Stein Release Highlights

Stein Release Highlights

Blazar - Resource reservation service

Blazar’s goal is to provide resource reservations in OpenStack clouds for different resource types, both virtual (instances, volumes, etc) and physical (hosts, storage, etc.).

Notes:

  • Introduced a new Resource Allocation API allowing operators to query the reserved state of their cloud resources.
  • Added support for affinity and no-affinity policies for instance reservations, allowing multiple instances of the same reservation to be scheduled to the same hypervisor.
  • Added a new plugin for reservation of floating IPs. This new feature is available as a preview and will be fully completed in the next release.
  • Integrated numerous bug fixes to improve reliability.

Cinder - Block Storage service

To implement services and libraries to provide on-demand, self-service access to Block Storage resources via abstraction and automation on top of other block storage devices.

Notes:

  • Added multiattach and deferred deletion support for the RBD driver.
  • Numerous bug fixes have been integrated to address stability and reliability.
  • User experience improvements around driver initialization, data retained during volume transfers and the information returned by commands.
  • Continued improvements in the backup service.

Congress - Governance service

To provide governance as a service across any collection of cloud services in order to monitor, enforce, and audit policy over dynamic infrastructure.

Notes:

  • Important new NFV fault management capabilities through the addition of multiple new features in Congress integration with Nova, Tacker, and Monasca.
  • The new JGress framework unlocks whole new classes of policy use by making the state of the cloud as given by JSON APIs available for policy evaluation. By adopting a JSON query language for expressing policy directly over JSON API data, JGress enables deployers to plug-in new data sources without being limited by the availability of integration drivers.
  • As with every release, we continue to make Congress more robust and stable than ever with bug fixes and internal improvements.

Designate - DNS service

To provide scalable, on demand, self service access to authoritative DNS services, in technology-agnostic manner.

Notes:

  • Added CAA recordset type for CA authorization for managed DNS Zones
  • Added NAPTR recordset type for service chaining and SIP management
  • Validation of project IDs when updating quotas
  • Added designate-status upgrade check command to aid in upgrades.

Horizon - Dashboard

To provide an extensible unified web based user interface for all OpenStack services.

Notes:

  • Cinder Generic Groups admin panels are now supported
  • Added option to mitigate breach attacks
  • Added an upgrade_check management command
  • Custom templates for clouds.yaml and openrc files support

Ironic - Bare Metal service

To produce an OpenStack service and associated libraries capable of managing and provisioning physical machines, and to do this in a security-aware and fault-tolerant manner.

Notes:

  • Adds additional interfaces for management of hardware including Redfish BIOS settings, explicit iPXE boot interface option, and additional hardware support.
  • Increased capabilities and options for operators including deployment templates, improved parallel conductor workers and disk erasure processes, deployed node protection and descriptions, and use of local HTTP(S) servers for serving images.
  • Improved options for standalone users to request allocations of bare metal nodes and submit configuration data as opposed to pre-formed configuration drives. Additionally allows for ironic to be leveraged using JSON-RPC as opposed to an AMQP message bus.

Karbor - Data Protection Orchestration Service

To implement services and libraries to provide project aware data-protection orchestration of existing vendor solutions.

Notes:

  • Support for reset checkpoint to the specify state
  • Support for cross site backup and restore with volume_glance_plugin
  • Optimization for checkpoints management in different bank cases

Keystone - Identity service

To facilitate API client authentication, service discovery, distributed multi-tenant authorization, and auditing.

Notes:

  • This release introduced Multi-Factor Authentication Receipts, which facilitates a much more natural sequential authentication flow when using MFA.
  • The limits API now supports domains in addition to projects, so quota for resources can be allocated to top-level domains and distributed among children projects.
  • JSON Web Tokens are added as a new token format alongside fernet tokens, enabling support for a internet-standard format. JSON Web Tokens are asymmetrically signed and so synchronizing private keys across keystone servers is no longer required with this token format.
  • Multiple keystone APIs now support system scope as a policy target, which reduces the need for customized policies to prevent global access to users with an admin role on any project.
  • Multiple keystone APIs now use default reader, member, and admin roles instead of a catch-all role, which reduces the need for customized policies to create read-only access for certain users.

Kolla

To provide production-ready containers and deployment tools for operating OpenStack clouds.

Notes:

  • Completed addition of images and playbooks for the OpenStack Monitoring service, Monasca.
  • Added an image and playbooks for the OpenStack Placement service, which has been extracted from Nova into a separate project.
  • Added support for performing full and incremental backups of the MariaDB database.

Kuryr

Bridge between container framework networking and storage models to OpenStack networking and storage abstractions.

Notes:

  • Added support for handling and reacting to Network Policies events from kubernetes, allowing Kuryr-Kubernetes to handle security group rules on the fly based on them.

Manila - Shared File Systems service

To provide a set of services for management of shared file systems in a multitenant cloud environment, similar to how OpenStack provides for block-based storage management through the Cinder project.

Notes:

  • Extended support for manage/unmanage support for shares and snapshots to DHSS=True mode and added manage/unmanage support for share-servers.

Nova - Compute service

To implement services and associated libraries to provide massively scalable, on demand, self service access to compute resources, including bare metal, virtual machines, and containers.

Notes:

  • It is now possible to run Nova with version 1.0.0 of the recently extracted placement service, hosted from its own repository. Note that install/upgrade of an extracted placement service is not yet fully implemented in all deployment tools. Operators should check with their particular deployment tool for support before proceeding. See the placement install and upgrade documentation for more details. In Stein, operators may choose to continue to run with the integrated placement service from the Nova repository, but should begin planning a migration to the extracted placement service by Train, as the removal of the integrated placement code from Nova is planned for the Train release.
  • Users can now specify a volume type when creating servers.
  • The compute API is now tolerant of transient conditions in a deployment like partial infrastructure failures, for example a cell not being reachable.
  • Users can now create servers with Neutron ports that have quality-of-service minimum bandwidth rules.
  • Operators can now set overcommit allocation ratios using Nova configuration files or the placement API.
  • Compute driver capabilities are now automatically exposed as traits in the placement API so they can be used for scheduling via flavor extra specs and/or image properties.
  • Live migration is now supported for the VMware driver.

Octavia - Load-balancer service

To provide scalable, on demand, self service access to load-balancer services, in technology-agnostic manner.

Notes:

  • Octavia now supports load balancer “flavors”. This allows an operator to create custom load balancer “flavors” that users can select when creating a load balancer.
  • You can now enable TLS client authentication when using TERMINATED_HTTPS listeners.
  • Octavia now supports backend re-encryption of connections to member servers.
  • Metadata tags can now be assigned to the elements of an Octavia load balancer.

Oslo - Common libraries

To produce a set of python libraries containing code shared by OpenStack projects. The APIs provided by these libraries should be high quality, stable, consistent, documented and generally applicable.

Notes:

  • Added a Castellan config driver that allows secrets to be moved from on-disk config files to any Castellan-compatible keystore. This driver lives in the Castellan project, so Castellan must be installed in order to use it.
  • Added a config driver to read config values from environment variables. This driver is enabled by default in oslo.config.
  • Added a config validation tool, oslo-config-validator. This uses the oslo-config-generator data to find options in a config file that are not defined in the service.

Placement - Placement service

To track cloud resource inventories and usages to help other services effectively manage and allocate their resources.

Notes:

  • The placement service was extracted from the Nova project and became a new official OpenStack project called Placement.
  • Added the ability to target a candidate resource provider, easing specifying a host for workload migration.
  • Increased API performance by 50% for common scheduling operations.
  • Simplified the code by removing unneeded complexity, easing future maintenance.

Sahara - Data Processing service

To provide a scalable data processing stack and associated management interfaces.

Notes:

  • Sahara plugins are removed from core code for easier maintenance and upgrades.
  • Release of APIv2 as stable.
  • Improvements on boot from volume feature.

Searchlight - Search service

To provide advanced and scalable indexing and search across multi-tenant cloud resources.

Notes:

  • Searchlight now works with Elasticsearch 5.x
  • We have released a new vision to make Searchlight a multi-cloud application
  • Functional test setup has been improved
  • Searchlight now can work and be tested with Python 3.7

Senlin - Clustering service

To implement clustering services and libraries for the management of groups of homogeneous objects exposed by other OpenStack services.

Notes:

  • Improved performance so that Senlin operations execute multiple orders of magnitude faster.
  • Health policy v1.1 now allows a user to specify multiple types of detection modes.
  • Senlin APIs now issues synchronous failures in case of cluster/node lock, cooldown in effect or action conflict.
  • A action-purge subcommand is added to senlin-manage tool for purging actions from the action table.

Vitrage - RCA (Root Cause Analysis) service

To organize, analyze and visualize OpenStack alarms & events, yield insights regarding the root cause of problems and deduce their existence before they are directly detected.

Notes:

  • New and simplified template language! the new templates are shorter and much easier to understand and reuse.
  • Added a Trove datasource and a Zaqar notifier.
  • New APIs for querying Vitrage services and for resource count.
  • Performance improvements and faster data retrieval. The memory signature and processing runtime were significantly reduced.
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.