Grizzly 시리즈 릴리즈 노트

릴리즈 개요

The Grizzly release cycle saw sweeping improvements to overall user experience, huge stability improvements, lots of new networking, instance management and image management features, a long-needed architectural clarification, and big increases in community engagement! Read on to get the specifics.

핵심

새로운 기능

네트워킹

Quantum added a huge number of new features in Grizzly, including L3 support (routers), load balancers, network topology infographics, better compatibility with Nova networking APIs (VNIC ordering when launching an instance; security groups and floating IP integration) and vastly improved informational displays.

Glance로 이미지 직접 업로드

It is now possible (though there are numerous deployment/security implications) to upload an image file directly from a user’s hard disk to Glance through Horizon. For multi-GB images it is still strongly recommended that the upload be done using the Glance CLI. Further improvements to this feature will come in future releases.

Flavor 추가 사양 지원.

In Folsom, Nova added support for “extra specs” on flavors–additional metadata which custom schedulers could use for appropriately scheduling instances. As of the Grizzly release, Horizon now supports reading and writing that data on any flavor.

인스턴스 마이그레이션

Administrators now have the ability to migrate an instance off of its current host via the Admin dashboard’s Instances panel.

사용자 경험 향상

“Not Authorized” & 로그아웃됨

A shocking number of the problems first-time deployers of OpenStack have can be summarized as “I thought I set everything up, then I tried to log into the dashboard and I was immediately logged back out.” The root cause of this was that in an effort to be as secure as possible any 401 or 403 response from any service API was being treated the same as if it was an attempt to access an unauthorized portion of Horizon, and the user was summarily logged out with little to no information as to why.

In Grizzly we have instead chosen to improve this by treating service API 401 and 403 errors as slightly less severe than unauthorized access attempts to restricted areas of Horizon. The reason for this is threefold:

  1. For a non-malicious user these errors are almost 100% the result of misconfiguration and this makes debugging possible.

  2. A malicious user can make the exact same “unauthorized” requests via the CLI as they can via the dashboard; no special privileges are granted.

  3. API errors are generated by external systems not under the purview of our project and while we should attempt to respect and take appropriate action on those errors, we should not do anything drastic or even potentially destructive because of them.

Going forward the user will not be logged out, but no information will be populated on the page and they will be presented with error messages informing them that they are unauthorized for the data they attempted to access.

Reorganizations

A couple of long-standing user confusions were fixed in Grizzly.

First off, the API Access panel (containing a user’s API endpoints, rc files, and EC2 credentials) was moved from Settings to the Access & Security section of the Project dashboard.

Second, the Default Quotas and Services panels (which were both strictly informational) were combined into tabs in a single System Info panel to make it clear that these panels are thematically related, and to create a home for informational-only displays like these.

원-클릭 Floating IP 관리

A common complaint from users was that associating a floating IP to an instance involved numerous clicks and form selections for something that the majority of users had no knowledge of and didn’t care about. As such, a one-click “simple” floating IP association option has been created. For deployments which only have a single floating IP pool, this allows users to ignore explicit floating IP management and just click a button to associate or disassociate a floating IP with an instance.

체계화된 이미지

The Images table now has a new feature: predefined filters for seeing your own images, images that have been shared with you, or public images. This makes finding the image you’re looking for a great deal easier and more pleasant.

보안 그룹 규칙 편집 개선

The security group rule editing experience has always been inherently very complicated simply given the number of options and the very technical terms involved. Moreover, the combined table-plus-form approach the OpenStack Dashboard had taken only made the UX more frustrating for an already difficult area.

In Grizzly this has all been reworked to be significantly simpler, and to provide as much contextual help and streamlining as possible.

Icons!

In an effort to make the dashboard more at-a-glance usable, we’ve added icons to most of the common action buttons throughout the dashboard.

“More Actions”, 더 좋아집니다.

Lots of feedback came in that the “more actions” dropdown menu (for tables with numerous actions available on each row) was confusing to new users and/or difficult to click.

We’ve now improved it so that the button to open the menu is clearly labeled and the hitbox for clicking it is significantly larger.

커뮤니티

문서,문서,그리고 더 많은 문서!

Large amounts of new documentation was added during the Grizzly cycle, most notably are sections documenting: all of the available settings for Horizon and the OpenStack Dashboard; security and deployment considerations; and deeper guides on customizing the OpenStack Dashboard.

IRC 미팅

During the Grizzly cycle we started holding a weekly project meeting on IRC. This has been extremely beneficial for the growth and progress of the project. Check out the OpenStack Meetings wiki page for specifics.

Under The Hood

기존 대시보드 이름 & 코드 분리

Very early in the Grizzly cycle we took the opportunity to do some longstanding cleanup and refactoring work. The “nova” dashboard was renamed to “project” and the “syspanel” dashboard was renamed to “admin” to better reflect their respective purposes.

Moreover, a better separation was created between code related to the core Horizon framework code (which is not related to OpenStack specifically) and the OpenStack Dashboard code. At this point all code related to OpenStack lives in the OpenStack Dashboard directory, while the Horizon framework is completely agnostic and is a reusable Django app.

Object Storage Delimiters and Pseudo-folder Objects

When Horizon’s object storage interface was first added, Swift’s documentation recommended adding 0-byte objects with a special content type to denote pseudo-folders within a container. They have since decided that this is not the recommended practice, and that pseudo-folders should only be demarcated by a delimiting character (usually “/”) in the object name.

Horizon has been updated under the hood to use this method, which should bring it better into line with how most deployments are using their object storage.

기타 개선 사항 및 수정 사항

  • Support for Keystone’s PKI tokens.

  • Flavor editing was made significantly more stable.

  • 실행중인 인스턴스에 보안 그룹을 추가 할 수 있습니다.

  • Volume quotas are handled by the appropriate service depending on whether or not Cinder is enabled.

  • Password confirmation boxes are now validated for matching passwords on the client side for more immediate feedback.

  • Numerous fixes to display more and better information for instances and volumes in their overview pages.

  • 오브젝트 스토리지 패널에 대한 향상된 유니 코드 지원.

  • Logout now attempts to delete the token(s) associated with the current session to avoid replay attacks, etc.

  • Various fixes for browser compatibility and rendering.

  • Many, many other bugfixes and improvements. Check out Launchpad for the full list of what went on in Grizzly.

알려진 이슈와 제한사항

Editing a Flavor Which Results In An API Error Will Delete The Flavor

Due to the way that Nova handles flavor editing/replacement it is necessary to delete the old flavor before creating the replacement flavor. As such, if an API error occurs while creating the replacement it is possible to lose the old flavor without the new one being created.

Creating Rich Network Topologies

Due to several Quantum features landing very late in the Grizzly cycle, it is not possible to create particularly complex networking configurations through the OpenStack Dashboard. These features will continue to grow throughout future releases.

로드 밸런서 기능

The Loadbalancer feature landed in the 11th hour for both Quantum and Horizon and, though we did our best to test it, may still contain undiscovered bugs. It is best considered a “beta” or “experimental” feature for the Grizzly release.

Quantum Brocade Plugin Not Compatible

The Brocade plugin for Quantum does not support key features of the floating IP addresses API which are considered central to Horizon’s functionality. As such, it is not compatible with the Grizzly release’s Quantum integration.

Deleting large numbers of resources simultaneously

Using the “select all” checkbox to delete large numbers of resources via the API can cause network timeouts (depending on configuration). This is due to the APIs not supporting bulk-deletion natively, and consequently Horizon has to send requests to delete each resource individually behind the scenes.

하위 호환성

The Grizzly Horizon release should be fully compatible with both Grizzly and Folsom versions of the rest of the OpenStack core projects (Nova, Swift, etc.). While some features work significantly better with an all-Grizzly stack due to bugfixes, etc. in underlying services, there should not be limitations on what will or will not function.

Overall, great effort has been made to maintain compatibility for third-party developers who may have built on Horizon so far.