Train Series Release Notes¶
13.1.0-29¶
New Features¶
The
lb_algorithm
property ofOS::Octavia::Pool
resource now supports SOURCE_IP_PORT option required for Octavia OVN provider driver.
Bug Fixes¶
The
OS::Heat::Delay
resource type is now usable.
The ordering in the list of segments returned by
OS::Neutron::Net
resources is not predictable. Stack updates changing attributes of the network can cause the list of segments to shift.The ordering is now slightly more predictable, segments with name=``None`` are now placed first in the list. This doesn’t guarantee the order, but typically only the segment implicitly created by neutron has no name attribute set. The template author should ensure other segments on the network does have a name set, so that the implicit segment will always be index 0. Resolving attributes of the implicitly created segment on the network resource can then predictably happen using index 0. See bug: 1894920.
13.0.1¶
Bug Fixes¶
Empty string passing in for volume availability_zone can be correctly handled now. For this case, it’s same as no AZ set, so the default AZ in cinder.conf will be used.
13.0.0¶
New Features¶
OS::Aodh::LBMemberHealthAlarm resource plugin is added to manage Aodh loadbalancer_member_health alarm.
Added a new config option server_keystone_endpoint_type to specify the keystone authentication endpoint (public/internal/admin) to pass into cloud-init data. If left unset the original behavior should remain unchanged.
This feature allows the deployer to unambiguously specify the keystone endpoint passed to user provisioned servers, and is particularly useful where the deployment network architecture requires the heat service to interact with the internal endpoint, but user provisioned servers only have access to the external network.
For more information see http://lists.openstack.org/pipermail/openstack-discuss/2019-February/002925.html
Support
tags
property for the resourceOS::Octavia::PoolMember
, the property is allowed to be updated as well. The resource tag was introduced in Octavia since Stein release, do not specify tags in Heat template if you are using the previous versions.
The
OS::Neutron::QosBandwidthLimitRule
resource type now supports an optionaldirection
property, allowing users to set the ingress bandwidth limit in a QoS rule. Previously only the egress bandwidth limit could be set.
Heat can now support software deployments with CoreOS by passing a CoreOS Ignition config in the
user_data
property for anOS::Nova::Server
resource when theuser_data_format
is set toSOFTWARE_CONFIG
.
Added new config option
[DEFAULT]allow_trusts_redelegation
(False
by default). When enabled andreauthentication_auth_method
is set totrusts
, Heat will always create trusts with enabled redelegation, for both trusts used for long running stacks and for trusts used for deferred authentication.
Upgrade Notes¶
When loading a Resource plugin, the attribute schema is now validated in the same way that the properties schema is. Third-party resource plugins should be tested to check that they still comply.
multiattach`
property inOS::Cinder::Volume
is now hidden. Please usemultiattach
key inmetadata
property ofOS::Cinder::VolumeType
instead.
Designate project had removed v1 api support since stable/queens. Heat has now removed support for v1 resources
OS::Designate::Domain
andOS::Designate::Record
completely and replaced them with placeholders for existing templates with those resources. Thedesignate.domain
custom constraint has also been removed.
Security Issues¶
With both
reauthentication_auth_method
set totrusts
andallow_trusts_redelegation
set toTrue
(new config option,False
by default), Heat will always create trusts with enabled redelegation, for both trusts used for long running stacks and for trusts used for deferred authentication. This have security implications and is only recommended when Heat is set to use trust and you experience problems with other services Heat consumes that also require to create trusts from token being passed by Heat (examples are Aodh and Heat running in another region).
Bug Fixes¶
Non-ASCII text that appears in parameter constraints (e.g. in the description of a constraint, or a list of allowed values) will now be handled correctly when generating error messages if the constraint is not met.
OS::Neutron::Port
resources will now be replaced when themac_address
property is modified. Neutron is unable to update the MAC address of a port once the port is in use.
Other Notes¶
New document is out for
multi-clouds support
, check out https://docs.openstack.org/heat/latest/template_guide/multi-clouds.html for more information.