Jump to: navigation, search

Difference between revisions of "ReleaseNotes/Kilo/zh-tw"

(Created page with "=== 升級提示 ===")
 
(136 intermediate revisions by 2 users not shown)
Line 17: Line 17:
 
== OpenStack 物件儲存 (Swift) ==
 
== OpenStack 物件儲存 (Swift) ==
  
=== Key New Features ===
+
=== 新功能 ===
  
 
==== Erasure Code (beta) ====
 
==== Erasure Code (beta) ====
  
Swift now supports an erasure-code (EC) storage policy type. This allows deployers to achieve very high durability with less raw capacity as used in replicated storage. However, EC requires more CPU and network resources, so it is not good for every use case. EC is great for storing large, infrequently accessed data in a single region.
+
Swift從這個版本開始支援Erasure Code,使得佈署人員可以用極少的Raw原始容量達到更高的可用性,如同在副本儲存中一樣,然而 EC需要更多的CPU和網路資源,所以並不適合所有的專案,EC非常適合使用在一個獨立且極少訪問的大量儲存區域。
  
Swift's implementation of erasure codes is meant to be transparent to end users. There is no API difference between replicated storage and EC storage.
+
SwiftEC的實現對於用戶是透明的,對於副本儲存和EC的類型,在API上沒有任何區別.
  
To support erasure codes, Swift now depends on PyECLib and liberasurecode. liberasurecode is a pluggable library that allows for the actual EC algorithm to be implemented in a library of your choosing.
+
swift為了支援EC現在必須依賴PyECLib和liberasurecode,liberasurecode是一個可插件式的函式庫,允許你在所選擇的函式庫中實作你的EC演算法.
  
 
更完整的文件請參閱http://swift.openstack.org/overview_erasure_code.html
 
更完整的文件請參閱http://swift.openstack.org/overview_erasure_code.html
Line 31: Line 31:
 
==== Composite tokens ====
 
==== Composite tokens ====
  
Composite tokens allow other OpenStack services to store data in Swift on behalf of a client so that neither the client nor the service can update the data without both party's consent.
+
Composite tokens允許其他OpenStack Services以Clint端的名義將數據儲存於Swift中,所以無論是Clint端還是Services在更新數據時,都不需要雙方彼此授權。
  
An example of this is that a user requests that Nova save a snapshot of a VM. Nova passes the request to Glance, Glance writes the image to a Swift container as a set of objects. In this case, the user cannot modify the snapshot without also having a valid token from the service. Nor can the service update the data without a valid token from the user. But the data is still stored in the user's account in Swift, which makes accounting simpler.
+
舉一個典型的例子就是用戶請求NOVA 存放一個VM的快照,NOVA 將請求傳遞給 Glance,Glance將鏡像寫入Swift容器中的一組對象中。在這樣的場景下用戶沒有來自服務的有效tokens無法直接修改快照數據。同樣,服務自身也無法在沒有有效tokens的情形下更新數據。但是數據的確存在於用戶的Swift帳戶中,這樣使得帳戶管理更加簡單。
  
 
更完整的文件請參閱http://swift.openstack.org/overview_backing_store.html
 
更完整的文件請參閱http://swift.openstack.org/overview_backing_store.html
  
==== Data placement updates for smaller, unbalanceable clusters ====
+
更小規模不平和集群的數據位置更新
  
Swift's data placement now accounts for device weight. This allows operators to gradually add new zones and regions without immediately causing a large amount of data to be moved. Also, if a cluster is inbalanced (eg a two-zone cluster where one zone has twice the capacity of the other), Swift will more efficiently use the available space and warn when replicas are placed without enough dispersion in the cluster.
+
Swift數據存放的位置根據硬體當前負載決定。當前, 允許維護人員添加新的Zenes和regions,而不需要立即觸發大規模數據遷移, 同時,如果一個群集是非平衡的(例如,在一個Zones的集群中,其中一個的容量式另一個的兩倍),swift會更有效的使用現有空間,並且當副本在集群空間不足時發出警告。
  
==== Global cluster replication improvements ====
+
區域性集群複製優化
  
Replication between regions will now only move one replica per replication run. This gives the remote region a chance to replicate internally and thus avoid more data moving over the WAN
+
regions 之間複製時,每次複製只移動一個副本,這樣遠程的regions可以在內部複製,避免更多的數據在WAN中拷貝。
  
 
=== 已知問題 ===
 
=== 已知問題 ===
  
* As a beta release, EC support is nearly fully feature complete, but it is lacking support for some features (like multi-range reads) and has not had a full performance characterization. This feature relies on ssync for durability. Deployers are urged to do extensive testing and not deploy production data using an erasure code storage policy.
+
作為Bata更新 EC的功能接近完成,但對於某些功能仍然不完整(Multi-range讀取),並且沒有一個完整的性能測算,這個功能為了持久依賴於ssync 。佈署人員督促我們做更大規模的測試,並且不要在生產環境佈署中使用EC儲存。
  
 
=== 升級提示 ===
 
=== 升級提示 ===
  
As always, you can upgrade to this version of Swift with no end-user downtime
+
像往常一樣你能在不影響用戶體驗的前提下升級到這個Swift版本。
  
* In order to support erasure codes, Swift has a new dependency on PyECLib (and liberasurecode, transitively). Also, the minimum required version of eventlet has been raised.
+
為了支援EC Swift需要依賴PyECLib和liberasurecode 並且evenlet的最低版本要求也升高了。
  
  
Line 59: Line 59:
 
== OpenStack Compute (Nova) ==
 
== OpenStack Compute (Nova) ==
  
=== Key New Features ===
+
新功能
  
 
==== API v2.1 ====
 
==== API v2.1 ====
  
* We have the first release of the next generation of the Nova API, v2.1. The v2.1 is designed to be backwards compatible with v2.0 with the addition of strong API validation. All changes to the API are discoverable via the advertised microversion. For more details see: http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/api-microversions.html
+
我們有了下一代Nova API的第一個更新版本v2.1 v2.1版本的目的是向回兼容v2.0版本 並且擁有增強的API校驗 API所有更新式通過發佈microversin發現的 更多訊息請:http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/api-microversions.html
  
* For kilo, by default we are still using v2.0 API code to server v2.0 API requests. It is hoped that in liberty that v2.1 will be used to serve requests for both v2.0 and v2.1.
+
kilo版本中我們仍然使用v2.0 API的代碼提供v2.0 API的請求 我們希望v2.1將能夠同時為v2.0和v2.1的請求提供服務。
  
* For liberty v2.0 is now frozen, and all new features will now be added into the v2.1 API using the microversions mechanism.  Microversion increments released with kilo are:
+
*liberty v2.0現在被凍結了 所有功能被添加在v2.1 API中使用microversions機制實現 kilo版本microversion 更新包括:
** Extending the keypair API to support for x509 certificates, to be used with Windows WinRM, is one of the first API features added as a microversion in the v2.1 API.
+
**擴展keypair API 支援x509驗證 能夠旱windows WinRM使用 這個功能式v2.1 API中第一個被以microversion添加的功能。
** Exposing additional attributes in os-extended-server-attributes
+
***在os-exrended-server-attributes暴露擴展屬性
  
* python-novaclient does not yet have support for the v2.1 API
+
* python-novaclient 現在尚未支援 API v2.1
  
* The policy enforcement of Nova v2.1 API get improvement.
+
*Nova v2.1 API策略執行得到優化
** Policy only enforce at the entry of API.
+
**只在API入執行策略
** Without duplicated rules for single one API anymore.
+
**對於單一的API 去掉了重複性規則
** All the v2.1 API policy rule use 'os_compute_api' as prefix which distinguish with v2 API.
+
**所有的v2.1 API的策略'os_compute_api'作為前綴以區別於v2 API
** Due to hard-code permission checks at db layer, part of Nova API isn't configurable by policy before. It's always required admin user. Part of Nova v2.1 API's hard-code permission checks is removed which make API policy configurable. The rest of hard-code permission checks will be removed at Liberty.
+
**之前由於在db層面權限檢查的(hard-code)部份Nova API並不支持策略的配置總是需要admin用戶權限 部份 nova2.1 API中(hard-code)權限檢查被移除 使得API策略可配置 其餘的(hard-code)將在liberty版本被移除掉
  
==== Upgrade Support ====
+
==== 升級支援 ====
  
* We have reduced the data migrations that happen in the DB migration scripts, this now happens in a "lazy" way inside the DB objects code. There are nova-manage commands to help force migration of the data. For more details see: http://specs.openstack.org/openstack/nova-specs/specs/kilo/approved/flavor-from-sysmeta-to-blob.html
+
我們減少了使用DB遷移腳本執行數據遷移,現在這個部份使用一種叫作lazy的方式在DB代碼中完成。在Nova-manage命令中可以幫助強制進行數據遷移。更多信息:http://specs.openstack.org/openstack/nova-specs/specs/kilo/approved/flavor-from-sysmeta-to-blob.html
  
* Change https://review.openstack.org/#/c/97946/ adds database migration 267 which scans for null instances.uuid records and will fail if any are found since the migrate ultimately needs to make instances.uuid non-nullable and adds a UniqueConstraint on that column.  A helper script is provided to search for null instances.uuid records before running the database migrations. Before running 'nova-manage db sync', run the helper script 'nova-manage db null_instance_uuid_scan' which, by default, will just search and dump results, it does not change anything.  Pass the --delete option to the null_instance_uuid_scan command to automatically remove any null records were instances.uuid is null.
+
* https://review.openstack.org/#/c/97946/ 增加了編號為267的數據庫遷移腳本,這個腳本主要掃描instances.uuid為空(null)的記錄並且一旦發現就會導致失敗,因為遷移中需要保證instances.uuid非空並且在那個字段加入了UniqueConstraint限制。為了避免數據庫遷移失敗,提供了一個幫助腳本用來搜索空(null)的instances.uuid的記錄。運行'nova-manage db sync'之前,運行幫助腳本'nova-manage db null_instance_uuid_scan',默認情況下,該腳本只會檢索記錄,並將結果輸出,不會改變任何內容。如果在參數中加入--delete,就會自動刪除所有instances.uuid為空的記錄。
  
 
==== Scheduler ====
 
==== Scheduler ====
  
* A selection of performance optimisations
+
* 一系列的性能優化
* We are in the process of making structural changes to the scheduler that will help improve our ability to evolve and improve scheduling. This should not be visible from an end user perspective.
+
* 我們在優化scheudler的代碼結構,這將幫助我們能夠演進和優化調度過程。這一點對於終端用戶不可見。
  
 
==== Cells v2 ====
 
==== Cells v2 ====
  
* There are some initial parts of cell v2 supported added, but this feature is not yet ready to use.
+
* 已經開始添加了對cell v2版本的支持,但是還沒達到能夠使用的程度。
* new 'nova-manage api_db sync' and 'nova-manage api_db version' commands for working with the new api database for cells, but nothing is using this database yet so it is not necessary to set it up.
+
* 新的'nova-manage api_db sync' 'nova-manage api_db version'命令用於支持cell新的api數據庫結構,但是還沒有任何代碼使用該數據庫,所有沒有必要建立。
  
 
==== Compute Drivers ====
 
==== Compute Drivers ====
Line 99: Line 99:
 
===== Hyper-V =====
 
===== Hyper-V =====
  
* Support for generation 2 VMs: https://blueprints.launchpad.net/nova/+spec/hyper-v-generation-2-vms
+
* 支持二代虛擬機:https://blueprints.launchpad.net/nova/+spec/hyper-v-generation-2-vms
* Support for SMB based volumes, to sit along side existing iSCSI volume support: http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/hyper-v-smbfs-volume-support.html
+
* 支持SMB為基礎的捲,和已經存在的ISCSI卷:http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/hyper-v-smbfs-volume-support.html
* Support for x509 certificate based key pairs: http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/keypair-x509-certificates.html
+
* 支持x509證書的keyparis:http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/keypair-x509-certificates.html
* Host power actions now work with Hyper-V: https://blueprints.launchpad.net/nova/+spec/hyper-v-host-power-actions
+
* 主機電源操作已經在Hyper-V中可用了:https://blueprints.launchpad.net/nova/+spec/hyper-v-host-power-actions
  
 
===== Libvirt (KVM) =====
 
===== Libvirt (KVM) =====
  
* NFV related features:
+
* NFV相關功能:
** NUMA based scheduling: http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/input-output-based-numa-scheduling.html
+
** 以NUMA為基礎的調度: http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/input-output-based-numa-scheduling.html
** Pinning guest vCPUs: http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/virt-driver-cpu-pinning.html
+
** 虛擬機使用固定的物理CPU: http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/virt-driver-cpu-pinning.html
** Large page support: http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/virt-driver-large-pages.html
+
** 超大頁(Large Page)支持: http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/virt-driver-large-pages.html
* vhostuser VIF driver: http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/libvirt_vif_vhostuser.html
+
* vhostuser VIF驅動: http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/libvirt_vif_vhostuser.html
* Support for running KVM on IBM System z: http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/libvirt-kvm-systemz.html
+
* 支持在IBM System z運行KVM: http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/libvirt-kvm-systemz.html
* Support for parallels: http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/pcs-support.html
+
* 支持parallels雲服務: http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/pcs-support.html
* Support for SMB based volumes: http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/libvirt-smbfs-volume-support.html
+
* 支持SMB卷: http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/libvirt-smbfs-volume-support.html
* Quiesce using QEMU guest agent: http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/quiesced-image-snapshots-with-qemu-guest-agent.html
+
* 使用QEMU agent靜默(Quiesce)文件系統(例如:做快照之前): http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/quiesced-image-snapshots-with-qemu- guest-agent.html
* Quobyte volume support: http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/quobyte-nova-driver.html
+
* Quobyte卷支持: http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/quobyte-nova-driver.html
* Support for QEMU iSCSI initiator: http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/qemu-built-in-iscsi-initiator.html
+
* 支持QEMU iSCSI initiator: http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/qemu-built-in-iscsi-initiator.html
  
 
===== VMware =====
 
===== VMware =====
  
* Support for Ephemeral disks: http://specs.openstack.org/openstack/nova-specs/specs/kilo/approved/vmware-ephemeral-disk-support.html
+
* 支援暫時性硬碟 : http://specs.openstack.org/openstack/nova-specs/specs/kilo/approved/vmware-ephemeral-disk-support.html
* Support fo vSAN: http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/vmware-vsan-support.html
+
* 支援 vSAN : http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/vmware-vsan-support.html
* Support for based OVA images: http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/vmware-driver-ova-support.html
+
* 支援 OVA 映像檔 : http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/vmware-driver-ova-support.html
* Support for SPBM based storage policies: http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/vmware-spbm-support.html
+
* 支援 SPBM 儲存政策 : http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/vmware-spbm-support.html
  
 
===== Ironic =====
 
===== Ironic =====
Line 131: Line 131:
 
=== 已知問題 ===
 
=== 已知問題 ===
  
* Evacuate recovery code has the potential to destroy data. On nova-compute startup, instances reported by the hypervisor are examined to see if they have moved (i.e. been evacuated) from the current host during the outage. If the determination is made that they were, then they are destroyed locally. This has the potential to choose incorrectly and destroy instances unexpectedly. On libvirt-like nodes, this can be triggered by changing the system hostname. On vmware-like nodes, this can be triggered by attempting to manage a single vcenter deployment from two different hosts (with different hostnames). This will be fixed properly in Liberty, but for now deployments that wish to disable this behavior as a preventive measure can set workarounds.destroy_after_evacuate=False. NOTE: This is not a regression and has been a flaw in the design of the evacuate feature since its introduction. There is no easy fix for this, hence this workaround to limit the potential for damage. The proposed fix in liberty is here: https://review.openstack.org/#/c/161444/.
+
Evacuate恢復部份代碼在損壞數據的潛在危險。在nova-compute啟動過程中,虛擬化端回報instance的狀態,用於檢查實體主機發生故障過程中,虛擬機是否被移走了。如果此時發現的確發生遷移了,那麼本地的數據就會被徹底刪除。這樣就存在潛在的可能出現選擇錯誤,虛擬機被錯誤的銷毀。在libvirt節點上,這樣的情況可能會由於改變系統的主機名引發。在Vmware節點中,這個可能會由於嘗試兩個不同的主機名管理同一個vcenter引發這個bug可能會在Liberty中得到修復, 但是在當前佈署中,關閉這種行為的建議是設置destroy_after_evacuate=False。
 +
注意 這個並不是回歸(regression)並且在evacuate的設計中已經提到這個瑕疵。這個並不容易修復,所以使用這種方式繞過去(workaround)解決這個遣在的數據損壞。在Liberty的修復紀錄:
 +
https://review.openstack.org/#/c/161444/
  
 
* The generate config examples possibly missing some oslo related configuration
 
* The generate config examples possibly missing some oslo related configuration
  
=== Upgrade Notes ===
+
=== 升級提示 ===
  
Below are changes you should be aware of when upgrading. Where possible, The git commit hash is provided for you to find more information:
+
下面是你在升級中需要了解的內容。在可能的情況下,git提交的hash編碼會提供你找到更多更詳細的信息:
  
* Neutron ports are no longer deleted after your server is deleted, if you created them outside of Nova: 1153a46738fc3ffff98a1df9d94b5a55fdd58777
+
*如果你的Neutron端口(ports)是在Nova之外建立的,在你的服務器刪除後並不會刪除這些端口:1153a46738fc3ffff98a1df9d94b5a55fdd58777
* EC2 API support has been deprecated, and is likely to be removed in kilo, see f098398a836e3671c49bb884b4a1a1988053f4b2
+
* EC2 API支持現在被廢棄了,可能要在kilo刪除掉:f098398a836e3671c49bb884b4a1a1988053f4b2
* Websocket proxies need to be upgraded in a lockstep with the API nodes, as older API nodes will not be sending the access_url when authorizing console access, and newer proxy services (this commit and onward) would fail to authorize such requests 9621ccaf05900009d67cdadeb1aac27368114a61
+
* Websocket代理需要被和API節點一起升級,由於舊的API節點在鑑權控制台權限時不會發送access_url,新的代理服務(這個提交和以後的)處理類似請求時會鑑權失敗9621ccaf05900009d67cdadeb1aac27368114a61
* After fully upgrading to kilo (i.e. all nodes are running kilo code), you should start a background migration of flavor information from its old home to its new home. Kilo conductor nodes will do this on the fly when necessary, but the rest of the idle data needs to be migrated in the the background. This is critical to complete before the Liberty release, where support for the old location will be dropped. Use "nova-manage migrate-flavor-data" to perform this transition.
+
* 在全部升級到kilo後(例如,所有節點都運行kilo代碼),你需要在後台運行一個flavor信息更新的遷移,把舊名字改為新名字。 Kilo的conductor節點會根據需要進行處理,但是其餘的空閒數據需要在後台完成遷移。這個要在Liberty更新後全部完成,到時候舊的位置會被廢棄。使用"nova-manage migrate-flavor-data"完成遷移。
* Due to the improvement on Nova v2.1 API policy enforcement. There are a lot of change happened to v2.1 API policy. Because v2.1 API didn't released before, those change won't keep back-compatible. It is better to use policy sample configuration instead of old one.
+
* 由於Nova v2.1 API強制策略的優化。在v2.1 API策略上有一系列改變發生。因為v2.1 API之前一直沒有更新,所以這些改變無法向前兼容。所以最好使用策略的樣例配置取代之前的版本。
* VMware rescue VM behaviour no longer creates a new VM and instead happens in place: cd1765459a24e52e1b933c8e05517fed75ac9d41
+
* VMware拯救(rescue)虛擬機的行為不再生成一個新的虛擬機而是直接在當前鏡像上進行:cd1765459a24e52e1b933c8e05517fed75ac9d41
* force_config_drive = always has been deprecated, and force_config_drive = True should be used instead: c12a78b35dc910fa97df888960ef2b9a64557254
+
* force_config_drive = always被廢棄了,需要使用force_config_drive = True替換:c12a78b35dc910fa97df888960ef2b9a64557254
* Running hyper-v, if you deployed code that was past this commit: b4d57ab65836460d0d9cb8889ec2e6c3986c0a9b but before this commit: c8e9f8e71de64273f10498c5ad959634bfe79975 you make have problems to manually resolve see: c8e9f8e71de64273f10498c5ad959634bfe79975
+
* 運行hyper-v,如果你已經部署的代碼晚於這個commit b4d57ab65836460d0d9cb8889ec2e6c3986c0a9b,但是早於這個commit c8e9f8e71de64273f10498c5ad959634bfe79975,那麼你可能存在問題,需要手動解決,查看這個commit c8e9f8e71de64273f10498c5ad959634bfe79975
* Changed the default value of: multi_instance_display_name_template see: 609b2df339785bff9e30a9d67d5c853562ae3344
+
* 改變multi_instance_display_name_template的默認值:609b2df339785bff9e30a9d67d5c853562ae3344
* Please use "nova-manage db null_instance_uuid_scan" to ensure the DB migrations will apply cleanly, see: c0ea53ce353684b48303fc59393930c3fa5ade58
+
* 使用"nova-manage db null_instance_uuid_scan"確保DB遷移之前數據是乾淨的,c0ea53ce353684b48303fc59393930c3fa5ade58
  
  
  
== OpenStack Image Service (Glance) ==
+
== OpenStack 映像檔服務 (Glance) ==
  
=== Key New Features ===
+
=== 新功能 ===
  
* Using graduated oslo.policy. Accounts changes to config options and updates the in-tree etc/config files. http://specs.openstack.org/openstack/glance-specs/specs/kilo/pass-targets-to-policy-enforcer.html
+
* 使用已經畢業的oslo.policy項目。賬戶配置信息更新,升級在etc/config下的配置文件。 http://specs.openstack.org/openstack/glance-specs/specs/kilo/pass-targets-to-policy-enforcer.html
* Ability to deactivate an image. Adds 2 new API calls and may require policy changes. http://specs.openstack.org/openstack/glance-specs/specs/kilo/deactivate-image.html
+
* 可以使一個鏡像變為非激活狀態。增加了兩個新的API調用可能會需要改變策略配置。 http://specs.openstack.org/openstack/glance-specs/specs/kilo/deactivate-image.html
* Basic support for Image conversion during the import process of an Image. http://specs.openstack.org/openstack/glance-specs/specs/kilo/conversion-of-images.html
+
* 在鏡像導入過程中,支持基本的鏡像格式轉換。 http://specs.openstack.org/openstack/glance-specs/specs/kilo/conversion-of-images.html
* Glance sorting enhancements. Images v2 API supports new sorting syntax including ability to specify the sort dir for each key. http://specs.openstack.org/openstack/glance-specs/specs/kilo/sorting-enhancements.html
+
* Glance排序增強。 v2版本的鏡像API支持新的排序語法,排序時可以指定排序字段和方向:http://specs.openstack.org/openstack/glance-specs/specs/kilo/sorting-enhancements.html
* Notifications support for metadefs. http://specs.openstack.org/openstack/glance-specs/specs/kilo/metadefs-notifications.html
+
* 通知支持metadefs:http://specs.openstack.org/openstack/glance-specs/specs/kilo/metadefs-notifications.html
* Multiple datastore support for VMware Storage driver. http://specs.openstack.org/openstack/glance-specs/specs/kilo/vmware-store-multiple-datastores.html
+
* VMware存儲驅動支持多datastore:http://specs.openstack.org/openstack/glance-specs/specs/kilo/vmware-store-multiple-datastores.html
* Glance Image Introspection during the import process of an Image. http://specs.openstack.org/openstack/glance-specs/specs/kilo/introspection-of-images.html
+
* 在鏡像導入過程中獲取鏡像信息:http://specs.openstack.org/openstack/glance-specs/specs/kilo/introspection-of-images.html
* Support in Metadefs for multivalue operators. http://specs.openstack.org/openstack/glance-specs/specs/kilo/metadata-multivalue-operators-support.html
+
* 在Metadefs中支持多個值的操作。 http://specs.openstack.org/openstack/glance-specs/specs/kilo/metadata-multivalue-operators-support.html
* Adding new taskflow executor and removing the old eventlet executor. http://specs.openstack.org/openstack/glance-specs/specs/kilo/taskflow-integration.html
+
* 增加新的taskflow執行方法(executor)並且移除了舊的eventlet執行方法。 http://specs.openstack.org/openstack/glance-specs/specs/kilo/taskflow-integration.html
* Digest algorithm is now configurable. SHA-1 not being suitable for general-purpose digital signature applications that require 112 bits of security as per FIPS, we provide with a configuration to chose between these standards.
+
* Digest算法現在是可以配置的。 SHA-1現在不適合作為通用的數字簽名應用,從安全角度考慮,對於每個FIPS需要112字節,我們提供了一個配置可以在這些標準中進行選擇。
* Metadef Tag support. http://specs.openstack.org/openstack/glance-specs/specs/kilo/metadefs-tags.html
+
* Metadef標籤支持。 http://specs.openstack.org/openstack/glance-specs/specs/kilo/metadefs-tags.html
* Allow None values to be returned from the API. Glance's API v2 now also returns fields that have value None.
+
* 允許API返回空值。 Glance的v2版本API現在也返回為空值的字段。
* Catalog Index Service experimental API.http://specs.openstack.org/openstack/glance-specs/specs/kilo/catalog-index-service.html
+
* 目錄索引服務實驗性API。 http://specs.openstack.org/openstack/glance-specs/specs/kilo/catalog-index-service.html
* More granular capabilities optional support to storage drivers. http://specs.openstack.org/openstack/glance-specs/specs/kilo/store-capabilities.html
+
* 存儲驅動更細粒度的支持。 http://specs.openstack.org/openstack/glance-specs/specs/kilo/store-capabilities.html
* Semver Utility for DB storage. http://specs.openstack.org/openstack/glance-specs/specs/kilo/semver-support.html
+
* 數據存儲使用語義版本(Semver, Semantic Versioning)工具。 http://specs.openstack.org/openstack/glance-specs/specs/kilo/semver-support.html
* Reload configuration files on SIGHUP signal. Zero downtime config reload. http://specs.openstack.org/openstack/glance-specs/specs/kilo/sighup-conf-reload.html
+
* 重新加載配置文件時使用SIGHUP信號。配置重新加載零down機。 http://specs.openstack.org/openstack/glance-specs/specs/kilo/sighup-conf-reload.html
* Software Metadata Definitions. http://specs.openstack.org/openstack/glance-specs/specs/kilo/software-metadefs.html
+
* 軟件Metadata定義。 http://specs.openstack.org/openstack/glance-specs/specs/kilo/software-metadefs.html
* Glance Swift Store to use Multiple Containers for Storing Images. http://specs.openstack.org/openstack/glance-specs/specs/kilo/swift-store-multiple-containers.html
+
* Glance Swift存儲使用多個容器(Containers)存儲鏡像。 http://specs.openstack.org/openstack/glance-specs/specs/kilo/swift-store-multiple-containers.html
  
 
=== 已知問題 ===
 
=== 已知問題 ===
  
* Adding image member throws 500 when the member name is longer than 255 characters. https://bugs.launchpad.net/glance/+bug/1424038
+
當鏡像名稱長度大於255個字時 添加鏡像時會拋出Error500:https://bugs.launchpad.net/glance/+bug/1424038
* Glance v2 API is incompatible with v1 API for owner change. https://bugs.launchpad.net/glance/+bug/1420008
+
* Glance v2版本API與v1版本更換鏡像所有者的API不相容:https://bugs.launchpad.net/glance/+bug/1420008
* Glance scrubber doesn't work when registry operates in trusted-auth mode. https://bugs.launchpad.net/glance/+bug/1439666
+
* Glance的Scrubber在操作者使用信任模式無法工作:https://bugs.launchpad.net/glance/+bug/1439666
  
=== Upgrade Notes ===
+
=== 升級提示 ===
  
* Removed deprecated option db_enforce_mysql_charset. Corresponding commit: efeb69f9033a57a1c806f71ee3ed9fd3f4d2475e
+
* 移除廢棄的選項db_enforce_mysql_charset。相應的commit: efeb69f9033a57a1c806f71ee3ed9fd3f4d2475e
* Notifications for metadef resources are now supported. Corresponding commit: fd547e3717dc4a3a92c1cb2104c18608a4f4872a
+
* 現在支持metadef資源的通知,相應的commit: fd547e3717dc4a3a92c1cb2104c18608a4f4872a
* VMware multiple datastores can be enabled by a few config changes. Corresponding commit: 96fb31d7459bd4e05e052053177dce4d38cdaf90
+
* VMware多datastore支持可以通過幾個選項進行配置,相應的commit: 96fb31d7459bd4e05e05205​​3177dce4d38cdaf90
* Removed the eventlet executor and added a new taskflow executor for async tasks. Corresponding commits: ae3135e1d67df77697a24fddaee3efeadb34a0dd and a39debfd55f6872e5f4f955b75728c936d1cee4b
+
* 移除eventlet執行方法,並且增加一個新的Taskflow的執行方法,用於異步任務,相應的commits: ae3135e1d67df77697a24fddaee3efeadb34a0dd和a39debfd55f6872e5f4f955b75728c936d1cee4b
* Replace snet config with endpoint config. Corresponding commit: 41a9a065531ec946b4a9baf999f97d10fa493826
+
* 在配置中使用endpoint配置替代snet配置,相應的commit: 41a9a065531ec946b4a9baf999f97d10fa493826
* Digest algorithm is now configurable. Corresponding commit: 82194e0c422966422f7a4e2157125c7ad8fbc5b5
+
* Digest算法現在可以配置,相應的commit: 82194e0c422966422f7a4e2157125c7ad8fbc5b5
* Cleanup chunks for deleted image that was in 'saving' state while deleting. Corresponding commit: 0dc8fbb3479a53c5bba8475d14f4c7206904c5ea
+
* 清理已經被刪除的鏡像,鏡像在'保存中'狀態時刪除。相應的commit: 0dc8fbb3479a53c5bba8475d14f4c7206904c5ea
* Glance now uses graduated oslo.policy. Corresponding commit: cb7d5a4795bbdaf4dc3eaaf0a6fb1add52c09011
+
* Glance現在使用畢業的oslo.policy模塊。相應的commit: cb7d5a4795bbdaf4dc3eaaf0a6fb1add52c09011
* An image can now be deactivated. A new state called deactivated has been added to the Image data asset. Corresponding commit: b000c85b7fabbe944b4df3ab57ff73883328f40d
+
* 鏡像現在可以設置為未啟用狀態。一個新的'未啟用'狀態已經添加到鏡像數據中。相應的commit: b000c85b7fabbe944b4df3ab57ff73883328f40d
  
  
Line 197: Line 199:
 
== OpenStack Dashboard (Horizon) ==
 
== OpenStack Dashboard (Horizon) ==
  
=== Key New Features ===
+
=== 新功能 ===
  
* Support for Federated authentication via Web Single-Sign-On -- When configured in keystone, the user will be able to choose the authentication mechanism to use from those support by the deployment. This feature must be enabled by changes to local_settings.py to be utilized. The related settings to enable and configure can be found [http://docs.openstack.org/developer/horizon/topics/settings.html#websso-enabled here].
+
*支援透過Web單點登入的統一驗證方式——在Keystone中做配置後,用戶就能選擇驗證機制來使用已佈署的功能。這些功能的使用能夠通過更改local_settings.py配置實現。 相關啟用設置和配置可以在這裡找到:[http://docs.openstack.org/developer/horizon/topics/settings.html#websso-enabled here]
  
* Support for Theming -- A simpler mechanism to specify a custom theme for Horizon has been included. Allowing for use of CSS values for Bootstrap and Horizon variables, as well as the inclusion of custom CSS. More details available [http://docs.openstack.org/developer/horizon/topics/settings.html#custom-theme-path here].
+
*支援主題—— 包含了可以為Horizon自定義主題的簡單功能。允許使用Bootstrap的CSS值,Horizon定義的變量 以及自定義CSS。更多信息参见:[http://docs.openstack.org/developer/horizon/topics/settings.html#custom-theme-path here]
  
* Sahara UX Improvements -- Dramatic improvements to the Sahara user experience have been made with the addition of guided cluster creation and guided job creation pages.
+
*Sahara Ux 改進 cluster和job創建引導頁的增加改進了Sahara的用戶體驗。
  
* Launch Instance Wizard (beta) -- A full replacement for the launch instance workflow has been implemented in AngularJS to address usability issues in the existing launch instance workflow. Due to the late inclusion date and limited testing, this feature is marked as beta for Kilo and not enabled by default. To use the new workflow, the following change to local_settings.py is required: <code>LAUNCH_INSTANCE_NG_ENABLED = True</code>. Additionally, you can disable the default launch instance wizard with the following:  <code>LAUNCH_INSTANCE_LEGACY_ENABLED = False</code>. This new work is a view into future development in Horizon.
+
* Launch Intance嚮導(beta) —— 用AngularJS實現了launch instance workflow的全面替代,用以解決現有的launch instance workflow的可用性問題。這項功能最近才引入並且缺乏測試,所以在Kilo版本中標記為beta並且默認是不啟用的。要使用新的workflow,需要對local_settings.py做如下更改:<code>LAUNCH_INSTANCE_NG_ENABLED = True</code>。另外,可以做如下更改來禁用默認的啟用instance嚮導:<code>LAUNCH_INSTANCE_LEGACY_ENABLED = False</code>。這項新功能體現了Horizo​​n未來的發展。
  
* Nova
+
*Nova
** allow service disable/enable on Hypervisor
+
**允許Service在Hypervisor中 啟用/禁用
** Migrate all instances from host
+
**從host遷移所有Instance
** expose serial console
+
**曝露serial console
  
* Cinder
+
*Cinder
** Cinder v2 by default
+
**默認為Cinder v2
** Managed/Unmanaged volume support -- allows admin to manage existing volumes not managed by cinder, as well as unmanage volumes.
+
**支援已管理/未管理的volume 允許管理員管理已存在的volume不在被cinder管理 未管理的被cinder管理
** Volume transfer support between projects
+
**支援project間的volume轉移
** Volume encryption metadata support
+
**支援volume加密數據
  
 
* Glance
 
* Glance
** View added to allow administrators to view/add/update Glance Metadata definitions
+
**增加介面允許管理員察看/新增/修改 Glance數據定義
  
 
* Heat
 
* Heat
** Stack Template view
+
** Stack Template界面
** Orchestration Resources Panel
+
** 操作資源控制板
** Suspend/Resume actions for Stacks
+
** Stacks的掛起/恢復操作
** Preview Stack view allows users to preview stacks specified in templates before creating them.
+
** 預覽Stack界面允許用戶在定義模板中的stacks前可以先預覽。
  
 
* Trove
 
* Trove
** Resizing of Trove instances -- changing instance flavor
+
** 調整Trove實例-更改instance的flavor
  
 
* Ceilometer
 
* Ceilometer
** Display IPMI meters values from Ceilometer
+
** 調整來源於Ceilometer的IPMI測量數據
  
* New Reusable AngularJS widgets in Horizon:
+
*Horizon中新的可重複使用的AngularJS widgets:
** AngularJS table implementation
+
**AngularJS表格實現
*** Table drawers -- expandable table content
+
**Table繪製-擴展的表格內容
*** improved client/server search
+
**改進Client/server查找
** Transfer table widget
+
**轉換表格widget
  
* Configurable web root for Horizon beyond just '/'
+
*為Horizon配置web root不僅僅限於'/'
  
 
=== 已知問題 ===
 
=== 已知問題 ===
  
* Volumes created from snapshots are empty - https://bugs.launchpad.net/horizon/+bug/1447288
+
*從快照創建的Volumes是空的-https://bugs.launchpad.net/horizo​​n/+bug/1447288
* Django 1.8 is not fully supported yet.
+
*還沒完全支援Django1.8
  
=== Upgrade Notes ===
+
=== 升級提示 ===
  
* Django 1.7 is now supported.
+
目前支援Django1.7
  
  
Line 254: Line 256:
 
== OpenStack Identity (Keystone) ==
 
== OpenStack Identity (Keystone) ==
  
=== Key New Features ===
+
=== 新功能 ===
  
==== Hierarchical multitenancy ====
+
==== 分層multitenancy ====
  
[http://specs.openstack.org/openstack/keystone-specs/api/v3/identity-api-v3.html#projects-v3-projects Projects] can be nested under other projects by setting the <code>parent_id</code> attribute to an existing project when [http://specs.openstack.org/openstack/keystone-specs/api/v3/identity-api-v3.html#create-project creating a new project]. You can also [http://specs.openstack.org/openstack/keystone-specs/api/v3/identity-api-v3.html#get-project discovery] the parent-child hierarchy through the existing <code>/v3/projects</code> API.
+
[http://specs.openstack.org/openstack/keystone-specs/api/v3/identity-api-v3.html#create-project 創建一個新的project]時,可以設置屬性<code>parent_id</code >的值為一個已存在project,使
 +
[http://specs.openstack.org/openstack/keystone-specs/api/v3/identity-api-v3.html#projects-v3-projects Projects]嵌套在其他projects下。
  
Role assignments can now be assigned to both [https://github.com/openstack/keystone-specs/blob/master/api/v3/identity-api-v3-os-inherit-ext.rst#assign-role-to-user-on-projects-in-a-subtree users] and [https://github.com/openstack/keystone-specs/blob/master/api/v3/identity-api-v3-os-inherit-ext.rst#assign-role-to-group-on-projects-in-a-subtree groups] on subtrees in the project hierarchy.
+
Role現在可以分配給project分層子樹上的[https://github.com/openstack/keystone-specs/blob/master/api/v3/identity-api-v3-os-inherit-ext.rst#assign -role-to-user-on-projects-in-a-subtree users][https://github.com/openstack/keystone-specs/blob/master/api/v3/identity-api-v3-os- inherit-ext.rst#assign-role-to-group-on-projects-in-a-subtree groups]
  
This feature will require corresponding support across other OpenStack services (such as hierarchical quotas) in order to become broadly useful.
+
這項功能還需要其他Openstack服務(例如hierarchical quotas)的相應支持使其廣泛的生效
  
 
==== Fernet tokens ====
 
==== Fernet tokens ====
  
Unlike UUID tokens which must be persisted to a database, Fernet tokens are entirely non-persistent. Deployers can enable the Fernet token provider using <code> [token] provider = keystone.token.providers.fernet.Provider</code> in <code>keystone.conf</code>.
+
區別於UUID tokens只能持久化存入數據庫,Fernet tokens完全不需要持久化。部署人員可以通過設置<code>keystone.conf</code>中的<code> [token] provider = keystone.token.providers.fernet.Provider</code>來啟用Fernet token
  
Fernet tokens require symmetric encryption keys which can be established using <code>keystone-manage fernet_setup</code> and periodically rotated using <code>keystone-manage fernet_rotate</code>. These keys must be shared by all Keystone nodes in a multi-node (or multi-region) deployment, such that tokens generated by one node can be immediately validated against another.
+
Fernet tokens需要symmetric encryption keys,這些keys可以使用<code>keystone-manage fernet_setup</code>建立, 並且使用<code>keystone-manage fernet_rotate</code>週期性地輪換。這些keys必須被在一個multi-node(或者multi-region)部署中的所有Keyston nodes共享,這樣就能使一個node生成的tokens可以立即被其他節點驗證。
  
 
==== Identity federation ====
 
==== Identity federation ====
  
* Keystone can now act as a [http://docs.openstack.org/developer/keystone/configure_federation.html#keystone-as-an-identity-provider-idp federated identity provider (IdP)] for another instance of Keystone by issuing SAML assertions for local users, which may be ECP-wrapped.
+
* Keystone現在可以作為[http://docs.openstack.org/developer/keystone/configure_federation.html#keystone-as-an-identity-provider-idp 聯邦身份提供者(IdP: federated identity provider)]為另外一個Keystone實例提供本地用戶的SAML斷言(​​SAML assertions),可能是ECP封裝(ECP-wrapped)。
* Added support for [http://docs.openstack.org/developer/keystone/extensions/openidc.html OpenID Connect] as a federated identity authentication mechanism.
+
* 支持[http://docs.openstack.org/developer/keystone/extensions/openidc.html OpenID連接]作為聯邦身份鑑權機制(federated identity authentication mechanism)。
* Added the ability to associate many "Remote IDs" to a single identity provider in Keystone. This will help in a case where many identity providers use a common mapping.
+
* 在Keystone中增加對多"Remote IDs"關聯到單一的鑑權提供者。這有助於有多身份提供者使用一個通用的映射。
* Added the ability for a user to authenticate via a web browser with an existing IdP, through a Single Sign-On page.
+
* 增加為已經擁有Idp用戶通過web瀏覽器鑑權的能力,實現單點登錄。
* Federated tokens now use the <code>token</code> authentication method, although both <code>mapped</code> and <code>saml2</code> remain available.
+
* 聯邦令牌(federated tokens)現在使用<code>token</code>鑑權方法,<code>mapped</code><code>saml2</code>仍然有效。
* Federated users may now be mapped to existing local identities.
+
* 聯邦用戶(federated users)可以映射到本地已經存在的身份上。
* Groups specified in the mapping rulesets can be identified by name and domain.
+
* 在規則集(rulesets)映射中定義的組可以用名字和域鑑權
* Groups appearing in federated identity assertions may now be automatically mapped as locally existing groups with local user membership mappings (filtered by white and blacklists).
+
* 出現在聯邦身份斷言(federated identity assertions)中的組,可以被自動的映射為本地已經存在的組中,並且擁有本地用戶關係映射(通過白名單和黑名單過濾)
  
 
==== LDAP ====
 
==== LDAP ====
  
* Filter parameters specified by API users are now processed by LDAP itself, instead of by Keystone.
+
* 用戶指定的API過濾項現在由LDAP本身處理,現在由keystone取代
* ''Experimental'' support was added to store domain-specific identity backend [http://docs.openstack.org/developer/keystone/configuration.html#domain-specific-drivers configuration in SQL] using the HTTP API. The primary use case for this is to create a new domain with the HTTP API, and then immediately configure a domain-specific LDAP driver for it without restarting Keystone.
+
* "試驗性"支持存儲指定域(domain-specific)鑑權後端HTTP API[http://docs.openstack.org/developer/keystone/configuration.html#domain-specific-drivers 在SQL中配置]。這個主要用戶場景是,當使用HTTP API創建一個新的域(domain),並且馬上配置一個指定域(domain-specific)的LDAP驅動,而不需要重啟keystone。
  
 
==== 授權 ====
 
==== 授權 ====
  
* The "assignment" backend has been split into a "resource" backend (containing domains, projects, and roles) and an "assignment" backend, containing the authorization mapping model.
+
* "分配(assignment)"後端已經被分離到"資源(resource)"後端(包含domains, projects和roles),並且"分配(assignment)"的後端包含了授權的映射模型
* Added support for trust redelegation. If allowed when the trust is initially created, a trustee can redelegate the roles from the trust via another trust.
+
* 支持再次信任授權。當信任關係建立後,被信任人可以通過另外一個信任重新授權該信任的角色。
* Added support for explicitly requesting an unscoped token from Keystone, even if the user has a <code>default_project_id</code> attribute set.
+
* Keystone支持無範圍(unscoped)的token請求,即使用戶設置了<code>default_project_id</code>
* Deployers may now opt into disallowing the re-scoping of scoped tokens by setting <code>[token] allow_rescope_scoped_token = false</code> in <code>keystone.conf</code>.
+
* 部署人員可以修改配置來限制已經有範圍的令牌重新獲取範圍(re-scoping),在<code>keystone.conf</code>設置<code>[token] allow_rescope_scoped_token = false</code>
  
  
=== Upgrade Notes ===
+
=== 升級提示 ===
  
* XML support in Keystone has been removed as of Kilo. When upgrading from Juno to Kilo, it is recommended that references to XML and XmlBodyMiddleware be removed from the [https://github.com/openstack/keystone/blob/master/etc/keystone-paste.ini Keystone Paste configuration]. This includes removing the XML middleware filters and the references from the public_api, admin_api, api_v3, public_version_api, admin_version_api and any other pipelines that may contain the XML filters.
+
* Keystone的XML支持將在Kilo版本刪除。當從Juno升級到Kilo,​​建議將XML和XmlBodyMiddleware相關的信息從[https://github.com/openstack/keystone/blob/master/etc/keystone-paste.ini Keystone Paste p配置]刪除。這包含刪除XML中間層過濾器以及public_api, admin_api, api_v3, public_version_api, admin_version_api相關的和其他包含XML過濾器的流水線(pipelines)。
* All previous extensions (OS-FEDERATION, OS-OAUTH1, OS-ENDPOINT-POLICY and OS-EP-FILTER) are now enabled by default, and are [http://docs.openstack.org/developer/keystone/extensions.html correspondingly marked] as either "experimental" or "stable".
+
* 所有之前的擴展(OS-FEDERATION, OS-OAUTH1, OS-ENDPOINT-POLICY and OS-EP-FILTER)現在被默認支持,並且在[http://docs.openstack.org/developer/keystone/extensions. html 相關標記]中,標記為"試驗"或者"穩定"
* [http://specs.openstack.org/openstack/openstack-specs/specs/no-downward-sql-migration.html SQL Schema Downgrades are no longer supported]. This change is the result of evaluation that downward SQL migrations are not well tested and become increasingly difficult to support with the volume of data-change that occurs in many of the migrations.
+
* [http://specs.openstack.org/openstack/openstack-specs/specs/no-downward-sql-migration.html 不在支持SQL結構的回退]。這個變化主要是回退並沒有經過良好的測試,而且在很多遷移中需要支持數據變化,難度越來越大。
* The following python libraries are now required: [https://pypi.python.org/pypi/cryptography cryptography], [https://pypi.python.org/pypi/msgpack-python msgpack-python], [https://pypi.python.org/pypi/pysaml2 pysaml2] and [https://pypi.python.org/pypi/oauthlib oauthlib].
+
* 需要以下Python庫:[https://pypi.python.org/pypi/cryptography cryptography], [https://pypi.python.org/pypi/msgpack-python msgpack-python], [https://pypi .python.org/pypi/pysaml2 pysaml2] [https://pypi.python.org/pypi/oauthlib oauthlib]
* <code>keystone.middleware.RequestBodySizeLimiter</code> is now deprecated in favor of <code>oslo_middleware.sizelimit.RequestBodySizeLimiter</code> and will be removed in Liberty.
+
* <code>keystone.middleware.RequestBodySizeLimiter</code>被廢棄,取而代之的是<code>oslo_middleware.sizelimit.RequestBodySizeLimiter</code> 並且在Liberty移除。
* Eventlet-specific configuration options such as <code>public_bind_host</code>, <code>bind_host</code>, <code>admin_bind_host</code>, <code>admin_port</code>, <code>public_port</code>, <code>public_workers</code>, <code>admin_workers</code>, <code>tcp_keepalive</code>, <code>tcp_keepidle</code> have been moved from the <code>[DEFAULT]</code> configuration section to a new configuration section called <code>[eventlet_server]</code>. Similarly, Eventlet-specific SSL configuration options such as <code>enable</code>, <code>certfile</code>, <code>keyfile</code>, <code>ca_certs</code>, <code>cert_required</code> have been moved from the <code>[ssl]</code> configuration section to a new configuration section called <code>[eventlet_server_ssl]</code>.
+
* Eventlet相關的配置項,如:<code>public_bind_host</code>, <code>bind_host</code>, <code>admin_bind_host</code>, <code>admin_port</code>, <code>public_port< /code>, <code>public_workers</code>, <code>admin_workers</code>, <code>tcp_keepalive</code>, <code>tcp_keepidle</code>被從<code>[DEFAULT]</code >移除掉,移到了<code>[eventlet_server]</code>. 相似的,Eventlet相關的SSL配置選項如:<code>enable</code>, <code>certfile</code>, <code> keyfile</code>, <code>ca_certs</code>, <code>cert_required</code>已經從<code>[ssl]</code>配置項移動到<code>[eventlet_server_ssl]</code>.
* <code>keystone.token.backends.sql</code> has been removed in favor of <code>keystone.token.persistence.backends.sql</code>.
+
* <code>keystone.token.backends.sql</code><code>keystone.token.persistence.backends.sql</code>取代.
* <code>keystone.token.backends.kvs</code> has been removed in favor of <code>keystone.token.persistence.backends.kvs</code>.
+
* <code>keystone.token.backends.kvs</code><code>keystone.token.persistence.backends.kvs</code>取代.
* <code>keystone.token.backends.memcache</code> has been removed in favor of <code>keystone.token.persistence.backends.memcache</code>.
+
* <code>keystone.token.backends.memcache</code><code>keystone.token.persistence.backends.memcache</code>取代.
* <code>keystone.assignment.backends.kvs</code> has been removed in favor of <code>keystone.assignment.backends.sql</code>.
+
* <code>keystone.assignment.backends.kvs</code><code>keystone.assignment.backends.sql</code>取代.
* <code>keystone.identity.backends.kvs</code> has been removed in favor of <code>keystone.identity.backends.sql</code>.
+
* <code>keystone.identity.backends.kvs</code><code>keystone.identity.backends.sql</code>取代.
* <code>keystone.contrib.stats.core.StatsMiddleware</code> has been removed in favor of external tooling.
+
* <code>keystone.contrib.stats.core.StatsMiddleware</code>被外部工具取代.
* <code>keystone.catalog.backends.templated.TemplatedCatalog</code> has been removed in favor of <code>keystone.catalog.backends.templated.Catalog</code>.
+
* <code>keystone.catalog.backends.templated.TemplatedCatalog</code><code>keystone.catalog.backends.templated.Catalog</code>取代.
* <code>keystone.contrib.access.core.AccessLogMiddleware</code> has been removed in favor of external access logging.
+
* <code>keystone.contrib.access.core.AccessLogMiddleware</code>被外部訪問日誌取代.
* <code>keystone.trust.backends.kvs</code> has been removed in favor of <code>keystone.trust.backends.sql</code>.
+
* <code>keystone.trust.backends.kvs</code><code>keystone.trust.backends.sql</code>取代.
* <code>[catalog] endpoint_substitution_whitelist</code> has been removed from <code>keystone.conf</code> as part of a related security hardening effort.
+
* <code>[catalog] endpoint_substitution_whitelist</code>已經從<code>keystone.conf</code>刪除,作為加強安全的一部分。
* <code>[signing] token_format</code> has been removed from <code>keystone.conf</code> in favor of <code>[token] provider</code>.
+
* <code>[signing] token_format</code>被從<code>keystone.conf</code>刪除,取代的是<code>[token] provider</code>.
  
 
== OpenStack Network Service (Neutron) ==
 
== OpenStack Network Service (Neutron) ==
  
=== Key New Features ===
+
=== 新功能 ===
  
* [http://specs.openstack.org/openstack/neutron-specs/specs/kilo/subnet-allocation.html Subnet allocation] feature allows creating subnets from a pre-defined pool of addresses instead of providing explicit addresses.
+
* DVR現在除了VXLAN/GRE外還支持VLANs
** Support in python-neutron-client (subnetpool-create/update/list/show/delete and subnet-create --subnetpool).
+
* ML2分層端口綁定(Port Binding)
** API documentation work is underway.
+
* 新的V2版本的LBaas(負載均衡即服務)API
** Horizon support is tracked with [https://blueprints.launchpad.net/horizon/+spec/neutron-subnet-allocation neutron-subnet-allocation] blueprint.
+
* 支持OVS ML2驅動的端口安全
* DVR now supports VLANs in addition to VXLAN/GRE
 
* ML2 Hierarchical Port Binding
 
* New LBaaS Version 2 API
 
* Portsecurity support for the OVS ML2 Driver
 
* Multiple Prefixes for IPv6 (tenant guest interfaces can now get multiple IPv6 addresses)
 
* IPv6 Router (allows guests to get global IPv6 addresses and talk to the world, without NAT)
 
* API extension for MTU Selection and Advertisement
 
* API extension to check for support of VLAN trunking networks for NFV
 
  
* New Plugins supported in Kilo include the following:
+
* 在Kilo版本中支持的新插件:
 
** A10 Networks LBaaS V2 Driver
 
** A10 Networks LBaaS V2 Driver
 
** Brocade LBaaS V2 Driver
 
** Brocade LBaaS V2 Driver
Line 347: Line 342:
 
=== 已知問題 ===
 
=== 已知問題 ===
  
* The Firewall-as-a-Service project is still marked as experimental for the Kilo release.
+
* 在Kilo版本中,防火牆即服務仍然標記為試驗性功能
 
* Bug [https://bugs.launchpad.net/neutron/+bug/1438819 1438819]
 
* Bug [https://bugs.launchpad.net/neutron/+bug/1438819 1438819]
** When a new subnet is created on an external network, all existing routers with gateways on the network will get a new address allocated from it. For IPv4 networks, this could consume the entire subnet for router gateway ports.
+
** 當創建一個新的可訪問外部網絡的子網,所有與該網絡相關的、已經存在的具有網關的路由都會得到一個新的地址。對於IPv4網絡,這樣會為路由的網關消耗掉子網中的全部接口。
  
=== Upgrade Notes ===
+
=== 升級提示 ===
  
From Havana, Neutron no longer supported an explicit lease database (https://bugs.launchpad.net/bugs/1202392). This left dead code including unused environment variable. In order to remove the dead code (https://review.openstack.org/#/c/152398/), a change to the dhcp.filter is required, so that line:
+
從Havana版本開始,Neutron不再支持存放指定的租約(https://bugs.launchpad.net/bugs/1202392)。這部分剩餘的殘留代碼包含了一些不曾使用的環境變量。為了刪除掉這些殘餘代碼(https://review.openstack.org/#/c/152398/),需要修改dhcp.filter,所以這一行:
  
 
'''dnsmasq: EnvFilter, dnsmasq, root, NEUTRON_NETWORK_ID='''
 
'''dnsmasq: EnvFilter, dnsmasq, root, NEUTRON_NETWORK_ID='''
  
Be replaced by:
+
需要被替換為:
  
'''dnsmasq: CommandFilter, dnsmasq, root'''
+
dnsmasq: CommandFilter, dnsmasq, root
  
After advanced services were split into separate packages and received their own service configuration files (specifically, etc/neutron/neutron_lbaas.conf, etc/neutron/neutron_fwaas.conf and etc/neutron/neutron_vpnaas.conf), active service provider configuration can be different after upgrade (specifically, default load balancer (haproxy) and vpn (openswan) providers can be enabled for you even though you previously disabled them in neutron.conf). Please make sure you review configuration after upgrade so that it reflects the desired state of service providers.
+
在一些高級服務被劃分到獨立的包,並且有自己的配置文件後(特別是:etc/neutron/neutron_lbaas.conf, etc/neutron/neutron_fwaas.conf and etc/neutron/neutron_vpnaas.conf),當前活躍的服務在升級後,配置會產生變化(特別是,默認的負載均衡軟件(haxproxy)和vpn(oepnswn)在升級後會被開啟,儘管你之前可能在neutron.conf關閉了他們)。請務必在升級後檢查你的配置,保證你的新配置和你之前想要啟動的服務一致。
  
Note: this will have no effect if the related service plugin is not loaded in neutron.conf.
+
注意:如果在neutron.conf沒有加載相關插件,不會受到影響。
  
  
* The default value of api_workers is now equal to the number of CPUs in the host. If you currently use the default, ensure you set api_workers to a reasonable number for your installation. (https://review.openstack.org/#/c/140493/)
+
*默認的api workers的數量變為​​物理主機CPU的個數。如果你當前用的是默認值,需要保證為你的api worker設置一個合理的數量。 (https://review.openstack.org/#/c/140493/)
* The neutron.allow_duplicate_networks config option is deprecated in Kilo and will be removed in Liberty where the default behavior will be to just allow multiple ports attached to an instance on the same network in Neutron. (https://review.openstack.org/163581)
+
*neutron. allow_duplicate_networks配置項在Kilo版本廢棄並且將從Liberty移除,默認的行為是允許同一虛擬機可以綁定在同一子網的多個接口。 (https://review.openstack.org/163581)
*   The linuxbridge agent now enables VXLAN by default (https://review.openstack.org/160826)
+
*linuxbridge agent現在默認支持VXLAN(https://review.openstack.org/160826)
* neutron-ns-metadata-proxy can now be run as non-root (https://review.openstack.org/147437)
+
*neutron-ns-metadata-proxy可以使用非root用戶執行(https://review.openstack.org/147437)
  
=== Other Notes (Deprecation/EOL etc) ===
+
=== 其他的注意信息(廢棄/終止等) ===
  
* Deprecation
+
*廢棄
** Brocade Monolithic plugin for Brocade's VDX/VCS series of hardware switches will be deprecated in the L-Release. The functionality provided by this plugin is now addressed by the ML2 Driver available for the VDX series of hardware. The plugin is slated for removal after this release cycle.
+
**Brocade的VDX/VCS系列硬件的Monolithic插件将在L版本中废弃。原有插件提供的功能已经在ML2中实现。插件将在这个更新之后被删除。
** The monolithic Cisco Meta plugin for Nexus1000V will be deprecated in the L-Release. The functionality provided by this plugin is now available with the Cisco Nexus1000V ML2 mechanism driver. The monolithic plugin is slated for removal after this release cycle.
+
**Cisco的Nexus1000V Meta插件将在L版本中废弃。原有插件功能已经在ML2的Cisco Nexus1000V策略驱动实现。插件将在这个更新之后被删除。
  
 
== OpenStack Block Storage (Cinder) ==
 
== OpenStack Block Storage (Cinder) ==
  
=== Key New Features ===
+
=== 新功能 ===
  
* From this point forward any new database schema upgrades will not require restarting Cinder services right away. The services are now independent of schema upgrades. This is part one to Cinder supporting rolling upgrades!
+
* 從這一刻起,任何新的數據庫結構的更新將不需要Cinder服務立即重啟。服務本身和數據庫結構間沒有直接關聯。這是Cinder支持滾動更新(rolling upgrades)的第一部分!
* Ability to add/remove volumes from an existing consistency group. [http://docs.openstack.org/admin-guide-cloud/content/consistency-groups.html Read docs for more info].
+
* 在已經存在的一致性組中添加或者刪除卷。 [http://docs.openstack.org/admin-guide-cloud/content/consistency-groups.html 獲取更多信息].
* Ability to create a consistency group from an existing consistency group snapshot. [http://docs.openstack.org/admin-guide-cloud/content/consistency-groups.html Read docs for more info].
+
* 從一個已經存在的一致性組的景像中創建一個新的一致性組。 [http://docs.openstack.org/admin-guide-cloud/content/consistency-groups.html 獲取更多信息].
* Create more fine tuned filters/weighers to set how the scheduler will choose a volume backend. [http://docs.openstack.org/admin-guide-cloud/content/driver_filter_weighing.html Read the docs for more info].
+
* 創建了更多已經優化的filters/weighers來設定scheduler如何選擇一個卷的後端。 [http://docs.openstack.org/admin-guide-cloud/content/driver_filter_weighing.html 獲取更多信息].
* Encrypted volumes can now be backed up using the Cinder backup service. [http://docs.openstack.org/admin-guide-cloud/content/volume-backup-restore.html Read the docs for more info].
+
* 加密卷現在可以使用Cinder備份服務進行備份。 [http://docs.openstack.org/admin-guide-cloud/content/volume-backup-restore.html 獲取更多信息].
* Ability to create private volume types. This is perfect when you want to make volume types available to only a specific tenant or to test it before making available to your cloud. To do so use the ''cinder type-create <name> --is-public''.
+
* 允許創建私有捲類型。你可以讓卷類型只對特定的租戶可見,或者在更新到正式環境前進行測試。可以用過'cinder type-create <name> --is-public'設置。
* Oversubscription with thin provision is configurable. [http://docs.openstack.org/admin-guide-cloud/content/over_subscription.html Read docs for more info].
+
* Thin Provision(精簡配置)的超額認購是可以配置的。 [http://docs.openstack.org/admin-guide-cloud/content/over_subscription.html Read docs for more info].
* Ability to add descriptions to volume types. To do so use ''cinder type-create <name> <description>
+
* 可以為卷類型增加描述信息。使用'cinder type-create <name> <description>'命令創建。
* Cinder now can return multiple iSCSI paths information so that the connector can attach volumes even when the primary path is down ([https://review.openstack.org/#/c/134681/ when connector's multipath feature is enabled] or [https://review.openstack.org/#/c/140877/ not enabled]).
+
* Cinder現在可以返回多個iSCSI路徑信息,這樣連接方就能在主路徑(Primary Path)掛掉後,使用其他路徑([https://review.openstack.org/#/c/134681/ 當連接方多路徑支持開啟] or [https://review.openstack.org/#/c/140877/ 未開啟])
* Add ability to specify a local lvm.conf file.  When using the LVM driver this option allows you to set a Cinder specific lvm.conf file in /etc/cinder/lvm.conf.  This enables specific LVM settings and filters that are only picked up and used by Cinder.
 
* The Cinder backup service can now backup to an NFS exported filesystem. [http://docs.openstack.org/admin-guide-cloud/content/volume-backup-restore.html Read the docs for more info].
 
  
=== Upgrade Notes ===
+
=== 升級提示 ===
  
* The 'host' config option for multiple-storage backends in cinder.conf is renamed to 'backend_host' in order to avoid a naming conflict with the 'host' to locate redis. If you use this option, please ensure your configuration files are updated.
+
* cinder.conf中的'host'配置選項被重命名為'backend_host',目的為了避免與redis配置中的'host'命名衝突。如果你使用了這個選項,請務必更新你的配置文件。
  
  
 
== OpenStack Telemetry (Ceilometer) ==
 
== OpenStack Telemetry (Ceilometer) ==
  
=== Key New Features ===
+
=== 新功能 ===
  
* Support to add jitter to polling cycles to ensure pollsters are not querying service's api at the same time
+
* 支持在polling循環中增加抖動,保證pollsters不要在同一時間查詢服務的API
* Ceilometer API RBAC support
+
* 支持Ceilometer API RBAC(基於權限的訪問控制)
* Improved Event support:
+
* 優化的事件支持:
** Multi-pipeline support to enable unique processing and publishing of events
+
** 多流水線(Multi-pipeline)支持開啟唯一的處理和發布的事件
** Enabled ability to capture raw notification messages for auditing and postmortem analysis
+
** 支持捕獲RAW消息格式,便於審計和事後分析
** Support for persisting events into ElasticSearch
+
** 在彈性搜索中支持持久化事件
** Publishing support to database, http, file, kafka and oslo.messaging supported message queues
+
** 發布支持對數據庫、http、分揀、kafka和oslo.messaging支持的消息隊列
** Option to split off the events persistence into a separate database
+
** 增加一個選項,可以將消息的持久化數據存放在一個單獨的數據庫中
** Telemetry now supports to collect and store all the event type meters as events. A new option, ''disable_non_metric_meters'', was added to the configuration in order to provide the possibility to turn off storing these events as samples. For further information please see the [http://docs.openstack.org/trunk/config-reference/content/ch_configuring-openstack-telemetry.html Telemetry Configuration Reference]
+
** Ceilometer現在支持使用時間(events)採集和存儲所有事件類型的測量(meters)。一個新的選項,''disable_non_metric_meters''被加入到配置中,為了關閉將這些事件作為Samples存取的開關。更多信息請參閱[http://docs.openstack.org/trunk/config-reference/content/ch_configuring-openstack-telemetry.html Ceilometer配置指南]
** The Administrator Guide in OpenStack Manuals was updated with a new [http://docs.openstack.org/admin-guide-cloud/content/section_telemetry-events.html Events section], where you can find further information about this functionality.
+
** OpenStack手冊中的管理員指南增加了新的[http://docs.openstack.org/admin-guide-cloud/content/section_telemetry-events.html 事件的選擇], 你能通過這篇文檔獲取更多信息。
* Improved pipeline publishing support:
+
* 優化了流水線(pipeline)發布支持:
** Support to publish events and samples to Kafka or HTTP targets
+
** 支持將事件(events)和samples發佈到Kafka或者Http目標中
** Publish data to multiple queues
+
** 將數據發送到多個隊列中
* Additional meters
+
* 更多的測量(meters)
** memory and disk meters for Hyper-V
+
** Hyper-V的內存和磁盤測量(meters)
** disk meters for LibVirt
+
** LibVir​​t的磁盤測量(meters)
** power and thermal related IPMI meters, more meters from NodeManager
+
** IPMI相關的電源和熱量的測量(meters),更多的測量指標查看NodeManager
** ability to meter Ceph
+
** Ceph測量
* IPv6 support enabled in Ceilometer udp publisher and collector
+
* 在Ceilometer中upd的發布和採集支持IPv6格式
* [http://launchpad.net/gnocchi Gnocchi] dispatch support for ceilometer-collector
+
* [http://launchpad.net/gnocchi Gnocchi]支持ceilometer-collector分派
* Self-disabled pollster mechanism
+
* pollster自我關閉機制
  
  
=== Upgrade Notes ===
+
=== 升級提示 ===
  
* Deprecated meters:
+
* 失效的測量(meters):
** The instance:<flavor> meter is deprecated in the Kilo release. In order to retrieve samples or statistics based on flavor you can use the following queries:
+
** instance:<flavor>測量在Kilo版本中廢棄。如果想獲取flavor的samples或者統計你能使用以下查詢:
  statistics:
+
   統計:
  ceilometer statistics -m instance -g resource_metadata.instance_type
+
   ceilometer statistics -m instance -g resource_metadata.instance_type
  
 
   samples:
 
   samples:
  ceilometer sample-list -m instance -q metadata.instance_type=<value>
+
   ceilometer sample-list -m instance -q metadata.instance_type=<value>
* Middleware used to meter Swift was previously packaged in Ceilometer and is now deprecated. It is now separated into it's own library: ceilometermiddleware.
+
* 用於Swift測量的中間件之前被打包到Ceilometer中,現在被廢棄了。現在被分拆到獨立的庫:ceilometermiddleware
** Juno configuration: http://docs.openstack.org/juno/install-guide/install/apt/content/ceilometer-swift.html
+
** Juno配置: http://docs.openstack.org/juno/install-guide/install/apt/content/ceilometer-swift.html
** Kilo configuration: http://docs.openstack.org/kilo/install-guide/install/apt/content/ceilometer-swift.html
+
** Kilo配置: http://docs.openstack.org/kilo/install-guide/install/apt/content/ceilometer-swift.html
  
  
 
== OpenStack Orchestration (Heat) ==
 
== OpenStack Orchestration (Heat) ==
  
=== Key New Features ===
+
=== 新功能 ===
  
* Improved scaling using nested stacks
+
* 使用嵌套stacks優化擴展性
** Heat will RPC actions on any resource that is based on a template. This should help to spread the load when dealing with large complex stacks.
+
** Heat在任何資源的遠程調用(PRC)動作都是基於一個模板(template)。這樣對處理複雜stacks時有利於分擔負載。
* oslo versioned objects
+
* oslo版本化對象
** The database layer now uses oslo versioned objects to aid in future upgrades. This will allow a newly upgraded heat-engine to use a database with an older schema. Note that this will not help with upgrading to kilo.
+
** 數據庫層現在使用oslo版本化對象來幫助未來的升級。這樣允許一個新的升級的heat-engine使用一個舊的數據庫結構。注意這並不會幫助升級到kilo版本。
* New template functions
+
* 新模板方法
** There is a new HOT template version "20150430" which includes two new functions "digest" and "repeat".
+
** 一個新的HOT模板,版本為"20150430",包含了兩個新的方法"digest""repeat"
* Multiregion stacks
+
* 多區域stacks
 
** http://docs.openstack.org/hot-reference/content/OS__Heat__Stack.html
 
** http://docs.openstack.org/hot-reference/content/OS__Heat__Stack.html
* Access to Heat services
+
* 訪問Heat服務
** The admin now has similar access to services as other projects. This is in the form of "heat-manage service-list" and via horizon. This feature reports the active heat-engines.
+
** 管理員現在能像其他項目一樣訪問服務狀態。使用"heat-manage service-list"和Horizo​​n。這個功能將匯報heat-engines的活躍狀態。
* Improved validation for nova and neutron properties.
+
* 優化Nova和Neutron資源(properties)的校驗。
* Pause stack creation/update on a given resource (stack hooks)
+
* 在特定資源時(stack鉤子),暫停stack的創建/更新
 
** http://specs.openstack.org/openstack/heat-specs/specs/juno/stack-breakpoint.html
 
** http://specs.openstack.org/openstack/heat-specs/specs/juno/stack-breakpoint.html
 
** http://docs.openstack.org/developer/heat/template_guide/environment.html?highlight=hooks#pause-stack-creation-update-on-a-given-resource
 
** http://docs.openstack.org/developer/heat/template_guide/environment.html?highlight=hooks#pause-stack-creation-update-on-a-given-resource
* New contributed resources
+
* 新貢獻的資源
** Mistral resources
+
** Mistral資源
** gnocchi alarms https://blueprints.launchpad.net/heat/+spec/ceilometer-gnocchi-alarm
+
** gnocchi告警https://blueprints.launchpad.net/heat/+spec/ceilometer-gnocchi-alarm
** keystone resources supported with Keystone v3 server for Project, Role, User and Group
+
** Keystone資源支持v3版本,項目、角色、用戶和組
* Stack lifecycle scheduler hints
+
* Stack生命週期調度提示
* Software-config improvements
+
* 軟件配置優化
** Option to use Swift TempURLs for deployment signals http://specs.openstack.org/openstack/heat-specs/specs/kilo/software-config-swift-signal.html
+
** 使用Swift TempURLs選項作為部署信號http://specs.openstack.org/openstack/heat-specs/specs/kilo/software-config-swift-signal.html
** The ability to create and monitor a deployment from the heat command line, outside of the stack http://specs.openstack.org/openstack/heat-specs/specs/kilo/software-config-trigger.html
+
** 使用heat命令創建和監控一個部署,在stack之外http://specs.openstack.org/openstack/heat-specs/specs/kilo/software-config-trigger.html
  
=== Upgrade Notes ===
+
=== 升級提示 ===
  
* The default of the configuration option "num_engine_workers" has changed from 1 to a number based on the the number of CPUs. This is now the same as the way other projects set the number of workers.
+
* "num_engine_workers"選項默認值從1變為CPU個數。現在這也是其他項目設置worker數量的方法。
* The default for the configuration option "max_nested_stack_depth" has been increased to 5.
+
* "max_nested_stack_depth"默認值增加為5.
* There is a new configuration option "convergence" it is by default off. This feature is not yet complete and this option should remain off.
+
* 新增的"convergence"默認為關閉。這個功能還沒有完成,應該保持關閉。
* In preparation of an upcoming major feature (convergence) there have been some significant DB schema changes. It is suggested that the heat-engine is shutdown during schema upgrades.
+
* 為了準備即將到來的主要更新(convergence),有一些明顯的數據庫結構變化。建議在升級過程中關閉heat-engine。
  
=== Other Notes (Deprecation/EOL etc) ===
+
=== 其他的注意信息(廢棄/終止等) ===
  
==== Deprecation ====
+
==== 廢棄 ====
  
* The follow resources are deprecated OS::Heat::HARestarter and OS::Heat::CWLiteAlarm
+
* 下列資源被廢棄了OS::Heat::HARestarter和OS::Heat::CWLiteAlarm
* The CloudWatch API (heat-api-cw)
+
* CloudWatch API (heat-api-cw)
  
  
 
== OpenStack Database service (Trove) ==
 
== OpenStack Database service (Trove) ==
  
=== Key New Features ===
+
=== 新功能 ===
  
* Support for a new replication strategy based on async GTID replication (new in MySQL 5.6)
+
* 支持一個新的複制策略,基於異步的GTID複製(MySQL 5.6新功能)
** We now support for creating n-replicas from a single master in one API call
+
** 當前一個API調用支持從一個單master節點創建n個副本
** We also support for failover from an unresponsive master to the most up-to-date slave can now be achieved using the new 'eject-master' API 
+
** 使用新的'eject-master' API,我們也能支持從一個未響應的master節點,恢復到最近更新的slave節點上
* Support for Trove guest managers to support the following new datastores:
+
* Trove guest管理支持以下新的數據存儲:
 
**Vertica, and Vertica Cluster
 
**Vertica, and Vertica Cluster
 
**DB2
 
**DB2
**CouchDB  
+
**CouchDB
* Extended current management API layer :
+
* 擴展當前管理API層:
** We now have a new management API to support listing and viewing deleted trove instances
+
** 新的管理API用來獲取列表或查看已經刪除的trove虛擬機
** We also added a new management API to ping a datastore guestagent via the RPC mechanism
+
** 新的管理API用來ping一個數據存儲的guest agent,基於RPC機制
* Horizon updates to support resize of Trove instances.
+
* Horizo​​n支持重置Trove實例(instances)的規格
* Users now have the ability to edit/update the names of Trove instances
+
* 用戶現在可以編輯/更新Trove虛擬機(instances)的名字
* Integration with the cross-project OpenStack profiling library (OSProfiler)
+
* 集成跨項目的OpenStack性能分析庫(OSProfiler)
  
=== Upgrade Notes ===
+
=== 升級提示 ===
  
* We migrated from deprecated oslo-incubator messaging code to the official oslo.messaging python module. Please look at git.openstack.org/cgit/openstack/trove/tree/etc/trove/trove.conf.sample#n18 for more details on the changed config values that were added to support this, ([https://review.openstack.org/#/c/94484/ Change])
+
* 我們從已經廢棄的oslo-incubator消息代碼遷移至官方的oslo.messaging模塊中。配置變更詳情請查看git.openstack.org/cgit/openstack/trove/tree/etc/trove/trove.conf.sample#n18,([https://review.openstack.org/#/c/94484/ 更新])
* Datastores and strategies that are not currently being tested by any CI have been moved into an 'experimental' section in their respective modules. Once these datastores and strategies have appropriate tests exercising and gating against them in CI, they will be graduated to 'stable'.
+
* 沒有經過任何CI測試過的數據存儲和策略被移入'測試'段中的各自模塊中​​。一旦這些數據存儲和策略在CI中通過測試和gate驗證,他們就會被標記為'穩定'
* Added new documentation to help with the process of building  trove guest images for different datastores at http://docs.openstack.org/developer/trove/dev/building_guest_images.html
+
* 添加了新文檔幫助為不同的數據存儲創建鏡像http://docs.openstack.org/developer/trove/dev/building_guest_images.html
  
  
 
== OpenStack Data Processing service (Sahara) ==
 
== OpenStack Data Processing service (Sahara) ==
  
=== Key New Features ===
+
=== 新功能 ===
  
* New plugins, their features and versions:
+
* 新插件,功能和版本:
 
** MAPR
 
** MAPR
 
** Apache Storm
 
** Apache Storm
** Apache Hadoop 2.6.0 was added, Apache Hadoop 2.4.1 deprecated
+
** 添加了Apache Hadoop 2.6.0, Apache Hadoop 2.4.1被廢棄
** New services for CDH plugin added up to HDFS, YARN, Spark, Oozie, HBase, ZooKeeper and other services
+
** 新的服務CDH插件加入HDFS, YARN, Spark, Oozie, HBase, Zookeeper和其他服務
* Added indirect VM access for better utilization of floating IPs
+
* 增加非直接的虛擬機(instances)訪問,以更好地利用floating ip
* Added event log support to have detailed info about provisioning progress
+
* 增加事件日誌支持注入過程中的詳細信息
* Optional default node group and cluster templates per plugin
+
* 每個插件可選擇的默認節點組和集群模板
* Horizon updates:
+
* Horizo​​n更新:
** Guided cluster creation and job execution
+
** 嚮導式創建集群和任務調度
** Filtering on search for objects
+
** 查找對象時過濾
* Editing of Node Group templates and Cluster templates implemented
+
* 實現了節點組模板編輯和集群模板
* Added Shell Job Type for clusters running Oozie
+
* 為集群運行Oozie增加了Shell任務類型
* New Job Types endpoint to query list of the supported Job Types
+
* 新的任務類型端點(endpoint),用於查詢已知的任務類型列表
  
  
=== Upgrade Notes ===
+
=== 升級提示 ===
  
Details: http://docs.openstack.org/developer/sahara/userdoc/upgrade.guide.html#juno-kilo
+
更多詳細信息:http://docs.openstack.org/developer/sahara/userdoc/upgrade.guide.html#juno-kilo
  
* Sahara now requires policy.json configuration file.
+
* Sahara現在支持policy.json配置文件。
  
  
 
== OpenStack Bare Metal service (Ironic) ==
 
== OpenStack Bare Metal service (Ironic) ==
  
=== Key New Features ===
+
=== 新功能 ===
  
 
==== State Machine ====
 
==== State Machine ====
  
Ironic now uses a formal model for the logical state of each node it manages ([http://specs.openstack.org/openstack/ironic-specs/specs/kilo/new-ironic-state-machine.html#proposed-change New Ironic State Machine]). This has enabled the addition of two new processes: '''cleaning''' and '''inspection'''.
+
Ironic現在使用一個正式的模式管理每個節點的邏輯狀態。 <ref name="states">[http://specs.openstack.org/openstack/ironic-specs/specs/kilo/new-ironic-state-machine.html#proposed-change]Ironic新的狀態機</ ref>。這樣就開啟了兩個附屬的進程:'''清理(cleaning)''' and '''檢查(inspection)'''
* Automatic disk erasure between tenants is now enabled by default. This may be extended to perform additional '''cleaning''' steps, such as re-applying firmware, resetting BIOS settings, etc ([http://docs.openstack.org/developer/ironic/deploy/cleaning.html Node Cleaning]).
+
* 現在默認支持項目間的自動磁盤清除。這可能需要為'''清理(cleaning)'''擴展額外的步驟,例如重新申請fireware,重置BIOS設置等<ref name="cleaning">[http://docs.openstack.org/developer/ ironic/deploy/cleaning.html]節點清理</ref>
* Both in-band and out-of-band methods are available to '''inspect''' hardware. These methods may be used to update Node properties automatically ([http://docs.openstack.org/developer/ironic/deploy/install-guide.html#hardware-inspection Hardware Inspection]).
+
 
 +
* 硬件的'''檢查(inspect)''',同時支持帶內(in-band)和帶外(out-of-band)兩種方式。這些方法可能會自動更新節點設置。 <ref name="inspect">[http://docs.openstack.org/developer/ironic/deploy/install-guide.html#hardware-inspection]硬件檢查</ref>
  
 
==== Version Headers ====
 
==== Version Headers ====
  
The Ironic REST API expects a new ''X-OpenStack-Ironic-API-Version'' header be passed with each HTTP[S] request. This header allows client and server to negotiate a mutually supported interface ([http://specs.openstack.org/openstack/ironic-specs/specs/kilo/api-microversions.html REST API "micro" versions]). In the absence of this header, the REST service will default to a compatibility mode and yield responses compatible with Juno clients. This mode, however, prevents access to most features introduced in Kilo.
+
Ironic REST API在HTTP[S]請求的頭信息中增加了一個新的''X-OpenStack-Ironic-API-Version''。這個頭信息允許客戶端和服務端在協商時支持一個統一的接口。 <ref name="api-version">[http://specs.openstack.org/openstack/ironic-specs/specs/kilo/api-microversions.html]REST API "micro"版本</ref>。如果頭信息缺失,REST服務會默認進入兼容模式,並且產生一個兼容Juno客戶端的響應。這種模式是被限制訪問Kilo提供的最新功能的。
  
==== Hardware Driver Changes ====
+
==== 硬體驅動更新 ====
  
The following new drivers were added:
+
以下驅動被添加:
 
* [http://docs.openstack.org/developer/ironic/drivers/amt.html AMT]
 
* [http://docs.openstack.org/developer/ironic/drivers/amt.html AMT]
 
* [http://docs.openstack.org/developer/ironic/deploy/drivers.html#irmc iRMC]
 
* [http://docs.openstack.org/developer/ironic/deploy/drivers.html#irmc iRMC]
Line 555: Line 549:
  
  
The following enhancements were made to existing drivers:
+
對於已經存在的驅動,有以下增強點:
* [http://docs.openstack.org/developer/ironic/deploy/install-guide.html#enabling-the-configuration-drive-configdrive Configdrives] may be used with the "agent" drivers in lieu of a metadata service, if desired.
+
* [http://docs.openstack.org/developer/ironic/deploy/install-guide.html#enabling-the-configuration-drive-configdrive Configdrives] 可以用於"agent"驅動替代metadata服務。
* SeaMicro driver supports serial console
+
* SeaMicro驅動支持​​串口控制台
* [http://docs.openstack.org/developer/ironic/drivers/ilo.html#uefi-secure-boot-support iLO driver supports UEFI secure boot]
+
* [http://docs.openstack.org/developer/ironic/drivers/ilo.html#uefi-secure-boot-support iLO驅動支持UEFI安全啟動]
* [http://docs.openstack.org/developer/ironic/drivers/ilo.html#hardware-inspection iLO driver supports out-of-band node inspection]
+
* [http://docs.openstack.org/developer/ironic/drivers/ilo.html#hardware-inspection iLO驅動支持帶外(out-of-band)節點檢查]
* [http://docs.openstack.org/developer/ironic/drivers/ilo.html#ilo-node-cleaning iLO driver supports resetting ilo and bios during cleaning]
+
* [http://docs.openstack.org/developer/ironic/drivers/ilo.html#ilo-node-cleaning iLO驅動在清理過程中支持ilo和bios重置]
  
  
Support for third-party and out-of-tree drivers is enhanced by the following two changes:
+
支持第三方和未列出的驅動,通過以下兩點得到增強:
* Drivers may store their own "internal" information about Nodes.
+
* 驅動可以存儲節點"內部的"信息
* Drivers may register their own periodic tasks to be run by the Conductor.
+
* 驅動可以註冊自己的定時任務,並且由Conductor執行
* ''vendor_passthru'' methods now support additional HTTP methods (eg, PUT and POST).
+
* ''vender_passthru''方法現在支持額外的HTTP方法(例如PUT和POST)
* ''vendor_passthru'' methods are now discoverable in the REST API. See [http://docs.openstack.org/developer/ironic/dev/drivers.html#node-vendor-passthru node vendor passthru] and [http://docs.openstack.org/developer/ironic/dev/drivers.html#driver-vendor-passthru driver vendor passthru]
+
* ''vendor_passthru''方法現在可以在REST API中被發現。查看[http://docs.openstack.org/developer/ironic/dev/drivers.html#node-vendor-passthru node vendor passthru][http://docs.openstack.org/developer/ironic/dev/drivers .html#driver-vendor-passthru driver vendor passthru]
  
==== Other Changes ====
+
==== 其他更新 ====
  
* [http://docs.openstack.org/developer/ironic/deploy/install-guide.html#logical-names Logical names] may be used to address Nodes, in addition to their canonical UUID.
+
* 除了正式的UUID之外,[http://docs.openstack.org/developer/ironic/deploy/install-guide.html#logical-names 邏輯名稱]可以被用來標識節點。
* For servers with varied local disks, [http://docs.openstack.org/developer/ironic/deploy/install-guide.html#specifying-the-disk-for-deployment ''hints''] may be supplied that affect which disk device the OS is provisioned to.
+
* 對於擁有多個本地磁盤的服務器,[http://docs.openstack.org/developer/ironic/deploy/install-guide.html#specifying-the-disk-for-deployment ''提示'']可以提供哪些OS在註入時產生影響
* Support for fetching kernel, ramdisk, and instance images from HTTP[S] sources directly has been added to remove the dependency on Glance. [http://docs.openstack.org/developer/ironic/deploy/install-guide.html#using-ironic-as-a-standalone-service Using ironic as a standalone service]
+
* 支持從HTTP[S]源中直接獲取kernel, ramdisk和實例鏡像,並且從Glance移除了依賴[http://docs.openstack.org/developer/ironic/deploy/install-guide.html#using- ironic-as-a-standalone-service 使用Ironic作為獨立服務]
* Nodes may be placed into ''[http://docs.openstack.org/developer/ironic/deploy/install-guide.html#maintenance-mode maintenance mode]'' via REST API calls. An optional ''maintenance reason'' may be specified when doing so.
+
* 可以通過REST API將節點設置為維護模式''[http://docs.openstack.org/developer/ironic/deploy/install-guide.html#maintenance-mode 維護模式]''。一個可選項''維護模式原因''可以標識原因。
  
=== Known Issues ===
+
=== 已知問題 ===
  
* '''Running more than one nova-compute process is not officially supported.'''
+
* 運行一個以上的nova-compute沒有被正式的支持
** While Ironic does include a ClusteredComputeManager, which allows running more than one nova-compute process with Ironic, it should be considered experimental and has many known problems.
+
** 當然Ironic包含了ClusteredComputeManager,允許多餘一個以上的nova-compute進程,這個功能被視為實驗階段,並且已經存在了很多問題
* Drivers using the "agent" deploy mechanism do not support "rebuild --preserve-ephemeral"
+
* 使用“agent”驅動的部署策略不支持"rebuild --preserve-ephemeral"
  
=== Upgrade Notes ===
+
=== 升級提示 ===
  
* IPMI Passwords are now obfuscated in REST API responses. This may be disabled by changing API policy settings.
+
* IPMI的密碼使REST API請求混亂。可以通過API策略設定關閉。
* The "agent" class of drivers now support both whole-disk and partition based images.
+
* 驅動的"agent"類現在支持全盤或者分區鏡像。
* The driver_info parameters of "pxe_deploy_kernel" and "pxe_deploy_ramdisk" are deprecated in favour of "deploy_kernel" and "deploy_ramdisk".
+
* "pxe_deploy_kernel""pxe_deploy_ramdisk"的driver_info參數被廢棄,取而代之的是"deploy_kernel""deploy_ramdisk"
* Drivers implementing their own version of the vendor_passthru() method has been deprecated in favour of the new @passthru decorator.
+
* 驅動自己實現的版本的方法vendor_passthru()被廢棄,取而代之的是使用裝飾器@passthru。
  
==== Juno to Kilo ====
+
==== Juno升级到Kilo ====
  
The recommended upgrade process is documented here:
+
升級文件請參考:
 
* http://docs.openstack.org/developer/ironic/deploy/upgrade-guide.html#upgrading-from-juno-to-kilo
 
* http://docs.openstack.org/developer/ironic/deploy/upgrade-guide.html#upgrading-from-juno-to-kilo
  
==== Upgrading from Icehouse "nova-baremetal" ====
+
==== 從Icehouse的"nova-baremetal"升級 ====
  
An upgrade from an Icehouse Nova installation using the "baremetal" driver directly to Kilo Ironic is untested and unsupported. Instead, please follow the following upgrade path:
+
直接從Icehouse的Nova安裝中使用“baremetal”驅動直接到Kilo的Ironic,沒有經過測試也不支持。替代方案,請遵循以下升級順序:
 
# Icehouse Nova "baremetal" -> Juno Nova "baremetal"
 
# Icehouse Nova "baremetal" -> Juno Nova "baremetal"
 
# Juno Nova "baremetal" -> Juno Ironic
 
# Juno Nova "baremetal" -> Juno Ironic
 
# Juno Ironic -> Kilo Ironic
 
# Juno Ironic -> Kilo Ironic
  
Documentation for steps 1 and 2 is available at: https://wiki.openstack.org/wiki/Ironic/NovaBaremetalIronicMigration
+
第一步和第二步的文件:https://wiki.openstack.org/wiki/Ironic/NovaBaremetalIronicMigration
  
  
== OpenStack Documentation ==
+
== OpenStack 文件 ==
  
* New [http://docs.openstack.org docs.openstack.org] landing page and new web design for [http://docs.openstack.org/user-guide/ End User Guide] and [http://docs.openstack.org/user-guide-admin/ Admin User Guide]
+
* 全新的[http://docs.openstack.org docs.openstack.org]訪問頁面和全新設計的[http://docs.openstack.org/user-guide/ 用戶使用指南(End User Guide)][http://docs.openstack.org/user-guide-admin/ 管理員指南(Admin User Guide)]
* First release of the [http://docs.openstack.org/networking-guide/ Networking Guide]
+
* 第一個版本的[http://docs.openstack.org/networking-guide/ 網絡指南(Networking Guide)]
* Migration to RST for [http://docs.openstack.org/user-guide/ End User Guide] and [http://docs.openstack.org/user-guide-admin/ Admin User Guide]
+
* 將RST遷移至[http://docs.openstack.org/user-guide/ 用戶使用指南(End User Guide)][http://docs.openstack.org/user-guide-admin/ 管理員指南(Admin User Guide)]
* New specialty teams:
+
* 全新的專業團隊:
** Install Guides
+
** 安裝指南(Install Guides)
** High Availability Guide
+
** 網絡指南(Networking Guide)
** Networking Guide
+
** 高可靠指南(High Availability Guide)
** User Guides (Admin and End User)
+
** 用戶指南(包含管理員和最終用戶)
* First App Tutorial sprint
+
* 第一個App指導(First App Tutorial sprint)
* Driver documentation clarification and connections
+
* 驅動文檔說明和關係說明(Driver documentation clarification and connections)

Latest revision as of 08:47, 6 July 2015

Other languages:
English • ‎日本語 • ‎한국어 • ‎русский • ‎中文(简体)‎ • ‎中文(台灣)‎

OpenStack 2015.1.0 (Kilo) Release Notes

The Kilo release of OpenStack is dedicated to the loving memory of Chris Yeoh, who left his family and us way too soon.

Contents


OpenStack 物件儲存 (Swift)

新功能

Erasure Code (beta)

Swift從這個版本開始支援Erasure Code,使得佈署人員可以用極少的Raw原始容量達到更高的可用性,如同在副本儲存中一樣,然而 EC需要更多的CPU和網路資源,所以並不適合所有的專案,EC非常適合使用在一個獨立且極少訪問的大量儲存區域。

SwiftEC的實現對於用戶是透明的,對於副本儲存和EC的類型,在API上沒有任何區別.

swift為了支援EC現在必須依賴PyECLib和liberasurecode,liberasurecode是一個可插件式的函式庫,允許你在所選擇的函式庫中實作你的EC演算法.

更完整的文件請參閱http://swift.openstack.org/overview_erasure_code.html

Composite tokens

Composite tokens允許其他OpenStack Services以Clint端的名義將數據儲存於Swift中,所以無論是Clint端還是Services在更新數據時,都不需要雙方彼此授權。

舉一個典型的例子就是用戶請求NOVA 存放一個VM的快照,NOVA 將請求傳遞給 Glance,Glance將鏡像寫入Swift容器中的一組對象中。在這樣的場景下用戶沒有來自服務的有效tokens無法直接修改快照數據。同樣,服務自身也無法在沒有有效tokens的情形下更新數據。但是數據的確存在於用戶的Swift帳戶中,這樣使得帳戶管理更加簡單。

更完整的文件請參閱http://swift.openstack.org/overview_backing_store.html

更小規模不平和集群的數據位置更新

Swift數據存放的位置根據硬體當前負載決定。當前, 允許維護人員添加新的Zenes和regions,而不需要立即觸發大規模數據遷移, 同時,如果一個群集是非平衡的(例如,在一個Zones的集群中,其中一個的容量式另一個的兩倍),swift會更有效的使用現有空間,並且當副本在集群空間不足時發出警告。

區域性集群複製優化

regions 之間複製時,每次複製只移動一個副本,這樣遠程的regions可以在內部複製,避免更多的數據在WAN中拷貝。

已知問題

作為Bata更新 EC的功能接近完成,但對於某些功能仍然不完整(Multi-range讀取),並且沒有一個完整的性能測算,這個功能為了持久依賴於ssync 。佈署人員督促我們做更大規模的測試,並且不要在生產環境佈署中使用EC儲存。

升級提示

像往常一樣你能在不影響用戶體驗的前提下升級到這個Swift版本。

為了支援EC Swift需要依賴PyECLib和liberasurecode 並且evenlet的最低版本要求也升高了。


OpenStack Compute (Nova)

新功能

API v2.1

我們有了下一代Nova API的第一個更新版本v2.1 v2.1版本的目的是向回兼容v2.0版本 並且擁有增強的API校驗 API所有更新式通過發佈microversin發現的 更多訊息請:http://specs.openstack.org/openstack/nova-specs/specs/kilo/implemented/api-microversions.html

kilo版本中我們仍然使用v2.0 API的代碼提供v2.0 API的請求 我們希望v2.1將能夠同時為v2.0和v2.1的請求提供服務。

  • liberty v2.0現在被凍結了 所有功能被添加在v2.1 API中使用microversions機制實現 kilo版本microversion 更新包括:
    • 擴展keypair API 支援x509驗證 能夠旱windows WinRM使用 這個功能式v2.1 API中第一個被以microversion添加的功能。
      • 在os-exrended-server-attributes暴露擴展屬性
  • python-novaclient 現在尚未支援 API v2.1
  • Nova v2.1 API策略執行得到優化
    • 只在API入執行策略
    • 對於單一的API 去掉了重複性規則
    • 所有的v2.1 API的策略'os_compute_api'作為前綴以區別於v2 API
    • 之前由於在db層面權限檢查的(hard-code)部份Nova API並不支持策略的配置總是需要admin用戶權限 部份 nova2.1 API中(hard-code)權限檢查被移除 使得API策略可配置 其餘的(hard-code)將在liberty版本被移除掉

升級支援

我們減少了使用DB遷移腳本執行數據遷移,現在這個部份使用一種叫作lazy的方式在DB代碼中完成。在Nova-manage命令中可以幫助強制進行數據遷移。更多信息:http://specs.openstack.org/openstack/nova-specs/specs/kilo/approved/flavor-from-sysmeta-to-blob.html

  • https://review.openstack.org/#/c/97946/ 增加了編號為267的數據庫遷移腳本,這個腳本主要掃描instances.uuid為空(null)的記錄並且一旦發現就會導致失敗,因為遷移中需要保證instances.uuid非空並且在那個字段加入了UniqueConstraint限制。為了避免數據庫遷移失敗,提供了一個幫助腳本用來搜索空(null)的instances.uuid的記錄。運行'nova-manage db sync'之前,運行幫助腳本'nova-manage db null_instance_uuid_scan',默認情況下,該腳本只會檢索記錄,並將結果輸出,不會改變任何內容。如果在參數中加入--delete,就會自動刪除所有instances.uuid為空的記錄。

Scheduler

  • 一系列的性能優化
  • 我們在優化scheudler的代碼結構,這將幫助我們能夠演進和優化調度過程。這一點對於終端用戶不可見。

Cells v2

  • 已經開始添加了對cell v2版本的支持,但是還沒達到能夠使用的程度。
  • 新的'nova-manage api_db sync' 和'nova-manage api_db version'命令用於支持cell新的api數據庫結構,但是還沒有任何代碼使用該數據庫,所有沒有必要建立。

Compute Drivers

Hyper-V
Libvirt (KVM)
VMware
Ironic

已知問題

Evacuate恢復部份代碼在損壞數據的潛在危險。在nova-compute啟動過程中,虛擬化端回報instance的狀態,用於檢查實體主機發生故障過程中,虛擬機是否被移走了。如果此時發現的確發生遷移了,那麼本地的數據就會被徹底刪除。這樣就存在潛在的可能出現選擇錯誤,虛擬機被錯誤的銷毀。在libvirt節點上,這樣的情況可能會由於改變系統的主機名引發。在Vmware節點中,這個可能會由於嘗試兩個不同的主機名管理同一個vcenter引發這個bug可能會在Liberty中得到修復, 但是在當前佈署中,關閉這種行為的建議是設置destroy_after_evacuate=False。 注意 這個並不是回歸(regression)並且在evacuate的設計中已經提到這個瑕疵。這個並不容易修復,所以使用這種方式繞過去(workaround)解決這個遣在的數據損壞。在Liberty的修復紀錄: https://review.openstack.org/#/c/161444/。

  • The generate config examples possibly missing some oslo related configuration

升級提示

下面是你在升級中需要了解的內容。在可能的情況下,git提交的hash編碼會提供你找到更多更詳細的信息:

  • 如果你的Neutron端口(ports)是在Nova之外建立的,在你的服務器刪除後並不會刪除這些端口:1153a46738fc3ffff98a1df9d94b5a55fdd58777
  • EC2 API支持現在被廢棄了,可能要在kilo刪除掉:f098398a836e3671c49bb884b4a1a1988053f4b2
  • Websocket代理需要被和API節點一起升級,由於舊的API節點在鑑權控制台權限時不會發送access_url,新的代理服務(這個提交和以後的)處理類似請求時會鑑權失敗9621ccaf05900009d67cdadeb1aac27368114a61
  • 在全部升級到kilo後(例如,所有節點都運行kilo代碼),你需要在後台運行一個flavor信息更新的遷移,把舊名字改為新名字。 Kilo的conductor節點會根據需要進行處理,但是其餘的空閒數據需要在後台完成遷移。這個要在Liberty更新後全部完成,到時候舊的位置會被廢棄。使用"nova-manage migrate-flavor-data"完成遷移。
  • 由於Nova v2.1 API強制策略的優化。在v2.1 API策略上有一系列改變發生。因為v2.1 API之前一直沒有更新,所以這些改變無法向前兼容。所以最好使用策略的樣例配置取代之前的版本。
  • VMware拯救(rescue)虛擬機的行為不再生成一個新的虛擬機而是直接在當前鏡像上進行:cd1765459a24e52e1b933c8e05517fed75ac9d41
  • force_config_drive = always被廢棄了,需要使用force_config_drive = True替換:c12a78b35dc910fa97df888960ef2b9a64557254
  • 運行hyper-v,如果你已經部署的代碼晚於這個commit b4d57ab65836460d0d9cb8889ec2e6c3986c0a9b,但是早於這個commit c8e9f8e71de64273f10498c5ad959634bfe79975,那麼你可能存在問題,需要手動解決,查看這個commit c8e9f8e71de64273f10498c5ad959634bfe79975
  • 改變multi_instance_display_name_template的默認值:609b2df339785bff9e30a9d67d5c853562ae3344
  • 使用"nova-manage db null_instance_uuid_scan"確保DB遷移之前數據是乾淨的,c0ea53ce353684b48303fc59393930c3fa5ade58


OpenStack 映像檔服務 (Glance)

新功能

已知問題

當鏡像名稱長度大於255個字時 添加鏡像時會拋出Error500:https://bugs.launchpad.net/glance/+bug/1424038

升級提示

  • 移除廢棄的選項db_enforce_mysql_charset。相應的commit: efeb69f9033a57a1c806f71ee3ed9fd3f4d2475e
  • 現在支持metadef資源的通知,相應的commit: fd547e3717dc4a3a92c1cb2104c18608a4f4872a
  • VMware多datastore支持可以通過幾個選項進行配置,相應的commit: 96fb31d7459bd4e05e05205​​3177dce4d38cdaf90
  • 移除eventlet執行方法,並且增加一個新的Taskflow的執行方法,用於異步任務,相應的commits: ae3135e1d67df77697a24fddaee3efeadb34a0dd和a39debfd55f6872e5f4f955b75728c936d1cee4b
  • 在配置中使用endpoint配置替代snet配置,相應的commit: 41a9a065531ec946b4a9baf999f97d10fa493826
  • Digest算法現在可以配置,相應的commit: 82194e0c422966422f7a4e2157125c7ad8fbc5b5
  • 清理已經被刪除的鏡像,鏡像在'保存中'狀態時刪除。相應的commit: 0dc8fbb3479a53c5bba8475d14f4c7206904c5ea
  • Glance現在使用畢業的oslo.policy模塊。相應的commit: cb7d5a4795bbdaf4dc3eaaf0a6fb1add52c09011
  • 鏡像現在可以設置為未啟用狀態。一個新的'未啟用'狀態已經添加到鏡像數據中。相應的commit: b000c85b7fabbe944b4df3ab57ff73883328f40d


OpenStack Dashboard (Horizon)

新功能

  • 支援透過Web單點登入的統一驗證方式——在Keystone中做配置後,用戶就能選擇驗證機制來使用已佈署的功能。這些功能的使用能夠通過更改local_settings.py配置實現。 相關啟用設置和配置可以在這裡找到:here
  • 支援主題—— 包含了可以為Horizon自定義主題的簡單功能。允許使用Bootstrap的CSS值,Horizon定義的變量 以及自定義CSS。更多信息参见:here
  • Sahara Ux 改進 cluster和job創建引導頁的增加改進了Sahara的用戶體驗。
  • Launch Intance嚮導(beta) —— 用AngularJS實現了launch instance workflow的全面替代,用以解決現有的launch instance workflow的可用性問題。這項功能最近才引入並且缺乏測試,所以在Kilo版本中標記為beta並且默認是不啟用的。要使用新的workflow,需要對local_settings.py做如下更改:LAUNCH_INSTANCE_NG_ENABLED = True。另外,可以做如下更改來禁用默認的啟用instance嚮導:LAUNCH_INSTANCE_LEGACY_ENABLED = False。這項新功能體現了Horizo​​n未來的發展。
  • Nova
    • 允許Service在Hypervisor中 啟用/禁用
    • 從host遷移所有Instance
    • 曝露serial console
  • Cinder
    • 默認為Cinder v2
    • 支援已管理/未管理的volume 允許管理員管理已存在的volume不在被cinder管理 未管理的被cinder管理
    • 支援project間的volume轉移
    • 支援volume加密數據
  • Glance
    • 增加介面允許管理員察看/新增/修改 Glance數據定義
  • Heat
    • Stack Template界面
    • 操作資源控制板
    • Stacks的掛起/恢復操作
    • 預覽Stack界面允許用戶在定義模板中的stacks前可以先預覽。
  • Trove
    • 調整Trove實例-更改instance的flavor
  • Ceilometer
    • 調整來源於Ceilometer的IPMI測量數據

*Horizon中新的可重複使用的AngularJS widgets:

    • AngularJS表格實現
    • Table繪製-擴展的表格內容
    • 改進Client/server查找
    • 轉換表格widget
  • 為Horizon配置web root不僅僅限於'/'

已知問題

升級提示

目前支援Django1.7


OpenStack Identity (Keystone)

新功能

分層multitenancy

創建一個新的project時,可以設置屬性parent_id的值為一個已存在project,使 Projects嵌套在其他projects下。

Role現在可以分配給project分層子樹上的-role-to-user-on-projects-in-a-subtree usersinherit-ext.rst#assign-role-to-group-on-projects-in-a-subtree groups

這項功能還需要其他Openstack服務(例如hierarchical quotas)的相應支持使其廣泛的生效

Fernet tokens

區別於UUID tokens只能持久化存入數據庫,Fernet tokens完全不需要持久化。部署人員可以通過設置keystone.conf中的 [token] provider = keystone.token.providers.fernet.Provider來啟用Fernet token

Fernet tokens需要symmetric encryption keys,這些keys可以使用keystone-manage fernet_setup建立, 並且使用keystone-manage fernet_rotate週期性地輪換。這些keys必須被在一個multi-node(或者multi-region)部署中的所有Keyston nodes共享,這樣就能使一個node生成的tokens可以立即被其他節點驗證。

Identity federation

  • Keystone現在可以作為聯邦身份提供者(IdP: federated identity provider)為另外一個Keystone實例提供本地用戶的SAML斷言(​​SAML assertions),可能是ECP封裝(ECP-wrapped)。
  • 支持OpenID連接作為聯邦身份鑑權機制(federated identity authentication mechanism)。
  • 在Keystone中增加對多"Remote IDs"關聯到單一的鑑權提供者。這有助於有多身份提供者使用一個通用的映射。
  • 增加為已經擁有Idp用戶通過web瀏覽器鑑權的能力,實現單點登錄。
  • 聯邦令牌(federated tokens)現在使用token鑑權方法,mappedsaml2仍然有效。
  • 聯邦用戶(federated users)可以映射到本地已經存在的身份上。
  • 在規則集(rulesets)映射中定義的組可以用名字和域鑑權
  • 出現在聯邦身份斷言(federated identity assertions)中的組,可以被自動的映射為本地已經存在的組中,並且擁有本地用戶關係映射(通過白名單和黑名單過濾)

LDAP

  • 用戶指定的API過濾項現在由LDAP本身處理,現在由keystone取代
  • "試驗性"支持存儲指定域(domain-specific)鑑權後端HTTP API在SQL中配置。這個主要用戶場景是,當使用HTTP API創建一個新的域(domain),並且馬上配置一個指定域(domain-specific)的LDAP驅動,而不需要重啟keystone。

授權

  • "分配(assignment)"後端已經被分離到"資源(resource)"後端(包含domains, projects和roles),並且"分配(assignment)"的後端包含了授權的映射模型
  • 支持再次信任授權。當信任關係建立後,被信任人可以通過另外一個信任重新授權該信任的角色。
  • Keystone支持無範圍(unscoped)的token請求,即使用戶設置了default_project_id
  • 部署人員可以修改配置來限制已經有範圍的令牌重新獲取範圍(re-scoping),在keystone.conf設置[token] allow_rescope_scoped_token = false


升級提示

  • Keystone的XML支持將在Kilo版本刪除。當從Juno升級到Kilo,​​建議將XML和XmlBodyMiddleware相關的信息從Keystone Paste p配置刪除。這包含刪除XML中間層過濾器以及public_api, admin_api, api_v3, public_version_api, admin_version_api相關的和其他包含XML過濾器的流水線(pipelines)。
  • 所有之前的擴展(OS-FEDERATION, OS-OAUTH1, OS-ENDPOINT-POLICY and OS-EP-FILTER)現在被默認支持,並且在html 相關標記中,標記為"試驗"或者"穩定"。
  • 不在支持SQL結構的回退。這個變化主要是回退並沒有經過良好的測試,而且在很多遷移中需要支持數據變化,難度越來越大。
  • 需要以下Python庫:cryptography, msgpack-python, .python.org/pypi/pysaml2 pysaml2oauthlib
  • keystone.middleware.RequestBodySizeLimiter被廢棄,取而代之的是oslo_middleware.sizelimit.RequestBodySizeLimiter 並且在Liberty移除。
  • Eventlet相關的配置項,如:public_bind_host, bind_host, admin_bind_host, admin_port, public_port< /code>, <code>public_workers, admin_workers, tcp_keepalive, tcp_keepidle被從[DEFAULT]移除掉,移到了[eventlet_server]. 相似的,Eventlet相關的SSL配置選項如:enable, certfile, keyfile, ca_certs, cert_required已經從[ssl]配置項移動到[eventlet_server_ssl].
  • keystone.token.backends.sqlkeystone.token.persistence.backends.sql取代.
  • keystone.token.backends.kvskeystone.token.persistence.backends.kvs取代.
  • keystone.token.backends.memcachekeystone.token.persistence.backends.memcache取代.
  • keystone.assignment.backends.kvskeystone.assignment.backends.sql取代.
  • keystone.identity.backends.kvskeystone.identity.backends.sql取代.
  • keystone.contrib.stats.core.StatsMiddleware被外部工具取代.
  • keystone.catalog.backends.templated.TemplatedCatalogkeystone.catalog.backends.templated.Catalog取代.
  • keystone.contrib.access.core.AccessLogMiddleware被外部訪問日誌取代.
  • keystone.trust.backends.kvskeystone.trust.backends.sql取代.
  • [catalog] endpoint_substitution_whitelist已經從keystone.conf刪除,作為加強安全的一部分。
  • [signing] token_format被從keystone.conf刪除,取代的是[token] provider.

OpenStack Network Service (Neutron)

新功能

  • DVR現在除了VXLAN/GRE外還支持VLANs
  • ML2分層端口綁定(Port Binding)
  • 新的V2版本的LBaas(負載均衡即服務)API
  • 支持OVS ML2驅動的端口安全
  • 在Kilo版本中支持的新插件:
    • A10 Networks LBaaS V2 Driver
    • Brocade LBaaS V2 Driver
    • Brocade ML2 driver for MLX and ICX switches
    • Brocade L3 routing plugin for MLX switch
    • Brocade Vyatta vRouter L3 Plugin
    • Brocade Vyatta vRouter Firewall Driver
    • Brocade Vyatta vRouter VPN Driver
    • Cisco CSR VPNaaS Driver
    • Dragonflow SDN based Distributed Virtual Router L3 Plugin
    • Freescale FWaaS Driver
    • Intel Mcafee NGFW FWaaS Driver
    • IPSEC Strongswan VPNaaS Driver

已知問題

  • 在Kilo版本中,防火牆即服務仍然標記為試驗性功能
  • Bug 1438819
    • 當創建一個新的可訪問外部網絡的子網,所有與該網絡相關的、已經存在的具有網關的路由都會得到一個新的地址。對於IPv4網絡,這樣會為路由的網關消耗掉子網中的全部接口。

升級提示

從Havana版本開始,Neutron不再支持存放指定的租約(https://bugs.launchpad.net/bugs/1202392)。這部分剩餘的殘留代碼包含了一些不曾使用的環境變量。為了刪除掉這些殘餘代碼(https://review.openstack.org/#/c/152398/),需要修改dhcp.filter,所以這一行:

dnsmasq: EnvFilter, dnsmasq, root, NEUTRON_NETWORK_ID=

需要被替換為:

dnsmasq: CommandFilter, dnsmasq, root

在一些高級服務被劃分到獨立的包,並且有自己的配置文件後(特別是:etc/neutron/neutron_lbaas.conf, etc/neutron/neutron_fwaas.conf and etc/neutron/neutron_vpnaas.conf),當前活躍的服務在升級後,配置會產生變化(特別是,默認的負載均衡軟件(haxproxy)和vpn(oepnswn)在升級後會被開啟,儘管你之前可能在neutron.conf關閉了他們)。請務必在升級後檢查你的配置,保證你的新配置和你之前想要啟動的服務一致。

注意:如果在neutron.conf沒有加載相關插件,不會受到影響。


其他的注意信息(廢棄/終止等)

  • 廢棄
    • Brocade的VDX/VCS系列硬件的Monolithic插件将在L版本中废弃。原有插件提供的功能已经在ML2中实现。插件将在这个更新之后被删除。
    • Cisco的Nexus1000V Meta插件将在L版本中废弃。原有插件功能已经在ML2的Cisco Nexus1000V策略驱动实现。插件将在这个更新之后被删除。

OpenStack Block Storage (Cinder)

新功能

  • 從這一刻起,任何新的數據庫結構的更新將不需要Cinder服務立即重啟。服務本身和數據庫結構間沒有直接關聯。這是Cinder支持滾動更新(rolling upgrades)的第一部分!
  • 在已經存在的一致性組中添加或者刪除卷。 獲取更多信息.
  • 從一個已經存在的一致性組的景像中創建一個新的一致性組。 獲取更多信息.
  • 創建了更多已經優化的filters/weighers來設定scheduler如何選擇一個卷的後端。 獲取更多信息.
  • 加密卷現在可以使用Cinder備份服務進行備份。 獲取更多信息.
  • 允許創建私有捲類型。你可以讓卷類型只對特定的租戶可見,或者在更新到正式環境前進行測試。可以用過'cinder type-create <name> --is-public'設置。
  • Thin Provision(精簡配置)的超額認購是可以配置的。 Read docs for more info.
  • 可以為卷類型增加描述信息。使用'cinder type-create <name> <description>'命令創建。
  • Cinder現在可以返回多個iSCSI路徑信息,這樣連接方就能在主路徑(Primary Path)掛掉後,使用其他路徑(當連接方多路徑支持開啟 or 未開啟)。

升級提示

  • cinder.conf中的'host'配置選項被重命名為'backend_host',目的為了避免與redis配置中的'host'命名衝突。如果你使用了這個選項,請務必更新你的配置文件。


OpenStack Telemetry (Ceilometer)

新功能

  • 支持在polling循環中增加抖動,保證pollsters不要在同一時間查詢服務的API
  • 支持Ceilometer API RBAC(基於權限的訪問控制)
  • 優化的事件支持:
    • 多流水線(Multi-pipeline)支持開啟唯一的處理和發布的事件
    • 支持捕獲RAW消息格式,便於審計和事後分析
    • 在彈性搜索中支持持久化事件
    • 發布支持對數據庫、http、分揀、kafka和oslo.messaging支持的消息隊列
    • 增加一個選項,可以將消息的持久化數據存放在一個單獨的數據庫中
    • Ceilometer現在支持使用時間(events)採集和存儲所有事件類型的測量(meters)。一個新的選項,disable_non_metric_meters被加入到配置中,為了關閉將這些事件作為Samples存取的開關。更多信息請參閱Ceilometer配置指南
    • OpenStack手冊中的管理員指南增加了新的事件的選擇, 你能通過這篇文檔獲取更多信息。
  • 優化了流水線(pipeline)發布支持:
    • 支持將事件(events)和samples發佈到Kafka或者Http目標中
    • 將數據發送到多個隊列中
  • 更多的測量(meters)
    • Hyper-V的內存和磁盤測量(meters)
    • LibVir​​t的磁盤測量(meters)
    • IPMI相關的電源和熱量的測量(meters),更多的測量指標查看NodeManager
    • Ceph測量
  • 在Ceilometer中upd的發布和採集支持IPv6格式
  • Gnocchi支持ceilometer-collector分派
  • pollster自我關閉機制


升級提示

  • 失效的測量(meters):
    • instance:<flavor>測量在Kilo版本中廢棄。如果想獲取flavor的samples或者統計你能使用以下查詢:

   統計:    ceilometer statistics -m instance -g resource_metadata.instance_type 

  samples:

   ceilometer sample-list -m instance -q metadata.instance_type=<value>


OpenStack Orchestration (Heat)

新功能

  • 使用嵌套stacks優化擴展性
    • Heat在任何資源的遠程調用(PRC)動作都是基於一個模板(template)。這樣對處理複雜stacks時有利於分擔負載。
  • oslo版本化對象
    • 數據庫層現在使用oslo版本化對象來幫助未來的升級。這樣允許一個新的升級的heat-engine使用一個舊的數據庫結構。注意這並不會幫助升級到kilo版本。
  • 新模板方法
    • 一個新的HOT模板,版本為"20150430",包含了兩個新的方法"digest"和"repeat"
  • 多區域stacks
  • 訪問Heat服務
    • 管理員現在能像其他項目一樣訪問服務狀態。使用"heat-manage service-list"和Horizo​​n。這個功能將匯報heat-engines的活躍狀態。
  • 優化Nova和Neutron資源(properties)的校驗。
  • 在特定資源時(stack鉤子),暫停stack的創建/更新
  • 新貢獻的資源
    • Mistral資源
    • gnocchi告警https://blueprints.launchpad.net/heat/+spec/ceilometer-gnocchi-alarm
    • Keystone資源支持v3版本,項目、角色、用戶和組
  • Stack生命週期調度提示
  • 軟件配置優化
    • 使用Swift TempURLs選項作為部署信號http://specs.openstack.org/openstack/heat-specs/specs/kilo/software-config-swift-signal.html
    • 使用heat命令創建和監控一個部署,在stack之外http://specs.openstack.org/openstack/heat-specs/specs/kilo/software-config-trigger.html

升級提示

  • "num_engine_workers"選項默認值從1變為CPU個數。現在這也是其他項目設置worker數量的方法。
  • "max_nested_stack_depth"默認值增加為5.
  • 新增的"convergence"默認為關閉。這個功能還沒有完成,應該保持關閉。
  • 為了準備即將到來的主要更新(convergence),有一些明顯的數據庫結構變化。建議在升級過程中關閉heat-engine。

其他的注意信息(廢棄/終止等)

廢棄

  • 下列資源被廢棄了OS::Heat::HARestarter和OS::Heat::CWLiteAlarm
  • CloudWatch API (heat-api-cw)


OpenStack Database service (Trove)

新功能

  • 支持一個新的複制策略,基於異步的GTID複製(MySQL 5.6新功能)
    • 當前一個API調用支持從一個單master節點創建n個副本
    • 使用新的'eject-master' API,我們也能支持從一個未響應的master節點,恢復到最近更新的slave節點上
  • Trove guest管理支持以下新的數據存儲:
    • Vertica, and Vertica Cluster
    • DB2
    • CouchDB
  • 擴展當前管理API層:
    • 新的管理API用來獲取列表或查看已經刪除的trove虛擬機
    • 新的管理API用來ping一個數據存儲的guest agent,基於RPC機制
  • Horizo​​n支持重置Trove實例(instances)的規格
  • 用戶現在可以編輯/更新Trove虛擬機(instances)的名字
  • 集成跨項目的OpenStack性能分析庫(OSProfiler)

升級提示

  • 我們從已經廢棄的oslo-incubator消息代碼遷移至官方的oslo.messaging模塊中。配置變更詳情請查看git.openstack.org/cgit/openstack/trove/tree/etc/trove/trove.conf.sample#n18,(更新)
  • 沒有經過任何CI測試過的數據存儲和策略被移入'測試'段中的各自模塊中​​。一旦這些數據存儲和策略在CI中通過測試和gate驗證,他們就會被標記為'穩定'。
  • 添加了新文檔幫助為不同的數據存儲創建鏡像http://docs.openstack.org/developer/trove/dev/building_guest_images.html


OpenStack Data Processing service (Sahara)

新功能

  • 新插件,功能和版本:
    • MAPR
    • Apache Storm
    • 添加了Apache Hadoop 2.6.0, Apache Hadoop 2.4.1被廢棄
    • 新的服務CDH插件加入HDFS, YARN, Spark, Oozie, HBase, Zookeeper和其他服務
  • 增加非直接的虛擬機(instances)訪問,以更好地利用floating ip
  • 增加事件日誌支持注入過程中的詳細信息
  • 每個插件可選擇的默認節點組和集群模板
  • Horizo​​n更新:
    • 嚮導式創建集群和任務調度
    • 查找對象時過濾
  • 實現了節點組模板編輯和集群模板
  • 為集群運行Oozie增加了Shell任務類型
  • 新的任務類型端點(endpoint),用於查詢已知的任務類型列表


升級提示

更多詳細信息:http://docs.openstack.org/developer/sahara/userdoc/upgrade.guide.html#juno-kilo

  • Sahara現在支持policy.json配置文件。


OpenStack Bare Metal service (Ironic)

新功能

State Machine

Ironic現在使用一個正式的模式管理每個節點的邏輯狀態。 Cite error: Closing </ref> missing for <ref> tag

  • 硬件的檢查(inspect),同時支持帶內(in-band)和帶外(out-of-band)兩種方式。這些方法可能會自動更新節點設置。 [1]

Version Headers

Ironic REST API在HTTP[S]請求的頭信息中增加了一個新的X-OpenStack-Ironic-API-Version。這個頭信息允許客戶端和服務端在協商時支持一個統一的接口。 [2]。如果頭信息缺失,REST服務會默認進入兼容模式,並且產生一個兼容Juno客戶端的響應。這種模式是被限制訪問Kilo提供的最新功能的。

硬體驅動更新

以下驅動被添加:


對於已經存在的驅動,有以下增強點:


支持第三方和未列出的驅動,通過以下兩點得到增強:

其他更新

已知問題

  • 運行一個以上的nova-compute沒有被正式的支持
    • 當然Ironic包含了ClusteredComputeManager,允許多餘一個以上的nova-compute進程,這個功能被視為實驗階段,並且已經存在了很多問題
  • 使用“agent”驅動的部署策略不支持"rebuild --preserve-ephemeral"

升級提示

  • IPMI的密碼使REST API請求混亂。可以通過API策略設定關閉。
  • 驅動的"agent"類現在支持全盤或者分區鏡像。
  • "pxe_deploy_kernel"和"pxe_deploy_ramdisk"的driver_info參數被廢棄,取而代之的是"deploy_kernel"和"deploy_ramdisk"。
  • 驅動自己實現的版本的方法vendor_passthru()被廢棄,取而代之的是使用裝飾器@passthru。

Juno升级到Kilo

升級文件請參考:

從Icehouse的"nova-baremetal"升級

直接從Icehouse的Nova安裝中使用“baremetal”驅動直接到Kilo的Ironic,沒有經過測試也不支持。替代方案,請遵循以下升級順序:

  1. Icehouse Nova "baremetal" -> Juno Nova "baremetal"
  2. Juno Nova "baremetal" -> Juno Ironic
  3. Juno Ironic -> Kilo Ironic

第一步和第二步的文件:https://wiki.openstack.org/wiki/Ironic/NovaBaremetalIronicMigration


OpenStack 文件

  • [1]硬件檢查
  • [2]REST API "micro"版本
    • Retrieved from "https://wiki.openstack.org/w/index.php?title=ReleaseNotes/Kilo/zh-tw&oldid=85133"