LXD 6.2 has been released

tomp · November 20, 2024, 11:00am

Introduction

The LXD team would like to announce the release of LXD 6.2!

This is the second feature release in the 6.x series.

It includes many new features and improvements.

Thank you to everyone who contributed to this release!

New features and highlights

New snap track for the 6.x series

With the recent annoucement that the MicroCloud snap’s latest/stable channel is due to be closed in preference to series specific tracks (e.g. 2/stable for the current LTS and the yet-to-be-released 3/stable for the next series) the LXD snap is aligning by also using series specific tracks.

As such the 6.x series will now be published into both latest/stable and 6/stable.

The per-feature release tracks (e.g 6.x/stable) will no longer be created.
However snap updates can still be controlled.

The 6/stable channel will continue to follow the LXD 6.x series as it progresses from a feature release series into an LTS release in 2026.

There are no plans currently for LXD’s latest/stable channel to be closed, however we would encourage you to install from a series specific track so that your systems are not on a forever rolling release, and instead remain with particular series until manually switched.

snap refresh lxd --channel=6/stable

A reminder that the current LTS series for LXD is available from the 5.21/stable snap channel.

Nvidia GPU Container Device Interface (CDI) enabling iGPU passthrough

We have added support for using the Container Device Interface (CDI) specification to configure GPU pass-through in LXD containers.

This also enables the possibility of using GPU passthrough for devices that don’t use PCI addressing (like NVIDIA Tegra iGPUs) and provides a more flexible way to identify and configure GPU devices.

CDI is an open specification for container runtimes that abstracts what access to a device, such as an NVIDIA GPU, means, and standardizes access across container runtimes.

The LXD gpu device’s id field now accepts CDI identifiers for containers, in addition to DRM card IDs.

E.g. to add a GPU to a container using the CDI identifier nvidia.com/gpu=0 use:

lxc config device add c1 mygpu gpu id=nvidia.com/gpu=0

This will also pass through supported nvidia runtime tooling into the container, as such the nvidia.* settings are mutually exclusive with CDI mode GPU devices.

Documentation: CDI Mode

API extension: gpu_cdi

Improved VM conversion from external disk images

The lxd-migrate tool and the LXD API now supports the ability convert external disk images from different formats (e.g. VMDK or QCow2) into the required RAW image format and import them as VM instances. This conversion is done on the server-side to allow the possibility of uploading external images from a web browser via the LXD UI.

This new functionality also supports injecting virtio drivers into the VM to make them compatible with LXD. To make use of this functionality additional third party tools need to be installed on the LXD server(s).

The lxd-migrate tool has also been improved to support non-interactive mode, which eases bulk conversion jobs.

Additionally the lxd-migrate tool can now connect to LXD using the local UNIX socket, avoiding the need to setup an authentication method when performing local conversions.

Documentation: How to import physical or virtual machines to LXD instances

Specification: Improve VM import from external sources

API extension: instance_import_conversion

Fine-grained access management for TLS authenticated clients

Following on from the fine-grained authorization controls for OIDC authenticated clients added in LXD 5.21.0 LTS this release adds support for using those same fine-grained authorization controls for TLS authenticated clients.

Example:

On LXD host via the UNIX socket:

# Enable remote API (for TLS and OIDC clients)
lxc config set core.https_address=:8443 

# As an example, create an admin group with the server admin permission
lxc auth group create admins
lxc auth group permission add admins server admin

# Create fine-grained TLS identity and add to the admin group
lxc auth identity create tls/<name> --group admins
<single use join token displayed>

# Use join token to setup trust between client and server
lxc remote add <server name> <join token>

Documentation:

Fine-grained authorization
Fine-grained TLS example in Authenticate with the LXD server
Fine-grained TLS example in Confine users to specific projects on the HTTPS API

Specification: TLS Fine-grained authorization

API extension: access_management_tls

API metrics for cluster health monitoring

Two new sets of metrics have been added to the LXD metrics API endpoint:

Total completed requests (lxd_api_requests_completed_total).
Number of ongoing requests (lxd_api_requests_ongoing).

These metrics are grouped by entity type and broad error type to help identity the cause or area of the potential problem.

These metrics can be consumed by an observability tool deployed externally (for example, the Canonical Observability Stack or another third-party tool) to help identify failures or overload on LXD servers. You can set thresholds on the observability tools for these metrics’ values to trigger alarms and take programmatic actions.

E.g.

lxc query /1.0/metrics
# HELP lxd_api_requests_completed_total The total number of completed API requests.
# TYPE lxd_api_requests_completed_total counter
lxd_api_requests_completed_total{entity_type="server",result="error_client"} 0
lxd_api_requests_completed_total{entity_type="server",result="succeeded"} 9
lxd_api_requests_completed_total{entity_type="server",result="error_server"} 0
lxd_api_requests_completed_total{entity_type="instance",result="succeeded"} 2
lxd_api_requests_completed_total{entity_type="instance",result="error_server"} 0
lxd_api_requests_completed_total{entity_type="instance",result="error_client"} 0

# HELP lxd_api_requests_ongoing The number of API requests currently being handled.
# TYPE lxd_api_requests_ongoing gauge
lxd_api_requests_ongoing{entity_type="server"} 1
lxd_api_requests_ongoing{entity_type="instance"} 0

Documentation: API rates metrics

Specification: API metrics for disaster recovery

API extension: metrics_api_requests

CLI completion improvements

The lxc command’s shell completions have been reworked to allow for easier extensibility and maintainability. Rather than sourcing shell completions from the old monolithic bash script, we now define completions programatically in lxc/completion.go. Shell completions are provided with out of box support for the LXD Snap for users using bash. For users of zsh or fish, completions can be generated using the lxc completion command. Below is a list of general improvements and additions to LXD CLI shell completions:

Dynamic completions (completions based on context, such as remote).
Improvements to completions for lxc config and lxc profile- configuration keys are now completed for containers or VMs depending on context.
Additional completions for lxc config {get,set} - server configuration options are now dynamically completed.
Improvements to lxc config device completions - all possible devices and device options are now completed.
Improvements to lxc start|stop|pause, lxc delete, and lxc exec completions - instances are completed contextually based on state. For example, lxc start will only complete instances that are in a stopped or frozen state.
Completions for lxc init and lxc launch now provide completions for images provided by the images and ubuntu remotes.
General improvements and bug fixes to lxc console, lxc file and lxc storage volume completions.
Improvements to completion function documentation in lxc/completion.go.

Documentation: lxc completion

Prevent custom storage block volumes from being used concurrently by default (from Incus)

As a safety feature to prevent accidental data corruption LXD now prevents the concurrent use of custom block volumes when attached to multiple instances.

This check can be overridden if required (and the risks for data corruption are understood/mitigated by the user) by enabling a new key security.shared on custom block volumes.

If unset or false, the custom block volume cannot be attached to multiple instances.
If true it allows it to be attached to multiple instances.

API extension: shared_custom_block_volumes

Instance start protection setting

Added a new instance setting security.protection.start which prevents instances from being started if set to true.

Example:

lxc init ubuntu:24.04 c1 --config security.protection.start=true
lxc start c1 
Error: Instance is protected from being started

API extension: instance_protection_start

Instance start after create API option (from Incus)

A new start field has been added to the POST /1.0/instances API which when set to true will have the instance automatically started once the instance has been created.

This avoids the need for API clients to send an additional request to start a newly created instance.

API extension: instance_create_start

VM support for the `security.devlxd.images` setting

The instance security.devlxd.images setting is now available for VMs.
This setting controls the availability of a /1.0/images/FINGERPRINT/export API over devlxd.
This can be used by a VM running LXD inside the guest to access raw images from the host, which avoids the need for the guest LXD to download the images again if they are already on the host.

API extension: devlxd_images_vm

VM disk virtio-blk support (from Incus)

LXD VM disk devices now support a new virtio-blk value for the io.bus setting allows for the attached disk to be connected to the virtio-blk bus, instead of the default virtio-scsi bus. This can help with guest support. See this comparison for more info.

Example:

Create a VM with the root disk using virtio-blk mode:

lxc launch ubuntu:24.04 v1 --vm --device root,io.bus=virtio-blk
lxc exec v1 -- lsblk
lsblk
NAME    MAJ:MIN RM  SIZE RO TYPE MOUNTPOINTS
vda     253:0    0   10G  0 disk 
├─vda1  253:1    0    9G  0 part /
├─vda14 253:14   0    4M  0 part 
├─vda15 253:15   0  106M  0 part /boot/efi
└─vda16 259:0    0  913M  0 part /boot

API extension: disk_io_bus_virtio_blk

Per-project storage pool disk limits (from Incus)

Introduces per-pool project disk limits, introducing a limits.disk.pool.{POOL_NAME} configuration option to the project limits.

When limits.disk.pool.{POOL_NAME}: 0 for a project, the pool is excluded from lxc storage list in that project.

Example:

lxc storage create zfs zfs
lxc project create foo
lxc project set foo limits.disk.pool.zfs=1GiB

lxc init ubuntu:24.04 c1 \
    --storage zfs --project foo
Creating c1
Error: Failed instance creation: Failed checking if instance creation allowed: Failed getting usage of project entities: Instance "c1" in project "foo" has no "size" config set on the root device either directly or via a profile

lxc init ubuntu:24.04 c1 \
    --storage zfs --project foo  --device root,size=1GiB
Creating c1

lxc init ubuntu:24.04 c2 \
    --storage zfs --project foo --device root,size=1GiB
Creating c2
Error: Failed instance creation: Failed checking if instance creation allowed: Reached maximum aggregate value "1GiB" for "limits.disk.pool.zfs" in project "foo"

lxc storage list --project foo
+---------+--------+------------------------------------+-------------+---------+---------+
|  NAME   | DRIVER |               SOURCE               | DESCRIPTION | USED BY |  STATE  |
+---------+--------+------------------------------------+-------------+---------+---------+
| default | dir    | /var/lib/lxd/storage-pools/default |             | 3       | CREATED |
+---------+--------+------------------------------------+-------------+---------+---------+
| zfs     | zfs    | /var/lib/lxd/disks/zfs.img         |             | 4       | CREATED |
+---------+--------+------------------------------------+-------------+---------+---------+

lxc storage list --project foo
+---------+--------+------------------------------------+-------------+---------+---------+
|  NAME   | DRIVER |               SOURCE               | DESCRIPTION | USED BY |  STATE  |
+---------+--------+------------------------------------+-------------+---------+---------+
| default | dir    | /var/lib/lxd/storage-pools/default |             | 3       | CREATED |
+---------+--------+------------------------------------+-------------+---------+---------+

lxc storage show zfs --project foo
Error: not found

API extension: projects_limits_disk_pool

New `lxc file create` sub-command (from Incus)

The new lxc file create command allows you to create empty files and directories inside your instances.

Example:

lxc launch ubuntu:24.04 c1
lxc exec c1 -- stat /root/foo
stat: cannot statx '/root/foo': No such file or directory
lxc file create c1/root/foo
lxc exec c1 -- stat /root/foo
  File: /root/foo
  Size: 0         	Blocks: 0          IO Block: 4096   regular empty file
Device: 252,1	Inode: 7116616     Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2024-11-28 08:52:08.704376158 +0000
Modify: 2024-11-28 08:52:08.704376158 +0000
Change: 2024-11-28 08:52:08.704376158 +0000
 Birth: 2024-11-28 08:52:08.704376158 +0000

Documentation: lxc file create

VM live migration with attached remote block storage volumes (from Incus)

It is now possible to live-migrate VMs that have exclusively attached block type storage volumes from remote storage pools.

VM USB NIC passthrough (from Incus)

USB NIC devices can now be passed into VMs.

Example:

lsusb
Bus 002 Device 003: ID 0b95:1790 ASIX Electronics Corp. AX88179 Gigabit Ethernet

ip link
17: enx00249b73f3ba: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 00:24:9b:73:f3:ba brd ff:ff:ff:ff:ff:ff

lxc launch ubuntu:24.04 v1 --vm
lxc exec v1 -- apt update
lxc exec v1 -- apt install linux-image-generic # Install drivers
lxc stop v1
lxc config device add v1 eth0 nic nictype=physical parent=enx00249b73f3ba
lxc start v1

lxc exec v1 -- lsusb
Bus 002 Device 002: ID 0b95:1790 ASIX Electronics Corp. AX88179 Gigabit Ethernet

lxc exec v1 -- ip link
2: enx00249b73f3ba: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 00:24:9b:73:f3:ba brd ff:ff:ff:ff:ff:ff

Documentation: Physical NIC device

Increased support for creation of entities from YAML piped to `lxc` CLI (from Incus)

The lxc CLI command now supports creating entities by piping YAML config to the appropriate create command for many more entity types.

Support for unprivileged binfmt_misc namespacing (from Incus)

From Linux 6.7 there is support for binfmt_misc name-spacing.

LXD now detects and supports this:

Older kernel systems = no change, systemd-binfmt in guest starts without error, but the actual mount is unusable.
Supported kernels = systemd-binfmt service doesn’t start in guest (due to an autofs dependency), but if binfmt_misc is mounted manually inside the guest it is usable now.

Network IP allocation and leases list improvements

OVN virtual router external IPs are now included in network IP allocation list with a type of uplink.

Additionally there is a new network field on each allocation, indicating which network each allocated address belongs.

Finally, the Used By column now includes the correct project parameter for the instance URLs.

Previously this was always the project of the network the instance was connected to, but as it is possible for instances in non-default projects to connect to networks in the default project, this has now been updated to show the instance’s project.

Example:

# Show IPv4 address for `ovn1` network on its uplink network
lxc network get ovn1 volatile.network.ipv4.address
10.76.175.11

# Create instance in non-default project connected to ovn1 network
lxc project create foo
lxc launch ubuntu:24.04 c1 \
    --network ovn1 --project foo --storage default

# Same IP is shown in allocations list as the `ovn1` network's uplink IP
# We see `10.76.175.11` belongs to the `lxdbr0` network (the uplink)
# We also see 10.138.126.2 belongs to `c1` in project `foo`
lxc network list-allocations
+-------------------------------+--------------------------------------------+---------+----------+------+-------------------+
|            USED BY            |                  ADDRESS                   | NETWORK |   TYPE   | NAT  | HARDWARE ADDRESS  |
+-------------------------------+--------------------------------------------+---------+----------+------+-------------------+
| /1.0/networks/lxdbr0          | 10.76.175.1/24                             | lxdbr0  | network  | true |                   |
+-------------------------------+--------------------------------------------+---------+----------+------+-------------------+
| /1.0/networks/lxdbr0          | fd42:8789:1984:9514::1/64                  | lxdbr0  | network  | true |                   |
+-------------------------------+--------------------------------------------+---------+----------+------+-------------------+
| /1.0/networks/ovn1            | 10.76.175.11/32                            | lxdbr0  | uplink   | true |                   |
+-------------------------------+--------------------------------------------+---------+----------+------+-------------------+
| /1.0/networks/ovn1            | fd42:8789:1984:9514:216:3eff:fe8a:562/128  | lxdbr0  | uplink   | true |                   |
+-------------------------------+--------------------------------------------+---------+----------+------+-------------------+
| /1.0/networks/ovn1            | 10.138.126.1/24                            | ovn1    | network  | true |                   |
+-------------------------------+--------------------------------------------+---------+----------+------+-------------------+
| /1.0/networks/ovn1            | fd42:15aa:553f:e9ef::1/64                  | ovn1    | network  | true |                   |
+-------------------------------+--------------------------------------------+---------+----------+------+-------------------+
| /1.0/instances/c1?project=foo | 10.138.126.2/32                            | ovn1    | instance | true | 00:16:3e:0b:9e:67 |
+-------------------------------+--------------------------------------------+---------+----------+------+-------------------+
| /1.0/instances/c1?project=foo | fd42:15aa:553f:e9ef:216:3eff:fe0b:9e67/128 | ovn1    | instance | true | 00:16:3e:0b:9e:67 |
+-------------------------------+--------------------------------------------+---------+----------+------+-------------------+

API extension: network_allocations_ovn_uplink

OVN physical uplink native Linux bridge VLAN support

Adds support for using a native Linux bridge network with a specified vlan ID as a physical network for use as an uplink for OVN networks.

Example:

lxc network create UPLINK --type=physical \
    parent=br0 \
    vlan=123 \
    ipv4.gateway=192.0.2.1/24 \
    ipv4.ovn.ranges=192.0.2.200-192.0.2.210

lxc network create ovn1 --type=ovn network=UPLINK

API extension: network_ovn_uplink_vlan

OVN persistent NIC ports

The ovn NIC device type in LXD represents a logical switch port in the OVN northbound database. LXD uses OVN’s IPAM feature to allocate dynamic IPv4 addresses to these logical switch ports.

Previously LXD’s ovn NIC implementation created a logical switch port when the instance was started (triggering IP allocation in OVN) and deleted the logical switch port when the instance was stopped (freeing the afore mentioned IP allocation).

This behaviour of allocating and deallocating IPs at instance start and stop was causing the potential of IPs being reallocated when an instance was stopped and then when it was started back up again being allocated a different IP than the one it had previously.

Unlike LXD’s bridge networks where leases are held (for the lease lifetime) when an instance is rebooted, no such hold time was available in OVN.

As such LXD’s ovn NIC devices now create a logical switch port at the time they are added to an instance (so the IP allocation happens at add time now) and the port is persistent until the NIC device is removed from the instance or the instance is deleted.

This has the behaviour of allocating an IP to a ovn NIC for the lifetime of that NIC device.

Logical CPU account available for instance placement scriptlets

Adds logical_cpus field to GET /1.0/cluster/members/{name}/state which contains the total available logical CPUs available when LXD started.

This information is now available to instance placement scriptlets.

API extension: state_logical_cpus

Formalizing the metadata API

The metadata API is now formalized with an API extension and struct entries in shared/api package.

Additionally entity type metadata has been added to the GET /1.0/metadata/configuration endpoint. The entity type metadata is a JSON object under the entities key.

API extension: metadata_configuration_entity_types

VM automatic core pinning load balancing disabled by default

In LXD 6.1 VM automatic core pinning load balancing was added and enabled by default for all VMs.

However it was confirmed that in some situations, primarily on systems with mixed Performance and Efficiency cores (P+E) the automatic pinning could result in reduced VM performance than previously because some of the VM’s cores were pinned to lower performing cores.

After responding to feedback from our community this feature is now disabled by default.

A new instance configuration option has been added called limits.cpu.pin_strategy that defaults to “none”, but can be set to “auto” to re-enable the automatic CPU pinning for that instance.

lxc config set v1 limits.cpu.pin_strategy=auto

Documentation: CPU Pinning

Updated minimum Go version to 1.23

The minimum version of Go required to build LXD is now 1.23.

LXD-UI advancements

A rich amount of new features for the LXD-UI is included in the snap release, included in 350 commits. See the 0.14 release for more details and the highlights below.

Extended instance creation in the UI

Added support to Import VMDK, qcow2 or other instance formats directly in the UI.

Enabled uploading of instance backup files previously exported from LXD.

New instance actions in the UI

Enabled new actions on the instance detail page:

Migrate an instance to a different storage pool or cluster member.
Create an image from an instance.
Duplicate an instance.
Export an instance as a local backup file.

Instance and profile configuration in the UI

Enabled additional device type configurations including disk, network, proxy, GPU and other devices.

Improved the edit experience. You can now directly edit the configuration, and the save button will display a counter indicating pending changes.

Storage volume action additions to the UI

Enabled new actions on the storage volume detail page:

Migrate a storage volume to a different storage pool.
Duplicate a storage volume.

Semiotics in the UI

Improved semiotics by using better suiting icons in the main navigation. Introduced a global chip styled pattern for entities that appear in notifications or inline. This helps to indicate the type of an entity that is referenced and links to it.

Permission improvements in the UI

Create permission groups and assign entitlements has been combined to a single workflow. This makes setting up fine-grained permissions seamless.

Enhanced permission selectors with search functionality and enriched data display for assigning entitlements to groups.

Snap upgrade improvements

An issue that was preventing stopping and restarting running containers when upgrading between LXD major release series has been fixed in this release.

This problem was caused by the difference in core snap versions in the different LXD release series, which was preventing LXD’s container stop hook notification from running when refreshing between snap channels while containers were still running.

This issue has been fixed now by utilising a static binary to trigger the stop hooks which is executable across snap core versions.

Example:

snap install lxd --channel=5.0/stable
lxd init --auto
lxc launch ubuntu:24.04 c1
snap refresh lxd --channel=6/stable # With container still running
lxc stop c1 # Previously this hung

Snap packaging dependency updates

lxd-ui: Bump to 0.14
apparmor: Bump to v4.0.3
criu: Bump to v4.0
dqlite: Bump to v1.18.0
lxc: Bump to v6.0.2
lxcfs: Bump to v6.0.2
libnvidia-container: Bump to v1.17.2
nvidia-container-toolkit: Bump to v1.17.2
uefivars: Bump to v1.2
zfs: Bump to zfs-2.2.6

Complete changelog

Here is a complete list of all changes in this release:

Full commit list

lxd/apparmor/feature_check: add infastructure to check AppArmor features
lxd/apparmor/instance_lxc: allow nosymfollow mount flag
build(deps): bump github.com/dell/goscaleio from 1.14.1 to 1.15.0
api: Add shared_custom_block_volumes API extension
lxd/device/config: Fix return values of Update function
lxd: Rename ErrInstanceListStop to ErrListStop
build(deps): bump github.com/osrg/gobgp/v3 from 3.27.0 to 3.28.0
lxd/device: Validate shared block devices
lxd/storage: Handle security.shared update
lxd/storage: Allow security.shared key for custom block volumes
lxd/storage/drivers: Handle security.shared in fillVolumeConfig
lxd/device/disk: Fix incorrect block volume usage
lxd/device: Update confusing error message
lxd/storage: Add comments for metadata generation
metadata: Add references to security.shared
test: Add test for adding block volumes to profile
doc: Update block volume usage
Update first_steps.md
test/main: don’t check for xgettext command
lxd/cluster/config: Update group claim short description.
doc,lxd/metadata: Run make update-metadata.
lxd/instance/exec: Only use keepalives on TCP sockets
gomod: Revert github.com/gorilla/websocket to v1.5.1
test/godeps: Updates client list
test/godeps: Updates lxc-config list
test/godeps: Updates lxd-agent list
lxd: Extract certificate add token metadata from remote member.
lxd: Return an error if the client uses a trust password.
build(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1
test/includes: Add util for ensuring a v4 uuid.
test/suites: Add test for adding a clustered remote.
test: Include cluster trust add test in clustering suite.
lxd/auth/generate: Add dry run functionality.
lxd-metadata: Add entitlements to output json.
test/suites/backup: replace some grep with shell comparisons
test/suites/basic: replace some grep with shell comparisons
test/suites/config: replace some grep with shell comparisons
test/suites/clustering: replace some grep with shell comparisons
test/suites/clustering: remove bogus || false comparisons supposed to succeed
test/suites/container_devices_nic_bridged: replace some grep with shell comparisons
test/suites/devlxd: replace some grep with shell comparisons
test/suites/devlxd: improve not authorized check for config key
test/suites/incremental_copy: replace some grep with shell comparisons
test/suites/migration: replace some grep with shell comparisons
test/suites/network_zone: replace some grep with shell comparisons
test/suites/snapshots: replace some grep with shell comparisons
test/suites/storage_buckets: replace some grep with shell comparisons
test/suites/storage_local_volume_handling: replace some grep with shell comparisons
test/includes/net: allow using a different CERTNAME with my_curl()
test/suites/basic: use my_curl helper where applicable
test/suites/basic: explicitly check for 403 HTTP code
test/suites/metrics: use my_curl helper where applicable
test/suites/remote: use my_curl helper where applicable
test/suites/tls_restrictions: use my_curl helper where applicable
test/includes/certificates: rework gen_cert_and_key() helper to accept a single arg
test/suites/metrics: use updated gen_cert_and_key() helper
test/suites/remote: use updated gen_cert_and_key() helper
test/suites/tls_restrictions: use updated gen_cert_and_key() helper
lxd/certificates: Improve expiry validation checks in clusterMemberJoinTokenValid
lxd/certificates: Improve validation in certificateTokenValid
test: Check certificate add token expiry support for non-local operation in test_clustering_trust_add
test: Reduce unnecessarily long sleep in test_remote_url_with_token
test/includes/lxd: optimize spawn_lxd()
test/includes/lxd: simplify kill_lxd()
test/includes/storage: optimize storage_backend()
test/includes/storage: add storage_backend_optimized_backup() helper
test/suites/backup: use storage_backend_optimized_backup() helper
test/suites/backup: cleanup exported tarballs
test/suites/backup: replace lxc rm by lxc delete
test/suites/backup: list content of untar’ed directory
doc/reference/storage_drivers: use emojies to ease reading
doc/reference/storage_drivers: add column for optimized backup support (Btrfs/ZFS only)
fix(deps): update k8s.io/utils digest to 18e509b
fix(deps): update module github.com/zitadel/oidc/v3 to v3.26.0
build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.2 to 4.0.3
shared/simplestreams/products: Try to extract version creation time beside the date
lxd: Use constant for devlxd remote address.
lxd: Clarify authentication/authorization for viewing/exporting images.
test/suites: Test public image behaviour for trusted, restricted clients.
lxd: Send image-retrieved lifecycle event when rootfs file is present.
lxd/apparmor/instance_qemu: support external qemu snap
lxd/instance/drivers/driver_qemu: support external qemu snap
lxd/apparmor: fix linter errors
Removes CODEOWNERS file
lxd: Define devlxd handler functions.
lxd: Define a type for a devlxd handler function.
lxd: Rename the f field of the devlxdHandler type.
lxd: Specify field names in devlxd handler definitions.
lxd: Fix lint errors (revive: unchecked-type-assertion).
lxd: Remove log formatting and use log context instead.
lxd: Rename pidNotInContainerErr (revive: error-naming).
lxd: Add comments to exported types/methods (revive: exported).
lxd-metadata: Add entities/entitlements to generated doc file.
lxd-metadata: Fix lint errors (revive: unchecked-type-assertion, var-naming).
doc: Rename config_options.txt → metadata.txt.
workflows: Rename config_options.txt → metadata.txt.
Makefile: Rename config_options.txt → metadata.txt.
test/lint: Rename config_options.txt → metadata.txt.
{doc,lxd/metadata}: Run make update-metadata.
lxd/instance/drivers/driver/common: Fix crash when device doesn’t return run config when being live updated
test: Adds a test for the none device
lxd/api_1.0: Sort drivers in response
test: use bash and separately set options
Add a shellcheck RC to default to bash flavor
test: stop silencing local is not supported by sh
test/suites/security: avoid reusing standard UID shell variable
test/suites/clustering: fix variable shadowing/reuse/uninit
lxd/apparmor: allow userns for security.nesting=true case
doc/authentication: clean up PKI instructions
api: Add api extension instance_import_conversion
shared/api/instance: Name return arguments
shared/api/instance: Add ConversionOptions and SourceDiskSize fields to the InstanceSource struct
lxd/migration: Add field conversion options to volume target arguments
shared/util_linux: Fix linting issues
lxd/storage: Move BlockDiskSizeBytes function into separate package
lxd/storage/backend_mock: Satisfy linter by adding empty comments to all functions
lxd/storage/backend_lxd: Use contexctual logger in CreateInstanceFromMigration
lxd/storage: Create instance from conversion
lxd/instance/drivers: Helper function to retrieve instance storage pool from devices
lxd/instance/drivers: Add ConversionReceive function
lxd/convert_instance: Add conversion sink for receiving root disk over conversion API
lxd/instances_post: Extract instance arguments setup from migration
lxd/instances_post: Convert image if migration source type is conversion
lxd/migrate*: Add missing comments to exported functions
lxd-migrate/main_migrate: Fix typo in volume size question
lxd-migrate: Remove unused input argument
lxd-migrate: Rename util function to transferRootDiskForMigration
lxd-migrate: Extract helper function for sending block volume
lxd-migrate/utils: Add helper function to determine whether the image is in raw format
lxd-migrate/main_migrate: Allow only raw VM image in migration mode
lxd-migrate: Add support for image conversion
doc: Remove misleading tip in instance import doc
doc: Fix typo in questions within instance import doc
doc: Add image formats to the wordlist
doc: Update api definition
doc: Add new supported image formats to the docs
doc: Fix exception rules for import_machines_to_instances.md
lxd/migrate: Fix migrationSinkArgs comment
lxd: Standardise on “err” field in contextual logging for error
lxd/migrate: Remove unused migrations sink args
lxd/migrate_storage_volume: Add comments to public functions
lxd/*: Make fields of migrationSinkArgs structure private
internal/linux: Define some IOCTLs
Revert “lxd/instance/drivers/driver_qemu: properly calculate VHOST_VSOCK_SET_GUEST_CID”
incusd/instance/qemu: Don’t use hardcoded ioctl
Revert “storage/drivers/driver_btrfs_utils: properly calculate BTRFS_IOC_SET_RECEIVED_SUBVOL”
incusd/storage/btrfs: Don’t use hardcoded ioctl
incusd/devices: Simplify ioctl logic
fix typo in index.md
doc/contributing: add section on how-tos
lxd/storage/backend_lxd: Lower qemu-img convert priority instead of limiting CPU time
lxd: Update logic for project config patch
test/suites: Add testing for project PATCH
Makefile: bump Go min to 1.22.5 (needed by OpenFGA)
doc/requirements: bump min Go version to 1.22.5
gomod: Run update-gomod
lxd/db/openfga: Add an exception for type-bound public access in ReadStartingWithUser
lxd/db/openfga: Switch raw string for auth.EntitlementCanView
lxd/db/openfga: Lint fix
test/godeps: Update lxd-agent dependency list
fix(deps): update golang.org/x/exp digest to 8a7402a
fix(deps): update module github.com/minio/minio-go/v7 to v7.0.74
Update metrics.md to remove symlink trailing slash
fix(deps): update module github.com/pkg/xattr to v0.4.10
lxd/device/device/utils/disk: Update DiskVMVirtiofsdStart to use chroot sandbox mode on pre pidfd_open kernels
lxd: DiskVMVirtiofsdStart usage
lxd/device/device/utils/disk: Removes unused execPath arg from DiskVMVirtiofsdStart
lxd: DiskVMVirtiofsdStart usage
doc: Add PowerFlex storage pool creation how-to
doc: Add missing PowerFlex details to explanation
doc/projects: fix documentation for PATCH request
doc: Add permissions reference page.
doc/explanation: Link to full permission list in fine-grained auth section.
doc/reference: Add permissions page to index.
doc/storage: change examples to sections instead of tabs
lxd/storage/drivers/driver/dir/utils: Improve errors in setQuota
lxd/storage/quota/projectquota: Don’t fail on missing file in SetProject
lxd-migrate: Fix path provided to the raw disk check
api: instance_create_start
shared/api: Add Start to InstancesPost
doc/rest-api: Refresh swagger YAML
lxd/instance: Add support for Start property
lxc/launch: Use the Start property
doc/howto: Update documentation on start field
i18n: Update translation templates
doc: Add remote storage driver cluster pool examples
lxd/apparmor/instance_lxc: allow nosymfollow mount flag in more cases
shared/entity: Return the project name when parsing the project URL.
shared/entity: Skip project query parameter on project entities.
shared/entity: Update unit tests for URL and Parse URL functions.
lxd/db/openfga: Remove logic for getting project name from path arguments.
lxd/auth/drivers: Remove logic for getting project name from path arguments.
lxd/auth/drivers: Standardise URLs before performing OpenFGA requests.
lxd: Fix projectUsedBy function.
lxd/project: Simplify FilterUsedBy function.
lxd/db/cluster: Add project name to project entity queries.
shared/entity: Ignore “none” locations when constructing URLs.
shared: Pass CertOptions to KeyPairandCA
shared: Pass SubjectName to CertOptions
shared: Update usages
lxd: Add method to determine location of storage volume.
lxd-migrate: Add conversion option ‘virtio’
lxd/instances_post: Allow conversion option virtio
lxd/storage/util: Remove unused arguments and tautological conditions
lxd/storage/util: Add qemu-img info helper function
lxd/apparmor/instance_lxc: fix all ro+remount rules
lxd/storage: Use writeback mode for qemu-img convert
lxd/storage/backend_lxd: Improve image unpacking message
lxd/storage/backend_lxd: Reuse qemu-img info helper to inspect image
lxd/storage/backend_lxd: Remove image after format conversion
lxd/storage/backend_lxd: Indicate conversion format in log
lxd/storage/backend_lxd: Inject virtio drivers into imported image
doc: Document usage of conversion option
doc: Fix exception rules for base URL
doc: Add virtio to the wordlist
lxd: Add method to add storage volume details to request context.
lxd: Add an access handler specific to storage volumes.
lxd: Use the storage volume access handler for calls to specific volume.
lxd: Refactor forwardedResponseIfVolumeIsRemote.
lxd: Refactor storage volume handlers to use values from context.
lxd: Use storage volume location in access check when listing.
lxd: Refactor volume backup handlers to use volume access handler.
lxd: Refactor volume snapshot handlers to use volume access handler.
lxd: Add function to add storage volume details to context.
lxd: Add storage bucket specific access handler.
lxd: Update storage bucket endpoint actions to use the bucket access handler.
lxd: Refactor storage bucket handlers to use values from context.
lxd/cluster: Remove ConnectIfVolumeIsRemote.
doc: Use consistent naming for remote pool creation examples
fix(deps): update github.com/openfga/api/proto digest to 7e5be7b
fix(deps): update module github.com/go-jose/go-jose/v4 to v4.0.4
doc: Update rhsrvany link and fix code blocks
lxd/device: added support for extended attributes
lxd/seccomp: fix bpf syscall number for arm64
lxd/include: update bpf header files
lxd/instance: Support security.protection.start config option
scripts/bash/lxd-client: Add security.protection.start config option
api: Add instance_protection_start extension
test: Add test for security.protection.start
lxd/device/disk: Allow hotplug of disks on live-migratable VMs
lxd/device/disk: Check for VM live-migration
lxd/instance: Add ID to ConfigReader
lxd/device/disk: Allow external disk live-migration
lxd/instance/qemu: Support live-migration of instances with extra disks
lxd: Remove restriction on live-migration with attached volumes.
metadata: Add security.protection.start
doc/howto: Add instructions on preventing accidental start of instances
lxd/instance:: Update the error messages for security.protection.delete
lxd/instance:: Update the comments for security.protection.delete
lxd/device/device/utils/disk: Use -o flag for xattr mode of virtiofsd
lxd/instance/drivers: Fix deadlock during failed snapshot creation
lxd/storage/backend_lxd: Create missing file when receiving raw image
lxd/storage/backend_lxd: Set volume size directly on volume config
lxd/storage/backend_lxd: Remove unnecessary usage of volume copy
shared/util: Handle percentage only updates
lxd/storage: Pass tracker through to qemu-img
lxd/apparmor: Use qemu-img convert output to update progress
lxd/storage/util: Show qemu-img convert progress
lxd/storage/backend_lxd: Show image conversion progress
lxd/storage/backend_lxd: Improve progress message when receiving volume
lxd-migrate: Let server set progress prefix in conversion mode
doc: Add missing entries
doc: Re-phrase headers
doc: Fix typo
doc: Add note about VM architectures
test: Snapshot creation failure
lxd/instance/drivers: Allow zfs containers with full…
lxd/instances/qemu: Don’t fail event sending on missing agent
shared/util: Fix linter issues
Makefile: Pin go mod deps for websocket and openfga
gomod: Update dependencies
lxd/storage/drivers/zfs: Always call tryGetVolumeDiskPathFromDataset
lxd/storage/drivers/zfs: Call GetVolumeDiskPath instead of creating new contexts
test/godeps/lxd-agent: Update depedencies
shared/entity: Refactor entity types to use an interface.
lxc/profile: Add support for creating from YAML
i18n: update translation templates
lxd/db/cluster: Refactor database entity types to use an interface.
lxd: Wrap error on failure to get used-by URLs.
doc: Updated VM architecture note to not include “Incus”
doc: VM architecture note grammar fix
lxd/firewall/drivers: Fix netprio error message
fix(deps): update module golang.org/x/sync to v0.8.0
fix(deps): update module golang.org/x/oauth2 to v0.22.0
test: Add profile creation test with YAML
build(deps): bump golang.org/x/sys from 0.22.0 to 0.23.0
lxd/storage/backend_lxd: Prevent import of OVA format for conversion
lxd-agent: Add type for devlxd handler func and rename field.
lxd-migrate: Prevent tarball as instance source
lxd-agent: Define devlxd handlers by name.
lxd-agent: Add an image export handler to lxd-agent.
lxd/instance/instancetype: Allow security.devlxd.images config key for VMs.
{doc,lxd/metadata}: Runs make update-metadata.
lxd-migrate: Properly handle projects
doc/tutorial: add a UI tutorial
{doc,shared/version}: Adds devlxd_images_vm API extension.
github: Replacing @ru-fu for doc triage
doc: Corrected capitalization of “LoongArch”
lxd/device/pci: Detect USB bus
lxd/device/nic: Support USB parents for physical NICs in VMs
lxd/instance: Add new volatile keys
lxd/instance/qemu: Fix typo
lxd/instance/qemu: Handle USB NIC hotremove
github: Disable renovate
doc: unpin Swagger version
lxd/firewall: Fix iptablesClear on nft shim
lxd/migration: Show source errors first
.github: Add Jira integration yaml
lxd/storage/backend/lxd: Pass full snapshot name when validating import in CreateInstanceFromBackup
lxd/instance/instance/utils: Don’t allow snapshots named “…” in ValidName
test: Update instance backup tests to check for invalid and valid snapshot names
doc: add information about creating a Windows VM
doc/tutorial: improve the UI tutorial
lxd/instance/file: Add type and size to HEAD
lxd/instance/file: Add pattern matching for stat.Sys().(*sftp.FileStat) type assertion
api: disk_io_bus_virtio_blk
lxd/device/disk: Add virtio-blk
lxd/device/disk: Add virtio-blk as possible value
lxd/instance/qemu: Add virtio-blk support
lxd/instance: lxdmeta for volatile usb NIC keys
lxd/instance/qemu: Replece util.ValueInSlice() with shared.ValueInSlice()
doc/metadata: Add virtio-blk to metadata
lxd/cluster: Don’t fail when notifying a server…
lxd/cluster: Test Notify with shutdown response
lxd: Refresh the state on cluster put/join
doc: change title to “LXD” instead of “Canonical LXD”
doc/Makefile: add target for building on readthedocs
doc: remove objects.inv.txt generation from RTD build
doc: update to the latest version of the starter pack
doc/pdf: add files and updates needed for PDF generation
build(deps): bump golang.org/x/text from 0.16.0 to 0.17.0
doc: ignore anchor for link checking
build(deps): bump golang.org/x/crypto from 0.25.0 to 0.26.0
build(deps): bump golang.org/x/term from 0.22.0 to 0.23.0
build(deps): bump golang.org/x/sys from 0.23.0 to 0.24.0
doc/pdf: make PDF build work on RTD
lxd/instance/drivers: Improve device ID generation
lxd/instance/drivers: Update unit tests to fit character escaping
gomod: Update OpenFGA dependency.
lxd/db/openfga: Update OpenFGADatastore implementation to match interface.
lxd/certificates: Disallow forward slashes and hyphen prefixes
lxd/networks: Don’t fill network configs when joining
lxd/networks: Update comment
shared: Fix comment typo
doc/images: specify the order of split images
lxd/firewall/drivers: Make sure to always use locking
lxd/firewall/drivers: Fix generateFilterIptablesRules empty return
github: Run go test verbosely
lxd/cluster: Ensure the cluster member config is always sorted
lxd/instance: if storage location is remote, make cluster self healing available, and vm can migrate when src member is offline also
build(deps): bump github.com/minio/minio-go/v7 from 7.0.74 to 7.0.75
build(deps): bump github.com/zitadel/oidc/v3 from 3.26.0 to 3.27.0
build(deps): bump github.com/miekg/dns from 1.1.61 to 1.1.62
lxc/storage_bucket: Add yaml support for key create
lxc/storage_bucket: Avoid govet error printf: non-constant format string in call to fmt.Errorf (govet)
i18n: update translation templates
test: Create a bucket key using YAML bucket key config
gomod: Update dependencies
doc/tutorial: integrate feedback for UI tutorial
doc/instances: add anchor to allow linking to section
lxd/patches: Log the stage of patches being applied
lxd/patches: Fix patchesApply so that the specified stage takes effect
lxd/patches: Fix patchVMRenameUUIDKey so that it uses the correct function to update snapshot config
shared: Allow adding multiple names to certificate SAN
lxd/patches: Updates selectedPatchClusterMember to use state.State
lxd/patches: No-op patchStorageZfsUnsetInvalidBlockSettings
lxd/patches: Updates ZFS patches to use s.ServerClustered correctly
lxd/patches: Fix patchStorageRenameCustomISOBlockVolumesV2 to apply to remote pools
lxd: Fix network forward deletion entitlement.
lxd/cluster: Enforce cluster join token name cannot be ‘none’
lxd/cluster: Enforce cluster member name cannot be ‘none’
tests: Extend cluster member join tests if ‘none’
lxd/device/nic/ovn: Remove legacy port name cleanup logic in Stop
lxd/device/nic/ovn: Don’t call InstanceDevicePortStop anymore in Stop
lxd/network/driver/ovn: Move logic from InstanceDevicePortStop to InstanceDevicePortRemove
lxd/device/nic/ovn: Remove InstanceDevicePortStop
lxd/network/driver/ovn: Remove InstanceDevicePortStop
lxd/device/nic/ovn: Removes last_state.ip_addresses logic
lxd/instance/instancetype: Removes last_state.ip_addresses definition
lxd/network/driver/ovn: Removes last_state.ip_addresses logic
doc: Update metadata
lxd/network/driver/ovn: Don’t return unused port IPs from InstanceDevicePortStart
lxd/device/nic/ovn: Update InstanceDevicePortStart signature
lxd/device/nic/ovn: Call InstanceDevicePortStart when adding port
lxd/patches: Adds instance_remove_volatile_last_state_ip_addresses
lxd/network/driver/ovn: Update comment
shared/cmd: Allow a cmd asker to be created with a logger
lxc/project: Add support for creating project from yaml
lxc/project: Fix govet error (non-constant format string in call to fmt.Errorf)
test: Add project creation test with YAML
i18n: update translation templates
lxc: fix printf: non-constant format string in call to fmt.Fprintf (govet) lint error
lxd: Handle effective projects for profiles.
lxd: Handle effective projects for networks.
lxd: Handle effective projects for network zones.
lxd/project: Add project helper for getting image effective project.
lxd: Handle effective projects for images.
lxd/project: Fix lint errors (revive: confusing-results).
lxd/auth: Add comments to Authorizer interface.
lxd: Always use request project name in authorizer checks.
lxd/auth/drivers: Remove effective project check from TLS authorizer.
lxd/auth/drivers: Handle effective projects in the OpenFGA driver.
lxd/auth/drivers: Update comments on Authorizer method implementations.
test/includes: Add helper for setting up object storage pools.
test/suites: Use storage pool helper in bucket tests.
test/suites: Improve coverage of TLS restrictions tests.
test/suites: Test project feature interaction with fine-grained auth.
doc/explanation: Add note about authorization and project isolation.
lxd/auth/drivers: Fix linter errors (govet: printf).
lxd: Fix linter errors (govet: printf).
lxd: Fix linter error (staticcheck: SA1032).
lxd: Add comment explaining behaviour of events websocket with effective projects.
lxd: Fix invalid FileResponse on empty console log
lxc/console: Update docstring and output for --show-log
lxc/console: Fix linter errors
po: make i18n
lxd/network: Implement State function for physical network driver
test/suites: Add testing for physical network state get
tests: Add invalid certificate name tests
lxd/recover: Add snapshot expiry when recovering instance snapshots
build(deps): bump github.com/minio/minio-go/v7 from 7.0.75 to 7.0.76
build(deps): bump github.com/zitadel/oidc/v3 from 3.27.0 to 3.28.2
lxd: Disable networks during evacuation
lxd/storage/lvm: Properly handle activation during resize
lxd/storage/lvm: Fix resize logic to conserve LV state
build(deps): bump github.com/vishvananda/netlink
shared/api: Handle invalid HTTP status codes.
shared/api: Add new functions for instantiating a StatusError.
lxd/auth/drivers: Use api.NewGenericStatusError.
lxd: Wrap status errors in devlxd.
lxd: Wrap SFTP upgrade error.
lxd: Wrap project permission errors.
lxd/instance/drivers/qmp: Wrap block device removal error.
lxc: Move translations out of format string.
lxc: Fix linter errors (govet: printf).
i18n: Update translations.
lxd: Remove unused state argument from instancesShutdown
lxd/storage/drivers/driver/zfs/volumes: Don’t use d.state.ShutdownCtx in GetVolumeDiskPath
doc/reference: Add warning about volatile keys.
doc/guest-os-compatibility: add compatibility matrix with LXD 5.21
doc/reference: link to guest OS compatibility
doc: sort custom word list
doc: add BLK, CSM, EOL, RDP and SELinux to custom word list
lxd/device/device_utils_disk: remove unused IsBlockdev()
tests: Add snapshot expiry date test to test_container_recover() in backup.sh
lxc/network_load_balancer: add Example to create
lxc/network_load_balancer: fix go-vet linter
i18n: Update translation templates
add a new dependency for github.com/NVIDIA/nvidia-container-toolkit
lxd/device/cdi: Introduce base CDI types and ToCDI
lxd/device/cdi: Add unit tests for the CDI identifier parser
lxd/device/cdi: Introduce a CDILogger type
lxd/device/cdi: Add the NVIDIA CDI spec generator
lxd/device/cdi: Add base CDI Hook types
lxd/device/gpu: Augment the capabilities of the id GPU option to support CDI naming for phyical gputype
lxd/device/cdi: Add CDI translation logic (OCI spec → unix device + mounts) logic
lxd/device/gpu_physical: more explicit output values for deviceNumStringToUint32
lxd/device/gpu_physical: Configure a GPU (physical) if CDI detected
lxd/instance/drivers: Make removeUnixDevices a driver_common function
lxd/instance/drivers/driver_lxc: Configure LXC to use LXD’s startmountns callhook if CDI devices have been configured
lxd: Setup the startmountns callhook command to react to lxc.hook.mount for executing the CDI hooks
lxd: Remove useless break statement in main_callhook command
lxd-metadata: update metadata
doc: Add documentation on how to add a GPU with CDI mode
api/shared/instance: Fix json and yaml key name for source disk size
doc: Update api definition
lxd/apparmor/instance_lxc: allow procfs for unprivileged containers
lxd/apparmor: allow signals receiving
shared/cert: Add ParseCertificate func
lxd/device/cdi: no NVIDIA with CDI for armhf
doc: update doc to include no CDI for armhf
lxc/storage_bucket: Add example for storage bucket create
i18n: Update translation templates
client: Report source errors too on copy
lxd/device/cdi: add no-op defaultNvidiaTegraCSVFiles for armhf
doc/guest-os-compatibility: add SUSE 12 and 15
client: Fix potential panic-causing type assertions
lxd/storage_volumes_state: Handle unsupported response from drivers
lxc/network_zone: Add example for create command
lxc/network_zone: fix go-vet linter errors
i18n: Update translation templates
lxd/apparmor/instance_lxc: allow sysfs for unprivileged containers
doc: add SLES to custom word list
doc/guest-os-compatibility: mention manual install from ISO
doc/guest-os-compatibility: Add Ubuntu 16.04 and 18.04
doc/guest-os-compatibility: Add Ubuntu 18.04, 20.04 and 22.04
doc: add ESM to custom word list
shared/api: Add Description field in StorageVolumeSnapshotsPost
lxd/storage: Add a desc in vol snap DB entry
lxc/storage_volume: fix go-vet linting errors
lxc/storage_volume: add a desc field to vol snap
test: Test description is set for vol snap
i18n: update translation templates
doc: update REST API
Makefile: Pin github.com/dell/goscaleio@v1.15.0
lxc/network_forward: Add yaml example for create
lxc/network_acl: Add cmd.Example for network acl create
lxc/network_acl: fix go-vet linter errors
lxc/network_forward: fix go-vet linter errors
lxc/cluster_group: Add yaml support for cluster group create
lxc/cluster_group: fix go-vet linter error
lxd/storage/drivers: Don’t needlessly re-apply project id on quota changes
lxd/storage/drivers: Remove unnecessary DeleteProject
lxd/storage/drivers: Use projectID variable
test/lint/godeps: don’t abort on first error
lxd/project: Allow managed volumes under “allow”
doc/howto/instances_create: improve LXD agent setup snippet
doc/howto/instances_create: add note about SELinux and LXD agent
build(deps): bump github.com/go-acme/lego/v4 from 4.17.4 to 4.18.0
lxd/device/gpu_physical: forbid CDI GPU hotplugging
test: Create a cluster group using YAML
lxc/storage: Support creating storage pool from yaml
lxc/storage: fix go-vet linter errors
test: Test creating a storage pool with a YAML config
lxc/network_zone: Add example for network zone record create
lxc/snapshot: Add support for creating a snapshot with YAML config
test: Add test for creating a snapshot using a YAML configuration
lxc/storage_volume: Add yaml support for create
test: Add test for creating a volume using YAAML config
test: Add missing description to bucket key
i18n: update translation templates
lxd/instance/drivers/qemu: update how systemd is detected
lxd/instance/drivers/qemu: compat with SUSE paths
doc/guest-os-compatibility: improve legend readability
doc/guest-os-compatibility: link to how to install lxd-agent manually
test/main: don’t use any HTTP(S) proxy with localhost
test: fix ceph storage tests
test/suites/storage: use storage get and storage volume get
test/suites/storage: test storage set and storage volume set on properties
test/suites/storage_volume_attach: use storage volume get
test/suites/exec: use shell comparison
lxd/cluster: Replace deprecated Node.Recover
lxd/db: Add yaml tag to RaftNode
lxd/cluster/recover: Refactor DetermineRaftNode transaction
lxd/cluster: Refactor recovery patch.global.sql
lxd/cluster: Write recovery tarball after cluster edit
lxd/cluster: Prevent custom patches during cluster recovery
lxd/cluster: Implement cluster recovery tarball unpack
lxd/daemon: Load recovery tarball on daemon start
lxd/main_cluster: refactor promptConfirmation
lxd/main_cluster: Use “member” instead of “node”
lxd/main_cluster: Prompt before cluster edit
lxd/main_cluster: Add yaml comment with role explanation
lxd/main_cluster: Print instructions after cluster edit
test: Copy tarball from cluster edit
test: restricted.devices.disk project restrictions
doc: cluster edit updates & copy tarball
lxd/main_cluster: Fix linter errors
lxd/instances: Don’t bypass instance limit check
test/suites/image: use tar to check for metadata.yaml presence
lxd/instance/drivers/edk2: Add new package to track EDK2 firmwares
lxd/instance/drivers/edk2: Support OVMF filenames on arm64
lxd/instance/drivers/edk2: Move seabios to /usr/share/qemu
lxd/instance/drivers/edk2: Add ArchLinux x86_64 paths
lxd/instance/drivers/edk2: Fix CSM handling
lxd/instance/drivers/edk2: Add Void Linux x86_64 paths
lxd/instance/drivers/edk2: Rework to support both LXD_QEMU_FW_PATH and LXD_OVMF_PATH
lxd/instance/drivers/edk2: Add support for seabios in Ubuntu
lxd/instance/drivers/qemu: Update to use the new edk2 package
lxd/instance/drivers/driver/qemu: Log the VM UEFI firmware found in checkFeatures
lxd/instance/drivers/driver/qemu: Improve error in checkFeatures
lxd/util/sys: Removes unused GetQemuFwPaths function
lxd/instance/instance/interface: Add FirmwarePath to VM interface
lxd/instance/drivers/driver/qemu: Add firmware path concept and set it during generateQemuConfigFile
lxd/apparmor/instance: Update instanceProfile to use start time firmware path
lxd/instance/drivers/edk2: Removes unused GetArchitectureInstallations function
shared/entity: Update TypeNode to TypeClusterMember
shared: Update TypeNode usage
lxd: Update TypeNode usage
lxd/cluster: Use NewStatusError
lxc/console: use errors.New() where appropriate
lxc/project: use errors.New() where appropriate
lxc/storage_bucket: use errors.New() where appropriate
lxd/device/proxy: use errors.New() where appropriate
lxd/instances_put: use errors.New() where appropriate
lxd/profiles_utils: use errors.New() where appropriate
lxc/config_device: use errors.New() where appropriate
lxc/network: use errors.New() where appropriate
lxc/network_peer: use errors.New() where appropriate
lxc/cluster: use errors.New() where appropriate
lxc/profile: use errors.New() where appropriate
lxc/network: remove unneeded nil check
lxd/main_forknet: add comment for exported function
lxd/main_init_dump: add comment for exported function
lxd/project/limits: Move content from lxd/project
lxd/storage: lxd/project → lxd/project/limits
lxd: lxd/project → lxd/project/limits
lxd/project/limits: Fix test imports
lxd/storage/drivers: Use private constants for DefaultVMBlockFilesystemSize
lxd/storage/drivers: Expose function for default VM block filesystem size
lxd/device/config: Remove DefaultVMBlockFilesystemSize consts
lxd/db: Rename GetStoragePoolDrivers → GetStorageDrivers
lxd/db: Implement GetStoragePoolDrivers
lxd/project/limits: Use driver name to determine default state size
lxd/storage: Fix linter errors
lxd/storage/drivers: Fix linter errors
lxd/storage/drivers: Test DefaultVMBlockFilesystemSize
lxd/db/cluster: Fix instance_snapshot entity type typo
test/includes/net: use long options with curl
shared/trust: Add HMAC utilities
shared/trust: Add testing coverage for HMAC utilities
lxd: Enable cobra’s completion support
lxc/network: add dynamic completions
completion: support returning non-lxd remotes
lxc/image: add dynamic command line completions
lxc/config: add completions
lxc: add completions for instance actions and snapshots
lxc: add completions for profiles
lxc: add completions for remotes
lxc: add completions for projects
lxc/completion: Remove space after remote names completion
lxc: expose parseVolume to entire package
lxc: add completions for storage pools and volumes
lxc/completion: fix image names completion
lxc: add completions for clusters
lxc: add completions for cluster groups
lxc: add completions for cluster roles
lxc: add completions for config templates
lxc: add completions for network acls
lxc: add completions for network forwards
lxc: add completions for network load balancers
lxc: add completions for network peers
lxc: add completions for network zones
scripts/bash: delete in favor of cobra completions
lxc/aliases: fix completion regression
lxc/publish: Complete snapshot names
lxc: fix go-vet linter
lxc/project: Get current project from connection info
i18n: Update translations
test/suites/tls_restrictions: add tls version check
test/main: add tls version check test
lxc/auth: use errors.New() where appropriate
lxc/config_trust: use errors.New() where appropriate
lxc/file: use errors.New() where appropriate
lxc/image_alias: use errors.New() where appropriate
lxc/monitor: use errors.New() where appropriate
lxc/operation: use errors.New() where appropriate
lxc/query: use errors.New() where appropriate
lxc/rebuild: use errors.New() where appropriate
lxc/warning: use errors.New() where appropriate
shared/cmd/cancel: use errors.New() where appropriate
i18n: Update translations.
lxc/publish: clarify that public means accessible to unauth’ed clients
i18n: Update translations.
lxd/instance/lxd-agent: fix selinux fcontext path to lxd-agent /run dir
doc/guest-os-compatibility: fix lxd-agent compat with SELinux
doc: Add shell completions instructions to LXD installation docs
api: Add metrics_api_requests extension
shared/entity: Add apiMetricsURLPrefixes to typeInfo
shared/entity: Use apiMetricsURLPrefixes to classify endpoints
shared/entity: Unit tests for endpoint entity types
lxd/metrics: Define core logic for API request metrics
lxd/api: Initialize API metrics
lxd/request: Create MetricsCallbackFunc
lxd: Create CountStartedRequest
lxd/daemon: Track request on createCmd
lxd/api: Include handlers outside createCmd
lxd: Delete duplicate operationWebSocket
lxd: Add request argument on Render
lxd: Remove request field on response types
lxd/request: Create MetricsCallback
lxd: Track completed requests on Render
lxd/operations: Add onDone to operation
lxd/operations: Inject callback function on operation
lxd-agent: Add request argument to Render
lxd-agent: Remove request fields from response types
lxd/metrics: Sort metrics tuple alphabetically
lxd/metrics: Add constants for API requests metrics
lxd/api_metrics: Adds samples for API request metrics
lxd/api_metrics: Ensure internal metrics are included
lxd: Add comments to exported functions
lxd: Fix comments for linter
lxd/api: Log error on Fprint
lxd/daemon: Change log error to warning
lxd/api: Remove uncecessary else block
lxd-agent: Add comment to exported function
test: Add tests for API requests metrics
doc/reference: Update internal metrics docs
doc: Update example metrics raw output
golangci: Disable defer rule
lxd/instance/drivers/edk2: Actually check that the files exist
lxd/instance/drivers/driver/qemu: Always re-generate the nvram symlink
api: Add metrics_api_requests extension.
lxd/instance/drivers/edk2: Rework GetAchitectureFirmwarePairs into GetAchitectureFirmwareVarsCandidates
lxd/instance/drivers/driver/qemu: GetAchitectureFirmwareVarsCandidates usage
lxd/instance/drivers/edk: Comment improvement on GetArchitectureFirmwarePairsForUsage
doc/howto/instances_create: remove outdated note about SELinux
doc/instances: Cover LXD agent installation
doc/howto/instances_create: improve lxd-agent install steps
doc/howto/instances_create: add note for lxd-agent install in ISO install
doc/guest-os-compatibility: update link to LXD agent manual install
lxc/completion: Fix completions for config keys
github: Align codesql workflow “on” and concurrency rules with other tests
github: Align commits workflow “on” and concurrency rules with other tests
lxd/instance/drivers: Move removeDiskDevices to common
lxd/instance/drivers: Add ErrExecDisconnected
lxd: Make VM shutdown/reboot exit cleanly
lxd/instance/drivers: Handle websocket closing
lxd/project/limits: Rework low-level permission checks
lxd/project/limits: Test project lowlevel refactor
github: Don’t run commits workflow on push
github: Move go version compatibility check into code test phase
Makefile: Avoid unnecessary repeat builds during build
github: Cache binaries built in code tests and use in system tests
github: Clearly indicate the LXD client binaries in test artifact naming
github: Remove unused dqlite ppa usage in system tests
github: Strip binaries during test
Makefile: lxc doesn’t need sqlite3 tag
Makefile: Remove unused dependencies from check stage
Makefile: Add -failfast to unit test run
Makefile: Use -trimpath
Makefile: Add separate check-unit for unit tests
github: Use make check-unit for unit tests
build(deps): bump golang.org/x/term from 0.23.0 to 0.24.0
Makefile: Add GOCOVERDIR support
doc/authentication: clarify what {client|server}.ca are
client: Fix error handling in push mode copy
github: Add coverage support to lxd tests
lxd/patches: Add patch for entity type instance snapshot typo
api: projects_limits_disk_pool
lxd/projects: Add new limits.disk.pool config key
doc: Update configs
lxc/project: Handle pool disk limits
lxd/project: Add per-pool disk limits
lxd/project/limits: Add HiddenStoragePools
lxd/storage: Hide pools with a zero limit
tests: Add test for per pool limits
doc/howto/network_bridge_firewalld: add IPv6 rules to Docker example
lxd/instance: Add support for armhf vm’s on arm64 hosts
Updated storage volume doc to remove any suspicion of action not working
github: Only build coverage data on workflow_dispatch
github: Alow go mod to modify go.mod and go.sum
shared/trust: Reimplement HMAC ParseHTTPHeader
shared/trust: Cache the password for argon2
shared/trust: Remove Equal from HMACFromatter interface
shared/trust: Update HMACEqual
shared/trust: Rearrange the some funcs
shared/trust: Update error messages
shared/trust: Update HMAC tests
doc: Update project_limits_disk_pool description
lxd: Update limits.disk.pool doc
doc: make update-metadata
github: Add performance tuning to code tests
github: Mask unwanted lxc services in code tests
github: Use set -eux on all test commands
github: Reclaim some space
github: Add initial TICS step
Go: Bump minimum version to 1.22.6
Makefile: Remove deprecated -d flag from go get
Makefile: Improve comments
Makefile: Pin openga again
Makefile: Remove go toolchain and use bundled toolchain of minimum version
gomod: Update dependencies
test/godeps: Update lxd-agent expected deps
build(deps): bump github.com/openfga/openfga from 1.5.9 to 1.6.0
lxd/auth/drivers: Update Internal to Unwrap
github: Don’t interrupt ongoing tests for different actions on same github.ref
github: Adds reclaim-disk-space action
github: Use reclaim-disk-space action
github: Adds tune-disk-performance action
github: Use tune-disk-performance action
lxc/config: create oidctokens dir with 0750
github: Adds remove-docker action
github: Use remove-docker action
lxd: Deduplicate logging for instance types update failure
test: Test exit codes upon container disconnect
github: Run TICS workflow daily
doc/howto: Update windows conversion tip to mention new lxd-migrate functionality
github: Adds action to install LXD build dependencies
github: Switch to use install-lxd-builddeps
github: Make clear we build LXD from dist tarball
lxd/project: Don’t fail project creation on missing pools
test/suites/project: Check project operations before init
github: Switch to tiobe/tics-github-action@v3
doc/custom_conf: Disable Dell link check due to possible rate limiting
lxd/instance/drivers/qemu: Fix RecordOutput
lxd-migrate: Fix linter issue with constant error
lxd-migrate: Accept path when connecting over unix socket
build(deps): bump github.com/openfga/openfga from 1.6.0 to 1.6.1
lxd-migrate: Add profiles and no-profiles flags
lxd-migrate: Add network flag and use network config property instead of parent
lxd-migrate: Add storage and storage-size flags
lxd-migrate: Add flag for instance configuration
lxd-migrate: Add project flag
lxd-migrate: Add flags for target server url and token
lxd-migrate: Add flag for instance source
lxd-migrate: Add flag for setting instance name and selecting its type
lxd-migrate: Add flag for configuring additional container FS mounts
lxd-migrate: Prevent interaction in non-interactive mode
lxd-migrate: Remove invalid comment in lxd-migrate help message
lxd-migrate: Ask about secureboot only in interactive mode
lxd-migrate: Add cert-path/key-path flags
lxd-migrate: Add precheck before connecting to the server
lxd-migrate: Replace shared.ValueInSlice with slices.Contains
docs: Document non-interactive lxd-migrate mode
lxd/fsmonitor: Move events out of drivers package.
lxd/fsmonitor: Prefix Event constants with Event.
lxd/fsmonitor: Add EventWrite and EventRename.
lxd/fsmonitor: Add comment for exported function.
lxd/fsmonitor: Remove wrapper monitor.
lxd/fsmonitor/drivers: Add logging to the common fsmonitor.
lxd/fsmonitor/drivers: Remove New function and use drivers.Load.
lxd/fsmonitor/drivers: Move mountpoint restriction into fanotify load method.
lxd/fsmonitor: Add driver name to interface.
lxd/fsmonitor/drivers: Remove Driver interface and implement FSMonitor interface.
lxd/fsmonitor/drivers: Add methods to convert driver specific events into fsmonitor events.
lxd/fsmonitor: Update interface to use fsmonitor.Event rather than string.
lxd/fsmonitor/drivers: Allow passing a slice of event types to be monitored.
lxd/fsmonitor/drivers: Create an event mask from the given list.
lxd/fsmonitor/drivers: Allow more than one inotify/fanotify watcher to be instantiated.
lxd: Update fsmonitor instantiation.
lxd/device: Update unix events to use an fsmonitor.Event.
lxd/fsmonitor/drivers: Fix lint error (unchecked-type-assertion).
test/godeps: Update lxd-agent dependencies.
lxd: Do not set remote address for devlxd
lxd: Remove devlxdRemoteAddress
shared/api: Introduce AuthenticationMethodDevLXD
lxd: Set context auth method for devlxd requests
lxd: Remove check for devlxd request
lxd: Use auth method instead of devlxdRemoteAddress
lxd: Remove metrics functions from request package
lxd/metrics: Rename MetricsCallback for linter
lxd/metrics: Refactor function names
lxd: Update CountStartedRequest usage
lxd: Update MetricsCallback usage
lxd/request: Fix request not counted warning
devlxd-client: Add support for image export
test/suites: Test image export from devlxd
lxd/fsmonitor/drivers: Allow setting fsmonitor driver via environment.
doc: Add environment variable to documentation.
test/suites: Test unix devices with both fsmonitor drivers.
lxd/fsmonitor/drivers: Ignore some inotify events to prevent warnings.
test/suites/container_devices_unix: test unix-{block,char} together
test/main: test unix-{block,char} together
test/suites/container_devices_unix: better check unset var
test/suites/container_devices_unix: use more precise shell comparisons
doc/howto/container_gpu_passthrough_with_docker: use single line cmds
lxd/cluster: Implement createTarball
lxd/cluster: Use createTarball for recovery tarball
lxd/cluster: Implement createDatabaseBackup
lxd/cluster: Create database backups before recovery
lxd: Improve error handling during cluster edit
test/clustering: Sanity check for automated DB backups
doc: Document cluster recovery automated DB backups
lxd: Update metadata usage
doc: make update-metadata
lxd/auth/drivers/openfga: Implement With to satisfy Logger interface
lxd/auth/drivers/openfga: Add comment to blank import
lxd: Refactor image post
lxd/image: Acquire image lock for uploaded images
doc: Update command description for lxc import image
i18n: Update translations
lxd/init: Differentiate managed and unmanaged network
lxd/storage_buckets: Check etag when updating storage bucket
test/suites/storage_buckets: check file integrity is preserved
lxd: Move instance name validator to instancetype package
lxd-migrate: Prevent invalid instance names
lxd/api/project: Clarify meaning of restricted.networks.subnets
lxd/network/driver/physical: Clarifies the use of ipvX.routes
doc: Update metadata
test/suites/tls_restrictions: don’t check for broken pipe error
lxc: Fix exporting vm backups to stdout
github: Enable tmpdir for TICS
test/lint: Use agent tags when listing dependencies.
test/godeps: Update lxd-agent dependency list.
lxd/auth/drivers: Refactor TLS driver for common handling of server level resources.
lxd/auth/drivers: Add tests for the TLS driver.
workflows: Change permissions on generated files.
lxd/auth/drivers: Remove type-bound public access entitlements from model.
lxd/db/openfga: Remove type-bound public access exceptions.
lxd: Replace can_view on storage pools and server with authentication check.
lxd/auth/drivers: Remove handling of can_view on server and storage_pool.
lxd/auth/drivers: Validate entitlements on authorizer calls.
lxd/auth/drivers: Check if can_view is valid before determining status code.
lxd/storage/drivers: Return growFileSystem errors
lxd: Fix bulk unfreezing
api: Add ubuntu_pro_guest_attach API extension.
shared/api: Add guest attachment API responses.
lxd/ubuntupro: Add ubuntupro package.
lxd/state: Add ubuntupro.Client to state.State.
lxd/state: Add ubuntupro.Client to Daemon.
lxd/instance/instancetype: Add ubuntu_pro.guest_attach to instance configuration.
{doc,lxd/metadata}: Run make update-metadata.
lxd: Add Ubuntu Pro handlers to devlxd.
lxd-agent: Add Ubuntu Pro handlers to devlxd.
lxc/init: Add error handling for launching container when image is of type VM
i18n: Update translations
test: Add test to ensure aliased container won’t launch with vm flag set
lxd: Update copy op response when source is snapshot
workflows: Bump lxd-agent size.
lxd-agent: Handle built-in vsock module
build(deps): bump github.com/zitadel/oidc/v3 from 3.29.1 to 3.30.0
lxd/daemon: Fix log format
lxd/sys: Sort kernel features
lxd/sys: Add doc strings
lxd/checkfeature: Add unprivileged binfmt detection
lxd/sys: Add UnprivBinfmt
lxd/daemon: Detect unprivileged binfmt_misc
lxd/api_1.0: Add unpriv_binfmt kernel feature
lxd/instance/lxc: Support unpriv binfmt_misc
workflows: Skip system tests for ceph and lvm on push and schedule.
lxd/storage: Check for direct I/O when converting image format
test: Don’t collapse dmesg in CI when there’s a kernel call trace
tests: Don’t over-provision test volume
workflows: Revert “Skip system tests for ceph and lvm on push and schedule.”
tests: Don’t overprovision test volume
api: Add metadata_configuration_entity_types API extension.
lxd-metadata: All configuration keys are strings.
metadata: Runs make update-metadata.
shared/api: Add MetadataConfiguration API struct definitions.
lxd/auth/generate: Generate entity type JSON conforming to API type.
lxd-metadata: Update lxd-metadata to use new entity metadata format.
lxd-metadata: Validate that the generated JSON conforms to the API definition.
lxd/metadata: Run make update-metadata.
lxd: Render api.MetadataConfiguration on /1.0/metadata/configuration.
lxd: Add MetadataConfiguration to swagger doc string.
doc: Runs make update-api.
lxd/storage: Fix check for direct I/O write support
lxd/fsmonitor: Add constants for driver names.
lxd/fsmonitor/drivers: Use driver names where applicable.
lxd/fsmonitor/drivers: Only log fanotify load errors if filesystem is mount point.
lxd/forknet: Handle wifi detach
lxd/storage: Fix direct I/O write check for ImageUnpack
lxd/storage/drivers: Fix direct I/O write check
lxc/client: Add GetMetadataConfiguration method
Revert “lxc/init: Add error handling for launching container when image is of type VM”
i18n: Update translations
lxc: Add completions for server keys
lxc/console: Add completion
github: Add Trivy repo scan
github: Add Trivy snap scanning
client/doc: add trailing slash to ubuntu: URL
doc/howto/instances_create: add trailing slash to ubuntu: URL
doc/howto/instances_routed_nic_vm: add trailing slash to ubuntu: URL
doc/rest-api: add trailing slash to ubuntu: URL
lxc/config/default: add trailing slash to ubuntu: URL
shared/api/image: add trailing slash to ubuntu: URL
shared/api/instance: add trailing slash to ubuntu: URL
test/suites/remote: add tailing slash to ubuntu: URL
lxc/config/default: add trailing slash to ubuntu-daily: URL
lxc/config: use strings.Cut() instead of SplitN() in ParseRemote()
lxc/exec: use strings.Cut() instead of SplitN()
lxc/completion: use strings.Cut() instead of SplitN()
lxc/project: use strings.Cut() instead of SplitN()
lxd/ubuntupro: Return host guest attachment setting if instance setting is unset.
lxd/db/cluster: Split identity and certificate entity type definitions by identity type.
Fix cloud-init instance key typos
lxd/apparmor: Support unpriv binfmt_misc
doc: Update container environment docs
test: Add test for binfmt_misc support on unpriveleged container
build(deps): bump github.com/NVIDIA/nvidia-container-toolkit
build(deps): bump github.com/minio/minio-go/v7 from 7.0.76 to 7.0.77
lxd: Add patch to fix errant identity permissions.
lxd/identity: Add util for checking if identity type is fine-grained.
lxd: Update identity handlers to check certificate permissions.
test/suites: Test permission management for certificates vs. identities.
test/suites: Commands that are expected to fail shoud end with || false.
lxd/db/cluster: Use given auth group ID when setting permissions.
lxd: Update permission handling on upsert.
lxd: Test patching certificate/identity permissions.
Makefile: suggest committing translation template updates if any
Makefile: make update-pot reproducible by ignore creation-date changes
Makefile: suggest committing translation updates if any
i18n: Update translation templates.
i18n: Update translations.
lxd/instance/drivers/driver/lxc: Use correct container name in Update call to liblxc
lxd/patches: Use lower case “project” in logging for consistency
go: Bump to 1.22.7
Makefile: Drop openfga pin
gomod: Update depdendencies
github: Avoid running Trivy accidentally on non-main branches and other repos
github: Avoid running TICS accidentally on non-main branches and other repos
doc: silence warning caused by sphinx-tabs
lxc/completion: Update instance completions to not show server configs
lxc/completion: Add instance device completions to lxc config device add
lxc/completion: Add instance device option completions to lxc config device add
lxd/devices: use builtin min() (Go 1.21+)
doc/installing: update link to how to manage the LXD snap
lxc/completion: Autocomplete instances for lxc pause/start/exec/stop/delete based on status
github: Update step names
github: Fix Trivy vulnerability database caching
lxd/db/cluster: Add statement for getting certificates.
lxd/db/cluster: Use certificate statements for querying certificate identities.
lxd/db/cluster: Update certificate database function comments.
lxd/db/cluster: Remove unnecessary cast.
lxd/db/cluster: Remove unused CertificateFilter.
lxd/db/cluster: Remove unused CertificateExists function.
lxd/db/cluster: Remove unused certificates_projects functions.
lxd/db/cluster: Remove DeleteCertificates function.
lxd/cluster: Update call to delete certificates.
lxd/db: Remove (*DB).UpdateCertificate.
lxd: Pass a context into doCertificateUpdate.
lxd: Update doCertificateUpdate for removed (*DB).UpdateCertificate.
lxd/cluster: Fix lint error (govet: printf).
test/suites/backup: ignore time discrepancies when untar’ing
Makefile: Build lxd-user as static binary
Makefile: Remove unused nocache and race targets
Makefile: Removes unused staticcheck target
Makefile: Move lxd-benchmark to be built statically
doc: silence all warnings related to Sphinx 9.0 deprecations
test/pki: Export LXD_DIR in subshell.
test/suites: Improve grep usage in PKI tests.
lxd/storage/drivers/powerflex: Use the Net* response variables for pool stats
build(deps): bump github.com/dell/goscaleio from 1.15.0 to 1.16.0
lxc: Add lxc file create subcommand
test: Add tests for lxc file create
i18n: Update translation templates.
i18n: Update translations.
lxc: Add instance completions to lxc file subcommands
lxc: Use ParseUint with base and upper bound instead of ParseInt in cmdFilePush run function
gomod: Update dependencies
github: Use microceph from latest/edge
github: Workaround GHA download artifact bug
api: Add access_management_tls API extension.
lxd: Separate identity handlers by authentication method.
lxd: Clarify optimisations when listing identities with recursion.
lxd/response: Add a NotImplemented swagger definition.
lxd: Add all API responses to swagger doc on identity update.
shared/api: Add lifecycle event for identity deletion.
lxd/lifecycle: Add lifecycle event for identity deletion.
lxd/lifecycle: Fix comment on identity actions.
lxd: Add DELETE handler for identities.
lxd/auth/drivers: Allow identities to delete themselves.
doc: Run make update-api.
client: Add client methods to delete an identity.
lxc/auth: Add subcommand for identity deletion.
i18n: Update translation templates.
i18n: Update translations.
test/suites: Test identity deletion.
github: add setup-microceph action
github: use setup-microceph action in tests job
test: Add check for unpriv_binfmt support before testing feature
Revert “doc: silence all warnings related to Sphinx 9.0 deprecations”
Revert “doc: silence warning caused by sphinx-tabs”
github: stop scanning Python through CodeQL
lxd/apparmor: Include CAP_SYS_ADMIN in rsync AppArmor profile
lxc/completion: Add images and ubuntu remote completions
Revert “github: Workaround GHA download artifact bug”
github: move make doc-linkcheck to Tiobe TICS job
github: only run CodeQL (go) on PRs and on weekly schedule
github: ignore some paths for CodeQL (go)
lxd/db/generate/db: Update ast.Package references to packages.Package
lxd/db/generate/lex: Parse package paths with packages.Load
lxd/db/generate/db: Update variable/type declaration parsing
lxd/db/generate/lex: Update parser tests
lxd/db/generate/db: Fix lint errors
lxd/db/schema: Fix schema generation
github: pin actions/upload-artifact@v to known working SHA
github: pin actions/download-artifact@v4
github: pin actions/checkout@v4
github: pin actions/cache/{save,restore}@v4
github: pin actions/labeler@v5
github: pin actions/dependency-review-action@v4
github: pin actions/setup-go@v5
lxd-user: Add container stop callhook support
lxd/main/callhook: Use callhook package from lxd-user
lxd: Change token pruning task to hourly.
Revert “shared/entity: Add apiMetricsURLPrefixes to typeInfo”
Revert “shared/entity: Use apiMetricsURLPrefixes to classify endpoints”
Revert “shared/entity: Unit tests for endpoint entity types”
lxd: Add MetricsType field to APIEndpoint
lxd/metrics: Take endpoint type instead of deriving from prefix
lxd: Update metrics functions usage
shared/entity: Create list of types for the metrics
lxd: Categorize existing endpoints
lxd: Check if every 1.0 endpoint is typed
lxd: Update MetricsCallback variable name
github: github action for installing Trivy
github: Install Trivy using GitHub action
github: pin redhat-plumbers-in-action/differential-shellcheck@v5
github: pin github/codeql-action@v3
github: pin canonical/has-signed-canonical-cla@main
github: run commits job with ubuntu-latest
github: pin tiobe/tics-github-action@v3
github: pin get-woke/woke-action@v0
github: pin iamfj/action-label-notification@v1.0.0
Revert “github: temporarily ignore microceph enable rgw failing”
Revert “github: Connect mount-observe to microceph”
github/actions/setup-microceph: only set noscrub once
shared: Use correct WaitStatus type
test/suites/exec: Add test for signaled processes’ exit codes
test/suites/exec: More time for guest exec sleep
test/suites/container_devices_nic_bridged_filtering: unload br_netfilter once done
lxc/completion: Storage volume copy completion fixes
lxc/completion: Use string concatenation instead of Sprintf() where possible
lxc/completion: Add go doc comments to completion functions
build(deps): bump actions/upload-artifact from 4.4.2 to 4.4.3
lxc/remote: Fix interactive question about remote fingerprint
lxc/remote: Add validation for mutually exclusive flags
lxc/remote: Prevent accept-certificate flag when using trust token
lxd/certificates: Invalidate trust token when adding client certificate
lxc/remote: Always send token to remote to invalidate it
test: Remove accept-certificate flag where token is used
test/pki: Do not use invalid token as it will always fail
test/clustering: Remove unused token
test/clustering: Do not use token when adding public remote
test: Ensure token cannot be used with --accept-certificate flag
i18n: Update translation templates.
i18n: Update translations.
gomod: Update deps
build(deps): bump github.com/openfga/openfga from 1.6.1 to 1.6.2
lxd/firewall/drivers: Don’t masquerade multicast traffic
lxd/network: Support VLAN tagging for OVN uplinks with native bridge parents
lxd/network/driver_ovn: Fix CIDR size check
lxd/network/driver_bridge: fix IPv6 CIDR size check
lxd/network/driver_ovn: fix IPv6 CIDR size check
shared/api: Add pending and fine-grained TLS certificate identity types.
lxd/identity: Make new client certificates a fine-grained identity type.
lxd/identity: New client certificate identity type authenticates via TLS.
lxd/db/cluster: Add pending and fine-grained TLS certificate identity types.
lxd/db/cluster: Include new identity types in identity entity type db definition.
lxd/operations: Don’t consider writing errors
lxd/response: Don’t consider writing errors
lxd/metrics: Remove logging from UseMetricsCallback
shared/api: Add API structs for identity creation.
shared/api: Add field to CertificateAddToken.
lxd: Move CA check into certificateValidate method.
lxd/db/cluster: Add pending TLS identity metadata type and method.
lxd/db/cluster: Add method to activate a pending TLS identity.
lxd/db/cluster: Add method to find a pending identity by secret.
lxd: Add factor out common logic for identity notifications.
shared: Change error message on ParseCert.
lxd: Add TLS identity creation endpoint.
doc: Runs make update-api.
lxd: Allow fine-grained TLS identities to authenticate.
lxd: Allow fine-grained TLS identities list resources in any project.
lxd/auth/drivers: Delegate to TLS driver only when identity is not fine-grained.
lxd: Omit pending TLS identities when updating the identity cache.
lxd: Return a useful error if an identity token is sent to the certificate API.
client: Add methods for creating TLS identities.
lxc/remote: Update remote add to handle tokens issued by identities API.
lxc/auth: Add identity creation command.
i18n: Update translation templates.
i18n: Update translations.
test/suites: Parameterise authorization tests by remote name.
test/suites: Test fine-grained TLS identity creation.
test/suites: Test identity info for TLS identities.
test/suites: Run fine-grained authorization tests for TLS identities.
test/suites: Improve coverage on identity deletion.
test/suites: Test fine-grained TLS identities with PKI mode.
doc/howto: Don’t link client tokens to clustering tutorial.
doc/howto: Switch projects<->users in confinement docs.
doc: Switch projects<->users in confinement docs.
doc: Authentication section under explanation should not contain how-tos.
doc/explanation: Remove authentication methods section in project docs.
doc/explanation: Add fine-grained TLS identities to authorization page.
doc/howto: Include fine-grained TLS identities in authentication tutorial.
doc/howto: Include fine-grained TLS identities in project confinement tutorial.
Revert “github: move make doc-linkcheck to Tiobe TICS job”
github: move make doc-linkcheck back to doc
test/includes/lxc: silently set +x
test/includes/lxd: silently set +x
Makefile: stop testing with flake8 during static-analysis
github: don’t install flake8
test/deps/import-busybox: format with ruff format
test/deps/import-busybox: upgrade to python 3.8+
test/suites/remote: rework invalid protocol test
test/suites/remote: rework badtoken test
test/suites/clustering: add clustering_update_cert_token test
test/main: enable clustering_update_cert_token test
lxd/db/openfga: Update ReadChanges
lxd/network/driver_ovn: allow subnets smaller than /64
github: remove extraneous space after GHA SHA1 pinning
github: fix indent of commits job
github: fix indent of codeql job
github: fix indent of triage job
Makefile: opportunistically run yamllint against GH workflows
lxc/completion: Only complete custom storage volumes for lxc storage volume copy
lxc/completion: Fix completions for lxc storage volume move
api: network_allocations_ovn_uplink API extension
shared/api: Add Project field to leases
lxc/network/driver_ovn: Adapt Leases for ovn network
lxc/network/driver_bridge: Adapt Leases for bridge network
lxd/network_allocations: Get leases from all projects
lxd/network_allocations: Include OVN uplink allocations
shared/api: Add Network to NetworkAllocations
lxd/network_allocations: Populate Network field
lxc: Show allocation network
doc: Run make update-api
i18n: Update translation templates.
i18n: Update translations.
test: Test showing instances from different projects
github: use shorter job names for Trivy scanning
doc: fix minor typos
api: Add network_ovn_uplink_vlan API extension
lxd/network/network/utils: Fix incorrect handling of instances in UsedByInstanceDevices
lxd/network/driver/bridge: Handle concurrent collection of member leases correctly
doc/explanation/authorization: embed discourse post title as link text
doc/howto/snap: embed discourse post title as link text
doc/installing: embed discourse post title as link text
doc/reference/remote_image_servers: embed discourse post title as link text
doc/reference/uefi_variables: embed discourse post title as link text
lxd: Use explicit cluster addr when core addr is wildcard
lxc/profile: Fix typo in profile set usage
doc: make i18n
lxd/cluster/notify: Use in-memory config for cluster offline threshold
lxd/cluster/notify: Use state.ServerClustered
lxd/cluster/notify: Take optional members to notify
lxd/cluster/notify: Add NodeInfo to Notifier hook
lxd/cluster/notify: Update notifier tests
lxd/state/test: Load global config from DB
lxd/cluster: Update notifier usage
lxd/network/acl: Update notifier usage
lxd/network/zone: Update notifier usage
lxd/network: Update Notifier usage
lxd: Update notifier usage
lxd: Update notifier usage
lxd: Update notifier usage
lxd/cluster: Split LocalSysInfo from MemberState
lxd/cluster: Remove unused memberName parameter
lxd: Update MemberState usage
shared/api: Add LogicalCPUs to ClusterMemberSysInfo
lxd/cluster: Populate LogicalCPUs
doc: Run make update-api
lxd/cluster: Implement ClusterState
lxd/cluster/notify: Mock member state endpoint
lxd/cluster: Test ClusterState
lxd/cluster: Perform cluster member update on updated cluster member
lxd: Remove uneeded iteration
lxd/db/node: Fix linter errors
doc/howto: Fix argument order when adding permissions to a group.
build(deps): bump tiobe/tics-github-action from 3.2.0 to 3.2.1
build(deps): bump github/codeql-action from 3.26.12 to 3.26.13
api: Add state_logical_cpus extension
lxd/db/cluster/profiles: Support device cache in ToAPI
lxd: Pass profile device cache to ToAPI calls when possible
lxd/db/cluster/instances: Support device cache to ToAPI
lxd/project/limits: Pass instance device cache to ToAPI
lxd/db/cluster/instances: Allow passing profile devices to instance ToAPI
lxd/project/limits: Pass profile device cache to instance ToAPI
lxd/db/cluster/profiles: Support config caching
lxd: Update calls to profile ToAPI
lxd/db/cluster/profiles: Fix import shadowing
api: Add vm_limits_cpu_pin_strategy API extension.
lxd/instance: Add limits.cpu.pin_strategy config key for virtual machines
metadata: Run make update-metadata
lxd/instance: Add input validation for limits.cpu.pin_strategy
lxd/devices: Disable VM CPU auto pinning by default
doc: Update CPU pinning documentation for VMs
lxd: Consider project’s restricted cluster groups during instance evacuation
lxd/db: Implement ToAPI for InstanceArgs
lxd/instances: Remove old retry logic
github: Use go mod version of go for build test
github: Remove ineffective matrix of go versions during system tests
github: Use go mod version of go for TICS test
github: Use go mod version of go for client tests
github: Use go mod version of go for doc builds
github: Use go mod version of go for LP trigger
lxd/instance/drivers/qemu: Properly plumb I/O limits
lxd/cgroup: Add named results to ParseCPU and remove unnecesary type casting to int64
lxd/cgroup: Refactor srcType parameter in TaskSchedulerTrigger to use instancetype.Type instead of string
lxd/shared/validate: Add named results to ParseNetworkVLANRange and ParseUint32Range
tests: Add tests for limits.cpu.pin_strategy and limits.cpu config and profile settings
github: update apt definition in setup-microceph
github: tune docker firewall disablement to work on 20.04
github: drop extraneous space between commit hash and version comment in commit job
github: drop extraneous space between commit hash and version comment in tests job
github: cope with no installed snaps in reclaim-disk-space action
github: free up more space in reclaim-disk-space action
lxd: Use tx.AddNodeToClusterGroup consistently
lxd/db/cluster: Remove unneeded generated DB code
test/suites: Add testing for cluster group init with multiple nodes
lxd/project/limits: Use InstanceList for queries
lxd/cluster: Replace deprecated Recover with ReconfigureMembership
lxd/state: Add LeaderInfo type and function to state.
lxd: Set LeaderInfo function in (*Daemon).State.
lxd: Update ACME handlers to use (*State).LeaderInfo.
lxd: Update cluster handlers to use (*State).LeaderInfo.
lxd: Update image sync task to use (*State).LeaderInfo.
lxd: Update instance handlers to use (*State).LeaderInfo.
lxd: Update operation prune task to use (*State).LeaderInfo.
lxd: Update database patch to use (*State).LeaderInfo.
lxd/apparmor: Update with new lxd binary location in sbin
lxc/launch: Start console if instance start was performed on server
Makefile: Use dqlite master when building deps and making dist tarball
gomod: Switch to v3 of go-dqlite
lxd: Switch to v3 of go-dqlite
lxd/db: Linter fixes
lxd/db/cluster: Differentiate errors returned by PendingTLSMetadata.
lxd: Remove expired pending TLS identities in token prune task.
lxd: Change log level to ‘warn’ for the token prune task.
lxd: Opportunistically remove invalid/expired pending TLS identities.
lxd/sys/os: add InUbuntuCore() helper
lxd/device/cdi: make it work in Ubuntu Core environment
lxd/instance/instance_utils: forbid nvidia.runtime with Ubuntu Core
lxd/device/gpu_physical: forbid CDI to be used with nvidia.runtime=true
lxd/device/cdi/spec: check that pc-kernel snap is connected properly
build(deps): bump actions/dependency-review-action from 4.3.4 to 4.3.5
build(deps): bump actions/cache from 4.1.1 to 4.1.2
build(deps): bump actions/setup-go from 5.0.2 to 5.1.0
build(deps): bump github/codeql-action from 3.26.13 to 3.27.0
build(deps): bump github.com/pkg/sftp from 1.13.6 to 1.13.7
build(deps): bump github.com/zitadel/oidc/v3 from 3.30.1 to 3.31.0
build(deps): bump github.com/minio/minio-go/v7 from 7.0.78 to 7.0.79
build(deps): bump actions/checkout from 4.2.1 to 4.2.2
lxd/network: Consider volatile IP in ovnNetworkExternalSubnets
lxd/device/cdi: Fix the case of adding a CDI device with the ‘all’ identifier
lxc/completion: Rework instance config key completion functions
lxc: Handle interupts properly to clean spice socket and avoid accumulation
lxd: Deduplicate image file deletion
lxd: Add internal testing handler to trigger token prune task.
test/suites: Test that expired pending identities are removed when token is used.
test/suites: Test the token pruning task removes expired pending TLS identities.
test/suites: Test token prune task for certificate add token operations.
lxd/db: Implement DqliteDir
lxd/cluster: Use DqliteDir
lxd/cluster: Use DqliteDir
lxd/cluster/gateway_test: Use DqliteDir
lxd/cluster/recover: Use DqliteDir
lxd/cluster: Print last dqlite entry on gateway shutdown
doc: Determine which LXD member is most up to date
doc: Update MicroCloud reference
api: sort GET /auth/permissions response
lxd/device/cdi: update generateSpec signature
doc/tutorial: specify LXD snap
build(deps): bump actions/dependency-review-action from 4.3.5 to 4.4.0
build(deps): bump github.com/NVIDIA/nvidia-container-toolkit
build(deps): bump github.com/minio/minio-go/v7 from 7.0.79 to 7.0.80
build(deps): bump github.com/openfga/openfga from 1.6.2 to 1.7.0
build(deps): bump github.com/zitadel/oidc/v3 from 3.31.0 to 3.32.1
lxd/instance/drivers/lxc: downgrade “Failed to statfs” error to warning
lxd/instance/drivers/lxc: downgrade “SFTP server stopped with error” error to warning
lxd/device/cdi: use NVIDIA_DRIVER_ROOT env variable
docs: Improve Windows image conversion examples
docs: Fix bare URL line numbers in exception list
github: Remove unused matrix.go references
shared/simplestreams: Fix creation date parsing format
shared/simplestreams: Replace shared.ValueInSlice with slices.Contains
lxd/response: Allow registering additional smart errors on Init.
lxd/db: Define database specific smart errors.
lxd: Register database smart errors when initialising the response package.
lxd/response: Delete database errors from response package.
lxd/device/gpu_physical: Forbid any nvidia.* instance config option if the GPU device has been added through the CDI mode
docs: fix ovn ipv4/6 address description
github: Use cache in case Trivy DB download fails
lxd/networks: Emit lifecycle event for OVN networks
lxd/init: Set Target after network/storage lookup
test/suites: Test storage/network can be specified when targetting cluster group.
lxd/network/ovn: Properly handle uplink with disabled DHCP/DHCPv6
shared/api: Add TLSCertificate field to identity and identity PUT.
doc: Runs make update-api.
lxd/db/cluster: Add function to get certificate metadata from DB Identity.
lxd/db/cluster: Add TLSCertificate on Identity.ToAPI.
lxd: Return TLSCertificate when listing identities.
build(deps): bump actions/cache from 4.1.1 to 4.1.2
build(deps): bump github/codeql-action from 3.27.0 to 3.27.1
build(deps): bump golang.org/x/tools from 0.26.0 to 0.27.0
lxd: Factor out logic to add identity to request context from access handler.
lxd: Use allowAuthenticated for identity update handlers.
lxd: Return a 400 for invalid certificates.
lxd: Add method to validate an identities’ certificate and return their fingerprint and metadata.
lxd: Add certificate update functionality.
test/suites: Add tests for TLS identity certificate update.
doc: Document devlxd Ubuntu Pro API endpoints.
lxd/instance/drivers: Make security.devlxd.images live-updatable.
lxd/instance/instancetype: Update doc security.devlxd.images config key.
{doc,lxd/metadata}: Runs make update-metadata.
lxd/auth/drivers: Mask errors returned by OpenFGADatastore.
test/suites: Simplify user_is_server_admin.
test/suites: Use gen_cert_and_key in basic usage tests.
test/suites: Use gen_cert_and_key in remote admin tests.
test/includes: Remove gen_cert util.
lxd/auth/drivers: Add entitlement for viewing unmanaged networks.
lxd/auth: Runs make update-auth.
{doc,lxd/metadata}: Runs make update-metadata.
lxd/auth: Allow restricted TLS clients to view unmanaged networks.
lxd: Handle authorization for unmanaged networks.
test/suites: Include new server entitlement in tests.
test/suites: Test that a server administrator can view unmanaged networks.
doc/howto/initialize: fix broken link to maas docs
shared/usbid/parse: Match id’s type to Protocol and ClassCode
shared/usbid/parse: Use return expressions (revive)
shared/usbid/parse: Comment spacing (revive)
github: Fix snap scanning
github: Use a different key for saving
github: stop adding notification comments to issues/PRs
lxd/instance/drivers/qemu: Add missing node name overflow handling
lxd/instance/drivers: Deduplicate operationStatusCode logic
lxd/instance/drivers: Reduce chance of races during statusCode
test/main: print apport crashes info
github: add download-minio action
github: download minio/mc using action and as late as possible
lxd/device: Update device option descriptions for usb to accurately convey compatibility with containers and vms
lxd/device: Update container only device options to use word container
lxd/device: Split required device option metadata for usb and unix-hotplug
doc: Update devices_unix_char docs to accurately convey device compatibility
doc: Update devices_unix_block docs to accurately convey device compatibility
doc: Update devices_unix_hotplug docs to accurately convey device compatibility
metadata: Run make update-metadata
lxc/completion: Don’t hide default completion command
Consume websocket pings for stderr
shared/entity: Add functions to create snapshot and backup URLs.
lxd/auth/drivers: Add snapshots and backups to authorization model.
lxd/auth/drivers: Clarify that “can_view” allows viewing snapshots and backups.
lxd/auth: Run make update-auth.
metadata: Run make update-metadata.
lxd/auth/drivers: Remove entitlement validation check.
lxd/db/openfga: Use entity types for parent-child relations.
lxd/db/openfga: Handle instance and storage_volume relations on Read.
lxd/db/openfga: Handle instance and storage_volume relations on ReadStartingWithUser.
lxd: Update instance backup and snapshot authorization checks.
lxd: Add location to storage volume details.
lxd: Parameterise the storagePoolVolumeTypeAccessHandler by entity type.
lxd: Update calls to the storage volume access handler.
lxd: Update storage volume snapshot and backup access checks.
test/suites: Add tests for storage pool used-by filtering.
Fix linter errors (revive: redefines-builtin-id).
build(deps): bump github/codeql-action from 3.27.1 to 3.27.4
build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2
build(deps): bump github.com/zitadel/oidc/v3 from 3.32.1 to 3.33.1
build(deps): bump github.com/go-acme/lego/v4 from 4.19.2 to 4.20.2
test/deps: Add python script to search for panics in LXD logs.
github: unconditionally strip binaries and libs as late as possible
github: Move chmod of go.mod, go.sum before go mod download
github: Use restore-keys to get the lastest cache
github: Correct step name
Makefile: Bump min Go version to 1.23
doc: Update min go version to 1.23
gomod: Update depedencies
test/includes: Add panic checker helper function.
test: All tests should be executed from TEST_DIR.
test/includes: Run the panic checker killing any LXD daemon.
test: Run the panic checker on cleanup before setting +e.
test/godeps: Update lists
Revert “api: Add ubuntu_pro_guest_attach API extension.”
Revert “shared/api: Add guest attachment API responses.”
Revert “doc: Document devlxd Ubuntu Pro API endpoints.”
Revert “lxd/ubuntupro: Return host guest attachment setting if instance setting is unset.”
Revert “lxd/ubuntupro: Add ubuntupro package.”
Revert “lxd/state: Add ubuntupro.Client to state.State.”
Revert “lxd/state: Add ubuntupro.Client to Daemon.”
Revert “lxd/instance/instancetype: Add ubuntu_pro.guest_attach to instance configuration.”
Revert “{doc,lxd/metadata}: Run make update-metadata.”
Revert “lxd: Add Ubuntu Pro handlers to devlxd.”
Revert “lxd-agent: Add Ubuntu Pro handlers to devlxd.”
lxc/warning: Take --all into account when parsing args
lxc/warning: Update lxc warning delete usage
lxc/warning: Delete all warnings
test/warnings: Test deleting all warnings
i18n: Update translation templates.
i18n: Update translations.
github: add install-lxd-runtimedeps action
github: replace lxc-templates by lxc-utils
github: TICS doesn’t need full git history as it doesn’t do shellcheck
github: explain why lxc.service and lxc-net.service (from lxc-utils) are masked before install
github: reduce runtime deps to a minimum
test/includes: Set ulimit before spawning LXD.
lxd/db/openfga: Update datastore comments to reflect change in model.
github: stop stripping libs and binaries
lxd: Don’t call pool.Driver() more than once.
test/suites: Test permission handling for instance and storage volume snapshots.
build(deps): bump github.com/openfga/openfga from 1.7.0 to 1.8.0
doc: fix defaultdesc format for instance configuration related to boot
lxd/api_metrics: Filter Operation query by node
lxd/db/cluster/warnings: Allow filtering by Node and Status
lxd/db/cluster: Run make update-schema
lxd/api_metrics: Use *state.State instead of time.Time on internalMetrics
lxd/api_metrics: Filter query for Warnings appropriately
test: Test for querying metrics on a cluster
test: Run test_clustering_metrics with cluster tests
github: Set core_pattern before running system tests.
github: Upload crash dumps if present.
Revert “test/main: print apport crashes info”
github: Set GOTRACEBACK=crash on system test runs.
github: Don’t purge aproxy snap when reclaiming disk space
api: Add gpu_cdi extension
doc: Add ‘passthrough’ to custom_wordlist.txt
doc: Add section on coredump inspection.
doc: Add new acronyms to wordlist.
lxd/instance/drivers/qmp: Return an error if no fd is found
Revert “lxd/instance/drivers/qmp: Return an error if no fd is found”
gomod: Change minimum version to satisfy version requirements
build(deps): bump github.com/go-acme/lego/v4 from 4.20.2 to 4.20.4
build(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0
build(deps): bump actions/dependency-review-action from 4.4.0 to 4.5.0
build(deps): bump github/codeql-action from 3.27.4 to 3.27.5
lxd/instance/drivers/driver/lxc: Instruct liblxc to use the lxd-stophook wrapper in the bin directory of the snap instead of sbin
lxd: Simplify allowAuthenticated
lxd/device/cdi: Rework ID parsing
lxd/device/gpu/physical: Update ToCDI usage
lxd/device/gpu/physical: Validate id during validation stage
test: Adds validation test for GPU CDI mode
lxd/storage: Remove security.shared from cephfs keys
lxd/metadata: make update-metadata
doc: make update-metadata
lxd/networks: Reworks networkStartup to accept a stateFunc
lxd: networkStartup usage
lxd/db/storage_pools: Use ‘cluster members’ instead of ‘nodes’
lxd: Log error on resultErrListAppend
lxc/completion: Update cmpInstanceKeys function to use metadata API
lxc/completion: Update cmpInstanceAllKeys to use metadata API
lxc/completion: Remove extraneous nospace completion directive from cmpInstances function
lxc/completion: Add cmpInstanceSetKeys function
lxd/device/device/interface: Fix typo
lxd/network/driver/bridge: Fix typo
lxd/network/driver/ovn: Fix typo
lxd/networks: Fix typo

Downloads

The release tarballs can be found on our download page.

Binary builds are also available for:

Linux: snap install lxd
MacOS: brew install lxc
Windows: choco install lxc

tomp · November 28, 2024, 9:33am

LXD 6.2 is currently in the 6/stable and latest/candidate channels for evaluation and will be promoted to latest/stable soon.

It is recommended that you switch from latest/stable to 6/stable.

tomp · December 9, 2024, 11:26am

LXD 6.2 is now rolling out to the latest/stable snap channel.

LXD 6.2 has been released

Introduction

New features and highlights

New snap track for the 6.x series

Nvidia GPU Container Device Interface (CDI) enabling iGPU passthrough

Improved VM conversion from external disk images

Fine-grained access management for TLS authenticated clients

API metrics for cluster health monitoring

CLI completion improvements

Prevent custom storage block volumes from being used concurrently by default (from Incus)

Instance start protection setting

Instance start after create API option (from Incus)

VM support for the security.devlxd.images setting

VM disk virtio-blk support (from Incus)

Per-project storage pool disk limits (from Incus)

New lxc file create sub-command (from Incus)

VM live migration with attached remote block storage volumes (from Incus)

VM USB NIC passthrough (from Incus)

Increased support for creation of entities from YAML piped to lxc CLI (from Incus)

Support for unprivileged binfmt_misc namespacing (from Incus)

Network IP allocation and leases list improvements

OVN physical uplink native Linux bridge VLAN support

OVN persistent NIC ports

Logical CPU account available for instance placement scriptlets

Formalizing the metadata API

VM automatic core pinning load balancing disabled by default

Updated minimum Go version to 1.23

LXD-UI advancements

Extended instance creation in the UI

New instance actions in the UI

Instance and profile configuration in the UI

Storage volume action additions to the UI

Semiotics in the UI

Permission improvements in the UI

Snap upgrade improvements

Snap packaging dependency updates

Complete changelog

Downloads

VM support for the `security.devlxd.images` setting

New `lxc file create` sub-command (from Incus)

Increased support for creation of entities from YAML piped to `lxc` CLI (from Incus)