Train Series Release Notes


Bug Fixes

  • Previously, ToggleSuspend class checked os-rescue policy for resume operation. By this fix, the class checks ‘os_compute_api:os-suspend-server:resume’ policy to align to resume operation.


Security Issues

  • An open redirect has been fixed, that could redirect users to arbitrary addresses from certain views by specifying a “next” parameter in the URL. Now the redirect will only work if the target URL is in the same domain, and uses the same protocol.

Bug Fixes

  • [bug:1744670] Previously when a custom SSL CA is used horizon cannot retrieve volume and snapshot information from cinder. It is fixed now and a custom CA is handled properly in horizon when communicating with cinder.


Upgrade Notes

  • pyScss 1.3.7 is now required due to the incompatibility that pyScss 1.3.4 used before in horizon does not work with setuptools 46.

  • Along with the upgrade of pyScss to 1.3.7, a workaround for the material design theme is added to make it work properly. See [bug:1771559] for detail.


New Features

  • Users can now change their password when it expires or is required to be changed on the first use. A new setting ALLOW_USERS_CHANGE_EXPIRED_PASSWORD has been added allowing administrators to disable that feature.

  • [blueprint kubernetes-config-gen] Horizon now supports the optional automatic generation of a Kubernetes configuration file (kubeconfig) based on application credentials. Adds a new download button for this purpose in the application credentials creation dialog.

  • Enabled horizon to make use of cinder’s feature to backup up snapshots of block storage volumes.

  • Django 2.2 is supported as experimental. Django 1.11 (LTS) and 2.0 are supported as well as Stein release does and Django 1.11 is still the primary supported version of Django.

    Note that only horizon is verified with Django 2.2 and most horizon plugins are not verified with Django 2.2. If you enable horizon plugins in your environment, we would suggest to use Django 1.11 or 2.0. Be careful when you enable horizon plugins with Django 2.2.

  • [blueprint:multi-Attached-volume-support] Horizon now support Multi-Attached volume. User is now able to attach a volume to multiple instances. The ability to attach a volume to multiple host/servers requires that the volume type includes an extra-spec capability setting of multiattach=<is> True. Horizon automatically detects and enable multi-attach-volume feature.

    API restrictions:

    Multiattach capable volumes can only be attached with nova API microversion 2.60 or later.

Upgrade Notes

  • Cinder consistency group support in horizon has been dropped in Train release. It was deprecated in Pike release in Cinder and deprecated in Stein release in Horizon. The feature is superseded by the generic group feature and horizon provides full support of the generic group.

  • Keystone API V2 support has been dropped in Train release. Keystone V2 API support was deprecated in Stein release. If you use Keystone V2 before, you should update the OPENSTACK_API_VERSIONS configuration option to use Keystone V3 API.

  • policy.json files for Cinder, Keystone Neutron and Nova are generated according to Policy file maintenance. Keystone changes to policy rules <>__, are not compatible with the Horizon so we keystone_policy.json is not updated. Please, be sure that new Keystone policies are compatible with your deployment before syncing them.

  • Deprecated config option ENABLE_FLAVOR_EDIT is removed.

  • Deprecated SHOW_KEYSTONE_V2_RC since Stein release is removed.

  • python-cinderclient >=4.0.1 is now required to fix bug:1824017. Cinder API 3.55 or later does not accept additional properties but python-cinderclient older than 4.0.0 sends additional properties like used_id, status and so on. Horizon uses Cinder API 3.58 to create a volume, and this means the volume creation fails if python-cinderclient <4.0.0 is used. To handle this, the minimum requirement of python-cinderclient was bumped to 4.0.1.

Bug Fixes

  • [bug:1840465] Fixed a bug where listing security groups did not work if one or more security groups had no rules in them.

Other Notes

  • The default visibility when creating new images has been changed from private to shared to bring it inline with the default changing in Glance since Image API v2.5.

  • The default values of the settings listed in in past releases have been moved to openstack_dashboard/ By doing this, horizon can now provide the definitions of the default settings more explicitly. For the available settings, see openstack_dashboard/ and the horizon setting reference found at

    Note that Django related settings and HORIZON_CONFIG still exist in in this release and they will be revisited in upcoming releases.