Queens Series Release Notes¶
10.0.3-31¶
バグ修正¶
Erroneously, availability_zone for host aggregate resource types was considered mandatory in heat templates.
Behaviour has been adjusted to bring this in line with the CLI and GUI, in which it is optional.
10.0.2¶
バグ修正¶
Previously, when deleting a convergence stack, the API call would return immediately, so that it was possible for a client immediately querying the status of the stack to see the state of the previous operation in progress or having failed, and confuse that with a current status. (This included Heat itself when acting as a client for a nested stack.) Convergence stacks are now guaranteed to have moved to the
DELETE_IN_PROGRESS
state before the delete API call returns, so any subsequent polling will reflect up-to-date information.
Previously, the suspend, resume, and check API calls for all stacks, and the update, restore, and delete API calls for non-convergence stacks, returned immediately after starting the stack operation. This meant that for a client reading the state immediately when performing the same operation twice in a row, it could have misinterpreted a previous state as the latest unless careful reference were made to the updated_at timestamp. Stacks are now guaranteed to have moved to the
IN_PROGRESS
state before any of these APIs return (except in the case of deleting a non-convergence stack where another operation was already in progress).
10.0.1¶
Security Issues¶
Passwords generated by the OS::Heat::RandomString resource may have had less entropy than expected, depending on what is specified in the
character_class
andcharacter_sequence
properties. This has been corrected so that each character present in any of the specified classes or sequences now has an equal probability of appearing at each point in the generated random string.
10.0.0¶
前置¶
Note that Heat is compatible with OpenStack Identity federation, even when using Keystone trusts. It should work after you enable Federation and build the auto-provisioning map with the heat service user in Keystone. Auto-provisioning has been available in Keystone since the Ocata release.
新機能¶
Added
hostname
,hints
,security_groups
, andmounts
properties to Zun Container resources.
Adds REST api support to cancel a stack create/update without rollback.
すべての開発者、コントリビューター、ユーザー向けコンテンツはopenstack-manualsからツリー内部に移動しており、`https://docs.openstack.org/heat/pike/`で公開されています。
The template validate API call now returns the Environment calculated by heat - this enables preview of the merged environment when using parameter_merge_strategy prior to creating the stack
Adds new resources for octavia lbaas service.
New resource
OS::Octavia::LoadBalancer
is added to create and manage Load Balancers which allow traffic to be directed between servers.
New resource
OS::Octavia::Listener
is added to create and manage Listeners which represent a listening endpoint for the Load Balancer.
New resource
OS::Octavia::Pool
is added to create and manage Pools which represent a group of nodes. Pools define the subnet where nodes reside, the balancing algorithm, and the nodes themselves.
New resource
OS::Octavia::PoolMember
is added to create and manage Pool members which represent a single backend node.
New resource
OS::Octavia::HealthMonitor
is added to create and manage Health Monitors which watch status of the Load Balanced servers.
New resource
OS::Octavia::L7Policy
is added to create and manage L7 Policies.
New resource
OS::Octavia::L7Rule
is added to create and manage L7 Rules.
Added a new schema property tags, to parameters, to categorize parameters based on features.
Heat now support policy in code, which means if you didn't modify any of policy rules, you won't need to add rules in the policy.yaml or policy.json file. Because from now, heat keeps all default policies under heat/policies. You can still generate and modify a policy.yaml file which will override policy rules in code if those rules appear in the policy.yaml file.
Add tags parameter for create and update keystone projects. Defined comma deliniated list will insert tags into newly created or updated projects.
OS::Heat::ResourceGroup now supports a removal_policies_mode property. This can be used to optionally select different behavior on update where you may wish to overwrite vs append to the current policy.
Allow to set networks of instances for OS::Trove::Cluster resource.
既知の問題¶
Heat does not work with keystone identity federation. This is a known limitation as heat uses keystone trusts for deferred authentication and trusts don't work with federated keystone. For more details check https://etherpad.openstack.org/p/pike-ptg-cross-project-federation.
アップグレード時の注意¶
The
OS::Heat::HARestarter
resource type is no longer supported. This resource type is now hidden from the documentation. HARestarter resources in stacks, including pre-existing ones, are now only placeholders and will no longer do anything. The recommended alternative is to mark a resource unhealthy and then do a stack update to replace it. This still correctly manages dependencies but, unlike HARestarter, also avoid replacing dependent resources unnecessarily. An example of this technique can be seen in the autohealing sample templates at https://git.openstack.org/cgit/openstack/heat-templates/tree/hot/autohealing
Default policy.json file is now removed as we now generate the default policies in code. Please be aware that when using that file in your environment. You still can generate a policy.yaml file if that's required in your environment.
The AWS compatible CloudWatch API, deprecated since long has been finally removed. OpenStack deployments, packagers, and deployment projects which deploy/package CloudWatch should take appropriate action to remove support.
廃止予定の機能¶
Threshold alarm which uses ceilometer API is deprecated in aodh since Ocata. Please use
OS::Aodh::GnocchiAggregationByResourcesAlarm
in place ofOS::Aodh::Alarm
.
Hidden Designate resource plugins
OS::Designate::Domain
andOS::Designate::Record
. To useOS::Designate::Zone
andOS::Designate::RecordSet
instead.
The SSL middleware
heat.api.middleware.ssl:SSLMiddleware
that has been deprecated since 6.0.0 has now been removed, check your paste config and ensure it has been replaced byoslo_middleware.http_proxy_to_wsgi
instead.
The heat.resource_type custom constraint has been removed. This constraint never actually worked.
Security Issues¶
Heat no longer uses standard Python RNG when generating values for OS::Heat::RandomString resource, and instead relies on system's RNG for that.
バグ修正¶
Force delete the nova instance. If a resource is related with a nova instance which is in 'SOFT_DELETED' status, the resource can't be deleted, when nova config 'reclaim_instance_interval'. so, force-delete the nova instance, and then all the resources are related with the instance would be processed properly.
Add attribute schema to OS::Keystone::Project. This allow get_attr function can work with project resource.
その他の注意点¶
Intrinsic function plugins will now be passed a StackDefinition object instead of a Stack object. When accessing resources, the StackDefinition will return ResourceProxy objects instead of Resource objects. These classes replicate the parts of the Stack and Resource APIs that are used by the built-in Function plugins, but authors of custom third-party Template/Function plugins should audit them to ensure they do not depend on unstable parts of the API that are no longer accessible. The StackDefinition and ResourceProxy APIs are considered stable and any future changes to them will go through the standard deprecation process.
The Heat plugin in Horizon has been replaced with a new stand-alone Horizon plugin, heat-dashboard. You can see more detail in the heat-dashboard repository (https://git.openstack.org/cgit/openstack/heat-dashboard).
The old Heat Tempest plugin
heat_tests
has been removed and replaced by a separate Tempest plugin namedheat
, in the heat-tempest-plugin repository (https://git.openstack.org/cgit/openstack/heat-tempest-plugin). Functional tests that are appropriate for the Tempest environment have been migrated to the new plugin. Other functional tests remain behind in the heat repository.