Stackers Network

April 25, 2026

Stackers Network Digest — April 25, 2026

33 threads · 49 messages · openstack-announce, openstack-discuss

The Big Picture

This was PTG week. The 2026.2 "Hibiscus" Virtual PTG ran Monday, April 20 through Friday, April 24, so the mailing list was quiet on day-to-day operations and busy with planning: meeting cancellations across Keystone, Tacker, Kolla, Watcher, and Neutron, plus a flurry of project-team session announcements. The substantive news of the week falls into three buckets — a Neutron security note operators must act on, several governance/core-team shifts, and the first wave of decisions coming out of the PTG sessions themselves.

Security

OSSN-0095: OVN security-group rules created before address-group support may be ineffective. This is the headline operator item. In deployments using the OVN ML2 driver, security-group rules that reference remote address groups and were created before OVN address-group support landed do not enforce source-address filtering — the resulting OVN ACLs effectively allow 0.0.0.0/0. The Neutron API accepted those references without error while the OVN driver silently ignored them, and neutron-ovn-db-sync-util repair mode does not fix them. Worse, deleting an affected rule via the API orphans the ACL, which keeps passing traffic. Affected: neutron (OVN ML2) <25.2.3, >=26.0.0 <26.0.3, >=27.0.0 <27.0.2. A merged fix (Gerrit 976832) adds a maintenance task that recreates missing address sets and corrects affected ACLs on service restart. Action: upgrade to a fixed version, restart neutron services, and verify that ACLs orphaned by previously deleted rules are actually removed. Credit to James Denton (Rackspace).

Development & Technical Decisions

The PTG summaries that landed this week sketch the shape of the Hibiscus cycle:

  • Cinder (April 20–24) published its summary to the wiki — full notes captured for the cycle's planning.
  • Magnum confirmed its direction as a wrapper for third-party drivers rather than maintaining an official internal one. Of the two CAPI drivers, magnum-cluster-api (Vexxhost) is actively developed while magnum-capi-helm has been dormant since December 2025; the long-term goal is running both side-by-side on one install to ease migration. The team is moving to a biweekly 13:00 UTC meeting, adding a #openstack-magnum Kubernetes Slack channel, pushing Zuul CI for both drivers, and beginning eventlet migration once CI stabilizes.
  • i18n is advancing the Zanata→Weblate migration, with Zuul jobs now under test against the Contributor Guide and Horizon, a virtual sprint proposed around June 3, and KNU students wrapping up an Ollama-based AI draft-translation pipeline covering 44 languages.

On the core-team front, Nova surfaced a structural debate: Stephen Finucane codified four competing proposals (Gerrit 986141–986144) for introducing nova-approver/nova-reviewer groups, inspired by Ironic's model and by Ironic↔Nova integration discussions at the PTG. Rather than deadlock, cores are using approval voting (+1 = okay with, -1 = not okay with) directly on the patches; the most popular option will run for the rest of Hibiscus and be re-evaluated at the October PTG. Kolla proposed its own shuffle: moving Christian Berendt to emeritus, moving Michal Arbet from core to the reviewers group, and promoting Bertrand Lanson to core. Other nominations in flight: Ghanshyam Maan for oslo-core, Clif Houck for ironic-reviewer, Mathieu Gagné for openstack-helm core, and Ivan Anfimov into OSA's new power-reviewers group.

Operator-facing technical reports also came in: a quota show --volume quirk where Cinder returns volume types the project can't access; a Zun-on-Kolla Docker version question (Kuryr's incompatibility with Docker 23+); and Karol Klimaszewski's new SPDK-based nova-provisioned storage spec (with live migration support) seeking a Nova liaison.

Heads Up / Action Needed

  • Pre-Zed Kolla images vanish June 1, 2026. All pre-Zed release container images in the quay.io/openstack.kolla org will be permanently deleted. If you still pull those tags, migrate to a supported release before that date.
  • Gazpacho contributor & maintainer surveys close April 30. Both now include AI-tooling questions; the deadline is firm.
  • University Partnership Program needs projects. Kendall Nelson is collecting project ideas for Carnegie Mellon (11-week summer cohort starting the week of May 11) and North Dakota State (16-week fall cohort from August 24). The team wants 2–4 projects on the etherpad — mentors welcome too.
  • neutron-l2gw Gazpacho release is still pending; Lajos Katona expects to tag it in week 17.

Community & Events

The operators track was active around the PTG. Chris Morgan ran an Ops Radio Hour (April 24, 1300 UTC) where, notably, attendees again named this mailing list the preferred coordination channel amid fragmentation across Reddit, Slack, Matrix, and the rest. Recurring ops themes: barriers to upstream contribution, day-2 operations (upgrades, HA, scale), and a suggestion to officially retire the legacy operations and arch-design guides in favor of pointers to Kolla/OSA/etc. best practices. The next Ops Radio Hour is pencilled in for May 29. Separately, the LFX Insights team continues fixing gaps in the Gerrit-based contribution dashboards, and Jimmy McArthur reminded the community that the OpenInfra Jobs Board has moved to the Linux Foundation's GitJobs and is short on postings.