A guide to the OpenStack Icehouse release

Share this post:

This month we reach another outstanding milestone for open cloud standards as we celebrate the latest release of OpenStack: Icehouse.

The OpenStack ecosystem continues to experience explosive growth.  In the previous release of OpenStack we had approximately 850 contributors.  In Icehouse, the number of contributors more than doubled to over 2,100. Likewise, IBM maintains committed to the success of OpenStack and has also increased its contributions to OpenStack over previous releases from 86 in the Havana release to 107 in Icehouse. I take great pride in saying that IBM had a large number of contributions that were focused on improving the OpenStack ecosystem for the benefit of the whole OpenStack community and accelerating its growth.  I’m excited to have the opportunity to present an early preview of these key contributions to this latest release.

OpenStack IcehouseA long desired feature for OpenStack’s Keystone project has been to add Federated Identity support, so users that exist on an external Identity Provider can interact with OpenStack. In the latest release of OpenStack, IBM contributors collaborated with contributors from Rackspace, CERN, University of Kent, and Red Hat to deliver an initial implementation of Federated Identity support. The new Federated Identity extension allows OpenStack to consume SAML assertions from identity providers, and allows for mapping of federated attributes into OpenStack group-based role assignments.

(Related: Angel Luis Diaz explains why OpenStack “crushed it” with Icehouse)

With these features, customers can now leverage the federated identity capabilities they rely on in the enterprise to support seamless integration with their OpenStack environments.

Also in support of enhanced security, a critical feature of any Cloud infrastructure is the ability to provide auditing capabilities for compliance with security, operational and business processes.  IBM contributors have been adding cloud auditing functionality to OpenStack projects to support API and security auditing using the DMTF Cloud Auditing Data Federation (CADF) standard.  In the Icehouse release, IBM contributors delivered to the Oslo project a new version of pyCADF library, which is the python implementation of this audit specification. Additionally, the pyCADF library grew to audit more API events in Nova and work began on auditing events beyond Nova, including Keystone, Neutron, and Glance events. OpenStack auditing support that is aligned with an industry standard translates to reuse of common cloud audit tooling as well as interoperability that enables cloud audit data to be more easily federated and combined across multiple cloud infrastructures.

For the widely popular Heat project for orchestration, contributors from IBM helped to shape the HOT software orchestration format as a major new feature for this project and also contributed to the overall stabilization of the new HOT format through refactoring and cleanup of Heat engine code for template validation.  In addition, IBM contributors collaborated with Heat core contributors to lead an effort to align the OASIS TOSCA standard for orchestration with OpenStack’s HOT orchestration work.  This work resulted in the drafting and publishing of the TOSCA Simple Profile in YAML v1.0 and serves as an excellent example of how the feedback and expertise of hands-on OpenStack developers can dramatically improve the applicability and usefulness of a standards effort.  In addition, this alignment effort has enabled IBM contributors to create TOSCA YAML to HOT translation tools that are now available as a StackForge project and these will serve to funnel new workloads from the TOSCA community to Heat.  The benefits of this are that these new workloads will help to grow the HOT ecosystem and also will help to unify these two orchestration communities.

openstack-cloud-software-vertical-largeIn the area of quality assurance, IBM has continued to make significant contributions to the OpenStack integration test suite (Tempest).  For this release, IBM contributors added a unit test suite to Tempest because this project has reached a level of complexity that the unit testing added provides real value in both identifying bugs and protecting against regressions. IBM contributors also worked directly with the Neutron team to improve the scale of Neutron testing to bring it up to the same level as most of the other integrated OpenStack projects by adding tenant isolation support to enable tests for Neutron to be run in parallel.

The contributions I reviewed here are just a small sample of the innovations that have been added to OpenStack by IBM in the Icehouse release. It’s important to note that there are many other outstanding contributions in this release by active contributors from other companies.  Please join us at the next OpenStack Summit in Atlanta May 12-16 for a much broader view of the advances and improvements in the latest version of OpenStack.  I look forward to seeing you in Atlanta!

The following video demonstrates how the CADF auditing support added in the IceHouse OpenStack release by IBM can be leveraged by tools such as IBM QRadar for security threat analysis and reporting.

More stories

Why we added new map tools to Netcool

I had the opportunity to visit a number of telecommunications clients using IBM Netcool over the last year. We frequently discussed the benefits of have a geographically mapped view of topology. Not just because it was nice “eye candy” in the Network Operations Center (NOC), but because it gives an important geographically-based view of network […]

Continue reading

How to streamline continuous delivery through better auditing

IT managers, does this sound familiar? Just when everything is running smoothly, you encounter the release management process in place for upgrading business applications in the production environment. You get an error notification in one of the workflows running the release management process. It can be especially frustrating when the error is coming from the […]

Continue reading

Want to see the latest from WebSphere Liberty? Join our webcast

We just released the latest release of WebSphere Liberty, It includes many new enhancements to its security, database management and overall performance. Interested in what’s new? Join our webcast on January 11, 2017. Why? Read on. I used to take time to reflect on the year behind me as the calendar year closed out, […]

Continue reading