Weekly status for the week of 17th February to 23rd February.

Introduction

This past week LXD received some bug fixes and several smaller optimizations. The highlight is the addition of permission checks in the LXD UI, which now disables actions that the current user has no permission to perform.

Thanks to all the contributors!

Bug Fixes

• Fixed an issue where additional SSH keys configured via cloud-init.ssh-keys.* were not applied after the first boot. LXD now resets the cloud-init instance ID to ensure changes take effect.

• Fixed a regression where the DHCP lease time was stored in the OVN database in an incorrect format. It is now correctly stored as an integer in seconds.

• Fixed an issue where LXD configured an OVN switch port to request a dynamic IP even when ipv4.dhcp and ipv6.dhcp were disabled.

LXD UI

• Added permission checks, so that users with limited permissions have a good UI experience. The applied pattern disables actions which the current user has no permission to. On hover, we give a hint, as to which exact permission would unlock this feature.

• Added cluster member specific server configuration. When LXD is clustered, this allows to explore and modify member specific settings like the listen address.

LXD images

Changes on images: simplestream remote:

• Removed AmazonLinux 2

All changes

The items listed below is all of the work which happened over the past week and which will be included in the next release.

LXD

• cloud-init: Include user.* keys in meta-data file
• Remove a few more fmt.Sprintf() and do some preallocations
• doc: update forward API docstrings
• Storage: Revert general remote driver exclusion and explicitly allow “read-write-many” vols
• build(deps): bump redhat-plumbers-in-action/differential-shellcheck from 5.5.1 to 5.5.2
• build(deps): bump canonical/has-signed-canonical-cla from 1.2.3 to 2.0.0
• build(deps): bump redhat-plumbers-in-action/differential-shellcheck from 5.5.1 to 5.5.2
• build(deps): bump canonical/has-signed-canonical-cla from 1.2.3 to 2.0.0
• build(deps): bump github.com/minio/minio-go/v7 from 7.0.84 to 7.0.86
• build(deps): bump golang.org/x/oauth2 from 0.25.0 to 0.26.0
• build(deps): bump golang.org/x/tools from 0.29.0 to 0.30.0
• build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5
• build(deps): bump golang.org/x/oauth2 from 0.25.0 to 0.26.0
• build(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1
• build(deps): bump golang.org/x/oauth2 from 0.25.0 to 0.26.0
• build(deps): bump golang.org/x/tools from 0.29.0 to 0.30.0
• build(deps): bump github.com/minio/minio-go/v7 from 7.0.85 to 7.0.86
• build(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1
• Don’t cancel pool Unmount() during service stop
• Defend against path traversal attacks
• gomod: Update dependencies
• gomod: Update dependencies (stable-5.21)
• Misc fixes for CodeQL warning
• Device: Use GPU CDI config search paths option for Ubuntu Core
• VM: Fix lxd-agent path check logic
• doc: Update outdated MicroCloud info
• Network: Fix DHCPv4 after int formatting regression in LogicalSwitchDHCPv4OptionsSet
• Network: Don’t ask OVN to allocate dynamic addresses when DHCP is disabled
• Constant time comparisons
• gomod: Update dependencies
• Followup fixes
• Network: Remove unnecessary inclusion of OVN NIC static IPs in logical switch exclude_ips setting
• cloud-init: Reset Instance ID when SSH keys are defined
• Improve bound checks around some int conversions

LXD UI

• feat: UI graceful handling of restricted permissions for instance related actions [WD-18840]
• feat: [WD-19015] CMS Server Config for maas.machine
• feat: restricted permissions for storage pool [WD-19339]
• feat: restricted permissions for networks [WD-18903]
• fix: improve e2e tests flakiness
• feat: restricted permissions for profiles [WD-18904]
• fix: create instance from snapshot in a different project when instance project is restricted
• feat: restricted permissions for project edit page
• feat: [WD-19338] Custom ISO Permission checks
• feat: increase number of retrys and duration of delay for loading the UI

LXD Charm

• build(deps): bump canonical/has-signed-canonical-cla from 1 to 2

LXD Terraform provider

• Allow cluster member group as target and handle in-cluster migration
• Profile, project, and image datasources (from Incus)
• Add network, storage pool and instance datasources

PyLXD

• Nothing to report this week

Distribution work

This section is used to track the work done in downstream Linux distributions to ship the latest LXD as well as work to get various software to work properly inside containers.

Ubuntu

• Nothing to report this week.

LXD snap

• Revert a hacky fix for NVIDIA config files lookup issue