What’s New in Liberty Rudy McComb Nick Chase
www.mirantis.com Copyright © 2015 Mirantis, Inc. All rights reserved
A little housekeeping ● Please submit questions in the Questions pane. ● We’ll provide a link where you can download the slides at the end of the webcast.
Copyright © 2015 Mirantis, Inc. All rights reserved
A few introductions Rudy McComb | Sr. OpenStack Operations Engineer Rudy has worked for companies such as Apple, Disney, The U.S. Senate, NBC News, Harbor Freight, and Royal Caribbean International. With them, he's worked across Systems Engineering, Apple Infrastructure, DevOps, Puppet, Chef, and of course, OpenStack.
Nick Chase | Sr. Technical Content Marketing Manager Nick is the Editor-in-Chief of OpenStack:Now and Senior Manager of Technical Content at Mirantis. With 20+ years' experience as a developer and author, Nick has written several books and hundreds of articles as an IBM developerWorks Certified Master Author.
Copyright © 2015 Mirantis, Inc. All rights reserved
Agenda
● ● ● ● ●
Overall themes Core services Governance "Big Tent" projects Q&A
Copyright © 2015 Mirantis, Inc. All rights reserved
The Big Picture The overarching themes
Copyright © 2015 Mirantis, Inc. All rights reserved
Direction for this release ● Manageability ● Scalability ● Extensibility
Copyright © 2015 Mirantis, Inc. All rights reserved
Core Services The projects you MUST have to "be" OpenStack
Copyright © 2015 Mirantis, Inc. All rights reserved
Nova OpenStack Compute: NFV and scheduling improvements
Copyright © 2015 Mirantis, Inc. All rights reserved
Network Functions Virtualization (NFV) ● NFV: Using software to replace expensive purpose-built equipment ● NFV improvements: Making OpenStack safe for telcos and other service providers ● OPNFV: Defining a reference architecture
Copyright © 2015 Mirantis, Inc. All rights reserved
Reliability and scheduler improvements ● Scheduler: Customizable schedulers ● Evacuations: More robust ● External HA tools: "mark host down"/"force down" API
Copyright © 2015 Mirantis, Inc. All rights reserved
Other additions ● Searching: IPv6 for non-admins ● Viewing: Admins can view all keys ● v2.1 API: Transparent to users
Copyright © 2015 Mirantis, Inc. All rights reserved
Neutron OpenStack Networking: Better control over security and bandwidth, IPv6
Copyright © 2015 Mirantis, Inc. All rights reserved
IP management ● IPv6: IPv6 prefix delegation, enabling automatic assignment of CIDRs to subnets
● IPAM: Pluggable IP address management is now available, enabling third-party IPAM. Copyright © 2015 Mirantis, Inc. All rights reserved
Security and availability ● Quality of Service: ● Bandwidth quotas at the port level ● QoS API
● Security: Role Based Access Control (RBAC) for networks ● LBaaS: ● The LBaaS reference implementation based on an operator-grade load balancer platform (Octavia) ● v2 API no longer experimental Copyright © 2015 Mirantis, Inc. All rights reserved
Deprecated in Liberty ● LBaaS v1 API: Removed; use v2 instead ● FWaaS API: "Marked experimental" -- will be replaced in Mitaka ● Plugins: ● Metaplugin removed ● IBM SDN-VE monolithic plugin removed ● Cisco N1kV monolithic plugin replaced by ML2 MechanismDriver
Copyright © 2015 Mirantis, Inc. All rights reserved
Cinder OpenStack Block Storage: More manageable, more reliable
Copyright © 2015 Mirantis, Inc. All rights reserved
Hierarchical projects ● Quotas: Quota enforcement in hierarchical projects { ProductionIT: { CMS : { Computing, Visualisation }, ATLAS: { Operations, Services } } }
Copyright © 2015 Mirantis, Inc. All rights reserved
Other improvements
● Caching: Caching of commonly used images ● Ease of use: Listing of capabilities for the backend ● Backups: Non-disruptive backups
Copyright © 2015 Mirantis, Inc. All rights reserved
Swift OpenStack Object Storage: Improved performance and operator capabilities
Copyright © 2015 Mirantis, Inc. All rights reserved
Improved performance ● Performance: ● Better performance on slow drives ● Removing latency spikes ● Limiting data movement during cluster management.
● Ring operations: ring-builder-analyzer for testing different ring operations quickly.
Copyright © 2015 Mirantis, Inc. All rights reserved
Easier management ● Bulk uploads: Includes "per object" metadata for exploding archives. ● Erasure coding: Significant fixes and improvements to erasure coding.
Copyright © 2015 Mirantis, Inc. All rights reserved
Glance OpenStack Image Service: Improved security
Copyright © 2015 Mirantis, Inc. All rights reserved
Glance improvements ● Image verification: Sign an image using your private key so that its integrity can be verified ● S3 proxy: Used from multiple networks with an S3 backend over an HTTP proxy.
Copyright © 2015 Mirantis, Inc. All rights reserved
Keystone OpenStack Identity Service: Easier Hybrid Cloud management
Copyright © 2015 Mirantis, Inc. All rights reserved
Hybrid clouds ● Much greater control over Identity Providers (IDP) ● Control WebSSO for individual IDP backends ● Distinguish between users from different clouds
Copyright © 2015 Mirantis, Inc. All rights reserved
Governance What can we tell you?
Copyright © 2015 Mirantis, Inc. All rights reserved
The big picture
Copyright © 2015 Mirantis, Inc. All rights reserved
"Big Tent" Services Lots of OpenStack goodness
Copyright © 2015 Mirantis, Inc. All rights reserved
Heat OpenStack Orchestration Service: Convergence
Copyright © 2015 Mirantis, Inc. All rights reserved
● Convergence: Based more on workflow and observation ● New resources: Keystone endpoints and services, as well as Barbican and Designate
Copyright © 2015 Mirantis, Inc. All rights reserved
Horizon OpenStack Dashboard: New views
Copyright © 2015 Mirantis, Inc. All rights reserved
Horizon
● Launching an instance: New launch instance dialog ● Managing networks: New network topology page ● Hybrid cloud management: Control IDP-specific WebSSO
Copyright © 2015 Mirantis, Inc. All rights reserved
Ceilometer OpenStack Telemetry: Easier alarm creation and real-time alarm triggers
Copyright © 2015 Mirantis, Inc. All rights reserved
Performance ● Aodh: New alarming service (original code) ● Real-time monitoring: Trigger an alarm based on incoming events in real time. ● Performance: Improved nova polling through resource metadata caching, and with asynchronous handling of new measures in Gnocchi.
Copyright © 2015 Mirantis, Inc. All rights reserved
Ease of use ● Ease of use: Most meters can now be created with a yaml file rather than python code ● Integration with other systems: ● Send metrics to the Gnocchi time series data storage system ● Visualize performance with Grafana
Copyright © 2015 Mirantis, Inc. All rights reserved
TripleO OpenStack on OpenStack: Additional drivers and operational enhancements
Copyright © 2015 Mirantis, Inc. All rights reserved
Cross-project ● Puppet implementation: puppet-tripleo ● Templates: ● Create template stacks as Heat environments ● Declarative model of the deployed cloud
● Other cross-project: ● Ironic ● Kolla
Copyright © 2015 Mirantis, Inc. All rights reserved
On-demand ● Network isolation ● Isolate by network type ● Created in undercloud openstack overcloud deploy -e /home/stack/network-environment.yaml \ -e /usr/share/openstack-tripleo-heat-templates/environments/network-isolation.yaml \ --templates --ntp-server pool.ntp.org --neutron-network-type vxlan \ --neutron-tunnel-types vxlan
● HA/Pacemaker ● Container deployment Copyright © 2015 Mirantis, Inc. All rights reserved
Trove OpenStack Database as a Service: New functionality for MariaDB, MongoDB, and Redis
Copyright © 2015 Mirantis, Inc. All rights reserved
Trove ● MariaDB: Support for MariaDB itself, rather than relying on MySQL drivers ● Clustering: Better clustering support through Percona integration ● Redis: Improved Redis backup and replication support ● MongoDB: Improved MongoDB replication support
Copyright © 2015 Mirantis, Inc. All rights reserved
Sahara OpenStack Data Processing: Drastically enhanced ease-of-use
Copyright © 2015 Mirantis, Inc. All rights reserved
Sahara ● Flexibility: Reuse data sources ● Efficiency: Share data sources between different tenants ● Increased support: ● MapR 5.0.0 ● Manila
● Convenience: Create multiple clusters simultaneously
Copyright © 2015 Mirantis, Inc. All rights reserved
Ironic What can we tell you?
Copyright © 2015 Mirantis, Inc. All rights reserved
● "enroll" state: Register hardware without making it immediately available to Nova. ● New drivers: ● OCS, UCS, Cisco IMC Drivers ● Wake-On-Lan Power Driver ● Add Virtual Media support to iRMC Driver ● Add BIOS config to DRAC Driver ● PXE drivers now support GRUB2
● CORS support: Browser-based requests Copyright © 2015 Mirantis, Inc. All rights reserved
New interfaces ● Boot: New boot interface for drivers ● RAID: Available, not yet in-tree
Copyright © 2015 Mirantis, Inc. All rights reserved
Deprecations and removals ● Deprecated ● bash ramdisk ● parallel option
● Removed ● Migrations from Nova "baremetal" ● admin_api policy rule ● vendor_passthru and driver_vendor_passthru
Copyright © 2015 Mirantis, Inc. All rights reserved
Community App Catalog Making application provisioning easier
Copyright © 2015 Mirantis, Inc. All rights reserved
Horizon plugin ● Added to Devstack ● Demo at https://www.youtube.com/watch?v=2UQ6xa6uDQY
Copyright © 2015 Mirantis, Inc. All rights reserved
Murano OpenStack Application Catalog: More control in creating/deploying applications
Copyright © 2015 Mirantis, Inc. All rights reserved
● Application versioning/update apps for devs ● Network selection and isolation for env and app deployment ● Infrastructure control: Glance Artifact Repository ● Heat templates and files can now be deployed.
Copyright © 2015 Mirantis, Inc. All rights reserved
Magnum OpenStack Containers as a Service: New support types, and high availability
Copyright © 2015 Mirantis, Inc. All rights reserved
Magnum Architecture
Copyright © 2015 Mirantis, Inc. All rights reserved
Mesos Bay Support Treat your Docker containers as one large computer.
Copyright © 2015 Mirantis, Inc. All rights reserved
● Mesos support as a bay type. ● Multi-master Kubernetes bay support for High Availability ● Kubernetes is now integrated with Neutron load balancers for greater scalability
Copyright © 2015 Mirantis, Inc. All rights reserved
Kolla Containerized OpenStack deployment: Easy deployment and upgrades
Copyright © 2015 Mirantis, Inc. All rights reserved
Copyright © 2015 Mirantis, Inc. All rights reserved
Copyright © 2015 Mirantis, Inc. All rights reserved
● Docker image building of ~90 different containers of OpenStack including CentOS, Red Hat, and Ubuntu ● Docker + Ansible deployment of : HAProxy, Keepalived, MariaDB + Galera, RabbitMQ, Glance, Nova,Neutron (LinuxBridge or OVS), Cinder (Ceph only) and more... ● Cloud operator may override any OpenStack configuration option
Copyright © 2015 Mirantis, Inc. All rights reserved
Congress OpenStack Policy as a Service: wider range of corrections available for policy violations
Copyright © 2015 Mirantis, Inc. All rights reserved
● Flexibility with manual reactive enforcement ● Users can write policy statements that I.D. policy violation and dictate API calls to be executed to correct that violation. ● Policies can correct violations using API calls for Ceilometer, Cinder, Glance and more ● Congress now provides a list of the API calls that policy writers can use to correct violations. Copyright © 2015 Mirantis, Inc. All rights reserved
Zaqar OpenStack Queue Service: Increased flexibility, security, and performance
Copyright © 2015 Mirantis, Inc. All rights reserved
Flexibility ● Pre-signed URLs GET /v2/queues/shared_queue/messages HTTP/1.1 Host: zaqar.example.com User-Agent: python/2.7 killer-rabbit/1.2 Date: Wed, 28 Nov 2012 21:14:19 GMT Accept: application/json Accept-Encoding: gzip URL-Signature: 518b51ea133c4facadae42c328d6b77b URL-Expires: 2015-05-31T19:00:17Z X-Project-Id: 7d2f63fd4dcc47528e9b1d08f989cc00 Client-ID: 30387f00-39a0-11e2-be4d-a8d15f34bae2
● Security: Role Based Access Control Copyright © 2015 Mirantis, Inc. All rights reserved
Efficiency ● Websocket transport ● Full duplex communication over a single channel
Copyright © 2015 Mirantis, Inc. All rights reserved
Barbican OpenStack Key Management: More control over security and quotas
Copyright © 2015 Mirantis, Inc. All rights reserved
● Security: Rotate the Master Key ● Administration: Quotas for the number of keys ● Convenience: Project-specific Certificate Authorities
Copyright © 2015 Mirantis, Inc. All rights reserved
Mistral OpenStack TaskFlow: More control
Copyright © 2015 Mirantis, Inc. All rights reserved
● Control ● Recover errored out running workflows ● Run individual actions through the API ● Expiration policy for workflow/task executions ● Configurable concurrency (with-items)
● Improved UI ● Monitor components with API
Copyright © 2015 Mirantis, Inc. All rights reserved
Rally OpenStack Benchmarking: Testing production clouds
Copyright © 2015 Mirantis, Inc. All rights reserved
● Efficiency: Create load with existing users ● Production: ● Stop load ● Read-only Keystone backends
● Control: Abort! ● Infrastructure: Framework and plugins split
Copyright © 2015 Mirantis, Inc. All rights reserved
DefCore/RefStack What is "core" anyway?
Copyright © 2015 Mirantis, Inc. All rights reserved
Defcore ● Specific capabilities that are needed
Copyright © 2015 Mirantis, Inc. All rights reserved
Refstack ● Send results for statistics ● Influence the direction of DefCore with Refstack ● http://refstack.net
Copyright © 2015 Mirantis, Inc. All rights reserved
Q&A What can we tell you?
Copyright © 2015 Mirantis, Inc. All rights reserved
Thank you Download the slides from: bit.ly/OpenStackLiberty A video will be posted next week.
Copyright © 2015 Mirantis, Inc. All rights reserved