OpenStack Newton, the second major milestone update in 2016, was finally released on Oct. 6. This new version provides a long list of incremental updates and improvements, including improved security and networking capabilities across all the different forms of compute, including bare metal, virtualization and containers.

One of Newton’s most important features is the fact that the Ironic (bare metal provisioning service), Magnum (container orchestration cluster manager), and Kuryr (container networking) now offer seamless integration of containers, virtual and physical infrastructure under a single control plane. This addresses the needs of organizations wishing to manage heterogeneous environments (hosting containers alongside VMs, bare metal, etc.).

In this post, we will examine the main improvements introduced in each of the separate projects.

Nova – Compute

Placement RESTful API – Nova now provide a placement API service, a separate REST API stack and data model that is used to track resource provider inventories and usages, along with different classes of resources. For example, a resource provider can be a compute node, a shared storage pool, or an IP allocation pool. The placement service tracks the inventory and usage of each provider. For example, an instance created on a compute node may be a consumer of resources such as RAM and CPU from a compute node resource provider, a disk from an external shared storage pool resource provider and IP addresses from an external IP pool resource provider.

Cells V2 improvements – Nova Cells is an optional deployment architecture that enables scaling to thousands of compute nodes within a single region. However because it is not the default architecture, it lacked support for some major features like security groups, and is not well understood by most developers. Cells Version 2, which is part of the OpenStack Newton, features noticeable progress for horizontal scale out of Nova compute environments.

Mutable configuration settings – Nova adds mutable configuration settings, allowing operators to reload certain configuration parameters without restarting the service.

Neutron – Networking

Robust connection with Kuryr – Newton is the first OpenStack release to have a robust connection between the Kuryr container networking project and the Neutron networking project inside of OpenStack.

“Get me a network” – This feature provides a default network topology and assigns ports and access to virtual machines, reducing the initial complexity of getting Neutron set up.

OpenStack client support – OpenStack Client is a command-line client that unifies access across all the main projects in OpenStack. Prior to Newton, OpenStack Client had basic commands for networking, so it was not the default CLI client. In the Newton release, a big focus was developing full Neutron support inside of OpenStack Client.

Look at this slideshare to learn how to build a network with OpenStack Neutron.

Swift – Object Storage

At rest data encryption – Users can turn on at-rest data encryption when they create a cluster, or they can enable the feature on existing clusters to automatically secure object data and metadata values. This means that no information will be leaked if hard drives used to store the Swift object data are stolen. Although Swift encryption is not compliant with the Federal Information Processing Standards (FIPS), it supports all of the appropriate encryption algorithms and methods to enable FIPS 140-2 certification in commercial products built on Swift.

Automatic tiering of data – Tiering is a well-known feature that deals with changes in data “temperature”. It enables seamless movement of “cold” (inactive) data from high performance storage media to low-cost, high capacity storage media, as well as moving “hot” (active) data in the reverse direction. This lowers the customers’ TCO (total cost of ownership) by helping to utilize cheaper disks. The new version includes automatic tiering of data and changing storage policies based on rules. As scale-out object storage systems like Swift are starting to natively support multiple media types like SSD, HDD, tape and different storage policies such as replication and erasure coding, automated data tiering complements the wide range of available storage tiers (both virtual and physical).

Performance improvements – The new version includes performance improvements on erasure code, replication, rebuilding of files.

Learn how to integrate Ceph with OpenStack – step by step

Glance – Image Service

Image import refactor – The import workflow in the new version has been improved. A key distinction between image upload and image import is that imported images are not immediately available for use, that is, they are not ‘active’ at the completion of the data PUT call. This allows deployers optionally to process the image data (for example, by performing a validation process) before the image becomes ‘active’. The import mechanism now includes two methods: glance-direct – the end-user does a PUT of image data directly to Glance, using a URL included in a response header to the image-create request. Swift-local – the end-user places the image data in the user’s object store account. Data placement may occur before or after the image record is created. After the data has been uploaded and an image record is created, the end-user makes a call to Glance to process the data and complete the import.

Community images – The new version allows image sharing through a new concept called “community images”.

Initial artifacts repository for Heat templates – Over time Glance has expanded its support of more types of images, moving to managing “artifacts” in OpenStack Newton, including Heat templates.

Deploying across multiple OpenStack providers? Discover how Heat templates can simplify the process.

Keystone – Identity

Encrypted credentials – Prior to Newton, the credential store in Keystone was thought of more as a development back end, rather than a full production framework. In Newton, the credential store is more secure and robust to a level that can meet compliance standards including PCI-DSS (Payment Card Industry Data Security Standard).

Cinder – Block Storage

Retyping – The new version includes support for retyping encrypted to non-encrypted volumes and vice versa.

Micro-version support – With micro-versions, the highest supported version will be negotiated by a field in the HTTP header that is sent to the Cinder API. In the case where the field ‘versions’ is not sent (i.e. clients and scripts that pre-date this change), then the lowest supported version would be used. This means that the current Cinder API v2 will be the default for now, and consumers of the API that wish to use a newer version can do so.

Cascading – the ability to delete volumes with snapshots using the cascading feature.

New backup service – backup service that can be scaled to multiple instances.

Active/Active HA – until this version, the Cinder Volume service only supported High Availability with an Active-Passive configuration. The new version includes Active/Active High Availability for Cinder Volume services.

Magnum – Containers

The Magnum project enables deployment and orchestration of containers. Magnum can be used with Kubernetes, Docker Swarm, and Apache Mesos container orchestration technologies to create clusters that have resources assigned to them, and for provisioning one of the orchestration technologies onto the cluster. Magnum itself doesn’t schedule containers; it manages the container cluster itself.

Bare metal containers – The new version includes support for bare metal deployments.

Multiple container orchestrations – With OpenStack Magnum running inside an OpenStack Newton platform, an operator can run multiple types of container orchestration, including both Docker Swarm and Kubernetes, on the same cloud.

To learn about the benefits and challenges with containers and virtualization, watch this webinar.

Kuryr – Container Networking

VM nesting – Kuryr now supports nesting of VMs through integration with Magnum and Neutron.

Multiple container orchestrations – With OpenStack Magnum running inside of an OpenStack Newton platform, an operator can run multiple types of container orchestration, including both Docker Swarm and Kubernetes, on the same cloud.

Ironic – Bare Metal Provisioning

The OpenStack Ironic project that enables bare metal resource deployments has been integrated with Magnum – enabling containers to get the performance benefits that bare metal hardware provides. For bare metal provisioning, Ironic adds multi-tenant networking and tighter integration with Magnum, Kubernetes and Nova; also, Kolla now supports deploying to Ironic.