With its OpenInfrastructure summit mere weeks away, the OpenStack gang is emitting its next release in the form of “Train” with a focus on data protection and machine learning.
The release comes after foundation platinum member SUSE threw in the towel over OpenStack Cloud in order to move on to a bright, Kubernetes-based future.
Not that the “S” word was mentioned, even in a waveringly high-pitched tone, as OpenStack readied Train ahead of a release expected on 16 October.
As is the norm, OpenStack was keen to shout about the more than 25,500 accepted code changes this time around, from 1,125 developers over 150 organisations. A glance at the content of the release shows that OpenStack is as bewilderingly vast as ever, although a number of tweaks merit closer attention.
The first is the arrival in Nova of guest RAM encryption using AMD Secure Encrypted Virtualisation (SEV). Nova is a veteran component of OpenStack and a cloud computing fabric controller, forming a cornerstone of OpenStack’s Infrastructure-as-a-Service (IaaS) and, according to OpenStack, the feature is “an incredible move forward in terms of security”.
SUSE, what? Adoption’s still growing, shrugs OpenStack Foundation
The team told The Register that, in a nutshell, “this means that even if you have physical access to my server, you will not be able to see what’s in my virtual machine or what’s in my virtual machine’s memory registers.”
Handy for multi-tenant environments or environments with publicly accessible hardware (such as edge deployments), the performance hit of turning the feature on is “pretty small” by OpenStack’s reckoning since it lurks at the hardware level. It isn’t activated by default since only AMD is supported at present and the encryption is not “universally available in every chipset and every hardware stack”.
Also in Nova is live migration support for servers with a NUMA topology when using the libvirt compute driver.
The team additionally singled out improvements to Karbor, a framework aimed at giving vendors a unified API for protecting user data. Led by China Mobile, Train brings new event notifications and backup options to Karbor.
Ironic, the project aimed at provisioning bare metal rather than virtual machines, received support for building software RAIDs led by CERN. Meanwhile, acceleration resource manager Cyborg saw a Nova interaction spec for launching and managing VMs with acceleration technology. The existing Intel FPGA as well as GPU drivers were also improved for heavy lifting in tasks such as machine learning.
Finally, the Placement service, which was spun out of Nova to become a project in its own right in the OpenStack Stein release, has seen some substantial performance increases. The service, which is used by other projects to track their resources, had already dropped from 16.9 seconds per request to 2.9 in Stein after decoupling from Nova. Train has seen that figure drop further, to 0.7 seconds per request in OpenStack’s benchmarks.
“When the team decoupled it [Placement] from Nova,” explained the gang, “they focused very specifically on that one step: ‘Let’s place a resource.’ And they realised they can optimise that by simplifying some of the code paths and changing the data model. And then in Train, they took it a little further and did more code profiling to find where to eke out even more…”
Perhaps recognising that the more than 40 components lurking within OpenStack can be a tad daunting, the team has also worked to improve the documentation.
It will be interesting to see the impact of SUSE’s departure on the next release of OpenStack, Ussuri, which is scheduled for May 2020. ®
Rojenx is a leading concept artist who work appears in games and publications
Check out his personal gallery here