Shulou(Shulou.com)06/03 Report--

Just now, the 19th version of OpenStack has arrived, with 28 features interpreted in detail!

The OpenStack Stein version introduces new multi-cloud orchestration capabilities, as well as enhancements to help implement edge computing use cases.

OpenStack consists of a series of interrelated projects that can be combined in different combinations to achieve a complete cloud deployment. In the OpenStack Stein milestone, there are several projects that integrate new features and enhancements, as well as new projects that benefit cloud operators. The new project includes OpenStack Placement services that enable operators to track cloud inventory more effectively. The Heat orchestration project in the Stein release benefits from supporting new workload deployments across multiple OpenStack clouds. "OpenStack Stein has made considerable improvements in stability, performance, and availability," Canonical product manager Marcin Bednarz told eWEEK. "this demonstrates the maturity of OpenStack and how it has evolved to address new application scenarios, such as Heat stack orchestration across multiple OpenStack clouds."

Stein is the 19th version of the OpenStack platform since it was first launched by NASA and Rackspace in 2010. The Stein update is the first OpenStack update in 2019 and follows the Rocky milestone launched in August 2018. OpenStack is a multi-stakeholder effort, including multiple suppliers such as Canonical/Ubuntu,SUSE,VMware and Red Hat, providing commercially supported OpenStack products. In addition, there are several cloud services supported by OpenStack, including Oracle,Rackspace,Telefonica,OVH,vScaler and City Network.

When OpenStack started, there were only two projects, Swift storage and Nova computing. The new OpenStack Placement service was originally part of Nova, but has now been separated into its own projects. According to the release notes, the goal of Placement services is to track the inventory and usage of cloud resources to help other services manage and allocate their resources effectively. As their own project, OpenStack developers claim that API has improved performance by 50 per cent for common scheduling operations.

"OpenStack Placement opens up interesting possibilities for the internal mechanism of resource allocation in OpenStack," Bednarz said. "with improved performance and a clear delineation of functions between Nova and Placement, cloud operators seem to benefit, especially in terms of making it easier to maintain OpenStack services."

(recommended: what are the historical versions of openstack)

Keystone identity

The Keystone Identity project in OpenStack benefits from several important enhancements in the Stein release, including multiple authentication. TR Bosworth, senior product manager at SUSE, told eWEEK,Stein that the multi-factor authentication feature really completed the release of OpenStack Ocata in February 2017.

"this is the right approach because you do multi-factor authentication-you provide an authentication, and then you get a 'half-token', indicating that you have completed part of the authentication, and then provide the required cell phone number or key when you use the second part of the authentication." Bosworth said. "this is a challenge response mechanism that has been implemented."

Artificial Intelligence and Edge

For Sean Cohen, Senior Manager of Red Hat Product Management, there are some key highlights in the Stein release that can be used to help enterprises deliver new differentiated applications and services on a flexible, scalable private cloud.

"as organizations want to extract more benefits from the increasingly digital economy, Stein has increased his ability to focus on supporting new workloads and use cases," Cohen told eWEEK. " "for example, through Stein, artificial intelligence / machine learning (AI/ML), collaboration between OpenStack and TensorFlow simplifies workloads such as facial recognition and provides a more dynamic, multimedia user experience."

The emerging concept of Edge Computing is also driven by the OpenStack Stein version. With Edge Computing, computing can be extended to the edge of the network, rather than all computing resources located in the central core. Cohen pointed out that distributed computing enhancements are also part of Stein, providing users with new ways to adopt edge computing strategies.

"by pushing compute and storage capabilities closer to data sources, OpenStack Stein can better allocate IT architectures, helping to reduce latency for critical applications while reducing bandwidth and operating costs," Cohen said.

Just now, the 19th version of OpenStack has arrived, with 28 features interpreted in detail!

Detailed introduction of Stein release highlights

Just now, the 19th version of OpenStack has arrived, with 28 features interpreted in detail!

(recommended to read: 21 version of OpenStack Ussuri to release, what are the new changes? )

Barbican- key Manager Service

Barbican is the key key management component of OpenStack, which is positioned to use REST API to securely store, provide, and manage "keys".

Notes:

Some enhancements have been made to the Vault backend. You can now specify the KV mount point and use AppRoles to manage authentication.

We now run Barbican-specific Octavia gate to verify the Octavia load balancing scheme.

The PKCS#11 plug-in has been modified to allow hmac_keywrap_mechanism to be configured. With this change, Barbican can be deployed along with Ultimaco HSM.

Barbican and pkcs#11 backends can now be deployed using Thales or ATOS HSM through TripleO.

The purpose of this fix is to ensure that the barbican-manage command for key rotation applies to the PKCS#11 plug-in.

Blazar- Resource booking Service

The goal of Blazar is to provide resource reservation for different resource types in the OpenStack cloud, including virtual (instance, volume, etc.) and physical (host, storage, etc.).

Notes:

A new resource allocation API is introduced to allow operators to query the retention status of their cloud resources.

Added support for affinity and incompatibility policies for instance reservations, allowing multiple instances of the same class to be scheduled to the same hypervisor (hypervisor).

A new plug-in has been added to reserve floating IP. This new feature is available as a preview version and will be fully implemented in the next version.

Many bug fixes are integrated to improve reliability.

(recommended reading: what are the new breakthroughs in the OpenStack Liberty version)

Cinder- Block Storage Service

Provide REST API to enable users to query and manage volume, volume snapshot and volume type, provide scheduler to schedule volume creation requests, and reasonably optimize the allocation of storage resources. Support a variety of back-end (back-end) storage methods through the driver architecture, including LVM,NFS,Ceph and other commercial storage products and solutions such as EMC and IBM.

Notes:

Added multiattach and deferred deletion support for RBD drivers.

Many bug fixes have been completed to address stability and reliability issues.

Improvements are made to the user experience of driver initialization, data retained during volume transfer, and information returned by commands.

Continuous improvement of backup services.

Congress- governance service

Congress is a framework for policy declaration, monitoring, enforcement, and audit based on heterogeneous cloud environments (policy-as-a-service). Congress acquires data from different services in the cloud and inputs them to congress's policy engine to verify whether the status of each service in the cloud runs in accordance with the set policy.

Notes:

By adding a number of new functions to the integration of Nova,Tacker and Monasca, the fault management function of NFV is realized and enhanced.

The new JGress framework unlocks new policy usage classes by making the cloud state provided by JSON API available for policy evaluation. By expressing policies directly on JSON API data using the JSON query language, JGress enables deployers to insert new data sources regardless of the availability of the integrated driver.

As with each release, we continue to make congress more powerful and stable than ever through bug fixes and internal improvements.

Cyborg- Accelerator Life cycle Management

Provides a general hardware acceleration management framework. Acceleration hardware includes encryption cards, GPU,FPGA,NVMe/NOF SSDs,DPDK/SPDK,eBPF/XDP, and so on.

Add FPGA programming support

Add GPU driver

DB refactoring begins to be consistent with NOVA Placement api strategy

Designate-DNS service

Designate does not implement the DNS protocol, but manages the software that implements the DNS protocol, such as BIND9,PowerDNS. Designate connects these software with OpenStack, controls the underlying DNS software through a set of API provided by itself, and completes DNS operations such as creating DNS Zone, writing Resource Record and so on. Therefore, Designate itself is only a software framework, a software framework adapted to a variety of DNS software.

Notes:

CAA added the recordset type authorized by CA for the managed DNS zone

Added NAPTR service chain and recordset types managed by SIP

Verify project ID when updating quota

A new command has been added to help upgrade. Designate-status upgrade check

Heat- choreography service

The main function of orchestration Heat is to automate the deployment of applications and automate the management of the entire life cycle of applications. For cloud computing, automated management is an essential part, and heat is the implementation of this part of the function. AWS's EC2 implements Orchestration by providing templates in CloudFormation format. Heat is not only 100% compatible with CloudFormation format, but also supports its own Hot (heat orchestration template) format. Heat can usually be used to address the needs of the customer's Paas layer.

Notes:

Heat now supports stacking in the remote OpenStack cloud while using the credentials that the user stores in Barbican.

Recovery is now easier by trying to replace the current resource with a version that conflicts with the existing resource.

New resource types in Heat add support for Neutron Layer 2 Gateways,Blazar and Tap-as-a-Service.

Supports the resource type of downloading Glance images through Glance Web, allowing you to obtain images from URL without preloading them.

Horizon- graphical management service

Provide an extensible and unified Web-based user interface for all OpenStack services, thus simplifying operation and maintenance management operations.

Notes:

Cinder Generic Groups management panel is now supported

Added options to mitigate vulnerabilities

Added upgrade_check management commands

Custom templates that support clouds.yaml and openrc files

Ironic- bare Metal Service

OpenStack Ironic is a project for bare metal deployment and installation. The so-called bare metal refers to computers that do not have an operating system configured. The function realized by Ironic is that it is very convenient to perform the above series of operations on one or more designated bare machines. For example, if you need to deploy multiple physical machines at the same time to deploy big data cluster, you can use Ironic to achieve this. Ironic enables rapid delivery of hardware infrastructure resources.

Notes:

Additional interfaces have been added for managing hardware, including Redfish BIOS settings, explicit iPXE boot interface selection options, and other hardware support.

Enhanced user capabilities and options, including deployment templates, improved parallel conductor workers and disk wipe processes, node protection and description for deployment, and using local HTTP or HTTPS servers to provide mirrors.

The option for standalone mode users has been improved to request the allocation of bare metal nodes and submit configuration data without the need for pre-formed configuration drives. In addition, Ironic allows the use of JSON-RPC instead of AMQP message bus.

Karbor- data Protection Coordination Service

Let the data protection software of various manufacturers access OpenStack through standard interfaces to provide OpenStack with enhanced data protection as a service (Data Protection as a Service) capabilities such as backup, replication, migration and so on. Karbor is committed to solving the current situation that virtual machine backup is difficult and there is no standard backup interface.

Notes:

Support to reset checkpoint to the specified state

Support for cross-site backup and restore using volume_glance_plugin

Optimization of checkpoint Management in different Bank cases

Keystone- authentication service

Is a component of the OpenStack framework responsible for managing authentication, service access rules, and service token functions. Users need to verify their identity and permissions to access resources, and the operation of the service also needs permission detection, all of which need to be dealt with through Keystone. Keystone is similar to a service bus, or the registry of the entire Openstack framework. OpenStack services register their Endpoint (service access URL) through Keystone. Any mutual invocation between services needs to be authenticated by Keystone to obtain the Endpoint of the target service, and then called.

Notes:

This release introduces multiple authentication (Multi-Factor), which helps to be more natural and secure when using MFA.

Limited API now supports Domain in addition to Project, so resource quotas can be allocated to top-level domains and in subprojects.

JSON Web tokens are added with fernet tokens as a new token format and support the Internet standard format. JSON Web tokens are asymmetrically signed, so this token format no longer requires synchronization of private keys between the servers where the keystone service is deployed.

Multiple keystone API now support system-wide as policy goals, which reduces the need for custom policies to prevent global access to users with administrative roles for any project.

Multiple keystone API now use the default reader,member and admin roles instead of catch-all roles, which reduces the need to create custom policies for read-only access for specific users.

Kolla- containerized deployment

Kolla focuses on how to deploy OpenStack services using Docker containers. Kolla is characterized by "out of the box" and "easy upgrade". The former is automated supported by the orchestration tool (Ansible/Kubernetes), while the latter is entirely thanks to Container. Kolla aims to build a corresponding Container for each OpenStack Service, reduce the granularity of upgrade / rollback (isolated dependency set) to Service or Project level, and realize the atomicity of upgrade / rollback. If the upgrade fails, start Old Version Container directly to complete the rollback.

Notes:

Completed the addition of container image and playbooks for Monasca's OpenStack monitoring service.

A container image and playbooks have been added for the OpenStack Placement service, which has been extracted from Nova into a separate project.

Added support for performing full and incremental backups of MariaDB databases.

Kuryr- Container Network Management Service

Its main goal is to integrate the network of OpenStack and Kubernetes through the project. The project implements a native Neutron-based network in Kubernetes, so using Kuryr-Kubernetes allows your OpenStack VM and Kubernetes Pods to choose to operate on the same subnet, and to use Neutron's L3 and Security Group to route the network and block specific source Port.

Notes:

Added support for kubernetes to handle and respond to network policy events, allowing Kuryr-Kubernetes to handle security group rules dynamically based on them.

Added support for K8s configured to use CRI-O, which is a container for Open Container Initiative-based Kubernetes Container Runtime Interface implementation.

Enhance readiness health checks to verify quotas for processor resources, improve overall performance and stability, and mark them as unhealthy when needed.

Improved support for DPDK and SRIOV.

Manila- shared File system Service

Provides a set of services for shared file system management in a multi-tenant cloud environment, similar to the way OpenStack provides block-based storage management through Cinder projects.

Notes:

Extended support for managed / unmanaged support for shares and snapshots in DHSS=True mode, and added managed / unmanaged support for shared servers.

Neutron- network service

Allows you to create and manage network objects, such as networks, subnets, and ports, and other OpenStack services can be used. Plug-ins can be implemented to adapt to different network devices and software, providing flexibility for the architecture and deployment of OpenStack. Neutron, which provides an API that allows you to define network connections and address them in the cloud. Network services also provide an API to configure and manage a variety of network services, including from L3 forwarding and NAT to load balancing, border firewalls, and virtual private networks.

Notes:

Support strict scheduling based on minimum bandwidth. With this feature, nova instances can be scheduled to compute hosts that meet the minimum bandwidth requirements of the instance defined by the QoS policy for its port.

Network segment scope management. This feature enables cloud administrators to dynamically manage the range of network segments through the new API extension, rather than the previous method of editing configuration files. This feature is designed for StarlingX and edge use cases, making them easy to manage.

Speed up batch creation of Neutron ports. The goal is for the containers/k8s use case, where ports are created by group.

(FWaaS) FWaaS v1 has been deleted. FWaaS v2 has been available since the release of Newton, which covers all the features in FWaaS v1. A migration script is provided to convert existing FWaaS v1 objects to FWaaS v2 models.

Nova- computing service

It is the core service of OpenStack, which is responsible for maintaining and managing computing resources in cloud environment, as well as managing the lifecycle of virtual machines.

Notes:

You can now run Nova using the latest version 1.0.0 placement service, which is hosted by its own repository. Note that the installation / upgrade of the placement service has not been fully implemented in all deployment tools. Before continuing, users should check their specific deployment tools for support. For more details, see the placement installation and upgrade documentation. At Stein, users can choose to continue to use the integrated placement services in Nova repository, but they should start planning to migrate to the latest placement services in the Train version, as part of the Nova integrated placement code is planned to be removed in the Train release.

Users can now specify the volume type when creating a virtual machine service.

Computing API can now tolerate transient conditions in deployment, such as partial infrastructure failures, such as inaccessible units.

Users can now create virtual machines with Neutron ports with QOS minimum bandwidth rules.

Users can now use Nova profiles or Placement API settings to oversell.

Compute driver capabilities are now automatically exposed as features in the presentation Placement API, which can be used for scheduling through flavor extra specs and mirror properties.

The VMware driver now supports live migration.

Octavia- load balancer service

Is a daemon supported by OpenStack LBAAS that provides load balancing for virtual machine traffic. In essence, it is similar to trove, call Nova and api of Neutron to generate a virtual machine with haproxy and keepalived software installed, and connect to the target network, so as to achieve high-performance security load balancing function.

Notes:

Octavia now supports the load balancer "flavors". This allows the operator to create a custom load balancer "flavors" that the user can choose when creating the load balancer.

You can now enable TLS client authentication when using the TERMINATED_HTTPS listener.

Octavia now supports re-encryption of the backend of member server connections.

You can now assign metadata tags to the Octavia load balancer.

OpenStack Ansible- Ansible playbooks and roles deployments for OpenStack

The way OpenStack is deployed from source makes it extensible and easy to operate, upgrade, and manage.

Notes:

Tool optimization has been completed, which will lead to faster and more reliable deployment.

Add Ubuntu Bionic support.

Add Mistral support.

Add Manila support.

Add Masakari support.

Oslo- common library

Generate a set of python libraries that contain shared code for the OpenStack project. The API provided by these libraries should be of high quality, stable, consistent, documented and universally applicable. Through these common libraries, it is easy to create a well-authenticated, distributed, easy-to-configure REST service with call chain logs.

Notes:

A Castellan configuration driver has been added to allow keys to be moved from disk configuration files to any Castellan-compatible KeyStore. The driver exists in the Castellan project, so you must install Castellan to use it.

A configuration driver has been added to read the values in the environment variables, which allows the service to be configured in the container without injecting files. This driver is enabled by default in oslo.config.

The configuration verification tool oslo-config-validator has been added. This uses oslo-config-generator data to find options in the configuration file that are not defined in the service.

Placement- Resource tracking display Service

Track cloud resource inventory and usage to help other services manage and allocate their resources effectively.

Notes:

The Placement service is separated from the Nova project and becomes a new official OpenStack project called Placement.

The ability to locate candidate resource providers has been added to simplify the ability to specify hosts for workload migration.

For common scheduling operations, API performance has improved by 50%.

Simplify code and future maintenance by eliminating unnecessary complexity.

Sahara- big data processing service

The project aims to make it easy for users to create and manage Hadoop and other computing framework clusters on the Openstack platform to implement EMR (Amazon Elastic MapReduce service) services similar to AWS. Users only need to provide simple parameters, such as version information, cluster topology, node hardware information and so on. Using Sahara service, Hadoop, Spark and Storm clusters can be quickly deployed in a few minutes. Sahara also supports flexible expansion of nodes, which can easily add or decrease computing nodes as needed, and realize flexible data computing services. It is especially suitable for developers or QA to quickly deploy big data to deal with computing clusters on the Openstack platform.

Notes:

The Sahara plug-in will be removed from the core code to facilitate maintenance and upgrade.

APIv2 is released steadily.

Improvements started from the volume function.

Searchlight- search service

Provide advanced and scalable indexing and search in multi-tenant cloud resources.

Notes:

Searchlight can now be used with Elasticsearch 5.x

We have released a new vision to make Searchlight a multi-cloud application

Functional test settings have been improved

Searchlight can now be tested using Python 3.7,

Senlin- cluster service

A cluster management framework is defined to manage groups of similar objects exposed by other OpenStack services.

Notes:

Improve the performance and speed up the execution of Senlin operations by several orders of magnitude.

Health policy v1.1 now allows users to specify multiple types of detection modes.

Senlin API now fails to issue synchronization in the case of cluster/node locks, cooling effects, or operation conflicts.

Operators can now delete completed operations using the action- delete subcommand in the senlin-manage tool. This is useful for long-running clusters that accumulate a large number of operations in the database.

Storlets- calculates in the object storage service

To implement storage-centric user-defined functions near data in OpenStack Swift to achieve user-friendly, cost-effective, scalable and secure ways.

Notes:

Support the Python3 operation of user code

Swift- object Storage Service

It provides a flexible, scalable and highly available distributed object storage service, which is suitable for storing large-scale unstructured data.

Notes:

A lot of improvements have been made to the S3 API compatibility layer.

Some fixes and improvements to data encryption middleware, including allowing multiple keymaster middleware. This allows migration from one key provider to another.

Users can use the new databases_per_second configuration option to better control the account and container daemon Imax O usage.

You can now reconstruct the erasure-encoded data as a switching node. This can improve data persistence when disk failures are not remedied for a long time.

Tripleo- deployment Services

Develop and maintain tools and infrastructure that can deploy OpenStack in production, using OpenStack whenever possible. The main goal is to use oepnstack to manage openstack to achieve the goal of installation, maintenance and upgrade.

Notes:

Added support for podman and buildah for containers and container images.

Virtual Network (OVN) is now the default network configuration.

Improved combinable network support for creating L3 routed networks and IPV6 network support.

Vitrage-RCA (root cause analysis) service

Used to organize, analyze and expand the alarm and events of openstack, derive the root cause of the problem, generate the derived alarm or set the derived state for the system.

Notes:

New and simplified template language! The new template is shorter and easier to understand and reuse.

A Trove data source and a Zaqar notifier have been added.

A new API for querying Vitrage services and resource counts.

Performance improvements and faster data retrieval. The running time of memory signing and processing is significantly reduced.

Watcher- Infrastructure Optimization Service

The goal of Watcher is to provide flexible and scalable resource optimization services for OpenStack-based multi-tenant clouds. Watcher provides a complete chain of optimization cycles: from metrics receivers to optimization processors and operation planning applications. The goal of Watcher is to provide a powerful framework to achieve a wide range of cloud optimization goals, including reducing data center operating costs, improving system performance through intelligent virtual machine migration, and improving energy efficiency. In addition, Watcher allows users to customize rich resource optimization objectives and strategy algorithms.

Notes:

Watcher supports API microconversion.

Watcher uses Nova notifications to update its internal computing CDM (cluster data model).

Calculate the CDM based on the audit scope.

Add the start_time and end_time fields to the CONTINUOUS audit.

A new configuration option 'action_execution_rule'' was added.

Finally, there is the contribution diagram of the top ten codes.

Just now, the 19th version of OpenStack has arrived, with 28 features interpreted in detail!

Translated from:

1. Https://www.eweek.com/cloud/openstack-stein-improves-cloud-identity-and-orchestration

2. Https://releases.openstack.org/stein/highlights.html

Zhuxiang new titanium cloud service operation and maintenance architect

Ten years of operation and maintenance experience, has served as a carving cloud operation and maintenance engineer, micro candle cloud and the chief operation and maintenance architect of an Internet financial platform. With OpenStack, CCIE, Aliyun, ZStack and other technical certification. There are tens of thousands of CVMs with PB-level distributed storage operation and maintenance experience. Familiar with various virtualization technologies, software and hardware, network, container choreography and other technologies, with python development experience. Love all kinds of open source technologies.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.