Openstack Mitaka Webcast Slides

What's new in
OpenStack Mitaka
Lots of new projects, for one thing
www.mirantis.com
Copyright 2016 Mirantis, Inc. All rights reserved
A Few Introductions
Davanum Srinivas | Principal Software Engineer, Mirantis
Davanum Srinivas (a.k.a Dims) is Principal Software Engineer in the Mirantis Community Engineering team, working on
OpenStack Nova, Oslo and related projects. He previously worked on IBM PureApplication product as an Architect and lead
a team working on Web Services support in WebSphere. Dims has a long track record in open source projects including
Apache Cocoon, Axis2, Geronimo at the Apache Software foundation and he co-founded WSO2 based on the open source
business model.
Alexey Stupnikov | OpenStack Engineer, Mirantis

Alexey Stupnikov is an OpenStack Maintenance Engineer in the Fuel Engineering team at Mirantis. Previously he was a Systems &
Network Administrator at Megalabs, the R&D lab of the second largest mobile phone operator and the third largest telecom operator
in Russia; and Senior Network Engineer/Projects Team Lead at MTO, a mid-size systems integrator focused on mid-size enterprise and
large government customers.
Nick Chase | Head of Content, Mirantis

Nick is the Editor-in-Chief of OpenStack:Unlocked and Head of Content at Mirantis. With 20+ years' experience as a developer and
author, Nick has written several books and hundreds of articles as an IBM developerWorks Certified Master Author.
A Little Housekeeping
Please submit questions in the Questions

pane.
Well do our best to get to your question.
Agenda
Agenda
Compute
Networking
Storage
Other DefCore
Programmability
Orchestration
Deployment
Containers
Monitoring
Data
Infrastructure
Other Awesome Stuff
Q&A
Compute
training.mirantis.com
Nova
Services and associated libraries to provide massively scalable,
on-demand, self-service access to compute resources,
Including bare metal, virtual machines, and containers.
Nova - User Experience

Live Migration Improvements
Force/Abort/Progress of live migrations
Separate network for live migrations
REST API, python-novaclient
New Disk space scheduling filter
New simpler use_neutron option
Better Sample policy file for Nova API
Oslo.cache based configuration for memcached
Nova - Manageability
Simpler rolling upgrades
Automatic RPC version determination
New nova-manage Script for all online DB migrations
Support for libosinfo integration for injecting hardware
properties
New service.status notification for updates
Versioning for Notifications
Nova - Scalability
New Nova API Database
New ec2-api project for EC2 support
Networking
Neutron
OpenStack Networking Service
Neutron - User Experience

Timestamps, tags and descriptions are now available
changed-since query option
Networks can be filtered by tags
Protocol names instead of protocol numbers (option)

Get me a network
Nova is not ready at the moment
Number of networks used/total IPs

Neutron - Scalability
Retry failed ports bindings after L2 agent recovery
DVR-related improvements:
HA support for SNAT services on DVRs
Improve DVR's resiliency during VM live migration
Neutron - Manageability
Integration with external DNS
Integration with Designate or custom DNSaaS
Floating IPs and ports can have a dns_name
Networks can have a dns_domain
RBAC-based access to External nets & QoS policies
Neutron - Features
MTU-related improvements
end-to-end support for arbitrary MTUs
DHCP agent to provide a network MTU to instances
BGP support
announcement of tenant subnets and floating IPs
using centralized router gateway or floating IP agent gateway
(DVR case) ports as a next-hop
Neutron - Extensions
neutron-fwaas
Enable quotas for FWaaS
networking-bgpvpn
inter-connection between L3 VPNs and Neutron resources
Astara
An integrated network orchestration service (routing, firewall, load balancing,
VPN) for connecting and securing multi-tenant OpenStack environments.
Astara - New Features

Name change from Akanda to Astara
BYONF - Bring Your Own Network Functions
Operators associate drivers and image IDs to tenants
Supports dynamic user-provided network functions
In orchestrator.ini:
enable_byonf=TRUE
Orchestration of clustered pairs of appliance VMs for HA

Neutron routers
Variable MTU support
Astara - Changes
Dropped support for a number of legacy convenience
hooks
No longer requires external network and subnet ID to be
specified
No longer adds external gateway to a router
automatically
Tacker
Network Function Virtualization (NFV) Orchestration services
and libraries for end-to-end life-cycle management of
Network Services and Virtual Network Functions (VNFs).
Tacker
Support for Topology and Orchestration Specification for
Cloud Applications (TOSCA)
MultiSite VNF placement
Enhanced VNF placement (using Nova NFV smarts)
host-passthru / host-model PCI pass through, NUMA awareness,
vhost, SR-IOV, etc.
VNFD template enhancements

flavors, neutron-ports (pci/sr-iov), glance
Automatic resource creation

Dragonflow
A distributed control plane implementation of Neutron. Its mission is to
implement advanced networking services driven by the Neutron API and
running on a distributed control plane. It's designed to support containers
networking and large scale production loads.
Storage
Cinder
Services and libraries to provide on-demand, self-service access to
Block Storage resources via abstraction and automation
on top of other block storage devices.
Cinder
Rolling upgrades (technical preview)
Microversions
A new replication interface (2.1 replaces the original
version)
As with all cycles, Cinder also sees new drivers, including
a driver to enable backups to Google Cloud Storage.
XML API is deprecated
Cinder
Snapshot backups
Delete snapshots with a volume
cascade=True
RPC backward compatibility

Nested quotas off by default
quota_driver=cinder.quota.NestedDbQuotaDriver
Remove volumes in error states from consistency groups

Cinder
Ability to manage policy for volume type operations:
Add storage_type_admin role.
Add admin_or_storage_type_admin rule to policy.json, e.g.
"admin_or_storage_type_admin": "is_admin:True or role:

storage_type_admin",
Modify rule for types_manage and volume_type_access, e.g.
"volume_extension:types_manage":"rule:
admin_or_storage_type_admin","volume_extension:
volume_type_access:addProjectAccess":"rule:
admin_or_storage_type_admin","volume_extension:
volume_type_access:removeProjectAccess":"rule:
admin_or_storage_type_admin",
Glance
A service that allows users to upload and discover data assets
that are meant to be used with other services,
like images for Nova and templates for Heat.
Glance
Download from and upload to Cinder volumes

HTTPS support
Verify signatures on images
OFV Single Disk images
Common Interface Model (CIM) Namespace Metadata
Database purge Utility
Glance trusts
Swift
OpenStack Object Storage
Swift
New ring rebalancing algorithm
More balanced rings
Better initial placement
More efficient capacity adjustments
Multiple names for storage policies

Improved container sync
TempURL header restrictions exposed in /info
Manila
A set of services for management of shared file systems
in a multitenant cloud environment, similar to how OpenStack provides
for block-based storage management through the Cinder project.
Manila
Network plumbing
Admin network
Share migration
Export location metadata
Export backends may have particular capabilities
Additional drivers
lvm
Ceph
ZFS on Linux
Freezer
Integrated tools for backing up and restoring cloud data in
multiple use cases, including disaster recovery. These resources include
file systems, server instances, volumes, and databases.
Freezer
New types of application-aware backup:
Pluggable backup mode abstraction layer
Oracle, Postgresql, Redis, Elasticsearch Database backup
SSL connections
Pluggable storage backend abstraction layer
Consistency check after a restore
Data deduplication
Showing the content of a backup
Other DefCore
Keystone
Facilitates API client authentication, service discovery,
distributed multi-tenant authorization, and auditing.
Keystone - User Experience
Time based one time password (TOTP)

Google Authenticator!
Support for Implied Roles

Domain specific Roles based on Implied Roles
Tokenless client SSL x.509 certificate authentication and
authorization
Keystone - Manageability
Unified identity for multiple authentication sources

Separate user identities from their local-managed credentials
Shadow local and Federated users.
bootstrap command in keystone-manage

Reduces Security risk by removing need for admin_token
Better performance with LDAP by limiting users fetched
Keystone - Scalability
Improve List Role Assignments API Performance

Caching for catalog retrieval on a per user / project ID
Performance boost for Fernet based deployments
uwsgi is fully tested and supported
Horizon
An extensible unified web-based user interface
for all OpenStack services.
Horizon
Horizon search panel (plugin)
Unified search across:
Nova instances
Glance images, snapshots, metadefs
Cinder volumes, snapshots
Neutron networks, ports, subnets, routers
Designate (DNS) Zones, recordsets
Swift object search (Experimental)
CLI via OpenStack client plugin

Horizon
Horizon
https://www.youtube.com/watch?v=jr5iIs4zvbY
Programmability
OpenStackClient and SDKs

OpenStack clients are the native Python bindings for the OpenStack APIs and
are used to implement the command-line interfaces.
SDKs are a vital part of the OpenStack ecosystem that help developers write
applications for OpenStack and other clouds.

New port commands (create, list, set, delete, show)
server restore command.
ip floating create, delete, list, show supports
neutron
security group create/show uses Network v2, adds -project and --project-domain options to create
New subnet commands (create, pool create, pool set,
pool delete, pool list, pool show, set, list, show,
delete)

host set command
http://developer.openstack.org
Nova network now supports new network commands
(delete, list, show, create)
OSProfiler
--names argument for assignment list command outputs
names instead of IDs
Recursive container delete
Added router commands (create, delete, list, set,
show)
Murano
An application catalog service that enables users to compose and
deploy composite environments on an application abstraction level
while managing the application lifecycle.
Murano
Multi-Region Support
MuranoPL Language Improvements
YAQL 1.1, Metadata, Reflection, Static Methods
Simulation of execution in Murano

Support for TOSCA apps in Murano via Cloudify
Murano agent is now installable through cloud-init
Magnum plugin
Create/delete magnum baymodels and bays from MuranoPL
Community App Catalog

Builds and maintains the OpenStack Community App Catalog in order to benefit
all OpenStack clouds by giving users a central location from which to find and
retrieve applications and other OpenStack components that can be immediately
deployed into their OpenStack clouds, and by giving application developers a
highly visible place to share their work with the OpenStack community.
TOSCA assets
GLARE integration kickstart
Horizon plugin
App validation program
Mistral
A simple YAML-based language to write workflows (tasks and
transition rules) and a service that allows you to upload them, modify, run
them at scale and in a highly available manner, manage and monitor
workflow execution state and the state of individual tasks.
Mistral
Mechanism for sharing resources between tenants
Actions for using Swift, Barbican, Ceilometer, Mistral
(Mistral from Mistral)
Docker image to quickly install Mistral
Plugin for openstackclient
Python 3 support
Congress
Governance as a service across any collection of cloud
services in order to monitor, enforce, and audit policy over
dynamic infrastructure.
Congress
Push data via REST API call other services can call.
New architecture for distributing Congress across multiple
hosts to achieve high availability and high throughput.
(Not yet complete)
Rally
A framework for performance analysis and benchmarking of
individual OpenStack components as well as
full production OpenStack cloud deployments
Rally
Context api_versions
Call Scenario.add_ouput() method multiple times in
scenario.
New --html-static argument for rally task report
Support for workloads (launch via Heat, then benchmark)
xfail mechanism
Re-run failed tests.
DB schema versioning and migration
Orchestration
Heat
Orchestrating composite cloud applications using a declarative
template format through an OpenStack-native REST API.
Heat
Integration with openstack client

Senlin resources
LBaaS v2 resources
Support for multi environments
Mark resources "Unhealthy"
Also "Convergence" Phase 1 is 90 % ready
Senlin
Provides a generic clustering service for an OpenStack cloud, capable of
managing the homogeneous objects exposed by other OpenStack
components, such as Nova, Heat, Cinder, etc.
Senlin
Policy checks
Cluster health management
Initiative actions
Delete a node from any region/availability zone
Service status
Deployment
Fuel
Streamlining and accelerating the process of deploying, testing and
maintaining various configurations of OpenStack at scale.
Fuel - Features
Fuel is ready for LCM
Separate Fuel and Openstack
Optimized Fuels Tasks
Separate Fuel node provisioning
Fuel - Features
Performance improvements
Deployments optimization
Daemons resource control
OVS-DPDK is supported (NFV use case)
SR-IOV & QoS are now supported
NUMA node topology & CPU pinning
VIPs configuration
Ironic
An OpenStack service and associated libraries capable of managing and
provisioning physical machines in a security-aware and fault-tolerant manner.
Ironic
Manual cleaning
RAID support
Parallel tasks
TripleO
Tooling and infrastructure able to deploy OpenStack in production,
using OpenStack itself wherever possible.
TripleO
Upgrade Openstack components without Tenant
Downtime
Making the overcloud deployment use SSL (https)
IPv6 Support
OpenStack-Ansible
Deploying OpenStack from source in a way that makes it scalable
while also being simple to operate, upgrade, and grow.
OpenStack-Ansible
Increased modularity
Roles in their own repositories
Increased test coverage

Improved docs
Additional services:
Neutron LBaaSv2, FWaaS
Experimental: Ironic, Designate, Zaqar, Magnum, Barbican
Puppet OpenStack
Bringing scalable and reliable IT automation to OpenStack cloud deployments.
Puppet OpenStack
Identity:
Federation with Mellon support
Support for multiple LDAP backends
Usage of keystone-manage bootstrap
Neutron:
Support of LBaaSv2
More SDN integrations: OpenDayLight, PlugGrid, Midonet
Use modern parameters for Nova notifications
Puppet OpenStack
Nova:
Manage Nova API database
Nova cells support with host aggregates
Remove EC2 support
Glance:
Support multi-backend
Puppet OpenStack
Cinder:
Block Device backend
Allow to deploy Cinder API v3
General features:
IPv6 deployment support
CI continues to have more use-cases coverage (SSL, IPv6, more
services)
Puppet OpenStack
New modules:
puppet-mistral
puppet-zaqar
Ongoing for Newton:

puppet-octavia
puppet-ovn
Chef OpenStack
Automating the building, operation and consumption of
OpenStack cloud deployments.
Chef OpenStack
Cookbook refactoring (Templates, Attributes,
Libraries)
Core service cookbooks:
openstack-identity
openstack-compute
openstack-network
openstack-block-storage
openstack-image
Containers
Magnum
Makes container orchestration engines such as Docker and Kubernetes
available as first-class resources in OpenStack. It uses Heat to orchestrate an
OS image which contains Docker and Kubernetes and runs that image in
either VMs or bare metal in a cluster configuration.
Magnum
Magnum APIs Test coverage in Tempest Lib

Add functional testing for swarm cluster
Add functional testing for Mesos cluster
Pluggable keystone model
Create trustee user for each bay
Enhance API parameters validation
Extend baymodel attributes
Kuryr
Bridges between containers frameworks networking models to
OpenStack networking abstraction
Kuryr
Full support for
Docker
Docker Swarm
Support coming for

Kubernetes
Kolla
Provides production-ready containers and deployment tools
for operating OpenStack clouds
Kolla
Binary Ubuntu containers

Named volumes with Docker
Drop root privileges to the container's application PID/GID
Permit a reconfiguration of the services
Internal SSL support

Ability to use custom repos
Monitoring
Ceilometer
Reliably collects measurements of the utilization of the physical and virtual
resources comprising deployed clouds, persists these data for subsequent
retrieval and analysis, and triggers actions when defined criteria are met.
Ceilometer
Keystone v3 support
Aodh
support for composite alarm rules
ability to evaluate across multiple alarms with OR/AND
Ceilometer:
Batch messaging support
Custom instance discovery polling support (minimise nova load)
Gnocchi:
Timesplit aggregated time series storage with lz4 compression
Monasca
A multi-tenant, highly scalable, performant, fault-tolerant monitoring-as-aservice solution for metrics, complex event processing and logging. To build
an extensible platform for advanced monitoring services that can be used by
both operators and tenants to gain operational insight and visibility, ensuring
availability and stability.
Data
Sahara
A scalable data processing stack and associated management interfaces.
Sahara
sahara-api as WSGI application
sahara-wsgi-api
CDH 5.5.0 in CDH plugin

OpenStack Key Manager support
Scheduling EDP jobs for sahara
Trove
Scalable and reliable Cloud Database as a Service functionality for both
relational and non-relational database engines, and to continue to improve its
fully-featured and extensible open source framework.
Trove
Refactor datastore managers

PostgreSQL configuration groups
Add volume_type on create
Cassandra cluster support
Infrastructure
Oslo
A set of python libraries containing code shared by OpenStack projects. The
APIs provided by these libraries should be high quality, stable, consistent,
documented and generally applicable.
Oslo - New Libraries and Drivers

Libraries
oslo.privsep - alternative to oslo.rootwrap for better
managing privileges
Drivers
Support for ZMQ as messaging transport instead of RabbitMQ
New RabbitMQ driver using Pika python library
Kafka based Notification driver
New Features
Python3 Helpers for serialization / encoding
Support for Cross Origin Resource Sharing (CORS)
Support for Batched Notifications
Experimental message compression
Mutable options for updates without restarting a service
Improved automated documentation generation for project configuration

options
Improved standardization of context logging messages across deployers and

infra
Documentation
Documentation for core OpenStack projects to promote OpenStack.
Develop and maintain tools and processes to ensure quality, accurate
documentation. Treat documentation like OpenStack code.
Barbican
A secret storage and generation system capable of providing key management
for services wishing to enable encryption features.
Barbican
Support for user metadata to secrets
Geolocation
Rate
Allowed time-access
Etc
Can be checked to allow/disallow access
Zaqar
An OpenStack messaging service that affords a variety of distributed
application patterns in an efficient, scalable and highly-available manner, and
to create and maintain associated Python libraries and documentation.
Zaqar
Websocket binary support
More reserved attributes for queue
_max_messages_post_size
_default_message_ttl
Notification over websocket
Zaqar
Projects using Zaqar
Aodh: users can be notified of alarm notification
Mistral: users can execute Zaqar actions
Puppet Zaqar
Other Awesome Stuff

RefStack
A test result collection and reporting service to support
the DefCore interoperability testing process.
RefStack
Vendor registration at RefStack to link vendors to test data
Implemented option with subunit data format as input for
data upload
Associated test data to users instead of user keys
Associated specific DefCore Guideline and OpenStack
Target Program to a test result set
Removed RefStack dependency on Keystone client
Ability to perform tests that are not in Tempest but are
implemented as Tempest plugin
Thank You!
Q&A
Download the slides from:
http://bit.ly/openstack-mitaka_webcast
Well email you links to the slides and recording later this week.

Openstack Mitaka Webcast Slides

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Openstack Mitaka Webcast Slides

Uploaded by

Copyright:

Available Formats

What's new in

Alexey Stupnikov | OpenStack Engineer, Mirantis

Nick Chase | Head of Content, Mirantis

Please submit questions in the Questions

Copyright 2016 Mirantis, Inc. All rights reserved

Copyright 2016 Mirantis, Inc. All rights reserved

Nova - User Experience

Copyright 2016 Mirantis, Inc. All rights reserved

Copyright 2016 Mirantis, Inc. All rights reserved

Neutron - User Experience

Protocol names instead of protocol numbers (option)

Number of networks used/total IPs

Copyright 2016 Mirantis, Inc. All rights reserved

RBAC-based access to External nets & QoS policies

Copyright 2016 Mirantis, Inc. All rights reserved

Copyright 2016 Mirantis, Inc. All rights reserved

Copyright 2016 Mirantis, Inc. All rights reserved

Copyright 2016 Mirantis, Inc. All rights reserved

Astara - New Features

Orchestration of clustered pairs of appliance VMs for HA

Copyright 2016 Mirantis, Inc. All rights reserved

Copyright 2016 Mirantis, Inc. All rights reserved

VNFD template enhancements

Automatic resource creation

Copyright 2016 Mirantis, Inc. All rights reserved

RPC backward compatibility

Remove volumes in error states from consistency groups

"admin_or_storage_type_admin": "is_admin:True or role:

Modify rule for types_manage and volume_type_access, e.g.

Copyright 2016 Mirantis, Inc. All rights reserved

Download from and upload to Cinder volumes

Copyright 2016 Mirantis, Inc. All rights reserved

Multiple names for storage policies

Copyright 2016 Mirantis, Inc. All rights reserved

Copyright 2016 Mirantis, Inc. All rights reserved

Keystone - User Experience

Time based one time password (TOTP)

Support for Implied Roles

Copyright 2016 Mirantis, Inc. All rights reserved

Unified identity for multiple authentication sources

bootstrap command in keystone-manage

Better performance with LDAP by limiting users fetched

Copyright 2016 Mirantis, Inc. All rights reserved

Improve List Role Assignments API Performance

uwsgi is fully tested and supported

Copyright 2016 Mirantis, Inc. All rights reserved

Copyright 2016 Mirantis, Inc. All rights reserved

CLI via OpenStack client plugin

Copyright 2016 Mirantis, Inc. All rights reserved

OpenStackClient and SDKs

OpenStackClient and SDKs

OpenStackClient and SDKs

Simulation of execution in Murano

Community App Catalog

Community App Catalog

Copyright 2016 Mirantis, Inc. All rights reserved

Community App Catalog

Copyright 2016 Mirantis, Inc. All rights reserved

Copyright 2016 Mirantis, Inc. All rights reserved

Copyright 2016 Mirantis, Inc. All rights reserved

Copyright 2016 Mirantis, Inc. All rights reserved

Copyright 2016 Mirantis, Inc. All rights reserved

Integration with openstack client