How OpenStack Epoxy's features came to life

The OpenInfra Foundation has collaborated with the OpenStack community to highlight some of the prominent features of the Epoxy release; more cycle highlights can be found here. 

Strengthen OpenStack as VMware Alternative 

• Within Watcher, a new Prometheus data source has been added. For VMware migration, having Prometheus integrated into OpenStack via Watcher allows for efficient monitoring of the existing VMware infrastructure and the migration process. This enables tracking performance and identifying bottlenecks during the migration.
• This release includes features and bug fixes for many Cinder supported storage hardware drivers, including NetApp, PowerMax, LightBits, Fujitsu, PowerFlex, 3par, StorPool, Pure Storage, Nimble, and Hitachi. The improved support of a wide range of Cinder drivers signals the simplification of migrating workloads that are heavily reliant on specific storage solutions. Additionally, after migration, OpenStack environments can retain compatibility with existing storage infrastructure, making the transition smoother and reducing any risks related to storage and data accessibility.

Enhance Security 

• Manila users are now able to modify the access level of a share access rule, switching it from “read-only” to “read-write” or vice versa. This feature allows for more precise control over who can modify and access shared resources. If users can limit their access to read-only, they can prevent unauthorized modifications, reducing the risk of accidental or malicious changes to data.
• Manila users can also now set and modify share server characteristics via share network subnet metadata. Cloud administrators can define what modifications are permissible via the driver_updatable_subnet_metadata configuration option. This improvement enables better network isolation and segmentation, ensuring that different data sets or applications are separated in different subnets to reduce the risk of lateral movement within the network if a breach occurs.
• Within Octavia, users can now use custom neutron security groups with Octavia Amphora load balancer VIP ports. By associating specific security groups with the load balancer's VIP (Virtual IP) ports, you can ensure that only specific types of traffic are allowed to reach the load balancer, reducing the risk of unauthorized access.

Improve Hardware Enablement 

• Ironic has added a new interface to support the deployment of bootc container images directly to a host with no intermediate steps. This reduces complexity and makes the deployment process more streamlined for operators as well as end users. 
• Nova’s PCI pass-through feature now supports new kernel vfio-PCI variant drivers such as Nvidia GRID on Ubuntu 24.04. Operators can now create instances using those specific PCI devices and also live-migrate them, which strengthens OpenStack's ability to support AI workloads.

Simplification of OpenStack Upgrades

In 2022, the OpenStack community adopted the Skip Level Upgrade Release Process (SLURP), which enables users to upgrade once a year rather than every six months. The previous SLURP release (2024.1 Caracal) was issued in April 2024. Caracal users are able to upgrade directly to the new 2025.1 Epoxy release. 

 Contributor List

Thank you to the nearly 450 contributors who contributed to the OpenStack Epoxy release.