Hi everyone. OpenStack-Ansible team has held a PTG session, where discussed left scope before 2025.2 (Flamingo) Release as well as development scope for 2026.1 releases. For 2025.2 we agreed to finalize these topics: - Debian 13 (Trixie) support - Fix playbooks to address ANSIBLE_GATHER_SUBSET removal in ansible-core 2.18 - Finalize OpenBao backend for the PKI role As I am writing a summary late this time, 2 out of 3 topics (Debian 13 support and ANSIBLE_GATHER_SUBSET replacement) have already been concluded. With that being said, we move couple of topics to 2026.1 (Gazpacho) cycle, specifically: - Mainstreaming Magnum CAPI drivers (promoting from ops repo to the integrated one) - Molecule coverage for the HAProxy role For the 2026.1 (Gazpacho) release cycle, the following topics were raised: - Improving MariaDB proxying and introducing read/write balancing. Originally we agreed to adopt ProxySQL, as we had plans for that since the Xena release, but it was never prioritized. Now we've realized that there is a possibility to leverage oslo.db's `slave_connection` parameter, which should be quite trivial to add, while providing similar behavior with just HAProxy balancing. - Big topic was adoption of ansible-core 2.19 and related challenges with role patching as well as our custom modules adoption to it. And we agreed to prioritize this work, as ansible-core 2.18 goes EOL in May 2026. - Once HAProxy role will be covered with molecule tests, we agreed to proceed with potential role refactoring, and removing obscure variables and parameters. Specifically, frontend definition is a focus, as it has some legacy, which prevents it being flexible enough for 3rd-party usage of the role. - With that we highlighted existing complexity regarding non-TLS -> TLS migrations, but uWSGI remains a blocker to move to TLS-only deployments, as HTTP 1/1 remains to be a bottleneck in terms of throughput. - We agreed to proceed to refactoring a standalone method for PKI role, and remove the necessity of storing individual certificates and private keys on the deploy host. - Attempt to add Ubuntu 26.04 support for 2026.1 Gazpacho - We touched basis on post-quantum encryption and figure out dependencies and blockers for that. With Debian 13 and Ubuntu 26.04 we will have OpenSSL 3.5, which supports already ML-KEM. However, a bunch of software, like uWSGI are still gonna be blockers to implement PQC deployment-wise. Support for things like RabbitMQ, MariaDB and etc remains unknown.