LXD 5.21.0 LTS has been released

tomp · February 15, 2024, 4:39pm

Introduction

The LXD team would like to announce the release of LXD 5.21.0 LTS!

This is our 5th LTS release. It has many new features and changes across all facets of LXD.

The changelog below is split so that both users of LXD 5.20 and LXD 5.0 can see what is new or changed.

As with all our other LTS releases, this one will be supported for 5 years (until June 2029) and will receive a number of bugfix and security point releases over that time.

As for LXD 5.0, we’ll be releasing one last bugfix release as 5.0.4 in the near future before we enter security-only maintenance mode for its remaining 3 years.

Thank you to everyone who contributed to this release!

A release highlights video is also available: https://www.youtube.com/watch?v=0gjD0DJDD1M

Change of version numbering scheme

Previously LXD has followed a version numbering scheme where an LTS release would start a new major version (e.g. 5.0) and each monthly feature release would build on that major version (e.g. 5.1 … 5.20). However, that seemed strange from the perspective of the LTS being an accumulation of all the work that has gone into the monthly releases over the past two years. This is why we decided to change the naming scheme to better reflect that.

Going forward, the last of the monthly releases in the two-year LTS cycle will become the next LTS, in this case, 5.21.0 (which will then have several point releases, 5.21.1 etc). Then, we restart the cycle with the first monthly release following the new major version number (e.g. 6.x). To avoid unexpected results for people who assumed the next LTS series would be 6.0.x we will not be releasing LXD 6.0, and the next feature release after this one will be LXD 6.1.

Documentation: Choose your release

Change of default snap track

The default snap track up until now been latest. So when doing snap install lxd you would be placed on the latest/stable feature release channel.

This has caused some unexpected problems with users that have advanced production setups involving dependencies on other tools who expected to be installing an LTS channel by default.

So with the 5.21.0 LTS release the default snap track will be changed to the latest LTS release, which is now 5.21, and so doing snap install lxd will place you onto the 5.21/stable channel.

It will require a conscious decision to refresh up to a later snap track, rather than being automatically enrolled onto the rolling latest feature version.

Documentation: How to manage the snap

Changes in minimum requirements

Go 1.22.0 or higher to build, only tested with the Golang compiler.
The minimum supported kernel version is 5.15, but older kernels should also work to some degree.
For containers, LXC 5.0.0 or higher with the following build options: apparmor (if using LXD’s AppArmor support) and seccomp.
For virtual machines, QEMU 6.2 or higher is required. Some features like Confidential Guest support require a more recent QEMU and kernel version.
libsqlite3 >= 3.37.2 (for dqlite)
ZFS support in kernel >= 2.1

Documentation: Requirements

Important note: Ubuntu users on 20.04/Focal need to first install the HWE kernel for ZFS to work with this release. Ubuntu users on older releases are advised to stay on the previous LTS (5.0) if they depend on ZFS.

Please also see Notes on upgrading when on Ubuntu 18.04 and 20.04.

Highlights since LXD 5.20

Fine grained authorization for OIDC users

As part of our ongoing work to modernise LXD’s identity and access management mechanisms, we have now added support for fine-grained authorization for OIDC authenticated users. It is now possible to define and restrict granular actions on specific LXD resources. For example, one could restrict a user to be able to view, but not edit, a single instance.

Users, groups and their permissions can now be managed using the the new lxc auth command (and associated APIs).

Important:
Prior to the addition of this extension, all OIDC clients were given full access to LXD (equivalent to Unix socket access). This extension revokes access to all OIDC clients. To regain access, a user must:

Make a call to the OIDC enabled LXD remote (e.g. lxc info) to ensure that their OIDC identity is added to the LXD database.
Create a group: lxc auth group create <group_name>
Grant the group a suitable permission. As all OIDC clients prior to this extension have had full access to LXD, the corresponding permission is admin on server. To grant this permission to your group, run: lxc auth group permission add <group_name> server admin
Add themselves to the group. To do this, run: lxc auth identity group add oidc/<email_address> <group_name>

Steps 2 to 4 above cannot be performed via OIDC authentication (because access has been revoked). They must be performed by a sufficiently privileged user, either via Unix socket or unrestricted TLS client certificate.

Documentation: Remote API authorization

LXD UI enabled by default in LXD snap

The LXD UI is now enabled by default in the LXD snap.
Although the external listener must still be enabled explicitly by setting core.https_address.

Documentation: How to access the LXD web UI

QEMU now built from Ubuntu source in LXD snap

Previously the LXD snap has provided QEMU built from upstream sources. Now the LXD snap is distributing QEMU built from Ubuntu’s QEMU sources. This is so LXD can benefit from patches that the Ubuntu Server team add to QEMU.

Dell PowerFlex storage driver

There are various enablement activities between Dell and Canonical as a part of our ongoing partnership. The latest of them is adding the ability for LXD to interface directly with its PowerFlex storage services in order to allow LXD instances and volumes to be stored on the platform. This offers an alternate remote storage option for enterprise use cases.

Due to its design, PowerFlex will be another LXD storage driver offering remote storage capabilities similar to the already existing implementation for Ceph RBD.

Documentation: Dell PowerFlex

Optimized block volume refresh for Ceph RBD

Previously when transferring a block volume to another pool or host, the initial transfer was done using the efficient rbd export-diff tool but subsequent refreshes were performed using a full block copy of all changed snapshots and the main volume itself. This was slow and inefficient.

Now a new migration extension has been added called RBD_AND_RSYNC which allows for compatible LXD servers to use rbd export-diff for efficiently transferring only the differences between the latest common snapshot and the remaining snapshots and main volume.

Transfers between older versions of LXD will fallback to using full block copy and rsync (BLOCK_AND_RSYNC).

Documentation: Optimized volume refresh

Device config override when importing instance backups

When using lxc import to restore instance backups it is now possible to specify the --device flag one or more times to override device configuration stored in the backup’s configuration when importing the instance into LXD. This is similar to how you can use the --device flag with lxc init or lxc launch to override device config being applied from the profile(s).

E.g.

lxc import c1.tar.gz --device eth0,ipv4.address=192.0.2.1

Documentation: Restore an instance from a restore file

Direct modification of VM UEFI variables (LXD snap only).

It is now possible to directly, and programmatically modify a VM’s UEFI variables using the new lxc config uefi command(s). This allows for customisation of the boot environment (such as customising the secure boot keys) without having to go into the VM’s UEFI firmware screen.

Documentation: UEFI variables for VMs

Removed Candid RBAC authentication support

Support for Canonical’s Candid RBAC service has been removed as it is in the process of being deprecated. LXD still supports external OpenID Connect and TLS certificates for authentication (see below for information on the new OpenID Connect functionality).

Removal of supplementary commands from the LXD snap

The lxd.migrate command that was provided as part of the LXD snap package has been removed.
This was used to migrate from earlier LXD installations that were installed using .deb packages. However it was causing confusion with the similarly named lxd-migrate tool which is provided to help transfer existing workloads into LXD.

Additionally the lxc-to-lxd and lxd-benchmark commands have also been removed from the LXD snap to reduce the size of the snap package.

Migrating from these earlier installations should now be done by way of the lxd.migrate and lxc-to-lxd commands provided in the 5.0/stable channel and then you can refresh up to later version of LXD.

The lxd-benchmark tool can be downloaded directly from the GitHub releases page.

Documentation:

MinIO server is removed from LXD snap

MinIO is used by LXD to provide local object storage (see below for more details). However as MinIO is AGPL-3.0 licensed it is not always appropriate for it to be included in the LXD snap package. As such it has now been removed. However an externally provided minio server and mc client binaries can still be used with the LXD snap for local object storage by setting the minio.path setting, e.g.

sudo snap set lxd minio.path=/usr/sbin
sudo systemctl reload snap.lxd.daemon

Documentation: Install requirements for local storage buckets

Removed deprecated offensive configuration keys

The security.syscalls.(black|white)list keys that were considered offensive and have previously been deprecated since LXD 4.4 have now been removed entirely. The security.syscalls.(allow|deny)list keys should be used instead.

Unembedded Go SDK client API PUT structs

Previously the Go SDK client API structs used when returning information about each entity in LXD via a GET request had the associated PUT request fields embedded inside it. However there were some cases where fields in the PUT request struct were not relevant for the associated GET request struct and were incorrectly being included there due to the embedding approach. We have now unembedded all Go API structs so that each request type has its own field set.

Highlights since LXD 5.0

In addition to the changes above, the following are new since LXD 5.0.

License change to AGPL-3.0

Canonical has decided to change the default contributions to the LXD project to AGPL-3.0 to align with our standard license for server-side code. All Canonical contributions have been relicensed and are now under AGPL-3.0. Community contributions remain under Apache 2.0. We follow the Software Freedom Law Center guidance in relation to this. Going forward, any contribution to LXD will be made under AGPL-3.0 by default. The author of a change remains the copyright holder of their code (no copyright assignment).

It is important to note this change does not prevent our users from using, modifying, or providing LXD-based software solutions, provided that they share the source code if they are modifying it and making it available to others. The conditions of the license are designed to encourage those looking to modify the software to contribute back to the project and the community.

The LXD Go and Python SDK client packages will remain Apache-2.0 licensed.

The LXD 5.0 LTS series will also remain Apache-2.0 licensed for its lifetime.

New release signing key

Since LXD 5.0 was released LXD has move under the Canonical organisation and this LTS series of LXD will be signed by Thomas Parrott, using this key .

VM LXD identifier serial device renamed to com.canonical.lxd

The ring-buffer serial device that is exposed to LXD VM guests, which is used by the lxd-agent to instruct it to start, as well as being used to indicate the agent’s run status back to LXD, has been renamed from org.linuxcontainers.lxd to com.canonical.lxd. To maintain compatibility with existing images that contain systemd units that check for the presence of the old serial device the old device is still present in the guest, however it is no longer used for indicating the agent’s run status to LXD.

Documentation: Rename LXD QEMU VM ring buffer to com.canonical.lxd

Load-balancers (OVN)

The concept of network load balancers to LXD has now been introduced.

Similar in concept to the existing network forwards feature, load-balancers differ in that a particular address or port can have multiple target with OVN handling load-balancing by hashing the source and destination addresses.

This is all handled through lxc network load-balancer command and is currently only for OVN networks.

Documentation: How to configure network load balancers

Object storage on Ceph and local storage pools

LXD now has support for object storage!

This is done by adding a whole new concept of storage buckets along with a dedicated command (lxc storage bucket) and APIs.

This allows LXD users to create new storage buckets, assign them a size limit and then manage access keys to that bucket. The bucket has its own URL with an S3 API.

For Ceph, we are using its rados gateway providing the S3 API.

For other storage drivers, we are using MinIO project which lets us offer an S3 compatible API directly from a local storage driver. Please note that this requires an externally provided minio server binary, by setting the minio.path setting.

Documentation: How to manage storage buckets and keys and Ceph Object storage driver

Loki support and OVN logs

LXD can now stream its log messages and lifecycle events over to a central Grafana Loki server.

In addition, it also has the ability to receive syslog messages via an optional syslog unixgram socket. This allows for OVN to be configured to send its logs into LXD.

This allows for viewing the OVN logs across all cluster members using the normal LXD API or CLI tooling, such as lxc monitor --pretty, and it also means they can be optionally passed into Loki via LXD’s existing integration.

Documentation: Loki configuration and Send OVN logs to LXD

ACME / Let’s Encrypt support

LXD can now automatically obtain its own certificates through any ACME compatible provider which supports HTTP based validation (HTTP-01 challenge).

The most well known such provider is Let’s Encrypt.

On the configuration side, this is done through a few new server configuration keys:

acme.ca_url
acme.domain
acme.email
acme.agree_tos

Most users will just need to set acme.domain and acme.agree_tos to set this up.

Documentation: ACME configuration

Instance placement scriptlet

Instance placement scriptlet was added enabling a better alternative to LXD’s default instance placement algorithms. Instead of the default behaviour of placing a new instance on which ever cluster member was hosting the fewest instances, this new feature allows users to make a more deliberate choice. Now users can provide a Starlark scriptlet that decides which cluster member to deploy the new instance on based on information about the new requested instance as well as a list of candidate cluster members. Importantly, while scriptlets are able to access certain information about the instance and the cluster, they cannot access any local data, hit the network or even perform complex time-consuming actions.

Documentation: Instance placement scriptlet

Block storage mode on ZFS pools

LXD now includes support for filesystem volumes backed by ZFS block-backed zvols, in addition to the ZFS dataset based filesystem volumes we’ve had for a long time. This is something that was requested by the community and is finally available to users. It results in an experience that’s very similar to LVM or Ceph but on the very capable ZFS storage backend. It can also be used to mix and match, having some specific containers or custom volumes use Zvol while the rest of the volumes use datasets.

This allows for containers to use filesystems such as ext4, btrfs, and xfs on top of a ZFS zvol.
Which can be beneficial in scenarios where the application you are running doesn’t support ZFS directly, such as when using overlayfs2 with Docker nested inside a LXD container.

Documentation: ZFS configuration options and Initial volume configuration for instance root disk devices

Fast live migration for virtual machines

This release enables a much-improved VM live migration process, eliminating much of the perceivable downtime. Previously, LXD relied on the stateful stop function, which is the ability to write all the running memory and CPU state to disk, then stop the virtual machine, move it to a new system and start it back up again from where it was using the stored state. The improved functionality, on the other hand, allows the source and target servers to communicate right from the start of the migration. This allows for performing any state transfer in the background directly to the target host while the VM is still running, then transferring any remaining disk changes as well as the memory through multiple iterations of the migration logic and finally cutting over to the target system.

Documentation: How to move existing LXD instances between servers

AMD SEV support for virtual machines

LXD now supports AMD SEV for memory encryption of virtual machines.

It’s controlled through a few new configuration keys:

security.sev
security.sev.es
security.sev.session.dh
security.sev.session.data

On compatible systems (AMD EPYC with firmware and kernel support enabled), setting security.sev to true will have the VM get its memory encrypted with a per-VM key handled by the firmware.

Systems supporting AMD SEV-ES can then turn on security.sev.es to also have the CPU state encrypted for extra security.

Lastly, LXD also supports feeding custom session keys which combined with LXD’s existing vTPM support can be used to ensure that the firmware is set up with those user provided keys and that the host operator doesn’t have any ability to tamper with the VM.

Documentation: Instance security options

OpenID Connect authentication

As part of a push to provide a more industry standard solution to authentication and authorization in LXD, we’ve begun the work by adding support for OpenID Connect for authentication.

This is configured through a few new configuration keys:

oidc.issuer
oidc.client.id
oidc.audience (only relevant for some providers)

LXD uses the Device Code flow for authentication with our CLI tool triggering the browser based authentication flow, then getting and storing the access and refresh tokens and providing those to LXD on all interactions.

Documentation: OpenID connect authentication

Cluster auto-healing

A commonly requested feature by those using LXD with Ceph and OVN, it’s now possible to have LXD automatically recover from a cluster member failure by effectively evacuating all instances to other systems.

This can only work with Ceph backed instances which don’t rely on any server-specific device or configuration.

This is controlled by a new cluster.healing_threshold which defines a number of seconds after which a cluster member is considered to be offline and its instances relocated.

Documentation: Automatic cluster evacuation

Non-UEFI support in LXD VMs (CSM)

LXD virtual machines have been designed to use a very modern machine definition from the start. This means a QEMU Q35 machine type combined with a UEFI firmware (EDK2) and even Secure Boot enabled by default.

While this works great for modern operating systems, this can be a problem when migrating existing physical or virtual machines into LXD as those machines may be using a legacy firmware (BIOS) and not be bootable under UEFI.

This can now be addressed by setting security.csm to true combined with disabling UEFI Secure Boot by setting security.secureboot to false. This switches QEMU to boot via Seabios directly rather than through EDK2.

For snap users the Seabios and EDK2 firmwares are bundled in the snap package.
For non-snap users it is possible to control the search path LXD uses for finding the firmwares by using the LXD_QEMU_FW_PATH environment variable.

Documentation: Security CSM and Server environment variables

ISO volumes

It is now possible to upload ISO image files as custom storage volumes.
These can then be attached to a virtual machine as a bootable CD disk allowing simplified installation of custom operating systems from a “library” of custom ISO volumes.

Documentation: Launch a VM that boots from an ISO

Shiftfs support has been removed

Following the removal of shiftfs from the Ubuntu kernel (from Mantic onwards) LXD has now also dropped support for shiftfs. The preferred way for container filesystems to have their UID/GID mappings be dynamically shifted is with idmapped mounts. In recent kernels this is now supported for ZFS and Cephfs filesystem (in addition to the long standing support for ext4, xfs and btrfs filesystem).

Complete changelog

Here is a complete list of all changes in this release:

Full commit list

doc/projects: clarify restricted.devices.disk
github: add Canonical CLA check
shared/version/api: ovn_ssl_config
lxd/cluster/config: Add OVN SSL config keys
doc: Update configs
lxd/network/openvswitch: Support OVN SSL config keys
shared/linux/memfd: Implement CreateMemfd
shared/linux/memfd: mark as being linux only
lxd/network/openvswitch: Port to memfd
lxd: Clarify restricted.containers.privilege config option
Update metadata
lxd/instance/drivers/qemu: make it clear that CCW devices (s390x) don’t have device bus nor bus address
lxd/storage/drivers/driver_zfs_utils: fix typos
lxd/storage/drivers/driver_zfs_utils: make it explicit that blocksize is in bytes
doc: clarify some wording around the license
lxc/move: Only use server-side move when dealing with a single server
doc: update lxd-sphinx-extensions to canonical-sphinx-extensions
doc: update webpage URL
doc: fix typo in CONTRIBUTING.md
doc/instances: correct the image server name in the example intro
lxd/instance/drivers/qemu: don’t try to enable the lxd-agent.service
doc/reference/devices_disk: document how to enable lxd-agent on old Ubuntu images
build(deps): bump actions/upload-artifact from 3 to 4
lxd/apparmor/instance_qemu: only allow QEMU system emulator
lxd/apparmor/instance_qemu: remove partial duplication of unix rule
build(deps): bump golang.org/x/crypto in /test/mini-oidc
build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0
doc/security: include info on privileged/unprivileged containers
doc: use proper SPDX identifiers for licenses
swagger: use proper SPDX identifier for license
doc/backup: improve linking between pages and mention --refresh
doc/cloud-init: mention that old Ubuntu images need some special handling for cloud-init
doc/security: link from security.privileged to container security section
doc/reference/devices_disk: document needed workaround for 16.04 and lxd-agent
doc: Add HWE to word list
doc: decode the objects.inv file
lxd/task/group: Make cancel type of context.CancelFunc for clarity
lxd/task/group: Remove unnecessary use of defer unlock calls in Add
lxd/task/group: Remove unnecessary use of defer unlock calls in Start
lxd/task/group: Remove unnecessary use of defer unlock calls in Stop
test/golangci: Handle some common upstream branch names
test/golangci: Better handle Github refs
test/golangci: Fetch GITHUB_BEFORE reference
doc: add sudo to set lxd ui.enable=true
lxd/task/group: Adds NewGroup function
lxd/task: NewGroup usage
lxd/daemon: Initialise task group using NewGroup
lxd/task/group: Remove unnecessary running nil check
doc: Add paragraph on how to delete images
test: Add exec exit code test
lxd/sys: handle apparmor unconfined profile mode appropriately
lxd/apparmor: allow confined services to receive required signals
lxd/sys: add comment clarifying AppArmor unconfined profile mode
lxd/rsync: Consistently compare files on nanosecond basis
test/suites/migration: Check for file contents after refresh
test/suites/migration: Check local and remote instance refreshes based on nanoseconds
shared/idmap: handle “both” idmappings in raw.idmap properly
doc: Clarify optimized volume refresh
test/suites/idmap: test “lxc file push” and raw.idmap config combo
Updates CONTRIBUTING file to describe licensing of some sub-packages and imports
License the Go client SDK and dependent shared packages as Apache-2.0
Add information about the client SDKs to the README.md file
lxd/response: Watch for liveness of the TCP connection for single file response
lxd/instance_post: Update comments in instancePostClusteringMigrate function
lxd/instance_post: Rename container to instance in instancePost function
lxd/instance_post: Prevent live migration of instances with custom volumes
lxd/instance/drivers/driver_lxc: Remove handling of limits.network.priority
lxd/devices: Remove handling of limits.network.priority on new network device
lxd/cgroup/abstractions: Remove unused SetNetIfPrio function
shared/instance: Remove instance config option limits.network.priority
scripts/bash/lxd-client: Remove limits.network.priority from container keys
Update documentation metadata
lxd/instance/qemu: Start using seabios as CSM firmware
idmap: Move from shared to lxd directory
fuidshift: Update usage of idmap package
lxd: Update usage of idmap package
shared: Update usage of idmap package
subprocess: Moves from shared into lxd directory
lxd: Update usage of subprocess package
instancewriter: Moves from shared to lxd directory
lxd: Updates usage of instancewriter package
instance.go: Moves from shared to instancetype directory
api: Add init_preseed_storage_volumes api extension
lxd/init: Add support for storage volumes in preseed init
doc: Update rest api and init sample config
lxc: Updates instancetype usage
lxd: Updates instancetype usage
linux: Moves from shared to lxd directory
lxc-to-lxd: Update usage of linux package
lxd: Updates usage of linux package
lxd-migrate: Update usage of linux package
revert: Moved from lxd to shared directory
lxd: Update usage of revert package
lxd-agent: Updates usage of revert package
lxd-migrate: Updates usage of revert package
lxd-user: Updates usage of revert package
shared: Updates usage of revert package
test: Add storage_volumes in init preseed
Makefile: Don’t use verbose go install call for non-lxd deps
tests: Add license check
test: Check client and shared packages do not use non-permissively licensed packages
doc: add paragraph on how to delete images
test/lint: Always fetch the target branch if it cannot be found.
shared/version/api: add metrics_instances_count
doc/api-extensions: document metrics_instances_count
driver_lxc: Include running state in metrics
driver_lxc: Check running state when retrieving metrics
driver_qemu: Add running state to metrics
metrics: Don’t require instance name for metrics filtering
metrics: Filter metrics by project only
metrics: Add container and VM count
test: Fix metrics tests
lxd/api_metrics: move the instance counting to metricsGet()
Makefile: stop pinning openfga/go-sdk
gomod: Update dependencies
mini-oidc: Implement user store
test/lint: Abort test if target revision can’t be found.
lxd/storage/drivers/ceph: Restore the filesystems UUID on the volume
lxd/lxd-metadata: now supporting multiple entities per comment
refactor: update cluster entity comments
refactor: update project entity comments
refactor: update server entity comments
refactor: update instance entity comments
refactor: update ‘server’ entity comments
lxd/storage_volume_snapshots: Use the snapshots.pattern option for manual snapshots
tests: Test that manual snapshots of custom storage volumes use the snapshots.pattern option
doc/api-extensions: security.devlxd applies to both containers and VMs
api: Add server instance type info api extension
shared/api/server: Add supported instance types in ServerEnvironment
lxd/api_1.0: Indicate supported instance types on server
doc/rest-api: Update api definition
tests: Add server info instance type test
README: remove extraneous empty lines
shared/simplestreams/products: Search only for lxd archives
lxc/config/file: Remove loading of images remote
lxc/config/default: Remove images remote
lxd-benchmark: Use image from ubuntu remote in description
test/suites/storage: Add check for UUID generation on restore
docs: Remove occurances of images remote
shared/api/image: Use ubuntu cloud url for remote example
shared/api/instance: Use ubuntu cloud url for remote example
shared/util_test.go: Update test data with ubuntu cloud url
doc: Regenerate rest-api.yaml
i18n: Update translations
lxd/storage: document common storage options
lxd/storage/btrfs: document btrfs config options
lxd/storage/ceph: document ceph config options
lxd/storage/cephfs: document cephfs config options
lxd/storage/cephobject: document cephobject config options
lxd/storage/lvm: document lvm config options
lxd/storage/zfs: document zfs config options
doc/storage: include automatic config options in the docs
doc/storage: replace references to config options
lxdmeta: update configuration.json and config_options.txt
lxd/instance/drivers/driver_qemu: force SeaBIOS CSM firmware instead of OVMF
README: add sections on recommended tools to manage LXD at scale
shared/api: Add Mounted status to disk/part info
lxd/resources: Check /proc/self/mountinfo for mounted status
lxc: Update CLI
doc: Update swagger
api: Add resources_disk_mounted api extension
po: Update i18n
instance/qemu: support extended firmware search algorithm
instance/qemu: rename ovmf mentions
instance/qemu: do some sanity checks around enabling security.csm
lxd/instance/drivers/driver_qemu: use bios-256k.bin instead of seabios.bin
doc: enable multiprocessing for pyspelling
Makefile: have run-parts report which script it runs
test/lint/golangci: simplify commit hash extraction
test/lint/golangci: remove duplicated --quiet argument
test/lint/golangci: faster/smaller clone unshallow’ing
test/lint/golangci: undo default branch guessing logic
doc: use all processors for spelling check
build(deps): bump actions/dependency-review-action from 3 to 4
test/lint: Treat GITHUB_BEFORE as a revision.
Add note about scrape_interval and update examples
lxd/auth/oidc: Adds constants for cookie names.
doc/metrics: fix indentation and wording
client/lxd_certificates: Replace HasExtension with CheckExtension
client/lxd_cluster: Replace HasExtension with CheckExtension
client/lxd_containers: Replace HasExtension with CheckExtension
client/lxd_images: Replace HasExtension with CheckExtension
lxd/auth/oidc: Adds methods to get/set cookies.
lxd/auth/oidc: Adds methods to set OIDC fields on Verifier.
lxd/auth/oidc: Request is OIDC if refresh cookie is present.
lxd/auth/oidc: Update callback handler.
lxd/auth/oidc: Update logout handler.
lxd/auth/oidc: Updates login handler.
lxd/auth/oidc: Adds method to authenticate ID tokens.
lxd/auth/oidc: Adds method to authenticate access tokens.
lxd/auth/oidc: Refactors Auth method to use new methods.
lxd/auth/oidc: Adds comments for exported methods on AuthError.
client/lxd_instances: Replace HasExtension with CheckExtension
client/lxd_instances: Fix typo in api extension check error message
client/lxd_network_acls: Replace HasExtension with CheckExtension
client/lxd_network_forwards: Replace HasExtension with CheckExtension
client/lxd_network_peer: Replace HasExtension with CheckExtension
client/lxd_network_zones: Replace HasExtension with CheckExtension
client/lxd_networks: Replace HasExtension with CheckExtension
client/lxd_projects: Replace HasExtension with CheckExtension
client/lxd_server: Replace HasExtension with CheckExtension
client/lxd_storage_buckets: Replace HasExtension with CheckExtension
client/lxd_storage_pools: Replace HasExtension with CheckExtension
client/lxd_storage_volumes: Replace HasExtension with CheckExtension
client/lxd_warnings: Replace HasExtension with CheckExtension
shared: Add helper for obtaining a CertInfo struct
lxd/endpoints: Return a copy of the network cert
lxc/cluster: update restore help text for --force
po: Update i18n
doc: add additional information to config option index
doc: speed up processing
github: Pin MinIO to the version before ServiceV2 API
lxd_metadata: Handle templating with a substitution database
Makefile: update lxd-metadata to use the substitution database
lxd-metadata: update metadata
lxd/storage/drivers/ceph: Restore the VM block filesystem volume too
lxd/storage/drivers/lvm: Restore the VM block filesystem volume for thin-pools too
github: Pin microceph to quincy edge
api: Add api extension server_version_lts
shared/version: Add boolean indicating whether this is an LTS release
shared/api/server: Add server lts indication in ServerEnvironment
lxd/api_1.0: Indicate lts version on server
lxc/version: Indicate LTS version of the client and/or server
lxd/main_version: Indicate lts version of the server
doc: Update rest definition
i18n: Update translations
lxd/storage_volumes: Properly target refreshes
lxd/storage_volumes: Use a single POST handler
github: the CLA check already exempts bots
github: exempts Apache-2.0 contributions from CLA signing
doc/installing: 5.0 is the last LTS release shipping lxd.migrate
test/lint: Fail if running locally and branch not present.
test/lint: Use the golangci-lint --whole-files flag.
Makefile: Removes unnecessary pin of github.com/mdlayher/socket@v0.4.1
gomod: Update dependencies
github: check DCO last as it fails on big PRs
golangci: Remove/update some overly-pedantic revive lint rules.
README: point to lxd-pkg-snap repo
doc/installing.md: update link to snapd install doc
doc: readthedocs now supports Go 1.21
lxd/storage/drivers/ceph: Double check the volumes content type
lxd/storage/drivers/ceph: Disable filesystem config keys on block volumes
lxd/storage/drivers/lvm: Disable filesystem config keys on block volumes
test: Add check to restore custom volumes of type block
lxd/storage/drivers/ceph: Update UnmountVolumeSnapshot docstring
github: consistently use set -eux in all script snippets
github: make sure bash is always invoked with -eo pipefail
github: merge building doc and printing warnings
Revert “github: Pin microceph to quincy edge”
github: workaround microceph busy disk issue by freeing the ephemeral disk early
lxd: Improve error check for existing certificates
lxd/cluster: Revert database setup if cluster join fails
lxd/cluster: Fix linter errors
lint: Exclude ‘deep-exit’ linter rule for cluster node removal
shared/api: Updates swagger description for certificate field.
shared/api: Fix lint errors (receiver-naming).
doc: Updates OpenAPI spec.
doc/requirements: bump minimum Go to 1.21
doc/requirements: bump min kernel to 5.15 and note that older kernels may work
doc/requirements: mention that SKBPRIO/QFQ qdiscs require 5.17+
doc/requirements: bump min LXC to 5.0.0
doc/requirements: bump min QEMU to 6.2 (same as Jammy)
doc/requirements: mention that newer QEMU/kernel are needed for Confidential Guest support
doc/requirements: bump min libsqlite3 to 3.37.2 (same as Jammy)
doc: add QFQ, qdisc, qdiscs and SKBPRIO to wordlist
doc: alpha sort the wordlist
lxd/auth/oidc: Add constants for session cookie and config refresh interval.
lxd/auth/oidc: Add fields for secure cookie handling.
lxd/auth/oidc: Initialise Verifier with fields for cookie encryption.
lxd/auth/oidc: Add method to get securecookie from session ID.
lxd/auth/oidc: Updates methods for getting and setting cookies.
lxd/auth/oidc: Updates calls to get or set cookies.
lxd/auth/oidc: Rotate the encryption key of the relying party.
lxd: Update calls to NewVerifier.
lxd/auth/oidc: Request is not OIDC if session cookie not present.
lxd: Fix lint error (revive: confusing-results).
lxd: Fix lint errors (var-naming).
lxd: Fix lint errors (revive: unchecked-type-assertion).
shared/api: Adds identity type constants.
lxd/db/cluster: Add schema update.
lxd/db/cluster: Add types for identities and identities_projects tables.
lxd/db/cluster: Runs make update-schema.
lxd/db/cluster: Removes generated certificate methods.
lxd/db/cluster: Updates certificate methods to call identity methods.
lxd/db/cluster: Adds test for schema update.
lxd/db/cluster: Fix lint error (revive: var-naming).
lxd/db/cluster: Update clustering test to select from identities table.
lxd/db: Update certificates test.
lxd/patches: Add patch to remove block.* settings from type block volumes
lxd/patches: Satisfy the linter
lxd: Remove Candid from list of supported authentication methods.
shared/simplestreams/products: Fix regression in parsing version files
shared/simplestreams/simplestreams: Improve error messages
lxd: Remove Candid and RBAC from config update logic.
lxd: Remove candid from http handlers.
lxd: Remove Candid and RBAC from daemon init logic.
lxd: Remove Candid verifier from daemon.
lxd/auth/candid: Remove Candid verifier logic.
lxd/auth: Remove RBAC authorization logic.
lxd/cluster/config: Remove RBAC and Candid config keys.
Runs make update-metadata
lxd: Remove candid from swagger doc.
shared/api: Update swagger example authentication methods.
doc: Runs make update-api.
client: Don’t set macaroon fields when using a target or project.
client: Do not use bakery client for HTTP requests.
client: Ignore candid auth type when connecting.
client: Remove bakery client.
lxd-migrate: Remove candid auth.
lxc/config: Remove candid from lxc remote helpers.
lxc: Remove candid --auth-type from lxc remote add.
shared/api: Remove candid authentication method const.
shared/version: Remove RBAC and Candid API extensions.
gomod: Runs go mod tidy.
i18n: Runs make i18n.
scripts/bash: Remove Candid and RBAC config keys from bash autocomplete.
test: Remove Candid and RBAC test suites.
test: Remove Candid and RBAC test helpers.
test/suites: Remove candid reference from server config test.
gitignore: Remove rbac test helper.
doc/howto: Replace candid with oidc in --auth-type example.
doc/howto: Remove RBAC from projects confine howto.
doc/explanation: Remove RBAC from projects explanation.
doc: Remove Candid and RBAC config options.
doc: Remove Candid and RBAC from authentication methods.
doc: Remove RBAC and Candid API extensions.
doc: Remove RBAC from wordlist.
test: Remove Candid dependencies from allowed client imports.
lxc/config: Fix lint error (revive: confusing-results).
lxd-migrate: Fix lint error (revive: receiver-naming).
lxd-migrate: Fix lint error (revive: exported).
lxd-migrate: Ignore lint error (revive: deep-exit).
lxd/auth: Ignore lint errors (revive: exported).
lxd/cluster/config: Fix lint errors (revive: confusing-results).
lxc/remote: Fix lint errors (revive: exported).
doc: additional options recommended for running Docker
github: run system-tests with LXD built with Go 1.21
github: run some system-tests with LXD built with Go 1.20
github: use matrix.go in Install Go section names
github: check compat with min Go version when compiling with 1.20.x
github: run code tests using Go 1.21.x
github: stop purging core20
github: purge disabled/superseded snaps
Revert “Makefile: Removes unnecessary pin of github.com/mdlayher/socket@v0.4.1”
github: build all client binaries with Go 1.21
github: build doc with Go 1.21
github: build lxd-snapcraft with Go 1.21
github: hardcode Go version used with code-tests/documentation
gomod: Update dependencies
github: move snap removal to “Reclaim some space” step
github: put docker removal its own step
github: mask lxc{,-net}.service in a singe command
doc: update versioning scheme and snap channels
shared/auth: Adds common methods for identity types.
lxd/db/cluster: Remove IsRestricted method in favour of new shared/auth function.
lxd/identity: Add identity cache.
lxd/auth: Check for PKI authentication when getting request details.
lxd/auth: Check for PKI authentication in TLS authorizer.
lxd/auth: Update authorizers to use identity cache.
lxd/cluster: Update TLS check to use identity cache.
lxd/cluster: Update gateway to use identity cache.
lxd/cluster: Update cluster tests for identity cache.
lxd/project: Update project permission tests for identity cache.
lxd/db/cluster: Add methods to extract x509 certs from identity metadata.
lxd: Update daemon to use identity cache.
lxd: Update certificatesGet handler to use identityCache.
lxd: Pass identity cache into gateway handler funcs.
lxd: Move certificate cache update functions to new file.
lxd/instance/drivers/qemu: fix linting issues
lxd/instance/drivers/lxc: fix linting issues
lxd: Remove RBAC and Candid config keys (patch).
github: drop DCO check now that we have the DCO app enabled
doc: fix extraction of version number
lxd: Update cache refresh functions.
lxd: Rename cache update methods.
lxd/certificate: Remove certificate cache.
lxd: Fix lint errors (var-naming).
lxd/cluster: Fix lint error (var-declaration).
lxd/cluster: Refactor leader address logic (revive: defer).
lxd/cluster: Fix lint error (reduntant-import-alias).
lxd/cluster: Fix lint error (exported).
lxd/auth: Fix lint errors (missing comment).
lxd/auth/tls: Return falsy permission checker when client is restricted.
test/suites: Ensure we can still list storage pools when restricted.
doc: no need to sudo for snap info
test/suites: Ensure restricted certs cannot view storage pool config.
lxd/device/disk: Satisfy the linter
lxd/storage/backend_lxd: Satisfy the linter
lxd/storage/drivers/generic_vfs: Satisfy the linter
lxd/endpoints: Hide read errors from proxies
lxd/instance/drivers/qemu: do not check for size.state if shared storage is enabled for an instance
github: ask bug reporters to provide the list of relevant snaps
doc: clarify how to interact with different remotes through the API
doc/server: add API instructions for configuring the server
doc/server: add API instructions for authenticating
lxd/storage/drivers/generic_vfs: Return if the right file was found
lxd: Do not check for bakery discharged error.
lxd: Update comment to remove “macaroon”.
lxd: Update comments on LXD client.
lxd: Update comment on simplestreams client.
lxc: No need to save cookies on exit.
lxc: No need to remove cookie when removing a remote.
lxc/config: Remove cookie handling.
shared/api: Update comment on server auth methods.
shared/version: Remove macaroon_authentication API extension.
lxd/doc: Remove macaroon_authentication API extension.
gomod: Run go mod tidy.
test: Update client imports list.
Fix linter errors (revive: exported).
shared/api: Add OIDC client identity type.
lxd/db/cluster: Add integer db constant for OIDC client identity type.
lxc/cluster/config: Adds OIDC groups claim config option.
Runs make update-metdata.
lxd/auth/oidc: Add groups claim to verifier options.
lxd/auth/oidc: Request groups claim in OIDC scope if non-empty.
lxd/auth/oidc: Write the groups claim as a header.
lxd/auth/oidc: Add method to extract groups from custom claim.
lxd/auth/oidc: Return identity information from Auth method.
lxd: Pass groups claim into OIDC verifier on initialisation.
lxd: Instantiate new OIDC verifier on groups claim config change.
lxd: Update call to (*config.Config).OIDCServer.
client: Add custom claim to scope if header is set.
lxd/request: Add context keys and headers for identity provider groups.
lxd: Add new OIDC identities to identities table and refresh cache.
lxd: Add identity provider groups to the request context.
lxd/cluster: Forward identity provider groups to other members.
lxd: Extract identity provider groups from forwarded request header.
lxd/cluster: Fix lint error (revive: early-return).
test/suites: Test that OIDC identities are being added to the database.
lxd/auth/oidc: Use AuthError value, not reference.
lxd: Wrap OIDC error and inspect with errors.As.
test/lint: Temporarily remove --whole-files flag.
api: Adds oidc_groups_claim extension.
lxd: Fix lint errors (revive: exported).
lxd: Ignore lint error (revive: defer).
lxd/storage/drivers: Add VolumeCopy struct
shared/entity: Add entity type to shared.
shared/entity: Add tests for creating/parsing entity URLs.
lxd/db/cluster: Rewrite cluster.EntityType to use new entity.Type.
lxd/db/cluster: Remove cluster.URLToEntityType tests.
lxd/db/cluster: Remove references to EntityURI map from schema updates.
lxd/db/cluster: Update warnings to use cluster.EntityType.
lxd/db/cluster: Runs make update-schema.
lxd/db: Update GetURIFromEntity method.
lxd/db: GetURIFromEntity method should get storage volume location.
lxd/db: Update warning methods on Cluster to use entity.Type.
lxd/cluster: Update calls to warning db methods.
lxd/device: Update calls to warning db methods.
lxd/instance/drivers: Update calls to warning db methods.
lxd/network: Update calls to warning db methods.
lxd/storage: Update calls to warning db methods.
lxd/warnings: Update calls to warning db methods.
lxd: Update calls to warning db methods.
lxd: Update internal warning create handler to use entity.Type.
lxd: Update getWarningEntityURL method.
lxd: Update call to cluster.URLToEntityType.
lxd/project: Update call to cluster.URLToEntityType.
test/suites: Update warnings test to use string entity type.
lxd/device: Fix lint error (revive: exported).
lxd/device: Fix lint errors (revive: useless-break).
lxd/instance/drivers: Fix lint errors (revive: confusing-results).
lxd/network: Fix lint errors (revive: exported).
lxd/network: Fix lint errors (revive: comment-spacings).
lxd/project: Fix lint errors (revive: confusing-results).
lxd: Fix lint error (revive: unchecked-type-assertion).
lxd/loki: Replace complex backoff with simple loop
api: loki_config_instance
lxd/cluster/config: Add loki.instance
lxd/loki: Add support for overriding instance name
lxd: Add support for loki.instance
doc: Update configs
grafana: Add instance filters for Loki
lxd/loki: Fix variable shadowing
lxd/storage/drivers/interface: Change function signatures
lxd/storage/drivers/generic_vfs: Use updated snapshots slice
doc/devices/NIC: move section about nictype physical
lxd/db/cluster: Add OIDC metadata type and method to get subject.
lxd/identity: Add name and subject to identity cache.
lxd/identity: Add method to get identity by OIDC subject.
lxd/identity: Fix return value of Cache.Get.
lxd: Add name and subject to cache entries on update.
lxd/auth/oidc: Add identityCache to verifier.
lxd: Pass identity cache into NewVerifier.
lxd/auth/oidc: Add profile claim to scopes.
client: Add profile claim to scopes.
lxd/auth/oidc: Return name in authentication result.
lxd/auth/oidc: Check cache for subject; get details from /userinfo if missing.
lxd: Move handling of OIDC authentication result to new method.
client: Remove WithUnsecure from cookie handler options.
test/mini-oidc: Allow setting username and email address.
test/includes: Append second argument to oidc.user file if present.
test/suites: Update OIDC test suite.
lxd/storage/drivers/generic_vfs: Use VolumeCopy struct
lxd/storage/drivers/btrfs: Use updated driver interface
lxd/storage/drivers/ceph: Use updated driver interface
lxd/storage/drivers/cephfs: Use updated driver interface
lxd/storage/drivers/dir: Use updated driver interface
lxd/storage/drivers/lvm: Use updated driver interface
lxd/storage/drivers/zfs: Use updated driver interface
lxd/storage/drivers/common: Use updated driver interface
lxd/storage/drivers/mock: Use updated driver interface
github: build lxc and lxd-migrate binaries with trimpath
github: strip lxc and lxd-migrate native binaries
lxd/storage/backend_lxd: Update storage driver invocations
lxd/storage/backend_lxd: Don’t validate custom storage volumes twice
github: build lxc and lxd-migrate binaries with trimpath
doc: build lxc with trimpath and without debug info
github: use regex matching to purge disabled snaps
lxd/instance/drivers/qemu: Handle SELinux for LXD agent
doc/devices/NIC: add configuration examples
doc/devices/disk: move configuration examples to a separate section
lxd/entity: Moves shared/entity to lxd/entity.
lxd/storage/backend_lxd: Don’t use storage name when creating source snapshots
gomod: Update dependencies
github: ask dependabot to look after gomod updates on main
github: add labels when PRs target LTS branches
lxd/entity: Add types for server, image alias, and network zone.
lxd/entity: Add exception to ParseURL for TypeServer.
lxd/entity: Add standard URL generation methods.
lxd/identity: Moves identity methods from shared/auth to lxd/identity.
lxd/auth: Updates entitlement definitions and removes object types.
lxd/auth: Add methods to get and validate entitlements for entity types.
lxd/auth: Update Authorizer interface to use new types.
lxd/auth: Update TLS driver to use new types.
lxd: Update allowPermission function to use entity types.
lxd/db/operationtype: Update return type of (Type).Permission.
lxd/db/operationtype: Operation permissions should apply to the entity they are operating on.
lxd/operations: Update operations to use entity types.
lxd/project: Update project permission handling.
lxd/events: Update permission handling for events.
lxd: Update permission handling for metrics.
lxd/metrics: Update tests for metrics.
lxd: Update permission handling for server API.
lxd: Update permission handling for cluster API.
lxd: Update permission handling for internal endpoints.
lxd: Update permission handling for project APIs.
lxd: Update permission handling for certifcate API.
lxd: Update permission handling for events API.
lxd: Update permission handling for image and image alias APIs.
lxd: Update permission handling for instance APIs.
lxd: Update permission handling for network APIs.
lxd: Update permission handling for network ACLS.
lxd: Update permission handling for network zones.
lxd: Update permission handling for operations.
lxd: Update permission handling for profiles.
lxd: Update permission handling for server and storage pool resources.
lxd: Update permission handling for storage pools.
lxd: Update permission handling for storage volume APIs.
lxd: Update permission handling for storage bucket APIs.
lxd: Update permission handling for warnings.
lxd/storage/backend_lxd: Append the snapshots creation date
github: run tests with Go 1.22 (take #2)
github: run code-tests with 1.21 to avoid swagger crash
doc: Remove references to blocked community image server
meta/instance-types: Adds instance type preset files from Index of /meta/instance-types/
lxd/instance/instance/types: Use temporary hosting location of instance type preset files
lxd/migrate_storage_volumes: Send snapshot creation timestamp
lxd/migrate_storage_volumes: Compare snapshots on second based granularity
test: Check creation date of migrated snapshots
test: Check creation dates of local copied snapshots
test: Adapt the snapshot test to work with the present creation date
lxd-generate: Return helpful error instead of panicking.
api: Add storage_volatile_uuid extension
lxd/storage: Add volatile.uuid config key for volumes
metadata: Add volatile.uuid for volumes
lxd/storage/drivers: Add Volume’s parentUUID field
lxd/storage/backend_lxd: Block volume’s volatile.uuid from modification
lxd/storage/backend_lxd: Use quotes consistently for error messages
lxd/storage/utils: Always create volume DB entries with volatile.uuid
lxd/storage/backend_lxd: Set volume’s volatile.uuid for storage driver calls
lxd/storage/drivers/volume: Set the snapshots parent in NewVolumeCopy
lxd/storage/drivers/generic_vfs: Handle volatile.uuid for volume imports
lxd/storage/drivers/generic_vfs: Handle volatile.uuid for volume exports
lxd/storage/drivers/generic_vfs: Handle volatile.uuid for volume migration
lxd/patches: Set volatile.uuid for all volumes and snaphots
test: Pass the storage pool name into the snapshots suite
test: Add volume’s volatile.uuid checks
lxd: Move storage volume type definitions to cluster package.
doc/instances: update links to instance type lists
lxd/db/cluster: Add queries and methods for getting entity URLs.
lxd/db/cluster: Add test to ensure entity query validity.
lxd/db: Remove GetURIFromEntity method.
lxd/db: Update UpsertWarning method to use cluster.GetEntityURL.
lxd: Update getWarningEntityURL method to use cluster.GetEntityURL.
lxd/storage/s3/miniod: Add mc command shim
lxd/storage/s3/miniod: Update minio admin client usages
lxd/storage/s3/miniod: Update MinIO WaitReady
.github/workflows: Add mc to github workflows
.github/workflows: Use V2 minio server in tests
doc/howto: Add instructions for installing MinIO
go: Remove madmin package
doc/profiles: link to instance configuration
lxd/storage/drivers/zfs: Pass snapshots when copying
lxd/storage/drivers/ceph: Pass snapshots when copying
Add device parameter for importing instance command
test/lint/licenses: Check whole codebase for non-permissive imports
lxd/project: Don’t panic on StorageVolumeParts
lxd/storage/drivers/generic_vfs: Use VolumeCopy for genericVFSCopyVolume
lxd/storage/drivers/btrfs: Pass the CopyVolume struct to genericVFSCopyVolume
lxd/storage/drivers/ceph: Pass the CopyVolume struct to genericVFSCopyVolume
lxd/storage/drivers/dir: Pass the CopyVolume struct to genericVFSCopyVolume
lxd/storage/drivers/lvm: Pass the CopyVolume struct to genericVFSCopyVolume
lxd/storage/drivers/zfs: Pass the CopyVolume struct to genericVFSCopyVolume
Revert “lxd/entity: Moves shared/entity to lxd/entity.”
shared/entity: Fix imports from reverting moving the entity package.
lxd/storage/drivers/interface: Add HasVolumeSnapshots function
lxd/storage/drivers/common: Implement HasVolumeSnapshots
lxd/storage/drivers: Replace vol.SnapshotsMatch with driver.HasVolumeSnapshots
lxd/storage/drivers/volume: Remove SnapshotsMatch
lxd/instances_post: Override the imported volume’s UUIDs
github: remove more container runtimes
github: don’t abort on remount failures
lxd/storage/pool_interface: Remove deleteMissing from CheckInstanceBackupFileSnapshots
lxd/api_internal: Remove deleteMissing from CheckInstanceBackupFileSnapshots
lxd/storage/backend_mock: Remove deleteMissing from CheckInstanceBackupFileSnapshots
lxd/storage/backend_lxd: Move the snapshot comparison logic into the storage driver
lxd/storage/backend_lxd: Remove deleteMissing from CheckInstanceBackupFileSnapshots
incusd: Correctly update event location
incusd/events: Upgrade to websocket as late as possible
internal/server/db: Remove function doDbScan
internal/server: Use Retry function
internal/server/db: Unwrap dbQueryRowScan function
internal/server/db: Unwrap queryScan function
internal/server/db: Remove exec function
Move db backup functions to ClusterTx
Move db image functions to ClusterTx
Move db instance functions to ClusterTx
Move db network ACL functions to ClusterTx
Move db network forward functions to ClusterTx
Move db network load balancer functions to ClusterTx
Move db network peer functions to ClusterTx
Move db profile functions to ClusterTx
Move db network zone functions to ClusterTx
Move db network functions to ClusterTx
Move db snapshot functions to ClusterTx
Move db storage bucket functions to ClusterTx
Move db storage pool functions to ClusterTx
Move db volume snapshot functions to ClusterTx
Move db storage volume functions to ClusterTx
Move db warning functions to ClusterTx
lxd/api_cluster: Join cluster transactions
api_cluster: Optimize db transactions
daemon_images: Optimize db transactions
daemon_storage: Optimize db transactions
images: Optimize db transactions
storage_volumes_snapshot: Optimize db transactions
instance/drivers: Optimize db transactions
driver_ovn: Optimize db transactions
network/acl: Optimize db transactions
network/zone: Optimize db transactions
storage_volumes: Optimize db transactions
lxd/dns: Serialize DNS queries
lxd/network: Optimize UsedByInstanceDevices
lxd/backups: Simplify missing backup errors
tests: Update for current backup errors
lxd/cluster: Optimize ConnectIfInstanceIsRemote
lxd/backup/utils: Ensure the volume’s config gets updated too
lxd/storage/backend_lxd: Consistently use GetNewVolume for config generation
lxd/storage/drivers/volume: Deep copy the volume’s config when instantiating a snapshot
lxd/storage/utils: Remove setting UUID when inserting volume
lxd/storage/utils: Remove setting UUID when inserting buckets
doc: add API instructions for creating instances
doc: add API instructions for running commands in instances
doc: add API instructions for accessing files in instances
doc: clean up API instructions for configuring instances
doc: clean up API instructions for managing instances
doc: add API instructions for accessing the console
doc: add API instructions for adding a routed NIC
doc: add API instructions for backing up instances
doc: add API instructions for troubleshooting instances
shared/validate: Add validator to check a unit for multiples of x
lxd/resources/storage: Add GetDisksByID function
lxd/device/config: Add DefaultVMPowerFlexBlockFilesystemSize constant
doc: add API instructions for profiles
doc: add some API instructions for cloud-init
doc: exempt keyboard keys from the spelling check
shared/api/instance: add InstanceUEFI type
lxd/instance/drivers/uefi/uefi: add package
lxd/instance/instance_interface: extend with UEFIVarsRead/UEFIVarsUpdate
lxd/instances: introduce new API handles /1.0/instances/{name}/uefi-vars
api: add a new extension “instances_uefi_vars”
lxc/config: support a new CLI subcommand “lxc config uefi …”
doc: run make update-api
doc/internals: add information about UEFI variables
i18n: make i18n
lxd/storage/drivers/powerflex: Add PowerFlex storage driver
lxd/storage: Add PowerFlex driver to common volume rules
metadata: Add PowerFlex pool and volume config
doc: Add PowerFlex terms to the wordlist
doc: Add Dell PowerFlex driver info
README: fix link to translations on Weblate
lxd/instance/qemu: No size.state checks at startup needed
doc/requirements: ZFS 2.1 or higher is required
lxd/storage/drivers/powerflex: Fix function docstrings
doc/getting started: update how to access the UI
lxd/storage/drivers/powerflex: By default set powerflex.clone_copy=true
metadata: Update default value for powerflex.clone_copy
auth/oidc: Ensure the default config expiry interval is set.
lxd/network/acl: Avoid nested DB transactions
lxd: Fix linter errors
lxd: Use one transaction for updating storage volumes
lxd: Use expanded cert fingerprint in authorizer check
lxd: Check certificate view permission directly in handler.
lxd/request: Add a generic methods for getting and setting context values.
lxd/request: Adds an effective project name context key.
lxd/images: Perform access control after fingerprint expansion
lxd/auth: Get correct project name in CheckPermission.
lxd/auth: Allow for effective projects when listing resources.
lxd: Set effective project when listing project resources.
test/suites: Ensure restricted clients can list inherited resources.
lxd/instance/drivers/qemu: Revert linter fix
lxd/storage/backend_lxd: Don’t instantiate a new volume if existent during migration
lxd/storage/drivers/generic: Use VolumeCopy for genericVFSMigrateVolume
lxd/storage/drivers/zfs: Pass VolumeCopy for genericVFSMigrateVolume
lxd/storage/drivers/powerflex: Pass VolumeCopy for genericVFSMigrateVolume
lxd/storage/drivers/lvm: Pass VolumeCopy for genericVFSMigrateVolume
lxd/storage/drivers/dir: Pass VolumeCopy for genericVFSMigrateVolume
lxd/storage/drivers/cephfs: Pass VolumeCopy for genericVFSMigrateVolume
lxd/storage/drivers/ceph: Pass VolumeCopy for genericVFSMigrateVolume
lxd/storage/drivers/btrfs: Pass VolumeCopy for genericVFSMigrateVolume
doc/storage: language fixes to powerflex config options
doc/storage: add volatile.uuid to powerflex documentation
metadata: generate config option metadata
doc/storage: small fixes to PowerFlex documentation
Updates following changes to the LXD Grafana dashboard which now includes Loki. Split observability howtos in 3 (Prometheus, Loki and Grafana) Created Loki including info on labels as per How to set labels for Loki?. Updated Grafana screenshots to the latest to fix #12587
scripts/bash/lxd-client: add bash completion for lxc config uefi
doc/images: add API instructions for managing images
doc/images: add API instructions for associating profiles
doc/images: add API instructions for copying and importing images
doc/images: add API instructions for creating images
doc/images: clarify that remote image servers are CLI only
lxd/rsync: Merge sendSetup and Send functions
lxd/rsync: Add description of cleanup function to RunWrappers
doc/images: minify .png
doc/contributing: mention that SVG and small PNGs are preferred
doc: add TinyPNG to wordlist
test/main: add log grouping (GHA)
test/main: show dmesg on failure
github: capture dmesg if setting up microceph fails
lxd/storage/drivers: Always use default block.filesysem for VM volumes
lxd/db/networks: Differentiate not found errors from other errors in GetNetworkWithInterface
lxd/networks/utils: Don’t log not found errors in networkAutoAttach
lxd/devices: Log the device concerning the error from networkAutoAttach
lxd/patches: Remove VM block vols from patchStorageUnsetInvalidBlockSettings
lxd/storage/drivers/ceph: Don’t unset the block.* settings for VMs
lxd/storage/drivers/lvm: Don’t unset the block.* settings for VMs
lxd/storage/drivers/powerflex: Don’t unset the block.* settings for VMs
lxd/api/internal: Fix issues with device overrides during import in internalImportFromBackup
lxd/api/internal: Use correct quoting for error in internalImportFromBackup
lxd/db/cluster/devices: Use correct string quoting of device type for error in NewDeviceType
lxd/instances/post: Improve error in createFromBackup
lxd/storage/backend/lxd: Update backup.yaml after instance and volume DB records have been generated in CreateInstanceFromBackup
lxd/backup/backup/config/utils: Removes unused OverrideConfigYamlFile function
lxd: Move ExpandInstanceConfig and ExpandInstanceDevices from lxd/db to lxd/instance/instancetype package
lxd: Removes duplicate implementation of ExpandInstanceConfig and ExpandInstanceDevices
incusd/instance/qemu: Cap hotplug CPU slots to 64
shared/subprocess: Improve error handling
incusd/instance/qemu: Improve error handling
github: Connect mount-observe to microceph
lxd/endpoints/network/util/test: Remove incus references in Test_networkServerErrorLogWriter_shouldDiscard
lxd/instance/uefi/vars: Check if VM is running earlier to prevent etag errors
doc/images: quote command containing asterisk
lxd/storage/backend_lxd: Pass right volume name when refreshing custom volumes
client/lxd/instances: Adds API extension check for device override on import
test: Updates container devices nic bridged tests with import time device override
lxd/instance/drivers/driver/qemu: Initialise NVRAM if missing when UEFIVars is called
doc/howto/benchmark_performance: prepare for lxd-benchmark removal from snap
github: build lxd-benchmark binaries and upload as artifacts
lxd/db/cluster: Fix query for profile URLs by project name.
lxd/db/cluster: Fix comment for storage bucket URL query.
lxd/db/cluster: Add missing database entity types.
lxd/db/cluster: Add queries for generating URLs for new entity types.
lxd/db/cluster: Account for server entities in GetEntityURL functions.
api: Adds instances_migration_stateful API extension.
lxd/cluster/config: introduce the instances.migration.stateful to enable a default migration.stateful value for all created VM instances
lxd/instance/instancetype: Update defaultdesc of migration.stateful
lxd/db/cluster: Remove call to PrepareStmts in schema update test.
lxd: Make instances take a default migration.stateful parameter
lxdmetadata: update metadata
doc: mentioning that setting size.state is not necessary for an instance living on a shared storage pool
doc: update the documentation to mention the new default behaviour of migration.stateful
github: exit on error in microceph setup step
test/main: don’t wrap tests logs in log groups
github: switch to canonical/has-signed-canonical-cla@main
doc/requirements: add link anchor for lxc
doc/installing: point to requirements-lxc for liblxc min version
doc/installing: update note about LXC_DEVEL now that LP: #2039873 is fixed
lxd/apparmor/pyuefivars: allow reading bin/ directory
api: add a new extension container_syscall_filtering_allow_deny
test: Increase minio storage bucket test file size to 5MB
lxd: Correctly return authentication error.
shared/api: Add lifecycle events for identity create/update.
lxd/lifecycle: Add lifecycle actions for identity create/update.
lxd: Add internal endpoint for identity cache refresh.
lxd: Notify cluster members of new or updated identities.
lxc: Remove unnecessary client import alias.
doc/instances: clarify how to override device options during creation
lxd: Use internal endpoint to refresh cache on certificate change.
doc/api: pin Swagger version
Minimum Go version 1.21
gomod: Update depdendencies
api: Adds authorization_apis API extension.
shared/entity: Add identity, auth group and IDP group entity types.
lxd/db/cluster: Add schema update for auth APIs.
lxd/db/cluster: Run make update-schema.
lxd/db/cluster: Add database types for groups and permissions.
lxd/db/cluster: Runs make update-schema.
shared/api: Adds auth API types.
lxd/db/cluster: Adds database methods for auth groups.
lxd/db/cluster: Adds methods for populating api.IdentityInfo data.
lxd/db/cluster: Adds methods for populating api.IdentityProviderGroup data.
lxd/db/cluster: Adds methods for populating api.PermissionInfo data.
lxd/db/cluster: Add auth types to EntityType scanner/valuer implementation.
lxd/db/cluster: Add queries for generating URLs for new entity types.
lxd/db/cluster: Export the EntityRef type.
lxd/db/cluster: Add queries and methods for resolving entity URLs to IDs.
lxd/db/cluster: Update tests for entity queries.
lxd/identity: Adds groups and IDP groups to identity cache.
lxd: Update calls to (*identity.Cache).ReplaceAll in tests.
lxd: Update identity cache refresh handlers to include groups.
lxd/auth: Add function to validate an authentication method.
lxd/auth: Update Entitlement validation.
lxd/auth: Add can_view_permissions entitlement to server.
shared/api: Define lifecycle events for auth groups and IDP groups.
lxd/lifecycle: Define lifecycle event actions for auth and IDP groups.
lxd: Add the identities API handlers.
lxd: Add APIs for auth groups.
lxd: Add APIs for identity provider groups.
lxd: Add the permissions handler.
doc: Runs make update-api.
client: Add client methods for auth APIs.
shared/entity: Export (entity.Type).RequiresProject method.
lxc/auth: Add authorization commands to CLI.
i18n: Runs make i18n.
test/suites: Adds authorization test.
lxd/db: Don’t propagate expected errors
Makefile: Switch back to using go mod tidy for min go version checking at 1.21
Update minimum Go version to 1.21.5 to accomodate forthcoming openfga package
github: Update workflows to enforce min Go as 1.21.5
gomod: Update dependencies
lxd/db/cluster: Clarify comment and SQL queries.
lxd/instance/drivers/driver/qemu: Don’t leak file descriptor when probing for Direct I/O support
lxd/db/cluster: Add columns to identities table for auditing.
lxd/device/disk: Remove config.iso file when the cloud-init:config disk device is removed
lxd/db/cluster: Runs make update-schema.
lxd/auth/oidc: Remove config refresh interval from options.
lxd/auth/oidc: Add a httpClientFunc field to the oidc verifier.
lxd/auth/oidc: Get a new HTTP client when refreshing configuration.
api: Rename authorization_apis extension to access_management.
shared/api: Update API extension for auth API types.
client: Update API extension checks for auth APIs.
doc: Add OpenFGA to wordlist.
doc/howto/migrate_from_lxc: 5.0 is the last LTS release shipping lxd.lxc-to-lxd
github: wait longer before retrying to download go-tip
github: don’t test against go-tip on push events
lxd/auth/oidc: Export a method to expire the relying party config.
lxd: Pass a HTTP client func into NewVerifier.
lxd: Expire OIDC verifier config on proxy setting change.
lxd/storage/backend_lxd: Pass custom storage volume snapshots in the right order
lxd/db/cluster: Fix query for storage volume snaphot.
incusd/images: Fix potential race condition
lxd/images: Add project to error in autoSyncImages
lxd/images: Use context in autoSyncImages
lxd/images: Adds ctx arg to imageSyncBetweenNodes
lxd/device: Annotate the pci device config options
lxdmetadata: update metadata
doc/pcidevice: include automatic config options in the docs
lxd/project/project: Remove optimisation from StorageVolumeProject
lxd/storage/volumes: Use request context where appropriate
lxd/storage/volumes/backup: Use request context where appropriate
lxd/storage/volumes/snapshot: Use request context where appropriate
lxd/storage/volumes/snapshot: Use shutdown context where appropriate
lxd/storage/volumes: Standardise project name and request project name variables
lxd/storage/volumes/backup: Standardise project name and request project name variables
lxd/storage/volumes/snapshot: Standardise project name and request project name variables
lxd/storage/volumes/state: Standardise project name and request project name variables
github: add codeql config to run on PRs
github: stop monitoring C/C++ with CodeQL as it’s not buildable
github: use more stringent ruleset with CodeQL
Revert “github: use more stringent ruleset with CodeQL”
lxd/storage: remove reference to “ceph.osd.force_reuse”
build(deps): bump github.com/osrg/gobgp/v3 from 3.23.0 to 3.24.0
build(deps): bump github.com/minio/minio-go/v7 from 7.0.67 to 7.0.68
build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0
lxd/storage/volumes: Remove unnecessary 2 line variable definition in doCustomVolumeRefresh
lxd/storage/volumes: Remove unnecessary 2 line variable definition in doVolumeCreateOrCopy
lxd/storage/volumes: Validate source project in doCustomVolumeRefresh
lxd/storage/volumes: Validate source project in doVolumeCreateOrCopy
lxd/migration: Accept offered rsync features for BLOCK_AND_RSYNC
lxd: Fix entitlement for group list request.
lxd/db/cluster: Check for sql.ErrNoRows in correct place.
lxd/db/cluster: Remove permissions table.
lxd/db/cluster: Runs make-update-schema.
lxd/db/cluster: Delete generated permission queries/methods.
lxd/db/cluster: Add GroupID field to Permission.
lxd/db/cluster: Remove AuthGroupsByPermissionIDs method.
lxd/db/cluster: Update GetPermissionEntityURLs method.
lxd/db/cluster: Refactor auth group DB methods for schema change.
lxd: Refactor upsertPermissions to use new db methods.
lxd: Refactor auth group handlers to use new db methods.
lxd: Refactor permissions handler to use new db methods.
Revert “lxd/migration: Accept offered rsync features for BLOCK_AND_RSYNC”
github: Whitespace
github: Pin minio to RELEASE.2024-02-24T17-11-14Z
lxd/db/cluster: Add SQL triggers for deletion of each entity type.
lxd/db/cluster: Add an ApplyTriggers function.
lxd/db/cluster: Apply triggers when cluster DB is opened.
lxd/migration: Accept offered rsync features for BLOCK_AND_RSYNC
lxd/util: Rename ‘node’ to ‘cluster member’.
lxd/db/cluster: Remove redunant parentheses.
lxd/db/cluster: Rename “node” to “cluster member”.
lxd/db/cluster: Update error messages in unit tests.
test/suites: Check that permissions are deleted when entity is deleted.
lxd/instance/drivers/lxc: Remove LXD 3.7 rsync feature exception
lxd/db/cluster: Fix IdP group query.
lxd/db/cluster: Fix error messages when setting an identity’s groups.
lxd/db/cluster: Update query for setting an identity’s groups.
lxc: Fix info message when an IdP group is deleted.
i18n: Updates translations.
.github/workflows: Use latest minio
Set minimum Go version to 1.22.0 to accomodate OpenFGA.
workflows: Remove go1.21.x from strategy matrix.
workflows: Set minimum Go version to 1.22.0 to accomodate OpenFGA.
doc: Set minimum Go version to 1.22.0.
test/lint: Disable licence check.
github: on push events, don’t include additional tests to the matrix
lxd/instance: Reject limits.kernel config for VMs
doc: limits.kernel only applies to containers (see #12874)
github: Restore testing latest stable version of go rather than go tip
lxd-metadata: Support ‘compressed expression’ in entities list
lxd/device: Annotate unix-{char,block,hotplug,usb} devices config options
lxdmetadata: update metadata
doc/unixdevice: include automatic config options in the docs
lxd-metadata: Support ‘compressed expression’ in entities list
lxd/device: Annotate the gpu device config options
lxdmetadata: update metadata
doc/gpudevice: include automatic config options in the docs
doc/devices/gpu: reference options
lxd/device: Annotate the tpm device config options
lxdmetadata: update metadata
doc/tpmdevice: include automatic config options in the docs
github: Removes downloading go tip as not needed
lxd/storage/backend/lxd: Use volume name from the database in RefreshCustomVolume and CreateCustomVolumeFromCopy
lxd/db/cluster: Actually swap argument order in SQL statement.
lxd/instance/drivers/qemu: Use a pointer for tracking operations
lxd/device: Annotate the disk devices
lxdmetadata: update metadata
doc/diskdevice: include automatic config options in the docs
doc: replace references to config options
lxd/migrate/storage/volumes: Use volume name from DB in migrationSourceWs.DoStorage
lxd/device: Annotate the nic devices
lxdmetadata: update metadata
doc/nicdevice: include automatic config opptions in the docs
doc/devices/disk: update reference file
shared/api: Update identities field of AuthGroup.
shared/api: Include groups in the identity API type.
shared/api: Add effective groups and permissions to IdentityInfo.
lxd/db/cluster: Update AuthGroup.ToAPI to return identity map.
lxd/db/cluster: Update Identity.ToAPIInfo method.
lxd: Return identity map when listing groups.
lxd: Remove recursion=2 from GET /1.0/identities.
lxd: Update calls to Identity.ToAPI.
lxd/db/cluster: Don’t return dangling permissions (log a warning).
lxd: Update call to GetPermissionEntityURLs.
lxd/db/cluster: Add function to get all LXD groups from IDP groups.
lxd/db/cluster: Add function to get distinct permissions from list of group names.
lxd: Adds handler for getting the current identity.
lxd: Call current identity handler on GET /1.0/auth/identities/current.
client: Update client for modified identities endpoints.
client: Update client for modified identities endpoints.
lxc: Update client call when listing identities.
lxc: Add ‘info’ command to lxc auth identity.
test/suites: Test the ‘lxc auth identity info’ command.
i18n: Update translations.
doc: Runs make update-api.
lxd/device: Annotate the infiniband device config options
lxdmetadata: update metadata
doc/infinibanddevice: include automatic config options in the docs
lxd/db/cluster: Filter out identities and idp groups we can’t view.
lxd/db/cluster: Filter out groups we can’t view.
lxd/db/cluster: Filter out groups we can’t view.
lxd/auth: Add entitlements for IdP groups.
lxd: Filter out identities and IdP groups we can’t see from groups API.
lxd: Use fine-grained permissions for IdP groups.
lxd: Filter out groups and IdP groups we can’t view from IdP groups API.
lxd: Filter out groups we can’t view from identities API.
lxd/network/acl: Change protocol field for ovn logs
shared/api: Unembed instance Put from Get entity
shared/api: Unembed instance snapshot Put from Get entity
shared/api: Unembed project Put from Get entity
shared/api: Unembed profile Put from Get entity
shared/api: Unembed image Put from Get entity
shared/api: Unembed warning Put from Get entity
shared/api: Unembed cluster member Put from Get entity
shared/api: Unembed storage_pool Put from Get entity
shared/api: Unembed network Put from Get entity
shared/api: Unembed certificate Put from Get entity
shared/api: Unembed auth Put from Get entities
shared: Update cerificate api entrity
shared/filter: Update api entities
lxd/cluster/connect: Update references to certificate entity fields
lxd/db/cluster/auth_groups: Remove trailing spaces from SQL queries
lxd/db/cluster/identities: Remove trailing spaces from SQL queries
lxd/db/cluster/identity_provider_groups: Remove trailing spaces from SQL queries
lxd/db/cluster/*: Update fileds of api entites
lxd/db/cluster: Update fileds of api entites
lxd/db/network_acls: Accept non-pointer api struct in network acl update function
lxd/db/network_acls: Update references to network acl entity fields
lxd/db/network_forwards: Accept non-pointer api struct in network forward update function
lxd/db/network_load_balancer: Accept non-pointer api struct in network load balancer update function
lxd/db/network_peer: Accept non-pointer api struct in network peer update function
lxd/db/storage_buckets: Accept non-pointer api structs in update functions
lxd/project/permissions: Update reference to instance entity fields
lxd/instance/drivers: Update references to instance snapshot entity fields
lxd/instances_post: Update references to instance entity fields
lxd/patches: Update fields of api entities
lxd/profiles: Update references to profile entity fields
lxd/api_internal_test: Update references to profile entity fields
lxd/api_cluster: Update fields of api entities
lxd/api_internal_recover: Update fields of storage pool api entities
lxd/storage/backend_lxd: Update references to storage_pool entity fields
lxd/network/*: Update references to network entity fields
lxd/auth_groups: Update fields of api entities
lxd/identities: Update fields of api entities
lxd/certificates: Update certificate post struct
lxd-user/lxd: Update certificate post struct
lxc: Update fields of api entities
i18n: Update translations
doc: Update api definition
lxd/migration/volumes: Revert adding rsync features for BLOCK_AND_RSYNC
lxd/storage/drivers/ceph: Rename copyWithSnapshots to copyVolumeDiff
lxd/storage/drivers/ceph: Add findLastCommonSnapshotIndex function
lxd/storage/drivers/ceph: Add restoreVolume to skip a VM’s filesytem volume
lxd/storage/drivers/ceph: Add optimized volume refresh
lxd/migration/protobuf: Add RBD_AND_RSYNC migration type
lxd/migration/volumes: Support exchanging RBD_AND_RSYNC migration type
lxd/migration/volumes: Append rsync features for RBD_AND_RSYNC type
lxd/storage/drivers/generic: Allow RBD_AND_RSYNC type to use the generic migration
lxd/instance/drivers/lxc: Indicate multi sync for RBD_AND_RSYNC
lxd/storage/drivers/ceph: Add optimized volume refresh for migration
lxd/storage/drivers/ceph: Allow RBD migration type for volume refreshes
doc: Update Ceph RBD support for optimized refresh
lxd/network: Annotate the sriov network
lxdmetadata: update metadata
doc/sriov_network: include automatic config options in the docs
lxd/storage/drivers/ceph: Use fixed size slices to improve performance
lxd/storage/drivers/ceph: Clarify snapshot refresh behavior
lxd/storage/drivers/ceph: Add RBD block copy and transfer log messages
lxd/device: Annotate proxy device config options
lxdmetadata: update metadata
doc/proxydevice: include automatic config options in the docs
lxd/network: Annotate the macvlan network
lxdmetadata: update metadata
doc/macvlan_network: include automatic config options in the docs
api: Add vm_disk_io_limits extension
lxd/drivers/qmp: Add SetBlockThrottle
lxd/device/disk/config: Add DiskLimits
lxd/device/disk: Re-shuffle limit parsing
lxd/device/disk: Add disk limits on VMs
lxd/device/disk: Support live limits update for VMs
lxd/instance/qemu: Support disk I/O limits
lxd/auth: Adds util for checking authorization errors.
lxd/project: Update auth error code check.
lxd: Update error code checks on calls to CheckPermission.
lxd/identity: Update AuthenticationMethodFromIdentityType method.
lxd/identity: Add method to get IDP group mappings from the cache.
lxd/network: Annotate bridge network
lxdmetadata: update metadata
doc/bridge_network: include automatic config options in the docs
lxd/network: Annotate physical network
lxdmetadata: update metadata
doc/physical_network: include automatic config options in the docs
lxd/instance: Annotate instance properties
lxdmetadata: update metadata
doc/instance_properties: include automatic config options in the docs
lxd/network: Annotate ovn network
lxdmetadata: update metadata
doc/ovn_network: include automatic config options in the docs
build(deps): bump github.com/go-jose/go-jose/v3 in /test/mini-oidc
build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.2 to 3.0.3
lxd/project: Update FilterUsedBy function.
lxd: Move calls to FilterUsedBy out of transactions.
lxd: Simplify project used-by function.
lxd: Filter project used-by field by what the user can view.
lxd: Filter network ACL used-by field by what the user can view.
lxd: Filter network peer used-by field by what the user can view.
lxd: Filter network zone used-by field by what the user can view.
lxd/db/cluster: Add a method to get a single entity reference from a URL.
gomod: Add OpenFGA dependencies.
lxd/db: Adds the OpenFGA datastore implementation.
lxd/auth: Add the OpenFGA model.
lxd/auth: Add identity provider groups to request details.
lxd/auth: Update requestDetails method.
lxd/auth: Add the embedded OpenFGA authorization driver.
lxd: Load the embedded OpenFGA driver by default.
test: Add a util for getting the fingerprint from a certificate.
test/suites: Add tests for fine-grained authorization.
Makefile: Exclude dependency from spec generation.
lxd/auth: Fix comments.
lxd/storage/drivers/powerflex: Unmap the volume before performing resize
lxd/db/cluster: Clarify placeholder argument.
lxd/db: Clarify ‘user’ in openfga context.
lxd/db: Improve not found error handling.
lxd/seccomp/seccomp: Fix incorrect conversion from uint32 to int in FindTGID
lxd/instance/drivers/driver/qemu: Fix incorrect conversion of uint32 to int in acquireVsockID
lxd/network/network/utils: Fix incorrect conversion from int64 to int in inRoutingTable
lxd/util/net: Update CanonicalNetworkAddress and CanonicalNetworkAddressFromAddressAndPort to use platform agnostic int64 for port
lxd/main/init: Update usage of CanonicalNetworkAddressFromAddressAndPort and CanonicalNetworkAddress
lxd/storage/drivers/ceph: Send the actual block vol when migrating snapshot
lxd/network/network/utils: Remove unnecessary call to fmt.Sprintf by passing base to ParseInt
gomod: Dependency updates
lxd/storage_volumes.go: add all-projects paremeter
doc: run make update-api
lxd/response: Use SmartError if SyncResponse success=false
build(deps): bump github.com/go-acme/lego/v4 from 4.15.0 to 4.16.1
build(deps): bump github.com/minio/minio-go/v7 from 7.0.68 to 7.0.69
lxd/storage/drivers/ceph: Lock concurrent migrations
lxd/storage/drivers/driver/zfs/volumes: Fix error scoping in CreateVolumeFromCopy
lxd/storage/drivers/driver/zfs/volumes: Define send/receive channels together in CreateVolumeFromCopy
lxd/storage/drivers/driver/zfs/volumes: Kill sender if receiver fails in CreateVolumeFromCopy
lxd/storage/drivers/driver/zfs/volumes: Handle multi-line errors in CreateVolumeFromCopy
lxd/storage/drivers/driver/btrfs/volumes: Fix hang when btrfs receive fails in RefreshVolume
lxd/storage/drivers/driver/btrfs/volumes: Handle multi-line errors in RefreshVolume
lxd/storage/drivers/driver/zfs/volumes: Aligns RefreshVolume with BTRFS driver
lxd-agent: Indicate LTS in version output
shared/version: Include LTS flag in useragent
lxd/response: Fallback to error response after setting headers
lxd/storage/backend/lxd: Use volume name from VolumeDBGet in BackupCustomVolume
lxd/storage: Fix resize for pools with custom zfs.pool_name
github: Add support for 5.21-stable branch
github: Fix branches for 5.21 support
lxd/storage/drivers/driver/btrfs/volumes: Cleanup on failure in RefreshVolume
lxd/auth: Remove can_view_configuration entitlement.
lxd: Populate server config for can_edit on server.
lxd/auth: Decrease log verbosity on GET requests with can_edit.
test/suites: Remove can_view_configuration from expected permission list.
lxd/auth: Prevent project modifications
test/suites: Add test cases for project modification.
lxd: Add security headers and gzip compression for the /ui/ API route
update go dependencies
github: fix branch target name/version extraction logic
Github: Update Tests badge to use correct branch
lxd/device/nic_ovn: Only stop device if network is populated
client: Unset project when querying permissions.
lxc/copy.go: remove impossible condition
doc: update to the current version of the starter pack
doc: work around circular dependency
doc: change link colour for dark mode
doc/images/alias: fix CLI instructions for changing an alias
lxd/instance/drivers/driver/qemu: Restore 50MB tmpfs for lxd-agent as it will likely exceed 25MB
lxd/db/openfga: Strip whitespace
lxd/auth: Don’t build authorizer drivers into lxd-agent
doc/UI: reword status of the LXD UI
doc: install extra tools inside the environment
Makefile: consistently use pip

Downloads

The release tarballs can be found on our download page.

Binary builds are also available for:

Linux: snap install lxd
MacOS: brew install lxc
Windows: choco install lxc

tomp · March 14, 2024, 11:02am

LXD 5.21.0 LTS is now available in the new 5.21 LTS track in the snap channel 5.21/candidate (as well as latest/candidate) and will be rolled out to 5.21/stable and latest/stable channels soon.

Please refresh to the 5.21/* channels if you want switch to the new LTS series, as the latest/* channels will continue on to future feature releases (6.x) in the coming weeks.

xplora · March 19, 2024, 12:47pm

I tried to use this LXD new release, to experiment with cloud-init, the following is my experience:

I followed the Quick-start tutorial with LXD, it went well until, I issued cloud-init status --wait, it is running forever. cloud-init status returned status: running. It supposed to returned status: done

tomp · March 19, 2024, 1:36pm

This seems to be a duplicate of LXD with cloud-init status is forever running or say hanging lets discuss on the original thread. Thanks

tomp · March 20, 2024, 1:29pm

A video covering the highlights of the release is now available:

https://www.youtube.com/watch?v=0gjD0DJDD1M

Please also see the official blog post:

https://ubuntu.com/blog/lxd_5-21-0_lts

zacksiri · March 21, 2024, 5:21am

Wow, super happy with the progress of LXD development. OIDC looks really amazing. Also super happy to hear that canonical is almost ready with the image server.

I have a question for the LXD team. Would canonical ever consider providing a LXD OS? What I mean by this is basically when you boot up the VM instance or install the ISO you get LXD automatically setup and just get the API connectivity without any SSH to the machine.

I was talking to some people at https://www.talos.dev/ and it seems like it’s very possible for LXD to have something like this, where when you boot it up you simply manage the entire thing via API without having to do anything with the command line / through ssh.

The advantage to this is it’s 1 less layer to manage. Everything is managed inside containers. There are no apps to install / manage on the host. You initialize everything by passing parameters into cloud-init.

It’s also been done by CoreOS https://fedoraproject.org/coreos/

tomp · April 10, 2024, 7:07am

This release has been superseded by LXD 5.21.1 which is rolling out to 5.21/stable and latest/stable snap channels now.

mionaalex · April 10, 2024, 12:17pm

There was an Ubuntu appliance initiative a few years ago where we did create a LXD appliance that is to some extent similar to what you’re describing (still based on Ubuntu though), but there wasn’t much interest for that and we haven’t updated it in a long time. We don’t yet have any plans to do something like what you’re describing, but it seems like an interesting idea that we could think about in the future as the team grows.