Running Orquesta Serverless

6/18/2019 by m4dcoder

Orquesta is the new workflow engine in StackStorm. If you are on the fence choosing which workflow services to use from AWS, Azure, or GCP and you are thinking that this post is too long to read, then just skip ahead and run StackStorm.


Machine Learning driven Closed Loop Automation

June 12, 2019
By Benoit Lourdelet

The agility at which the business can respond to real-life situations is proportional to the level of digitization that has been implemented in the business. For a business to nimble and agile, it is imperative that all the processes be delivered as a digital service that can be provisioned, monitored and remediated by an automation logic at the core of the business. The automation logic should follow the Monitor, Assess, Plan and Execute (MAPE) loop methodology to provide a complete closed-loop automation system for the digital business. Click below to see a video demonstrating using StackStorm with Machine Learning to do this.


Dmitri says “good bye”

by Dmitri Zimine

Dear StackStorm. You have grown up. The time has come for us to part ways. You will continue the life of mature, established open-source project, with growing community. I will step aside, watch with pride your successes, and be always here to help when you need me. READ MORE…

StackStorm v3.0.1

May 30, 2019
By Tomaz Muraus

Today we are happy to announce StackStorm v3.0.1.

This is a first bug fix patch / patch release in the v3.0.x release series. It includes the following bug fixes and improvements:

  • Fix a bug in the remote command and script runner so it correctly uses SSH port from a SSH config
    file if ssh_runner.use_ssh_config parameter is set to True and if a custom (non-default)
    value for SSH port is specified in the configured SSH config file
  • Update pack install action so it works correctly when python_versions pack.yaml metadata attribute is used in combination with --python3 ” st2 pack install” flag.
  • Add source_channel back to the context used by Mistral workflows for executions which are triggered via ChatOps (using action alias). In StackStorm v3.0.0, this variable was inadvertently removed from the context used by Mistral workflows.
  • Fix a bug with timestamp attribute in the execution.log attribute being incorrect when server time where st2api is running was not set to UTC.
  • Fix a bug with some packs which use --python3 flag (running Python 3 actions on installation where StackStorm components run under Python 2) which rely on modules from Python 3 standard library which are also available in Python 2 site-packages (e.g. concurrent) not working correctly. In such scenario, package / module was incorrectly loaded from Python 2 site-packages instead of Python 3 standard library which broke such packs.
  • Remove policy-delayed status to avoid bouncing between delayed statuses in st2scheduler service.
  • Truncate some database index names so they are less than 65 characters long in total. This way it also works with AWS DocumentDB which doesn’t support longer index name at the moment.

    NOTE: AWS DocumentDB is not officially supported. Use at your own risk.
  • Fix a possible shell injection in the linux.service action. User who had access to run this action could cause a shell command injection by passing a compromised value for either the service or action parameter.


Thanks to everyone who has contributed to this release.

Special thanks to James Robinson (Netskope and Veracode) for reporting the security issue in linux.service action.


As always, make sure you have backups first. Then follow the standard Upgrade Instructions.

It’s Here: StackStorm 3.0

April 29, 2019

By Lindsay Hill

It’s here at last: StackStorm 3.0. This is a big release for us: Orquesta is GA, and Workflow Designer has a great new look & feel, massively improving usability. We’ve added Microsoft Teams support, Inquiries also goes GA, and more. Here’s all the details: READ MORE…

New Feature: Output Schema

April 9, 2019
by Lindsay Hill

We added support for Output Schema in StackStorm 2.9. This feature has been “under the radar” for a while. Time to shed a little light, explain what it is, how to use it, and why we added this feature. Read on!


What’s new in ST2 Exchange?

March 25, 2019
by Lindsay Hill

Hey folks, been a little while since we’ve done a roundup of new & interesting pack updates. This time it’s Telegram, vSphere, Terraform, Napalm, Icinga2 and more. We’ve also been doing some background preparation work for Python 3. Read on for the full details.


StackStorm v2.10.4

March 15, 2019
By Tomaz Muraus

Today we are happy to announce StackStorm v2.10.4.

This is another bug fix release in the v2.10.x release series. It includes the following bug fixes and improvements:

  • Fix inadvertent regression in notifier service which would cause generic action trigger to only be dispatched for completed states even if custom states were specified using action_sensor.emit_when config option.
  • Make sure we don’t log auth token and api key inside st2api log file if those values are provided via query parameter and not header (?x-auth-token=foo, ?st2-api-key=bar).
  • Fix rendering of {{ config_context. }} in orquesta task that references action from a different pack
  • Add missing default config location (/etc/st2/st2.conf) to the following services: st2actionrunner, st2scheduler, st2workflowengine.
  • Update statsd metrics driver so any exception thrown by statsd library is treated as non-fatal.


As always, make sure you have backups first. Then follow the standard Upgrade Instructions.

StackStorm 2.9.3/2.10.3

March 8, 2019
By Matt Stone

In the last couple of weeks StackStorm has published back-to-back releases. 2.10.2 is a traditional patch release from StackStorm, and you’ll find some of the highlights below. 2.10.3 and 2.9.3; however, are releases to address CVE-2019-9580. I want to thank Barak Tawily and Anna Tsibulskaya: the researchers who discovered and submitted a patch for the issue.

The issue found by Barak and Anna is an improper handling of CORS headers. Specifically what the StackStorm API returned for Access-Control-Allow-Origin. Prior to 2.10.3/2.9.3, if the origin of the request was unknown, we would return null. As Mozilla’s documentation will show, and client behavior will back up, null can result in a successful request from an unknown origin in some clients. Allowing the possibility of XSS style attacks against the StackStorm API. The fix for this is relatively straightforward, and, as of 2.10.3/2.9.3, if the origin is unknown StackStorm will return the first valid origin in the Access-Control-Allow-Origin header.

Thanks again to Barak and Anna for the report, and if you are a researcher or user that discovers a security issue please reach out to moc.mrotskcatsnull@ofni.

Now back to our regularly scheduled release blog.

Our latest release continues StackStorm on its journey to 3.0, and has a plethora of bug and performance fixes. We continue to bring Orquesta closer to GA, and the community has been an great asset both reporting new issues as well as providing new feature requests. Some of the release highlights include:

  • Add support for various new SSL / TLS related config options to the messaging section in st2.conf config file.
  • Metrics instrumentation for the st2notifier service
  • Fix datastore value encryption and make sure it also works correctly for unicode (non-ascii) values.
  • Moved the lock from concurrency policies into the scheduler to fix a race condition when there are multiple scheduler instances scheduling execution for action with concurrency policies.

As always, you can check the release notes for the complete list of changes. We’ll see you again soon for 3.0.

2018 Year in Review & 2019 StackStorm User Survey

Jan 30, 2019
By Tomaz Muraus

2018 is behind us and first of all we would like to thank all of our users, community members and customers for supporting us and making 2018 a successful year.

In this post we would like to have a look at the various things we have released and important milestones we have reached in 2018.

In addition to that, we would like to ask you to spare 10 minutes of your time by completing the StackStorm 2019 User Survey. Completing the survey will give us a better idea on how you use StackStorm. This will help us prioritize our feature development for 2019, make StackStorm better and help you become more successful.