Victoria Series Release Notes



There was a mismatch between the way heat create role behaved with the templates or with the openstack CLI on what relates to the default domain if the domain is not specified on both cases the CLI will not assign on to the created new role but the heat templates will assign the “default” domain

New Features

  • The lb_algorithm property of OS::Octavia::Pool resource now supports SOURCE_IP_PORT option required for Octavia OVN provider driver.

Critical Issues

  • Templates that creates roles but does not specify the domain will not get a “default” domain from now on. To have a domain added to your new role it needs to be assigned in the template.


New Features

  • Added dns_domain property to resource type OS::Neutron::ProviderNet. This specifies the DNS domain to use when publishing DNS records for ports on this network.

  • Added propagate_uplink_status property to resource type OS::Neutron::Port. This resource depends on Neutron API extension uplink-status-propagation and the default is False. If this property is set to True, the VF link state can follow that of PF.

Upgrade Notes

  • Manila resources now use the ‘sharev2’ endpoint and API version ‘2.13’.

Deprecation Notes

  • The OS::Designate::Zone resource type’s masters property is now known as primaries. Existing templates will continue to work.

Bug Fixes

  • The OS::Heat::Delay resource type is now usable.

  • OS::Manila::Share now properly supports ‘cephx’ as a value for property ‘{“access_rules”: [{“access_type”: “”}]}’.


New Features

  • Add support for OS::Octavia::Flavor and OS::Octavia::FlavorProfile resources and add flavor parameter in OS::Octavia::LoadBalancer, allowing users to configure Load Balancer capabilities.

  • Add tty property to OS::Zun::Container. This property allows users to open the TTY of the container.

  • Introduce a Vitrage client plugin module that will be used by the Vitrage resources.

  • Operators can now apply different authorization policies to each action supported by the action API (actions:suspend for suspend, actions:resume for resume, actions:check for check, actions:cancel_update for cancel operation and roll back, and actions:cancel_without_rollback for cancel operation without rolling back). The default for each is to use the existing actions:action rule that was previously the only way to specify policy for actions.

  • The OS::Trove::Cluster resource type now supports specifying an availability zone.

  • Properties of the VPNaaS OS::Neutron::IKEPolicy resource can now be updated in place.

  • New resource OS::Neutron::ExtraRouteSet is added to manage extra routes of a Neutron router.

  • New resource OS::Neutron::QoSMinimumBandwidthRule to support minimum_bandwidth_rules in Neutron QoS. This resource depends on Neutron API extension qos-bw-minimum-ingress and according to the default policy it is admin-only.

  • Support tls_enabled property for the resource OS::Octavia::Pool, the property is allowed to be updated as well. The property ‘tls_enabled’ was introduced in Octavia since Stein release. The default value is False if it is not specified in Heat template.

  • New resource OS::Octavia::Quota is added to enable an admin to manage Octavia service quotas for a specific project.

  • Support allowed_cidrs property for the resource OS::Octavia::Listener, the property is allowed to be updated as well. The property ‘allowed_cidrs’ was introduced in Octavia since Train release. The default value is empty list if it is not specified in Heat template.

  • Supports user, group, role and project lookup across domains. Added domain parameter to keystone lookup functions. Heat templates now support user{domain}, group{domain}, role{domain} and project{domain} to support cross domain lookup. Keystone constrains will also work across domain.

  • Heat can now support software deployments with CoreOS by passing a CoreOS Ignition config in the user_data property for an OS::Nova::Server resource when the user_data_format is set to SOFTWARE_CONFIG.

  • Introduce a Ironic client plugin module that will be used by the Ironic’s resources. Support only ironicclient version >=2.8.0 to get allocation functionality support.

  • New resource type OS::Ironic::Port is now supported in orchestration service.

  • Support shared services in multi region mode. The services are declared in a list in config. shared_services_types=image, volume, volumev2.

  • Add group property to OS::Heat::MultipartMime. This allow you to set group for entire multipart cofig resource like group property in OS::Heat::SoftwareConfig. Aware that, you must make sure all configs in MultipartMime works with group. Default value is Heat::Ungrouped.

Upgrade Notes

  • We have change some log pathes as below * Migrate heat.engine.clients.keystoneclient to heat.engine.clients.os.keystone.heat_keystoneclient * remove heat.all * remove heat.api * remove heat.api.cfn * remove heat.engine

  • Nova has removed api extension support and its api bindings. Heat has now removed support for extensions from nova client plugin and the resource plugins using it.

Deprecation Notes

  • file injection is deprecated in compute api. Deprecating injected_files, injected_file_content_bites, and injected_file_path_bytes properties accordingly in OS::Nova::Quota resource.

  • The accessIPv4 and accessIPv6 attributes of the OS::Nova::Server resource are now deprecated, since Nova returns empty values for them. Use the addresses attribute instead to get IP addresses.

  • Unsupported contrib resource OS::Neutron::ExtraRoute is deprecated in favor of OS::Neutron::ExtraRouteSet on all OpenStack clouds where Neutron extension extraroute-atomic is available.

Critical Issues

  • Python 2 is no longer supported. This release runs only on Python 3 and is tested only on Python 3.6 and 3.7.

Bug Fixes

  • The behavior of get_resource on an OS::Heat::AutoScalingGroup resource has changed. Previously it returned the physical resource name (i.e. the name of the nested Heat stack which implemented the group). It will now return the UUID of the nested stack if available. This will also apply to any resource type that inherits from OS::Heat::AutoScalingGroup.

  • Empty string passing in for volume availability_zone can be correctly handled now. For this case, it’s same as no AZ set, so the default AZ in cinder.conf will be used.

  • On clouds where Keystone usernames are case-insensitive, Heat will now allow usernames with any case as property and parameter values where a Keystone user is expected (i.e. a keystone.user custom constraint applies). Previously the case had to match the case with which the name was stored in Keystone, even if Keystone itself was case-insensitive.

  • The firewall_rules property of the OS::Neutron::FirewallPolicy resource type is now optional.

New Features

  • OS::Aodh::LBMemberHealthAlarm resource plugin is added to manage Aodh loadbalancer_member_health alarm.

  • Added a new config option server_keystone_endpoint_type to specify the keystone authentication endpoint (public/internal/admin) to pass into cloud-init data. If left unset the original behavior should remain unchanged.

    This feature allows the deployer to unambiguously specify the keystone endpoint passed to user provisioned servers, and is particularly useful where the deployment network architecture requires the heat service to interact with the internal endpoint, but user provisioned servers only have access to the external network.

    For more information see

  • Support tags property for the resource OS::Octavia::PoolMember, the property is allowed to be updated as well. The resource tag was introduced in Octavia since Stein release, do not specify tags in Heat template if you are using the previous versions.

  • The OS::Neutron::QosBandwidthLimitRule resource type now supports an optional direction property, allowing users to set the ingress bandwidth limit in a QoS rule. Previously only the egress bandwidth limit could be set.

  • Added new config option [DEFAULT]allow_trusts_redelegation (False by default). When enabled and reauthentication_auth_method is set to trusts, Heat will always create trusts with enabled redelegation, for both trusts used for long running stacks and for trusts used for deferred authentication.

Upgrade Notes

  • When loading a Resource plugin, the attribute schema is now validated in the same way that the properties schema is. Third-party resource plugins should be tested to check that they still comply.

  • multiattach` property in OS::Cinder::Volume is now hidden. Please use multiattach key in metadata property of OS::Cinder::VolumeType instead.

  • Designate project had removed v1 api support since stable/queens. Heat has now removed support for v1 resources OS::Designate::Domain and OS::Designate::Record completely and replaced them with placeholders for existing templates with those resources. The designate.domain custom constraint has also been removed.

Security Issues

  • With both reauthentication_auth_method set to trusts and allow_trusts_redelegation set to True (new config option, False by default), Heat will always create trusts with enabled redelegation, for both trusts used for long running stacks and for trusts used for deferred authentication. This have security implications and is only recommended when Heat is set to use trust and you experience problems with other services Heat consumes that also require to create trusts from token being passed by Heat (examples are Aodh and Heat running in another region).

Bug Fixes

  • Non-ASCII text that appears in parameter constraints (e.g. in the description of a constraint, or a list of allowed values) will now be handled correctly when generating error messages if the constraint is not met.

  • OS::Neutron::Port resources will now be replaced when the mac_address property is modified. Neutron is unable to update the MAC address of a port once the port is in use.

Other Notes


Added new tool heat-status upgrade check.

New Features

  • Add multiple OpenStack orchestration support - User can now use OS::Heat::Stack to create stack in another OpenStack cloud. Must provide properties credential_secret_id in context. Remote stack resource will get authentication information from cloud credential to refresh context before calling stack create.

  • A new OS::Blazar::Host resource is added to manage compute hosts for the lease/reservation in OpenStack.

  • A new OS::Blazar::Lease resource is added to manage reservations for specific type/amount of cloud resources in OpenStack.

  • Add rbac_policy and subnetpool support for OS::Neutron::Quota resource.

  • Add UDP to supported protocols for Octavia.

  • A new OS::Neutron::TaaS::TapService resource is added to support a Tap Service in the Neutron Tap-as-a-service plugin.

  • A new OS::Neutron::TaaS::TapFlow resource is added to support a Tap Flow in the Neutron Tap-as-a-service plugin.

  • Add a new OS::Glance::WebImage resource supporting the web-download import of Glance v2.

  • New framework for heat-status upgrade check command is added. This framework allows adding various checks which can be run before a Heat upgrade to ensure if the upgrade can be performed safely.

  • New resource OS::Neutron::L2GatewayConnection to allow management of Neutron Layer2 Gateway Connection. This resource provides capability to connect a Neutron network to a Layer2 Gateway. The resource depends on the Neutron l2-gateway extension.

  • New resource OS::Neutron::L2Gateway to allow management of Neutron Layer2 Gateway. This resource provides life-cycle management of layer2 gateway instances. The resource depends on the Neutron l2-gateway extension.

  • Add tags support for ProviderNet resource

  • Add ca_cert and insecure properties for OS::Heat::Stack resource type. The ca_cert is the contents of a CA Certificate file that can be used to verify a remote cloud or region’s server certificate. insecure is boolean option, CA cert will be use if we didn’t setup insecure flag.

Upgrade Notes

  • The distribution name has been changed from “heat” to “openstack-heat” so that we can publish packages to This may have an effect on downstream package builds if they rely on asking setuptools to determine the package name.

  • New config max_nova_api_microversion to set the maximum nova API microversion for nova client plugin. If``max_nova_api_microversion`` is set, any nova features supported with microversion number above max_nova_api_microversion will not be available.

  • Operator can now use new CLI tool heat-status upgrade check to check if Heat deployment can be safely upgraded from N-1 to N release.

Deprecation Notes

  • personality property of OS::Nova::Server is now deprecated, please use user_data or metadata instead. If that property really required, use config max_nova_api_microversion to set the maximum nova API microversion <2.57 for nova client plugin to support personality property.

Bug Fixes

  • We now allowed global admins to operate software deployment and software config resources from other projects.

  • Heat can now perform a stack update to roll back to a previous version of a resource after a previous attempt to create a replacement for it failed (provided that convergence is enabled). This allows the user to recover a stack where a resource has been inadvertantly replaced with a definition than can never succeed because it conflicts with the original. Previously this required automatic rollback to be enabled, or the user had to update the stack with a non-conflicting definition before rolling back to the original.


Heat current bug/blueprint reports have migrated from Launchpad to storyboard. If you would like to create a new story (a bug or a blueprint), please file it under the Heat project. This change applies to all heat projects/repos.

New Features

  • Add a new property networks to resource OS::Zun::Container. This property is an ordered list of nics to be added to this container, with information about connected networks, fixed ips, and port. This property can be updated without replacement.

Upgrade Notes

  • The ceilometer client plugin is no longer provided, due to the Ceilometer API no longer being available from Queens and the python-ceilometerclient library being unmaintained.

Bug Fixes

  • Previously, when deleting a convergence stack, the API call would return immediately, so that it was possible for a client immediately querying the status of the stack to see the state of the previous operation in progress or having failed, and confuse that with a current status. (This included Heat itself when acting as a client for a nested stack.) Convergence stacks are now guaranteed to have moved to the DELETE_IN_PROGRESS state before the delete API call returns, so any subsequent polling will reflect up-to-date information.

  • Previously, the suspend, resume, and check API calls for all stacks, and the update, restore, and delete API calls for non-convergence stacks, returned immediately after starting the stack operation. This meant that for a client reading the state immediately when performing the same operation twice in a row, it could have misinterpreted a previous state as the latest unless careful reference were made to the updated_at timestamp. Stacks are now guaranteed to have moved to the IN_PROGRESS state before any of these APIs return (except in the case of deleting a non-convergence stack where another operation was already in progress).

New Features

  • A new OS::Heat::Delay resource type allows users to work around thundering herd issues in large templates by adding a random delay (with configurable jitter) into the workflow.

  • Adds a new attribute segments to the OS::Neutron::Net resource. The attribute resolves the network segments on the network. The attribute is useful when migrating from a non routed provider network to a routed provider network. The example below show how to migrate an existing subnet to one that is associated with the segment:

      type: OS::Neutron::Subnet
      name: the_subnet
        segment: {get_attr: [the_network, segments, 0, id]}
  • Added network attribute to OS::Neutron::Port resource. The new attribute returns the neutron network that owns the port. The following examples demonstrate some (not all) possible expressions. (Obtains the network, the MTU (Maximum transmission unit), the network tags and finally the l2_adjacency property):

    {get_attr: [<port>, network]}
    {get_attr: [<port>, network, mtu]}
    {get_attr: [<port>, network, tags]}
    {get_attr: [<port>, network, l2_adjacency]}
  • Adds network to the addresses attribute of OS::Nova::Server resource. This enables resolving the network properties for the server resource.

  • Adds subnets to the addresses attribute of OS::Nova::Server resource. This enables resolving the subnet properties for the server resource which brings parity with OS::Neutron::Port’s subnets attribute.

  • Adds support to update the segment_id of OS::Neutron::Subnet resource. This enables migration from non routed network to a routed network.

  • Added stack API support to provide a swift container that contains the child templates and environment files. All files would be fetched and used (if required), unless they are superceded by files in files map.

Upgrade Notes

  • Resource type OS::Magnum::Bay is now hidden, please use OS::Magnum::Cluster instead.

  • Resource type OS::Magnum::BayModele is now hidden, please use OS::Magnum::ClusterTemplate instead.

  • Resource type OS::Nova::FloatingIP is now hidden, please use OS::Neutron::FloatingIP instead.

  • Resource type OS::Nova::FloatingIPAssociation is now hidden, please use OS::Neutron::FloatingIPAssociation instead.

Other Notes

  • Introduce a Blazar client plugin module that will be used by Blazar resources.

Upgrade Notes

  • The database upgrade for Heat Queens release drops ‘watch_rule’ and ‘watch_data’ tables from the heat database.

Security Issues

  • Passwords generated by the OS::Heat::RandomString resource may have had less entropy than expected, depending on what is specified in the character_class and character_sequence properties. This has been corrected so that each character present in any of the specified classes or sequences now has an equal probability of appearing at each point in the generated random string.


Note that Heat is compatible with OpenStack Identity federation, even when using Keystone trusts. It should work after you enable Federation and build the auto-provisioning map with the heat service user in Keystone. Auto-provisioning has been available in Keystone since the Ocata release.

New Features

  • Added hostname, hints, security_groups, and mounts properties to Zun Container resources.

Upgrade Notes

  • The OS::Heat::HARestarter resource type is no longer supported. This resource type is now hidden from the documentation. HARestarter resources in stacks, including pre-existing ones, are now only placeholders and will no longer do anything. The recommended alternative is to mark a resource unhealthy and then do a stack update to replace it. This still correctly manages dependencies but, unlike HARestarter, also avoid replacing dependent resources unnecessarily. An example of this technique can be seen in the autohealing sample templates at

  • The AWS compatible CloudWatch API, deprecated since long has been finally removed. OpenStack deployments, packagers, and deployment projects which deploy/package CloudWatch should take appropriate action to remove support.

Security Issues

  • Heat no longer uses standard Python RNG when generating values for OS::Heat::RandomString resource, and instead relies on system’s RNG for that.

Other Notes

  • The old Heat Tempest plugin heat_tests has been removed and replaced by a separate Tempest plugin named heat, in the heat-tempest-plugin repository ( Functional tests that are appropriate for the Tempest environment have been migrated to the new plugin. Other functional tests remain behind in the heat repository.

New Features

  • Adds new resources for octavia lbaas service.

  • New resource OS::Octavia::LoadBalancer is added to create and manage Load Balancers which allow traffic to be directed between servers.

  • New resource OS::Octavia::Listener is added to create and manage Listeners which represent a listening endpoint for the Load Balancer.

  • New resource OS::Octavia::Pool is added to create and manage Pools which represent a group of nodes. Pools define the subnet where nodes reside, the balancing algorithm, and the nodes themselves.

  • New resource OS::Octavia::PoolMember is added to create and manage Pool members which represent a single backend node.

  • New resource OS::Octavia::HealthMonitor is added to create and manage Health Monitors which watch status of the Load Balanced servers.

  • New resource OS::Octavia::L7Policy is added to create and manage L7 Policies.

  • New resource OS::Octavia::L7Rule is added to create and manage L7 Rules.

  • Heat now support policy in code, which means if you didn’t modify any of policy rules, you won’t need to add rules in the policy.yaml or policy.json file. Because from now, heat keeps all default policies under heat/policies. You can still generate and modify a policy.yaml file which will override policy rules in code if those rules appear in the policy.yaml file.

  • Add tags parameter for create and update keystone projects. Defined comma deliniated list will insert tags into newly created or updated projects.

  • OS::Heat::ResourceGroup now supports a removal_policies_mode property. This can be used to optionally select different behavior on update where you may wish to overwrite vs append to the current policy.

  • Allow to set networks of instances for OS::Trove::Cluster resource.

Upgrade Notes

  • Default policy.json file is now removed as we now generate the default policies in code. Please be aware that when using that file in your environment. You still can generate a policy.yaml file if that’s required in your environment.

Deprecation Notes

  • Threshold alarm which uses ceilometer API is deprecated in aodh since Ocata. Please use OS::Aodh::GnocchiAggregationByResourcesAlarm in place of OS::Aodh::Alarm.

Bug Fixes

  • Force delete the nova instance. If a resource is related with a nova instance which is in ‘SOFT_DELETED’ status, the resource can’t be deleted, when nova config ‘reclaim_instance_interval’. so, force-delete the nova instance, and then all the resources are related with the instance would be processed properly.

New Features

  • Adds REST api support to cancel a stack create/update without rollback.

  • The template validate API call now returns the Environment calculated by heat - this enables preview of the merged environment when using parameter_merge_strategy prior to creating the stack

  • Added a new schema property tags, to parameters, to categorize parameters based on features.

Deprecation Notes

  • The SSL middleware heat.api.middleware.ssl:SSLMiddleware that has been deprecated since 6.0.0 has now been removed, check your paste config and ensure it has been replaced by oslo_middleware.http_proxy_to_wsgi instead.

  • The heat.resource_type custom constraint has been removed. This constraint never actually worked.

New Features

  • All developer, contributor, and user content from various guides in openstack-manuals has been moved in-tree and are published at

Known Issues

  • Heat does not work with keystone identity federation. This is a known limitation as heat uses keystone trusts for deferred authentication and trusts don’t work with federated keystone. For more details check

Deprecation Notes

  • Hidden Designate resource plugins OS::Designate::Domain and OS::Designate::Record. To use OS::Designate::Zone and OS::Designate::RecordSet instead.

Bug Fixes

  • Add attribute schema to OS::Keystone::Project. This allow get_attr function can work with project resource.

Other Notes

  • Intrinsic function plugins will now be passed a StackDefinition object instead of a Stack object. When accessing resources, the StackDefinition will return ResourceProxy objects instead of Resource objects. These classes replicate the parts of the Stack and Resource APIs that are used by the built-in Function plugins, but authors of custom third-party Template/Function plugins should audit them to ensure they do not depend on unstable parts of the API that are no longer accessible. The StackDefinition and ResourceProxy APIs are considered stable and any future changes to them will go through the standard deprecation process.

New Features

  • Add converge parameter for stack update (and update preview) API. This parameter will force resources to observe the reality of resources before actually update it. The value of this parameter can be any boolean value. This will replace config flag observe_on_update in near future.


Magnum recently changed terminology to more intuitively convey key concepts in order to align with industry standards. “Bay” is now “Cluster” and “BayModel” is now “ClusterTemplate”. This release deprecates the old names in favor of the new.

New Features

  • The ‘contains’ function was added, which checks whether the specified value is in a sequence. In addition, the new function can be used as a condition function.

  • A new OS::Zun::Container resource is added that allows users to manage docker containers powered by Zun. This resource will have an ‘addresses’ attribute that contains various networking information including the neutron port id. This allows users to orchestrate containers with other networking resources (i.e. floating ip).

  • New resource OS::Neutron::Trunk is added to manage Neutron Trunks.

  • A new property, deployment_swift_data is added to the OS::Nova::Server and OS::Heat::DeployedServer resources. The property is used to define the Swift container and object name that is used for deployment data for the server. If unset, the fallback is the previous behavior where these values will be automatically generated.

  • OS::Magnum::Cluster resource plugin added to support magnum cluster feature, which is provided by magnum cluster API.

  • OS::Magnum::ClusterTemplate resource plugin added to support magnum cluster template feature, which is provided by magnum clustertemplates API.

  • Added new section permutations for repeat function, to decide whether to iterate nested the over all the permutations of the elements in the given lists. If ‘permutations’ is not specified, we set the default value to true to compatible with before behavior. The args have to be lists instead of dicts if ‘permutations’ is False because keys in a dict are unordered, and the list args all have to be of the same length.

  • Two new policies soft-affinity and soft-anti-affinity have been supported for the OS::Nova::ServerGroup resource.

  • Resource attributes are now stored at the time a resource is created or updated, allowing for fast resolution of outputs without having to retrieve live data from the underlying physical resource. To minimise compatibility problems, the behaviour of the show attribute, the with_attr option to the resource show API, and stacks that do not yet use the convergence architecture (due to the convergence_engine being disabled at the time they were created) is unchanged - in each of these cases live data will still be returned.

  • Support to managing rbac policy for ‘qos_policy’ resource, which allows to share Neutron qos policy to subsets of tenants.

Deprecation Notes

  • Magnum terminology deprecations * OS::Magnum::Bay is now deprecated, should use OS::Magnum::Cluster instead * OS::Magnum::BayModel is now deprecated, should use OS::Magnum::ClusterTemplate instead Deprecation warnings are printed for old usages.

Critical Issues

  • Since Aodh drop support for combination alarm, therefore OS::Aodh::CombinationAlarm is now mark as hidden resource with directly inheriting from None resource which will make the resource do nothing when handling any actions (other than delete). And please don’t use it. Old resource which created with that resource type still able to delete. It’s recommand to switch that resource type ASAP, since we will remove that resource soon.

New Features

  • The list_concat_unique function was added, which behaves identically to the function list_concat to concat several lists using python’s extend function and make sure without repeating items.

  • The list_concat function was added, which concats several lists using python’s extend function.

  • Allow to set or update the tags for OS::Neutron::Router resource.

  • A new OS::Mistral::ExternalResource is added that allows users to manage resources that are not known to Heat by specifying in the template Mistral workflows to handle actions such as create, update and delete.

  • New item key ‘allocate_network’ of ‘networks’ with allowed values ‘auto’ and ‘none’ for OS::Nova::Server, to support ‘Give Me a Network’ nova feature. Specifying ‘auto’ would auto allocate a network topology for the project if there is no existing network available; Specifying ‘none’ means no networking will be allocated for the created server. This feature requires nova API micro version 2.37 or later and the auto-allocated-topology API is available in the Neutron networking service.

  • A new openstack client plugin to use python-openstacksdk library and a neutron.segment custom constraint.

  • A new OS::Neutron:Segment resource to create routed networks. Availability of this resource depends on availability of neutron segment API extension.

  • Resource OS::Neutron::Subnet now supports segment optional property to specify a segment.

  • Resource OS::Neutron::Net now supports l2_adjacency atribute on whether L2 connectivity is available across the network or not.

  • ParameterGroups section is added to the nested stacks, for the output of the stack validate templates.

  • Allow to set or update the tags for OS::Neutron::Net resource.

  • Allow to set or update the tags for OS::Neutron::Port resource.

  • Allow to set or update the tags for OS::Neutron::Subnet resource.

  • Allow to set or update the tags for OS::Neutron::SubnetPool resource.

Deprecation Notes

  • nova-network is no longer supported in OpenStack. Please use OS::Neutron::FloatingIPAssociation and OS::Neutron::FloatingIP in place of OS::Nova::FloatingIPAssociation and OS::Nova::FloatingIP

  • The AWS::EC2::EIP domain is always assumed to be ‘vpc’, since nova-network is not supported in OpenStack any longer.

  • The ‘attachments’ attribute of OS::Cinder::Volume has been deprecated in favor of ‘attachments_list’, which has the correct type of LIST. This makes this data easier for end users to process.

Other Notes

  • Introduce a Zun client plugin module that will be used by the Zun’s resources that are under development.

  • Now heat keystone user name charaters limit increased from 64 to 255. Any extra charaters will lost when truncate the name to the last 255 charaters.

New Features

  • Supports to get the webmks console url for OS::Nova::Server resource. And this requires nova api version equal or greater than 2.8.

  • The Pike version of HOT (2017-09-01) adds a make_url function to simplify combining data from different sources into a URL with correct handling for escaping and IPv6 addresses.

Bug Fixes

  • ‘CEPHFS’ can be used as a share protocol when using OS::Manila::Share resource.

New Features

  • Designate v2 resource plugins OS::Designate::Zone and OS::Designate::RecordSet are newly added.

  • A new resource plugin OS::Keystone::Domain is added to support the lifecycle of keystone domain.

  • New resource OS::Neutron::Quota is added to manage neutron quotas.

  • A new resource OS::Sahara::Job has been added, which allows to create and launch sahara jobs. Job can be launched with resource-signal.

  • Custom constraints for all sahara resources added - sahara.cluster, sahara.cluster_template, sahara.data_source, sahara.job_binary, sahara.job_type.

  • OS::Nova::Server now supports ephemeral_size and ephemeral_format properties for block_device_mapping_v2 property. Property ephemeral_size is integer, that require flavor with ephemeral disk size greater that 0. Property ephemeral_format is string with allowed values ext2, ext3, ext4, xfs and ntfs for Windows guests; it is optional and if has no value, uses default, defined in nova config file.

Deprecation Notes

  • Designate v1 resource plugins OS::Designate::Domain and OS::Designate::Record are deprecated.

New Features

  • OS::Aodh::CompositeAlarm resource plugin is added to manage Aodh composite alarm, aim to replace OS::Aodh::CombinationAlarm which has been deprecated in Newton release.

  • The resource mark unhealthy command now accepts either a logical resource name (as it did previously) or a physical resource ID to identify the resource to be marked unhealthy.

  • New OS::Zaqar::Subscription and OS::Zaqar::MistralTrigger resource types allow users to attach to Zaqar queues (respectively) notifications in general, and notifications that trigger Mistral workflow executions in particular.

New Features

  • OS::Cinder::QoSAssociation resource plugin is added to support cinder QoS Specs Association with Volume Types, which is provided by cinder qos-specs API extension.

  • New resource OS::Nova::Quota is added to enable an admin to manage Compute service quotas for a specific project.

New Features

  • Adds optional section conditions for hot template ( heat_template_version.2016-10-14) and Conditions for cfn template (AWSTemplateFormatVersion.2010-09-09).

  • Adds some condition functions, like equals, not, and and or, these condition functions can be used in conditions section to define one or more conditions which are evaluated based on input parameter values provided when a user creates or updates a stack.

  • Adds optional section condition for resource and output definitions. Condition name defined in conditions and condition functions can be referenced in this section, in order to conditionally create resources or conditionally give outputs of a stack.

  • Adds function if to return corresponding value based on condition evaluation. This function can be used to conditionally set the value of resource properties and outputs.

  • OS::Cinder::QoSSpecs resource plugin added to support cinder QoS Specs, which is provided by cinder qos-specs API extension.

  • cinder.qos_specs constraint added to support to validate QoS Specs attribute.

  • New resource OS::Cinder::Quota is added to manage cinder quotas. Cinder quotas are operational limits to projects on cinder block storage resources. These include gigabytes, snapshots, and volumes.


Previously ‘parameters’ and ‘parameter_defaults’ specified in an environment file used to overwrite their existing values.

Previously the event list REST API call only returned events for the specified stack even when that stack contained nested stack resources. This meant that fetching all nested events required an inefficient recursive client-side implementation.

Support external resource reference in template.

New Features

  • Supports internal DNS resolution and integration with external DNS services for neutron resources. Template authors can use the dns_name and dns_domain properties of neutron resource plugins for this functionality.

  • A new ‘parameter_merge_strategies’ section can be added to the environment file, where ‘default’ and/or parameter specific merge strategies can be specified.

  • Parameters and parameter defaults specified in the environment file would be merged as per their specified strategies.

  • The event list GET REST API call now has a different behaviour when the ‘nested_depth’ parameter is set to an integer greater than zero. The response will contain all events down to the requested nested depth.

  • When ‘nested_depth’ is set the response also includes an extra entry in the ‘links’ list with ‘rel’ set to ‘root_stack’. This can be used by client side implementations to detect whether it is necessary to fall back to client-side recurisive event fetching.

  • Add external_id attribute for resource to reference on an exists external resource. The resource (with external_id attribute) will not able to be updated. This will keep management rights stay externally.

  • This feature only supports templates with version over 2016-10-14.

  • Add map_replace function, that takes 2 arguments an input map and a map containing a keys and/or values map. key/value substitutions on the input map are performed based on the mappings passed in keys and values.

  • Add yaql function, that takes 2 arguments expression of type string and data of type map and evaluates expression on a given data.

Upgrade Notes

  • New config section volumes with new config option [volumes]backups_enabled (defaults to True). Operators that do not have Cinder backup service deployed in their cloud are encouraged to set this option to False.

Bug Fixes

  • Allow to configure Heat service to forbid creation of stacks containing Volume resources with deletion_policy set to Snapshot when there is no Cinder backup service available.

New Features

  • Add optional ‘period’ property for Monasca Notification resource. The new added property will now allow the user to tell Monasca the interval in seconds to periodically invoke a webhook until the ALARM state transitions back to an OK state or vice versa. This is useful when the user wants to create a stack which will automatically scale up or scale down more than once if the alarm state continues to be in the same state. To conform to the existing Heat autoscaling behaviour, we manually create the monasca notification resource in Heat with a default interval value of 60.

New Features

  • Add template_dir to config. Normally heat has template directory /etc/heat/templates. This change makes it more official. In the future, it is possible to implement features like access templates directly from global template environment.

  • Adds new ‘max_server_name_length’ configuration option which defaults to the prior upper bound (53) and can be lowered by users (if they need to, for example due to ldap or other internal name limit restrictions).

  • OS::Glance::Image resource plug-in is updated to support tagging when image is created or updated as part of stack.

  • OS::Monasca::AlarmDefinition and OS::Monasca::Notification resource plug-ins are now supported by heat community as monasca became offcial OpenStack project.