Implements: User, group, role and project lookup across domains.
Added domain parameter to keystone lookup functions.
Heat templates now support user{domain}, group{domain},
role{domain} and project{domain} to support cross domain
lookup. Keystone constrains will also work across domain.
Release note added.
Story: 2005523
Task: 30642
Change-Id: I2b02787bd8883ced631b81174cee9134445bf170
Fedora CoreOS will replace Fedora Atomic being the next generation
container OS. So it would be nice to support Fedora CoreOS in Heat.
In Fedora CoreOS, the cloud-init will be replaced with Ignition[1],
so the changes proposed in this patch are mainly focusing on how to
support Ignition when using Heat SOFTWARE_CONFIG with Ignition.
Task: 36671
Story: 2006566
Change-Id: I11df2431634de7d8b584b1a2ac733d43959e34fc
Add file to the reno documentation build to show release notes for
stable/train.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/train.
Change-Id: Iffb1374dacda4cef97b5128105dccb984f9a5554
Sem-Ver: feature
Some options are now automatically configured by the version 1.20:
- project
- html_last_updated_fmt
- latex_engine
- latex_elements
- version
- release.
Change-Id: Ie6b9bdc0cdb6939903920806334f71aa6133c12b
Added a new config option to specify the keystone authentication
endpoint to pass into cloud-init data.
Heat code currently has several different methods of retrieving the
keystone endpoint to embed into cloud-init data for created
servers. This data is currently read from several different parts
of the heat config file rather than the service catalog which results
in URLs being passed which are appropriate for the heat service rather
than the server. In particular there can be misconfiguration of
servers due to deployments which separate the internal and
external API endpoints.
This patch introduces a new config variable
server_keystone_endpoint_type which if set
reads the keystone endpoint directly from the service catalog,
if it is unset the original behavior is unchanged.
story: 2004808
task: 28967
story: 2004524
Change-Id: I5d8fc5977014b196c34f4a59a30a7525bc778359
Add doc for multi-clouds support in template guide.
Also remove redundant credential information in multi-clouds
integration test.
Change-Id: I76c6427b7bbdac2af3b7f01aff1b0541e56b3653
Story: #2002126
Task: #19808
While Neutron may technically allow updating the requested MAC address
of a port (for admin users only), in practice this only appears to work
when the port is not in use. Use Heat's replace-on-update flow, which is
designed to handle resources that are in use, to deal with changes to
the requested MAC.
Change-Id: I278584ecfe59a338d3135416527d9d3332808d2a
Depends-On: https://review.opendev.org/665692
Task: 31012
If you set up heat with trusts enabled, heat fails to create remote
stack since by default it creates trusts with turned off redelegation.
This commit adds a new option `allow_trusts_redelegation`
(False by default) which, when enabled together with
`reauthentication_auth_method` set to `trusts` will make Heat to create
trusts with allow_redelegation=True, both for trusts used for deferred
auth and for long creating stacks.
Change-Id: I73e73455139a87fb798fd8a4651c075a91be75fd
Story: #2005062
Task: 29606
Task: 17266
Add file to the reno documentation build to show release notes for
stable/stein.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/stein.
Change-Id: I51c12c8cbd90c913e928711bfb31e77ad636d8c7
Sem-Ver: feature
Allow the user to set the CA cert for SSL option for contacting the
remote Heat in the properties of an OS::Heat::Stack resource.
Story: #1702645
Task: #17270
Change-Id: I37528bb2b881a196216a7e6e23af871ab0f313d6
Allow OS::Heat::Stack to access remote stack from another OpenStack
provider. Also enable functional tests for multi-cloud.
Implement multi-cloud support as an extension to the existing multi-region
support. Allow operate a remote stack (from another OpenStack cloud) as a
resource in stack from local OpenStack cloud.
I propose we add multi cloud support into ``OS::Heat::Stack`` and change the
property schema for ``context``. Within context, we should adding
following properties:
* credential_secret_id: ID of Barbican Secret. Which stores authN
information for remote cloud.
Service will use auth information from Barbican Secret to access
Orchestration service in another OpenStack.
Must make sure you're able toget that secret from Barbican service when
provide `credential_secret_id` property.
Story: #2002126
Task: #26907
Depends-On: https://review.openstack.org/579750
Change-Id: I2f3de3e7c29cf7debb1474228c8a9a81725a72ed
This patch deprecate personality property for `OS::Nova::Server`.
Since that property is deprecated by nova since version 2.57,
we should plan to Hidden that property soon.
please use ``user_data`` or ``metadata`` instead. If that
property really required, use config ``max_nova_api_microversion``
to set the maximum nova API microversion <2.57 for nova client
plugin to support personality property.
Add config option ``max_nova_api_microversion`` to set the maximum
nova API microversion for nova client plugin.
Story: #2004188
Task: #29979
Change-Id: I1852739e818ec67ac5a821e436e243eaa72f0938
The Neutron extension for layer2 gateway (networking-l2gw) provides a API to
manage L2GW components. The proposed change is to implement two new Heat
resources to allow management of the L2GW and L2GW-connection resources.
This change implements the first of the two resources,
OS::Neutron::L2Gateway
Change-Id: Ib850f027833106cb39d3d1f6e644bbb1f79f1aac
Task: #19995
Story: #2002150
The Neutron extension for layer2 gateway (networking-l2gw) provides a API to
manage L2GW components. The proposed change is to implement two new Heat
resources to allow management of the L2GW and L2GW-connection resources.
This change implements the 2nd of two resources,
OS::Neutron::L2GatewayConnection
Change-Id: I2295acafa652ace7180d1250c85f8ee079351628
Task: #23118
Story: #2002150
Add a OS::Blazar::Host resource plugin to support Blazar which is a
resource reservation services in OpenStack.
Co-author: Asmita Singh <Asmita.Singh@nttdata.com>
Change-Id: Ie5b9373681943222268eb9144740f5733ffef750
Task: 22881
Story: 2002085
Add a OS::Blazar::Lease resource plugin to support Blazar which is a
resource reservation services in OpenStack.
Co-author: Asmita Singh <Asmita.Singh@nttdata.com>
Change-Id: I7683599d9e9443372d1f585985cee7c10fd08581
Task: 22882
Story: 2002085
Ensure that if the user provides non-ASCII descriptions or e.g. allowed
values in a template, that we can print them correctly wherever they
appear in API output (such as in error messages). Also allow all default
error messages to be localised.
Change-Id: Id2c309a33634b35a4f1f8b7ddf252db22bc46625
Story: #2003096
Task: 23188
Rank all existing versions of a resource in a convergence stack to improve
the likelihood that we find the best one to update.
This allows us to roll back to the original version of a resource (or
even attempt an in-place update of it) when replacing it has failed.
Previously this only worked during automatic rollback; on subsequent
updates we would always work on the failed replacement (which inevitably
meant attempting another replacement in almost all cases).
Change-Id: Ia231fae85d1ddb9fc7b7de4e82cec0c0e0fd06b7
Story: #2003579
Task: 24881
This adds a new resource to support import of glance web-download. It
replaces the old image source using glance v1.
Story: #2004772
Task: #28891
Change-Id: Iae66aa82d6b90738e4f32ee254b9f0c8275a8c87
