Weekly status for the week of 25th March to 31st March.
Introduction
This past week we have added a new API endpoint for listing all storage volumes and fixed a security regression in LXD 5.21.0, which will be included in the forthcoming LXD 5.21.1 release.
List all storage volumes API and CLI support
A new API endpoint /1.0/storage_volumes and API extension storage_volumes_all was added to provide support for listing all storage volumes in a single API call. Support for this new functionality has been added to the lxc storage volume list command too such that specifying the pool name is now an optional argument and by default it will list all volumes in the project from all storage pools.
Bug fixes
- Fixed security regression in LXD 5.21.0 that incorrectly converted existing restricted metrics client certificates to unrestricted metrics identities. This allowed read-only access to metric information about all instances in a system when previously the client certificate may have only allowed access to metric information about instances in specific projects. The fix will re-classify the converted unrestricted metrics identities to restricted identities, which means in some cases genuinely unrestricted metrics identities will need to be manually set back to unrestricted. The 5.21.0 release was never pushed to any stable snap channels. For those updating from pre-LXD 5.21.0 the database update has been amended to avoid incorrectly converting restricted metrics certificates to unrestricted ones. We will shortly be releasing LXD 5.21.1 that will include this fix.
- Fixed issue with
lxc copy --deviceflag not performing profile expansion, meaning that only locally specified devices could be overriden. - Fixed clean up of Ceph RBD volumes during a refresh during failure.
- The Grafana dashboard template had some fixes added to enable connecting null values which should help with instances that are not always online.
- Improved validation of uid, gid and mode fields provided by the
lxc file pushAPI endpoint.
All changes
The items listed below is all of the work which happened over the past week and which will be included in the next release.
LXD
- API: Add list all volumes endpoint
- LXC: Implement profile expansion on lxc copy
- Storage: Use reverter for Ceph RBD volume refresh
- actions: add notification for doc PRs
- lxd: Update instance types URL
- build(deps): bump github.com/openfga/openfga from 1.5.0 to 1.5.1
- build(deps): bump github.com/openfga/openfga from 1.5.0 to 1.5.1
- Grafana fixes
- Move
IPRangesparsing - Metrics: Differentiate between restricted and unrestricted certificates
- Backports (stable-5.0)
- doc: remove nesting for the tutorial
- actions: fix notification for doc PRs
- Backports (stable-5.0)
- Cleanup for the automatically generated config options
- Ensure
uid,gid, andmodeare valid during parsing - Refactor file header parsing
- gitignore: Ignore all pycache under doc/
- Storage: Use progress tracker for Btrfs migration
- Backports (stable-5.21)
- Update Go version for tests (stable-5.0)
- gitignore: Ignore all
.bak
LXD Charm
Distribution work
This section is used to track the work done in downstream Linux distributions to ship the latest LXD as well as work to get various software to work properly inside containers.
Ubuntu
- Nothing to report this week.