Note de release pour Mitaka¶
0.2.1¶
Prelude¶
The initial mitaka release (0.2) did not support ElasticSearch 2.x. ElasticSearch made several changes to internal index data mappings that were not backwards compatible with ElasticSearch 1.x. This release has all the changes required for Searchlight to support both ElasticSearch 1.x and 2.x.
Searchlight now supports oslo pools instead of requiring a different topic for each listener. This simplifies deployment configuration. Previously, services would have to be specifically configured to send notifications to the Searchlight topic. With this change, Searchlight can share topics with other services such as Ceilometer.
Notes de mises à jours¶
To support ElasticSearch 1.x and 2.x, several internal data mappings have been updated. If you previously deployed Searchlight, you will need to reindex your resource data using
searchlight-manage index sync
. You may re-index everything or limit it toOS::Nova::Server
,OS::Glance::Image
,OS::Glance::Metadef
,OS::Cinder:Volume
, andOS::Cinder::Snapshot
.
To start using a pool with a shared topic instead of separate topics:
Update the respective service configuration files for searchlight enabled plugins to only publish to a single topic (e.g. set
notification_topics = notifications
). If you have Ceilometer enabled, this must be the same topic which Ceilometer uses. You also typically must restart each service for the change to take effect. For example, innova.conf
,glance-api.conf
,cinder.conf
,neutron.conf
, anddesignate.conf
:
notification_topics = notifications
Update
searchlight.conf
. In the[resource_plugin]
section, setnotifications_topic
to match the shared topic that you set in the service configurations. In the[listener]
sections, setnotifications_pool
to your desired pool name. The default name starting in Newton issearchlight
. Thenotifications_pool
does not have to match anything from other services configuration files. For example:
[resource_plugin] notifications_topic = notifications [listener] notifications_pool = searchlight
Corrections de bugs¶
Bug 1570213 Apply query to highlight query
Bug 1532010 Ensure consistency in mapping field types
Bug 1570674 Fix unicode error when booting instance from volume
Bug 1570199 Fix inconsistent mapping in image plugin
Bug 1568709 Remove port.create.end handler from nova
Bug 1565015 Add volume.retype event
Bug 1583215 Correct Cinder exchange value
Bug 1583215 Enable notification messaging pools
0.2.0¶
Prelude¶
Adds cinder plugins for volumes and snapshots.
Added separation of administrator-only data at an index level, which allows full faceting and searching of sensitive data by those with access to it.
In order to allow policy files to more be useful in Searchlight, we now support limited control over individual resource types via oslo policy control.
Remove the “index” API. It is currently a passthrough to elasticsearch, allowing direct index access and bypassing any document transforms. As such it is dangerous, and only marginally useful. Administrators wishing to do this should do so directly in Elasticsearch.
Swift plugin for searchlight
Ability added to reindex data while allowing indexing of notifications, and therefore returning accurate search results during the indexing operation.
A fix for a couple of parent-child plugin relationship issues related to initial indexing. Child plugins can no longer be indexed separately from their parents.
Config options for searchlight-api and searchlight-listener are grouped under config groups [api] and [listener].
The default config file for searchlight was searchlight-api.conf despite the fact that this config file was used by both the API and the listener processes. Therefore, we decided to rename the default config file to searchlight.conf. This change also prompted us to to follow the convention used by many other projects and simplify searchlight-api-paste.ini to api-paste.ini.
Nouvelles fonctionnalités¶
Cinder plugins for volumes and snapshots.
Plugins with sensitive, administrator-only data are indexed twice; once with that data and once without. Searches are directed to the appropriate version depending on the context of the user.
Adds neutron plugins for networks, subnets, ports and routers.
Policy rules can now be specified per resource type and per operation per resource type.
Removes the /index api and related tests. If an admin needs to directly modify data in Elasticsearch they should do so in Elasticsearch.
Three resource types are introduced for swift plugin. OS::Swift:Account ->OS::Swift::Container –>OS::Swift::Object
Reindexing of data now takes place in a separate Elasticsearch index. During indexing, incoming events are processed into both the old and new indices. Once indexing is complete, an Elasticsearch alias is used to switch searches seamlessly onto the new index, at which time the old one is removed.
Plugin configuration refers to resource_group_name rather than index_name to represent groups of resources separate from the logical Elasticsearch index. This setting is used to determine index and alias names.
Problèmes connus¶
Backups cannot currently be implemented because the cinder API does not provide enough information for RBAC. They will be added when that is resolved.
Neutron resources do not provide dates (created_at or updated_at). created_at is left empty; updated_at is taken from the server (and will be adjusted to use the notification timestamp at a later time)
RBAC is still separate from policy restriction; this is targeted for the Newton release.
The Swift service currently doesn’t send notifications. Follow the swift plugin documentation for current solutions.
Reindexing must now take place across all resource types that share the index (it is not possible to re-index a specific resource type). This is a limitation that Elasticsearch 2.x would likely have forced upon us anyway. A subsequent patch will allow more efficient reindexing for associated resource types.
Notes de mises à jours¶
Options “bind_host”, “bind_port”, “backlog”, “tcp_keepidle”, “ca_file”, “cert_file”, “key_file”, “workers”, “max_header_line”, “public_endpoint”, and “http_keepalive” are moved to [api] group. Options “listener_workers” is renamed to “workers” and moved to [listener] group. Options “host” and “http_timeout” are removed since they are not currently used anywhere.
During an upgrade to Mitaka, operators must rename the previous configured searchlight-api.conf to searchlight.conf and searchlight-api-paste.ini to api-paste.ini.
Problèmes de sécurités¶
Removes the admin-only “/index” api, which allowed an unnecessary amount of access to Elasticsearch.
Corrections de bugs¶
Child plugins cannot be indexed on their own, only as a result of indexing their parent. This fixes an issue whereby indexing only a parent plugin could leave orphaned children (or vice versa).
Applies mappings for parent/child plugins simultaneously. Under elasticsearch 2.x, child mappings must be created at the same time or before parents, not the other way round.
The workers for listener was always 1, so config listener_workers was not work as expected. Now operators can set “workers” under group [listener] to running multiple listener processes.