- openstack-discuss - lists.openstack.org

[release] Release countdown for week R-20, May 12 - May 16
by Elõd Illés 09 May '25

09 May '25

Development Focus ----------------- The Flamingo-1 milestone is next week, on May 15th, 2025! Project team plans for the 2025.2 Flamingo cycle should now be solidified. General Information ------------------- Libraries need to be released at least once per milestone period. Next week, the release team will propose releases for any library which had changes but has not been otherwise released since the 2025.1 Epoxy release. PTL's or release liaisons, please watch for these and give a +1 to acknowledge them. If there is some reason to hold off on a release, let us know that as well, by posting a -1. If we do not hear anything at all by the end of the week, we will assume things are OK to proceed. NB: If one of your libraries is still releasing 0.x versions, start thinking about when it will be appropriate to do a 1.0 version. The version number does signal the state, real or perceived, of the library, so we strongly encourage going to a full major version once things are in a good and usable state. Upcoming Deadlines & Dates -------------------------- Flamingo-1 milestone: May 15th, 2025 Előd Illés irc: elodilles @ #openstack-release

1 0

[watcher] Deprecate noisy neighbor strategy
by Douglas Viroel 09 May '25

09 May '25

Hello everyone, As discussed during the Flamingo PTG[1], it was decided to deprecate the noisy neighbor strategy[2] during this cycle. The main issue with this strategy is that it's limited to analyze only Last Level Cache metrics, which are not available anymore, since Nova dropped Intel CMT support in the Victoria release[3]. We still plan to keep the noisy_neighbor goal since some people have interest in developing a new strategy for it. Let us know if there are any objections. A patch to deprecate the strategy is now proposed [4]. [1] https://etherpad.opendev.org/p/apr2025-ptg-watcher#L219 [2] https://docs.openstack.org/watcher/2025.1/strategies/noisy_neighbor.html [3] https://docs.openstack.org/releasenotes/nova/victoria.html#relnotes-22-0-0-… [4] https://review.opendev.org/c/openstack/watcher/+/949065 BR, -- Douglas Viroel - dviroel

1 0

[ops][upgrades][slurp] Seeking OpenStack Upgrade Case Studies
by Allison Price 08 May '25

08 May '25

Hi everyone, We have now published two case studies from OpenStack users who have implemented and are benefiting from the SLURP upgrade process[1]: Cleura[2] and Indiana University[3] I wanted to follow up to see if there are other organizations who have implemented the SLURP upgrade process who would like to tell your story? If we can get a few more, I would love to schedule an OpenInfra Live to deep dive into the improvements made around OpenStack upgrades and what users stuck on older releases should know. If you are interested, please let me know. And even if you’re not but you’re still using OpenStack—please remember to take the OpenStack User Survey[4] so we can learn more! Thanks! Allison [1] https://docs.openstack.org/project-team-guide/release-cadence-adjustment.ht… [2]https://superuser.openinfra.org/articles/streamlining-openstack-upgrades-… [3] https://superuser.openinfra.org/articles/streamlining-openstack-upgrades-a-… [4] https://www.openstack.org/user-survey

3 10

[skyline-console] Default project
by Michael Knox 08 May '25

08 May '25

Hey folks, I don't seem to see how Skyline-console uses a "default" project. We are use Skyline in our lab, across multiple projects, but when I log in, I always land in "admin" The link to change project works fine, but the "Default" link just brings up the same modal, nothing seems to be session stored if I set knox to be my default. Is there something I am missing or is this a "to be implemented" thing? [image: CleanShot 2025-05-08 at 14.43.30(a)2x.png] Cheers Michael

2 2

[tc][ops][deployment] Bulk removal of wsgi scripts
by Stephen Finucane 08 May '25

08 May '25

o/ As I noted nearly 18 months ago [1], changes in the Python packaging ecosystem are forcing our hand with regards to the necessity of to both add 'pyproject.toml' files and remove support for pbr's 'wsgi_scripts' entrypoint feature. I was out last week and the week prior, but it seems there's been been a burst of activity around both areas owning to some setuptools issues. This is great to see, and the latter in particular will finally fulfil a community goal that was approved over a year ago [2]. Unfortunately, as a result of the delay in service projects addressing this goal, it seems likely (IMO) that we're not going to be able to wait two release cycles (until H, for projects only adding these modules now in F) to drop the wsgi scripts. This is because the setuptools maintainers understandably have little interest in maintaining the easy_install APIs that we had been relying on to date as public APIs, which means it's very likely that this feature will break in pbr sooner rather than later. This being the case, I'd like to suggest that we rip the band aid off, and proceed with both adding new '$service.wsgi' modules and removing the old '$service-wsgi' scripts in the *same release*. To some degree, this ship has already sailed and at least Designate and Octavia have already done this [3][4] (and others like Magnum are planning to do so [5]) but I'd like to at least let deployment tooling folks know that this will be happening en masse. (It would also be nice to be able to plough on and close this effort off in the likes of Nova and Placement, rather than waiting as Sean Mooney is suggesting [6][7] :).) Please let me know if anyone has any concerns. If not, I'll take silence as tacit agreement and (a) keep pursuing this approach in other services that are currently broken (like Masakari [8]) and (b) poke Sean with increasingly sharp sticks until they approve those Nova and Placement patches. Cheers, Stephen [1] https://lists.openstack.org/archives/list/openstack-discuss@lists.openstack… [2] https://review.opendev.org/c/openstack/governance/+/902807 [3] https://review.opendev.org/c/openstack/designate/+/902846 [4] https://review.opendev.org/c/openstack/octavia/+/902812 [5] https://review.opendev.org/c/openstack/magnum/+/949110 [6] https://review.opendev.org/c/openstack/nova/+/902688 [7] https://review.opendev.org/c/openstack/placement/+/919582 [8] https://review.opendev.org/c/openstack/masakari/+/949154

5 7

[OSSA-2025-001] Ironic fails to restrict paths used for file:// image URLs (CVE-2025-44021)
by Jay Faulkner 08 May '25

08 May '25

========================================================================= OSSA-2025-001: Ironic fails to restrict paths used forfile:// image URLs ========================================================================= :Date: May 08, 2024 :CVE: CVE-2025-44021 Affects ~~~~~~~ - Ironic: <24.1.3, >=25.0.0 <26.1.1, >=27.0.0, <29.0.1 Description ~~~~~~~~~~~ Julia Kreger of Red Hat noticed a vulnerability in image handling for Ironic. A malicious project assigned as a node owner can provide a path to any local file readable by the ironic-conductor which may then be written to the target node disk. This is only possible via deployments performed directly via Ironic's API and cannot be triggered via Nova's virt driver. This is difficult to exploit in practice, as a node deployed in this manner should not ever reach ACTIVE state, but it still represents a danger in environments running with non-default, insecure configurations such as with automated cleaning disabled. Patches ~~~~~~~ -https://review.opendev.org/c/openstack/ironic/+/949175 (2024.1/caracal) -https://review.opendev.org/c/openstack/ironic/+/949174 (2024.2/dalmatian) -https://review.opendev.org/c/openstack/ironic/+/949173 (2025.1/epoxy) - Patch attached tohttps://bugs.launchpad.net/ironic/+bug/2107847/comments/47 (Bobcat/2023.2-eol) -https://review.opendev.org/c/openstack/ironic/+/949186 (Bugfix/26.0) -https://review.opendev.org/c/openstack/ironic/+/949185 (Bugfix/27.0) -https://review.opendev.org/c/openstack/ironic/+/949184 (Bugfix/28.0) -https://review.opendev.org/c/openstack/ironic/+/949172 (Master) -https://review.opendev.org/c/openstack/ironic/+/949182 (Unmaintained/2023.1 antelope) -https://review.opendev.org/c/openstack/ironic/+/949179 (Unmaintained/xena) -https://review.opendev.org/c/openstack/ironic/+/949177 (Unmaintained/yoga) -https://review.opendev.org/c/openstack/ironic/+/949176 (Unmaintained/zed) Credits ~~~~~~~ - Julia Kreger from Red Hat (CVE-2025-44021) References ~~~~~~~~~~ -https://launchpad.net/bugs/2107847 -http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-44021 Notes ~~~~~ - Patches have been provided for all supported Ironic branches. As a courtesy, we have also provided patches for some unmaintained branches and the recently end-of-life 2023.2/bobcat release. As usual, we will provide updated releases off maintained branches, but will not create new releases off bugfix or unmaintained branches.

1 0

[Glance] Cancelling 2025-05-08 meeting
by Cyril Roelandt 07 May '25

07 May '25

Hello, Tomorrow's meeting is cancelled because we will not have enough members around due to a bank holiday. Cyril Roelandt

1 0

[kolla] Post Flamingo/2025.2 recap during 21st May weekly meeting
by Michał Nasiadka 07 May '25

07 May '25

Hello, As decided during the last PTG - we're going to have post-PTG recap during 21st May 2025 weekly meeting. We're going to extend it to 2 hours - so 13:00 to 15:00 UTC. Meetpad URL: https://meetpad.opendev.org/kolla-flamingo-ptg See you there! -- Michał Nasiadka mnasiadka(a)gmail.com

1 0

[cinder] Weekly meeting canceled today
by Jon Bernard 07 May '25

07 May '25

Hello all, Metallica is playing this afternoon and my entire town is shutting down today, including schools and childcare, so lets meet next week ;) Take care, -- Jon

1 0

[ops][largescale-sig][scientific-sig] Ops Radio Hour on May 30, 2025
by Ildiko Vancsa 07 May '25

07 May '25

Hi OpenStack Community, I'm reaching out to you to draw your attention to a new online gathering called Ops Radio Hour. The call series is a casual setting for operators, engineers, and contributors to come together, share knowledge, and collaborate on the complexities of managing and deploying OpenStack environments. The first meeting is scheduled to May 30, 2025 at 1400UTC [1]. The call will happen on Meetpad, and you can find the agenda on the etherpad[2] created for the series. See You there! Best Regards, Ildikó [1] https://wiki.openstack.org/wiki/Operations/Meetups#2025_Ops_Radio_Hour_Seri… [2] https://etherpad.opendev.org/p/openstack_ops_radiohour

1 0