User experience, manageability and scalability. In this article, we will review the major changes in the Mitaka release and how they relate to these themes.

This first part will focus on the most commonly deployed OpenStack projects: Nova, Neutron, Cinder, Glance, Swift, Keystone, Horizon, as well as the OpenStack client and SDK. The second part will include additional OpenStack projects including Ironic, Manila, Freezer, Heat, Senlin, Sahara.

Nova Nova

User experience

Live migration improvements: Nova can report more details of live migration progress, such as how much data has been transferred and how much is remaining. It is possible to cancel (abort) a live migration of a VM. It is possible to pause a VM during live migration . This operation prevents a VM from modifying memory and therefore it forces live migration to complete. It is now possible to exclude additional volumes or cd-rom from being migrated. It is now possible to use a separate network for live migrations; previously the management network was used for live migrations.

A disk space scheduling filter now selects compute nodes with the most available disk space.

A new simpler use_neutron option replaces the old network_api_class option.

A new sample policy file for Nova API: The old policy file contained many policies set to empty string (allow all), which is not a good default value for many clouds. Also, there was some confusion because operators thought that an empty string meant to use a default rule.

A new oslo.cache configuration instead of deprecated memcached_servers: if enabled, the memcached servers should be configured via the cache/memcache_servers option.

All you need to know about OpenStack certification – right here

Manageability

Simpler rolling upgrades: Nova can automatically determine which RPC version to use, which means that Nova services can be upgraded one by one without breakage.

A new nova-manage script for all online DB migrations.

Nova uses libosinfo for getting hardware properties and making decisions about how to configure the virtual hardware.

New versioned Nova notifications have been introduced.

A new service.status versioned notification informs about service status changes.

Scalability

Now Nova requires two databases, the regular Nova database and a new Nova API database. This is required to support Nova Cells: standalone Nova deployments to partition a cloud into logical groups for load balancing and instance distribution. New “nova-manage api_db … ” operations are available in addition to “nova-manage db …”.

Nova EC2 support has been deprecated in Kilo and completely removed in Mitaka. A new ec2-api project has been introduced for EC2. The old EC2 required a direct access to a Nova database. With the new ec2-api project, direct access to the Nova database is no longer required, which makes the implementation more scalable.

Neutron Neutron

User experience

Operators can use tags for their network resources and networks can be filtered by tags.

Timestamp fields ‘created_at’, ‘updated_at’ have been added to the Neutron core resources (network, subnet, port and subnetpool). It is possible to filter such resources with the “changed-since” query.

An optional description field has been added to security group rules, networks, ports, routers, floating IPs, and subnet pools. Operators can use the new field to store details about the entities.

Operators can use protocol names instead of protocol numbers in both the API and python-neutronclient.

A new “get-me-a-network” feature simplifies launching of an instance with basic network connectivity (via an externally connected private tenant network). When a corresponding feature will be implemented in Nova, a user will be able to launch an instance without explicitly provisioning a network.

A new API endpoint allows easy access to counts of used IPs and total IPs for the specified network. The new endpoint allows filtering by network ID, network name, tenant ID and IP version.

Learn how to deploy guest networks over Neutron

Manageability

Integration with external DNS service Integration with Designate or other DNSaaS. Floating IPs can have dns_name and dns_domain attributes. Ports can have a dns_name attribute. Networks can have a dns_domain attribute. If floating IPs and ports have dns_name and dns_domain attributes, then they are published in an external DNS service.

A new RBAC framework allows networks to be made available to the specified tenants, only to be used as an external gateway for routers and floating IPs.

RBAC for QoS policies.

Scalability

Ports now can be recovered from binding fail state, when the L2 agent is back online.

Distributed Virtual Routers (DVR) improvements: HA support for SNAT services. Routers created with the flags “distributed=True” and “ha=True” will provide DVR and HA on the L3 agents configured for dvr_snat mode. DVR’s resiliency during Nova VM live migration.

MTU-related improvements: End-to-end support for arbitrary MTUs, including jumbo frames between instances and provider networks. MTU is calculated using the overlay protocol overhead and the value of path_mtu. Then the DHCP agent provides the calculated network MTU to instances.



New features and extensions

BGP support Announcement of tenants prefixes and host routes for floating IPs via BGP. Using the centralized Neutron router gateway or floating IP agent gateway ports as the next-hop.

Quotas for Neutron FWaaS.

Cinder Cinder

User experience

A new replication interface (version 2.1).

New drivers have been added, including a new backup driver for Google Cloud Storage.

XML API is deprecated and will be removed in a future release.

Added ability to backup snapshots.

It is now possible to delete a volume and its snapshots by using an additional argument “cascade=True” for volume delete.

It is possible to remove volumes in error and error_deleting states from a consistency group. Prior to Mitaka, the only way to remove volumes in error states from a consistency group was to delete the consistency group and create it again.

Now operators can manage policies for volume type operations; specifically volume type operations can be permitted for the specified users. Before Mitaka, only users who had the admin role could manage the volume types.

Learn how to deploy Cinder in production environments

Manageability

Added support for API microversions and v3 API endpoint.

Tech preview for rolling upgrades, RPC backward compatibility layer similar to Nova’s.

Support for nested quotas has been moved to a separate driver. Also nested quotas are turned off by default, they can be enabled by setting

quota_driver = cinder.quota.NestedDbQuotaDriver.

Glance Glance

Users can upload/download the images to/from the Cinder volumes. This also will be useful to utilize storage features such as copy-on-write cloning for creating a new volume from an image volume efficiently. However, there is currently no way to choose a Cinder volume type, and so the image will be placed according to Cinder’s default scheduling decisions.

Added HTTPS support.

Image signing and verification Support.

Open Virtualization Format (OVF) single disk image upload. Glance can extract the single root disk image and its metadata. The Glance image metadata can be used by a custom filter in Nova (this is not implemented in Mitaka yet).

Support for the DMTF’s Common Information Model (CIM) namespace for metadata.

Glance DB purge utility (“glance-manage db” extension) can now safely purge deleted rows from the Glance database for all relevant tables. Before Mitaka, all the deleted rows were kept in the database and operators had to manually delete such data.

Glance can use Keystone trust authorization. This change addresses the specific case where a token expires during image upload, resulting in the call to the Glance Registry to set the image state ‘active’ to fail.

Swift Swift

The ring rebalancing algorithm has been updated: more balanced rings better initial placement capacity adjustments move less data for better balance. the existing imbalanced rings should start to become better balanced as they go through rebalance cycles.

Storage policies can can have more than one name. This allows operators to fix a typo without breaking existing clients or, alternatively, have “short names” for policies.

Container sync has been improved to faster find and iterate over the containers to be synced. This reduced server load and decreases the time required for data propagation between clusters.

Keystone Keystone

User experience

A new Time-based One-time Password (TOTP) authentication feature. Specifically, Google Authenticator is now supported.

Implied roles are now supported. Role inference rules can be added to indicate when the assignment of one role implies the assignment of another.

Roles can be defined as as domain specific. In the domain it is possible define private inference rules with implied roles.

Supports for tokenless client SSL x.509 certificate authentication and authorization.

Manageability

Unified identity for multiple authentication sources separate user identities from their local-managed credentials shadow local and federated users.

A new “keystone-manage bootstrap” command to create a default domain, so Keystone can be initialized without the need of the admin_token filter in the paste-ini. This eliminates the security concerns around a static shared string that gives an admin access to Keystone and therefore to the entire installation.

A new parameter “list_limit” can be used when LDAP is the identity backend.

Scalability

Names in addition to IDs can be returned by list role_assignments method by specifying the argument “include_names=True”.

Keystone now uses oslo.cache (memcached or MongoDB as a backend).

Caching has been added for catalog on a per user ID and project ID basis for both v2 and v3 APIs. As a result Fernet-based deployments should have better performance.

WSGI is fully tested and supported.

Horizon Horizon

Integration with Searchlight , a new OpenStack project for offloading user search queries from existing API servers and indexing their data into ElasticSearch .

Unified search across: Nova instances Glance images, snapshots and metadata Cinder volumes and snapshots Neutron networks, ports, subnets and routes.



OpenStack client and SDK OpenStack client and SDK

Support for OSprofiler has been added.

More new commands have been added ip floating delete/list/show network delete/list/show/create subnet show/delete subnet pool show/delete/list port delete/show router delete/list/show/create/set.

An optional “–names” argument has been added to the “role assignment list” command. This will output names instead of IDs for users, groups, roles, projects, and domains.

An optional “–limit” argument to “image list” command to limit the number of images in output.

Support for recursive container delete

In the second part of this post we will discuss additional changes in other OpenStack projects in the Mitaka release.

Back to Blog>