Dodging derailment by SUSE, OpenStack Train is scheduled to arrive this week

With its OpenInfrastructure summit mere weeks away, the OpenStack gang is emitting its next release in the form of "Train" with a focus on data protection and machine learning.

The release comes after foundation platinum member SUSE threw in the towel over OpenStack Cloud in order to move on to a bright, Kubernetes-based future.

Not that the "S" word was mentioned, even in a waveringly high-pitched tone, as OpenStack readied Train ahead of a release expected on 16 October.

As is the norm, OpenStack was keen to shout about the more than 25,500 accepted code changes this time around, from 1,125 developers over 150 organisations. A glance at the content of the release shows that OpenStack is as bewilderingly vast as ever, although a number of tweaks merit closer attention.

The first is the arrival in Nova of guest RAM encryption using AMD Secure Encrypted Virtualisation (SEV). Nova is a veteran component of OpenStack and a cloud computing fabric controller, forming a cornerstone of OpenStack's Infrastructure-as-a-Service (IaaS) and, according to OpenStack, the feature is "an incredible move forward in terms of security".

The team told The Register that, in a nutshell, "this means that even if you have physical access to my server, you will not be able to see what's in my virtual machine or what's in my virtual machine's memory registers."

Handy for multi-tenant environments or environments with publicly accessible hardware (such as edge deployments), the performance hit of turning the feature on is "pretty small" by OpenStack's reckoning since it lurks at the hardware level. It isn't activated by default since only AMD is supported at present and the encryption is not "universally available in every chipset and every hardware stack".

Also in Nova is live migration support for servers with a NUMA topology when using the libvirt compute driver.

The team additionally singled out improvements to Karbor, a framework aimed at giving vendors a unified API for protecting user data. Led by China Mobile, Train brings new event notifications and backup options to Karbor.

Ironic, the project aimed at provisioning bare metal rather than virtual machines, received support for building software RAIDs led by CERN. Meanwhile, acceleration resource manager Cyborg saw a Nova interaction spec for launching and managing VMs with acceleration technology. The existing Intel FPGA as well as GPU drivers were also improved for heavy lifting in tasks such as machine learning.

Finally, the Placement service, which was spun out of Nova to become a project in its own right in the OpenStack Stein release, has seen some substantial performance increases. The service, which is used by other projects to track their resources, had already dropped from 16.9 seconds per request to 2.9 in Stein after decoupling from Nova. Train has seen that figure drop further, to 0.7 seconds per request in OpenStack's benchmarks.

"When the team decoupled it [Placement] from Nova," explained the gang, "they focused very specifically on that one step: 'Let's place a resource.' And they realised they can optimise that by simplifying some of the code paths and changing the data model. And then in Train, they took it a little further and did more code profiling to find where to eke out even more..."

Perhaps recognising that the more than 40 components lurking within OpenStack can be a tad daunting, the team has also worked to improve the documentation.

It will be interesting to see the impact of SUSE's departure on the next release of OpenStack, Ussuri, which is scheduled for May 2020. ®

Software News

Nov 22
On CallYou left your landline number in an error message, you doughnut
Nov 20
C# and XAML devs get path to what UWP promised but never delivered
Nov 20
Linux was a 'cancer' but Microsoft is now defending it
Nov 20
Coalition aims to help users spot and remove covert trackers
Nov 19
As well as managed nodes for K8s and new FireLens container logging service
Nov 18
Who, Me?... thanks to today's entrant in the Who, Me? hall of shame
Nov 16
The case that just won't die