Havana Series Release Notes¶
Release Overview¶
The Havana release cycle brings support for three new projects, plus significant new features for several existing projects. On top of that, many aspects of user experience have been improved for both end users and administrators. The community continues to grow and expand. The Havana release is solidly the best release of the OpenStack Dashboard project yet!
Highlights¶
New Features¶
Heat¶
The OpenStack Orchestration project (Heat) debuted in Havana, and Horizon delivers full support for managing your Heat stacks. Highlights include support for dynamic form generation from supported Heat template formats, stack topology visualizations, and full stack resource inspection.
Ceilometer¶
Also debuting in Havana is the OpenStack Metering project (Ceilometer). Initial support for Ceilometer is included in Horizon so that it is possible for an administrator to query the usage of the cloud through the OpenStack Dashboard and better understand how the system is functioning and being utilized.
Domains, Groups, and More: Keystone v3 API Support¶
With the OpenStack Identity Service (Keystone) v3 API fully fledged in the Havana release, Horizon has added full support for all the new features such as Domains and Groups, Role management and assignment to Domains and Groups, Domain-based authentication, and Domain context switching.
Trove Databases¶
The OpenStack Database as a Service project (Trove) graduated from incubation in the Havana cycle, and thanks to their industriousness they delivered a set of panels for the OpenStack dashboard to allow for provisioning and managing your Trove databases and backups. Disclaimer: Given that Trove’s first official release as an integrated project will not be until Icehouse this feature should still be considered experimental and may be subject to change.
Nova Features¶
The number of OpenStack Compute (Nova) features that are supported in Horizon continues to grow. New features in the Havana release include:
Editable default quotas.
The ability for an administrator to reset the password of a server/instance.
Availability zone support.
Improved region support.
Instance resizing.
Improved boot-from-volume support.
Per-project flavor support.
All of these provide a richer set of options for controlling where, when and how instances are launched, and improving how they’re managed once they’re up and running.
Neutron Features¶
A number of important new OpenStack Networking (Neutron) features are showcased in the Havana release, most notably:
VPN as a Service.
Firewall as a Service.
Editable and interactive network topology visualizations.
Full security group and quota parity between Neutron and Nova network.
These features allow for tremendous flexibility when constructing software-defined networks for your cloud using Neutron.
User Experience Improvements¶
Self-Service Password Change¶
Empowered by changes to the Keystone API, users can now change their own passwords without the need to involve an administrator. This is more secure and takes the hassle out of things for everyone.
Better Admin Information Architecture¶
Several sections of the Admin dashboard have been rearranged to more logically group information together. Additionally, new sources of information have been added to allow Admins to better understand the state of the hosts in the cloud and their relationship to host aggregates, availability zones, etc.
Improved Messaging To Users On Logout¶
Several new indicators have been added to inform users why they’ve been logged out when they land on the login screen unexpectedly. These indicators make it clear whether the user’s session has expired, they timed out due to inactivity, or they are not authorized for the section of the dashboard they attempted to access.
Security Group Rule Templates¶
Since there are many very common security group rules which users tediously
re-add each time (rules for SSH and ping, for example) the Horizon team has
added pre-configured templates for common rules which a user can select and
add to their security group with two clicks. These rules are configurable
via the SECURITY_GROUP_RULES
setting.
Community¶
Translation Team¶
The OpenStack Translations team came fully into its own during the Havana cycle and the quality of the translations in Horizon are the best yet by far. Congratulations to that team for their success in building the community that started primarily within the OpenStack Dashboard project.
User Experience Group¶
A fledgling OpenStack User Experience Group formed during the Havana cycle with the mission of improving UX throughout OpenStack. They have quickly made themselves indispensable to the process of designing and improving features in the OpenStack Dashboard. Expect significant future improvement in User Experience now that there are dedicated people actively collaborating in the open to raise the bar.
Under The Hood¶
Less Complicated LESS Compilation: No More NodeJS¶
Due to outcry from various parties, and made possible by improvements in the
Python community’s support for LESS, Horizon has removed all traces of NodeJS
from the project. We now use the lesscpy
module to compile our LESS into
the final stylesheets. This should not affect most users in any way, but it
should make life easier for downstream distributions and the like.
Role-Based Access Controls¶
Horizon has begun the transition to using the other OpenStack projects’
policy.json
files to enforce access controls in the dashboard if the files
are provided. This means access controls are more configurable and can be kept
in sync between the originating project and Horizon. Currently this is only
supported for Keystone and parts of Nova’s policy files. Full support will
come in the next release. You will need to set the POLICY_FILES_PATH
and
POLICY_FILES
settings in order to enable this feature.
Other Improvements and Fixes¶
Swift container and object metadata are now supported.
New visualizations for utilization and quotas.
The Cisco N1K Router plugin’s additional features are available through a special additional dashboard when enabled and supported in Neutron.
Support for self-signed or other specified SSL certificate checking.
Glance image types are now configurable.
Sorting has been improved in many places through the dashboard.
API call efficiency optimizations.
Required fields in forms are now better indicated.
Session timeout can now be enabled to log out the user after a period of inactivity as a security feature.
Significant PEP8 and code quality compliance improvements.
Hundreds of bugfixes and minor user experience improvements.
Upgrade Information¶
Allowed Hosts¶
For production deployments of Horizon you must add the ALLOWED_HOSTS
setting to your local_settings.py
file. This setting
was added in Django 1.5 and is an important security feature. For more
information on it please consult the local_settings.py.example
file
or Django’s documentation.
Enabling Keystone and Neutron Features¶
If you have existing configurations for the OPENSTACK_KEYSTONE_BACKEND
or OPENSTACK_NEUTRON_NETWORK
settings, you will want to consult the
local_settings.example.py
file for information on the new options that
have been added. Existing configurations will continue to work, but may not
have the correct keys to enable some of the new features in Havana.
Known Issues and Limitations¶
Session Creation and Health Checks¶
If you use a health monitoring service that pings the home page combined with a database-backed session backend you may experience excessive session creation. This issue is slated to be fixed soon, but in the interim the recommended solution is to write a periodic job that deletes expired sessions from your session store on a regular basis.
Deleting large numbers of resources simultaneously¶
Using the “select all” checkbox to delete large numbers of resources at once can cause network timeouts (depending on configuration). This is due to the underlying APIs not supporting bulk-deletion natively, and consequently Horizon has to send requests to delete each resource individually behind the scenes.
Conflicting Security Group Names With Neutron¶
Whereas Nova Network uses only the name of a security group when specifying security groups at instance launch time, Neutron can accept either a name or a UUID. In order to support both, Horizon passes in the name of the selected security groups. However, due to some data-isolation issues in Neutron there is an issue that can arise if an admin user tries to specify a security group with the same name as another security group in a different project which they also have access to. Neutron will find multiple matches for the security group name and will fail to launch the instance. The current workaround is to treat security group names as unique for admin users.
Backwards Compatibility¶
The Havana Horizon release should be fully compatible with both Havana and Grizzly versions of the rest of the OpenStack integrated projects (Nova, Swift, etc.). New features in other OpenStack projects which did not exist in Grizzly will obviously only work in Horizon if the rest of the stack supports them as well.
Overall, great effort has been made to maintain compatibility for third-party developers who have built on Horizon so far.