Weekly status for the week of 15th July to 21st July.

Introduction

The highlights of the past week were the LXD 5.21.2 LTS and 5.0.3 LTS interim snap releases.

Allow instance import from QCoW2 and VMDK format

Previously, LXD supported importing virtual machines in raw disk format only. Now, it also supports importing virtual machines from various disk formats, such as QCow2 and VMDK, with image conversion handled directly on the LXD server.

Virtual machine images can be imported using the lxd-migrate tool, which is available either from LXD release assets (at the time of writing, only release 6.1 includes the conversion support) or by installing it using go:

go install github.com/canonical/lxd/lxd-migrate@latest

Image formatting during conversion is enabled by default, which is equivalent to using the --conversion=format flag. To import a virtual machine, run lxd-migrate and follow the questions that will lead you towards successful import of the new instance.

lxd-migrate --conversion=format

Documentation: How to import physical or virtual machines to LXD instances

External QEMU snap support

The LXD snap bundles a version of QEMU, which is used by LXD when running virtual machines.

However, in some specific cases, a custom QEMU is required in order to include custom patches or functionality that is not provided by the default build.

To facilitate this, the LXD snap now supports connecting a custom external QEMU snap. An example of a snapcraft file with the instructions on how to build and connect it with LXD can be found in the lxd-pkg-snap repository: External QEMU snap for LXD snap

Bugfixes

• Fixed an issue where despite security.devlxd.images being enabled, the LXD running within a container would not be able to retrieve accessible cached image from the host LXD.
  The permission checker now properly handles internal access over the devlxd unix socket.

• Fixed a LXD crash when a device of type none was added to a running instance.
  When the device did not return the run config, the field in nil configuration was referenced.

• Fixed an issue where an incorrect image creation time would be shown when listing images because only the date was parsed from the timestamp resulting in time always being shown as 12:00am (UTC).

• Fixed inconsistent order of supported LXD drivers in API response (GET /1.0).

• Fixed an issue where a container apparmor profile rejected nosymfollow mount option.

All changes

The items listed below is all of the work which happened over the past week and which will be included in the next release.

LXD

• Allow instance import from QCoW2 and VMDK format
• Make migration sink arguments private
• Instance: Allow nosymfollow mount flag for container apparmor profile
• Fix devlxd image export
• VM: External QEMU snap support
• fix(deps): update k8s.io/utils digest to 18e509b
• fix(deps): update module github.com/zitadel/oidc/v3 to v3.26.0
• build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.2 to 4.0.3
• build(deps): bump github.com/zitadel/oidc/v3 from 3.25.1 to 3.26.0
• build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.2 to 4.0.3
• Try to extract version creation/upload time for simplestream images
• Release LXD 5.21.2 (stable-5.21)
• Removes CODEOWNERS file
• doc/authentication: clean up PKI instructions
• Device: Fix crash when none type device is added to running instance
• Hint shellcheck that bash is used for all test scripts
• Device: Fix crash when device doesn’t return run config when being live updated (stable-5.21)
• Ensure supported drivers are always in the same order
• lxd/apparmor: allow userns for security.nesting=true case
• lxd: Standardise on “err” field in contextual logging for error
• Improve ioctl handling (from Incus)
• fix typo in index.md
• doc/contributing: add section on how-tos
• Lower qemu-img convert priority during conversion instead of limiting cpu time

LXD UI

The options migration.stateful and security.nesting are now available in LXD UI for configuring instances and profiles during both creation and edit.

• fix(cert) ensure cert name is generated with only valid characters.
• Remove ticls report upload to prevent a security issue
• fix: prevent settings form input from submitting multiple requests
• Add configuration of migration options and nesting on instances and profiles
• chore(deps): update dependency @canonical/react-components to v0.59.1

LXD Charm

• Nothing to report this week

Distribution work

This section is used to track the work done in downstream Linux distributions to ship the latest LXD as well as work to get various software to work properly inside containers.

Ubuntu

• Nothing to report this week.

LXD snap

• external QEMU snap support
• lxd: Pre 5.21.2 (5.21-candidate)
• snapcraft: make (dis)connect-plug-qemu-external privileged
• lxd: Bump to 5.21.2 (5.21-candidate)
• lxd: Cherry-picks (latest-candidate)
• Misc backports (5.21-edge)
• lxd: Cherry-picks (5.21-candidate)
• lxd: Cherry-picks (5.21-candidate)
• snapcraft: use stable-6.0 branch of lxc part (5.21-edge)
• snapcraft: drop nasm part and use the package from core24
• Bump qemu version to match Noble and switch to nftables from core24
• lxd-ui: update source-commit hash (5.21-candidate)
• lxd-ui: Bump to 0.12 (latest-candidate)