Ask Your Question

update security group with Heat

asked 2016-07-15 06:11:47 -0500

deepinside gravatar image

I use heat template to create/change security group. As we need to add new rules for the created security group, we update the template to a new version. However, there is an issue with the update. So the stack-update result is "update failed". We fix the error in the template and re-run stack-update. Looks like that the Heat engine doesn't update the existing security group any more. Instead, it creates a new security group (with new UUID but same name) and deletes the old "update failed" security group.

The behaviour introduces issue to us as some VMs are associated with old security groups. So these VMs lost their security group association.

Is there any way which we keep the same UUID even the update failed?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2016-07-28 07:59:27 -0500

zaneb gravatar image

No, in general if a resource fails (i.e. moves to a *_FAILED state) then Heat can't know whether it is recoverable or not, and will therefore always replace it on the next update.

However, it should also update any VMs in the template that were referencing the security group resource to associate with the new security group. If that's not the case then please raise a bug.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2016-07-15 06:11:47 -0500

Seen: 657 times

Last updated: Jul 28 '16