SECURITY
Implemented the possibility to limit the number of HTTP requests that a user can make in a given period of time for an OpenStack environment. The rate-limiting with NGINX can be used to protect an OpenStack environment against DDoS attacks as well as to protect the community application servers from being overwhelmed by too many user requests at the same time.
SECURITY
Disabled the Memcached listener on the UDP port by default. To reduce the attack surface and improve the product security, Memcached on the controller nodes listens on TCP only. For the existing OpenStack environments deployed on top of the earlier MCP versions, implemented the possibility to manually disable the Memcached listener on the UDP port.
SECURITY
Implemented the protection of the Keystone tokens stored within Memcached.
MCP OpenStack supports the Memcached protection since the Pike release. By
default, this functionality is disabled in the Pike deployments. For Queens,
the Memcached protection is enabled by default with the ENCRYPT
security
strategy.
Hardened the OpenStack Octavia LBaaS components and introduced the following enhancements:
gtw
nodes.Learn more
DOCUMENTATION, TECHNICAL PREVIEW
Added the list of the MCP Ironic supported features and known limitations.
The new section in the MCP Reference Architecture Guide includes the Ironic
drivers and features with known limitations that MCP DriveTrain supports.
Since the Ironic service is available in MCP only as a Technical Preview
feature, the driver or feature support status in that section stands for
the ability of MCP DriveTrain to deploy and configure the features by means
of the Ironic Salt formula through the cluster model.
Learn more
Enabled the load balancing mode for Horizon by default for the new MCP OpenStack deployments. The new approach allows for load reduction on one proxy node and spreading the load among all proxy nodes.
For the existing MCP OpenStack environments, implemented the flow to manually configure Horizon load balancing.
Implemented the strategy to prevent uploads from filling up the disk on the Horizon proxy nodes.
TECHNICAL PREVIEW
Implemented the upgrade of OpenStack Pike deployments to Queens.
The official MCP documentation includes the reference information to consider when creating a detailed maintenance plan for the upgrade. We recommend using the descriptive analysis of the techniques and tools, as well as the high-level upgrade flow included in the documentation to create a cloud-specific detailed upgrade procedure, assess the risks, estimate possible downtimes, plan the rollback, backup, and testing activities.
TECHNICAL PREVIEW
Implemented the flow to provide minor updates for the OpenStack packages without changing the major versions of the packages. In other words, the update between the package versions within a single major OpenStack release.