Weekly status for the week of 24th February to 2nd March.
Introduction
The highlight of the past week was LXD gaining support for automatically attaching Ubuntu Pro to LXD instances. As well as that several bugs were fixed.
Thanks to all the contributors!
Ubuntu Pro attachment for LXD instances
LXD now supports auto-attachment of Ubuntu Pro to LXD instances. This means that Ubuntu Pro can be automatically enabled on LXD instances if configured on the host where LXD is running.
This feature can be enabled by configuring the lxd_guest_attach setting in the Ubuntu Pro client.
pro config set lxd_guest_attach={on,available,off}
An additional configuration key ubuntu_pro.guest_attach (values on/off/available) was also added to override this behaviour in the guest. The below table contains all options for the host and guest.
on (host) |
available (host) |
off (host) |
unset (host) |
|
|---|---|---|---|---|
on (guest) |
auto-attach on start | auto-attach on start | guest attachment disabled | guest attachment disabled |
available (guest) |
attach on pro auto-attach |
attach on pro-auto-attach |
guest attachment disabled | guest attachment disabled |
off (guest) |
guest attachment disabled | guest attachment disabled | guest attachment disabled | guest attachment disabled |
unset (guest) |
auto-attach on start | attach on pro-auto-attach |
guest attachment disabled | guest attachment disabled |
Note: Ubuntu Pro guest attachment will become available upon the next release of the Ubuntu Pro client. The upgraded client must be present on both the host and the guest.
Bug Fixes
-
Fixed an issue in the permission subsystem which prevented the URLs of fine-grained TLS identities from being resolved to their database identifier. This prevented permissions being granted to groups where the permission referenced a single pending or fine-grained TLS identity.
-
Fixed an issue where OVN would not allocate dynamic IPs if
ipv{n}.routesandipv{n}.routes.externalwere set on an OVN NIC withipv{n}.dhcp=falseon its network. -
Fixed an issue where a failure during the rendering of an operation would log the entire operation, including potentially sensitive data.
-
Fixed an issue where authentication groups and certificates were not properly deleted by triggers, causing dangling permissions to be logged.
All changes
The items listed below is all of the work which happened over the past week and which will be included in the next release.
LXD
- auth: Add more tests for entity enrichment with entitlements
- Improved validation of project and instance names
- doc: Improvements to
cloud-initdocs - build(deps): bump github.com/minio/minio-go/v7 from 7.0.86 to 7.0.87
- build(deps): bump golang.org/x/crypto from 0.33.0 to 0.34.0
- build(deps): bump github.com/zitadel/oidc/v3 from 3.34.1 to 3.35.0
- build(deps): bump github.com/openfga/openfga from 1.8.4 to 1.8.6
- build(deps): bump canonical/has-signed-canonical-cla from 2.0.0 to 2.1.0
- build(deps): bump redhat-plumbers-in-action/differential-shellcheck from 5.5.2 to 5.5.3
- build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1
- build(deps): bump github/codeql-action from 3.28.9 to 3.28.10
- build(deps): bump actions/cache from 4.2.0 to 4.2.1
- build(deps): bump actions/cache from 4.2.0 to 4.2.1
- build(deps): bump github/codeql-action from 3.28.9 to 3.28.10
- build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1
- build(deps): bump redhat-plumbers-in-action/differential-shellcheck from 5.5.2 to 5.5.3
- build(deps): bump canonical/has-signed-canonical-cla from 2.0.0 to 2.1.0
- build(deps): bump github.com/zitadel/oidc/v3 from 3.34.1 to 3.35.0
- build(deps): bump golang.org/x/crypto from 0.33.0 to 0.34.0
- Auth: Fix
idFromURLQueryfor fine-grained TLS identities - Assorted small fixes and improvements
- github: require code tests to pass before running client ones
- Bump Go min to 1.23 (stable-5.0)
- gomod: Update dependencies
- lxd/instance_backup: Save the implicitly validated instance name
- Tweaks for backup tests
- doc/guest-os-compatibility: document host/guest compat for containers
- Update Read the Docs build config
- Misc fixes
- Auth: Permission deletion trigger bug
- Ubuntu Pro: Enable guest attachment
- doc: improve and update contributing guidelines
- OVN: Remove
state.Statefromopenvswitch - Network: Fix OVN NIC dynamic IPs not being allocated when DHCP is disabled but NIC device has routes
- Network: Simplify OVN NIC dynamic and static IP logic
- lxd/operations: don’t log whole operation on failure
LXD UI
- feat: restricted permissions for permission management [WD-18906]
- Permissions ux improvements
- feat: generalise bulk delete button across UI pages [WD-19546]
- Fix image filter on instance selection
- Show upload error in modal, not in toast
- Allow member specific server setting for core.syslog_server WD-18265
- Remove redundant void calls
- feat: [WD-19698] Custom ISO can_delete permission check.
LXD Charm
- Nothing to report this week
LXD Terraform provider
- build(deps): bump the hashicorp group with 3 updates
- build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5
- instance_file: Fix file removal and panic when file is not found
PyLXD
Distribution work
This section is used to track the work done in downstream Linux distributions to ship the latest LXD as well as work to get various software to work properly inside containers.
Ubuntu
- Nothing to report this week.
LXD snap
- build(deps): bump redhat-plumbers-in-action/differential-shellcheck from 5.5.1 to 5.5.3
- build(deps): bump redhat-plumbers-in-action/differential-shellcheck from 5.5.1 to 5.5.3
- chore(deps): update redhat-plumbers-in-action/differential-shellcheck action to v5.5.3
- build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1
- build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1
- Add README.md