Customer and Partner NDA required

What’s Next in Red Hat

OpenStack Platform?

Alexon Oliveira
Senior Technical Account Manager

1
 CONFIDENTIAL designator

Agenda

● Main differences between versions (13.x, 16.x and 17.x)

● Upgrade process between versions

● OpenStack 18: What's New

● Migration Alternatives for OSP 18

2
 Main differences between versions
(13.x, 16.x and 17.x)

3
 OpenStack 16 Roadmap
16.1 16.2
● Non-Volatile Dual In-line Memory Module support ● AMD SEV-encrypted instances
(NVDIMM) ● noVNC proxy SSL encryption protocols

Compute

Compute
● File-backed memory enhancement
● Intel FPGA PAC N3000 enablement ● Cold Migration vGPU instances

`
● TLS support for multiple Cells
● Support of ed25519 type key pairs

● External rados gateway support ● Glance image pre-cache

● DCN with Storage at the Edge ● Ceph Clone v2
Storage

Storage
● Ceph storage classes ● Glance Raw Sparse Image
● Revert to snapshot ● LVM Filter for Guest VM (Security)
● Ceph RBD online volume migration ● Manila multi backends
● Manila CephFS Native

● Advanced Ref. Arch. spine-leaf deployment ● Openshift on OpenStack: SR-IOV, OVS-DPDK

Networking

Networking
● Octavia OVN driver: L4 load balancer, UDP&TCP
● OVN Telco : OVS-DPDK, OVS HW offload, QoS
● ML2/OVS - OVS TC/flower HW offload
● IPv6 HW provisioning (Scale up to 700+ nodes)
● OVN Telco: : Min Bandwidth aware scheduling
● OVN Telco: OVS HW offload (SecurityGroup TP)
● OVN DCN: Routed Provider Networks: DHCP, AZs
● Designate DNSaaS [OSP 16.2.4 limited scope]
 OpenStack 16 Roadmap
16.1 16.2
● Advanced Ansible Integration
● Operator Lifecycle Mgmt for STF Operator
● Virtualized control plane on OCP (tech-preview)
● Control Plane backup and restore on demand
● STF OCP 4.6 and OCS support
non-downtime snapshot for backup

Day` I+II

Day I+II
● SNMP/SNMPv3 support for collecting hardware
● Validations Framework
metrics
● Minion Assisted Director
● Horizon Boot from image and improved instances
● Multi-stack support
tenants visibility
● Framework For Upgrades OSP 13-16.1
● Framework For Upgrades OSP 13-16.2

● OVS TC flower HW offload without conntrack ● ML2/OVN GA

● Network interface card (NIC) partitioning ● AMD EPYC Rome CPU support GA (NPS=1)
● Intel FPGA PAC N3000 (i40e) ● OVS TC Flower offload with conntrack (TP)
NFV

NFV
● OVN-ML2 (TP) ● Intel FPGA PAC N3000, eASIC
● OVS-DPDK HCI (Ceph) ● Fast Datapath New NICs - Intel 810 series,
NViDIA/Mellanox ConnectX-6DX/LX, Bluefield-2
● PTP

● Distributed Compute Nodes with Ceph HCI ● OVN Support (provider & tenant networks)
● Ceph dashboard at the edge ● DCN additional deployments (non HCI, external)
Edge

Edge
● Cinder backup support ● Offline volume migration
● Security: Barbican & TLS-E
 What’s New in OpenStack 17.1
(Overview)

● Compute hybrid states enhancements ● OSP Director operator upgrade New ● Support for DCN with Telco/NFV
for upgrades (16.2/17.0.x→17.1) ● Support for Federation via OpenIDC functionality

Shift on` Stack

● vTPM encryption ● OCP Hosted OSP control plane - ● Enabling keystone caching when using ● Stretched cluster support on DCN
Compute

Security
native operator based OSP ctlplne Fernet Tokens (different masters of workers on different

Day I
● UEFI Secure Boot

`
`

● q35 default machine-type integration to OCP (Dev/Tech AZs)

Preview ) Now GA ● MetalLB - BGP with Router Sharding
● OSP Director operator enhancements ● FIPS Mode support
● Secure RBAC ● Further scale improvements

● RHCSv6 Support ● STF LIght 1.6 Disconnected Installation ● Mix pinned and unpinned vCPUs for a given
● Optional use of AMQP for RPC instead of
● Cinder S3 backend & zstd for backups (RHCC) on OpenShift Aligned Releases VM

High Availability
RabbitMQ in the control plane
● Leverage OpenShift RHCC Operators & ● Optional NUMA affinity for Neutron ports
● Cinder NVMe over TCP support ● Mariabackup controller recovery
Storage

Releases Alignment ● vDPA virtio 1.1 - OVS HW offload [TP]

Day II
● Cinder backup Active/Active

NFV
● STF Support for Thanos/Prometheus ● OVN TC/flower offload GA - FIP/NAT ● Authentication Plugin SHA-256 support
● Manila manage/unmanage Metrics & Monitoring APIs for RHOSP in MariaDB (ed25519)
● QoS OVN metering offload - max & min BW
● STF Support for Loki Logging and APIs ● SmartNICs - Bluefield2 NIC mode
● OVN port mirroring w/ offload [TP]

● Multi-cloud BGP GA - public IP, ECMP, ● Upgrade from RHOSP 16.2 to RHOSP 17.1 ● FFU support ● 1000 nodes per cluster (virtual nodes)
control-plane HA
Networking

● Mixed RHEL version upgrade support ○ Scale may vary based on

Upgrades

● Migration to ML2-OVN - scale, restore ● Update to RHOSP 17.0.z minor versions

Scale
Edge
features configured
from backup
● Octavia LB - vertical scaling, SCTP, ● OVN Migration Scale Testing (200 nodes)
OVN ACLs

6
 What’s new with Red Hat OpenStack Platform 16?

OpenStack Platform roadmap: Networking

Train release Candidate “W” release
16.0 Train release
Red Hat Enterprise Linux 8.1
16.1 Red Hat Enterprise Linux 8.2 17+ Red Hat Enterprise Linux 9.x

Enterprise OVN [default] Enterprise OVN [default] Enterprise OVN [default]

• OVN: Distributed Virtual Routing (DVR), floating •
UDP fragmentation, multicast IGMP/MLD • Optional NUMA Affinity per Neutron port
IP, external routing with NAT snooping • Neutron Stateless Security groups
• OVN: L3 high availability (HA), DHCPv4, • Advanced Ref. Architecture: spine-leaf deployment • OVN floating IP port forwarding
SLAAC/DHCPv6 Openshift on OpenStack • Routed Provider Networks: DHCP, Routing services
• Octavia OVN driver: L4 Load balancer, UDP & TCP • Neutron Availability Zones: Limit overlays to AZs
• northdb/southdb: Active or passive HA
• OVN perf: conntrack scale, control-plane churn
• ML2/OVS floating IP port fwd Advanced Services: Openshift on OpenStack
● Octavia load balancer: Log Offloading ● Tag neutron resources
Openshift on OpenStack ● Designate DNSaaS [TP] ● Cascade port, network deletion
• Octavia OVN driver: L4 Load balancer [TP] Telco/NFV and fast datapath
• OVS TC HW offload GA, [OVN] SR-IOV with DHCP Advanced Services:
Advanced Services: Octavia load balancer ● Octavia Load Balancer: flow, resumption, failover
DCN-16 Edge (Telco/IOT)
• HA active or passive circuit breakers, multiple VIP, new ciphers
• IPv6 HW provisioning, Scale up 500+ nodes
• TLS Termination • Routed Provider Networks [OVS]: DHCP, SR-IOV
● Designate DNSaaS GA
Train release
• Log offloading [TP]
• Amphora UDP [TP]
16.2 Red Hat Enterprise Linux 8.4 Telco/NFV and fast datapath
• OVN: stateless security groups/ACLs offload
• Third party driver certification
Advanced Services: • OVN: QoS Rate limiting, DSCP marking
• • OVN: OVS-DPDK, TC/flower offload GA
● Octavia Amphora scale & perf, HAProxy 2.0
Telco/NFV and fast datapath • vDPA replacing SR-IOV [TP]
Telco/NFV and fast datapath • Remote mirroring - ERSPAN with IPv4 & IPv6 GRE
• IPv6 VXLAN
• OVN: QoS, OVS-DPDK, TC/flower conntrack offload DCN-16 Edge (Telco IOT)
• SR-IOV QoS: Minimum bandwidth guarantee
[TP] • OVN: Neutron AZs, OVS-DPDK, SR-IOV with DHCP
7 DCN-16 Edge (Telco/IOT) • Scale 1000 nodes
• Routed Provider Networks [OVN]: DHCP
PM: Anita Tragler
Customer and partner NDA required
 What’s new with Red Hat OpenStack Platform 16?

OpenStack Platform roadmap: Network functions virtualization (NFV)

Train release Train release Train release
16.0 Red Hat Enterprise Linux 8.1 16.1 Red Hat Enterprise Linux 8.2 16.2 Red Hat Enterprise Linux 8.4

Fast data path Fast data path Fast data path

• Bandwidth/QoS management • OVS TC flower HW offload without conntrack • OVS-DPDK TSO (GA)
○ Minimum Bandwidth for SR-IOV (GA) • OVS TC flower HW offload with conntrack (TP)
○ Bandwidth aware scheduling • Network interface card (NIC) partitioning (GA) • AMD EPYC Rome CPU support without OVS-DPDK
• OVS-DPDK HCI (Ceph) • OVS-DPDK on multiple cores (TP) • AMD EPYC Rome CPU support with OVS-DPDK
• Live migration with CPU pinning • OVS-DPDK TSO (TP) • OVN-ML2
• SR-IOV live migration with hot plug (downtime)
Other Other
• SR-IOV optional NUMA affinity
• Intel FPGA PAC N3000 (i40e) • Intel FPGA PAC N3000 (OPAE)
Other • PTP (TP) • PTP (GA)
• Mix isolated and overcommitted VMs on
the same hypervisor
Candidate W release
17+ Red Hat Enterprise Linux 9.x

• Mix pinned and unpinned vCPUs for a given VM

• Optional NUMA affinity for Neutron ports
• vDPA, virtio 1.1

PM: Franck Baudin

Customer and partner NDA required
 What’s new with Red Hat OpenStack Platform 16?

OpenStack Platform roadmap: Compute

Train release Train release Candidate “W” release
16.0 Red Hat Enterprise Linux 8.1 16.1 Red Hat Enterprise Linux 8.2 17+ Red Hat Enterprise Linux 9.x

Day2 Day2 Day2

• Live migration vCPU pinned instances
• Allow an attached volume to be extended
• Performance monitoring unit management
for real time guest
• SR-IOV live migration
• Support Windows 2019 instances
• Allow in-place rebuild for numa instances
Advanced scheduling
• Large scale deployment with multiple cells
• Single host with pinned instances and
floating instances
• Guaranteed minimum bandwidth
• Optional NUMA affinity for SR-IOV devices
Security
• Secure data transport between QEMU
servers for migration
• Allow instances to swap to rados block • Q35 as default machine type
device (RBD) volumes
Advanced scheduling
Hardware enablement • Add ability to use pinned and non-pinned
• Non-Volatile Dual In-line Memory Module support CPUs in the same instance
(NVDIMM, z1) • Scheduler support for routed networks
• Virtio GPU • Optional NUMA affinity for neutron ports
• File-backed memory
• Intel FPGA PAC N3000 (i40e NIC support) Security
• AMD Secure Encrypted Virtualization (TP) • Support LUKS-encrypted qcow2 ephemeral
disks for edge nodes
16.2 Train release • UEFI secure boot support for nova instances
Red Hat Enterprise Linux 8.4 • vTPM
Hardware enablement
Hardware enablement
• Multiple vGPU type per compute node
• Intel FPGA PAC N3000 (OPAE support to program,
• vGPU NUMA affinity
update and monitor the FPGA)

PM: Erwan Gallen

Customer and partner NDA required
 What’s new with Red Hat OpenStack Platform 16?

OpenStack Platform roadmap: Storage

Train release Train release Candidate “W” release
16.0 Red Hat Enterprise Linux 8.1 16.1 Red Hat Enterprise Linux 8.2 17+ Red Hat Enterprise Linux 9.x

Ceph Ceph
Ceph
• External rados gateway support • RGW barbican support
• RHCSv4 support
• Ceph native encryption (16.1.x) • Cephadm convergence
• Ceph dashboard via director (16.0.2)
• Device classes support via Director
• Enhanced customization vectors via TripleO
• RGW TLS support Cinder
• Placement Groups auto scale (16.1.x) • Support for NFS-encrypted volumes
Cinder
• Multipath configuration via director
• Ceph RBD multiattach (16.0.2)
Cinder • RBD Clone v2
• Ceph backup improved (16.0.1)
• Revert to snapshot (RBD in 16.1.x) • Quota refactoring
• Extend volume in use
• Ceph RBD online volume migration (16.1.x)
• Change encryption key of cloned volumes
• Cinder replication (16.1.x) Glance
• Cinder AZ config via Director
• Support for compressed image uploads
Glance Glance
• Glance manages key removal • Support for already-encrypted images (16.1.x) Manila
• Support for multiple backends
Misc Manila • Create share from Cephfs Snapshot
• Sahara end of support • Support for CephFS native
• Support for multibackends (16.1.x)
Manila • Manila ipv6 support for CephFS NFS
10 • Support for external Ceph cluster

PM: Gregory Charot

Customer and partner NDA required
 What’s new with Red Hat OpenStack Platform 16?
OSP roadmap: Day one and day two management
Train release
16.0 Red Hat Enterprise Linux 8.1
Deployment
• Increase of Ansible use
• Simplification and ease of use
• Provisioning Overcloud over IPv6 (TP)
• Multiple Overcloud support in Director
Cloud Migration approach [TP]
• Server Rebuild with NUMATopologyFilter
and pinning
• Scale beyond 500 nodes per cluster
Service assurance
• Performance Mgmt (Core, Edge)
• Event Mgmt (Core, Edge)
• Control Plane Back-up Restore ReAR based
ansible role for upgrades, updates, HCI,
composable roles, NFV, co-located Ceph mons
• Ceilometer (OSP services) Metrics and Events
• Monitor multiple OpenStack clouds within the
same datacenter
11
PM: Gregory Charot
Train release
16.1 Red Hat Enterprise Linux 8.2
Service Telemetry Framework
• Operator Lifecycle Management (OLM)
for STF Operator
• Control Plane backup and restore on demand
non-downtime snapshot for backup
Deployment:
• Scale beyond 750 nodes per cluster
• Validations Framework
• MInion Assisted Director
• Multi-stack support
• Provisioning Overcloud over IPv6 (GA)
Train release
• 16.2 Red Hat Enterprise Linux 8.4
Deployment:
• Advanced Ansible Integration
Customer and partner NDA required
Candidate “W” release
17+ Red Hat Enterprise Linux 9.x
Service Telemetry Framework
• MultiDC service assurance
• Integration with OpenShift
on-premise monitoring
• Control plane backup and restore DCN
storage backup and restore
• Custom/non-default collectd
plug-ins integrated
Deployment:
• Scale beyond 1000 nodes per cluster
 Upgrade process between versions

12
 Supported in-place upgrade paths:
● RHOSP 13 to 16.2 GA
(until June 2023)
● RHOSP 16.2 to 17.0 (no
upgrade)
● RHOSP 16.2 to 17.1
(planned)

13
 Red Hat OpenStack Upgrades

Current State: RHOSP 16.2.z

2021 2022 2023 2024 2025 2026 2027 2028 2029

Supported in-place upgrade paths:

● RHOSP 16.2 to 17.0 (no upgrade)
Red Hat OpenStack Platform 16.2 - Train ● RHOSP 16.2 to 17.1 (planned)
● RHOSP 17.1 to 18 (planned)
RHOS Platform 17.0 Based on Wallaby

Based on Wallaby
Red Hat OpenStack Platform 17.1 With Xena backports

Based on
Red Hat OpenStack Platform 18 Antelope

Long life releases

13, 16, 17, 18

14
 Executive Summary
Scope of the proposal

UPGRADE SUPPORT PARTNERSHIP AND ENABLEMENT

● Prepare platform for the upgrade ● Knowledge transfer by shadowing
● Define Upgrade Plan ● Defines best practices and procedures for future
● Validate upgrade plan in LAB upgrades
● Support Production upgrade

Review Prepare Validate Execute

● Review current platform ● Define target ● Perform upgrade in LAB ● Perform upgrade in
architecture and health architecture and ● Validate results production
state configuration ● Make necessary
● Define upgrade adjustments
procedure

1
5
 Upgrade Services Overview
Architecture Review Target Architecture Upgrade Procedure Lab Implementation Roll-out in
Design Design and Validation Production

● Assessment of the ● Define architecture ● Define the optimal ● Validates target ● Support on
current architecture on target release upgrade procedure architecture and developing
● Validates Red Hat ● Ensures target ● Include backup and configuration prior automation for
best practices are system leverages roll-back upgrade production roll-out
applied relevant new procedures development ● Support on first
● Validates current features ● Defines impact and ● Automation for production roll-out
state is optimal for ● Ensures target risks upgrade procedure
the upgrade system is free of is created
deprecated features ● Upgrade procedures
● Ensures best are executed and
practices are validated in
applied controlled
environment

1
6
 Red Hat OpenStack Platform 16+ Certification Update

● Partners are not required to recertify with each RHOSP minor release unless:
○ Partner desires to add to their certification an additional feature(s) not
previously covered in an earlier certification.
○ Partner has a new major update of their product that invalidates the original
testing conducted in the earlier certification.
○ Partner has a new minor update of their product that would alter the earlier
test plan of the certification
○ Partner are encouraged to retest with every RHOSP minor release.

17
 Red Hat OpenStack Platform 16+ Certification Update

● Partners are required to rebuild their provided container image for each
RHOSP minor release
○ RHOSP Major.minor release are built, shipped and supported independently
○ RHOSP Major.minor release are available in parallel
■ RHOSP 16.1 and later RHOSP 16.2 will be available for an extended of
time at the same time
○ RHOSP major.minor release are built on different RHEL Minor release
■ RHOSP 16.0 was built on RHEL 8.1 (RHOSP 16.0 reached EOL on Oct
27th 2020)
■ RHOSP 16.1 is built on RHEL 8.2
■ RHOSP 16.2 will be built on RHEL 8.4
18
 Red Hat OpenStack Upgrades

Main Upgrade Paths in the life cycle

MINOR UPDATES

▸ Minor Updates ▸ Minor updates current supported

･ Mature procedure for receiving versions
release changes, bug fixes, cves for
･ 16.1 → 16.2
OpenStack and RHEL
･ More important than ever to keep ･ 16.2.5 (current) →16.2.6 (planned)

environments up to date in a Long Life ･ 17.0→ 17.1 (supported)

adoption

19
 What’s New in OpenStack 17.1
(Upgrade Highlights)

Mixed Mode Upgrade for Red Hat OpenStack Platform 16 -> 17

● Defined as the ability to upgrade from one major version of Red ● Separation of the OpenStack and
Hat OpenStack Platform (OSP) to the next while remaining on operating system upgrade
the same major version of the distro platform (RHEL).

OpenStack
16 17
Platform

Container Base
UBI8 UBI8 / UBI9
Image
*

Operating System

* Some containers may use UBI 8 to maintain ABI platform compatibility with RHEL 8. Others will use UBI 9.
20
 In-place upgrade improvements

● The upgrade of OpenStack and RHEL has been separated into

distinct steps
○ Simplifies the process and makes it much easier to troubleshoot
● Long term support for mixed mode for compute hosts
○ Run OSP 17.1 containers and packages on RHEL 8.4 compute hosts
○ Allow workload live migration between RHEL 8.4 and RHEL 9.2
○ Compute hosts can upgrade from RHEL 8.4 to RHEL 9.2 any time after
the control plane is upgraded
○ Updates will continue to work in mixed mode
● Blacklist now works for external deploy/update/upgrade tasks
○ Allows the upgrade to continue if a compute node has failed
21
 Upgrade Approach
Undercloud Upgrade

Undercloud Controller Controller Controller Compute Compute Compute

OSP OSP OSP OSP OSP OSP OSP

16.2 16.2 16.2 16.2 16.2 16.2 16.2
RHEL RHEL RHEL RHEL RHEL RHEL RHEL
8.4 8.4 8.4 8.4 8.4 8.4 8.4
VM VM VM VM VM VM

OSP ● OpenStack is upgraded

17.1
← Upgrade Director on the Undercloud.
RHEL
8.4

● RHEL is then upgraded

OSP
17.1 on the Undercloud.
RHEL
← Upgrade RHEL
22
9.2
 Upgrade Approach
Overcloud Upgrade
Undercloud Controller Controller Controller Compute Compute Compute ● OpenStack is upgraded
OSP OSP OSP OSP OSP OSP OSP
across the whole
17.1 16.2 16.2 16.2 16.2 16.2 16.2 Overcloud.
RHEL RHEL RHEL RHEL RHEL RHEL RHEL
9.2 8.4 8.4 8.4 8.4 8.4 8.4

OSP
17.1
← Upgrade OpenStack
RHEL
8.4

Undercloud Controller Controller Controller Compute Compute Compute ● RHEL is then upgraded
OSP OSP OSP OSP OSP OSP OSP on the Control Plane in
17.1 17.1 17.1 17.1 17.1 17.1 17.1 serial to maintain cluster
RHEL RHEL RHEL RHEL RHEL RHEL RHEL quorum.
9.2 8.4 8.4 8.4 8.4 8.4 8.4

OSP
17.1
23 ← Upgrade RHEL
RHEL
9.2
 Upgrade Approach
Compute Host RHEL Upgrade

Undercloud Controller Controller Controller Compute -1 Compute-2 Compute-3 Compute-4

(no workloads)

OSP OSP OSP OSP OSP OSP OSP OSP

17.1 17.1 17.1 17.1 17.1 17.1 17.1 17.1
RHEL RHEL RHEL RHEL RHEL RHEL RHEL RHEL
9.2 9.2 9.2 9.2 9.2 8.4 8.4 8.4
VM VM VM VM VM VM

OSP
17.1
24 RHEL ← Upgrade RHEL
9.2
a. If workloads need to remain up, then migrate them away from this host before doing the
RHEL upgrade.
b. Complete the RHEL upgrade on the host.

This can be done host by host, or batched into groups.

 Red Hat OpenStack Upgrades

Upgrade Approach

25
 Red Hat OpenStack Upgrades

RHOSP Director OpenStack upgrade

26
 Red Hat OpenStack Upgrades

RHCS Ceph upgrade

27
 Red Hat OpenStack Upgrades

OSP Controllers and Computes OpenStack upgrade

API requests blocked

28
 Red Hat OpenStack Upgrades

RHOSP Director system reboot

29
 Red Hat OpenStack Upgrades

OSP Controllers RHEL upgrade

30
 Red Hat OpenStack Upgrades

RHCS Ceph RHEL upgrade

31
 Red Hat OpenStack Upgrades

OSP Computes RHEL upgrade - Optional

32
 Red Hat OpenStack Upgrades

OSP Computes RHEL upgrade

33
 Red Hat OpenStack Upgrades

OSP Computes RHEL upgrade

34
 Red Hat OpenStack Upgrades

OSP Computes RHEL mixed situation

35
 Red Hat OpenStack Upgrades

Post upgrade operations - RHCS Ceph upgrade to v6

36
 OpenStack 18: What’s New

37
 Red Hat OpenStack Platform Lifecycle

2021 2022 2023 2024 2025 2026 2027 2028 2029

Red Hat OpenStack

Platform 10
Based on Newton Supported in-place upgrade paths:
● RHOSP 10 to 13 (until Dec 2021)
Red Hat OpenStack Platform 13 Based on Queens ● RHOSP 13 to 16.2 GA
● RHOSP 16.2 to 17.0 (no upgrade)
Red Hat OpenStack Platform 16.1 - Train
Based on Train
With Ussuri backports
● RHOSP 16.2 to 17.1 (planned)
● RHOSP 17.1 to 18 (planned)
Red Hat OpenStack Platform 16.2 - Train

RHOS Platform 17.0 Based on Wallaby

Based on Wallaby
Red Hat OpenStack Platform 17.1 With Xena backports
OSP 17.1 GA target
date: July-19-2023 Red Hat OpenStack Platform 18 Based on Z

38
Long life releases

13, 16, 17, 18 Customer and Partner NDA required

OSP lifecycle link
 OpenStack 18 Roadmap
17.0 17.1 18.0
● Moving to q35 default machine-type ● Compute hybrid states enhancements for ● Generic mdev management
● Virtio Data Path Acceleration (vDPA) TP upgrades ● Boot a VM with an unaddressed port
Compute

Compute

Compute
● UEFI Secure Boot TP ● UEFI Secure Boot ● Optimize guest CPU placement on hosts with
● vTPM encryption TP ● vTPM encryption complex core/die/package/NUMA topologies

`
● Pinned and non-pinned CPUs in the same instance (AMD)
● Scheduler support for routed networks ● LUKS encryption of all Nova ephemeral disk
● `Socket` PCI NUMA affinity policy ● vDPA move operations

● RHCSv6 support for director & external

● RHCSv5 with Cephadm integration ● Glance Quotas
● Cinder S3 backend & zstd for backups
● Create share from snap with CephFS ● Image Caching API
● Cinder NVMe over TCP support
Storage

Storage

Storage
● Multipath deployment automation ● Manila Ganesha A/A
● Cinder Backup A/A
● Default volume type per tenant ● Cinder RBD Clonev2
● Multi Ceph cluster support (for non Edge)
● DCN auto image copy at edge ● Rebuild volume backed instances
● Manila multi backend of same kind
● Manila manage/unmanage for CephFS
● Manila manage/unmanage
● Distributed image import

● Neutron secure RBAC [TP]

● OVN Migration scale, restore from backup, revert ● Octavia Load Balancer- flow resumption, Multiple
● OVN Stateless Security groups
to ML2-OVS on failure VIPs, failover circuit breakers

Networking
Networking
Networking

● OVN Migration - Trunking, OVS firewalls

● OVN- Stateless Security Groups, Overlay AZs, ● Designate DNSaaS third party vendor
● BGP Multi-cloud - public IP, ECMP, control-plane
Transport zones with overlays ● Multi-cloud with BGP - Fast datapath OVS-DPDK,
HA, Octavia VIPs [TP]
● BGP Multi-cloud for floating IPs, Provider OVN HW offload
● Octavia LB Edge AZ, HTTP/2, Secure RABC [TP]
Network workloads [GA]
● Designate DNSaaS GA -Secure RBAC [TP]
● Octavia LB - vertical scaling, SCTP, OVN ACLs,
HA at Edge sites
● Designate - Secure RBAC [GA]
 OpenStack 18 Roadmap
17.0 17.1 18.0

● Support for OSP Director operator deployment ● OSP Director operator enhancements ● OpenStack services running on OpenShift
(17.0.z) ● Control plane of OpenStack on OpenShift

Day I

Day I
● Dataplane of OpenStack on RHEL
Day I

● STF LIght 1.6 Disconnected Installation (RHCC) on ● New OpenStack Observability Services Integration with
● STF 1.5 Disconnected Installation (Community)
OpenShift Aligned Releases Observatorium Loki Centralized Logging Platform +
● STF Release Alignment with OpenShift Releases
● Leverage OpenShift RHCC Operators & Releases (+RHCC Operator Alignment)
● Enhanced Supported for RHCC Operators
Day II

Day II

Day II
Alignment ● OpenStack Observability Services APIs for
● STF Support for SYSLOG Streaming to Kafka
● STF Support for Thanos/Prometheus Metrics & Observatorium collect data, Metrics & Logs across
Monitoring APIs Private & Hybrid Cloud Deployments
● STF Support for Loki Logging and APIs ● OpenStack Observability Services Remote Monitoring of
Core & Edge Clusters to Observatorium

● OVN Migration - Trunking, OVS firewalls ● Upgrade from RHOSP 16.2 to RHOSP 17.1 ● Upgrade from RHOSP 17.1 to RHOSP 18
Upgrades

Upgrades

Upgrades
● No Upgrade from RHOSP 16.2 to RHOSP 17.0 - ● Mixed RHEL version upgrade support ● Dataplane adoption and upgrade to new
the upgrade support comes in RHOSP 17.1 deployment model
● Mixed RHEL version upgrade support
 OpenStack 18 Roadmap
17.0 17.1 18.0
● MetalLB - BGP & Router Sharding support ● Support for DCN with with Telco/NFV functionality ● Support for multi cluster E-W traffic via
● Support out-of-tree Kubernetes OpenStack Cloud
Shift on Stack

` Stack

Shift on Stack
Provider and Cinder CSI ● Further scale improvements Submariner*
● Support for OVS-DPDK Worker ●
● OVS Hardware offload

Shift on
● DPDK support to host-device plugin
● Support for OVS-DPDK Worker
● Support for DCN for Enterprise use cases (TP)
● Scale improvements

● Controller HA deployment across multiple L2 ● Optional use of AMQP for RPC instead of ● HA/Disaster Recovery support in OSP
High Availability

High Availability

High Availability
networks/Multirack HA (TP) RabbitMQ in the control plane ● Full support for AMQP replacement for RabbitMQ
● Optionally use AMQP for RPC instead of ● Mariabackup controller recovery ● Update InstanceHA
RabbitMQ in the control plane (TP) ● Authentication Plugin SHA-256 support for
RHOSP in MariaDB (ed25519)

● 750 Nodes per cluster ● 1000 nodes per cluster ● 1000+ nodes per cluster
● Raft ovsdb clustering ● Edge scale
Scale

Scale

Scale
● NFV Conntrack scale ● OVN
● Shift on Stack 300+ nodes?
 Red Hat OpenStack Platform

What Red Hat OpenStack Platform customers look for

Easier, faster, better

Easier Faster Unified

installation deployment management

Simplified installation reduces Not just easier, but faster - reducing New management for today’s
risk time to market applications

42 Source: Internal survey of Red Hat OpenStack Platform Customers

What is it:
RedHat OpenStack Platform Director Operator is an Kubernetes Operator TripleO-Ansible
backed Deployment method which leverages Openshift Container Platform, Metal3 and
Openshift Virtualization to Provide A True Hybrid Deployment Solution for Both Container
native workloads and Traditional virtualization ones side by side for the true best of both
worlds, future proofing the workload infrastructure for container native applications while
having it hosting the traditional, tried and tested long life Red Hat Openstack Platform.
OpenStack Services
▸ Can be deployed in an external ceph or HCI topologies
▸ Adheres to tripleo and heat as a pre provision setup
▸ Is considered an interim step until next gen will come on–line
OpenStack VMs
▸ Requires NPSS involvement for deployment
(not a supported as a “download and deploy”)
Red Hat OpenShift Container Platform

What is it Not: Red Hat Enterprise Linux CoreOS

A new installer Physical machine

 OSP Director Operator
(Custom Resource Definitions)

Hardware Provisioning Software Configuration

OpenStackNet
OpenStackPlaybookGenerator

Integrated IPv4/IPv6 IPAM

OpenStackControlPlane
Generate Ansible Playbooks

Kubevirt
OpenStackClient (pod)
44
Ansible Playbooks
OpenStackBaremetalSet Git Store

Metal3
Execute Ansible, Run openstackclient
Virtualized control plane on
OpenShift Virtualization

OCP OSP Controller OSP Controller OSP Controller

App Virtual Machine Virtual Machine Virtual Machine
Pod OSP Compute OSP Compute
Baremetal Baremetal
OCP OCP OCP OCP OCP OCP OCP OCP
App App App App App App App App
Pod Pod Pod Pod Pod Pod Pod Pod

Infra Infra Infra Infra Infra Infra Infra Infra

Pod Pod Pod Pod Pod Pod Pod Pod

BM-0 BM-1 BM-2 BM3-3

(compute) (compute) (compute) (compute)
BM-4 BM-5
(osp-compute) (osp-compute)

Infra Infra Infra Infra Infra Infra

Pod Pod Pod Pod Pod Pod

Ctrl.Pl-0 CtrlPl-1 Ctrl.Pl-2

Baremeta
l
 Deployment Flow
(Post Openshift infrastructure deployment - Cluster0 Online)
Setup OSP Director Operator
Deploy The OSPNet CR Create the git and root secrets
CatalogResource

Create the RHEL Image PV for

Create the baremetal CR Create the ctlplne CR
the ctlplne

Create the TripleO/Heat Create the PlayBookGenerator For Disconnected:

ConfigMaps CR Playbook Generator in
interactive mode and login to
the generated pod

Create the CloudDeployCR For Online: For Disconnected:

46
referencing the git branch from Tail the generator log till it Run the stack creation script in
the previous step (ConfigGen) finishes the generate pod and follow
the log till completion

For Disconnected:
Log in to the client and execute a script / playbook
to update local disconnected registry creds and
repos for deployment
 Engineering deep-dive

If it ain’t broke …

The classic Red Hat OpenStack form-factor has served us well:

● Control plane on bare metal, or virtualized on RHV

● Resilience provided by pacemaker & systemd
● Services containerized, managed on-node via podman
● Day2 operations in the compute tier managed by TripleO
● Bespoke per-cluster telemetry provided via Ceilometer,
Gnocchi, Collectd & friends

47
 Engineering deep-dive

So why fix it?

Our next-gen approach builds on this solid foundation with a

modernized ops experience on Kubernetes:

● Fine-grained podified OpenStack control plane services,

distributed across the k8s cluster
● Operator framework abstracting lifecycle & upgrades
● Replication & failover configured via the intuitive ReplicaSet
idiom
● Unified Observability via Prometheus & node-exporter
48 Image Source
Author: Bahnfrend
pattern, with Kafka-based streaming
License: Creative Commons
Attribution-Share Alike 4.0 International:
 Engineering deep-dive

But what about the data plane?

Aiming to eliminate pain points around scaling, performance, and

error diagnosis:

● Simplify the tool proliferation accreted over time with Mistral,

Heat, Puppet, Ansible all involved
● Work towards a cleaner set of tools based primarily on Ansible
● Reduce upgrade disruption with the option to leave behind
tranches of computes on older RHEL
● Maintain the long & stable RHEL lifecycle for compute tier
49 Image Source
Author: Christopher Bowns
License: Creative Commons
Attribution-Share Alike 2.0 Generic:
 Engineering deep-dive

So this has got to be greenfield-only, right?

Not really. We’ll provide a low-friction path to adoption:

● Recognize that many customers have pre-existing

deployments they need to evolve and not rebuild
● Deploy a fresh, empty control plane in the new form factor
● Transfer control plane state from the old to the new without
disturbing workloads
● Repurpose the old control plane, sit back and enjoy a coffee

50 Image Source
Author: Frantzou Fleurine
License: Creative Commons Zero,
Public Domain Dedication
 Engineering deep-dive

What happens to Director going forward?

Next generation operations management with OpenShift:

● OpenStack Services are deployed and configured Operators

● A control plane that runs OpenStack Operators on OpenShift
● A data plane that runs on OpenStack and RHEL
● An all-encompassing Observability approach

51 Image Source
Author: Frantzou Fleurine
License: Creative Commons Zero,
Public Domain Dedication
 Openstack NextGen Deployment : Components deployment High Level Flow

OpenStack Operator
(MetaOperator)

Step2-Data Plane Step3- Data Dataplane

Step1 - ctlplane deploy operator/job deploy/Adopt Plane componentes Step4-
( Ansible EE) deploy/Adopt ctlplane
(Compute,
(Ansible EE Storage, connection ack
Deployables) Networking)

Other
Operators
(Galera,
SRIOV,
Horizon Nova Keystone Neutron Glance Designate AMQP)
Operator Operator Operator Operator Operator Operator
52

CONFIDENTIAL Internal Use Only

 Engineering deep-dive

How you can get involved…

Customer conversations

● Partner and customer conversations are on going

● Partners are looking at how to align their approach
● Customers are evaluating these next steps within their
roadmap
● Operator feedback will as always be super helpful to guide our
technical direction, and help us course correct
● [email protected]
53 Image Source
Author: AK Rockefeller
License: Creative Commons
Attribution-Share Alike 2.0 Generic:
 Migration Alternatives for OSP 18

54
 Red Hat OpenStack Upgrades

Main Upgrade Paths in the life cycle

MAJOR UPGRADES

▸ Long-life to Long-life release in-place ▸ Long-life to Long-life release parallel

upgrades framework migration
･ Step-by-step guide to upgrading in-place
･ Additional Control plane for new
through several releases
release
･ Approach will depend on versions involved:
･ OSP Fast Forward 10 to 13 framework - GA ･ Workload migration (VM to VM) from
･ OSP 13 to 16 framework - GA source environment to new
･ OSP 16 to 17 Framework destination
･ OSP 16.2 to 17.1 framework - targeted
alongside 17.1 ETA July 2023
･ Storage backend migration
･ OSP 17.1 to OSP 18 (planned) ･ Compute nodes may be
reused/recycled to minimize hardware
55
requirements
 New Data Plane Adoption design

▸ Combines Adoption and FFU (4 versions jump) into a single procedure

▸ In a nutshell:
･ Stop traditional OSP 17.1 control plane
･ Start up podified OSP 18 control plane with existing DB contents
･ Re-manage & upgrade data plane
(relies on Mixed RHEL versions feature)
･ Ceph adoption is a separate procedure

Red Hat Confidential - Subject to change for any or no reason

 Data Plane Adoption

57

Red Hat Confidential - Subject to change for any or no reason

 Data Plane Adoption

58

Red Hat Confidential - Subject to change for any or no reason

 Data Plane Adoption

59

Red Hat Confidential - Subject to change for any or no reason

 Data Plane Adoption

60

Red Hat Confidential - Subject to change for any or no reason

 Data Plane Adoption

61

Red Hat Confidential - Subject to change for any or no reason

 Data Plane Adoption

62

Red Hat Confidential - Subject to change for any or no reason

 Data Plane Adoption

63

Red Hat Confidential - Subject to change for any or no reason

 Data Plane Adoption

64

Red Hat Confidential - Subject to change for any or no reason

 Data Plane Adoption

65

Red Hat Confidential - Subject to change for any or no reason

 ▸ Upstream on Github and Ansible Galaxy
Parallel cloud migration
https://github.com/os-migrate/os-migrate High-level
https://os-migrate.github.io/os-migrate N+
N
https://galaxy.ansible.com/os_migrate/os_migrate M
New
Director N N+3 parallel
cloud

N N+3

Controllers N N+3

N N+3

Offloading nodes

Resource nodes
N N N+3
(computes)
N N N+3

N N

N N

66 Reusing old and scaling new

Future vision enabling the next generation of success

OSP Compute OSP Compute

Baremetal Baremetal

Baremetal
 Future vision enabling the next generation of success
Deploy new control plane on OpenShift, initially empty

OSP Compute OSP Compute

Baremetal Baremetal

OSP Infra Pods OSP Infra Pods OSP Infra Pods OSP Infra Pods
(ctlplane) (ctlplane) (ctlplane) (ctlplane)

OCP OCP OCP OCP

OCPApp OCPApp OCPApp OCPApp
App App App App
Pod Pod Pod Pod
Pod Pod Pod Pod

Infra Infra Infra Infra Infra Infra Infra Infra

Pod Pod Pod Pod Pod Pod Pod Pod

OCP-worker-0 OCP-worker-1 OCP-worker-2 OCP-worker-3

(worker) (worker) (worker) (worker)

Infra Infra Infra Infra Infra Infra

Pod Pod Pod Pod Pod Pod

Master-0 Master-1 Master-2

Baremetal
Future vision enabling the next generation of success

OSP Compute OSP Compute

Baremetal Baremetal Pre-existing
OSP Infra Pods OSP Infra Pods OSP Infra Pods OSP Infra Pods compute tier
(ctlplane) (ctlplane) (ctlplane) (ctlplane)
adopted into the
OCP OCP OCP OCP
new control
OCPApp OCPApp OCPApp OCPApp
App App App App
Pod Pod Pod Pod
Pod Pod Pod Pod plane

Infra Infra Infra Infra Infra Infra Infra Infra

Pod Pod Pod Pod Pod Pod Pod Pod

OCP-worker-0 OCP-worker-1 OCP-worker-2 OCP-worker-3

(worker) (worker) (worker) (worker)

Infra Infra Infra Infra Infra Infra

Pod Pod Pod Pod Pod Pod

Master-0 Master-1 Master-2

Baremetal
Future vision enabling the next generation of success

OSP Compute OSP Compute

Baremetal Baremetal Pre-existing
OSP Infra Pods OSP Infra Pods OSP Infra Pods OSP Infra Pods compute tier
(ctlplane) (ctlplane) (ctlplane) (ctlplane)
adopted into the
OCP OCP OCP OCP
new control
OCPApp OCPApp OCPApp OCPApp
App App App App
Pod Pod Pod Pod
Pod Pod Pod Pod plane

Infra Infra Infra Infra Infra Infra Infra Infra

Pod Pod Pod Pod Pod Pod Pod Pod

OCP-worker-0 OCP-worker-1 OCP-worker-2 OCP-worker-3

(worker) (worker) (worker) (worker)

Infra Infra Infra Infra Infra Infra

Pod Pod Pod Pod Pod Pod

Master-0 Master-1 Master-2

Old control plane

repurposed

Baremetal
 Thank you
Red Hat is the world’s leading provider of enterprise
open source software solutions. Award-winning
support, training, and consulting services make Red
Hat a trusted adviser to the Fortune 500.

linkedin.com/company/red-hat facebook.com/redhatinc

youtube.com/user/RedHatVideos twitter.com/RedHat

71