Queens Release Highlights

Queens Release Highlights

Blazar - Resource reservation service

Blazar’s goal is to provide resource reservations in OpenStack clouds for different resource types, both virtual (instances, volumes, etc) and physical (hosts, storage, etc.).


  • Support resource monitoring. Blazar can react when resource failures happen in its freepool.

Cinder - Block Storage service

To implement services and libraries to provide on-demand, self-service access to Block Storage resources via abstraction and automation on top of other block storage devices.


  • Support for attaching a single Cinder volume to multile VM instances.

  • Add ability to report backend state in service list.

  • Default policies moved to code from policy.json.

  • Migration from ConfKeyManagers fixed-key to Barbican.

  • Support for creating a volume from a backup.

  • Support for standardized over-provisioning calculations.

Cloudkitty - Rating service

CloudKitty is a rating component for OpenStack. Its goal is to process data from different metric backends and implement rating rule creation. Its role is to fit in-between the raw metrics from OpenStack and the billing system of a provider for chargeback purposes.


  • Addition/Evolution of collectors (Monasca and Ceph Object Storage)

  • Split metrology configuration from CK config file

  • Manage metrics units in yaml configuration

  • Deprecate the ceilometer collector

Congress - Governance service

To provide governance as a service across any collection of cloud services in order to monitor, enforce, and audit policy over dynamic infrastructure.


  • Mistral Integration: Congress can now trigger workflows according to operator-defined policy. From sending emails to running ansible playbooks, Congress and Mistral can take infrastructure automation and fault-recovery to the next level.

  • Config Validation: To help operators catch improper, insecure, or incompatible configurations across the Stack, the new configuration validation facility enables Congress to monitor service configurations according to policy.

  • Tag-based Security: To help operators secure and manage self-service infrastructure, Congress now supports enforcement of application-based network security policies based on tags and other semantic information.

  • Bug Fixes: As with every release, we continue to make Congress more robust and stable than ever.

Designate - DNS service

To provide scalable, on demand, self service access to authoritative DNS services, in technology-agnostic manner.


  • Removed legacy V1 API interface

  • Policy files are now just overrides to default rules

  • Accessible upgrades - DNS Queries will keep resolving during update

Freezer - Backup, Restore, and Disaster Recovery service

To provide integrated tools for backing up and restoring cloud data in multiple use cases, including disaster recovery. These resources include file systems, server instances, volumes, and databases.


  • Bug fixes

  • Policy in code

  • Improving and publishing docs

  • moving to freezer-tempest-plugin

Glance - Image service

To provide services and associated libraries to store, browse, share, distribute and manage bootable disk images, other data closely associated with initializing compute resources, and metadata definitions.


  • Introduced the Image API v2.6, including interoperable image import

  • Added a new import-method, ‘web-download’

  • Added import plugin scaffolding and a new import plugin that injects image metadata upon import

  • Updated the glance-manage and glance-scrubber tools

Horizon - Dashboard

To provide an extensible unified web based user interface for all OpenStack services.


  • Migrated the Roles and Key Pairs panels to be AngularJS panels

  • Use server side filtering across the UI

  • Added support for MKS consoles, Neutron Trunks, and loading multiple policy files

  • Updated all project related documentation

  • Moved Heat dashboard into a separate Horizon plugin and merged Django OpenStack Auth into Horizon

Ironic - Bare Metal service

To produce an OpenStack service and associated libraries capable of managing and provisioning physical machines, and to do this in a security-aware and fault-tolerant manner.


  • Introduced API to get, set and unset traits on nodes.

  • Introduced new ansible deploy interface.

  • Finished implementation of rescue mode. Users can repair instances, troubleshoot misconfigured nodes, lost SSH keys, etc.

  • Added support for routed networks when using flat networking.

  • Deprecated classic drivers in favor of hardware types.

Keystone - Identity service

To facilitate API client authentication, service discovery, distributed multi-tenant authorization, and auditing.


  • Keystone now offers a better story for applications interacting with OpenStack APIs with the use of application credentials.

  • A new assignment type has been added to allow for more secure RBAC called system scope.

  • Keystone introduced an experimental unified limits API to help improve quota enforcement, see the documentation for more information.

Kolla - Containerised deployment of OpenStack

To provide production-ready containers and deployment tools for operating OpenStack clouds.


  • Implemented support for using ansible-vault passwords in kolla-ansible command to decrypt /etc/kolla/passwords.yml.

  • Allow use of separate backends for oslo.messaging rpc and notification.

  • Implement cephfs service

  • Add vitrage ansible role

  • Implement minimal downtime for keystone and cinder service

  • Add use_preconfigured_databases flag in order to add support for previously created databases / users

  • Upgrade to ceph luminous

  • Add almanach, certmonger, ceph-nfs, ptp, rsyslog, sensu and tripleo ui image

  • Support to squash newly built layers into a single new layer

Kuryr - Bridge between OpenStack and container networking

Bridge between container framework networking models to OpenStack networking abstractions.


  • Introduced port pools feature.

  • Support for running in containers as K8s network addon.

  • Introduced kuryr-daemon service.

  • Introduced liveness and readiness probes for kuryr-controller.

Manila - Shared File Systems service

To provide a set of services for management of shared file systems in a multitenant cloud environment, similar to how OpenStack provides for block-based storage management through the Cinder project.


  • Added drivers for Infinidat, MapR-FS, and Veritas back ends.

  • Added APIs for listing export locations per share and per share instance.

  • Added IPv6 support for Dell-EMC and NetApp back ends.

Neutron - Networking service

To implement services and associated libraries to provide on-demand, scalable, and technology-agnostic network abstraction.


  • The agent extension for BGPVPN was refactored to use new extensible RPCs, and now covers most the BGPVPN API including the bgpvpn-routes-control extension.

  • The ML2 implementation now works with the vxlan type driver.

  • The project now provides a driver for the networking-sfc project, internally relying on BGP VPNs to setup service chains.

  • This release introduces a new API extension ‘bgpvpn-routes-control’ that offers. fine-grained control of route advertisements in BGPVPNs, including API-defined static routes, and inter-BGPVPN route leaking.

  • This release introduces a new API extension ‘bgpvpn-vni’ that allows to control the VXLAN VNI used for E-VPN.

  • The BGPVPN reference driver has been refactored to use more extensible RPC messages.

  • The BGPVPN reference driver and now implements E-VPN for OVS (linuxbridge was already supported).

  • OVN NorthBound backend database consistency mechanism, multiple workers are now completely safe to access the backend database, and any inconsistency generated by the backend not being available is quickly detected and corrected by a periodic job

  • OVN DNS support. ovn-controller will respond to DNS queries locally on each compute node.

  • OVN distributed Floating IP support.

  • OVN L3 HA support for gateway routers. Now networking-ovn makes use of the OVN embedded mechanism for L3 high availability. It will be automatically used for any router as soon as more than one gateway node is available.

  • OVN supports IPv6 Router solicitation and IPv6 Periodic router advertisement support.

  • OVN supports binding SR-IOV ports on OVS > 2.8 and kernel >=4.8

  • FWaaS V2.0 now supports L2 VM ports and l3 router ports.

  • FWaaS V2.0 co-exists with Neutron security groups.

  • ML2 implements Quality of Service rate limits for floating IPs.

  • ML2 implementes a logging API for security groups.

  • API supports filtering port with IP address substring.

Nova - Compute service

To implement services and associated libraries to provide massively scalable, on demand, self service access to compute resources, including bare metal, virtual machines, and containers.


  • The performance of listing instances across a multi-cell cells v2 deployment has been improved and the results are now merge sorted.

  • Rescheduling during a server create or resize operation is now supported in a split-MQ multi-cell cells v2 deployment.

  • The libvirt compute driver supports volume multi-attach when using the 2.60 compute API microversion. See the admin guide for more details on volume multi-attach support in Queens.

  • Added support for vGPUs. Experimental feature with some caveats, but admins can now define flavors that request vGPU resources. See admin guide for more details.

  • Traits-based scheduling is now available for the ironic compute driver. For more details, see the ironic docs for scheduling based on traits.

Octavia - Load-balancer service

To provide scalable, on demand, self service access to load-balancer services, in technology-agnostic manner.


  • The neutron-lbaas and neutron-lbaas-dashboard projects are now deprecated. Please see the FAQ at https://wiki.openstack.org/wiki/Neutron/LBaaS/Deprecation

  • Neutron-lbaas now includes a proxy plugin that forwards all API requests to the Octavia API.

  • The initial release of the Octavia dashboard for Horizon includes significantly improved load balancer detail pages and workflows compared to the, now deprecated, neutron-lbaas-dashboard.

  • Added the ability to batch update pool members.

  • A Neutron Quality of Service (QoS) policy can now be applied to Octavia load balancers.

  • Octavia now supports using Castellan and PKCS12 bundles for TLS termination.

  • The Octavia OpenStack client plugin now supports quotas, load balancer QoS policies, load balancer failover, listener statistics, and filtering by load balancer ID.

Openstacksdk - Multi-cloud Python SDK and CLI for End Users

To provide a unified multi-cloud aware Python SDK and CLI for the OpenStack REST API exposing both the full set of low-level APIs as well as curated higher level business logic.


  • Merged code from shade, os-client-config and openstacksdk into a single library as part of an effort to unify and simplify our client-side libraries.

  • Added support for making direct REST calls to all OpenStack services.

  • Updated pagination support to support all existing forms of pagination. Pagination now works automatically behind the scenes.

Swift - Object Storage service

Provide software for storing and retrieving lots of data with a simple API. Built for scale and optimized for durability, availability, and concurrency across the entire data set.


  • Added symlink objects support. Symlink objects reference one other object in the cluster. Read requests pass through the symlink on to the target objects. Write requests act on the symlink itself.

  • Added support for inline data segments in Static Large Object (SLO) manifests. These data segments do not refer to another object in the system but are included directly in the manifest. When using data segments instead of small objects in the cluster, users will much improved performance on reads. The data segments can also be used to construct composite file formats (like .tar) without needing to create objects in the cluster for boilerplate data.

  • Added checksum to object extended attributes. This provides better durability guarantees for data stored in the system.

  • The object expiry functionality was greatly improved to be much more efficient with cluster resources, especially when operating on erasure code objects.

  • The tempurl digest algorithm is now configurable, and Swift added support for both SHA-256 and SHA-512. Supported tempurl digests are exposed to clients in /info. Additionally, tempurl signatures can now be base64 encoded.

Tacker - NFV Orchestration service

To implement Network Function Virtualization (NFV) Orchestration services and libraries for end-to-end life-cycle management of Network Services and Virtual Network Functions (VNFs).


  • Support containerised vnf support to Kubernetes VIM

  • Support vnffg updation

  • Support monitoring the vnf with private zabbix

  • Support for multiple classifiers per chain through VNFFG templates

Tricircle - Networking automation across Neutron service

To provide networking automation across Neutron in multi-region OpenStack clouds deployment.


  • Basic support for LBaas and QoS in Tricircle

Tripleo - Deployment service

Develop and maintain tooling and infrastructure able to deploy OpenStack in production, using OpenStack itself wherever possible.


  • config-download: Ability to use Ansible to apply the cloud configuration. Ansible can be used to replace the communication and transport of the configuration deployment data between Heat and the Heat agent (os-collect-config) on the cloud nodes.

  • Fast Forward Upgrades: Preview release of support for upgrading from Newton to Queens.

  • UI improvements: Node registration form has been streamlined. Custom roles selection improvements and improved management abilities.

  • IPsec support: Enabled support to deploy overclouds with network encryption for service-to-service communication with IPSEC.

  • Instance HA: Added support for deployment of Instance HA that automates the evacuation of an instance whenever its host Compute node fails.

  • Realtime support: Support for realtime compute nodes as well as real-time roles for NFV deployments.

  • Octavia support: Added support to deploy Octavia in the overcloud.

Trove - Database service

To provide scalable and reliable Cloud Database as a Service functionality for both relational and non-relational database engines, and to continue to improve its fully-featured and extensible open source framework.


  • Migration to openstack client.

  • Currency for operating system level; full support for Xenial

  • Currency for databases; MySQL 5.7, Vertica 9.0, Cassandra 3.11

  • Currency of databases; DB2 11.1, Postgres 9.6

  • Implement root-enable/root-disable for Redis

  • Add support for the IBM Power architecture

  • Migration to Zuul v3, policy-in-code, keystone v2 deprecation

Vitrage - RCA (Root Cause Analysis) service

To organize, analyze and visualize OpenStack alarms & events, yield insights regarding the root cause of problems and deduce their existence before they are directly detected.


  • New API for template management (add/delete template) allows users to change the alarm deduction and RCA rules more easily. The new rules are immediately applied on existing resources and alarms.

  • New API for webhook registration on Vitrage alarms.

  • Added an alarm count banner in Horizon

  • Introduced template version 2 including several enhancements like regex support, templates that contain only topoology definitions and template functions

  • Several performance improvements, mostly around parallel evaluation of Vitrage templates

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.