Ussuri Series Release Notes


New Features

  • The lb_algorithm property of OS::Octavia::Pool resource now supports SOURCE_IP_PORT option required for Octavia OVN provider driver.

Bug Fixes

  • The OS::Heat::Delay resource type is now usable.

  • The ordering in the list of segments returned by OS::Neutron::Net resources is not predictable. Stack updates changeing attributes of the network can cause the list of segments to shift.

    The ordering is now slightly more predictable, segments with name=``None`` are now placed first in the list. This doesn’t guarantee the order, but typically only the segment implicitly created by neutron has no name attribute set. The template author should ensure other segments on the network does have a name set, so that the implicit segment will always be index 0. Resolving attributes of the implcitly created segment on the network resource can then predictibly happen using index 0. See bug: 1894920.


New Features

  • Add support for OS::Octavia::Flavor and OS::Octavia::FlavorProfile resources and add flavor parameter in OS::Octavia::LoadBalancer, allowing users to configure Load Balancer capabilities.

  • Add tty property to OS::Zun::Container. This property allows users to open the TTY of the container.

  • Introduce a Vitrage client plugin module that will be used by the Vitrage resources.

  • Operators can now apply different authorization policies to each action supported by the action API (actions:suspend for suspend, actions:resume for resume, actions:check for check, actions:cancel_update for cancel operation and roll back, and actions:cancel_without_rollback for cancel operation without rolling back). The default for each is to use the existing actions:action rule that was previously the only way to specify policy for actions.

  • The OS::Trove::Cluster resource type now supports specifying an availability zone.

  • Properties of the VPNaaS OS::Neutron::IKEPolicy resource can now be updated in place.

  • New resource OS::Neutron::ExtraRouteSet is added to manage extra routes of a Neutron router.

  • New resource OS::Neutron::QoSMinimumBandwidthRule to support minimum_bandwidth_rules in Neutron QoS. This resource depends on Neutron API extension qos-bw-minimum-ingress and according to the default policy it is admin-only.

  • Support tls_enabled property for the resource OS::Octavia::Pool, the property is allowed to be updated as well. The property ‘tls_enabled’ was introduced in Octavia since Stein release. The default value is False if it is not specified in Heat template.

  • New resource OS::Octavia::Quota is added to enable an admin to manage Octavia service quotas for a specific project.

  • Support allowed_cidrs property for the resource OS::Octavia::Listener, the property is allowed to be updated as well. The property ‘allowed_cidrs’ was introduced in Octavia since Train release. The default value is empty list if it is not specified in Heat template.

  • Supports user, group, role and project lookup across domains. Added domain parameter to keystone lookup functions. Heat templates now support user{domain}, group{domain}, role{domain} and project{domain} to support cross domain lookup. Keystone constrains will also work across domain.

  • Heat can now support software deployments with CoreOS by passing a CoreOS Ignition config in the user_data property for an OS::Nova::Server resource when the user_data_format is set to SOFTWARE_CONFIG.

  • Introduce a Ironic client plugin module that will be used by the Ironic’s resources. Support only ironicclient version >=2.8.0 to get allocation functionality support.

  • New resource type OS::Ironic::Port is now supported in orchestration service.

  • Support shared services in multi region mode. The services are declared in a list in config. shared_services_types=image, volume, volumev2.

  • Add group property to OS::Heat::MultipartMime. This allow you to set group for entire multipart cofig resource like group property in OS::Heat::SoftwareConfig. Aware that, you must make sure all configs in MultipartMime works with group. Default value is Heat::Ungrouped.

Upgrade Notes

  • We have change some log pathes as below * Migrate heat.engine.clients.keystoneclient to heat.engine.clients.os.keystone.heat_keystoneclient * remove heat.all * remove heat.api * remove heat.api.cfn * remove heat.engine

  • Nova has removed api extension support and its api bindings. Heat has now removed support for extensions from nova client plugin and the resource plugins using it.

Deprecation Notes

  • file injection is deprecated in compute api. Deprecating injected_files, injected_file_content_bites, and injected_file_path_bytes properties accordingly in OS::Nova::Quota resource.

  • The accessIPv4 and accessIPv6 attributes of the OS::Nova::Server resource are now deprecated, since Nova returns empty values for them. Use the addresses attribute instead to get IP addresses.

  • Unsupported contrib resource OS::Neutron::ExtraRoute is deprecated in favor of OS::Neutron::ExtraRouteSet on all OpenStack clouds where Neutron extension extraroute-atomic is available.

Critical Issues

  • Python 2 is no longer supported. This release runs only on Python 3 and is tested only on Python 3.6 and 3.7.

Bug Fixes

  • The behavior of get_resource on an OS::Heat::AutoScalingGroup resource has changed. Previously it returned the physical resource name (i.e. the name of the nested Heat stack which implemented the group). It will now return the UUID of the nested stack if available. This will also apply to any resource type that inherits from OS::Heat::AutoScalingGroup.

  • Empty string passing in for volume availability_zone can be correctly handled now. For this case, it’s same as no AZ set, so the default AZ in cinder.conf will be used.

  • On clouds where Keystone usernames are case-insensitive, Heat will now allow usernames with any case as property and parameter values where a Keystone user is expected (i.e. a keystone.user custom constraint applies). Previously the case had to match the case with which the name was stored in Keystone, even if Keystone itself was case-insensitive.

  • The firewall_rules property of the OS::Neutron::FirewallPolicy resource type is now optional.