OpenStack community,
In May of 2023, following the deprecation of os-net-config in OpenDev as part of the deprecation of TripleO [1], the team supporting os-net-config at Red Hat wanted to continue development for a limited time. The development of os-net-config needed to move to GitHub as a result.
When deciding to put os-net-config inside the github.com/openstack-k8s-operators space, the thinking was that os-net-config was not limited to being a Kubernetes operator. It is used in conjunction with Ironic and metal3 as a bare metal network config tool, and in fact has a life of its own outside Red Hat. At various times, we've received contributions from external users who were using it for their own bare metal automation. At the time, we were expecting nmstate to take the baton and were expecting os-net-config to be deprecated and eventually would no longer be maintained by the Red Hat OpenStack team, but there was a nonzero chance that os-net-config would live on supported by the community. Another consideration was that the devs who maintain openstack-k8s-operators are largely separate from the devs who maintain os-net-config. Based on these decisions, the team decided that it would be safest to continue development in a fork of os-net-config that is separate from the operators because it really isn't an operator-focused tool.
The concerns raised in Goutham's email are legitimate, and so the os-net-config team is proposing the following changes:
Updating the documentation in the GitHub fork to remove current references to OpenDev https://github.com/os-net-config/os-net-config/pull/315
Removing references to OpenDev from https://pypi.org/project/os-net-config/
How would the TC like to proceed with the existing os-net-config repo? Would you like it if we pushed a retirement patch similar to how other projects have been retired in the past [2]?
Thanks
Karthik S
On 30/10/2025 19:43, Goutham Pacha Ravi wrote:
> Hello Stackers,
>
> I am writing to seek clarity regarding recent activity on the PyPI
> project for os-net-config [1]. As you can tell, "OpenStack" is still
> listed as the author/maintainer of this package. "os-net-config" was
> retired early last year along with the rest of the TripleO project
> within OpenStack's governance [2].
>
> It appears that development has continued outside of OpenStack with
> the project being forked [3]. There have been releases that were
> uploaded to PyPi since. A human maintainer was added to PyPi this
> week.
>
> There may be some rationale to continue to maintain this code. Since
> the project was officially retired from OpenStack, we need to ensure
> that any renewed activity is properly communicated;
this is concerning to me for a number of reasons.
for one redhats new isntaller contineus to use os-net-config
https://github.com/openstack-k8s-operators/edpm-ansible/tree/main/roles/edpm_network_config
https://github.com/openstack-k8s-operators/edpm-ansible/blob/main/roles/edpm_network_config/tasks/os_net_config.yml
https://github.com/openstack-k8s-operators/edpm-ansible/blob/main/roles/edpm_network_config/tasks/os_net_config_tool.yml
so if this was taken over by a disconnected party i think this would
qulify as a supply chain attack.
looing at https://github.com/os-net-config and
https://github.com/os-net-config/os-net-config/commits/master/
all the contibutions seam to have come form redhatter that work on the
new oko (openstack-k8s-operators) installer
so it seam like instead of contibuting the change require to the
upstream repo a fork was create but not in the oko org
which is not following the patern of the other componets that were
extracted form tripleo.
i was under the impression, obviously mistakenly that we didnt fork it
to https://github.com/openstack-k8s-operators
because it was not inteded to be retired form upstream and development
woudl continue in the opendev repo.
there were dicussion about it moving under the puppet project or neutron
at one point but perhaps that was decided against
and it was retired as a result?
i agree with the concern that you raised that if its not developed on
opendev as an official opentack devlieable it shoudl
not claim "OpenStack" is the Author/Maintainer of the project
again i was not involed in the tripelo retirement so maybe there was a
discussion about forking vs continuing to maintian
in opendev but its very strange to me that it was not adopted into
https://github.com/openstack-k8s-operators organization.
That is what we did for the other part of tripleo like tcib that were
extracted form the tripleo maintained repos, in this case
from tripleo-common.
James perhaps you recall the discussion and decisions that were made here?
dan, karthik https://github.com/orgs/os-net-config/people ye are the the
only member of the new os-net-config <https://github.com/os-net-config> org
can you shed any light on the retriment and why this was not moved to
https://github.com/openstack-k8s-operators if it was going
to be externally maintained?
fixing the autorship shoudl be relitivly simple but updat the author and
author_email here
https://github.com/os-net-config/os-net-config/blob/master/setup.cfg#L6-L7
then doing a new release but there proably also need ot be a discussion
about what to do with any release that were made after
2024-01-09 deleting releas on pypi breaks peopel and generally shoudl be
avoided but i dont know if there is a way to fix
the autorship fo release made after the retirement up to now
from a pypi perspective https://pypi.org/project/os-net-config/#history
that is only 18.0.1.dev which is marked as pre-release
so i think we need to idally make sure that is not actually released
until the author info is updated
and the other issues that goutham mentions below regarding the
badges/websites links ectra.
im also not sure what to do about
https://github.com/os-net-config/os-net-config/releases
but that is i guess less problematic.
its more clear that that is a fork or resurection fo the project given
its hosted in a diffent location.
> and the
> author/maintainers are properly attributed. For one, "OpenStack" can't
> be the Author/Maintainer of a project that's not officially under
> OpenStack Governance. There are references to the OpenStack
> Documentation Website, TC Badges and IRC/bug tracker links that may
> now be obsolete and must be removed. This could be confusing to past,
> current and future users of the project, not to mention the security
> implications and responsibility attribution on code that's used in
> systems worldwide.
>
> Can the current maintainers please engage with us to make the
> necessary changes? You can do so here, or chat on #openstack-tc on
> OFTC.
>
> Thanks,
> Goutham Pacha Ravi
>
> [1] https://pypi.org/project/os-net-config
> [2] https://review.opendev.org/c/openstack/governance/+/905145
> [3] https://github.com/os-net-config/os-net-config
>