Jump to: navigation, search

Difference between revisions of "ReleaseNotes/Liberty/zh-tw"

(Created page with "==== Gnocchi功能 ==== * Initial influxdb driver implemented.")
(Created page with "==== Aodh功能 ==== * Event alarms - ability to trigger an action when an event is received. * Trust support in alarms [https://blueprints.launchpad.net/ceilometer/+spec/trus...")
Line 231: Line 231:
 
* Initial influxdb driver implemented.
 
* Initial influxdb driver implemented.
  
==== Aodh Features ====
+
==== Aodh功能 ====
 
* Event alarms - ability to trigger an action when an event is received.
 
* Event alarms - ability to trigger an action when an event is received.
 
* Trust support in alarms [https://blueprints.launchpad.net/ceilometer/+spec/trust-alarm-notifier link].
 
* Trust support in alarms [https://blueprints.launchpad.net/ceilometer/+spec/trust-alarm-notifier link].

Revision as of 09:44, 27 October 2015

Other languages:
Deutsch • ‎English • ‎日本語 • ‎한국어 • ‎中文(简体)‎ • ‎中文(台灣)‎

OpenStack Liberty更新說明

Contents

OpenStack 物件儲存 (Swift)

完整的版本更新說明請參閱 https://github.com/openstack/swift/blob/master/CHANGELOG

新功能

  • Allow 1+ object-servers-per-disk deployment enabled by a new > 0 integer config value, "servers_per_port" in the [DEFAULT] config section for object-server and/or replication server configurations. The setting's integer value determines how many different object-server workers handle requests for any single unique local port in the ring. In this mode, the parent swift-object-server process continues to run as the original user (i.e. root if low-port binding is required). It binds to all ports as defined in the ring. It then forks off the specified number of workers per listen socket. The child, per-port servers, drops privileges and behaves pretty much how object-server workers always have with one exception: the ring has unique ports per disk, the object-servers will only handle requests for a single disk. The parent process detects dead servers and restarts them (with the correct listen socket). It starts missing servers when an updated ring file is found with a device on the server with a new port, and kills extraneous servers when their port is no longer found in the ring. The ring files are started at most on the schedule configured in the object-server configuration by every the "ring_check_interval" parameter (same default of 15s). In testing, this deployment configuration (with a value of 3) lowers request latency, improves requests per second, and isolates slow disk IO as compared to the existing "workers" setting. To use this, each device must be added to the ring using a different port.
  • The object server includes a "container_update_timeout" setting (with a default of 1 second). This value is the number of seconds that the object server will wait for the container server to update the listing before returning the status of the object PUT operation. Previously, the object server would wait up to 3 seconds for the container server response. The new behavior dramatically lowers object PUT latency when container servers in the cluster are busy (e.g. when the container is very large). Setting the value too low may result in a client PUT'ing an object and not being able to immediately find it in listings. Setting it too high will increase latency for clients when container servers are busy.
  • Added the ability to specify ranges for Static Large Object (SLO) segments.
  • Allow SLO PUTs to forgo per-segment integrity checks. Previously, each segment referenced in the manifest also needed the correct etag and bytes setting. These fields now allow the "null" value to skip those particular checks on the given segment.
  • Replicator configurations now support an "rsync_module" value to allow for per-device rsync modules. This setting gives operators the ability to fine-tune replication traffic in a Swift cluster and isolate replication disk IO to a particular device. Please see the docs and sample config files for more information and examples.
  • Ring changes
    • Partition placement no longer uses the port number to place partitions. This improves dispersion in small clusters running one object server per drive, and it does not affect dispersion in clusters running one object server per server.
    • Added ring-builder-analyzer tool to more easily test and analyze a series of ring management operations.
    • Ring validation now warns if a placement partition gets assigned to the same device multiple times. This happens when devices in the ring are unbalanced (e.g. two servers where one server has significantly more available capacity).
  • TempURL fixes (closes CVE-2015-5223)

    Do not allow PUT tempurls to create pointers to other data. Specifically, disallow the creation of DLO object manifests via a PUT tempurl. This prevents discoverability attacks which can use any PUT tempurl to probe for private data by creating a DLO object manifest and then using the PUT tempurl to head the object.

  • Swift now emits StatsD metrics on a per-policy basis.
  • Fixed an issue with Keystone integration where a COPY request to a service account may have succeeded even if a service token was not included in the request.
  • Bulk upload now treats user xattrs on files in the given archive as object metadata on the resulting created objects.
  • Emit warning log in object replicator if "handoffs_first" or "handoff_delete" is set.
  • Enable object replicator's failure count in swift-recon.
  • Added storage policy support to dispersion tools.
  • Support keystone v3 domains in swift-dispersion.
  • Added domain_remap information to the /info endpoint.
  • Added support for a "default_reseller_prefix" in domain_remap middleware config.
  • Allow rsync to use compression via a "rsync_compress" config. If set to true, compression is only enabled for an rsync to a device in a different region. In some cases, this can speed up cross-region replication data transfer.
  • Added time synchronization check in swift-recon (the --time option).
  • The account reaper now runs faster on large accounts.
  • Various other minor bug fixes and improvements.

升級提示

  • Dependency changes
    • Added six requirement. This is part of an ongoing effort to add support for Python 3.
    • Dropped support for Python 2.6.
  • Config changes
    • Recent versions of Python restrict the number of headers allowed in a request to 100. This number may be too low for custom middleware. The new "extra_header_count" config value in swift.conf can be used to increase the number of headers allowed.
    • Renamed "run_pause" setting to "interval" (current configs with run_pause still work). Future versions of Swift may remove the run_pause setting.
  • The versioned writes feature has been refactored and reimplemented as middleware. You should explicitly add the versioned_writes middleware to your proxy pipeline, but do not remove or disable the existing container server config setting ("allow_versions"), if it is currently enabled. The existing container server config setting enables existing containers to continue being versioned. Please see http://swift.openstack.org/middleware.html#how-to-enable-object-versioning-in-a-swift-cluster for further upgrade notes.

OpenStack 網路服務 (Neutron)

新功能

  • Neutron現在支援IPv6 Prefix Delegation,來自動分配IPv6子網路的CIDRs,此功能的詳細資訊與使用配置請參考 OpenStack Networking Guide.
  • Neutron現在公開了QoS API,而初步提供的頻寬為port level,API, CLI, 配置和其他訊息請參閱: [1].
  • 路由的高可靠(L3 HA/VRRP)現在在第二層population(l2pop)被啟動時工作。 [2].
  • VPNaaS相關驅動現在和HA路由器兼容。
  • Networks的HA路由器使用VRRP traffic 現在需要配置使用特定區段類型或實體網路標籤。 [3].
  • OVS agent重新啟動不會影響資料層連接。
  • Neutron網路現在支援role base access control。 [4].
  • LBaaS V2 相關驅動現在是基於Octavia,一個operator級別的擴展、可靠的負載平衡平台。
  • LBaaS V2 API 目前已經穩定,不再是試驗版本。
  • Neutron現在提供admin手動調度agents,讓tenant使用之前使主機資源被測試。 [5].
  • Neutron現在有一套pluggable IP的管理工具,可以選擇是否使用或第三方IPAM。當初,預設使用IPAM non-pluggable版本。

已棄用和移除的Plugin和Driver

  • metaplugin在Liberty版本中被刪除。
  • IBM SDN-VE monolithic plugin在Liberty版本中被刪除。
  • Cisco N1kV monolithic plugin在Liberty版本中被刪除 (由ML2 mechanism driver取而代之)。
  • Embrane plugin被棄用,將在下一個版本Mitaka中刪除。

已棄用的功能

  • Liberty中FWaaS API被標記為試驗版本,此外,目前的API將會在下一個版本Mitaka被移除,且相關團隊已經在開發新的FWaaS API來取代。
  • LBaaS V1 API已被標記為捨棄,並計畫在將來的版本中刪除。往後則應使用LBaaS V2 API。
  • L3 agent 中的'external_network_bridge'選項已被棄用,支援pyhsnet的bridge_mapping。更多訊息請參考network guide中"Network Node"小節的場景 : http://docs.openstack.org/networking-guide/scenario_legacy_ovs.html

影響效能的因素

  • 舊版本的Trusty Tahr kernel (3.13) 在命名空間增加執行"ip netns exec"效能會出現的線性下樣。 在這樣的情況下規模是很重要的,在之後的kernel版本 (例如 3.19) 應該被使用。 [在版本 3.13 出現的問題,大多數版本已經被修復了。]


注意: 這個regression應該在Trusty Thar 3.13.0-36.63以及之後的版本被修復。更多訊息請參閱: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1328088

使用Octavia驅動程式,建立Neutron-LBaaS負載平衡時,不使用硬體虛擬化將會導致效能低下,這是因為環境中QEMU使用TCG加速套件替代KVM加速套件而沒有使用KVM可用的硬體虛擬化。我們建議開啟運算節點的硬體虛擬化,或在使用Octavia驅動程式時使用巢狀虛擬化來代替虛擬環境。 以下連結查看在DevStack中如何設定巢狀虛擬化來代替KVM:http://docs.openstack.org/developer/devstack/guides/devstack-with-nested-kvm.html

OpenStack 運算服務 (Nova)

新功能

API

Scheduler

在Scheduler架構演變扔在持續中,以及關鍵的bug修復:

Cells v2

Cells v2 目前還是處於不能用的狀態, 但我們增加了一些配套基礎設施:

Compute Driver 功能

Libvirt
VMware
Hyper-V
Ironic

其他功能

升級提示

  • 如果你是從Kilo版本來的,再升級到Liberty之前請先升級到最新版本。由於bug https://bugs.launchpad.net/nova/+bug/1474074 修正從Kilo版本訪問Liberty節版本節點問題
  • RAM 和 CPU分配比率現在是由nova-compute所定義的(所以每個compute節點)。分配率也需要提供scheduler服務。取決於compute節點是否運行 Kilo 或是 Liberty,分配比率表現不同 : 如果compute節點運行Kilo該compute的節點CPU and RAM預設設定將會是在controller的nova.conf上,或是compute節點是Liberty那麼你就可以配置compute分配率為CPU and RAM。為了給操作者提供的分配率所有compute節點,預設分配比勒將是在nova.conf設定為0.0(即使對於controller)。這並不代表分配率實際上是0.0,指示操作者提供那些在下一個版本之前 (例如 Mitaka)。需要了解的是,預設配置扔然是16.0為cpu_allocation_ratio 和 1.5為ram_allocation_ratio。
  • 升級Neutron服務"network-vif-deleted"之前nova-compute應該升級到Liberty版本事件event: https://review.openstack.org/#/c/187871/
  • Rootwrap過濾必須升級之後版本加入 'touch'指令。
    • 在Launchpad中bug提到 imagebackend 和 imagecache之間的條件競爭 1256838.
    • 在這情況下如果base image被 ImageCacheManager刪除當 imagebackend的image複製到instance路徑,那麼instance會出現錯誤狀態
    • 為了解決這個問題,有必要改變並增加在compute.filters 'touch'指令 https://review.openstack.org/#/c/217579/.
    • 在案例競爭條件,當libvirt已經改變基本文件所有權 libvirt-qemu同時imagebackend被複製image,然後我們使用os.utime更新檔案時發生拒絕錯誤。要解決這個錯誤我們需要使用root使用者權限去更新存取'touch'指令。
  • DiskFilter現在是由部分 scheduler_default_filters 在Liberty https://review.openstack.org/#/c/207942/
  • 現在只能對應一個vCenter 叢集到一個nova-compute節點 https://review.openstack.org/#/c/103916/
  • Libvirt driver parallels 已經更名為 virtuozzo
  • Orphaned tables - iscsi_targets, volumes - 已經被刪除
  • 預設paste.ini已經被所有節點更新使用v2.1 API,而v3 節點已經被移除。相容模式middlewear是用來放寬v2.1對/v2 和 /v1.1驗證
  • 對於DB模式降階代碼已經被刪除 : https://blueprints.launchpad.net/nova/+spec/nova-no-downward-sql-migration
  • 預設DB driver我們目前測試是在pymysql 而不是Python-MySQL
  • "powervm" hv_type shim 已經被移除。這只會影響PowerVC driver on stackforge哪個使用舊的images與with hv_type=powervm在image metadata
  • libvirt在Mitaka最低需求版本將會是0.10.2。libvirt本本 < 0.10.2將不再 Liberty使用: https://review.openstack.org/#/c/183220/
  • libvirt.remove_unused_kernels設定選項已經廢除,現在預設為True: https://review.openstack.org/#/c/182315/

已棄用的功能

  • 在禁用tree API擴展的能力已經被棄用 (https://blueprints.launchpad.net/nova/+spec/nova-api-deprecate-extensions)
  • 從 2.21.0開始novaclient.v1_1 模組已經被棄用 [[6]][[7]] 我們將會在第一個Mitaka版本釋出移除python-novaclient Mitaka.
  • Method `novaclient.client.get_client_class` is deprecated [[8]] since 2.29.0. The method will be removed in Mitaka.
  • The mute_weight_value option on weighers has been deprecated, including for use with Cells.
  • The remove_unused_kernels configuration option for the Libvirt driver is now deprecated.
  • The minimum recommended version of vCenter for use with the vcenter driver is now 5.1.0. In Liberty this is logged as a warning, in Mitaka support for versions lower than 5.1.0 will be removed.
  • API v3 specific components have all been deprecated and removed from the default paste.ini

OpenStack Telemetry (Ceilometer)

關鍵的新功能

  • Creation of Aodh to handle alarming service.
  • Metadata caching - reduced load of nova API polling.
  • Declarative meters
    • Ability to generate meters by defining meter definition template.
    • Ability to define specific SNMP meters to poll.
  • Support for data publishing from Ceilometer to Gnocchi.
  • Mandatory limit - limit restricted querying is enforced. The limit must be explicitly provided on queries, otherwise the result set is restricted to a default limit.
  • Distributed, coordinated notification agents - support for workload partitioning across multiple notification agents.
  • Events RBAC support.
  • PowerVM hypervisor support.
  • Improved MongoDB query support - performance improvement to statistic calculations.
  • Additional meter support:
    • Magnum meters
    • DBaaS meters
    • DNSaaS meters

Gnocchi功能

  • Initial influxdb driver implemented.

Aodh功能

  • Event alarms - ability to trigger an action when an event is received.
  • Trust support in alarms link.

Upgrade Notes

  • The name of some middleware used by ceilometer changed in a backward incompatible way. Before upgrading, edit the paste.ini file for ceilometer to change oslo.middleware to oslo_middleware. For example, using sed -ri 's/oslo\.middleware/oslo_middleware/' api_paste.ini
  • The notification agent is a core service to collecting data in Ceilometer. It now handles all transformations and publishing. Polling agents now defer all processing to notification agents, and must be deployed in tandem.
  • A mandatory limit is applied to each request. If no limit is given, it will be restricted to a default limit.

Deprecated Features

  • Ceilometer Alarms is deprecated in favour or Aodh.
  • RPC publisher and collector is deprecated in favour of a topic based notifier publisher.
  • Non-metric meters are still deprecated, and are to be removed in a future release.

OpenStack 身份驗證服務 (Keystone)

新功能

  • Experimental: Domain specific configuration options can be stored in SQL instead of configuration files, using the new REST APIs.
  • Experimental: Keystone now supports tokenless authorization with X.509 SSL client certificate.
  • Configuring per-Identity Provider WebSSO is now supported.
  • openstack_user_domain and openstack_project_domain attributes were added to SAML assertion in order to map user and project domains, respectively.
  • The credentials list call can now have its results filtered by credential type.
  • Support was improved for out-of-tree drivers by defining stable Driver Interfaces.
  • Several features were hardened, including Fernet tokens, Federation, domain specific configurations from database and role assignments.
  • Certain variables in keystone.conf now have options, which determine if the user's setting is valid.

升級提示

  • The EC2 token middleware, deprecated in Juno, is no longer available in keystone. It has been moved to the keystonemiddleware package.
  • The compute_port configuration option, deprecated in Juno, is no longer available.
  • The XML middleware stub has been removed, so references to it must be removed from the keystone-paste.ini configuration file.
  • stats_monitoring and stats_reporting paste filters have been removed, so references to it must be removed from the keystone-paste.ini configuration file.
  • The external authentication plugins ExternalDefault, ExternalDomain, LegacyDefaultDomain, and LegacyDomain, deprecated in Icehouse, are no longer available.
  • keystone.conf now references entrypoint names for drivers. For example, the drivers are now specified as "sql", "ldap", "uuid", rather than the full module path. See the sample configuration file for other examples.
  • We now expose entrypoints for the keystone-manage command instead of a file.
  • Schema downgrades via keystone-manage db_sync are no longer supported. Only upgrades are supported.
  • Features that were "extensions" in previous releases (OAuth delegation, Federated Identity support, Endpoint Policy, etc) are now enabled by default.
  • A new secure_proxy_ssl_header configuration option is available when running keystone behind a proxy.
  • Several configuration options have been deprecated, renamed, or moved to new sections in the keystone.conf file.
  • Domain name information can now be used in policy rules with the attribute domain_name.

已棄用的功能

  • Running Keystone in Eventlet remains deprecated and will be removed in the Mitaka release.
  • Using LDAP as the resource backend, i.e for projects and domains, is now deprecated and will be removed in the Mitaka release.
  • Using the full path to the driver class is deprecated in favor of using the entrypoint. In the Mitaka release, the entrypoint must be used.
  • In the [resource] and [role] sections of the keystone.conf file, not specifying the driver and using the assignment driver is deprecated. In the Mitaka release, the resource and role drivers will default to the SQL driver.
  • In keystone-paste.ini, using paste.filter_factory is deprecated in favor of the "use" directive, specifying an entrypoint.
  • Not specifying a domain during a create user, group or project call, which relied on falling back to the default domain, is now deprecated and will be removed in the N release.
  • Certain deprecated methods from the assignment manager were removed in favor of the same methods in the [resource] and [role] manager.

OpenStack 區塊儲存 (Cinder)

新功能

  • A generic image caching solution, so popular VM images can be cached and copied-on-write to a new volume. 獲取更多的資訊
  • Non-disruptive backups 獲取更多的資訊.
  • Ability to clone consistency groups of volumes 獲取更多的資訊.
  • volume 後端的列表功能 (fetch extra-specs).
  • 嵌套的配額.
  • Default LVM backends to be thin provisioned if available.
  • Corrected cinder service-list to show as Down when a driver fails to initialize.
  • 改善的 volume 移轉管理:
    • Able to see if previous migration attempt was successful
    • Admins able to monitor migrations via cinder list
    • New volume status of 'maintenance' to prevent operations being attempted while migration is occurring
    • Improve backend volume name/id consistency after migration completes

Upgrade Notes

  • A change in parameters to RPC APIs and work on object conversion prevent running Liberty c-vol or c-api services with Kilo or earlier versions of either service.

Deprecated Features

  • Removed Simple and Chance Schedulers.
  • Removed deprecated HDS HUS iSCSI driver.
  • Removed Coraid driver.
  • Remove Solaris iSCSI driver.
  • Removed --force option for allowing upload of image to attached volume.
  • Marked the v1 API as deprecated.

OpenStack 編配服務 (Heat)

新功能

Convergence

Convergence is a new orchestration engine maturing in the heat tree. In Liberty, the benefits of using the convergence engine are:

  • Greater parallelization of resource actions (for better scaling of large templates)
  • The ability to do a stack-update while there is already an update in-progress
  • Better handling of heat-engine failures (still WIP)

The convergence engine can be enabled by setting /etc/heat/heat/conf [DEFAULT] convergence_engine=true, then restarting heat-engine. Once this has been done, any subsequent created stack will use the convergence engine, while operations on existing stacks will continue to use the traditional engine.

Convergence has not been production tested and thus should be considered beta quality - use with caution. For the Liberty release, we recommend enabling convergence for the purposes of evaluation and scale testing. We will be considering making convergence the default engine in the Mitaka cycle. Convergence specific bugs are tracked in launchpad with the convergence-bugs tag.

Conditional resource exposure

Only resources actually installed in the cloud services are made available to users. Operators can further control resources available to users with standard policy rules in policy.json on per-resource type basis.

heat_template_version: 2015-10-15

2015-10-15 indicates that the YAML document is a HOT template and it may contain features added and/or removed up until the Liberty release.

  • Removes the Fn::Select function (path based get_attr/get_param references should be used instead).
  • If no <attribute name> is specified for calls to get_attr, a dict of all attributes is returned, e.g. { get_attr: [<resource name>]}.
  • Adds new str_split intrinsic function
  • Adds support for passing multiple lists to the existing list_join function.
  • Adds support for parsing map/list data to str_replace and list_join (they will be json serialized automatically)

REST API/heatclient additions

  • Stacks can now be assigned with a set of tags, and stack-list can filter and sort through those tags
  • "heat stack-preview ..." will return a preview of changes for a proposed stack-update
  • "heat template-validate --show-nested ..." will also validate all template resources and return nested data useful for building user interfaces
  • "heat resource-type-template --template-type hot ..." generates a template in HOT format
  • "heat resource-type-list" only shows types available to the user, and can filter results by name, version and support_status
  • "heat template-version-list" lists available template versions
  • "heat template-function-list ..." lists available functions for a template version

Enhancements to existing resources

New resources

The following new resources are now distributed with the Heat release:

[1] These existed Kilo as contrib resources as they were for non-integrated projects. These resources are now distributed with Heat as Big Tent projects.

[2] These existed Kilo as contrib resources as they require a user with an admin role. They are now distributed with Heat. Operators now have ability to hide them from under-privileged users by modifyig policy.json (for reference, OS::Nova::Flavor is hidden from non-admin users in default policy file supplied).

[3] These existed in Kilo as contrib resources as they used an approach not endorsed by the Heat project. They are now distributed with heat and documented as UNSUPPORTED.

[4] These resources are for projects which are not yet OpenStack Big Tent projects, so are documented as UNSUPPORTED

With the new OS::Keystone::* resources it is now be possible for cloud operators to use heat templates to manage Keystone service catalog entries and users.

Deprecated Resource Properties

Many resource properties have previously been documented as DEPRECATED. 15 of these properties are now flagged as HIDDEN, which means they will no longer be documented, but existing stacks and templates will continue to work after a heat upgrade. The [ http://docs.openstack.org/developer/heat/template_guide/openstack.html Resource Type Reference] should be consulted to determine available resource properties and attributes.

升級提示

Configuration Changes

Notable changes to the /etc/heat/heat.conf [DEFAULT] section:

  • hidden_stack_tags has been added, and stacks containing these tag names will be hidden from stack-list results (defaults to data-processing-cluster, which hides sahara-created stacks)
  • instance_user was deprecated, and is now removed entirely. Nova servers created with OS::Nova::Server resource will now boot configured with the default user set up with the cloud image. AWS::EC2::Instance still creates "ec2-user"
  • max_resources_per_stack can now be set to -1 to disable enforcement
  • enable_cloud_watch_lite is now false by default as this REST API is deprecated
  • default_software_config_transport has gained the option ZAQAR_MESSAGE
  • default_deployment_signal_transport has gained the option ZAQAR_SIGNAL
  • auth_encryption_key is now documented as requiring exactly 32 characters
  • list_notifier_drivers was deprecated and is now removed
  • policy options have moved to the [oslo_policy] section
  • use_syslog_rfc_format is deprecated and now defaults to true

Notable changes to other sections of heat.conf:

  • [clients_keystone] auth_uri has been added to specify the unversioned keystone url
  • [heat_api] workers now defaults to 4 (was previously 0, which created a worker per host CPU)

The policy file /etc/heat/policy.json can now be configured with per-resource-type access policies, for example: 

   "resource_types:OS::Nova::Flavor": "rule:context_is_admin"

Upgrading from Kilo to Liberty

Progress has been made on supporting live sql migrations, however it is still recommended to bring down the heat service for the duration of the upgrade. Downward SQL schema migrations are no longer supported. A rollback to Kilo will require restoring a snapshot of the pre-upgrade database.

OpenStack 資料處理服務 (Sahara)

新功能

  • New plugins and versions:
    • Ambari plugin with supports HDP 2.2 / 2.3
    • Apache Hadoop 2.7.1 was added, Apache Hadoop 2.6.0 was deprecated
    • CDH 5.4.0 was added with HA support for NameNode and ResourceManager
    • MapR 5.0.0 was added
    • Spark 1.3.1 was added, Spark 1.0.0 was deprecated
    • HDP 1.3.2 and Apache Hadoop 1.2.1 was removed
  • Added support for using Swift with Spark EDP jobs
  • Added support for Spark EDP jobs in CDH and Ambari plugins
  • Added support for public and protected resources
  • Started integration with OpenStack client
  • Added support for editing all Sahara resources
  • Added automatic Hadoop configuration for clusters
  • Direct engine is deprecated and will be removed in Mitaka release
  • Added OpenStack manila NFS shares as a storage backend option for job binaries and data sources
  • Added support for definition and use of configuration interfaces for EDP job templates

已棄用的功能

  • Direct provisioning engine
  • Apache Hadoop 2.6.0 已棄用
  • Spark 1.0.0 已棄用
  • 所有 Hadoop 1.X 版本已移除

OpenStack Search (Searchlight)

This is the first release for Searchlight. Searchlight is intended to dramatically improving the search capabilities and performance of various OpenStack cloud services by offloading user search queries. It provides Keystone RBAC based searches across OpenStack services by indexing their data into ElasticSearch and providing a security layer on top of incoming search queries. ElasticSearch is a search server based on Lucene. It provides a distributed, scalable, near real-time, faceted, multitenant-capable, and full-text search engine with a RESTful web interface.

新功能

New Resource Types Indexed

升級提示

N/A

已棄用的功能

N/A

OpenStack DNS管理服務 (Designate)

新功能

  • Experimental: Hook Point API
  • Horizon Plugin moved out of tree
  • Purging deleted domains
  • Ceilometer "exists" periodic event per domain
  • ASync actions
    • Import
    • Export
  • Active /passive failover for designate-pool-manager periodic tasks
  • OpenStack client integration

其他的 DNS 伺服器後端

  • InfoBlox
  • Designate

升級提示

  • New service designate-zone-manager
    • It is recommended to use a supported tooz backend.
    • ZooKeeper is recommended, or anything supported by tooz.
    • If a tooz backend is not used, all zone-managers will assume ownership of all zones, and there will be 'n' "exists" messages per hour, where 'n' is the number of zone-manager processes.
  • designate-pool-manager can do active/passive failover for periodic tasks.
    • It is recommended to use a supported tooz backend.
    • If a tooz backend is not used, all pool-managers will assume ownership of the pool, and multiple periodic tasks will run. This can result in unforeseen consequences.

已棄用的功能

  • V1 API
    • An initial notice of intent, as there are operations that still require the Designate CLI interface which talks to V1, and Horizon panels that only talk to V1.

OpenStack 訊息佇列服務 (Zaqar)

Key New Features

  • Pre-signed URL - A new REST API endpoint to support pre-signed URL, which provides enough control over the resource being shared, without compromising security.
  • Email Notification - A new task driver for notification service, which can take a Zaqar subscriber's email address. When there is a new message posted to the queue, the subscriber will receive the message by email.
  • Policy Support - Support fine-grained permission control with the policy.json file like most of the other OpenStack components.
  • Persistent Transport - Added support for websocket as a persistent transport alternative for Zaqar. Now users will be able to establish long-lived connections between their applications and Zaqar to interchange large amounts of data without the connection setup adding overhead.

OpenStack 儀表板服務 (Horizon)

新功能

  • 新的網路拓樸圖 - 網路拓樸圖已替換為互動式圖形包含可折疊網路(collapsible networks),且 scales 在大規模的部署做的更好
  • 插件的改善 - Horizon 能自動偵測到被列入的JavaScript 檔案,且現在有機制能將可插拔的 SCSS 與 Django 模板進行覆寫。

升級提示

OpenStack 資料庫即服務 (Trove)

新功能

  • Redis
    • Configuration Groups for Redis
    • 支援叢集
  • MongoDB
    • 單一實例的備份與恢復
    • 使用者與資料庫管理
    • Configuration Groups
  • Percona XtraDB 叢集伺服器
    • 支援叢集
  • 允許部署人員分配實例的規格於特定資料儲存
  • Horizon 支援資料庫叢集
  • 資料儲存(datastore)與版本管理 API
  • 能在一個 admin tenant 中部署 Trove 實例, 這樣實例就可以對使用者隱藏

OpenStack 裸機服務(Ironic)

Ironic has switched to an intermediate release model and released version 4.0 during Liberty, followed by two minor updates. Version 4.2 forms the basis for the OpenStack Integrated Liberty release and will receive stable updates.

Please see full release notes here: http://docs.openstack.org/developer/ironic/releasenotes/index.html

新功能

  • Added "ENROLL" hardware state, which is the default state for newly created nodes.
  • Added "abort" verb, which allows a user to interrupt certain operations while they are in progress.
  • Improved query and filtering support in the REST API.
  • Added support for CORS middleware.

Hardware Drivers

  • Added a new BootInterface for hardware drivers, which splits functionality out of the DeployInterface.
  • iLO virtual media drivers can work without Swift.
  • Added Cisco IMC driver.
  • Added OCS Driver.
  • Added UCS Driver.
  • Added Wake-On-Lan Power Driver.
  • ipmitool driver supports IPMI v1.5.
  • Added support to SNMP driver for “APC MasterSwitchPlus” series PDU’s.
  • pxe_ilo driver now supports UEFI Secure Boot (previous releases of theiLO driver only supported this for agent_ilo and iscsi_ilo).
  • Added Virtual Media support to iRMC Driver.
  • Added BIOS configuration to DRAC Driver.
  • PXE drivers now support GRUB2.

已棄用的功能

  • The "vendor_passthru" and "driver_vendor_passthru" methods of the DriverInterface have been removed. These were deprecated in Kilo and replaced with the @passthru decorator.
  • The migration tools to import data from a Nova "baremetal" deployment have been removed.
  • Deprecated the "parallel" option to periodic task decorator.
  • Removed deprecated ‘admin_api’ policy rule.
  • Support for the original "bash" deploy ramdisk is deprecated and will be removed in two cycles. The ironic-python-agent project should be used for all deploy drivers.

升級提示

  • Newly created nodes default to the new ENROLL state. Previously, nodes defaulted to AVAILABLE, which could lead to hardware being exposed prematurely to Nova.
  • The addition of API version headers in Kilo means that any client wishing to interact with the Liberty API must pass the appropriate version string in each HTTP request. Current API version is 1.14.

OpenStack 金鑰管理服務 (Barbican)

New Features

  • Added the ability for project administrators to create certificate authorities per project. Also, project administrators are able to define and manage a set of preferred certificate authorities (CAs) per project. This allows projects to achieve project specific security domains.
  • Barbican now has per project quota support for limiting number of Barbican resources that can be created under a project. By default the quota is set to unlimited and can be overridden in Barbican configuration.
  • Support for a rotating master key which is used for wrapping project level keys. In this lightweight approach, only the project level key (KEK) is re-wrapped with new master key (MKEK). This is currently applicable only for the PKCS11 plug-in. (http://specs.openstack.org/openstack/barbican-specs/specs/liberty/add-crypto-mkek-rotation-support-lightweight.html)
  • Updated Barbican's root resource to return version information matching Keystone, Nova and Manila format. This is used by keystoneclient's versioned endpoint discovery feature.
  • Removed administrator endpoint as all operations are available on a regular endpoint. No separate endpoint is needed as access restrictions are enforced via Oslo policy.
  • Added configuration for enabling sqlalchemy pool for the management of SQL connections.
  • Added ability to list secrets which are accessible via ACL using GET /v1/secrets?acl-only=true request.
  • Improved functional test coverage around Barbican APIs related to ACL operations, RBAC policy and secrets.
  • Fixed issues around creation of SnakeOil CA plug-in instance.
  • Barbican client CLI can now take a Keystone token for authentication. Earlier only username and password based authentication was supported.
  • Barbican client now has ability to create and list certificate orders.

升級提示

OpenStack 映像檔服務 (Glance)

Updated project guide that includes some details on operating, installing, configuring, developing to and using the service: http://docs.openstack.org/developer/glance/

新功能

升級提示

  • python-glanceclient now defaults to using Glance API v2 and if v2 is unavailable, it will fallback to v1.
  • Dependencies for backend stores are now optionally installed corresponding to each store specified.
  • Some stores like swift, s3, vmware now have python 3 support.
  • Some new as well as updated default metadata definitions ship with the source code.
  • More python 3 support added to Glance API, and now continuous support is extended by the means of tests to ensure compatibility.
  • utf-8 is now the default charset for the backend MySQL DB.
  • Migration scripts have been updated to perform a sanity check for the table charset.
  • 'ram_disk' and 'kernel' properties can now be null in the schema and 'id' is now read only attribute for v2 API.
  • A configuration option client_socket_timeout has been added to take advantage of the recent eventlet socket timeout behaviour.
  • A configuration option scrub_pool_size has been added to set the number of parallel threads that a scrubber should run and defaults to 1.
  • An important bug that allowed to change the image status using the Glance v1 API has now been fixed.

已棄用的功能

  • The experimental Catalog Index Service has been removed and now is a separate project called Searchlight.
  • The configuration options scrubber_datadir, cleanup_scrubber and cleanup_scrubber_time have been removed following the removal of the file backed queuing for scrubber.

OpenStack 共享式檔案系統服務 (Manila)

新功能

  • Enabled support for availability zones.
  • Added administrator API components to share instances.
  • Added pool weigher which allows Manila scheduler to place new shares on pools with existing share servers.
  • Support for share migration from one hostpool to another hostpool (experimental).
  • Added shared extend capability in the generic driver.
  • Support for adding consistency groups, which allow snapshots for multiple filesystem shares to created at the same point in time (experimental).
  • Support for consistency groups in the NetApp cDOT driver and generic driver.
  • Support for oversubscription in thin provisioning.
  • New Windows SMB driver:
    • Support for handling Windows service instances and exporting SMB shares.
  • Added new osapi_share_workers configuration option to improve the total throughput of the Manila API service.
  • Added share hooks feature, which allows actions to be performed before and after share drive methods calls, call additional periodic hook for each 'N' tick, and update the results of a driver's action.
  • Improvements to the NetApp cDOT driver:
    • Added variables netapp:dedup, and netapp:compression when creating the flexvol that backs up a new manila share.
    • Added manage/unmanage support and shrink_share support.
    • Support for extended_share API component.
    • Support for netapp-lib PyPI project to communicate with storage arrays.
  • Improvements to the HP 3PAR driver:
    • Added reporting of dedupe, thin provisioning and hp3par_flash_cache capabilities. This allows share types and the CapabilitiesFilter to place shares on hosts with the requested capabilities.
    • Added share server support.
  • Improvements to the Huawei Manila driver:
    • Added support for storage pools, extend_share, manage_existing, shrink_share, read-only share, smartcache and smartpartition.
    • Added reporting of dedupe, thin provisioning and compression capabilities.
  • Added access-level support to the VNX Manila driver.
  • Added support for the Manila HDS HNAS driver.
  • Added GlusterFS native driver.
    • GlusterFS drivers can now specify the list of compatible share layouts.
  • Added microversion support (v2 API).

已棄用的功能

  • share_reset_status API 元件已棄用,並 被取代為 share_instance_reset_status.
Retrieved from "https://wiki.openstack.org/w/index.php?title=ReleaseNotes/Liberty/zh-tw&oldid=94523"