Openstack Liberty 发行纪要(有空再把keystone提炼一下)
2015-10-18 19:31
316 查看
Openstack Liberty 发行纪要
英文先看看吧 ,反正都能看懂,代码没太多改变,最主要的还是逐步放弃v2转入v3,keystone CLI转到openstack CLI的过程,keystone亮点略少,下面是官方的发行纪要:
Experimental: Keystone now supports tokenless authorization with X.509 SSL client certificate.
Configuring per-Identity Provider WebSSO is now supported.
The credentials list call can now have its results filtered by credential type.
Support was improved for out-of-tree drivers by defining stable Driver Interfaces.
Several features were hardened, including Fernet tokens, Federation, domain specific configurations from database and role assignments.
Certain variables in keystone.conf now have options, which determine if the user's setting is valid.
The
The XML middleware stub has been removed, so references to it must be removed from the
stats_monitoring and stats_reporting paste filters have been removed, so references to it must be removed from the
The external authentication plugins ExternalDefault, ExternalDomain, LegacyDefaultDomain, and LegacyDomain, deprecated in Icehouse, are no longer available.
We now expose entrypoints for the
Schema downgrades via
Features that were "extensions" in previous releases (OAuth delegation, Federated Identity support, Endpoint Policy, etc) are now enabled by default.
A new
Several configuration options have been deprecated, renamed, or moved to new sections in the
Domain name information can now be used in policy rules with the attribute
Using LDAP as the resource backend, i.e for projects and domains, is now deprecated and will be removed in the Mitaka release.
Using the full path to the driver class is deprecated in favor of using the entrypoint. In the Mitaka release, the entrypoint must be used.
In the [resource] and [role] sections of the
In
Not specifying a domain during a create user, group or project call, which relied on falling back to the default domain, is now deprecated and will be removed in the N release.
Certain deprecated methods from the assignment manager were removed in favor of the same methods in the [resource] and [role] manager.
Non-disruptive backups Read docs for more info.
Ability to clone consistency groups of volumes Read docs for more info.
List capabilities of a volume backend (fetch extra-specs).
Nested quotas.
Default LVM backends to be thin provisioned if available.
Corrected cinder service-list to show as Down when a driver fails to initialize.
Improved volume migration management:
Able to see if previous migration attempt was successful
Admins able to monitor migrations via cinder list
New volume status of 'maintenance' to prevent operations being attempted while migration is occurring
Improve backend volume name/id consistency after migration completes
Removed deprecated HDS HUS iSCSI driver.
Removed Coraid driver.
Remove Solaris iSCSI driver.
Removed --force option for allowing upload of image to attached volume.
Marked the v1 API as deprecated.
Greater parallelization of resource actions (for better scaling of large templates)
The ability to do a stack-update while there is already an update in-progress
Better handling of heat-engine failures (still WIP)
The convergence engine can be enabled by setting /etc/heat/heat/conf [DEFAULT] convergence_engine=true, then restarting heat-engine. Once this has been done, any subsequent created stack will use the convergence engine, while operations on existing stacks will continue to use the traditional engine.
Convergence has not been production tested and thus should be considered beta quality - use with caution. For the Liberty release, we recommend enabling convergence for the purposes of evaluation and scale testing. We will be considering making convergence the default engine in the Mitaka cycle. Convergence specific bugs are tracked in launchpad with the convergence-bugs tag.
Removes the Fn::Select function (path based get_attr/get_param references should be used instead).
If no <attribute name> is specified for calls to get_attr, a dict of all attributes is returned, e.g. { get_attr: [<resource name>]}.
Adds new str_split intrinsic function
Adds support for passing multiple lists to the existing list_join function.
Adds support for parsing map/list data to str_replace and list_join (they will be json serialized automatically)
"heat stack-preview ..." will return a preview of changes for a proposed stack-update
"heat template-validate --show-nested ..." will also validate all template resources and return nested data useful for building user interfaces
"heat resource-type-template --template-type hot ..." generates a template in HOT format
"heat resource-type-list" only shows types available to the user, and can filter results by name, version and support_status
"heat template-version-list" lists available template versions
"heat template-function-list ..." lists available functions for a template version
Stack actions are now performed on remote OS::Heat::Stack resources
OS::Nova::Server now supports deletion_policy: Snapshot
OS::Heat::ResourceGroup update_policy now supports specifying batch_create and rolling_update options
OS::Barbican::Order [1]
OS::Barbican::Secret [1]
OS::Ceilometer::GnocchiAggregationByMetricsAlarm [1]
OS::Ceilometer::GnocchiAggregationByResourcesAlarm [1]
OS::Ceilometer::GnocchiResourcesAlarm [1]
OS::Cinder::VolumeType [2]
OS::Designate::Domain
OS::Designate::Record
OS::Heat::None
OS::Heat::TestResource
OS::Keystone::Endpoint
OS::Keystone::Group [2]
OS::Keystone::GroupRoleAssignment
OS::Keystone::Project [2]
OS::Keystone::Role [2]
OS::Keystone::Service
OS::Keystone::User [2]
OS::Keystone::UserRoleAssignment
OS::Magnum::BayModel
OS::Manila::SecurityService
OS::Manila::Share
OS::Manila::ShareNetwork
OS::Manila::ShareType
OS::Mistral::CronTrigger
OS::Mistral::Workflow
OS::Monasca::AlarmDefinition [4]
OS::Monasca::Notification [4]
OS::Neutron::ExtraRoute [3]
OS::Nova::Flavor [2]
OS::Sahara::DataSource
[1] These existed Kilo as contrib resources as they were for non-integrated projects. These resources are now distributed with Heat as Big Tent projects.
[2] These existed Kilo as contrib resources as they require a user with an admin role. They are now distributed with Heat. Operators now have ability to hide them from under-privileged users by modifyig policy.json (for reference, OS::Nova::Flavor is hidden from non-admin users in default policy file supplied).
[3] These existed in Kilo as contrib resources as they used an approach not endorsed by the Heat project. They are now distributed with heat and documented as UNSUPPORTED.
[4] These resources are for projects which are not yet OpenStack Big Tent projects, so are documented as UNSUPPORTED
With the new OS::Keystone::* resources it is now be possible for cloud operators to use heat templates to manage Keystone service catalog entries and users.
hidden_stack_tags has been added, and stacks containing these tag names will be hidden from stack-list results (defaults to data-processing-cluster, which hides sahara-created stacks)
instance_user was deprecated, and is now removed entirely. Nova servers created with OS::Nova::Server resource will now boot configured with the default user set up with the cloud image. AWS::EC2::Instance still creates "ec2-user"
max_resources_per_stack can now be set to -1 to disable enforcement
enable_cloud_watch_lite is now false by default as this REST API is deprecated
default_software_config_transport has gained the option ZAQAR_MESSAGE
default_deployment_signal_transport has gained the option ZAQAR_SIGNAL
auth_encryption_key is now documented as requiring exactly 32 characters
list_notifier_drivers was deprecated and is now removed
policy options have moved to the [oslo_policy] section
use_syslog_rfc_format is deprecated and now defaults to true
Notable changes to other sections of heat.conf:
[clients_keystone] auth_uri has been added to specify the unversioned keystone url
[heat_api] workers now defaults to 4 (was previously 0, which created a worker per host CPU)
The policy file /etc/heat/policy.json can now be configured with per-resource-type access policies, for example:
Ambari plugin with supports HDP 2.2 / 2.3
Apache Hadoop 2.7.1 was added, Apache Hadoop 2.6.0 was deprecated
CDH 5.4.0 was added with HA support for NameNode and ResourceManager
MapR 5.0.0 was added
Spark 1.3.1 was added, Spark 1.0.0 was deprecated
HDP 1.3.2 and Apache Hadoop 1.2.1 was removed
Added support for using Swift with Spark EDP jobs
Added support for Spark EDP jobs in CDH and Ambari plugins
Added support for public and protected resources
Started integration with OpenStack client
Added support for editing all Sahara resources
Added automatic Hadoop configuration for clusters
Direct engine is deprecated and will be removed in Mitaka release
Added OpenStack manila NFS shares as a storage backend option for job binaries and data sources
Added support for definition and use of configuration interfaces for EDP job templates
Apache Hadoop 2.6.0
Spark 1.0.0
All Hadoop 1.X removed
Project Wiki
Bulk Indexing CLI searchlight-manage indexing command line interface
Incremental Notification based updates
Resource Type Plugin system for adding and managing resource indexing and searches
Devstack deployment
OS::Glance::Image & OS::Glance::Metadef Glance Images and Metadata Definitions
OS::Designate::Zone & OS::Designate::RecordSet Designate Domain and Record Sets
Horizon Plugin moved out of tree
Purging deleted domains
Ceilometer "exists" periodic event per domain
ASync actions
Import
Export
Active /passive failover for designate-pool-manager periodic tasks
OpenStack client integration
Designate
It is recommended to use a supported tooz backend.
ZooKeeper is recommended, or anything supported by tooz.
If a tooz backend is not used, all zone-managers will assume ownership of all zones, and there will be 'n' "exists" messages per hour, where 'n' is the number of zone-manager processes.
It is recommended to use a supported tooz backend.
If a tooz backend is not used, all pool-managers will assume ownership of the pool, and multiple periodic tasks will run. This can result in unforeseen consequences.
An initial notice of intent, as there are operations that still require the Designate CLI interface which talks to V1, and Horizon panels that only talk to V1.
Email Notification - A new task driver for notification service, which can take a Zaqar subscriber's email address. When there is a new message posted to the queue, the subscriber will receive the message by email.
Policy Support - Support fine-grained permission control with the
Persistent Transport - Added support for websocket as a persistent transport alternative for Zaqar. Now users will be able to establish long-lived connections between their applications and Zaqar to interchange large amounts of data without the connection setup adding overhead.
Plugin improvements – Horizon auto discovers JavaScript files for inclusion, and now has mechanisms for pluggable SCSS and Django template overrides.
Compute (Nova)
Support for shelving and unshelving of instances (https://blueprints.launchpad.net/horizon/+spec/horizon-shelving-command).
Support for v2 block device mapping, falling back to v1 when unavailable (https://blueprints.launchpad.net/horizon/+spec/horizon-block-device-mapping-v2).
Networking (Neutron)
Added support for subnet allocation via subnet pools (https://blueprints.launchpad.net/horizon/+spec/neutron-subnet-allocation).
Added actions to easily associate LBaaS VIP with a floating IP (https://blueprints.launchpad.net/horizon/+spec/lbaas-vip-fip-associate).
Images (Glance)
The metadata editor has been updated with AngularJS (https://blueprints.launchpad.net/horizon/+spec/angularize-metadata-update-modals).
Compute images metadata can now be edited from the Project dashboard, using the new metadata editor (https://blueprints.launchpad.net/horizon/+spec/project-images-metadata).
Block Storage (Cinder)
Enabled support for migrating volumes (https://blueprints.launchpad.net/horizon/+spec/volume-migration).
Volume types can be now edited, and include description fields (https://blueprints.launchpad.net/horizon/+spec/volume-type-description).
Orchestration (Heat)
Improvements to the heat topology, making more resources identifiable where previously they had no icons and were displayed as unknown resources (https://blueprints.launchpad.net/horizon/+spec/heat-topology-display-improvement).
Data Processing (Sahara)
Unified job interface map. This is a human readable method for passing in configuration data that a job may require or accept (https://blueprints.launchpad.net/horizon/+spec/unified-job-interface-map-ui).
Added editing capabilities for job binaries (https://blueprints.launchpad.net/horizon/+spec/allow-editing-of-job-binaries).
Added editing capabilities for data sources (https://blueprints.launchpad.net/horizon/+spec/allow-editing-of-data-sources).
Added editing capabilities for job templates (https://blueprints.launchpad.net/horizon/+spec/data-processing-edit-templates).
Exposed event log for clusters (https://blueprints.launchpad.net/horizon/+spec/sahara-event-log).
Added support for shell job types (https://blueprints.launchpad.net/horizon/+spec/sahara-shell-action-form).
Databases (Trove)
Added initial support for database cluster creation and management. Vertica and MongoDB are currently supported (https://blueprints.launchpad.net/horizon/+spec/database-clustering-support).
Identity (Keystone)
Added mapping for Identity Provider and Protocol specific WebSSO (https://github.com/openstack/horizon/commit/3b4021c0ad0e8d7b10aa8c2dcd8c13a5717c450c).
Configurable token hashing (https://github.com/openstack/django_openstack_auth/commit/ece924a79d27ede1a8475d7f98e6d66bc3cffd6c and https://github.com/openstack/horizon/commit/48e651d05cbe9366884868c5331d49a501945adc).
Horizon (internal improvements)
Full support for translation in AngularJS, along with simpler tooling (https://blueprints.launchpad.net/horizon/+spec/angular-translate-makemessages).
Added Karma for JavaScript testing (https://blueprints.launchpad.net/horizon/+spec/karma).
Added ESLint for JavaScript linting, using the eslint-config-openstack rules (https://blueprints.launchpad.net/horizon/+spec/jscs-cleanup).
Horizon now supports overriding of existing Django templates (https://blueprints.launchpad.net/horizon/+spec/horizon-theme-templates).
JavaScript files are now automatically included (https://blueprints.launchpad.net/horizon/+spec/auto-js-file-finding).
Database-backed sessions will likely not persist across upgrades due to a change in their structure (https://github.com/openstack/django_openstack_auth/commit/8c64de92f4148d85704b10ea1f7bc441db2ddfee and https://github.com/openstack/horizon/commit/ee2771ab1a855342089abe5206fc6a5071a6d99e).
Horizon no longer uses QUnit in testing, and it has been removed from our requirements (https://blueprints.launchpad.net/horizon/+spec/replace-qunit-tests-with-jasmine).
Horizon now has multiple configuration options for the default web URL (
Themes have moved location from
The deprecated
There is now an
Trove and Sahara panels now reside in
Horizon requires both a
Configuration Groups for Redis
Cluster support
MongoDB
Backup and restore for a single instance
User and database management
Configuration Groups
Percona XtraDB Cluster Server
Cluster support
Allow deployer to associate instance flavors with specific datastores
Horizon support for database clusters
Management API for datastore and versions
Ability to deploy Trove instances in a single admin tenant, so that the nova instances are hidden from the user
Please see full release notes here: http://docs.openstack.org/developer/ironic/releasenotes/index.html
Added "abort" verb, which allows a user to interrupt certain operations while they are in progress.
Improved query and filtering support in the REST API.
Added support for CORS middleware.
iLO virtual media drivers can work without Swift.
Added Cisco IMC driver.
Added OCS Driver.
Added UCS Driver.
Added Wake-On-Lan Power Driver.
ipmitool driver supports IPMI v1.5.
Added support to SNMP driver for “APC MasterSwitchPlus” series PDU’s.
pxe_ilo driver now supports UEFI Secure Boot (previous releases of theiLO driver only supported this for agent_ilo and iscsi_ilo).
Added Virtual Media support to iRMC Driver.
Added BIOS configuration to DRAC Driver.
PXE drivers now support GRUB2.
The migration tools to import data from a Nova "baremetal" deployment have been removed.
Deprecated the "parallel" option to periodic task decorator.
Removed deprecated ‘admin_api’ policy rule.
Support for the original "bash" deploy ramdisk is deprecated and will be removed in two cycles. The ironic-python-agent project should be used for all deploy drivers.
The addition of API version headers in Kilo means that any client wishing to interact with the Liberty API must pass the appropriate version string in each HTTP request. Current API version is 1.14.
Barbican now has per project quota support for limiting number of Barbican resources that can be created under a project. By default the quota is set to unlimited and can be overridden in Barbican configuration.
Support for a rotating master key which is used for wrapping project level keys. In this lightweight approach, only the project level key (KEK) is re-wrapped with new master key (MKEK). This is currently applicable only for the PKCS11 plug-in. (http://specs.openstack.org/openstack/barbican-specs/specs/liberty/add-crypto-mkek-rotation-support-lightweight.html)
Updated Barbican's root resource to return version information matching Keystone, Nova and Manila format. This is used by keystoneclient's versioned endpoint discovery feature.
Removed administrator endpoint as all operations are available on a regular endpoint. No separate endpoint is needed as access restrictions are enforced via Oslo policy.
Added configuration for enabling sqlalchemy pool for the management of SQL connections.
Added ability to list secrets which are accessible via ACL using GET /v1/secrets?acl-only=true request.
Improved functional test coverage around Barbican APIs related to ACL operations, RBAC policy and secrets.
Fixed issues around creation of SnakeOil CA plug-in instance.
Barbican client CLI can now take a Keystone token for authentication. Earlier only username and password based authentication was supported.
Barbican client now has ability to create and list certificate orders.
Renamed barbican configuration file to
Scrubbing of images in parallel is now possible. For more information, see http://specs.openstack.org/openstack/glance-specs/specs/liberty/scrub-images-in-parallel.html .
The health of a Glance node can be monitored using the healthcheck middleware. For more information, see http://specs.openstack.org/openstack/glance-specs/specs/liberty/healtcheck-middleware.html .
The EXPERIMENTAL Artifacts API is now available for use. Please note, it is subject to change in the future until it becomes a standard API.
S3 store now has proxy support. For more information, see http://specs.openstack.org/openstack/glance-specs/specs/liberty/http-proxy-support-for-s3.html .
Swift store now has v3 authentication support.
python-glanceclient now support some advanced aspects of keystone sessions.
python-glanceclient now supports tags for Metadata Definition Catalog.
Dependencies for backend stores are now optionally installed corresponding to each store specified.
Some stores like swift, s3, vmware now have python 3 support.
Some new as well as updated default metadata definitions ship with the source code.
More python 3 support added to Glance API, and now continuous support is extended by the means of tests to ensure compatibility.
utf-8 is now the default charset for the backend MySQL DB.
Migration scripts have been updated to perform a sanity check for the table charset.
'ram_disk' and 'kernel' properties can now be null in the schema and 'id' is now read only attribute for v2 API.
A configuration option
A configuration option
An important bug that allowed to change the image status using the Glance v1 API has now been fixed.
The configuration options
Added administrator API components to share instances.
Added pool weigher which allows Manila scheduler to place new shares on pools with existing share servers.
Support for share migration from one hostpool to another hostpool (experimental).
Added shared extend capability in the generic driver.
Support for adding consistency groups, which allow snapshots for multiple filesystem shares to created at the same point in time (experimental).
Support for consistency groups in the NetApp cDOT driver and generic driver.
Support for oversubscription in thin provisioning.
New Windows SMB driver:
Support for handling Windows service instances and exporting SMB shares.
Added new
Added share hooks feature, which allows actions to be performed before and after share drive methods calls, call additional periodic hook for each 'N' tick, and update the results of a driver's action.
Improvements to the NetApp cDOT driver:
Added variables netapp:dedup, and netapp:compression when creating the flexvol that backs up a new manila share.
Added manage/unmanage support and shrink_share support.
Support for
Support for netapp-lib PyPI project to communicate with storage arrays.
Improvements to the HP 3PAR driver:
Added reporting of dedupe, thin provisioning and hp3par_flash_cache capabilities. This allows share types and the CapabilitiesFilter to place shares on hosts with the requested capabilities.
Added share server support.
Improvements to the Huawei Manila driver:
Added support for storage pools, extend_share, manage_existing, shrink_share, read-only share, smartcache and smartpartition.
Added reporting of dedupe, thin provisioning and compression capabilities.
Added access-level support to the VNX Manila driver.
Added support for the Manila HDS HNAS driver.
Added GlusterFS native driver.
GlusterFS drivers can now specify the list of compatible share layouts.
Added microversion support (v2 API).
查看原文:http://www.zoues.com/index.php/2015/10/18/liberty/
英文先看看吧 ,反正都能看懂,代码没太多改变,最主要的还是逐步放弃v2转入v3,keystone CLI转到openstack CLI的过程,keystone亮点略少,下面是官方的发行纪要:
OpenStack Identity (Keystone)
Key New Features
Experimental: Domain specific configuration options can be stored in SQL instead of configuration files, using the new REST APIs.Experimental: Keystone now supports tokenless authorization with X.509 SSL client certificate.
Configuring per-Identity Provider WebSSO is now supported.
openstack_user_domainand
openstack_project_domainattributes were added to SAML assertion in order to map user and project domains, respectively.
The credentials list call can now have its results filtered by credential type.
Support was improved for out-of-tree drivers by defining stable Driver Interfaces.
Several features were hardened, including Fernet tokens, Federation, domain specific configurations from database and role assignments.
Certain variables in keystone.conf now have options, which determine if the user's setting is valid.
Upgrade Notes
The EC2 token middleware, deprecated in Juno, is no longer available in keystone. It has been moved to the keystonemiddleware package.The
compute_port configurationoption, deprecated in Juno, is no longer available.
The XML middleware stub has been removed, so references to it must be removed from the
keystone-paste.iniconfiguration file.
stats_monitoring and stats_reporting paste filters have been removed, so references to it must be removed from the
keystone-paste.iniconfiguration file.
The external authentication plugins ExternalDefault, ExternalDomain, LegacyDefaultDomain, and LegacyDomain, deprecated in Icehouse, are no longer available.
keystone.confnow references entrypoint names for drivers. For example, the drivers are now specified as "sql", "ldap", "uuid", rather than the full module path. See the sample configuration file for other examples.
We now expose entrypoints for the
keystone-managecommand instead of a file.
Schema downgrades via
keystone-manage db_syncare no longer supported. Only upgrades are supported.
Features that were "extensions" in previous releases (OAuth delegation, Federated Identity support, Endpoint Policy, etc) are now enabled by default.
A new
secure_proxy_ssl_headerconfiguration option is available when running keystone behind a proxy.
Several configuration options have been deprecated, renamed, or moved to new sections in the
keystone.conffile.
Domain name information can now be used in policy rules with the attribute
domain_name.
Deprecated Features
Running Keystone in Eventlet remains deprecated and will be removed in the Mitaka release.Using LDAP as the resource backend, i.e for projects and domains, is now deprecated and will be removed in the Mitaka release.
Using the full path to the driver class is deprecated in favor of using the entrypoint. In the Mitaka release, the entrypoint must be used.
In the [resource] and [role] sections of the
keystone.conffile, not specifying the driver and using the assignment driver is deprecated. In the Mitaka release, the resource and role drivers will default to the SQL driver.
In
keystone-paste.ini, using
paste.filter_factoryis deprecated in favor of the "use" directive, specifying an entrypoint.
Not specifying a domain during a create user, group or project call, which relied on falling back to the default domain, is now deprecated and will be removed in the N release.
Certain deprecated methods from the assignment manager were removed in favor of the same methods in the [resource] and [role] manager.
OpenStack Block Storage (Cinder)
Key New Features
A generic image caching solution, so popular VM images can be cached and copied-on-write to a new volume. Read docs for more infoNon-disruptive backups Read docs for more info.
Ability to clone consistency groups of volumes Read docs for more info.
List capabilities of a volume backend (fetch extra-specs).
Nested quotas.
Default LVM backends to be thin provisioned if available.
Corrected cinder service-list to show as Down when a driver fails to initialize.
Improved volume migration management:
Able to see if previous migration attempt was successful
Admins able to monitor migrations via cinder list
New volume status of 'maintenance' to prevent operations being attempted while migration is occurring
Improve backend volume name/id consistency after migration completes
Upgrade Notes
A change in parameters to RPC APIs and work on object conversion prevent running Liberty c-vol or c-api services with Kilo or earlier versions of either service.Deprecated Features
Removed Simple and Chance Schedulers.Removed deprecated HDS HUS iSCSI driver.
Removed Coraid driver.
Remove Solaris iSCSI driver.
Removed --force option for allowing upload of image to attached volume.
Marked the v1 API as deprecated.
OpenStack Orchestration (Heat)
新功能
Convergence
Convergence is a new orchestration engine maturing in the heat tree. In Liberty, the benefits of using the convergence engine are:Greater parallelization of resource actions (for better scaling of large templates)
The ability to do a stack-update while there is already an update in-progress
Better handling of heat-engine failures (still WIP)
The convergence engine can be enabled by setting /etc/heat/heat/conf [DEFAULT] convergence_engine=true, then restarting heat-engine. Once this has been done, any subsequent created stack will use the convergence engine, while operations on existing stacks will continue to use the traditional engine.
Convergence has not been production tested and thus should be considered beta quality - use with caution. For the Liberty release, we recommend enabling convergence for the purposes of evaluation and scale testing. We will be considering making convergence the default engine in the Mitaka cycle. Convergence specific bugs are tracked in launchpad with the convergence-bugs tag.
Conditional resource exposure
Only resources actually installed in the cloud services are made available to users. Operators can further control resources available to users with standard policy rules in policy.json on per-resource type basis.heat_template_version: 2015-10-15
2015-10-15 indicates that the YAML document is a HOT template and it may contain features added and/or removed up until the Liberty release.Removes the Fn::Select function (path based get_attr/get_param references should be used instead).
If no <attribute name> is specified for calls to get_attr, a dict of all attributes is returned, e.g. { get_attr: [<resource name>]}.
Adds new str_split intrinsic function
Adds support for passing multiple lists to the existing list_join function.
Adds support for parsing map/list data to str_replace and list_join (they will be json serialized automatically)
REST API/heatclient additions
Stacks can now be assigned with a set of tags, and stack-list can filter and sort through those tags"heat stack-preview ..." will return a preview of changes for a proposed stack-update
"heat template-validate --show-nested ..." will also validate all template resources and return nested data useful for building user interfaces
"heat resource-type-template --template-type hot ..." generates a template in HOT format
"heat resource-type-list" only shows types available to the user, and can filter results by name, version and support_status
"heat template-version-list" lists available template versions
"heat template-function-list ..." lists available functions for a template version
Enhancements to existing resources
Software deployments can now use Zaqar for deploying software data and signalling back to HeatStack actions are now performed on remote OS::Heat::Stack resources
OS::Nova::Server now supports deletion_policy: Snapshot
OS::Heat::ResourceGroup update_policy now supports specifying batch_create and rolling_update options
New resources
The following new resources are now distributed with the Heat release:OS::Barbican::Order [1]
OS::Barbican::Secret [1]
OS::Ceilometer::GnocchiAggregationByMetricsAlarm [1]
OS::Ceilometer::GnocchiAggregationByResourcesAlarm [1]
OS::Ceilometer::GnocchiResourcesAlarm [1]
OS::Cinder::VolumeType [2]
OS::Designate::Domain
OS::Designate::Record
OS::Heat::None
OS::Heat::TestResource
OS::Keystone::Endpoint
OS::Keystone::Group [2]
OS::Keystone::GroupRoleAssignment
OS::Keystone::Project [2]
OS::Keystone::Role [2]
OS::Keystone::Service
OS::Keystone::User [2]
OS::Keystone::UserRoleAssignment
OS::Magnum::BayModel
OS::Manila::SecurityService
OS::Manila::Share
OS::Manila::ShareNetwork
OS::Manila::ShareType
OS::Mistral::CronTrigger
OS::Mistral::Workflow
OS::Monasca::AlarmDefinition [4]
OS::Monasca::Notification [4]
OS::Neutron::ExtraRoute [3]
OS::Nova::Flavor [2]
OS::Sahara::DataSource
[1] These existed Kilo as contrib resources as they were for non-integrated projects. These resources are now distributed with Heat as Big Tent projects.
[2] These existed Kilo as contrib resources as they require a user with an admin role. They are now distributed with Heat. Operators now have ability to hide them from under-privileged users by modifyig policy.json (for reference, OS::Nova::Flavor is hidden from non-admin users in default policy file supplied).
[3] These existed in Kilo as contrib resources as they used an approach not endorsed by the Heat project. They are now distributed with heat and documented as UNSUPPORTED.
[4] These resources are for projects which are not yet OpenStack Big Tent projects, so are documented as UNSUPPORTED
With the new OS::Keystone::* resources it is now be possible for cloud operators to use heat templates to manage Keystone service catalog entries and users.
Deprecated Resource Properties
Many resource properties have previously been documented as DEPRECATED. 15 of these properties are now flagged as HIDDEN, which means they will no longer be documented, but existing stacks and templates will continue to work after a heat upgrade. The [ http://docs.openstack.org/developer/heat/template_guide/openstack.html Resource Type Reference] should be consulted to determine available resource properties and attributes.Upgrade notes
Configuration Changes
Notable changes to the /etc/heat/heat.conf [DEFAULT] section:hidden_stack_tags has been added, and stacks containing these tag names will be hidden from stack-list results (defaults to data-processing-cluster, which hides sahara-created stacks)
instance_user was deprecated, and is now removed entirely. Nova servers created with OS::Nova::Server resource will now boot configured with the default user set up with the cloud image. AWS::EC2::Instance still creates "ec2-user"
max_resources_per_stack can now be set to -1 to disable enforcement
enable_cloud_watch_lite is now false by default as this REST API is deprecated
default_software_config_transport has gained the option ZAQAR_MESSAGE
default_deployment_signal_transport has gained the option ZAQAR_SIGNAL
auth_encryption_key is now documented as requiring exactly 32 characters
list_notifier_drivers was deprecated and is now removed
policy options have moved to the [oslo_policy] section
use_syslog_rfc_format is deprecated and now defaults to true
Notable changes to other sections of heat.conf:
[clients_keystone] auth_uri has been added to specify the unversioned keystone url
[heat_api] workers now defaults to 4 (was previously 0, which created a worker per host CPU)
The policy file /etc/heat/policy.json can now be configured with per-resource-type access policies, for example:
"resource_types:OS::Nova::Flavor": "rule:context_is_admin"
Upgrading from Kilo to Liberty
Progress has been made on supporting live sql migrations, however it is still recommended to bring down the heat service for the duration of the upgrade. Downward SQL schema migrations are no longer supported. A rollback to Kilo will require restoring a snapshot of the pre-upgrade database.OpenStack Data Processing (Sahara)
新功能
New plugins and versions:Ambari plugin with supports HDP 2.2 / 2.3
Apache Hadoop 2.7.1 was added, Apache Hadoop 2.6.0 was deprecated
CDH 5.4.0 was added with HA support for NameNode and ResourceManager
MapR 5.0.0 was added
Spark 1.3.1 was added, Spark 1.0.0 was deprecated
HDP 1.3.2 and Apache Hadoop 1.2.1 was removed
Added support for using Swift with Spark EDP jobs
Added support for Spark EDP jobs in CDH and Ambari plugins
Added support for public and protected resources
Started integration with OpenStack client
Added support for editing all Sahara resources
Added automatic Hadoop configuration for clusters
Direct engine is deprecated and will be removed in Mitaka release
Added OpenStack manila NFS shares as a storage backend option for job binaries and data sources
Added support for definition and use of configuration interfaces for EDP job templates
Deprecated Features
Direct provisioning engineApache Hadoop 2.6.0
Spark 1.0.0
All Hadoop 1.X removed
OpenStack Search (Searchlight)
This is the first release for Searchlight. Searchlight is intended to dramatically improving the search capabilities and performance of various OpenStack cloud services by offloading user search queries. It provides Keystone RBAC based searches across OpenStack services by indexing their data into ElasticSearch and providing a security layer on top of incoming search queries. ElasticSearch is a search server based on Lucene. It provides a distributed, scalable, near real-time, faceted, multitenant-capable, and full-text search engine with a RESTful web interface.Project Wiki
Key New Features
Searchlight Search API OpenStack Resource Type based API providing native ElasticSearch query supportBulk Indexing CLI searchlight-manage indexing command line interface
Incremental Notification based updates
Resource Type Plugin system for adding and managing resource indexing and searches
Devstack deployment
New Resource Types Indexed
OS::Nova::Server Nova server instancesOS::Glance::Image & OS::Glance::Metadef Glance Images and Metadata Definitions
OS::Designate::Zone & OS::Designate::RecordSet Designate Domain and Record Sets
Upgrade Notes
N/ADeprecated Features
N/AOpenStack DNS (Designate)
Key New Features
Experimental: Hook Point APIHorizon Plugin moved out of tree
Purging deleted domains
Ceilometer "exists" periodic event per domain
ASync actions
Import
Export
Active /passive failover for designate-pool-manager periodic tasks
OpenStack client integration
Addtional DNS Server Backends
InfoBloxDesignate
Upgrade Notes
New servicedesignate-zone-manager
It is recommended to use a supported tooz backend.
ZooKeeper is recommended, or anything supported by tooz.
If a tooz backend is not used, all zone-managers will assume ownership of all zones, and there will be 'n' "exists" messages per hour, where 'n' is the number of zone-manager processes.
designate-pool-managercan do active/passive failover for periodic tasks.
It is recommended to use a supported tooz backend.
If a tooz backend is not used, all pool-managers will assume ownership of the pool, and multiple periodic tasks will run. This can result in unforeseen consequences.
Deprecated Features
V1 APIAn initial notice of intent, as there are operations that still require the Designate CLI interface which talks to V1, and Horizon panels that only talk to V1.
OpenStack Messaging Service (Zaqar)
Key New Features
Pre-signed URL - A new REST API endpoint to support pre-signed URL, which provides enough control over the resource being shared, without compromising security.Email Notification - A new task driver for notification service, which can take a Zaqar subscriber's email address. When there is a new message posted to the queue, the subscriber will receive the message by email.
Policy Support - Support fine-grained permission control with the
policy.jsonfile like most of the other OpenStack components.
Persistent Transport - Added support for websocket as a persistent transport alternative for Zaqar. Now users will be able to establish long-lived connections between their applications and Zaqar to interchange large amounts of data without the connection setup adding overhead.
OpenStack Dashboard (Horizon)
Key New Features
A new network topology – The network topology diagram has been replaced with an interactive graph containing collapsible networks, and scales far better in large deployments (https://blueprints.launchpad.net/horizon/+spec/curvature-network-topology).Plugin improvements – Horizon auto discovers JavaScript files for inclusion, and now has mechanisms for pluggable SCSS and Django template overrides.
Compute (Nova)
Support for shelving and unshelving of instances (https://blueprints.launchpad.net/horizon/+spec/horizon-shelving-command).
Support for v2 block device mapping, falling back to v1 when unavailable (https://blueprints.launchpad.net/horizon/+spec/horizon-block-device-mapping-v2).
Networking (Neutron)
Added support for subnet allocation via subnet pools (https://blueprints.launchpad.net/horizon/+spec/neutron-subnet-allocation).
Added actions to easily associate LBaaS VIP with a floating IP (https://blueprints.launchpad.net/horizon/+spec/lbaas-vip-fip-associate).
Images (Glance)
The metadata editor has been updated with AngularJS (https://blueprints.launchpad.net/horizon/+spec/angularize-metadata-update-modals).
Compute images metadata can now be edited from the Project dashboard, using the new metadata editor (https://blueprints.launchpad.net/horizon/+spec/project-images-metadata).
Block Storage (Cinder)
Enabled support for migrating volumes (https://blueprints.launchpad.net/horizon/+spec/volume-migration).
Volume types can be now edited, and include description fields (https://blueprints.launchpad.net/horizon/+spec/volume-type-description).
Orchestration (Heat)
Improvements to the heat topology, making more resources identifiable where previously they had no icons and were displayed as unknown resources (https://blueprints.launchpad.net/horizon/+spec/heat-topology-display-improvement).
Data Processing (Sahara)
Unified job interface map. This is a human readable method for passing in configuration data that a job may require or accept (https://blueprints.launchpad.net/horizon/+spec/unified-job-interface-map-ui).
Added editing capabilities for job binaries (https://blueprints.launchpad.net/horizon/+spec/allow-editing-of-job-binaries).
Added editing capabilities for data sources (https://blueprints.launchpad.net/horizon/+spec/allow-editing-of-data-sources).
Added editing capabilities for job templates (https://blueprints.launchpad.net/horizon/+spec/data-processing-edit-templates).
Exposed event log for clusters (https://blueprints.launchpad.net/horizon/+spec/sahara-event-log).
Added support for shell job types (https://blueprints.launchpad.net/horizon/+spec/sahara-shell-action-form).
Databases (Trove)
Added initial support for database cluster creation and management. Vertica and MongoDB are currently supported (https://blueprints.launchpad.net/horizon/+spec/database-clustering-support).
Identity (Keystone)
Added mapping for Identity Provider and Protocol specific WebSSO (https://github.com/openstack/horizon/commit/3b4021c0ad0e8d7b10aa8c2dcd8c13a5717c450c).
Configurable token hashing (https://github.com/openstack/django_openstack_auth/commit/ece924a79d27ede1a8475d7f98e6d66bc3cffd6c and https://github.com/openstack/horizon/commit/48e651d05cbe9366884868c5331d49a501945adc).
Horizon (internal improvements)
Full support for translation in AngularJS, along with simpler tooling (https://blueprints.launchpad.net/horizon/+spec/angular-translate-makemessages).
Added Karma for JavaScript testing (https://blueprints.launchpad.net/horizon/+spec/karma).
Added ESLint for JavaScript linting, using the eslint-config-openstack rules (https://blueprints.launchpad.net/horizon/+spec/jscs-cleanup).
Horizon now supports overriding of existing Django templates (https://blueprints.launchpad.net/horizon/+spec/horizon-theme-templates).
JavaScript files are now automatically included (https://blueprints.launchpad.net/horizon/+spec/auto-js-file-finding).
Upgrade Notes
Django 1.8 is now supported, and Django 1.7 is our minimum supported version (https://blueprints.launchpad.net/horizon/+spec/drop-django14-support).Database-backed sessions will likely not persist across upgrades due to a change in their structure (https://github.com/openstack/django_openstack_auth/commit/8c64de92f4148d85704b10ea1f7bc441db2ddfee and https://github.com/openstack/horizon/commit/ee2771ab1a855342089abe5206fc6a5071a6d99e).
Horizon no longer uses QUnit in testing, and it has been removed from our requirements (https://blueprints.launchpad.net/horizon/+spec/replace-qunit-tests-with-jasmine).
Horizon now has multiple configuration options for the default web URL (
WEBROOT), static file location (
STATIC_ROOT) and static file URL (
STATIC_URL) in its settings files.
Themes have moved location from
openstack_dashboard/static/themes, to
openstack_dashboard/themes. Paths may need to be updated accordingly. Furthermore, Horizon is aligning closer with Bootstrap markup, and themes should be built around this ideology; see the top bar and side navigation for details.
The deprecated
OPENSTACK_QUANTUM_NETWORKconfiguration option has been removed. If you still use it, replace it with
OPENSTACK_NEUTRON_NETWORK
There is now an
OPENSTACK_NOVA_EXTENSIONS_BLACKLISToption in the settings, to disable selected extensions for performance reasons (https://github.com/openstack/horizon/commit/18f4b752b8653c9389f8b0471eccaa0659707ebe).
Trove and Sahara panels now reside in
openstack_dashboard/contrib. This is to provide separation for reviews provided mostly by the service teams. In the future, these panels may become plugins rather than being kept in Horizon (https://blueprints.launchpad.net/horizon/+spec/plugin-sanity).
Horizon requires both a
volumeand
volumev2endpoint for Cinder, even if only using v2.
OpenStack Trove (DBaaS)
Key New Features
RedisConfiguration Groups for Redis
Cluster support
MongoDB
Backup and restore for a single instance
User and database management
Configuration Groups
Percona XtraDB Cluster Server
Cluster support
Allow deployer to associate instance flavors with specific datastores
Horizon support for database clusters
Management API for datastore and versions
Ability to deploy Trove instances in a single admin tenant, so that the nova instances are hidden from the user
OpenStack Bare metal (Ironic)
Ironic has switched to an intermediate release model and released version 4.0 during Liberty, followed by two minor updates. Version 4.2 forms the basis for the OpenStack Integrated Liberty release and will receive stable updates.Please see full release notes here: http://docs.openstack.org/developer/ironic/releasenotes/index.html
New Features
Added "ENROLL" hardware state, which is the default state for newly created nodes.Added "abort" verb, which allows a user to interrupt certain operations while they are in progress.
Improved query and filtering support in the REST API.
Added support for CORS middleware.
Hardware Drivers
Added a new BootInterface for hardware drivers, which splits functionality out of the DeployInterface.iLO virtual media drivers can work without Swift.
Added Cisco IMC driver.
Added OCS Driver.
Added UCS Driver.
Added Wake-On-Lan Power Driver.
ipmitool driver supports IPMI v1.5.
Added support to SNMP driver for “APC MasterSwitchPlus” series PDU’s.
pxe_ilo driver now supports UEFI Secure Boot (previous releases of theiLO driver only supported this for agent_ilo and iscsi_ilo).
Added Virtual Media support to iRMC Driver.
Added BIOS configuration to DRAC Driver.
PXE drivers now support GRUB2.
Deprecated Features
The "vendor_passthru" and "driver_vendor_passthru" methods of the DriverInterface have been removed. These were deprecated in Kilo and replaced with the @passthru decorator.The migration tools to import data from a Nova "baremetal" deployment have been removed.
Deprecated the "parallel" option to periodic task decorator.
Removed deprecated ‘admin_api’ policy rule.
Support for the original "bash" deploy ramdisk is deprecated and will be removed in two cycles. The ironic-python-agent project should be used for all deploy drivers.
Upgrade Notes
Newly created nodes default to the new ENROLL state. Previously, nodes defaulted to AVAILABLE, which could lead to hardware being exposed prematurely to Nova.The addition of API version headers in Kilo means that any client wishing to interact with the Liberty API must pass the appropriate version string in each HTTP request. Current API version is 1.14.
OpenStack Key Manager (Barbican)
New Features
Added the ability for project administrators to create certificate authorities per project. Also, project administrators are able to define and manage a set of preferred certificate authorities (CAs) per project. This allows projects to achieve project specific security domains.Barbican now has per project quota support for limiting number of Barbican resources that can be created under a project. By default the quota is set to unlimited and can be overridden in Barbican configuration.
Support for a rotating master key which is used for wrapping project level keys. In this lightweight approach, only the project level key (KEK) is re-wrapped with new master key (MKEK). This is currently applicable only for the PKCS11 plug-in. (http://specs.openstack.org/openstack/barbican-specs/specs/liberty/add-crypto-mkek-rotation-support-lightweight.html)
Updated Barbican's root resource to return version information matching Keystone, Nova and Manila format. This is used by keystoneclient's versioned endpoint discovery feature.
Removed administrator endpoint as all operations are available on a regular endpoint. No separate endpoint is needed as access restrictions are enforced via Oslo policy.
Added configuration for enabling sqlalchemy pool for the management of SQL connections.
Added ability to list secrets which are accessible via ACL using GET /v1/secrets?acl-only=true request.
Improved functional test coverage around Barbican APIs related to ACL operations, RBAC policy and secrets.
Fixed issues around creation of SnakeOil CA plug-in instance.
Barbican client CLI can now take a Keystone token for authentication. Earlier only username and password based authentication was supported.
Barbican client now has ability to create and list certificate orders.
Upgrade Notes
Removed project secret association table. Secret project relationship is maintained by foreign key. For more detail, see http://specs.openstack.org/openstack/barbican-specs/specs/liberty/data-remove-tenant-secret-assoc.html .Renamed barbican configuration file to
barbican.conf.
OpenStack Image Service (Glance)
Updated project guide that includes some details on operating, installing, configuring, developing to and using the service: http://docs.openstack.org/developer/glance/Key New Features
Added support for uploading signed images. For more information, see http://specs.openstack.org/openstack/glance-specs/specs/liberty/image-signing-and-verification-support.html .Scrubbing of images in parallel is now possible. For more information, see http://specs.openstack.org/openstack/glance-specs/specs/liberty/scrub-images-in-parallel.html .
The health of a Glance node can be monitored using the healthcheck middleware. For more information, see http://specs.openstack.org/openstack/glance-specs/specs/liberty/healtcheck-middleware.html .
The EXPERIMENTAL Artifacts API is now available for use. Please note, it is subject to change in the future until it becomes a standard API.
S3 store now has proxy support. For more information, see http://specs.openstack.org/openstack/glance-specs/specs/liberty/http-proxy-support-for-s3.html .
Swift store now has v3 authentication support.
python-glanceclient now support some advanced aspects of keystone sessions.
python-glanceclient now supports tags for Metadata Definition Catalog.
Upgrade Notes
python-glanceclient now defaults to using Glance API v2 and if v2 is unavailable, it will fallback to v1.Dependencies for backend stores are now optionally installed corresponding to each store specified.
Some stores like swift, s3, vmware now have python 3 support.
Some new as well as updated default metadata definitions ship with the source code.
More python 3 support added to Glance API, and now continuous support is extended by the means of tests to ensure compatibility.
utf-8 is now the default charset for the backend MySQL DB.
Migration scripts have been updated to perform a sanity check for the table charset.
'ram_disk' and 'kernel' properties can now be null in the schema and 'id' is now read only attribute for v2 API.
A configuration option
client_socket_timeouthas been added to take advantage of the recent eventlet socket timeout behaviour.
A configuration option
scrub_pool_sizehas been added to set the number of parallel threads that a scrubber should run and defaults to 1.
An important bug that allowed to change the image status using the Glance v1 API has now been fixed.
Deprecated Features
The experimental Catalog Index Service has been removed and now is a separate project called Searchlight.The configuration options
scrubber_datadir,
cleanup_scrubberand
cleanup_scrubber_timehave been removed following the removal of the file backed queuing for scrubber.
OpenStack Shared File System (Manila)
New Features
Enabled support for availability zones.Added administrator API components to share instances.
Added pool weigher which allows Manila scheduler to place new shares on pools with existing share servers.
Support for share migration from one hostpool to another hostpool (experimental).
Added shared extend capability in the generic driver.
Support for adding consistency groups, which allow snapshots for multiple filesystem shares to created at the same point in time (experimental).
Support for consistency groups in the NetApp cDOT driver and generic driver.
Support for oversubscription in thin provisioning.
New Windows SMB driver:
Support for handling Windows service instances and exporting SMB shares.
Added new
osapi_share_workersconfiguration option to improve the total throughput of the Manila API service.
Added share hooks feature, which allows actions to be performed before and after share drive methods calls, call additional periodic hook for each 'N' tick, and update the results of a driver's action.
Improvements to the NetApp cDOT driver:
Added variables netapp:dedup, and netapp:compression when creating the flexvol that backs up a new manila share.
Added manage/unmanage support and shrink_share support.
Support for
extended_shareAPI component.
Support for netapp-lib PyPI project to communicate with storage arrays.
Improvements to the HP 3PAR driver:
Added reporting of dedupe, thin provisioning and hp3par_flash_cache capabilities. This allows share types and the CapabilitiesFilter to place shares on hosts with the requested capabilities.
Added share server support.
Improvements to the Huawei Manila driver:
Added support for storage pools, extend_share, manage_existing, shrink_share, read-only share, smartcache and smartpartition.
Added reporting of dedupe, thin provisioning and compression capabilities.
Added access-level support to the VNX Manila driver.
Added support for the Manila HDS HNAS driver.
Added GlusterFS native driver.
GlusterFS drivers can now specify the list of compatible share layouts.
Added microversion support (v2 API).
Deprecated Features
Theshare_reset_statusAPI component is deprecated and replaced by
share_instance_reset_status.
查看原文:http://www.zoues.com/index.php/2015/10/18/liberty/
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Centos 7 学习加入用户
- Linux汇编语言及嵌入式汇编
- linux目录解释
- # Linux Whois3获取 运营商信息
- Linux定时任务Crontab详解_定时备份
- 【Linux】删除目录及其子文件夹
- Photoshop CS6的安装
- LVS Nginx HAProxy 优缺点
- Linux集群部署系列(六):Hadoop 在window系统下安装方法
- Linux学习 -- Shell编程 -- 流程控制
- OpenStack使用Spice协议连接instance桌面
- Tomcat下为每个Web应用配置不同的访问端口
- Nginx
- 三思考,实现自己定义404页:Tomcat、SpringMVC精确匹配、重写DispatchServlet
- Linux学习笔记(整理记录)
- <草稿>.bash_profile/.bash_login/.profile的区别联系
- Linux集群部署系列(五):Hadoop 2.x完全分布式集群部署
- Linux以下银行乱码
- arm-linux-gcc 安装
- Linux下的make命令用法