Weekly status for the week of 12th February to 18th February.
Introduction
We continue to prepare for the LXD 5.21.0 LTS release with additional changes to support the forthcoming new fine grained IAM and Dell Powerflex functionality.
LXD
Storage volume UUID setting
All storage volumes in LXD now have a volatile.uuid
setting which can be used by the storage driver (if needed). The initial use case for this was to support using longer storage volume names with the forthcoming Dell Powerflex driver, which has a limitation of 31 characters.
Added loki.instance
support from Incus
Adds a new loki.instance
server configuration key to customize the instance
field in Loki events.
This can be used to expose the name of the cluster rather than the individual system name sending the event as that’s usually already covered by the location
field.
UEFI shell disabled when Secure Boot is enabled in snap package
When VM secure boot is enabled, the UEFI shell is now disabled.
This is to address the CVE-2023-48733 security vulnerability.
New boot screen logo in snap package
The new LXD logo has been applied to the EDK2 boot screen in the snap package.
Snap 5.0/edge channel has moved to core22 base snap
Now that LXD 5.0.3 LTS has been released we have moved the 5.0/edge channel to use the newer core22 base snap and are continuing testing before we roll this out in due course to 5.0/candidate.
All changes
The items listed below is all of the work which happened over the past week and which will be included in the next release.
LXD
- Auth: Add OIDC identities to identity cache and extract identity provider groups
- Storage: Set
volatile.uuid
for all volumes and snapshots - Auth: Add an “entity type” representation that can be used everywhere.
- Add API instructions for the server/client section
- Auth: Candid RBAC removal follow up.
- test/lint: Temporarily remove
--whole-files
flag. - build(deps): bump golang.org/x/oauth2 from 0.16.0 to 0.17.0
- build(deps): bump golang.org/x/crypto from 0.18.0 to 0.19.0
- build(deps): bump golang.org/x/term from 0.16.0 to 0.17.0
- Storage: Support passing down extra information to drivers
- Auth: Replace authorization objects with entity types and URLs.
- Auth: Use email address as identifier for OIDC users.
- Add support for
loki.instance
from Incus - github: update CI to run most tests with Go 1.21 with build/compat test with 1.19 (stable-5.0)
- github: run tests (minus code-tests) with Go 1.22
- Replace
madmin
SDK withmc
CLI shim - Doc: Add some device examples
- Instance: Handle SELinux for VM LXD agent
- Smaller lxc and lxd-migrate binaries
- Smaller clients bis
- Storage: Don’t use storage name when creating source snapshots
- gomod: Update dependencies
- Dependabot and labeler update
- Storage: Populate custom volume snapshot creation date
- Instance: Temporarily host the instance type preset files on Github
- lxd-generate: Return helpful error instead of panicking.
- doc/instances: update links to instance type lists
- DB: Refactor entity URL methods
- doc/profiles: link to instance configuration
- Storage: Fix regression when copying VMs
- test: Check whole codebase for non-permissive imports
- Project: Don’t panic on
StorageVolumeParts
LXD Charm
- Nothing to report this week
Distribution work
This section is used to track the work done in downstream Linux distributions to ship the latest LXD as well as work to get various software to work properly inside containers.
Ubuntu
- Nothing to report this week.
Snap
LXD snap
- Move to core 22 (5.0-edge)
- snapcraft: edk2: update logo
- snapcraft: edk2: update to stable202311
- Apparmor unprivileged restrictions disable
- Expect directory for
minio.path
- edk2: disable shell when Secure Boot is enabled
- edk2 updates (5.0-edge)
- Dependency updates
- snapcraft: drop the dup minio.path description
- Sync latest/edge to latest/candidate for LXD 5.21 (latest-candidate)
- dqlite: Bump to v1.16.2 (latest-candidate)
- Bring known to be missing libs (5.0-edge)
- github: add labeler config