The Big Picture

With Flamingo out the door and the OpenInfra Summit Europe just days away, this was a transitional week: light on big announcements, heavy on PTG preparation, stable-branch housekeeping, and a steady drip of operator troubleshooting. The most consequential governance item was the formal move to mark Venus and Vitrage inactive, and the most consequential deadline was the approaching Caracal end-of-maintenance. A standout technical discussion explored whether Nova should support hardware-backed SSH keys.

Releases & Announcements

The TC's R-25 weekly summary (carried into this window) reiterated the shape of the 2026.1 "Gazpacho" SLURP cycle — major features alongside a deliberate technical-debt paydown — and confirmed Michal Nasiadka as the new TC Vice-Chair, with an Eastern-Hemisphere-friendly alternate meeting slot in the works. The TC continued filling liaison roles (Freezer, Oslo, Release Management, Requirements) and called for PTG topics.

Goutham Pacha Ravi pushed the Venus and Vitrage inactivity proposals forward (governance reviews 963228 and 963227). Both teams went the full election cycle without a PTL volunteer; marking them inactive means no regular 2026.1 releases, and continued inactivity leads to deliverable retirement. The TC also extended Monasca's inactive status through 2025.2 with a retirement decision "imminent," and appointed Felipe Reyes as OpenStack Charms PTL. If you run or depend on Venus or Vitrage, this is the moment to step up or plan a migration.

Security

A quiet but useful security thread spun out of an operator question: after a user posted a workflow that set instance passwords via metadata, the discussion forked into "[security-sig] Don't put passwords in instance metadata," with Sean Mooney and Jeremy Stanley reinforcing that instance metadata is not a safe channel for secrets. Operators automating image/password setup should take note — config-drive and metadata are readable in ways that make them poor secret stores.

Development & Technical Decisions

YubiKey/FIDO SSH keys in Nova keypairs was the week's richest technical thread (13 messages, 8 participants), opened by Ivan Marton and continued by melanie witt. The question: will Nova accept sk-ssh-ed25519@openssh.com (security-key-backed) public key formats for the keypairs endpoint? It currently doesn't, and there's no explicit documentation of supported formats. The discussion is exploratory — gauging demand and feasibility rather than committing to a change — but it's a clear signal of operator interest in hardware-token auth.

Long-dormant OVN BGP agent work needs reviews. Mohammed Naser flagged that several ovn-bgp-agent fixes — trivial backports plus a larger driver-ecosystem rework — have sat for months, with the oldest now hitting merge conflicts (reviews 947151/947152/947153 and the conflicted 944300/937457). VEXXHOST has been running them downstream in production and is pushing to avoid a downstream-best-only ecosystem. Separately, Mohammed and Dong Ma both asked the Horizon team to review a month-old patch adding microversion support for Nova live migration (review 961099).

Nova NUMA scheduling tradeoffs recurred across two related threads (Brijesh Mishra and Vish Mudemela, both on Kolla-Ansible Caracal). Operators found that without hw:numa_nodes='2', the scheduler packs VMs onto a single NUMA socket and underutilizes the other; setting it spreads vCPUs but always does so — even when one node has capacity — and costs 20-30% memory performance from cross-NUMA access. They're asking for conditional NUMA placement (single-node when it fits, spread only when necessary). No upstream resolution yet; this is good PTG fodder for the Nova team.

Pavlo Shchelokovskyy's device-limit / KVM IRQ-exhaustion thread (fat VM crashing QEMU around the 20th hot-plugged NIC) carried over, again raising whether Nova should expose a knob to cap attached devices. Eugen Block asked about persistent PXE boot for VMs (a Uyuni-managed reinstall workflow), where the boot-order change doesn't survive in libvirt XML, and asked whether a PR would be welcome. Glance's Epoxy upgrade surfaced an image-upload bug where ISOs fail with "Multiple formats detected: iso,gpt" / 415 Unsupported Media Type; Eugen worked around it with require_image_format_match = false. Winicius Allan raised an openstacksdk/Compute-API inconsistency where the server-list host filter is documented as compute_host but the API expects host (bug 2101016).

Heads Up / Action Needed

• Caracal (2024.1) EOM is October 24: finish any final stable/2024.1 releases before the branch moves to Unmaintained — libraries first.
• Reviews wanted: ovn-bgp-agent backports/rework (Mohammed Naser) and the Horizon Nova live-migration microversion patch 961099 are both stalled and being actively requested.
• PTG cross-project coordination: Iury Gregory is firming up Ironic sessions with Nova/Cinder and Neutron; teams should confirm time slots.

Community & Events

Meeting cancellations clustered around the Summit and PTG: Kolla (Oct 8 and 15), the Neutron Drivers and CI meetings (next two weeks, resuming Nov 3), and Tacker's weekly IRC meeting (holiday). Neutron bug-deputy reports from Lajos Katona and Rodolfo Alonso Hernandez highlighted a batch of VPNaaS bugs (AttributeError, AEAD cipher breakage with Libreswan, ovn-vpn-agent delete failures) with patches proposed. The Public Cloud SIG met its bi-weekly cadence, and Reet Srivastava's Skyline core self-nomination continued, with Goutham suggesting a PTG discussion to rally interested maintainers.