Ask Your Question
0

update security group with Heat

asked 2016-07-15 06:11:47 -0500

deepinside gravatar image

I use heat template to create/change security group. As we need to add new rules for the created security group, we update the template to a new version. However, there is an issue with the update. So the stack-update result is "update failed". We fix the error in the template and re-run stack-update. Looks like that the Heat engine doesn't update the existing security group any more. Instead, it creates a new security group (with new UUID but same name) and deletes the old "update failed" security group.

The behaviour introduces issue to us as some VMs are associated with old security groups. So these VMs lost their security group association.

Is there any way which we keep the same UUID even the update failed?

edit retag flag offensive close merge delete
add a comment

1 answer

Sort by ยป oldest newest most voted
0

answered 2016-07-28 07:59:27 -0500

zaneb gravatar image

No, in general if a resource fails (i.e. moves to a *_FAILED state) then Heat can't know whether it is recoverable or not, and will therefore always replace it on the next update.

However, it should also update any VMs in the template that were referencing the security group resource to associate with the new security group. If that's not the case then please raise a bug.

edit flag offensive delete link more
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2016-07-15 06:11:47 -0500

Seen: 657 times

Last updated: Jul 28 '16

Related questions

Grizzly Firewall security group for ICMP

How is DSCP supported on openstack ?

heat multi cloud

murano vs heat [closed]

anti-spoofing in libvirt

heat deployment on launched VMs

HOT template - boot instance from volume

Type in ResourceGroup and get_param

Heat vs Ansible Questions

Why is the general purpose architecture considered inappropriate for increased security needs?