Go to Table of Contents

Retour à l’aperçu de l’actualité

Incus 0.2 est maintenant disponible

28 oct. 2023

Introduction

L’équipe d’Incus est heureuse d’annoncer la sortie d’Incus 0.2 !

Cette version inclut la plupart des changements apportés à LXD 5.19 et introduit quelques fonctionnalités et améliorations supplémentaires.

Capture d’écran de 2023-10-28 19-01-17|690x459

Vous pouvez l’essayer vous-même en ligne : https://linuxcontainers.org/incus/try-it/

Nouvelles fonctionnalités et points marquants

Prise en charge du stockage NVME dans les machines virtuelles

Une nouvelle clef de configuration, io.bus, a été ajoutée aux périphériques de type disk pour les machines virtuelles.

La valeur par défaut est virtio-scsi, mais elle peut être définie à nvme pour que le disque apparaisse comme un SSD NVME dans la machine virtuelle.

Prise en charge des clusters pour la migration depuis LXD

L’outil de migration lxd-to-incus supporte désormais les environnements clusterisés.
De plus, il a été mis à jour pour prendre en charge les migrations depuis LXD 5.19.

Cela signifie que toute personne utilisant LXD 4.0 et supérieur (jusqu’à la 5.19) peut maintenant passer facilement à Incus en l’installant et en lançant lxd-to-incus !

https://media.hachyderm.io/media_attachments/files/111/299/784/894/279/245/original/980eafd9c3450216.mp4

Nouvelle propriété pour les images nécessitant des conteneurs non privilégiés

Lors de l’ajout du support de NixOS en tant qu’image de conteneur, il est apparu que l’image ne peut pas fonctionner à l’intérieur d’un conteneur privilégié.

Plutôt que de laisser l’image dysfonctionner silencieusement, une nouvelle exigence, requirements.privileged, peut être définie à false pour empêcher l’utilisation d’une image avec un conteneur privilégié.

stgraber@dakara:~$ incus launch images:nixos nixos-priv -c security.privileged=true
Creating nixos-priv
Starting nixos-priv
Error: The image used by this instance is incompatible with privileged containers. Please unset security.privileged on the instance
Try `incus info --show-log local:nixos-priv` for more info
stgraber@dakara:~$

Copie de volumes personnalisés côté serveur

Incus prend désormais en charge la copie de volumes personnalisés directement par le serveur. Cela permet d’accélérer considérablement la copie des volumes en éliminant le besoin de faire transiter les données par le client.

L’outil en ligne de commande détecte automatiquement la prise en charge de cette fonctionnalité et l’utilise lorsqu’elle est disponible.

Cette fonctionnalité a initialement été introduite dans LXD.

Binaires statiques maintenant disponibles pour Arm 64 bits

Tous les binaires statiques fournis dans le cadre de nos sorties de versions et de nos tests sont maintenant disponibles à la fois pour les architectures Intel 64 bits et Arm 64 bits.

Liste complète des changements

Voici une liste complète de tous les changements apportés par cette version :

Liste complète des commits
  • doc: change Incus_DIR to upper case INCUS_DIR
  • README: Fix link to getting started
  • doc: Add start-after to include CONTRIBUTING.md from contributing.md
  • Makefile: Build doc in production mode
  • doc: Fix logic to find incus
  • lxd-to-incus: Port to current Incus
  • gomod: Update dependencies
  • doc: Add "Then run the following command:"
  • incus-user: Fix bad path
  • doc: Remove direct from reference/network_external/
  • doc: Remove "Configure a network section" in howto/network_create
  • doc: Align output of IPAM table
  • doc: Make Incus_INSECURE_TLS uppercase
  • doc: Remove all mentions of trust passwords
  • doc: Update Grafana screenshots
  • build(deps): bump redhat-plumbers-in-action/differential-shellcheck
  • github: Build static binaries for x86_64 and aarch64
  • cmd/incus/admin_cluster: Fix re-exec logic
  • [lxd-import] client: Remove project from format string API path.
  • [lxd-import] client: Adds a flag to operations to skip event listener setup.
  • [lxd-import] client: Pass useEventListener flag into queryOperation.
  • [lxd-import] client/certificates: Update calls to queryOperation.
  • [lxd-import] client/cluster: Update calls to queryOperation.
  • [lxd-import] client/images: Update calls to queryOperation.
  • [lxd-import] client/instances: Update calls to queryOperation.
  • [lxd-import] client/projects: Update calls to queryOperation.
  • [lxd-import] client/storage_volumes: Update calls to queryOperation.
  • cmd/incusd: Properly forward rebuild requests
  • tests: Fix storage volume recovery test
  • tests: Fix syslog test
  • doc: Remove UI tabs
  • tests: Add incus-user test
  • gomod: Update dependencies
  • github: Prevent interactions with image server
  • internal/server/seccomp: Fix clang build
  • [lxd-import] scripts/bash: add missing incus config trust subcommands
  • [lxd-import] lxd/storage: Prevent duplicate usedBy profile device entries
  • [lxd-import] doc/projects: fix typo "profiles" instead of "projects"
  • instance/qemu: Tweak systemd/udev units of incus-agent
  • github: Re-try golang-tip for up to 10min
  • [lxd-import] doc/projects: point out that new projects don't have a profile
  • [lxd-import] lxd-agent: Adds an operation wait endpoint.
  • [lxd-import] lxd: Move certificate type to certificate package.
  • [lxd-import] lxd/certificate: Adds a thread-safe certificate cache.
  • [lxd-import] lxd: Use certificate.Cache in the daemon.
  • [lxd-import] lxd/resources: if SCSI_IDENT_SERIAL is available, use it as serial nr before ID_SERIAL_SHORT
  • [lxd-import] doc/doc-lint: fix the linting script for new version of mdl
  • internal/server/storage: Remove leftover LXD references
  • internal/server/config: Remove leftover LXD references
  • doc: Remove mention of containers/virtual-machines API
  • doc: Remove mention of LXD versions
  • lxd-to-incus: Report source name
  • lxd-to-incus: Add manual source
  • shared/osarch: Add loongarch64
  • [lxd-import] tests: Fix storage volume recovery test
  • [lxd-import] github: improve ceph test reliability
  • [lxd-import] github: reorder microceph setup steps to remove a sleep
  • [lxd-import] github: tune ext4 for speed and reclaim some space
  • [lxd-import] shared/version: Adds API extension.
  • [lxd-import] client: Check for operation wait extension and conditionally revert to events API.
  • [lxd-import] lxd/locking/lock: Return error if context got cancelled
  • [lxd-import] lxd/api: Handle error from lock
  • [lxd-import] lxd/daemon: Handle error from lock
  • [lxd-import] lxd/images: Handle error from lock
  • [lxd-import] lxd/instance: Handle error from lock
  • [lxd-import] lxd/instance/drivers: Handle error from lock
  • [lxd-import] lxd/storage/drivers: Handle error from lock
  • [lxd-import] lxd/network/driver/ovn: Handle error from lock
  • [lxd-import] lxd/storage/backend: Handle error from lock
  • [lxd-import] lxd/storage/s3/miniod: Handle error from lock
  • [lxd-import] shared/ws/mirror: Log as soon as io.Copy has finished in MirrorRead
  • [lxd-import] shared/ws/mirror: Removes unused context argument from Mirror*()
  • [lxd-import] client: ws.Mirror*() usage
  • [lxd-import] lxc-to-lxd: ws.Mirror*() usage
  • [lxd-import] lxd-agent: ws.Mirror*() usage
  • [lxd-import] lxd-migrate: ws.Mirror*() usage
  • [lxd-import] lxd: ws.Mirror*() usage
  • [lxd-import] shared/util/linux: Partially reverts 54e3da881103c42d6b4813e8930bde1b10edb236 and reintroduces GetPollRevents
  • [lxd-import] shared/util/linux: Adds execWrapper for use with ws.MirrorRead() and ws.Mirror()
  • [lxd-import] lxd/instance/exec: Use context.WithCancel rather than cancel
  • [lxd-import] lxd/instance/exec: Use shared.NewExecWrapper
  • [lxd-import] lxd-agent/exec: Use shared.NewExecWrapper and bring into line with container exec
  • [lxd-import] patches: Fix patch regarding unsetting zfs block settings
  • gomod: Update dependencies
  • cmd/lxd-to-incus: Handle backups/images volumes
  • Makefile: Generate vendor tree for lxd-to-incus
  • Makefile: Use tar.xz for smaller tarballs
  • gitignore: Update for .tar.xz
  • doc: Add packaging instructions
  • [lxd-import] lxd/storage/backend: Allow generating backup configuration w/o volume snapshots
  • [lxd-import] lxd/instance/drivers: Update func call
  • [lxd-import] client: Unset response header timeout when waiting for operations.
  • [lxd-import] test/suites/backup: Test instance export with instance-only flag
  • [lxd-import] test/main: Add invocation of instance export test
  • [lxd-import] github: use ppa:ubuntu-lxc/daily instead of ppa:ubuntu-lxc/lxc-git-master
  • [lxd-import] lxd-agent: Fixes vsock listener restart on boot due to vsock module not being fully initialised
  • [lxd-import] lxd/vsock/vsock: Removes unused ContextID function
  • [lxd-import] lxd-agent: Fixes intermittent exec EOF closure when vsock listener is restarted just after boot
  • [lxd-import] shared/api/url: Fix double path encoding issue
  • [lxd-import] lxc: avoid returning early when multiple ephemeral instances are to be deleted
  • [lxd-import] test: test multiple ephemeral delete
  • [lxd-import] lxc/storage/volume: Move volume if a destination cluster member name is set
  • [lxd-import] test: Rename storage volumes in a cluster
  • [lxd-import] lxd/network/driver/bridge: Don't consider an IP parse failure of a proxy listen address an error
  • [lxd-import] github: Run push actions on main and release branches only
  • [lxd-import] lxd/daemon: Initialise server name and global config before patches
  • [lxd-import] lxd/patches: Only update volumes that need updating in patchStorageZfsUnsetInvalidBlockSettingsV2
  • [lxd-import] lxd/patches: Only update volumes that need updating in patchStorageZfsUnsetInvalidBlockSettings
  • doc/images: Fix type of requirements.secureboot
  • api: Add image_restriction_privileged
  • doc/images: Introduce requirements.privileged
  • doc/images: Sort image requirements
  • internal/server/instance/lxc: Add support for image.requirements.privileged
  • shared/cliconfig: Nicer error on missing socket
  • instance/lxc: Fix swap limit handling
  • [lxd-import] doc: add a note about go-incus build issue when INC_DEVEL=1
  • [lxd-import] lxd/firewall: Fix nftables ACL template
  • [lxd-import] lxd/api: replace numeric literal 301 by http.StatusMovedPermanently
  • [lxd-import] lxd/auth/oidc: replace numeric literal 301 by http.StatusMovedPermanently
  • [lxd-import] lxd/dev_incus: replace numeric literal 401 by http.StatusUnauthorized
  • [lxd-import] lxd: Update certificate cache again after cluster join.
  • [lxd-import] lxd/patches: Add cluster check for patches fixing volumes
  • [lxd-import] lxd/storage_pools: Fix etag when retrieving storage pool
  • [lxd-import] Makefile: add staticcheck target
  • [lxd-import] Add staticcheck config
  • [lxd-import] golangci: sort linters list
  • [lxd-import] doc/instances: clarify initial volume configuration
  • [lxd-import] lxd/instance/drivers: Check running status with InitPID for cgroups
  • [lxd-import] lxd/instance/drivers: Extend error message in deviceAddCgroupRules
  • [lxd-import] doc/networking/firewall: add more restrictive UFW rules
  • [lxd-import] loki: enable TLS verification if a CA cert is provided
  • [lxd-import] test/container_devices_unix: Make unix device checks less flaky
  • [lxd-import] api: Add cluster_internal_custom_volume_copy
  • [lxd-import] shared/api: Add Location to StorageVolumeSource
  • [lxd-import] shared/api: Add Source to StorageVolumePost
  • [lxd-import] lxd/db: Add function to update storage volume node
  • [lxd-import] lxd: Handle copying storage volumes with a single API call
  • [lxd-import] lxd: Support single API custom volume rename
  • [lxd-import] client: Set Source.Location if supported
  • [lxd-import] doc: Update API
  • [lxd-import] lxd/instance/exec: Use linux.NewExecWrapper for MirrorRead in non-interactive exec
  • [lxd-import] shared/ws/mirror: Updare Mirror*() to return error channels
  • [lxd-import] client: shared.Mirror*() usage
  • [lxd-import] lxd/instance/exec: Log error from ws.Mirror*() in execWs
  • [lxd-import] lxc/copy: Require destination name to be provided
  • [lxd-import] po: Update translations
  • [lxd-import] shared/api: Add authentication method constants.
  • gitignore: Remove macaroon-identity
  • [lxd-import] client: Replaces 'oidc' string with constant.
  • [lxd-import] lxc/config: Replaces 'oidc' string with constant.
  • [lxd-import] lxc: Replaces 'oidc' string with constant.
  • [lxd-import] lxd: Replaces 'oidc' string with constant.
  • [lxd-import] client: Replaces 'tls' string with constant.
  • [lxd-import] lxc/config: Replaces 'tls' string with constant.
  • [lxd-import] lxc: Replaces 'tls' string with constant.
  • [lxd-import] lxd: Replaces 'tls' string with constant.
  • [lxd-import] lxd-agent: Replaces 'tls' string with constant.
  • [lxd-import] lxd-migrate: Replaces 'tls' string with constant.
  • [lxd-import] shared/network: remove unused args of GetTLSConfig()
  • [lxd-import] lxd/migration_connection: drop unused args for localtls.GetTLSConfig()
  • [lxd-import] lxd/storage_volumes: drop unused args for localtls.GetTLSConfig()
  • [lxd-import] lxd/util/http: drop unused args for localtls.GetTLSConfig()
  • [lxd-import] shared/cert: drop unused args for GetTLSConfig()
  • [lxd-import] lxd/instance/driver/qemu: replace sha1 by sha256 in blockNodeName()
  • [lxd-import] shared/api: Adds constant for default project name.
  • [lxd-import] lxd/cluster: Updates project.Default to api.ProjectDefaultName.
  • [lxd-import] lxd/db: Updates project.Default to api.ProjectDefaultName.
  • [lxd-import] lxd/device: Updates project.Default to api.ProjectDefaultName.
  • [lxd-import] lxd/instance/drivers: Updates project.Default to api.ProjectDefaultName.
  • [lxd-import] lxd/instance: Updates project.Default to api.ProjectDefaultName.
  • [lxd-import] lxd/network/acl: Updates project.Default to api.ProjectDefaultName.
  • [lxd-import] lxd/network: Updates project.Default to api.ProjectDefaultName.
  • [lxd-import] lxd/project: Updates project.Default to api.ProjectDefaultName.
  • [lxd-import] lxd/storage: Updates project.Default to api.ProjectDefaultName.
  • [lxd-import] lxd: Updates project.Default to api.ProjectDefaultName.
  • client: Use api.ProjectDefaultName
  • cmd/incus: Use api.ProjectDefaultName
  • cmd/incus-benchmark: Use api.ProjectDefaultName
  • cmd/incus-migrate: Use api.ProjectDefaultName
  • [lxd-import] lxd/project: Removes project.Default.
  • [lxd-import] lxd/request: Exports query parameter methods and moves to lxd/request.
  • [lxd-import] lxd: Updates calls to projectParam and queryParam.
  • [lxd-import] shared/util/linux: Update NewExecWrapper.Read to be time based when waiting for output from a process after it has exited
  • [lxd-import] lxd/auth: Adds entitlement, object, and permission types and constants.
  • [lxd-import] lxd/auth: Adds functions for creating auth objects.
  • [lxd-import] lxd/auth: Adds tests for authorization objects.
  • [lxd-import] lxd/auth: Extends the authorizer interface.
  • [lxd-import] lxd/auth: Update common authorizer for Authorizer interface extension.
  • [lxd-import] lxd/auth: Implement Authorizer for TLS driver.
  • [lxd-import] lxd: Do not set user access data in request context.
  • [lxd-import] lxd: Update calls to auth package.
  • [lxd-import] lxd: Only allow missing access handler when AllowUntrusted is true.
  • [lxd-import] lxd: Update allowPermission function.
  • [lxd-import] lxd: Updates allowAuthenticated function.
  • [lxd-import] lxd/db/operationtype: Updates Permission method.
  • [lxd-import] lxd/operations: Updates operation permissions.
  • [lxd-import] lxd/db/cluster: Renames constants.go file.
  • [lxd-import] lxd/db/cluster: Add storage bucket entity type.
  • [lxd-import] lxd/db/cluster: Adds URLToEntityType function.
  • [lxd-import] lxd/db/cluster: Adds a unit test for the URLToEntityType function.
  • [lxd-import] lxd/project: Updates permission handling for projects.
  • [lxd-import] lxd/project: Updates permissions tests.
  • [lxd-import] lxd/events: Pass an auth.PermissionChecker into the event listener.
  • [lxd-import] lxd-agent: Update call to AddListener for the Incus Agent.
  • [lxd-import] lxd: Update authorization for the /1.0 endpoint.
  • [lxd-import] lxd: Update authorization for cluster endpoints.
  • [lxd-import] lxd: Update authorization for internal endpoints.
  • [lxd-import] lxd/metrics: Adds method to filter metrics with a permission checker.
  • [lxd-import] lxd: Update authorization for metrics.
  • [lxd-import] lxd: Update authorization for projects API.
  • [lxd-import] lxd: Updates authorization for certificates API.
  • [lxd-import] lxd: Updates authorization for events API.
  • [lxd-import] lxd: Updates authorization for image API.
  • [lxd-import] lxd: Add/remove images and image aliases from authorizer.
  • [lxd-import] lxd: Update authorization for instances.
  • [lxd-import] lxd/instance/drivers: Add/remove/rename instances in authorizer.
  • [lxd-import] lxd: Update authorization for network ACL API.
  • [lxd-import] lxd: Update network ACLs in the authorizer.
  • [lxd-import] lxd: Update authorization for network allocations.
  • [lxd-import] lxd: Update authorization for network forwards.
  • [lxd-import] lxd: Update authorization for network load balancers.
  • [lxd-import] lxd: Update authorization for network peers.
  • [lxd-import] lxd: Update authorization for network zones.
  • [lxd-import] lxd: Update network zones in the authorizer.
  • [lxd-import] lxd: Update authorization for the networks API.
  • [lxd-import] lxd: Update networks in the authorizer.
  • [lxd-import] lxd: Update authorization for operations.
  • [lxd-import] lxd: Update authorization for profiles.
  • [lxd-import] lxd: Update profiles in authorizer.
  • [lxd-import] lxd: Update authorization for resources.
  • [lxd-import] lxd: Update authorization for storage buckets.
  • [lxd-import] lxd: Update storage buckets in authorizer.
  • [lxd-import] lxd: Update authorization for storage pools.
  • [lxd-import] lxd: Update storage pools in authorizer.
  • [lxd-import] lxd: Update authorization for storage volumes.
  • [lxd-import] lxd/storage: Add/Remove/Rename storage volumes in authorizer.
  • [lxd-import] lxd: Update authorization for warnings.
  • [lxd-import] lxd/cluster/config: Add missing bool default values
  • cmd/lxd-to-incus: Bump max version to 5.19
  • cmd/lxd-to-incus: Remove line break
  • cmd/lxd-to-incus: Validate storage tools are present
  • cmd/lxd-to-incus: Fix SQL update for multiple pools
  • cmd/lxd-to-incus: Initial cluster handling
  • api: disk_io_bus
  • doc: Add io.bus to disk devices
  • doc: Reformat disk option table
  • incusd/device/disk: Add io.bus
  • incusd/instance/qemu: Add NVME disk support
  • [lxd-import] gomod: Remove github.com/pborman/uuid dependency
  • [lxd-import] lxd/storage/drivers: Generate and parse UUID using github.com/google/uuid
  • [lxd-import] lxd/instance/drivers: Generate and parse UUID using github.com/google/uuid
  • [lxd-import] lxd/instance: Generate UUID using github.com/google/uuid
  • [lxd-import] lxc-to-lxd: Generate UUID using github.com/google/uuid
  • [lxd-import] lxd-migrate: Generate UUID using github.com/google/uuid
  • [lxd-import] lxd/apparmor: Generate UUID using github.com/google/uuid
  • [lxd-import] lxd/bgp: Generate UUID using github.com/google/uuid
  • [lxd-import] lxd/db: Generate UUID using github.com/google/uuid
  • [lxd-import] lxd/device: Generate UUID using github.com/google/uuid
  • [lxd-import] lxd/events: Generate UUID using github.com/google/uuid
  • [lxd-import] lxd/firewall/drivers: Generate UUID using github.com/google/uuid
  • [lxd-import] lxd/operations: Generate UUID using github.com/google/uuid
  • [lxd-import] lxd/rsync: Generate UUID using github.com/google/uuid
  • [lxd-import] lxd/storage/s3/miniod: Generate UUID using github.com/google/uuid
  • [lxd-import] shared/validate: Parse UUID using github.com/google/uuid
  • [lxd-import] lxd/auth/oidc: Generate UUID using github.com/google/uuid
  • [lxd-import] lxd: Handler error from oidc.NewVerifier
  • incusd/apparmor: Generate UUID using github.com/google/uuid
  • gomod: Update dependencies
  • incusd/seccomp: Switch to path/filepath
  • incusd/seccomp: Pass correct path and fstype to IdmappedStorage
  • incusd/forksyscall: Fix idmapped mount code path
  • lxd-to-incus: Fix bad check
  • doc: Add migration doc
  • README: Update for lxd-to-incus
  • incusd/devices/disk: Always apply the disk options
  • Release Incus 0.2

Documentation

La documentation d’Incus peut être consultée sur :
https://linuxcontainers.org/incus/docs/main/

Paquets

Incus ne fournit pas de paquet d’installation mais bien un tarball à chaque version. Vous trouverez ci-dessous différentes solutions pour mettre Incus en service.

Paquets Zabbly pour Debian et Ubuntu

Zabbly fournit à la fois des paquets stables et des paquets générés quotidiennement pour Incus à destination des systèmes Debian et Ubuntu :
https://github.com/zabbly/incus

Paquet Homebrew du client Incus

Le client Incus est disponible sur Homebrew pour Linux et macOS.

https://formulae.brew.sh/formula/incus

Paquet Chocolatey du client Incus

Le client Incus sera bientôt disponible sur Chocolatey pour les utilisateurs de Windows.

En attendant, les binaires peuvent être obtenus ici : https://github.com/lxc/incus/releases/tag/v0.2.0

Support

À ce stade, chaque version d’Incus ne sera supportée que jusqu’à la sortie de la suivante. Cela changera dans quelques mois, car nous prévoyons de sortir une version LTS qui coïncidera avec les versions LTS de LXC et LXCFS.

Le support communautaire est disponible sur : https://discuss.linuxcontainers.org
Les bugs peuvent être signalés sur : https://github.com/lxc/incus/issues

Contents