I’ve been playing with devstack over the past few months, and I’ve been really impressed with the progress on Icehouse leading up to its release last week. There are some key new features, and updates, which I will touch on below:
Compute (Nova)
- The improved upgrade support is great, and will allow upgrades of the controller nodes first, and rolling updates of compute nodes after (no downtime required!)
- The KVM / libvirt driver now supports reading kernel arguments from Glance metadata.
- KVM / libvirt also got some security boosts. You can now attach a paravirtual RNG (random number generator) for improved encryption security. This is also enabled through Glance metadata with the
hw_rngproperty. - KVM /libvirt video driver support. This allows specification of different drivers, video memory, and video heads. Again, this is specified through Glance metadata (
hw_video_model,hw_video_vram, andhw_video_head) - Improved scheduler performance
- Scheduling now supports server groups for affinity and anti-affinity.
- Graceful shutdown of compute services by disabling processing of new requests when a service shutdown is requested but allowing requests already in process to complete before terminating.
- File injection is now disabled by default! Use ConfigDrive and metadata server facilities to modify guests at launch.
- Docker driver removed from the Icehouse release. :-( The driver still exists and is being actively worked on, however it now has its own repo outside Nova
- Important note: Nova now requires an event from Neutron before launching new guests. The notifications must be enabled in Neutron for this to work. If you find guests failing to launch after a long wait and an error indicating “virtual interface” issues, give the following a shot to disable this check in Nova:
vi /etc/nova/nova.conf
Setvif_plugging_is_fatal=Falseandvif_plugging_timeout=0
Object Storage (Swift)
- The new account level ACLs in Swift allow for more fine grained control of object access.
- Swift will now automatically retry on read failures. This makes drive failures invisible to end-users during a request.
Image Service (Glance)
Nothing has been reported in the official changes, but there has been some activity on github. Much of the work seems to be stability and cleanup related.
OpenStack Dashboard (Horizon)
- Live Migration Support
- Disk config option support
- Support for easily setting flavor extra specs
- Support explicit creation of pseudo directories in Swift
- Adminstrators can now view daily usage reports per project across services
Identity Service (Keystone)
- There is now separation between the authentication and authorization backends. This allows holding identity information in a source like LDAP, and using authorization data from a separate source like a database table.
- The LDAP driver updates added support for group based role assignments.
Network Service (Neutron)
- New OpenDaylight backend.
- Most work on Icehouse’s Neutron went towards improved stability and testing.
OpenStack Orchestration (Heat)
- HOT template format is now the recommended format for authoring Heat templates.
- The
OS::Heat::AutoScalingGroupandOS::Heat::ScalingPolicynow allow the autoscaling of any arbitrary collection of resources.
Database as a Service (Trove)
- Experimental support for MongoDB, Redis, Cassandra, and Couchbase
Overall, there are a ton of features and changes beyond what I documented here. Check out the official release notes for more info.
Cloud Ninja 