问题导读
1.OpenStack对象存储(Swift)有哪些新增功能?
2.OpenStack网络服务(Neutron)做了哪些改进?
3.OpenStack为所有的endpoints默认使用v2.1的API,是否兼容v1.1?
4.调度器(Scheduler)修复了哪些bug?
OpenStack对象存储(Swift)完整的版本更新说明请参阅 https://github.com/openstack/swift/blob/master/CHANGELOG 新功能- 通过设置一个大于0的整数值,允许部署一个以上的、每个磁盘一个object服务(object-servers-per-disk),通过在[DEFAULT]中的"servers_per_port"配置,设置object-server或者复制服务的配置。这个整数配置决定了有多少个不同的object-server的workers,响应一个唯一的本地ring里的port。在这种模式下,父级的swift-object-server进程继续使用原有用户执行(例如,如果需要low-port绑定是必须的,使用root用户)。它会绑定所有在ring定义的ports。之后,为每一个监听socket分离出一个指定数量的workers。子级别的,每个port服务,放弃权限并且表现出object-server的workers固有状态,但是一个唯一的例外:ring在每个磁盘拥有唯一ports,object-servers仅仅为一个磁盘响应请求。父进程检测到死掉的服务并且重启他们(拥有正确监听socket)。当发现一个更新的ring文件后,它启动丢失的服务,并且在服务中加载一个新的port,并且当他们的接口在ring里找不到的时候,杀掉不相关的服务。ring文件启动是在每个object-server配置中由"ring_check_interval"参数进行配置(默认15秒)。在测试中,部署的配置是更低的请求延时(配置为3秒),优化了每秒的请求,与存在的"workers"配置相比较,隔离速度慢的磁盘IO请求。如果使用这个配置,每个设备必须要加入到ring中,并且使用一个不同的port。
- 对象服务包含了一个"container_update_timeout"设置(默认配置为1秒)。这个值的含义就是对象服务等待容器服务在返回对象PUT操作之前更新列表的时间。之前,对象服务会等待容器服务3秒响应。当集群内的容器非常繁忙的时候(例如,当容器非常大的时候),新的行为明显降低了对象PUT延时。将这个值设置过低会引起客户端在PUT一个对象过程中无法及时在列表中找到对象。但是设置太高了,在容器服务繁忙的时候,会增加客户端延时。
- 可以为静态超大对象(Static Large Object, SLO)分段指定范围。
- 运行SLO PUT操作放弃预分段完整性的检查。之前的方式是,在manifest中的每个分段引用也需要一个正确的etag和字节设定。这些字段不允许在制定的分段中,设置null值来跳过这些特定的检查。
- Replicator配置现在支持"rsync_module"来允许每个设置加载rsync模块。这些值允许运维人员能够更好的在swift集群中设置并调优复制的流量,并且分离复制磁盘的IO到指定的设备。详情请见文档和配置样例。
- Ring的更新
- Paritition的放置不在使用port数。这个更新主要优化在一个小集群内的扩散,例如运行一个设备上运行一个object,并且保证扩散不影响一个object服务一个服务器的集群。
- 增加ring-builder-analyzer工具来简化测试和分析ring管理运维
- Ring校验中,如果一个位置分区得到得到一个设备多次,就会出现警告。这种情况发生在一个ring是不平衡的情况下(例如:两个服务器,一个服务器的容量要明显比另外一个多)。
升级提示
OpenStack网络服务(Neutron)- Neutron现在支持IPv6前缀代表,用于自动分配IPv6的子网的CIDRs。更多信息和使用说明请详见OpenStack Networking Guide。
- Neutron现在暴露了一个Qos API,在port级别提供端口带宽限制。API,CLI、配置和其他信息请参阅:[1]。
- 路由的高可靠(L3 HA/VRRP)现在在二层population(l2pop)被打开时工作 [2]。
- VPNaas相关驱动现在和HA路由器兼容。
- 为HA路由,使用VRRP的网络现在需要配置使用特定的分区类型或者物理网络标记[3]。
- OVS代理的重启不影响数据层面连接。
- Neutron网络现在支持基于角色的访问控制[4]。
- LBaaS V2相关驱动现在基于Octavia,一个运维级别可扩展、可靠的负载均衡平台。
- LBaaS V2 API is no longer experimental. It is now stable.
- LBaas V2 API现在不再为测试。已经稳定了。
- Neutron现在提供给管理员手动方式的调度代理,允许主机再远能够在为租户使用前进行测试[5]。
- Neutron现在有一套可插拔的IP地址管理框架,允许使用可选择的或者第三方IPAM。原来的,不可插拔版本的IPAM仍然被默认使用。
废弃和被删除的插件和驱动- metaplugin在Liberty版本被删除
- IBM SDN-VE整体插件在Liberty版本被删除
- 思科N1kV整体插件在Liberty版本被删除(被ML2策略驱动取代)
- Embrane插件被废弃,将在Mitaka版本中被删除。
废弃的功能性能建议- 常用的Trusty Tahr内核(3.13)在命名空间增加以后执行"ip netns exec"会出现线性性能下降。当然比例很重要,未来的内核版本(例如3.19)应该被使用。[在3.13出现的问题。大多数版本应该已经修复了]
注意:这个回归应该在Trusty Thar 3.13.0-36.63及以后的版本中修复。更多信息请参阅:https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1328088
OpenStack 计算服务(Nova)新功能APIhttps://blueprints.launchpad.net/nova/+spec/allow-ip6-search-for-non-admin) 调度器(Scheduler)scheduler的架构演进仍然在继续,修复了一些bug: Cells v2Cells v2版本现在并不是一个可用状态,但是我们添加了一些更多的支持: 计算节点驱动新功能LibvirtVMwareHyper-VIronic其他更新升级提示不推荐使用的功能- 不赞成使用禁用树级API扩展(https://blueprints.launchpad.net/nova/+spec/nova-api-deprecate-extensions)
- 从2.21.0开始不赞成使用novaclient.v1_1模块[[6]][[7]],并且我们将在Mitaka的第一个python-novaclient版本中删除。
- 从2.29.0开始不赞成使用`novaclient.client.get_client_class`方法[[8]]。这个方法将在Mitaka中删除。
- 不赞成在weighers使用mute_weight_value,包括在Cells中使用
- 不赞成在Libvirt驱动中使用remove_unused_kernels
- 使用vcenter的最低版本为5.1.0。在Liberty里这会以警告方式提示,在Mitaka中对于低于5.1.0的版本将不在提供支持。
- 不赞成使用v3 API特定的组件,将会在默认的paste.ini中删除
OpenStack计量服务(Ceilometer)关键的新功能- 创建Aodh处理告警服务
- Metadata缓存 - 降低nova api polling的压力。
- 关于meters的声明
- 可以根据meter定义模板生成meters
- 能够poll定义特定的SNMP meters
- 支持从Ceilometer到Gnocchi的数据发布
- 强制限制 - 限制约束查询。限制必须在查询中显示声明,否则结果集会按照默认限制。
- 分布式的、协调的通知agent - 支持跨多个通知agent负载分区
- 支持按照RBAC的事件
- 支持PowerVM虚拟化
- 优化MongoDB查询 - 统计查询性能优化
- 额外的meter支持:
- Magnum meters
- DBaaS meters
- DNSaaS meters
Gnocchi功能Aodh功能- 事件告警 - 当时间被接收后能够触发一个动作
- 在告警中支持信任link。
升级提示- ceilometer使用的一些中间层的名字变化采用向后不兼容方式。在升级前,编辑paste.ini文件,修改oslo.middleware为 oslo_middleware 。例如,使用sed -ri 's/oslo\.middleware/oslo_middleware/' api_paste.ini
- 在Ceilometer,通知的agent是一个收集数据的核心服务。这个agent用于处理所有的变形和发布。Polling代理现在延缓所有进程到通知代理,并且必须要部署为tandem。
- 强制限制添加到每个请求中。如果没有限制,默认强制使用默认配置。
不赞成使用的功能- 不赞成使用Ceilometer告警,推荐使用Aodh
- 不推荐使用RPC发布和收集,推荐使用基于通知发布。
- 仍然不推荐使用Non-metric meters,在未来版本将被删除。
OpenStack鉴权服务(Keystone)新功能- 实验性:域相关配置能够存在SQL中替代配置文件,使用新的REST APIs。
- 实验性: Keystone现在支持无token验证,使用X.509 SSL客户端证书
- 现在支持为每个鉴权提供者配置WebSSO
- openstack_user_domain和openstack_project_domain属性被添加到SAML断言中,用来分别映射用户、项目域。
- credentials列表的调用现在能够使用credential类型进行过滤
- 优化out-of-tree驱动,用于定义稳定驱动接口
- 一些功能被加固,包括联合tokens、联合,从数据库指定域名配置和角色分配
- 特定的一些配置在keystone.conf有了新的选项,用于判断用户的配置是否合法
升级提示- EC2 token中间层,在Juno中不建议使用,在keystone已经不存在了。已经被完全移动至keystonemiddleware包中。
- compute_port配置项,在Juno中不推荐使用,现在不存在了
- XML中间层的遗留已经被彻底清除,所以相关的配置信息也从keystone-paste.ini配置中删除
- stats_monitoring和stats_reporting paste中的过滤器被删除,所以相关的配置也从keystone-paste.ini中删除
- 外部的鉴权插件ExternalDefault,ExternalDomain,LegacyDefaultDomain和LegacyDomain,在Icehouse中不推荐使用,并且现在也不存在了
- keystone.conf现在为驱动关联入口(entrypoint)名称。例如,驱动现在被定义为"sql","ldap","uuid",而不需要定义全路径。查看配置文件中的样例。
- 我们现在为keystone-manage暴露入口(entrypoints)命令取代文件。
- 不再支持通过keystone-manage db_sync进行Schema回滚。仅仅支持更新。
- 对于之前版本添加的"扩展"功能(OAuth delegation, Federated Identity support, Endpoint Policy等)现在默认开启
- 增加了一个新的secure_proxy_ssl_header配置项,适用于keystone运行在代理服务之后的场景。
- 一些配置不推荐使用,重命名或者在keystone.conf中移动到了新的段落。
- Domain name information can now be used in policy rules with the attribute domain_name.
- 域名信息能够在策略规则中使用,使用属性domain_name
不推荐使用的功能- 仍然不推荐在Evetnlet使用Keystone,并且在Mitaka更新中删除。
- 不推荐使用使用LDAP作为资源后端,例如项目和域,将会在Mitaka更新中删除
- 不推荐驱动类使用全路径方式,使用entrypoint方式。在Mitaka里,entrypoint必须被使用
- 在keystone.conf中[resource]和[role]中,不推荐使用不指定驱动,并且使用分配的驱动的方式。在Mitaka更新中,resource和role驱动默认使用SQL驱动。
- 在keystone-paste.ini,不推荐使用paste.filter_factory,替代方案是设置entrypoint。
- 在创建用户、组和项目过程中不指定域,失败的情况下会使用默认域,现在不推荐,以后会在N版本中删除
- 从分配管理中相应不推荐使用的方法被删除,使用相同的方法在[resource]和[role]管理
OpenStack块存储(Cinder)升级提示- 对于RPC API的参数变化和在对象化转化导致无法使用Liberty c-vol和c-api服务兼容Kilo或者更早的版本的相关服务
不推荐使用的功能- 删除了Simple和Chance两种调度器
- 删除了不再推荐使用的HDS HUS iSCSI驱动
- 删除了Coraid驱动
- 删除了Solaris iSCSI驱动
- 删除了--force选项,该选项用于允许上传镜像到已经挂载的卷
- 将v1 API标记为不推荐使用
OpenStack编排服务(Heat)新功能集合(Convergence)Convergence是一个新的编排引擎,在heat中整合。在Liberty中,使用Convergence引擎的优势: - 更好的资源并发处理能力(更好处理超大模板)
- 可以在已经执行更新操作过程中再次执行stack-update
- 更好的处理heat-engine出现的失败(仍然WIP)
convergence引擎可以通过设置/etc/heat/heat/conf [DEFAULT]下的convergence_engine=true开启,需要重新启动heat-engine。一旦开启后,随后所有创建stack操作将使用convergence引擎,之前使用传统引擎创建的stack仍然使用之前的引擎进行处理。 Convergence并没有达到生成级别测试的标准,所以使用的时候应该以"beta"版本对待,小心使用。在Liberty更新中,如果你的目的是评估和扩展测试,你可以在heat中开启Convergence。我们将在Mitaka中将Convergence设为默认引擎。跟踪Convergence bugs在launchpad上:convergence-bugs tag 受约束的资源安装只有在云平台安装的资源才对用户可见。运维人员在以后可以通过标准策略规则控制资源对用户的可见policy.json on per-resource type basis heat_template_version: 2015-10-152015-10-15 indicates that the YAML document is a HOT template and it may contain features added and/or removed up until the Liberty release. - Removes the Fn::Select function (path based get_attr/get_param references should be used instead).
- If no <attribute name> is specified for calls to get_attr, a dict of all attributes is returned, e.g. { get_attr: [<resource name>]}.
- Adds new str_split intrinsic function
- Adds support for passing multiple lists to the existing list_join function.
- Adds support for parsing map/list data to str_replace and list_join (they will be json serialized automatically)
REST API/heatclient additions- Stacks can now be assigned with a set of tags, and stack-list can filter and sort through those tags
- "heat stack-preview ..." will return a preview of changes for a proposed stack-update
- "heat template-validate --show-nested ..." will also validate all template resources and return nested data useful for building user interfaces
- "heat resource-type-template --template-type hot ..." generates a template in HOT format
- "heat resource-type-list" only shows types available to the user, and can filter results by name, version and support_status
- "heat template-version-list" lists available template versions
- "heat template-function-list ..." lists available functions for a template version
Enhancements to existing resourcesNew resourcesThe following new resources are now distributed with the Heat release: [1] These existed Kilo as contrib resources as they were for non-integrated projects. These resources are now distributed with Heat as Big Tent projects. [2] These existed Kilo as contrib resources as they require a user with an admin role. They are now distributed with Heat. Operators now have ability to hide them from under-privileged users by modifyig policy.json (for reference, OS::Nova::Flavor is hidden from non-admin users in default policy file supplied). [3] These existed in Kilo as contrib resources as they used an approach not endorsed by the Heat project. They are now distributed with heat and documented as UNSUPPORTED. [4] These resources are for projects which are not yet OpenStack Big Tent projects, so are documented as UNSUPPORTED With the new OS::Keystone::* resources it is now be possible for cloud operators to use heat templates to manage Keystone service catalog entries and users. Deprecated Resource PropertiesMany resource properties have previously been documented as DEPRECATED. 15 of these properties are now flagged as HIDDEN, which means they will no longer be documented, but existing stacks and templates will continue to work after a heat upgrade. The [http://docs.openstack.org/developer/heat/template_guide/openstack.html Resource Type Reference] should be consulted to determine available resource properties and attributes. Upgrade notesConfiguration ChangesNotable changes to the /etc/heat/heat.conf [DEFAULT] section: - hidden_stack_tags has been added, and stacks containing these tag names will be hidden from stack-list results (defaults to data-processing-cluster, which hides sahara-created stacks)
- instance_user was deprecated, and is now removed entirely. Nova servers created with OS::Nova::Server resource will now boot configured with the default user set up with the cloud image. AWS::EC2::Instance still creates "ec2-user"
- max_resources_per_stack can now be set to -1 to disable enforcement
- enable_cloud_watch_lite is now false by default as this REST API is deprecated
- default_software_config_transport has gained the option ZAQAR_MESSAGE
- default_deployment_signal_transport has gained the option ZAQAR_SIGNAL
- auth_encryption_key is now documented as requiring exactly 32 characters
- list_notifier_drivers was deprecated and is now removed
- policy options have moved to the [oslo_policy] section
- use_syslog_rfc_format is deprecated and now defaults to true
Notable changes to other sections of heat.conf: - [clients_keystone] auth_uri has been added to specify the unversioned keystone url
- [heat_api] workers now defaults to 4 (was previously 0, which created a worker per host CPU)
The policy file /etc/heat/policy.json can now be configured with per-resource-type access policies, for example: "resource_types:OS::Nova::Flavor": "rule:context_is_admin"Upgrading from Kilo to LibertyProgress has been made on supporting live sql migrations, however it is still recommended to bring down the heat service for the duration of the upgrade. Downward SQL schema migrations are no longer supported. A rollback to Kilo will require restoring a snapshot of the pre-upgrade database. OpenStack Data Processing (Sahara)Key New Features- New plugins and versions:
- Ambari plugin with supports HDP 2.2 / 2.3
- Apache Hadoop 2.7.1 was added, Apache Hadoop 2.6.0 was deprecated
- CDH 5.4.0 was added with HA support for NameNode and ResourceManager
- MapR 5.0.0 was added
- Spark 1.3.1 was added, Spark 1.0.0 was deprecated
- HDP 1.3.2 and Apache Hadoop 1.2.1 was removed
- Added support for using Swift with Spark EDP jobs
- Added support for Spark EDP jobs in CDH and Ambari plugins
- Added support for public and protected resources
- Started integration with OpenStack client
- Added support for editing all Sahara resources
- Added automatic Hadoop configuration for clusters
- Direct engine is deprecated and will be removed in Mitaka release
- Added OpenStack manila NFS shares as a storage backend option for job binaries and data sources
- Added support for definition and use of configuration interfaces for EDP job templates
Deprecated Features- Direct provisioning engine
- Apache Hadoop 2.6.0
- Spark 1.0.0
- All Hadoop 1.X removed
OpenStack Search (Searchlight)This is the first release for Searchlight. Searchlight is intended to dramatically improving the search capabilities and performance of various OpenStack cloud services by offloading user search queries. It provides Keystone RBAC based searches across OpenStack services by indexing their data into ElasticSearch and providing a security layer on top of incoming search queries. ElasticSearch is a search server based on Lucene. It provides a distributed, scalable, near real-time, faceted, multitenant-capable, and full-text search engine with a RESTful web interface. Key New FeaturesNew Resource Types IndexedUpgrade NotesN/A Deprecated FeaturesN/A OpenStack DNS (Designate)Key New Features- Experimental: Hook Point API
- Horizon Plugin moved out of tree
- Purging deleted domains
- Ceilometer "exists" periodic event per domain
- ASync actions
- Active /passive failover for designate-pool-manager periodic tasks
- OpenStack client integration
Addtional DNS Server BackendsUpgrade Notes- New service designate-zone-manager
- It is recommended to use a supported tooz backend.
- ZooKeeper is recommended, or anything supported by tooz.
- If a tooz backend is not used, all zone-managers will assume ownership of all zones, and there will be 'n' "exists" messages per hour, where 'n' is the number of zone-manager processes.
- designate-pool-manager can do active/passive failover for periodic tasks.
- It is recommended to use a supported tooz backend.
- If a tooz backend is not used, all pool-managers will assume ownership of the pool, and multiple periodic tasks will run. This can result in unforeseen consequences.
Deprecated Features- V1 API
- An initial notice of intent, as there are operations that still require the Designate CLI interface which talks to V1, and Horizon panels that only talk to V1.
OpenStack Messaging Service (Zaqar)Key New Features- Pre-signed URL - A new REST API endpoint to support pre-signed URL, which provides enough control over the resource being shared, without compromising security.
- Email Notification - A new task driver for notification service, which can take a Zaqar subscriber's email address. When there is a new message posted to the queue, the subscriber will receive the message by email.
- Policy Support - Support fine-grained permission control with the policy.json file like most of the other OpenStack components.
- Persistent Transport - Added support for websocket as a persistent transport alternative for Zaqar. Now users will be able to establish long-lived connections between their applications and Zaqar to interchange large amounts of data without the connection setup adding overhead.
OpenStack Dashboard (Horizon)Key New Features- Plugin improvements – Horizon auto discovers JavaScript files for inclusion, and now has mechanisms for pluggable SCSS and Django template overrides.
- Horizon (internal improvements)
Upgrade Notes- Django 1.8 is now supported, and Django 1.7 is our minimum supported version (https://blueprints.launchpad.net/horizon/+spec/drop-django14-support).
- Database-backed sessions will likely not persist across upgrades due to a change in their structure (https://github.com/openstack/django_openstack_auth/commit/8c64de92f4148d85704b10ea1f7bc441db2ddfee andhttps://github.com/openstack/horizon/commit/ee2771ab1a855342089abe5206fc6a5071a6d99e).
- Horizon no longer uses QUnit in testing, and it has been removed from our requirements (https://blueprints.launchpad.net/horizon/+spec/replace-qunit-tests-with-jasmine).
- Horizon now has multiple configuration options for the default web URL (WEBROOT), static file location (STATIC_ROOT) and static file URL (STATIC_URL) in its settings files.
- Themes have moved location from openstack_dashboard/static/themes, to openstack_dashboard/themes. Paths may need to be updated accordingly. Furthermore, Horizon is aligning closer with Bootstrap markup, and themes should be built around this ideology; see the top bar and side navigation for details.
- The deprecated OPENSTACK_QUANTUM_NETWORK configuration option has been removed. If you still use it, replace it with OPENSTACK_NEUTRON_NETWORK
- There is now an OPENSTACK_NOVA_EXTENSIONS_BLACKLIST option in the settings, to disable selected extensions for performance reasons (https://github.com/openstack/horizon/commit/18f4b752b8653c9389f8b0471eccaa0659707ebe).
- Trove and Sahara panels now reside in openstack_dashboard/contrib. This is to provide separation for reviews provided mostly by the service teams. In the future, these panels may become plugins rather than being kept in Horizon (https://blueprints.launchpad.net/horizon/+spec/plugin-sanity).
- Horizon requires both a volume and volumev2 endpoint for Cinder, even if only using v2.
openstack Liberty版版本更新日志2
http://www.aboutyun.com/thread-15775-1-1.html
| 
/2 
京ICP备2020039040号
简书网举报电话:021-34700000
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡
