Weekly status for the week of 11th November to 17th November.
Introduction
The highlights of the past week were the releases of both MicroCloud 2.1.0 LTS and LXD 5.0.4 LTS!
Aside from that, we got a new feature related to the TLS fine-grained authorization specification and some nice bug fixes and improvements.
Allow updating TLS identity certificates
Implementing the final part of the TLS fine-grained auth specification. Since last week, we now allow any user to update their own certificate. We also allow an administrator with can_edit
on a given identity to update the certificate for that identity.
Updating a user’s certificate be achieved through the API on PATCH /1.0/auth/identities/tls/{nameOrIdentifier}
or PUT /1.0/auth/identities/tls/{nameOrIdentifier}
, see more on the API specification.
Bug Fixes
-
Fixed the broken usage of
--storage
or--network
flags along with the--target
flag onlxc init
by setting the cluster member after looking up the pools and networks (from Incus). -
Making the
security.devlxd.images
setting (which allows for a nested LXD to access images on the host) live-updatable for VMs. -
The response data returned from GET
/1.0/auth/permissions?entity-type=<type>
is now sorted on the server side, and therefore more predictable. This was a fix from an outside contributor. Thank you! -
Fixed issue where fine-grained authorization was filtering out unmanaged networks on network list (because they weren’t in the database).
-
Introduced a workaround to make getting the instance status more reliable when there is a self-stop operation ongoing.
-
Check whether DHCP/DHCPv6 are enabled on the uplink network when allocating port IPs for OVN networks (from Incus).
All changes
The items listed below is all of the work which happened over the past week and which will be included in the next release.
LXD
-
lxd/networks: Emit lifecycle event for OVN networks (from Incus)
-
Network: Properly handle OVN uplink with disabled DHCP/DHCPv6 (from Incus)
-
build(deps): bump github/codeql-action from 3.27.0 to 3.27.1
-
build(deps): bump github.com/openfga/openfga from 1.7.0 to 1.8.0 (stable-5.21)
-
build(deps): bump github/codeql-action from 3.27.0 to 3.27.1
-
Auth: Allow listing unmanaged networks with fine-grained auth
-
gomod: Update go-dqlite to support unified raft builds (stable-4.0)
-
Update device option descriptions to accurately convey compatibility with containers and VMs
-
lxc: Use TrustToken field if supported by the server (stable-5.21)
LXD UI
-
feat: [WD-16007] Replace storage list with device list on profile det…
-
Allow auto assignment of listen address when creating a network forward
-
fix(edit) instance and profile configuration: clear cpu or memory limit
-
chore(ci) simplify tests to not rely on workflow image download
LXD Charm
- Nothing to report this week
LXD Terraform provider
- Nothing to report this week
PyLXD
- Nothing to report this week
Distribution work
This section is used to track the work done in downstream Linux distributions to ship the latest LXD as well as work to get various software to work properly inside containers.
Ubuntu
- Nothing to report this week.
LXD snap
-
snapcraft: bump QEMU to 1:8.2.2+ds-0ubuntu1.4 (security fix)
-
snapcraft: nvidia-container: Enable shallow clone (5.0-candidate)
-
snapcraft: nvidia-container: Enable shallow clone (5.0-edge)
-
snapcraft: nvidia-container: Enable shallow clone and fix edk2 submodules (4.0-edge)
-
snapcraft: nvidia-container: Enable shallow clone and fix edk2 submodules (4.0-candidate)
-
snapcraft: apparmor: Stage pkgconfig libapparmor.pc for liblxc (5.0-candidate)
-
snapcraft: edk2: Use more of snapcraft’s default pull mechanisms (5.21-candidate)