Weekly status for the week of 21st April to 27th April.

Introduction

The star of the week was the improvement of volume metadata for backups, moving LXD’s Disaster Recovery framework another important step forward . Additionally, we had important updates to documentation for network ACLs, and further expanded the support for all-projects across LXD entities as well as fixes to reported bugs.

Storage: Improve volume metadata

Improvements to the export metadata format lays the groundwork for supporting lxd recover on more storage drivers and the ability to consistently restore custom volumes along with buckets.

On the API side, a new field version has been added when exporting instances and custom storage volumes to define the backup file format.

In case the field is omitted, the server’s default version is used. The most recent CLI can set this field when exporting backups using lxc export or lxc storage volume export by providing the flag --export-version=(1|2).

API extension: backup_metadata_version

Expand all-projects support to more entities (from Incus)

A series of contributions from Incus, each with its own API extension, that adds support for an all-projects query parameter in GET endpoints for many new entity types. This parameter allows a requester to get entities for all projects in a LXD daemon at once. The entities included here are:

• Network ACLs: Endpoint being GET /1.0/network-acls and API extension network_acls_all_projects
• Networks: Endpoint being GET /1.0/networks and API extension networks_all_projects
• Storage Buckets: Endpoint being GET /1.0/storage-pools/POOL/buckets and API extension storage_buckets_all_projects

doc: improve network ACLs docs

This includes many improvements to network ACLs docs, such as:

• Document the ability to provide a YAML file to create an ACL (previously only in man page)
• Clarify that the only arguments accepted for CLI-based ACL creation (aside from a YAML file) are the ACL name and the custom user keys
• Add missing sections for listing, showing, renaming, and deleting ACLs
• Add API instruction counterparts to all CLI instructions
• Add links to relevant parts of API reference
• Add command syntax examples
• Improve descriptions of ACL and ACL rule properties
• Detailed information about how to edit the ACL via the API, where and how to use PATCH and POST
• Clarify how logging works

Bug Fixes

• When pushing a file into a container that is owned by a user with a high UID outside of the container’s UID map, the file was successfully pushed, but the CLI returned an error: Error: sftp: "chown /root/test-file-1: invalid argument" (SSH_FX_FAILURE). Subsequent pushes to the same destination did not produce an error. To fix this, we now only change uid/gid if it fits within uidmap range.

• Fixed a bug where a container failed to start if it had more than one GPU CDI device.

• In some cases the cluster.https_address can become unset in the local database, and this caused LXD to try to start in standalone mode and enter a startup loop that could not be easily stopped. Proper checks were added to detect this situation and fail when starting a clustered LXD with cluster.https_address unset.

• Improve network validation to check that listen addresses of network forwards and load balancers do not overlap with OVN ranges.

All changes

The items listed below are all of the work which happened over the past week and which will be included in the next release.

LXD

• Storage: Improve volume metadata

• Network: Improve network validation

• Refactor devlxd API

• storage: Instance and custom volume snapshot consistency

• doc: improve network ACLs docs

• Add all projects support for network ACLs (from Incus)

• Add all projects support for storage buckets (from Incus)

• Add all projects support for networks (from Incus)

• Instance: Run CPU scheduler after DB changes made (from Incus)

• api: On file push to containers, only change uid/gid if it fits within uidmap range

• Linter fixes

• github/workflows/triage: Sync with main (stable-5.0)

• build(deps): bump github.com/mattn/go-sqlite3 from 1.14.27 to 1.14.28

• build(deps): bump github.com/go-acme/lego/v4 from 4.22.2 to 4.23.1

• build(deps): bump github.com/mattn/go-sqlite3 from 1.14.27 to 1.14.28

• build(deps): bump github.com/go-acme/lego/v4 from 4.22.2 to 4.23.1

• Storage: Metdata improvement followups

• doc: update broken maas anchor link

• Replace http string literals with http package constants

• doc: update broken maas anchor link (stable-5.0)

• devlxd: Enable access to GET devlxd/1.0 (regression)

• Followup on fmt.Sprint() and fmt.Sprintf() replacement

• lxd: Improve clustering start up checks

• github: workaround LP 504 error with PPAs

• lxd: Use api.NewURL() to construct network-acl result urls

• Random assorted tweaks

• lxd/db: Replace use of queryScan with query.Scan

• VM: Use fresh state in expireLogsTask

• lxd: Pass d.State func to task functions launched by daemon

• lxd: When shutting down by request ensure non-error exit status

• api: Improve logging on file push

• lxd/device: Only remove GPU CDI device files for device being started

• github: actions/install-lxd-runtimedeps only install yq if not there already

• Tweak package/command dependencies

LXD UI

• feat: [WD-20438] Select network on project creation

• [WD-21211] TLS Identity Group design alterations

• Fix instance validation on duplication and create from snapshot, remove stateful duplication field

• feat(instances) show instances from all projects in a dedicated view

• chore(deps-dev): bump vite from 6.2.5 to 6.2.6 in the npm_and_yarn group across 1 directory

• chore(deps): update dependency vite to v6.2.6 [security]

• feat: [WD-20908] Simplify onboarding with admin group

• chore(deps): update dependency @canonical/react-components to v2.2.4

• fix(test) ensure project test is setting a valid cluster group targeting value

• fix(permissions) add titles to group and permission selection side panels

• fix(instances) disable ssh key buttons for users without edit instance permission

• fix(groups) fix a bug when opening the group edit for an identity and navigating forwards and backwards

• fix(forms) show browser warning when leaving an edit form with pending changes

• chore(deps): update dependency vanilla-framework to v4.23.1

• feat: [WD-20338] - Accessibility review with Wave

• fix(permission) avoid panels from rendering a pending 0 above main content, simplify

• chore(deps): update dependency vanilla-framework to v4.23.2

• fix(router) update react router to resolve security issue

• chore(permissions) add permissions to all workflows

LXD Charm

• Nothing to report this week

LXD Terraform provider

• Nothing to report this week

PyLXD

• Nothing to report this week

LXD snap

• daemon.start: check if the host’s /var/lib/snapd/cgroup/snap.lxd.device exists

• daemon.start: check if the host’s /var/lib/snapd/cgroup/snap.lxd.device exists (latest-candidate)