OpenStack Icehouse Feature Review

I’ve been playing with devstack over the past few months, and I’ve been really impressed with the progress on Icehouse leading up to its release last week. There are some key new features, and updates, which I will touch on below:

Compute (Nova)

  • The improved upgrade support is great, and will allow upgrades of the controller nodes first, and rolling updates of compute nodes after (no downtime required!)
  • The KVM / libvirt driver now supports reading kernel arguments from Glance metadata.
  • KVM / libvirt also got some security boosts. You can now attach a paravirtual RNG (random number generator) for improved encryption security. This is also enabled through Glance metadata with the hw_rng property.
  • KVM /libvirt video driver support. This allows specification of different drivers, video memory, and video heads. Again, this is specified through Glance metadata (hw_video_model, hw_video_vram, and hw_video_head)
  • Improved scheduler performance
  • Scheduling now supports server groups for affinity and anti-affinity.
  • Graceful shutdown of compute services by disabling processing of new requests when a service shutdown is requested but allowing requests already in process to complete before terminating.
  • File injection is now disabled by default! Use ConfigDrive and metadata server facilities to modify guests at launch.
  • Docker driver removed from the Icehouse release. :-( The driver still exists and is being actively worked on, however it now has its own repo outside Nova
  • Important note: Nova now requires an event from Neutron before launching new guests. The notifications must be enabled in Neutron for this to work. If you find guests failing to launch after a long wait and an error indicating “virtual interface” issues, give the following a shot to disable this check in Nova:

    vi /etc/nova/nova.conf
    Set vif_plugging_is_fatal=False and vif_plugging_timeout=0

Object Storage (Swift)

  • The new account level ACLs in Swift allow for more fine grained control of object access.
  • Swift will now automatically retry on read failures. This makes drive failures invisible to end-users during a request.

Image Service (Glance)

Nothing has been reported in the official changes, but there has been some activity on github. Much of the work seems to be stability and cleanup related.

OpenStack Dashboard (Horizon)

  • Live Migration Support
  • Disk config option support
  • Support for easily setting flavor extra specs
  • Support explicit creation of pseudo directories in Swift
  • Adminstrators can now view daily usage reports per project across services

Identity Service (Keystone)

  • There is now separation between the authentication and authorization backends. This allows holding identity information in a source like LDAP, and using authorization data from a separate source like a database table.
  • The LDAP driver updates added support for group based role assignments.

Network Service (Neutron)

  • New OpenDaylight backend.
  • Most work on Icehouse’s Neutron went towards improved stability and testing.

OpenStack Orchestration (Heat)

  • HOT template format is now the recommended format for authoring Heat templates.
  • The OS::Heat::AutoScalingGroup and OS::Heat::ScalingPolicy now allow the autoscaling of any arbitrary collection of resources.

Database as a Service (Trove)

  • Experimental support for MongoDB, Redis, Cassandra, and Couchbase

Overall, there are a ton of features and changes beyond what I documented here. Check out the official release notes for more info.

About syncomm

Gregory S. Hayes has 20 years of experience in enterprise IT, specializing in OpenStack, Linux, and Open Source. Currently he a Lead Cloud Architect with McGraw-Hill Education, principally working on next-generation enterprise cloud initiatives. Previously he served at Red Hat as a Cloud Infrastructure Solutions Architect working with a number of strategic enterprise accounts to enable cloud transformation, workload migration, and cloud governance. Prior to joining Red Hat, he also served as a Senior Cloud Architect for Hewlett-Packard. Gregory has led the way in these organizations with regard to cloud enablement and infrastructure automation. He has been involved in the OpenSource community since 1995, and considers himself an evangelist for the next generation of cloud technologies based on OpenStack.
This entry was posted in Uncategorized and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s