Another autumn, another OpenStack release. OpenStack’s 12th release, Liberty, is due on October 15, and release candidates are already being made available. But what can we expect from the last six months of development?
Even as recently as a couple of years ago, each new release heralded massive changes and new functionality, but now that OpenStack has reached the point where most of its necessary features are already in place, changes are generally more incremental — with the exception of occasional bursts, such as the current focus on containers.
That’s not to say that containers are where all the fun has been for the last six months, of course. There have also been new developments in terms of hybrid cloud and security, and of course most projects have worked on improvements to upgradability, performance, and stability, in addition to new features.
We checked in with the project PTLs and here’s a quick overview of some of the most important changes and additions.
Nova: NFV and large scale deployments
- NFV: While it would seem natural that Network Functions Virtualization comes under networking, and thus Neutron, in fact, much of the work involves Nova. “OPNFV is an effort to produce reference implementations and a testing platform for NFV on all open source software,” Jay Pipes, Director of Engineering at Mirantis, told Enterprise Networking Planet. “OpenStack is the infrastructure layer (NFVi) of the larger NFV architecture, which includes the virtual network functions themselves, higher level orchestration systems, and operational and business support systems.”
- Cells management: Cells enable the deployment of larger OpenStack clouds by providing a way to group together resources to be managed more easily. Administrators can now partition existing resources into cells and the system will know where to find them.
Neutron: Better control over security and bandwidth, easier moves to IPv6
- IPv6: Now that North America is officially out of IPv4 addresses, IPv6 is even more important. Neutron now does IPv6 prefix delegation, enabling automatic assignment of CIDRs to submits and making setting up a network much easier.
- Quality of Service: Administrators can now control bandwidth by assigning quotas not just to projects, but to individual VMs.
- Security: Administrators can now control who has access to specific networks using Role Based Access Control (RBAC).
- LBaaS: The LBaaS reference implementation is now based on an operator-grade load balancer platform (Octavia) and is no longer experimental.
- IPAM: Pluggable IP address management is now available, enabling third-party IPAM.
Cinder: Better control over operations and additional information about capabilities
- Quotas: Support for quota enforcement in hierarchical projects
- Caching: Commonly used images can now be cached, improving performance as large images will no longer need to be pulled over the network and enabling faster creation of volumes from these images.
- Ease of use: The Cinder client can now request a list of capabilities the backend provides, keeping users from requesting unsupported actions.
Glance: Better security through image signing and verification
- Image verification: Glance now enables users to sign an image using their private key so that its integrity can be verified to be sure no malicious code has been inserted.
- S3 proxy: Glance can now be used from multiple networks with an S3 backend over an HTTP proxy.
Swift: Improved performance and operator capabilities
- Performance: Better performance when there are slow drives, as well as removing latency spikes and limiting data movement during cluster management.
- Ring operations: Operators can now use ring-builder-analyzer to test out different ring operations quickly.
- Bulk uploads: Users can now set “per object” metadata for exploding archives.
- Erasure coding: Users can count on significant fixes and improvements to erasure coding.
Keystone: Easier hybrid cloud management
- Hybrid clouds: Multi-cloud federation requires much greater control over Identity Providers (IDP). Liberty makes it possible to control WebSSO for individual IDP backends.
- More hybrid clouds: Distinguish between users who come from different clouds but have the same username.
Horizon: Easier instance launching
- Launching an instance: Liberty includes a new launch instance dialog. (You can turn it on and off using a configuration setting.)
- Managing networks: It’s easier to see what’s going on with a new network topology page.
- Hybrid cloud management: Control IDP-specific WebSSO from Horizon.
- Convergence: Heat is transitioning to a new model that the developers hope will result in a better experience for users. Liberty includes a good deal of implementation of the “convergence” architecture, which is based more on workflow and observation.
- New resources: Heat can now control Keystone endpoints and services, as well as Barbican and Designate.
Magnum: New support types, and high availability
- Mesos support: Magnum now supports Mesos as a bay type.
- High availability: Multi-master Kubernetes bay support means you can now get highly available Kubernetes by using Magnum and setting the master count to some value greater than 1.
- Scalability: Kubernetes is now integrated with Neutron load balancers.
Kolla: Containers and easy deployment
- Choices: Docker image building of ~90 containers of OpenStack from CentOS, Fedora, Oracle Linux, Red Hat Enterprise Linux, and Ubuntu container base images using RDO, RHOS, or Source.
- Deployment: Ansible deployment of a large chunk of those containers on bare metal with full high availability using three or more control nodes, up to one hundred compute nodes, up to ten storage nodes, and one network node.
- Services: Docker + Ansible deployment of the following services: HAProxy, Keepalived, MariaDB + Galera, RabbitMQ, memcached, Keystone, Glance, Nova, Neutron (LinuxBridge or OVS), Heat, Cinder (Ceph only) and Swift.
- Configuration: An opinionated deployment tool out of the box, unless the operator has opinions, in which case the operator may override any OpenStack configuration option.
Murano: More control when creating and deploying applications to an OpenStack cloud.
- Developer control: Murano now enables application versioning, so apps can be updated.
- User control: Users can now select the network to be used for the environment and application being deployed.
- Resource control: Environments can now be abandoned if necessary.
- Infrastructure control: Murano now uses the Glance Artifact Repository as its backend.
- Orchestration control: Heat templates and files can now be deployed.
Ceilometer: Better cluster control through easier alarm creation and real-time alarm triggers.
- Real-time monitoring: You can now trigger an alarm based on incoming events in real time.
- Performance: Improved nova polling through resource metadata caching, and with asynchronous handling of new measures in Gnocchi.
- Ease of use: Most meters can now be created with a yaml file rather than python code.
- Integration with other systems: Ceilometer can now send metrics to the Gnocchi time series data storage system, which can also be used to visualize performance with Grafana.
Trove: Improved support with new functionality for MariaDB, MongoDB, and Redis
- MariaDB: Support for MariaDB itself, rather than relying on MySQL drivers.
- Clustering: Better clustering support through Percona integration.
- Redis: Improved Redis backup and replication support.
Sahara: Drastically enhanced ease of use
- Flexibility: Reuse data sources by passing different parameters in the data source URLs.
- Efficiency: Share data sources between different tenants so that you don’t have to duplicate large datasets.
- Increased support: Support for MapR 5.0.0, as well as using Manila as a data source.
- Convenience: Create multiple clusters simultaneously.
Zaqar: Increased flexibility, security, and performance
- Flexibility: Zaqar now supports pre-signed URLs, so it’s possible to give an unauthenticated user or service access to a particular queue without having to give them access to the system as a whole.
- Security: The API is now secured using Role Based Access Control, enabling you to decide exactly who has access to what.
- Efficiency: Zaqar now supports Websocket transport, enabling full duplex communication over a single channel.
Barbican: More control over security and quotas
- Security: You can now rotate the Master Key used to encrypt project-level keys, so you can use a new Master Key to replace an old key should it be compromised.
- Administration: If you need more control over the number of secrets a project — or even a specific user — can upload, Barbican now includes this type of quota support.
- Convenience: Project administrators can now create project-specific Certificate Authorities, and then users can then issue self-signed x.509 certificates from their project’s CA.
Congress: Much wider range of corrections available for policy violations.
- Flexibility: With manual reactive enforcement, users write policy statements that both identify a policy violation and dictate which API call should be executed to correct that violation. In Liberty policies can correct violations using API calls for Ceilometer, Cinder, Glance, Heat, Ironic, Keystone, Murano, Neutron, Nova, and Swift. In addition, Congress now provides a list of the API calls that policy writers can use to correct violations.
In addition to these projects, which (mostly) are part of the managed release, many other projects will have releases at the same time, including:
Community App Catalog: Horizon plugin
Manila: Better scheduling and reliability
Mistral: API improvements, recovery from errors
Ironic: Additional drivers and operational enhancements
Rally: Ability to benchmark production systems
Refstack: Ability to submit your test results to help determine the direction of OpenStack compatibility