Weekly status for the week of 9th December to 15th December.

Introduction

This past week LXD received numerous bug fixes aimed at improving usability and user experience. Additionally, LXD UI received several new features, including the ability to configure fine-grain permissions.

Thanks to all the contributors.

Bug Fixes

• Improved displayed disk size. Now block volumes have a default block size which is used if volume option size is not configured. Additionally, unbound volumes now report their size as -1 instead of 0.

• Fixed an issue where the configuration for an instance on an offline cluster member was not displayed due to the member being unreachable. Now, the full configuration, excluding the instance state, is returned even if the cluster member is unreachable.

• Reduced API call latency for requests passing through the OpenFGA fine-grained authorizer by leveraging a per-request cache mechanism to prevent redundant database calls when a cache key is available.

• Disabled block volume option security.shared for Ceph FS as it does not support block volumes.

• Fixed an issue where unix-hotplug devices with the hidraw subsystem would return an error if only subsystem was specified. Vendor and product IDs are now dynamically gathered for these devices, if they are not manually provided.

• Fixed an issue where an empty ISO volume could be created on certain storage drivers. Such volumes are now consistently disallowed.

• Improved configuration key validation to provide specific reasons why a configuration key is not supported, replacing the generic unknown key error for certain configuration options.

• Improved lxc auto-completion by adding missing suggestions for unsetting configuration keys, suggesting full volume names for attach/detach commands, and dynamically resolving server configuration keys when unsetting them.

• Added missing target parameter when retrieving networks. Now, networks can be retrieved only for a specific cluster

LXD UI

• Introduced fine-grained permission configuration for TLS users.
• Added support for deleting TLS users, with creation and editing planned for early 2025.
• Enabled adding host path devices to instances and profiles, allowing easy mapping of host directories to containers or VMs via the UI.

All changes

The items listed below is all of the work which happened over the past week and which will be included in the next release.

LXD

• Set OSD pool size when creating ceph and cephfs storage pools
• Optimize Project Queries during limits checks
• Network: add target parameter for GET 1.0/networks and network_get_target api extension
• Storage: Show correct instance root disk size on API
• lxd: Get config for instance on offline cluster member
• Docs: Add OVN network developer documentation
• OpenFGA: Add request cache to the OpenFGA datastore
• Documentation: VM live migration internals documentation
• docs: Update storage volume How-to
• Backports (stable-5.21)
• LXC: Improve configuration key validation and add missing completions for lxc config unset
• lxc: Accept volume full name on detach
• Storage: Define per-pool default block size
• Documentation: Update doc links
• Simplify actions/lp-snap-build to be reusable
• test: add markdown table with the duration of each test
• doc: clarify that storage size is equal to quota
• build(deps): bump actions/cache from 4.1.2 to 4.2.0
• build(deps): bump github/codeql-action from 3.27.5 to 3.27.6
• build(deps): bump actions/cache from 4.1.2 to 4.2.0
• build(deps): bump github/codeql-action from 3.27.5 to 3.27.6
• gomod: Update dependencies
• Linter fixes
• gomod: Update dependencies (stable-5.0)
• Doc: Mention that zfs.delegate is best used in conjunction with security.nesting
• Have make update-* propose to commit any changes
• github: Use cohort=“+” for trivy snap scan
• storage: Disallow volume.security.shared on cephfs
• Device: Rework ueventParseVendorProduct logic
• Doc: Remove monthly from feature release
• lp-snap-builder action v3
• lxd/devices: Update logger.*f messages with their contextual logging equivalents
• github: another attempt at adding ~/go/bin to system path
• Storage: Check default osd pool size before setting on create.
• doc: fix lxc network load-balancer backend add command syntax
• lxd: Deny creation of empty ISO volume
• build(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0
• lxd: Remove lint exception for defer rule.
• Documentation: Update VM live migration implementation diagrams
• CLI: Add dynamic lxc config unset shell completions for server config keys

LXD UI

• feat: [WD-16894] Add bulk deletion and group modification of TLS Users
• feat: add support for instance/profile host path devices [WD-17682]
• chore(deps): update dependency vanilla-framework to v4.18.3
• fix: show meter bar in storage list and other places
• chore(deps): update dependency vanilla-framework to v4.18.4
• chore(deps): bump nanoid from 3.3.7 to 3.3.8 in the npm_and_yarn group across 1 directory
• chore(deps): update dependency @canonical/react-components to v1.7.2
• chore(deps): update dependency @canonical/react-components to v1.7.3

LXD Charm

• Nothing to report this week

LXD Terraform provider

• Gomod updates
• Improve golangci-lint coverage
• build(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0

PyLXD

• pylxd/client: inspect secret before trying to use it as a token
• doc/source: Document authenticate function usage
• pylxd/client: guard against cert=None

Distribution work

This section is used to track the work done in downstream Linux distributions to ship the latest LXD as well as work to get various software to work properly inside containers.

Ubuntu

• Nothing to report this week.

LXD snap

• QEMU: disable unneeded options
• commands/daemon: Redirect iscsiadm to the host
• Sync latest-candidate to 5.21-edge (5.21-edge)
• Pre LXD 5.21.3 LTS (5.21-candidate)