53 new things to look for in OpenStack Mitaka
Virtually all projects reported performance improvements, of course, and both core and peripheral projects did add new features in the last development cycle. There are also a slew of new projects under the "OpenStack Big Tent", which makes it easier for projects related to the OpenStack ecosystem to become part of the "official" community.
Overall, the OpenStack Mitaka release has three general themes: an improved user experience, better manageability, and scalability. (There's also a focus on easing the way for developers, as well as "intent-based configuration", involving easier configuration for various use-cases.) In all there are hundreds of new features and changes, but here are 53 that are of most interest to end users.
(Our sincere thanks to all the project PTLs who helped us to narrow things down.)
- Live migration improvements: In addition to using a separate network for live migrations, Nova now makes it much easier to manage live migrations, with functionality in both the REST API and python-novaclient to handle the process. You also now have the ability to force or abort a migration, or check on its progress.
- Scheduling improvements: Nova includes a new scheduling filter which enables you to specify that workloads should be placed on the host with the most available disk space.
- Hybrid cloud support and scalability: OpenStack has had an on-again off-again relationship with Amazon Web Services EC2 support; in OpenStack Mitaka, it's on-again. This release includes a new ec2-api project to help facilitate bursting to public cloud when more resources are needed.
- Ease of use: Neutron new includes a "get me a network" function that simplifies what has traditionally been a difficult, error-prone, multi-step task. (Note that work is ongoing in Nova to take advantage of this functionality.)
- Integration with external DNS: This release includes several DNS support improvements, including integration with Designate or another custom DNS as a Service, the ability to assign floating IPs and ports a dns_name, and the ability to assign a dns_domain to a network. All of these capabilities make working with OpenStack networks more like working with traditional networking.
- BGP support: Neutron now supports the announcement of tenant subnets and floating IPs and uses centralized router gateway or a floating IP agent gateway ports (in the case of DVR) as a next-hop when using Border Gateway Protocol.
Cinder (Block storage)
- Google Cloud Storage support: Every cycle includes new Cinder drivers, and Mitaka's batch includes one that enables you to back up your volumes to Google Cloud Storage.
- Snapshot backups: And while we're on the subject of backups, you can now backup your snapshots in addition to your volumes.
- Easier snapshot management: Have you ever deleted a volume and found that you had a bunch of snapshots that didn't belong to anything? In the Mitaka release, you now have the ability to specify that the deletion of a volume should also include deleting any associated snapshots.
Glance (Image Service)
- Enhanced security: Glance now enables you to download images over HTTPS rather than HTTP, and to verify signatures on images so you know they haven't been tampered with.
- OFV Single Disk images: VirtualBox is a virtualization tool commonly used with OpenStack, so you'd think that it would be only natural for Glance to support VirtualBox images. With Mitaka, you're right, as OpenStack adds support for OFV single disk images.
- Better long operation support: In the past, Glance has sometimes had trouble with long-running operations as tokens expire. In Mitaka, Glance now uses trusts to prevent this problem.
Swift (Object Storage)
- Better ring rebalancing: Swift has a new ring rebalancing algorithm, which produces more balanced rings. It also performs better initial placement of objects while they're awaiting replication, and does more efficient capacity adjustments.
- Improved container sync: OpenStack Mitaka sees the implementation of a more efficient container sync routine, which means that objects are synchronized more quickly.
- Time based One Time Password (TOTP) support: Keystone now supports Time-based one time passwords, which are, not quite what they sound like; instead, it's support for two-factor authentication such as what you see using Google Authenticator.
- Implied roles: While Keystone has always had roles, implied roles are something that seems obvious but is new. Essentially, if a user is a member of a role that is itself a member of another role, Keystone will correctly divine that the user is a member of the second role. Keystone also supports domain-specific roles based on implied roles.
- Unified identity for multiple authentication sources: You can now separate user identities from their local-managed credentials; this is important in situations where you have federated users who may have identical usernames.
- Unified search: The big news in Horizon in the OpenStack Mitaka cycle is the Unified Search panel, which enables searches across Nova instances, Glance images and snapshots, Cinder volumes and snapshots, Neutron networks, ports, subnets, and routers, and Designate (DNS) Zones and recordsets. (Swift object search is also supported, but is experimental in this release.) Searches return results with custom actions that can be defined for each type of object.
OpenStackClient and SDKs
- New commands throughout OpenStack: the OpenStackClient project added support for managing a slew of new objects this cycle, including network ports, floating IPs, subnets and pools, and routers. It also added new comments for servers, such as server restore and host set
- New developer resources: Documentation and tutorials for multiple SDKs have been published by the OpenStack Foundation. You can find them at http://developer.openstack.org.
Murano (Application Catalog)
- Multi-Region Support: You can now create and deploy applications that include VMs that are running in multiple regions, providing better High Availability and, potentially, performance.
- Container support enhancements: In addition to the ability to directly deploy Kubernetes, you can now use the Magnum plugin to create or delete Magnum baymodels using Murano Programming Language (MuranoPL).
- Support for TOSCA apps: By integrating Murano with Cloudify, you can now manage TOSCA applications from within Murano.
- Better predictability: Murano now enables you to simulate execution of an application so that you can see what resources would be created and so on without actually deploying the application.
- Integration with OpenStackClient
- Support for multi-environments: You can pass multiple environment files to the server, and the server will create the required environments. (Previously they had to be merged together.)
- Convergence: The new Heat means of operating, which enables you to specify what you want to happen rather than how to make it happen, is now out of beta.
- Easier alarm rule-building: The Aodh component now includes support for composite rules, making it possible to more intuitively build out your alarm logic.
Fuel (Deployment and Life Cycle Management)
- Upgrade support: Fuel can now upgrade OpenStack components without Tenant downtime.
- Bare metal support: Fuel now supports Ironic, so you can add the ability to manage bare metal resources to your OpenStack Mitaka cloud.
- Networking improvements: Fuel has always included a comprehensive network configuration management capability, including the ability to test a network setup before proceeding with deployment. Now you also have the ability to configure Virtual IPs.
- NFV support: Fuel now supports OVS-DPDK and SR-IOV and QoS, as well as NUMA node topology and CPU pinning.
- Increased modularity: OpenStack-Ansible now has each role in its own repository, making it cleaner to manage.
- Additional services: The Mitaka release includes support for Neutron LBaaSv2 and FWaaS, and experimental support for Ironic, Designate, Zaqar, Magnum, and Barbican.
- Improvements in core services: Puppet OpenStack adds improvements to core services such as Keystone (Federation with Mellon support), Glance (support for multi-backend), and Neutron (IPv6 deployment support).
- New modules: New this release are puppet-mistral and puppet-zaqar.
- Refactoring and reorganization: Chef OpenStack has now been refactored into Templates, Attributes, and Libraries, and reorganized into core service cookbooks, such as openstack-compute, openstack-network, and so on.
Magnum (Containers as first-class citizens)
- Pluggable keystone mode: Magnum works with Keystone v3, but many operators are still on Keystone v2. Mitaka enables them to adapt Magnum to work with their version of Keystone.
- Trustee users: Magnum touches a lot of different parts of OpenStack; using a temporary "trustee user" enables it to manage X509 certificate objects as well as swift resources, and so on.
In addition to these updates, there were also a slew of updates to additional projects, some of which are themselves new for this release, including:
- Manila: The NFS as a Service project now provides the ability to migrate shares, as well as to specify export location metadata, which opens up the possibility of backends with different capabilities. This release also sees additional drivers for LVM, Ceph, and ZFS on Linux.
- Astara: This open source L3-L7 networking platform (which used to be called Akanda) new supports Bring Your Own Network Functions, as well as orchestration of clustered pairs of appliance VMs for HA Neutron routers.
- Tacker: This NFV orchestration project now provides support for TOSCA applications, as well as enhanced VNF placement, including Multi-Site VNF placement and host-passthru / host-model PCI pass through, NUMA awareness, vhost, SR-IOV, and so on.
- Freezer: This Backup, Restore, and Disaster Recovery service now provides new types of application-aware backup, including a pluggable backup mode abstraction layer and Oracle, Postgresql, Redis, and Elasticsearch database backup. You can also see the content of a backup and have Freezer do data deduplication to save resources.
- Mistral: The Taskflow as a Service project now provides a mechanism for sharing resources between tenants. It's also much easier to use, with a Docker image to quickly install it, as well as a plugin for OpenStackClient.
- Congress: The Governance Service project now provides a REST API that other services can call to push data to Congress, rather than having Congress continually pull.
- Rally: The Benchmarking as a Service project is now easier to use, in that you can now output results to multiple destinations, as well as generate a static task report for offline viewing. You can also benchmark workloads that have been launched with Heat, and tell Rally to continue testing after an expected failure.
- Senlin: The Clustering Service project now goes beyond just creating clusters of generic objects to managing them and making sure they stay healthy.
- Kuryr: This container networking project now includes full support for Docker and Docker Swarm, with support for Kubernetes in development.
- Kolla: The OpenStack on Containers project is now easier to use, with the ability to reconfigure an existing service and to use a custom repo. It's also more secure, with the ability to drop root privileges to the container's application PID/GID.
- Sahara: The Data Processing as a Service project includes support for Cloudera 5.5, as well as for the OpenStack Key Manager (Barbican). You can also schedule EDP jobs for sahara.
- Trove: The Database as a Service project added support for Cassandra clusters and PostgreSQL configuration groups. You can also add a volume_type when creating a new database instance.
- Barbican: The OpenStack Key Manager enables you to store secrets; now it also enables you to add metadata such as geolocation, rate, and allowed time-access. This is important because Barbican also enables you to check this metadata before allowing or disallowing access to the secret in question.
- Zaqar: The OpenStack Queueing service worked mostly on websockets this cycle, adding the ability to provide notifications over websocket, as well as websocket binary support.