Yoga Series Release Notes

20.4.0

New Features

  • The new heat::executor_thread_pool_size parameter has been added.

20.2.0

New Features

  • Add options to configure pymemcache’s HashClient retrying mechanisms (dogpile.cache) backend.

  • Add cache client retry options for the pymemcache (dogpile.cache) backend.

  • Add socket keepalive options for the pymemcache (dogpile.cache) backend.

  • Now this module supports CentOS 9 and Red Hat Enterprise Linux 9.

  • The system_scope parameter has been added to the heat::keystone::authtoken class.

  • The heat::keystone::auth class now supports customizing roles assigned to the heat service user.

  • The heat::keystone::auth_cfn class now supports customizing roles assigned to the heat service user.

  • The heat::keystone::auth class now supports defining assignmet of system-scoped roles to the heat service user.

  • The heat::keystone::auth_cfn class now supports defining assignmet of system-scoped roles to the heat service user.

Upgrade Notes

  • The heat::amqp_allow_insecure_clients parameter has been removed.

  • The following parameters of the heat class has been removed.

    • database_min_pool_size

    • database_connection

    • database_idle_timeout

    • database_max_overflow

    • database_max_pool_size

    • database_max_retries

    • database_retry_interval

    • sync_db

  • The database_min_pool_size parameter of the heat::db class has been removed.

20.1.0

New Features

  • The heat::engine class now supports the allow_trusts_redelegation parameter.

  • Now puppet-heat supports overiding RequestHeader statements in apache vhost configuration. Use the new request_headers parameter to define the configuration value.

  • The following parameters have been added to the heat::engine class.

    • action_retry_limit

    • max_server_name_length

    • max_interface_check_attempts

    • event_purge_batch_size

    • max_events_per_stack

    • stack_action_timeout

    • error_wait_time

Upgrade Notes

  • Default value of heat::wsgi::apache_api_cfn::vhost_custom_fragment has been updated to undef and now the new request_headers parameter is used to define the default RequestHeader statement. Please update these parameters accordingly.

20.0.0

New Features

  • The new key_val_separator parameter has been added to the heat_api_paste_ini resource type.

  • The new heat::trustee class has been added. This class supports parameters define in the trustee section.

Upgrade Notes

  • Default value of the following three parameters will be changed from true to false in a future release. Make sure the parameter is set to the desired value.

    • heat::wsgi::apache::ssl

    • heat::wsgi::apache_api::ssl

    • heat::wsgi::apache_api_cfn::ssl

Deprecation Notes

  • The heat::trustee class should be included to manage trustee option. This class is included by the heat class and the parameters are defined automatically based on the heat::keystone::authtoken class to keep compatibility but this behavior will be removed in a future release.

19.4.0

New Features

  • The new heat::logging::watch_log_file parameter has been added.

  • Adds new purge_config parameter. When set to true, the policy file is cleared during configuration process. This allows to remove any existing rules before applying them or clean the file when all policies got removed.

19.3.0

New Features

  • The heat::max_stacks_per_tenant parameter has been deprecated in favor of the new heat::engine::max_stacks_per_tenant parameter.

19.1.0

Upgrade Notes

  • Fedora is no longer supported.

19.0.0

New Features

  • There is now a new policy_dirs parameter in the heat::policy class, so one can set a custom path.

  • Two new classes heat::wsgi::uwsgi_api and heat::wsgi::uwsgi_api_cfn exist to allow configuring uwsgi in operating systems that support this (ie: currently Debian). This helps configuring the number of processes, threads and listen socket. Also, two new heat_api_uwsgi_config and heat_api_cfn_uwsgi_config providers now exist.

18.4.0

New Features

  • The new heat::policy::enforce_scope parameter has been added to support the corresponding parameter in oslo.policy library.

  • The new heat::policy::enforce_new_defaults parameter has been added.

18.3.0

New Features

  • Add TLS options to oslo.cache

  • The new heat::healthcheck class has been added. This class manages parameters of healthcheck middlware in oslo.middleware.

18.2.0

Upgrade Notes

  • Now policy.yaml is used by default instead of policy.json.

18.1.0

New Features

  • Adds db_sync_timeout parameter to db sync.

  • The new heat::keystone::authtoken::service_type parameter has been added to configure the service_type parameter in authtoken middleware.

Deprecation Notes

  • allow_insecure_clients option is now deprecated for removal, the parameter has no effect.

  • The following options have been deprecated, as those options have been moved to heat::db class.

    • heat::database_connection

    • heat::database_idle_timeout

    • heat::database_max_overflow

    • heat::database_max_pool_size

    • heat::database_max_retries

    • heat::database_retry_interval

    • heat::sync_db

17.3.0

New Features

  • Add mysql_enable_ndb parameter to select mysql storage engine.

17.2.0

New Features

  • The new heat::keystone::authtoken::interface parameter has been added, which can be used to set the interface parameter in authtoken middleware.

  • It is now possible to configure the max_stacks_per_tenant of heat, which by default, is set to 100 in heat. Since 100 stacks per tenant can be a way too small in some setups, it is convenient to be able to configure this value with puppet.

17.1.0

Deprecation Notes

  • The heat::engine::deferred_auth_method parameters has been deprecated and will be removed in a future release.

  • The heat::engine::heat_watch_server_url parameter has been removed.

16.2.0

New Features

  • The following parameters are added in heat::cache to configure chaching in specific module.

    • constraint_validation_caching

    • constraint_validation_expiration_time

    • service_extension_caching

    • service_extension_expiration_time

    • resource_finder_caching

    • resource_finder_expiration_time

  • Added server_keystone_endpoint_type parameter to heat::engine.

Upgrade Notes

  • Deprecated idle_timeout option has been removed.

Deprecation Notes

  • database_min_pool_size option is now deprecated for removal, the parameter has no effect.

16.1.0

New Features

  • Add new parameter ‘client_retry_limit’ to increase the number of retries in case of transient errors.

  • vhost_custom_fragment was added to heat::wsgi::apache_api so one can configure custom fragments for the Heat API vhost.

15.4.0

New Features

  • Add support to configure service_token_roles in authtoken middleware.

Upgrade Notes

  • Deprecated heat_clients_keystone_uri option has been removed.

15.2.0

New Features

  • Allow users to run the RabbitMQ heartbeat over a native python thread in the oslo.messaging RabbitMQ driver, by using the rabbit_heartbeat_in_pthread option in configuration.

Upgrade Notes

  • The deprecated pki related options check_revocations_for_cached and hash_algorithms option has been removed.

15.1.0

New Features

  • Add support to configure [oslo_middleware]/max_request_body_size with $max_request_body_size.

  • memcache_socket_timeout is changed to float value.

15.0.0

New Features

  • Add openstackclient installation to the client class.

Deprecation Notes

  • database_idle_timeout is deprecated and will be removed in a future release. Please use database_connection_recycle_time instead.

14.4.0

New Features

  • Add the log_file option for logging.

14.3.0

Prelude

In this release Ubuntu has moved all projects that supported it to python3 which means that there will be a lot of changes. The Puppet OpenStack project does not test the upgrade path from python2 to python3 packages so there might be manual steps required when moving to the python3 packages.

New Features

  • Service_token_roles_required missing in the server config file which allows backwards compatibility to ensure that the service tokens are compared against a list of possible roles for validity.

Upgrade Notes

  • This module now requires a puppetlabs-mysql version >= 6.0.0

  • Ubuntu packages are now using python3, the upgrade path is not tested by Puppet OpenStack. Manual steps may be required when upgrading.

14.2.0

New Features

  • Adds the service_description option to config description of the service.

Upgrade Notes

  • The deprecated parameter auth_uri is now removed, please use www_authenticate_uri.

  • The deprecated parameters use_syslog, use_stderr, log_facility, log_dir and debug in the init class is now removed. Please set them in the logging class.

Deprecation Notes

  • The heat::heat_clients_keystone_uri parameter is deprecated, has no effect and will be removed in a future release.

  • check_revocations_for_cached option is now deprecated for removal, the parameter has no effect.

  • hash_algorithms option is now deprecated for removal, the parameter has no effect.

14.1.0

New Features

  • Added new parameter heat::cache::manage_backend_package that is sent to the oslo::cache class which determines if the backend cache python library should be installed or not. Defaults to true same as oslo::cache default value.

13.3.0

Deprecation Notes

  • heat_watch_server_url is deprecated and will be removed in a future release. The Cloudwatch API support was removed from heat, so this parameter does not have any effect.

Bug Fixes

  • Deal with API being run using Apache when restarting the API (e.g. due to configuration changes)

13.1.0

Upgrade Notes

  • The deprecated heat::rabbit_host, heat::rabbit_hosts, heat::rabbit_password, heat::rabbit_port, heat::rabbit_userid and heat::rabbit_virtual_host are now removed. Please use heat::default_transport_url instead.

13.0.0

New Features

  • Adds the pool_timeout option for configuring oslo.db. This will configure this value for pool_timeout with SQLAlchemy.

  • Add openstack-db tag to Exec that run db-sync.

Upgrade Notes

  • The default for the clients_keystone/auth_uri configuration parameter has been updated to use the public Keystone endpoint rather than the admin endpoint, as expected by Heat. To continue using the admin endpoint, use the heat_clients_keystone_uri parameter of the ::heat class.

  • Deprecated keystone::authtoken::revocation_cache_time option has been removed.

Deprecation Notes

  • auth_uri is deprecated and will be removed in a future release. Please use www_authenticate_uri instead.

Bug Fixes

  • Previously the number of heat engine workers was set to $::os_service_default which would use the default from python. Usually this means it will use the number of processors in the system. We have found that this is not an ideal default for large number of cpu systems. We have a provided fact specific to heat engine named $::os_workers_heat_engine. We have changed the default value for the heat engine works to use this fact. This fact will cap the value at 24 but usually is the larger of (number of procs / 2) or 4.

12.3.0

Upgrade Notes

  • Remove support for heat-api-cloudwatch service. It’s been removed from heat since Queens release.

12.2.0

New Features

  • Adds the use_journal option for configuring oslo.log. This will enable passing the logs to journald.

  • Heat has additional configuration option for plugin_dirs parameter. This parameter provides a list of directories to search for plug-ins. This change allows configuration of plugin_dirs parameter in heat.conf file.

12.1.0

New Features

  • Add wsgi_process_display_name option to add customization for wsgi process display name.

  • The access_log_file, access_log_format, error_log_file fields for each apache vhost are now configurable.

  • Expose use_json logging parameter, which enables JSON formatted logging.

12.0.0

New Features

  • Add new parameter ‘default_user_data_format’ to specify the user_data format in the server.

Deprecation Notes

  • revocation_cache_time option is now deprecated for removal, the parameter has no effect.

11.3.0

Deprecation Notes

  • heat::rpc_backend is deprecated and will be removed in a future release. Please use heat::default_transport_url instead.

Other Notes

  • Change rabbit_heartbeat_timeout_threshold param from 0 (disable the heartbeat) and use default value from oslo module (unset param in configuration file).

  • Drop keystone_ec2_uri default value because engine was down when user is checking heat service status and the endpoint was not created in Keystone.

11.2.0

Upgrade Notes

  • Deprecated keystone authtoken signing_dir option is removed in Pike.

11.1.0

New Features

  • Add new parameter ‘reauthentication_auth_method’ for heat re-authentication configuration.

11.0.0

New Features

  • Ability to configure cache for heat using oslo::cache class.

  • Add new parameter “notification_topics”, AMQP topic used for OpenStack notifications.

  • The necessary manifests have been added to run the heat api services over httpd (heat-api, heat-api-cfn, and heat-api-cloudwatch).

  • Support the clients/endpoint_type parameter in ::heat.

10.3.0

New Features

  • Add new parameter “control_exchange”, the default exchange under which topics are scoped. May be overridden by an exchange name specified in the transport_url option.

10.2.0

New Features

  • Passes parameter to keystone authtoken define to manage python-memcache package install.

Deprecation Notes

  • signing_dir option is now deprecated for removal, the parameter has no effect.

10.1.0

Deprecation Notes

  • heat::rabbit_host, heat::rabbit_hosts, heat::rabbit_password, heat::rabbit_port, heat::rabbit_userid and heat::rabbit_virtual_host are deprecated. heat::default_transport_url should be used instead.

Security Issues

  • domain_password in heat::keystone::domain is now required and no default value is provided. It will make sure our users set the value so deployments are more secure.

Bug Fixes

  • Change trusts_delegated_roles to os_service_default, it has changed to [] since Kilo.

Other Notes

  • Management of heat configuration is now optional for heat::keystone::max_nested_stack_depth which allows the maximum depth of nested stacks to be set.

  • removed deprecated heat::auth_uri

  • removed deprecated heat::identity_uri

  • removed deprecated heat::auth_plugin

  • removed deprecated heat::keystone_user

  • removed deprecated heat::keystone_password

  • removed deprecated heat::keystone_tenant

  • removed deprecated heat::keystone_user_domain_name

  • removed deprecated heat::keystone_user_domain_id

  • removed deprecated heat::keystone_project_domain_name

  • removed deprecated heat::keystone_project_domain_id

  • removed deprecated heat::memcached_servers

10.0.0

New Features

  • Allows configuration of [yaql] settings to control memory_quota and limit_iterators settings.

Bug Fixes

  • Fixed documentation for log_dir parameter

Other Notes

  • Management of heat configuration is now optional for heat::keystone::domain which allows you to manage the users and domain seperately from the service configuration.

  • The verbose option was marked to be removed in Ocata, in Newton the option was deprecated.

9.3.0

New Features

  • Configure keystonemiddleware in a consistent way with all options required for Keystone v3.

Deprecation Notes

  • heat::auth_uri is deprecated in favor of heat::keystone::authtoken::auth_uri.

  • heat::identity_uri is deprecated in favor of heat::keystone::authtoken::auth_url.

  • heat::auth_plugin is deprecated in favor of heat::keystone::authtoken::auth_type.

  • heat::keystone_user is deprecated in favor of heat::keystone::authtoken::username.

  • heat::keystone_tenant is deprecated in favor of heat::keystone::authtoken::project_name.

  • heat::keystone_password is deprecated in favor of heat::keystone::authtoken::password.

  • heat::keystone_user_domain_name is deprecated in favor of heat::keystone::authtoken::user_domain_name.

  • heat::keystone_user_domain_id is deprecated, use the name option.

  • heat::keystone_project_domain_name is deprecated in favor of heat::keystone::authtoken::project_domain_name.

  • heat::keystone_project_domain_id is deprecated, use the name option.

  • heat::memcached_servers is deprecated in favor of heat::keystone::authtoken::memcached_servers.

9.2.0

New Features

  • Add environment_dir and template_dir options to config.

  • allows configuring CORS settings.

9.1.0

Bug Fixes

  • The keystone auth class has been updated to provide a default service_name to allow a user to specify a custom auth_name that may not contain the name of the service.

  • Added the ability to manage the memcached servers for keystone_authtoken in heat

9.0.0

New Features

  • Add support for oslo_messaging_amqp backend via puppet-oslo resource

  • Add oslo.messaging transport_url parameters via puppet-oslo resource

  • Add api_paste type/provider.

  • Implement crontab to purge deleted data using heat-manage purge_deleted tool.

  • Support of PyMySQL driver for MySQL backend.

  • Switch to puppet-oslo resource usage (instead of manual configuration file editing).

  • Release notes are no longer maintained by hand, we now use the reno tool to manage them.

  • Configure “trustee” and “clients_keystone” sections. Support auth_plugin and versionless auth urls.

Upgrade Notes

  • Removed deprecated options “keystone_host”, “keystone_port”, “keystone_protocol”.

Deprecation Notes

  • Remove QPID messaging support. Qpid messaging driver is removed from oslo.messaging so we won’t support anymore.

  • verbose option is now deprecated for removal, the parameter has no effect.

  • Deprecated “admin_user”, “admin_password” and “admin_tenant_name” options in favour of auth_plugin auth method.

Other Notes

  • Drop all Qpid support, it was removed from Oslo in Mitaka.