We are now publishing release notes through releasenotes/ (at http://docs.openstack.org/releasenotes/). On the other hand, we used doc/ for past release notes. It looks better to merge the past release notes to the new location. Change-Id: I7478e86600074bec9d8f2596c4be3c4b389ee7bb
10 KiB
Havana Series Release Notes
Release Overview
The Havana release cycle brings support for three new projects, plus significant new features for several existing projects. On top of that, many aspects of user experience have been improved for both end users and administrators. The community continues to grow and expand. The Havana release is solidly the best release of the OpenStack Dashboard project yet!
Highlights
New Features
Heat
The OpenStack Orchestration project (Heat) debuted in Havana, and Horizon delivers full support for managing your Heat stacks. Highlights include support for dynamic form generation from supported Heat template formats, stack topology visualizations, and full stack resource inspection.
Ceilometer
Also debuting in Havana is the OpenStack Metering project (Ceilometer). Initial support for Ceilometer is included in Horizon so that it is possible for an administrator to query the usage of the cloud through the OpenStack Dashboard and better understand how the system is functioning and being utilized.
Domains, Groups, and More: Keystone v3 API Support
With the OpenStack Identity Service (Keystone) v3 API fully fledged in the Havana release, Horizon has added full support for all the new features such as Domains and Groups, Role management and assignment to Domains and Groups, Domain-based authentication, and Domain context switching.
Trove Databases
The OpenStack Database as a Service project (Trove) graduated from incubation in the Havana cycle, and thanks to their industriousness they delivered a set of panels for the OpenStack dashboard to allow for provisioning and managing your Trove databases and backups. Disclaimer: Given that Trove's first official release as an integrated project will not be until Icehouse this feature should still be considered experimental and may be subject to change.
Nova Features
The number of OpenStack Compute (Nova) features that are supported in Horizon continues to grow. New features in the Havana release include:
- Editable default quotas.
- The ability for an administrator to reset the password of a server/instance.
- Availability zone support.
- Improved region support.
- Instance resizing.
- Improved boot-from-volume support.
- Per-project flavor support.
All of these provide a richer set of options for controlling where, when and how instances are launched, and improving how they're managed once they're up and running.
Neutron Features
A number of important new OpenStack Networking (Neutron) features are showcased in the Havana release, most notably:
- VPN as a Service.
- Firewall as a Service.
- Editable and interactive network topology visualizations.
- Full security group and quota parity between Neutron and Nova network.
These features allow for tremendous flexibility when constructing software-defined networks for your cloud using Neutron.
User Experience Improvements
Self-Service Password Change
Empowered by changes to the Keystone API, users can now change their own passwords without the need to involve an administrator. This is more secure and takes the hassle out of things for everyone.
Better Admin Information Architecture
Several sections of the Admin dashboard have been rearranged to more logically group information together. Additionally, new sources of information have been added to allow Admins to better understand the state of the hosts in the cloud and their relationship to host aggregates, availability zones, etc.
Improved Messaging To Users On Logout
Several new indicators have been added to inform users why they've been logged out when they land on the login screen unexpectedly. These indicators make it clear whether the user's session has expired, they timed out due to inactivity, or they are not authorized for the section of the dashboard they attempted to access.
Security Group Rule Templates
Since there are many very common security group rules which users
tediously re-add each time (rules for SSH and ping, for example) the
Horizon team has added pre-configured templates for common rules which a
user can select and add to their security group with two clicks. These
rules are configurable via the SECURITY_GROUP_RULES
setting.
Community
Translation Team
The OpenStack Translations team came fully into its own during the Havana cycle and the quality of the translations in Horizon are the best yet by far. Congratulations to that team for their success in building the community that started primarily within the OpenStack Dashboard project.
User Experience Group
A fledgling OpenStack User Experience Group formed during the Havana cycle with the mission of improving UX throughout OpenStack. They have quickly made themselves indispensable to the process of designing and improving features in the OpenStack Dashboard. Expect significant future improvement in User Experience now that there are dedicated people actively collaborating in the open to raise the bar.
Under The Hood
Less Complicated LESS Compilation: No More NodeJS
Due to outcry from various parties, and made possible by improvements
in the Python community's support for LESS, Horizon has removed all
traces of NodeJS from the project. We now use the lesscpy
module to compile our LESS into the final stylesheets. This should not
affect most users in any way, but it should make life easier for
downstream distributions and the like.
Role-Based Access Controls
Horizon has begun the transition to using the other OpenStack
projects' policy.json
files to enforce access controls in
the dashboard if the files are provided. This means access controls are
more configurable and can be kept in sync between the originating
project and Horizon. Currently this is only supported for Keystone and
parts of Nova's policy files. Full support will come in the next
release. You will need to set the POLICY_FILES_PATH
and
POLICY_FILES
settings in order to enable this feature.
Other Improvements and Fixes
- Swift container and object metadata are now supported.
- New visualizations for utilization and quotas.
- The Cisco N1K Router plugin's additional features are available through a special additional dashboard when enabled and supported in Neutron.
- Support for self-signed or other specified SSL certificate checking.
- Glance image types are now configurable.
- Sorting has been improved in many places through the dashboard.
- API call efficiency optimizations.
- Required fields in forms are now better indicated.
- Session timeout can now be enabled to log out the user after a period of inactivity as a security feature.
- Significant PEP8 and code quality compliance improvements.
- Hundreds of bugfixes and minor user experience improvements.
Upgrade Information
Allowed Hosts
For production deployments of Horizon you must add the
ALLOWED_HOSTS
setting to your
local_settings.py
file. This setting was added in Django
1.5 and is an important security feature. For more information on it
please consult the local_settings.py.example
file or
Django's documentation.
Enabling Keystone and Neutron Features
If you have existing configurations for the
OPENSTACK_KEYSTONE_BACKEND
or
OPENSTACK_NEUTRON_NETWORK
settings, you will want to
consult the local_settings.example.py
file for information
on the new options that have been added. Existing configurations will
continue to work, but may not have the correct keys to enable some of
the new features in Havana.
Known Issues and Limitations
Session Creation and Health Checks
If you use a health monitoring service that pings the home page combined with a database-backed session backend you may experience excessive session creation. This issue is slated to be fixed soon, but in the interim the recommended solution is to write a periodic job that deletes expired sessions from your session store on a regular basis.
Deleting large numbers of resources simultaneously
Using the "select all" checkbox to delete large numbers of resources at once can cause network timeouts (depending on configuration). This is due to the underlying APIs not supporting bulk-deletion natively, and consequently Horizon has to send requests to delete each resource individually behind the scenes.
Conflicting Security Group Names With Neutron
Whereas Nova Network uses only the name of a security group when specifying security groups at instance launch time, Neutron can accept either a name or a UUID. In order to support both, Horizon passes in the name of the selected security groups. However, due to some data-isolation issues in Neutron there is an issue that can arise if an admin user tries to specify a security group with the same name as another security group in a different project which they also have access to. Neutron will find multiple matches for the security group name and will fail to launch the instance. The current workaround is to treat security group names as unique for admin users.
Backwards Compatibility
The Havana Horizon release should be fully compatible with both Havana and Grizzly versions of the rest of the OpenStack integrated projects (Nova, Swift, etc.). New features in other OpenStack projects which did not exist in Grizzly will obviously only work in Horizon if the rest of the stack supports them as well.
Overall, great effort has been made to maintain compatibility for third-party developers who have built on Horizon so far.