OpenNebula 3.2 RC 1 (3.1.90)

December 23th, 2011. Two days before Christmas the OpenNebula team was able to get all the green lights in the Christmas tree as well as in the Jenkins console. A good number of bug fixes has been packed with the OpenNebula 3.2 Release Candidate (RC). This release does not include any new features, but the team (the unlucky part of it) is working this Christmas to get in shape a couple of new additional components to the OpenNebula distribution…

Note that VMware drivers are not fully integrated yet in the release. Data Centers using VMware are advised not to update to this version.

Merry Christmas and cloudy new year!

What's New in OpenNebula 3.1.90

In the following list you can check the highlights of 3.2 by component, a detailed list of changes can be found here:

OpenNebula Core

Most of the changes in the new release have been done in the OpenNebula core (oned) and libraries to support the following new features:

  • Security and User management, is one of the pillars of the next release. In particular several potential threats have been secured, and the efficiency of the system has been improved:
    • Users now have a pre-defined driver (set by the admin). One of the issues found is that there are potential security holes if the user is able to choose its own driver through its ONE_AUTH file.
    • Cloud services now uses an special authentication mechanism, using special server users.A server user account is granted to authenticate on-behalf of other users. Two mechanism are provided for this: cipher that uses symmetric cryptography, and x509 certificates.
    • Notion of public users, that are restricted to public cloud APIs (e.g. EC2 or OCCI)
    • Restricted attributes in VM Templates: DISK/SOURCE, CONTEXT/FILES, NIC/MAC and NIC/VLAN_ID. These attributes can be easily used to gain oneadmin access or to comprise VMs of any user.
    • Authentication Token caching. As some of the drivers may take some time to authenticate a request (e.g. LDAP), session token can no be cached by OpenNebula.
  • Images and Virtual Networks by name, by popular request we've brought back these feature. When two resources share the same name, the UID or name of the owner of the resource can be used (defaults to “me”) to select one of them.
  • Metadata for Users, Images and Virtual Networks, you can update, and tag these resources with arbitrary metadata, that can be later used by other components.
  • Contextualize a VM with User data, now you can easily inject user metadata (e.g. an SSH key) in a VM through the CONTEXT section.
  • Image Type can be changed, either after creating a VM or when saving_as it.
  • Improved Network Management, The network operations are now coupled with the VM life-cycle. This simplifies the management of networking (no hooks are needed), and solves previous issues with VLANs when migrating and restoring VMs. The network drivers define three actions (pre-boot, post-boot and clean) that can be easily customized if needed. Default installation comes with 8021.Q, OpenvSwtich and ebtables VLAN drivers. Also the firewalling functionlity has been embedded in the new networking driver.
  • Flexible Network definition. Networks can be now defined with an arbitrary range including an starting and ending IP, network and network mask or CIDR notation. It is possible also to define a network and a starting IP to lease addresses.
  • New Lease Operations. Network leases can now be put on hold to reserve them. This comes in handy when there are some IPs within the VLAN already assigned (e.g. .1 to the gateway). When a lease is put on hold OpenNebula will not use it for a VM, til it is released.

SunStone

We've further improved the usability of SunStone, and extend it to catch up with OpenNebula core's new features. Also some of the dialogs has been simplified and polished. The dependencies with third party libraries has been also updated to the latest versions.

OpenNebula Zones and VDCs

OpenNebula Zones is rapidly gaining popularity, and there are a couple of new features result of the feedback we've received:

  • ZONA, the ZONes Api, This Ruby API will let you build your own customizations on top of the Zones/VDC component.
  • Improved dialogs for the web gui of the component.
  • Improved security for storing zone passwords

OpenNebula OCCI

The OCCI API has been extended to include:

  • VM types, can now be defined in the server configuration file and tagged with arbitrary information, like size, QoS parameters or price. These types can be programatically queried through the API.
  • Network templates, to support the new VLAN features in OpenNebula the OCCI networks can now be defined through a template, as for Virtual Machines.

Migrating from OpenNebula 3.0

OpenNebula 3.2 is API compatible with OpenNebula 3.0, so you should expect that applications, and drivers developed for 3.0 to work with this release, with the exception of custom authentication drivers. A detailed upgrade process upgrade can be found in the documentation.

For a complete set of changes to migrate from a 3.0 installation please refer to the Compatibility Guide. You should also read this document if you are an OpenNebula 3.0 user.

Known Issues and Pending Features

There are a couple of known issues and limitations in 3.0, you can check the development portal to find out what you should expect from OpenNebula 3.2

Getting the Software

OpenNebula is released under the Apache 2.0 open source license. The complete source tree and binary packages for OpenNebula can be downloaded here.

Please report any bug or send feedback at the development portal or at the mailing list.

Documentation

The documentation of OpenNebula 3.2 can be found here. The documents are in a development state so watch out, and do not hesitate to ask in the mailing list.

About OpenNebula

More information about the project can be found at the project web page. You may be also interested in checking the OpenNebula Ecosystem that includes many interesting projects contributed by the community to enhance or add new features to OpenNebula.