OpenStack is still a work in progress, with its various components at different stages of stability and maturity. This means enterprises continue to face challenges with OpenStack deployment, especially around scalability and networking.
The latest OpenStack release, Ocata, came in February 2017, and was executed on a short, four-month release cycle, instead of the normal six months, to address these issues. OpenStack scalability, which has limited many users to small configurations, has improved. The Ocata release should be easier to scale large, production-sized configurations, which could lead to more OpenStack-based private clouds. Network stability, especially around the OpenStack Neutron service, also improved with Ocata.
Overall, the OpenStack community views Ocata as a big step toward maturation, and Project Navigator -- a tool that displays the status of each OpenStack project or module -- now ranks the OpenStack Nova, Neutron, Swift and Cinder components as an eight out of eight on maturity. Still, most projects hover around three or four in maturity, so there's a ways to go.
Although Ocata was primarily a stability release, it introduced a number of new features, including those that aimed at OpenStack scalability. Here's a breakdown of the key updates, by OpenStack service, IT pros should know:
Nova: Nova, which allows for the creation of VMs, is the core of OpenStack. The Ocata release aims to improve Nova performance. A new placement service, for example, allows admins to package VMs to optimize memory usage and other resources.
Ocata also helps alleviate OpenStack scalability issues, using the Cells module to expand to thousands of nodes. Cells is still very complex, however, and isn't recommended for new OpenStack users. The long-term goal is to make Cells the standard mode for OpenStack, because of the ability to scale out.
Swift: Swift is an object store similar to Amazon Web Services Simple Storage Service. Swift, however, has played catch-up to Ceph, another open source storage system that often replaces Swift in OpenStack builds. Ceph includes a solid erasure-code method to distribute objects over geographically distributed storage nodes. With Ocata, Swift now has better erasure coding, with faster erasure-code generation, error correction and rebuilds.
Keystone: With Ocata, admins can now set multifactor authentication on a per-user basis with the Keystone service for more granular access control.
Cinder : Cinder is OpenStack's block storage service, operating like a storage area network in the cloud. With Ocata, active-active control is still a work in progress, but much of the feature is available for admins to check out. This feature provides non-stop storage operations, which should help increase uptime for critical operations. In addition, Ocata enhances data sharing, especially for databases, by allowing a single volume to attach to multiple users.
Glance: Ocata streamlines access to shared images with the OpenStack image manager, Glance, with the addition of new visibility values -- shared and community.
Heat: Heat provides orchestration services for resources in an OpenStack cluster. Most of the changes to Heat address minor OpenStack scalability issues, and improve API integration with other projects, such as Sahara.
Horizon: Horizon is OpenStack's management dashboard. Ocata offers an improved Horizon GUI that helps admins find the information they need more quickly.
Neutron: Neutron, the core networking service in OpenStack, has traditionally struggled to scale beyond sandbox-sized configurations. A work-around using Nova was clumsy, and the problem limited many users to 64 or fewer nodes, but Ocata addresses some of these problems. Neutron, for example, is now split into a base library and agents, making it slimmer and faster. In addition, Ocata updates the firewall as a service, allowing for port-level firewall rules.
Emerging or new OpenStack services
Beyond the updates to OpenStack scalability and its services above, Ocata also advances several emerging OpenStack services, including:
Octavia: Formerly a Neutron subproject, Octavia -- a load balancer as a service -- is now a top-level OpenStack project. The result will be a plug-in to Neutron; general availability is expected with Pike, the next OpenStack release.
Dragonflow: OpenStack's answer to software-defined networking (SDN) is Dragonflow, an SDN controller for Neutron intended for larger-scale deployment. Dragonflow also now includes IPv6 support, and offers more advanced reporting features.
Tricircle: A new feature, Tricircle, allows for tighter integration between multiple, geographically dispersed OpenStack clouds. It will let private clouds within an enterprise behave like the dispersed availability zones of large public clouds. This caters to large enterprises with multiple, linked sites for disaster recovery and redundancy.
Three new subprojects related to containers also came with Ocata: Kolla for container deployment; Kuryr for bridging containers to networking and storage; and Zun, a container management service with an API for Kubernetes and Docker containers.
Kuryr is a subproject of the core OpenStack Magnum containers module. It bridges Docker containers to Neutron networking and allows containers and VMs to communicate via a common API. Fuxi is another subproject that connects Cinder and Manila shared storage to give containers storage access. Both Fuxi and Kuryr are still in early stages of maturation, but they are clear steps toward bridging containers and OpenStack.
Craft an OpenStack management strategy for private cloud
Think about these five points before OpenStack deployment
Reduce risk during an OpenStack update