This week we’re expecting the 16th release of OpenStack, code-named Pike so we thought we’d give you our traditional 53 things to look for in advance of our What’s New in OpenStack Pike webinar, which is scheduled for September 7.
OpenStack Compute Service (Nova)
- Cells v2 multi-cell deployment: The default deployment is a single cell, but you can now create multi-cell deployments using the Cells v2 API — though with limitations with multiple cells. Cells v1 is now deprecated.
- Reworking of the Nova quota system to count resources at the point of creation: If the requested resources aren’t available, you’ll get an error; you don’t need to do anything to take advantage of this change.
- More efficiently use resources with the PCIWeigher weigher: PCI devices are specialized hardware, so you want to make sure that only workloads that need them occupy those hosts. Use the [filter_scheduler] pci_weight_multiplier configuration option to prevent non-PCI workloads from being scheduled to those hosts.
- Nodes can remove themselves from service if they’re not functioning properly using the [compute]/consecutive_build_service_disable_threshold configuration option.
- Keep your instances from using all of the physical CPUs on your host by using the reserved_host_cpus to reserve some for the hypervisor.
- The Placement API can now look at qualitative “traits” of various resources to better serve requests.
OpenStack Networking Service (Neutron)
Neutron PTL Kevin Benton tells us we should look for:
- “Support for zero-downtime upgrades from Ocata (a.k.a. rolling upgrades)
- haproxy is now used instead of the neutron namespace proxy agent for reduced memory usage on the server running the metadata proxy
- Improvements to stability/performance
- Improved stability of the OVS openflow-based firewall
- Initial support for Python3
- Improved communications pattern between server and L2 agents to reduce the Neutron server load
- Conditional compare-and-swap updates in the Neutron HTTP API to give clients race-safe ways to update resources
- DHCP agent support for subnets on other segments of a routed network
- QoS Improvements
- Support for bandwidth limit rules in the QoS extension to set bandwidth rate limits
- Bidirectional bandwidth limit QoS rules in the OVS and Linux Bridge drivers
- Egress bandwidth limit QoS rules for SR-IOV
- A new API to retrieve supported QoS rule types by the loaded drivers
- DVR Improvements
- Support for partially distributed routing for limited availability external networks
- Fix for DVR to work with floating IPs associated with unbound ports used in VRRP scenarios
- DVR fast exit routing via the compute node for packets that don’t need network address translation
- Support for quota usage amounts in quota API
- Support for individual DNS domains set per Neutron port
- Support for per-network MTU overrides
- Support for user-defined tags on all standard Neutron resources”
OpenStack Block Storage Service (Cinder)
Cinder PTL Sean McGinnis tells us:
- “We added a “revert to snapshot” feature that allows users to switch a volume’s data back to the point in time of the last snapshot.
- Under certain conditions, we now support extending a volume that is in-use. This was previously only allowed if a volume was not attached to an instance. But Pike Cinder with Pike Nova using the libvirt driver can now extend a volume in use and reflect that change to the running instance.
- We’ve added a backend_default config section. Prior to this, if you had a setting you would like to apply to all storage backends you needed to set that config option in each backend’s config section. This allows setting “default” for backends that can be overridden in the backend specific config, but otherwise will take the configured default.
- Added volume group replication support. Prior to this, an admin could configure an entire backend to be replicated. With this option, users are able to define a group of volumes based on their own needs (all volumes that are part of an application, only DB volumes, etc) and have that group of volumes replicated to a secondary backend. Only a handful of drivers support this so far, but now that it is available we expect more backends to support it in coming releases.”
OpenStack Image Service (Glance)
- Avoid exposing the Tasks API to end users by using the new tasks_api_access policy to enable Glance to use ordinary user credentials to manage the tasks that accomplish the interoperable image import process.
OpenStack Orchestration Service (Heat)
- Heat PTL Rico Lin tells us that the project has added new resources, including:
- Neutron Trunk resource support (OS::Neutron::Trunk)
- Support new Magnum Cluster and Cluster Template resources (OS::Magnum::Cluster and OS::Magnum::ClusterTemplate)
- Custom resource type managed by Mistral workflows (OS::Mistral::ExternalResource)
- Add Zun Container resources (OS::Zun::Container)
- He also talks about the ability to use the get_reality function when updating: “You can use a `converge` flag in update API request and that update action will actually pull resources from services(like nova server, cinder volume) and update against reality. For example, I create a instance with flavor m1.samll, and some one update it through nova API and resize that instance to use m1.large, with `converge` flag, it will detect that instance flavor has been changed and will trigger update against flavor and change it back to m1.small.”
OpenStack Dashboard Service (Horizon)
- Just as we’ve had the ability to configure OpenStack clients by downloading openrc files from Horizon, Pike now gives us the ability to download a clouds.yaml file for os-client-config.
- Create and delete ports in your networks using the project network details table. (As an operator, you can turn this on and off using policies.)
- You can now specify “any” IP protocol and “any” port number when adding a security group rule.
- You can now see which security groups apply to which Neutron ports.
OpenStack Identity Service (Keystone)
Keystone PTL Lance Bragstad tells us that “the following are some highlights of what we accomplished:
- Registering default policies in code – this makes maintenance of policy files easier for operators, especially if they use mostly defaults
- Enhanced security for passwords stored in SQL – the SQL identity backend has been updated to support more secure password hashing mechanisms that are more inline with industry standards”
OpenStack Object Storage Service (Swift)
Swift PTL John Dickinson let us know that these are “some of the major new features in Pike for Swift:
- Support for globally-distributed erasure codes. This is made up of
- Replicated erasure code fragments
- Composite rings for more explicit data placement
- Per-policy config options
Global erasure codes are implemented by replicating the erasure-coded fragments of an object. This “EC replication” allows each independent region to function even if the cross-region network is down, and it allows for failures in one region to use the remote region to recover.
In order to implement global erasure codes, we first had to support “composite rings”. A composite ring is a data placement ring that is made up of two or more “normal” rings. The component rings are built independently, using distinct devices in distinct regions. Building the composite rings in this way allows dispersion of replicas or fragments in a more explicit way (e.g. you can specify 4x replication with 2x in each region or you can specify 10+4 EC replicated across 2 regions).
- We also added the ability to override proxy config options on a per-policy basis. This allows, for example, the ability to set read affinity for only some storage policies.”
OpenStack Telemetry Service (Ceilometer)
Telemetry PTL Julien Danjou tells us to look for the following additions to Ceilometer:
- “Add support for Manila
- Add support for SDN controllers”
OpenStack DNS as a Service (Designate)
- Designate now enables you to schedule across pools.
OpenStack Bare Metal Provisioning Program (Ironic)
Ironic PTL Dmitry Tantsur tells us to look for:
- “Booting from Cinder volumes
- Physical network awareness
- Rolling upgrades”
OpenStack File Service (Manila)
- You can now set quotas per share type, as well as for the number of share groups and share group snapshots.
- Shares backed by CephFS can now use the NFS protocol.
- Manila has also added additional specs and support for IPv4 and IPv6 support, including validation of IPv6-based addresses and the ability to know whether IPv4 or IPv6 are supported in a driver.
OpenStack Containers Project (Magnum)
- By default, Kubernetes clusters now Include the kubernetes dashboard.
- Magnum now includes a monitoring stack based on cAdvisor, node-exporter, Prometheus and Grafana, but it must be enabled.
- You can now restrict the access of Magnum’s trustID so that it doesn’t have unrestricted access to every service in your OpenStack project.
OpenStack Application Catalog Project (Murano)
Murano PTL Felipe Monteiro says that “some important things to look out for are:
- Policy in code to fulfill: https://review.openstack.org/#/c/469954/
- Murano environments can now select which volume/volume snapshots they want as an attachment”
OpenStack Big Data as a Service (Sahara)
Sahara PTL Telles Nobrega says that
- “The major feature that we brought this cycle was the introduction of a new image generation and validation system. We still rely on disk image builder for most images, but we started with CDH on Pike. This system allows the user to create images using libguestfs and not rely on DIB anymore.”
OpenStack Policy as a Service (Congress)
Congress PTL Eric K tells us that “A focus for Congress Pike has been usability, especially for someone getting started. Here are some of the things to look forward to in the Pike release.
- Policy library
An integrated library of useful policies for an administrator to customize and activate, allowing an administrator to quickly get value out of Congress even before learning how to author policy.
- Monitoring panel
A monitoring panel that summarizes at a glance the number and seriousness of policy violations in a stack and offers drill-down into more details.”
OpenStack on OpenStack (TripleO)
TripleO PTL Emilien Macchi tells us to look for the following:
- “The major work done in Pike cycle is the containerization of services deployed by TripleO.
- We’re also supporting the upgrade from an Ocata baremetal deployment to a containerized Pike deployment, driven by Ansible tasks.
- After composable roles in the previous releases, TripleO now supports Composable networks, so operators have full control on network configuration for their custom roles.”
OpenStack Workflow Service (Mistral)
Mistral PTL Renat Akhmerov says to look for:
- “Finished the first version of Actions API (mistral-lib repo)
- More advanced publishing of workflow variables (different scopes, more flexible etc.)
- Mistral OpenStack actions can now run in different regions Mistral actions can now run in the engine (no need in external executors)”