Skip to content

Instantly share code, notes, and snippets.

@major

major/pike-reno-analysis.rst

Created November 29, 2017 19:24
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save major/4b6888250a1da742b49d0b1d1a7a72b8 to your computer and use it in GitHub Desktop.
Save major/4b6888250a1da742b49d0b1d1a7a72b8 to your computer and use it in GitHub Desktop.
Download ZIP
OSA Pike Reno Analysis
Raw
pike-reno-analysis.rst

Pike Release Note Analysis

Major Hayden, Nov 2017

Availability

  • Keystone rolling upgrade status checks are available
    • Already implemented in OSA as part of the rolling upgrades effort.

Operations

  • A nova-compute worker can automatically disable itself if it has a certain number of consecutive build failures
    • [compute] consecutive_build_service_disable_threshold defaults to 10
    • Can be set in OSA via config_template, but no variable exists today
  • Nova can hide the hypervisor id from a virtual machine if needed
    • Set the img_hide_hypervisor_id=true property on a glance image
    • This is helpful when doing SRIOV with Nvidia cards as the driver checks for the presence of a hypervisor and fails
  • CPUs can be set aside for use by the hypervisor and the scheduler will mark them as reserved
  • Live migration timeout checking is now disabled by default because it caused migrations to fail too often even when the migration was making good progress
    • [libvirt]/live_migration_progress_timeout is now set to 0 by default, which disables progress checking
    • nova developers recommend using live_migration_completion_timeout and live_migration_downtime instead
    • None of these variables are set in OSA's pike release
  • Cinder allows the expiration of unused reservations to be set
    • reservation_clean_interval defaults to 86400 (1 day)
  • A neutron port can have its own dns_domain that overrides the default dns_domain set in the neutron configuration
  • The send_arp_for_ha option is removed from neutron and it always sends three gratuitous ARPs for each address assigned to a port

Performance

  • The Linux bridge L2 agent now supports bandwidth limiting for both ingress and egress traffic
  • Neutron now uses the defaults for max_pool_size, max_overflow, and pool_timeout that come from oslo.db to match the other services

Security

  • Keystone supports multiple password hashing algorithms (bcrypt is default)
    • Set with [identity] password_hash_algorithm variable (not set in OSA Pike)
    • [identity] password_hash_rounds is also available (defaults to 12 for bcrypt)
  • Nova can force quota rechecks to avoid exceeding a quota during a period of heavy build requests
    • [quota] recheck_quota defaults to True
    • This setting can increase load on the system and can be set to False to go back to the old behavior (which can allow quotas to be exceeded)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment