Queens Release Highlights

Queens Release Highlights



  • Support resource monitoring. Blazar can react when resource failures happen in its freepool.



  • Support for attaching a single Cinder volume to multile VM instances.

  • Add ability to report backend state in service list.

  • Default policies moved to code from policy.json.

  • Migration from ConfKeyManagers fixed-key to Barbican.

  • Support for creating a volume from a backup.

  • Support for standardized over-provisioning calculations.



  • Addition/Evolution of collectors (Monasca and Ceph Object Storage)

  • Split metrology configuration from CK config file

  • Manage metrics units in yaml configuration

  • Deprecate the ceilometer collector



  • Mistral Integration: Congress can now trigger workflows according to operator-defined policy. From sending emails to running ansible playbooks, Congress and Mistral can take infrastructure automation and fault-recovery to the next level.

  • Config Validation: To help operators catch improper, insecure, or incompatible configurations across the Stack, the new configuration validation facility enables Congress to monitor service configurations according to policy.

  • Tag-based Security: To help operators secure and manage self-service infrastructure, Congress now supports enforcement of application-based network security policies based on tags and other semantic information.

  • Bug Fixes: As with every release, we continue to make Congress more robust and stable than ever.



  • Removed legacy V1 API interface

  • Policy files are now just overrides to default rules

  • Accessible upgrades - DNS Queries will keep resolving during update



  • Bug fixes

  • Policy in code

  • Improving and publishing docs

  • moving to freezer-tempest-plugin



  • Introduced the Image API v2.6, including interoperable image import

  • Added a new import-method, ‘web-download’

  • Added import plugin scaffolding and a new import plugin that injects image metadata upon import

  • Updated the glance-manage and glance-scrubber tools



  • Migrated the Roles and Key Pairs panels to be AngularJS panels

  • Use server side filtering across the UI

  • Added support for MKS consoles, Neutron Trunks, and loading multiple policy files

  • Updated all project related documentation

  • Moved Heat dashboard into a separate Horizon plugin and merged Django OpenStack Auth into Horizon



  • Introduced API to get, set and unset traits on nodes.

  • Introduced new ansible deploy interface.

  • Finished implementation of rescue mode. Users can repair instances, troubleshoot misconfigured nodes, lost SSH keys, etc.

  • Added support for routed networks when using flat networking.

  • Deprecated classic drivers in favor of hardware types.



  • Keystone now offers a better story for applications interacting with OpenStack APIs with the use of application credentials.

  • A new assignment type has been added to allow for more secure RBAC called system scope.

  • Keystone introduced an experimental unified limits API to help improve quota enforcement, see the documentation for more information.



  • Implemented support for using ansible-vault passwords in kolla-ansible command to decrypt /etc/kolla/passwords.yml.

  • Allow use of separate backends for oslo.messaging rpc and notification.

  • Implement cephfs service

  • Add vitrage ansible role

  • Implement minimal downtime for keystone and cinder service

  • Add use_preconfigured_databases flag in order to add support for previously created databases / users

  • Upgrade to ceph luminous

  • Add almanach, certmonger, ceph-nfs, ptp, rsyslog, sensu and tripleo ui image

  • Support to squash newly built layers into a single new layer



  • Introduced port pools feature.

  • Support for running in containers as K8s network addon.

  • Introduced kuryr-daemon service.

  • Introduced liveness and readiness probes for kuryr-controller.



  • Added drivers for Infinidat, MapR-FS, and Veritas back ends.

  • Added APIs for listing export locations per share and per share instance.

  • Added IPv6 support for Dell-EMC and NetApp back ends.



  • The agent extension for BGPVPN was refactored to use new extensible RPCs, and now covers most the BGPVPN API including the bgpvpn-routes-control extension.

  • The ML2 implementation now works with the vxlan type driver.

  • The project now provides a driver for the networking-sfc project, internally relying on BGP VPNs to setup service chains.

  • This release introduces a new API extension ‘bgpvpn-routes-control’ that offers. fine-grained control of route advertisements in BGPVPNs, including API-defined static routes, and inter-BGPVPN route leaking.

  • This release introduces a new API extension ‘bgpvpn-vni’ that allows to control the VXLAN VNI used for E-VPN.

  • The BGPVPN reference driver has been refactored to use more extensible RPC messages.

  • The BGPVPN reference driver and now implements E-VPN for OVS (linuxbridge was already supported).

  • OVN NorthBound backend database consistency mechanism, multiple workers are now completely safe to access the backend database, and any inconsistency generated by the backend not being available is quickly detected and corrected by a periodic job

  • OVN DNS support. ovn-controller will respond to DNS queries locally on each compute node.

  • OVN distributed Floating IP support.

  • OVN L3 HA support for gateway routers. Now networking-ovn makes use of the OVN embedded mechanism for L3 high availability. It will be automatically used for any router as soon as more than one gateway node is available.

  • OVN supports IPv6 Router solicitation and IPv6 Periodic router advertisement support.

  • OVN supports binding SR-IOV ports on OVS > 2.8 and kernel >=4.8

  • FWaaS V2.0 now supports L2 VM ports and l3 router ports.

  • FWaaS V2.0 co-exists with Neutron security groups.

  • ML2 implements Quality of Service rate limits for floating IPs.

  • ML2 implementes a logging API for security groups.

  • API supports filtering port with IP address substring.



  • The performance of listing instances across a multi-cell cells v2 deployment has been improved and the results are now merge sorted.

  • Rescheduling during a server create or resize operation is now supported in a split-MQ multi-cell cells v2 deployment.

  • The libvirt compute driver supports volume multi-attach when using the 2.60 compute API microversion. See the admin guide for more details on volume multi-attach support in Queens.

  • Added support for vGPUs. Experimental feature with some caveats, but admins can now define flavors that request vGPU resources. See admin guide for more details.

  • Traits-based scheduling is now available for the ironic compute driver. For more details, see the ironic docs for scheduling based on traits.



  • The neutron-lbaas and neutron-lbaas-dashboard projects are now deprecated. Please see the FAQ at https://wiki.openstack.org/wiki/Neutron/LBaaS/Deprecation

  • Neutron-lbaas now includes a proxy plugin that forwards all API requests to the Octavia API.

  • The initial release of the Octavia dashboard for Horizon includes significantly improved load balancer detail pages and workflows compared to the, now deprecated, neutron-lbaas-dashboard.

  • Added the ability to batch update pool members.

  • A Neutron Quality of Service (QoS) policy can now be applied to Octavia load balancers.

  • Octavia now supports using Castellan and PKCS12 bundles for TLS termination.

  • The Octavia OpenStack client plugin now supports quotas, load balancer QoS policies, load balancer failover, listener statistics, and filtering by load balancer ID.



  • Merged code from shade, os-client-config and openstacksdk into a single library as part of an effort to unify and simplify our client-side libraries.

  • Added support for making direct REST calls to all OpenStack services.

  • Updated pagination support to support all existing forms of pagination. Pagination now works automatically behind the scenes.



  • Added symlink objects support. Symlink objects reference one other object in the cluster. Read requests pass through the symlink on to the target objects. Write requests act on the symlink itself.

  • Added support for inline data segments in Static Large Object (SLO) manifests. These data segments do not refer to another object in the system but are included directly in the manifest. When using data segments instead of small objects in the cluster, users will much improved performance on reads. The data segments can also be used to construct composite file formats (like .tar) without needing to create objects in the cluster for boilerplate data.

  • Added checksum to object extended attributes. This provides better durability guarantees for data stored in the system.

  • The object expiry functionality was greatly improved to be much more efficient with cluster resources, especially when operating on erasure code objects.

  • The tempurl digest algorithm is now configurable, and Swift added support for both SHA-256 and SHA-512. Supported tempurl digests are exposed to clients in /info. Additionally, tempurl signatures can now be base64 encoded.



  • Support containerised vnf support to Kubernetes VIM

  • Support vnffg updation

  • Support monitoring the vnf with private zabbix

  • Support for multiple classifiers per chain through VNFFG templates



  • Basic support for LBaas and QoS in Tricircle



  • config-download: Ability to use Ansible to apply the cloud configuration. Ansible can be used to replace the communication and transport of the configuration deployment data between Heat and the Heat agent (os-collect-config) on the cloud nodes.

  • Fast Forward Upgrades: Preview release of support for upgrading from Newton to Queens.

  • UI improvements: Node registration form has been streamlined. Custom roles selection improvements and improved management abilities.

  • IPsec support: Enabled support to deploy overclouds with network encryption for service-to-service communication with IPSEC.

  • Instance HA: Added support for deployment of Instance HA that automates the evacuation of an instance whenever its host Compute node fails.

  • Realtime support: Support for realtime compute nodes as well as real-time roles for NFV deployments.

  • Octavia support: Added support to deploy Octavia in the overcloud.



  • Migration to openstack client.

  • Currency for operating system level; full support for Xenial

  • Currency for databases; MySQL 5.7, Vertica 9.0, Cassandra 3.11

  • Currency of databases; DB2 11.1, Postgres 9.6

  • Implement root-enable/root-disable for Redis

  • Add support for the IBM Power architecture

  • Migration to Zuul v3, policy-in-code, keystone v2 deprecation



  • New API for template management (add/delete template) allows users to change the alarm deduction and RCA rules more easily. The new rules are immediately applied on existing resources and alarms.

  • New API for webhook registration on Vitrage alarms.

  • Added an alarm count banner in Horizon

  • Introduced template version 2 including several enhancements like regex support, templates that contain only topoology definitions and template functions

  • Several performance improvements, mostly around parallel evaluation of Vitrage templates

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.