LXD 5.21.3 LTS has been released

tomp · January 22, 2025, 10:58am

Introduction

The LXD team would like to announce the release of LXD 5.21.3 LTS!

This is the third bugfix release for LXD 5.21 which is supported until June 2029.

Thank you to everyone who contributed to this release!

Bug fixes and improvements

Nvidia GPU Container Device Interface (CDI) enabling iGPU passthrough

We have added support for using the Container Device Interface (CDI) specification to configure GPU pass-through in LXD containers.

This also enables the possibility of using GPU passthrough for devices that don’t use PCI addressing (like NVIDIA Tegra iGPUs) and provides a more flexible way to identify and configure GPU devices.

CDI is an open specification for container runtimes that abstracts what access to a device, such as an NVIDIA GPU, means, and standardizes access across container runtimes.

The LXD gpu device’s id field now accepts CDI identifiers for containers, in addition to DRM card IDs.

E.g. to add a GPU to a container using the CDI identifier nvidia.com/gpu=0 use:

lxc config device add c1 mygpu gpu id=nvidia.com/gpu=0

This will also pass through supported nvidia runtime tooling into the container, as such the nvidia.* settings are mutually exclusive with CDI mode GPU devices.

Documentation: CDI Mode

API extension: gpu_cdi

Improved VM conversion from external disk images

The lxd-migrate tool and the LXD API now supports the ability to convert external disk images from different formats (e.g. VMDK or QCow2) into the required RAW image format and import them as VM instances. This conversion is done on the server-side to allow the possibility of uploading external images from a web browser via the LXD UI.

This new functionality also supports injecting virtio drivers into the VM to make them compatible with LXD. To make use of this functionality additional third party tools need to be installed on the LXD server(s).

The lxd-migrate tool has also been improved to support non-interactive mode, which eases bulk conversion jobs.

Additionally the lxd-migrate tool can now connect to LXD using the local UNIX socket, avoiding the need to setup an authentication method when performing local conversions.

Documentation: How to import physical or virtual machines to LXD instances

Specification: Improve VM import from external sources

API extension: instance_import_conversion

Fine-grained access management for TLS authenticated clients

Following on from the fine-grained authorization controls for OIDC authenticated clients added in LXD 5.21.0 LTS this release adds support for using those same fine-grained authorization controls for TLS authenticated clients.

Example:

On LXD host via the UNIX socket:

# Enable remote API (for TLS and OIDC clients)
lxc config set core.https_address=:8443 

# As an example, create an admin group with the server admin permission
lxc auth group create admins
lxc auth group permission add admins server admin

# Create fine-grained TLS identity and add to the admin group
lxc auth identity create tls/<name> --group admins
<single use join token displayed>

# Use join token to setup trust between client and server
lxc remote add <server name> <join token>

Documentation:

Fine-grained authorization
Fine-grained TLS example in Authenticate with the LXD server
Fine-grained TLS example in Confine users to specific projects on the HTTPS API

Specification: TLS Fine-grained authorization

API extension: access_management_tls

API metrics for cluster health monitoring

Two new sets of metrics have been added to the LXD metrics API endpoint:

Total completed requests (lxd_api_requests_completed_total).
Number of ongoing requests (lxd_api_requests_ongoing).

These metrics are grouped by entity type and broad error type to help identity the cause or area of the potential problem.

These metrics can be consumed by an observability tool deployed externally (for example, the Canonical Observability Stack or another third-party tool) to help identify failures or overload on LXD servers. You can set thresholds on the observability tools for these metrics’ values to trigger alarms and take programmatic actions.

E.g.

lxc query /1.0/metrics
# HELP lxd_api_requests_completed_total The total number of completed API requests.
# TYPE lxd_api_requests_completed_total counter
lxd_api_requests_completed_total{entity_type="server",result="error_client"} 0
lxd_api_requests_completed_total{entity_type="server",result="succeeded"} 9
lxd_api_requests_completed_total{entity_type="server",result="error_server"} 0
lxd_api_requests_completed_total{entity_type="instance",result="succeeded"} 2
lxd_api_requests_completed_total{entity_type="instance",result="error_server"} 0
lxd_api_requests_completed_total{entity_type="instance",result="error_client"} 0

# HELP lxd_api_requests_ongoing The number of API requests currently being handled.
# TYPE lxd_api_requests_ongoing gauge
lxd_api_requests_ongoing{entity_type="server"} 1
lxd_api_requests_ongoing{entity_type="instance"} 0

Documentation: API rates metrics

Specification: API metrics for disaster recovery

API extension: metrics_api_requests

CLI completion improvements

The lxc command’s shell completions have been reworked to allow for easier extensibility and maintainability. Rather than sourcing shell completions from the old monolithic bash script, we now define completions programatically in lxc/completion.go. Shell completions are provided with out of box support for the LXD Snap for users using bash. For users of zsh or fish, completions can be generated using the lxc completion command. Below is a list of general improvements and additions to LXD CLI shell completions:

Dynamic completions (completions based on context, such as remote).
Improvements to completions for lxc config and lxc profile- configuration keys are now completed for containers or VMs depending on context.
Additional completions for lxc config {get,set} - server configuration options are now dynamically completed.
Improvements to lxc config device completions - all possible devices and device options are now completed.
Improvements to lxc start|stop|pause, lxc delete, and lxc exec completions - instances are completed contextually based on state. For example, lxc start will only complete instances that are in a stopped or frozen state.
Completions for lxc init and lxc launch now provide completions for images provided by the images and ubuntu remotes.
General improvements and bug fixes to lxc console, lxc file and lxc storage volume completions.
Improvements to completion function documentation in lxc/completion.go.

Documentation: lxc completion

Prevent custom storage block volumes from being used concurrently by default (from Incus)

As a safety feature to prevent accidental data corruption LXD now prevents the concurrent use of custom block volumes when attached to multiple instances.

This check can be overridden if required (and the risks for data corruption are understood/mitigated by the user) by enabling a new key security.shared on custom block volumes.

If unset or false, the custom block volume cannot be attached to multiple instances.
If true it allows it to be attached to multiple instances.

API extension: shared_custom_block_volumes

Instance start protection setting

Added a new instance setting security.protection.start which prevents instances from being started if set to true.

Example:

lxc init ubuntu:24.04 c1 --config security.protection.start=true
lxc start c1 
Error: Instance is protected from being started

API extension: instance_protection_start

Instance start after create API option (from Incus)

A new start field has been added to the POST /1.0/instances API which when set to true will have the instance automatically started once the instance has been created.

This avoids the need for API clients to send an additional request to start a newly created instance.

API extension: instance_create_start

VM support for the `security.devlxd.images` setting

The instance security.devlxd.images setting is now available for VMs.
This setting controls the availability of a /1.0/images/FINGERPRINT/export API over devlxd.
This can be used by a VM running LXD inside the guest to access raw images from the host, which avoids the need for the guest LXD to download the images again if they are already on the host.

API extension: devlxd_images_vm

VM disk virtio-blk support (from Incus)

LXD VM disk devices now support a new virtio-blk value for the io.bus setting allows for the attached disk to be connected to the virtio-blk bus, instead of the default virtio-scsi bus. This can help with guest support. See this comparison for more info.

Example:

Create a VM with the root disk using virtio-blk mode:

lxc launch ubuntu:24.04 v1 --vm --device root,io.bus=virtio-blk
lxc exec v1 -- lsblk
lsblk
NAME    MAJ:MIN RM  SIZE RO TYPE MOUNTPOINTS
vda     253:0    0   10G  0 disk 
├─vda1  253:1    0    9G  0 part /
├─vda14 253:14   0    4M  0 part 
├─vda15 253:15   0  106M  0 part /boot/efi
└─vda16 259:0    0  913M  0 part /boot

API extension: disk_io_bus_virtio_blk

Per-project storage pool disk limits (from Incus)

Introduces per-pool project disk limits, introducing a limits.disk.pool.{POOL_NAME} configuration option to the project limits.

When limits.disk.pool.{POOL_NAME}: 0 for a project, the pool is excluded from lxc storage list in that project.

Example:

lxc storage create zfs zfs
lxc project create foo
lxc project set foo limits.disk.pool.zfs=1GiB

lxc init ubuntu:24.04 c1 \
    --storage zfs --project foo
Creating c1
Error: Failed instance creation: Failed checking if instance creation allowed: Failed getting usage of project entities: Instance "c1" in project "foo" has no "size" config set on the root device either directly or via a profile

lxc init ubuntu:24.04 c1 \
    --storage zfs --project foo  --device root,size=1GiB
Creating c1

lxc init ubuntu:24.04 c2 \
    --storage zfs --project foo --device root,size=1GiB
Creating c2
Error: Failed instance creation: Failed checking if instance creation allowed: Reached maximum aggregate value "1GiB" for "limits.disk.pool.zfs" in project "foo"

lxc storage list --project foo
+---------+--------+------------------------------------+-------------+---------+---------+
|  NAME   | DRIVER |               SOURCE               | DESCRIPTION | USED BY |  STATE  |
+---------+--------+------------------------------------+-------------+---------+---------+
| default | dir    | /var/lib/lxd/storage-pools/default |             | 3       | CREATED |
+---------+--------+------------------------------------+-------------+---------+---------+
| zfs     | zfs    | /var/lib/lxd/disks/zfs.img         |             | 4       | CREATED |
+---------+--------+------------------------------------+-------------+---------+---------+

lxc storage list --project foo
+---------+--------+------------------------------------+-------------+---------+---------+
|  NAME   | DRIVER |               SOURCE               | DESCRIPTION | USED BY |  STATE  |
+---------+--------+------------------------------------+-------------+---------+---------+
| default | dir    | /var/lib/lxd/storage-pools/default |             | 3       | CREATED |
+---------+--------+------------------------------------+-------------+---------+---------+

lxc storage show zfs --project foo
Error: not found

API extension: projects_limits_disk_pool

New `lxc file create` sub-command (from Incus)

The new lxc file create command allows you to create empty files and directories inside your instances.

Example:

lxc launch ubuntu:24.04 c1
lxc exec c1 -- stat /root/foo
stat: cannot statx '/root/foo': No such file or directory
lxc file create c1/root/foo
lxc exec c1 -- stat /root/foo
  File: /root/foo
  Size: 0         	Blocks: 0          IO Block: 4096   regular empty file
Device: 252,1	Inode: 7116616     Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2024-11-28 08:52:08.704376158 +0000
Modify: 2024-11-28 08:52:08.704376158 +0000
Change: 2024-11-28 08:52:08.704376158 +0000
 Birth: 2024-11-28 08:52:08.704376158 +0000

Documentation: lxc file create

VM live migration with attached remote block storage volumes (from Incus)

It is now possible to live-migrate VMs that have exclusively attached block type storage volumes from remote storage pools.

VM live migration with attached remote block storage volumes (from Incus)

It is now possible to live-migrate VMs that have exclusively attached block type storage volumes from remote storage pools.

VM USB NIC passthrough (from Incus)

USB NIC devices can now be passed into VMs.

Example:

lsusb
Bus 002 Device 003: ID 0b95:1790 ASIX Electronics Corp. AX88179 Gigabit Ethernet

ip link
17: enx00249b73f3ba: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 00:24:9b:73:f3:ba brd ff:ff:ff:ff:ff:ff

lxc launch ubuntu:24.04 v1 --vm
lxc exec v1 -- apt update
lxc exec v1 -- apt install linux-image-generic # Install drivers
lxc stop v1
lxc config device add v1 eth0 nic nictype=physical parent=enx00249b73f3ba
lxc start v1

lxc exec v1 -- lsusb
Bus 002 Device 002: ID 0b95:1790 ASIX Electronics Corp. AX88179 Gigabit Ethernet

lxc exec v1 -- ip link
2: enx00249b73f3ba: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 00:24:9b:73:f3:ba brd ff:ff:ff:ff:ff:ff

Documentation: Physical NIC device

Support for unprivileged binfmt_misc namespacing (from Incus)

From Linux 6.7 there is support for binfmt_misc name-spacing.

LXD now detects and supports this:

Older kernel systems = no change, systemd-binfmt in guest starts without error, but the actual mount is unusable.
Supported kernels = systemd-binfmt service doesn’t start in guest (due to an autofs dependency), but if binfmt_misc is mounted manually inside the guest it is usable now.

Network IP allocation and leases list improvements

OVN virtual router external IPs are now included in network IP allocation list with a type of uplink.

Additionally there is a new network field on each allocation, indicating which network each allocated address belongs.

Finally, the Used By column now includes the correct project parameter for the instance URLs.

Previously this was always the project of the network the instance was connected to, but as it is possible for instances in non-default projects to connect to networks in the default project, this has now been updated to show the instance’s project.

Example:

# Show IPv4 address for `ovn1` network on its uplink network
lxc network get ovn1 volatile.network.ipv4.address
10.76.175.11

# Create instance in non-default project connected to ovn1 network
lxc project create foo
lxc launch ubuntu:24.04 c1 \
    --network ovn1 --project foo --storage default

# Same IP is shown in allocations list as the `ovn1` network's uplink IP
# We see `10.76.175.11` belongs to the `lxdbr0` network (the uplink)
# We also see 10.138.126.2 belongs to `c1` in project `foo`
lxc network list-allocations
+-------------------------------+--------------------------------------------+---------+----------+------+-------------------+
|            USED BY            |                  ADDRESS                   | NETWORK |   TYPE   | NAT  | HARDWARE ADDRESS  |
+-------------------------------+--------------------------------------------+---------+----------+------+-------------------+
| /1.0/networks/lxdbr0          | 10.76.175.1/24                             | lxdbr0  | network  | true |                   |
+-------------------------------+--------------------------------------------+---------+----------+------+-------------------+
| /1.0/networks/lxdbr0          | fd42:8789:1984:9514::1/64                  | lxdbr0  | network  | true |                   |
+-------------------------------+--------------------------------------------+---------+----------+------+-------------------+
| /1.0/networks/ovn1            | 10.76.175.11/32                            | lxdbr0  | uplink   | true |                   |
+-------------------------------+--------------------------------------------+---------+----------+------+-------------------+
| /1.0/networks/ovn1            | fd42:8789:1984:9514:216:3eff:fe8a:562/128  | lxdbr0  | uplink   | true |                   |
+-------------------------------+--------------------------------------------+---------+----------+------+-------------------+
| /1.0/networks/ovn1            | 10.138.126.1/24                            | ovn1    | network  | true |                   |
+-------------------------------+--------------------------------------------+---------+----------+------+-------------------+
| /1.0/networks/ovn1            | fd42:15aa:553f:e9ef::1/64                  | ovn1    | network  | true |                   |
+-------------------------------+--------------------------------------------+---------+----------+------+-------------------+
| /1.0/instances/c1?project=foo | 10.138.126.2/32                            | ovn1    | instance | true | 00:16:3e:0b:9e:67 |
+-------------------------------+--------------------------------------------+---------+----------+------+-------------------+
| /1.0/instances/c1?project=foo | fd42:15aa:553f:e9ef:216:3eff:fe0b:9e67/128 | ovn1    | instance | true | 00:16:3e:0b:9e:67 |
+-------------------------------+--------------------------------------------+---------+----------+------+-------------------+

API extension: network_allocations_ovn_uplink

OVN physical uplink native Linux bridge VLAN support

Adds support for using a native Linux bridge network with a specified vlan ID as a physical network for use as an uplink for OVN networks.

Example:

lxc network create UPLINK --type=physical \
    parent=br0 \
    vlan=123 \
    ipv4.gateway=192.0.2.1/24 \
    ipv4.ovn.ranges=192.0.2.200-192.0.2.210

lxc network create ovn1 --type=ovn network=UPLINK

API extension: network_ovn_uplink_vlan

OVN persistent NIC ports

The ovn NIC device type in LXD represents a logical switch port in the OVN northbound database. LXD uses OVN’s IPAM feature to allocate dynamic IPv4 addresses to these logical switch ports.

Previously LXD’s ovn NIC implementation created a logical switch port when the instance was started (triggering IP allocation in OVN) and deleted the logical switch port when the instance was stopped (freeing the afore mentioned IP allocation).

This behaviour of allocating and deallocating IPs at instance start and stop was causing the potential of IPs being reallocated when an instance was stopped and then when it was started back up again being allocated a different IP than the one it had previously.

Unlike LXD’s bridge networks where leases are held (for the lease lifetime) when an instance is rebooted, no such hold time was available in OVN.

As such LXD’s ovn NIC devices now create a logical switch port at the time they are added to an instance (so the IP allocation happens at add time now) and the port is persistent until the NIC device is removed from the instance or the instance is deleted.

This has the behaviour of allocating an IP to a ovn NIC for the lifetime of that NIC device.

Logical CPU account available for instance placement scriptlets

Adds logical_cpus field to GET /1.0/cluster/members/{name}/state which contains the total available logical CPUs available when LXD started.

This information is now available to instance placement scriptlets.

API extension: state_logical_cpus

Formalizing the metadata API

The metadata API is now formalized with an API extension and struct entries in shared/api package.

Additionally entity type metadata has been added to the GET /1.0/metadata/configuration endpoint. The entity type metadata is a JSON object under the entities key.

API extension: metadata_configuration_entity_types

VM CPU core automatic pinning strategy option

A new instance configuration option has been added called limits.cpu.pin_strategy that defaults to “none”, but can be set to “auto” to enable the automatic CPU pinning for that instance.

lxc config set v1 limits.cpu.pin_strategy=auto

Documentation: CPU Pinning

LVM thick storage volumes are wiped on creation

By default when using an lvm storage pool the volumes created use LVM thin mode where blocks are allocated to the volume dynamically. However LXD supports using “thick” LVM volumes by setting lvm.use_thinpool=false at storage pool creation time.

Thick LVM volumes are just offsets within the LVM volume group. Because of this it is possible in certain scenarios for newly created thick LVM volumes to not be fully wiped from previous usage.

To ensure that newly created LXD volumes do not contain any past data LXD now performs a series of reset attempts (increasing in time cost) and verifies that the LVM thick volume is wiped before allowing use of it.

LXD-UI advancements

A rich amount of new features for the LXD-UI is included in the snap release.

Extended instance creation in the UI

Added support to Import VMDK, qcow2 or other instance formats directly in the UI.

Enabled uploading of instance backup files previously exported from LXD.

New instance actions in the UI

Enabled new actions on the instance detail page:

Migrate an instance to a different storage pool or cluster member.
Create an image from an instance.
Duplicate an instance.
Export an instance as a local backup file.

Instance and profile configuration in the UI

Enabled additional device type configurations including disk, network, proxy, GPU and other devices.

Improved the edit experience. You can now directly edit the configuration, and the save button will display a counter indicating pending changes.

Storage volume action additions to the UI

Enabled new actions on the storage volume detail page:

Migrate a storage volume to a different storage pool.
Duplicate a storage volume.

Semiotics in the UI

Improved semiotics by using better suiting icons in the main navigation. Introduced a global chip styled pattern for entities that appear in notifications or inline. This helps to indicate the type of an entity that is referenced and links to it.

Permission improvements in the UI

Create permission groups and assign entitlements has been combined to a single workflow. This makes setting up fine-grained permissions seamless.

Enhanced permission selectors with search functionality and enriched data display for assigning entitlements to groups.

Snap upgrade improvements

An issue that was preventing stopping and restarting running containers when upgrading between LXD major release series has been fixed in this release.

This problem was caused by the difference in core snap versions in the different LXD release series, which was preventing LXD’s container stop hook notification from running when refreshing between snap channels while containers were still running.

This issue has been fixed now by utilising a static binary to trigger the stop hooks which is executable across snap core versions.

Example:

snap install lxd --channel=5.0/stable
lxd init --auto
lxc launch ubuntu:24.04 c1
snap refresh lxd --channel=6/stable # With container still running
lxc stop c1 # Previously this hung

Updated minimum Go version to 1.23

The minimum version of Go required to build LXD is now 1.23.

Snap packaging dependency updates

lxd-ui: Bump to 0.15
apparmor: Bump to v4.0.3
criu: Bump to v4.0
dqlite: Bump to v1.17.1
lxc: Bump to v6.0.2
lxcfs: Bump to v6.0.2
libnvidia-container: Bump to v1.17.2
nvidia-container-toolkit: Bump to v1.17.2
uefivars: Bump to v1.2
qemu: Bump to 8.2.2+ds-0ubuntu1.5
zfs: Bump to zfs-2.2.6

Complete changelog

Here is a complete list of all changes in this release:

Full commit list

lxd/instance/drivers/driver/common: Fix crash when device doesn’t return run config when being live updated
lxd/instance/drivers/driver/common: Fix crash when device doesn’t return run config when being live updated
lxd/network: Pass bridge ips to Firewall.NetworkSetup
lxd/firewall: Drop DNS traffic to dnsmasq originating outside the bridge
test: Ensure dns traffic from external source is dropped
lxd/instance/drivers/driver/qemu: Use consistent host drive share device name when booting and hotplugging
lxd/instance/drivers/driver/qemu/templates: Fix qemuHostDriveDeviceID to support long device names
lxd/instance/drivers/driver/qemu: Align fsdev and chardev names for host drive to that used when hotplugging
lxd/device/disk: Escape device name when using it as part of a path for drive share daemons
lxd/instance/drivers/driver/qemu: Update path of virtiofsd in deviceAttachPath
lxd/instance/drivers/driver/qemu: Updates generateQemuDeviceName to also do escaping
lxd/instance/drivers/driver/qemu: Update usage of d.generateQemuDeviceName
lxd/instance/drivers/driver/qemu/config/test: Update host drive tests to reflect new consistent fsdev and chardev naming
lxd/instance/device: Correct qemuDeviceIDMaxLength
lxd/instance/drivers: Switch qemuHostDriveDeviceID for qemuDeviceNameOrID
lxd/instance/drivers: Use qemuDeviceNameOrID for node names and mount tags
lxd/instance/drivers: Use qemuDeviceNameOrID for TPM config section IDs
lxd/device: Allow / in VM TPM device name
lxd/device: Allow / in container TPM device name
lxd/apparmor/feature_check: add infastructure to check AppArmor features
lxd/apparmor/instance_lxc: allow nosymfollow mount flag
test/includes/lxd: optimize spawn_lxd()
test/includes/lxd: simplify kill_lxd()
test/includes/storage: optimize storage_backend()
test/includes/storage: add storage_backend_optimized_backup() helper
test/suites/backup: use storage_backend_optimized_backup() helper
test/suites/backup: cleanup exported tarballs
test/suites/backup: replace lxc rm by lxc delete
test/suites/backup: list content of untar’ed directory
doc/reference/storage_drivers: use emojies to ease reading
doc/reference/storage_drivers: add column for optimized backup support (Btrfs/ZFS only)
fix(deps): update k8s.io/utils digest to 18e509b
shared/simplestreams/products: Try to extract version creation time beside the date
lxd: Use constant for devlxd remote address.
lxd: Clarify authentication/authorization for viewing/exporting images.
test/suites: Test public image behaviour for trusted, restricted clients.
lxd: Send image-retrieved lifecycle event when rootfs file is present.
lxd/apparmor: fix linter errors
Removes CODEOWNERS file
lxd: Define devlxd handler functions.
lxd: Define a type for a devlxd handler function.
lxd: Rename the f field of the devlxdHandler type.
lxd: Specify field names in devlxd handler definitions.
lxd: Fix lint errors (revive: unchecked-type-assertion).
lxd: Remove log formatting and use log context instead.
lxd: Rename pidNotInContainerErr (revive: error-naming).
lxd: Add comments to exported types/methods (revive: exported).
test: Adds a test for the none device
lxd/api_1.0: Sort drivers in response
test: use bash and separately set options
Add a shellcheck RC to default to bash flavor
test: stop silencing local is not supported by sh
test/suites/security: avoid reusing standard UID shell variable
test/suites/clustering: fix variable shadowing/reuse/uninit
doc/authentication: clean up PKI instructions
lxd: Standardise on “err” field in contextual logging for error
lxd/migrate_storage_volume: Add comments to public functions
internal/linux: Define some IOCTLs
Revert “lxd/instance/drivers/driver_qemu: properly calculate VHOST_VSOCK_SET_GUEST_CID”
incusd/instance/qemu: Don’t use hardcoded ioctl
Revert “storage/drivers/driver_btrfs_utils: properly calculate BTRFS_IOC_SET_RECEIVED_SUBVOL”
incusd/storage/btrfs: Don’t use hardcoded ioctl
incusd/devices: Simplify ioctl logic
fix typo in index.md
doc/contributing: add section on how-tos
lxd: Update logic for project config patch
test/suites: Add testing for project PATCH
Makefile: bump Go min to 1.22.5 (needed by OpenFGA)
doc/requirements: bump min Go version to 1.22.5
lxd/apparmor: allow userns for security.nesting=true case
shared/api/instance: Name return arguments
shared/util_linux: Fix linting issues
lxd/storage: Move BlockDiskSizeBytes function into separate package
lxd/storage/backend_mock: Satisfy linter by adding empty comments to all functions
lxd/storage/backend_lxd: Use contexctual logger in CreateInstanceFromMigration
lxd/migrate*: Add missing comments to exported functions
lxd-migrate/main_migrate: Fix typo in volume size question
lxd-migrate: Remove unused input argument
lxd-migrate: Rename util function to transferRootDiskForMigration
lxd-migrate: Extract helper function for sending block volume
lxd-migrate/utils: Add helper function to determine whether the image is in raw format
lxd-migrate/main_migrate: Allow only raw VM image in migration mode
doc: Remove misleading tip in instance import doc
doc: Fix typo in questions within instance import doc
lxd/migrate: Fix migrationSinkArgs comment
lxd/migrate: Remove unused migrations sink args
lxd/*: Make fields of migrationSinkArgs structure private
lxd/db/openfga: Add an exception for type-bound public access in ReadStartingWithUser
lxd/db/openfga: Switch raw string for auth.EntitlementCanView
lxd/db/openfga: Lint fix
test/godeps: Update lxd-agent dependency list
fix(deps): update golang.org/x/exp digest to 8a7402a
fix(deps): update module github.com/minio/minio-go/v7 to v7.0.74
Update metrics.md to remove symlink trailing slash
fix(deps): update module github.com/pkg/xattr to v0.4.10
lxd/device/device/utils/disk: Update DiskVMVirtiofsdStart to use chroot sandbox mode on pre pidfd_open kernels
lxd: DiskVMVirtiofsdStart usage
lxd/device/device/utils/disk: Removes unused execPath arg from DiskVMVirtiofsdStart
lxd: DiskVMVirtiofsdStart usage
gomod: Dependency updates
lxd-metadata: Fix lint errors (revive: unchecked-type-assertion, var-naming).
doc: Fix exception rules for import_machines_to_instances.md
doc/projects: fix documentation for PATCH request
build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.3 to 4.0.4
lxd/auth/generate: Add dry run functionality.
lxd-metadata: Add entitlements to output json.
lxd/apparmor/instance_qemu: support external qemu snap
lxd/instance/drivers/driver_qemu: support external qemu snap
lxd-metadata: Add entities/entitlements to generated doc file.
doc: Rename config_options.txt → metadata.txt.
workflows: Rename config_options.txt → metadata.txt.
Makefile: Rename config_options.txt → metadata.txt.
test/lint: Rename config_options.txt → metadata.txt.
{doc,lxd/metadata}: Run make update-metadata.
api: Add api extension instance_import_conversion
shared/api/instance: Add ConversionOptions and SourceDiskSize fields to the InstanceSource struct
lxd/migration: Add field conversion options to volume target arguments
lxd/storage: Create instance from conversion
lxd/instance/drivers: Helper function to retrieve instance storage pool from devices
lxd/instance/drivers: Add ConversionReceive function
lxd/convert_instance: Add conversion sink for receiving root disk over conversion API
lxd/instances_post: Extract instance arguments setup from migration
lxd/instances_post: Convert image if migration source type is conversion
lxd-migrate: Add support for image conversion
doc: Add image formats to the wordlist
doc: Update api definition
doc: Add new supported image formats to the docs
lxd/storage/backend_lxd: Lower qemu-img convert priority instead of limiting CPU time
doc: Add PowerFlex storage pool creation how-to
doc: Add missing PowerFlex details to explanation
doc: Add permissions reference page.
doc/explanation: Link to full permission list in fine-grained auth section.
doc/reference: Add permissions page to index.
doc/storage: change examples to sections instead of tabs
lxd/storage/drivers/driver/dir/utils: Improve errors in setQuota
lxd/storage/quota/projectquota: Don’t fail on missing file in SetProject
lxd-migrate: Fix path provided to the raw disk check
api: instance_create_start
shared/api: Add Start to InstancesPost
doc/rest-api: Refresh swagger YAML
lxd/instance: Add support for Start property
lxc/launch: Use the Start property
doc/howto: Update documentation on start field
doc: Add remote storage driver cluster pool examples
lxd/apparmor/instance_lxc: allow nosymfollow mount flag in more cases
shared/entity: Return the project name when parsing the project URL.
shared/entity: Skip project query parameter on project entities.
shared/entity: Update unit tests for URL and Parse URL functions.
lxd/db/openfga: Remove logic for getting project name from path arguments.
lxd/auth/drivers: Remove logic for getting project name from path arguments.
lxd/auth/drivers: Standardise URLs before performing OpenFGA requests.
lxd: Fix projectUsedBy function.
lxd/project: Simplify FilterUsedBy function.
lxd/db/cluster: Add project name to project entity queries.
shared/entity: Ignore “none” locations when constructing URLs.
shared: Pass CertOptions to KeyPairandCA
shared: Pass SubjectName to CertOptions
shared: Update usages
lxd: Add method to determine location of storage volume.
lxd-migrate: Add conversion option ‘virtio’
lxd/instances_post: Allow conversion option virtio
lxd/storage/util: Add qemu-img info helper function
lxd/apparmor/instance_lxc: fix all ro+remount rules
lxd/storage: Use writeback mode for qemu-img convert
lxd/storage/backend_lxd: Improve image unpacking message
lxd/storage/backend_lxd: Reuse qemu-img info helper to inspect image
lxd/storage/backend_lxd: Remove image after format conversion
lxd/storage/backend_lxd: Indicate conversion format in log
lxd/storage/backend_lxd: Inject virtio drivers into imported image
doc: Document usage of conversion option
doc: Fix exception rules for base URL
doc: Add virtio to the wordlist
lxd: Add method to add storage volume details to request context.
lxd: Add an access handler specific to storage volumes.
lxd: Use the storage volume access handler for calls to specific volume.
lxd: Refactor forwardedResponseIfVolumeIsRemote.
lxd: Refactor storage volume handlers to use values from context.
lxd: Use storage volume location in access check when listing.
lxd: Refactor volume backup handlers to use volume access handler.
lxd: Refactor volume snapshot handlers to use volume access handler.
lxd: Add function to add storage volume details to context.
lxd: Add storage bucket specific access handler.
lxd: Update storage bucket endpoint actions to use the bucket access handler.
lxd: Refactor storage bucket handlers to use values from context.
lxd/cluster: Remove ConnectIfVolumeIsRemote.
doc: Use consistent naming for remote pool creation examples
doc: Update rhsrvany link and fix code blocks
lxd/device: added support for extended attributes
lxd/seccomp: fix bpf syscall number for arm64
lxd/include: update bpf header files
lxd/device/disk: Allow hotplug of disks on live-migratable VMs
lxd/device/disk: Check for VM live-migration
lxd/instance: Add ID to ConfigReader
lxd/device/disk: Allow external disk live-migration
lxd/instance/qemu: Support live-migration of instances with extra disks
lxd: Remove restriction on live-migration with attached volumes.
lxd/device/device/utils/disk: Use -o flag for xattr mode of virtiofsd
lxd/instance/drivers: Fix deadlock during failed snapshot creation
lxd/storage/backend_lxd: Create missing file when receiving raw image
lxd/storage/backend_lxd: Set volume size directly on volume config
lxd/storage/backend_lxd: Remove unnecessary usage of volume copy
test: Snapshot creation failure
lxd/instance/drivers: Allow zfs containers with full…
lxd/instances/qemu: Don’t fail event sending on missing agent
i18n: Update translation templates
gomod: Update depdencies
Makefile: Pin go mod deps for websocket and openfga
lxd/storage/drivers/zfs: Always call tryGetVolumeDiskPathFromDataset
lxd/storage/drivers/zfs: Call GetVolumeDiskPath instead of creating new contexts
test/godeps/lxd-agent: Update depedencies
build(deps): bump golang.org/x/oauth2 from 0.21.0 to 0.22.0
build(deps): bump golang.org/x/sys from 0.22.0 to 0.23.0
build(deps): bump golang.org/x/sync from 0.7.0 to 0.8.0
build(deps): bump golang.org/x/sys from 0.23.0 to 0.24.0
build(deps): bump github.com/minio/minio-go/v7 from 7.0.74 to 7.0.75
build(deps): bump golang.org/x/text from 0.16.0 to 0.17.0
build(deps): bump golang.org/x/crypto from 0.25.0 to 0.26.0
build(deps): bump github.com/zitadel/oidc/v3 from 3.26.0 to 3.27.0
build(deps): bump github.com/miekg/dns from 1.1.61 to 1.1.62
shared/util: Handle percentage only updates
lxd/storage: Pass tracker through to qemu-img
lxd/apparmor: Use qemu-img convert output to update progress
lxd/storage/util: Show qemu-img convert progress
lxd/storage/backend_lxd: Show image conversion progress
lxd/storage/backend_lxd: Improve progress message when receiving volume
lxd-migrate: Let server set progress prefix in conversion mode
doc: Add missing entries
doc: Re-phrase headers
doc: Fix typo
doc: Add note about VM architectures
shared/util: Fix linter issues
lxc/profile: Add support for creating from YAML
lxd: Wrap error on failure to get used-by URLs.
doc: Updated VM architecture note to not include “Incus”
doc: VM architecture note grammar fix
lxd/firewall/drivers: Fix netprio error message
test: Add profile creation test with YAML
lxd/storage/backend_lxd: Prevent import of OVA format for conversion
lxd-agent: Add type for devlxd handler func and rename field.
lxd-migrate: Prevent tarball as instance source
lxd-agent: Define devlxd handlers by name.
lxd-agent: Add an image export handler to lxd-agent.
lxd/instance/instancetype: Allow security.devlxd.images config key for VMs.
{doc,lxd/metadata}: Runs make update-metadata.
lxd-migrate: Properly handle projects
doc/tutorial: add a UI tutorial
{doc,shared/version}: Adds devlxd_images_vm API extension.
doc: Corrected capitalization of “LoongArch”
lxd/instance/qemu: Fix typo
github: Disable renovate
doc: unpin Swagger version
lxd/firewall: Fix iptablesClear on nft shim
lxd/migration: Show source errors first
lxd/storage/backend/lxd: Pass full snapshot name when validating import in CreateInstanceFromBackup
lxd/instance/instance/utils: Don’t allow snapshots named “…” in ValidName
test: Update instance backup tests to check for invalid and valid snapshot names
doc: add information about creating a Windows VM
doc/tutorial: improve the UI tutorial
lxd/instance/file: Add type and size to HEAD
lxd/instance/file: Add pattern matching for stat.Sys().(*sftp.FileStat) type assertion
lxd/cluster: Don’t fail when notifying a server…
lxd/cluster: Test Notify with shutdown response
lxd: Refresh the state on cluster put/join
doc: change title to “LXD” instead of “Canonical LXD”
doc/Makefile: add target for building on readthedocs
doc: remove objects.inv.txt generation from RTD build
doc: update to the latest version of the starter pack
doc/pdf: add files and updates needed for PDF generation
doc: ignore anchor for link checking
doc/pdf: make PDF build work on RTD
lxd/db/openfga: Update OpenFGADatastore implementation to match interface.
lxd/networks: Don’t fill network configs when joining
lxd/networks: Update comment
shared: Fix comment typo
doc/images: specify the order of split images
lxd/firewall/drivers: Make sure to always use locking
lxd/firewall/drivers: Fix generateFilterIptablesRules empty return
github: Run go test verbosely
lxd/cluster: Ensure the cluster member config is always sorted
lxd/instance: if storage location is remote, make cluster self healing available, and vm can migrate when src member is offline also
i18n: update translation templates
shared/entity: Refactor entity types to use an interface.
lxd/db/cluster: Refactor database entity types to use an interface.
gomod: Update dependencies
lxd/instance: Support security.protection.start config option
scripts/bash/lxd-client: Add security.protection.start config option
api: Add instance_protection_start extension
test: Add test for security.protection.start
metadata: Add security.protection.start
doc/howto: Add instructions on preventing accidental start of instances
lxd/instance:: Update the error messages for security.protection.delete
lxd/instance:: Update the comments for security.protection.delete
api: disk_io_bus_virtio_blk
lxd/device/disk: Add virtio-blk
lxd/device/disk: Add virtio-blk as possible value
lxd/instance/qemu: Add virtio-blk support
lxd/instance/qemu: Replece util.ValueInSlice() with shared.ValueInSlice()
doc/metadata: Add virtio-blk to metadata
build(deps): bump github.com/vishvananda/netlink
build(deps): bump github.com/zitadel/oidc/v3 from 3.27.0 to 3.28.2
lxd/device/pci: Detect USB bus
lxd/device/nic: Support USB parents for physical NICs in VMs
lxd/instance: Add new volatile keys
lxd/instance/qemu: Handle USB NIC hotremove
lxd/instance: lxdmeta for volatile usb NIC keys
lxd/instance/drivers: Improve device ID generation
lxd/instance/drivers: Update unit tests to fit character escaping
lxd/certificates: Disallow forward slashes and hyphen prefixes
lxc/storage_bucket: Avoid govet error printf: non-constant format string in call to fmt.Errorf (govet)
doc/tutorial: integrate feedback for UI tutorial
doc/instances: add anchor to allow linking to section
lxd/patches: Log the stage of patches being applied
lxd/patches: Fix patchesApply so that the specified stage takes effect
lxd/patches: Fix patchVMRenameUUIDKey so that it uses the correct function to update snapshot config
shared: Allow adding multiple names to certificate SAN
lxd/patches: Updates selectedPatchClusterMember to use state.State
lxd/patches: No-op patchStorageZfsUnsetInvalidBlockSettings
lxd/patches: Updates ZFS patches to use s.ServerClustered correctly
lxd/patches: Fix patchStorageRenameCustomISOBlockVolumesV2 to apply to remote pools
lxd: Fix network forward deletion entitlement.
lxd/cluster: Enforce cluster join token name cannot be ‘none’
lxd/cluster: Enforce cluster member name cannot be ‘none’
lxd/device/nic/ovn: Remove legacy port name cleanup logic in Stop
lxd/device/nic/ovn: Don’t call InstanceDevicePortStop anymore in Stop
lxd/network/driver/ovn: Move logic from InstanceDevicePortStop to InstanceDevicePortRemove
lxd/device/nic/ovn: Remove InstanceDevicePortStop
lxd/network/driver/ovn: Remove InstanceDevicePortStop
lxd/device/nic/ovn: Removes last_state.ip_addresses logic
lxd/instance/instancetype: Removes last_state.ip_addresses definition
lxd/network/driver/ovn: Removes last_state.ip_addresses logic
doc: Update metadata
lxd/network/driver/ovn: Don’t return unused port IPs from InstanceDevicePortStart
lxd/device/nic/ovn: Update InstanceDevicePortStart signature
lxd/device/nic/ovn: Call InstanceDevicePortStart when adding port
lxd/patches: Adds instance_remove_volatile_last_state_ip_addresses
lxd/network/driver/ovn: Update comment
shared/cmd: Allow a cmd asker to be created with a logger
lxc/project: Fix govet error (non-constant format string in call to fmt.Errorf)
lxc: fix printf: non-constant format string in call to fmt.Fprintf (govet) lint error
lxd: Handle effective projects for profiles.
lxd: Handle effective projects for networks.
lxd: Handle effective projects for network zones.
lxd/project: Add project helper for getting image effective project.
lxd: Handle effective projects for images.
lxd/project: Fix lint errors (revive: confusing-results).
lxd/auth: Add comments to Authorizer interface.
lxd: Always use request project name in authorizer checks.
lxd/auth/drivers: Remove effective project check from TLS authorizer.
lxd/auth/drivers: Handle effective projects in the OpenFGA driver.
lxd/auth/drivers: Update comments on Authorizer method implementations.
test/includes: Add helper for setting up object storage pools.
test/suites: Use storage pool helper in bucket tests.
test/suites: Improve coverage of TLS restrictions tests.
test/suites: Test project feature interaction with fine-grained auth.
doc/explanation: Add note about authorization and project isolation.
lxd/auth/drivers: Fix linter errors (govet: printf).
lxd: Fix linter errors (govet: printf).
lxd: Fix linter error (staticcheck: SA1032).
lxd: Add comment explaining behaviour of events websocket with effective projects.
lxd: Fix invalid FileResponse on empty console log
lxc/console: Update docstring and output for --show-log
lxc/console: Fix linter errors
lxd/network: Implement State function for physical network driver
test/suites: Add testing for physical network state get
tests: Add invalid certificate name tests
lxd/recover: Add snapshot expiry when recovering instance snapshots
build(deps): bump github.com/minio/minio-go/v7 from 7.0.75 to 7.0.76
build(deps): bump github.com/zitadel/oidc/v3 from 3.27.0 to 3.28.2
lxd: Disable networks during evacuation
lxd/storage/lvm: Properly handle activation during resize
lxd/storage/lvm: Fix resize logic to conserve LV state
build(deps): bump github.com/vishvananda/netlink
shared/api: Handle invalid HTTP status codes.
shared/api: Add new functions for instantiating a StatusError.
lxd/auth/drivers: Use api.NewGenericStatusError.
lxd: Wrap status errors in devlxd.
lxd: Wrap SFTP upgrade error.
lxd: Wrap project permission errors.
lxd/instance/drivers/qmp: Wrap block device removal error.
lxc: Move translations out of format string.
lxc: Fix linter errors (govet: printf).
lxd: Remove unused state argument from instancesShutdown
lxd/storage/drivers/driver/zfs/volumes: Don’t use d.state.ShutdownCtx in GetVolumeDiskPath
doc/reference: Add warning about volatile keys.
doc/guest-os-compatibility: add compatibility matrix with LXD 5.21
doc/reference: link to guest OS compatibility
doc: sort custom word list
doc: add BLK, CSM, EOL, RDP and SELinux to custom word list
lxd/device/device_utils_disk: remove unused IsBlockdev()
tests: Add snapshot expiry date test to test_container_recover() in backup.sh
lxc/network_load_balancer: add Example to create
lxc/network_load_balancer: fix go-vet linter
lxd/device/gpu_physical: more explicit output values for deviceNumStringToUint32
lxd/instance/drivers: Make removeUnixDevices a driver_common function
api/shared/instance: Fix json and yaml key name for source disk size
doc: Update api definition
lxd/apparmor/instance_lxc: allow procfs for unprivileged containers
lxd/apparmor: allow signals receiving
lxc/storage_bucket: Add example for storage bucket create
client: Report source errors too on copy
doc/guest-os-compatibility: add SUSE 12 and 15
client: Fix potential panic-causing type assertions
lxd/storage_volumes_state: Handle unsupported response from drivers
lxc/network_zone: Add example for create command
lxc/network_zone: fix go-vet linter errors
lxd/apparmor/instance_lxc: allow sysfs for unprivileged containers
doc: add SLES to custom word list
lxd/main/init/interactive: asker.AskPasswordOnce usage
i18n: Update translation templates
gomod: Update dependencies
test/godeps: Update go deps list
doc/guest-os-compatibility: mention manual install from ISO
doc/guest-os-compatibility: Add Ubuntu 16.04 and 18.04
doc/guest-os-compatibility: Add Ubuntu 18.04, 20.04 and 22.04
doc: add ESM to custom word list
Makefile: Pin github.com/dell/goscaleio@v1.15.0
tests/suites/clustering: Extend cluster member join tests if name is ‘none’
test/suites/clustering: Check server can be joined using password and valid name
build(deps): bump github.com/go-acme/lego/v4 from 4.17.4 to 4.18.0
build(deps): bump golang.org/x/sys from 0.24.0 to 0.25.0
build(deps): bump golang.org/x/oauth2 from 0.22.0 to 0.23.0
build(deps): bump github.com/zitadel/oidc/v3 from 3.28.2 to 3.29.0
build(deps): bump golang.org/x/text from 0.17.0 to 0.18.0
build(deps): bump github.com/mattn/go-sqlite3 from 1.14.22 to 1.14.23
build(deps): bump golang.org/x/term from 0.23.0 to 0.24.0
build(deps): bump golang.org/x/crypto from 0.26.0 to 0.27.0
build(deps): bump github.com/zitadel/oidc/v3 from 3.29.0 to 3.30.0
lxc/storage_bucket: Add yaml support for key create
test: Create a bucket key using YAML bucket key config
lxc/project: Add support for creating project from yaml
test: Add project creation test with YAML
shared/cert: Add ParseCertificate func
shared/api: Add Description field in StorageVolumeSnapshotsPost
lxd/storage: Add a desc in vol snap DB entry
lxc/storage_volume: fix go-vet linting errors
lxc/storage_volume: add a desc field to vol snap
test: Test description is set for vol snap
doc: update REST API
lxc/network_forward: Add yaml example for create
lxc/network_acl: Add cmd.Example for network acl create
lxc/network_acl: fix go-vet linter errors
lxc/network_forward: fix go-vet linter errors
lxc/cluster_group: Add yaml support for cluster group create
lxc/cluster_group: fix go-vet linter error
lxd/storage/drivers: Don’t needlessly re-apply project id on quota changes
lxd/storage/drivers: Remove unnecessary DeleteProject
lxd/storage/drivers: Use projectID variable
test/lint/godeps: don’t abort on first error
lxd/project: Allow managed volumes under “allow”
doc/howto/instances_create: improve LXD agent setup snippet
doc/howto/instances_create: add note about SELinux and LXD agent
test: Create a cluster group using YAML
lxc/storage: Support creating storage pool from yaml
lxc/storage: fix go-vet linter errors
test: Test creating a storage pool with a YAML config
lxc/network_zone: Add example for network zone record create
lxc/snapshot: Add support for creating a snapshot with YAML config
test: Add test for creating a snapshot using a YAML configuration
lxc/storage_volume: Add yaml support for create
test: Add test for creating a volume using YAAML config
test: Add missing description to bucket key
lxd/instance/drivers/qemu: update how systemd is detected
lxd/instance/drivers/qemu: compat with SUSE paths
doc/guest-os-compatibility: improve legend readability
doc/guest-os-compatibility: link to how to install lxd-agent manually
test/main: don’t use any HTTP(S) proxy with localhost
test: fix ceph storage tests
test/suites/storage: use storage get and storage volume get
test/suites/storage: test storage set and storage volume set on properties
test/suites/storage_volume_attach: use storage volume get
test/suites/exec: use shell comparison
lxd/db: Add yaml tag to RaftNode
test: restricted.devices.disk project restrictions
lxd/instances: Don’t bypass instance limit check
test/suites/image: use tar to check for metadata.yaml presence
shared/entity: Update TypeNode to TypeClusterMember
shared: Update TypeNode usage
lxd: Update TypeNode usage
lxd/cluster: Use NewStatusError
lxc/console: use errors.New() where appropriate
lxc/project: use errors.New() where appropriate
lxc/storage_bucket: use errors.New() where appropriate
lxd/device/proxy: use errors.New() where appropriate
lxd/instances_put: use errors.New() where appropriate
lxd/profiles_utils: use errors.New() where appropriate
lxc/config_device: use errors.New() where appropriate
lxc/network: use errors.New() where appropriate
lxc/network_peer: use errors.New() where appropriate
lxc/cluster: use errors.New() where appropriate
lxc/profile: use errors.New() where appropriate
lxc/network: remove unneeded nil check
lxd/main_forknet: add comment for exported function
lxd/main_init_dump: add comment for exported function
lxd/project/limits: Move content from lxd/project
lxd/storage: lxd/project → lxd/project/limits
lxd: lxd/project → lxd/project/limits
lxd/project/limits: Fix test imports
lxd/storage/drivers: Use private constants for DefaultVMBlockFilesystemSize
lxd/storage/drivers: Expose function for default VM block filesystem size
lxd/device/config: Remove DefaultVMBlockFilesystemSize consts
lxd/db: Rename GetStoragePoolDrivers → GetStorageDrivers
lxd/db: Implement GetStoragePoolDrivers
lxd/project/limits: Use driver name to determine default state size
lxd/storage: Fix linter errors
lxd/storage/drivers: Fix linter errors
lxd/storage/drivers: Test DefaultVMBlockFilesystemSize
lxd/db/cluster: Fix instance_snapshot entity type typo
test/includes/net: use long options with curl
shared/trust: Add HMAC utilities
shared/trust: Add testing coverage for HMAC utilities
lxc: fix go-vet linter
test/suites/tls_restrictions: add tls version check
test/main: add tls version check test
lxc/auth: use errors.New() where appropriate
lxc/config_trust: use errors.New() where appropriate
lxc/file: use errors.New() where appropriate
lxc/image_alias: use errors.New() where appropriate
lxc/monitor: use errors.New() where appropriate
lxc/operation: use errors.New() where appropriate
lxc/query: use errors.New() where appropriate
lxc/rebuild: use errors.New() where appropriate
lxc/warning: use errors.New() where appropriate
shared/cmd/cancel: use errors.New() where appropriate
lxc/publish: clarify that public means accessible to unauth’ed clients
lxd/instance/lxd-agent: fix selinux fcontext path to lxd-agent /run dir
doc/guest-os-compatibility: fix lxd-agent compat with SELinux
doc: Add shell completions instructions to LXD installation docs
lxd/daemon: Change log error to warning
golangci: Disable defer rule
doc/howto/instances_create: remove outdated note about SELinux
doc/instances: Cover LXD agent installation
doc/howto/instances_create: improve lxd-agent install steps
doc/howto/instances_create: add note for lxd-agent install in ISO install
doc/guest-os-compatibility: update link to LXD agent manual install
github: Align codesql workflow “on” and concurrency rules with other tests
github: Align commits workflow “on” and concurrency rules with other tests
lxd/instance/drivers: Move removeDiskDevices to common
lxd/instance/drivers: Add ErrExecDisconnected
lxd: Make VM shutdown/reboot exit cleanly
lxd/instance/drivers: Handle websocket closing
lxd/project/limits: Rework low-level permission checks
lxd/project/limits: Test project lowlevel refactor
github: Don’t run commits workflow on push
github: Move go version compatibility check into code test phase
Makefile: Avoid unnecessary repeat builds during build
github: Cache binaries built in code tests and use in system tests
github: Clearly indicate the LXD client binaries in test artifact naming
github: Remove unused dqlite ppa usage in system tests
github: Strip binaries during test
Makefile: lxc doesn’t need sqlite3 tag
Makefile: Remove unused dependencies from check stage
Makefile: Add -failfast to unit test run
Makefile: Use -trimpath
Makefile: Add separate check-unit for unit tests
github: Use make check-unit for unit tests
Makefile: Add GOCOVERDIR support
doc/authentication: clarify what {client|server}.ca are
client: Fix error handling in push mode copy
github: Add coverage support to lxd tests
lxd/patches: Add patch for entity type instance snapshot typo
doc/howto/network_bridge_firewalld: add IPv6 rules to Docker example
lxd/instance: Add support for armhf vm’s on arm64 hosts
Updated storage volume doc to remove any suspicion of action not working
github: Only build coverage data on workflow_dispatch
github: Alow go mod to modify go.mod and go.sum
shared/trust: Reimplement HMAC ParseHTTPHeader
shared/trust: Cache the password for argon2
shared/trust: Remove Equal from HMACFromatter interface
shared/trust: Update HMACEqual
shared/trust: Rearrange the some funcs
shared/trust: Update error messages
shared/trust: Update HMAC tests
github: Add performance tuning to code tests
github: Mask unwanted lxc services in code tests
github: Use set -eux on all test commands
github: Reclaim some space
github: Add initial TICS step
Go: Bump minimum version to 1.22.6
Makefile: Remove deprecated -d flag from go get
Makefile: Improve comments
Makefile: Pin openga again
Makefile: Remove go toolchain and use bundled toolchain of minimum version
lxd/auth/drivers: Update Internal to Unwrap
github: Don’t interrupt ongoing tests for different actions on same github.ref
github: Adds reclaim-disk-space action
github: Use reclaim-disk-space action
github: Adds tune-disk-performance action
github: Use tune-disk-performance action
lxc/config: create oidctokens dir with 0750
github: Adds remove-docker action
github: Use remove-docker action
lxd: Deduplicate logging for instance types update failure
test: Test exit codes upon container disconnect
github: Run TICS workflow daily
doc/howto: Update windows conversion tip to mention new lxd-migrate functionality
github: Adds action to install LXD build dependencies
github: Switch to use install-lxd-builddeps
github: Make clear we build LXD from dist tarball
github: Switch to tiobe/tics-github-action@v3
doc/custom_conf: Disable Dell link check due to possible rate limiting
lxd/instance/drivers/qemu: Fix RecordOutput
lxd-migrate: Fix linter issue with constant error
lxd-migrate: Accept path when connecting over unix socket
lxd-migrate: Add profiles and no-profiles flags
lxd-migrate: Add network flag and use network config property instead of parent
lxd-migrate: Add storage and storage-size flags
lxd-migrate: Add flag for instance configuration
lxd-migrate: Add project flag
lxd-migrate: Add flags for target server url and token
lxd-migrate: Add flag for instance source
lxd-migrate: Add flag for setting instance name and selecting its type
lxd-migrate: Add flag for configuring additional container FS mounts
lxd-migrate: Prevent interaction in non-interactive mode
lxd-migrate: Remove invalid comment in lxd-migrate help message
lxd-migrate: Ask about secureboot only in interactive mode
docs: Document non-interactive lxd-migrate mode
lxd/fsmonitor: Move events out of drivers package.
lxd/fsmonitor: Prefix Event constants with Event.
lxd/fsmonitor: Add EventWrite and EventRename.
lxd/fsmonitor: Add comment for exported function.
lxd/fsmonitor: Remove wrapper monitor.
lxd/fsmonitor/drivers: Add logging to the common fsmonitor.
lxd/fsmonitor/drivers: Remove New function and use drivers.Load.
lxd/fsmonitor/drivers: Move mountpoint restriction into fanotify load method.
lxd/fsmonitor: Add driver name to interface.
lxd/fsmonitor/drivers: Remove Driver interface and implement FSMonitor interface.
lxd/fsmonitor/drivers: Add methods to convert driver specific events into fsmonitor events.
lxd/fsmonitor: Update interface to use fsmonitor.Event rather than string.
lxd/fsmonitor/drivers: Allow passing a slice of event types to be monitored.
lxd/fsmonitor/drivers: Create an event mask from the given list.
lxd/fsmonitor/drivers: Allow more than one inotify/fanotify watcher to be instantiated.
lxd: Update fsmonitor instantiation.
lxd/device: Update unix events to use an fsmonitor.Event.
lxd/fsmonitor/drivers: Fix lint error (unchecked-type-assertion).
lxd: Do not set remote address for devlxd
lxd: Remove devlxdRemoteAddress
shared/api: Introduce AuthenticationMethodDevLXD
lxd: Set context auth method for devlxd requests
lxd: Remove check for devlxd request
lxd: Use auth method instead of devlxdRemoteAddress
devlxd-client: Add support for image export
test/suites: Test image export from devlxd
lxd/fsmonitor/drivers: Allow setting fsmonitor driver via environment.
doc: Add environment variable to documentation.
test/suites: Test unix devices with both fsmonitor drivers.
lxd/fsmonitor/drivers: Ignore some inotify events to prevent warnings.
test/suites/container_devices_unix: test unix-{block,char} together
test/main: test unix-{block,char} together
test/suites/container_devices_unix: better check unset var
test/suites/container_devices_unix: use more precise shell comparisons
lxd-migrate: Add precheck before connecting to the server
lxd-migrate: Replace shared.ValueInSlice with slices.Contains
lxd/auth/drivers/openfga: Implement With to satisfy Logger interface
lxd/auth/drivers/openfga: Add comment to blank import
lxd: Refactor image post
lxd/image: Acquire image lock for uploaded images
doc: Update command description for lxc import image
lxd/init: Differentiate managed and unmanaged network
lxd/storage_buckets: Check etag when updating storage bucket
test/suites/storage_buckets: check file integrity is preserved
lxd: Move instance name validator to instancetype package
lxd-migrate: Prevent invalid instance names
lxd/api/project: Clarify meaning of restricted.networks.subnets
lxd/network/driver/physical: Clarifies the use of ipvX.routes
doc: Update metadata
test/suites/tls_restrictions: don’t check for broken pipe error
lxc: Fix exporting vm backups to stdout
github: Enable tmpdir for TICS
test/lint: Use agent tags when listing dependencies.
lxd/auth/drivers: Refactor TLS driver for common handling of server level resources.
lxd/auth/drivers: Add tests for the TLS driver.
workflows: Change permissions on generated files.
lxd/auth/drivers: Remove type-bound public access entitlements from model.
lxd/db/openfga: Remove type-bound public access exceptions.
lxd: Replace can_view on storage pools and server with authentication check.
lxd/auth/drivers: Remove handling of can_view on server and storage_pool.
lxd/auth/drivers: Validate entitlements on authorizer calls.
lxd/auth/drivers: Check if can_view is valid before determining status code.
lxd/storage/drivers: Return growFileSystem errors
lxd: Fix bulk unfreezing
api: Add ubuntu_pro_guest_attach API extension.
shared/api: Add guest attachment API responses.
lxd/ubuntupro: Add ubuntupro package.
lxd/state: Add ubuntupro.Client to state.State.
lxd/state: Add ubuntupro.Client to Daemon.
lxd/instance/instancetype: Add ubuntu_pro.guest_attach to instance configuration.
{doc,lxd/metadata}: Run make update-metadata.
lxd: Add Ubuntu Pro handlers to devlxd.
lxd-agent: Add Ubuntu Pro handlers to devlxd.
lxc/init: Add error handling for launching container when image is of type VM
test: Add test to ensure aliased container won’t launch with vm flag set
lxd: Update copy op response when source is snapshot
workflows: Bump lxd-agent size.
lxd-agent: Handle built-in vsock module
lxd/daemon: Fix log format
lxd/sys: Sort kernel features
lxd/sys: Add doc strings
lxd/checkfeature: Add unprivileged binfmt detection
lxd/sys: Add UnprivBinfmt
lxd/daemon: Detect unprivileged binfmt_misc
lxd/api_1.0: Add unpriv_binfmt kernel feature
lxd/instance/lxc: Support unpriv binfmt_misc
workflows: Skip system tests for ceph and lvm on push and schedule.
lxd/storage: Check for direct I/O when converting image format
test: Don’t collapse dmesg in CI when there’s a kernel call trace
tests: Don’t over-provision test volume
workflows: Revert “Skip system tests for ceph and lvm on push and schedule.”
tests: Don’t overprovision test volume
api: Add metadata_configuration_entity_types API extension.
lxd-metadata: All configuration keys are strings.
metadata: Runs make update-metadata.
shared/api: Add MetadataConfiguration API struct definitions.
lxd/auth/generate: Generate entity type JSON conforming to API type.
lxd-metadata: Update lxd-metadata to use new entity metadata format.
lxd-metadata: Validate that the generated JSON conforms to the API definition.
lxd/metadata: Run make update-metadata.
lxd: Render api.MetadataConfiguration on /1.0/metadata/configuration.
lxd: Add MetadataConfiguration to swagger doc string.
doc: Runs make update-api.
lxd/storage: Fix check for direct I/O write support
lxd/fsmonitor: Add constants for driver names.
lxd/fsmonitor/drivers: Use driver names where applicable.
lxd/fsmonitor/drivers: Only log fanotify load errors if filesystem is mount point.
lxd/forknet: Handle wifi detach
lxd/storage: Fix direct I/O write check for ImageUnpack
lxd/storage/drivers: Fix direct I/O write check
lxc/client: Add GetMetadataConfiguration method
Revert “lxc/init: Add error handling for launching container when image is of type VM”
github: Add Trivy repo scan
github: Add Trivy snap scanning
client/doc: add trailing slash to ubuntu: URL
doc/howto/instances_create: add trailing slash to ubuntu: URL
doc/howto/instances_routed_nic_vm: add trailing slash to ubuntu: URL
doc/rest-api: add trailing slash to ubuntu: URL
lxc/config/default: add trailing slash to ubuntu: URL
shared/api/image: add trailing slash to ubuntu: URL
shared/api/instance: add trailing slash to ubuntu: URL
test/suites/remote: add tailing slash to ubuntu: URL
lxc/config/default: add trailing slash to ubuntu-daily: URL
lxc/config: use strings.Cut() instead of SplitN() in ParseRemote()
lxc/exec: use strings.Cut() instead of SplitN()
lxd/ubuntupro: Return host guest attachment setting if instance setting is unset.
lxd/db/cluster: Split identity and certificate entity type definitions by identity type.
Fix cloud-init instance key typos
lxd/apparmor: Support unpriv binfmt_misc
doc: Update container environment docs
test: Add test for binfmt_misc support on unpriveleged container
lxd: Add patch to fix errant identity permissions.
lxd/identity: Add util for checking if identity type is fine-grained.
lxd: Update identity handlers to check certificate permissions.
test/suites: Test permission management for certificates vs. identities.
test/suites: Commands that are expected to fail shoud end with || false.
lxd/db/cluster: Use given auth group ID when setting permissions.
lxd: Update permission handling on upsert.
lxd: Test patching certificate/identity permissions.
go: Bump to 1.22.7
Makefile: Drop openfga pin
gomod: Update dependencies
i18n: Update translations
github: Avoid running Trivy accidentally on non-main branches and other repos
github: Avoid running TICS accidentally on non-main branches and other repos
github: Reduce lxd-agent max size
test/godeps: Updates lxd-agent deps list
lxd/api: Fix linter issue
lxd-migrate: Add cert-path/key-path flags
build(deps): bump github.com/mattn/go-sqlite3 from 1.14.23 to 1.14.24
build(deps): bump github.com/go-acme/lego/v4 from 4.18.0 to 4.19.2
build(deps): bump golang.org/x/term from 0.24.0 to 0.25.0
lxd/instance/drivers/driver/lxc: Use correct container name in Update call to liblxc
lxd/patches: Use lower case “project” in logging for consistency
doc: silence warning caused by sphinx-tabs
lxd/devices: use builtin min() (Go 1.21+)
doc/installing: update link to how to manage the LXD snap
github: Update step names
github: Fix Trivy vulnerability database caching
lxd/db/cluster: Add statement for getting certificates.
lxd/db/cluster: Use certificate statements for querying certificate identities.
lxd/db/cluster: Update certificate database function comments.
lxd/db/cluster: Remove unnecessary cast.
lxd/db/cluster: Remove unused CertificateFilter.
lxd/db/cluster: Remove unused CertificateExists function.
lxd/db/cluster: Remove unused certificates_projects functions.
lxd/db/cluster: Remove DeleteCertificates function.
lxd/cluster: Update call to delete certificates.
lxd/db: Remove (*DB).UpdateCertificate.
lxd: Pass a context into doCertificateUpdate.
lxd: Update doCertificateUpdate for removed (*DB).UpdateCertificate.
lxd/cluster: Fix lint error (govet: printf).
test/suites/backup: ignore time discrepancies when untar’ing
Makefile: Build lxd-user as static binary
Makefile: Remove unused nocache and race targets
Makefile: Removes unused staticcheck target
Makefile: Move lxd-benchmark to be built statically
doc: silence all warnings related to Sphinx 9.0 deprecations
test/pki: Export LXD_DIR in subshell.
lxd/storage/drivers/powerflex: Use the Net* response variables for pool stats
build(deps): bump github.com/dell/goscaleio from 1.15.0 to 1.16.0
lxc: Add lxc file create subcommand
test: Add tests for lxc file create
lxc: Use ParseUint with base and upper bound instead of ParseInt in cmdFilePush run function
github: Use microceph from latest/edge
github: Workaround GHA download artifact bug
i18n: Update translations
Makefile: Drop pin of Dell goscaleio
gomod: Update dependencies
lxc/file: go fmt
build(deps): bump github.com/openfga/openfga from 1.6.1 to 1.6.2
Makefile: suggest committing translation template updates if any
Makefile: make update-pot reproducible by ignore creation-date changes
Makefile: suggest committing translation updates if any
test: Add check for unpriv_binfmt support before testing feature
test/suites: Improve grep usage in PKI tests.
lxd/db/openfga: Update ReadChanges signature
github: add setup-microceph action
github: use setup-microceph action in tests job
Revert “doc: silence all warnings related to Sphinx 9.0 deprecations”
Revert “doc: silence warning caused by sphinx-tabs”
github: stop scanning Python through CodeQL
lxd/apparmor: Include CAP_SYS_ADMIN in rsync AppArmor profile
Revert “github: Workaround GHA download artifact bug”
github: move make doc-linkcheck to Tiobe TICS job
github: only run CodeQL (go) on PRs and on weekly schedule
github: ignore some paths for CodeQL (go)
lxd/db/generate/db: Update ast.Package references to packages.Package
lxd/db/generate/lex: Parse package paths with packages.Load
lxd/db/generate/db: Update variable/type declaration parsing
lxd/db/generate/lex: Update parser tests
lxd/db/generate/db: Fix lint errors
lxd/db/schema: Fix schema generation
github: pin actions/upload-artifact@v to known working SHA
github: pin actions/download-artifact@v4
github: pin actions/cache/{save,restore}@v4
github: pin actions/labeler@v5
github: pin actions/dependency-review-action@v4
github: pin actions/setup-go@v5
lxd-user: Add container stop callhook support
lxd/main/callhook: Use callhook package from lxd-user
lxd: Change token pruning task to hourly.
github: github action for installing Trivy
github: pin redhat-plumbers-in-action/differential-shellcheck@v5
github: pin github/codeql-action@v3
github: pin canonical/has-signed-canonical-cla@main
github: run commits job with ubuntu-latest
github: pin get-woke/woke-action@v0
Revert “github: temporarily ignore microceph enable rgw failing”
Revert “github: Connect mount-observe to microceph”
github/actions/setup-microceph: only set noscrub once
shared: Use correct WaitStatus type
test/suites/exec: Add test for signaled processes’ exit codes
test/suites/exec: More time for guest exec sleep
test/suites/container_devices_nic_bridged_filtering: unload br_netfilter once done
github/workflows/triage: Sync with main
github/workflows/codeql: Sync with main
github/workflows/security: Sync with main
github/workflows/tests-snap: Sync with main
github/workflows/tests: Sync with main
gomod: Update deps
github: Bump lxd-agent min size to 13MB
lxd/main/callhook: Go lint fixes
lxc/remote: Fix interactive question about remote fingerprint
lxc/remote: Add validation for mutually exclusive flags
lxc/remote: Prevent accept-certificate flag when using trust token
lxd/certificates: Invalidate trust token when adding client certificate
lxc/remote: Always send token to remote to invalidate it
test: Remove accept-certificate flag where token is used
test/pki: Do not use invalid token as it will always fail
i18n: Update translation templates.
i18n: Update translations.
lxd/firewall/drivers: Don’t masquerade multicast traffic
lxd/network: Support VLAN tagging for OVN uplinks with native bridge parents
lxd/network/driver_ovn: Fix CIDR size check
lxd/network/driver_bridge: fix IPv6 CIDR size check
lxd/network/driver_ovn: fix IPv6 CIDR size check
shared: Change error message on ParseCert.
Revert “github: move make doc-linkcheck to Tiobe TICS job”
github: move make doc-linkcheck back to doc
test/includes/lxc: silently set +x
test/includes/lxd: silently set +x
Makefile: stop testing with flake8 during static-analysis
github: don’t install flake8
test/deps/import-busybox: format with ruff format
test/deps/import-busybox: upgrade to python 3.8+
lxd/network/driver_ovn: allow subnets smaller than /64
api: network_allocations_ovn_uplink API extension
github: use shorter job names for Trivy scanning
doc: fix minor typos
api: Add network_ovn_uplink_vlan API extension
shared/api: Add Project field to leases
lxc/network/driver_ovn: Adapt Leases for ovn network
lxc/network/driver_bridge: Adapt Leases for bridge network
lxd/network_allocations: Get leases from all projects
lxd/network_allocations: Include OVN uplink allocations
shared/api: Add Network to NetworkAllocations
lxd/network_allocations: Populate Network field
lxc: Show allocation network
doc: Run make update-api
test: Test showing instances from different projects
i18n: Update translation templates.
i18n: Update translations.
build(deps): bump tiobe/tics-github-action from 3.2.0 to 3.2.1
build(deps): bump github/codeql-action from 3.26.12 to 3.26.13
build(deps): bump actions/upload-artifact from 4.4.2 to 4.4.3
lxd/network/network/utils: Fix incorrect handling of instances in UsedByInstanceDevices
lxd/network/driver/bridge: Handle concurrent collection of member leases correctly
doc/explanation/authorization: embed discourse post title as link text
doc/howto/snap: embed discourse post title as link text
doc/installing: embed discourse post title as link text
doc/reference/remote_image_servers: embed discourse post title as link text
doc/reference/uefi_variables: embed discourse post title as link text
lxc/profile: Fix typo in profile set usage
i18n: Update translations.
i18n: Update translation templates.
gomod: Update deps
gomod: Switch to v2 of go-dqlite
lxd: Switch go go-dqlite v2
Makefile: Use dqlite lts-1.17.x when building deps and making dist tarball
github: Use go mod version of go for build test
github: Remove ineffective matrix of go versions during system tests
github: Use go mod version of go for TICS test
github: Use go mod version of go for client tests
github: Use go mod version of go for doc builds
github: Use go mod version of go for LP trigger
lxd: Use explicit cluster addr when core addr is wildcard
build(deps): bump actions/cache from 4.1.1 to 4.1.2
build(deps): bump actions/dependency-review-action from 4.3.4 to 4.3.5
build(deps): bump actions/setup-go from 5.0.2 to 5.1.0
build(deps): bump github/codeql-action from 3.26.13 to 3.27.0
build(deps): bump github.com/minio/minio-go/v7 from 7.0.78 to 7.0.79
build(deps): bump github.com/zitadel/oidc/v3 from 3.30.1 to 3.31.0
build(deps): bump github.com/pkg/sftp from 1.13.6 to 1.13.7
build(deps): bump actions/checkout from 4.2.1 to 4.2.2
build(deps): bump actions/dependency-review-action from 4.3.5 to 4.4.0
build(deps): bump github.com/minio/minio-go/v7 from 7.0.79 to 7.0.80
build(deps): bump github.com/zitadel/oidc/v3 from 3.31.0 to 3.32.1
build(deps): bump github.com/openfga/openfga from 1.6.2 to 1.7.0
lxd: Add request argument on Render
lxd-agent: Add request argument to Render
lxd: Delete duplicate operationWebSocket
lxd-agent: Add comment to exported function
lxd: Add comments to exported functions
lxd/response: Allow registering additional smart errors on Init.
lxd/db: Define database specific smart errors.
lxd: Register database smart errors when initialising the response package.
lxd/response: Delete database errors from response package.
build(deps): bump github/codeql-action from 3.27.0 to 3.27.1
build(deps): bump golang.org/x/text from 0.19.0 to 0.20.0
build(deps): bump github.com/openfga/openfga from 1.7.0 to 1.8.0
build(deps): bump golang.org/x/crypto from 0.28.0 to 0.29.0
build(deps): bump golang.org/x/term from 0.25.0 to 0.26.0
lxc/remote: Use TrustToken field if supported by the server
github: Use squid/candidate for microceph
build(deps): bump github/codeql-action from 3.27.1 to 3.27.4
build(deps): bump github.com/zitadel/oidc/v3 from 3.32.1 to 3.33.1
build(deps): bump golang.org/x/tools from 0.26.0 to 0.27.0
build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2
build(deps): bump github.com/osrg/gobgp/v3 from 3.30.0 to 3.31.0
build(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0
build(deps): bump github.com/go-acme/lego/v4 from 4.19.2 to 4.20.4
build(deps): bump actions/dependency-review-action from 4.4.0 to 4.5.0
build(deps): bump github/codeql-action from 3.27.4 to 3.27.5
build(deps): bump github.com/minio/minio-go/v7 from 7.0.80 to 7.0.81
README: Update references to latest documentation to stable-5.21
api: Add shared_custom_block_volumes API extension
lxd/device: Validate shared block devices
lxd/storage: Handle security.shared update
lxd/storage: Allow security.shared key for custom block volumes
lxd/storage/drivers: Handle security.shared in fillVolumeConfig
lxd/device/disk: Fix incorrect block volume usage
lxd/storage: Add comments for metadata generation
metadata: Add references to security.shared
test: Add test for adding block volumes to profile
doc: Update block volume usage
lxd/storage/util: Remove unused arguments and tautological conditions
add a new dependency for github.com/NVIDIA/nvidia-container-toolkit
lxd/device/cdi: Introduce base CDI types and ToCDI
lxd/device/cdi: Add unit tests for the CDI identifier parser
lxd/device/cdi: Introduce a CDILogger type
lxd/device/cdi: Add the NVIDIA CDI spec generator
lxd/device/cdi: Add base CDI Hook types
lxd/device/gpu: Augment the capabilities of the id GPU option to support CDI naming for phyical gputype
lxd/device/cdi: Add CDI translation logic (OCI spec → unix device + mounts) logic
lxd/device/gpu_physical: Configure a GPU (physical) if CDI detected
lxd/instance/drivers/driver_lxc: Configure LXC to use LXD’s startmountns callhook if CDI devices have been configured
lxd: Setup the startmountns callhook command to react to lxc.hook.mount for executing the CDI hooks
lxd-metadata: update metadata
doc: Add documentation on how to add a GPU with CDI mode
lxd/device/cdi: no NVIDIA with CDI for armhf
doc: update doc to include no CDI for armhf
lxd/device/cdi: add no-op defaultNvidiaTegraCSVFiles for armhf
lxd/device/gpu_physical: forbid CDI GPU hotplugging
lxd/cluster: Replace deprecated Node.Recover
lxd/cluster/recover: Refactor DetermineRaftNode transaction
lxd/cluster: Refactor recovery patch.global.sql
lxd/cluster: Write recovery tarball after cluster edit
lxd/cluster: Prevent custom patches during cluster recovery
lxd/cluster: Implement cluster recovery tarball unpack
lxd/daemon: Load recovery tarball on daemon start
lxd/main_cluster: refactor promptConfirmation
lxd/main_cluster: Use “member” instead of “node”
lxd/main_cluster: Prompt before cluster edit
lxd/main_cluster: Add yaml comment with role explanation
lxd/main_cluster: Print instructions after cluster edit
test: Copy tarball from cluster edit
doc: cluster edit updates & copy tarball
lxd/main_cluster: Fix linter errors
lxd/instance/drivers/edk2: Add new package to track EDK2 firmwares
lxd/instance/drivers/edk2: Support OVMF filenames on arm64
lxd/instance/drivers/edk2: Move seabios to /usr/share/qemu
lxd/instance/drivers/edk2: Add ArchLinux x86_64 paths
lxd/instance/drivers/edk2: Fix CSM handling
lxd/instance/drivers/edk2: Add Void Linux x86_64 paths
lxd/instance/drivers/edk2: Rework to support both LXD_QEMU_FW_PATH and LXD_OVMF_PATH
lxd/instance/drivers/edk2: Add support for seabios in Ubuntu
lxd/instance/drivers/qemu: Update to use the new edk2 package
lxd/instance/drivers/driver/qemu: Log the VM UEFI firmware found in checkFeatures
lxd/instance/drivers/driver/qemu: Improve error in checkFeatures
lxd/util/sys: Removes unused GetQemuFwPaths function
lxd/instance/instance/interface: Add FirmwarePath to VM interface
lxd/instance/drivers/driver/qemu: Add firmware path concept and set it during generateQemuConfigFile
lxd/apparmor/instance: Update instanceProfile to use start time firmware path
lxd/instance/drivers/edk2: Removes unused GetArchitectureInstallations function
lxd: Enable cobra’s completion support
lxc/network: add dynamic completions
completion: support returning non-lxd remotes
lxc/image: add dynamic command line completions
lxc/config: add completions
lxc: add completions for instance actions and snapshots
lxc: add completions for profiles
lxc: add completions for remotes
lxc: add completions for projects
lxc/completion: Remove space after remote names completion
lxc: expose parseVolume to entire package
lxc: add completions for storage pools and volumes
lxc/completion: fix image names completion
lxc: add completions for clusters
lxc: add completions for cluster groups
lxc: add completions for cluster roles
lxc: add completions for config templates
lxc: add completions for network acls
lxc: add completions for network forwards
lxc: add completions for network load balancers
lxc: add completions for network peers
lxc: add completions for network zones
scripts/bash: delete in favor of cobra completions
lxc/aliases: fix completion regression
lxc/publish: Complete snapshot names
lxc/project: Get current project from connection info
api: Add metrics_api_requests extension
shared/entity: Add apiMetricsURLPrefixes to typeInfo
shared/entity: Use apiMetricsURLPrefixes to classify endpoints
shared/entity: Unit tests for endpoint entity types
lxd/metrics: Define core logic for API request metrics
lxd/api: Initialize API metrics
lxd/request: Create MetricsCallbackFunc
lxd: Create CountStartedRequest
lxd/daemon: Track request on createCmd
lxd/api: Include handlers outside createCmd
lxd: Remove request field on response types
lxd/request: Create MetricsCallback
lxd: Track completed requests on Render
lxd/operations: Add onDone to operation
lxd/operations: Inject callback function on operation
lxd-agent: Remove request fields from response types
lxd/metrics: Sort metrics tuple alphabetically
lxd/metrics: Add constants for API requests metrics
lxd/api_metrics: Adds samples for API request metrics
lxd/api_metrics: Ensure internal metrics are included
lxd: Add comments to exported functions
lxd: Fix comments for linter
lxd/api: Log error on Fprint
test: Add tests for API requests metrics
doc/reference: Update internal metrics docs
doc: Update example metrics raw output
lxd/instance/drivers/edk2: Actually check that the files exist
lxd/instance/drivers/driver/qemu: Always re-generate the nvram symlink
api: Add metrics_api_requests extension.
lxd/instance/drivers/edk2: Rework GetAchitectureFirmwarePairs into GetAchitectureFirmwareVarsCandidates
lxd/instance/drivers/driver/qemu: GetAchitectureFirmwareVarsCandidates usage
lxd/instance/drivers/edk: Comment improvement on GetArchitectureFirmwarePairsForUsage
lxc/completion: Fix completions for config keys
api: projects_limits_disk_pool
lxd/projects: Add new limits.disk.pool config key
doc: Update configs
lxc/project: Handle pool disk limits
lxd/project: Add per-pool disk limits
lxd/project/limits: Add HiddenStoragePools
lxd/storage: Hide pools with a zero limit
tests: Add test for per pool limits
doc: Update project_limits_disk_pool description
lxd: Update limits.disk.pool doc
doc: make update-metadata
lxd/project: Don’t fail project creation on missing pools
test/suites/project: Check project operations before init
lxd: Remove metrics functions from request package
lxd/metrics: Rename MetricsCallback for linter
lxd/metrics: Refactor function names
lxd: Update CountStartedRequest usage
lxd: Update MetricsCallback usage
lxd/request: Fix request not counted warning
doc/howto/container_gpu_passthrough_with_docker: use single line cmds
lxd/cluster: Implement createTarball
lxd/cluster: Use createTarball for recovery tarball
lxd/cluster: Implement createDatabaseBackup
lxd/cluster: Create database backups before recovery
lxd: Improve error handling during cluster edit
test/clustering: Sanity check for automated DB backups
doc: Document cluster recovery automated DB backups
lxd: Update metadata usage
doc: make update-metadata
lxc: Add completions for server keys
lxc/console: Add completion
lxc/completion: use strings.Cut() instead of SplitN()
lxc/project: use strings.Cut() instead of SplitN()
lxc/completion: Update instance completions to not show server configs
lxc/completion: Add instance device completions to lxc config device add
lxc/completion: Add instance device option completions to lxc config device add
lxc/completion: Autocomplete instances for lxc pause/start/exec/stop/delete based on status
lxc: Add instance completions to lxc file subcommands
api: Add access_management_tls API extension.
lxd: Separate identity handlers by authentication method.
lxd: Clarify optimisations when listing identities with recursion.
lxd/response: Add a NotImplemented swagger definition.
lxd: Add all API responses to swagger doc on identity update.
shared/api: Add lifecycle event for identity deletion.
lxd/lifecycle: Add lifecycle event for identity deletion.
lxd/lifecycle: Fix comment on identity actions.
lxd: Add DELETE handler for identities.
lxd/auth/drivers: Allow identities to delete themselves.
doc: Run make update-api.
client: Add client methods to delete an identity.
lxc/auth: Add subcommand for identity deletion.
test/suites: Test identity deletion.
lxc/completion: Add images and ubuntu remote completions
Revert “shared/entity: Add apiMetricsURLPrefixes to typeInfo”
Revert “shared/entity: Use apiMetricsURLPrefixes to classify endpoints”
Revert “shared/entity: Unit tests for endpoint entity types”
lxd: Add MetricsType field to APIEndpoint
lxd/metrics: Take endpoint type instead of deriving from prefix
lxd: Update metrics functions usage
shared/entity: Create list of types for the metrics
lxd: Categorize existing endpoints
lxd: Check if every 1.0 endpoint is typed
lxd: Update MetricsCallback variable name
lxc/completion: Storage volume copy completion fixes
lxc/completion: Use string concatenation instead of Sprintf() where possible
lxc/completion: Add go doc comments to completion functions
shared/api: Add pending and fine-grained TLS certificate identity types.
lxd/identity: Make new client certificates a fine-grained identity type.
lxd/identity: New client certificate identity type authenticates via TLS.
lxd/db/cluster: Add pending and fine-grained TLS certificate identity types.
lxd/db/cluster: Include new identity types in identity entity type db definition.
lxd/operations: Don’t consider writing errors
lxd/response: Don’t consider writing errors
lxd/metrics: Remove logging from UseMetricsCallback
shared/api: Add API structs for identity creation.
shared/api: Add field to CertificateAddToken.
lxd: Move CA check into certificateValidate method.
lxd/db/cluster: Add pending TLS identity metadata type and method.
lxd/db/cluster: Add method to activate a pending TLS identity.
lxd/db/cluster: Add method to find a pending identity by secret.
lxd: Add factor out common logic for identity notifications.
lxd: Add TLS identity creation endpoint.
doc: Runs make update-api.
lxd: Allow fine-grained TLS identities to authenticate.
lxd: Allow fine-grained TLS identities list resources in any project.
lxd/auth/drivers: Delegate to TLS driver only when identity is not fine-grained.
lxd: Omit pending TLS identities when updating the identity cache.
client: Add methods for creating TLS identities.
lxc/auth: Add identity creation command.
test/suites: Test fine-grained TLS identity creation.
test/suites: Test identity info for TLS identities.
test/suites: Improve coverage on identity deletion.
doc/howto: Switch projects<->users in confinement docs.
doc: Switch projects<->users in confinement docs.
doc/explanation: Remove authentication methods section in project docs.
doc/explanation: Add fine-grained TLS identities to authorization page.
doc/howto: Include fine-grained TLS identities in authentication tutorial.
test/suites/clustering: add clustering_update_cert_token test
test/main: enable clustering_update_cert_token test
github: fix indent of commits job
Makefile: opportunistically run yamllint against GH workflows
lxc/completion: Only complete custom storage volumes for lxc storage volume copy
lxc/completion: Fix completions for lxc storage volume move
lxd/cluster/notify: Use in-memory config for cluster offline threshold
lxd/cluster/notify: Use state.ServerClustered
lxd/cluster/notify: Take optional members to notify
lxd/cluster/notify: Add NodeInfo to Notifier hook
lxd/cluster/notify: Update notifier tests
lxd/state/test: Load global config from DB
lxd/cluster: Update notifier usage
lxd/network/acl: Update notifier usage
lxd/network/zone: Update notifier usage
lxd/network: Update Notifier usage
lxd: Update notifier usage
lxd: Update notifier usage
lxd: Update notifier usage
lxd/cluster: Split LocalSysInfo from MemberState
lxd/cluster: Remove unused memberName parameter
lxd: Update MemberState usage
shared/api: Add LogicalCPUs to ClusterMemberSysInfo
lxd/cluster: Populate LogicalCPUs
doc: Run make update-api
lxd/cluster: Implement ClusterState
lxd/cluster/notify: Mock member state endpoint
lxd/cluster: Test ClusterState
lxd/cluster: Perform cluster member update on updated cluster member
lxd: Remove uneeded iteration
lxd/db/node: Fix linter errors
api: Add state_logical_cpus extension
lxd/db/cluster/profiles: Support device cache in ToAPI
lxd: Pass profile device cache to ToAPI calls when possible
lxd/db/cluster/instances: Support device cache to ToAPI
lxd/project/limits: Pass instance device cache to ToAPI
lxd/db/cluster/instances: Allow passing profile devices to instance ToAPI
lxd/project/limits: Pass profile device cache to instance ToAPI
lxd/db/cluster/profiles: Support config caching
lxd: Update calls to profile ToAPI
lxd/db/cluster/profiles: Fix import shadowing
api: Add vm_limits_cpu_pin_strategy API extension.
lxd/instance: Add limits.cpu.pin_strategy config key for virtual machines
metadata: Run make update-metadata
lxd/instance: Add input validation for limits.cpu.pin_strategy
lxd/devices: Disable VM CPU auto pinning by default
doc: Update CPU pinning documentation for VMs
lxd: Consider project’s restricted cluster groups during instance evacuation
lxd/db: Implement ToAPI for InstanceArgs
lxd/instances: Remove old retry logic
lxd/instance/drivers/qemu: Properly plumb I/O limits
lxd/cgroup: Add named results to ParseCPU and remove unnecesary type casting to int64
lxd/cgroup: Refactor srcType parameter in TaskSchedulerTrigger to use instancetype.Type instead of string
lxd/shared/validate: Add named results to ParseNetworkVLANRange and ParseUint32Range
tests: Add tests for limits.cpu.pin_strategy and limits.cpu config and profile settings
github: update apt definition in setup-microceph
github: tune docker firewall disablement to work on 20.04
github: drop extraneous space between commit hash and version comment in commit job
github: cope with no installed snaps in reclaim-disk-space action
github: free up more space in reclaim-disk-space action
lxd: Use tx.AddNodeToClusterGroup consistently
lxd/db/cluster: Remove unneeded generated DB code
test/suites: Add testing for cluster group init with multiple nodes
lxd/project/limits: Use InstanceList for queries
lxd/cluster: Replace deprecated Recover with ReconfigureMembership
lxd/state: Add LeaderInfo type and function to state.
lxd: Set LeaderInfo function in (*Daemon).State.
lxd: Update ACME handlers to use (*State).LeaderInfo.
lxd: Update cluster handlers to use (*State).LeaderInfo.
lxd: Update image sync task to use (*State).LeaderInfo.
lxd: Update instance handlers to use (*State).LeaderInfo.
lxd: Update operation prune task to use (*State).LeaderInfo.
lxd: Update database patch to use (*State).LeaderInfo.
lxd/apparmor: Update with new lxd binary location in sbin
lxc/launch: Start console if instance start was performed on server
lxd/db: Linter fixes
lxd/db/cluster: Differentiate errors returned by PendingTLSMetadata.
lxd: Remove expired pending TLS identities in token prune task.
lxd: Change log level to ‘warn’ for the token prune task.
lxd: Opportunistically remove invalid/expired pending TLS identities.
lxd/sys/os: add InUbuntuCore() helper
lxd/device/cdi: make it work in Ubuntu Core environment
lxd/instance/instance_utils: forbid nvidia.runtime with Ubuntu Core
lxd/device/gpu_physical: forbid CDI to be used with nvidia.runtime=true
lxd/device/cdi/spec: check that pc-kernel snap is connected properly
lxd/network: Consider volatile IP in ovnNetworkExternalSubnets
lxd/device/cdi: Fix the case of adding a CDI device with the ‘all’ identifier
lxc/completion: Rework instance config key completion functions
lxc: Handle interupts properly to clean spice socket and avoid accumulation
lxd: Deduplicate image file deletion
lxd: Add internal testing handler to trigger token prune task.
test/suites: Test that expired pending identities are removed when token is used.
test/suites: Test the token pruning task removes expired pending TLS identities.
test/suites: Test token prune task for certificate add token operations.
lxd/db: Implement DqliteDir
lxd/cluster: Use DqliteDir
lxd/cluster: Use DqliteDir
lxd/cluster/gateway_test: Use DqliteDir
lxd/cluster/recover: Use DqliteDir
lxd/cluster: Print last dqlite entry on gateway shutdown
doc: Determine which LXD member is most up to date
doc: Update MicroCloud reference
api: sort GET /auth/permissions response
lxd/device/cdi: update generateSpec signature
doc/tutorial: specify LXD snap
lxd/instance/drivers/lxc: downgrade “Failed to statfs” error to warning
lxd/instance/drivers/lxc: downgrade “SFTP server stopped with error” error to warning
lxd/device/cdi: use NVIDIA_DRIVER_ROOT env variable
docs: Improve Windows image conversion examples
docs: Fix bare URL line numbers in exception list
github: Remove unused matrix.go references
shared/simplestreams: Fix creation date parsing format
shared/simplestreams: Replace shared.ValueInSlice with slices.Contains
lxd/device/gpu_physical: Forbid any nvidia.* instance config option if the GPU device has been added through the CDI mode
docs: fix ovn ipv4/6 address description
github: Use cache in case Trivy DB download fails
lxd/networks: Emit lifecycle event for OVN networks
lxd/init: Set Target after network/storage lookup
test/suites: Test storage/network can be specified when targetting cluster group.
lxd/network/ovn: Properly handle uplink with disabled DHCP/DHCPv6
shared/api: Add TLSCertificate field to identity and identity PUT.
doc: Runs make update-api.
lxd/db/cluster: Add function to get certificate metadata from DB Identity.
lxd/db/cluster: Add TLSCertificate on Identity.ToAPI.
lxd: Return TLSCertificate when listing identities.
lxd: Factor out logic to add identity to request context from access handler.
lxd: Use allowAuthenticated for identity update handlers.
lxd: Return a 400 for invalid certificates.
lxd: Add method to validate an identities’ certificate and return their fingerprint and metadata.
lxd: Add certificate update functionality.
test/suites: Add tests for TLS identity certificate update.
lxd/instance/drivers: Make security.devlxd.images live-updatable.
lxd/instance/instancetype: Update doc security.devlxd.images config key.
{doc,lxd/metadata}: Runs make update-metadata.
lxd/auth/drivers: Mask errors returned by OpenFGADatastore.
test/suites: Use gen_cert_and_key in basic usage tests.
test/suites: Use gen_cert_and_key in remote admin tests.
test/includes: Remove gen_cert util.
lxd/auth/drivers: Add entitlement for viewing unmanaged networks.
lxd/auth: Runs make update-auth.
{doc,lxd/metadata}: Runs make update-metadata.
lxd/auth: Allow restricted TLS clients to view unmanaged networks.
lxd: Handle authorization for unmanaged networks.
test/suites: Include new server entitlement in tests.
doc/howto/initialize: fix broken link to maas docs
shared/usbid/parse: Match id’s type to Protocol and ClassCode
shared/usbid/parse: Use return expressions (revive)
shared/usbid/parse: Comment spacing (revive)
github: Fix snap scanning
lxd/instance/drivers/qemu: Add missing node name overflow handling
lxd/instance/drivers: Deduplicate operationStatusCode logic
lxd/instance/drivers: Reduce chance of races during statusCode
test/main: print apport crashes info
github: add download-minio action
github: download minio/mc using action and as late as possible
lxd/device: Update device option descriptions for usb to accurately convey compatibility with containers and vms
lxd/device: Update container only device options to use word container
lxd/device: Split required device option metadata for usb and unix-hotplug
doc: Update devices_unix_char docs to accurately convey device compatibility
doc: Update devices_unix_block docs to accurately convey device compatibility
doc: Update devices_unix_hotplug docs to accurately convey device compatibility
metadata: Run make update-metadata
lxc/completion: Don’t hide default completion command
Consume websocket pings for stderr
shared/entity: Add functions to create snapshot and backup URLs.
lxd/auth/drivers: Add snapshots and backups to authorization model.
lxd/auth/drivers: Clarify that “can_view” allows viewing snapshots and backups.
lxd/auth: Run make update-auth.
metadata: Run make update-metadata.
lxd/auth/drivers: Remove entitlement validation check.
lxd/db/openfga: Use entity types for parent-child relations.
lxd/db/openfga: Handle instance and storage_volume relations on Read.
lxd/db/openfga: Handle instance and storage_volume relations on ReadStartingWithUser.
lxd: Update instance backup and snapshot authorization checks.
lxd: Add location to storage volume details.
lxd: Parameterise the storagePoolVolumeTypeAccessHandler by entity type.
lxd: Update calls to the storage volume access handler.
lxd: Update storage volume snapshot and backup access checks.
test/suites: Add tests for storage pool used-by filtering.
Fix linter errors (revive: redefines-builtin-id).
test/deps: Add python script to search for panics in LXD logs.
github: unconditionally strip binaries and libs as late as possible
github: Move chmod of go.mod, go.sum before go mod download
Makefile: Bump min Go version to 1.23
doc: Update min go version to 1.23
test/includes: Add panic checker helper function.
test: All tests should be executed from TEST_DIR.
test/includes: Run the panic checker killing any LXD daemon.
test: Run the panic checker on cleanup before setting +e.
test/godeps: Update lists
Revert “api: Add ubuntu_pro_guest_attach API extension.”
Revert “shared/api: Add guest attachment API responses.”
Revert “lxd/ubuntupro: Return host guest attachment setting if instance setting is unset.”
Revert “lxd/ubuntupro: Add ubuntupro package.”
Revert “lxd/state: Add ubuntupro.Client to state.State.”
Revert “lxd/state: Add ubuntupro.Client to Daemon.”
Revert “lxd/instance/instancetype: Add ubuntu_pro.guest_attach to instance configuration.”
Revert “{doc,lxd/metadata}: Run make update-metadata.”
Revert “lxd: Add Ubuntu Pro handlers to devlxd.”
Revert “lxd-agent: Add Ubuntu Pro handlers to devlxd.”
lxc/warning: Take --all into account when parsing args
lxc/warning: Update lxc warning delete usage
lxc/warning: Delete all warnings
test/warnings: Test deleting all warnings
github: add install-lxd-runtimedeps action
lxd/device: Add support for discovering multiple unix hotplug devices
lxd/device: Clean up comments
lxd/device: Consolidate device matching logic to resolve inconsistent matching
github: replace lxc-templates by lxc-utils
github: explain why lxc.service and lxc-net.service (from lxc-utils) are masked before install
github: reduce runtime deps to a minimum
test/includes: Set ulimit before spawning LXD.
lxd/db/openfga: Update datastore comments to reflect change in model.
github: stop stripping libs and binaries
lxd: Don’t call pool.Driver() more than once.
test/suites: Test permission handling for instance and storage volume snapshots.
doc: fix defaultdesc format for instance configuration related to boot
lxd/api_metrics: Filter Operation query by node
lxd/db/cluster/warnings: Allow filtering by Node and Status
lxd/db/cluster: Run make update-schema
lxd/api_metrics: Use *state.State instead of time.Time on internalMetrics
lxd/api_metrics: Filter query for Warnings appropriately
test: Test for querying metrics on a cluster
test: Run test_clustering_metrics with cluster tests
github: Set core_pattern before running system tests.
github: Upload crash dumps if present.
Revert “test/main: print apport crashes info”
github: Set GOTRACEBACK=crash on system test runs.
github: Don’t purge aproxy snap when reclaiming disk space
api: Add gpu_cdi extension
doc: Add ‘passthrough’ to custom_wordlist.txt
doc: Add section on coredump inspection.
doc: Add new acronyms to wordlist.
lxd/instance/drivers/qmp: Return an error if no fd is found
api: Add images_all_projects extension
shared/api: Add project property to Image
lxd/images: Add support for all_projects
api: Run make update-api
lxc/client: Add GetImagesAllProjects function
lxc/client: Add GetImagesAllProjectsWithFilter function
lxc/image: Add --all-projects flag to list
Revert “lxd/instance/drivers/qmp: Return an error if no fd is found”
lxd/instance/drivers/driver/lxc: Instruct liblxc to use the lxd-stophook wrapper in the bin directory of the snap instead of sbin
lxd: Simplify allowAuthenticated
lxd/device/cdi: Rework ID parsing
lxd/device/gpu/physical: Update ToCDI usage
lxd/device/gpu/physical: Validate id during validation stage
test: Adds validation test for GPU CDI mode
lxd/storage: Remove security.shared from cephfs keys
lxd/metadata: make update-metadata
doc: make update-metadata
lxd/networks: Reworks networkStartup to accept a stateFunc
lxd: networkStartup usage
lxd/db/storage_pools: Use ‘cluster members’ instead of ‘nodes’
lxd: Log error on resultErrListAppend
lxc/completion: Update cmpInstanceKeys function to use metadata API
lxc/completion: Update cmpInstanceAllKeys to use metadata API
lxc/completion: Remove extraneous nospace completion directive from cmpInstances function
lxc/completion: Add cmpInstanceSetKeys function
lxd/device/device/interface: Fix typo
lxd/network/driver/bridge: Fix typo
lxd/network/driver/ovn: Fix typo
lxd/networks: Fix typo
lxd/instance: Lock image access
lxd/instance/drivers/driver/qemu: Fix nvram file update from 2MB OVMF and CSM mode
lxd/instance/instance_utils: Fix detection of suitable architecture when LXD is clustered
i18n: Update translation templates.
i18n: Update translations.
Revert “lxd/device: Disable VM CPU auto pinning”
gomod: Bump min version to 1.23.3 and update deps
github: Sync codeql workflow
github: Sync security workflow
github: Sync tests-snap workflow
github: Sync tests workflow
github: Sync triage workflow
test/suites: Improve grep usage in PKI tests.
lxd: Return a useful error if an identity token is sent to the certificate API.
lxc/remote: Update remote add to handle tokens issued by identities API.
test/suites: Parameterise authorization tests by remote name.
test/suites: Run fine-grained authorization tests for TLS identities.
test/suites: Test fine-grained TLS identities with PKI mode.
doc/howto: Don’t link client tokens to clustering tutorial.
doc: Authentication section under explanation should not contain how-tos.
doc/howto: Remove broken links.
doc/howto: Include fine-grained TLS identities in project confinement tutorial.
test/suites/remote: rework invalid protocol test
test/suites/remote: rework badtoken test
doc/howto: Fix argument order when adding permissions to a group.
test/suites: Simplify user_is_server_admin.
test/suites: Test that a server administrator can view unmanaged networks.
test: Add tests to test/suites/auth.sh for lxc image list --all-projects
Bump minimum version to 1.23.3 in docs and Makefile
shared/validate: Linter fixes
lxd/db/node: Linter fixes
lxd/db: Linter fixes
shared/api/instance: Introduce constants for source type
client/*: Replace hardcoded source types with constants
lxd/*: Replace hardcoded source types with constants
lxc/*: Replace hardcoded source types with constants
lxd-benchmark/benchmark/operation: Replace hardcoded source type with constant
lxd-to-lxd/main_migrate: Replace hardcoded source type with constant
lxd-migrate/main_migrate: Replace hardcoded source types with constants
lxc-to-lxd: Remove use of os.Exit in non-main function
lxd/project/limits/premissions: Do not overwrite builtin function with a variable
client: Fix unchecked assertions
client/lxd: Fix non-constant format string
i18n: Update translation templates.
i18n: Update translations.
build(deps): bump actions/cache from 4.1.2 to 4.2.0
build(deps): bump github/codeql-action from 3.27.5 to 3.27.6
build(deps): bump github.com/go-chi/chi/v5 from 5.1.0 to 5.2.0
build(deps): bump github.com/minio/minio-go/v7 from 7.0.81 to 7.0.82
build(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0
build(deps): bump github/codeql-action from 3.27.6 to 3.27.9
build(deps): bump tiobe/tics-github-action from 3.2.1 to 3.3.0
build(deps): bump actions/setup-go from 5.1.0 to 5.2.0
build(deps): bump github.com/openfga/openfga from 1.8.1 to 1.8.2
test/godeps: Update lists
build(deps): bump github.com/go-acme/lego/v4 from 4.20.4 to 4.21.0
build(deps): bump actions/upload-artifact from 4.4.3 to 4.5.0
build(deps): bump github/codeql-action from 3.27.9 to 3.28.0
build(deps): bump google.golang.org/protobuf from 1.35.2 to 1.36.1
lxd/patches: Strip white space in patchSplitIdentityCertificateEntityTypes
lxd/patches: Remove volatile.%.last_state.ip_addresses keys more efficiently
build(deps): bump golang.org/x/term from 0.27.0 to 0.28.0
build(deps): bump github.com/openfga/openfga from 1.8.2 to 1.8.3
build(deps): bump github.com/minio/minio-go/v7 from 7.0.82 to 7.0.83
build(deps): bump golang.org/x/oauth2 from 0.24.0 to 0.25.0
build(deps): bump github.com/osrg/gobgp/v3 from 3.32.0 to 3.33.0
gomod: Dep updates
test/godeps: Remove github.com/zitadel/oidc/v3/pkg/strings
doc: fix malformed ref to cloud-init docs
build(deps): bump github/codeql-action from 3.28.0 to 3.28.1
build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.0
build(deps): bump github.com/dell/goscaleio from 1.17.1 to 1.18.0
build(deps): bump golang.org/x/crypto from 0.31.0 to 0.32.0
build(deps): bump github.com/mattn/go-colorable from 0.1.13 to 0.1.14
build(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.2
build(deps): bump golang.org/x/tools from 0.28.0 to 0.29.0
chore(ci) add workflow to run e2e tests from lxd-ui
chore(ci) fix references to secrets
chore(ci) dynamic ui testsuite selection based on current branch
chore(ci) add ui tests as dependency for snap build
doc/guest-os-compatibility: 16.04 and 18.04 missing lxd-agent
lxd/device/tpm: simplify path/pathrm validation for VMs
lxd/device/tpm: remove condition on containers, VMs support them
lxd/device/usb: simplify serial validation
lxd/instance/instancetype/instance: simplify security.sev.session.{dh,data} validation
lxd/network/driver_common: simplify bgp password validation
lxd/storage/drivers/cephobject: simplify cephobject.bucker.name_prefix validation
lxd/storage/drivers/powerflex: simplify powerflex.domain validation
metadata: Run make update-metadata.
doc/howto/migrate_from_lxc: suggest switching to 5.21/stable after the migration
doc/howto/snap: don’t mention feature releases tracks
doc/howto/snap: replace latest/stable by 5.21/stable in example
doc/installing: suggest switching to 5.21/stable after using lxd.migrate from 5.0
doc/installing: promote the default channel as the recommended one
test/suites/image: grep -v should not be used for testing
test/suites/image: use more precise grep
lxd/device: Use device Clone() function rather than duplicate config copy logic
lxd/device: Fix comment typos
doc: Add noble package to Windows image conversion
doc: Update doclint exceptions
test/suites: Check that a restricted client certificate cannot view server configuration.
doc/support: detail the 3 levels of LTS support
doc/support: don’t mention latest/* or the now defunct 6.1/stable channels
doc/howto/snap: allow linking to cohort note
doc/installing: add note about cohort and installing specific rev
github: switch to 24.04 runners for snap step
lxd/storage: Add storage driver cache update to storagePoolCreateLocal function
github: add lp-snap-build action
client/lxd: Fix unnecessary error formatting
doc/cloud-init: clarify that size means quota
doc/explanation/clustering: clarify that size means quota
doc/explanation/storage: clarify that size means quota
doc/howto/initialize: clarify that size means quota
doc/howto/instances_backup: clarify that size means quota
doc/howto/storage_backup_volume: clarify that size means quota
doc/howto/storage_buckets: clarify that size means quota
doc/howto/storage_pools: clarify that size means quota
doc/reference/devices_disk: clarify that size means quota
doc/reference/storage_lvm: clarify that size means quota
doc/reference/storage_powerflex: clarify that size means quota
doc/reference/storage_zfs: clarify that size means quota
doc/tutorial/first_steps: clarify that size means quota
doc/tutorial/ui: clarify that size means quota
lxd/storage: Fix comment typo
Revert “github: add lp-snap-build action”
test: add markdown table with the duration of each test
github: pass GITHUB_STEP_SUMMARY variable to system tests
doc/images: Add OVN internal networking diagrams.
doc/reference: Add OVN internals documentation.
doc: Add OVN internals doc to internal section.
doc: Add spellcheck exceptions.
lxd/storage/drivers: Remove unnecessary fmt.Sprintfs
lxd/storage/drivers: Fix linter errors
doc: Change order of discourse links
github: Use cohort=“+” for trivy snap scan
github: (re)add lp-snap-build action
doc: Prefix discourse links with lxc:
Makefile: use git commit -S for siging the commit
Makefile: propose commit’ing generated files after make update-metadata
Makefile: propose commit’ing generated files after make update-gomod
Makefile: propose commit’ing generated files after make update-api
doc: Add VM live migration developer documentation
doc: Add VM live migration developer documentation to internals section
doc: Add spellcheck exceptions
lxc/storage_volume: Add comment on path argument
lxd/storage/drivers/zfs: zfs.delegate requires security.nesting=true to be useful
README: Remove monthly from feature release
SECURITY: Remove monthly from feature release
doc/installing: Clarified new features in LTS
doc/support: Removed monthly from feature release
doc/support: Clarified 6/stable series
doc/installing: Fix command tabbing
github: add ~/go/bin to system PATH in actions/lp-snap-build
github: another attempt at adding ~/go/bin to system path
doc/howto/network_load_balancers: fix lxc network load-balancer backend add command syntax
lxd: Deny creating an empty ISO volume
test: Can’t create empty iso volume
doc: ISO volumes can be created from copies
lxd: Remove lint exception for defer rule.
lxd/instance/operationlock/operationlock: fix typo Reusuable->Reusable
lxd/instance/drivers/driver_lxc: fix typo Reusuable->Reusable
lxd/instance/drivers/driver_qemu: fix typo Reusuable->Reusable
Makefile: fix syntax to allow make static-<tab> completion to work
Makefile: consistently use tabs
test/lint/licenses: always restore COPYING content even on check failure
test/lint/i18n-up-to-date: close stdin when calling make i18n
test/lint/metadata-up-to-date: silence noise
test/lint/metadata-up-to-date: simplify restoring file to their original content
Makefile: tell msgmerge to not use a progress reporter
doc/images: Update VM live migration implementation diagrams
doc/reference: Update VM live migration implementation image reference
lxc/config: Fix godoc typos
lxd: Fix linter errors (revive: exported).
shared/cmd: Fix linter error (revive: use-any).
github: add setup-microovn action
github: Add OVN environment variables when running test suite.
github: use actions/setup-microovn in system-tests
doc/howto/network_load_balancers: improve instructions and add examples
test/suites: Add initial OVN tests.
test: Run OVN test in standalone suite.
github: Add network_ovn to LXD_REQUIRED_TESTS.
github: Add OVN commands to PATH.
test/suites: Prefer jq on json to sed on yaml.
test/suites: Clean up OIDC user in oidc test.
doc: Update link prefix for doc/reference/storage_cephfs
lxd-agent: Remove defunct lint exceptions.
lxd/db/cluster: Remove defunct lint exceptions.
lxd: Remove defunct lint exceptions.
test/mini-oidc/storage: Remove defunct lint exceptions.
golangci: Add prealloc linter
github: Disable TICS temporarily
doc: Update metadata
lxc/cluster-enable: improve man page instructions
lxc/info: fix typo in man page
lxc/list: fix possible types in man page
lxc/list: fix typo in man page
lxc/move: fix missing word in man page
lxc/query: fix redundancy in man page
lxc/storage-volume-unset: fix typo in man page
i18n: Update translation templates.
i18n: Update translations.
doc/database: revise title to mention dqlite
doc/explanation/security: remove ‘about’ from title
doc/explanation/projects: revise title
doc/image-handling: revise title
doc/explanation/lxc_show_info: remove ‘about’ from title
doc/explanation/lxd_lxc: remove ‘about’ from title
doc/explanation/networks: revise title
doc/explanation/instances: remove ‘about’ from title
doc/explanation/performance_tuning: remove ‘about’ from title
doc/authentication: use page title as navlink text
doc/explanation/authorization: use page title as navlink text
doc/explanation/storage: remove ‘about’ from title & use as navlink text
doc/explanation/clusters: rename from clustering.md, update links/redirect
doc/cloud-init: add a note that recent cloud-init on older Ubuntu still doesn’t support modern keys
lxd/networks: Removes unused argument in doNetworkUpdate
lxd/project/project: Fix type in comment in NetworkAllowed
lxd/resources/cpu: Fix revive linter errors
github: Dont require UI tests to pass to build edge snap
Makefile: install goimports if missing during make update-schema
test/suites/sql: don’t count lines on expected empty output
test/suites/backup: remove || false on test that should succeed
test/suites/basic: remove || false on tests that should succeed
test/suites/projects: remove || false on test that should succeed
test/suites/container_devices_disk_restricted: remove || false on tests that should succeed
test/suites/clustering: remove || false on tests that should succeed
test/suites/filtering: remove || false on tests that should succeed
test/suites/container_devices_disk: remove || false on tests that should succeed
test/suites/devlxd: remove || false on test that should succeed
test/suites/snapshots: remove || false on test that should succeed
test/suites/snapshots: test lxc config get --property as well
test/suites/container_devices_nic_routed: rework command to fit on one line
test/suites/image_profiles: remove || false on tests that should succeed
test/suites/storage_snapshots: remove || false on test that should succeed
test/suites/storage_snapshots: test property get/set
test/suites/warnings: remove || false on tests that should succeed
test/suites/container_devices_nic_routed: use one liners to avoid confusing shellcheck
test/suites/container_devices_nic_routed: use more precise grep and shell comparison
Revert “github: stop scanning Python through CodeQL”
github: remove extra spaces to please yamllint
lxd/device: Add named return results to unixDeviceAttributes
lxd: Fix linter errors (revive: var-naming).
Makefile: goimports already does gofmt’s job
lxd/db/schema/update: Fix to support lxd in non-GOPATH locations
lxd/db/schema: Expect filename and package as arguments.
lxd/db/generate/db: Expect database kind as argument.
lxd/db/generate: Expect schema kind as argument.
lxd/db/cluster: Pass package and filename into schema.DotGo.
lxd/db/node: Pass package and filename into schema.DotGo.
lxd/db: Remove schema generation directive from db package.
lxd/db/cluster: Add schema generation directive to cluster package.
lxd/db/node: Add schema generation directive to node package.
lxd/db/schema: Update DotGo test.
lxd/db: Add freshschema package.
lxd-generate: Remove schema subcommand.
lxd/db/cluster: Immediately run goimports after generating file.
lxd/db/cluster: Update schema generation to use freshschema package.
lxd/db/node: Update schema generation to use freshschema package.
Makefile: Remove goimports from update-schema target.
lxd/db/cluster: Fix linter error (prealloc).
shared: Add IsMicroOVNUsed utility function
lxd/network/acl: Allow ‘ovnParseLogEntry’ to read a log input using an external timestamp
lxd/network/acl: Read OVN logs from systemd journal
acl: Pass request ctx to acl.GetLog function
doc: Describe how to manually connect the MicroOVN northbound connection to LXD
lxc: Fix format of identities in group edit help text.
lxc: Move note on editable fields to make it more prominent.
lxc: Fix lint error (prealloc).
shared/util: fix copy-n-pasto
doc/instance-exec: fix typo
lxd/instance_logs: fix typo in swagger comment
lxd/project/project: simplify string concatenation operations
shared/util: simplify string concatenation operations
lxd/instance_logs: simplify string concatenation operations
lxd/storage/drivers/lvm: avoid format specifiers in errors
shared/util_test: simplify if/else (revive)
lxd/db/instances: simplify GetNextInstanceSnapshotIndex()
lxd/db/instances: replace strings.Contains+strings.SplitN by strings.Cut
shared/cmd/table: RenderSlice linter fix
lxd/storage/drivers/lvm_utils: use named return values
lxd/storage/drivers/lvm_utils: simplify if/else with early return
lxd/db/storage_volumes: use strings.Cut() in RenameStoragePoolVolume()
lxd/db/storage_volumes: simplify GetNextStorageVolumeSnapshotIndex()
lxd/instance/instancetype/instance: simplify ValidName()
lxd/db/instances: use strconv.Itoa() where appropriate
lxd/db/instances: use simpler string concatenation
lxc/cluster: remove unused argument from command
lxc/storage_volume: Fix lxc storage volume snapshot command description
lxd/db/storage_volume_snapshots: use strings.Cut to avoid out of bound access
shared/util: os.CreateTemp() already returns a file with 0600 mode
lxc/file: pre-allocate files
test/mini-oidc: remove redundant return
test/mini-oidc: add missing trailing dots
test/mini-oidc: sort imports
lxd/cluster/notify: pre-allocate peers
test/mini-oidc/storage/oidc: use proper casing
test/mini-oidc/storage/oidc: define prompts with 0 length
test/mini-oidc: add comments to exported functions
test/mini-oidc: silence some lint problems
test/mini-oidc: drop unused param
lxd/init: omit unneeded nil checks
lxd/resources/network: simplify if/else with early return
lxd/resources/utils: simplify if/else with early return
shared/api/status_code: pre-allocate statusStrings
shared/api/resource: fix typo in comment
doc/rest-api: Refresh swagger YAML
lxd: lxd cluster show print bytes
lxd/storage: Remove redundant error check
lxd/linux/discard: Add ClearBlock
lxd/linux/discard: Remove leftover debugging
lxd/linux/discard: Use marker length for buffer
lxd/linux/discard: Add support for offset
lxd/linux/discard: Change marker to LXD in ClearBlock
lxd/linux/discard: Move ClearBlock to lxd/storage/block package
lxd/storage/block/discard: Check if size and offset are equal in ClearBlock
lxd/storage/drivers/driver/lvm/volumes: Run ClearBlock on all new thick block volumes
lxd/storage/drivers/driver/lvm/volumes: Clear new blocks on thick volume grow
lxd/storage/block/utils: Adds DiskBlockSize function
lxd/storage/drivers/driver/lvm/utils: Go linter fixes for thinPoolVolumeUsage
lxd/storage/drivers/driver/lvm/utils: Avoid use of inefficient fmt.Sprintf
lxd/storage/backend/lxd: Use the validated volume name from the DB record in RefreshCustomVolume
lxd/storage/backend/lxd: Pre-allocate slice in recoverMinIOKeys
lxd/db/cluster/entities: Ignore linter prealloc
i18n: Update translation templates.
i18n: Update translations.
github: add actions/reclaim-memory
github: use actions/reclaim-memory in tests job
lxd/devlxd: Adds concurrent safe GetConnUcred function
lxd/devlxd: Use concurrent safe pidMapper.GetConnUcred in hoistReq
lxd-agent: If the target path of a mount is relative, make it absolute.
gomod: Update dependencies
shared/cmd: Add ‘sql’ table format.
shared/cmd: Update RenderSlice for SQL format.
lxd: Add format flag to lxd sql command.
lxd: Use fmt.Sprint instead of fmt.Sprintf.
test/suites: Update lxd sql usage in authorization test.
test/suites: Update lxd sql usage in backup test.
test/suites: Update lxd sql usage in clustering membership test.
test/suites: Update lxd sql usage in clustering storage test.
test/suites: Update lxd sql usage in clustering network test.
test/suites: Update lxd sql usage in clustering remove raft node test.
test/suites: Update lxd sql usage in clustering image refresh test.
test/suites: Update lxd sql usage in oidc test.
test/suites: Add format tests and use csv for direct match in lxd sql test.
lxd/network/driver/ovn: Comment typo fix
lxd/network/driver/ovn: Prevent removal of uplink volatile IP settings when associated network IP address is populated
lxd/network/driver/ovn: Linter prealloc fix
test/suites/network/ovn: Check that volatile uplink IPs cannot be removed when associated network address is populated
lxd/network/acl: Use the journalctl wrapper script introduced in the LXD snap
build(deps): bump github.com/minio/minio-go/v7 from 7.0.83 to 7.0.84
build(deps): bump google.golang.org/protobuf from 1.36.2 to 1.36.3
build(deps): bump actions/upload-artifact from 4.4.3 to 4.6.0
Release LXD 5.21.3
lxc/image: Add GetImagesAllProjects and GetImagesAllProjectsWithFilter client functions and interfaces to simplestreams_images.go
test/suites/image: add test_image_list_remotes()
test/main: add test_image_list_remotes test to the standalone list
lxc/image: Ignore prealloc linter suggestion for now
Revert “lxc/image: Add GetImagesAllProjects and GetImagesAllProjectsWithFilter client functions and interfaces to simplestreams_images.go”
Revert “test: Add tests to test/suites/auth.sh for lxc image list --all-projects”
Revert “lxc/image: Add --all-projects flag to list”
Revert “lxc/client: Add GetImagesAllProjectsWithFilter function”
Revert “lxc/client: Add GetImagesAllProjects function”
Revert “api: Run make update-api”
Revert “lxd/images: Add support for all_projects”
Revert “shared/api: Add project property to Image”
Revert “api: Add images_all_projects extension”
lxd/db/images: prealloc linter fixes

Downloads

The release tarballs can be found on our download page.

Binary builds are also available for:

Linux: snap install lxd
MacOS: brew install lxc
Windows: choco install lxc

tomp · January 23, 2025, 2:54pm

LXD 5.21.3 is now in the 5.21/candidate snap channel for evaluation and will be promoted to the 5.21/stable channel soon.

LXD 5.21.3 LTS has been released

Introduction

Bug fixes and improvements

Nvidia GPU Container Device Interface (CDI) enabling iGPU passthrough

Improved VM conversion from external disk images

Fine-grained access management for TLS authenticated clients

API metrics for cluster health monitoring

CLI completion improvements

Prevent custom storage block volumes from being used concurrently by default (from Incus)

Instance start protection setting

Instance start after create API option (from Incus)

VM support for the security.devlxd.images setting

VM disk virtio-blk support (from Incus)

Per-project storage pool disk limits (from Incus)

New lxc file create sub-command (from Incus)

VM live migration with attached remote block storage volumes (from Incus)

VM live migration with attached remote block storage volumes (from Incus)

VM USB NIC passthrough (from Incus)

Support for unprivileged binfmt_misc namespacing (from Incus)

Network IP allocation and leases list improvements

OVN physical uplink native Linux bridge VLAN support

OVN persistent NIC ports

Logical CPU account available for instance placement scriptlets

Formalizing the metadata API

VM CPU core automatic pinning strategy option

LVM thick storage volumes are wiped on creation

LXD-UI advancements

Extended instance creation in the UI

New instance actions in the UI

Instance and profile configuration in the UI

Storage volume action additions to the UI

Semiotics in the UI

Permission improvements in the UI

Snap upgrade improvements

Updated minimum Go version to 1.23

Snap packaging dependency updates

Complete changelog

Downloads

VM support for the `security.devlxd.images` setting

New `lxc file create` sub-command (from Incus)