LXD 6.1 has been released

LXD News
,
1

Introduction

The LXD team would like to announce the release of LXD 6.1!

This is the first feature release in the new 6.x series.

Thank you to everyone who contributed to this release!

New features and highlights

Automatic IP allocation for OVN network forwards and load balancers

The OVN network forward and load balancers now support automatic IP allocation.

Previously when creating an OVN network forward or load balancer you had to specify the external listen address on the uplink network manually. However, this could be time consuming to figure out which IPs are available and in cases where an OVN network existed inside a project the user creating the network forward or load balancer may not have had sufficient access to see the available IPs on the uplink anyway.

To solve this the lxc network forward create and lxc network load-balancer create commands now accept an optional --allocate flag. This flag can take the value either ipv4 or ipv6 to instruct LXD to allocate an IPv4 or IPv6 address respectively.

LXD will look for an unused IP in the range(s) allocated for OVN network use on the uplink network and if one is available select it for the listen address.

VM automatic core pinning load balancing

Virtual machines that donā€™t explicitly specify the CPU cores to use will now have their QEMU processes automatically pinned to load balanced CPU cores by LXDā€™s instance scheduler. This mirrors the behaviour that LXD container processes follow. LXDā€™s scheduler will rebalance the CPU pinning configuration when instances are added, modified or removed. This change has been added to make VM performance more predictable for latency sensitive applications.

Note: On systems that have mixed performance and efficiency cores (P+E) you may find that VM performance is decreased due to the way LXD now pins some of the VMā€™s vCPUs to efficiency cores rather than letting the Linux scheduler dynamically schedule them. You can use the explicit CPU pinning feature if needed to avoid this.

Documentation: CPU Pinning

Dell Powerflex Storage Data Client (SDC) kernel driver support

It is now possible to use the Dell Powerflex Storage Data Client (SDC) kernel driver with LXD powerflex storage pools. This is an alternative to using NVME over TCP which is also supported.

To enable the SDC mode, set the powerflex.mode to sdc.
If the mode is not set, LXD will first try to use nvme mode and then fallback to the sdc mode.

Note that when using the SDC mode, LXD requires it to already be connected to the Dell Metadata Manager (MDM), as LXD does not set up the SDC connection itself.

Documentation: Dell PowerFlex

On demand kernel module loading from a container

Introduces support for container finit_module syscall interception that allows lazily loading Linux kernel modules from inside unprivileged container if module is in the allow list linux.kernel_modules and linux.kernel_modules.load is set to ondemand.

Removal of trust password feature

The core.trust_password server setting has been removed. This is to improve the security posture of LXD to avoid allowing the use of long-lived shared passwords for gaining access to the LXD API. This means that in order to add new clients to LXD one must now either add the certificates directly to the trust store or use join tokens.

Documentation: Trust TLS clients

Removal of hidden config option concept

Core server configuration can only be viewed by clients with admin permission.
This means that the feature to not return the value of certain fields that were deemed to be sensitive is not required anymore. This exceptional behaviour of the LXD API has now been removed so that all configuration fields behave in the same way (i.e the value of the setting is returned if the client has sufficient access rights). This change only affects the loki.auth.password setting.

Tighten container mknod syscall interception capability checks to align with kernel behaviour

When using LXDā€™s mknod syscall interception feature, the capability checks have now been tightened to align to what the host kernel normally does. This means that only a user with CAP_MKNOD in the containerā€™s initial user namespace can use it.

Documentation: System call interception

Drop DNS traffic to dnsmasq originating outside of the bridge network

LXDā€™s managed bridge networks provide a DNS service (dnsmasq) that listens on the bridge interface and is intended to provide DNS resolution for instances connected to that network only. By default LXD bridges are configured with NAT enabled and automatic RFC1918/ULA private subnet allocation. However if a bridge network is configured with a routable subnet then the dnsmasq DNS service could become reachable from outside of the bridge network.

To prevent this LXD managed bridge networks now add firewall rules to the host system to drop DNS traffic directed to the dnsmasq service that originates outside of the bridge network or the local host.

Support running VMs on hosts with >64 CPUs

An issue that prevented starting VMs on hosts that had >64 CPUs has now been fixed.
There remains a limit to the number of vCPUs that can be passed into a VM guest, which is currently at 256. But VMs can be started on hosts with >256 CPUs.

Long TPM and disk directory share device name VM support and hot unplug fixes

It was not possible to use tpm and disk directory share devices with VMs when their names were >27 characters or if they contained the / character. Longer names and names with / characters are now supported.

In order to achieve this support the mount tag used for virtiofs and 9p directory shares now uses escaping and hashing to keep the mount tag compatible with QEMU.

This means that the mount tag used for an existing disk device may change when you restart the VM after switching to this release. If you rely on the lxd-agent to mount directory shares then restarting the VM will result in the updated lxd-agent using the new mount tags. If you manually mount the directory share you may need to update the mount tag used inside the guest OS.

Device names containing the - character are now escaped to --, and the / character is escaped to -. If the total length of the name after escaping exceeds 27 characters then the mount tag will be a hashed value of the name.

Removal of armhf support for ceph

As part of our preparations for moving to the core24 base snap, ceph support for armhf architecture has been removed because it is no longer available in the Ubuntu Noble release.

Updated minimum Go version to 1.22.4

The minimum version of Go required to build LXD is now 1.22.4.

Complete changelog

Here is a complete list of all changes in this release:

Full commit list
  • update go dependencies
  • lxd/storage/drivers/driver/btrfs/volumes: Cleanup on failure in RefreshVolume
  • lxd: Add security headers and gzip compression for the /ui/ API route
  • lxd/auth: Remove can_view_configuration entitlement.
  • lxd: Populate server config for can_edit on server.
  • lxd/auth: Decrease log verbosity on GET requests with can_edit.
  • test/suites: Remove can_view_configuration from expected permission list.
  • lxd/auth: Prevent project modifications
  • test/suites: Add test cases for project modification.
  • github: fix branch target name/version extraction logic
  • lxd/device/nic_ovn: Only stop device if network is populated
  • client: Unset project when querying permissions.
  • doc: change link colour for dark mode
  • lxc/copy.go: remove impossible condition
  • doc: update to the current version of the starter pack
  • doc: work around circular dependency
  • doc/images/alias: fix CLI instructions for changing an alias
  • doc: install extra tools inside the environment
  • lxd/instance/drivers/driver/qemu: Restore 50MB tmpfs for lxd-agent as it will likely exceed 25MB
  • doc/UI: reword status of the LXD UI
  • lxd/db/openfga: Strip whitespace
  • lxd/auth: Donā€™t build authorizer drivers into lxd-agent
  • Makefile: consistently use pip
  • test/suites/basic: check version number format (X.Y.Z for LTSes, X.Y otherwise)
  • lxd/storage/s3/miniod: Specify a port for minio --console-address
  • lxc: Add context to socket access errors
  • lxc/file: Get owner mode only if --gid or --uid is unset
  • doc/devices/nic: add missing spaces
  • doc/devices/unix-*: add configuration examples
  • doc/explanation: Add authorization explanation page.
  • doc: Add instructions for OIDC clients post ā€˜access_managementā€™ extension.
  • doc: Update authentication page for authorization.
  • doc: Add links to authorization page.
  • doc: Add IAM related words to wordlist.
  • shared/api: Implement xerrors.Unwrap for StatusError.
  • lxd/auth: Wrap errors in api.StatusErrorf.
  • lxd/response: Wrap errors in api.StatusErrorf.
  • lxd: Wrap errors in api.StatusErrorf.
  • lxc: Wrap errors in api.StatusErrorf.
  • lxd/auth: Return appropriate HTTP error codes when getting request details.
  • lxd/request: Add a CtxTrusted context key.
  • lxd/auth: Get authentication status from request.
  • lxd/auth: Handle untrusted requests in authorizer.
  • lxd: Add trusted value to context.
  • lxd: Remove checkTrustedClient method.
  • lxd: Update allowAuthenticated access handler.
  • lxd: Remove call to checkTrustedClient.
  • lxd: Handle certificate creation from untrusted users.
  • lxd: Remove Authenticate call from operation wait handler.
  • lxd: Remove isTrustedClient call from image export handler.
  • lxd: Remove isTrustedClient call from image alias get handler.
  • lxd: Remove isTrustedClient call from image get handler.
  • lxd: Remove isTrustedClient call from images get handler.
  • lxd: Remove isTrustedClient call from images post handler.
  • lxd/project: Update cluster target restriction tests.
  • lxd/auth: Remove no-op methods from authorizer interface.
  • lxd/instance/drivers: Remove authorizer calls to no-op methods.
  • lxd/storage: Remove authorizer calls to no-op methods.
  • lxd: Remove authorizer calls to no-op methods.
  • lxd/storage/drivers/btrfs: Add createVolumeFromCopy for copy and refresh
  • lxd/storage/drivers/btrfs: Use createVolumeFromCopy when copying a volume
  • lxd/storage/drivers/btrfs: Use createVolumeFromCopy when refreshing a volume
  • doc/devices: add CLI examples for more device types
  • doc: except commands from the spelling check
  • lxc: Correctly parse remote when listing permissions.
  • lxd: Pre-check permissions when performing bulk state update.
  • scripts: Add bash completions for lxc auth
  • doc/devices/proxy: add CLI examples for proxy device
  • lxd: Improves efficiency of operation cancel with permission checker.
  • doc/devices/gpu: add configuration examples for gpu devices
  • lxd/patches: Add patchStorageSetVolumeUUIDV2
  • lxd/patches: Deactivate patchStorageSetVolumeUUID
  • lxd/storage/backend_lxd: Ensure new images have a volatile.UUID
  • lxd: Update X-Xss-Protection (deprecated) for Content-Security-Policy
  • lxd: add explanations on the security headers provided for the UI responses.
  • lxd/device/nic: fix default IP for routed NIC (ipv4.host_address)
  • lxdmetadata: update metadata
  • build(deps): bump github.com/mdlayher/ndp from 1.0.1 to 1.1.0
  • lxd: Add security response headers to documentation
  • lxd: enable server side gzip compression on all API routes
  • scripts/bash/lxd-client: use column to select the image alias
  • scripts/bash/lxd-client: fix lxc storage <TAB>
  • scripts/bash/lxd-client: add missing keys to lxc storage <TAB>
  • scripts/bash/lxd-client: show pool names on lxc storage info <TAB>
  • scripts/bash/lxd-client: Use long option names
  • lxd/instance/drivers/common: Clone the device config
  • scripts/bash/lxd-client: add missing args to lxc network completion
  • lxc: handle GetImage logic inside dereferenceAlias
  • i18n: update .pot files
  • doc/reference: reorder pages and update the landing page
  • doc/explanation: reorder pages and update the landing page
  • lxd/storage/drivers/btrfs: Clarify fallback in case UUID discovery times out
  • lxd/storage/drivers/btrfs: Move config modifications into FillConfig
  • doc/howto: reorder pages and update the landing pages
  • doc: update the start page and add links to sections
  • doc: fix exceptions for Markdown linter
  • lxd/patches: Add selectedPatchClusterMember for patch coordination
  • lxd/patches: Add patchStorageRenameCustomISOBlockVolumesV2
  • lxd/patches: Supersede patchStorageRenameCustomISOBlockVolumes
  • lxd/patches: Add patchStorageUnsetInvalidBlockSettingsV2
  • lxd/patches: Supersede patchStorageUnsetInvalidBlockSettings
  • instance/drivers/driver_lxc: do not set ā€œsoftā€ limit when hard limit is set
  • incusd/instance/qemu: Fix handling of > 64 limits.cpu
  • doc: workaround for undefined references
  • lxd/api: Revert gzip compression on API
  • lxd/storage/drivers/generic: Return cleanup hooks from genericVFSCopyVolume
  • lxd/storage/drivers/ceph: Use the revert pattern for local refreshes
  • lxd/storage/drivers/dir: Use cleanup hooks from genericVFSCopyVolume
  • lxd/storage/drivers/lvm: Use cleanup hooks from genericVFSCopyVolume
  • lxd/storage/drivers/powerflex: Use cleanup hooks from genericVFSCopyVolume
  • lxd/storage/drivers/zfs: Use cleanup hooks from genericVFSCopyVolume
  • lxd/storage/drivers/generic: Return cleanup hooks from genericVFSCreateVolumeFromMigration
  • lxd/storage/drivers/ceph: Use the revert pattern for migrations
  • lxd/storage/drivers/btrfs: Use cleanup hooks from genericVFSCreateVolumeFromMigration
  • lxd/storage/drivers/dir: Use cleanup hooks from genericVFSCreateVolumeFromMigration
  • lxd/storage/drivers/lvm: Use cleanup hooks from genericVFSCreateVolumeFromMigration
  • lxd/storage/drivers/powerflex: Use cleanup hooks from genericVFSCreateVolumeFromMigration
  • lxd/storage/drivers/zfs: Use cleanup hooks from genericVFSCreateVolumeFromMigration
  • lxd/storage/backend_lxd.go: remove unused parameters
  • lxd/api_internal.go: remove impossible conditions
  • lxd: Update instance types URL
  • build(deps): bump github.com/openfga/openfga from 1.5.0 to 1.5.1
  • lxd/shared/util: create function for applying device overrides
  • lxc/utils: create function for getting profile devices
  • lxd/api_internal: eliminate duplicated code
  • lxc/init: eliminate duplicated code
  • lxc/copy: apply profile expansion on device override
  • test: add test for device overriding on copy
  • i18n: update translations
  • grafana: connect nulls and use instant type where appropriate
  • grafana: add legend to stats
  • shared: Move ParseIPRange to shared/
  • lxd/network: Use shared.ParseIPRanges
  • actions: add notification for doc PRs
  • doc: remove nesting for the tutorial
  • actions: fix notification for doc PRs
  • doc/server settings: change display of /etc/sysctl.conf settings
  • api: Add storage_volumes_all extension
  • shared/api: Add Pool field to api.StorageVolume
  • lxd: Remove uncecessary parameter from URL function
  • shared/api: Update call to URL function
  • lxd: Remove uncecessary parameter from storagePoolVolumeUsedByGet
  • lxd: Update storagePoolVolumeUsedByGet usage
  • lxd/db: Update get volume query
  • lxd: Add endpoints to list all volumes
  • client: Add functions to get all volumes
  • lxc/storage_volume.go: Update lxc storage volume list
  • test: Add tests for listing volumes from all pools
  • i18n: Update translations
  • doc: Run make update-api
  • doc/config options: update the config option index
  • doc/config options: link to config options where possible
  • instances: fix typo in config option
  • doc/api extensions: link to config options
  • test/lint/client-imports: rename godeps.list file
  • test/lint/client-imports: export LC_ALL for predictable sorting
  • test/lint: add lxd-agent-imports
  • shared: Ignore invalid uid/gid values and truncate mode to perm bits
  • lxd: Update uid/gid/mode API docs
  • doc: Run make update-api
  • gitignore: Ignore all pycache under doc/
  • shared/ioprogress: Support simple readers
  • lxd/storage/drivers/btrfs: Report migration progress from receiver
  • lxd/storage/drivers/btrfs: Use daemons shutdown context
  • shared/api: Fix typo
  • lxd/api_metrics: Check individual project permissions if set
  • gitignore: Ignore all .bak
  • lxd/metrics: Use label aware permission check when filtering samples
  • lxd/api_metrics: Filter metrics by looping only once
  • lxd/auth/driver_tls: Allow viewing metrics for unrestricted metrics certs
  • lxd/db/cluster: Add identityTypeCertificateMetricsRestricted and identityTypeCertificateMetricsUnrestricted
  • lxd/db/cluster/identities: Handle unrestricted metrics certificates
  • shared/api/auth: Replace IdentityTypeCertificateMetrics with a restricted and unrestricted type
  • lxd/daemon: Use IdentityTypeCertificateMetricsRestricted and IdentityTypeCertificateMetricsUnrestricted
  • lxd/db/cluster/certificates: Use IdentityTypeCertificateMetricsRestricted and IdentityTypeCertificateMetricsUnrestricted
  • lxd/identity: Use IdentityTypeCertificateMetricsRestricted and IdentityTypeCertificateMetricsUnrestricted
  • lxd/auth/openfga: Extend can_view_metrics entitlement to projects
  • lxd/db/cluster/update: Fix updateFromV69
  • test/suites/auth: Update test to account for can_view_metrics
  • test/suites/metrics: Add restricted and unrestricted certificate tests
  • shared: Return new structure from ParseLXDFileHeaders
  • lxd: Refactor calls to shared.ParseLXDFileHeaders
  • client: Refactor calls to shared.ParseLXDFileHeaders
  • Suggested changes to the tutorial
  • build(deps): bump actions/checkout from 3 to 4
  • api: Add instances_files_modify_permissions extension
  • shared: Parse X-LXD-modify-perm header
  • lxd: Allow setting permissions for existing files via API
  • client: Send X-LXD-modify-perm on file POST
  • lxc/file: Set ModifyExisting when --mode, --uid, or --gid are passed
  • doc: Run make update-api
  • Revert ā€œdriver_lxc: Include running state in metricsā€
  • lxd/instance/drivers/lxc: default some metrics to 0 instead of -1
  • lxd/metrics: Replace lxd_containers and lxd_vms metrics by lxd_instances
  • incusd/instance/qemu: Set auto-converge on all migrations
  • incusd/device/disk: Remove bad comment
  • lxd/api_metrics: Make lxd_instances and internal metrics visible
  • tests: Fix metrics tests
  • gomod: Update dependencies
  • lxc/config/default: Add images remote for images.lxd.canonical.com
  • api: add image_restriction_nesting
  • doc/images: introduce requirements.nesting
  • internal/server/instance/lxd: add support for image.requirments.nesting
  • Formatting changes as per review
  • lxc: Make lxc init and lxd launch manpages more consistent
  • i18n: Update translations
  • Correct disk free to GiB
  • lxd/db: Remove ErrAlreadyDefined sentinel error.
  • lxd/db: Replace ErrAlreadyDefined with an api.StatusError.
  • lxd: Replace db.ErrAlreadyDefined with an api.StatusError.
  • lxd: Check for database conflicts using api.StatusErrorCheck.
  • lxd/instance: Check for database conflicts using api.StatusErrorCheck.
  • lxd/response: Remove dependency on lxd/db from lxd/response.
  • lxd/db: Update unit tests to check for 409 Conflict.
  • tests: Update test_remote_usage to check for existing image on images.lxd.canonical.com
  • test: Donā€™t use default 10GiB block volume in test_storage_volume_snapshots
  • lxd/auth: Add comments to the OpenFGA model describing entitlements.
  • lxd/auth/generate: Add logic for generating entitlement definitions.
  • lxd/auth: Adds entitlements file with go:generate directive.
  • Makefile: Adds update-auth make target.
  • lxd/auth: Runs make update-auth.
  • test/lint: Add linter to ensure generated file is up to date.
  • lxd/auth: Remove duplicated type and function definitions.
  • lxd/auth: Replace EntitlementProjectOperator with EntitlementOperator.
  • lxd: Update entitlement validation calls.
  • lxd/auth: Add a can_delete entitlement to identity.
  • lxd/auth: Add directly related user types to group entitlements.
  • lxd/auth: Run make update-auth.
  • test/suites: It should be possible to grant permissions against a certificate.
  • test/suites: Update list of server entitlements.
  • scripts/bash/lxd-client: add security.sev* instance keys
  • scripts/bash/lxd-client: sort and add missing global keys
  • scripts/bash/lxd-client: sort and add missing instance keys
  • lxd/instance/instance/utils: Align validation terminology with that used for volume name validation
  • lxd/instance/instance/utils: Indicate instance name is invalid
  • lxd/instance/instance/utils: Include instance name in ValidName
  • lxd/storage/utils: Adds ValidVolumeName function
  • lxd/storage/volumes: storagePools.ValidVolumeName usage
  • lxd/storage/backend/lxd: Adds validation of instance and volume names to CreateInstanceFromBackup
  • api: add container_syscall_intercept_finit_module api extension
  • lxd: add forksyscallgo helper
  • lxd/seccomp: add libcap dependency and helper
  • lxd/seccomp/seccomp: add finit_module interception code
  • lxd/instance/drivers/driver_lxc: add support for linux.kernel_modules.load
  • scripts/bash/lxd-client: add ā€œlinux.kernel_modules.loadā€ config option
  • run make update-metadata
  • lxd/devices: prepare for VMs dynamic core pinning support
  • instance/driver_qemu: implement SetAffinity()
  • instance/driver_lxc: get rid of redunant calls to cgroup.TaskSchedulerTrigger
  • instance/driver_qemu: call TaskSchedulerTrigger hook onstart/stop/update
  • lxd/storage/backend/lxd: Improve volume name validation in CreateCustomVolumeFromBackup
  • test/lint/godeps: rework dependency checking
  • Enable renovate bot
  • test/suites/container_devices_nic_bridged_filtering: silence SC2001
  • Makefile: use bash with shellcheck
  • build(deps): bump golang.org/x/crypto from 0.21.0 to 0.22.0
  • build(deps): bump github.com/osrg/gobgp/v3 from 3.24.0 to 3.25.0
  • build(deps): bump github.com/openfga/openfga from 1.5.1 to 1.5.2
  • build(deps): bump golang.org/x/oauth2 from 0.18.0 to 0.19.0
  • shared/simplestreams: Fix delta always using container rootfs as source
  • lxd/instances: Donā€™t start instances when evacuated
  • UI: Add canonical.com domain to content security policy, so the ui can load data from images.lxd.canonical.com
  • lxd/auth/openfga: If the entityType is TypeServer, no need to list the server objects
  • doc/instances: change link to instance types files
  • doc: add back information about images: remote
  • doc/storage: document how to list all storage volumes
  • lxd: GET /1.0/warnings should use the can_view_warnings entitlement.
  • lxd: Update internal warning create handler.
  • test/suites: Adds authorization test for viewing warnings.
  • instance/drivers/driver_qemu: wait until hotplugged vCPUs are visible
  • doc/api extensions: add links to config options
  • client: Fix permissions extension typo
  • test: Push permissions for existing files
  • scripts/bash/lxd-client: add completion to lxc pause
  • scripts/bash/lxd-client: lxc manpage is hidden, donā€™t autocomplete it
  • scripts/bash/lxd-client: add lxc rebuild and warning top commands
  • scripts/bash/lxd-client: complete lxc rebuild
  • scripts/bash/lxd-client: complete lxc warning
  • scripts/bash/lxd-client: sort some commands
  • scripts/bash/lxd-client: add lxc remote switch
  • lxd/storage/drivers/zfs: Fix refresh of VM volumes
  • instance/drivers/driver_qemu: move setCoreSched() into setCPUs()
  • lxd/db/images: Add UnsetImageCached to disable the cached field
  • lxd: ImageDownload now checks for an explicit copy operation and eventually uncache the image
  • lxd: Signal to ImageDownload when an explicit image copy is happening
  • tests/remote_usage: Add integration tests
  • renovate: disable Dependency Dashboard
  • renovate switch to recommended config preset
  • github: move renovate.json out of the root dir
  • github: check for lxd-agent binary size changes
  • lxd/api/metrics: Donā€™t repeatedly call instance.Project() in metricsGet
  • lxd/api/metrics: Fix crash due to absent locking in metricsGet
  • lxd/api/metrics: Avoid repeated calls to wg.Add in metricsGet
  • lxd/config/default: Add images to DefaultRemotes
  • lxd-benchmark: Improve error reporting in LaunchContainers
  • test: Add additional checks for stopped instances in metrics tests
  • lxd/api/metrics: Use api.ProjectDefaultName constant in metricsGet
  • github: check both lxc and lxd-agent binary sizes
  • build(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0
  • start the DNS listener after the networks are started
  • updated the network_zone test to include a restarting the server case
  • lxd/device/device_utils_disk: fix diskAddRootUserNSEntry to add root mapping only if itā€™s required
  • doc/file push: include information about permission flags
  • doc: clarify relation between proxy devices and network forwards
  • lxd: added an error message with link of the LXD documentation when lxd-ui is disabled
  • scripts/bash/lxd-client: add ā€œlxc operationā€ command
  • scripts/bash/lxd-client: fix ā€œlxc restoreā€ completion
  • scripts/bash/lxd-client: add missing quotes and ā€“
  • scripts/bash/lxd-client: add ā€œlxc warningā€ command
  • scripts/bash/lxd-client: complete ā€œlxc imageā€ subcommands
  • scripts/bash/lxd-client: add ā€œlxc aliasā€ command
  • README: add MicroCloud to the list of tools for managing LXD
  • README: add Bolt and Packer to the list of tools for managing LXD
  • fix(deps): update module github.com/openfga/openfga to v1.5.3 [security]
  • doc/faq: add an entry about ZFS 2.1 being required
  • Makefile: fail if any test/lint files are not executable
  • Makefile: fail if any test/lint files are missing the .sh extension
  • test/lint: make godeps.sh executable
  • test/lint/godeps: display diff on failure
  • test/godeps/lxd-agent: remove github.com/golang/protobuf/proto
  • doc/ovn: include networking architecture figures
  • doc/ui: add instructions for enabling or disabling the UI
  • github: add package arg to lxd-snapcraft
  • github: use non-shallow clones for differential shellcheck
  • github: be stricter with shellcheck
  • fix(deps): update github.com/openfga/language/pkg/go digest to dc43b60
  • fix(deps): update go.starlark.net digest to 9b43f0a
  • lxd: Use pool name from DB entry in permission check.
  • test/suites: Check that authorization is working for /1.0/storage-volumes.
  • build(deps): bump github.com/miekg/dns from 1.1.58 to 1.1.59
  • doc/storage: fix import command
  • scripts/bash/lxd-client: add ā€œlxc config device overrideā€
  • lxd/storage/drivers/lvm: Fix source.wipe
  • doc: pin version of myst-parser
  • lxd/db: Update GetStoragePoolVolumes to use StorageVolumeFilter.PoolID
  • lxd/storage_volumes: Optimize database calls on storagePoolVolumesGet
  • lxd/storage: Update GetStoragePoolVolumes usage
  • lxd: Rename GetStoragePoolVolumes to GetStorageVolumes
  • shared/api: Switch server config to map[string]string
  • lxc: Update for server config type
  • lxd/config: Update for server config type
  • lxd/node: Update for server config type
  • lxd/cluster: Update for server config type
  • lxd/instance: Update for server config type
  • lxd/network: Update for server config type
  • lxd/project: Update for server config type
  • lxd/db/cluster: Update for server config type
  • lxd: Update for server config type
  • lxc: Fix cluster enable check
  • lxd/cluster/config: Donā€™t hide LOKI password
  • lxd/cluster/config: Donā€™t hide trust password
  • lxd/config: Remove concept of Hidden config
  • test: Fix setting block.* tests
  • lxd/storage/drivers/zfs: filter redundant options on ensureInitialDatasets
  • lxd/config: Fully remove Hidden configs
  • rest-api: Update ServerPut definition
  • lxc/init: add a device override example
  • lxc/launch: add a device override example
  • i18n: Update translations
  • Makefile: have dqlite build raft
  • github: update env vars now that dqlite builds raft
  • doc/installing: update env vars now that dqlite builds raft
  • doc/installing: remove traces of raft being a separated lib
  • Makefile: remove vendored raft lib from dist target
  • Makefile: remove outdated comment
  • fix(deps): update github.com/dustinkirkland/golang-petname digest to eebcea0
  • fix(deps): update github.com/openfga/api/proto digest to 619029c
  • doc: unpin version of myst-parser
  • build(deps): bump github.com/minio/minio-go/v7 from 7.0.69 to 7.0.70
  • doc: add lxd group creation to installation process
  • doc: add user addition to lxd group to intallation process
  • doc/ovn: update OVN networking diagrams to work on dark background
  • doc/howto/benchmark_performance: s/22.04/24.04/g
  • doc/howto/cluster_groups: s/22.04/24.04/g
  • doc/howto/cluster_manage_instance: s/22.04/24.04/g
  • doc/howto/images_manage: s/22.04/24.04/g
  • doc/howto/images_remote: s/22.04/24.04/g
  • doc/howto/instances_create: s/22.04/24.04/g
  • doc/howto/instances_routed_nic_vm: s/22.04/24.04/g
  • doc/howto/network_ovn_setup: s/22.04/24.04/g
  • doc/howto/projects_work: s/22.04/24.04/g
  • doc/tutorial/first_steps: s/22.04/24.04/g
  • lxc/init: s/22.04/24.04/g
  • lxc/launch: s/22.04/24.04/g
  • lxc/main: s/22.04/24.04/g
  • lxd-benchmark/main: s/22.04/24.04/g
  • i18n: Update translations
  • shared/api/image: s/22.04/24.04/g
  • shared/api/instance: s/22.04/24.04/g
  • shared/api/server: s/22.04/24.04/g
  • doc/reference/image_format: s/22.04/24.04/g and s/jammy/noble/g
  • doc/rest-api: run make update-api
  • Add page describing lxc show and info
  • lxc: If the volume ContentType is ā€˜filesystemā€™, args[1] is the device name and args[3] its path
  • lxc: if the volume ContentType is ā€˜filesystemā€™, ensure the argument used for the device path is an absolute path
  • i18n: Update translation files
  • doc: fix topical build
  • test/README: Document LXD_VERBOSE
  • doc/requirements: mention that HW support is required for running VMs
  • Add device override to howto instance conf
  • api: device_usb_serial
  • shared/api: Add Serial to ResourcesUSBDevice
  • lxd/resources: Add USB Serial
  • lxd/device/usb: Add serial, busnum and devnum options
  • lxdmetadata: update metadata
  • github: Ensure lxd metadata can update the needed files during static analysis check
  • doc/rest-api: Refresh swagger YAML
  • added reference page for complete preseed yaml fields; how to form a cluster and how to initialize lxd linked to complete preseed yaml fields
  • remove trailing space; add blank line at EOF
  • add ā€˜storage_volumesā€™ to the YAML
  • api: Add network_allocate_external_ips extension.
  • lxd/network: Return listen address when creating load-balancer or forward.
  • lxd/network: Add a util for getting a random IP address within a subnet.
  • lxd/network: Add unit test for random address util.
  • lxd/network: Add a util to the OVN driver to get an available external address.
  • lxd/network: Add auto-allocation logic to OVN network forwards.
  • lxd/network: Add auto-allocation logic to OVN network load-balancers.
  • lxd/network: Return an unimplemented error for auto-allocation in bridge driver.
  • client: Check for API extension if listen address is unspecified.
  • lxc/config: Adds a GetInstanceServerWithTransportWrapper method.
  • client: Allow setting the transport wrapper on a unix client.
  • client: Update calls to unixHTTPClient.
  • lxc: Add a transport wrapper for inspecting Location headers.
  • lxc: Add --allocate flag and make listen address optional.
  • i18n: Update translations.
  • doc/howto: Update how-tos for network forwards and load-balancers.
  • doc: Update mdl exceptions list.
  • doc/instances: add UI instructions for creating instances
  • doc/instances: update UI instructions for configuring instances
  • doc/profiles: add UI instructions for using profiles
  • doc/instances: add UI instructions for troubleshooting instances
  • doc/ui: update console screenshot for Noble
  • doc/instances: update instructions for accessing files for UI
  • doc/instances: add UI instructions for running commands
  • doc/instances: add UI instructions for accessing the console
  • doc/instances: add UI instructions for adding a routed NIC
  • doc/instances: add UI instructions for backing up instances
  • doc/instances: clarify moving instances only works in CLI
  • doc: tinify images
  • doc/api-extensions: link config options
  • grafana: Refresh dashboard
  • test/suites/auth: Add checks for can_edit on server and storage_pool config
  • lxd/device/usb: Donā€™t require USB devices to have a serial file
  • lxd/fsmonitor/drviers/driver/fanotify: Donā€™t log error during shutdown
  • doc/howto/grafana: Minor tweaks
  • doc/metrics: provide non-snap instruction on how to restart prometheus
  • doc/images: remove outdated grafana dashboard ID capture
  • grafana: Better filter Loki events by project
  • lxd/daemon: Use hostname as default instance property on standalone systems
  • lxd/loki: Re-order config fields
  • lxd/loki: Allow overriding the location field
  • lxd/daemon: Set location field to local hostname on standalone systems
  • lxd_metadata: Annotate network zone properties
  • lxd_metadata: Annotate network ACL properties
  • lxd_metadata: Annotate network forward properties
  • lxd_metadadta: Annotate network load balancer properties
  • lxd_metadata: Annotate network peering properties
  • doc: Update doc to insert generate property tables
  • doc/network_forwards: update line numbers for linter exceptions
  • lxd_metadata: update metadata
  • doc/networking: add back table that went missing
  • lxd/storage/drivers/btrfs: Correctly detect raw disks
  • test/suites/storage: source.wipe for lvm, btrfs, zfs
  • lxd/storage/drivers/utils: fsUUID returns err for missing UUID
  • fix(deps): update module github.com/openfga/language/pkg/go to v0.0.0-20240429103126-f3e71ca3287d
  • fix(deps): update module k8s.io/utils to v0.0.0-20240502163921-fe8a2dddb1d0
  • fix(deps): update module github.com/osrg/gobgp/v3 to v3.26.0
  • fix(deps): update module github.com/openfga/api/proto to v0.0.0-20240501220219-2b164f5813a7
  • build(deps): bump golang.org/x/oauth2 from 0.19.0 to 0.20.0
  • build(deps): bump google.golang.org/protobuf from 1.33.0 to 1.34.0
  • test: add new dependency to lxd-agent
  • build(deps): bump golang.org/x/text from 0.14.0 to 0.15.0
  • build(deps): bump golang.org/x/sys from 0.19.0 to 0.20.0
  • doc: configure cloud-init from a file
  • Apply suggestions from code review
  • Update network_increase_bandwidth.md document with details for u18.04+
  • build(deps): bump golang.org/x/term from 0.19.0 to 0.20.0
  • doc/images: add UI instructions for dealing with images
  • Makefile: stop building lxd-migrate and lxd-agent in build target
  • Makefile: add lxd-metadata target
  • Makefile: stop building lxd-metadata in build target
  • Makefile: add lxd-metadata as a dependency for build target
  • Makefile: rename build target to lxd and add build as alias
  • Makefile: add all target to build the client, lxd, lxd-agent and lxd-migrate
  • github: drop invalid ref to matrix.go in snap edge build step
  • github: specify which make target to use when building LXD
  • Makefile: add lxd-benchmark target
  • Makefile: add lxd-benchmark to all target
  • Makefile: default to building all binaries: lxc, lxd, lxd-agent, lxd-benchmark and lxd-migrate
  • doc/howto/instances_troubleshoot: rename container to avoid confusion
  • doc/howto/instances_troubleshoot: add instructions for debugging systemd
  • build(deps): bump golang.org/x/crypto from 0.22.0 to 0.23.0
  • build(deps): bump google.golang.org/protobuf from 1.34.0 to 1.34.1
  • lxd/storage/drivers: Add volume param to roundVolumeBlockSizeBytes
  • Update module github.com/openfga/language/pkg/go to v0.0.0-20240513164614-7d0da9bc9c63
  • lxd: Only allow force stop for frozen instances
  • lxd: instance start also unfreezes
  • lxd: instances_put start unfreezes instances
  • test/basic: Add freeze tests
  • Update doc/howto/network_increase_bandwidth.md
  • Update doc/howto/network_increase_bandwidth.md
  • Update doc/howto/network_increase_bandwidth.md
  • Update doc/howto/network_increase_bandwidth.md
  • Update network_increase_bandwidth.md
  • Update network_increase_bandwidth.md
  • Update doc/howto/network_increase_bandwidth.md
  • lxd: Add int upper bound check
  • doc/contributing: remove note about configuration options
  • lxd/cluster: Add int upper bound check
  • doc: Add network list-leases to IPAM How-to
  • Update doc/howto/network_increase_bandwidth.md
  • Update doc/howto/network_increase_bandwidth.md
  • Update doc/howto/network_increase_bandwidth.md
  • test/lint: Reintroduce --whole-files linter flag.
  • github: run the doc link checker on PRs only
  • doc: fail doc-lint if unneeded exceptions are present
  • doc: remove now unneeded exception
  • Makefile: bind http server to 127.0.0.1 instead of 0.0.0.0
  • lxd: Fix double unlock of the task groupā€™s mutex
  • lxd/task: Group usage comment
  • fix(deps): update module github.com/checkpoint-restore/go-criu/v6 to v7
  • fix(deps): update module github.com/juju/gomaasapi to v2
  • doc: Add a page about dqlite troubleshooting
  • lxd/network/openvswitch/ovn: Workaround OVN load_balancer table index issue by deleting records by UUID
  • lxd/storage/drivers/zfs: Round to zfs.blocksize or 16KiB
  • lxd/storage/drivers: Refactor volume size rounding logic
  • test/storage: Add non-power-of-two sized storage check
  • lxd/storage/drivers: Fix linter errors
  • lxd/network/openvswitch/ovn: Removes unused switches argument from LoadBalancerApply
  • lxd/network/driver/ovn: Removes unused switches argument to client.LoadBalancerApply calls
  • lxd/network/openvswitch/ovn: Fix linter suggestion in LogicalSwitchDHCPv4RevervationsGet
  • lxd/network/openvswitch/ovn: Only add ā€“ if needed in LoadBalancerApply
  • lxd/instance/drivers: Remove unreachable condition
  • lxd: remove unused parameters from instance.go
  • lxd: Remove unused parameter from ensureDownloadedImageFitWithinBudget
  • Revert ā€œlxd: Update for server config typeā€
  • Revert ā€œlxd/db/cluster: Update for server config typeā€
  • Revert ā€œlxd/project: Update for server config typeā€
  • Revert ā€œlxd/network: Update for server config typeā€
  • Revert ā€œlxd/instance: Update for server config typeā€
  • Revert ā€œlxd/cluster: Update for server config typeā€
  • Revert ā€œlxd/node: Update for server config typeā€
  • Revert ā€œlxd/config: Update for server config typeā€
  • Revert ā€œlxc: Update for server config typeā€
  • doc/howto/logs_loki: loki.instance needs to match the Prometheus job name
  • Revert ā€œshared/api: Switch server config to map[string]stringā€
  • rest-api: Update server config properties to be of type any
  • lxd/config: Record error if type assertion fails
  • lxc: Fix indent-error-flow by removing the else block
  • i18n: Update translations
  • lxc: Allow comparison of interface with bool
  • lxd/cluster: Prefer not to defer chains of function calls
  • lxd/main: Add missing comments for exported functions
  • lxd/cluster: Remove redundant import alias
  • lxd/config: Update error messages
  • lxd/config: Update tests with latest error messages
  • lxd/cluster/config: Update error messages
  • lxd/cluster/config: Update tests with latest error messages
  • doc/howto/instances_create: add CLI instructions to enable the LXD agent in manually installed VMs
  • doc/howto/instances_create: 1 CPU/1GiB/8GiB is too tight for desktop VMs
  • fix(deps): update github.com/openfga/language/pkg/go digest to 9e3bd7a
  • doc/dqlite: small doc cleanup
  • doc/instances: make instructions for ISO VM consistent for API & CLI
  • lxd/storage/btrfs: Fix btrfs argument order
  • lxd/storage/btrfs: add space after comment marker
  • doc/cloud-init: use tabs for API/CLI instructions
  • doc/cloud-init: add instructions for the UI
  • doc/cloud-init: move instructions for enabling the LXD agent
  • test/storage: Remove zfs rounding test
  • po: remove outdated ā€œManipulate container images.\nā€ section
  • po: remove outdated ā€œIf this is your first run, ā€¦ā€ section
  • lxd/instance/drivers/driver_qemu: properly calculate VHOST_VSOCK_SET_GUEST_CID
  • Update metrics.md to add symbolic link from current/tls to common/tls as the work around so that Prometheus can find the .crt & .key files in the tls folder.
  • test/suites/auth: Use server config keys that contain actual passwords
  • storage/drivers/driver_btrfs_utils: properly calculate BTRFS_IOC_SET_RECEIVED_SUBVOL
  • lxd/devices: properly handle cpu.limit for VM-type instances in deviceTaskBalance()
  • shared/idmap: Make get_userns_fd configure the userns
  • idmap/shift_linux: fix a bunch of go linter warnings
  • lxd/devices: fix a bunch of linter errors
  • doc/substitutions: simplify yaml formatting and alpha-sort
  • doc: effectively joining the lxd group requires to log out/in
  • build(deps): bump github.com/go-acme/lego/v4 from 4.16.1 to 4.17.3
  • build(deps): bump github.com/jaypipes/pcidb from 1.0.0 to 1.0.1
  • doc: update to the current version of the starter pack
  • doc: change Makefile structure
  • doc: fix woke failure
  • lxd/seccomp/seccomp: tighten capability checks a bit
  • lxd/seccomp: fix a bunch of linter errors
  • lxd/network/driver_bridge: check the right error code when killing dnsmask
  • lxd/network/driver_bridge: check the right error code when killing forkdns
  • lxd/network/driver_bridge: remove redundant error checking
  • lxd/network/common: remove unused clientType param for delete()
  • lxd/network/utils: remove unused s param for usedByProfileDevices()
  • lxc/info: remove unused remotes param for instanceInfo()
  • lxd/cluster: remove unused cert param for loadInfo()
  • lxd/storage/filesystem/fs: check for error when detecting btrfs
  • lxc/list: remove unused conf param to listInstances()
  • lxc/file: remove redundant error checking
  • lxc/list: remove unused cInfo param to matchByNet()
  • lxc-to-lxd: remove unused op param to transferRootfs()
  • lxd-agent: remove unused debug param
  • lxd-agent: remove unused daemon param to get*Metrics()
  • lxd/apparmor: remove unused sysOS param to *Profile()
  • lxd/apparmor/qemuimg: fix error check when creating subprocess
  • lxd/auth/openfga: check error only once
  • lxd/db/cluster/update: remove redundant error check
  • lxd/db/generate/file/write: remove unused imports param to resetInterface()
  • lxd/db/generate/db/stmt: remove unused filters param to register()
  • lxd/db/generate/README: fix some markdownlint warnings
  • lxd/db/query/slices: remove unused typeName param to scanSingleColumn()
  • lxd/db/networks: remove unused tx param to getNetworkConfig()
  • lxd/db/storage_pools: remove unused tx param to getStoragePoolConfig()
  • lxd/db/storage_pools: remove duplicated error checking in getStoragePool()
  • lxd/device/device_utils_network: remove tautological nil check
  • lxd/device/nic_ovn: remove unused uplink param to setupHostNIC()
  • lxd/device/proxy: check the right error code when killing forkproxy
  • lxd/dns/debug: remove unused zone param to debug()
  • lxd/firewall/firewall_load: remove tautological check and remove dead code
  • lxd/instance/drivers/qemu: avoid dereferencing nil
  • lxd: remove unused forcecheck param to storageStartup()
  • lxd/instance/drivers/qemu_metrics: remove unused monitor param to getQemuMemoryMetrics()
  • lxd/daemon_storage: remove unused storageType param to mount()/umount()
  • lxd/instance/drivers/common: remove unused stateful param to validateStartup()
  • lxd/instance/drivers/qemu: remove unused configCopy param to deviceAttachNIC()
  • lxd/instance/drivers/qemu: remove unused configCopy and mount params to deviceAttachPath()
  • lxd/instance/drivers/qemu: remove unused deviceName and configCopy params to deviceAttachBlockDevice()
  • lxd/instance/drivers/qemu: remove unused rawConfig param to deviceDetachPath()
  • lxd/instance/drivers/qemu: remove unused rawConfig param to deviceDetachBlockDevice()
  • lxd/instance_file: remove unused s and r params to instanceFileHead()
  • lxd/instance_file: remove unused r param to instanceFileDelete()
  • lxd/main_forkproxy: remove unused timeout param to genericRelay()
  • lxd/storage/drivers/cephobject: remove unused bucket param to radosgwadminBucketSetQuota()
  • gomod: drop unused mods: checkpoint-restore/go-criu/v7 and juju/gomaasapi/v2
  • lxd/instance/drivers/driver_qemu: Fix indentation.
  • lxc/file: simplify loop by continuing early
  • lxc/list: remove duplicated comment marker
  • lxc/list: return early in loop
  • lxd/apparmor/dnsmasq: omit unneeded type declaration
  • lxd/apparmor/forkdns: omit unneeded type declaration
  • lxd/apparmor/forkproxy: omit unneeded type declaration
  • lxd/apparmor/qemuimg: omit unneeded type declaration
  • lxd/apparmor/qemuimg: add space after comment marker
  • lxc-to-lxd/main_migrate: return early in loop
  • lxd/main_forkproxy: UDP should be capitalized
  • lxd/storage/drivers/cephobject_buckets: fix comment for CreateBucketKey()
  • lxd/instance_file: remove uneeded else clauses
  • lxc/list: unexport architectureColumnData()
  • lxc/list: unexport storagePoolColumnData()
  • lxc/list: unexport createdColumnData()
  • lxc/list: unexport numberOfProcessesColumnData()
  • lxc/list: unexport profilesColumnData()
  • fix(deps): update github.com/openfga/language/pkg/go digest to f5fc1d6
  • lxc/list: unexport lastUsedColumnData()
  • lxc/list: add comments to exported functions
  • lxc/file: add comments to exported functions
  • lxc/info: add comments to exported functions
  • lxd/main_forkproxy: add comments to exported functions
  • lxc-to-lxd/main_migrate: add comments to exported functions
  • lxd-agent: add comments to exported functions
  • lxd/apparmor/qemuimg: add comment to exported function
  • lxd/device/device_utils_network: add space after comment marker
  • Update grafana.md
  • doc: replace the doc cheat sheet
  • doc: move handling of additional prereqs to Makefile.sp
  • doc: update documentation checks
  • lxc: Unexport all Run and Command methods (exported).
  • lxc: Unexport remaining methods from lxc command structs (exported).
  • lxc: Remove deferred statements from loops (defer).
  • lxc: Fix datarace in lxc file get (datarace).
  • lxc: Use named returns where appropriate (confusing-results).
  • lxc: Check all type assertions (unchecked-type-assertion).
  • lxc: Replace interface{} with any (use-any).
  • lxc: Return early where possible (early-return).
  • lxc: Fix comments (comment-spacings).
  • lxd/apparmor/lxc: Fix rule syntax
  • doc: update the documentation for the doc framework
  • Update doc/howto/grafana.md
  • Update doc/howto/grafana.md
  • Update doc/howto/grafana.md
  • lxd/network: Pass bridge ips to Firewall.NetworkSetup
  • lxd/firewall: Drop DNS traffic to dnsmasq originating outside the bridge
  • test: Ensure dns traffic from external source is dropped
  • lxd/firewall: Fix linter errors
  • doc: clean up the wordlist
  • doc: update links to the MicroCloud website
  • doc: turn on colours for the link checker and doc build on GitHub
  • doc: output the broken links if the linkcheck fails
  • lxd/instance/drivers: Rename blockNodeName to generateQemuDeviceName
  • lxd/isntance/drivers: Use qemuDeviceNamePrefix for blockdevs and netdevs
  • lxd/instance/drivers: Use generateQemuDeviceName for device tags
  • lxd/instance/drivers: Indicate device name max length with variable
  • doc/Makefile.sp: replace subshell by command group
  • lxd/apparmor/lxc: Tweak rule syntax
  • lxd/network: Include error type in function comment.
  • lxd/network: Return boolean from address validator.
  • lxd/network: Use switch statement instead of multiple stanzas.
  • lxd/network: Refactor bridge network forward creation to use pattern from ovn.
  • lxc/config: Fix method name in doc block.
  • lxc: Validate location header and listen address.
  • lxd/network: Use net.IP argument to checkAddressNotInUse.
  • doc/images: replace distrobuilder with LXD image builder
  • doc/server: add UI instructions for configuring server settings
  • lxd/auth: Remove project from request details.
  • lxd/auth: Remove project access check in TLS GetPermissionChecker.
  • lxd/project: Raise error level of GetPermissionChecker err.
  • lxd/project: Continue loop if GetPermissionChecker fails.
  • test/suites: Test for project used-by filtering for restricted TLS clients.
  • lxd/auth/entity: Moved generated entitlements and some helper types/functions into own package
  • lxd/dev/openfga: Move openfga datastore to own package to avoid unnecessary dependencies elsewhere
  • lxd/daemon: Use github.com/canonical/lxd/lxd/db/openfga
  • lxd-agent/devlxd: Removes unused reference to daemon.Debug
  • lxd: Use github.com/canonical/lxd/lxd/auth/entity
  • go: Update minimum version to 1.22.3
  • gomod: Update dependencies and switch to go 1.22.3
  • test/mini-oidc: Merges into main Go module
  • test/mini-oidc: Standardise on github.com/go-jose/go-jose/v4
  • gomod: Update depedencies after test/mini-oidic is merged into main module
  • lxd/auth/generate: Update entity generator to use new location and name changes
  • test/godeps: Removes openfga from expected deps for lxd-agent
  • github: Updated expected size of lxd-agent
  • github: Fix permissions for static analysis check
  • test/mini-oidc: Comment should end in a period (godot)
  • test/mini-oidc/storage/storage: renewRefreshToken confusing-results: unnamed results of the same type may be confusing, consider using named results (revive)
  • lxd/storage/volumes/snapshot: Fix duplicate import
  • lxd/events: Fix go linter error
  • test/mini-oidc/storage: Ignore exported func NewMultiStorage returns unexported type *storage.multiStorage, which can be annoying to use linter warning
  • test/mini-oidc/storage: Return standard error rather than pointer to oidc.Error
  • lxd/api/internal/recover: Ignore defer: prefer not to defer inside loops (revive) as this is intended
  • lxd/api/internal/recover: Fix early return from linter suggestion
  • lxd/storage/volumes: Remove empty new line
  • doc: add notes to files from the starter pack that should not be edited
  • test/mini-oidc/storage/storage: linter fixes
  • lxd/api/internal/recover: Fix early-return from linter
  • test/mini-oidc/storage: Fix import spacing
  • lxd/apparmor/lxc: remove dup mount options rules
  • lxd/apparmor/lxc: reorganize mount options rules for priv containers
  • gomod: temporarily replace gopkg.in/square/go-jose.v2 by gopkg.in/go-jose/go-jose.v2
  • test/godeps: Update go-jose.v2 dependency for client
  • test/godeps: Update go-jose.v2 dependency for lxc-config
  • test/godeps: Update go-jose.v2 dependency for lxd-agent
  • gomod: update
  • doc/howto/instances_create: give manual instructions to install the lxd-agent
  • doc/cloud-init: remove section on how to enable the lxd-agent
  • Revert ā€œgithub: run code-tests with 1.21 to avoid swagger crashā€
  • test/suite/database: use a space between parenthesys and opening braket
  • test/main: export LXD_SKIP_TESTS
  • test/main: export LXD_REQUIRED_TESTS
  • github: use global vars to avoid dupā€™ing them between jobs
  • test/lint: add test to ensure all test cases are used
  • test: enable test_clustering_upgrade
  • test: enable test_clustering_upgrade_large
  • test/suites/backup: rename internal sub-functions
  • test/suites/fuidshift: rename internal sub-functions
  • test/suites/container_devices_disk: rename internal sub-functions
  • test/suites/container_devices_unix: rename internal sub-function
  • test/suites/image_profiles: rename internal sub-function
  • test/suites/config: rename internal sub-functions
  • test: enable test_image_import_existing_alias
  • test: enable test_init_dump
  • test: enable test_projects_copy
  • test: enable test_remote_url_with_token
  • test/suites/image: fix export/import from alias to cope with .tar.xz extension
  • test/suites/serverconfig: rename internal sub-function
  • test/suites/remote: delete project at the end of test_remote_url_with_token()
  • test/suites/init_dump: remove network ā€œmanaged: trueā€ from expected config dump
  • test/suites/init_dump: add network ā€œproject: defaultā€ to expected config dump
  • test/suites/init_dump: add storage_volumes list to expected config dump
  • test/suites/init_dump: add projects section to expected config dump
  • test/suites/init_dump: mangled the dumped trust_password value
  • test/suites/remote: update expected behavior when accessing restricted projects
  • github: skip clustering upgrade tests (broken)
  • fix(deps): update module github.com/gorilla/websocket to v1.5.2
  • fix(deps): update module github.com/minio/minio-go/v7 to v7.0.71
  • fix(deps): update module github.com/checkpoint-restore/go-criu/v6 to v7
  • fix(deps): update module github.com/juju/gomaasapi to v2
  • lxc: Parse location header into URL.
  • lxd/device: Minor comment correction
  • lxd/device: Name parameters of the same type in DiskParseRBDFormat
  • test: Minor fix in tpm tests
  • lxd: Move addFileDescriptor to lxd/util
  • lxd/instance/drivers: Create ShortenedFilePath to handle long socket paths
  • lxd/device: Use shorter socket path when calling swtpm socket
  • lxd/instance: Pass shorter virtiofsd socket paths to qemu
  • lxd/instance/drivers: Pass shorter swtpm socket path to qemu
  • lxd/instance/drivers: Use shorter socket path in deviceAttachPath
  • doc/howto/images_remote: add token to the list of accepted params for ā€œremote addā€
  • lxd/archive: Properly anchor exclude rules
  • lxd/archive: add comment to exported function
  • api: Add explicit_trust_token extension
  • shared/api: Add TrustToken support in CertificatesPost and ClusterPut
  • lxc: Add support for setting trust token explicitly
  • client: Allow joining a cluster with token
  • lxd: Add support for setting trust token explicitly
  • doc/rest-api: Refresh swagger YAML
  • i18n: Update translation templates
  • tests: Add spawn_lxd_and_join_cluster_with_token func
  • tests: Explicitly join a node by token during clustering
  • tests: Add trust by explicitly using a token
  • github: Fix permissions for static analysis check
  • client: Remove clear-text logging of sensitive information
  • lxd/device/tpm: Fix regression in start VMs with TPM devices
  • lxd/device/device/utils/disk: Close derived unix listener socket when reverting in DiskVMVirtiofsdStart
  • lxd/device/disk: Fix socket leak from DiskVMVirtiofsdStart when VM fails to start in startVM
  • lxd/device/disk: Fix socket leak from DiskVMVirtfsProxyStart when VM fails to start in startVM
  • lxd: Move util.ShortenedFilePath and util.AddFileDescriptor back to qemu driver
  • lxd/auth: Move Authorizer implementations into drivers package.
  • lxd/auth/generate: Update entitlement definition generator for new package structure.
  • lxd: Update auth package imports.
  • test/godeps: Update auth package import in lxd-agent.
  • lxd/auth: Remove ā€˜driver_ā€™ prefix from driver file names.
  • github: Remove permission change.
  • github: temporarily ignore microceph enable rgw failing
  • README: avoid permanent HTTP redirections with direct links
  • doc/debugging: avoid permanent HTTP redirection with direct link
  • doc/howto/instances_troubleshoot: avoid permanent HTTP redirection with direct link
  • doc/index: avoid permanent HTTP redirections with direct links
  • doc/howto/move_instances: avoid permanent HTTP redirection with direct link
  • doc/howto/network_bridge_firewalld: avoid permanent HTTP redirection with direct link
  • doc/authentication: avoid permanent HTTP redirection with direct link
  • doc/tutorial/first_steps: avoid HTTP redirection with direct link
  • doc/reference/storage_powerflex: avoid HTTP redirections with direct links
  • client: Fix bad comment
  • shared/api: Remove core.trust_password from examples
  • shared/api: Mark ClusterPassword and Password as deprecated
  • scripts/bash: Remove core.trust_password
  • lxd-migrate: Enforce explicit trust token usage
  • lxc: Enforce explicit trust token usage when adding remotes
  • client: Remove support for ClusterPassword when joining a cluster
  • lxd: Remove password support
  • lxd/cluster/config: Remove core.trust_password
  • lxd/cluster: Remove ClusterPassword from SetupTrust
  • lxd/main_init: Remove trust password support
  • lxd/util: Remove PasswordCheck
  • lxd/cluster/config: Remove passwordSetter
  • metadata: Remove core.trust_password
  • doc/rest-api: Refresh swagger YAML
  • i18n: Update translation templates
  • doc: Remove trust password
  • lxd/db: Remove core.trust_password
  • lxd/patches: Add patchPreLoadClusterConfig patch stage
  • lxd: Run the patchPreLoadClusterConfig patch stage on init
  • lxd: Add patchRemoveCoreTrustPassword
  • test/godeps/lxd-agent: Update list
  • tests: Remove trust password
  • shared/util: Add basic PathIsWritable
  • shared/util: Add comments to exported functions
  • lxc/config: Bump zitadel/oidc to v3
  • client: Bump zitadel/oidc to v3
  • client: Add default 10s timeout to IdP requests.
  • lxd/auth/oidc: Bump zitadel/oidc to v3
  • gomod: Runs make update-gomod
  • test/godeps: Update dependency lists for linter.
  • client/connection: Check for presence of snapped LXD unix socket
  • lxd-migrate: Rename user agent to LXD-MIGRATE
  • lxd-migrate: Support using the local server
  • github: Bump max binary size for lxc.
  • gomod: Remove now unneeded replace directive
  • github: Update bin size checks to derive min from the max provided
  • lxd/instance/instancetype: Fix limits.memery unit
  • docs: Update metadata
  • shared/cert: Set Not Before in self-signed cert to now-1minute
  • shared/cert: Add comments to exported functions
  • lxd/instance/drivers/driver/common: Update devicesUpdate to return slice of devlxd events
  • lxd/instance/drivers/driver/lxc: Use devlxd events returned from d.devicesUpdate in Update
  • lxd/instance/drivers/driver/qemu: Use devlxd events returned from d.devicesUpdate in Update
  • lxd/instance/drivers/driver/qemu: Update deviceAttachPath to return mount tag for mounting inside guest
  • lxd/instance/drivers/driver/common: Capture mount tag returned from deviceStart in devicesUpdate and pass to devlxd event
  • lxd-agent/events: Detect mount tag in source field of options for disk devices
  • lxd-agent/events: Linter fix
  • lxd/instance/drivers/driver/qemu: Use consistent host drive share device name when booting and hotplugging
  • lxd/instance/drivers: Extract hashing from generateQemuDeviceName to hashIfLonger
  • lxd/instance/drivers: Indicate max device ID length with qemuDeviceIDMaxLength
  • lxd/instance/drivers/driver/qemu/templates: Fix qemuHostDriveDeviceID to support long device names
  • lxd/instance/drivers/driver/qemu: Align fsdev and chardev names for host drive to that used when hotplugging
  • lxd/device/disk: Escape device name when using it as part of a path for drive share daemons
  • lxd/instance/drivers/driver/qemu: Update path of virtiofsd in deviceAttachPath
  • lxd/instance/drivers/driver/qemu: Updates generateQemuDeviceName to also do escaping
  • lxd/instance/drivers/driver/qemu: Update usage of d.generateQemuDeviceName
  • lxd/instance/drivers/driver/qemu/config/test: Update host drive tests to reflect new consistent fsdev and chardev naming
  • fix(deps): update golang.org/x/exp digest to 7f521ea
  • fix(deps): update module github.com/miekg/dns to v1.1.61
  • lxd/storage/drivers/ceph: Call genericVFSCreateVolumeFromMigration only once
  • lxd/storage/backend/lxd: Use validated image fingerprint from DB record in EnsureImage
  • build(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1
  • build(deps): bump github.com/zitadel/oidc/v3 from 3.25.0 to 3.25.1
  • lxd/instance/drivers/load: Remove unnecessary check for device name length
  • client/lxd_images: Remove check of an impossible error
  • lxd/db/images: Populate source image type when fetching an image
  • client/lxd_images: Handle potential panic when extracting values from operation metadata
  • fix(deps): update module github.com/gorilla/websocket to v1.5.3
  • test/godeps: Remove 2 golang.org/x/net deps from the client
  • test/godeps: Remove 2 golang.org/x/net deps from lxc-config
  • test/godeps: Remove 2 golang.org/x/net deps from lxd-agent
  • lxd/storage/drivers/ceph: Allow receiver to read VM filesystem vol via rsync
  • lxd/storage/drivers/ceph: Clarify migration comments
  • lxd/storage/drivers/dir: Quote paths in errors
  • lxd/storage/drivers/dir: Allow lost+found subdir if source is root of the filesystem
  • lxd/storage: Set correct volumeā€™s volatile.uuid on refresh
  • lxd/storage/drivers/powerflex: Revert unmap before resize
  • lxd/storage/drivers: Use context for tryExists
  • lxd/storage/drivers/btrfs: Use 10s timeout context for tryExists
  • lxd/stroage/drivers/btrfs: Fix typo in comment
  • lxd/storage/drivers: Add waitGone utility func
  • lxd/storage/drivers/powerflex: Wait for volume to disappear after unmount
  • lxd/storage/drivers/powerflex: Remove unnecessary NVMe/TCP disconnect
  • lxd/storage/drivers/powerflex: Lock the entire volume map process
  • test: Add dir storage pool test for empty mounted filesystem
  • doc: readthedocs now supports Go 1.22
  • doc: use Python 3.12 on readthedocs
  • Makefile: bump Go min to 1.22.4 (needed by OpenFGA)
  • github: bump Go min version to 1.22.4
  • gomod: Runs make update-gomod
  • lxd/apparmor/network_forkdns: forkdns binds port 1053 (no need for CAP_NET_BIND_SERVICE)
  • lxd/apparmor/network_forkdns: forkdns talks to dnsmasq which also listens on TCP/53
  • test/suites/clustering: improve grep patterns to be safer
  • test/suites/clustering: make better use of alternations in grep pattern
  • Revert ā€œtest/lint: Disable licence check.ā€
  • github: pull GOMIN from Makefile
  • github: always check compat with GOMIN
  • github: make sure doc requirement for Go version stays in sync
  • doc/requirements: bump min Go version to 1.22.4
  • doc/projects: Add API instructions
  • lxc: Always allow specifying a password when adding remotes
  • lxd/storage/drivers/powerflex: Donā€™t use nvme CLI to retrieve subsystems
  • Makefile: the toolchain directive should be better supported now
  • fix(deps): update module github.com/go-chi/chi/v5 to v5.0.14
  • build(deps): bump github.com/minio/minio-go/v7 from 7.0.71 to 7.0.72
  • lxd/storage/drivers/zfs: Wait for device to appear when activating a volume
  • lxd/apparmor/instance_lxc: allow devpts for unprivileged containers
  • lxd/storage/drivers/zfs: Check for non /dev/zvol/* paths
  • doc: add LTS to Ubuntu versions
  • doc/installing: remove related link to snap package guide
  • doc: move doc-incremental target
  • doc/linkchecker: remove exceptions for MAAS documentation
  • lxd/instance/device: Correct qemuDeviceIDMaxLength
  • lxd/apparmor/instance_qemu: relax proc rules a bit to workaround bug in AppArmor
  • lxd/auth: Standardise error field to err
  • lxd/identities: Standardise error field to err
  • lxd: Standardise error field to err
  • lxd-agent/events: Retry virtiofs hotplug mount
  • lxd-agent: Enable syslog logging
  • lxd-agent: Match the use of contextual logging for start up mounts
  • lxd-agent: Standardise error field to err
  • lxd-agent: Ignore linter complaints about deep exit
  • lxd/instance/drivers: Switch qemuHostDriveDeviceID for qemuDeviceNameOrID
  • lxd/instance/drivers: Use qemuDeviceNameOrID for node names and mount tags
  • lxd/instance/drivers: Use qemuDeviceNameOrID for TPM config section IDs
  • lxd/device: Allow / in VM TPM device name
  • lxd/device: Allow / in container TPM device name
  • lxd-agent: Log start time mount args on error
  • lxd/auth: Add constants for internal authentication methods.
  • lxd/auth/drivers: Use authentication method constants.
  • lxd: Use authentication method constants.
  • lxd/util: Split CheckTrustState into two functions.
  • lxd/cluster: Update calls to CheckTrustState.
  • lxd: Update calls to CheckTrustState.
  • lxd-agent: Update calls to CheckTrustState.
  • lxd: Refactor (*Daemon).Authenticate method.
  • lxd: Update comment on server certificate mTLS checks.
  • lxd/util: Update info log to indicate CA restriction applies to clients.
  • lxd/util: Add comment to exported method (revive: exported).
  • lxd: Disallow certificate creation in CA mode if cert is not signed by CA.
  • lxd/auth/drivers: Delegate to the TLS authorizer when protocol is PKI.
  • lxd/auth/drivers: Set logger in TLS driver.
  • shared: Set GetClientCertificate in TLS config.
  • shared: Add comments to exported functions (revive: exported).
  • test/suites: Improve test coverage for PKI mode.
  • doc: Update PKI documentation.
  • fix(deps): update module github.com/go-chi/chi/v5 to v5.1.0
  • fix(deps): update module github.com/checkpoint-restore/go-criu/v6 to v7
  • fix(deps): update module github.com/juju/gomaasapi to v2
  • lxd/storage/drivers/powerflex: Make getMappedDevPath mode independent
  • lxd/storage/drivers/powerflex: Let createNVMeHost return a reverter
  • lxd/storage/drivers/powerflex: Let connectNVMeSubsys return a reverter
  • lxd/storage/drivers/powerflex: Make mapNVMeVolume mode independent
  • lxd/storage/drivers/powerflex: Make unmapNVMeVolume mode independent
  • lxd/storage/drivers/powerflex: Add operation mode constants
  • gomod: Add Dell goscaleio library
  • lxd/storage/drivers/powerflex: Add SDC mode
  • lxd/storage/drivers/powerflex: Remove powerflex.host lock
  • lxd/storage/drivers/powerflex: Fix subsystem discovery
  • metadata: Add PowerFlex SDC mode
  • doc: Add PowerFlex SDC mode
  • doc/projects: add UI instructions for projects
  • lxd/instance/drivers/driver/lxc: Re-generate lxc.conf during Exec
  • lxd/instance/drivers/driver/lxc: Improve error message for loading go-lxc
  • server/seccomp: Add loongarch64
  • shared/cgo: Add loongarch64
  • Add loongarch64 support
  • doc: Add LoongArch to word list
  • lxc: Add validation for non-empty remote address
  • i18n: Update translation templates
  • lxd/device: Allow zfs storage pools in degraded state
  • doc/bgp: Clarify how to configure BGP for OVN (uplink) networks
  • lxd/instance/drivers/driver/lxc: Fix containers not always starting up after host reboot
  • lxd/instance/instance/utils: Fix LoadFromBackup to work without DB
  • lxd: instance.LoadFromBackup usage
  • lxd/auth: Add utils for inspecting the request context.
  • lxd/auth/drivers: Refactor drivers to use auth utils.
  • lxd: Add access handler for project resource listing.
  • lxd: Use allowProjectResourceList access handler.
  • lxd/auth: Remove http.Request parameter from authorizer interface.
  • lxd/auth/drivers: Update auth drivers to remove request parameter.
  • lxd/project: Update authorizer calls.
  • lxd: Update calls to authorizer.
  • test/suites: Validate listing resources in disallowed project returns an error.
  • test/suites: Improve PKI test coverage.
  • Revert ā€œtest/suites/remote: update expected behavior when accessing restricted projectsā€
  • lxd/auth: Add GetIdentityFromCtx util.
  • lxd/auth: Handle unrestricted clients when checking caller privilege.
  • lxd/auth/drivers: Update TLS driver to use new utils.
  • lxd/auth/drivers: Update OpenFGA driver to use new utils.
  • lxd/auth/drivers: Ignore the identitiesā€™ project list in OpenFGA driver.
  • lxd: Update allowProjectResourceList to use new auth utils.
  • lxd/identity: Move ValidateAuthenticationMethod to identity package.
  • lxd/identity: Validate authentication method when getting cache entries.
  • fix(deps): update golang.org/x/exp digest to 46b0784
  • fix(deps): update module github.com/minio/minio-go/v7 to v7.0.73

Downloads

The release tarballs can be found on our download page.

Binary builds are also available for:

  • Linux: snap install lxd
  • MacOS: brew install lxc
  • Windows: choco install lxc
10 Likes
3

LXD 6.1 is now available in the latest/candidate snap channel and will be rolled out to the latest/stable channel soon.

4

LXD 6.1 is now rolling out to the latest/stable snap channel.

2 Likes
5

Wawaweewa!! Very nice! I like!

Eventhough Iā€™m happily staying with 5.0.3 for production workload (itā€™s so stable and nice) and 5.21.1 is now in testing. Look forward to trying 6.1 at some point.

2 Likes
6

Is there any way that I could bypass this or disable the firewall rules? I have been making use of DNS to ssh into containers from outside of the bridge network/localhost. Thank you.

1 Like
7

Hi there,

What is your use case, do you set your external machineā€™s DNS resolve settings to the LXD bridgeā€™s DNS resolver service IP?

8

hi,
lxd does not work, there is an error in the logs:

Error: Failed loading pool "default": Required tool 'zpool' is missing

os:
Debian 11

uname -r
5.10.0-19-amd64

snap list

Name    Version             Rev    Tracking       Publisher   Notes
core    16-2.61.4-20240607  17200  latest/stable  canonicalāœ“  core
core20  20240416            2318   latest/stable  canonicalāœ“  base
core22  20240419            1439   latest/stable  canonicalāœ“  base
lxd     6.1-4cd98ce         29727  latest/stable  canonicalāœ“  -

modinfo zfs
version: 2.0.3-9

how to solve the problem?
help, please!

9

Hello @john047,

Indeed, the latest/stable branch does not support ZFS 2.0 anymore. I think you can revert to the previous working snap and make sure you stick with the LTS branch which is 5.21/stable if you cannot move to a more recent kernel/ZFS module.

10

Hello @sdeziel1,

Thanks for your answer.
The system cannot be updated because it is a production env with a non-working lxd.
How to revert to the previous working snap in my situation? I have no experience with such a problem and I donā€™t want to break the prod.

11

@john047 you start tracking the 5.21/stable track with:

sudo snap refresh lxd --channel 5.21/stable

Please let us know if that doesnā€™t work and please include the output of snap list --all.

1 Like
12

Is lxd6.1 a long-term support version? Is there a plan to support it until when?

13

As above, lxd on Debian 11 still isnā€™t workingā€¦

$ snap list --all
Name    Version             Rev    Tracking       Publisher   Notes
core    16-2.61.2           16928  latest/stable  canonicalāœ“  core,disabled
core    16-2.61.4-20240607  17200  latest/stable  canonicalāœ“  core
core18  20240416            2823   latest/stable  canonicalāœ“  base,disabled
core18  20240612            2829   latest/stable  canonicalāœ“  base
core20  20240227            2264   latest/stable  canonicalāœ“  base,disabled
core20  20240416            2318   latest/stable  canonicalāœ“  base
core22  20240419            1439   latest/stable  canonicalāœ“  base,disabled
core22  20240731            1564   latest/stable  canonicalāœ“  base
lxd     6.1-efad198         29943  5.21/stable    canonicalāœ“  disabled
lxd     5.21.2-22f93f4      29948  5.21/stable    canonicalāœ“  -

The log file sudo grep level=error /var/snap/lxd/common/lxd/logs/lxd.log shows this error

level=error msg="Failed to start the daemon" err="Failed applying patch \"storage_move_custom_iso_block_volumes_v2\": Failed loading pool \"default\": Error loading \"zfs\" module: Failed to run: modprobe -b zfs: exit status 1 (modprobe: FATAL: Module zfs not found in directory /lib/modules/5.10.0-32-amd64)"

On the kernel side

uname -r returns 5.10.0-32-amd64 on Debian 11 and

cat /etc/debian_version returns 11.10

ZFS version is zfs-2.0.3-9+deb11u1

14

No, 5.21 is the lastest LTS. Fortunately, you still downgrade from 6.1 to 5.21: sudo snap refresh lxd --channel 5.21/stable.

15

Ok, Iā€™ve downgraded to 5.21, letā€™s see if rebuilding the zfs modules does the trickā€¦

But does 5.21 support ZFS 2.0 though? I think thatā€™s the problemā€¦

16

@bruce7890 indeed, LXD 6.1 requires ZFS 2.1 or 2.2. If you want to stick with LXD 6.1, please check if you can get a newer ZFS module by using a newer kernel or switching to a fresh DKMS build.

I see you just downgraded to 5.21 which supports ZFS 0.8, 2.1 and 2.2, not 2.0. Do you have other kernel versions available from Debian archives? I must admit Iā€™m not too familiar with whatā€™s available there.

17

Ok, downgrading to 5.21 and then installing zfs 2.1 via Debian 11 backports is the solution hereā€¦ Some pointers below in case anyone else runs into thisā€¦

https://linuxcapable.com/how-to-install-backports-experimental-repository-on-debian/

sudo apt install "zfsutils-linux" -t bullseye-backports

I probably could have just installed the backported zfs 2.1 and carried on with version 6.1 of lxd, but at least everything is working nowā€¦

btw, who had the wonderful idea to stop supporting zfs 2.0 when moving to 5.21/6.1? Seems like an odd decision to me!

1 Like
18

Thanks for providing those for others!

5.21 is an LTS while 6.1 is a feature release (short support lifetime), see https://documentation.ubuntu.com/lxd/en/latest/explanation/security/#supported-versions

We wanted to reduce the amount of tooling we shipped in our snap and the fact that ZFS 2.1 is an LTS version upstream played a role in that since we commit to supporting LXD 5.21 for 5 years. In fact we initially had dropped support for ZFS 0.8 too but had to backtrack because many users wanted newer than LXD 5.0 and needed that old ZFS version.

Debian 11 reaching EOL earlier this month (and moving to LTS status) also played a role in that decision. Users remaining on that older OS still have the option to stick with LXD 5.0.

19

Iā€™m the one that pushed for that removal so blame taken.

Itā€™s worth noting that due to various reasons, we had not realized that many were simply doing snap install lxd and thus landing on the monthly release train rather than the LTS channel (5.0/stable at the time). Thatā€™s also something we changed by making 5.21/stable the new default channel if none is specified. Hopefully that will reduce the likelihood of bad surprises like the one you got.

1 Like
20

Please see https://documentation.ubuntu.com/lxd/en/latest/installing/#choose-your-release for info on the LTS and non-LTS snap channels.

1 Like