Weekly status for the week of 10th February to 16th February.

Introduction

This past week, LXD received several bug fixes and new features. The highlight is added support for injecting additional public SSH keys into instances.

Thanks to all the contributors.

Injection of additional SSH keys into instances

You can now configure additional public SSH keys for a user using the cloud-init.ssh-keys.<keyname> instance option. The <keyname> is an arbitrary key name, and the value must follow the format <user>:<ssh-public-key>. These keys are merged into the existing cloud-init seed data before being injected into an instance, ensuring no disruption to the current cloud-init configuration.

For example, use the following command to configure a public SSH key for the ubuntu user:

lxc config set cloud-init.ssh-keys.my-key "ubuntu:ssh-ed25519 ..."

Documentation: Instance options - cloud-init configuration

Default profile configuration on project create

LXD now allows creating a new project while configuring the default profile with a network and a storage pool to use for the instances.

lxc project create my-proj --network lxdbr0 --storage default

# Verify default profile configuration.
lxc profile show default --project my-proj

Bug Fixes

• Fixed an issue where volumes with a hyphen in their name failed to detach due to mismatched device names during removal, primarely affecting the LVM storage driver.

• Fixed an issue where LXD failed to populate reverse DNS records in OVN, preventing reverse DNS lookups for instance names.

• Improved validation of server configuration options storage.backups_volume and storage.images_volume to ensure only shared-access remote storage volumes can be used.

• Made OIDC scopes configurable via oidc.scopes to support more OIDC providers. However, scopes email and openid are required and cannot be omitted.

All changes

The items listed below is all of the work which happened over the past week and which will be included in the next release.

LXD

• lxd: Add storage and network options to project create
• Storage: Powerflex use Connect and Disconnect for NVMe/TCP
• Network: Fix OVN ChassisGroupChassisDelete to convert chassis_name
• OIDC: Make scopes configurable
• build(deps): bump github/codeql-action from 3.28.8 to 3.28.9
• build(deps): bump github/codeql-action from 3.28.8 to 3.28.9
• build(deps): bump golang.org/x/sync from 0.10.0 to 0.11.0
• build(deps): bump golang.org/x/crypto from 0.32.0 to 0.33.0
• build(deps): bump golang.org/x/sys from 0.29.0 to 0.30.0
• build(deps): bump github.com/go-chi/chi/v5 from 5.2.0 to 5.2.1
• build(deps): bump golang.org/x/crypto from 0.32.0 to 0.33.0
• build(deps): bump golang.org/x/text from 0.21.0 to 0.22.0
• build(deps): bump golang.org/x/sync from 0.10.0 to 0.11.0
• build(deps): bump golang.org/x/sys from 0.29.0 to 0.30.0
• build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5
• build(deps): bump github.com/go-chi/chi/v5 from 5.2.0 to 5.2.1
• build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5
• build(deps): bump golang.org/x/crypto from 0.32.0 to 0.33.0
• build(deps): bump golang.org/x/sys from 0.29.0 to 0.30.0
• build(deps): bump github.com/minio/minio-go/v7 from 7.0.84 to 7.0.85
• Network: Generate OVN PTR records for instance NIC IPs
• Storage: Add TryLock loop for faster connection attempts during errors
• Instance: Fix qemu double-escaped device name being passed as fd set name
• cloud-init: Support injection of additional SSH keys on instances
• Storage: Include required Pure Storage API token role in description
• Storage: Document Powerflex user minimum require role
• docs: Clarify Pure Storage array usage between LXD installations
• Backport double-escaped fd set name name (stable-5.21)
• Network: Fix OVN ChassisGroupChassisDelete quoting values
• OVN bug fixes backports (stable-5.21)
• API: Avoid premature load of instance DB record in log endpoints
• Storage: Always create new request body reader
• Storage: Revert PowerFlex client API token lock
• Improve short description of zfs.export configuration setting
• doc: lxd to lxc typo in network_forwards.md
• cloud-init: Follow up on SSH key injection
• github: split documentation job into build and test
• Network: Fix OVN LogicalSwitchPortGetDNS to understand DNS records field that contains PTR records
• Auth: Return missing group names on error
• doc: ignore linkcheck for gnu.org per often fails
• Small tweaks
• Replace source-type with source.type
• Daemon: Update storage.backups_volume and storage.images_volume validation
• Network: Fix OVN LogicalSwitchPortGetDNS to understand DNS records field that contains PTR records (stable-5.21)
• github: Rework documentation tests
• Auth: Don’t create oidctokens directory if there are no tokens
• lxd: Extra validation of daemon storage options pool and volume names
• Storage: Prevent using remote storage pools for (images|backups)_volume

LXD UI

• feat: [WD-17724] CMS Storage Pool size field
• chore: update react to v19
• chore(deps): update dependency vanilla-framework to v4.21.0
• fix: setup lxd with group “lxd” in GH actions
• fix: align react types for yarn.lock
• feat: restricted permissions for server actions [WD-18907]
• feat: restricted permissions for image actions [WD-18905]
• chore(deps-dev): bump vite from 6.0.11 to 6.1.0 in the npm_and_yarn group across 1 directory
• fix: fix network failing e2e tests
• fix: preserve environment for ui e2e tests in lxd
• Remove arbitrary fields from the generated cert
• Ensure the size is unset, when selecting a storage pool driver without it, fix network form validation
• Ensure the creating instances are displayed with the correct column width and span in a clustered backend
• Ensure to fetch instance metrics from the right cluster member
• Add hover text to instance metrics, surfacing details about cached memory and disk size

LXD Charm

• Nothing to report this week

LXD Terraform provider

• Misc fix

PyLXD

• build(deps): bump github/codeql-action from 3.28.8 to 3.28.9

Distribution work

This section is used to track the work done in downstream Linux distributions to ship the latest LXD as well as work to get various software to work properly inside containers.

Ubuntu

• Nothing to report this week.

LXD snap

• Only install build packages on supported arches
• lxd: Cherry-pick VM nvram fix for LXD 4.0 upgrade (5.21-candidate)
• nvidia-container-toolkit: fix override-build arch exclusion
• Build fixes
• LP armhf builds are done on arm64 builders
• lxd: Cherry-pick VM “Fix double-escaped device name” (5.21-candidate)
• lxd: Cherry-pick ovn fixes (5.21-candidate)
• Rework arch exclusions
• QEMU from Noble package (5.0-edge)
• Go 1.24 regression
• Go 1.24 regression (5.21-edge)
• Go 1.24 regression (5.0-edge)
• lxd: Cherry-pick ovn fixes (5.21-candidate)
• lxd: Linter fixes to allow OVN DNS fix cherry-pick (5.21-candidate)