审核团队并且移入了一个独立的库。
  • 安全指南现在有一个独立的审核团队并且移入了一个独立的库。
  • API使用指南文档已经重新发布为API完整指南.
  • 用户指南现在包含了OpenStack数据库服务的信息。
  • 命令行指南现在已经更新至最新版本,并且包括了附加的章节介绍通用OpenStack客户端,trove-manage客户端,数据处理客户端(sahara)。
  • OpenStack云平台管理员指南现在包含了遥测(Telemetry)服务(ceilometer)。