What is New in OpenStack Ocata Release

mlnews

OpenStack Ocata has been out for a month or so and has some great new features for you to look forward to.

• Auto-healing: Work was done in Heat to make it easier to recover from a service failure. When an outage is detected, you can have Heat automatically spin up a replacement service, and swap it out without any intervention on the part of the operator.

• Composability: Composable roles are a feature whereby you can specify details of how things are deployed, rather than allowing OpenStack to choose. You can, for example, specify that a particular hardware configuration be used for particular services. This is termed Composable Roles. Work was done in Ocata to expand this to composable upgrades, so that these roles are respected across upgrades as well.

• Multi-factor authentication in Keystone: Work was done in Keystone to improve support of MFA, including OTP (One Time Password) support, and per-user token expiration rules.

• NFV: Network Function Virtualization continues to be an area where we're seeing a lot of activity, and so a lot of the work in Nova, Neutron, and various other projects focus on these developments. NFV has become more stable in this release and is more fully integrated into TripleO for ease of deployment. This effort is happening under the Apex project.

• Upgrades: Upgrades were a common theme across all projects, with the emphasis being the ability to upgrade from one release to the next with as close to zero downtime as possible. Much of this work centers around TripleO, Heat, and Mistral, for orchestration and automation of the process.

• Containers: While centered around the Kolla project, containerization was a theme in many of the projects this cycle. The eventual goal, at least according to some, is that OpenStack services will be deployed in containers by default by the Pike release. This, of course, poses a real challenge for the Ocata -> Pike upgrade path (migrating from non-container to container in the course of the upgrade), and that's something that the TripleO people are working hard on.

• Security: TLS-everywhere made strides forward in Ocata, with connections between services moving to TLS. This involves changes to Barbican as well, for key management for the shared keys between services, to ensure that your traffic is secure between components of your cloud, which may be located in different data centers around the world.

• Collaboration: Something I heard more this year than in previous years was talk of collaboration between projects. This has, of course, always been happening. However, at the PTG in Atlanta, it was a major focus, with time set aside for cross-project meetings focusing on the interface between one service and another. I also heard from several people that the PTG allowed a focus, and a camaraderie, that was not possible when the design summit was part of OpenStack Summit. This resulted in fewer interpersonal tensions, and a lot more work getting done.

stacksofplates

@mlnews said in What is New in OpenStack Ocata Release:

OpenStack Ocata has been out for a month or so and has some great new features for you to look forward to.

• Auto-healing: Work was done in Heat to make it easier to recover from a service failure. When an outage is detected, you can have Heat automatically spin up a replacement service, and swap it out without any intervention on the part of the operator.

• Composability: Composable roles are a feature whereby you can specify details of how things are deployed, rather than allowing OpenStack to choose. You can, for example, specify that a particular hardware configuration be used for particular services. This is termed Composable Roles. Work was done in Ocata to expand this to composable upgrades, so that these roles are respected across upgrades as well.

• Multi-factor authentication in Keystone: Work was done in Keystone to improve support of MFA, including OTP (One Time Password) support, and per-user token expiration rules.

• NFV: Network Function Virtualization continues to be an area where we're seeing a lot of activity, and so a lot of the work in Nova, Neutron, and various other projects focus on these developments. NFV has become more stable in this release and is more fully integrated into TripleO for ease of deployment. This effort is happening under the Apex project.

• Upgrades: Upgrades were a common theme across all projects, with the emphasis being the ability to upgrade from one release to the next with as close to zero downtime as possible. Much of this work centers around TripleO, Heat, and Mistral, for orchestration and automation of the process.

• Containers: While centered around the Kolla project, containerization was a theme in many of the projects this cycle. The eventual goal, at least according to some, is that OpenStack services will be deployed in containers by default by the Pike release. This, of course, poses a real challenge for the Ocata -> Pike upgrade path (migrating from non-container to container in the course of the upgrade), and that's something that the TripleO people are working hard on.

• Security: TLS-everywhere made strides forward in Ocata, with connections between services moving to TLS. This involves changes to Barbican as well, for key management for the shared keys between services, to ensure that your traffic is secure between components of your cloud, which may be located in different data centers around the world.

• Collaboration: Something I heard more this year than in previous years was talk of collaboration between projects. This has, of course, always been happening. However, at the PTG in Atlanta, it was a major focus, with time set aside for cross-project meetings focusing on the interface between one service and another. I also heard from several people that the PTG allowed a focus, and a camaraderie, that was not possible when the design summit was part of OpenStack Summit. This resulted in fewer interpersonal tensions, and a lot more work getting done.

I really wish I had a reason to set this up.

coliver

@stacksofplates said in What is New in OpenStack Ocata Release:

@mlnews said in What is New in OpenStack Ocata Release:

OpenStack Ocata has been out for a month or so and has some great new features for you to look forward to.

• Auto-healing: Work was done in Heat to make it easier to recover from a service failure. When an outage is detected, you can have Heat automatically spin up a replacement service, and swap it out without any intervention on the part of the operator.

• Composability: Composable roles are a feature whereby you can specify details of how things are deployed, rather than allowing OpenStack to choose. You can, for example, specify that a particular hardware configuration be used for particular services. This is termed Composable Roles. Work was done in Ocata to expand this to composable upgrades, so that these roles are respected across upgrades as well.

• Multi-factor authentication in Keystone: Work was done in Keystone to improve support of MFA, including OTP (One Time Password) support, and per-user token expiration rules.

• NFV: Network Function Virtualization continues to be an area where we're seeing a lot of activity, and so a lot of the work in Nova, Neutron, and various other projects focus on these developments. NFV has become more stable in this release and is more fully integrated into TripleO for ease of deployment. This effort is happening under the Apex project.

• Upgrades: Upgrades were a common theme across all projects, with the emphasis being the ability to upgrade from one release to the next with as close to zero downtime as possible. Much of this work centers around TripleO, Heat, and Mistral, for orchestration and automation of the process.

• Containers: While centered around the Kolla project, containerization was a theme in many of the projects this cycle. The eventual goal, at least according to some, is that OpenStack services will be deployed in containers by default by the Pike release. This, of course, poses a real challenge for the Ocata -> Pike upgrade path (migrating from non-container to container in the course of the upgrade), and that's something that the TripleO people are working hard on.

• Security: TLS-everywhere made strides forward in Ocata, with connections between services moving to TLS. This involves changes to Barbican as well, for key management for the shared keys between services, to ensure that your traffic is secure between components of your cloud, which may be located in different data centers around the world.

• Collaboration: Something I heard more this year than in previous years was talk of collaboration between projects. This has, of course, always been happening. However, at the PTG in Atlanta, it was a major focus, with time set aside for cross-project meetings focusing on the interface between one service and another. I also heard from several people that the PTG allowed a focus, and a camaraderie, that was not possible when the design summit was part of OpenStack Summit. This resulted in fewer interpersonal tensions, and a lot more work getting done.

I really wish I had a reason to set this up.

Right!?

scottalanmiller

I wish that I had a dozen NUCs at the house to build this one, too.

stacksofplates

@scottalanmiller said in What is New in OpenStack Ocata Release:

I wish that I had a dozen NUCs at the house to build this one, too.

It's crazy how much hardware you need to do it the right way.