Xena Series Release Notes


New Features

  • Added support for the ResourceClass Placement resource.


New Features

  • Add node vendor_passthru interface for Ironic API.

  • Add initial support for Placement. Currently the following resources are supported:

    • ResourceProvider

  • Added support for optionally caching auth information int the local keyring. Requires the installation of the python keyring package.

  • Adds deploy_steps to baremetal node provisioning.

Bug Fixes

  • Fixes a regression sending an unsupported field remote_address_group_id when creating security groups with an older Neutron (introduced 0.53.0).


New Features

  • Add support for the enabled field of the Segment resource for the instance HA service (Masakari).


New Features

  • Adds ALPN protocols support for the Octavia (load_balancer) pools.

  • Support for the OpenStack Shared File System API (manila) has been introduced.

  • Added support to list Shared File System Service API Versions and Availability Zones.

  • Support for Ironic Conductor API.

  • Support Deploy Templates for Ironic API

  • Compute Hypervisor resource and functions are reworked to comply 2.88 microversion with deprecating misleading attributes.


New Features

  • Add tls_enabled parameter for Octavia pools, it can be used to enable TLS communications between a load balancer and its member servers.

  • Add support for updating block storage volume type objects.

  • Add support for block storage type encryption parameters.

  • Support for Ironic Volume Target API.

  • Add device_profile attribute to port resource. This parameter can be define during the port creation. This parameter is nullable string.

Upgrade Notes

  • compute.force_service_down function is renamed to update_service_forced_down to better fit the operation meaning.

  • compute.v2.service.force_down is renamed to set_forced_down to fit the operation meaning.

  • return of compute.service modification operations is changed to be the service itself

Other Notes

  • Flavor operations of the cloud layer are switched to the rely on the proxy layer


New Features

  • Complete compute.aggregate functions to the latest state

Bug Fixes

  • aggregate.deleted property is renamed to ‘is_deleted’ to comply with the naming convention


New Features

  • Add additional compute flavor operations (flavor_add_tenant_access, flavor_remove_tenant_access, get_flavor_access, extra_specs fetching/updating).

  • Adds ALPN protocols support for the Octavia (load_balancer) listeners.

  • Modify microversion handling. Microversion chosen by the client/user is respected in the microversion negotiation. For features, requiring particular microversion, it would be ensured it is supported by the server side and required microversion is <= chosen microversion, otherwise call will be rejected.

  • Add source_ip_prefix and destination_ip_prefix to Neutron metering label rules.

  • Optimizes compute server console creation by adding older get_server_console method to the server and create_console proxy method calling appropriate method depending on the supported microversion.

  • Support waiting for bare metal power states.

Deprecation Notes

  • Deprecate the use of ‘remote_ip_prefix’ in metering label rules, and it will be removed in future releases. One should use instead the ‘source_ip_prefix’ and/or ‘destination_ip_prefix’ parameters. For more details, you can check the spec: https://review.opendev.org/#/c/744702/.


New Features

  • Add numa_affinity_policy attribute to port resource. Users can set this attribute to required, deferred or legacy. This parameter is nullable.

  • Added the tls_versions properties to listener.py and pool.py for storing a python list of TLS protocol versions to be used by the pools and listeners.

  • Supports fetching raw (unprocessed) introspection data from the bare metal introspection service.

Upgrade Notes

  • Cloud with the force_ipv4 flag will no longer return a public_v6 value, even if one is provided by the cloud. This is to avoid having entries for unconfigured interfaces.

  • Image upload will no longer fall back to attempting to use the import workflow if the initial upload does not work.


New Features

  • Add support for specifying stores when doing glance image uploads.

  • Added support for using the image import feature when creating an image. SDK will now fall back to using image import if there is an error during PUT.

  • The id field was added a query parameter for security_groups. A single security group id, or a list of security group ids can be passed. For example:

  • Adds support for the baremetal volume connector API.

Upgrade Notes

  • Python 3.5 is no longer supported.


New Features

  • Added the tls_ciphers properties to listener.py and pool.py for storing stings of tls ciphers in OpenSSL cipher string format.


New Features

  • Adds Octavia (load_balancer) support for the availability zone and availability zone profile APIs.

Bug Fixes

  • openstacksdk does not test or support python2 as of 0.40, but the releases have still accidentally worked (except for 0.44 which was broken for python2). We’re now explicitly marking releases as requiring >= 3.5 so that things don’t attempt to install something that’s bound to be broken.


Upgrade Notes

  • Removed the dependency on futurist, which isn’t necessary. Users can still pass futurist executors if they want, as the API is the same, but if nothing is passed, concurrent.futures.ThreadPoolExecutor will be used as the default.


New Features

  • Added bulk create securtiy groups rules. With new proxy method create_security_group_rules now it’s possible to create multiple rules for certain security group.

  • Project cleanup functionality. It provides a single method in the connection object, which calls cleanup method in all supported services (both part of the SDK itself and all “imported” in the runtime or through the vendor_hook functionality). Cleanup is working in multiple threads where possible (no dependencies between services).

  • Adds support to create and manage Identity v3 Federation resources - Specifically, Identity Providers, Mappings and Federation Protocols.

  • Switched to the futurist library for managing background concurrent tasks. Introduced a new pool_executor parameter to Connection that allows passing any any futurist Executor for cases where the default ThreadPoolExecutor would not be appropriate.

  • Adds an ability for the bare metal wait_for_nodes_provision_state call to return an object with nodes that succeeded, failed or timed out instead of raising an exception.

Upgrade Notes

  • Rackspace Cloud’s vendor profile has been updated to use v2 of the Block Storage API. This introduces an endpoint override for the service based on region_name and project_id.

Bug Fixes

  • Fixes API version negotiation in the following bare metal node calls:

    • set_node_provision_state

    • set_node_power_state

    • patch_node

    Previously an unexpectingly low version could be negotiated, breaking certain features, for example calling the provide provisioning action with a node name.


New Features

  • Adds is_retired and retired_reason to the baremetal Node schema.

  • New stateful parameter can be used in security group

Bug Fixes

  • Fixes normalization of bare metal machines in the patch_machine call.


New Features

  • Enabling Resource class for being able to create objects in bulk way. Add first objects using that feature - Port, which now expose a proxy method create_ports for creating multiple port objects at once.

  • Add support for Cyborg(accelerator)

  • Added availability_zone parameter into load balancer.

Bug Fixes

  • Workaround an issue using openstacksdk with older versions of the placement service that are missing a status field in their version discovery doc.


New Features

  • Added allowed_cidrs parameter into load balancer listener.



As of this release, python v2 is neither tested nor supported.

New Features

  • qos_network_policy_id attribute support has been added to the network port resource

  • Add support for creating image from STDIN (i.e. from OSC). When creating from STDIN however, no checksum verification is possible, and thus validate_checksum must be also set to False.


New Features

  • The openstack.baremetal.v1.Node resource now has an owner property which was added in the baremetal API microversion 1.50.


New Features

  • Add support for methods of Neutron extension: extraroute-atomic.


Upgrade Notes

  • Due to the fix in microversion support in keystoneauth, Servers will be fetched using microversion 2.72. Code that assumes the existence of a flavor.id field in the Server record should be removed, as it does not exist in new microversions and cannot be filled in behind the scenes.

Bug Fixes

  • In April 2019 the microversion support for the Server resource was increased to 2.72. Unfortunately, due to an issue with version discovery documents, this increase never actually became effective. A fix is coming in 3.17.2 of keystoneauth which will unbreak version discovery and cause the microversion support to start working.


New Features

  • Add possibility to report API metrics into InfluxDB.

Bug Fixes

  • Fixes conversion of the bare metal fields argument from SDK to server-side field names (e.g. instance_id to instance_uuid).

  • Fixes using a full Node object as an argument to start_introspection.


New Features

  • Added new option for Connection, strict_proxies. When set to True, Connection will throw a ServiceDiscoveryException if the endpoint for a given service doesn’t work. This is useful for OpenStack services using sdk to talk to other OpenStack services where it can be expected that the deployer config is correct and errors should be reported immediately.


New Features

  • Adds support for fetching specific fields when getting bare metal Node, Port, PortGroup, Chassis and Allocation resources.

  • Added support for setting global_request_id on a Connection. If done, this will cause all requests sent to send the request id header to the OpenStack services. Since Connection can otherwise be used multi-threaded, add a method global_request that returns a new Connection based on the old Connection but on which the new global_request_id has been set. Since a Connection can be used as a context manager, this also means the global_request method can be used in with statements.


Bug Fixes

  • Fixed issue where the dns methods were returning False instead of None when resources were not found.

  • Fixed jsonification under python3.

Other Notes

  • Update betacloud region for Germany


New Features

  • Implements add/remove/set traits API for bare metal nodes.


Bug Fixes

  • Basic networking list calls in the cloud layer been fixed to return an empty list if neutron is not running.

  • Fixed a bug related to metadata’s key name. An exception was raised when setting it to “delete”,” clear” or “key”


Bug Fixes

  • Updated the Rackspace vendor entry to use “False” for the value of xenapi_use_agent instead of false, because that’s what the remote side expects. The recent update to use the Resource layer exposed the incorrect setting causing image uploads to Rackspace to fail.


New Features

  • has_{service_type} is a boolean config option that allows asserting that a given service does not exist or should not be used in a given cloud. Doing this will now cause the corresponding service Proxy object to not be created and in its place is an object that will throw exceptions if used.

  • {service_type}_disabled_reason is a new string config option that can be set to indicate a reason why a service has been disabled. This string will be used in exceptions or log warnings emitted.

Bug Fixes

  • The baremetal calls wait_for_nodes_provision_state, wait_for_allocation and the baremetal introspection call wait_for_introspection now raise ResourceFailure on reaching an error state instead of a generic SDKException.


New Features

  • Added the ability to create a Connection from an oslo.config CONF object. This is primarily intended to be used by OpenStack services using SDK for inter-service communication.


New Features

  • Add support for staging image data.

  • Add possibility to automatically invoke vendor hooks. This can be done either through extending profile (vendor_hook), or passing vendor_hook parameter to the connection. The format of the vendor_hook is the same as in the setuptools (module.name:function_name). The hook will get connection as the only parameter.

  • Allows updating name and extra fields of a baremetal allocation.

  • Added dns_domain parameter into the create_network and update_network methods.


New Features

  • Adds support for dns service.

  • Add floating IP Port Forwarding related methods.

  • Add image service info discovery (import constraints and supported stores)

  • In microversion 1.1, Masakari returns recovery_workflow_details information of the notification in GET /notifications/{notification_id} API. Added recovery_workflow_details attribute to Notification class to read the recovery_workflow_details of the notification.

  • When generating a config drive for baremetal, “mkisofs” and “xorrisofs” are now supported beside the already available “genisoimage” binary. This is useful on environment where the “genisoimage” binary is not available but “mkisofs” and/or “xorrisofs” are available.

  • Adds support for the bare metal introspection service.

  • Implements updating the baremetal Node’s maintenance_reason.

  • Adds support for changing bare metal resources by providing a JSON patch. Adds the following calls to the bare metal proxy: patch_node, patch_port, patch_port_group and patch_chassis.

  • Supports Bare Metal API version 1.56, which allows building a config drive on the server side from a provided dictionary.

  • Added methods to manage object store temp-url keys and generate signatures needed for FormPost middleware.

  • The auth_url will be used for the default value of identity_endpoint_override in the absence of project or system-scope information. This should simplify some actions such as listing available projects.

  • Added support for collecting and reporting stats on calls made to statsd and prometheus.

Upgrade Notes

  • When a known service cannot be resolved to a supported version, an exception is now thrown instead of just returning a blank Proxy object. This allows returning sane errors to users.

Deprecation Notes

  • The set_node_instance_info call is deprecated, use patch_machine with the same arguments instead.

  • The purge_node_instance_info call is deprecated, use patch_machine or update_machine instead.

  • Requesting volumes or backups with details from block_storage will return objects of classes Volume and Backup correspondingly, instead of VolumeDetail and BackupDetail.

  • Listing servers with details servers(details=True) will return instances of the Server class instead of ServerDetails.

Bug Fixes

  • The get_server_by_id method is supposed to return None if the server in question can’t be found, but a regression was introduced causing it to raise ResourceNotFound instead. This has been corrected and get_server_by_id returns None correctly again.

  • Fixes openstack.baremetal.configdrive.build to actually handle the network_data argument.

Other Notes

  • openstack.resource.Resource.find now can use the database back-end to filter by name. If the resource class has “name” in the query parameters, this function will add this filter parameter in the “list” command, instead of retrieving the whole list and then manually filtering.


New Features

  • Add image attributes is_hidden, hash_algo, hash_value

  • Add support for schema resource in image service.

  • Adds Octavia (load_balancer) support for the flavor APIs.

  • Adds Octavia (load_balancer) support for the flavor profile APIs.

  • Adds Octavia (load_balancer) support for the providers APIs.

  • Adds Octavia (load_balancer) support for the amphora APIs.

  • Added Octavia (load_balancer) load balancer failover.

  • Add ability to create image without upload data at the same time

  • Add support for interoperable image import process as introduced in the Image API v2.6 at [1] [1]https://developer.openstack.org/api-ref/image/v2/index.html#interoperable-image-import

  • Adds support for the baremetal allocation API.

  • Adds support for network_data when building baremetal configdrives.

Upgrade Notes

  • The zone attribute on compute Service objects has been renamed to availability_zone to match all of the other resources, and also to better integrate with the Resource.location attribute.


New Features

  • Added load balancer and listener get statistics methods.

  • Add tags support for the Octavia (load_balancer) objects.

  • Added support for the Octavia (load_balancer) L7 Policy “redirect_prefix” capability.

Bug Fixes

  • Fixed the Octavia (load_balancer) load balancer objects to have “flavor_id” instead of the nonexistent “flavor” field.

  • Changes the baremetal.attach_vif_to_node call to retry HTTP CONFLICT by default. While it’s a valid error code when a VIF is already attached to a node, the same code is also used when the target node is locked. The latter happens more often, so the retries are now on by default and can be disabled by setting retry_on_conflict to False.

  • Fixed a regression in deleting Node and Cluster resources in clustering caused by the addition of the location property to all resource objects. Previously the delete calls had directly returned the location field returned in the headers from the clustering service pointing to an Action resource that could be fetched to get status on the delete operation. The delete calls now return an Action resource directly that is correctly constructed so that wait_for_status and wait_for_deleted work as expected.

  • Corrected the location property on the Server resource to use the project_id from the remote resource rather than the information from the token of the user.


New Features

  • Added support for block storage v3.


Bug Fixes

  • Fixed a regression with sub-dicts of server objects were not usable with object notation.


New Features

  • Add propagate_uplink_status attribute to port resource. Users can set this attribute to True or False. If it is set to True, uplink status propagation is enabled. Otherwise, it is disabled. Neutron server needs to have the API extension uplink-status-propagation in order to support this feature. This feature can be used in SRIOV scenario, in which users enable uplink status propagation of the SRIOV port so that the link status of the VF will follow the PF.

  • Vendor profiles can now be fetched from an RFC 5785 compliant URL on a cloud, namely, https://example.com/.well-known/openstack/api. A cloud can manage their own vendor profile and serve it from that URL, allowing a user to simply list https://example.com as the profile name.

  • Added the newly supported description parameter and the missing domain_id parameter to Role resource.

Bug Fixes

  • Fixes specifying fields when listing bare metal resources.


New Features

  • Basic CRUD functionality was added on Host Aggregates. Actions are not implemented yet (adding/removing hosts from Host Aggregates).

  • The objects returned by baremetal detailed listing functions (connection.baremetal.{nodes,ports,chassis,port_groups}) are now fully functional, e.g. can be directly updated or deleted.

  • The installed version can now be quickly checked with python -m openstack version.

Deprecation Notes

  • The following baremetal resource classes are no longer used and will be removed in a future release: NodeDetail, PortDetail, ChassisDetail and PortGroupDetail. The regular Node, Port, Chassis and PortGroup are now used instead.

Bug Fixes

  • Fixed incorrect neutron endpoint mangling for the cases when the catalog contains a versioned neutron endpoint.


New Features

  • Added the unified limits basic CRUD methods. It includes two kinds of resources: registered_limit and limit.

  • Add the ability to extend a volume size with extend_volume method.

  • Client-side rate limiting is now directly exposed via rate_limit and concurrency parameters. A single value can be given that applies to all services, or a dict of service-type and value if different client-side rate or concurrency limits should be used for different services.

Bug Fixes

  • Fixed a regression in image upload when the cloud uses the task upload method. A refactor led to attempting to update the disk_format and container_format values after the image had been imported.

  • Fix a regression where the TaskManager.post_run_task elapsed_time argument was not reflecting the time taken by the actual task.


Bug Fixes

  • Fixed a regression in the new TaskManager code which caused programs that were passing in a TaskManager that they had been running start on to fail due to a double call.


New Features

  • The networking API v2 specification, which is implemented by OpenStack Neutron, features an optional routes parameter - when updating a router (PUT requests). Static routes are crucial for routers to handle traffic from subnets not directly connected to a router. The routes parameter has now been added to the OpenStackCloud.update_router method as a list of dictionaries with destination and nexthop parameters.

  • The OpenStackCloud bare metal NIC calls now support all microversions supported by the SDK. Previously version 1.6 was hardcoded.

  • Added wait_for_node_reservation to the baremetal proxy.

  • The bare metal operations now retry HTTP 409 and 503 by default. The number of retries can be changes via the baremetal_status_code_retries configuration option (defaulting to 5).

  • Adds support for bare metal node validation to the bare metal proxy.

  • Implements VIF attach/detach API for bare metal nodes.

  • Containers are now searchable both with a JMESPath expression or a dict of container attributes via the openstack.connection.Connection.search_containers function.

  • Implement fwaas v2 resources for managing firewall groups, rules and policies.

  • Added get_object_raw method for downloading an object from swift and returning a raw requests Response object.

  • The get_machine, update_machine and patch_machine calls now support all Bare Metal API microversions supported by the SDK. Previously they used 1.6 unconditionally.

  • create_network now exposes the mtu api option in accordance to network v2 api. This allows the operator to adjust the given MTU value which is needed in various complex network deployments.

  • Add support for networks being configured as the primary nat_source in clouds.yaml.

  • Objects are now searchable both with a JMESPath expression or a dict of object attributes via the openstack.connection.Connection.search_object function.

  • Added stream_object method for getting object content in an iterator.

  • Added a new property, ‘port_security_enabled’ which is a boolean to enable or disable port_secuirty during network creation. The default behavior will enable port security, security group and anti spoofing will act as before. When the attribute is set to False, security group and anti spoofing are disabled on the ports created on this network.

Upgrade Notes

  • When using the Image API, it is no longer possible to set arbitrary properties, not known to the SDK, via image.update_image API.

  • The baremetal API now returns available as provision state for nodes available for deployment. Previously, None could be returned for API version 1.1 (early Kilo) and older.

  • openstack.connection.Connection.create_object no longer creates a container if one doesn’t exist. It is the user’s responsibility to create a container before using it.

  • In anticipation of the upcoming 1.0 release, all the things that have been marked as deprecated have been removed.

  • openstack.profile.Profile has been removed. openstack.config should be used directly instead.

  • openstack.resource.Resource.get has been renamed to openstack.resource.Resource.fetch to prevent conflicting with a dict method of the same name. While most consumer code is unlikely to call this method directly, this is a breaking change.

  • openstack.resource.Resource.update has been renamed to openstack.resource.Resource.commit to prevent conflicting with a dict method of the same name. While most consumer code is unlikely to call this method directly, this is a breaking change.

  • The base Resource field location is no longer drawn from the Location HTTP header, but is instead a dict containing information about cloud, domain and project. The location dict is a feature of shade objects and is being added to all objects as part of the alignment of shade and sdk.

Deprecation Notes

  • The OpenStackCloud wait_for_baremetal_node_lock call is deprecated. Generally, users should not have to call it. The new wait_for_node_reservation from the baremetal proxy can be used when needed.

  • The OpenStackCloud.validate_node call was deprecated in favor of OpenStackCloud.validate_machine.

Bug Fixes

  • Adds support for error messages from the bare metal service.

  • Correct updating bare metal resources. Previously an incorrect body used to be sent.

  • Fixed an issue where passing an iterator to the data parameter of create_object for chunked uploads failed due to attempting to calculate the length of the data.

  • Re-added support for v4-fixed-ip and v6-fixed-ip in the nics parameter to create_server. These are aliaes for fixed_ip provided by novaclient which shade used to use. The switch to REST didn’t include support for these aliases, resulting in a behavior regression.


New Features

  • Add a data parameter to openstack.connection.Connection.create_object so that data can be passed in directly instead of through a file.

  • Added a create_directory_marker_object’ method to allow for easy creation of zero-byte ‘directory’ marker objects. These are not needed in most cases, but on some clouds they are used by Static Web and Web Listings in swift to facilitate directory traversal.

  • Adds set_provision_state and wait_for_provision_state to openstack.baremetal.v1.Node.

  • Adds node_set_provision_state and wait_for_nodes_provision_state to the baremetal Proxy.

  • The node_set_provision_state call now supports provision states up to the Queens release.

  • Add flag for disabling object checksum generation

Bug Fixes

  • The v3password auth_type implies that the auth_url given is a versioned endpoint and so discovery is skipped for auth. Previously the auth_type for Vexxhost had been set to v3password due to v2 being no longer available to give better errors to users. The auth_url was unfortunately left unversioned, so authentication ceased working. The auth_url has been changed to the versioned endpoint.


New Features

  • A new task_manager parameter to Connection has been added for passing a TaskManager object. This was present in shade and is used by nodepool, but was missing from the Connection constructor.


New Features

  • Added magnum cluster CRUD support to cloud abstraction layer.

  • Add support for query of port binding extended attributes including ‘binding:host_id’, ‘binding:vnic_type’, ‘binding:vif_type’, ‘binding:vif_details’, and ‘binding:profile’.

  • Added support for senlin

  • The created field which was returned by the Nova API is now returned as created_at as well when not using strict mode for consistency with other models.

  • Allows configuring Session’s connect_retries and status_code_retries via the cloud configuration (options <service type>_connect_retries, connect_retries, <service type>_status_code_retries and status_code_retries).

Bug Fixes

  • Added workaround for using neutron on older clouds where the version discovery document requires auth.


New Features

  • Config values now support service-type aliases. The correct config names are based on the official service type, such as block_storage_api_version, but with this change, legacy aliases such as volume_api_version are also supported.

  • Versions set in config via *_api_version or OS_*_API_VERSION that have a . in them will be also passed as the default microversion to the Adapter constructor. An additional config option, *_default_microversion has been added to support being more explicit.

Bug Fixes

  • Fixed issue where endpoint_override settings were not getting passed to the Adapter constructor in get_session_client.

  • Fixed an issue where importing openstacksdk changed the behavior of yaml.load globally.

  • Machine inspection is now blocked for machines associated with an instance. This is to avoid “stealing” a machine from under a provisioner (e.g. Nova).

Other Notes

  • All endpoint discovery logic is now handled by keystoneauth. There should be no behavior differences.

  • Add Limestone Networks vendor info for us-dfw-1 and us-slc regions


New Features

  • Ported in support for masakari/instance_ha service from python-masakariclient.

  • Updated the openstack.config.cloud_config.CloudRegion object to be able to store and retreive cache settings and the password callback object without needing an openstack.config.loader.OpenStackConfig object.


New Features

  • dns_domain attribute support has been added to the network port resource

  • All of the methods formerly part of the shade library have been added to the openstack.connection.Connection` object.

Deprecation Notes

  • openstack.proxy.BaseProxy has been renamed to openstack.proxy.Proxy. A BaseProxy class remains for easing transition.

Bug Fixes

  • Fixed an issue where an optimization in the logic to find floating ips first when looking for public ip addresses broke finding the correct private address.


New Features

  • Added a new method openstack.connection.Connection.add_service which allows the registration of Proxy/Resource classes defined externally.

  • availability_zone_hints now accepted for create_network() when network_availability_zone extension is enabled on target cloud.

  • availability_zone_hints now accepted for create_router() when router_availability_zone extension is enabled on target cloud.

Upgrade Notes

  • Removed the metric service. It is not an OpenStack service and does not have an entry in service-types-authority.

  • Meter and Alarm services have been removed. The Ceilometer REST API has been deprecated for quite some time and is no longer supported.

  • The Resource2 and Proxy2 migration has been completed. The original Resource and Proxy clases have been removed and replaced with Resource2 and Proxy2.

Deprecation Notes

  • openstack.profile.Profile has been deprecated and will be removed in the 1.0 release. Users should use the functions in openstack.config instead.

  • The shade functionality that has been merged in to openstacksdk is found in openstack.cloud currently. None of these interfaces should be relied upon as the merge has not yet completed.

Other Notes

  • Add betacloud region for Germany



The shade and os-client-config libraries have been merged in to openstacksdk. As a result, their functionality is being integrated into the sdk functionality, and in some cases is replacing exisiting things. The openstack.profile.Profile and openstack.auth.base.BaseAuthPlugin classes are no more. Profile has been replace by openstack.config.cloud_region.CloudRegion from os-client-config openstack.auth.base.BaseAuthPlugin has been replaced with the Auth plugins from keystoneauth. Service proxy names on the openstack.connection.Connection are all based on the official names from the OpenStack Service Types Authority. openstack.proxy.Proxy is now a subclass of keystoneauth1.adapter.Adapter. Removed local logic that duplicates keystoneauth logic. This means every proxy also has direct REST primitives available.

connection = connection.Connection()
servers = connection.compute.servers()
server_response = connection.compute.get('/servers')

New Features

  • Added a new property, ‘current_user_id’ which contains the id of the currently authenticated user from the token.

  • All get and search functions can now take a jmespath expression in their filters parameter.

  • Add a list_flavor_access method to list all the projects/tenants allowed to access a given flavor.

  • Added get_server_console method to fetch the console log from a Server. On clouds that do not expose this feature, a debug line will be logged and an empty string will be returned.

  • Added flag “show_all” to list_images. The behavior of Glance v2 to only show shared images if they have been accepted by the user can be confusing, and the only way to change it is to use search_images(filters=dict(member_status=’all’)) which isn’t terribly obvious. “show_all=True” will set that flag, as well as disabling the filtering of images in “deleted” state.

  • Add description parameter to create_user, available on Keystone v3

  • Add support for Designate recordsets resources, with the usual methods (search/list/get/create/update/delete).

  • Add support for Designate zones resources, with the usual methods (search/list/get/create/update/delete).

  • Add tags support when creating a stack, as specified by the openstack orchestration api at [1]


  • Add support for host aggregates and host aggregate membership.

  • Add support for Magnum baymodels, with the usual methods (search/list/get/create/update/delete). Due to upcoming rename in Magnum from baymodel to cluster_template, the shade functionality uses the term cluster_template. However, baymodel aliases are provided for each api call.

  • Add support for listing Magnum services.

  • Adds support to create and delete server groups.

  • Add update_server method to update name or description of a server.

  • Add the ability to update a keystone service information. This feature is not available on keystone v2.0. The new function, update_service(), allows the user to update description, name of service, service type, and enabled status.

  • Added methods for making new cloud connections based on the current OpenStackCloud. This should enable working more easily across projects or user accounts.

  • Implement block-storage.v2 Backup resource with restore functionality.

  • Added group parameter to create_server to allow booting a server into a specific server group.

  • Swiftclient instantiation now provides authentication information so that long lived swiftclient objects can reauthenticate if necessary.

  • Add support for explicit v2password auth type.

  • Add SSL support to VEXXHOST vendor profile.

  • Add zetta.io cloud vendor profile.

  • Add support for Cinder volume backup resources, with the usual methods (search/list/get/create/delete).

  • If shade has to create objects in swift to upload an image, it will now delete those objects upon successful image creation as they are no longer needed. They will also be deleted on fatal import errors.

  • Add a field to vendor cloud profiles to indicate active, deprecated and shutdown status. A message to the user is triggered when attempting to use cloud with either deprecated or shutdown status.

  • Add new APIs, OperatorCloud.get_compute_quotas(), OperatorCloud.set_compute_quotas() and OperatorCloud.delete_compute_quotas() to manage nova quotas for projects and users

  • get_compute_usage now has a default value for the start parameter of 2010-07-06. That was the date the OpenStack project started. It’s completely impossible for someone to have Nova usage data that goes back further in time. Also, both the start and end date parameters now also accept strings which will be parsed and timezones will be properly converted to UTC which is what Nova expects.

  • Adds ability to add a config setting to clouds.yaml to disable fetching extra_specs from flavors.

  • Explicit data model contracts are now defined for Flavors, Images, Security Groups, Security Group Rules, and Servers.

  • Resources with data model contracts are now being returned with ‘location’ attribute. The location carries cloud name, region name and information about the project that owns the resource.

  • Added new method, delete_autocreated_image_objects that can be used to delete any leaked objects shade may have created on behalf of the user.

  • Added name_or_id parameter to domain operations, allowing an admin to update/delete/get by domain name.

  • Added support for dual stack networks where the IPv4 subnet and the IPv6 subnet have opposite public/private qualities. It is now possible to add configuration to clouds.yaml that will indicate that a network is public for v6 and private for v4, which is otherwise very difficult to correctly infer while setting server attributes like private_v4, public_v4 and public_v6.

  • Add new method, ‘endpoint_for’ which will return the raw endpoint for a given service from the current catalog.

  • Add new APIs, OpenStackCloud.set_server_metadata() and OpenStackCloud.delete_server_metadata() to manage metadata of existing nova compute instances

  • Flavors will always contain an ‘extra_specs’ attribute. Client cruft, such as ‘links’, ‘HUMAN_ID’, etc. has been removed.

  • name_or_id parameters to search/get methods now support filename-like globbing. This means search_servers(‘nb0*’) will return all servers whose names start with ‘nb0’.

  • Allow to retrieve the limits of a specific project

  • Allow to retrieve the usage of a specific project

  • Added a new API call, OpenStackCloud.get_object(), to download objects from swift.

  • add granting and revoking of roles from groups and users

  • The image and flavor parameters for create_server now accept name in addition to id and dict. If given as a name or id, shade will do a get_image or a get_flavor to find the matching image or flavor. If you have an id already and are not using any caching and the extra lookup is annoying, passing the id in as “dict(id=’my-id’)” will avoid the lookup.

  • Added ability to create an image from a volume.

  • If a cloud does not have a neutron service, it is now assumed that Nova will be the source of security groups. To handle clouds that have nova-network and do not have the security group extension, setting secgroup_source to None will prevent attempting to use them at all. If the cloud has neutron but it is not a functional source of security groups, set secgroup_source to nova.

  • Add support for passing Ironic microversion to the ironicclient constructor in get_legacy_client.

  • Added list_availability_zone_names API call.

  • Implement list_role_assignments for keystone v2, using roles_for_user.

  • Add ‘all_projects’ parameter to list_servers and search_servers which will tell Nova to return servers for all projects rather than just for the current project. This is only available to cloud admins.

  • Added a flag, ‘load_yaml_config’ that defaults to True. If set to false, no clouds.yaml files will be loaded. This is beneficial if os-client-config wants to be used inside of a service where end-user clouds.yaml files would make things more confusing.

  • Add version argument to make_rest_client and plumb version discovery through get_session_client so that versioned endpoints are properly found if unversioned are in the catalog.

  • create_object() now has a “metadata” parameter that can be used to create an object with metadata of each key and value pair in that dictionary

  • Add an update_object() function that updates the metadata of a swift object

  • Added a parameter to create_image ‘meta’ which allows for providing parameters to the API that will not have any type conversions performed. For the simple case, the existing kwargs approach to image metadata is still the best bet.

  • Add min_version and max_version to get_legacy_client and to get_session_endpoint. At the moment this is only really fully plumbed through for cinder, which has extra special fun around volume, volumev2 and volumev3. Min and max versions to both methods will look through the options available in the service catalog and try to return the latest one available from the span of requested versions. This means a user can say volume_api_version=None, min_version=2, max_version=3 will get an endpoint from get_session_endpoint or a Client from cinderclient that will be either v2 or v3 but not v1. In the future, min and max version for get_session_endpoint should be able to sort out appropriate endpoints via version discovery, but that does not currently exist.

  • Removed unneeded calls that were made when deleting servers with floating ips.

  • Added pagination support for volume listing.

  • Added nat_source flag for networks. In some more complex clouds there can not only be more than one valid network on a server that NAT can attach to, there can also be more than one valid network from which to get a NAT address. Allow flagging a network so that it can be found.

  • Network provider options are now accepted in create_network().

  • Support added for configuring metadata about networks for a cloud in a list of dicts, rather than in the external_network and internal_network entries. The dicts support a name, a routes_externally field, a nat_destination field and a default_interface field.

  • Add new APIs, OperatorCloud.get_network_quotas(), OperatorCloud.set_network_quotas() and OperatorCloud.delete_network_quotas() to manage neutron quotas for projects and users

  • Added support for created_at, updated_at, description and revision_number attributes for floating ips.

  • Image dicts that are returned are now normalized across glance v1 and glance v2. Extra key/value properties are now both in the root dict and in a properties dict. Additionally, cloud and region have been added like they are for server.

  • Added helper method for constructing OpenStack SDK Connection objects.

  • server creation errors now include the server id in the Exception to allow people to clean up.

  • Add the add_server_security_groups and remove_server_security_groups functions to add and remove security groups from a specific server.

  • Added kwargs and argparse processing for session_client.

  • Added a set_volume_bootable call to allow toggling the bootable state of a volume.

  • Added helper method for constructing shade OpenStackCloud objects.

  • get_object now supports streaming output directly to a file.

  • Added ‘strict’ mode, which is set by passing strict=True to the OpenStackCloud constructor. strict mode tells shade to only return values in resources that are part of shade’s declared data model contract.

  • Added update_endpoint as a new function that allows the user to update a created endpoint with new values rather than deleting and recreating that endpoint. This feature only works with keystone v3, with v2 it will raise an exception stating the feature is not available.

  • Version discovery is now done via the keystoneauth library. shade still has one behavioral difference from default keystoneauth behavior, which is that shade will use a version it understands if it can find one even if the user has requested a different version. This change opens the door for shade to start being able to consume API microversions as needed.

  • Add new APIs, OperatorCloud.get_volume_quotas(), OperatorCloud.set_volume_quotas() and OperatorCloud.delete_volume_quotas() to manage cinder quotas for projects and users

  • Add support for listing volume types.

  • Add support for managing volume type access.

  • Adds a new pair of options to create_image_snapshot(), wait and timeout, to have the function wait until the image snapshot being created goes into an active state.

  • Adds a new function wait_for_image() which will wait for an image to go into an active state.

  • New wait_for_server() API call to wait for a server to reach ACTIVE status.

Known Issues

  • If there was only one cloud defined in clouds.yaml os-client-config was requiring the cloud parameter be passed. This is inconsistent with how the envvars cloud works which WILL work without setting the cloud parameter if it’s the only cloud.

  • Fixed a regression when using latest os-client-config with the keystoneauth from stable/newton. Although this isn’t a super common combination, the added feature that broke the interaction is really not worthy of the incompatibility, so a workaround was added.

  • Fixed an issue where nodepool could cause config_drive to be passed explicitly as None, which was getting directly passed through to the JSON. Also fix the same logic for key_name and scheduler_hints while we’re in there.

  • Fixed the logic in delete_ips and added regression tests to cover it. The old logic was incorrectly looking for floating ips using port syntax. It was also not swallowing errors when it should.

  • Images in the cloud with a string property named “properties” caused image normalization to bomb.

  • Fixed an issue where glance image list pagination was being ignored, leading to truncated image lists.

Upgrade Notes

  • Cluster Templates have data model and normalization now. As a result, the detail parameter is now ignored and detailed records are always returned.

  • The attach_volume method now always returns a volume_attachment object. Previously, attach_volume would return a volume object if it was called with wait=True and a volume_attachment object otherwise.

  • shade will now only generate file hashes for glance images if both hashes are empty. If only one is given, the other will be treated as an empty string.

  • Removed designateclient as a dependency. All designate operations are now performed with direct REST calls using keystoneauth Adapter.

  • Server creation calls are now done with direct REST calls.

  • troveclient is no longer a hard dependency. Users who were using shade to construct a troveclient Client object should use os_client_config.make_legacy_client instead.

  • Nova flavor operations are now handled via REST calls instead of via novaclient. There should be no noticable difference.

  • Nova microversion is being requested. Since shade is not yet actively microversion aware, but has been dealing with the 2.0 structures anyway, this should not affect anyone.

  • magnumclient is no longer a direct dependency as magnum API calls are now made directly via REST.

  • All Nova interactions are done via direct REST calls. python-novaclient is no longer a direct dependency of openstack.cloud.

  • The Profile object has been replaced with the use of CloudRegion objects from openstack.config.

  • The openstacksdk specific Session object has been removed.

  • Proxy objects are now subclasses of keystoneauth1.adapter.Adapter.

  • REST interactions all go through TaskManager now.

  • Removed swiftclient as a dependency. All swift operations are now performed with direct REST calls using keystoneauth Adapter.

  • Renamed bare-metal to baremetal to align with the official service type.

  • The block_store service object has been renamed to block_storage to align the API with the official service types.

  • Renamed cluster to clustering to align with the official service type.

  • Renamed telemetry to meter to align with the official service type.

  • If your cloud presents a default split IPv4/IPv6 stack with a public v6 and a private v4 address and you have the expectation that auto_ip should procure a v4 floating ip, you need to set ‘force_ipv4’ to True in your clouds.yaml entry for the cloud.

  • keystoneauth version 3.2.0 or higher is required because of version discovery.

Deprecation Notes

  • Renamed session_client to make_rest_client. session_client will continue to be supported for backwards compatability.

  • external_network and internal_network are deprecated and should be replaced with the list of network dicts.

  • Renamed simple_client to session_client. simple_client will remain as an alias for backwards compat.

Bug Fixes

  • [bug 2001080] Project update will only update the enabled field of projects when enabled=True or enabled=False is passed explicitly. The previous behavior had enabled=True as the default.

  • Fixed caching the volume list when volumes are in use.

  • Fix bug where project_domain_{name,id} was set even if project_{name,id} was not set.

  • Fixed the volume normalization function when used with cinder v2.

  • The create_stack() call was fixed to call the correct iterator method and to return the updated stack object when waiting.

  • The create_server() API call would not use the supplied ‘network’ parameter if the ‘nics’ parameter was also supplied, even though it would be an empty list. It now uses ‘network’ if ‘nics’ is not supplied or if it is an empty list.

  • The returned data from a create_service() call was not being normalized.

  • Delete swift objects uploaded in service of uploading images at the time that the corresponding image is deleted. On some clouds, image uploads are accomplished by uploading the image to swift and then running a task-import. As shade does this action on behalf of the user, it is not reasonable to assume that the user would then be aware of or manage the swift objects shade created, which led to an ongoing leak of swift objects.

  • Upload swift Large Objects as Static Large Objects by default. Shade automatically uploads objects as Large Objects when they are over a segment_size threshold. It had been doing this as Dynamic Large Objects, which sound great, but which have the downside of not deleting their sub-segments when the primary object is deleted. Since nothing in the shade interface exposes that the object was segmented, the user would not know they would also need to find and delete the segments. Instead, we now upload as Static Large Objects which behave as expected and delete segments when the object is deleted.

  • The delete_object() method was not returning True/False, similar to other delete methods. It is now consistent with the other delete APIs.

  • The delete_project() API now conforms to our standard of returning True when the delete succeeds, or False when the project was not found. It would previously raise an expection if the project was not found.

  • delete_image used to fail with an AttributeError if an invalid image name or id was passed, rather than returning False which was the intent. This is worthy of note because it’s a behavior change, but the previous behavior was a bug.

  • When creating a new server, the timeout was not being passed through to floating IP creation, which could also timeout.

  • Fix for list_networks() ignoring any filters.

  • Added missing dependency on futures library for python 2. The depend was missed in testing due to it having been listed in test-requirements already.

  • Fixed an issue where shade could report a floating IP being attached to a server erroneously due to only matching on fixed ip. Changed the lookup to match on port ids. This adds an API call in the case where the workaround is needed because of a bug in the cloud, but in most cases it should have no difference.

  • Fix for update_domain() where ‘name’ was not updatable.

  • Fixed magnum service_type. shade was using it as ‘container’ but the correct type is ‘container-infra’. It’s possible that on old clouds with magnum shade may now do the wrong thing. If that occurs, please file a bug.

  • Setting and unsetting flavor extra specs now works. This had been broken since the 1.2.0 release.

  • Refactor OpenStackConfig._fix_backward_madness() into OpenStackConfig.magic_fixes() that allows subclasses to inject more fixup magic into the flow during get_one_cloud() processing.

  • Fixed a bug related to neutron endpoints that did not have trailing slashes.

  • Fixed issue with ports not having a created_at attribute.

  • Role assignments were being returned as plain dicts instead of Munch objects. This has been corrected.

  • Reverse the order of option selction in OpenStackConfig._validate_auth() to prefer auth options passed in (from argparse) over those found in clouds.yaml. This allows the application to override config profile auth settings.

  • No longer fail in list_router_interfaces() if a router does not have the external_gateway_info key.

  • Keystone service descriptions were missing an attribute describing whether or not the service was enabled. A new ‘enabled’ boolean attribute has been added to the service data.

  • Fixed an issue where a section of code that was supposed to be resetting the SwiftService object was instead resetting the protective mutex around the SwiftService object leading to an exception of “__exit__”

  • shade now correctly does not try to attach a floating ip with auto_ip if the cloud has given a public IPv6 address and the calling context supports IPv6 routing. shade has always used this logic to determine the server ‘interface_ip’, but the auto floating ip was incorrectly only looking at the ‘public_v4’ value to determine whether the server needed additional networking.

  • Added requests and Babel to the direct dependencies list to work around issues with pip installation, entrypoints and transitive dependencies with conflicting exclusion ranges. Packagers of shade do not need to add these two new requirements to shade’s dependency list - they are transitive depends and should be satisfied by the other things in the requirements list. Both will be removed from the list again once the python client libraries that pull them in have been removed.

Other Notes

  • HPCloud vendor profile removed due to cloud shutdown.

  • RunAbove vendor profile removed due to migration to OVH.

  • The contents of x-openstack-request-id are no longer added to object returned. Instead, they are logged to a logger named ‘openstack.cloud.request_ids’.

  • The shade and os-client-config libraries have been merged into python-openstacksdk.

  • Started using reno for release notes.

  • Add citycloud regions for Buffalo, Frankfurt, Karlskrona and Los Angles

  • Add new DreamCompute cloud and deprecate DreamHost cloud