- openstack-discuss - lists.openstack.org

[neutron]instances can see traffic of others
by Nguyễn Hữu Khôi 24 Jul '25

24 Jul '25

Hello, I have some instances in the same vlan and compute node. They can see traffic from another instance which looks like port mirror. I can workaround via anti affinity rules but is there any solution for this problem? On vmware we can turn off or on promiscuous mode on the network port group. Thank you. Regards Nguyen Huu Khoi

2 6

[kolla][barbican] How to securely manage OpenStack service passwords with Castellan?
by elnaz cl 24 Jul '25

24 Jul '25

Hi all, I have deployed OpenStack using Kolla Ansible. By default, service passwords (e.g., for MySQL, Keystone, etc.) are stored in clear text inside configuration files rendered by Kolla (such as nova.conf, keystone.conf, etc.). I'm looking for a more secure approach to avoid exposing these secrets. Specifically, is there a way to integrate Barbican and Castellan with Kolla-based deployments, so that secrets can be securely loaded at runtime using oslo.config (e.g., using {{ secret:UUID }})? If this is not natively supported, are there any best practices or workarounds for handling this securely? Thanks in advance for any guidance. Best, [Your Name]

1 0

[neutron] metadata-agents work but are not alive
by Eugen Block 23 Jul '25

23 Jul '25

2 4

Neutron dhcp
by engineer2024 23 Jul '25

23 Jul '25

Hi Folks, In a neutron DHCP network, the route to the link local metadata ip from a VM, is thru the ip set by the neutron dhcp agent's static route option for that subnet. This is the same IP as that of the qdhcp namespace's tap interface. Can we choose a specific ip from this subnet and pass it to neutron to use the same when assigning the ip in qdhcp ns and as a static route option to link local ?

2 1

[Ironic][Plugins] networking-baremetal vs networking-generic-switch
by Joao Antonio 22 Jul '25

22 Jul '25

Hello, team! What is the difference between *networking-generic-switch* and *networking-baremetal* in terms of l*ocal_link_information*? The networking-generic-switch README file is explicit about local_link_information. Does networking-baremetal also handle local_link_information? -- Joao

2 1

[cinder] Disable Availability Zone
by Kees Meijs | Nefos 22 Jul '25

22 Jul '25

Hello Stackers, For legacy purposes, we've got an Availability Zone running that's not to be used for new workload any more. Within Nova one could simply disable Compute Nodes (and that's what we did) ensuring no Compute Instances get scheduled. But, how about Cinder? How can we keep current workload running within a certain AZ, but ensure no new workload gets accepted? Thanks! Cheers, Kees

1 0

[tc][all] OpenStack Technical Committee Weekly Summary and Meeting Agenda (2025.2/R-10)
by Goutham Pacha Ravi 21 Jul '25

21 Jul '25

Hello Stackers, We're ten weeks away from the coordinated release of OpenStack 2025.2 ("Flamingo") [1]. The feature freeze date for this release is in five weeks (2025-08-28). In the past week, the OpenStack Technical Committee did not merge any new governance changes, though a few are currently under community review. === Weekly Meeting === The last weekly meeting of the OpenStack Technical Committee took place on 2025-07-15 over IRC [2]. The TC caught up on a backlog of action items, starting with progress on the community goal to drop the use of eventlet [3]. We discussed the activity within the Monasca project team and have reached out to the PTL and core reviewers to talk about its future. The rest of the meeting focused on the maintenance of the "service-types-authority" repository. While some suggested involving the openstacksdk-core team in its maintenance, others opined that the repo should remain under TC oversight due to its governance significance—since changes affect how services are named and recognized across the ecosystem. For now, we have renewed our commitment to reviewing and merging change proposals more actively. A late tangent about the First Contact SIG’s dormancy prompted an idea to review SIG activity at the upcoming PTG in October. The next meeting of the OpenStack TC is today, 2025-07-22, at 1700 UTC. This meeting will be hosted over IRC on the #openstack-tc channel on OFTC. The agenda has been added to the meeting's wiki page [4]. I hope you'll be able to join us there. Any community member is welcome to edit the wiki page and propose new topics. === Governance Proposals === ==== Open for review ==== - os-test-images never releases | https://review.opendev.org/c/openstack/governance/+/954249 - Retire networking-midonet | https://review.opendev.org/c/openstack/governance/+/955364 - Remove Monasca from active project | https://review.opendev.org/c/openstack/governance/+/953671 - Make Eventlet removal deadlines more acceptable for operators | https://review.opendev.org/c/openstack/governance/+/952903 - Require declaration of affiliation from TC Candidates | https://review.opendev.org/c/openstack/governance/+/949432 === Upcoming Events === - 2025-07-26: OpenInfra Days, Vietnam: https://www.vietopeninfra.org/void2025 - 2025-08-06: Nominations open for OpenStack elections: https://governance.openstack.org/election/ - 2025-08-26: OpenInfra Days, Korea: https://2025.openinfradays.kr/ - 2025-08-29: Colombia OpenInfra User Group Meetup: https://www.meetup.com/colombia-openinfra-user-group/events/307096751/ - 2025-10-17: OpenInfra Summit, Paris-Saclay: https://summit2025.openinfra.org/ Thank you very much for reading! On behalf of the OpenStack TC, Goutham Pacha Ravi (gouthamr) OpenStack TC Chair [1] 2025.2 "Flamingo" Release Schedule: https://releases.openstack.org/flamingo/schedule.html [2] TC Meeting IRC Log 2025-07-15: https://meetings.opendev.org/meetings/tc/2025/tc.2025-07-15-17.00.html [3] Eventlet removal goal timeline changes: https://review.opendev.org/c/openstack/governance/+/952903 [4] TC Meeting Agenda, 2025-07-22: https://wiki.openstack.org/wiki/Meetings/TechnicalCommittee#Next_Meeting

1 0

Instance Freeze During Snapshot in OpenStack 2024.1 with Ceph Octopus
by mohammad kokabi 21 Jul '25

21 Jul '25

Hello, I hope this message finds you well. I am currently using OpenStack version 2024.1, with Ceph Octopus as the backend storage. The configuration is as follows: Glance is configured to use the "images" pool on Ceph. The virtual machine disks are stored on the "vms" pool. When I attempt to create a snapshot of a running instance, the instance appears to freeze for a few seconds, during which it loses network connectivity (e.g., I cannot ping it). This behavior is unexpected, as I understand that snapshot operations, especially with Ceph backend, should not significantly interrupt the instance's runtime. Could you please advise what might be causing this issue? Are there any known limitations, configurations, or best practices I should be aware of regarding snapshot behavior with Ceph in this version of OpenStack? Looking forward to your insights. Best regards,

2 1

RE: Create image error
by berndbausch＠gmail.com 21 Jul '25

21 Jul '25

Violating limits imposed by the operator should lead to a useful error message rather than an HTTP 5xx error. In any case, there should have been a message in the Glance API log. Perhaps you are using a prerelease version of OpenStack? When you get Devstack from the Git, you may want to specify the version; otherwise, you obtain software that is currently under development. For example, the following gets you the first version released this year (Epoxy): git clone https://opendev.org/openstack/devstack -b stable/2025.1 ------------------------------------------------------------------------------------------------------------------- From: BEDDA Fadhel <fadhel.bedda(a)gmail.com> Sent: Saturday, May 31, 2025 6:00 PM To: berndbausch(a)gmail.com Subject: Re: Create image error Hello, I was able to work around the problem by disabling the limits in the file: /etc/glance/glance-api.conf False instead of True Thanks Le sam. 31 mai 2025 à 09:55, <mailto:berndbausch@gmail.com> a écrit : My guess is that the image service is down. To check its status: systemctl status devstack@g-api Also check the image service log: journalctl -e -u devstack@g-api ------------------------------------------------------------------------ From: BEDDA Fadhel <mailto:fadhel.bedda@gmail.com> Sent: Saturday, May 31, 2025 3:08 PM To: mailto:openstack-discuss@lists.openstack.org Subject: Create image error Hi everyone, I installed OpenStack (DevStack). At first, I was able to create three images (Ubuntu, Debian, and Windows) in addition to the Cirros image. When I tried to add another image, everything got stuck. I couldn't add any images, and I got the infamous error 550. HttpException: 502: Server Error for url:

1 0

[tacker] Skip today's IRC meeting
by Yasufumi Ogawa 20 Jul '25

20 Jul '25

Hi Tacker team, Sorry for the late notice. Due to a holiday in Japan and most of us will not join, I would like to skip today's IRC meeting. Thanks, Yasufumi

1 0