- openstack-discuss - lists.openstack.org

[openstack][share]Openstack Workload Balancer
by Nguyễn Hữu Khôi 18 Jan '26

18 Jan '26

Hello, I have a script to make Openstack workload balance(CPU and RAM). I would like to share it. This script is not perfect but I hope it will be useful for you. https://github.com/nguyenhuukhoi/OpenstackWBalancer Nguyen Huu Khoi

1 0

RabbitMQ version for OpenStack Epoxy
by Francesco Di Nucci 17 Jan '26

17 Jan '26

Hi all, I'm upgrading from OpenStack Caracal to Epoxy on EL, using RDO packages. I see that CentOS Stream Messaging SIG still packages RabbitMQ 3.8, that is EOL. Should I still use it or switch to a more recent release, like 3.13 or pass to 4.x series? Has anyone tried it? Thanks in advance -- Francesco Di Nucci System Administrator Compute & Networking Service, INFN Naples Email: francesco.dinucci(a)na.infn.it

5 6

[CVE-2026-22797] OpenStack keystonemiddleware: Privilege Escalation via Identity Headers in External OAuth2 Tokens (CVE-2026-22797)
by Jeremy Stanley 16 Jan '26

16 Jan '26

==================================================================== OSSA-2026-001: Privilege Escalation via Identity Headers in External OAuth2 Tokens ==================================================================== :Date: January 15, 2026 :CVE: CVE-2026-22797 Affects ~~~~~~~ - Keystonemiddleware: >=10.0.0 <10.7.2, >=10.8.0 <10.9.1, >=10.10.0 <10.12.1 Description ~~~~~~~~~~~ Grzegorz Grasza with Red Hat reported a vulnerability in the external_oauth2_token middleware for keystonemiddleware. This middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged identity headers such as X-Is-Admin-Project, X-Roles, or X-User-Id, an authenticated attacker may escalate privileges or impersonate other users. All deployments using the external_oauth2_token middleware are affected. Patches ~~~~~~~ - https://review.opendev.org/973499 (2024.1/caracal) - https://review.opendev.org/973497 (2024.2/dalmatian) - https://review.opendev.org/973496 (2025.1/epoxy) - https://review.opendev.org/973495 (2025.2/flamingo) - https://review.opendev.org/973494 (2026.1/gazpacho) Credits ~~~~~~~ - Grzegorz Grasza from Red Hat (CVE-2026-22797) References ~~~~~~~~~~ - https://launchpad.net/bugs/2129018 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22797 Notes ~~~~~ - The unmaintained/2024.1 branches will receive no new point releases, but patches for them are provided as a courtesy. - This bug was possible because the middleware only conditionally set certain headers (e.g., X-Is-Admin-Project was only set when the token had admin privileges), leaving spoofed values intact when conditions were not met. - The fix adds a call to remove_auth_headers() at the start of request processing to sanitize all incoming identity headers, matching the behavior of the main auth_token middleware. - The external_oauth2_token middleware was introduced in keystonemiddleware 10.0.0. -- Jeremy Stanley OpenStack Vulnerability Management Team https://security.openstack.org/vmt.html

2 2

Proposed 2026.2 "Hibiscus" release schedule
by Thierry Carrez 16 Jan '26

16 Jan '26

Hi everyone, Here is the proposed schedule for the 2026.2 "Hibiscus" release: https://review.opendev.org/c/openstack/releases/+/973377 For easier review, you can access the HTML rendering at: https://92fe49c75c4839534367-ca89416a8fe69de9445ee46610790deb.ssl.cf5.rackc… It's a 26-week-long cycle that places final release on Sep 30, 2026. Please comment on the review if you have objections to this or would like to make a case for targeting another week for the 2026.2 release. Thanks! -- Thierry Carrez (ttx)

1 0

[nova] does resize work with swap & no-swap flavor combo for image-backed server having vol attached
by tomergaurav1031＠gmail.com 16 Jan '26

16 Jan '26

Hi Team, I’ve encountered resize causing issues if source flavor has swap-disabled and target flavor have it enabled or vice-versa. It results into duplicate vdb error. Following are the steps:- 1 Create an image-backed(no volume attached) instance with flavor having swap disabled. 2 Create a volume and attach it with the instance (e.g. get attached at /dev/vdb). 3 Resize it to a bigger flavor which has swap & ephemeral enabled. 4 It results into error complaining about duplicate vdb:- libvirt.libvirtError: XML error: target 'vdb' duplicated for disk sources '/var/lib/nova/instances/1860acb4-012f-4528-b2ef-XXXXX/disk.swap' Should one not do resize with swap & no-swap flavor combo? Please provide thoughts/suggestions for the same. Thanks, Gaurav

3 4

[nova] [kolla-ansible ]help with nova image-cache cleaning interval
by garcetto 16 Jan '26

16 Jan '26

good morning, using kolla-ansible and trying to lower nova image-cache cleaning interval. I setup this value, but seems doing nothing despite the vms are deleted by far more than 600 secs, any help? where is a log of it? nano /etc/kolla/config/nova.conf " [image_cache] image_cache_manager_interval=600 remove_unused_base_images=true remove_unused_original_minimum_age_seconds=600 remove_unused_resized_minimum_age_seconds=600 " kolla-ansible -i multinode reconfigure --tags=nova thank you.

1 0

[neutron][ovn-bgp-agent] ovs bridges down causes error when configuring route table
by anas.jouhdy＠gmail.com 15 Jan '26

15 Jan '26

Hi, I am trying to use the OVN BGP agent (nb_ovn_bgp_driver with the exposing method underlay) and I would like to share a difficulty that I found, it might be related to the specific deployment that I have using Kayobe. I find that by default my openvswitch bridges appear to be down when I list them with "ip link". From what I saw in some forums this is a normal behaviour. The thing is that the OVN BGP agent uses ip link, for example here [1], to add route to a table link to these bridges and if there are down, this raise an error(pyroute2.netlink.exceptions.NetlinkError: (100, 'Network is down')). When I set the bridge state UP with "ip link" it solves the issue but this solution is not reboot persistent. Is it really a normal behaviour to have the openvswitch bridges down or is it a problem that I need to investigate on my configuration ? If this is a normal behaviour, anyone found a workaround that could be resilient in production (that is reboot persistent) ? Do not hesitate if you need more information on my configuration ! [1]: https://opendev.org/openstack/ovn-bgp-agent/src/branch/master/ovn_bgp_agent…

2 1

[cinder] festival of reviews friday 2026-01-16
by Brian Rosmaita 14 Jan '26

14 Jan '26

Hello Argonauts, This is a reminder that the twice-monthly Cinder Festival of Reviews will be held at the end of this week on Friday 16 January. who: Everyone! what: The Cinder Festival of Reviews when: Friday 16 January 2026 from 1400-1600 UTC where: videoconf info on the etherpad etherpad: https://etherpad.opendev.org/p/cinder-festival-of-reviews This recurring meeting, that happens on the first and third Friday of each month, can be placed on your calendar by using this handy ICS file: https://meetings.opendev.org/calendars/cinder-festival-of-reviews.ics See you there!

1 0

Upcoming metrics dashboard changes
by Ildiko Vancsa 14 Jan '26

14 Jan '26

Hi OpenStack community, Since the OpenInfra Foundation joined the Linux Foundation, we have been looking into opportunities to take advantage of the frameworks and tool sets that the Linux Foundation has, and some of you and your organizations are already familiar with. While the dashboards are still being built I would like to let you know that, as part of that effort, we will switch to LFX Insights[1] as the metrics dashboard for OpenInfra projects, including OpenStack, starting on __January 15, 2026.__ A couple things to note: - The new OpenStack metrics dashboard[2] is already available, but it is __still under active construction.__ - The set of metrics that is displayed on the new dashboard will not be identical with the metrics on the dashboard provided by Bitergia. - LFX Insights does not display affiliation information for individuals who are listed on the dashboard as contributors, for privacy reasons. However, if you already have an LF account[3], you will be able to check and update your affiliation information. Or, you can create a new LF account[4]. - You can learn more about the dashboard in the LFX Insights documentation[5]. - If your organization is an OpenInfra Foundation / Linux Foundation member already, the LF Organization Dashboard[6] is also available for a more company-centric view. The OpenStack Bitergia metrics dashboard[7] remains available __until January 14, 2026.__ Please let me know if you have any questions. Best Regards, Ildikö [1] https://insights.linuxfoundation.org/ [2] https://insights.linuxfoundation.org/project/OpenStack/ [3] https://openprofile.dev/ [4] https://docs.linuxfoundation.org/lfx/sso/create-an-account [5] https://insights.linuxfoundation.org/docs/introduction/what-is-insights/ [6] https://lfx.linuxfoundation.org/tools/organization-dashboard/ [7] https://openstack.biterg.io/ ——— Ildikó Váncsa Director of Community OpenInfra Foundation

4 7

[ops][largescale-sig][scientific-sig][publiccloud-sig] Ops Radio Hour on January 23, 2026
by Ildiko Vancsa 14 Jan '26

14 Jan '26

Hi OpenStack community, I'm reaching out to you with a friendly reminder that the first OpenStack Ops Radio Hour[1] in 2026 is scheduled to happen on __January 23rd, 2026 at 1300UTC,__ which is next Friday! The call series is a casual setting for operators, engineers, and contributors to come together, share knowledge, and collaborate on the complexities of managing and deploying OpenStack environments. Topics for this call: - Plans for 2026 - Ops Radio Hour Survey draft: https://etherpad.opendev.org/p/openstack_ops_radiohour_survey If you have further topics you would like to dive into during the call, please add them to this etherpad: https://etherpad.opendev.org/p/openstack_ops_radiohour A few reminders: - The group on the call agreed to try out Matrix as a chat platform for more synchronous communication outside calls + You can access the Matrix room here: https://matrix.to/#/#openstack-ops:opendev.org<https://matrix.to/#/%23openstack-ops:opendev.org> <https://matrix.to/#/%23openstack-ops:opendev.org%3Chttps://matrix.to/%23/%2…> + Further details are here: https://lists.openstack.org/archives/list/openstack-discuss@lists.openstack… - If you would like to read and catch up on notes from previous calls, you can find them in this etherpad: https://etherpad.opendev.org/p/openstack_ops_radiohour See you on the call on January 23rd! Bets Regards, Ildikó [1] https://wiki.openstack.org/wiki/Operations/Meetups

1 0