The Big Picture

Two threads ran through this week as the 2025.2 "Flamingo" cycle approached feature freeze (the TC's R-6 summary put release six weeks out, with feature freeze set for August 28). First, a security notice (OSSN-0094) covering a Nova/Watcher volume-swap data-disclosure risk landed on both the discuss and announce lists. Second, the perennial question of how long to keep old, unmaintained stable branches alive flared back up — a real tension between downstream packagers who need to share security backports and the infrastructure team's need to delete unused branches. The 2026.1 "Gazpacho" election machinery also kicked into gear with nominations closing and campaigning beginning.

Security

OSSN-0094 ("Ensuring Volume Safety with Nova and Watcher") was published by Jay Faulkner. A flaw in the interaction between Nova and Watcher during volume-swap operations can, under specific error conditions, leave two Nova libvirt instances referencing the same block device, enabling accidental information disclosure to an unauthorized instance. The trigger is Watcher's zone-migration strategy performing a volume swap followed by a live migration of the same instance, where connection details fail to update. It affects all supported releases but requires admin rights (the swap-volume, live-migration, and Watcher APIs are admin-only under default policy). The resolution: Nova now rejects any swap-volume request with an empty migration status, restricting that internal API to Cinder, and Watcher's risky custom volume-migration code (including a pattern that created an admin-roled Keystone user per instance owner) has been removed. If you run Watcher with zone-migration strategies, review this and update.

Separately, Pierre Riteau filed a note that blazar-dashboard ships non-free minified JavaScript — a packaging/licensing concern flagged for the security-sig and TC.

Development & Technical Decisions

Thomas Goirand (zigo) reopened the unmaintained-branch lifecycle debate: OpenStack currently maintains three stable branches, renames older ones to unmaintained/<release>, then eventually deletes them in favor of EOL tags. Zigo argued that downstreams (Debian, Red Hat) often still need to share security backports long after EOL, and proposed keeping branches open but without CI as a low-cost compromise. Jeremy Stanley's counter (quoted from IRC) is that years of workflows, processes, and policies assume unused branches get deleted, and that keeping them strains maintainers and systems. It remains an unresolved policy discussion. Concretely, Tim Burke proposed transitioning all six of Swift's unmaintained branches (2023.1, zed, yoga, xena, wallaby, victoria) to end-of-life, noting none currently pass CI and the only patches since transition were CI-maintenance attempts.

Niklas Schwarz dug into inefficient openstack-client / Keystone lookup behavior: resolving a resource by name first issues a by-id request that fails and floods Keystone logs with stack traces, then retries by name — doubling API/DB load in some cases (and worse for cross-resource lookups like network list --project <name>). He proposed a client-side fix. Marc Vorwerk reported a related symptom from the field: Keystone (2024.1, 25.0.1, Kolla-Ansible) flooding logs with ~18k/day "TokenNotFound" errors alongside mismatched InvalidToken messages in Nova/Cinder, with no one yet able to pinpoint the cause.

A run of Freezer/backup threads from Nguyễn Hữu Khôi probed backup-as-a-service limits: cindernative mode requiring an object-store endpoint, Freezer's Glance dependency creating data-transfer/RabbitMQ bottlenecks at thousands of backups, and the lack of a backup-progress percentage outside the old Swift-only spec. Dmitriy Rabotyagov continued working to keep Vitrage alive (replacing the unmaintained pysnmp-lextudio with pysnmp, fixing API hooks) while puzzling over four failing tempest topology/resource tests. do-gyun kim proposed a Masakari RPC ping API for health-checking masakari-engine under OpenStack-Helm/Kubernetes. Rico Lin asked the Manila core team to review a fix for share-network subnets left uncleaned on teardown (a real problem for the Manila CSI plugin in Kubernetes).

Releases & Announcements

Thierry Carrez posted the R-5 release countdown. Elõd Illés ran a gate-health check across Ironic, Magnum, Tacker, Telemetry, Venus, and Vitrage, asking teams to fix broken master gates so Flamingo doesn't ship in a broken state. Jeremy Stanley gave a heads-up that OpenDev switched Zuul's default Ansible from 9 to 11 in the openstack tenant — watch for job behavior changes, especially on older Ubuntu nodes and Python versions.

Community & Events

The 2026.1 election cycle advanced: Sławek Kapłoński reminded that PTL/TC nominations closed August 20 at 23:45 UTC, Ian Y. Choi confirmed nominations ended and published the candidate lists, and the TC campaigning period opened (ask candidates questions on their platforms before voting). The TC's R-6 summary stressed that OIF membership renewals are now required to run or vote (a consequence of the move under the Linux Foundation) and noted longtime TC member and former chair Ghanshyam Maan is stepping back and not seeking re-election. The TC also progressed Monasca repository retirement and asked the community to review the proposed Gazpacho/2026.1 runtimes. Rafael Weingärtner self-nominated to continue as CloudKitty PTL.

Ildiko Vancsa recapped the August 22 Ops Radio Hour: OVN migration (CERN published part 2 of their LinuxBridge-to-OVN blog series), GPU live migration and Blazar GPU reservation, VMware-migration challenges, vTPM live migration, a confirmed-but-unassigned Keystone security bug (2117217), and a plan to consolidate Ops IRC/Matrix channels — next session September 26. Allison Price reminded everyone the OpenStack User Survey closes August 29.

Heads Up / Action Needed

• OSSN-0094: if you run Nova + Watcher with zone-migration strategies, review and patch the volume-swap data-disclosure issue (affects all supported releases).
• Zuul Ansible 9 → 11: OpenDev switched the default; double-check jobs for new behavior, especially on older Ubuntu/Python.
• Fix broken gates: Ironic, Magnum, Tacker, Telemetry, Venus, Vitrage have failing master gates ahead of release.
• Swift EOL proposal: six unmaintained branches proposed for end-of-life — object before the release patch merges if you depend on them.
• Complete the User Survey by August 29.
• Election: nominations are closed; campaigning is open — voting begins shortly, and OIF membership is required to vote.