One topic dominated the recent 2025 OpenInfra Summit Europe, and it wasn't AI:
Unlike any tech conference I've attended in the last few years, the top issue at the 2025 OpenInfra Summit Europe at the École Polytechnique Paris was not AI. Shocking, I know. Indeed, OpenInfra Foundation general manager Thierry Carrez commented, "Did you notice what I didn't talk about in my keynote? I made no mention of AI." But one issue that did appear -- and would show up over and over again in the keynotes, the halls, and the vendor booths -- was digital sovereignty.
Digital sovereignty is the ability of a country, organization, or individual to control its own digital infrastructure, technologies, data, and online processes without undue external dependency on foreign entities or large technology companies. In other words, Europeans are tired of relying on what they see as increasingly unreliable American companies and the US government.
Carrez explained: "We've seen old alliances between the US and the EU being questioned or leveraged for immediate gains. We have seen the very terms of exchange of goods changing almost every day. And as a response to that, in Europe, we're moving to digital sovereignty." That shift, in turn, means open-source software.
"The world needs sovereign, high-performance and sustainable infrastructure," continued Carrez, "that remains interoperable and secure, while collaborating tightly with AI, containers and trusted execution environments. Open infrastructure allows nations and organizations to maintain control over their applications, their data, and their destiny while benefiting from global collaboration."
Carrez thinks a better word for what Europe wants is not isolation from the US: "What we're really looking for is resilience. What we want for our countries, for our companies, for ourselves, is resilience. Resilience in the face of unforeseen events in a fast-changing world. Open source," he concluded, "allows us to be sovereign without being isolated."
[...] To make life easier for users -- and to turn a profit, naturally -- many European companies are now offering technology programs to help users achieve digital sovereignty. These programs include Deutsche Telekom, with its Open Telekom Cloud, and OVH, STACKIT, and VanillaCore. Each of these companies relies on OpenStack to power its European-based cloud offerings for individuals, companies, and governments. In addition, other European open-source-based tech businesses, such as SUSE and NextCloud, offer digital sovereignty solutions using other programs.
In conversations at the conference, it became clear that while the changes in American government policy have been worrying Europeans, it's not just politics that has them concerned. People are also upset about Microsoft's 365 price increases. Another tech business issue that's unnerved them is Broadcom's acquisition of VMware and its subsequent massive price increases. This has led to a rise in the use of open-source office software, such as LibreOffice, and its web-based brother, Collabora Online, and the migration of VMware customers to OpenStack-based services.
The sovereignty issue is not going to go away. As Carrez said in a press conference: "It's extremely top of mind in the EU right now, it's what everyone is just talking about, and it's what everybody is doing." Open source is essential to this movement. As Mike McDonough, head of software product management for Catchengo, a "sovereign by design" cloud company, said: "No one can lock you up; no one can take it away from you, and if someone decides to fork the code, you can continue adopting it anywhere in the world."
All in all, participants agreed that Europe's sovereign cloud movement is reaching critical mass as governments and enterprises move data back from the US-based hyperscalers. European organizations are realizing they need more private infrastructure capacity and local talent to run big cloud initiatives. So, they're turning to open source because, as Carrez concluded, "what makes us resilient is our open-source community."
(Score: 4, Informative) by VLM on Thursday October 23, @02:11PM
I have a lot of experience with OpenStack over the years as an admin of the cluster and as a mere sysadmin with sysadmin rights on the cluster and all I can say is "good luck"
The only upgrade path for the tightly coupled Nova/Cinder/Neutron/Swift/Keystone/Glance was to forklift upgrade, migrate everything off the entire cluster to another cluster, build the new cluster on new versions move everything back. This shows the value of IaaS where you can just run Ansible which runs Heat templates.
This brings up migration. I've had Nova nuke a VM trying to migrate it. That's the only time in all my years of vmware and proxmox that I've lost a VM while migrating.
Another hilarious one: Masakari would nuke HA VMs if it got jammed which it often did. You literally had higher availability if you didn't use Masakari because Masakari caused more damage than it prevented. Again, the only experience in ALL my cluster admin work ever where a HA system destroyed a VM.
Speaking of destruction, again, Openstack Nova is the only system I've ever used where a UPS/power failure (UPS are less reliable than wall power where I live, obviously a red state LOL) would jam up or damage a VM making it unable to restart on power on. Yeah sure fsck is normal, I'm talking about being jammed up at the VM level. Very exciting in an unwanted way.
Most of this stuff is a thin reskin of "real technologies". The best way to run Docker on OpenStack in my experience is to set up a Nova VM of Ubuntu or something and run docker like its real metal instead of a VM. There is Zun but you're better off (in my years of experience with it) just running real docker in a VM. Yes, its cool that Zun is basically like K8S in that imagine it has a driver to talk directly to Cinder/Swift/Neutron but it's generally not worth it. When it doesn't work, good luck figuring it out because all errors and logging is utterly totally opaque. Also the OpenStack "product" for log gathering was uninstallable and didn't work (again, just install an ELK stack in VMs...)
Likewise Glance (Swift?) is just an object store like S3. It actually works well. Its not optional this is where your ISO files for VM installs live. Its a PITA to use and you're better off scripting the loading of ISO install media. From what I remember from 3 years ago Glance is an app for ISO images that stores raw data into Swift the object store. I messed around with Swift, the idea of an object store is nifty, if essentially useless if you can't think of any system-wide applications. It would be useful at the application layer if it wasn't working at the infrastructure level.
I never got into Ironic I was more of a Kolla-Ansible installer guy. Its a BIT complicated to install the moving parts its not like pop in the install ISO usb key for proxmox or vmware and hit enter like twice and everything just works, oh heck no. Installing OpenStack will put hair on your chest or gray hair on your head at least.
I never got into Manila which seems to boil down to a wrapper for a FreeNAS (Well TrueNAS now) vm installer to create a NFS partition. Just skip Manila and install TrueNAS in a VM. About the same deal for Octavia (WTF) and Designate. Designate is a cool idea if you've never used K8S, imagine a cluster wide distributed DNS server (if you've used K8S you don't need to imagine this) its cool and works but a bit tedious to use. Hope you use IaaS tools to automate or enjoy nightmarishly complicated API calls from scripts, its not as simple as "just edit a bind file" LOL. I never got into Barbican IIRC for most of the couple years I was actively admin-ing two OpenStack clusters it was uninstallable although theoretically a feature. This situation was a common occurrence in OpenStack. I never got Freezer to work the entire time I was an OpenStack admin, Freezer was literally uninstallable, yeah I kid you not there was no internal backup system (your wildest dream of one is basically Proxmox's backup server which works and integrates beautifully). Aodh was also like that.
Some of it is WTF. Zaqar: Why? Mistral is like Cronicle, I guess, I don't see the point of installing Mistral if you can install Cronicle. Blazar: Why? Magnum: Why do I need something to get in the way of installing K8S, its easier to just install RKE2 in a VM. Trove: Why, just "docker run" a mysql container like a normal person. Kuryr: This never worked for me and was essentially uninstallable and seems to be what Zun wanted to be when it grows up although Zun actually worked whereas Kuryr did not. Setting up Neutron to work with load balanced failover trunks having multiple VLANs is (or was...) challenging.
Probably the only thing I used that I was impressed with was Heat which is a NIH reimplementation of something like Ansible. I know you guys will laugh but I used Ansible to automate Heat templates because Heat was just SO nice and all the internal tools that Ansible also automated are obviously unavailable in Heat. If you know/get Ansible you'll pick up Heat templates in about half a day. They are genuinely pretty nice.
My advice if you use OpenStack is you better have your IaaS up to date with EVERYTHING scripted and you better have your backups working. Also I have about 1000 billable hours on OpenStack as an admin across a couple years of clock time and OpenStack is EXACTLY like owning a sailboat the two best days of your life are they day you get it (get it installed) and the day you get rid of it (the day you say F it, it would be easier to install Proxmox, so you start installing proxmox and moving workload to the new proxmox cluster)
(Score: 2) by VLM on Thursday October 23, @02:35PM
I will continue my OpenStack rant as I'm really happy I don't have an OpenStack cluster to admin anymore (woo hoo proxmox rocks) and the caffeine is hitting hard along with the up half the night on a maintenance window (thank god I'm paid hourly 1099 for life F W-2 employment)
The usual experience with an OS or a product is its smooth to an equal-ish level and internally compatible with itself. OpenStack is not a product, its a meme.
So you think of something cool that you had on VMware that would cost roughly a house mortgage to buy so we ain't using vmware at this employer (and its 10x worse now) and lets see what openstack has.
OH I see there's a project on the web page that sounds just like either an external non-integrated product (lets say, an ELK stack for logging) or a hyper expensive vmware product (lets say, LogInsight (c)(tm) from VMware)
Well OK I will install that on the dev cluster (we had four clusters for obvious reasons). If it works this will be added to the test cluster, which will become the prod someday, and someday after that, the prod will become the "old" as in "oldprod". So thats why we had 4 clusters. Wait there's little to no docs this is turning into more of a struggle than you'd think. WTF I don't think this is even installable. Hmm I research online and the last time this worked was on an OpenStack "release" that hasn't had security patches provided since 2017. OK send a flaming everything to the usual OpenStack forums/mailing lists/irc (did they have a discord/slack? I don't remember) and ask why this is still advertised as a project if it's obviously dead. "Well this is a vanity project by a guy who ragequit five years ago and he likes having it on his resume and we have no process to depricate a dead project... would you like to take the project over?" Naaah fuck you guys I just wasted three days trying to make an abandoned project work. I'll install, I donno, 10 VMs to run a large ELK stack (like 7 ES and a 3 server "Kibana" cluster) and call it good. Then, I kid you not, I fall for it again in a couple months. Oh hey why install K8S using RKE on VMs (back when there was no RKE2 IIRC it was a long time ago), how about this Magnum project. Oh bleep they got me again, see above.
So yeah, OpenStack, no good memories. Some software you have good memories even if it was a PITA sometimes. EMACS. Clojure. But something like OpenStack? The only good memory I have was installing Proxmox on top of those hosts. I vaguely remember shutting down the last server running Keystone before repurposing the hardware and breathing a sigh of relief.
(Score: 2) by VLM on Thursday October 23, @03:03PM
They need a solution to who controls the DNS system and similar very low level problems, but they're worried about user level stuff like "LibreOffice" hmm.
Next level up is infrastructure like dockerhub.
It is a top to bottom problem not a user application software level problem.
Next problem: The easy way to install windows software is systems like chocolatey. Ooops now you need chocolatey.eu not chocolatey.org. Ooops now the problem is "choco install libreoffice" gets you something last updated in 2018. Well OK maybe if you're a bit of an insider or you google around you'll find out you want "choco install libreoffice-fresh" which was last updated to 25.8.1 on Sept 4th. Of course the latest upstream release branch is 25.8.2 which isn't on chocolatey yet whereas the most recent previous release is 25.2.6 which is available as "choco install libreoffice-still" although official security patch support ends in ... eight days. A bit of being stuck between a rock and a hard place.
At least if you check out https://www.libreoffice.org/imprint [libreoffice.org] you'll see they're based in Berlin so no need to set up libreoffice.eu to replace libreoffice.org.
All of this is rather moot, its 2025, nobody runs stuff locally on easily stolen laptops etc. We going to run libreoffice in the cluster and connect in the browser. So every user at work gets a linuxserver.io docker image of their own on the K8S cluster with an assortment of personal and shared cluster storage using https://docs.linuxserver.io/images/docker-libreoffice/ [linuxserver.io]
1) Oh bleep the latest release is 25.2.5 not old-release 25.2.6 not release 25.8.2 ugh ugh ugh. Well, welcome to Fing 2025 I'm making a Dockerfile to manually install the latest libreoffice to an ... Alpine or Ubuntu linuxserver.io webtop.
2) Oh bleep squared (cubed?) now we need to NIH and replicate linuxserver.io as linuxserver.eu for political reasons. Oh great such fun. Wait is it more EU-friendly to use the Alpine or the Ubuntu webtop docker container? Or "arch-xfce" because ARCH is (was?) Canadian (is Canada aka "New North India" euro enough to be considered EU?) although now Arch is mostly developed in Germany (or not)?
(Score: 2) by ichthus on Thursday October 23, @03:14PM
This is definitely about digital sovereignty -- no longer being held hostage to the likes of Microsoft is a good thing. But, make no mistake, this is also about censorship and surveillance. US tech companies aren't unwilling to put backdoors in their products at the request of the EU. Additionally, companies like X and, more recently in the news, 4chan aren't willing to bow to their censorship whims.
(Score: 1) by pTamok on Thursday October 23, @03:25PM
VLMs criticisms are illustrative of the challenge that awaits. Bert Hubert writes at a higher level, and points out that moving from dependence on USA-supplied infrastructure is not going to be easy:
Bert Hubert 2025-07-11: Cloud Overview [berthub.eu]
If you want to know his background and experience, read his intro on https://berthub.eu/ [berthub.eu]
It's going to be a bumpy and exhausting ride.