Bug Fixes¶

• Erroneously, availability_zone for host aggregate resource types wasconsidered mandatory in heat templates.

  Behaviour has been adjusted to bring this in line with the CLI and GUI, inwhich it is optional.

Bug Fixes¶

• Previously, when deleting a convergence stack, the API call would returnimmediately, so that it was possible for a client immediately querying thestatus of the stack to see the state of the previous operation in progressor having failed, and confuse that with a current status. (This includedHeat itself when acting as a client for a nested stack.) Convergence stacksare now guaranteed to have moved to theDELETE_IN_PROGRESS state beforethe delete API call returns, so any subsequent polling will reflectup-to-date information.

• Previously, the suspend, resume, and check API calls for all stacks, andthe update, restore, and delete API calls for non-convergence stacks,returned immediately after starting the stack operation. This meant thatfor a client reading the state immediately when performing the sameoperation twice in a row, it could have misinterpreted a previous state asthe latest unless careful reference were made to the updated_at timestamp.Stacks are now guaranteed to have moved to theIN_PROGRESS state beforeany of these APIs return (except in the case of deleting a non-convergencestack where another operation was already in progress).

Security Issues¶

• Passwords generated by the OS::Heat::RandomString resource may have hadless entropy than expected, depending on what is specified in thecharacter_class andcharacter_sequence properties. This has beencorrected so that each character present in any of the specified classesor sequences now has an equal probability of appearing at each point inthe generated random string.

Prelude¶

Note that Heat is compatible with OpenStack Identity federation, even whenusing Keystone trusts. It should work after you enable Federation and buildtheauto-provisioning map with the heat service user in Keystone.Auto-provisioning has been available in Keystone since the Ocata release.

New Features¶

• Addedhostname,hints,security_groups, andmountsproperties to Zun Container resources.

• Adds REST api support to cancel a stack create/update without rollback.

• All developer, contributor, and user content from various guidesin openstack-manuals has been moved in-tree and are published athttps://docs.openstack.org/heat/pike/.

• The template validate API call now returns the Environment calculated byheat - this enables preview of the merged environment when usingparameter_merge_strategy prior to creating the stack

• Adds new resources for octavia lbaas service.

• New resourceOS::Octavia::LoadBalancer is added to create and manage Load Balancers which allow traffic to be directed between servers.

• New resourceOS::Octavia::Listener is added to create and manage Listeners which represent a listening endpoint for the Load Balancer.

• New resourceOS::Octavia::Pool is added to create and manage Pools which represent a group of nodes. Pools define the subnet where nodes reside, the balancing algorithm, and the nodes themselves.

• New resourceOS::Octavia::PoolMember is added to create and manage Pool members which represent a single backend node.

• New resourceOS::Octavia::HealthMonitor is added to create and manage Health Monitors which watch status of the Load Balanced servers.

• New resourceOS::Octavia::L7Policy is added to create and manage L7 Policies.

• New resourceOS::Octavia::L7Rule is added to create and manage L7 Rules.

• Added a new schema property tags, to parameters, to categorizeparameters based on features.

• Heat now support policy in code, which means if you didn’t modify any ofpolicy rules, you won’t need to add rules in thepolicy.yaml orpolicy.json file. Because from now, heat keeps all default policies underheat/policies. You can still generate and modify apolicy.yaml filewhich will override policy rules in code if those rules appear in thepolicy.yaml file.

• Addtags parameter for create and update keystone projects. Defined comma deliniated list will insert tags into newly created or updated projects.

• OS::Heat::ResourceGroup now supports a removal_policies_mode property.This can be used to optionally select different behavior on update whereyou may wish to overwrite vs append to the current policy.

• Allow to set networks of instances for OS::Trove::Cluster resource.

Known Issues¶

• Heat does not work with keystone identity federation. This is a knownlimitation as heat uses keystone trusts for deferred authentication andtrusts don’t work with federated keystone. For more details checkhttps://etherpad.openstack.org/p/pike-ptg-cross-project-federation.

Upgrade Notes¶

• TheOS::Heat::HARestarter resource type is no longer supported. Thisresource type is now hidden from the documentation. HARestarter resourcesin stacks, including pre-existing ones, are now only placeholders and willno longer do anything. The recommended alternative is to mark a resourceunhealthy and then do a stack update to replace it. This still correctlymanages dependencies but, unlike HARestarter, also avoid replacingdependent resources unnecessarily. An example of this technique can beseen in the autohealing sample templates athttps://git.openstack.org/cgit/openstack/heat-templates/tree/hot/autohealing

• Default policy.json file is now removed as we now generate the defaultpolicies in code. Please be aware that when using that file in yourenvironment. You still can generate apolicy.yaml file if that’s requiredin your environment.

• The AWS compatible CloudWatch API, deprecated since long has beenfinally removed. OpenStack deployments, packagers, and deploymentprojects which deploy/package CloudWatch should take appropriateaction to remove support.

Deprecation Notes¶

• Threshold alarm which uses ceilometer API is deprecated in aodh since Ocata. Please useOS::Aodh::GnocchiAggregationByResourcesAlarm in place ofOS::Aodh::Alarm.

• Hidden Designate resource pluginsOS::Designate::Domain andOS::Designate::Record. To useOS::Designate::Zone andOS::Designate::RecordSet instead.

• The SSL middlewareheat.api.middleware.ssl:SSLMiddleware that hasbeen deprecated since 6.0.0 has now been removed, check your pasteconfig and ensure it has been replaced byoslo_middleware.http_proxy_to_wsgi instead.

• The heat.resource_type custom constraint has been removed. This constraint never actually worked.

Security Issues¶

• Heat no longer uses standard Python RNG when generating values forOS::Heat::RandomString resource, and instead relies on system’s RNGfor that.

Bug Fixes¶

• Force delete the nova instance. If a resource is related with a nova instance which is in ‘SOFT_DELETED’ status, the resource can’t be deleted, when nova config ‘reclaim_instance_interval’. so, force-delete the nova instance, and then all the resources are related with the instance would be processed properly.

• Add attribute schema toOS::Keystone::Project. This allow get_attr function can work with project resource.

Other Notes¶

• Intrinsic function plugins will now be passed a StackDefinition object instead of a Stack object. When accessing resources, the StackDefinition will return ResourceProxy objects instead of Resource objects. These classes replicate the parts of the Stack and Resource APIs that are used by the built-in Function plugins, but authors of custom third-party Template/Function plugins should audit them to ensure they do not depend on unstable parts of the API that are no longer accessible. The StackDefinition and ResourceProxy APIs are considered stable and any future changes to them will go through the standard deprecation process.

• The Heat plugin in Horizon has been replaced with a new stand-aloneHorizon plugin, heat-dashboard. You can see more detail in theheat-dashboard repository(https://git.openstack.org/cgit/openstack/heat-dashboard).

• The old Heat Tempest pluginheat_tests has been removed and replacedby a separate Tempest plugin namedheat, in the heat-tempest-pluginrepository (https://git.openstack.org/cgit/openstack/heat-tempest-plugin).Functional tests that are appropriate for the Tempest environment have beenmigrated to the new plugin. Other functional tests remain behind in theheat repository.