Chapter 2. New Features

2.1. What's New in OpenShift Enterprise 2.2

OpenShift Enterprise 2.2 introduces the following new features:
New Cartridge Support

OpenShift Enterprise now supports the Ruby 2.0 cartridge through the use of the Software Collections Library (SCL). The JBoss Fuse, JBoss A-MQ, and Fuse Builder premium xPaaS cartridges, introduced in OpenShift Enterprise 2.1.7, are available with add-on subscriptions in OpenShift Enterprise 2.2 as well.

Highly-available Deployments Using oo-install

The oo-install installation utility can now be used to install a highly-available OpenShift Enterprise deployment by defining services across multiple hosts configured for redundancy. By default without the -a option, the installation utility scales and installs ActiveMQ and MongoDB services along with the broker hosts that are defined. If the -a option is used, you can define these services on separate hosts as well. See the OpenShift Enterprise Deployment Guide for more information.

Routing Daemon for Use with an External Routing Layer

A supported routing daemon can be used as a listener with an external routing layer to dynamically control traffic to gears and allow OpenShift Enterprise applications to achieve high availability. The initial version of the routing daemon can be configured to use an nginx or Nginx Plus® routing back end. See the OpenShift Enterprise Deployment Guide for more information on the routing daemon as well as new information on selecting an external routing solution.

Gear Placement Plug-in and Example Algorithms

A supported gear placement plug-in, which allows administrators to control the placement of gears as they are created, is now shipped with OpenShift Enterprise. The plug-in also provides a number of example gear placement algorithms for use with the plug-in. See the OpenShift Enterprise Deployment Guide for instructions on installing the plug-in and implementing your own custom algorithm.

Gear Size Restriction for Cartridges

Administrators can now associate cartridges with specific gear sizes to restrict the size of deployed applications using the VALID_GEAR_SIZES_FOR_CARTRIDGE broker configuration setting. This allows developers to deploy certain applications on appropriate infrastructures. For example, administrators can set a gear size to a corresponding cartridge for applications that requires a faster CPU or more RAM to run at a higher proficiency. See the OpenShift Enterprise Administration Guide for more information.

Additional DNS Plug-ins

Administrators can now use one of several available DNS plug-ins that make dynamic, real-time updates to a DNS domain to publish OpenShift Enterprise applications. The Fog DNS plug-in uses cloud DNS services and can currently be configured for use with Rackspace® Cloud DNS, and the DYN® DNS plug-in uses the DYN® Managed DNS service. In addition to BIND, the nsupdate DNS plug-in supports integration with other compatible DNS services, such as Infoblox®. See the OpenShift Enterprise Deployment Guide for instructions on configuring these DNS plug-ins.

Region Selection Using Management Console and Client Tools

Region selection by developers was previously only possible using a REST API call. If allowed by administrators, developers can now use the Management Console or the client tools to select an available region for their applications. See the OpenShift Enterprise User Guide for more information on regions.

Mutual SSL Authentication

Administrators can now configure their deployment to use mutual SSL authentication, commonly referred to as x509 or two-way authentication. After the broker has been configured, developers must also configure their client tools appropriately. This feature allows for a developer (the SSL client) to authenticate to an application (the SSL server) and vice versa. Each side has a verification certificate, which is shared upon connection. This feature ensures an additional level of security in your deployment, because without the approved authentication certificate a developer is unable to connect to the SSL server. See the OpenShift Enterprise Deployment Guide for administrator instructions and the OpenShift Enterprise User Guide for developer instructions.

Integration with Identity Management

OpenShift Enterprise can integrate with Identity Management (IdM) on Red Hat Enterprise Linux to take advantage of its various features. IdM provides a simple, centralized solution to securely manage user authentication. Integration with IdM is ideal because its authorization and authentication framework easily supports protocols such as Kerberos, LDAP, DNS, NTP, and x509 authentication. See the OpenShift Enterprise Deployment Guide for instructions on integrating Active Directory authentication with Identity Management in your OpenShift Enterprise deployment.

Gear Firewall Tool

The new oo-gear-firewall command creates firewall rules and SELinux policy to contain services running on gears to their own internal gear IPs. This prevents access to unprotected network resources running in another developer's gear. This command is invoked by default during new installations of OpenShift Enterprise 2.2 to restrict access to services running on different gears. Administrators should run the following on node hosts in existing deployments after upgrading to 2.2:

# oo-gear-firewall -i enable -s enable
See the man page for the oo-gear-firewall command for more details.
IPv6 Tolerance

Red Hat now supports OpenShift Enterprise deployments using a mixed IPv4 and IPv6 topology. See the OpenShift Enterprise Deployment Guide for requirements and known issues when using this type of deployment.

Supported Puppet Module

A supported Puppet module is now available for deploying OpenShift Enterprise. See the new OpenShift Enterprise Puppet Deployment Guide for details and installation instructions.