OpenStack Epoxy Strengthens Position as VMware Alternative, Enhances Security, and Improves Hardware Enablement

The 31st release highlights includes improvements in PCI passthrough in Nova, the addition of a new Prometheus data source in Watcher, and new security features in Manila.
OpenStack adoption is surging as the OpenStack community releases the 31st release 2025.1 Epoxy. Around 450 contributors from organizations, including BBC R&D, Blizzard Entertainment, Canonical, Cleura, Ericsson, Mirantis, NVIDIA, Rackspace, Red Hat, and Samsung SDS built Epoxy, delivering over 7,600 changes and widespread maintenance updates. This release comes as the OpenStack community celebrates its 15th birthday. With more than 940,000 changes committed since 2010 and 45 million cores in production, OpenStack continues to be one of the most active open source project communities.
Release Notes & Source Code | OpenStack Project Map | OpenInfra Live Episode
How OpenStack Epoxy's features came to life
The OpenInfra Foundation has collaborated with the OpenStack community to highlight some of the prominent features of the Epoxy release; more cycle highlights can be found here.
Strengthen OpenStack as VMware Alternative
- Within Watcher, a new Prometheus data source has been added. For VMware migration, having Prometheus integrated into OpenStack via Watcher allows for efficient monitoring of the existing VMware infrastructure and the migration process. This enables tracking performance and identifying bottlenecks during the migration.
- This release includes features and bug fixes for many Cinder supported storage hardware drivers, including NetApp, PowerMax, LightBits, Fujitsu, PowerFlex, 3par, StorPool, Pure Storage, Nimble, and Hitachi. The improved support of a wide range of Cinder drivers signals the simplification of migrating workloads that are heavily reliant on specific storage solutions. Additionally, after migration, OpenStack environments can retain compatibility with existing storage infrastructure, making the transition smoother and reducing any risks related to storage and data accessibility.
Enhance Security
- Manila users are now able to modify the access level of a share access rule, switching it from “read-only” to “read-write” or vice versa. This feature allows for more precise control over who can modify and access shared resources. If users can limit their access to read-only, they can prevent unauthorized modifications, reducing the risk of accidental or malicious changes to data.
- Manila users can also now set and modify share server characteristics via share network subnet metadata. Cloud administrators can define what modifications are permissible via the driver_updatable_subnet_metadata configuration option. This improvement enables better network isolation and segmentation, ensuring that different data sets or applications are separated in different subnets to reduce the risk of lateral movement within the network if a breach occurs.
- Within Octavia, users can now use custom neutron security groups with Octavia Amphora load balancer VIP ports. By associating specific security groups with the load balancer's VIP (Virtual IP) ports, you can ensure that only specific types of traffic are allowed to reach the load balancer, reducing the risk of unauthorized access.
Improve Hardware Enablement
- Ironic has added a new interface to support the deployment of bootc container images directly to a host with no intermediate steps. This reduces complexity and makes the deployment process more streamlined for operators as well as end users.
- Nova’s PCI pass-through feature now supports new kernel vfio-PCI variant drivers such as Nvidia GRID on Ubuntu 24.04. Operators can now create instances using those specific PCI devices and also live-migrate them, which strengthens OpenStack's ability to support AI workloads.
Simplification of OpenStack Upgrades
In 2022, the OpenStack community adopted the Skip Level Upgrade Release Process (SLURP), which enables users to upgrade once a year rather than every six months. The previous SLURP release (2024.1 Caracal) was issued in April 2024. Caracal users are able to upgrade directly to the new 2025.1 Epoxy release.
Contributor List
Thank you to the nearly 450 contributors who contributed to the OpenStack Epoxy release.