- openstack-discuss - lists.openstack.org

[freezer] Poll for regular IRC meeting time
by Dmitriy Rabotyagov 05 Dec '25

05 Dec '25

Hi everyone! We have decided to re-initiate a regular IRC meeting for the Freezer project to sync on development and let interested parties to step in and be in the loop of project development. In order to select a suitable time for such meeting for everyone currently interested, I have created a poll, you pay find via the link [1] The poll is open until Monday, December 15. If you are interested in the project and want to take part in meetings - feel free to vote on the timing! I have included as many time periods as possible to ensure we can find a suitable one for everyone. Also please ignore specific dates in the poll - we intend to make a meeting on a weekly basis, so only days of the week do matter there. [1] https://beta.framadate.org/polls/365ef8fa4574a9190ec0

2 1

[release] Release countdown for week R-16, Dec 08 - Dec 12
by Elõd Illés 05 Dec '25

05 Dec '25

Development Focus ----------------- The Gazpacho-2 milestone will happen next month, on January 8th, 2026. 2026.1 Gazpacho-related specs should now be finalized so that teams can move to implementation ASAP. Some teams observe specific deadlines on the second milestone (mostly spec freezes): please refer to https://releases.openstack.org/gazpacho/schedule.html for details. General Information ------------------- Please remember that libraries need to be released at least once per milestone period. At milestone 2, the release team will propose releases for any library that has not been otherwise released since milestone 1. Other non-library deliverables that follow the cycle-with-intermediary release model should have an intermediary release before milestone-2. Those who haven't will be proposed to switch to the cycle-with-rc model, which is more suited to deliverables that are released only once per cycle. At milestone-2 we also freeze the contents of the final release. If you have a new deliverable that should be included in the final release, you should make sure it has a deliverable file in: https://opendev.org/openstack/releases/src/branch/master/deliverables/gazpa… You should request a beta release (or intermediary release) for those new deliverables by milestone-2. We understand some may not be quite ready for a full release yet, but if you have something minimally viable to get released it would be good to do a 0.x release to exercise the release tooling for your deliverables. See the MembershipFreeze description for more details: https://releases.openstack.org/gazpacho/schedule.html#g-mf Finally, now may be a good time for teams to check on any stable releases that need to be done for your deliverables. If you have bugfixes that have been backported, but no stable release getting those. If you are unsure what is out there committed but not released, in the openstack/releases repo, running the command "tools/list_stable_unreleased_changes.sh <cycle_name>" gives a nice report. Upcoming Deadlines & Dates -------------------------- Gazpacho-2 Milestone: January 8th, 2026 Előd Illés irc: elodilles @ #openstack-release

1 0

Re: using postgresql in production
by Artem Goncharov 04 Dec '25

04 Dec '25

> > On Fri, 5 Dec 2025, 03:25 Sa Pham, <saphi070(a)gmail.com> wrote: > >> HI Artem, >> >> Could you share why you run Keystone with Postgresql ? >> >> I'm running Keystone with Postgresql as well, because my other >> application is using Postgresql so I don't want to deploy two Database >> servers. >> And it's working well without issue. >> > It is more or less a personal preference after working professionally for >> decades with both databases. Postgres features remind me more other major >> relational databases, while MySQL goes "own way". It's not about certain >> needs of Keystone, this is just a personal preference. >> > > > >> >> >> On Thu, Dec 4, 2025 at 11:10 PM Artem Goncharov < >> artem.goncharov(a)gmail.com> wrote: >> >>> In my local tests I always use postgres for Keystone (as well in the >>> keystone-ng testing) and it works. But I agree we do not have dedicated >>> tests as of now, so some edge cases may be broken >>> >>> On Thu, 4 Dec 2025 at 16:37, Sean Mooney <smooney(a)redhat.com> wrote: >>> >>>> nova does not have tempet/devstack jobs either >>>> however we never officially deprecated or removed support for PostgreSQL >>>> >>>> we still test it in our unit tests to ensure the schema applies and some >>>> other minor test coverage but its also been a few years since there was >>>> any real >>>> end to end testing. >>>> >>>> >>>> >>>> On 04/12/2025 14:36, Julia Kreger wrote: >>>> > Greetings, >>>> > >>>> > Ironic ended up removing CI jobs for postgres back in 2024[0] when >>>> > keystone merged postgres incompatible changes which broke the CI job >>>> > and rendered it impossible to test. Previous to that, I think in 2023 >>>> > or 2022, neutron made some changes but quickly fixed the breaking >>>> > changes once they were highlighted. The linked change has some back >>>> > and forth and the mailing list post[1] which spawned job removal from >>>> > Ironic. Ultimately, while people have expressed interest, that has >>>> > never really materialized into action or engagement to keep postgres >>>> > support in a known working state. Unfortunately slight schema and >>>> > behavior differences between the two database platforms really forces >>>> > the need to perform that level of testing as well, which means one is >>>> > likely to encounter issues if they just try to create and use a >>>> > service's database in postgres at this point. >>>> > >>>> > Hope this has helped. >>>> > >>>> > -Julia >>>> > >>>> > [0]: https://review.opendev.org/c/openstack/ironic/+/931055 >>>> > [1]: >>>> https://lists.openstack.org/archives/list/openstack-discuss@lists.openstack… >>>> > >>>> > On Thu, Dec 4, 2025 at 3:32 AM Slawek Kaplonski <skaplons(a)redhat.com> >>>> wrote: >>>> >> Hi, >>>> >> >>>> >> Dnia czwartek, 4 grudnia 2025 11:15:55 czas środkowoeuropejski >>>> standardowy Maksim Malchuk pisze: >>>> >>> Hi Slawek, >>>> >>> >>>> >>> I remember some presentations from the summit years ago but can't >>>> find >>>> >>> them. Do you have any links about this information? Maybe docs or >>>> gerrit >>>> >>> commits? >>>> >> I only got >>>> https://governance.openstack.org/tc/resolutions/20170613-postgresql-status.… >>>> and I remember we have discussed that few cycles back in the Neutron room >>>> during the PTG. I don't remember exactly which PTG it was however >>>> >> >>>> >>> >>>> >>> On Thu, Dec 4, 2025 at 11:49 AM Slawek Kaplonski < >>>> skaplons(a)redhat.com> >>>> >>> wrote: >>>> >>> >>>> >>>> Hi, >>>> >>>> >>>> >>>> Dnia czwartek, 4 grudnia 2025 08:26:17 czas środkowoeuropejski >>>> standardowy >>>> >>>> Jiatong Shen pisze: >>>> >>>>> Hello community, >>>> >>>>> >>>> >>>>> We are analyzing the possibility of using PostgreSQL in >>>> production. The >>>> >>>>> reason behind is that the PostgreSQL community is very open and >>>> growing >>>> >>>>> fast, besides many Chinese companies provide PG compatibility. >>>> >>>>> >>>> >>>>> My question is what are the pros and cons between using PG and >>>> MariaDB. >>>> >>>> Are >>>> >>>>> there any tools available to do online data migration for legacy >>>> >>>>> environments? Any insight is deeply appreciated. Thank you. >>>> >>>>> -- >>>> >>>>> >>>> >>>>> Best Regards, >>>> >>>>> >>>> >>>>> Jiatong Shen >>>> >>>>> >>>> >>>> It may be hard as some time ago at least some projects like e.g. >>>> Neutron >>>> >>>> stopped testing and supporting Postrgesql officially. So you may >>>> expect >>>> >>>> some issues there I believe. >>>> >>>> >>>> >>>> -- >>>> >>>> Slawek Kaplonski >>>> >>>> Principal Software Engineer >>>> >>>> Red Hat >>>> >>> >>>> >>> >>>> >>> -- >>>> >>> Regards, >>>> >>> Maksim Malchuk >>>> >>> >>>> >> >>>> >> -- >>>> >> Slawek Kaplonski >>>> >> Principal Software Engineer >>>> >> Red Hat >>>> >>>> >> >> -- >> Sa Pham Dang >> Skype: great_bn >> Phone/Telegram: 0986.849.582 >> >> >> ---- typed from mobile, auto-correct typos assumed ----

1 0

Fwd: using postgresql in production
by Artem Goncharov 04 Dec '25

04 Dec '25

On Fri, 5 Dec 2025, 03:25 Sa Pham, <saphi070(a)gmail.com> wrote: > HI Artem, > > Could you share why you run Keystone with Postgresql ? > > I'm running Keystone with Postgresql as well, because my other application > is using Postgresql so I don't want to deploy two Database servers. > And it's working well without issue. > It is more or less a personal preference after working professionally for decades with both databases. Postgres features remind me more other major relational databases, while MySQL goes "own way". It's not about certain needs of Keystone, this is just a personal preference. > > > On Thu, Dec 4, 2025 at 11:10 PM Artem Goncharov <artem.goncharov(a)gmail.com> > wrote: > >> In my local tests I always use postgres for Keystone (as well in the >> keystone-ng testing) and it works. But I agree we do not have dedicated >> tests as of now, so some edge cases may be broken >> >> On Thu, 4 Dec 2025 at 16:37, Sean Mooney <smooney(a)redhat.com> wrote: >> >>> nova does not have tempet/devstack jobs either >>> however we never officially deprecated or removed support for PostgreSQL >>> >>> we still test it in our unit tests to ensure the schema applies and some >>> other minor test coverage but its also been a few years since there was >>> any real >>> end to end testing. >>> >>> >>> >>> On 04/12/2025 14:36, Julia Kreger wrote: >>> > Greetings, >>> > >>> > Ironic ended up removing CI jobs for postgres back in 2024[0] when >>> > keystone merged postgres incompatible changes which broke the CI job >>> > and rendered it impossible to test. Previous to that, I think in 2023 >>> > or 2022, neutron made some changes but quickly fixed the breaking >>> > changes once they were highlighted. The linked change has some back >>> > and forth and the mailing list post[1] which spawned job removal from >>> > Ironic. Ultimately, while people have expressed interest, that has >>> > never really materialized into action or engagement to keep postgres >>> > support in a known working state. Unfortunately slight schema and >>> > behavior differences between the two database platforms really forces >>> > the need to perform that level of testing as well, which means one is >>> > likely to encounter issues if they just try to create and use a >>> > service's database in postgres at this point. >>> > >>> > Hope this has helped. >>> > >>> > -Julia >>> > >>> > [0]: https://review.opendev.org/c/openstack/ironic/+/931055 >>> > [1]: >>> https://lists.openstack.org/archives/list/openstack-discuss@lists.openstack… >>> > >>> > On Thu, Dec 4, 2025 at 3:32 AM Slawek Kaplonski <skaplons(a)redhat.com> >>> wrote: >>> >> Hi, >>> >> >>> >> Dnia czwartek, 4 grudnia 2025 11:15:55 czas środkowoeuropejski >>> standardowy Maksim Malchuk pisze: >>> >>> Hi Slawek, >>> >>> >>> >>> I remember some presentations from the summit years ago but can't >>> find >>> >>> them. Do you have any links about this information? Maybe docs or >>> gerrit >>> >>> commits? >>> >> I only got >>> https://governance.openstack.org/tc/resolutions/20170613-postgresql-status.… >>> and I remember we have discussed that few cycles back in the Neutron room >>> during the PTG. I don't remember exactly which PTG it was however >>> >> >>> >>> >>> >>> On Thu, Dec 4, 2025 at 11:49 AM Slawek Kaplonski < >>> skaplons(a)redhat.com> >>> >>> wrote: >>> >>> >>> >>>> Hi, >>> >>>> >>> >>>> Dnia czwartek, 4 grudnia 2025 08:26:17 czas środkowoeuropejski >>> standardowy >>> >>>> Jiatong Shen pisze: >>> >>>>> Hello community, >>> >>>>> >>> >>>>> We are analyzing the possibility of using PostgreSQL in >>> production. The >>> >>>>> reason behind is that the PostgreSQL community is very open and >>> growing >>> >>>>> fast, besides many Chinese companies provide PG compatibility. >>> >>>>> >>> >>>>> My question is what are the pros and cons between using PG and >>> MariaDB. >>> >>>> Are >>> >>>>> there any tools available to do online data migration for legacy >>> >>>>> environments? Any insight is deeply appreciated. Thank you. >>> >>>>> -- >>> >>>>> >>> >>>>> Best Regards, >>> >>>>> >>> >>>>> Jiatong Shen >>> >>>>> >>> >>>> It may be hard as some time ago at least some projects like e.g. >>> Neutron >>> >>>> stopped testing and supporting Postrgesql officially. So you may >>> expect >>> >>>> some issues there I believe. >>> >>>> >>> >>>> -- >>> >>>> Slawek Kaplonski >>> >>>> Principal Software Engineer >>> >>>> Red Hat >>> >>> >>> >>> >>> >>> -- >>> >>> Regards, >>> >>> Maksim Malchuk >>> >>> >>> >> >>> >> -- >>> >> Slawek Kaplonski >>> >> Principal Software Engineer >>> >> Red Hat >>> >>> > > -- > Sa Pham Dang > Skype: great_bn > Phone/Telegram: 0986.849.582 > > >

1 0

using postgresql in production
by Jiatong Shen 04 Dec '25

04 Dec '25

Hello community, We are analyzing the possibility of using PostgreSQL in production. The reason behind is that the PostgreSQL community is very open and growing fast, besides many Chinese companies provide PG compatibility. My question is what are the pros and cons between using PG and MariaDB. Are there any tools available to do online data migration for legacy environments? Any insight is deeply appreciated. Thank you. -- Best Regards, Jiatong Shen

7 7

[keystone][swift][ops] Is anyone using ec2token/s3token middleware in keystonemiddleware ?
by Takashi Kajinami 04 Dec '25

04 Dec '25

Hi, I was going through the codes in keystonemiddleware recently and I'm wondering if anyone is using the following middlewares maintained there ? - EC2Token - S3Token (Note that this is different from S3Token maintained within swift) I'm asking this question because these likely need to be updated to use authenticated access to keystone APIs due to recent vulnerability fix (s3tokens API and ec2tokens API now requires authentications by default). Technically we can fix these, but we would consider just deprecating these middlewares this cycle and removing them in H, if no one is actually using these. At least these codes have received no meaningful update for some years, and there is an indication of no usage like [1]. [1] https://review.opendev.org/c/openstack/keystonemiddleware/+/926459 This means s3token middleware was broken after identity v2 API removal, until this fix was merged in 2024 . Thank you, Takashi -- Takashi Kajinami irc: tkajinam github: https://github.com/kajinamit launchpad: https://launchpad.net/~kajinamit

2 2

[skyline] possible bug in OIDC usage with skyline
by Taavi Ansper 04 Dec '25

04 Dec '25

Hi We are testing kolla-ansible 2025.2 and we have found a possible bug in skyline. When using OIDC and trying to log in we get an error that looks like this: { "detail": [ { "type": "string_pattern_mismatch", "loc": [ "header", "X-Openstack-Request-Id" ], "msg": "String should match pattern '^req-\\w{8}(-\\w{4}){3}-\\w{12}'", "input": "", "ctx": { "pattern": "^req-\\w{8}(-\\w{4}){3}-\\w{12}" } } ] } Any help or guidance is appreciated :) -- ---- Taavi Ansper taavi.ansper(a)cyber.ee

3 3

[puppet] Retiring puppet-vitrage
by Takashi Kajinami 03 Dec '25

03 Dec '25

Hi, Some of you might be aware of this, but the vitrage project was marked inactive during this cycle[1] due to lack of maintainers. This means that we don't expect we have its 2026.1 release. Because our puppet modules are tightly related to the packages of each OpenStack releases, provided by distributions such as RDO or Ubuntu(or UCA), and now we may not expect that vitrage packages are available in 2026.1 packages of these distributions, I now propose retiring puppet-vitrage, the module to deploy and manage vitrage. Please let me know if you have any concern. If I hear no objection, I'll start the formal retirement process. Thank you, Takashi [1] https://review.opendev.org/c/openstack/governance/+/963227 -- Takashi Kajinami irc: tkajinam github: https://github.com/kajinamit launchpad: https://launchpad.net/~kajinamit

1 0

Making updates to SIGs (was: Re: [tc][all] OpenStack Technical Committee Weekly Summary and Meeting Agenda (2026.1/R-19))
by Goutham Pacha Ravi 03 Dec '25

03 Dec '25

On Tue, Nov 18, 2025 at 1:48 AM Kees Meijs | Nefos <keesm(a)nefos.com> wrote: > > Hi, > > Could we please mark the Public Cloud SIG as "active" instead of "advisory" and replace Tobias and Huang by me Kees Meijs (keesm(a)nefos.com) please? > > Or, how can I do that myself? Hi there Kees! Thank you for checking; I wanted to bounce my response to the list because others may be in a similar situation of wanting to make Chair or documentation updates to the SIGs docs in the TC repo. Any contributor can propose changes to the SIG docs that are maintained here: https://opendev.org/openstack/governance/src/branch/master/reference/sigs In your case, you'd fix up the "chairs" and "status" for the Public Cloud SIG in https://opendev.org/openstack/governance/src/branch/master/reference/sigs/s… and submit your change through the OpenDev Gerrit. There is a bunch of one-time setup that's documented here: https://docs.openstack.org/contributors/code-and-documentation/quick-start.…. Please feel free to reach out if you have any questions. > > Cheers, > Kees > > On 17/11/2025 23:18, Goutham Pacha Ravi wrote: > > [3] OpenStack Special Interest Groups: > https://governance.openstack.org/tc/reference/sigs/ > >

2 1

[Keystone][ldap] Keystone bind request to ldap not able to interpret if the user's password is expired.
by Sharath Ck 02 Dec '25

02 Dec '25

Hi, I have configured Keystone with 389ds as backend. 389ds server is configured with password policy and pwdmustchange is set to true. However on first login attempt from keystone to request token for user in 389ds is resulting in successful bind request. Perhaps, 389ds is providing control ID - control: 2.16.840.1.113730.3.4.4 in the response. But keystone is not able to interpret the control ID and provide a token with full access. Is it not possible for keystone to respond token with minimum scope to only change password? Or any response attribute to specify password is expired and needs to be changed? Kindly help with any configuration that may interpret the password expiry of ldap user and can be used in token response. P.S: configuring user_enabled_attribute to check nsAccountLock will not work as ldap user's password would be expired but not locked. user_enabled_attribute = nsAccountLock user_enabled_mask = 0 user_enabled_invert = true user_enabled_default = true Regards, Sharath

1 0