[release-announce] openstack-heat 13.0.0 (train)
no-reply at openstack.org
no-reply at openstack.org
Wed Oct 16 12:50:26 UTC 2019
We are stoked to announce the release of:
openstack-heat 13.0.0: OpenStack Orchestration
This release is part of the train release series.
The source is available from:
https://opendev.org/openstack/openstack-heat
Download the package from:
https://tarballs.openstack.org/heat/
For more details, please see below.
13.0.0
^^^^^^
New Features
************
* OS::Aodh::LBMemberHealthAlarm resource plugin is added to manage
Aodh loadbalancer_member_health alarm.
* Added a new config option server_keystone_endpoint_type to specify
the keystone authentication endpoint (public/internal/admin) to pass
into cloud-init data. If left unset the original behavior should
remain unchanged.
This feature allows the deployer to unambiguously specify the
keystone endpoint passed to user provisioned servers, and is
particularly useful where the deployment network architecture
requires the heat service to interact with the internal endpoint,
but user provisioned servers only have access to the external
network.
For more information see http://lists.openstack.org/pipermail
/openstack-discuss/2019-February/002925.html
* Support "tags" property for the resource
"OS::Octavia::PoolMember", the property is allowed to be updated as
well. The resource tag was introduced in Octavia since Stein
release, do not specify tags in Heat template if you are using the
previous versions.
* The "OS::Neutron::QosBandwidthLimitRule" resource type now
supports an optional "direction" property, allowing users to set the
ingress bandwidth limit in a QoS rule. Previously only the egress
bandwidth limit could be set.
* Heat can now support software deployments with CoreOS by passing a
CoreOS Ignition config in the "user_data" property for an
"OS::Nova::Server" resource when the "user_data_format" is set to
"SOFTWARE_CONFIG".
* Added new config option "[DEFAULT]allow_trusts_redelegation"
("False" by default). When enabled and
"reauthentication_auth_method" is set to "trusts", Heat will always
create trusts with enabled redelegation, for both trusts used for
long running stacks and for trusts used for deferred authentication.
Upgrade Notes
*************
* When loading a Resource plugin, the attribute schema is now
validated in the same way that the properties schema is. Third-party
resource plugins should be tested to check that they still comply.
* "multiattach`" property in "OS::Cinder::Volume" is now hidden.
Please use "multiattach" key in "metadata" property of
"OS::Cinder::VolumeType" instead.
* Designate project had removed v1 api support since stable/queens.
Heat has now removed support for v1 resources
"OS::Designate::Domain" and "OS::Designate::Record" completely and
replaced them with placeholders for existing templates with those
resources. The "designate.domain" custom constraint has also been
removed.
Security Issues
***************
* With both "reauthentication_auth_method" set to "trusts" and
"allow_trusts_redelegation" set to "True" (new config option,
"False" by default), Heat will always create trusts with enabled
redelegation, for both trusts used for long running stacks and for
trusts used for deferred authentication. This have security
implications and is only recommended when Heat is set to use trust
and you experience problems with other services Heat consumes that
also require to create trusts from token being passed by Heat
(examples are Aodh and Heat running in another region).
Bug Fixes
*********
* Non-ASCII text that appears in parameter constraints (e.g. in the
description of a constraint, or a list of allowed values) will now
be handled correctly when generating error messages if the
constraint is not met.
* "OS::Neutron::Port" resources will now be replaced when the
"mac_address" property is modified. Neutron is unable to update the
MAC address of a port once the port is in use.
Other Notes
***********
* New document is out for "multi-clouds support", check out
https://docs.openstack.org/heat/latest/template_guide/multi-
clouds.html for more information.
Changes in openstack-heat 12.0.0.0rc1..13.0.0
---------------------------------------------
de238dd95 Imported Translations from Zanata
68a9fb12d Support Ignition for userdata
a8fba21f2 Remove designate v1 support
14b14dcfc Add exception log for stack preview
92ca51ec8 Add release notes
2799a5fcd Correct availability_zone to be non-mandatory in heat
1ab29a42e Fix multiple gate issues
bb44f779f Document block_device_mapping_v2 delete_on_termination defaults
140e2175e Blacklist eventlet 0.21.0,0.23.0,0.25.0
c7cc740f3 Add connect_retries when creating domain_admin_client
6fb8ac250 Add retries when loading keystone data and fetching endpoints
364716725 Use connect_retries when creating clients
f3efe1de2 Ensure _static exists with placeholder
ba9c42b9e Add retry for sync_point_update_input_data
9d9e0c647 Firewall creation failed due to "INACTIVE"
ca4ff0f98 Fix invalid assert state
7485c240d Fix coverity check FORWARD_NULL error
6b0efe5f3 Fix Senlin policy resource
3fda946ff Add heat resource for creating Aodh loadbalancer_member_health alarm type[1]
14f2678c4 Bump the openstackdocstheme extension to 1.20
47a3004de Change HOST_IP to SERVICE_HOST
b2f9705da Update readme
e08a81100 Blacklist sphinx 2.1.0 (autodoc bug)
6f7b3aca9 Fix senlin cluster create
160947deb Update Debian Installation Document
d4b6f37ab Never pass 'value_specs' to Neutron
b31af77e1 Fix broken RST link
fd23308f6 Show an engine as down if service record is not updated twice
208cdfea3 Update api-ref location
5a403d709 Merge parameters and templates when resetting stack status
5ba3b6087 Add dedicated auth endpoint config for servers
7066bccc5 Don't resolve properties for OS::Heat::None resource
8e784ff9c Add periodic job template
629d1042c Update install docs for Keystone v3
c49e0cbc3 Update tools/README.rst with bindep info
dd9bc3cd2 Unit tests: Fix wrong assert function name in port update
d116b2169 Add local bindep.txt
fdb5e892b Add doc for multi-clouds support
d805e6b12 Ignore false positive Bandit test
28975c7cd Disallow in-place update of Port MAC address
28dd8117b Update keystone_authtoken config reference
42bb1aae2 Don't use 'assert' keyword in unit tests
e37765858 Allow creating trusts with allow_redelegation
af7588600 Do not re-clone heat in devstack plugin
d580565ab Fix regression with SW deployments when region not configured
ee0611034 Return None for attributes of sd with no actions
d50ded739 Fix intermittent error in test_decrypt_dict_invalid_key
5e93b3e4c Fix allowed address pair validation
011fa22c4 Blacklist bandit 1.6.0 and cap Sphinx on Python2
8c6743737 Ignore Not Found when deleting Keystone role assignment
f66dac5c6 Update Python 3 test runtimes for Train
d69560239 Add special user options for domain user
6d6d76652 Don't send existing attributes in value_specs for neutron update
86e41a8a8 Fix upper-constraints.txt url
e829b3aec Switch to review.opendev.org
203bce9cd Switch to use opendev.org
5bdcaeff0 Add entry_point for oslo policy scripts
5782ce4c5 OpenDev Migration Patch
fd152785a Zun: fix an issue on command property
132457d44 Dropping the py35 testing
276dd95b3 Added release note for QosBandwithLimitRule direction property
87b4a92a6 Fix lower-constraints tox env to use proper constraints
46f595b46 Fix grenade regression introduced by multicloud support
13ebdedb5 Added 'direction' prop to QoSBandwidthLimitRule
f2faa5e1a Fix test_cloud_config for PyYAML 5.1
aa58fbcac Load existing resources using correct environment
41b9a650d Retry on DB deadlock in event_create()
a8c44bdda Log args during list_concat
bf2d14d8d Replace openstack.org git:// URLs with https://
8e41757bf Add code name for Train 13.0.0 in document
af9c2e4ba Add Code name for Stein 12.0.0 in document
f3c08330f Support tags for Octavia pool member
ff57ccdec Update master for stable/stein
0e1ed1a4b Fix SoftwareDeployment on DELETE action
a29ccdcdb Handle unicode in constraints
de09e6040 Use ThreadGroup.add_timer() API correctly
e675ae10f Update devel info: mailing list
f2b60f308 Validate attributes schema
635fbcec0 change import order
Diffstat (except docs and test files)
-------------------------------------
.gitreview | 2 +-
.zuul.yaml | 12 +-
README.rst | 45 +-
api-ref/source/conf.py | 24 -
bindep.txt | 41 +
contrib/heat_docker/setup.cfg | 2 +-
devstack/README.rst | 4 +-
devstack/lib/heat | 9 +-
.../templates/cfn/WordPress_Single_Instance.rst | 2 +-
heat/cmd/all.py | 13 +-
heat/common/config.py | 21 +-
heat/common/context.py | 15 +-
heat/common/crypt.py | 7 +-
heat/common/endpoint_utils.py | 5 +-
heat/common/exception.py | 2 +-
heat/common/policy.py | 9 +
heat/common/service_utils.py | 12 +-
heat/db/sqlalchemy/api.py | 4 +
heat/db/sqlalchemy/migrate_repo/README | 2 +-
heat/engine/api.py | 2 +
heat/engine/attributes.py | 10 +-
heat/engine/clients/client_plugin.py | 2 +
heat/engine/clients/os/aodh.py | 2 +
heat/engine/clients/os/barbican.py | 2 +
heat/engine/clients/os/blazar.py | 2 +
heat/engine/clients/os/cinder.py | 2 +
heat/engine/clients/os/designate.py | 67 +-
heat/engine/clients/os/glance.py | 2 +
heat/engine/clients/os/heat_plugin.py | 1 +
.../clients/os/keystone/fake_keystoneclient.py | 3 +
.../clients/os/keystone/heat_keystoneclient.py | 50 +-
heat/engine/clients/os/magnum.py | 2 +
heat/engine/clients/os/manila.py | 2 +
heat/engine/clients/os/neutron/__init__.py | 4 +-
heat/engine/clients/os/nova.py | 47 +-
heat/engine/clients/os/sahara.py | 2 +
heat/engine/clients/os/senlin.py | 29 +-
heat/engine/clients/os/trove.py | 2 +
heat/engine/constraint/common_constraints.py | 19 +
heat/engine/constraints.py | 42 +-
heat/engine/hot/functions.py | 7 +-
heat/engine/resources/aws/ec2/instance.py | 1 +
heat/engine/resources/openstack/aodh/alarm.py | 100 ++
heat/engine/resources/openstack/cinder/volume.py | 11 +-
.../engine/resources/openstack/designate/domain.py | 108 +-
.../engine/resources/openstack/designate/record.py | 156 +-
.../resources/openstack/heat/none_resource.py | 4 +
.../openstack/heat/software_deployment.py | 21 +-
.../openstack/keystone/role_assignments.py | 6 +-
.../engine/resources/openstack/neutron/firewall.py | 2 +-
heat/engine/resources/openstack/neutron/neutron.py | 14 +-
heat/engine/resources/openstack/neutron/port.py | 6 +-
heat/engine/resources/openstack/neutron/qos.py | 14 +-
.../resources/openstack/nova/host_aggregate.py | 1 -
heat/engine/resources/openstack/nova/server.py | 17 +-
.../resources/openstack/octavia/pool_member.py | 12 +-
heat/engine/resources/openstack/senlin/cluster.py | 3 +-
heat/engine/resources/openstack/senlin/policy.py | 4 +-
heat/engine/resources/openstack/zun/container.py | 4 +
heat/engine/resources/server_base.py | 6 +-
heat/engine/resources/signal_responder.py | 3 +-
heat/engine/service.py | 2 +-
heat/engine/stack.py | 69 +-
heat/locale/de/LC_MESSAGES/heat.po | 99 +-
heat/locale/es/LC_MESSAGES/heat.po | 63 +-
heat/locale/fr/LC_MESSAGES/heat.po | 63 +-
heat/locale/it/LC_MESSAGES/heat.po | 63 +-
heat/locale/ja/LC_MESSAGES/heat.po | 63 +-
heat/locale/ko_KR/LC_MESSAGES/heat.po | 63 +-
heat/locale/pt_BR/LC_MESSAGES/heat.po | 63 +-
heat/locale/ru/LC_MESSAGES/heat.po | 61 +-
heat/locale/zh_CN/LC_MESSAGES/heat.po | 58 +-
heat/locale/zh_TW/LC_MESSAGES/heat.po | 57 +-
.../openstack/heat/test_software_deployment.py | 3 +-
.../openstack/neutron/test_neutron_rbac_policy.py | 6 +-
.../functional/test_create_update.py | 34 +
lower-constraints.txt | 10 +-
playbooks/devstack/functional/run.yaml | 22 +-
playbooks/devstack/grenade/run.yaml | 12 +-
rally-scenarios/plugins/sample_plugin.py | 6 +-
...aodh-lbmemberhealth-alarm-c59502aac1944b8b.yaml | 4 +
...dpoint-config-for-servers-b20f7eb351f619d0.yaml | 16 +
...c_for_multi_cloud_support-9f6e74ccc2639b4e.yaml | 4 +
...tribute-schema-validation-db615003e577f8dd.yaml | 6 +
.../notes/constraints-i18n-dc8b2652b8455196.yaml | 7 +
.../notes/hidden-multiattach-c761af6165c9571f.yaml | 6 +
.../octavia-member-tags-84cd00224d6b7bc1.yaml | 6 +
.../port-mac-address-update-b377d23434e7b48a.yaml | 6 +
...s-bandwidth-limit-ingress-182a6300cd6e7aa3.yaml | 7 +
...move-designate-v1-support-107de4784f8da2a6.yaml | 8 +
.../notes/support-ignition-93daac40f43a2cfe.yaml | 7 +
.../notes/trust-redelegate-25a6cfc78528a361.yaml | 19 +
releasenotes/source/conf.py | 16 -
releasenotes/source/index.rst | 1 +
.../locale/en_GB/LC_MESSAGES/releasenotes.po | 1659 --------------------
.../source/locale/fr/LC_MESSAGES/releasenotes.po | 71 -
.../source/locale/ja/LC_MESSAGES/releasenotes.po | 854 ----------
.../locale/ko_KR/LC_MESSAGES/releasenotes.po | 72 -
releasenotes/source/stein.rst | 6 +
requirements.txt | 8 +-
setup.cfg | 8 +-
test-requirements.txt | 4 +-
tools/README.rst | 16 +-
tools/test-requires-deb | 9 -
tools/test-requires-rpm | 9 -
tox.ini | 19 +-
163 files changed, 1983 insertions(+), 4901 deletions(-)
Requirements updates
--------------------
diff --git a/requirements.txt b/requirements.txt
index ca1a089eb..62625ef25 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -9 +9 @@ cryptography>=2.1 # BSD/Apache-2.0
-eventlet!=0.18.3,!=0.20.1,>=0.18.2 # MIT
+eventlet!=0.18.3,!=0.20.1,!=0.21.0,!=0.23.0,!=0.25.0,>=0.18.2 # MIT
@@ -36 +36 @@ python-barbicanclient>=4.5.2 # Apache-2.0
-python-blazarclient>=1.0.0 # Apache-2.0
+python-blazarclient>=1.0.1 # Apache-2.0
@@ -42 +42 @@ python-keystoneclient>=3.8.0 # Apache-2.0
-python-magnumclient>=2.1.0 # Apache-2.0
+python-magnumclient>=2.3.0 # Apache-2.0
@@ -53 +53 @@ python-troveclient>=2.2.0 # Apache-2.0
-python-zaqarclient>=1.0.0 # Apache-2.0
+python-zaqarclient>=1.3.0 # Apache-2.0
diff --git a/test-requirements.txt b/test-requirements.txt
index 4500a40b8..d7bd8f6f8 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -7 +7 @@ hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0
-bandit>=1.1.0 # Apache-2.0
+bandit!=1.6.0,>=1.1.0 # Apache-2.0
@@ -14 +14 @@ oslotest>=3.2.0 # Apache-2.0
-psycopg2>=2.6.2 # LGPL/ZPL
+psycopg2>=2.7 # LGPL/ZPL
More information about the Release-announce
mailing list