LXD 5.21.0 LTS has been released

Introduction

The LXD team would like to announce the release of LXD 5.21.0 LTS!

This is our 5th LTS release. It has many new features and changes across all facets of LXD.

The changelog below is split so that both users of LXD 5.20 and LXD 5.0 can see what is new or changed.

As with all our other LTS releases, this one will be supported for 5 years (until June 2029) and will receive a number of bugfix and security point releases over that time.

As for LXD 5.0, we’ll be releasing one last bugfix release as 5.0.4 in the near future before we enter security-only maintenance mode for its remaining 3 years.

Thank you to everyone who contributed to this release!

A release highlights video is also available: https://www.youtube.com/watch?v=0gjD0DJDD1M

Change of version numbering scheme

Previously LXD has followed a version numbering scheme where an LTS release would start a new major version (e.g. 5.0) and each monthly feature release would build on that major version (e.g. 5.1 … 5.20). However, that seemed strange from the perspective of the LTS being an accumulation of all the work that has gone into the monthly releases over the past two years. This is why we decided to change the naming scheme to better reflect that.

Going forward, the last of the monthly releases in the two-year LTS cycle will become the next LTS, in this case, 5.21.0 (which will then have several point releases, 5.21.1 etc). Then, we restart the cycle with the first monthly release following the new major version number (e.g. 6.x). To avoid unexpected results for people who assumed the next LTS series would be 6.0.x we will not be releasing LXD 6.0, and the next feature release after this one will be LXD 6.1.

Documentation: Choose your release

Change of default snap track

The default snap track up until now been latest. So when doing snap install lxd you would be placed on the latest/stable feature release channel.

This has caused some unexpected problems with users that have advanced production setups involving dependencies on other tools who expected to be installing an LTS channel by default.

So with the 5.21.0 LTS release the default snap track will be changed to the latest LTS release, which is now 5.21, and so doing snap install lxd will place you onto the 5.21/stable channel.

It will require a conscious decision to refresh up to a later snap track, rather than being automatically enrolled onto the rolling latest feature version.

Documentation: How to manage the snap

Changes in minimum requirements

  • Go 1.22.0 or higher to build, only tested with the Golang compiler.
  • The minimum supported kernel version is 5.15, but older kernels should also work to some degree.
  • For containers, LXC 5.0.0 or higher with the following build options: apparmor (if using LXD’s AppArmor support) and seccomp.
  • For virtual machines, QEMU 6.2 or higher is required. Some features like Confidential Guest support require a more recent QEMU and kernel version.
  • libsqlite3 >= 3.37.2 (for dqlite)
  • ZFS support in kernel >= 2.1

Documentation: Requirements

Important note: Ubuntu users on 20.04/Focal need to first install the HWE kernel for ZFS to work with this release. Ubuntu users on older releases are advised to stay on the previous LTS (5.0) if they depend on ZFS.

Please also see Notes on upgrading when on Ubuntu 18.04 and 20.04.

Highlights since LXD 5.20

Fine grained authorization for OIDC users

As part of our ongoing work to modernise LXD’s identity and access management mechanisms, we have now added support for fine-grained authorization for OIDC authenticated users. It is now possible to define and restrict granular actions on specific LXD resources. For example, one could restrict a user to be able to view, but not edit, a single instance.

Users, groups and their permissions can now be managed using the the new lxc auth command (and associated APIs).

Important:
Prior to the addition of this extension, all OIDC clients were given full access to LXD (equivalent to Unix socket access). This extension revokes access to all OIDC clients. To regain access, a user must:

  1. Make a call to the OIDC enabled LXD remote (e.g. lxc info) to ensure that their OIDC identity is added to the LXD database.
  2. Create a group: lxc auth group create <group_name>
  3. Grant the group a suitable permission. As all OIDC clients prior to this extension have had full access to LXD, the corresponding permission is admin on server. To grant this permission to your group, run: lxc auth group permission add <group_name> server admin
  4. Add themselves to the group. To do this, run: lxc auth identity group add oidc/<email_address> <group_name>

Steps 2 to 4 above cannot be performed via OIDC authentication (because access has been revoked). They must be performed by a sufficiently privileged user, either via Unix socket or unrestricted TLS client certificate.

Documentation: Remote API authorization

LXD UI enabled by default in LXD snap

The LXD UI is now enabled by default in the LXD snap.
Although the external listener must still be enabled explicitly by setting core.https_address.

Documentation: How to access the LXD web UI

QEMU now built from Ubuntu source in LXD snap

Previously the LXD snap has provided QEMU built from upstream sources. Now the LXD snap is distributing QEMU built from Ubuntu’s QEMU sources. This is so LXD can benefit from patches that the Ubuntu Server team add to QEMU.

Dell PowerFlex storage driver

There are various enablement activities between Dell and Canonical as a part of our ongoing partnership. The latest of them is adding the ability for LXD to interface directly with its PowerFlex storage services in order to allow LXD instances and volumes to be stored on the platform. This offers an alternate remote storage option for enterprise use cases.

Due to its design, PowerFlex will be another LXD storage driver offering remote storage capabilities similar to the already existing implementation for Ceph RBD.

Documentation: Dell PowerFlex

Optimized block volume refresh for Ceph RBD

Previously when transferring a block volume to another pool or host, the initial transfer was done using the efficient rbd export-diff tool but subsequent refreshes were performed using a full block copy of all changed snapshots and the main volume itself. This was slow and inefficient.

Now a new migration extension has been added called RBD_AND_RSYNC which allows for compatible LXD servers to use rbd export-diff for efficiently transferring only the differences between the latest common snapshot and the remaining snapshots and main volume.

Transfers between older versions of LXD will fallback to using full block copy and rsync (BLOCK_AND_RSYNC).

Documentation: Optimized volume refresh

Device config override when importing instance backups

When using lxc import to restore instance backups it is now possible to specify the --device flag one or more times to override device configuration stored in the backup’s configuration when importing the instance into LXD. This is similar to how you can use the --device flag with lxc init or lxc launch to override device config being applied from the profile(s).

E.g.

lxc import c1.tar.gz --device eth0,ipv4.address=192.0.2.1

Documentation: Restore an instance from a restore file

Direct modification of VM UEFI variables (LXD snap only).

It is now possible to directly, and programmatically modify a VM’s UEFI variables using the new lxc config uefi command(s). This allows for customisation of the boot environment (such as customising the secure boot keys) without having to go into the VM’s UEFI firmware screen.

Documentation: UEFI variables for VMs

Removed Candid RBAC authentication support

Support for Canonical’s Candid RBAC service has been removed as it is in the process of being deprecated. LXD still supports external OpenID Connect and TLS certificates for authentication (see below for information on the new OpenID Connect functionality).

Removal of supplementary commands from the LXD snap

The lxd.migrate command that was provided as part of the LXD snap package has been removed.
This was used to migrate from earlier LXD installations that were installed using .deb packages. However it was causing confusion with the similarly named lxd-migrate tool which is provided to help transfer existing workloads into LXD.

Additionally the lxc-to-lxd and lxd-benchmark commands have also been removed from the LXD snap to reduce the size of the snap package.

Migrating from these earlier installations should now be done by way of the lxd.migrate and lxc-to-lxd commands provided in the 5.0/stable channel and then you can refresh up to later version of LXD.

The lxd-benchmark tool can be downloaded directly from the GitHub releases page.

Documentation:

MinIO server is removed from LXD snap

MinIO is used by LXD to provide local object storage (see below for more details). However as MinIO is AGPL-3.0 licensed it is not always appropriate for it to be included in the LXD snap package. As such it has now been removed. However an externally provided minio server and mc client binaries can still be used with the LXD snap for local object storage by setting the minio.path setting, e.g.

sudo snap set lxd minio.path=/usr/sbin
sudo systemctl reload snap.lxd.daemon

Documentation: Install requirements for local storage buckets

Removed deprecated offensive configuration keys

The security.syscalls.(black|white)list keys that were considered offensive and have previously been deprecated since LXD 4.4 have now been removed entirely. The security.syscalls.(allow|deny)list keys should be used instead.

Unembedded Go SDK client API PUT structs

Previously the Go SDK client API structs used when returning information about each entity in LXD via a GET request had the associated PUT request fields embedded inside it. However there were some cases where fields in the PUT request struct were not relevant for the associated GET request struct and were incorrectly being included there due to the embedding approach. We have now unembedded all Go API structs so that each request type has its own field set.

Highlights since LXD 5.0

In addition to the changes above, the following are new since LXD 5.0.

License change to AGPL-3.0

Canonical has decided to change the default contributions to the LXD project to AGPL-3.0 to align with our standard license for server-side code. All Canonical contributions have been relicensed and are now under AGPL-3.0. Community contributions remain under Apache 2.0. We follow the Software Freedom Law Center guidance in relation to this. Going forward, any contribution to LXD will be made under AGPL-3.0 by default. The author of a change remains the copyright holder of their code (no copyright assignment).

It is important to note this change does not prevent our users from using, modifying, or providing LXD-based software solutions, provided that they share the source code if they are modifying it and making it available to others. The conditions of the license are designed to encourage those looking to modify the software to contribute back to the project and the community.

The LXD Go and Python SDK client packages will remain Apache-2.0 licensed.

The LXD 5.0 LTS series will also remain Apache-2.0 licensed for its lifetime.

New release signing key

Since LXD 5.0 was released LXD has move under the Canonical organisation and this LTS series of LXD will be signed by Thomas Parrott, using this key .

VM LXD identifier serial device renamed to com.canonical.lxd

The ring-buffer serial device that is exposed to LXD VM guests, which is used by the lxd-agent to instruct it to start, as well as being used to indicate the agent’s run status back to LXD, has been renamed from org.linuxcontainers.lxd to com.canonical.lxd. To maintain compatibility with existing images that contain systemd units that check for the presence of the old serial device the old device is still present in the guest, however it is no longer used for indicating the agent’s run status to LXD.

Documentation: Rename LXD QEMU VM ring buffer to com.canonical.lxd

Load-balancers (OVN)

The concept of network load balancers to LXD has now been introduced.

Similar in concept to the existing network forwards feature, load-balancers differ in that a particular address or port can have multiple target with OVN handling load-balancing by hashing the source and destination addresses.

This is all handled through lxc network load-balancer command and is currently only for OVN networks.

Documentation: How to configure network load balancers

Object storage on Ceph and local storage pools

LXD now has support for object storage!

This is done by adding a whole new concept of storage buckets along with a dedicated command (lxc storage bucket) and APIs.

This allows LXD users to create new storage buckets, assign them a size limit and then manage access keys to that bucket. The bucket has its own URL with an S3 API.

For Ceph, we are using its rados gateway providing the S3 API.

For other storage drivers, we are using MinIO project which lets us offer an S3 compatible API directly from a local storage driver. Please note that this requires an externally provided minio server binary, by setting the minio.path setting.

Documentation: How to manage storage buckets and keys and Ceph Object storage driver

Loki support and OVN logs

LXD can now stream its log messages and lifecycle events over to a central Grafana Loki server.

In addition, it also has the ability to receive syslog messages via an optional syslog unixgram socket. This allows for OVN to be configured to send its logs into LXD.

This allows for viewing the OVN logs across all cluster members using the normal LXD API or CLI tooling, such as lxc monitor --pretty, and it also means they can be optionally passed into Loki via LXD’s existing integration.

Documentation: Loki configuration and Send OVN logs to LXD

ACME / Let’s Encrypt support

LXD can now automatically obtain its own certificates through any ACME compatible provider which supports HTTP based validation (HTTP-01 challenge).

The most well known such provider is Let’s Encrypt.

On the configuration side, this is done through a few new server configuration keys:

  • acme.ca_url
  • acme.domain
  • acme.email
  • acme.agree_tos

Most users will just need to set acme.domain and acme.agree_tos to set this up.

Documentation: ACME configuration

Instance placement scriptlet

Instance placement scriptlet was added enabling a better alternative to LXD’s default instance placement algorithms. Instead of the default behaviour of placing a new instance on which ever cluster member was hosting the fewest instances, this new feature allows users to make a more deliberate choice. Now users can provide a Starlark scriptlet that decides which cluster member to deploy the new instance on based on information about the new requested instance as well as a list of candidate cluster members. Importantly, while scriptlets are able to access certain information about the instance and the cluster, they cannot access any local data, hit the network or even perform complex time-consuming actions.

Documentation: Instance placement scriptlet

Block storage mode on ZFS pools

LXD now includes support for filesystem volumes backed by ZFS block-backed zvols, in addition to the ZFS dataset based filesystem volumes we’ve had for a long time. This is something that was requested by the community and is finally available to users. It results in an experience that’s very similar to LVM or Ceph but on the very capable ZFS storage backend. It can also be used to mix and match, having some specific containers or custom volumes use Zvol while the rest of the volumes use datasets.

This allows for containers to use filesystems such as ext4, btrfs, and xfs on top of a ZFS zvol.
Which can be beneficial in scenarios where the application you are running doesn’t support ZFS directly, such as when using overlayfs2 with Docker nested inside a LXD container.

Documentation: ZFS configuration options and Initial volume configuration for instance root disk devices

Fast live migration for virtual machines

This release enables a much-improved VM live migration process, eliminating much of the perceivable downtime. Previously, LXD relied on the stateful stop function, which is the ability to write all the running memory and CPU state to disk, then stop the virtual machine, move it to a new system and start it back up again from where it was using the stored state. The improved functionality, on the other hand, allows the source and target servers to communicate right from the start of the migration. This allows for performing any state transfer in the background directly to the target host while the VM is still running, then transferring any remaining disk changes as well as the memory through multiple iterations of the migration logic and finally cutting over to the target system.

Documentation: How to move existing LXD instances between servers

AMD SEV support for virtual machines

LXD now supports AMD SEV for memory encryption of virtual machines.

It’s controlled through a few new configuration keys:

  • security.sev
  • security.sev.es
  • security.sev.session.dh
  • security.sev.session.data

On compatible systems (AMD EPYC with firmware and kernel support enabled), setting security.sev to true will have the VM get its memory encrypted with a per-VM key handled by the firmware.

Systems supporting AMD SEV-ES can then turn on security.sev.es to also have the CPU state encrypted for extra security.

Lastly, LXD also supports feeding custom session keys which combined with LXD’s existing vTPM support can be used to ensure that the firmware is set up with those user provided keys and that the host operator doesn’t have any ability to tamper with the VM.

Documentation: Instance security options

OpenID Connect authentication

As part of a push to provide a more industry standard solution to authentication and authorization in LXD, we’ve begun the work by adding support for OpenID Connect for authentication.

This is configured through a few new configuration keys:

  • oidc.issuer
  • oidc.client.id
  • oidc.audience (only relevant for some providers)

LXD uses the Device Code flow for authentication with our CLI tool triggering the browser based authentication flow, then getting and storing the access and refresh tokens and providing those to LXD on all interactions.

Documentation: OpenID connect authentication

Cluster auto-healing

A commonly requested feature by those using LXD with Ceph and OVN, it’s now possible to have LXD automatically recover from a cluster member failure by effectively evacuating all instances to other systems.

This can only work with Ceph backed instances which don’t rely on any server-specific device or configuration.

This is controlled by a new cluster.healing_threshold which defines a number of seconds after which a cluster member is considered to be offline and its instances relocated.

Documentation: Automatic cluster evacuation

Non-UEFI support in LXD VMs (CSM)

LXD virtual machines have been designed to use a very modern machine definition from the start. This means a QEMU Q35 machine type combined with a UEFI firmware (EDK2) and even Secure Boot enabled by default.

While this works great for modern operating systems, this can be a problem when migrating existing physical or virtual machines into LXD as those machines may be using a legacy firmware (BIOS) and not be bootable under UEFI.

This can now be addressed by setting security.csm to true combined with disabling UEFI Secure Boot by setting security.secureboot to false. This switches QEMU to boot via Seabios directly rather than through EDK2.

For snap users the Seabios and EDK2 firmwares are bundled in the snap package.
For non-snap users it is possible to control the search path LXD uses for finding the firmwares by using the LXD_QEMU_FW_PATH environment variable.

Documentation: Security CSM and Server environment variables

ISO volumes

It is now possible to upload ISO image files as custom storage volumes.
These can then be attached to a virtual machine as a bootable CD disk allowing simplified installation of custom operating systems from a “library” of custom ISO volumes.

Documentation: Launch a VM that boots from an ISO

Shiftfs support has been removed

Following the removal of shiftfs from the Ubuntu kernel (from Mantic onwards) LXD has now also dropped support for shiftfs. The preferred way for container filesystems to have their UID/GID mappings be dynamically shifted is with idmapped mounts. In recent kernels this is now supported for ZFS and Cephfs filesystem (in addition to the long standing support for ext4, xfs and btrfs filesystem).

Complete changelog

Here is a complete list of all changes in this release:

Full commit list
  • doc/projects: clarify restricted.devices.disk
  • github: add Canonical CLA check
  • shared/version/api: ovn_ssl_config
  • lxd/cluster/config: Add OVN SSL config keys
  • doc: Update configs
  • lxd/network/openvswitch: Support OVN SSL config keys
  • shared/linux/memfd: Implement CreateMemfd
  • shared/linux/memfd: mark as being linux only
  • lxd/network/openvswitch: Port to memfd
  • lxd: Clarify restricted.containers.privilege config option
  • Update metadata
  • lxd/instance/drivers/qemu: make it clear that CCW devices (s390x) don’t have device bus nor bus address
  • lxd/storage/drivers/driver_zfs_utils: fix typos
  • lxd/storage/drivers/driver_zfs_utils: make it explicit that blocksize is in bytes
  • doc: clarify some wording around the license
  • lxc/move: Only use server-side move when dealing with a single server
  • doc: update lxd-sphinx-extensions to canonical-sphinx-extensions
  • doc: update webpage URL
  • doc: fix typo in CONTRIBUTING.md
  • doc/instances: correct the image server name in the example intro
  • lxd/instance/drivers/qemu: don’t try to enable the lxd-agent.service
  • doc/reference/devices_disk: document how to enable lxd-agent on old Ubuntu images
  • build(deps): bump actions/upload-artifact from 3 to 4
  • lxd/apparmor/instance_qemu: only allow QEMU system emulator
  • lxd/apparmor/instance_qemu: remove partial duplication of unix rule
  • build(deps): bump golang.org/x/crypto in /test/mini-oidc
  • build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0
  • doc/security: include info on privileged/unprivileged containers
  • doc: use proper SPDX identifiers for licenses
  • swagger: use proper SPDX identifier for license
  • doc/backup: improve linking between pages and mention --refresh
  • doc/cloud-init: mention that old Ubuntu images need some special handling for cloud-init
  • doc/security: link from security.privileged to container security section
  • doc/reference/devices_disk: document needed workaround for 16.04 and lxd-agent
  • doc: Add HWE to word list
  • doc: decode the objects.inv file
  • lxd/task/group: Make cancel type of context.CancelFunc for clarity
  • lxd/task/group: Remove unnecessary use of defer unlock calls in Add
  • lxd/task/group: Remove unnecessary use of defer unlock calls in Start
  • lxd/task/group: Remove unnecessary use of defer unlock calls in Stop
  • test/golangci: Handle some common upstream branch names
  • test/golangci: Better handle Github refs
  • test/golangci: Fetch GITHUB_BEFORE reference
  • doc: add sudo to set lxd ui.enable=true
  • lxd/task/group: Adds NewGroup function
  • lxd/task: NewGroup usage
  • lxd/daemon: Initialise task group using NewGroup
  • lxd/task/group: Remove unnecessary running nil check
  • doc: Add paragraph on how to delete images
  • test: Add exec exit code test
  • lxd/sys: handle apparmor unconfined profile mode appropriately
  • lxd/apparmor: allow confined services to receive required signals
  • lxd/sys: add comment clarifying AppArmor unconfined profile mode
  • lxd/rsync: Consistently compare files on nanosecond basis
  • test/suites/migration: Check for file contents after refresh
  • test/suites/migration: Check local and remote instance refreshes based on nanoseconds
  • shared/idmap: handle “both” idmappings in raw.idmap properly
  • doc: Clarify optimized volume refresh
  • test/suites/idmap: test “lxc file push” and raw.idmap config combo
  • Updates CONTRIBUTING file to describe licensing of some sub-packages and imports
  • License the Go client SDK and dependent shared packages as Apache-2.0
  • Add information about the client SDKs to the README.md file
  • lxd/response: Watch for liveness of the TCP connection for single file response
  • lxd/instance_post: Update comments in instancePostClusteringMigrate function
  • lxd/instance_post: Rename container to instance in instancePost function
  • lxd/instance_post: Prevent live migration of instances with custom volumes
  • lxd/instance/drivers/driver_lxc: Remove handling of limits.network.priority
  • lxd/devices: Remove handling of limits.network.priority on new network device
  • lxd/cgroup/abstractions: Remove unused SetNetIfPrio function
  • shared/instance: Remove instance config option limits.network.priority
  • scripts/bash/lxd-client: Remove limits.network.priority from container keys
  • Update documentation metadata
  • lxd/instance/qemu: Start using seabios as CSM firmware
  • idmap: Move from shared to lxd directory
  • fuidshift: Update usage of idmap package
  • lxd: Update usage of idmap package
  • shared: Update usage of idmap package
  • subprocess: Moves from shared into lxd directory
  • lxd: Update usage of subprocess package
  • instancewriter: Moves from shared to lxd directory
  • lxd: Updates usage of instancewriter package
  • instance.go: Moves from shared to instancetype directory
  • api: Add init_preseed_storage_volumes api extension
  • lxd/init: Add support for storage volumes in preseed init
  • doc: Update rest api and init sample config
  • lxc: Updates instancetype usage
  • lxd: Updates instancetype usage
  • linux: Moves from shared to lxd directory
  • lxc-to-lxd: Update usage of linux package
  • lxd: Updates usage of linux package
  • lxd-migrate: Update usage of linux package
  • revert: Moved from lxd to shared directory
  • lxd: Update usage of revert package
  • lxd-agent: Updates usage of revert package
  • lxd-migrate: Updates usage of revert package
  • lxd-user: Updates usage of revert package
  • shared: Updates usage of revert package
  • test: Add storage_volumes in init preseed
  • Makefile: Don’t use verbose go install call for non-lxd deps
  • tests: Add license check
  • test: Check client and shared packages do not use non-permissively licensed packages
  • doc: add paragraph on how to delete images
  • test/lint: Always fetch the target branch if it cannot be found.
  • shared/version/api: add metrics_instances_count
  • doc/api-extensions: document metrics_instances_count
  • driver_lxc: Include running state in metrics
  • driver_lxc: Check running state when retrieving metrics
  • driver_qemu: Add running state to metrics
  • metrics: Don’t require instance name for metrics filtering
  • metrics: Filter metrics by project only
  • metrics: Add container and VM count
  • test: Fix metrics tests
  • lxd/api_metrics: move the instance counting to metricsGet()
  • Makefile: stop pinning openfga/go-sdk
  • gomod: Update dependencies
  • mini-oidc: Implement user store
  • test/lint: Abort test if target revision can’t be found.
  • lxd/storage/drivers/ceph: Restore the filesystems UUID on the volume
  • lxd/lxd-metadata: now supporting multiple entities per comment
  • refactor: update cluster entity comments
  • refactor: update project entity comments
  • refactor: update server entity comments
  • refactor: update instance entity comments
  • refactor: update ‘server’ entity comments
  • lxd/storage_volume_snapshots: Use the snapshots.pattern option for manual snapshots
  • tests: Test that manual snapshots of custom storage volumes use the snapshots.pattern option
  • doc/api-extensions: security.devlxd applies to both containers and VMs
  • api: Add server instance type info api extension
  • shared/api/server: Add supported instance types in ServerEnvironment
  • lxd/api_1.0: Indicate supported instance types on server
  • doc/rest-api: Update api definition
  • tests: Add server info instance type test
  • README: remove extraneous empty lines
  • shared/simplestreams/products: Search only for lxd archives
  • lxc/config/file: Remove loading of images remote
  • lxc/config/default: Remove images remote
  • lxd-benchmark: Use image from ubuntu remote in description
  • test/suites/storage: Add check for UUID generation on restore
  • docs: Remove occurances of images remote
  • shared/api/image: Use ubuntu cloud url for remote example
  • shared/api/instance: Use ubuntu cloud url for remote example
  • shared/util_test.go: Update test data with ubuntu cloud url
  • doc: Regenerate rest-api.yaml
  • i18n: Update translations
  • lxd/storage: document common storage options
  • lxd/storage/btrfs: document btrfs config options
  • lxd/storage/ceph: document ceph config options
  • lxd/storage/cephfs: document cephfs config options
  • lxd/storage/cephobject: document cephobject config options
  • lxd/storage/lvm: document lvm config options
  • lxd/storage/zfs: document zfs config options
  • doc/storage: include automatic config options in the docs
  • doc/storage: replace references to config options
  • lxdmeta: update configuration.json and config_options.txt
  • lxd/instance/drivers/driver_qemu: force SeaBIOS CSM firmware instead of OVMF
  • README: add sections on recommended tools to manage LXD at scale
  • shared/api: Add Mounted status to disk/part info
  • lxd/resources: Check /proc/self/mountinfo for mounted status
  • lxc: Update CLI
  • doc: Update swagger
  • api: Add resources_disk_mounted api extension
  • po: Update i18n
  • instance/qemu: support extended firmware search algorithm
  • instance/qemu: rename ovmf mentions
  • instance/qemu: do some sanity checks around enabling security.csm
  • lxd/instance/drivers/driver_qemu: use bios-256k.bin instead of seabios.bin
  • doc: enable multiprocessing for pyspelling
  • Makefile: have run-parts report which script it runs
  • test/lint/golangci: simplify commit hash extraction
  • test/lint/golangci: remove duplicated --quiet argument
  • test/lint/golangci: faster/smaller clone unshallow’ing
  • test/lint/golangci: undo default branch guessing logic
  • doc: use all processors for spelling check
  • build(deps): bump actions/dependency-review-action from 3 to 4
  • test/lint: Treat GITHUB_BEFORE as a revision.
  • Add note about scrape_interval and update examples
  • lxd/auth/oidc: Adds constants for cookie names.
  • doc/metrics: fix indentation and wording
  • client/lxd_certificates: Replace HasExtension with CheckExtension
  • client/lxd_cluster: Replace HasExtension with CheckExtension
  • client/lxd_containers: Replace HasExtension with CheckExtension
  • client/lxd_images: Replace HasExtension with CheckExtension
  • lxd/auth/oidc: Adds methods to get/set cookies.
  • lxd/auth/oidc: Adds methods to set OIDC fields on Verifier.
  • lxd/auth/oidc: Request is OIDC if refresh cookie is present.
  • lxd/auth/oidc: Update callback handler.
  • lxd/auth/oidc: Update logout handler.
  • lxd/auth/oidc: Updates login handler.
  • lxd/auth/oidc: Adds method to authenticate ID tokens.
  • lxd/auth/oidc: Adds method to authenticate access tokens.
  • lxd/auth/oidc: Refactors Auth method to use new methods.
  • lxd/auth/oidc: Adds comments for exported methods on AuthError.
  • client/lxd_instances: Replace HasExtension with CheckExtension
  • client/lxd_instances: Fix typo in api extension check error message
  • client/lxd_network_acls: Replace HasExtension with CheckExtension
  • client/lxd_network_forwards: Replace HasExtension with CheckExtension
  • client/lxd_network_peer: Replace HasExtension with CheckExtension
  • client/lxd_network_zones: Replace HasExtension with CheckExtension
  • client/lxd_networks: Replace HasExtension with CheckExtension
  • client/lxd_projects: Replace HasExtension with CheckExtension
  • client/lxd_server: Replace HasExtension with CheckExtension
  • client/lxd_storage_buckets: Replace HasExtension with CheckExtension
  • client/lxd_storage_pools: Replace HasExtension with CheckExtension
  • client/lxd_storage_volumes: Replace HasExtension with CheckExtension
  • client/lxd_warnings: Replace HasExtension with CheckExtension
  • shared: Add helper for obtaining a CertInfo struct
  • lxd/endpoints: Return a copy of the network cert
  • lxc/cluster: update restore help text for --force
  • po: Update i18n
  • doc: add additional information to config option index
  • doc: speed up processing
  • github: Pin MinIO to the version before ServiceV2 API
  • lxd_metadata: Handle templating with a substitution database
  • Makefile: update lxd-metadata to use the substitution database
  • lxd-metadata: update metadata
  • lxd/storage/drivers/ceph: Restore the VM block filesystem volume too
  • lxd/storage/drivers/lvm: Restore the VM block filesystem volume for thin-pools too
  • github: Pin microceph to quincy edge
  • api: Add api extension server_version_lts
  • shared/version: Add boolean indicating whether this is an LTS release
  • shared/api/server: Add server lts indication in ServerEnvironment
  • lxd/api_1.0: Indicate lts version on server
  • lxc/version: Indicate LTS version of the client and/or server
  • lxd/main_version: Indicate lts version of the server
  • doc: Update rest definition
  • i18n: Update translations
  • lxd/storage_volumes: Properly target refreshes
  • lxd/storage_volumes: Use a single POST handler
  • github: the CLA check already exempts bots
  • github: exempts Apache-2.0 contributions from CLA signing
  • doc/installing: 5.0 is the last LTS release shipping lxd.migrate
  • test/lint: Fail if running locally and branch not present.
  • test/lint: Use the golangci-lint --whole-files flag.
  • Makefile: Removes unnecessary pin of github.com/mdlayher/socket@v0.4.1
  • gomod: Update dependencies
  • github: check DCO last as it fails on big PRs
  • golangci: Remove/update some overly-pedantic revive lint rules.
  • README: point to lxd-pkg-snap repo
  • doc/installing.md: update link to snapd install doc
  • doc: readthedocs now supports Go 1.21
  • lxd/storage/drivers/ceph: Double check the volumes content type
  • lxd/storage/drivers/ceph: Disable filesystem config keys on block volumes
  • lxd/storage/drivers/lvm: Disable filesystem config keys on block volumes
  • test: Add check to restore custom volumes of type block
  • lxd/storage/drivers/ceph: Update UnmountVolumeSnapshot docstring
  • github: consistently use set -eux in all script snippets
  • github: make sure bash is always invoked with -eo pipefail
  • github: merge building doc and printing warnings
  • Revert “github: Pin microceph to quincy edge”
  • github: workaround microceph busy disk issue by freeing the ephemeral disk early
  • lxd: Improve error check for existing certificates
  • lxd/cluster: Revert database setup if cluster join fails
  • lxd/cluster: Fix linter errors
  • lint: Exclude ‘deep-exit’ linter rule for cluster node removal
  • shared/api: Updates swagger description for certificate field.
  • shared/api: Fix lint errors (receiver-naming).
  • doc: Updates OpenAPI spec.
  • doc/requirements: bump minimum Go to 1.21
  • doc/requirements: bump min kernel to 5.15 and note that older kernels may work
  • doc/requirements: mention that SKBPRIO/QFQ qdiscs require 5.17+
  • doc/requirements: bump min LXC to 5.0.0
  • doc/requirements: bump min QEMU to 6.2 (same as Jammy)
  • doc/requirements: mention that newer QEMU/kernel are needed for Confidential Guest support
  • doc/requirements: bump min libsqlite3 to 3.37.2 (same as Jammy)
  • doc: add QFQ, qdisc, qdiscs and SKBPRIO to wordlist
  • doc: alpha sort the wordlist
  • lxd/auth/oidc: Add constants for session cookie and config refresh interval.
  • lxd/auth/oidc: Add fields for secure cookie handling.
  • lxd/auth/oidc: Initialise Verifier with fields for cookie encryption.
  • lxd/auth/oidc: Add method to get securecookie from session ID.
  • lxd/auth/oidc: Updates methods for getting and setting cookies.
  • lxd/auth/oidc: Updates calls to get or set cookies.
  • lxd/auth/oidc: Rotate the encryption key of the relying party.
  • lxd: Update calls to NewVerifier.
  • lxd/auth/oidc: Request is not OIDC if session cookie not present.
  • lxd: Fix lint error (revive: confusing-results).
  • lxd: Fix lint errors (var-naming).
  • lxd: Fix lint errors (revive: unchecked-type-assertion).
  • shared/api: Adds identity type constants.
  • lxd/db/cluster: Add schema update.
  • lxd/db/cluster: Add types for identities and identities_projects tables.
  • lxd/db/cluster: Runs make update-schema.
  • lxd/db/cluster: Removes generated certificate methods.
  • lxd/db/cluster: Updates certificate methods to call identity methods.
  • lxd/db/cluster: Adds test for schema update.
  • lxd/db/cluster: Fix lint error (revive: var-naming).
  • lxd/db/cluster: Update clustering test to select from identities table.
  • lxd/db: Update certificates test.
  • lxd/patches: Add patch to remove block.* settings from type block volumes
  • lxd/patches: Satisfy the linter
  • lxd: Remove Candid from list of supported authentication methods.
  • shared/simplestreams/products: Fix regression in parsing version files
  • shared/simplestreams/simplestreams: Improve error messages
  • lxd: Remove Candid and RBAC from config update logic.
  • lxd: Remove candid from http handlers.
  • lxd: Remove Candid and RBAC from daemon init logic.
  • lxd: Remove Candid verifier from daemon.
  • lxd/auth/candid: Remove Candid verifier logic.
  • lxd/auth: Remove RBAC authorization logic.
  • lxd/cluster/config: Remove RBAC and Candid config keys.
  • Runs make update-metadata
  • lxd: Remove candid from swagger doc.
  • shared/api: Update swagger example authentication methods.
  • doc: Runs make update-api.
  • client: Don’t set macaroon fields when using a target or project.
  • client: Do not use bakery client for HTTP requests.
  • client: Ignore candid auth type when connecting.
  • client: Remove bakery client.
  • lxd-migrate: Remove candid auth.
  • lxc/config: Remove candid from lxc remote helpers.
  • lxc: Remove candid --auth-type from lxc remote add.
  • shared/api: Remove candid authentication method const.
  • shared/version: Remove RBAC and Candid API extensions.
  • gomod: Runs go mod tidy.
  • i18n: Runs make i18n.
  • scripts/bash: Remove Candid and RBAC config keys from bash autocomplete.
  • test: Remove Candid and RBAC test suites.
  • test: Remove Candid and RBAC test helpers.
  • test/suites: Remove candid reference from server config test.
  • gitignore: Remove rbac test helper.
  • doc/howto: Replace candid with oidc in --auth-type example.
  • doc/howto: Remove RBAC from projects confine howto.
  • doc/explanation: Remove RBAC from projects explanation.
  • doc: Remove Candid and RBAC config options.
  • doc: Remove Candid and RBAC from authentication methods.
  • doc: Remove RBAC and Candid API extensions.
  • doc: Remove RBAC from wordlist.
  • test: Remove Candid dependencies from allowed client imports.
  • lxc/config: Fix lint error (revive: confusing-results).
  • lxd-migrate: Fix lint error (revive: receiver-naming).
  • lxd-migrate: Fix lint error (revive: exported).
  • lxd-migrate: Ignore lint error (revive: deep-exit).
  • lxd/auth: Ignore lint errors (revive: exported).
  • lxd/cluster/config: Fix lint errors (revive: confusing-results).
  • lxc/remote: Fix lint errors (revive: exported).
  • doc: additional options recommended for running Docker
  • github: run system-tests with LXD built with Go 1.21
  • github: run some system-tests with LXD built with Go 1.20
  • github: use matrix.go in Install Go section names
  • github: check compat with min Go version when compiling with 1.20.x
  • github: run code tests using Go 1.21.x
  • github: stop purging core20
  • github: purge disabled/superseded snaps
  • Revert “Makefile: Removes unnecessary pin of github.com/mdlayher/socket@v0.4.1
  • github: build all client binaries with Go 1.21
  • github: build doc with Go 1.21
  • github: build lxd-snapcraft with Go 1.21
  • github: hardcode Go version used with code-tests/documentation
  • gomod: Update dependencies
  • github: move snap removal to “Reclaim some space” step
  • github: put docker removal its own step
  • github: mask lxc{,-net}.service in a singe command
  • doc: update versioning scheme and snap channels
  • shared/auth: Adds common methods for identity types.
  • lxd/db/cluster: Remove IsRestricted method in favour of new shared/auth function.
  • lxd/identity: Add identity cache.
  • lxd/auth: Check for PKI authentication when getting request details.
  • lxd/auth: Check for PKI authentication in TLS authorizer.
  • lxd/auth: Update authorizers to use identity cache.
  • lxd/cluster: Update TLS check to use identity cache.
  • lxd/cluster: Update gateway to use identity cache.
  • lxd/cluster: Update cluster tests for identity cache.
  • lxd/project: Update project permission tests for identity cache.
  • lxd/db/cluster: Add methods to extract x509 certs from identity metadata.
  • lxd: Update daemon to use identity cache.
  • lxd: Update certificatesGet handler to use identityCache.
  • lxd: Pass identity cache into gateway handler funcs.
  • lxd: Move certificate cache update functions to new file.
  • lxd/instance/drivers/qemu: fix linting issues
  • lxd/instance/drivers/lxc: fix linting issues
  • lxd: Remove RBAC and Candid config keys (patch).
  • github: drop DCO check now that we have the DCO app enabled
  • doc: fix extraction of version number
  • lxd: Update cache refresh functions.
  • lxd: Rename cache update methods.
  • lxd/certificate: Remove certificate cache.
  • lxd: Fix lint errors (var-naming).
  • lxd/cluster: Fix lint error (var-declaration).
  • lxd/cluster: Refactor leader address logic (revive: defer).
  • lxd/cluster: Fix lint error (reduntant-import-alias).
  • lxd/cluster: Fix lint error (exported).
  • lxd/auth: Fix lint errors (missing comment).
  • lxd/auth/tls: Return falsy permission checker when client is restricted.
  • test/suites: Ensure we can still list storage pools when restricted.
  • doc: no need to sudo for snap info
  • test/suites: Ensure restricted certs cannot view storage pool config.
  • lxd/device/disk: Satisfy the linter
  • lxd/storage/backend_lxd: Satisfy the linter
  • lxd/storage/drivers/generic_vfs: Satisfy the linter
  • lxd/endpoints: Hide read errors from proxies
  • lxd/instance/drivers/qemu: do not check for size.state if shared storage is enabled for an instance
  • github: ask bug reporters to provide the list of relevant snaps
  • doc: clarify how to interact with different remotes through the API
  • doc/server: add API instructions for configuring the server
  • doc/server: add API instructions for authenticating
  • lxd/storage/drivers/generic_vfs: Return if the right file was found
  • lxd: Do not check for bakery discharged error.
  • lxd: Update comment to remove “macaroon”.
  • lxd: Update comments on LXD client.
  • lxd: Update comment on simplestreams client.
  • lxc: No need to save cookies on exit.
  • lxc: No need to remove cookie when removing a remote.
  • lxc/config: Remove cookie handling.
  • shared/api: Update comment on server auth methods.
  • shared/version: Remove macaroon_authentication API extension.
  • lxd/doc: Remove macaroon_authentication API extension.
  • gomod: Run go mod tidy.
  • test: Update client imports list.
  • Fix linter errors (revive: exported).
  • shared/api: Add OIDC client identity type.
  • lxd/db/cluster: Add integer db constant for OIDC client identity type.
  • lxc/cluster/config: Adds OIDC groups claim config option.
  • Runs make update-metdata.
  • lxd/auth/oidc: Add groups claim to verifier options.
  • lxd/auth/oidc: Request groups claim in OIDC scope if non-empty.
  • lxd/auth/oidc: Write the groups claim as a header.
  • lxd/auth/oidc: Add method to extract groups from custom claim.
  • lxd/auth/oidc: Return identity information from Auth method.
  • lxd: Pass groups claim into OIDC verifier on initialisation.
  • lxd: Instantiate new OIDC verifier on groups claim config change.
  • lxd: Update call to (*config.Config).OIDCServer.
  • client: Add custom claim to scope if header is set.
  • lxd/request: Add context keys and headers for identity provider groups.
  • lxd: Add new OIDC identities to identities table and refresh cache.
  • lxd: Add identity provider groups to the request context.
  • lxd/cluster: Forward identity provider groups to other members.
  • lxd: Extract identity provider groups from forwarded request header.
  • lxd/cluster: Fix lint error (revive: early-return).
  • test/suites: Test that OIDC identities are being added to the database.
  • lxd/auth/oidc: Use AuthError value, not reference.
  • lxd: Wrap OIDC error and inspect with errors.As.
  • test/lint: Temporarily remove --whole-files flag.
  • api: Adds oidc_groups_claim extension.
  • lxd: Fix lint errors (revive: exported).
  • lxd: Ignore lint error (revive: defer).
  • lxd/storage/drivers: Add VolumeCopy struct
  • shared/entity: Add entity type to shared.
  • shared/entity: Add tests for creating/parsing entity URLs.
  • lxd/db/cluster: Rewrite cluster.EntityType to use new entity.Type.
  • lxd/db/cluster: Remove cluster.URLToEntityType tests.
  • lxd/db/cluster: Remove references to EntityURI map from schema updates.
  • lxd/db/cluster: Update warnings to use cluster.EntityType.
  • lxd/db/cluster: Runs make update-schema.
  • lxd/db: Update GetURIFromEntity method.
  • lxd/db: GetURIFromEntity method should get storage volume location.
  • lxd/db: Update warning methods on Cluster to use entity.Type.
  • lxd/cluster: Update calls to warning db methods.
  • lxd/device: Update calls to warning db methods.
  • lxd/instance/drivers: Update calls to warning db methods.
  • lxd/network: Update calls to warning db methods.
  • lxd/storage: Update calls to warning db methods.
  • lxd/warnings: Update calls to warning db methods.
  • lxd: Update calls to warning db methods.
  • lxd: Update internal warning create handler to use entity.Type.
  • lxd: Update getWarningEntityURL method.
  • lxd: Update call to cluster.URLToEntityType.
  • lxd/project: Update call to cluster.URLToEntityType.
  • test/suites: Update warnings test to use string entity type.
  • lxd/device: Fix lint error (revive: exported).
  • lxd/device: Fix lint errors (revive: useless-break).
  • lxd/instance/drivers: Fix lint errors (revive: confusing-results).
  • lxd/network: Fix lint errors (revive: exported).
  • lxd/network: Fix lint errors (revive: comment-spacings).
  • lxd/project: Fix lint errors (revive: confusing-results).
  • lxd: Fix lint error (revive: unchecked-type-assertion).
  • lxd/loki: Replace complex backoff with simple loop
  • api: loki_config_instance
  • lxd/cluster/config: Add loki.instance
  • lxd/loki: Add support for overriding instance name
  • lxd: Add support for loki.instance
  • doc: Update configs
  • grafana: Add instance filters for Loki
  • lxd/loki: Fix variable shadowing
  • lxd/storage/drivers/interface: Change function signatures
  • lxd/storage/drivers/generic_vfs: Use updated snapshots slice
  • doc/devices/NIC: move section about nictype physical
  • lxd/db/cluster: Add OIDC metadata type and method to get subject.
  • lxd/identity: Add name and subject to identity cache.
  • lxd/identity: Add method to get identity by OIDC subject.
  • lxd/identity: Fix return value of Cache.Get.
  • lxd: Add name and subject to cache entries on update.
  • lxd/auth/oidc: Add identityCache to verifier.
  • lxd: Pass identity cache into NewVerifier.
  • lxd/auth/oidc: Add profile claim to scopes.
  • client: Add profile claim to scopes.
  • lxd/auth/oidc: Return name in authentication result.
  • lxd/auth/oidc: Check cache for subject; get details from /userinfo if missing.
  • lxd: Move handling of OIDC authentication result to new method.
  • client: Remove WithUnsecure from cookie handler options.
  • test/mini-oidc: Allow setting username and email address.
  • test/includes: Append second argument to oidc.user file if present.
  • test/suites: Update OIDC test suite.
  • lxd/storage/drivers/generic_vfs: Use VolumeCopy struct
  • lxd/storage/drivers/btrfs: Use updated driver interface
  • lxd/storage/drivers/ceph: Use updated driver interface
  • lxd/storage/drivers/cephfs: Use updated driver interface
  • lxd/storage/drivers/dir: Use updated driver interface
  • lxd/storage/drivers/lvm: Use updated driver interface
  • lxd/storage/drivers/zfs: Use updated driver interface
  • lxd/storage/drivers/common: Use updated driver interface
  • lxd/storage/drivers/mock: Use updated driver interface
  • github: build lxc and lxd-migrate binaries with trimpath
  • github: strip lxc and lxd-migrate native binaries
  • lxd/storage/backend_lxd: Update storage driver invocations
  • lxd/storage/backend_lxd: Don’t validate custom storage volumes twice
  • github: build lxc and lxd-migrate binaries with trimpath
  • doc: build lxc with trimpath and without debug info
  • github: use regex matching to purge disabled snaps
  • lxd/instance/drivers/qemu: Handle SELinux for LXD agent
  • doc/devices/NIC: add configuration examples
  • doc/devices/disk: move configuration examples to a separate section
  • lxd/entity: Moves shared/entity to lxd/entity.
  • lxd/storage/backend_lxd: Don’t use storage name when creating source snapshots
  • gomod: Update dependencies
  • github: ask dependabot to look after gomod updates on main
  • github: add labels when PRs target LTS branches
  • lxd/entity: Add types for server, image alias, and network zone.
  • lxd/entity: Add exception to ParseURL for TypeServer.
  • lxd/entity: Add standard URL generation methods.
  • lxd/identity: Moves identity methods from shared/auth to lxd/identity.
  • lxd/auth: Updates entitlement definitions and removes object types.
  • lxd/auth: Add methods to get and validate entitlements for entity types.
  • lxd/auth: Update Authorizer interface to use new types.
  • lxd/auth: Update TLS driver to use new types.
  • lxd: Update allowPermission function to use entity types.
  • lxd/db/operationtype: Update return type of (Type).Permission.
  • lxd/db/operationtype: Operation permissions should apply to the entity they are operating on.
  • lxd/operations: Update operations to use entity types.
  • lxd/project: Update project permission handling.
  • lxd/events: Update permission handling for events.
  • lxd: Update permission handling for metrics.
  • lxd/metrics: Update tests for metrics.
  • lxd: Update permission handling for server API.
  • lxd: Update permission handling for cluster API.
  • lxd: Update permission handling for internal endpoints.
  • lxd: Update permission handling for project APIs.
  • lxd: Update permission handling for certifcate API.
  • lxd: Update permission handling for events API.
  • lxd: Update permission handling for image and image alias APIs.
  • lxd: Update permission handling for instance APIs.
  • lxd: Update permission handling for network APIs.
  • lxd: Update permission handling for network ACLS.
  • lxd: Update permission handling for network zones.
  • lxd: Update permission handling for operations.
  • lxd: Update permission handling for profiles.
  • lxd: Update permission handling for server and storage pool resources.
  • lxd: Update permission handling for storage pools.
  • lxd: Update permission handling for storage volume APIs.
  • lxd: Update permission handling for storage bucket APIs.
  • lxd: Update permission handling for warnings.
  • lxd/storage/backend_lxd: Append the snapshots creation date
  • github: run tests with Go 1.22 (take #2)
  • github: run code-tests with 1.21 to avoid swagger crash
  • doc: Remove references to blocked community image server
  • meta/instance-types: Adds instance type preset files from Index of /meta/instance-types/
  • lxd/instance/instance/types: Use temporary hosting location of instance type preset files
  • lxd/migrate_storage_volumes: Send snapshot creation timestamp
  • lxd/migrate_storage_volumes: Compare snapshots on second based granularity
  • test: Check creation date of migrated snapshots
  • test: Check creation dates of local copied snapshots
  • test: Adapt the snapshot test to work with the present creation date
  • lxd-generate: Return helpful error instead of panicking.
  • api: Add storage_volatile_uuid extension
  • lxd/storage: Add volatile.uuid config key for volumes
  • metadata: Add volatile.uuid for volumes
  • lxd/storage/drivers: Add Volume’s parentUUID field
  • lxd/storage/backend_lxd: Block volume’s volatile.uuid from modification
  • lxd/storage/backend_lxd: Use quotes consistently for error messages
  • lxd/storage/utils: Always create volume DB entries with volatile.uuid
  • lxd/storage/backend_lxd: Set volume’s volatile.uuid for storage driver calls
  • lxd/storage/drivers/volume: Set the snapshots parent in NewVolumeCopy
  • lxd/storage/drivers/generic_vfs: Handle volatile.uuid for volume imports
  • lxd/storage/drivers/generic_vfs: Handle volatile.uuid for volume exports
  • lxd/storage/drivers/generic_vfs: Handle volatile.uuid for volume migration
  • lxd/patches: Set volatile.uuid for all volumes and snaphots
  • test: Pass the storage pool name into the snapshots suite
  • test: Add volume’s volatile.uuid checks
  • lxd: Move storage volume type definitions to cluster package.
  • doc/instances: update links to instance type lists
  • lxd/db/cluster: Add queries and methods for getting entity URLs.
  • lxd/db/cluster: Add test to ensure entity query validity.
  • lxd/db: Remove GetURIFromEntity method.
  • lxd/db: Update UpsertWarning method to use cluster.GetEntityURL.
  • lxd: Update getWarningEntityURL method to use cluster.GetEntityURL.
  • lxd/storage/s3/miniod: Add mc command shim
  • lxd/storage/s3/miniod: Update minio admin client usages
  • lxd/storage/s3/miniod: Update MinIO WaitReady
  • .github/workflows: Add mc to github workflows
  • .github/workflows: Use V2 minio server in tests
  • doc/howto: Add instructions for installing MinIO
  • go: Remove madmin package
  • doc/profiles: link to instance configuration
  • lxd/storage/drivers/zfs: Pass snapshots when copying
  • lxd/storage/drivers/ceph: Pass snapshots when copying
  • Add device parameter for importing instance command
  • test/lint/licenses: Check whole codebase for non-permissive imports
  • lxd/project: Don’t panic on StorageVolumeParts
  • lxd/storage/drivers/generic_vfs: Use VolumeCopy for genericVFSCopyVolume
  • lxd/storage/drivers/btrfs: Pass the CopyVolume struct to genericVFSCopyVolume
  • lxd/storage/drivers/ceph: Pass the CopyVolume struct to genericVFSCopyVolume
  • lxd/storage/drivers/dir: Pass the CopyVolume struct to genericVFSCopyVolume
  • lxd/storage/drivers/lvm: Pass the CopyVolume struct to genericVFSCopyVolume
  • lxd/storage/drivers/zfs: Pass the CopyVolume struct to genericVFSCopyVolume
  • Revert “lxd/entity: Moves shared/entity to lxd/entity.”
  • shared/entity: Fix imports from reverting moving the entity package.
  • lxd/storage/drivers/interface: Add HasVolumeSnapshots function
  • lxd/storage/drivers/common: Implement HasVolumeSnapshots
  • lxd/storage/drivers: Replace vol.SnapshotsMatch with driver.HasVolumeSnapshots
  • lxd/storage/drivers/volume: Remove SnapshotsMatch
  • lxd/instances_post: Override the imported volume’s UUIDs
  • github: remove more container runtimes
  • github: don’t abort on remount failures
  • lxd/storage/pool_interface: Remove deleteMissing from CheckInstanceBackupFileSnapshots
  • lxd/api_internal: Remove deleteMissing from CheckInstanceBackupFileSnapshots
  • lxd/storage/backend_mock: Remove deleteMissing from CheckInstanceBackupFileSnapshots
  • lxd/storage/backend_lxd: Move the snapshot comparison logic into the storage driver
  • lxd/storage/backend_lxd: Remove deleteMissing from CheckInstanceBackupFileSnapshots
  • incusd: Correctly update event location
  • incusd/events: Upgrade to websocket as late as possible
  • internal/server/db: Remove function doDbScan
  • internal/server: Use Retry function
  • internal/server/db: Unwrap dbQueryRowScan function
  • internal/server/db: Unwrap queryScan function
  • internal/server/db: Remove exec function
  • Move db backup functions to ClusterTx
  • Move db image functions to ClusterTx
  • Move db instance functions to ClusterTx
  • Move db network ACL functions to ClusterTx
  • Move db network forward functions to ClusterTx
  • Move db network load balancer functions to ClusterTx
  • Move db network peer functions to ClusterTx
  • Move db profile functions to ClusterTx
  • Move db network zone functions to ClusterTx
  • Move db network functions to ClusterTx
  • Move db snapshot functions to ClusterTx
  • Move db storage bucket functions to ClusterTx
  • Move db storage pool functions to ClusterTx
  • Move db volume snapshot functions to ClusterTx
  • Move db storage volume functions to ClusterTx
  • Move db warning functions to ClusterTx
  • lxd/api_cluster: Join cluster transactions
  • api_cluster: Optimize db transactions
  • daemon_images: Optimize db transactions
  • daemon_storage: Optimize db transactions
  • images: Optimize db transactions
  • storage_volumes_snapshot: Optimize db transactions
  • instance/drivers: Optimize db transactions
  • driver_ovn: Optimize db transactions
  • network/acl: Optimize db transactions
  • network/zone: Optimize db transactions
  • storage_volumes: Optimize db transactions
  • lxd/dns: Serialize DNS queries
  • lxd/network: Optimize UsedByInstanceDevices
  • lxd/backups: Simplify missing backup errors
  • tests: Update for current backup errors
  • lxd/cluster: Optimize ConnectIfInstanceIsRemote
  • lxd/backup/utils: Ensure the volume’s config gets updated too
  • lxd/storage/backend_lxd: Consistently use GetNewVolume for config generation
  • lxd/storage/drivers/volume: Deep copy the volume’s config when instantiating a snapshot
  • lxd/storage/utils: Remove setting UUID when inserting volume
  • lxd/storage/utils: Remove setting UUID when inserting buckets
  • doc: add API instructions for creating instances
  • doc: add API instructions for running commands in instances
  • doc: add API instructions for accessing files in instances
  • doc: clean up API instructions for configuring instances
  • doc: clean up API instructions for managing instances
  • doc: add API instructions for accessing the console
  • doc: add API instructions for adding a routed NIC
  • doc: add API instructions for backing up instances
  • doc: add API instructions for troubleshooting instances
  • shared/validate: Add validator to check a unit for multiples of x
  • lxd/resources/storage: Add GetDisksByID function
  • lxd/device/config: Add DefaultVMPowerFlexBlockFilesystemSize constant
  • doc: add API instructions for profiles
  • doc: add some API instructions for cloud-init
  • doc: exempt keyboard keys from the spelling check
  • shared/api/instance: add InstanceUEFI type
  • lxd/instance/drivers/uefi/uefi: add package
  • lxd/instance/instance_interface: extend with UEFIVarsRead/UEFIVarsUpdate
  • lxd/instances: introduce new API handles /1.0/instances/{name}/uefi-vars
  • api: add a new extension “instances_uefi_vars”
  • lxc/config: support a new CLI subcommand “lxc config uefi …”
  • doc: run make update-api
  • doc/internals: add information about UEFI variables
  • i18n: make i18n
  • lxd/storage/drivers/powerflex: Add PowerFlex storage driver
  • lxd/storage: Add PowerFlex driver to common volume rules
  • metadata: Add PowerFlex pool and volume config
  • doc: Add PowerFlex terms to the wordlist
  • doc: Add Dell PowerFlex driver info
  • README: fix link to translations on Weblate
  • lxd/instance/qemu: No size.state checks at startup needed
  • doc/requirements: ZFS 2.1 or higher is required
  • lxd/storage/drivers/powerflex: Fix function docstrings
  • doc/getting started: update how to access the UI
  • lxd/storage/drivers/powerflex: By default set powerflex.clone_copy=true
  • metadata: Update default value for powerflex.clone_copy
  • auth/oidc: Ensure the default config expiry interval is set.
  • lxd/network/acl: Avoid nested DB transactions
  • lxd: Fix linter errors
  • lxd: Use one transaction for updating storage volumes
  • lxd: Use expanded cert fingerprint in authorizer check
  • lxd: Check certificate view permission directly in handler.
  • lxd/request: Add a generic methods for getting and setting context values.
  • lxd/request: Adds an effective project name context key.
  • lxd/images: Perform access control after fingerprint expansion
  • lxd/auth: Get correct project name in CheckPermission.
  • lxd/auth: Allow for effective projects when listing resources.
  • lxd: Set effective project when listing project resources.
  • test/suites: Ensure restricted clients can list inherited resources.
  • lxd/instance/drivers/qemu: Revert linter fix
  • lxd/storage/backend_lxd: Don’t instantiate a new volume if existent during migration
  • lxd/storage/drivers/generic: Use VolumeCopy for genericVFSMigrateVolume
  • lxd/storage/drivers/zfs: Pass VolumeCopy for genericVFSMigrateVolume
  • lxd/storage/drivers/powerflex: Pass VolumeCopy for genericVFSMigrateVolume
  • lxd/storage/drivers/lvm: Pass VolumeCopy for genericVFSMigrateVolume
  • lxd/storage/drivers/dir: Pass VolumeCopy for genericVFSMigrateVolume
  • lxd/storage/drivers/cephfs: Pass VolumeCopy for genericVFSMigrateVolume
  • lxd/storage/drivers/ceph: Pass VolumeCopy for genericVFSMigrateVolume
  • lxd/storage/drivers/btrfs: Pass VolumeCopy for genericVFSMigrateVolume
  • doc/storage: language fixes to powerflex config options
  • doc/storage: add volatile.uuid to powerflex documentation
  • metadata: generate config option metadata
  • doc/storage: small fixes to PowerFlex documentation
  • Updates following changes to the LXD Grafana dashboard which now includes Loki. Split observability howtos in 3 (Prometheus, Loki and Grafana) Created Loki including info on labels as per How to set labels for Loki?. Updated Grafana screenshots to the latest to fix #12587
  • scripts/bash/lxd-client: add bash completion for lxc config uefi
  • doc/images: add API instructions for managing images
  • doc/images: add API instructions for associating profiles
  • doc/images: add API instructions for copying and importing images
  • doc/images: add API instructions for creating images
  • doc/images: clarify that remote image servers are CLI only
  • lxd/rsync: Merge sendSetup and Send functions
  • lxd/rsync: Add description of cleanup function to RunWrappers
  • doc/images: minify .png
  • doc/contributing: mention that SVG and small PNGs are preferred
  • doc: add TinyPNG to wordlist
  • test/main: add log grouping (GHA)
  • test/main: show dmesg on failure
  • github: capture dmesg if setting up microceph fails
  • lxd/storage/drivers: Always use default block.filesysem for VM volumes
  • lxd/db/networks: Differentiate not found errors from other errors in GetNetworkWithInterface
  • lxd/networks/utils: Don’t log not found errors in networkAutoAttach
  • lxd/devices: Log the device concerning the error from networkAutoAttach
  • lxd/patches: Remove VM block vols from patchStorageUnsetInvalidBlockSettings
  • lxd/storage/drivers/ceph: Don’t unset the block.* settings for VMs
  • lxd/storage/drivers/lvm: Don’t unset the block.* settings for VMs
  • lxd/storage/drivers/powerflex: Don’t unset the block.* settings for VMs
  • lxd/api/internal: Fix issues with device overrides during import in internalImportFromBackup
  • lxd/api/internal: Use correct quoting for error in internalImportFromBackup
  • lxd/db/cluster/devices: Use correct string quoting of device type for error in NewDeviceType
  • lxd/instances/post: Improve error in createFromBackup
  • lxd/storage/backend/lxd: Update backup.yaml after instance and volume DB records have been generated in CreateInstanceFromBackup
  • lxd/backup/backup/config/utils: Removes unused OverrideConfigYamlFile function
  • lxd: Move ExpandInstanceConfig and ExpandInstanceDevices from lxd/db to lxd/instance/instancetype package
  • lxd: Removes duplicate implementation of ExpandInstanceConfig and ExpandInstanceDevices
  • incusd/instance/qemu: Cap hotplug CPU slots to 64
  • shared/subprocess: Improve error handling
  • incusd/instance/qemu: Improve error handling
  • github: Connect mount-observe to microceph
  • lxd/endpoints/network/util/test: Remove incus references in Test_networkServerErrorLogWriter_shouldDiscard
  • lxd/instance/uefi/vars: Check if VM is running earlier to prevent etag errors
  • doc/images: quote command containing asterisk
  • lxd/storage/backend_lxd: Pass right volume name when refreshing custom volumes
  • client/lxd/instances: Adds API extension check for device override on import
  • test: Updates container devices nic bridged tests with import time device override
  • lxd/instance/drivers/driver/qemu: Initialise NVRAM if missing when UEFIVars is called
  • doc/howto/benchmark_performance: prepare for lxd-benchmark removal from snap
  • github: build lxd-benchmark binaries and upload as artifacts
  • lxd/db/cluster: Fix query for profile URLs by project name.
  • lxd/db/cluster: Fix comment for storage bucket URL query.
  • lxd/db/cluster: Add missing database entity types.
  • lxd/db/cluster: Add queries for generating URLs for new entity types.
  • lxd/db/cluster: Account for server entities in GetEntityURL functions.
  • api: Adds instances_migration_stateful API extension.
  • lxd/cluster/config: introduce the instances.migration.stateful to enable a default migration.stateful value for all created VM instances
  • lxd/instance/instancetype: Update defaultdesc of migration.stateful
  • lxd/db/cluster: Remove call to PrepareStmts in schema update test.
  • lxd: Make instances take a default migration.stateful parameter
  • lxdmetadata: update metadata
  • doc: mentioning that setting size.state is not necessary for an instance living on a shared storage pool
  • doc: update the documentation to mention the new default behaviour of migration.stateful
  • github: exit on error in microceph setup step
  • test/main: don’t wrap tests logs in log groups
  • github: switch to canonical/has-signed-canonical-cla@main
  • doc/requirements: add link anchor for lxc
  • doc/installing: point to requirements-lxc for liblxc min version
  • doc/installing: update note about LXC_DEVEL now that LP: #2039873 is fixed
  • lxd/apparmor/pyuefivars: allow reading bin/ directory
  • api: add a new extension container_syscall_filtering_allow_deny
  • test: Increase minio storage bucket test file size to 5MB
  • lxd: Correctly return authentication error.
  • shared/api: Add lifecycle events for identity create/update.
  • lxd/lifecycle: Add lifecycle actions for identity create/update.
  • lxd: Add internal endpoint for identity cache refresh.
  • lxd: Notify cluster members of new or updated identities.
  • lxc: Remove unnecessary client import alias.
  • doc/instances: clarify how to override device options during creation
  • lxd: Use internal endpoint to refresh cache on certificate change.
  • doc/api: pin Swagger version
  • Minimum Go version 1.21
  • gomod: Update depdendencies
  • api: Adds authorization_apis API extension.
  • shared/entity: Add identity, auth group and IDP group entity types.
  • lxd/db/cluster: Add schema update for auth APIs.
  • lxd/db/cluster: Run make update-schema.
  • lxd/db/cluster: Add database types for groups and permissions.
  • lxd/db/cluster: Runs make update-schema.
  • shared/api: Adds auth API types.
  • lxd/db/cluster: Adds database methods for auth groups.
  • lxd/db/cluster: Adds methods for populating api.IdentityInfo data.
  • lxd/db/cluster: Adds methods for populating api.IdentityProviderGroup data.
  • lxd/db/cluster: Adds methods for populating api.PermissionInfo data.
  • lxd/db/cluster: Add auth types to EntityType scanner/valuer implementation.
  • lxd/db/cluster: Add queries for generating URLs for new entity types.
  • lxd/db/cluster: Export the EntityRef type.
  • lxd/db/cluster: Add queries and methods for resolving entity URLs to IDs.
  • lxd/db/cluster: Update tests for entity queries.
  • lxd/identity: Adds groups and IDP groups to identity cache.
  • lxd: Update calls to (*identity.Cache).ReplaceAll in tests.
  • lxd: Update identity cache refresh handlers to include groups.
  • lxd/auth: Add function to validate an authentication method.
  • lxd/auth: Update Entitlement validation.
  • lxd/auth: Add can_view_permissions entitlement to server.
  • shared/api: Define lifecycle events for auth groups and IDP groups.
  • lxd/lifecycle: Define lifecycle event actions for auth and IDP groups.
  • lxd: Add the identities API handlers.
  • lxd: Add APIs for auth groups.
  • lxd: Add APIs for identity provider groups.
  • lxd: Add the permissions handler.
  • doc: Runs make update-api.
  • client: Add client methods for auth APIs.
  • shared/entity: Export (entity.Type).RequiresProject method.
  • lxc/auth: Add authorization commands to CLI.
  • i18n: Runs make i18n.
  • test/suites: Adds authorization test.
  • lxd/db: Don’t propagate expected errors
  • Makefile: Switch back to using go mod tidy for min go version checking at 1.21
  • Update minimum Go version to 1.21.5 to accomodate forthcoming openfga package
  • github: Update workflows to enforce min Go as 1.21.5
  • gomod: Update dependencies
  • lxd/db/cluster: Clarify comment and SQL queries.
  • lxd/instance/drivers/driver/qemu: Don’t leak file descriptor when probing for Direct I/O support
  • lxd/db/cluster: Add columns to identities table for auditing.
  • lxd/device/disk: Remove config.iso file when the cloud-init:config disk device is removed
  • lxd/db/cluster: Runs make update-schema.
  • lxd/auth/oidc: Remove config refresh interval from options.
  • lxd/auth/oidc: Add a httpClientFunc field to the oidc verifier.
  • lxd/auth/oidc: Get a new HTTP client when refreshing configuration.
  • api: Rename authorization_apis extension to access_management.
  • shared/api: Update API extension for auth API types.
  • client: Update API extension checks for auth APIs.
  • doc: Add OpenFGA to wordlist.
  • doc/howto/migrate_from_lxc: 5.0 is the last LTS release shipping lxd.lxc-to-lxd
  • github: wait longer before retrying to download go-tip
  • github: don’t test against go-tip on push events
  • lxd/auth/oidc: Export a method to expire the relying party config.
  • lxd: Pass a HTTP client func into NewVerifier.
  • lxd: Expire OIDC verifier config on proxy setting change.
  • lxd/storage/backend_lxd: Pass custom storage volume snapshots in the right order
  • lxd/db/cluster: Fix query for storage volume snaphot.
  • incusd/images: Fix potential race condition
  • lxd/images: Add project to error in autoSyncImages
  • lxd/images: Use context in autoSyncImages
  • lxd/images: Adds ctx arg to imageSyncBetweenNodes
  • lxd/device: Annotate the pci device config options
  • lxdmetadata: update metadata
  • doc/pcidevice: include automatic config options in the docs
  • lxd/project/project: Remove optimisation from StorageVolumeProject
  • lxd/storage/volumes: Use request context where appropriate
  • lxd/storage/volumes/backup: Use request context where appropriate
  • lxd/storage/volumes/snapshot: Use request context where appropriate
  • lxd/storage/volumes/snapshot: Use shutdown context where appropriate
  • lxd/storage/volumes: Standardise project name and request project name variables
  • lxd/storage/volumes/backup: Standardise project name and request project name variables
  • lxd/storage/volumes/snapshot: Standardise project name and request project name variables
  • lxd/storage/volumes/state: Standardise project name and request project name variables
  • github: add codeql config to run on PRs
  • github: stop monitoring C/C++ with CodeQL as it’s not buildable
  • github: use more stringent ruleset with CodeQL
  • Revert “github: use more stringent ruleset with CodeQL”
  • lxd/storage: remove reference to “ceph.osd.force_reuse”
  • build(deps): bump github.com/osrg/gobgp/v3 from 3.23.0 to 3.24.0
  • build(deps): bump github.com/minio/minio-go/v7 from 7.0.67 to 7.0.68
  • build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0
  • lxd/storage/volumes: Remove unnecessary 2 line variable definition in doCustomVolumeRefresh
  • lxd/storage/volumes: Remove unnecessary 2 line variable definition in doVolumeCreateOrCopy
  • lxd/storage/volumes: Validate source project in doCustomVolumeRefresh
  • lxd/storage/volumes: Validate source project in doVolumeCreateOrCopy
  • lxd/migration: Accept offered rsync features for BLOCK_AND_RSYNC
  • lxd: Fix entitlement for group list request.
  • lxd/db/cluster: Check for sql.ErrNoRows in correct place.
  • lxd/db/cluster: Remove permissions table.
  • lxd/db/cluster: Runs make-update-schema.
  • lxd/db/cluster: Delete generated permission queries/methods.
  • lxd/db/cluster: Add GroupID field to Permission.
  • lxd/db/cluster: Remove AuthGroupsByPermissionIDs method.
  • lxd/db/cluster: Update GetPermissionEntityURLs method.
  • lxd/db/cluster: Refactor auth group DB methods for schema change.
  • lxd: Refactor upsertPermissions to use new db methods.
  • lxd: Refactor auth group handlers to use new db methods.
  • lxd: Refactor permissions handler to use new db methods.
  • Revert “lxd/migration: Accept offered rsync features for BLOCK_AND_RSYNC”
  • github: Whitespace
  • github: Pin minio to RELEASE.2024-02-24T17-11-14Z
  • lxd/db/cluster: Add SQL triggers for deletion of each entity type.
  • lxd/db/cluster: Add an ApplyTriggers function.
  • lxd/db/cluster: Apply triggers when cluster DB is opened.
  • lxd/migration: Accept offered rsync features for BLOCK_AND_RSYNC
  • lxd/util: Rename ‘node’ to ‘cluster member’.
  • lxd/db/cluster: Remove redunant parentheses.
  • lxd/db/cluster: Rename “node” to “cluster member”.
  • lxd/db/cluster: Update error messages in unit tests.
  • test/suites: Check that permissions are deleted when entity is deleted.
  • lxd/instance/drivers/lxc: Remove LXD 3.7 rsync feature exception
  • lxd/db/cluster: Fix IdP group query.
  • lxd/db/cluster: Fix error messages when setting an identity’s groups.
  • lxd/db/cluster: Update query for setting an identity’s groups.
  • lxc: Fix info message when an IdP group is deleted.
  • i18n: Updates translations.
  • .github/workflows: Use latest minio
  • Set minimum Go version to 1.22.0 to accomodate OpenFGA.
  • workflows: Remove go1.21.x from strategy matrix.
  • workflows: Set minimum Go version to 1.22.0 to accomodate OpenFGA.
  • doc: Set minimum Go version to 1.22.0.
  • test/lint: Disable licence check.
  • github: on push events, don’t include additional tests to the matrix
  • lxd/instance: Reject limits.kernel config for VMs
  • doc: limits.kernel only applies to containers (see #12874)
  • github: Restore testing latest stable version of go rather than go tip
  • lxd-metadata: Support ‘compressed expression’ in entities list
  • lxd/device: Annotate unix-{char,block,hotplug,usb} devices config options
  • lxdmetadata: update metadata
  • doc/unixdevice: include automatic config options in the docs
  • lxd-metadata: Support ‘compressed expression’ in entities list
  • lxd/device: Annotate the gpu device config options
  • lxdmetadata: update metadata
  • doc/gpudevice: include automatic config options in the docs
  • doc/devices/gpu: reference options
  • lxd/device: Annotate the tpm device config options
  • lxdmetadata: update metadata
  • doc/tpmdevice: include automatic config options in the docs
  • github: Removes downloading go tip as not needed
  • lxd/storage/backend/lxd: Use volume name from the database in RefreshCustomVolume and CreateCustomVolumeFromCopy
  • lxd/db/cluster: Actually swap argument order in SQL statement.
  • lxd/instance/drivers/qemu: Use a pointer for tracking operations
  • lxd/device: Annotate the disk devices
  • lxdmetadata: update metadata
  • doc/diskdevice: include automatic config options in the docs
  • doc: replace references to config options
  • lxd/migrate/storage/volumes: Use volume name from DB in migrationSourceWs.DoStorage
  • lxd/device: Annotate the nic devices
  • lxdmetadata: update metadata
  • doc/nicdevice: include automatic config opptions in the docs
  • doc/devices/disk: update reference file
  • shared/api: Update identities field of AuthGroup.
  • shared/api: Include groups in the identity API type.
  • shared/api: Add effective groups and permissions to IdentityInfo.
  • lxd/db/cluster: Update AuthGroup.ToAPI to return identity map.
  • lxd/db/cluster: Update Identity.ToAPIInfo method.
  • lxd: Return identity map when listing groups.
  • lxd: Remove recursion=2 from GET /1.0/identities.
  • lxd: Update calls to Identity.ToAPI.
  • lxd/db/cluster: Don’t return dangling permissions (log a warning).
  • lxd: Update call to GetPermissionEntityURLs.
  • lxd/db/cluster: Add function to get all LXD groups from IDP groups.
  • lxd/db/cluster: Add function to get distinct permissions from list of group names.
  • lxd: Adds handler for getting the current identity.
  • lxd: Call current identity handler on GET /1.0/auth/identities/current.
  • client: Update client for modified identities endpoints.
  • client: Update client for modified identities endpoints.
  • lxc: Update client call when listing identities.
  • lxc: Add ‘info’ command to lxc auth identity.
  • test/suites: Test the ‘lxc auth identity info’ command.
  • i18n: Update translations.
  • doc: Runs make update-api.
  • lxd/device: Annotate the infiniband device config options
  • lxdmetadata: update metadata
  • doc/infinibanddevice: include automatic config options in the docs
  • lxd/db/cluster: Filter out identities and idp groups we can’t view.
  • lxd/db/cluster: Filter out groups we can’t view.
  • lxd/db/cluster: Filter out groups we can’t view.
  • lxd/auth: Add entitlements for IdP groups.
  • lxd: Filter out identities and IdP groups we can’t see from groups API.
  • lxd: Use fine-grained permissions for IdP groups.
  • lxd: Filter out groups and IdP groups we can’t view from IdP groups API.
  • lxd: Filter out groups we can’t view from identities API.
  • lxd/network/acl: Change protocol field for ovn logs
  • shared/api: Unembed instance Put from Get entity
  • shared/api: Unembed instance snapshot Put from Get entity
  • shared/api: Unembed project Put from Get entity
  • shared/api: Unembed profile Put from Get entity
  • shared/api: Unembed image Put from Get entity
  • shared/api: Unembed warning Put from Get entity
  • shared/api: Unembed cluster member Put from Get entity
  • shared/api: Unembed storage_pool Put from Get entity
  • shared/api: Unembed network Put from Get entity
  • shared/api: Unembed certificate Put from Get entity
  • shared/api: Unembed auth Put from Get entities
  • shared: Update cerificate api entrity
  • shared/filter: Update api entities
  • lxd/cluster/connect: Update references to certificate entity fields
  • lxd/db/cluster/auth_groups: Remove trailing spaces from SQL queries
  • lxd/db/cluster/identities: Remove trailing spaces from SQL queries
  • lxd/db/cluster/identity_provider_groups: Remove trailing spaces from SQL queries
  • lxd/db/cluster/*: Update fileds of api entites
  • lxd/db/cluster: Update fileds of api entites
  • lxd/db/network_acls: Accept non-pointer api struct in network acl update function
  • lxd/db/network_acls: Update references to network acl entity fields
  • lxd/db/network_forwards: Accept non-pointer api struct in network forward update function
  • lxd/db/network_load_balancer: Accept non-pointer api struct in network load balancer update function
  • lxd/db/network_peer: Accept non-pointer api struct in network peer update function
  • lxd/db/storage_buckets: Accept non-pointer api structs in update functions
  • lxd/project/permissions: Update reference to instance entity fields
  • lxd/instance/drivers: Update references to instance snapshot entity fields
  • lxd/instances_post: Update references to instance entity fields
  • lxd/patches: Update fields of api entities
  • lxd/profiles: Update references to profile entity fields
  • lxd/api_internal_test: Update references to profile entity fields
  • lxd/api_cluster: Update fields of api entities
  • lxd/api_internal_recover: Update fields of storage pool api entities
  • lxd/storage/backend_lxd: Update references to storage_pool entity fields
  • lxd/network/*: Update references to network entity fields
  • lxd/auth_groups: Update fields of api entities
  • lxd/identities: Update fields of api entities
  • lxd/certificates: Update certificate post struct
  • lxd-user/lxd: Update certificate post struct
  • lxc: Update fields of api entities
  • i18n: Update translations
  • doc: Update api definition
  • lxd/migration/volumes: Revert adding rsync features for BLOCK_AND_RSYNC
  • lxd/storage/drivers/ceph: Rename copyWithSnapshots to copyVolumeDiff
  • lxd/storage/drivers/ceph: Add findLastCommonSnapshotIndex function
  • lxd/storage/drivers/ceph: Add restoreVolume to skip a VM’s filesytem volume
  • lxd/storage/drivers/ceph: Add optimized volume refresh
  • lxd/migration/protobuf: Add RBD_AND_RSYNC migration type
  • lxd/migration/volumes: Support exchanging RBD_AND_RSYNC migration type
  • lxd/migration/volumes: Append rsync features for RBD_AND_RSYNC type
  • lxd/storage/drivers/generic: Allow RBD_AND_RSYNC type to use the generic migration
  • lxd/instance/drivers/lxc: Indicate multi sync for RBD_AND_RSYNC
  • lxd/storage/drivers/ceph: Add optimized volume refresh for migration
  • lxd/storage/drivers/ceph: Allow RBD migration type for volume refreshes
  • doc: Update Ceph RBD support for optimized refresh
  • lxd/network: Annotate the sriov network
  • lxdmetadata: update metadata
  • doc/sriov_network: include automatic config options in the docs
  • lxd/storage/drivers/ceph: Use fixed size slices to improve performance
  • lxd/storage/drivers/ceph: Clarify snapshot refresh behavior
  • lxd/storage/drivers/ceph: Add RBD block copy and transfer log messages
  • lxd/device: Annotate proxy device config options
  • lxdmetadata: update metadata
  • doc/proxydevice: include automatic config options in the docs
  • lxd/network: Annotate the macvlan network
  • lxdmetadata: update metadata
  • doc/macvlan_network: include automatic config options in the docs
  • api: Add vm_disk_io_limits extension
  • lxd/drivers/qmp: Add SetBlockThrottle
  • lxd/device/disk/config: Add DiskLimits
  • lxd/device/disk: Re-shuffle limit parsing
  • lxd/device/disk: Add disk limits on VMs
  • lxd/device/disk: Support live limits update for VMs
  • lxd/instance/qemu: Support disk I/O limits
  • lxd/auth: Adds util for checking authorization errors.
  • lxd/project: Update auth error code check.
  • lxd: Update error code checks on calls to CheckPermission.
  • lxd/identity: Update AuthenticationMethodFromIdentityType method.
  • lxd/identity: Add method to get IDP group mappings from the cache.
  • lxd/network: Annotate bridge network
  • lxdmetadata: update metadata
  • doc/bridge_network: include automatic config options in the docs
  • lxd/network: Annotate physical network
  • lxdmetadata: update metadata
  • doc/physical_network: include automatic config options in the docs
  • lxd/instance: Annotate instance properties
  • lxdmetadata: update metadata
  • doc/instance_properties: include automatic config options in the docs
  • lxd/network: Annotate ovn network
  • lxdmetadata: update metadata
  • doc/ovn_network: include automatic config options in the docs
  • build(deps): bump github.com/go-jose/go-jose/v3 in /test/mini-oidc
  • build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.2 to 3.0.3
  • lxd/project: Update FilterUsedBy function.
  • lxd: Move calls to FilterUsedBy out of transactions.
  • lxd: Simplify project used-by function.
  • lxd: Filter project used-by field by what the user can view.
  • lxd: Filter network ACL used-by field by what the user can view.
  • lxd: Filter network peer used-by field by what the user can view.
  • lxd: Filter network zone used-by field by what the user can view.
  • lxd/db/cluster: Add a method to get a single entity reference from a URL.
  • gomod: Add OpenFGA dependencies.
  • lxd/db: Adds the OpenFGA datastore implementation.
  • lxd/auth: Add the OpenFGA model.
  • lxd/auth: Add identity provider groups to request details.
  • lxd/auth: Update requestDetails method.
  • lxd/auth: Add the embedded OpenFGA authorization driver.
  • lxd: Load the embedded OpenFGA driver by default.
  • test: Add a util for getting the fingerprint from a certificate.
  • test/suites: Add tests for fine-grained authorization.
  • Makefile: Exclude dependency from spec generation.
  • lxd/auth: Fix comments.
  • lxd/storage/drivers/powerflex: Unmap the volume before performing resize
  • lxd/db/cluster: Clarify placeholder argument.
  • lxd/db: Clarify ‘user’ in openfga context.
  • lxd/db: Improve not found error handling.
  • lxd/seccomp/seccomp: Fix incorrect conversion from uint32 to int in FindTGID
  • lxd/instance/drivers/driver/qemu: Fix incorrect conversion of uint32 to int in acquireVsockID
  • lxd/network/network/utils: Fix incorrect conversion from int64 to int in inRoutingTable
  • lxd/util/net: Update CanonicalNetworkAddress and CanonicalNetworkAddressFromAddressAndPort to use platform agnostic int64 for port
  • lxd/main/init: Update usage of CanonicalNetworkAddressFromAddressAndPort and CanonicalNetworkAddress
  • lxd/storage/drivers/ceph: Send the actual block vol when migrating snapshot
  • lxd/network/network/utils: Remove unnecessary call to fmt.Sprintf by passing base to ParseInt
  • gomod: Dependency updates
  • lxd/storage_volumes.go: add all-projects paremeter
  • doc: run make update-api
  • lxd/response: Use SmartError if SyncResponse success=false
  • build(deps): bump github.com/go-acme/lego/v4 from 4.15.0 to 4.16.1
  • build(deps): bump github.com/minio/minio-go/v7 from 7.0.68 to 7.0.69
  • lxd/storage/drivers/ceph: Lock concurrent migrations
  • lxd/storage/drivers/driver/zfs/volumes: Fix error scoping in CreateVolumeFromCopy
  • lxd/storage/drivers/driver/zfs/volumes: Define send/receive channels together in CreateVolumeFromCopy
  • lxd/storage/drivers/driver/zfs/volumes: Kill sender if receiver fails in CreateVolumeFromCopy
  • lxd/storage/drivers/driver/zfs/volumes: Handle multi-line errors in CreateVolumeFromCopy
  • lxd/storage/drivers/driver/btrfs/volumes: Fix hang when btrfs receive fails in RefreshVolume
  • lxd/storage/drivers/driver/btrfs/volumes: Handle multi-line errors in RefreshVolume
  • lxd/storage/drivers/driver/zfs/volumes: Aligns RefreshVolume with BTRFS driver
  • lxd-agent: Indicate LTS in version output
  • shared/version: Include LTS flag in useragent
  • lxd/response: Fallback to error response after setting headers
  • lxd/storage/backend/lxd: Use volume name from VolumeDBGet in BackupCustomVolume
  • lxd/storage: Fix resize for pools with custom zfs.pool_name
  • github: Add support for 5.21-stable branch
  • github: Fix branches for 5.21 support
  • lxd/storage/drivers/driver/btrfs/volumes: Cleanup on failure in RefreshVolume
  • lxd/auth: Remove can_view_configuration entitlement.
  • lxd: Populate server config for can_edit on server.
  • lxd/auth: Decrease log verbosity on GET requests with can_edit.
  • test/suites: Remove can_view_configuration from expected permission list.
  • lxd/auth: Prevent project modifications
  • test/suites: Add test cases for project modification.
  • lxd: Add security headers and gzip compression for the /ui/ API route
  • update go dependencies
  • github: fix branch target name/version extraction logic
  • Github: Update Tests badge to use correct branch
  • lxd/device/nic_ovn: Only stop device if network is populated
  • client: Unset project when querying permissions.
  • lxc/copy.go: remove impossible condition
  • doc: update to the current version of the starter pack
  • doc: work around circular dependency
  • doc: change link colour for dark mode
  • doc/images/alias: fix CLI instructions for changing an alias
  • lxd/instance/drivers/driver/qemu: Restore 50MB tmpfs for lxd-agent as it will likely exceed 25MB
  • lxd/db/openfga: Strip whitespace
  • lxd/auth: Don’t build authorizer drivers into lxd-agent
  • doc/UI: reword status of the LXD UI
  • doc: install extra tools inside the environment
  • Makefile: consistently use pip

Downloads

The release tarballs can be found on our download page.

Binary builds are also available for:

  • Linux: snap install lxd
  • MacOS: brew install lxc
  • Windows: choco install lxc
8 Likes

LXD 5.21.0 LTS is now available in the new 5.21 LTS track in the snap channel 5.21/candidate (as well as latest/candidate) and will be rolled out to 5.21/stable and latest/stable channels soon.

Please refresh to the 5.21/* channels if you want switch to the new LTS series, as the latest/* channels will continue on to future feature releases (6.x) in the coming weeks.

3 Likes

I tried to use this LXD new release, to experiment with cloud-init, the following is my experience:

I followed the Quick-start tutorial with LXD, it went well until, I issued cloud-init status --wait, it is running forever. cloud-init status returned status: running. It supposed to returned status: done

This seems to be a duplicate of LXD with cloud-init status is forever running or say hanging lets discuss on the original thread. Thanks

A video covering the highlights of the release is now available:

https://www.youtube.com/watch?v=0gjD0DJDD1M

Please also see the official blog post:

https://ubuntu.com/blog/lxd_5-21-0_lts

1 Like

Wow, super happy with the progress of LXD development. OIDC looks really amazing. Also super happy to hear that canonical is almost ready with the image server.

I have a question for the LXD team. Would canonical ever consider providing a LXD OS? What I mean by this is basically when you boot up the VM instance or install the ISO you get LXD automatically setup and just get the API connectivity without any SSH to the machine.

I was talking to some people at https://www.talos.dev/ and it seems like it’s very possible for LXD to have something like this, where when you boot it up you simply manage the entire thing via API without having to do anything with the command line / through ssh.

The advantage to this is it’s 1 less layer to manage. Everything is managed inside containers. There are no apps to install / manage on the host. You initialize everything by passing parameters into cloud-init.

It’s also been done by CoreOS https://fedoraproject.org/coreos/

This release has been superseded by LXD 5.21.1 which is rolling out to 5.21/stable and latest/stable snap channels now.

There was an Ubuntu appliance initiative a few years ago where we did create a LXD appliance that is to some extent similar to what you’re describing (still based on Ubuntu though), but there wasn’t much interest for that and we haven’t updated it in a long time. We don’t yet have any plans to do something like what you’re describing, but it seems like an interesting idea that we could think about in the future as the team grows.

1 Like