Today we released a new version of Mirantis Cloud Platform (MCP). Before we dive into the greatness of the new release, let me remind everyone of our journey with our private cloud product and how we got to the MCP of today.
We called it Mirantis OpenStack. It was great for people to download and install on a small cluster, but customers deploying bigger environments all had complicated infrastructure constraints where this monolithic product didn’t fit. So two years ago we introduced a different product architecture that looks like this:
We called it Mirantis Cloud Platform. Our larger customers liked it because it was much more flexible and easier to fit into their infrastructure constraints and workload requirements. The downside was the steep learning curve to get started…. In fact, two years ago it was impossible to get started without hiring our professional services team. Today, you can do it with some dedication and a deployment guide.
With every release we’ve added new features and more “enterprise grade-ness” to MCP, and this release is no different. What’s different is our renewed emphasis on ease of getting started. The latest MCP is still not where MOS used to be in this department, but we are making progress so really a short update on that: One of the big concepts behind MCP is this notion of the cluster model – a uniform set of configs spanning the entire stack – including hardware configs for NICs and RAID, OS config, the actual list of services deployed and their configuration, etc. Today, deploying MCP requires producing a cluster model that captures all of those parameters using Cookiecutter template engine…..
Until recently, this model was voodoo magic largely inaccessible to public. With the new release, people can actually access the model (which admittedly is still a pretty complex collection of files). Based on the feedback we’ve been collecting from users, we’ve been working a tool called Model Designer, which is a much simpler way to create cluster models. For now, we’re using Model Designer to create tuned stacks, configurations targeted for specific use cases. We will be releasing Model Designer to public shortly, but for now we can tease you with a screenshot:
Now, an update on what’s new on “enterprise grade-ness” front.
We’ll start with DriveTrain.
DriveTrain is the part of MCP responsible for managing the lifecycle (update, patch etc.) of all platform components. Based on Git, Gerrit, Jenkins and Cookiecutter cluster templating model, it provides both prebuilt pipelines for common tasks and the ability to add new pipelines of your own. In this release, updates to DriveTrain include:
- Easier Updates: DriveTrain now includes additional component health checks before and after updating to verify success of the update process.
- Offline mirror VM management with Salt: For security purposes, it’s usually better not to simply pull your packages from the Internet, but rather to have a well-defined set of artifacts. MCP now enables you to use offline mirrors for this purpose. This capability also eliminates the need to be online during deployment, which can be handy for sensitive systems.
- Cloud verification pipelines: MCP includes Cloud Verification Pipelines that include multiple kinds of tests, including function, performance, and HA testing.
Of course the heart of Mirantis Cloud Platform is OpenStack and Kubernetes, both of which have been upgraded, with additional improvements:
- The OpenStack component of MCP includes numerous backported fixes for the Ocata and Pike releases, disabling password injection on Nova compute nodes, and protecting libvirtd with TLS.
- Integrated services now include auditd (for system auditing) and rsyslog (for logging services running on compute nodes).
- The default version of Kubernetes has been changed to 1.10, up from 1.8. Also included is a dedicated Jenkins pipeline for easy upgrades of existing Kubernetes clusters.
- The Virtlet plugin, which enables Kubernetes to run virtual machines as if the were normal Kubernetes pods, now has improved the SR-IOV support and improved diagnostics.
- Calico-based Kubernetes clusters using standard routing protocols can now take advantage of the MetalLB Kubernetes add-on, providing a network load balancer for bare metal nodes.
- This release also includes experimental support for Kubernetes 1.10 with OpenContrail 4.0, providing different isolation modes for virtual machines, pods, and bare metal workloads.
MCP enables you to build clouds of hundreds or thousands of nodes, which means significant operational challenges. To combat those challenges, the first thing you need is an able Logging, Monitoring, and Alerting system. For MCP, that means Stacklight. Stacklight has been both streamlined and enhanced in this release, including:
Stacklight has been enhanced with additional capabilities, but it’s also been streamlined to help your operations run more smoothly. Changes include:
- Stacklight optimization and stabilization: Alerts, dashboard, and storage requirements have all been rationalized; unnecessary alerts have been removed, definitions have been improved, and layouts have been cleaned up and unified.
- Extended coverage of the StackLight monitoring framework: MCP now supports monitoring of OpenContrail 4, as well as additional services, such as ssh, cron, and others.
- Integrated Alerta with Stacklight (improved alerts operational insight): Alerta receives the alerts from Alertmanager, then combines, deduplicates, and represents them through the web UI. You can then manage the received alerts, including filtering and viewing those that are most recent.
- Long term reporting: Grafana now uses LTS Prometheus to persist data, enabling you to see long term data — by default, 180 days worth.
- Gainsight integration: It’s now possible to integrate StackLight LMA with Gainsight, a customer support/success tool and extension for Salesforce.
You probably don’t need me to tell you how important security is for your cloud architecture. Mirantis Cloud Platform includes new security improvements, including:
- Audit system integration: Based on the pre-configured rules, the audit system creates log entries that record system calls, enabling you to see violations of system security policies and adjust the set of audit rules to prevent further misuse or unauthorized activities.
- Tunable SSL configuration: Both Apache and Nginx now have much more powerful configuration options, with additional parameters available for customization.
- TLS encryption and authentication for libvirtd: Just as SSL certificates protect browser connections, you can use TLS to prevent your cloud workloads from being compromised by requiring an appropriate TLS certificate for a user to be able to connect to libvirtd.
- Security warning on logon to the MCP VCP nodes and Horizon: MCP now displays a disclaimer on SSH and interactive logon to the MCP VCP nodes and logon to Horizon configured with the Mirantis Horizon theme. The disclaimer states that an unauthorized access to or misuse of a computer system is prohibited under the Computer Misuse Act 1990. While the disclaimer doesn’t actually stop anyone from logging in, the act makes it an offense to access or even attempt to access a computer system without the appropriate authorization, so attackers can be prosecuted even for unsuccessful attacks.
As you might imagine, networking is a particularly important part of your cloud infrastructure, and MCP includes improvements there, as well, including:
- OpenContrail 4.0: The OpenContrail controller and analytics modules are delivered as containers to reduce the complexity of the OpenContrail deployment. OpenContrail 4.0 is integrated with OpenStack Pike and is provided as an experimental capability for Kubernetes. OpenContrail can be upgraded from 3.2 to 4.0 using DriveTrain.
- Neutron + OVS: Starting with OpenStack Pike, MCP now includes support for the L2 Gateway service, the Networking OpenDaylight driver, and the BGP VPN service. You can also configure any number of physical networks with their respective MTUs and VLAN ranges.
- VNF Onboarding: DriveTrain provides pipelines to onboard and verify installations of AVI LoadBalancer services and Metaswitch vSBC. Both Enterprise and Community versions of Cloudify are available in DriveTrain for VNF onboarding, and a new VNF testing SDK improves the user experience for adding new VNFs and certification tests.
Of course, the best way to understand a product is to actually see it in action. On September 6, Shaun O’Meara be giving a webinar explaining many of these features, and we’d love to see you there. Sign up here, and we’ll see you then!