We are stoked to announce the release of:
openstack-heat 13.0.0: OpenStack Orchestration
This release is part of the train release series.
The source is available from:
https://opendev.org/openstack/openstack-heat
Download the package from:
https://tarballs.openstack.org/heat/
For more details, please see below.
13.0.0 ^^^^^^
New Features ************
* OS::Aodh::LBMemberHealthAlarm resource plugin is added to manage Aodh loadbalancer_member_health alarm.
* Added a new config option server_keystone_endpoint_type to specify the keystone authentication endpoint (public/internal/admin) to pass into cloud-init data. If left unset the original behavior should remain unchanged.
This feature allows the deployer to unambiguously specify the keystone endpoint passed to user provisioned servers, and is particularly useful where the deployment network architecture requires the heat service to interact with the internal endpoint, but user provisioned servers only have access to the external network.
For more information see http://lists.openstack.org/pipermail /openstack-discuss/2019-February/002925.html
* Support "tags" property for the resource "OS::Octavia::PoolMember", the property is allowed to be updated as well. The resource tag was introduced in Octavia since Stein release, do not specify tags in Heat template if you are using the previous versions.
* The "OS::Neutron::QosBandwidthLimitRule" resource type now supports an optional "direction" property, allowing users to set the ingress bandwidth limit in a QoS rule. Previously only the egress bandwidth limit could be set.
* Heat can now support software deployments with CoreOS by passing a CoreOS Ignition config in the "user_data" property for an "OS::Nova::Server" resource when the "user_data_format" is set to "SOFTWARE_CONFIG".
* Added new config option "[DEFAULT]allow_trusts_redelegation" ("False" by default). When enabled and "reauthentication_auth_method" is set to "trusts", Heat will always create trusts with enabled redelegation, for both trusts used for long running stacks and for trusts used for deferred authentication.
Upgrade Notes *************
* When loading a Resource plugin, the attribute schema is now validated in the same way that the properties schema is. Third-party resource plugins should be tested to check that they still comply.
* "multiattach`" property in "OS::Cinder::Volume" is now hidden. Please use "multiattach" key in "metadata" property of "OS::Cinder::VolumeType" instead.
* Designate project had removed v1 api support since stable/queens. Heat has now removed support for v1 resources "OS::Designate::Domain" and "OS::Designate::Record" completely and replaced them with placeholders for existing templates with those resources. The "designate.domain" custom constraint has also been removed.
Security Issues ***************
* With both "reauthentication_auth_method" set to "trusts" and "allow_trusts_redelegation" set to "True" (new config option, "False" by default), Heat will always create trusts with enabled redelegation, for both trusts used for long running stacks and for trusts used for deferred authentication. This have security implications and is only recommended when Heat is set to use trust and you experience problems with other services Heat consumes that also require to create trusts from token being passed by Heat (examples are Aodh and Heat running in another region).
Bug Fixes *********
* Non-ASCII text that appears in parameter constraints (e.g. in the description of a constraint, or a list of allowed values) will now be handled correctly when generating error messages if the constraint is not met.
* "OS::Neutron::Port" resources will now be replaced when the "mac_address" property is modified. Neutron is unable to update the MAC address of a port once the port is in use.
Other Notes ***********
* New document is out for "multi-clouds support", check out https://docs.openstack.org/heat/latest/template_guide/multi- clouds.html for more information.
Changes in openstack-heat 12.0.0.0rc1..13.0.0 ---------------------------------------------
de238dd95 Imported Translations from Zanata 68a9fb12d Support Ignition for userdata a8fba21f2 Remove designate v1 support 14b14dcfc Add exception log for stack preview 92ca51ec8 Add release notes 2799a5fcd Correct availability_zone to be non-mandatory in heat 1ab29a42e Fix multiple gate issues bb44f779f Document block_device_mapping_v2 delete_on_termination defaults 140e2175e Blacklist eventlet 0.21.0,0.23.0,0.25.0 c7cc740f3 Add connect_retries when creating domain_admin_client 6fb8ac250 Add retries when loading keystone data and fetching endpoints 364716725 Use connect_retries when creating clients f3efe1de2 Ensure _static exists with placeholder ba9c42b9e Add retry for sync_point_update_input_data 9d9e0c647 Firewall creation failed due to "INACTIVE" ca4ff0f98 Fix invalid assert state 7485c240d Fix coverity check FORWARD_NULL error 6b0efe5f3 Fix Senlin policy resource 3fda946ff Add heat resource for creating Aodh loadbalancer_member_health alarm type[1] 14f2678c4 Bump the openstackdocstheme extension to 1.20 47a3004de Change HOST_IP to SERVICE_HOST b2f9705da Update readme e08a81100 Blacklist sphinx 2.1.0 (autodoc bug) 6f7b3aca9 Fix senlin cluster create 160947deb Update Debian Installation Document d4b6f37ab Never pass 'value_specs' to Neutron b31af77e1 Fix broken RST link fd23308f6 Show an engine as down if service record is not updated twice 208cdfea3 Update api-ref location 5a403d709 Merge parameters and templates when resetting stack status 5ba3b6087 Add dedicated auth endpoint config for servers 7066bccc5 Don't resolve properties for OS::Heat::None resource 8e784ff9c Add periodic job template 629d1042c Update install docs for Keystone v3 c49e0cbc3 Update tools/README.rst with bindep info dd9bc3cd2 Unit tests: Fix wrong assert function name in port update d116b2169 Add local bindep.txt fdb5e892b Add doc for multi-clouds support d805e6b12 Ignore false positive Bandit test 28975c7cd Disallow in-place update of Port MAC address 28dd8117b Update keystone_authtoken config reference 42bb1aae2 Don't use 'assert' keyword in unit tests e37765858 Allow creating trusts with allow_redelegation af7588600 Do not re-clone heat in devstack plugin d580565ab Fix regression with SW deployments when region not configured ee0611034 Return None for attributes of sd with no actions d50ded739 Fix intermittent error in test_decrypt_dict_invalid_key 5e93b3e4c Fix allowed address pair validation 011fa22c4 Blacklist bandit 1.6.0 and cap Sphinx on Python2 8c6743737 Ignore Not Found when deleting Keystone role assignment f66dac5c6 Update Python 3 test runtimes for Train d69560239 Add special user options for domain user 6d6d76652 Don't send existing attributes in value_specs for neutron update 86e41a8a8 Fix upper-constraints.txt url e829b3aec Switch to review.opendev.org 203bce9cd Switch to use opendev.org 5bdcaeff0 Add entry_point for oslo policy scripts 5782ce4c5 OpenDev Migration Patch fd152785a Zun: fix an issue on command property 132457d44 Dropping the py35 testing 276dd95b3 Added release note for QosBandwithLimitRule direction property 87b4a92a6 Fix lower-constraints tox env to use proper constraints 46f595b46 Fix grenade regression introduced by multicloud support 13ebdedb5 Added 'direction' prop to QoSBandwidthLimitRule f2faa5e1a Fix test_cloud_config for PyYAML 5.1 aa58fbcac Load existing resources using correct environment 41b9a650d Retry on DB deadlock in event_create() a8c44bdda Log args during list_concat bf2d14d8d Replace openstack.org git:// URLs with https:// 8e41757bf Add code name for Train 13.0.0 in document af9c2e4ba Add Code name for Stein 12.0.0 in document f3c08330f Support tags for Octavia pool member ff57ccdec Update master for stable/stein 0e1ed1a4b Fix SoftwareDeployment on DELETE action a29ccdcdb Handle unicode in constraints de09e6040 Use ThreadGroup.add_timer() API correctly e675ae10f Update devel info: mailing list f2b60f308 Validate attributes schema 635fbcec0 change import order
Diffstat (except docs and test files) -------------------------------------
.gitreview | 2 +- .zuul.yaml | 12 +- README.rst | 45 +- api-ref/source/conf.py | 24 - bindep.txt | 41 + contrib/heat_docker/setup.cfg | 2 +- devstack/README.rst | 4 +- devstack/lib/heat | 9 +- .../templates/cfn/WordPress_Single_Instance.rst | 2 +- heat/cmd/all.py | 13 +- heat/common/config.py | 21 +- heat/common/context.py | 15 +- heat/common/crypt.py | 7 +- heat/common/endpoint_utils.py | 5 +- heat/common/exception.py | 2 +- heat/common/policy.py | 9 + heat/common/service_utils.py | 12 +- heat/db/sqlalchemy/api.py | 4 + heat/db/sqlalchemy/migrate_repo/README | 2 +- heat/engine/api.py | 2 + heat/engine/attributes.py | 10 +- heat/engine/clients/client_plugin.py | 2 + heat/engine/clients/os/aodh.py | 2 + heat/engine/clients/os/barbican.py | 2 + heat/engine/clients/os/blazar.py | 2 + heat/engine/clients/os/cinder.py | 2 + heat/engine/clients/os/designate.py | 67 +- heat/engine/clients/os/glance.py | 2 + heat/engine/clients/os/heat_plugin.py | 1 + .../clients/os/keystone/fake_keystoneclient.py | 3 + .../clients/os/keystone/heat_keystoneclient.py | 50 +- heat/engine/clients/os/magnum.py | 2 + heat/engine/clients/os/manila.py | 2 + heat/engine/clients/os/neutron/__init__.py | 4 +- heat/engine/clients/os/nova.py | 47 +- heat/engine/clients/os/sahara.py | 2 + heat/engine/clients/os/senlin.py | 29 +- heat/engine/clients/os/trove.py | 2 + heat/engine/constraint/common_constraints.py | 19 + heat/engine/constraints.py | 42 +- heat/engine/hot/functions.py | 7 +- heat/engine/resources/aws/ec2/instance.py | 1 + heat/engine/resources/openstack/aodh/alarm.py | 100 ++ heat/engine/resources/openstack/cinder/volume.py | 11 +- .../engine/resources/openstack/designate/domain.py | 108 +- .../engine/resources/openstack/designate/record.py | 156 +- .../resources/openstack/heat/none_resource.py | 4 + .../openstack/heat/software_deployment.py | 21 +- .../openstack/keystone/role_assignments.py | 6 +- .../engine/resources/openstack/neutron/firewall.py | 2 +- heat/engine/resources/openstack/neutron/neutron.py | 14 +- heat/engine/resources/openstack/neutron/port.py | 6 +- heat/engine/resources/openstack/neutron/qos.py | 14 +- .../resources/openstack/nova/host_aggregate.py | 1 - heat/engine/resources/openstack/nova/server.py | 17 +- .../resources/openstack/octavia/pool_member.py | 12 +- heat/engine/resources/openstack/senlin/cluster.py | 3 +- heat/engine/resources/openstack/senlin/policy.py | 4 +- heat/engine/resources/openstack/zun/container.py | 4 + heat/engine/resources/server_base.py | 6 +- heat/engine/resources/signal_responder.py | 3 +- heat/engine/service.py | 2 +- heat/engine/stack.py | 69 +- heat/locale/de/LC_MESSAGES/heat.po | 99 +- heat/locale/es/LC_MESSAGES/heat.po | 63 +- heat/locale/fr/LC_MESSAGES/heat.po | 63 +- heat/locale/it/LC_MESSAGES/heat.po | 63 +- heat/locale/ja/LC_MESSAGES/heat.po | 63 +- heat/locale/ko_KR/LC_MESSAGES/heat.po | 63 +- heat/locale/pt_BR/LC_MESSAGES/heat.po | 63 +- heat/locale/ru/LC_MESSAGES/heat.po | 61 +- heat/locale/zh_CN/LC_MESSAGES/heat.po | 58 +- heat/locale/zh_TW/LC_MESSAGES/heat.po | 57 +- .../openstack/heat/test_software_deployment.py | 3 +- .../openstack/neutron/test_neutron_rbac_policy.py | 6 +- .../functional/test_create_update.py | 34 + lower-constraints.txt | 10 +- playbooks/devstack/functional/run.yaml | 22 +- playbooks/devstack/grenade/run.yaml | 12 +- rally-scenarios/plugins/sample_plugin.py | 6 +- ...aodh-lbmemberhealth-alarm-c59502aac1944b8b.yaml | 4 + ...dpoint-config-for-servers-b20f7eb351f619d0.yaml | 16 + ...c_for_multi_cloud_support-9f6e74ccc2639b4e.yaml | 4 + ...tribute-schema-validation-db615003e577f8dd.yaml | 6 + .../notes/constraints-i18n-dc8b2652b8455196.yaml | 7 + .../notes/hidden-multiattach-c761af6165c9571f.yaml | 6 + .../octavia-member-tags-84cd00224d6b7bc1.yaml | 6 + .../port-mac-address-update-b377d23434e7b48a.yaml | 6 + ...s-bandwidth-limit-ingress-182a6300cd6e7aa3.yaml | 7 + ...move-designate-v1-support-107de4784f8da2a6.yaml | 8 + .../notes/support-ignition-93daac40f43a2cfe.yaml | 7 + .../notes/trust-redelegate-25a6cfc78528a361.yaml | 19 + releasenotes/source/conf.py | 16 - releasenotes/source/index.rst | 1 + .../locale/en_GB/LC_MESSAGES/releasenotes.po | 1659 -------------------- .../source/locale/fr/LC_MESSAGES/releasenotes.po | 71 - .../source/locale/ja/LC_MESSAGES/releasenotes.po | 854 ---------- .../locale/ko_KR/LC_MESSAGES/releasenotes.po | 72 - releasenotes/source/stein.rst | 6 + requirements.txt | 8 +- setup.cfg | 8 +- test-requirements.txt | 4 +- tools/README.rst | 16 +- tools/test-requires-deb | 9 - tools/test-requires-rpm | 9 - tox.ini | 19 +- 163 files changed, 1983 insertions(+), 4901 deletions(-)
Requirements updates --------------------
diff --git a/requirements.txt b/requirements.txt index ca1a089eb..62625ef25 100644 --- a/requirements.txt +++ b/requirements.txt @@ -9 +9 @@ cryptography>=2.1 # BSD/Apache-2.0 -eventlet!=0.18.3,!=0.20.1,>=0.18.2 # MIT +eventlet!=0.18.3,!=0.20.1,!=0.21.0,!=0.23.0,!=0.25.0,>=0.18.2 # MIT @@ -36 +36 @@ python-barbicanclient>=4.5.2 # Apache-2.0 -python-blazarclient>=1.0.0 # Apache-2.0 +python-blazarclient>=1.0.1 # Apache-2.0 @@ -42 +42 @@ python-keystoneclient>=3.8.0 # Apache-2.0 -python-magnumclient>=2.1.0 # Apache-2.0 +python-magnumclient>=2.3.0 # Apache-2.0 @@ -53 +53 @@ python-troveclient>=2.2.0 # Apache-2.0 -python-zaqarclient>=1.0.0 # Apache-2.0 +python-zaqarclient>=1.3.0 # Apache-2.0 diff --git a/test-requirements.txt b/test-requirements.txt index 4500a40b8..d7bd8f6f8 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -7 +7 @@ hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0 -bandit>=1.1.0 # Apache-2.0 +bandit!=1.6.0,>=1.1.0 # Apache-2.0 @@ -14 +14 @@ oslotest>=3.2.0 # Apache-2.0 -psycopg2>=2.6.2 # LGPL/ZPL +psycopg2>=2.7 # LGPL/ZPL