Weekly status for the week of 23rd June to 29th June.
Introduction
This past week, LXD received a series of bug fixes addressing issues with instance migration and copying. The highlight is the added support for using a client secret in the OIDC authorization code flow.
Support for client secret in OIDC authorization code flow
LXD now supports setting oidc.client.secret to enable OIDC authorization code flow with confidential clients.
Please note that oidc.client.secret should only be set if required by the identity provider. The secret is not shared with other LXD clients (such as LXD CLI), which may prevent them from authenticating successfully.
Docs: LXD Docs - OpenID Connect configuration
Bug Fixes
-
Fixed an issue where the source project was incorrectly used instead of the instance’s project during cross-project copy (from Incus).
-
Fixed an issue where instance post migration did not properly cleanup the
dnsmasqleases. -
Fixed an issue where copied VM would be assigned the same IP address as the source VM due to cloud-init not regenerating the DHCP client ID when the VM ID changes. This was fixed for
bridgenetworks by modifying how the DHCP server allocates IPs. It now always uses the client’s MAC address rather than the client’s DHCP client ID. -
Fixed an issue where
limits.memorycould not be set to a percentage of the host memory. Behavior is now consistent across VMs and containers (from Incus).
LXD UI
-
Introduced new network details page for displaying active IP leases.
-
Introduced new IPAM page under networks, which unifies IP address management.
-
Added the mac address in the instance detail page.
All changes
The items listed below is all of the work which happened over the past week and which will be included in the next release.
LXD
- OIDC: Use client secret for authorization code flow
- Backports (stable-5.21)
- Auth: Extend TLS identity helper functions to support multiple identity types
- lxd/instances_post: Use correct project on cross-project copy (from Incus)
- doc: use lxd instead of lxd.daemon for snap services mgmt
- lxd: Clarify usage of io.threads in restricted projects
- build(deps): bump github.com/minio/minio-go/v7 from 7.0.93 to 7.0.94
- build(deps): bump github.com/openfga/openfga from 1.8.15 to 1.8.16
- build(deps): bump github.com/go-chi/chi/v5 from 5.2.1 to 5.2.2
- build(deps): bump github.com/go-chi/chi/v5 from 5.2.1 to 5.2.2
- build(deps): bump github.com/minio/minio-go/v7 from 7.0.93 to 7.0.94
- build(deps): bump github.com/openfga/openfga from 1.8.15 to 1.8.16
- build(deps): bump github.com/minio/minio-go/v7 from 7.0.93 to 7.0.94
- Test tweaks
- shared: Add context to
GetRemoteCertificate - Devices: Add common filter capabilities
- Revert "dependabot: disable schedule to only deal with security updat…
- lxd/main/init: Replace fmt.Errorf with errors.New where possible (stable-5.21)
- lxd/util/encryption: Replace fmt.Errorf with errors.New where possible (stable-5.21)
- Update Go min to 1.24.4 and update Go modules
- github: Add LXD_OIDC_CLIENT_SECRET env var to ui-e2e-tests
- lxd: Only run
PostMigrateSendwhen migrating instances - test: Add test for container migration with attached local volume
- tests: Snapshot can be copied to
localhostremote with bridged NIC device - Cluster: Rework post-migration steps to cleanup NIC bridged devices for cluster member moves only
- doc: Metadata endpoint returns JSON, not YAML
- test/includes/setup: fix how virtiofsd is detected
- Improve
snapshots.patterntests - Test tweaks
- test: Add test for VM migration with attached local volume
- network: Fix bridge duplicate IP assignment to VM copies
- lxd/instance/drivers: Don’t return post-migration errors
- VM: Fix
limits.memorywhen using % of host memory (from Incus) - test/suites/basic: test memory limits and container/snapshot names
LXD UI
- fix(ceph) add ceph.rbd.du setting to storage pools
- fix(yaml) handle very long yaml strings as single line to avoid the monaco editor breaking
- feat(network) add network lease tab to network detail page
- feat(network) add ipam page
- fix(settings) surface error on loading cluster member specific values in server settings page
- feat(network) make bridge.external_interfaces node specific in a clustered setup
- fix(events) treat events ws stale after on hour and force a reconnect on returning back to the tab if it is stale
- Backports for stable-5.21 ui tag 0.15.2
- feat(instance) show mac address on instance overview page.
- fix(api) send content type for api calls
- Backports for 5.21
- Backports for 5.0
LXD Charm
- Nothing to report this week
LXD Terraform provider
- Nothing to report this week
PyLXD
LXD snap
- edk2-vars-generator/UEFI/Qemu.py: correct QemuEfiFlashSize
- enable non-shallow clone for lxd
- criu: provide empty
stage-packageslist forarmhf - lxd-ui: new 0.15.2 tag (5.21-candidate)
- snapcraft: Set correct tag for dqlite v1.17.2 release tag (5.21-candidate)
- snapcraft: Replace deprecated AGPL-3.0 identifier
- snapcraft: Replace deprecated AGPL-3.0 identifier (latest-candidate)
- snapcraft: Replace deprecated AGPL-3.0 identifier (5.21-edge)
- snapcraft: Replace deprecated AGPL-3.0 identifier (5.21-candidate)
- lxd-ui: new 0.5.1 tag (5.0-candidate)
- lxd-ui: new 0.15.2 tag (5.21-candidate)
- lxd-ui: new 0.17.2 tag (latest-candidate)