Openstack Mitaka Webcast Slides

8/17/2019 Openstack Mitaka Webcast Slides

1/112


2/112

Copyright © 2016 Mirantis, Inc. All rights reserved

A Few Introductions

Davanum Srinivas | Principal Software Engineer, Mirantis

Davanum Srinivas (a.k.a Dims) is Principal Software Engineer in the Mirantis Community Engineering teOpenStack Nova, Oslo and related projects. He previously worked on IBM PureApplication product as ana team working on Web Services support in WebSphere. Dims has a long track record in open source projApache Cocoon, Axis2, Geronimo at the Apache Software foundation and he co-founded WSO2 based onbusiness model.

Alexey Stupnikov | OpenStack Engineer, Mirantis

Alexey Stupnikov is an OpenStack Maintenance Engineer in the Fuel Engineering team at MirantNetwork Administrator at Megalabs, the R&D lab of the second largest mobile phone operator andin Russia; and Senior Network Engineer/Projects Team Lead at MTO, a mid-size systems integratolarge government customers.

Nick Chase | Head of Content, Mirantis

Nick is the Editor-in-Chief of OpenStack:Unlocked and Head of Content at Mirantis. With 20+ ye

author, Nick has written several books and hundreds of articles as an IBM developerWorks Certifi


3/112


4/112


Agenda


5/112Copyright © 2016 Mirantis, Inc. All rights reserved

Agenda

● Compute● Networking● Storage● Other DefCore● Programmability● Orchestration

● Deployment● Containers● Monitoring● Data● Infrastructure● Other Awesome Stu

● Q&A



training.mirantis.com

Compute



Nova

Services and associated libraries to provide massively scalable,on-demand, self-service access to compute resources,Including bare metal, virtual machines, and containers.



Nova - User Experience

● Live Migration Improvements● Force/Abort/Progress of live migrations● Separate network for live migrations● REST API, python-novaclient

● New Disk space scheduling filter● New simpler use_neutron option● Better Sample policy file for Nova API● Oslo.cache based configuration for memcached



Nova - Manageability

● Simpler rolling upgrades● Automatic RPC version determination

● New nova-manage Script for all online DB migratio● Support for libosinfo integration for injecting hardw

properties● New service.status notification for updates● Versioning for Notifications


10/112


Nova - Scalability

● New Nova API Database● New ec2-api project for EC2 support


11/112



Networking


12/112


Neutron

OpenStack Networking Service


13/112


Neutron - User Experience

● Timestamps, tags and descriptions are now available● changed-since query option● Networks can be filtered by tags

● Protocol names instead of protocol numbers (option

● “Get me a network”● Nova is not ready at the moment

● Number of network’s used/total IPs


14/112


Neutron - Scalability

● Retry failed port’s bindings after L2 agent recovery● DVR-related improvements:

● HA support for SNAT services on DVRs● Improve DVR's resiliency during VM live migration


15/112


Neutron - Manageability

● Integration with external DNS● Integration with Designate or custom DNSaaS● Floating IPs and ports can have a dns_name● Networks can have a dns_domain

● RBAC-based access to External nets & QoS policie


16/112


Neutron - Features

● MTU-related improvements● end-to-end support for arbitrary MTUs● DHCP agent to provide a network MTU to instances

● BGP support

● announcement of tenant subnets and floating IPs● using centralized router gateway or floating IP agent gatew

(DVR case) ports as a next-hop


17/112


Neutron - Extensions

● neutron-fwaas● Enable quotas for FWaaS● networking-bgpvpn

● inter-connection between L3 VPNs and Neutron resources


18/112


Astara

An integrated network orchestration service (routing, firewall, load bala VPN) for connecting and securing multi-tenant OpenStack environm


19/112


Astara - New Features

● Name change from Akanda to Astara● BYONF - Bring Your Own Network Functions

● Operators associate drivers and image IDs to tenants● Supports dynamic user-provided network functions● In orchestrator.ini:

enable_byonf=TRUE

● Orchestration of clustered pairs of appliance VMs foNeutron routers

● Variable MTU support


20/112


Astara - Changes

● Dropped support for a number of legacy convenienchooks● No longer requires external network and subnet ID

specified

● No longer adds external gateway to a routerautomatically


21/112


Tacker

Network Function Virtualization (NFV) Orchestration service and libraries for end-to-end life-cycle management ofNetwork Services and Virtual Network Functions (VNFs).


22/112


Tacker

● Support for Topology and Orchestration SpecificatioCloud Applications (TOSCA)

● MultiSite VNF placement● Enhanced VNF placement (using Nova NFV smarts

● host-passthru / host-model PCI pass through, NUMA awvhost, SR-IOV, etc.

● VNFD template enhancements● flavors, neutron-ports (pci/sr-iov), glance

● Automatic resource creation


23/112


Dragonflow

A distributed control plane implementation of Neutron. Its mission implement advanced networking services driven by the Neutron AP

running on a distributed control plane. It's designed to support containetworking and large scale production loads.


24/112



Storage


25/112


Cinder

Services and libraries to provide on-demand, self-service access tBlock Storage resources via abstraction and automation

on top of other block storage devices.


26/112


27/112


Cinder

● Snapshot backups● Delete snapshots with a volumecascade=True

● RPC backward compatibility

● Nested quotas off by defaultquota_driver=cinder.quota.NestedDbQuotaDriver

● Remove volumes in error states from consistency gr


28/112


Cinder

● Ability to manage policy for volume type operation● Add storage_type_admin role.● Add admin_or_storage_type_admin rule to policy.json , e.g.● "admin_or_storage_type_admin": "is_admin:True or role:

storage_type_admin",

● Modify rule for types_manage and volume_type_access, e● "volume_extension:types_manage":"rule:admin_or_storage_type_admin","volume_extension:volume_type_access:addProjectAccess":"rule:admin_or_storage_type_admin","volume_extension:volume_type_access:removeProjectAccess":"rule:admin_or_storage_type_admin",


29/112


Glance

A service that allows users to upload and discover data assetsthat are meant to be used with other services,like images for Nova and templates for Heat.


30/112


Glance

●Download from and upload to Cinder volumes● HTTPS support

● Verify signatures on images● OFV Single Disk images

● Common Interface Model (CIM) Namespace Metad● Database purge Utility● Glance trusts


31/112


Swift

OpenStack Object Storage


32/112


Swift

● New ring rebalancing algorithm● More balanced rings● Better initial placement● More efficient capacity adjustments

● Multiple names for storage policies● Improved container sync● TempURL header restrictions exposed in /info


33/112


Manila

A set of services for management of shared file systems in a multitenant cloud environment, similar to how OpenStack prov

for block-based storage management through the Cinder projec

M il


34/112


Manila

● Network plumbing● Admin network

● Share migration● Export location metadata

● Export backends may have particular capabilities

● Additional drivers● lvm● Ceph● ZFS on Linux


35/112


Freezer

Integrated tools for backing up and restoring cloud data in multiple use cases, including disaster recovery. These resources inc

file systems, server instances, volumes, and databases.

F


36/112


Freezer

● New types of application-aware backup:● Pluggable backup mode abstraction layer● Oracle, Postgresql, Redis, Elasticsearch Database backup

● SSL connections

● Pluggable storage backend abstraction layer● Consistency check after a restore● Data deduplication● Showing the content of a backup


37/112



Other DefCore


38/112


Keystone

Facilitates API client authentication, service discovery,distributed multi-tenant authorization, and auditing.

Keystone User Experience


39/112


Keystone - User Experience

● Time based one time password (TOTP)● Google Authenticator!

● Support for Implied Roles● Domain specific Roles based on Implied Roles

● Tokenless client SSL x.509 certificate authenticatiauthorization

Keystone Manageability


40/112


Keystone - Manageability

● Unified identity for multiple authentication source● Separate user identities from their local-managed creden● Shadow local and Federated users.

● “bootstrap” command in keystone-manage

● Reduces Security risk by removing need for admin_toke● Better performance with LDAP by limiting users f

Keystone Scalability


41/112


Keystone - Scalability

● Improve List Role Assignments API Performance● Caching for catalog retrieval on a per user / projec

● Performance boost for Fernet based deployments

● uwsgi is fully tested and supported


42/112


Horizon

An extensible unified web-based user interfacefor all OpenStack services.

Horizon


43/112


Horizon

● Horizon search panel (plugin)● Unified search across:

● Nova instances● Glance images, snapshots, metadefs● Cinder volumes, snapshots

● Neutron networks, ports, subnets, routers● Designate (DNS) Zones, recordsets● Swift object search (Experimental)

● CLI via OpenStack client plugin

Horizon


44/112


Horizon

Horizon


45/112


Horizon

https://www.youtube.com/watch?v=jr5iIs4zvbY

https://www.youtube.com/watch?v=jr5iIs4zvbYhttp://www.youtube.com/watch?v=jr5iIs4zvbY


46/112


47/112


OpenStackClient and SDKs

OpenStack clients are the native Python bindings for the OpenStack APare used to implement the command-line interfaces.

SDKs are a vital part of the OpenStack ecosystem that help developersapplications for OpenStack and other clouds.



48/112



● New port commands ( create, list, set, delete, show● server restore command.● ip floating create, delete, list, show support

neutron● security group create / show uses Network v2, adds

project and --project-domain options to create● New subnet commands ( create, pool create, pool set,

pool delete, pool list, pool show, set, list, show,

delete )



49/112


p

● host set command http://developer.openst● Nova network now supports new network command

(delete, list, show, creat e)● OSProfiler● --names argument for assignment list command outp

names instead of IDs● Recursive container d elete● Added router commands ( create, delete, list, set,

show )

http://developer.openstack.org/http://developer.openstack.org/


50/112


Murano

An application catalog service that enables users to compose and deploy composite environments on an application abstraction lev

while managing the application lifecycle.

Murano


51/112


● Multi-Region Support● MuranoPL Language Improvements

● YAQL 1.1, Metadata, Reflection, Static Methods● Simulation of execution in Murano● Support for TOSCA apps in Murano via Cloudify● Murano agent is now installable through cloud-init● Magnum plugin

● Create/delete magnum baymodels and bays from MuranoP


52/112


Community App Catalog

Builds and maintains the OpenStack Community App Catalog in order toall OpenStack clouds by giving users a central location from which to fi

retrieve applications and other OpenStack components that can be immeddeployed into their OpenStack clouds, and by giving application develo

highly visible place to share their work with the OpenStack commun



53/112


y pp g



54/112


● TOSCA assets● GLARE integration kickstart● Horizon plugin● App validation program


55/112


56/112


57/112


58/112


59/112


Rally

A framework for performance analysis and benchmarking of individual OpenStack components as well asfull production OpenStack cloud deployments

Rally


60/112


● Context api_versions● Call Scenario.add_ouput() method multiple times i

scenario.● New --html-static argument for rally task report● Support for workloads (launch via Heat, then bench● xfail mechanism● Re-run failed tests.● DB schema versioning and migration


61/112



Orchestration


62/112


Heat

Orchestrating composite cloud applications using a declarativetemplate format through an OpenStack-native REST API.

Heat


63/112


● Integration with openstack client

● Senlin resources● LBaaS v2 resources● Support for multi environments● Mark resources "Unhealthy"● Also "Convergence" Phase 1 is 90 % ready


64/112


Senlin

Provides a generic clustering service for an OpenStack cloud, capablmanaging the homogeneous objects exposed by other OpenStack

components, such as Nova, Heat, Cinder, etc.

Senlin


65/112


● Policy checks

● Cluster health management● Initiative actions● Delete a node from any region/availability zone● Service status


66/112



Deployment


67/112


Fuel

Streamlining and accelerating the process of deploying, testing an

maintaining various configurations of OpenStack at scale.

Fuel - Features


68/112


● Fuel is ready for LCM

● Separate Fuel and Openstack

● Optimized Fuel’s Tasks

● Separate Fuel node provisioning

Fuel - Features


69/112


● Performance improvements

● Deployment’s optimization

● Daemon’s resource control

● OVS-DPDK is supported (NFV use case)

● SR-IOV & QoS are now supported● NUMA node topology & CPU pinning

● VIPs configuration


70/112

Ironic


71/112


● Manual cleaning

● RAID support

● Parallel tasks


72/112


TripleO

Tooling and infrastructure able to deploy OpenStack in productiousing OpenStack itself wherever possible.

TripleO


73/112


● Upgrade Openstack components without Tenant

Downtime● Making the overcloud deployment use SSL (https)● IPv6 Support


74/112


OpenStack-Ansible

Deploying OpenStack from source in a way that makes it scalablwhile also being simple to operate, upgrade, and grow.

OpenStack-Ansible


75/112


● Increased modularity

● Roles in their own repositories

● Increased test coverage

● Improved docs

● Additional services:● Neutron LBaaSv2, FWaaS

● Experimental: Ironic, Designate, Zaqar, Magnum, Barbica


76/112


Puppet OpenStack

Bringing scalable and reliable IT automation to OpenStack cloud deploym


77/112

Puppet OpenStack


78/112


● Nova:

● Manage Nova API database

● Nova cells support with host aggregates

● Remove EC2 support

● Glance:● Support multi-backend

Puppet OpenStack


79/112


● Cinder:

● Block Device backend

● Allow to deploy Cinder API v3

● General features:

● IPv6 deployment support● CI continues to have more use-cases coverage (SSL, IPv6

services)

Puppet OpenStack


80/112


● New modules:

● puppet-mistral

● puppet-zaqar

● Ongoing for Newton:

● puppet-octavia● puppet-ovn


81/112


Chef OpenStack

Automating the building, operation and consumption ofOpenStack cloud deployments.

Chef OpenStack


82/112


● Cookbook refactoring (Templates, Attributes,

Libraries)● Core service cookbooks:

● openstack-identity

● openstack-compute

● openstack-network● openstack-block-storage

● openstack-image


83/112



Containers


84/112


Magnum

Makes container orchestration engines such as Docker and Kuberneavailable as first-class resources in OpenStack. It uses Heat to orchestr

OS image which contains Docker and Kubernetes and runs that imageither VMs or bare metal in a cluster configuration.

Magnum


85/112


● Magnum APIs Test coverage in Tempest Lib

● Add functional testing for swarm cluster● Add functional testing for Mesos cluster● Pluggable keystone model● Create trustee user for each bay

● Enhance API parameters validation● Extend baymodel attributes


86/112


Kuryr

Bridges between containers frameworks networking models toOpenStack networking abstraction


87/112


88/112


Kolla

Provides production-ready containers and deployment toolsfor operating OpenStack clouds

Kolla


89/112


● Binary Ubuntu containers

● Named volumes with Docker● Drop root privileges to the container's application PID/G● Permit a reconfiguration of the services

● Internal SSL support● Ability to use custom repos


90/112


91/112


Ceilometer

Reliably collects measurements of the utilization of the physical and vresources comprising deployed clouds, persists these data for subsequretrieval and analysis, and triggers actions when defined criteria are m

Ceilometer


92/112


● Keystone v3 support

● Aodh● support for composite alarm rules● ability to evaluate across multiple alarms with OR/AND

● Ceilometer:

● Batch messaging support● Custom instance discovery polling support (minimise nov

● Gnocchi:● Timesplit aggregated time series storage with lz4 compres


93/112


Monasca

A multi-tenant, highly scalable, performant, fault-tolerant monitoring-service solution for metrics, complex event processing and logging. Toan extensible platform for advanced monitoring services that can be usboth operators and tenants to gain operational insight and visibility, ens

availability and stability.


94/112



Data


95/112


Sahara

A scalable data processing stack and associated management interfa

Sahara


96/112


● sahara-api as WSGI applicationsahara-wsgi-api

● CDH 5.5.0 in CDH plugin● OpenStack Key Manager support● Scheduling EDP jobs for sahara


97/112

Trove


98/112


● Refactor datastore managers

● PostgreSQL configuration groups● Add volume_type on create● Cassandra cluster support


99/112



Infrastructure


100/112

Oslo - New Libraries and Drivers


101/112


● Libraries

● oslo.privsep - alternative to oslo.rootwrap for bettermanaging privileges

● Drivers● Support for ZMQ as messaging transport instead of Rabbi

● New RabbitMQ driver using Pika python library● Kafka based Notification driver

New Features


102/112


● Python3 Helpers for serialization / encoding● Support for Cross Origin Resource Sharing (CORS)● Support for Batched Notifications● Experimental message compression● Mutable options for updates without restarting a service● Improved automated documentation generation for project configura

options● Improved standardization of context logging messages across deploy

infra


103/112


Documentation

Documentation for core OpenStack projects to promote OpenStacDevelop and maintain tools and processes to ensure quality, accura

documentation. Treat documentation like OpenStack code.


104/112


Barbican

A secret storage and generation system capable of providing key managfor services wishing to enable encryption features.

Barbican


105/112


● Support for user metadata to secrets

● Geolocation● Rate

● Allowed time-access

● Etc

● Can be checked to allow/disallow access


106/112


Zaqar

An OpenStack messaging service that affords a variety of distributapplication patterns in an efficient, scalable and highly-available manneto create and maintain associated Python libraries and documentatio

Zaqar


107/112


● Websocket binary support

● More reserved attributes for queue● _max_messages_post_size

● _default_message_ttl

● Notification over websocket

Zaqar


108/112


● Projects using Zaqar

● Aodh: users can be notified of alarm notification● Mistral: users can execute Zaqar actions

● Puppet Zaqar


109/112



Other Awesome Stuff


110/112


RefStack

A test result collection and reporting service to supportthe DefCore interoperability testing process.

RefStack

● Vendor registration at RefStack to link vendors to tes


111/112


● Vendor registration at RefStack to link vendors to tes● Implemented option with subunit data format as inpu

data upload● Associated test data to users instead of user keys● Associated specific DefCore Guideline and OpenStac

Target Program to a test result set● Removed RefStack dependency on Keystone client● Ability to perform tests that are not in Tempest but ar

implemented as Tempest plugin


112/112

Documents

Openstack Mitaka Webcast Slides