2025.2 Series Release Notes

25.0.0.0rc1

アップグレード時の注意

  • All wsgi application implementations using eventlet for heat-api, heat-api-cfn and heat-all are removed as a precusror to dropping eventlet usage from heat.

  • Integration with monasca has been removed because the monasca project was retired. Because of the removal, the following resource types are no longer supported and now hidden.

    • OS::Monasca::AlarmDefinition

    • OS::Monasca::Notifications

    Also, the options in [clients_monasca] section have been removed.

  • Support for Python 3.9 has been removed. Now Python 3.10 is the minimum version supported.

廃止予定の機能

  • The heat-api console script and the heat-api-cfn console script, which are used to launch standalone api services, have been deprecated and will be removed in a future release. It is now highly recommended to Use the wsgi scripts (or wsgi applications directly) instead.

  • The legacy engine has been deprecated and convergence engine will be the only supported engine. Due to this deprecation, the following options have been deprecated.

    • [DEFAULT] convergence_engine

    • [DEFAULT] enable_stack_abandon

    • [DEFAULT] enable_stack_adopt

  • The root_app_factory composite factory has been deprecated, because it is equivalent the urlmap factory from paste. Replace usage in api-paste.ini in case the file is modified to use customized pipelines.

バグ修正

  • Enable the creation of an OS::Neutron::VPNService resource, and an OS::Neutron::IPsecSiteConnection resource that depends on it, within the same stack.

24.0.0

新機能

  • A new module, heat.wsgi, has been added as a place to gather WSGI application objects. This is intended to ease deployment by providing a consistent location for these objects. For example, if using uWSGI then instead of:

    [uwsgi]
wsgi-file = /bin/heat-api

    You can now use:

    [uwsgi]
module = heat.wsgi.api:application

    This also simplifies deployment with other WSGI servers that expect module paths such as gunicorn.

  • The new resources, OS::Octavia::AvailabilityZoneProfile and OS::Octavia::AvailabilityZone, are added. These resource types allow an operator to create Octavia availabilityzone profile and availabilityzone. A created OS::Octavia::AvailabilityZone resource can be referred by the availability_zone property of OS::Octavia::LoadBalancer resources.

  • Added the tenant_id property to the following resources. This property allows admin users to create these resources in specific tenants.

    • OS::Neutron::ProviderNet

    • OS::Neutron::Router

  • Added attributes property to resource type OS::Designate::Zone. It can be any key:value pairs of information about this zone including the pool where the user wants to place the zone used by scheduler.

  • The new [DEFAULT] max_cinder_api_microversion option has been added. This option overrides the maximum API microversion supported by Cinder, which is detected automatically by default.

  • The OS::Cinder::Volume resource type now supports extending volumes in use. Note that this requires that Cinder supports API microversion 3.42 or later.

アップグレード時の注意

  • OS::Manila::Share attribute export_locations will now be a list of export paths

廃止予定の機能

  • The heat-all console script has been deprecated and will be removed in a future release.

バグ修正

  • Fixed the consistent type mismatch error caused by creating or updating a stack with files stored in OpenStack Swift containers, using the files_container parameter. Now file content is always decoded and can be used as a string value.

  • Changed type of the following parameters from integer to string, to correctly parse micro versions with trailing zero (e.g. 2.20).

    • [DEFAULT] max_nova_api_microversion

    • [DEFAULT] max_ironic_api_microversion

  • OS::Manila::Share attribute export_locations will now be a list of export paths

23.0.0

新機能

  • Add to OS::Designate::RecordSet new types: CAA, CERT, NAPTR.

  • Fixed the OS::Heat::UpdateWaitConditionHandle resource type, which caused stack update to fail consistently.

  • The following parameters have been added, to define timeout in internal HTTP requests.

    • [DEFAULT] metadata_put_timeout

    • [DEFAULT] template_fetch_timeout

    • [ec2authtoken] timeout

アップグレード時の注意

  • Python 3.8 support was dropped. The minimum version of Python now supported is Python 3.9.

  • Integration with sahara has been removed because the sahara project has been retired. Because of the removal, the following resource types are no longer supported and now hidden.

    • OS::Senlin::Cluster

    • OS::Senlin::Node

    • OS::Senlin::Policy

    • OS::Senlin::Profile

    • OS::Senlin::Receiver

    Also, the options in [clients_sahara] section have been removed.

  • Default value of the [DEFAULT] hidden_stack_tags option has been updated and now stacks with the data-processing-cluster tag is not hidden by default.

  • Integration with senlin has been removed because the senlin project has been retired. Because of the removal, the following resource types are no longer supported and now hidden.

    • OS::Senlin::Cluster

    • OS::Senlin::Node

    • OS::Senlin::Policy

    • OS::Senlin::Profile

    • OS::Senlin::Receiver

    Also, the options in [clients_senlin] section have been removed.

22.0.0

新機能

  • Add OS::Aodh::PrometheusAlarm resource to enable autoscaling with Prometheus instead of Gnocchi.

  • Heat now supports limiting number of software configs, software deployments, stack snapshots which users can create, by the following config options. These limits are not enforced for users with admin role.

    • [DEFAULT] max_software_configis_per_tenant

    • [DEFAULT] max_software_deployments_per_tenant

    • [DEFAULT] max_snapshots_per_stack

アップグレード時の注意

  • The heat-manage migrate_properties_data command is deprecated and is now a no-op. It will be removed in a future release.

  • Now heat enables the API policies (RBAC) new defaults and scope by default. The default value of config options [oslo_policy] enforce_scope and [oslo_policy] enforce_new_defaults have been changed from False to True.

  • The OS::Glance::Image type is now hidden.

  • Now the following limits are enforced by default, unless a request user has admin role.

    • Maximum number of software configs per project is 4096

    • Maximum number of software deployments per project is 4096

    • Maximum number of stack snapshots per tenant is 32

    Set the following options in case the limits should be increased. Limits can be disabled by setting -1 to these options.

    • [DEFAULT] max_software_configis_per_tenant

    • [DEFAULT] max_software_deployments_per_tenant

    • [DEFAULT] max_snapshots_per_stack

  • The [DEFAULT] onready option has been removed. This option has had no effect.

廃止予定の機能

  • The following resources have been deprecated, because monasca, sahara and senlin were marked inactive and will not get deliverables for the 2024.1 release. These resources will be removed in 23.0.0 release.

    • OS::Monasca::*

    • OS::Sahara::*

    • OS::Senlin::*

21.0.0

新機能

  • Heat policies have been modified to isolate the system and project level APIs policy. Because of this change, system users will not be allowed to perform any operations on project level resources.

アップグレード時の注意

  • The following resources types are now hidden. Neutron LBaaS v2 was already retired thus these resource types can no longer be used.

    • OS::Neutron::LBaaS::LoadBalancer

    • OS::Neutron::LBaaS::Listener

    • OS::Neutron::LBaaS::Pool

    • OS::Neutron::LBaaS::PoolMember

    • OS::Neutron::LBaaS::HealthMonitor

    • OS::Neutron::LBaaS::L7Policy

    • OS::Neutron::LBaaS::L7Rule

  • The database migration engine has changed from sqlalchemy-migrate to alembic. For most deployments, this should have minimal to no impact and the switch should be mostly transparent. The main user-facing impact is the change in schema versioning. While sqlalchemy-migrate used a linear, integer-based versioning scheme, which required placeholder migrations to allow for potential migration backports, alembic uses a distributed version control-like schema where a migration's ancestor is encoded in the file and branches are possible. The alembic migration files therefore use a arbitrary UUID-like naming scheme and the heat-manage db_sync command now expects such an version when manually specifying the version that should be applied. For example:

    $ heat-manage db_sync c6214ca60943

    Attempting to specify an sqlalchemy-migrate-based version will result in an error.

20.0.0.0rc1

バグ修正

  • Honor hidden parameter in get stack environment API. Now values passed to hidden parameters are replaced by '**', similarly to the other APIs such as show stack details API.

19.0.0.0rc1

新機能

  • OS::Neutron::FloatingIPPortForward added. This feature allows an operator to create port-forwarding rules in Neutron for their floating ips.

  • Adding REBUILD option for user_data_update_policy so that changes to user_data can be updated instead of a new create.

  • Adds the 'availability_zone_hints' property for the OS::Neutron::Router, OS::Neutron::Net and OS::Neutron::ProviderNet resources.

  • Added OS::Neutron::QoSMinimumPacketRateRule resource to support minimum_packet_rate_rule in Neutron QoS. This resource depends on Neutron API extension qos-pps-minimum and according to the default policy it is admin-only.

アップグレード時の注意

  • The remaining deprecated parameters for Cloud Watch API have been removed.

  • Python 3.6 & 3.7 support has been dropped. The minimum version of Python now supported is Python 3.8.

その他の注意点

  • Allow Heat resources to accept more than one required_service_extension. For cases where a resource required multiple service extensions. A developer can now provide a list of those extensions.

18.0.0

アップグレード時の注意

  • Support for Block Storage API v2 has been removed.

バグ修正

  • Now the [DEFAULT] shared_services_types option includes volumev3 service type by default.

17.0.0.0rc1

前置

Add the ability to specify extra_properties for Glance images. This is useful for example when using secure boot and are required to have specific properties defined on the Glance images.

新機能

  • Add availabilty_zone parameter to OS::Octavia::LoadBalancer

  • extra_properties key added to the OS::Glance::WebImage type. This parameter takes a map value such as '{"hw_firmware_type": "uefi", "os_secure_boot": "required"}'

アップグレード時の注意

  • The default value of [oslo_policy] policy_file config option has been changed from policy.json to policy.yaml. Operators who are utilizing customized or previously generated static policy JSON files (which are not needed by default), should generate new policy files or convert them in YAML format. Use the oslopolicy-convert-json-to-yaml tool to convert a JSON to YAML formatted policy file in backward compatible way.

廃止予定の機能

  • Use of JSON policy files was deprecated by the oslo.policy library during the Victoria development cycle. As a result, this deprecation is being noted in the Xena cycle with an anticipated future removal of support by oslo.policy. As such operators will need to convert to YAML policy files. Please see the upgrade notes for details on migration of any custom policy files.

16.0.0

前置

There was a mismatch between the way heat create role behaved with the templates or with the openstack CLI on what relates to the default domain if the domain is not specified on both cases the CLI will not assign on to the created new role but the heat templates will assign the "default" domain

新機能

  • The lb_algorithm property of OS::Octavia::Pool resource now supports SOURCE_IP_PORT option required for Octavia OVN provider driver.

  • Add new properties backups and to backups_gigabytes resource OS::Cinder::Quota. These properties can be updated without replacement.

  • The wallaby template version introduces a new 2-argument form of the if function. This allows users to specify optional property values, so that when the condition is false Heat treats it the same as if no value were specified for the property at all. The behaviour of existing templates is unchanged, even after updating the template version to wallaby.

  • Now the OS::Neutron::Port type supports the no_fixed_ips property, which allows users to create a network port without any fixed ips.

  • Adds a new segments attribute to the OS::Neutron::ProviderNet resource. The attribute resolves the segments of the network.

  • The default policies provided by heat api have been updated to add support for default roles and system scope. This is part of a broader community effort to support read-only roles and implement secure, consistent default policies.

    Refer to the Keystone documentation for more information on the reason for these changes.

  • Operators can now set a separate stacks:update_no_change policy for PATCH updates that don't modify the stack, independently of the existing stacks:update_patch policy.

  • The OS::Glance::WebImage resource type now supports an active property to allow administrators to deactivate and reactivate the Image. Images remain active by default.

  • The OS::Glance::WebImage resource type now supports a members property for managing a list of other tenants with access to the Image.

  • A new OS::Vitrage::Template resource is added to configure and create a Vitrage template. The Vitrage template can be used, for example, for executing a Mistral healing workflow in case there is an alarm on an instance.

廃止予定の機能

  • The old default policy rules have been deprecated for removal in Xena cycle.

重要な問題

  • Templates that creates roles but does not specify the domain will not get a "default" domain from now on. To have a domain added to your new role it needs to be assigned in the template.

バグ修正

  • Oslo db config is able to control wrap_db_retry call in heat. We remove hard coded settings for wrap_db_retry and use following configs from oslo_db instead. * database.db_max_retries * database.db_retry_interval * database.db_inc_retry_interval * database.db_max_retry_interval So database cofig can now control db retries. Please reference [1] for what each config options can do. [1] https://opendev.org/openstack/oslo.db/src/branch/master/oslo_db/options.py

  • The ordering in the list of segments returned by OS::Neutron::Net resources is not predictable. Stack updates changeing attributes of the network can cause the list of segments to shift.

    The ordering is now slightly more predictable, segments with name=``None`` are now placed first in the list. This doesn't guarantee the order, but typically only the segment implicitly created by neutron has no name attribute set. The template author should ensure other segments on the network does have a name set, so that the implicit segment will always be index 0. Resolving attributes of the implcitly created segment on the network resource can then predictibly happen using index 0. See bug: 1894920.

15.0.0

新機能

  • Added dns_domain property to resource type OS::Neutron::ProviderNet. This specifies the DNS domain to use when publishing DNS records for ports on this network.

  • Added propagate_uplink_status property to resource type OS::Neutron::Port. This resource depends on Neutron API extension uplink-status-propagation and the default is False. If this property is set to True, the VF link state can follow that of PF.

アップグレード時の注意

  • Manila resources now use the 'sharev2' endpoint and API version '2.13'.

廃止予定の機能

  • The OS::Designate::Zone resource type's masters property is now known as primaries. Existing templates will continue to work.

バグ修正

  • The OS::Heat::Delay resource type is now usable.

  • OS::Manila::Share now properly supports 'cephx' as a value for property '{"access_rules": [{"access_type": ""}]}'.

14.0.0

新機能

  • Add support for OS::Octavia::Flavor and OS::Octavia::FlavorProfile resources and add flavor parameter in OS::Octavia::LoadBalancer, allowing users to configure Load Balancer capabilities.

  • Add tty property to OS::Zun::Container. This property allows users to open the TTY of the container.

  • Introduce a Vitrage client plugin module that will be used by the Vitrage resources.

  • Operators can now apply different authorization policies to each action supported by the action API (actions:suspend for suspend, actions:resume for resume, actions:check for check, actions:cancel_update for cancel operation and roll back, and actions:cancel_without_rollback for cancel operation without rolling back). The default for each is to use the existing actions:action rule that was previously the only way to specify policy for actions.

  • The OS::Trove::Cluster resource type now supports specifying an availability zone.

  • Properties of the VPNaaS OS::Neutron::IKEPolicy resource can now be updated in place.

  • New resource OS::Neutron::ExtraRouteSet is added to manage extra routes of a Neutron router.

  • New resource OS::Neutron::QoSMinimumBandwidthRule to support minimum_bandwidth_rules in Neutron QoS. This resource depends on Neutron API extension qos-bw-minimum-ingress and according to the default policy it is admin-only.

  • Support tls_enabled property for the resource OS::Octavia::Pool, the property is allowed to be updated as well. The property 'tls_enabled' was introduced in Octavia since Stein release. The default value is False if it is not specified in Heat template.

  • New resource OS::Octavia::Quota is added to enable an admin to manage Octavia service quotas for a specific project.

  • Support allowed_cidrs property for the resource OS::Octavia::Listener, the property is allowed to be updated as well. The property 'allowed_cidrs' was introduced in Octavia since Train release. The default value is empty list if it is not specified in Heat template.

  • Supports user, group, role and project lookup across domains. Added domain parameter to keystone lookup functions. Heat templates now support user{domain}, group{domain}, role{domain} and project{domain} to support cross domain lookup. Keystone constrains will also work across domain.

  • Heat can now support software deployments with CoreOS by passing a CoreOS Ignition config in the user_data property for an OS::Nova::Server resource when the user_data_format is set to SOFTWARE_CONFIG.

  • Introduce a Ironic client plugin module that will be used by the Ironic's resources. Support only ironicclient version >=2.8.0 to get allocation functionality support.

  • New resource type OS::Ironic::Port is now supported in orchestration service.

  • Support shared services in multi region mode. The services are declared in a list in config. shared_services_types=image, volume, volumev2.

  • Add group property to OS::Heat::MultipartMime. This allow you to set group for entire multipart cofig resource like group property in OS::Heat::SoftwareConfig. Aware that, you must make sure all configs in MultipartMime works with group. Default value is Heat::Ungrouped.

アップグレード時の注意

  • We have change some log pathes as below * Migrate heat.engine.clients.keystoneclient to heat.engine.clients.os.keystone.heat_keystoneclient * remove heat.all * remove heat.api * remove heat.api.cfn * remove heat.engine

  • Nova has removed api extension support and its api bindings. Heat has now removed support for extensions from nova client plugin and the resource plugins using it.

廃止予定の機能

  • file injection is deprecated in compute api. Deprecating injected_files, injected_file_content_bites, and injected_file_path_bytes properties accordingly in OS::Nova::Quota resource.

  • The accessIPv4 and accessIPv6 attributes of the OS::Nova::Server resource are now deprecated, since Nova returns empty values for them. Use the addresses attribute instead to get IP addresses.

  • Unsupported contrib resource OS::Neutron::ExtraRoute is deprecated in favor of OS::Neutron::ExtraRouteSet on all OpenStack clouds where Neutron extension extraroute-atomic is available.

重要な問題

  • Python 2 is no longer supported. This release runs only on Python 3 and is tested only on Python 3.6 and 3.7.

バグ修正

  • The behavior of get_resource on an OS::Heat::InstanceGroup resource has changed. Previously it returned the physical resource name (i.e. the name of the nested Heat stack which implemented the group). It will now return the UUID of the nested stack if available. This will also apply to any resource type that inherits from OS::Heat::AutoScalingGroup, OS::Heat::InstanceGroup, and AWS::AutoScaling::AutoScalingGroup.

  • Empty string passing in for volume availability_zone can be correctly handled now. For this case, it's same as no AZ set, so the default AZ in cinder.conf will be used.

  • On clouds where Keystone usernames are case-insensitive, Heat will now allow usernames with any case as property and parameter values where a Keystone user is expected (i.e. a keystone.user custom constraint applies). Previously the case had to match the case with which the name was stored in Keystone, even if Keystone itself was case-insensitive.

  • The firewall_rules property of the OS::Neutron::FirewallPolicy resource type is now optional.

13.0.0.0rc1

新機能

  • OS::Aodh::LBMemberHealthAlarm resource plugin is added to manage Aodh loadbalancer_member_health alarm.

  • Added a new config option server_keystone_endpoint_type to specify the keystone authentication endpoint (public/internal/admin) to pass into cloud-init data. If left unset the original behavior should remain unchanged.

    This feature allows the deployer to unambiguously specify the keystone endpoint passed to user provisioned servers, and is particularly useful where the deployment network architecture requires the heat service to interact with the internal endpoint, but user provisioned servers only have access to the external network.

    For more information see http://lists.openstack.org/pipermail/openstack-discuss/2019-February/002925.html

  • Support tags property for the resource OS::Octavia::PoolMember, the property is allowed to be updated as well. The resource tag was introduced in Octavia since Stein release, do not specify tags in Heat template if you are using the previous versions.

  • The OS::Neutron::QosBandwidthLimitRule resource type now supports an optional direction property, allowing users to set the ingress bandwidth limit in a QoS rule. Previously only the egress bandwidth limit could be set.

  • Added new config option [DEFAULT]allow_trusts_redelegation (False by default). When enabled and reauthentication_auth_method is set to trusts, Heat will always create trusts with enabled redelegation, for both trusts used for long running stacks and for trusts used for deferred authentication.

アップグレード時の注意

  • When loading a Resource plugin, the attribute schema is now validated in the same way that the properties schema is. Third-party resource plugins should be tested to check that they still comply.

  • multiattach` property in OS::Cinder::Volume is now hidden. Please use multiattach key in metadata property of OS::Cinder::VolumeType instead.

  • Designate project had removed v1 api support since stable/queens. Heat has now removed support for v1 resources OS::Designate::Domain and OS::Designate::Record completely and replaced them with placeholders for existing templates with those resources. The designate.domain custom constraint has also been removed.

Security Issues

  • With both reauthentication_auth_method set to trusts and allow_trusts_redelegation set to True (new config option, False by default), Heat will always create trusts with enabled redelegation, for both trusts used for long running stacks and for trusts used for deferred authentication. This have security implications and is only recommended when Heat is set to use trust and you experience problems with other services Heat consumes that also require to create trusts from token being passed by Heat (examples are Aodh and Heat running in another region).

バグ修正

  • Non-ASCII text that appears in parameter constraints (e.g. in the description of a constraint, or a list of allowed values) will now be handled correctly when generating error messages if the constraint is not met.

  • OS::Neutron::Port resources will now be replaced when the mac_address property is modified. Neutron is unable to update the MAC address of a port once the port is in use.

その他の注意点

12.0.0.0rc1

前置

Added new tool heat-status upgrade check.

新機能

  • Add multiple OpenStack orchestration support - User can now use OS::Heat::Stack to create stack in another OpenStack cloud. Must provide properties credential_secret_id in context. Remote stack resource will get authentication information from cloud credential to refresh context before calling stack create.

  • A new OS::Blazar::Host resource is added to manage compute hosts for the lease/reservation in OpenStack.

  • A new OS::Blazar::Lease resource is added to manage reservations for specific type/amount of cloud resources in OpenStack.

  • Add rbac_policy and subnetpool support for OS::Neutron::Quota resource.

  • Add UDP to supported protocols for Octavia.

  • A new OS::Neutron::TaaS::TapService resource is added to support a Tap Service in the Neutron Tap-as-a-service plugin.

  • A new OS::Neutron::TaaS::TapFlow resource is added to support a Tap Flow in the Neutron Tap-as-a-service plugin.

  • Add a new OS::Glance::WebImage resource supporting the web-download import of Glance v2.

  • New framework for heat-status upgrade check command is added. This framework allows adding various checks which can be run before a Heat upgrade to ensure if the upgrade can be performed safely.

  • New resource OS::Neutron::L2GatewayConnection to allow management of Neutron Layer2 Gateway Connection. This resource provides capability to connect a Neutron network to a Layer2 Gateway. The resource depends on the Neutron l2-gateway extension.

  • New resource OS::Neutron::L2Gateway to allow management of Neutron Layer2 Gateway. This resource provides life-cycle management of layer2 gateway instances. The resource depends on the Neutron l2-gateway extension.

  • Add tags support for ProviderNet resource

  • Add ca_cert and insecure properties for OS::Heat::Stack resource type. The ca_cert is the contents of a CA Certificate file that can be used to verify a remote cloud or region's server certificate. insecure is boolean option, CA cert will be use if we didn't setup insecure flag.

アップグレード時の注意

  • The distribution name has been changed from "heat" to "openstack-heat" so that we can publish packages to pypi.org. This may have an effect on downstream package builds if they rely on asking setuptools to determine the package name.

  • New config max_nova_api_microversion to set the maximum nova API microversion for nova client plugin. If``max_nova_api_microversion`` is set, any nova features supported with microversion number above max_nova_api_microversion will not be available.

  • Operator can now use new CLI tool heat-status upgrade check to check if Heat deployment can be safely upgraded from N-1 to N release.

廃止予定の機能

  • personality property of OS::Nova::Server is now deprecated, please use user_data or metadata instead. If that property really required, use config max_nova_api_microversion to set the maximum nova API microversion <2.57 for nova client plugin to support personality property.

バグ修正

  • We now allowed global admins to operate software deployment and software config resources from other projects.

  • Heat can now perform a stack update to roll back to a previous version of a resource after a previous attempt to create a replacement for it failed (provided that convergence is enabled). This allows the user to recover a stack where a resource has been inadvertantly replaced with a definition than can never succeed because it conflicts with the original. Previously this required automatic rollback to be enabled, or the user had to update the stack with a non-conflicting definition before rolling back to the original.

11.0.0.0rc1

前置

Heat current bug/blueprint reports have migrated from Launchpad to storyboard. If you would like to create a new story (a bug or a blueprint), please file it under the Heat project. This change applies to all heat projects/repos.

新機能

  • Add a new property networks to resource OS::Zun::Container. This property is an ordered list of nics to be added to this container, with information about connected networks, fixed ips, and port. This property can be updated without replacement.

アップグレード時の注意

  • The ceilometer client plugin is no longer provided, due to the Ceilometer API no longer being available from Queens and the python-ceilometerclient library being unmaintained.

バグ修正

  • Previously, when deleting a convergence stack, the API call would return immediately, so that it was possible for a client immediately querying the status of the stack to see the state of the previous operation in progress or having failed, and confuse that with a current status. (This included Heat itself when acting as a client for a nested stack.) Convergence stacks are now guaranteed to have moved to the DELETE_IN_PROGRESS state before the delete API call returns, so any subsequent polling will reflect up-to-date information.

  • Previously, the suspend, resume, and check API calls for all stacks, and the update, restore, and delete API calls for non-convergence stacks, returned immediately after starting the stack operation. This meant that for a client reading the state immediately when performing the same operation twice in a row, it could have misinterpreted a previous state as the latest unless careful reference were made to the updated_at timestamp. Stacks are now guaranteed to have moved to the IN_PROGRESS state before any of these APIs return (except in the case of deleting a non-convergence stack where another operation was already in progress).

11.0.0.0b3

新機能

  • A new OS::Heat::Delay resource type allows users to work around thundering herd issues in large templates by adding a random delay (with configurable jitter) into the workflow.

  • Adds a new attribute segments to the OS::Neutron::Net resource. The attribute resolves the network segments on the network. The attribute is useful when migrating from a non routed provider network to a routed provider network. The example below show how to migrate an existing subnet to one that is associated with the segment:

    TestSubnet:
  type: OS::Neutron::Subnet
  name: the_subnet
  properties:
    segment: {get_attr: [the_network, segments, 0, id]}

  • Added network attribute to OS::Neutron::Port resource. The new attribute returns the neutron network that owns the port. The following examples demonstrate some (not all) possible expressions. (Obtains the network, the MTU (Maximum transmission unit), the network tags and finally the l2_adjacency property):

    {get_attr: [<port>, network]}
{get_attr: [<port>, network, mtu]}
{get_attr: [<port>, network, tags]}
{get_attr: [<port>, network, l2_adjacency]}

  • Adds network to the addresses attribute of OS::Nova::Server resource. This enables resolving the network properties for the server resource.

  • Adds subnets to the addresses attribute of OS::Nova::Server resource. This enables resolving the subnet properties for the server resource which brings parity with OS::Neutron::Port's subnets attribute.

  • Adds support to update the segment_id of OS::Neutron::Subnet resource. This enables migration from non routed network to a routed network.

  • Added stack API support to provide a swift container that contains the child templates and environment files. All files would be fetched and used (if required), unless they are superceded by files in files map.

アップグレード時の注意

  • Resource type OS::Magnum::Bay is now hidden, please use OS::Magnum::Cluster instead.

  • Resource type OS::Magnum::BayModele is now hidden, please use OS::Magnum::ClusterTemplate instead.

  • Resource type OS::Nova::FloatingIP is now hidden, please use OS::Neutron::FloatingIP instead.

  • Resource type OS::Nova::FloatingIPAssociation is now hidden, please use OS::Neutron::FloatingIPAssociation instead.

その他の注意点

  • Introduce a Blazar client plugin module that will be used by Blazar resources.

11.0.0.0b1

アップグレード時の注意

  • The database upgrade for Heat Queens release drops 'watch_rule' and 'watch_data' tables from the heat database.

Security Issues

  • Passwords generated by the OS::Heat::RandomString resource may have had less entropy than expected, depending on what is specified in the character_class and character_sequence properties. This has been corrected so that each character present in any of the specified classes or sequences now has an equal probability of appearing at each point in the generated random string.

10.0.0.0rc1

前置

Note that Heat is compatible with OpenStack Identity federation, even when using Keystone trusts. It should work after you enable Federation and build the auto-provisioning map with the heat service user in Keystone. Auto-provisioning has been available in Keystone since the Ocata release.

新機能

  • Added hostname, hints, security_groups, and mounts properties to Zun Container resources.

アップグレード時の注意

  • The OS::Heat::HARestarter resource type is no longer supported. This resource type is now hidden from the documentation. HARestarter resources in stacks, including pre-existing ones, are now only placeholders and will no longer do anything. The recommended alternative is to mark a resource unhealthy and then do a stack update to replace it. This still correctly manages dependencies but, unlike HARestarter, also avoid replacing dependent resources unnecessarily. An example of this technique can be seen in the autohealing sample templates at https://git.openstack.org/cgit/openstack/heat-templates/tree/hot/autohealing

  • The AWS compatible CloudWatch API, deprecated since long has been finally removed. OpenStack deployments, packagers, and deployment projects which deploy/package CloudWatch should take appropriate action to remove support.

Security Issues

  • Heat no longer uses standard Python RNG when generating values for OS::Heat::RandomString resource, and instead relies on system's RNG for that.

その他の注意点

  • The old Heat Tempest plugin heat_tests has been removed and replaced by a separate Tempest plugin named heat, in the heat-tempest-plugin repository (https://git.openstack.org/cgit/openstack/heat-tempest-plugin). Functional tests that are appropriate for the Tempest environment have been migrated to the new plugin. Other functional tests remain behind in the heat repository.

10.0.0.0b3

新機能

  • Adds new resources for octavia lbaas service.

  • New resource OS::Octavia::LoadBalancer is added to create and manage Load Balancers which allow traffic to be directed between servers.

  • New resource OS::Octavia::Listener is added to create and manage Listeners which represent a listening endpoint for the Load Balancer.

  • New resource OS::Octavia::Pool is added to create and manage Pools which represent a group of nodes. Pools define the subnet where nodes reside, the balancing algorithm, and the nodes themselves.

  • New resource OS::Octavia::PoolMember is added to create and manage Pool members which represent a single backend node.

  • New resource OS::Octavia::HealthMonitor is added to create and manage Health Monitors which watch status of the Load Balanced servers.

  • New resource OS::Octavia::L7Policy is added to create and manage L7 Policies.

  • New resource OS::Octavia::L7Rule is added to create and manage L7 Rules.

  • Heat now support policy in code, which means if you didn't modify any of policy rules, you won't need to add rules in the policy.yaml or policy.json file. Because from now, heat keeps all default policies under heat/policies. You can still generate and modify a policy.yaml file which will override policy rules in code if those rules appear in the policy.yaml file.

  • Add tags parameter for create and update keystone projects. Defined comma deliniated list will insert tags into newly created or updated projects.

  • OS::Heat::ResourceGroup now supports a removal_policies_mode property. This can be used to optionally select different behavior on update where you may wish to overwrite vs append to the current policy.

  • Allow to set networks of instances for OS::Trove::Cluster resource.

アップグレード時の注意

  • Default policy.json file is now removed as we now generate the default policies in code. Please be aware that when using that file in your environment. You still can generate a policy.yaml file if that's required in your environment.

廃止予定の機能

  • Threshold alarm which uses ceilometer API is deprecated in aodh since Ocata. Please use OS::Aodh::GnocchiAggregationByResourcesAlarm in place of OS::Aodh::Alarm.

バグ修正

  • Force delete the nova instance. If a resource is related with a nova instance which is in 'SOFT_DELETED' status, the resource can't be deleted, when nova config 'reclaim_instance_interval'. so, force-delete the nova instance, and then all the resources are related with the instance would be processed properly.

10.0.0.0b2

新機能

  • Adds REST api support to cancel a stack create/update without rollback.

  • The template validate API call now returns the Environment calculated by heat - this enables preview of the merged environment when using parameter_merge_strategy prior to creating the stack

  • Added a new schema property tags, to parameters, to categorize parameters based on features.

廃止予定の機能

  • The SSL middleware heat.api.middleware.ssl:SSLMiddleware that has been deprecated since 6.0.0 has now been removed, check your paste config and ensure it has been replaced by oslo_middleware.http_proxy_to_wsgi instead.

  • The heat.resource_type custom constraint has been removed. This constraint never actually worked.

10.0.0.0b1

新機能

  • すべての開発者、コントリビューター、ユーザー向けコンテンツはopenstack-manualsからツリー内部に移動しており、`https://docs.openstack.org/heat/pike/`で公開されています。

既知の問題

  • Heat does not work with keystone identity federation. This is a known limitation as heat uses keystone trusts for deferred authentication and trusts don't work with federated keystone. For more details check https://etherpad.openstack.org/p/pike-ptg-cross-project-federation.

廃止予定の機能

  • Hidden Designate resource plugins OS::Designate::Domain and OS::Designate::Record. To use OS::Designate::Zone and OS::Designate::RecordSet instead.

バグ修正

  • Add attribute schema to OS::Keystone::Project. This allow get_attr function can work with project resource.

その他の注意点

  • Intrinsic function plugins will now be passed a StackDefinition object instead of a Stack object. When accessing resources, the StackDefinition will return ResourceProxy objects instead of Resource objects. These classes replicate the parts of the Stack and Resource APIs that are used by the built-in Function plugins, but authors of custom third-party Template/Function plugins should audit them to ensure they do not depend on unstable parts of the API that are no longer accessible. The StackDefinition and ResourceProxy APIs are considered stable and any future changes to them will go through the standard deprecation process.

9.0.0.0rc1

新機能

  • スタック更新(と更新プレビュー)APIに`converge`パラメーターが追加されました。本パラメーターを指定することで、更新前にリソースの利用可否を強制的に確認します。本パラメーターには、任意のブール値を指定できます。将来的に、`observe_on_update`フラグは本パラメーターで置き換えられる予定です。

9.0.0.0b3

前置

Magnum recently changed terminology to more intuitively convey key concepts in order to align with industry standards. "Bay" is now "Cluster" and "BayModel" is now "ClusterTemplate". This release deprecates the old names in favor of the new.

新機能

  • The 'contains' function was added, which checks whether the specified value is in a sequence. In addition, the new function can be used as a condition function.

  • 新規リソースOS::Zun::Container が追加されました。Zunで実行されるDockerコンテナの管理が可能になります。本リソースの'addresses'属性では、NeutronのポートIDなどのネットワーク情報を保持します。これによって、他のネットワークリソースとコンテナのオーケストレーションが可能になります(例:フローティングIP)。

  • New resource OS::Neutron::Trunk is added to manage Neutron Trunks.

  • OS::Nova::Server and OS::Heat::DeployedServerリソースに新規プロパティdeployment_swift_data が追加されました。サーバの配備データで使用するSwiftコンテナとオブジェクト名を本プロパティで定義できます。未設定の場合、過去の動作にフォールバックします(値の自動生成)。

  • OS::Magnum::Cluster resource plugin added to support magnum cluster feature, which is provided by magnum cluster API.

  • OS::Magnum::ClusterTemplate resource plugin added to support magnum cluster template feature, which is provided by magnum clustertemplates API.

  • ``repeat``関数に新しく``permutations``セクションが追加されました。特定のリスト内の要素の順列をネストして反復するかを選択できます。'permutations'が指定されていない場合、過去の動作に従います。'permutations' がFalseの場合は、引数はdictsではなくlistsでなければなりません。理由は、dictsは整列されていないことと、lists変数はすべて同じ長さ出なければならないためです。

  • Two new policies soft-affinity and soft-anti-affinity have been supported for the OS::Nova::ServerGroup resource.

  • Resource attributes are now stored at the time a resource is created or updated, allowing for fast resolution of outputs without having to retrieve live data from the underlying physical resource. To minimise compatibility problems, the behaviour of the show attribute, the with_attr option to the resource show API, and stacks that do not yet use the convergence architecture (due to the convergence_engine being disabled at the time they were created) is unchanged - in each of these cases live data will still be returned.

  • Support to managing rbac policy for 'qos_policy' resource, which allows to share Neutron qos policy to subsets of tenants.

廃止予定の機能

  • Magnum terminology deprecations * OS::Magnum::Bay is now deprecated, should use OS::Magnum::Cluster instead * OS::Magnum::BayModel is now deprecated, should use OS::Magnum::ClusterTemplate instead Deprecation warnings are printed for old usages.

重要な問題

  • Since Aodh drop support for combination alarm, therefore OS::Aodh::CombinationAlarm is now mark as hidden resource with directly inheriting from None resource which will make the resource do nothing when handling any actions (other than delete). And please don't use it. Old resource which created with that resource type still able to delete. It's recommand to switch that resource type ASAP, since we will remove that resource soon.

9.0.0.0b2

新機能

  • The list_concat_unique function was added, which behaves identically to the function list_concat to concat several lists using python's extend function and make sure without repeating items.

  • list_concat関数が追加されました。Pythonの拡張関数を使い、複数のリストを結合することができます。

  • OS::Neutron::Routerリソースのタグの設定と更新が可能になりました。

  • 新規リソースOS::Mistral::ExternalResource が追加されました。Mistralのワークフローで作成、更新、削除などのアクションを処理させることで、Heatが認識していないリソースの管理が可能になります。

  • New item key 'allocate_network' of 'networks' with allowed values 'auto' and 'none' for OS::Nova::Server, to support 'Give Me a Network' nova feature. Specifying 'auto' would auto allocate a network topology for the project if there is no existing network available; Specifying 'none' means no networking will be allocated for the created server. This feature requires nova API micro version 2.37 or later and the auto-allocated-topology API is available in the Neutron networking service.

  • python-openstacksdkライブラリとカスタム制約 neutron.segment が使用できるクライアントプラグイン openstack が新たに追加されました

  • 新規リソース OS::Neutron:Segment が追加されました。ルーティングされたネットワークが作成できます。Neutronの segment API拡張が実装されている場合、本リソースが利用できます。

  • リソース OS::Neutron::Subnet では任意のプロパティ segment が利用できるようになりました。セグメントを指定することができます。

  • ネットワーク上でL2通信が利用できる場合、リソース OS::Neutron::Netl2_adjacency 属性が利用できます。

  • ネストされたスタックにParameterGroupsセクションが追加されました。スタック検証テンプレートの出力に使用されます。

  • OS::Neutron::Net リソースのタグの定義または更新が可能になりました。

  • OS::Neutron::Portリソースのタグの設定と更新が可能になりました。

  • OS::Neutron::Subnetリソースのタグの設定と更新が可能になりました。

  • OS::Neutron::SubnetPoolリソースのタグの設定と更新が可能になりました。

廃止予定の機能

  • nova-network is no longer supported in OpenStack. Please use OS::Neutron::FloatingIPAssociation and OS::Neutron::FloatingIP in place of OS::Nova::FloatingIPAssociation and OS::Nova::FloatingIP

  • The AWS::EC2::EIP domain is always assumed to be 'vpc', since nova-network is not supported in OpenStack any longer.

  • OS::Cinder::Volumeの'attachments'属性は、正しいリスト形式である 'attachments_list'が有用なため、非推奨になりました。エンドユーザーからのデータ処理の簡易化が期待できます。

その他の注意点

  • 開発中のZunリソースが将来的に使うZunクライアントプラグインモジュールが追加されました。

  • Now heat keystone user name charaters limit increased from 64 to 255. Any extra charaters will lost when truncate the name to the last 255 charaters.

9.0.0.0b1

新機能

  • Supports to get the webmks console url for OS::Nova::Server resource. And this requires nova api version equal or greater than 2.8.

  • The Pike version of HOT (2017-09-01) adds a make_url function to simplify combining data from different sources into a URL with correct handling for escaping and IPv6 addresses.

バグ修正

  • OS::Manila::Share リソースでは共有プロトコルとして'CEPHF'を使用することができます。

8.0.0.0b3

新機能

  • 新しくDesignate v2リソースプラグインOS::Designate::ZoneとOS::Designate::RecordSet が追加されました。

  • 新規リソースプラグイン OS::Keystone::Domain が追加されました。Keystoneドメインのライフサイクル管理に活用できます。

  • 新規リソース OS::Neutron::Quota が追加されました。Neutronクォータの管理に利用できます。

  • 新規リソース OS::Sahara::Job が追加されました。Saharaジョブの作成と開始が行えます。ジョブはresource-signalで開始できます。

  • Saharaリソースのカスタム制約が追加されました。- sahara.cluster, sahara.cluster_template, sahara.data_source, sahara.job_binary, sahara.job_type -

  • OS::Nova::Serverでは、block_device_mapping_v2プロパティにおいて、ephemeral_sizeとephemeral_formatプロパティが利用できるようになりました。ephemeral_sizeプロパティはエフェメラルディスクサイズが0よりも大きいフレーバーを必要としており、Integerです。ephemeral_formatプロパティは任意のStringです。指定できる値はext2, ext3, ext4, xfs, ntfs(Windowsゲストの場合)です。省略されている場合、Nova configファイルに定義されているデフォルト値が採用されます。

廃止予定の機能

  • Designate v1リソースプラグインOS::Designate::DomainとOS::Designate::Recordが廃止されます。

8.0.0.0b2

新機能

  • 新規リソースプラグインOS::Aodh::CompositeAlarmが追加されました。Aodh複合アラームの管理が行えます。Newtonリリースで廃止されたOS::Aodh::CombinationAlarmの代わりとなります。

  • resource mark unhealthy コマンドでのリソースの指定方式が拡張されました。論理的なリソース名(これまで通り)または物理的なリソースID(新規)でリソースを指定し、リソースをunhealthyと識別することができます。、

  • New OS::Zaqar::Subscription and OS::Zaqar::MistralTrigger resource types allow users to attach to Zaqar queues (respectively) notifications in general, and notifications that trigger Mistral workflow executions in particular.

8.0.0.0b1

新機能

  • 新規リソースプラグインOS::Cinder::QoSAssociationが追加されました。Cinderの qos-specs API拡張で提供されているCinder QoS Specsとボリューム種別を関連付けることができます。

  • 新規リソース OS::Nova::Quota が追加されました。特定のプロジェクトに対して、Computeサービスに対するクォータを制御できるようになります。

7.0.0.0rc1

新機能

  • HOTテンプレート(heat_template_version.2016-10-14)に任意のセクション conditions 、CFNテンプレート(AWSTemplateFormatVersion.2010-09-09)に Conditions が追加されました。

  • conditions セクションで使用できる条件関数 equals , not , and , or などが追加されました。条件関数は conditions セクションで1つまたは複数の条件を定義でき、スタック作成またはスタック更新時に入力されたパラメタ値が判定されます。

  • resourceとoutputの定義に任意のセクション condition が追加されました。conditions で定義された条件名や条件関数が本セクションで参照することができ、条件によってresourceやoutputを作成することができます。

  • 新規関数 if が追加されました。条件判定において、結果を返します。resourceのプロパティやoutputの値を設定する際に条件判定を使うことができます。

  • 新規リソースプラグインOS::Cinder::QoSSpecsが追加されました。Cinderの``qos-specs``API拡張で提供されているCinder QoS Specsが利用できます。

  • QoS Specs属性の検証のためにcinder.qos_specs制約が追加されました。

  • 新規リソース OS::Cinder::Quota が追加されました。Cinderのクォータ管理に利用できます。Cinderのクォータによってプロジェクトが利用できるCinderブロックストレージリソースに対する上限を設定できます。対象は gigabytes, snapshots, volumesです。

7.0.0.0b3

前置

これまでは、環境ファイルに指定された 'parameters' と 'parameter_defaults' がそれぞれの既存の値を上書きしていました。

これまでは、event list RESTAPIは特定のスタックにネスト化されたスタックリソースが含まれていてもスタック本体のイベントのみを返していました。すべてのネスト化されたイベントを取得するためには、クライアント側で再帰的な実装が必要で非効率的でした。

テンプレートでの外部リソース参照が利用できるようになりました。

新機能

  • Neutronリソースに対し、内部DNS解決と外部DNSサービスとの連携が可能になりました。テンプレート開発者は、Neutronリソースプラグインの dns_namedns_domain プロパティを指定することで本機能が使えます。

  • 新規セクション 'parameter_merge_strategies' が環境ファイルに追加可能になりました。'default' やパラメタ固有のマージ方針(または両方)が指定できます。

  • 環境ファイルに指定されたパラメタとパラメタのデフォルト値は指定された方針に従ってマージされます。

  • event listのGET REST APIは 'nested_depth' パラメタの値が0より大きい場合これまでとは異なる動作となります。出力情報には、指定されたネスト階層(深さ)までのイベントの情報がすべて含まれるようになりました。

  • 'nested_depth'が指定されている場合、出力の 'links' リストに 'rel' の値が 'root_stack' となるエントリが追加されます。クライアント側で再帰的なイベント取得が必要かどうかを判断するのにで利用することができます。

  • 新規属性 external_id が追加されました。既存の外部リソースに対して参照する際に利用することを想定しています。本属性を指定すると外部リソースと認識し、内部で管理できないように(更新不可)なります。

  • 本機能はテンプレートバージョン 2016-10-14 以降で有効です。

  • 新規関数 map_replace が追加されました。入力マップとマップという2つの引数を必要とします。マップには keysvalues (両方またはどちらか)が含まれます。指定された keysvalues が入力マップに代入されます。

  • 新規関数 yaql が追加されました。string型の expression とmap型の data という2つの引数を必要とします。指定された data の情報を元に expression が検証されます。

アップグレード時の注意

  • configに新しく volumes セクションと設定オプション [volumes]backups_enabled (デフォルトは``True``)が追加されました。Cinderバックアップサービスが実装されていないクラウドの運用者は本オプションを False にすることを推奨します。

バグ修正

  • Cinderバックアップサービスが提供されていない場合、deletion_policySnapshot が選択されているボリュームリソースを含むスタックの作成を禁止するようにHeatサービスを設定することが可能です。

7.0.0.0b2

新機能

  • Monasca通知リソースに任意の 'period' プロパティを追加しました。Monascaに対して、ALARM状態からOK状態に遷移(または逆も)するまで定期的にウェブフックを誘発する期間(秒)を指定することができます。アラームの状態が継続する場合に自動的にスケール(拡張・縮退)するスタックを作成したい場合に有益です。既存のHeat autoscaling動作に従い、本プロパティのデフォルト値は60となります。

7.0.0.0b1

新機能

  • 設定ファイルに`template_dir`が追加されました。Heatにはデフォルトディレクトリとして`/etc/heat/templates`を通常使用していますが、これまで設定ファイルに定義されていませんでした。将来的には、テンプレートをグローバルテンプレート環境からアクセスすることを実装することが可能になります。

  • 新規構成オプション 'max_server_name_length' が追加されました。これまでの上限値(53)を下げることができます。(例:LDAPや名前制限規則など、必要に応じて)

  • リソースプラグインOS::Glance::Imageが更新されました。スタックの一部として、イメージの作成と更新時にタグが利用できるようになりました。

  • Monascaが公式OpenStackプロジェクトになったため、リソースプラグインOS::Monasca::AlarmDefinition と OS::Monasca::NotificationはHeatコミュニティでサポートされます。