LXD 5.21.2 LTS has been released

tomp · July 16, 2024, 9:56am

Introduction

The LXD team would like to announce the release of LXD 5.21.2 LTS!

This is the second bugfix release for LXD 5.21 which is supported until June 2029.

Thank you to everyone who contributed to this release!

Bug fixes and improvements

Automatic IP allocation for OVN network forwards and load balancers

The OVN network forward and load balancers now support automatic IP allocation.

Previously when creating an OVN network forward or load balancer you had to specify the external listen address on the uplink network manually. However, this could be time consuming to figure out which IPs are available and in cases where an OVN network existed inside a project the user creating the network forward or load balancer may not have had sufficient access to see the available IPs on the uplink anyway.

To solve this the lxc network forward create and lxc network load-balancer create commands now accept an optional --allocate flag. This flag can take the value either ipv4 or ipv6 to instruct LXD to allocate an IPv4 or IPv6 address respectively.

LXD will look for an unused IP in the range(s) allocated for OVN network use on the uplink network and if one is available select it for the listen address.

Dell Powerflex Storage Data Client (SDC) kernel driver support

It is now possible to use the Dell Powerflex Storage Data Client (SDC) kernel driver with LXD powerflex storage pools. This is an alternative to using NVME over TCP which is also supported.
To enable the SDC mode, set the powerflex.mode to sdc.
If the mode is not set, LXD will first try to use nvme mode and then fallback to the sdc mode.
Note that when using the SDC mode, LXD requires it to already be connected to the Dell Metadata Manager (MDM), as LXD does not set up the SDC connection itself.
Documentation: Dell PowerFlex

On demand kernel module loading from a container

Introduces support for container finit_module syscall interception that allows lazily loading Linux kernel modules from inside unprivileged container if module is in the allow list linux.kernel_modules and linux.kernel_modules.load is set to ondemand.

Removal of armhf support for ceph

As part of our preparations for moving to the core24 base snap, ceph support for armhf architecture has been removed because it is no longer available in the Ubuntu Noble release.

Updated minimum Go version to 1.22.4

The minimum version of Go required to build LXD is now 1.22.4.

Complete changelog

Here is a complete list of all changes in this release:

Full commit list

build(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0
build(deps): bump golang.org/x/sys from 0.18.0 to 0.19.0
build(deps): bump golang.org/x/crypto from 0.21.0 to 0.22.0
build(deps): bump golang.org/x/term from 0.18.0 to 0.19.0
build(deps): bump golang.org/x/oauth2 from 0.18.0 to 0.19.0
build(deps): bump github.com/osrg/gobgp/v3 from 3.24.0 to 3.25.0
build(deps): bump github.com/openfga/openfga from 1.5.1 to 1.5.2
Suggested changes to the tutorial
api: add image_restriction_nesting
doc/images: introduce requirements.nesting
internal/server/instance/lxd: add support for image.requirments.nesting
Formatting changes as per review
lxc: Make lxc init and lxd launch manpages more consistent
i18n: Update translations
Correct disk free to GiB
lxd/db: Remove ErrAlreadyDefined sentinel error.
lxd/db: Replace ErrAlreadyDefined with an api.StatusError.
lxd: Replace db.ErrAlreadyDefined with an api.StatusError.
lxd: Check for database conflicts using api.StatusErrorCheck.
lxd/instance: Check for database conflicts using api.StatusErrorCheck.
lxd/response: Remove dependency on lxd/db from lxd/response.
lxd/db: Update unit tests to check for 409 Conflict.
tests: Update test_remote_usage to check for existing image on images.lxd.canonical.com
test: Don’t use default 10GiB block volume in test_storage_volume_snapshots
lxd/auth: Add comments to the OpenFGA model describing entitlements.
lxd/auth/generate: Add logic for generating entitlement definitions.
lxd/auth: Adds entitlements file with go:generate directive.
Makefile: Adds update-auth make target.
lxd/auth: Runs make update-auth.
test/lint: Add linter to ensure generated file is up to date.
lxd/auth: Remove duplicated type and function definitions.
lxd/auth: Replace EntitlementProjectOperator with EntitlementOperator.
lxd: Update entitlement validation calls.
lxd/auth: Add a can_delete entitlement to identity.
lxd/auth: Add directly related user types to group entitlements.
lxd/auth: Run make update-auth.
test/suites: It should be possible to grant permissions against a certificate.
test/suites: Update list of server entitlements.
scripts/bash/lxd-client: add security.sev* instance keys
scripts/bash/lxd-client: sort and add missing global keys
scripts/bash/lxd-client: sort and add missing instance keys
lxd/instance/instance/utils: Align validation terminology with that used for volume name validation
lxd/instance/instance/utils: Indicate instance name is invalid
lxd/instance/instance/utils: Include instance name in ValidName
lxd/storage/utils: Adds ValidVolumeName function
lxd/storage/volumes: storagePools.ValidVolumeName usage
lxd/storage/backend/lxd: Adds validation of instance and volume names to CreateInstanceFromBackup
api: add container_syscall_intercept_finit_module api extension
lxd: add forksyscallgo helper
lxd/seccomp: add libcap dependency and helper
lxd/seccomp/seccomp: add finit_module interception code
lxd/instance/drivers/driver_lxc: add support for linux.kernel_modules.load
scripts/bash/lxd-client: add “linux.kernel_modules.load” config option
run make update-metadata
instance/driver_lxc: get rid of redunant calls to cgroup.TaskSchedulerTrigger
lxd/storage/backend/lxd: Improve volume name validation in CreateCustomVolumeFromBackup
test/lint/godeps: rework dependency checking
Enable renovate bot
test/suites/container_devices_nic_bridged_filtering: silence SC2001
Makefile: use bash with shellcheck
shared/simplestreams: Fix delta always using container rootfs as source
lxd/instances: Don’t start instances when evacuated
UI: Add canonical.com domain to content security policy, so the ui can load data from images.lxd.canonical.com
lxd/auth/openfga: If the entityType is TypeServer, no need to list the server objects
doc/instances: change link to instance types files
doc: add back information about images: remote
doc/storage: document how to list all storage volumes
lxd: GET /1.0/warnings should use the can_view_warnings entitlement.
lxd: Update internal warning create handler.
test/suites: Adds authorization test for viewing warnings.
doc/api extensions: add links to config options
client: Fix permissions extension typo
test: Push permissions for existing files
scripts/bash/lxd-client: add completion to lxc pause
scripts/bash/lxd-client: lxc manpage is hidden, don’t autocomplete it
scripts/bash/lxd-client: add lxc rebuild and warning top commands
scripts/bash/lxd-client: complete lxc rebuild
scripts/bash/lxd-client: complete lxc warning
scripts/bash/lxd-client: sort some commands
scripts/bash/lxd-client: add lxc remote switch
lxd/storage/drivers/zfs: Fix refresh of VM volumes
lxd/db/images: Add UnsetImageCached to disable the cached field
lxd: ImageDownload now checks for an explicit copy operation and eventually uncache the image
lxd: Signal to ImageDownload when an explicit image copy is happening
tests/remote_usage: Add integration tests
renovate: disable Dependency Dashboard
renovate switch to recommended config preset
github: move renovate.json out of the root dir
github: check for lxd-agent binary size changes
lxd/api/metrics: Don’t repeatedly call instance.Project() in metricsGet
lxd/api/metrics: Fix crash due to absent locking in metricsGet
lxd/api/metrics: Avoid repeated calls to wg.Add in metricsGet
lxd/config/default: Add images to DefaultRemotes
lxd-benchmark: Improve error reporting in LaunchContainers
test: Add additional checks for stopped instances in metrics tests
lxd/api/metrics: Use api.ProjectDefaultName constant in metricsGet
github: check both lxc and lxd-agent binary sizes
lxd/device/device_utils_disk: fix diskAddRootUserNSEntry to add root mapping only if it’s required
doc/requirements: fix ZFS requirements
doc/file push: include information about permission flags
doc: clarify relation between proxy devices and network forwards
scripts/bash/lxd-client: add “lxc operation” command
scripts/bash/lxd-client: fix “lxc restore” completion
scripts/bash/lxd-client: add missing quotes and –
scripts/bash/lxd-client: add “lxc warning” command
scripts/bash/lxd-client: complete “lxc image” subcommands
scripts/bash/lxd-client: add “lxc alias” command
README: add MicroCloud to the list of tools for managing LXD
README: add Bolt and Packer to the list of tools for managing LXD
fix(deps): update module github.com/openfga/openfga to v1.5.3 [security]
Makefile: fail if any test/lint files are not executable
Makefile: fail if any test/lint files are missing the .sh extension
test/lint: make godeps.sh executable
test/lint/godeps: display diff on failure
test/godeps/lxd-agent: remove github.com/golang/protobuf/proto
build(deps): bump github.com/miekg/dns from 1.1.58 to 1.1.59
doc: pin version of myst-parser
github: Explicitly pass the -package flag to lxd-snapcraft
build(deps): bump github.com/minio/minio-go/v7 from 7.0.69 to 7.0.70
build(deps): bump github.com/osrg/gobgp/v3 from 3.25.0 to 3.26.0
build(deps): bump golang.org/x/term from 0.19.0 to 0.20.0
build(deps): bump golang.org/x/text from 0.14.0 to 0.15.0
build(deps): bump golang.org/x/oauth2 from 0.19.0 to 0.20.0
build(deps): bump google.golang.org/protobuf from 1.33.0 to 1.34.1
test: add new dependency to lxd-agent
build(deps): bump golang.org/x/crypto from 0.22.0 to 0.23.0
build(deps): bump github.com/go-acme/lego/v4 from 4.16.1 to 4.17.3
build(deps): bump github.com/jaypipes/pcidb from 1.0.0 to 1.0.1
lxd/devices: prepare for VMs dynamic core pinning support
instance/driver_qemu: implement SetAffinity()
instance/driver_qemu: call TaskSchedulerTrigger hook onstart/stop/update
instance/drivers/driver_qemu: wait until hotplugged vCPUs are visible
instance/drivers/driver_qemu: move setCoreSched() into setCPUs()
start the DNS listener after the networks are started
updated the network_zone test to include a restarting the server case
lxd: added an error message with link of the LXD documentation when lxd-ui is disabled
doc/ovn: include networking architecture figures
doc/ui: add instructions for enabling or disabling the UI
github: use non-shallow clones for differential shellcheck
github: be stricter with shellcheck
lxd: Use pool name from DB entry in permission check.
test/suites: Check that authorization is working for /1.0/storage-volumes.
doc/storage: fix import command
scripts/bash/lxd-client: add “lxc config device override”
lxd/storage/drivers/lvm: Fix source.wipe
lxd/db: Update GetStoragePoolVolumes to use StorageVolumeFilter.PoolID
lxd/storage_volumes: Optimize database calls on storagePoolVolumesGet
lxd/storage: Update GetStoragePoolVolumes usage
lxd: Rename GetStoragePoolVolumes to GetStorageVolumes
lxc: Fix cluster enable check
test: Fix setting block.* tests
lxd/storage/drivers/zfs: filter redundant options on ensureInitialDatasets
lxc/init: add a device override example
lxc/launch: add a device override example
Makefile: have dqlite build raft
github: update env vars now that dqlite builds raft
doc/installing: update env vars now that dqlite builds raft
doc/installing: remove traces of raft being a separated lib
Makefile: remove vendored raft lib from dist target
Makefile: remove outdated comment
doc: unpin version of myst-parser
doc: add lxd group creation to installation process
doc: add user addition to lxd group to intallation process
doc/ovn: update OVN networking diagrams to work on dark background
doc/howto/benchmark_performance: s/22.04/24.04/g
doc/howto/cluster_groups: s/22.04/24.04/g
doc/howto/cluster_manage_instance: s/22.04/24.04/g
doc/howto/images_manage: s/22.04/24.04/g
doc/howto/images_remote: s/22.04/24.04/g
doc/howto/instances_create: s/22.04/24.04/g
doc/howto/instances_routed_nic_vm: s/22.04/24.04/g
doc/howto/network_ovn_setup: s/22.04/24.04/g
doc/howto/projects_work: s/22.04/24.04/g
doc/tutorial/first_steps: s/22.04/24.04/g
lxc/init: s/22.04/24.04/g
lxc/launch: s/22.04/24.04/g
lxc/main: s/22.04/24.04/g
lxd-benchmark/main: s/22.04/24.04/g
shared/api/image: s/22.04/24.04/g
shared/api/instance: s/22.04/24.04/g
shared/api/server: s/22.04/24.04/g
doc/reference/image_format: s/22.04/24.04/g and s/jammy/noble/g
doc/rest-api: run make update-api
Add page describing lxc show and info
lxc: If the volume ContentType is ‘filesystem’, args[1] is the device name and args[3] its path
lxc: if the volume ContentType is ‘filesystem’, ensure the argument used for the device path is an absolute path
doc: fix topical build
test/README: Document LXD_VERBOSE
doc/requirements: mention that HW support is required for running VMs
Add device override to howto instance conf
api: device_usb_serial
shared/api: Add Serial to ResourcesUSBDevice
lxd/resources: Add USB Serial
lxd/device/usb: Add serial, busnum and devnum options
lxdmetadata: update metadata
github: Ensure lxd metadata can update the needed files during static analysis check
doc/rest-api: Refresh swagger YAML
added reference page for complete preseed yaml fields; how to form a cluster and how to initialize lxd linked to complete preseed yaml fields
remove trailing space; add blank line at EOF
add ‘storage_volumes’ to the YAML
api: Add network_allocate_external_ips extension.
lxd/network: Return listen address when creating load-balancer or forward.
lxd/network: Add a util for getting a random IP address within a subnet.
lxd/network: Add unit test for random address util.
lxd/network: Add a util to the OVN driver to get an available external address.
lxd/network: Add auto-allocation logic to OVN network forwards.
lxd/network: Add auto-allocation logic to OVN network load-balancers.
lxd/network: Return an unimplemented error for auto-allocation in bridge driver.
client: Check for API extension if listen address is unspecified.
lxc/config: Adds a GetInstanceServerWithTransportWrapper method.
client: Allow setting the transport wrapper on a unix client.
client: Update calls to unixHTTPClient.
lxc: Add a transport wrapper for inspecting Location headers.
lxc: Add --allocate flag and make listen address optional.
doc/howto: Update how-tos for network forwards and load-balancers.
doc: Update mdl exceptions list.
doc/instances: add UI instructions for creating instances
doc/instances: update UI instructions for configuring instances
doc/profiles: add UI instructions for using profiles
doc/instances: add UI instructions for troubleshooting instances
doc/ui: update console screenshot for Noble
doc/instances: update instructions for accessing files for UI
doc/instances: add UI instructions for running commands
doc/instances: add UI instructions for accessing the console
doc/instances: add UI instructions for adding a routed NIC
doc/instances: add UI instructions for backing up instances
doc/instances: clarify moving instances only works in CLI
doc: tinify images
doc/api-extensions: link config options
grafana: Refresh dashboard
test/suites/auth: Add checks for can_edit on server and storage_pool config
lxd/device/usb: Don’t require USB devices to have a serial file
lxd/fsmonitor/drviers/driver/fanotify: Don’t log error during shutdown
doc/howto/grafana: Minor tweaks
doc/metrics: provide non-snap instruction on how to restart prometheus
doc/images: remove outdated grafana dashboard ID capture
grafana: Better filter Loki events by project
lxd/daemon: Use hostname as default instance property on standalone systems
lxd/loki: Re-order config fields
lxd/loki: Allow overriding the location field
lxd/daemon: Set location field to local hostname on standalone systems
lxd_metadata: Annotate network zone properties
lxd_metadata: Annotate network ACL properties
lxd_metadata: Annotate network forward properties
lxd_metadadta: Annotate network load balancer properties
lxd_metadata: Annotate network peering properties
doc: Update doc to insert generate property tables
doc/network_forwards: update line numbers for linter exceptions
lxd_metadata: update metadata
doc/networking: add back table that went missing
lxd/storage/drivers/btrfs: Correctly detect raw disks
test/suites/storage: source.wipe for lvm, btrfs, zfs
lxd/storage/drivers/utils: fsUUID returns err for missing UUID
doc: configure cloud-init from a file
Apply suggestions from code review
Update network_increase_bandwidth.md document with details for u18.04+
doc/images: add UI instructions for dealing with images
Makefile: stop building lxd-migrate and lxd-agent in build target
Makefile: add lxd-metadata target
Makefile: stop building lxd-metadata in build target
Makefile: add lxd-metadata as a dependency for build target
Makefile: rename build target to lxd and add build as alias
Makefile: add all target to build the client, lxd, lxd-agent and lxd-migrate
github: drop invalid ref to matrix.go in snap edge build step
github: specify which make target to use when building LXD
Makefile: add lxd-benchmark target
Makefile: add lxd-benchmark to all target
Makefile: default to building all binaries: lxc, lxd, lxd-agent, lxd-benchmark and lxd-migrate
doc/howto/instances_troubleshoot: rename container to avoid confusion
doc/howto/instances_troubleshoot: add instructions for debugging systemd
lxd/storage/drivers: Add volume param to roundVolumeBlockSizeBytes
lxd: Only allow force stop for frozen instances
lxd: instance start also unfreezes
lxd: instances_put start unfreezes instances
test/basic: Add freeze tests
Update doc/howto/network_increase_bandwidth.md
Update doc/howto/network_increase_bandwidth.md
Update doc/howto/network_increase_bandwidth.md
Update doc/howto/network_increase_bandwidth.md
Update network_increase_bandwidth.md
Update network_increase_bandwidth.md
Update doc/howto/network_increase_bandwidth.md
lxd: Add int upper bound check
doc/contributing: remove note about configuration options
lxd/cluster: Add int upper bound check
doc: Add network list-leases to IPAM How-to
Update doc/howto/network_increase_bandwidth.md
Update doc/howto/network_increase_bandwidth.md
Update doc/howto/network_increase_bandwidth.md
github: run the doc link checker on PRs only
doc: fail doc-lint if unneeded exceptions are present
doc: remove now unneeded exception
Makefile: bind http server to 127.0.0.1 instead of 0.0.0.0
lxd: Fix double unlock of the task group’s mutex
lxd/task: Group usage comment
doc: Add a page about dqlite troubleshooting
lxd/network/openvswitch/ovn: Workaround OVN load_balancer table index issue by deleting records by UUID
lxd/storage/drivers/zfs: Round to zfs.blocksize or 16KiB
lxd/storage/drivers: Refactor volume size rounding logic
test/storage: Add non-power-of-two sized storage check
lxd/storage/drivers: Fix linter errors
lxd/network/openvswitch/ovn: Removes unused switches argument from LoadBalancerApply
lxd/network/driver/ovn: Removes unused switches argument to client.LoadBalancerApply calls
lxd/network/openvswitch/ovn: Fix linter suggestion in LogicalSwitchDHCPv4RevervationsGet
lxd/network/openvswitch/ovn: Only add – if needed in LoadBalancerApply
lxd/instance/drivers: Remove unreachable condition
lxd: remove unused parameters from instance.go
lxd: Remove unused parameter from ensureDownloadedImageFitWithinBudget
doc/howto/logs_loki: loki.instance needs to match the Prometheus job name
lxd/config: Record error if type assertion fails
lxc: Fix indent-error-flow by removing the else block
lxc: Allow comparison of interface with bool
lxd/cluster: Prefer not to defer chains of function calls
lxd/main: Add missing comments for exported functions
lxd/cluster: Remove redundant import alias
lxd/config: Update error messages
lxd/config: Update tests with latest error messages
lxd/cluster/config: Update error messages
lxd/cluster/config: Update tests with latest error messages
doc/howto/instances_create: add CLI instructions to enable the LXD agent in manually installed VMs
doc/howto/instances_create: 1 CPU/1GiB/8GiB is too tight for desktop VMs
doc/dqlite: small doc cleanup
doc/instances: make instructions for ISO VM consistent for API & CLI
lxd/storage/btrfs: Fix btrfs argument order
lxd/storage/btrfs: add space after comment marker
doc/cloud-init: use tabs for API/CLI instructions
doc/cloud-init: add instructions for the UI
doc/cloud-init: move instructions for enabling the LXD agent
test/storage: Remove zfs rounding test
po: remove outdated “Manipulate container images.\n” section
po: remove outdated “If this is your first run, …” section
lxd/instance/drivers/driver_qemu: properly calculate VHOST_VSOCK_SET_GUEST_CID
Update metrics.md to add symbolic link from current/tls to common/tls as the work around so that Prometheus can find the .crt & .key files in the tls folder.
storage/drivers/driver_btrfs_utils: properly calculate BTRFS_IOC_SET_RECEIVED_SUBVOL
lxd/devices: properly handle cpu.limit for VM-type instances in deviceTaskBalance()
shared/idmap: Make get_userns_fd configure the userns
idmap/shift_linux: fix a bunch of go linter warnings
lxd/devices: fix a bunch of linter errors
doc/substitutions: simplify yaml formatting and alpha-sort
doc: effectively joining the lxd group requires to log out/in
doc: update to the current version of the starter pack
doc: change Makefile structure
doc: fix woke failure
lxd/seccomp/seccomp: tighten capability checks a bit
lxd/seccomp: fix a bunch of linter errors
lxd/network/driver_bridge: check the right error code when killing dnsmask
lxd/network/driver_bridge: check the right error code when killing forkdns
lxd/network/driver_bridge: remove redundant error checking
lxd/network/common: remove unused clientType param for delete()
lxd/network/utils: remove unused s param for usedByProfileDevices()
lxc/info: remove unused remotes param for instanceInfo()
lxd/cluster: remove unused cert param for loadInfo()
lxd/storage/filesystem/fs: check for error when detecting btrfs
lxc/list: remove unused conf param to listInstances()
lxc/file: remove redundant error checking
lxc/list: remove unused cInfo param to matchByNet()
lxc-to-lxd: remove unused op param to transferRootfs()
lxd-agent: remove unused debug param
lxd-agent: remove unused daemon param to get*Metrics()
lxd/apparmor: remove unused sysOS param to *Profile()
lxd/apparmor/qemuimg: fix error check when creating subprocess
lxd/auth/openfga: check error only once
lxd/db/cluster/update: remove redundant error check
lxd/db/generate/file/write: remove unused imports param to resetInterface()
lxd/db/generate/db/stmt: remove unused filters param to register()
lxd/db/generate/README: fix some markdownlint warnings
lxd/db/query/slices: remove unused typeName param to scanSingleColumn()
lxd/db/networks: remove unused tx param to getNetworkConfig()
lxd/db/storage_pools: remove unused tx param to getStoragePoolConfig()
lxd/db/storage_pools: remove duplicated error checking in getStoragePool()
lxd/device/device_utils_network: remove tautological nil check
lxd/device/nic_ovn: remove unused uplink param to setupHostNIC()
lxd/device/proxy: check the right error code when killing forkproxy
lxd/dns/debug: remove unused zone param to debug()
lxd/firewall/firewall_load: remove tautological check and remove dead code
lxd/instance/drivers/qemu: avoid dereferencing nil
lxd: remove unused forcecheck param to storageStartup()
lxd/instance/drivers/qemu_metrics: remove unused monitor param to getQemuMemoryMetrics()
lxd/daemon_storage: remove unused storageType param to mount()/umount()
lxd/instance/drivers/common: remove unused stateful param to validateStartup()
lxd/instance/drivers/qemu: remove unused configCopy param to deviceAttachNIC()
lxd/instance/drivers/qemu: remove unused configCopy and mount params to deviceAttachPath()
lxd/instance/drivers/qemu: remove unused deviceName and configCopy params to deviceAttachBlockDevice()
lxd/instance/drivers/qemu: remove unused rawConfig param to deviceDetachPath()
lxd/instance/drivers/qemu: remove unused rawConfig param to deviceDetachBlockDevice()
lxd/instance_file: remove unused s and r params to instanceFileHead()
lxd/instance_file: remove unused r param to instanceFileDelete()
lxd/main_forkproxy: remove unused timeout param to genericRelay()
lxd/storage/drivers/cephobject: remove unused bucket param to radosgwadminBucketSetQuota()
lxd/instance/drivers/driver_qemu: Fix indentation.
lxc/file: simplify loop by continuing early
lxc/list: remove duplicated comment marker
lxc/list: return early in loop
lxd/apparmor/dnsmasq: omit unneeded type declaration
lxd/apparmor/forkdns: omit unneeded type declaration
lxd/apparmor/forkproxy: omit unneeded type declaration
lxd/apparmor/qemuimg: omit unneeded type declaration
lxd/apparmor/qemuimg: add space after comment marker
lxc-to-lxd/main_migrate: return early in loop
lxd/main_forkproxy: UDP should be capitalized
lxd/storage/drivers/cephobject_buckets: fix comment for CreateBucketKey()
lxd/instance_file: remove uneeded else clauses
lxc/list: unexport architectureColumnData()
lxc/list: unexport storagePoolColumnData()
lxc/list: unexport createdColumnData()
lxc/list: unexport numberOfProcessesColumnData()
lxc/list: unexport profilesColumnData()
lxc/list: unexport lastUsedColumnData()
lxc/list: add comments to exported functions
lxc/file: add comments to exported functions
lxc/info: add comments to exported functions
lxd/main_forkproxy: add comments to exported functions
lxc-to-lxd/main_migrate: add comments to exported functions
lxd-agent: add comments to exported functions
lxd/apparmor/qemuimg: add comment to exported function
lxd/device/device_utils_network: add space after comment marker
Update grafana.md
doc: replace the doc cheat sheet
doc: move handling of additional prereqs to Makefile.sp
doc: update documentation checks
lxc: Unexport all Run and Command methods (exported).
lxc: Unexport remaining methods from lxc command structs (exported).
lxc: Remove deferred statements from loops (defer).
lxc: Fix datarace in lxc file get (datarace).
lxc: Use named returns where appropriate (confusing-results).
lxc: Check all type assertions (unchecked-type-assertion).
lxc: Replace interface{} with any (use-any).
lxc: Return early where possible (early-return).
lxc: Fix comments (comment-spacings).
lxd/apparmor/lxc: Fix rule syntax
doc: update the documentation for the doc framework
Update doc/howto/grafana.md
Update doc/howto/grafana.md
Update doc/howto/grafana.md
i18n: Update translations
lxd/api: Fix linter suggestions
lxd/firewall: Fix linter errors
doc: clean up the wordlist
doc: update links to the MicroCloud website
doc: turn on colours for the link checker and doc build on GitHub
doc: output the broken links if the linkcheck fails
doc/Makefile.sp: replace subshell by command group
lxd/apparmor/lxc: Tweak rule syntax
lxd/network: Include error type in function comment.
lxd/network: Return boolean from address validator.
lxd/network: Use switch statement instead of multiple stanzas.
lxd/network: Refactor bridge network forward creation to use pattern from ovn.
lxc/config: Fix method name in doc block.
lxc: Validate location header and listen address.
lxd/network: Use net.IP argument to checkAddressNotInUse.
doc/images: replace distrobuilder with LXD image builder
doc/server: add UI instructions for configuring server settings
lxd/auth: Remove project from request details.
lxd/auth: Remove project access check in TLS GetPermissionChecker.
lxd/project: Raise error level of GetPermissionChecker err.
lxd/project: Continue loop if GetPermissionChecker fails.
test/suites: Test for project used-by filtering for restricted TLS clients.
lxd/auth/entity: Moved generated entitlements and some helper types/functions into own package
lxd/dev/openfga: Move openfga datastore to own package to avoid unnecessary dependencies elsewhere
lxd/daemon: Use github.com/canonical/lxd/lxd/db/openfga
lxd-agent/devlxd: Removes unused reference to daemon.Debug
lxd: Use github.com/canonical/lxd/lxd/auth/entity
go: Update minimum version to 1.22.3
test/mini-oidc: Standardise on github.com/go-jose/go-jose/v4
lxd/auth/generate: Update entity generator to use new location and name changes
test/godeps: Removes openfga from expected deps for lxd-agent
github: Updated expected size of lxd-agent
github: Fix permissions for static analysis check
test/mini-oidc: Comment should end in a period (godot)
test/mini-oidc/storage/storage: renewRefreshToken confusing-results: unnamed results of the same type may be confusing, consider using named results (revive)
lxd/storage/volumes/snapshot: Fix duplicate import
lxd/events: Fix go linter error
test/mini-oidc/storage: Ignore exported func NewMultiStorage returns unexported type *storage.multiStorage, which can be annoying to use linter warning
test/mini-oidc/storage: Return standard error rather than pointer to oidc.Error
lxd/api/internal/recover: Ignore defer: prefer not to defer inside loops (revive) as this is intended
lxd/api/internal/recover: Fix early return from linter suggestion
lxd/storage/volumes: Remove empty new line
doc: add notes to files from the starter pack that should not be edited
test/mini-oidc/storage/storage: linter fixes
lxd/api/internal/recover: Fix early-return from linter
test/mini-oidc/storage: Fix import spacing
lxd/apparmor/lxc: remove dup mount options rules
test/mini-oidc: Merges into main Go module
gomod: Update dependencies and switch to go 1.22.3
build(deps): bump github.com/gorilla/websocket from 1.5.1 to 1.5.2
build(deps): bump github.com/minio/minio-go/v7 from 7.0.70 to 7.0.71
lxd/instance/drivers: Rename blockNodeName to generateQemuDeviceName
lxd/isntance/drivers: Use qemuDeviceNamePrefix for blockdevs and netdevs
lxd/instance/drivers: Use generateQemuDeviceName for device tags
lxd/instance/drivers: Indicate device name max length with variable
lxd/apparmor/lxc: reorganize mount options rules for priv containers
gomod: temporarily replace gopkg.in/square/go-jose.v2 by gopkg.in/go-jose/go-jose.v2
test/godeps: Update go-jose.v2 dependency for client
test/godeps: Update go-jose.v2 dependency for lxc-config
test/godeps: Update go-jose.v2 dependency for lxd-agent
doc/howto/instances_create: give manual instructions to install the lxd-agent
doc/cloud-init: remove section on how to enable the lxd-agent
Revert “github: run code-tests with 1.21 to avoid swagger crash”
test/suite/database: use a space between parenthesys and opening braket
test/main: export LXD_SKIP_TESTS
test/main: export LXD_REQUIRED_TESTS
github: use global vars to avoid dup’ing them between jobs
test/lint: add test to ensure all test cases are used
test: enable test_clustering_upgrade
test: enable test_clustering_upgrade_large
test/suites/backup: rename internal sub-functions
test/suites/fuidshift: rename internal sub-functions
test/suites/container_devices_disk: rename internal sub-functions
test/suites/container_devices_unix: rename internal sub-function
test/suites/image_profiles: rename internal sub-function
test/suites/config: rename internal sub-functions
test: enable test_image_import_existing_alias
test: enable test_init_dump
test: enable test_projects_copy
test: enable test_remote_url_with_token
test/suites/image: fix export/import from alias to cope with .tar.xz extension
test/suites/serverconfig: rename internal sub-function
test/suites/remote: delete project at the end of test_remote_url_with_token()
test/suites/init_dump: remove network “managed: true” from expected config dump
test/suites/init_dump: add network “project: default” to expected config dump
test/suites/init_dump: add storage_volumes list to expected config dump
test/suites/init_dump: add projects section to expected config dump
test/suites/init_dump: mangled the dumped trust_password value
test/suites/remote: update expected behavior when accessing restricted projects
github: skip clustering upgrade tests (broken)
fix(deps): update module github.com/checkpoint-restore/go-criu/v6 to v7
fix(deps): update module github.com/juju/gomaasapi to v2
lxc: Parse location header into URL.
lxd/device: Minor comment correction
lxd/device: Name parameters of the same type in DiskParseRBDFormat
test: Minor fix in tpm tests
lxd: Move addFileDescriptor to lxd/util
lxd/instance/drivers: Create ShortenedFilePath to handle long socket paths
lxd/device: Use shorter socket path when calling swtpm socket
lxd/instance: Pass shorter virtiofsd socket paths to qemu
lxd/instance/drivers: Pass shorter swtpm socket path to qemu
lxd/instance/drivers: Use shorter socket path in deviceAttachPath
doc/howto/images_remote: add token to the list of accepted params for “remote add”
gomod: Update dependencies
lxd/archive: Properly anchor exclude rules
lxd/archive: add comment to exported function
client: Remove clear-text logging of sensitive information
lxd/device/tpm: Fix regression in start VMs with TPM devices
lxd/device/device/utils/disk: Close derived unix listener socket when reverting in DiskVMVirtiofsdStart
lxd/device/disk: Fix socket leak from DiskVMVirtiofsdStart when VM fails to start in startVM
lxd/device/disk: Fix socket leak from DiskVMVirtfsProxyStart when VM fails to start in startVM
lxd: Move util.ShortenedFilePath and util.AddFileDescriptor back to qemu driver
lxd/auth: Move Authorizer implementations into drivers package.
lxd/auth/generate: Update entitlement definition generator for new package structure.
lxd: Update auth package imports.
test/godeps: Update auth package import in lxd-agent.
lxd/auth: Remove ‘driver_’ prefix from driver file names.
github: Remove permission change.
github: temporarily ignore microceph enable rgw failing
README: avoid permanent HTTP redirections with direct links
doc/debugging: avoid permanent HTTP redirection with direct link
doc/howto/instances_troubleshoot: avoid permanent HTTP redirection with direct link
doc/index: avoid permanent HTTP redirections with direct links
doc/howto/move_instances: avoid permanent HTTP redirection with direct link
doc/howto/network_bridge_firewalld: avoid permanent HTTP redirection with direct link
doc/authentication: avoid permanent HTTP redirection with direct link
doc/tutorial/first_steps: avoid HTTP redirection with direct link
doc/reference/storage_powerflex: avoid HTTP redirections with direct links
build(deps): bump github.com/zitadel/oidc/v3 from 3.24.0 to 3.25.1
build(deps): bump github.com/miekg/dns from 1.1.59 to 1.1.61
build(deps): bump github.com/openfga/language/pkg/go
build(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1
build(deps): bump github.com/gorilla/websocket from 1.5.2 to 1.5.3
test/godeps: Remove 2 golang.org/x/net deps from client
test/godeps: Remove 2 golang.org/x/net deps from lxc-config
test/godeps: Remove 2 golang.org/x/net deps from lxd-agent
api: Add explicit_trust_token extension
shared/api: Add TrustToken support in CertificatesPost and ClusterPut
lxc: Add support for setting trust token explicitly
client: Allow joining a cluster with token
lxd: Add support for setting trust token explicitly
doc/rest-api: Refresh swagger YAML
tests: Add spawn_lxd_and_join_cluster_with_token func
tests: Explicitly join a node by token during clustering
tests: Add trust by explicitly using a token
shared/api: Remove core.trust_password from examples
shared/api: Mark ClusterPassword and Password as deprecated
test/lint: Reintroduce --whole-files linter flag.
test/suites/auth: Use server config keys that contain actual passwords
lxd/patches: Add patchPreLoadClusterConfig patch stage
lxd: Run the patchPreLoadClusterConfig patch stage on init
shared/util: Add basic PathIsWritable
shared/util: Add comments to exported functions
lxc/config: Bump zitadel/oidc to v3
client: Bump zitadel/oidc to v3
client: Add default 10s timeout to IdP requests.
lxd/auth/oidc: Bump zitadel/oidc to v3
test/godeps: Update dependency lists for linter.
client/connection: Check for presence of snapped LXD unix socket
lxd-migrate: Rename user agent to LXD-MIGRATE
lxd-migrate: Support using the local server
github: Bump max binary size for lxc.
gomod: Remove now unneeded replace directive
github: Update bin size checks to derive min from the max provided
lxd/instance/instancetype: Fix limits.memery unit
docs: Update metadata
shared/cert: Set Not Before in self-signed cert to now-1minute
shared/cert: Add comments to exported functions
lxd/instance/drivers/driver/common: Update devicesUpdate to return slice of devlxd events
lxd/instance/drivers/driver/lxc: Use devlxd events returned from d.devicesUpdate in Update
lxd/instance/drivers/driver/qemu: Use devlxd events returned from d.devicesUpdate in Update
lxd/instance/drivers/driver/qemu: Update deviceAttachPath to return mount tag for mounting inside guest
lxd/instance/drivers/driver/common: Capture mount tag returned from deviceStart in devicesUpdate and pass to devlxd event
lxd-agent/events: Detect mount tag in source field of options for disk devices
lxd-agent/events: Linter fix
lxd/instance/drivers: Extract hashing from generateQemuDeviceName to hashIfLonger
lxd/instance/drivers: Indicate max device ID length with qemuDeviceIDMaxLength
fix(deps): update golang.org/x/exp digest to 7f521ea
lxd/storage/drivers/ceph: Call genericVFSCreateVolumeFromMigration only once
lxd/storage/backend/lxd: Use validated image fingerprint from DB record in EnsureImage
build(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1
lxd/instance/drivers/load: Remove unnecessary check for device name length
client/lxd_images: Remove check of an impossible error
lxd/db/images: Populate source image type when fetching an image
client/lxd_images: Handle potential panic when extracting values from operation metadata
lxd/storage/drivers/ceph: Allow receiver to read VM filesystem vol via rsync
lxd/storage/drivers/ceph: Clarify migration comments
lxd/storage/drivers/dir: Quote paths in errors
lxd/storage/drivers/dir: Allow lost+found subdir if source is root of the filesystem
lxd/storage: Set correct volume’s volatile.uuid on refresh
lxd/storage/drivers/powerflex: Revert unmap before resize
lxd/storage/drivers: Use context for tryExists
lxd/storage/drivers/btrfs: Use 10s timeout context for tryExists
lxd/stroage/drivers/btrfs: Fix typo in comment
lxd/storage/drivers: Add waitGone utility func
lxd/storage/drivers/powerflex: Wait for volume to disappear after unmount
lxd/storage/drivers/powerflex: Remove unnecessary NVMe/TCP disconnect
lxd/storage/drivers/powerflex: Lock the entire volume map process
test: Add dir storage pool test for empty mounted filesystem
doc: readthedocs now supports Go 1.22
doc: use Python 3.12 on readthedocs
Makefile: bump Go min to 1.22.4 (needed by OpenFGA)
github: bump Go min version to 1.22.4
lxd/apparmor/network_forkdns: forkdns binds port 1053 (no need for CAP_NET_BIND_SERVICE)
lxd/apparmor/network_forkdns: forkdns talks to dnsmasq which also listens on TCP/53
test/suites/clustering: improve grep patterns to be safer
test/suites/clustering: make better use of alternations in grep pattern
Revert “test/lint: Disable licence check.”
github: pull GOMIN from Makefile
github: always check compat with GOMIN
github: make sure doc requirement for Go version stays in sync
doc/requirements: bump min Go version to 1.22.4
doc/projects: Add API instructions
doc/rest-api: Refresh swagger YAML
i18n: Update translation templates
gomod: Update deps
test/suites/tls_restrictions.sh: Bring into sync with main
client/lxd/cluster: Fix linter issues
build(deps): bump github.com/go-chi/chi/v5 from 5.0.13 to 5.0.14
build(deps): bump github.com/openfga/openfga from 1.5.4 to 1.5.5
lxd/storage/drivers/powerflex: Don’t use nvme CLI to retrieve subsystems
lxd/storage/drivers/zfs: Wait for device to appear when activating a volume
lxd/apparmor/instance_lxc: allow devpts for unprivileged containers
lxd/storage/drivers/zfs: Check for non /dev/zvol/* paths
Revert “instance/driver_qemu: implement SetAffinity()”
lxd/device: Disable VM CPU auto pinning
Revert “Revert “instance/driver_qemu: implement SetAffinity()””
doc: add LTS to Ubuntu versions
doc/installing: remove related link to snap package guide
doc: move doc-incremental target
doc/linkchecker: remove exceptions for MAAS documentation
lxd/apparmor/instance_qemu: relax proc rules a bit to workaround bug in AppArmor
lxd/auth: Standardise error field to err
lxd/identities: Standardise error field to err
lxd: Standardise error field to err
lxd-agent/events: Retry virtiofs hotplug mount
lxd-agent: Enable syslog logging
lxd-agent: Match the use of contextual logging for start up mounts
lxd-agent: Standardise error field to err
lxd-agent: Ignore linter complaints about deep exit
lxd-agent: Log start time mount args on error
build(deps): bump github.com/go-chi/chi/v5 from 5.0.14 to 5.1.0
build(deps): bump github.com/osrg/gobgp/v3 from 3.27.0 to 3.28.0
Makefile: the toolchain directive should be better supported now
lxd/auth: Add constants for internal authentication methods.
lxd/auth/drivers: Use authentication method constants.
lxd: Use authentication method constants.
lxd/util: Split CheckTrustState into two functions.
lxd/cluster: Update calls to CheckTrustState.
lxd: Update calls to CheckTrustState.
lxd-agent: Update calls to CheckTrustState.
lxd: Refactor (*Daemon).Authenticate method.
lxd: Update comment on server certificate mTLS checks.
lxd/util: Update info log to indicate CA restriction applies to clients.
lxd/util: Add comment to exported method (revive: exported).
lxd: Disallow certificate creation in CA mode if cert is not signed by CA.
lxd/auth/drivers: Delegate to the TLS authorizer when protocol is PKI.
lxd/auth/drivers: Set logger in TLS driver.
shared: Set GetClientCertificate in TLS config.
shared: Add comments to exported functions (revive: exported).
doc: Update PKI documentation.
fix(deps): update module github.com/juju/gomaasapi to v2
lxd/storage/drivers/powerflex: Make getMappedDevPath mode independent
lxd/storage/drivers/powerflex: Let createNVMeHost return a reverter
lxd/storage/drivers/powerflex: Let connectNVMeSubsys return a reverter
lxd/storage/drivers/powerflex: Make mapNVMeVolume mode independent
lxd/storage/drivers/powerflex: Make unmapNVMeVolume mode independent
lxd/storage/drivers/powerflex: Add operation mode constants
gomod: Add Dell goscaleio library
lxd/storage/drivers/powerflex: Add SDC mode
lxd/storage/drivers/powerflex: Remove powerflex.host lock
lxd/storage/drivers/powerflex: Fix subsystem discovery
metadata: Add PowerFlex SDC mode
doc: Add PowerFlex SDC mode
doc/projects: add UI instructions for projects
lxd/instance/drivers/driver/lxc: Re-generate lxc.conf during Exec
lxd/instance/drivers/driver/lxc: Improve error message for loading go-lxc
server/seccomp: Add loongarch64
shared/cgo: Add loongarch64
Add loongarch64 support
doc: Add LoongArch to word list
lxc: Add validation for non-empty remote address
i18n: Update translation templates
lxd/device: Allow zfs storage pools in degraded state
doc/bgp: Clarify how to configure BGP for OVN (uplink) networks
lxd/instance/drivers/driver/lxc: Fix containers not always starting up after host reboot
lxd/instance/instance/utils: Fix LoadFromBackup to work without DB
lxd: instance.LoadFromBackup usage
lxd/auth: Add utils for inspecting the request context.
lxd/auth/drivers: Refactor drivers to use auth utils.
lxd: Add access handler for project resource listing.
lxd: Use allowProjectResourceList access handler.
lxd/auth: Remove http.Request parameter from authorizer interface.
lxd/auth/drivers: Update auth drivers to remove request parameter.
lxd/project: Update authorizer calls.
lxd: Update calls to authorizer.
test/suites: Validate listing resources in disallowed project returns an error.
Revert “test/suites/remote: update expected behavior when accessing restricted projects”
lxd/auth: Add GetIdentityFromCtx util.
lxd/auth: Handle unrestricted clients when checking caller privilege.
lxd/auth/drivers: Update TLS driver to use new utils.
lxd/auth/drivers: Update OpenFGA driver to use new utils.
lxd/auth/drivers: Ignore the identities’ project list in OpenFGA driver.
lxd: Update allowProjectResourceList to use new auth utils.
lxd/identity: Move ValidateAuthenticationMethod to identity package.
lxd/identity: Validate authentication method when getting cache entries.
fix(deps): update golang.org/x/exp digest to 46b0784
fix(deps): update module github.com/minio/minio-go/v7 to v7.0.73
test/suites: Improve test coverage for PKI mode.
test/suites: Improve PKI test coverage.
build(deps): bump github.com/dell/goscaleio from 1.14.1 to 1.15.0

Downloads

The release tarballs can be found on our download page.

Binary builds are also available for:

Linux: snap install lxd
MacOS: brew install lxc
Windows: choco install lxc

Notes on upgrading when using ZFS on Ubuntu 18.04

If you are using LXD on Ubuntu 18.04 with ZFS and LXD does not start after upgrading, you may find this error in the /var/snap/lxd/common/lxd/logs/lxd.log log file:

Error: Required tool ‘zpool’ is missing

This is due to LXD 5.21.x onwards requiring ZFS 2.1 or later in the kernel when consumed from the latest/stable snap channel.

For LTS consumers we include ZFS 0.8 support in the 5.21/stable snap channel.

In order to add ZFS 0.8 support to an Ubuntu 18.04 system please upgrade the kernel to the Ubuntu Hardware Enablement kernel (HWE).

sudo apt-get install --install-recommends linux-generic-hwe-18.04
sudo reboot

Then switch LXD to the 5.21/stable channel:

sudo snap refresh lxd --channe=5.21/stable

tomp · July 16, 2024, 1:37pm

LXD 5.21.2 LTS is now available in the 5.21/candidate snap channel and will be rolled out to the 5.21/stable channel soon.

tomp · July 22, 2024, 8:58am

LXD 5.21.2 LTS is now progressively rolling out to the 5.21/stable snap channel.