This has been deprecated for years and is incompatible with deploying
multiple heat-engine processes. Let's at least not turn it on by default.
Change-Id: Iabddbd65be9000a30a5714b26658ea6acea0e103
1. Add a configuration option to enable/disable template parameters
encryption.
2. Encrypt hidden parameters before storing them in the database and
decrypt on stack load.
Change-Id: Ie46c6a149f414f655600616da8deee463e55671c
Implements: blueprint encrypt-hidden-parameters
Co-Authored-By: Jason Dunsmore <jasondunsmore@gmail.com>
Add a "hidden_stack_tags" option that contains a list of tag names.
Stacks that have one or more of these tags will be hidden.
Add an option to show hidden stacks in the stack listing.
blueprint stack-tags
Change-Id: I45a5ac6d73a9a61629a56f88270e3a97fafb378a
If auth_encryption_key length is not 16 or 24 or 32 in that case
heat operations such as stack-creates fails. This check has been
added.
Change-Id: Ic653d18dbb7523ca5286ae0951eb86ad72cbdb13
Closes-bug: #1415887
Now that we have decouple-nested merged, it makes sense
to enable more workers. oslo has a function just for this
processutils.get_worker_count()
Also set the number to 2 for functional tests to
not overly consume too much memory but still test
the multi worker path.
Change-Id: I86d1e8bb1813ccdee959f7a0fe78867dde7d21b5
Closes-bug: 1434339
Add a startup_warnings() function in place to add other
warnings there if at all possible.
Change-Id: I4d8d02feccc42c2f3486f52bad488922eb08bbca
Closes-bug: 1434286
This is a mechanism whereby when heat processes
a stack VM resource, the stack id, root stack id,
stack resource id, stack resource name and the
path in the stack (as a list of tuples,
(stackresourcename, stackname)) can be passed to
nova by heat as scheduler hints, to the
configured schedulers for nova.
Implements: blueprint stack-lifecycle-scheduler-hint
Co-Authored-By: Karolyn Chambers <chamberk@us.ibm.com>
Change-Id: I3e006339a41c469451bc3ee740018b285d3e0a65
This change adds config options so that operators can choose the default
transports for server software_config_transport and deployment
signal_transport. With properly set config values, templates should
have no need for setting these options at all, making templates more
portable across clouds.
The defaults currently are the cfn transports but consideration could be
made in the future to switch to swift.
Downstream deployment tools (puppet etc) would have enough information
to set the best heat.conf values, with something like the following
logic:
- if there is an object-store endpoint, set for *TEMP_URL*
- if there is no cloudformation endpoint, set for *HEAT*
- else set for *CFN*
Change-Id: I5f3d41db35e380486051cee432a7190b3c51fa00
Related-Blueprint: software-config-swift-signal
Increase current value due to several requests from users who
use provider resources or services like Sahara, who wants to use
nested resource groups.
Closes-Bug: #1331227
Change-Id: Iaa2c8d4bf125a9b1059ccfb2b31db8a7b18331ce
The oslo-incubator log modlule has been removed, so port to the oslo_log
library. Note this uses the new (non namespaced, e.g oslo.log) import
convention, we'll need to align other imports in a future commit.
Some import reordering was required due to pedantic H30[57] checks, and
the services have all been converted to initialize the oslo_log library
as this is done differently to the log.py in incubator.
Change-Id: Ib5a97123fe1b287bc531e42d7887c13ba6205628
This patch adds column 'convergence' to stack table
and configuration option 'convergence_engine'. If
'convergence_engine' equals True, new stacks are created,
updated and backuped with convergence column equals
True and old stacks are updated and backuped with
convergence column equals False. Otherwise convergence
column equals False.
blueprint convergence-config-option
Change-Id: I34d6fa3a0e387140914f5060c06be890640a970f
Use parentheses instead of backslash for line continuation.
Plus, usage of escaped quotes in long strings is avoided where it makes
sense.
Change-Id: If2e78012b85a4430c6f03f65784cac2d032cf116
Add secret=True to option stack_domain_admin_password,
so that will avoid logging this option in engine.log.
Closes-Bug: #1392162
Change-Id: I04071f37a0053b969dc31a69e62ba9abb075c590
This change enables clients that have no specific settings in
the [clients_xxx] sections of the configuration file to get defaults
from the [clients] section.
Change-Id: I071bd77a2e1f0ad366b80c095917a8debc5cef2b
Closes-Bug: 1379958
This change the default value of the option
'trusts_delegated_roles' to []. And delegate all of
the trustor roles when create the trust unless
user set the option to subset roles.
Change-Id: I3f1b70b78b91bfac9af5fadb71140679b208c999
Closes-bug: #1376562
This adds builtin rpc and db traces to Heat, as well as
some toplevel stack methods to aid in reading the output.
A 'profiler' config group is added to enable profiling.
Change-Id: Ie5c1c8f1931f59e4d4bcf1ec3b791f55984eb6d2
Closes-bug: #1363782
This also adds a deprecation warning.
This also changes the default to use Ceilometer.
Release message:
Anyone deploying Heat should not be using OS::Heat::CWLiteAlarm, but
OS::Ceilometer::Alarm.
CWLiteAlarm should be explictly disabled in /etc/heat/heat.conf by
setting "enable_cloud_watch_lite=false". This will stop Heat from
running a period task check for alarms.
DocImpact
Change-Id: I2a10c14772bdafc001e211d7e94502ac1f6b32b1
Closes-bug: #1322128
This change does the following:
- reverts commit 04de60093b
- reimplements Resource.is_using_neutron to check for neutron by
attempting to create a neutron client
- fix mocking in tests for changes which landed after 04de600
If there is no 'network' entry in the service catalog then
keystoneclient will raise an EndpointNotFound. The context will
already have a keystone client cached which has a full service catalog
locally, so calling is_using_neutron should have no particular overhead.
This fixes a tripleo regression where the autodetection is triggered
before keystone is ready, so that heat-engine fails to start. This
race does not affect devstack as keystone is fully configured before
heat services are started.
Not adding config option networking_service will also prevent
extra work required by downstream installation tools.
Change-Id: I45a6154fa560f672d8d1942bf57f39601110bfc6
Closes-Bug: #1362812
Adds a heat.conf option to set the OpenStack component responsible for
networking, and makes heat-engine auto-discover the networking service
on start up if such option is not set.
Also adds a convenience method to Resource class to let resources decide
what networking service to use.
Implements blueprint discover-networking-service
Change-Id: If7121089068cc2d2774bedb73e4e252b520eb5b3
This patch enables heat to output the details of requests
to cinder and responses from cinder
(including 'x-openstack-request-id' in the response header)
to the log.
Change-Id: I714c87e538bc3a51dce6a48e584824cf7f954bcf
Closes-bug: #1329613
On resource create, if a ResourceInFailure is raised then
repeated attempts are made to delete and recreate the resource
until success or a different error state is achieved.
Likewise, the prepare-retry deletes will be retried until
ResourceInFailure is not raised.
An exponentially increasing delay with jitter is introduced
between each create attempt, and attempts continue up to the configured
action_retry_limit or stack operation timeout.
Likewise An exponentially increasing delay with jitter is introduced
between each prepre-retry delete attempt, and delete attempts
continue up to the configured action_retry_limit or stack operation
timeout. The delete attempt count is reset to zero whenever a create
attempt has been performed.
Creates that result from an UpdateReplace will also go
through this path, so this is also helps some stack update scenarios.
This change is aimed at being part of an interim solution to making
heat resilient to transient cloud failures. Convergence is the
permanent solution however there may be benefits to the convergence
implementation from this interim effort.
Currently retry is only attempted on ResourceInFailure. Eventually
client plugins can indicate whether a given exception should lead
to a retry attempt (such as connection errors, some 500s).
Partial-Blueprint: retry-failed-api-calls
Change-Id: I07c3301349bcd24096f3cafbb6d82c43bccb93de
Build upon cceda95a35 apply Oslo systemd
module. It was imported in aef33d2d71. It
also drops heat.common.systemd and deprecates onready configuration
parameter.
Oslo commit 53e1214c092f09e3851b1a1b55289a93a72b09ec
Change-Id: I80f325c9be9c171c2dc8d5526570bf64f0f87c78
When using keystoneclient (heat.common.heat_keystoneclient) to
perform actions, support the use of domain_name instead of
exclusively domain_id.
The new config option to use domain_name instead of domain_id
is ``stack_user_domain_name``. If ``stack_user_domain_id`` option
is set (renamed from ``stack_user_domain``), the new
domain_name-specific option will be ignored.
Change-Id: I0d3937a98b95100ccaaaf7a46d3ed722aba27de3
Closes-Bug: #1313003
Move from oslo RPC to oslo.messaging.
Implements: blueprint oslo-messaging
Co-Authored-By: sdake@redhat.com
Change-Id: I2d222c248dd2cd405b8ec35c4c8198ed001fb69f
To prevent this message from being logged during unit tests runs
or heat-manage calls, the following changes have been made:
* Make the instance_users deprecation warning use "warnings" and
move to engine init
* patch out warnings for engine tests
* do not log barbican or marconi if importing their clients fails
Change-Id: Icc4be26bf334a6ce31ad3b8fe9fd244cd9e37be2
Closes-Bug: #1333408
This patch enables heat to output
'x-openstack-request-id'/'x-compute-request-id'
of nova's responses to the log.
DocImpact: There is a new novaclient configuration
option 'http_log_debug' in heat.common.config
Change-Id: Id085af411c6d4ceddce1a75022c4baec9a8210ce
Closes-bug: #1329612
This starts using entry points to generate configuration for the
common.config and the common.wsgi modules, as they use entries with the
same name in different groups.
This also removes configuration for sslutils which is unused, and
re-enable the check for up-to-date configuration.
Co-Authored-By: ala.rezmerita@cloudwatt.com
Closes-Bug: #1288586
Change-Id: If48c62bbb2b1fb641791dad56f7f905e483080fa
Add a clients_glance section in common config to be able to specify
dedicated options for accessing the glance service.
Change-Id: Ic2783cb04b8e4f081aad0f7f4a5789a283d43bfa
Closes-Bug: #1324950
Commit https://review.openstack.org/#/c/94255/1 introduces check for
translating log messages. This check uses in pattern name 'LOG', so in
heat code also should be used this name intead of 'logger'. Also same
name is used in other projects.
Change-Id: Iba24c7eb1c13e68a91d090d7bcdbcb40d6e16071
Partial-Bug: #1321283
This patch fixes all the missed and newly introduced violations of the H306
style checking rule and enables it in tox.
Change-Id: I5566e66421d5397c0103958f02ea38e6e3c68892
Implements: blueprint reduce-flake8-ignored-rules (partial)
This reverts commit 5604168784.
Problems have been reported on systems using QPID. The gate only tests
RabbitMQ.
Change-Id: Iaf83dc7582835ce5bf4534116c918640da7373aa
Partial-Bug: #1321303
Zane Bitter