With a shortened development cycle, you’d think we’d have trouble finding 53 new features of interest in OpenStack Ocata, but with so many projects (more than 60!) under the Big Tent, we actually had a little bit of trouble narrowing things down. We did a live webinar talking about 157 new features, but here’s our standard 53. (Thanks to the PTLs who helped us out with weeding it down from the full release notes!)
Nova (OpenStack Compute Service)
- VM placement changes: The Nova filter scheduler will now use the Placement API to filter compute nodes based on CPU/RAM/Disk capacity.
- High availability: Nova now uses Cells v2 for all deployments; currently implemented as single cells, the next release, Pike, will support multi-cell clouds.
- Neutron is now the default networking option.
- Upgrade capabilities: Use the new ‘nova-status upgrade check’ CLI command to see what’s required to upgrade to Ocata.
Keystone (OpenStack Identity Service)
- Per-user Multi-Factor-Auth rules (MFA rules): You can now specify multiple forms of authentication before Keystone will issue a token. For example, some users might just need a password, while others might have to provide a time-based one time password and an additional form of authentication.
- Auto-provisioning for federated identity: When a user logs into a federated system, Keystone will dynamically create that user a role; previously, the user had to log into that system independently, which was confusing to users.
- Validate an expired token: Finally, no more failures due to long-running operations such as uploading a snapshot. Each project can specify whether it will accept expired tokens, and just HOW expired those tokens can be.
Swift (OpenStack Object Storage)
- Improved compatibility: Byteorder information is now included in Ring files to support machines with different endianness.
- More flexibility: You can now configure the base of the URL base for static web. You can also set the “filename” parameter in TempURLs and validate those TempURLs against a common prefix.
- More data: If you’re dealing with large objects, you can now use multi-range GETs and HTTP 416 responses.
Cinder (OpenStack Block Storage)
- Active/Active HA: Cinder can now run in Active/Active clustered mode, preventing concurrent operation conflicts. Cinder will also handle mid-processing service failures better than in past releases.
- New attach/detach APIs: If you’ve been confused about how to attach and detach volumes to and from VMs, you’re not alone. The Ocata release saw the Cinder team refactor these APIs in preparation for adding the ability to attach a single volume to multiple VMs, expected in an upcoming release.
Glance (OpenStack Image Service)
- Image visibility: Users can now create “community” images, making them available for everyone else to use. You can also specify an image as “shared” to specify that only certain users have access.
Neutron (OpenStack Networking Service)
- Support for Routed Provider Networks in Neutron: You can now use the NOVA GRP (Generic Resource Pools) API to publish networks in IPv4 inventory. Also, the Nova scheduler uses this inventory as a hint to place instances based on IPv4 address availability in routed network segments.
- Resource tag mechanism: You can now create tags for subnet, port, subnet pool and router resources, making it possible to do things like map different networks in different OpenStack clouds in one logical network or tag provider networks (i.e. High-speed, High-Bandwidth, Dial-Up).
Heat (OpenStack Orchestration Service)
- Notification and application workflow: Use the new OS::Zaqar::Notification to subscribe to Zaqar queues for notifications, or the OS::Zaqar::MistralTrigger for just Mistral notifications.
Horizon (OpenStack Dashboard)
- Easier profiling and debugging: The new Profiler Panel uses the os-profiler library to provide profiling of requests through Horizon to the OpenStack APIs so you can see what’s going on inside your cloud.
- Easier Federation configuration: If Keystone is configured with Keystone to Keystone (K2K) federation and has service providers, you can now choose Keystone providers from a dropdown menu.
- Better instance discovery: Ceilometer now uses libvirt directly by default, rather than nova-api.
- Dynamically resample measures through a new API.
- New collectd plugin: Store metrics generated by collectd.
- Store data on Amazon S3 with new storage driver.
Dragonflow (Distributed SDN Controller)
- Better support for modern networking: Dragonflow now supports IPv6 and distributed sNAT.
- Live migration: Dragonflow now supports live migration of VMs.
Kuryr (Container Networking)
- Neutron support: Neutron networking is now available to containers running inside a VM. For example, you can now assign one Neutron port per container.
- More flexibility with driver-based support: Kuryr-libnetwork now allows you to choose between ipvlan, macvlan or Neutron vlan trunk ports or even create your own driver. Also, Kuryr-kubernetes has support for ovs hybrid, ovs native and Dragonflow.
- Container Networking Interface (CNI): You can now use the Kubernetes CNI with Kuryr-kubernetes.
- More platforms: The controller now handles Pods on bare metal, handles Pods in VMs by providing them Neutron subports, and provides services with LBaaSv2.
Vitrage (Root Cause Analysis Service)
- A new collectd datasource: Use this fast system statistics collection deamon, with plugins that collect different metrics. From Ifat Afek: “We tested the DPDK plugin, that can trigger alarms such as interface failure or noisy neighbors. Based on these alarms, Vitrage can deduce the existence of problems in the host, instances and applications, and provide the RCA (Root Cause Analysis) for these problems.”
- New “post event” API: Use This general-purpose API allows easy integration of new monitors into Vitrage.
- Multi Tenancy support: A user will only see alarms and resources which belong to that user’s tenant.
Ironic (Bare Metal Service)
- Easier, more powerful management: A revamp of how drivers are composed, “dynamic drivers” enable users to select a “hardware type” for a machine rather than working through a matrix of hardware types. Users can independently change the deploy method, console manager, RAID management, power control interface and so on. Ocata also brings the ability to do soft power off and soft reboot, and to send non-maskable interrupts through both ironic and nova’s API.
TripleO (Deployment Service)
- Easier per-service upgrades: Perform step-by-step tasks as batched/rolling upgrades or in parallel. All roles, including custom roles, can be upgraded this way.
- Composable High-Availability architecture: Services managed by Pacemaker such as galera, redis, VIPs, haproxy, cinder-volume, rabbitmq, cinder-backup, and manila-share can now be deployed in multiple clusters, making it possible to scale-out the number of nodes running these services.
OpenStackAnsible (Ansible Playbooks and Roles for Deployment)
- Additional support: OpenStack-Ansible now supports CentOS 7, as well as integration with Ceph.
Puppet OpenStack (Puppet Modules for Deployment)
- New modules and functionality: The Ocata release includes new modules for puppet-ec2api, puppet-octavia, puppet-panko and puppet-watcher. Also, existing modules support configuring the [DEFAULT]/transport_url configuration option. This changes makes it possible to support AMQP providers other than rabbitmq, such as zeromq.
Barbican (Key Manager Service)
- Testing: Barbican now includes a new Tempest test framework.
Congress (Governance Service)
- Network address operations: The policy language has been enhanced to enable users to specify network network policy use cases.
- Quick start: Congress now includes a default policy library so that it’s useful out of the box.
- Completion of Logging-as-a-Service: Kibana support and integration is now complete, enabling you to push/publish logs to the Monasca Log API, and the logs are authenticated and authorized using Keystone and stored scoped to a tenant/project, so users can only see information from their own logs.
- Container support: Monasca now supports monitoring of Docker containers, and is adding support for the Prometheus monitoring solution. Upcoming releases will also see auto-discovery and monitoring of applications launched in a Kubernetes cluster.
Trove (Database as a Service)
- Multi-region deployments: Database clusters can now be deployed across multiple OpenStack regions.
Mistral (Taskflow as a Service)
- Multi-node mode: You can now deploy the Mistral engine in multi-node mode, providing the ability to scale out.
Rally (Benchmarking as a Service)
- Expanded verification options: Whereas previous versions enabled you to use only Tempest to verify your cluster, the newest version of Rally enables you to use other forms of verification, which means that Rally can actually be used for the non-OpenStack portions of your application and infrastructure. (You can find the full release notes here.)
Zaqar (Message Service)
- Storage replication: You can now use Swift as a storage option, providing built-in replication capabilities.
Octavia (Load Balancer Service)
- More flexibility for Load Balancer as a Service: You may now use neutron host-routes and custom MTU configurations when configuring LBaasS.
Solum (Platform as a Service)
- Responsive deployment: You may now configure deployments based on Github triggers, which means that you can implement CI/CD by specifying that your application should redeploy when there are changes.
Tricircle (Networking Automation Across Neutron Service)
- DVR support in local Neutron: The East-West and North-South bridging network have been combined into North-South a bridging network, making it possible to support DVR in local Neutron.
Kolla (Container Based Deployment)
- Dynamic volume provisioning: Kolla-Kubernetes by default uses Ceph for stateful storage, and with Kubernetes 1.5, support was added for Ceph and dynamic volume provisioning as requested by claims made against the API server.
Freezer (Backup, Restore, and Disaster Recovery Service)
- Block incremental backups: Ocata now includes the Rsync engine, enabling these incremental backups.
Senlin (Clustering Service)
- Generic Event/Notification support: In addition to its usual capability of logging events to a database, Senlin now enables you to add the sending of events to a message queue and to a log file, enabling dynamic monitoring.
Watcher (Infrastructure Optimization Service)
- Multiple-backend support: Watcher now supports metrics collection from multiple backends.
Cloudkitty (Rating Service)
- Easier management: CloudKitty now includes a Horizon wizard and hints on the CLI to determine the available metrics. Also, Cloudkitty is now part of the unified OpenStack client.