News

LXD 4.3 has been released

1st of July 2020

Introduction

The LXD team is very excited to announce the release of LXD 4.3!

This release comes with a lot of improvements especially for those using virtual machines. It also comes with quite a few bugfixes for our cluster users and general performance improvements.

Enjoy!

New features and highlights

Block custom storage volumes

Up until now, all custom storage volumes were filesystems. Either a directory/subvolume/dataset on a storage backend which supports that or as a formatted block on the other backends.

Now with virtual machines being supported by LXD, we found ourselves needing to support attaching both our traditional filesystem backed volumes to virtual machines (which has been possible for a while and uses 9p) as well as allowing for additional raw disks to be attached to virtual machines.

This can now be done with block custom storage volumes.

stgraber@castiana:~$ lxc storage volume create default my-fs size=10GiB
Storage volume my-fs created
stgraber@castiana:~$ lxc storage volume create default my-block size=10GiB --type=block
Storage volume my-block created

stgraber@castiana:~$ lxc storage volume list default
+-----------------+------------------------------------------------------------------+-------------+--------------+---------+
|      TYPE       |                               NAME                               | DESCRIPTION | CONTENT TYPE | USED BY |
+-----------------+------------------------------------------------------------------+-------------+--------------+---------+
| custom          | my-block                                                         |             | block        | 0       |
+-----------------+------------------------------------------------------------------+-------------+--------------+---------+
| custom          | my-fs                                                            |             | filesystem   | 0       |
+-----------------+------------------------------------------------------------------+-------------+--------------+---------+
| image           | a4dc839edd35d50158d57818938775669265a3af004bd93b8281115ee0abd29d |             | block        | 1       |
+-----------------+------------------------------------------------------------------+-------------+--------------+---------+
| virtual-machine | f1                                                               |             | block        | 1       |
+-----------------+------------------------------------------------------------------+-------------+--------------+---------+

stgraber@castiana:~$ lxc config device add f1 my-fs disk source=my-fs pool=default path=/srv/my-fs
Device my-fs added to f1
stgraber@castiana:~$ lxc config device add f1 my-block disk source=my-block pool=default
Device my-block added to f1

stgraber@castiana:~$ lxc start f1
stgraber@castiana:~$ lxc exec f1 bash
root@f1:~# gdisk -l /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_lxd_my-block
GPT fdisk (gdisk) version 1.0.5

Partition table scan:
  MBR: not present
  BSD: not present
  APM: not present
  GPT: not present

Creating new GPT entries in memory.
Disk /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_lxd_my-block: 20971520 sectors, 10.0 GiB
Sector size (logical/physical): 512/512 bytes
Disk identifier (GUID): EA616112-9C49-4809-AA68-53895E752A34
Partition table holds up to 128 entries
Main partition table begins at sector 2 and ends at sector 33
First usable sector is 34, last usable sector is 20971486
Partitions will be aligned on 2048-sector boundaries
Total free space is 20971453 sectors (10.0 GiB)

Number  Start (sector)    End (sector)  Size       Code  Name
root@f1:~# df -h /srv/my-fs/
Filesystem      Size  Used Avail Use% Mounted on
lxd_my-fs        10G  128K   10G   1% /srv/my-fs
root@f1:~#

VM: Initial work for graphical console

All LXD VMs now come with virtio-gpu and virtio-input devices out of the box as well as a spice channel currently tied to a local unix socket.

One can directly connect to that socket using a client like spicy but this will soon change and instead have LXD allow remote access to this through websocket using lxc console.

VM: Rework of PCIe layout

We've now made sure that every virtio device we expose to the VM is on the PCIe bus, devices have been merged into functions when possible to save the number of slots.

Logic has also been put in place so that network devices should always show up in the same slot and so get a stable name when hardware based naming is enabled.

VM: GPU passthrough

It is now possible to attach gpu type devices to VM, passing a physical GPU through VFIO. Do note that unlike containers that can share GPU with their host, virtual machines cannot.

Direct console attach on lxc start and lxc restart

Both lxc start and lxc restart can now be passed --console when interacting with a single instance. This will cause the command line to immediately attach to the console letting you observe the instance boot sequence.

Isolated CPUs reporting in resources API

A new isolated field is present on all CPU threads now in the /1.0/resources API, this will be set to true if the particular thread is specified as an isolated CPU.

This usually happens when one starts the system with isolcpus= on the kernel command line.

Complete changelog

Here is a complete list of all changes in this release:

  • lxd/instance/drivers/driver/lxc: Adds debug logging to deviceStop
  • lxd/instance/drivers/driver/lxc: Adds driver revert on failed start in startCommon
  • lxd/instance/drivers/driver/qemu: Adds debug logging to deviceStop
  • lxd/instance/drivers/driver/qemu: Simplifies failed start device cleanup in Start
  • lxd/storage/drivers/driver/ceph/utils: Removes getRBDFilesystem
  • lxd/storage/drivers/driver/ceph: Replaces use of d.getRBDFilesystem with vol.ConfigBlockFilesystem
  • lxd/storage/drivers/volume: Adds ConfigBlockMountOptions function
  • lxd/storage/drivers/driver/ceph/utils: Removes getRBDMountOptions in place of vol.ConfigBlockMountOptions()
  • lxd/storage/drivers/driver/lvm/utils: Removes volumeMountOptions in place of vol.ConfigBlockMountOptions()
  • lxd/storage/drivers: Replaces driver specific mount options resolution with vol.ConfigBlockMountOptions()
  • lxd/rbac: Don't close body when missing
  • doc/storage: Cover host/disk/loop setups
  • lxd/init: Tweak default loop sizing
  • lxd/vm: Rename some functions
  • client: Expand snap path in ConnectLXDUnix
  • lxd/vm: Add virtio-vga card
  • lxd/vm: Add spice channel
  • client: Fix ConnectLXDUnix regression
  • lxd/vm: Fix PCIe slot for physical/sriov nic
  • lxd/network: Make setting bridge VLAN filtering & default PVID optional
  • lxd/instance/drivers/driver/qemu: Integrates built in GPU device PCI range with future passthrough GPU devices
  • lxd/instance/drivers/driver/qemu/templates: Updates built in GPU device to use GPU address range prefix
  • lxd/vm: Move to separate devices
  • lxd/vm: Remove tiny wrapper functions
  • lxd/vm: Per-architecture bus type
  • add type to specify the instance type on creation Signed-off-by: Salem Yaslem s@sy.sa
  • lxd/vm: Centralize port generation
  • lxd/device: Sort nic devices ahead of others
  • lxd/device/device/utils/generic: Adds PCI management functions for overriding driver
  • lxd/device/device/utils/network: Removes network specific PCI bind/unbind functions
  • lxd/device/nic/physical: Updates to use generic PCI management functions
  • lxd/device/nic/sriov: Updates to use generic PCI management functions
  • lxd/vm: Separate template keys in global/local
  • lxd/vm: Use virtio-gpu-pci on non-x86
  • lxd/vm: Rename qemuVGA to qemuGPU
  • lxd/vm: Add virtio-input keyboard/mouse
  • lxd/vm: Move bus allocator to own file
  • lxc/volume: Fix typo in help message
  • i18n: Update translation templates
  • lxc/snapshot: Allow using snapshot delimiter
  • i18n: Update translation templates
  • doc/instances: Updates GPU device docs to show VM support
  • lxd/device/gpu: Updates validation for VM support
  • lxd/device/config/device/runconfig: Adds GPU field to RunConfig
  • lxd/device/device/utils/generic: pciDeviceDriverOverride only check for driver binding if specified
  • lxd/device/gpu: Adds VM GPU passthrough support
  • lxd/instance/drivers/driver/qemu/templates: Consistent naming and casing for net dev templates
  • lxd/instance/drivers/driver/qemu: Consistent net dev naming usage
  • lxd/instance/drivers/driver/qemu/templates: Adds qemuGPUDevPhysical template
  • lxd/instance/drivers/driver/qemu: Adds GPU passthrough support
  • lxd/instance/drivers/driver/qemu/bus: Adds comments, clarifies var names, and constants for defined multi-function groups
  • lxd/instance/drivers/driver/qemu: Switches to multi-function group constants and adds comments
  • lxd/instance/drivers/qmp/monitor: Allow serial char device name to be passed in
  • lxd/instance/drivers/driver/qemu: Defines qemuSerialChardevName to share with qemu and qmp
  • lxd/instance/drivers/driver/qemu: qemuSerialChardevName usage
  • lxd/instance/drivers/driver/qemu/templates: Add serial chardev name injection
  • lxd/storage/quota/projectquota: Only set quota on directories and regular files
  • lxd/db: Automatically strip ?project=default
  • lxc/action: Properly handle --all with remotes
  • lxd/projects: Properly clear empty keys
  • lxd/db: Add missing feature to default project
  • lxd/instance/drivers/driver/qemu: Pass-through GPU VGA mode status from host
  • lxd/storage/drivers/driver/zfs/volumes: Remove snapshot when migrating as main volume
  • lxd/cluster/heartbeat: Fix race in HeartbeatNode
  • lxc/console: Split Console to own function
  • lxc/start: Allow direct console attach
  • i18n: Update translation templates
  • lxd/instance/drivers/driver/qemu: Only enable GPU vga mode on x86_64 systems
  • lxd/resources: Fix golint warning
  • doc/api-extensions: Fix escaping
  • api: resource_cpu_isolated
  • lxd/resources: Add Isolated property
  • lxd/resources: Don't use shared
  • lxd/devices: Use resources for cpuset parsing
  • lxc: Don't over-escape URLs
  • lxd: Don't over-escape URLs
  • lxd/db/storage: Rework UsedBy for pools
  • lxd/instance/drivers/driver/qemu: Adds trans=virtio to 9p mounts
  • lxc/action: Also add --console to restart
  • lxd/resources/net: More flexible PCI detection
  • lxc/query: Add path check
  • i18n: Update translation templates
  • tests: Fix bad lxc query call
  • lxd/storage-pools: Tweak UsedBy URLs
  • lxd/networks: Reports profiles in UsedBy
  • lxd/db: Tweak joins
  • lxd/db: Fix UsedBy on projects
  • lxd/storage_volumes: Fix UsedBy
  • api: usedby_consistency
  • lxd-agent/main/agent: Fix 9p mount when relative target path is supplied
  • test: Updates udhcpd args to ensure process quits one lease acquired
  • util_linux: update terminology
  • lxd: Fix snapshot index retrieval
  • lxd/backups: Use backups dir for unpack
  • lxd/vm: Add udev rule fallback
  • lxd/images: Set arch names when downloading
  • lxd: More flexible compression algorithms
  • tests: Add test for compression options
  • doc/rest-api: Rename rootfs to root
  • doc/rest-api: Fix instance PATCH example
  • lxd: Fix building with clang
  • lxd/db: Add missing criteria for querying a specific public image
  • lxd/db: Add the Errored storage state when rendering the Status field
  • lxd/cluster: If raft node 1 gets remove during recovery, add it back
  • lxd/db: Make GetNework() return an error if the network is pending
  • lxd/db: Rename NetworkCreatePending to CreatePendingNetwork
  • lxd/db: Make GetStoragePool() return an error if the pool is pending
  • lxd/db: Rename StoragePoolCreatePending to CreatePendingStoragePool
  • lxd/firewall: Filter unwanted ethernet frame types when IP filtering is enabled
  • lxd/storage/drivers: Bump VM fs size to 100MB
  • lxd/db: Fix UsedBy for profiles on storage pools
  • lxd/storage: Use Truncate to create/grow VM files
  • lxd/db: Consider personalities in GetNodeWithLeastInstances
  • lxd/db: Avoid test failure in arch matching
  • lxd/storage: Better handle broken volumes
  • client: Handle unknown image sizes
  • lxd/response: Stream multi-part responses
  • lxd/device/disk: Fixes cloud-init errors for VMs
  • lxc/action: Show usage on missing target
  • lxd/storage: Rely on UsedBy for deletion error
  • lxd/instances/qemu: Use images dir during compression
  • lxd/storage/drivers: Rename fs to filesystem
  • api: custom_block_volumes
  • shared/api: Add ContentType to storage volume structs
  • lxd/migration: Add ContentType to structs
  • lxd/db/cluster: Add content type to storage volumes
  • lxd/db: Add content type constants
  • lxd/db: Add content type to storage volumes
  • lxd/storage/utils: Add content type conversion functions
  • lxd: Support custom block volumes
  • lxd/storage: Show type in error
  • lxd/device/disk: Handle custom block volumes
  • client: Support custom block volumes
  • lxc/storage_volume: Support custom block volumes
  • test/suites: Add tests for custom block volumes
  • po: Update translations
  • lxd/storage: Backward compatibility for content types
  • doc/storage: Document block storage volumes
  • lxd/util: Detect hugetlbfs mount point
  • lxd/cluster: Always check for dqlite protocol version mismatches
  • lxd/cluster: Don't run unncessary HEAD probe upon dqlite connections
  • forksyscall: use nsids for shiftfs syscall intercepts
  • lxd/db: Drop ClusterRoleDatabase records from the database
  • lxd/cluster: Fetch database role information directly from raft
  • lxd/storage: Fix regression in truncate handling
  • lxd/cluster: Only look up raft_nodes for resolving the address of node 1
  • i18n: Update translations from weblate

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

Binary builds are also available for:

  • Linux: snap install lxd
  • MacOS: brew install lxc
  • Windows: choco install lxc

LXD 4.0.2 LTS has been released

25th of June 2020

Introduction

The LXD team is pleased to announce the release of LXD 4.0.2!

This is the second bugfix release for LXD 4.0 which is supported until June 2025.

Bugfixes and improvements

This release includes a couple of months worth of bugfixes and minor improvements from the development branch.

Some of the highlights include:

  • Automatic matching of CPU NUMA layout for VMs
  • Updated PCIe layout for VMs (includes input devices and virtual GPU)
  • Automatic detection and support for zsys ZFS layout
  • --expanded option in lxc config get
  • Argument support in image/backup compressor
  • New disk and memory (optional) columns in lxc list
  • GPU passthrough for VMs
  • --console option to lxc start and lxc restart

The full list of commits is available below:

  • lxd-agent: Support systemd-notify
  • lxd/qemu: Switch default unit type to notify
  • lxd/storage/backend/lxd: Updates CreateInstanceFromImage to use reverter
  • lxd/storage/drivers/errors: Adds ErrCannotBeShrunk error
  • lxd/storage/drivers/utils: Updates to shrinkFileSystem ErrCannotBeShrunk error
  • lxd/storage/backend/lxd: Updates CreateInstanceFromImage to detect ErrCannotBeShrunk
  • lxd/storage/drivers: Returns ErrCannotBeShrunk when block volume cannot be shrunk
  • lxd/device/proxy: Dont allow proxy_protocol to be set when in nat mode
  • lxd/device/proxy: Dont wrap lines
  • lxd/device/proxy: Improves validation
  • test/suites/container/devices/proxy: Updates tests with new validation rules
  • lxd: Updates snapshotProtobufToInstanceArgs to support instance type
  • lxd/qemu: Match basic NUMA layout
  • lxd/storage/drivers/driver/zfs/volumes: Delete volume on error in CreateVolumeFromCopy
  • lxd-agent/main/agent: Adds comment about reason for systemd-notify usage
  • lxd/cgroup: Fix memory controller detection
  • lxd/migration/migrate/proto: Fix alignment
  • lxd/migration: Adds volumeSize field to MigrationHeader
  • lxd/migrate: Adds VolumeSize to MigrationSinkArgs
  • lxd/migration/migration/volumes: Adds VolumeSize to VolumeTargetArgs
  • lxd/migrate/instance: Use VolumeSize from offer header in Do()
  • lxd/storage/backend/lxd: Use VolumeSize from migration header in CreateInstanceFromMigration
  • lxd/storage/drivers: Exports BlockDevSizeBytes function
  • lxd/storage/utils: Adds InstanceDiskBlockSize
  • lxd/migrate/instance: Populate offerHeader.VolumeSize for VMs
  • lxd/storage/backend/lxd: Adds VM volume size hint to CreateInstanceFromCopy
  • lxd/device/utils: Do not add the Ceph mon port if already present in /etc/ceph config file
  • lxd/instance/qemu: Add comment on cpuTopology
  • lxd/storage/ceph: Support port in URL
  • lxd/storage/drivers/utils: Makes minBlockBoundary available to other functions
  • lxd/storage/drivers/driver/zfs/utils: Updates createVolume to use minBlockBoundary
  • lxd/storage/drivers/driver/zfs/volumes: Updates SetVolumeQuota to use minBlockBoundary
  • lxd/storage/drivers/zfs/volumes: Updates CreateVolume to allow regeneration of deleted image volumes
  • lxd/storage/drivers/driver/zfs/volumes: Dont revert on rename success
  • lxd/daemon: Remove duplicated logic
  • lxd/instance/qemu: Announce LXD in SMBIOS
  • share/usbid: Don't print error when missing
  • lxd/init: Auto-detect and use Ubuntu ZFS setup
  • lxc/config: Add --expanded to get
  • client/interfaces: Add Mode to ImageCopyArgs
  • shared/api/image: Add ImageExportPost
  • client/lxd_images: Set fingerprint and secret headers
  • i18n: Update translation templates
  • client: Add relay mode for image copy
  • client: Add ExportImage to ImageServer
  • client: Add push mode for image copy
  • client: Add GetOperationWaitSecret
  • Resolve both core.https_address and cluster.https_address when comparing IPs
  • lxd/storage/drivers/generic/vfs: Skip missing files during export
  • lxd/images: Fixes hang in export when invalid --compression argument passed
  • lxd/storage/drivers/driver/btrfs/volumes: CreateVolumeFromCopy only use expanded volume size when source is image
  • lxd/storage/drivers/driver/ceph/volumes: Allow cached volume regeneration in CreateVolume
  • lxd/storage/drivers/driver/ceph/utils: Uses defaultBlockSize rather than hardcoded 10GB
  • lxd/storage/drivers/driver/ceph/volumes: Adds getVolumeSize function
  • lxd/storage/drivers/driver/ceph/volumes: Removes unnecessary mount/unmount
  • lxd/storage/drivers/driver/zfs/volumes: Clarify clone comments
  • lxd/storage/drivers/driver/ceph/volumes: Dont wrap lines
  • lxd/storage/drivers/driver/ceph/volumes: Dont use clone mode when creating volume from cached image when it is disabled
  • lxd/storage/utils: VolumeDBCreate comment formatting
  • lxd/storage/drivers/driver/lvm/volumes: CreateVolumeFromCopy only set volume size from expanded config when source is image
  • lxd/storage/drivers/driver/zfs/volumes: CreateVolumeFromCopy only set volume size from expanded config when source is image
  • lxc/storage/drivers/driver/ceph/utils: Reworks parseParent to return a Volume struct
  • lxd/storage/drivers/driver/ceph/utils: Adds tests for parseParent
  • lxd/storage/drivers/driver/ceph/utils: Adds cephVolumeTypeZombieImage constant
  • lxd/storage/drivers/driver/ceph/utils: Updates rbdCreateVolume to accept string size
  • lxd/storage/drivers/driver/ceph/utils: Pass volume config in rbdMarkVolumeDeleted
  • lxd/storage/drivers/driver/ceph/utils: Pass volume config in rbdRenameVolume
  • lxd/storage/drivers/driver/ceph/utils: Replaces getRBDSize with volumeSize
  • lxd/storage/drivers/driver/ceph/utils: Dont wrap lines
  • lxd/storage/drivers/driver/ceph/utils: Updates usage of d.parseParent in deleteVolume
  • lxd/storage/drivers/driver/ceph/utils: Updates RBD naming logic in getRBDVolumeName
  • lxd/storage/drivers/driver/ceph/volumes: Ensures CreateVolumeFromCopy correctly sizes new volume
  • lxd/storage/drivers/driver/ceph/volumes: If volume doesnt exist in DeleteVolume do nothing
  • lxd/storage/drivers/driver/ceph/utils: Dont wrap lines
  • lxd/db: Rename CertificatesGet to GetCertificates
  • lxd/db: Rename CertificateGet to GetCertificate
  • lxd/db: Rename CertSave to CreateCertificate
  • lxd/db: Rename CertDelete to DeleteCertificate
  • lxd/db: Rename CertUpdate to UpdateCertificate
  • lxd/db: Drop unused ConfigValueSet
  • lxd/instances/post: Fix revert in createFromBackup
  • lxd/storage/drivers/volume: Adds allowUnsafeResize bool to Volume struct
  • lxd/storage/backend/lxd: Adds cannot shrink error handling in CreateInstanceFromBackup
  • lxd/storage/drivers/generic/vfs: Sets block volume size to file size of volume in tarball in genericVFSBackupUnpack
  • lxd/storage/drivers/driver/btrfs/volumes: No need to move GPT header if no filler used in CreateVolume
  • lxd/storage/drivers/driver/btrfs/volumes: Skip GPT header move in SetVolumeQuota when allowUnsafeResize is enabled
  • lxd/storage/drivers/driver/dir/volumes: Skip GPT header move in SetVolumeQuota when allowUnsafeResize is enabled
  • lxd/storage/drivers/driver/lvm/volumes: Allow unsafe shrinking when allowUnsafeResize is enabled
  • lxd/storage/drivers/driver/zfs/volumes: Allow unsafe shrinking when allowUnsafeResize is enabled
  • lxd/storage/drivers/driver/ceph/volumes: Allow unsafe shrinking when allowUnsafeResize is enabled
  • lxd/db: Rename InstanceNames to GetInstanceNames
  • lxd/db: Rename ContainerNodeAddress to GetNodeAddressOfInstance
  • lxd/db: Rename ContainersListByNodeAddress to GetInstanceNamesByNodeAddress
  • lxd/db: Rename ContainersByNodeName to GetInstanceToNodeMap
  • lxd/db: Rename ContainerNodeMove to UpdateInstanceNode
  • lxd/db: Rename ContainerNodeProjectList to GetLocalInstancesInProject
  • lxd/db: Rename ContainerConfigInsert to CreateInstanceConfig
  • lxd/db: Rename ContainerConfigUpdate to UpdateInstanceConfig
  • lxd/db: Rename InstanceRemove to RemoveInstance
  • lxd/db: Rename ContainerProjectAndName to GetInstanceProjectAndName
  • lxd/db: Rename ContainerConfigClear to DeleteInstanceConfig
  • lxd/db: Rename ContainerConfigGet to GetInstanceConfig
  • lxd/db: Rename ContainerConfigRemove to DeleteInstanceConfigKey
  • lxd/db: Rename ContainerSetStateful to UpdateInstanceStatefulFlag
  • lxd/db: Rename ContainerProfilesInsert to AddProfilesToInstance
  • lxd/db: Drop unused ContainerProfiles
  • lxd/db: Drop unused ContainerConfig
  • lxd/db: Remove unused ContainersNodeList
  • lxd/db: Rename ContainersResetState to ResetInstancesPowerState
  • lxd/db: Rename ContainerSetState to UpdateInstancePowerState
  • lxd/db: Rename ContainerUpdate to UpdateInstance
  • lxd/db: Rename InstanceSnapshotCreationUpdate to UpdateInstanceSnapshotCreationDate
  • lxd/db: Rename ContainerLastUsedUpdate to UpdateInstanceLastUsedDate
  • lxd/db: Rename ContainerGetSnapshots to GetInstanceSnapshotsNames
  • lxd/db: Rename ContainerNextSnapshot to GetNextInstanceSnapshotIndex
  • lxd/db: Rename InstancePool to GetInstancePool
  • lxd/db: Rename ContainerBackupID to getInstanceBackupID
  • Rename ContainerGetBackup to GetInstanceBackup
  • lxd/db: Rename InstanceCreateBackup to CreateInstanceBackup
  • lxd/db: Rename InstanceBackupRemove to DeleteInstanceBackup
  • lxd/db: ContainerBackupRename to RenameInstanceBackup
  • lxd/db: Rename ContainerBackupsGetExpired to GetExpiredInstanceBackups
  • lxd/storage/drivers/utils: Updates roundVolumeBlockFileSizeBytes and ensureVolumeBlockFile to take size as bytes
  • lxd/storage/drivers/generic/vfs: Updates genericVFSResizeBlockFile to accept size as bytes
  • lxd/storage/drivers/driver/btrfs/utils: Adds volumeSize function
  • lxd/storage/drivers/driver/btrfs/volumes: Updates CreateVolume to use volumeSize()
  • lxd/storage/drivers/driver/btrfs/volumes: Updates SetVolumeQuota to be byte oriented internally
  • lxd/storage/drivers/driver/ceph/utils: Updates volumeSize comment for consistency
  • lxd/storage/drivers/driver/ceph/volumes: Updates CreateVolumeFromCopy to use volumeSize()
  • lxd/storage/drivers/driver/ceph/volumes: Updates SetVolumeQuota to be byte oriented internally
  • lxd/storage/drivers/driver/dir/utils: Adds volumeSize function
  • lxd/storage/drivers/driver/dir/volumes: Updates CreateVolume to use volumeSize
  • lxd/storage/drivers/driver/dir/volumes: Updates SetVolumeQuota to be byte oriented internally
  • lxd/storage/drivers/driver/lvm/utils: Updates copyThinpoolVolume to use volumeSize()
  • lxd/storage/drivers/driver/lvm/volumes: Updates SetVolumeQuota variables and comments
  • lxd/storage/drivers/driver/zfs/utils: Adds volumeSize function
  • lxd/storage/drivers/driver/zfs/volumes: Updates CreateVolume to use volumeSize()
  • lxd/storage/drivers/driver/zfs/volumes: Updates CreateVolumeFromCopy to use volumeSize()
  • lxd/storage/drivers/driver/zfs/volumes: Updates SetVolumeQuota to be byte oriented internally
  • lxd/db: Rename DevicesAdd to AddDevicesToEntity
  • lxd/storage/backend/lxd: Detect cached image filesystem changes for VM images too
  • lxd/db: Remove unused Devices
  • lxd/db: Rename ImagesGetLocal to GetLocalImages
  • lxd/db: Rename ImagesGet to GetImages
  • lxd/db: Rename ImagesGetExpired to GetExpiredImages
  • lxd/db: Rename ImageSourceInsert to CreateImageSource
  • lxd/db: Rename ImageSourceGet to GetImageSource
  • lxd/db: Rename ImageGetFromAnyProject to GetImageFromAnyProject
  • lxd/db: Rename ImageLocate to LocateImage
  • lxd/db: Rename ImageDelete to DeleteImage
  • lxd/db: Rename ImageAliasesGet GetImageAliases
  • lxd/db: Rename ImageAliasGet to GetImageAlaias
  • lxd/db: Rename ImageAliasRename to RenameImageAlias
  • lxd/db: Rename ImageAliasDelete to DeleteImageAlias
  • lxd/db: Rename ImageAliasesMove to MoveImageAlias
  • lxd/db: Rename ImageAliasAdd to CreateImageAlias
  • lxd/db: Rename ImageAliasUpdate to UpdateImageAlias
  • lxd/db: Rename ImageCopyDefaultProfiles to CopyDefaultImageProfiles
  • lxd/db: Rename ImageLastAccessUpdate to UpdateImageLastUseDate
  • lxd/db: Rename ImageLastAccessInit to InitImageLastUseDate
  • lxd/db: Rename ImageUpdate to UpdateImage
  • lxd/db: Rename ImageInsert to CreateImage
  • lxd/db: Rename ImageGetPools to GetPoolsWithImage
  • lxd/db: Rename ImageGetPoolNamesFromIDs to GetPoolNamesFromIDs
  • lxd/db: Rename ImageUploadedAt to UpdateImageUploadDate
  • lxd/db: Rename ImagesGetOnCurrentNode to GetImagesOnLocalNode
  • lxd/db: Rename ImagesGetByNodeID to GetImagesOnNode
  • lxd/db: Replace ImageGetNodesWithImage with GetNodesWithImage
  • lxd/db: Rename ImageGetNodesWithoutImage to GetNodesWithoutImage
  • lxc/image: Actually refresh multiple images
  • lxd/resources: Use permanent MAC when available
  • lxd/qemu: Restrict NUMA layout to x86_64
  • Consider all nodes when looking for the leader, not only voters
  • Only attempt to transfer leadership if we are not standalone
  • lxd/db: Rename NetworksNodeConfig to GetNetworksLocalConfig
  • lxd/db: Rename NetworkIDsNotPending to GetNonPendingNetworkIDs
  • lxd/db: Rename NetworkID to GetNetworkID
  • lxd/db: Rename NetworkConfigAdd to CreateNetworkConfig
  • lxd/db: Rename Networks to GetNetworks
  • lxd/db: Rename NetworksNotPending to GetNonPendingNetworks
  • lxd/db: Rename NetworksNotPending to GetNonNetworks
  • lxd/db: Rename NetworkGetInterface to GetNetworkWithInterface
  • lxd/db: Rename NetworkConfig to getNetworkConfig
  • lxd/db: Rename NetworkCreate to CreateNetwork
  • lxd/db: Rename NetworkUpdate to UpdateNetwork
  • lxd/db: Rename NetworkConfigClear to clearNetworkConfig
  • lxd/db: Rename NetworkDelete to DeleteNetwork
  • lxd/db: Rename NetworkRename to RenameNetwork
  • lxd/db: Rename NetworkNodeConfigKeys to NodeSpecificNetworkNodeConfig
  • lxd/db: Rename ImageGet to GetImage
  • lxd/db: Rename ImageAssociateNode to AddImageToLocalNode
  • lxd/daemon: Detect nodev and improve errors
  • lxd/db: Rename NodeByAddress to GetNodeByAddress
  • lxd/db: Rename NodePendingByAddress to GetPendingNodeByAddress
  • lxd/db: Rename NodeByName to GetNodeByName
  • lxd/db: Rename NodeName to GetLocalNodeName
  • lxd/db: Rename NodeAddress to GetLocalNodeAddress
  • lxd/db: Rename Nodes to GetNodes
  • lxd/db: Rename NodesCount to GetNodesCount
  • lxd/db: Rename NodeRename to RenameNode
  • lxd/db: Rename NodeAdd to CreateNode
  • lxd/db: Rename NodeAddWithArch to CreateNodeWithArch
  • lxd/db: Rename NodePending to SetNodePendingFlag
  • lxd/db: Rename NodeUpdate to UpdateNode
  • lxd/db: Rename NodeAddRole to CreateNodeRole
  • lxd/db: Rename NodeRemoveRole to RemoveNodeRole
  • lxd/db: Rename NodeUpdateRoles to UpdateNodeRoles
  • lxd/db: Rename NodeRemove to RemoveNode
  • lxd/db: Rename NodeHeartbeat to SetNodeHeartbeat
  • lxd/db: Rename NodeOfflineThreshold to GetNodeOfflineThreshold
  • lxd/db: Rename NodeClear to ClearNode
  • lxd/db: Rename NodeWithLeastContainers to GetNodeWithLeastInstances
  • lxd/db: Rename NodeUpdateVersion to SetNodeVersion
  • lxd/db: Rename Operations to GetLocalOperations
  • lxd/db: Rename OperationsUUIDs to GetLocalOperationsUUIDs
  • lxd/db: Rename OperationNodes to GetNodesWithRunningOperations
  • lxd/db: Rename OperationByUUID to GetOperationByUUID
  • lxd/db: Rename OperationAdd to CreateOperation
  • lxd/db: Rename OperationRemove to RemoveOperation
  • lxd/db: Rename OperationFlush to removeNodeOperations
  • lxd/db: Rename Patches to GetAppliedPatches
  • lxd/db: Rename PatchesMarkApplied to MarkPatchAsApplied
  • lxd/db: Rename Profiles to GetProfileNames
  • lxd/db: Rename ProfileGet to GetProfile
  • lxd/db: Rename ProfilesGet to GetProfiles
  • lxd/db: Drop ProfileConfig
  • lxd/db: Rename ProfileDescriptionUpdate to UpdateProfileDescription
  • lxd/db: Rename ProfileConfigClear to ClearProfileConfig
  • lxd/db: Rename ProfileConfigAdd to CreateProfileConfig
  • lxd/db: Rename ProfileContainersGet to GetInstancesWithProfile
  • lxd/db: Rename ProfileCleanupLeftover to RemoveUnreferencedProfiles
  • lxd/db: Rename ProfilesExpandConfig to ExpandInstanceConfig
  • lxd/db: Rename ProfilesExpandDevices to ExpandInstanceDevices
  • lxd/storage/drivers/generic/vfs: Dont require access to block device when excluding root image file from rsync in genericVFSMigrateVolume
  • lxd/storage/drivers/driver/zfs/volumes: Updates MigrateVolume to avoid need to premount snapshot volume
  • test/suites/storage/volume/attach: Adds test for custom volume root perm persistence
  • lxd/storage/drivers: Fixes custom volume root mount perm issue for BTRFS and DIR
  • lxc/storage/drivers/volume: Removes keepDevice from Volume
  • lxd/storage/drivers/driver/ceph/volumes: Removes keepDevice usage
  • lxc/storage/drivers/driver/ceph/volumes: Mount changes
  • lxd/storage/drivers/driver/ceph/volumes: UnmountVolume modifications
  • lxd/storage/drivers/driver/ceph/volumes: Esnure permission on volume root set in CreateVolume
  • lxd/resources: Skip NVME multipath entries
  • lxd/db: Rename ProjectNames to GetProjectNames
  • lxd/db: Rename ProjectMap to GetProjectIDsToNames
  • lxd/db: Rename ProjectUpdate to UpdateProject
  • lxd/db: Rename ProjectLaunchWithoutImages to InitProjectWithoutImages
  • lxd/db: Rename RaftNodes to GetRaftNodes
  • lxd/db: Rename RaftNodeAddresses to GetRaftNodeAddresses
  • lxd/db: Rename RaftNodeAddress to GetRaftNodeAddress
  • lxd/db: Rename RaftNodeFirst to CreateFirstRaftNode
  • lxd/db: Rename RaftNodeAdd to CreateRaftNode
  • lxd/db: Rename RaftNodeDelete to RemoveRaftNode
  • lxd/db: Rename RaftNodesReplace to ReplaceRaftNodes
  • lxd/db: Rename InstanceSnapshotConfigUpdate to UpdateInstanceSnapshotConfig
  • lxd/db: Rename InstanceSnapshotID to GetInstanceSnapshotID
  • lxd/db: Rename StoragePoolsNodeConfig to GetStoragePoolsLocalConfig
  • lxd/db: Rename StoragePoolID to GetStoragePoolID
  • lxd/db: Rename StoragePoolDriver to GetStoragePoolDriver
  • lxd/db: Rename StoragePoolIDsNotPending to GetNonPendingStoragePoolsNamesToIDs
  • lxd/db: Rename StoragePoolNodeJoin to UpdateStoragePoolAfterNodeJoin
  • lxd/db: Rename StoragePoolConfigAdd to CreateStoragePoolConfig
  • lxd/db: Rename StoragePoolNodeConfigs to GetStoragePoolNodeConfigs
  • lxd/db: Rename StoragePools to GetStoragePoolNames
  • lxd/db: Rename StoragePoolsNotPending to GetNonPendingStoragePoolNames
  • lxd/db: Rename StoragePoolsGetDrivers to GetStoragePoolDrivers
  • lxd/db: Rename StoragePoolGetID to GetStoragePoolID
  • lxd/db: Rename StoragePoolGet to GetStoragePool
  • lxd/db: Rename StoragePoolConfigGet to getStoragePoolConfig
  • lxd/db: Rename StoragePoolCreate to CreateStoragePool
  • lxd/db: Rename StoragePoolUpdate to UpdateStoragePool
  • lxd/db: Rename StoragePoolConfigClear to clearStoragePoolConfig
  • lxd/db: Rename StoragePoolDelete to RemoveStoragePool
  • lxd/db: Rename StoragePoolVolumesGetNames to GetStoragePoolVolumesNames
  • lxd/db: Rename StoragePoolVolumesGetAllByType to GetStoragePoolVolumesWithType
  • lxd/db: Rename StoragePoolVolumesGet to GetStoragePoolVolumes
  • lxd/db: Rename StoragePoolNodeVolumesGet to GetLocalStoragePoolVolumes
  • lxd/db: Rename StoragePoolVolumeSnapshotsGetType to GetLocalStoragePoolVolumeSnapshotsWithType
  • lxd/db: Rename StoragePoolNodeVolumesGetType to GetLocalStoragePoolVolumesWithType
  • lxd/db: Rename StoragePoolNodeVolumeGetTypeByProject to GetLocalStoragePoolVolume
  • lxd/db: Rename StoragePoolVolumeUpdateByProject to UpdateStoragePoolVolume
  • lxd/db: Rename StoragePoolVolumeDelete to RemoveStoragePoolVolume
  • lxd/db: Rename StoragePoolVolumeRename to RenameStoragePoolVolume
  • lxd/db: Rename StoragePoolVolumeCreate to CreateStoragePoolVolume
  • lxd/db: Rename StoragePoolNodeVolumeGetTypeIDByProject to GetStoragePoolNodeVolumeID
  • lxd/db: Rename StoragePoolInsertZfsDriver to FillMissingStoragePoolDriver
  • lxd/storage/zfs: Use TryUnmount
  • ethtool: add ethtoolGset() helper
  • Support two-phase creation of a storage pool on single-node cluster
  • lxd/storage/drivers/driver/btrfs/utils: Adds setSubvolumeReadonlyProperty function
  • lxd/storag/drivers/driver/btrfs/volumes: Removes readonly argument from snapshotSubvolume
  • lxd/storage/drivers/driver/btrfs: d.setSubvolumeReadonlyProperty and d.snapshotSubvolume usage
  • lxd/db: Rename StoragePoolVolumeGetType to GetStoragePoolVolume
  • lxd/db: Rename StoragePoolVolumeSnapshotCreate to CreateStorageVolumeSnapshot
  • lxd/db: Rename StoragePoolVolumeSnapshotUpdateByProject to UpdateStoragePoolVolumeSnapshot
  • lxd/db: Rename StorageVolumeSnapshotExpiryGet to GetStorageVolumeSnapshotExpiry
  • lxd/db: Rename StorageVolumeSnapshotsGetExpired to GetExpiredStorageVolumeSnapshots
  • resources/ethtool: implement ETHTOOL_GLINKSETTINGS
  • lxd/storage/drivers/driver/btrfs/utils: Adds getSubvolumesMetaData function
  • lxd/storage/drivers/driver/btrfs/volumes: Maintain subvolume readonly state in snapshot
  • lxd/storage/driversr/driver/btrfs/utils: Allow ro subvolumes to be deleted in deleteSubvolume
  • lxd/storag/drivers/driver/btrfs/volumes: Updates MigrateVolume to send subvolumes
  • lxd/storage/drivers/driver/btrfs/volumes: Fail backup when cleanup fails in BackupVolume
  • lxd/storage/drivers/driver/btrfs/volumes: Better naming of variables in unpackVolume
  • lxd/migration/migrate/proto: Adds BTRFS Features to offer header
  • lxd/migration/utils: Adds GetBtrfsFeaturesSlice function
  • lxd/migration/migration/volumes: Adds BTRFS feature support to TypesToHeader
  • lxd/migration/migration/volumes: Adds BTRFS feature support to MatchTypes
  • lxd/storage/drivers/driver/btrfs: Adds BTRFS features to MigrationTypes
  • lxd/storage/memorypipe: Dont make ioutil.ReadAll panic on cancel
  • lxd/storage/drivers/driver/btrfs/utils: Kill btrfs send on error in sendSubvolume
  • lxd/storage/drivers/driver/btrfs/utils: Support subvolumes in receiveSubvolume
  • lxd/storage/drivers/driver/btrfs/utils: Adds metadataHeader function
  • lxd/storage/drivers/driver/btrfs/volumes: Updates CreateVolumeFromMigration to receive subvolumes
  • lxd/db: Rename StorageVolumeNodeAddresses to GetStorageVolumeNodeAddresses
  • lxd/db: Rename StorageVolumeDescriptionGet to GetStorageVolumeDescription
  • lxd/db: Rename StorageVolumeNextSnapshot to GetNextStorageVolumeSnapshotIndex
  • lxd/db: Rename StorageVolumeCleanupImages to RemoveStorageVolumeImages
  • lxd/db: Rename StorageVolumeMoveToLVMThinPoolNameKey to UpgradeStorageVolumConfigToLVMThinPoolNameKey
  • lxd/db: Update naming pattern for generated database code
  • client/lxd_images: Fix backward compatibility
  • lxd/storage/btrfs: Fix migration from snapshot
  • shared/generate/db: Fix generation of Exists method
  • lxd/db: Make generated code stable across "make update-schema" runs
  • lxd/db: Leverage code-generation for certificates
  • shared: Rewrite OpenPty without cgo
  • openpty: use O_CLOEXEC directly
  • openpty: use fchown()
  • openpty: first unlock the master, then get a slave fd
  • openpty: use TIOCGPTPEER if available
  • lxd/storage/drivers/driver/lvm/utils: Adds lvmSnapshotSeparator constant and updates lvmFullVolumeName to use it
  • lxd/storage/drivers/driver/lvm/utils: Adds lvmEscapedHyphen and updates lvmFullVolumeName usage
  • lxd/storage/drivers/driver/lvm/utils: Adds parseLogicalVolumeSnapshot function
  • lxd/storage/drivers/driver/lvm/utils: Adds tests for parseLogicalVolumeSnapshot
  • lxd/storage/drivers/driver/lvm/volumes: Updates VolumeSnapshots to use parseLogicalVolumeSnapshot
  • test: Adds tests for snapshot naming conflicts
  • lxd/firewall/drivers: Fix nft syntax
  • lxc/project: Fix remote handling
  • tests: Fix bad project switch call
  • lxd/seccomp: Fix profile conflict between projects
  • lxd/storage/drivers/driver/lvm/utils: Adds activateVolume and deactivateVolume functions
  • lxd/storage/drivers/driver/lvm/utils: Set --setactivationskip on in createLogicalVolume
  • lxd/storage/drivers/driver/lvm/utils: Set --setactivationskip on in createLogicalVolumeSnapshot
  • lxd/storage/drivers/driver/lvm/utils: Activate volume in copyThinpoolVolume when regeneration FS UUID
  • lxd/storage/drivers/driver/lvm: Dont activate all volumes on pool mount
  • lxd/storage/drivers/driver/lvm/volumes: Activate volume before generic copy in CreateVolumeFromCopy
  • lxd/storage/drivers/driver/lvm/volumes: Activate volume in SetVolumeQuota
  • lxd/storage/drivers/driver/lvm/volumes: Activate volume in MountVolume
  • lxd/storage/drivers/driver/lvm/volumes: Deactivate volume in UnmountVolume
  • lxd/storage/drivers/driver/lvm/volumes: Acticate volume before generic migrate in MigrateVolume
  • lxd/storage/drivers/driver/lvm/volumes: Activate volume in MountVolumeSnapshot
  • lxd/storage/drivers/driver/lvm/volumes: Deactivate volume in UnmountVolumeSnapshot
  • lxd/storage/drivers/driver/lvm/volumes: Activate volume before FS UUID regen in RestoreVolume
  • openpty: fix TIOCGPTPEER usage
  • Make network address bind error fatal when clustered
  • lxd/storage/drivers/driver/btrfs/utils: Renames metadatHeader to restorationHeader
  • lxd/storage/drivers/driver/btrfs/volumes: d.restorationHeader usage
  • lxd/storage/drivers/driver/btrfs/volumes: Clarifies comments in MigrateVolume
  • lxd/storage/drivers/driver/btrfs/volumes: Adds safety net against failed matching of subvolumes
  • lxd/storage/drivers/driver/btrfs/utils: Fix deleteSubvolume to support recursive delete with intermediate ro subvols
  • lxd/storage/drivers/utils: Mark BTRFSSubVolumeMakeRo and BTRFSSubVolumeMakeRw deprecated
  • lxd/storage/drivers/driver/btrfs/volumes: Updates RestoreVolume to restore subvolume ro property
  • test: Adds BTRFS subvolume tests
  • lxd/storage/memorypipe: Fixes issue with partial reads losing data
  • lxd/storage/drivers/driver/btrfs/volumes: Restores subvolumes ro property in CreateVolumeFromCopy
  • lxd/storage/drivers/driver/btrfs/utils: Adds marshal tags to BTRFSSubVolume and BTRFSMetaDataHeader
  • lxd/device/nic/bridged: Updates github.com/mdlayher/netx/eui64
  • fix IPVLAN docs
  • lxd/cluster: Don't run a connection proxy when connecting with the Go dqlite client
  • lxd/cluster: Extract dqlite network proxy logic to standalone function and support cancellation
  • lxd/cluster: Use dqliteProxy in raftDial
  • lxd/cluster: Use ReadClose() to gracefully stop the dqlite proxy
  • lxd/device/device/utils/generic: Removes deviceNameEncode and deviceNameDecode
  • lxd/storage/drivers/utils: Adds PathNameEncode and PathNameDecode
  • lxd/device/device: PathNameEncode and PathNameDecode usage
  • lxd/storage/drivers/driver/types: Adds OptimizedBackupHeader field to Info
  • lxd/backup/backup: Adds OptimizedHeader field to Info struct
  • lxd/backup: Updates backupWriteIndex to populate the OptimizedHeader field
  • lxd/storage/drivers/driver/btrfs: Sets OptimizedBackupHeader to true in Info struct response
  • lxd/storage/drivers/driver/btrfs/utils: Adds warning to BTRFSSubVolume and BTRFSMetaDataHeader about shared usage
  • lxd/storage/drivers/driver/btrfs/volumes: Updates BackupVolume to add subvolumes to optimized backup file
  • lxd/storage/drivers/interface: Update CreateVolumeFromBackup to pass srcBackup backup.Info
  • lxd/storage/backend/lxd: Pass srcBackup in CreateInstanceFromBackup
  • lxd/storage/drivers: CreateVolumeFromBackup srcBackup backup.Info usage
  • lxd/backup/backup: Updates GetInfo to set optimizedHeaderFalse false if not present in yaml file
  • lxd/storage/drivers/driver/btrfs/utils: Adds loadOptimizedBackupHeader
  • lxd/storage/drivers/driver/btrfs/volumes: Updates CreateVolumeFromBackup to restore subvolumes using optimized header file
  • lxd/storage/drivers/driver/btrfs/volumes: Simplifies parent volume logic in BackupVolume
  • lxd/storage/drivers/driver/btrfs/volumes: Simplifies parent volume logic for MigrateVolume
  • test: Adds BTRFS backup subvolume tests
  • lxd/storage/drivers/driver/btrfs/utils: Removes receiveSubvolume
  • lxd/storage/drivers/driver/btrfs/utils: Adds receiveSubVolume function
  • lxd/storage/drivers/driver/btrfs/volumes: Updates CreateVolumeFromMigration to use receiveSubVolume
  • lxd/resources/memory: Fix memory calculation
  • lxd: Improve logging of shutdown errors
  • lxd/instances/post: Delete restored instance on backup post hook failure
  • Fix 'how to mount home directory' shiftfs FAQ
  • shared: build fs_{32,64}bit.go on mips*
  • lxd/util: build fs_{32,64}bit.go on mips*
  • lxd/rsync: Adds optional rsync arguments to LocalCopy
  • lxd/storage/utils: Fixes ImageUnpack to not erase generated rootfs block file when doing rsync
  • ethtool: don't report -1 for speed in ethtoolLink()
  • lxd/storage/quota/projectquota: Fixes leaking file handles in quota_set_path and quota_get_path
  • lxd/storage/quota/projectquota: Adds inherit argument to quota_set_path
  • lxd/storage/quota/projectquota: Updates SetProject to recursively set project and support non-directory files
  • lxd/storage/drivers/driver/dir/utils: Updates deleteQuota to use DeleteProject
  • lxd/storage/drivers/driver/dir/volumes: Adds quota revert in CreateVolumeFromBackup post hook
  • Always skip offline servers when rebalancing
  • When demoting a voter to spare, transition to stand-by first
  • test/clustering: Make sure that a killed voter can't dsirupt current leader
  • lxd/cluster: Use a dedicated channel to stop the dqlite proxy
  • lxd: Call Deamon.Kill() also when receiving signals (so db transactions won't be retried)
  • lxd/db: Add Cluster.Kill() method to prevent retrying upon shutdown
  • lxd/firewall/drivers/driver/nftables/templates: Fixes proxy nat rule dynamic family
  • shared/util_linux.go: cast Rdev uint64 for mips
  • lxd/storage/quota/projectquota.go: cast Rdev uint64 for mips
  • lxd/device/device_utils_unix.go: cast Rdev uint64 for mips
  • lxd/device/gpu.go: cast Rdev uint64 for mips
  • shared: Reimplement GetPollRevents without cgo
  • lxd-agent: Build statically
  • Drop gccgo
  • lxd-p2c: Drop cgo
  • shared/ucred: Cleanup package
  • lxd/api: Don't strip double slashes
  • lxd/operations: Improve error message when database insertion fails
  • lxd/db: Change UpdateCertificate to RenameCertificate (only renaming supported)
  • lxd/db: Rename containers.go to instances.go
  • shared/generate/db: Statement for deleting references (config and devices)
  • lxd/db: Generate delete stements for profile config and devices
  • shared/generate/db: update statement: take ID instead of natural key
  • shared/generate/db: Handle config and devices in Update method
  • lxd/db: Generate Update method for profiles
  • lxd: Plug new UpdateProfile() db method into doProfileUpdate
  • lxd: Plug new UpdateProfile() db method into updatePoolPropertyForAllObjects
  • lxd/db: Generate delete statements for instance config, devices and profiles
  • lxd/db: Generate UpdateInstance method
  • lxd/instance: Plug the new UpdateInstance method and replace legacy logic
  • lxd/db: Drop AddDevicesToEntity
  • lxd/storage/drivers/driver/common: Logging quoting consistency
  • lxd/storage/drivers: Adds storage_lvm_skipactivation patch
  • test: Drive-by fix for flaky clustering rebalance test
  • Recommend to increase the value of aio-max-nr for production use
  • lxd/firewall/firewall/interface: Change definition of Compat() to return compat issue error
  • lxd/firewall/drivers/driver/nftables: Updates Compat() to return compat issues as error
  • lxd/firewall/drivers/drivers/xtables: Updates Compat() to return compat issues as error
  • shared/simplestreams: Support uefi1.img
  • lxd/firewall/firewall/load: Updates driver detection to warn when falling back to non-compatible xtables
  • lxd/storage/pools: Improves delete pool error info
  • instance_exec: don't panic
  • lxd/qemu: Handle quoted raw.qemu
  • lxd/main_forkproxy: Reduce logging
  • lxd/networks: Warn on small IPv6 subnets
  • lxd/network: Force DHCP custom gateway
  • lxc/list: Add disk and memory columns
  • i18n: Update translation template
  • lxd/storage/drivers: Make sure tar reader context is cancelled before defer
  • lxc/list: Fix test
  • shared/archive: Wraps cancelFunc to wait until unpacker process has finished in CompressedTarReader
  • lxd/cluster: Transfer leadership before adjusting roles, not after
  • lxd/cluster: Add time skew detection
  • test: Wait a few more seconds for the rebalance to happen
  • lxd/daemon.go: Don't try to rebalance after shutdown sequence has started
  • lxd/cluster: Don't try to rebalance a standalone node
  • lxc/ucred: Simplify logic
  • lxd/qemu: Cleanup arch checks
  • lxd/qemu: Add s390x support
  • lxd/api: Fail /internal/ready requests made after shutdown has started
  • lxc/config: Add -e shorthand
  • forkfile: port to using pidfds
  • forkmount: port to using pidfds
  • forkproxy: port to using pidfds
  • syscall_numbers: update
  • forknet: port to pidfds
  • forkuevent: port to pidfds
  • forksyscall: port to pidfds
  • daemon: record "pidfd" extension
  • lxd/storage/lvm: Correct bad VG name in patch
  • shared/subprocess: Better handle slow systems
  • tests: Don't assume bridge MTU can be forced up
  • fork*: add "--" to not misinterpret negative integers as flags
  • lxd/storage/utils: Removes unused name arg from VolumeFillDefault
  • lxd/instance/drivers: storagePools.VolumeFillDefault usage
  • lxd/patches: driver.VolumeFillDefault usage
  • lxd/storage/utils: VolumeFillDefault usage
  • lxd/storage/utils: Updates VolumeValidateConfig to require volume type
  • lxd/storage/utils: Adds VolumeDBTypeToType function
  • lxd/storage/utils: Updates VolumeDBCreate to pass volume type
  • lxd/storage/drivers/utils: Updates ensureVolumeBlockFile to reject unsafe volume shrinking
  • lxd/storage/drivers/geneirc/vfs: Removes genericVFSResizeBlockFile
  • lxd/storage/drivers: ensureVolumeBlockFile usage
  • lxd/storage/drivers/volume: Adds SetQuota function
  • lxd/storage/drivers/volume: Adds config functions
  • lxd/storage/drivers/driver/lvm/utils: Removes functions moved into Volume struct
  • lxd/storage/drivers/driver/lvm/utils: Usage of volume config functions
  • lxd/storage/drivers/driver/lvm/volumes: Volume config function usage
  • lxd/storage/drivers: Replace volumeSize() with vol.ConfigSize()
  • forknet: add missing "--" to forknet invocation on detach
  • process_utils: remove a bunch of unused functions
  • lxd: Make use of ExitCode
  • share/subprocess: Reduce sleep back to 5
  • lxd/instances/lxc: Fix calls to forknet
  • forkmount: prevent interpreting negative numbers as flags
  • shared/subprocess: Ensure monitor routine exits
  • shared/subprocess: Properly reset state
  • tests: Fix btrfs test on non-shiftfs
  • tests: Old kernels don't let you rmdir btrfs
  • lxd/db: Use query.SelectString helper in GetLocalImages()
  • lxd/db: Use query.SelectString helper in GetImagesFingerprints()
  • shared/generate/db: Support int64 fields
  • lxd/db: Initial code generation for images (without references)
  • lxd/db: Use the generated GetImages code to implement GetExpiredImages
  • lxd/db: Use query.SelectObjects helper in GetImageSource
  • lxd/db: Use query.SelectStrings helper in ImageSourceGetCachedFingerprint
  • lxd/db: Use query.Count helper in ImageExists
  • lxd/db: Use query.Count helper in ImageIsReferencedByOtherProjects
  • lxd/db: Use query.UpsertObject helper in CreateImageSource
  • lxd/cluster: Drive-by fix for flaky rebalance test
  • lxd/db: Usage query.DeleteObject to implement DeleteImage
  • lxd/db: Use query.SelectStrings to implement GetImageAliases
  • lxd/db: Use a single transaction in GetImageAlias
  • lxd/db: Use a single transaction in DeleteImageAlias
  • lxd/db: Use single transaction in CreateImageAlias
  • lxd/db: Usage single transaction in CreateImage
  • lxd/db: Use query.SelectIntegers helper in GetPoolsWithImage
  • lxd/db: Use a single transaction in GetPoolNamesFromIDs
  • lxd/db: Use explicit transaction in GetInstanceProjectAndName
  • lxd/db: Drop unused DeleteInstanceConfig
  • shared/subprocess: Fix Stop handling
  • lxd/storage/utils: Updates ImageUnpack to detect too small volume for qcow2 image and increase size before unpack
  • lxd/storage/utils: Adds checks to ImageUnpack before enlarging volume
  • lxd/storage/drivers/driver/types: Updates VolumeFiller Fill function to take a Volume
  • lxd/storage: Updates volume filler usage to supply Volume rather than mount path
  • lxd/storage/drivers/volume: Adds ConfigSizeFromSource function
  • lxd/storage/drivers/driver/lvm/utils: Updates copyThinpoolVolume to only use vol.config["size"] for resizing
  • lxd/storage/drivers/driver/lvm/utils: Updates Volume type in createLogicalVolumeSnapshot definition
  • lxd/storage/drivers/driver/common: Adds runFiller function
  • lxd/storage/backend/lxd: Updates imageFiller to return volume size
  • lxd/storage/backend/lxd: Updates CreateInstanceFromImage to load image vol DB record
  • lxd/storage/backend/lxd: Updates EnsureImage to record volatile.rootfs.size for block images
  • lxd/storage/drivers/driver/types: Updates VolumeFiller definition to store size
  • lxd/storage/utils: Validates volatile.rootfs.size key for image volumes in validateVolumeCommonRules
  • lxd/storage/utils: Updates ImageUnpack to return image virtual size
  • lxd/storage/drivers/driver/btrfs/volumes: d.runFiller usage
  • lxd/storage/drivers/driver/ceph/volumes: d.runFiller usage
  • lxd/storage/drivers/driver/cephfs/volumes: d.runFiller usage
  • lxd/storage/drivers/driver/dir/volumes: d.runFiller usage
  • lxd/storage/drivers/driver/lvm/volumes: d.runFiller usage
  • lxd/storage/drivers/driver/zfs/volumes: d.runFiller usage
  • lxd/storage/drivers/volume: Adds SetConfigSize function
  • lxd/storage/backend/lxd: Updates CreateInstanceFromImage to use vol.ConfigSizeFromSource to dervice volume size
  • lxd/storage/drivers: Updates CreateVolumeFromCopy to only use vol.config["size"] for resizing
  • lxd: Reduce number of transactions in containerPostClusteringMigrate
  • lxd/db: Use query.SelectStrings helper in LegacyContainersList
  • lxd/db: Rename dbDeviceTypeToString to deviceTypeToString
  • lxd/storage/drivers/utils: ensureVolumeBlockFile comment clarification
  • lxd/storage/drivers/utils: Renames BlockDevSizeBytes to BlockDiskSizeBytes
  • lxd/storage/utils: drivers.BlockDiskSizeBytes usage
  • lxd/storage/utils: Simplifies InstanceDiskBlockSize with drivers.BlockDiskSizeBytes usage
  • lxd/storage/drivers/generic/vfs: Simplifies genericVFSBackupVolume with drivers.BlockDiskSizeBytes usage
  • lxd/storage/backend/lxd: Whitespace in CreateInstanceFromBackup
  • lxd/storage/drivers/driver/ceph/volumes: BlockDiskSizeBytes usage in SetQuota
  • lxd/storage/drivers: Updates dir and btrfs to support filler volume enlargement
  • lxd/db: Group ClusterTx instance methods together
  • lxd/db: Rename AddProfilesToInstance to addProfilesToInstance
  • lxd/db: Move instance backup methods to backups.go
  • lxd/db: Rename InstanceBackupArgs to InstanceBackup
  • lxd/db: Remove unused profile functions
  • lxd/db: Move storage volumes methods to storage_volumes.go
  • lxd/storage/drivers/volume/test: Adds tests for Volume.ConfigSizeFromSource()
  • forkuevent: fix slice allocation
  • unix-hotplug: fix uevent injection
  • lxd/db: Use auto-generated GetImages() to implement GetImage()
  • lxd/db: Use auto-generated GetImages to implement GetImageFromAnyProject
  • lxd/db: Group ClusterTx image methods together
  • lxd/db: Rename ImageSourceGetCachedFingerprint to GetCachedImageSourceFingerprint
  • lxd/images: Set CreatedAt on publish
  • lxd: New command line option to trace SQL statements
  • lxd/firewall/drivers/drivers/xtables: Updates iptablesInUse to kill process once first rule found
  • lxd/backup: Fixes hang in backupCreate when invalid compression argument supplied
  • lxd/storage/utils: Removes duplicated qemu-img call in ImageUnpack
  • lxd/storage/utils: Switch to qemu-img dd mode in ImageUnpack
  • lxd/storage/drivers/utils: Exports MinBlockBoundary
  • lxd/storage/drivers: MinBlockBoundary usage
  • lxd/resources: Handle missing cache size/type
  • Update documentation with backup compression
  • lxd/rbac: New notification API
  • lxd/firewall/nft: Enhance support detection
  • Fix regression in GetImageFromAnyProject
  • doc/security: Adds notes about IPv6 router advertisement security
  • lxd/device/nic: Changes nicValidationRules to properly validation vlan
  • lxd/device/nic/bridged: Adds revert for veth pair cleanup on error
  • lxd/firewall/drivers/drivers/xtables: Drops tagged vlan frames when using IP filtering
  • lxd/firewall/drivers/drivers/nftables: Drops tagged vlan frames when using IP filtering
  • lxd/network/network/utils: Improve comments on ovs switch attach/detach
  • lxd/network/network/utils: Improves arg name in network attach/detach functions
  • lxd/device/bic/bridged: Fixes openvswitch port leak when device is stopped
  • lxd/network/utils: Adds IsNativeBridge function
  • lxd/maas: Fix support for multiple subnets
  • lxd/maas: Support projects
  • lxd/dnsmasq: Add project suffix
  • Remove incorrect statement about supported network devices with virtual machines According documentation supported types with virtual machines are physical, bridged, macvlan, p2p, sriov
  • lxd/rbac: Fix auth for non-RBAC trusted clients
  • global: Add riscv64 to build tags
  • Stop using Driver.SetContextTimeout() which is a no-op
  • use the coreos fork of boltdb since the original is archived/abandoned
  • lxd/device/device/utils/network: Adds networkValidVLAN and networkValidVLANList functions
  • lxd/device/device/utils/network: Allow VLAN ID 0 in networkValidVLAN
  • lxd/instance/drivers/driver/lxc: Adds debug logging to deviceStop
  • lxd/instance/drivers/driver/lxc: Adds driver revert on failed start in startCommon
  • lxd/instance/drivers/driver/qemu: Adds debug logging to deviceStop
  • lxd/instance/drivers/driver/qemu: Simplifies failed start device cleanup in Start
  • lxd/storage/drivers/driver/ceph/utils: Removes getRBDFilesystem
  • lxd/storage/drivers/driver/ceph: Replaces use of d.getRBDFilesystem with vol.ConfigBlockFilesystem
  • lxd/storage/drivers/volume: Adds ConfigBlockMountOptions function
  • lxd/storage/drivers/driver/ceph/utils: Removes getRBDMountOptions in place of vol.ConfigBlockMountOptions()
  • lxd/storage/drivers/driver/lvm/utils: Removes volumeMountOptions in place of vol.ConfigBlockMountOptions()
  • lxd/storage/drivers: Replaces driver specific mount options resolution with vol.ConfigBlockMountOptions()
  • shared/api: Extend NetworkState for bridge/bond
  • lxd/rbac: Don't close body when missing
  • doc/storage: Cover host/disk/loop setups
  • lxd/init: Tweak default loop sizing
  • lxd/vm: Rename some functions
  • client: Expand snap path in ConnectLXDUnix
  • client: Fix ConnectLXDUnix regression
  • lxd/vm: Fix PCIe slot for physical/sriov nic
  • lxd/vm: Add virtio-vga card
  • lxd/vm: Add spice channel
  • lxd/instance/drivers/driver/qemu: Integrates built in GPU device PCI range with future passthrough GPU devices
  • lxd/instance/drivers/driver/qemu/templates: Updates built in GPU device to use GPU address range prefix
  • lxd/vm: Move to separate devices
  • lxd/vm: Remove tiny wrapper functions
  • lxd/vm: Per-architecture bus type
  • add type to specify the instance type on creation Signed-off-by: Salem Yaslem s@sy.sa
  • lxd/vm: Centralize port generation
  • lxd/device: Sort nic devices ahead of others
  • lxd/device/device/utils/generic: Adds PCI management functions for overriding driver
  • lxd/device/device/utils/network: Removes network specific PCI bind/unbind functions
  • lxd/device/nic/physical: Updates to use generic PCI management functions
  • lxd/device/nic/sriov: Updates to use generic PCI management functions
  • lxd/vm: Separate template keys in global/local
  • lxd/vm: Use virtio-gpu-pci on non-x86
  • lxd/vm: Rename qemuVGA to qemuGPU
  • lxd/vm: Add virtio-input keyboard/mouse
  • lxd/vm: Move bus allocator to own file
  • lxc/volume: Fix typo in help message
  • lxc/snapshot: Allow using snapshot delimiter
  • doc/instances: Updates GPU device docs to show VM support
  • lxd/device/gpu: Updates validation for VM support
  • lxd/device/config/device/runconfig: Adds GPU field to RunConfig
  • lxd/device/device/utils/generic: pciDeviceDriverOverride only check for driver binding if specified
  • lxd/device/gpu: Adds VM GPU passthrough support
  • lxd/instance/drivers/driver/qemu/templates: Consistent naming and casing for net dev templates
  • lxd/instance/drivers/driver/qemu: Consistent net dev naming usage
  • lxd/instance/drivers/driver/qemu/templates: Adds qemuGPUDevPhysical template
  • lxd/instance/drivers/driver/qemu: Adds GPU passthrough support
  • lxd/instance/drivers/driver/qemu/bus: Adds comments, clarifies var names, and constants for defined multi-function groups
  • lxd/instance/drivers/driver/qemu: Switches to multi-function group constants and adds comments
  • lxd/instance/drivers/qmp/monitor: Allow serial char device name to be passed in
  • lxd/instance/drivers/driver/qemu: Defines qemuSerialChardevName to share with qemu and qmp
  • lxd/instance/drivers/driver/qemu: qemuSerialChardevName usage
  • lxd/instance/drivers/driver/qemu/templates: Add serial chardev name injection
  • lxd/storage/quota/projectquota: Only set quota on directories and regular files
  • lxd/db: Automatically strip ?project=default
  • lxc/action: Properly handle --all with remotes
  • lxd/projects: Properly clear empty keys
  • lxd/db: Add missing feature to default project
  • lxd/instance/drivers/driver/qemu: Pass-through GPU VGA mode status from host
  • i18n: Update translation templates
  • lxd/storage/drivers/driver/zfs/volumes: Remove snapshot when migrating as main volume
  • lxd/cluster/heartbeat: Fix race in HeartbeatNode
  • lxc/console: Split Console to own function
  • lxc/start: Allow direct console attach
  • i18n: Update translation templates
  • lxd/instance/drivers/driver/qemu: Only enable GPU vga mode on x86_64 systems
  • lxd/resources: Fix golint warning
  • doc/api-extensions: Fix escaping
  • api: resource_cpu_isolated
  • lxd/resources: Add Isolated property
  • lxd/resources: Don't use shared
  • lxd/devices: Use resources for cpuset parsing
  • lxc: Don't over-escape URLs
  • lxd: Don't over-escape URLs
  • lxd/db/storage: Rework UsedBy for pools
  • lxd/instance/drivers/driver/qemu: Adds trans=virtio to 9p mounts
  • lxc/action: Also add --console to restart
  • lxd/resources/net: More flexible PCI detection
  • lxc/query: Add path check
  • i18n: Update translation templates
  • tests: Fix bad lxc query call
  • lxd/storage-pools: Tweak UsedBy URLs
  • lxd/db: Tweak joins
  • lxd/db: Fix UsedBy on projects
  • lxd/storage_volumes: Fix UsedBy
  • api: usedby_consistency
  • lxd-agent/main/agent: Fix 9p mount when relative target path is supplied
  • test: Updates udhcpd args to ensure process quits one lease acquired
  • util_linux: update terminology
  • lxd/networks: Reports profiles in UsedBy
  • lxd: Fix snapshot index retrieval
  • lxd/backups: Use backups dir for unpack
  • lxd/vm: Add udev rule fallback
  • lxd/images: Set arch names when downloading
  • lxd: More flexible compression algorithms
  • tests: Add test for compression options
  • doc/rest-api: Rename rootfs to root
  • doc/rest-api: Fix instance PATCH example
  • lxd: Fix building with clang
  • lxd/db: Add missing criteria for querying a specific public image
  • lxd/db: Add the Errored storage state when rendering the Status field
  • lxd/cluster: If raft node 1 gets remove during recovery, add it back
  • lxd/db: Make GetNework() return an error if the network is pending
  • lxd/db: Rename NetworkCreatePending to CreatePendingNetwork
  • lxd/db: Make GetStoragePool() return an error if the pool is pending
  • lxd/db: Rename StoragePoolCreatePending to CreatePendingStoragePool
  • lxd/firewall: Filter unwanted ethernet frame types when IP filtering is enabled
  • lxd/storage/drivers: Bump VM fs size to 100MB
  • lxd/db: Fix UsedBy for profiles on storage pools
  • lxd/storage: Use Truncate to create/grow VM files
  • lxd/db: Consider personalities in GetNodeWithLeastInstances
  • lxd/db: Avoid test failure in arch matching

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

Binary builds are also available for:

  • Linux: snap install lxd
  • MacOS: brew install lxc
  • Windows: choco install lxc

LXD 4.2 has been released

5th of June 2020

Introduction

The LXD team is very excited to announce the release of LXD 4.2!

This release brings quite a few new features and a lot of background stability and speed improvements.

The networking improvements in this release mark the beginning of more work we've set for ourselves with the final goal of having per-project virtual networks implemented through OVN. As part of this, we've done some fixes in our existing OVS handling and added VLAN filtering and some useful config reporting to LXD.

Quite a bit of effort is also going in improving our database and clustering logic, fixing issues, improving test coverage and improving performance.

One last area of focus is security where we've now begun to reap the benefits from some upstream kernel work we've been doing for the past few months/years, using those features to avoid race conditions and speed up LXD in general.

Enjoy!

New features and highlights

VLAN filtering on bridges

Those familiar with physical network switches are no doubt used to configuring your untagged and tagged VLANs for your ports or bonds. Linux software switching allows for the exact same thing, per-port selection of your untagged VLAN and a list of tagged VLANs.

Now LXD exposes that with support for both native Linux bridging and OVS.

This is implemented through the vlan and vlan.tagged config keys on a bridged nic device. The vlan property controls the untagged VLAN while vlan.tagged is a comma separated list of tagged VLANs to let through.

Expanded network state information

The /1.0/networks/NAME/state API endpoint was expanded to show bond and bridge specific details. This makes it easier to remotely inspect a LXD host, particularly useful when in a cluster.

The bond details look like this:

stgraber@castiana:~$ lxc query /1.0/networks/bond0/state | jq .bond
{
  "down_delay": 500,
  "lower_devices": [
    "dum0",
    "dum1"
  ],
  "mii_frequency": 100,
  "mii_state": "up",
  "mode": "balance-rr",
  "transmit_policy": "layer2",
  "up_delay": 100
}

The bridge details look like this:

stgraber@castiana:~$ lxc query /1.0/networks/lxdbr0/state | jq .bridge
{
  "forward_delay": 1500,
  "id": "8000.06099e00b912",
  "stp": false,
  "upper_devices": [
    "tap1053b4fd",
    "tapef45d46d",
    "veth1651f83f",
    "veth8eb3fb1a"
  ],
  "vlan_default": 1,
  "vlan_filtering": true
}

Support for custom search domains

A new domain.search config key on networks can be used to set a comma-separate listed of search domains to advertise to the instances.

New IPv4 and IPv6 columns in network lists

The default output of lxc network list now shows the IPv4 and IPv6 subnets. This makes it quite a bit easier to recognize your networks.

stgraber@castiana:~$ lxc network list
+--------+----------+---------+----------------+---------------------------+-------------+---------+
|  NAME  |   TYPE   | MANAGED |      IPV4      |           IPV6            | DESCRIPTION | USED BY |
+--------+----------+---------+----------------+---------------------------+-------------+---------+
| bond0  | bond     | NO      |                |                           |             | 0       |
+--------+----------+---------+----------------+---------------------------+-------------+---------+
| eth0   | physical | NO      |                |                           |             | 0       |
+--------+----------+---------+----------------+---------------------------+-------------+---------+
| eth1   | physical | NO      |                |                           |             | 0       |
+--------+----------+---------+----------------+---------------------------+-------------+---------+
| lxdbr0 | bridge   | YES     | 10.166.11.1/24 | fd42:4c81:5770:1eaf::1/64 |             | 16      |
+--------+----------+---------+----------------+---------------------------+-------------+---------+
| wlan0  | physical | NO      |                |                           |             | 0       |
+--------+----------+---------+----------------+---------------------------+-------------+---------+

mips & riscv64 support for containers and s390x support for VMs

Support for various MIPS variants has been added, allowing LXD to be built and run on MIPS systems.

RISC-V 64bit support was also added and confirmed to work with containers.

ubuntu@riscv64:~$ lxc list -cns46ta
+------+---------+----------------------+-----------------------------------------------+-----------+--------------+
| NAME |  STATE  |         IPV4         |                     IPV6                      |   TYPE    | ARCHITECTURE |
+------+---------+----------------------+-----------------------------------------------+-----------+--------------+
| b1   | RUNNING | 10.108.12.160 (eth0) | fd42:5832:5781:1eaf:216:3eff:fedd:884d (eth0) | CONTAINER | riscv64      |
+------+---------+----------------------+-----------------------------------------------+-----------+--------------+

In both cases, image selection is effectively non-existent, so you're pretty much stuck with Busybox for now!

On the VM front, we've added support for s390x virtual machines.

Using pidfds for all container subprocesses

LXD frequently spawns subprocesses that are fed a PID coming from a container. This can be racy in some situations, allowing for the process to exit and the PID be recycled before we interact with it, causing us to accidentally interact with the wrong thing.

That's what @brauner's work on pidfds in the Linux kernel is meant to fix and LXD and LXC now make us of those whenever possible, passing a file descriptor to a particular process rather than passing its PID.

LVM volumes only active when needed

LVM now behaves in the same way as ZFS and CEPH by keeping LVs inactive unless the instance is running. This reduces clutter in /dev and can lead to some small performance improvements.

DB query tracing support

A new trace option has been added for debugging database queries in LXD. Starting the daemon with --debug --trace database will have all SQL queries logged.

Better cluster life-cycle handling

We've recently been expanding our automated testing for our external dqlite/raft/libco projects, fixed a number of issues found by other downstream users and moved some of LXD's logic into the upstream codebases.

LXD's clustering tests have also been expanded to test more cases of leadership changes, node restarts and handling of degraded setups.

A common source of issues with any clustered environment is time skew. You get more than a few seconds and it can wreck havoc on scheduled tasks, events and more. To help with this, LXD now uses its internal heartbeats as a way to detect time skews and will log a warning in its log whenever one is detected or resolved.

Cleaned up database functions

Still on the database front, a lot more of the database logic has been moved over to our code generator, limiting the risk of mistakes when writing that code. A number of functions have been deprecated as a result and some codepaths optimized to run within a single transation.

Complete changelog

Here is a complete list of all changes in this release:

  • shared/generate/db: Fix generation of Exists method
  • lxd/db: Make generated code stable across "make update-schema" runs
  • lxd/db: Leverage code-generation for certificates
  • shared: Rewrite OpenPty without cgo
  • openpty: use O_CLOEXEC directly
  • openpty: use fchown()
  • openpty: first unlock the master, then get a slave fd
  • openpty: use TIOCGPTPEER if available
  • lxd/storage/drivers/driver/lvm/utils: Adds lvmSnapshotSeparator constant and updates lvmFullVolumeName to use it
  • lxd/storage/drivers/driver/lvm/utils: Adds lvmEscapedHyphen and updates lvmFullVolumeName usage
  • lxd/storage/drivers/driver/lvm/utils: Adds parseLogicalVolumeSnapshot function
  • lxd/storage/drivers/driver/lvm/utils: Adds tests for parseLogicalVolumeSnapshot
  • lxd/storage/drivers/driver/lvm/volumes: Updates VolumeSnapshots to use parseLogicalVolumeSnapshot
  • test: Adds tests for snapshot naming conflicts
  • lxd/firewall/drivers: Fix nft syntax
  • lxc/project: Fix remote handling
  • tests: Fix bad project switch call
  • lxd/seccomp: Fix profile conflict between projects
  • lxd/storage/drivers/driver/lvm/utils: Adds activateVolume and deactivateVolume functions
  • lxd/storage/drivers/driver/lvm/utils: Set --setactivationskip on in createLogicalVolume
  • lxd/storage/drivers/driver/lvm/utils: Set --setactivationskip on in createLogicalVolumeSnapshot
  • lxd/storage/drivers/driver/lvm/utils: Activate volume in copyThinpoolVolume when regeneration FS UUID
  • lxd/storage/drivers/driver/lvm: Dont activate all volumes on pool mount
  • lxd/storage/drivers/driver/lvm/volumes: Activate volume before generic copy in CreateVolumeFromCopy
  • lxd/storage/drivers/driver/lvm/volumes: Activate volume in SetVolumeQuota
  • lxd/storage/drivers/driver/lvm/volumes: Activate volume in MountVolume
  • lxd/storage/drivers/driver/lvm/volumes: Deactivate volume in UnmountVolume
  • lxd/storage/drivers/driver/lvm/volumes: Acticate volume before generic migrate in MigrateVolume
  • lxd/storage/drivers/driver/lvm/volumes: Activate volume in MountVolumeSnapshot
  • lxd/storage/drivers/driver/lvm/volumes: Deactivate volume in UnmountVolumeSnapshot
  • lxd/storage/drivers/driver/lvm/volumes: Activate volume before FS UUID regen in RestoreVolume
  • openpty: fix TIOCGPTPEER usage
  • Make network address bind error fatal when clustered
  • lxd/storage/drivers/driver/btrfs/utils: Renames metadatHeader to restorationHeader
  • lxd/storage/drivers/driver/btrfs/volumes: d.restorationHeader usage
  • lxd/storage/drivers/driver/btrfs/volumes: Clarifies comments in MigrateVolume
  • lxd/storage/drivers/driver/btrfs/volumes: Adds safety net against failed matching of subvolumes
  • lxd/storage/drivers/driver/btrfs/utils: Fix deleteSubvolume to support recursive delete with intermediate ro subvols
  • lxd/storage/drivers/utils: Mark BTRFSSubVolumeMakeRo and BTRFSSubVolumeMakeRw deprecated
  • lxd/storage/drivers/driver/btrfs/volumes: Updates RestoreVolume to restore subvolume ro property
  • test: Adds BTRFS subvolume tests
  • lxd/storage/memorypipe: Fixes issue with partial reads losing data
  • lxd/storage/drivers/driver/btrfs/volumes: Restores subvolumes ro property in CreateVolumeFromCopy
  • lxd/storage/drivers/driver/btrfs/utils: Adds marshal tags to BTRFSSubVolume and BTRFSMetaDataHeader
  • lxd/device/nic/bridged: Updates github.com/mdlayher/netx/eui64
  • fix IPVLAN docs
  • lxd/cluster: Don't run a connection proxy when connecting with the Go dqlite client
  • lxd/cluster: Extract dqlite network proxy logic to standalone function and support cancellation
  • lxd/cluster: Use dqliteProxy in raftDial
  • lxd/cluster: Use ReadClose() to gracefully stop the dqlite proxy
  • lxd/device/device/utils/generic: Removes deviceNameEncode and deviceNameDecode
  • lxd/storage/drivers/utils: Adds PathNameEncode and PathNameDecode
  • lxd/device/device: PathNameEncode and PathNameDecode usage
  • lxd/storage/drivers/driver/types: Adds OptimizedBackupHeader field to Info
  • lxd/backup/backup: Adds OptimizedHeader field to Info struct
  • lxd/backup: Updates backupWriteIndex to populate the OptimizedHeader field
  • lxd/storage/drivers/driver/btrfs: Sets OptimizedBackupHeader to true in Info struct response
  • lxd/storage/drivers/driver/btrfs/utils: Adds warning to BTRFSSubVolume and BTRFSMetaDataHeader about shared usage
  • lxd/storage/drivers/driver/btrfs/volumes: Updates BackupVolume to add subvolumes to optimized backup file
  • lxd/storage/drivers/interface: Update CreateVolumeFromBackup to pass srcBackup backup.Info
  • lxd/storage/backend/lxd: Pass srcBackup in CreateInstanceFromBackup
  • lxd/storage/drivers: CreateVolumeFromBackup srcBackup backup.Info usage
  • lxd/backup/backup: Updates GetInfo to set optimizedHeaderFalse false if not present in yaml file
  • lxd/storage/drivers/driver/btrfs/utils: Adds loadOptimizedBackupHeader
  • lxd/storage/drivers/driver/btrfs/volumes: Updates CreateVolumeFromBackup to restore subvolumes using optimized header file
  • lxd/storage/drivers/driver/btrfs/volumes: Simplifies parent volume logic in BackupVolume
  • lxd/storage/drivers/driver/btrfs/volumes: Simplifies parent volume logic for MigrateVolume
  • test: Adds BTRFS backup subvolume tests
  • lxd/storage/drivers/driver/btrfs/utils: Removes receiveSubvolume
  • lxd/storage/drivers/driver/btrfs/utils: Adds receiveSubVolume function
  • lxd/storage/drivers/driver/btrfs/volumes: Updates CreateVolumeFromMigration to use receiveSubVolume
  • lxd/resources/memory: Fix memory calculation
  • lxd: Improve logging of shutdown errors
  • lxd/instances/post: Delete restored instance on backup post hook failure
  • Fix 'how to mount home directory' shiftfs FAQ
  • shared: build fs_{32,64}bit.go on mips*
  • lxd/util: build fs_{32,64}bit.go on mips*
  • lxd/rsync: Adds optional rsync arguments to LocalCopy
  • lxd/storage/utils: Fixes ImageUnpack to not erase generated rootfs block file when doing rsync
  • ethtool: don't report -1 for speed in ethtoolLink()
  • lxd/storage/quota/projectquota: Fixes leaking file handles in quota_set_path and quota_get_path
  • lxd/storage/quota/projectquota: Adds inherit argument to quota_set_path
  • lxd/storage/quota/projectquota: Updates SetProject to recursively set project and support non-directory files
  • lxd/storage/drivers/driver/dir/utils: Updates deleteQuota to use DeleteProject
  • lxd/storage/drivers/driver/dir/volumes: Adds quota revert in CreateVolumeFromBackup post hook
  • Always skip offline servers when rebalancing
  • When demoting a voter to spare, transition to stand-by first
  • test/clustering: Make sure that a killed voter can't dsirupt current leader
  • lxd/cluster: Use a dedicated channel to stop the dqlite proxy
  • lxd: Call Deamon.Kill() also when receiving signals (so db transactions won't be retried)
  • lxd/db: Add Cluster.Kill() method to prevent retrying upon shutdown
  • lxd/firewall/drivers/driver/nftables/templates: Fixes proxy nat rule dynamic family
  • shared/util_linux.go: cast Rdev uint64 for mips
  • lxd/storage/quota/projectquota.go: cast Rdev uint64 for mips
  • lxd/device/device_utils_unix.go: cast Rdev uint64 for mips
  • lxd/device/gpu.go: cast Rdev uint64 for mips
  • shared: Reimplement GetPollRevents without cgo
  • lxd-agent: Build statically
  • Drop gccgo
  • lxd-p2c: Drop cgo
  • shared/ucred: Cleanup package
  • lxd/api: Don't strip double slashes
  • lxd/operations: Improve error message when database insertion fails
  • lxd/db: Change UpdateCertificate to RenameCertificate (only renaming supported)
  • lxd/db: Rename containers.go to instances.go
  • shared/generate/db: Statement for deleting references (config and devices)
  • lxd/db: Generate delete stements for profile config and devices
  • shared/generate/db: update statement: take ID instead of natural key
  • shared/generate/db: Handle config and devices in Update method
  • lxd/db: Generate Update method for profiles
  • lxd: Plug new UpdateProfile() db method into doProfileUpdate
  • lxd: Plug new UpdateProfile() db method into updatePoolPropertyForAllObjects
  • lxd/db: Generate delete statements for instance config, devices and profiles
  • lxd/db: Generate UpdateInstance method
  • lxd/instance: Plug the new UpdateInstance method and replace legacy logic
  • lxd/db: Drop AddDevicesToEntity
  • lxd/storage/drivers/driver/common: Logging quoting consistency
  • lxd/storage/drivers: Adds storage_lvm_skipactivation patch
  • test: Drive-by fix for flaky clustering rebalance test
  • Recommend to increase the value of aio-max-nr for production use
  • lxd/firewall/firewall/interface: Change definition of Compat() to return compat issue error
  • lxd/firewall/drivers/driver/nftables: Updates Compat() to return compat issues as error
  • lxd/firewall/drivers/drivers/xtables: Updates Compat() to return compat issues as error
  • shared/simplestreams: Support uefi1.img
  • lxd/firewall/firewall/load: Updates driver detection to warn when falling back to non-compatible xtables
  • lxd/storage/pools: Improves delete pool error info
  • instance_exec: don't panic
  • lxd/qemu: Handle quoted raw.qemu
  • lxd/main_forkproxy: Reduce logging
  • lxd/networks: Warn on small IPv6 subnets
  • lxd/network: Force DHCP custom gateway
  • api: Add network_dns_search
  • lxd/network: Support specifying search domain
  • lxc/list: Add disk and memory columns
  • i18n: Update translation template
  • lxd/storage/drivers: Make sure tar reader context is cancelled before defer
  • lxc/list: Fix test
  • shared/archive: Wraps cancelFunc to wait until unpacker process has finished in CompressedTarReader
  • lxd/cluster: Transfer leadership before adjusting roles, not after
  • lxd/cluster: Add time skew detection
  • test: Wait a few more seconds for the rebalance to happen
  • lxd/daemon.go: Don't try to rebalance after shutdown sequence has started
  • lxd/cluster: Don't try to rebalance a standalone node
  • lxc/ucred: Simplify logic
  • lxd/qemu: Cleanup arch checks
  • lxd/qemu: Add s390x support
  • lxd/api: Fail /internal/ready requests made after shutdown has started
  • lxc/config: Add -e shorthand
  • lxc/network: Add IPv4/IPv6 columns
  • forkfile: port to using pidfds
  • forkmount: port to using pidfds
  • forkproxy: port to using pidfds
  • syscall_numbers: update
  • forknet: port to pidfds
  • forkuevent: port to pidfds
  • forksyscall: port to pidfds
  • daemon: record "pidfd" extension
  • api: Add container_nic_routed_limits
  • lxd/device/nic/routed: Add limits support
  • lxd/storage/lvm: Correct bad VG name in patch
  • shared/subprocess: Better handle slow systems
  • tests: Don't assume bridge MTU can be forced up
  • lxd/db: Use query.SelectString helper in GetLocalImages()
  • lxd/db: Use query.SelectString helper in GetImagesFingerprints()
  • shared/generate/db: Support int64 fields
  • lxd/db: Initial code generation for images (without references)
  • lxd/db: Use the generated GetImages code to implement GetExpiredImages
  • lxd/db: Use query.SelectObjects helper in GetImageSource
  • lxd/db: Use query.SelectStrings helper in ImageSourceGetCachedFingerprint
  • lxd/db: Use query.Count helper in ImageExists
  • lxd/db: Use query.Count helper in ImageIsReferencedByOtherProjects
  • lxd/db: Use query.UpsertObject helper in CreateImageSource
  • lxd/db: Use auto-generated GetImages() to implement GetImage()
  • lxd/cluster: Drive-by fix for flaky rebalance test
  • lxd/db: Use auto-generated GetImages to implement GetImageFromAnyProject
  • lxd/db: Usage query.DeleteObject to implement DeleteImage
  • lxd/db: Use query.SelectStrings to implement GetImageAliases
  • lxd/db: Use a single transaction in GetImageAlias
  • lxd/db: Use a single transaction in DeleteImageAlias
  • lxd/db: Use single transaction in CreateImageAlias
  • lxd/db: Usage single transaction in CreateImage
  • lxd/db: Use query.SelectIntegers helper in GetPoolsWithImage
  • lxd/db: Use a single transaction in GetPoolNamesFromIDs
  • lxd/db: Use explicit transaction in GetInstanceProjectAndName
  • lxd/db: Drop unused DeleteInstanceConfig
  • fork*: add "--" to not misinterpret negative integers as flags
  • lxd/storage/utils: Removes unused name arg from VolumeFillDefault
  • lxd/instance/drivers: storagePools.VolumeFillDefault usage
  • lxd/patches: driver.VolumeFillDefault usage
  • lxd/storage/utils: VolumeFillDefault usage
  • lxd/storage/utils: Updates VolumeValidateConfig to require volume type
  • lxd/storage/utils: Adds VolumeDBTypeToType function
  • lxd/storage/utils: Updates VolumeDBCreate to pass volume type
  • lxd/storage/drivers/utils: Updates ensureVolumeBlockFile to reject unsafe volume shrinking
  • lxd/storage/drivers/geneirc/vfs: Removes genericVFSResizeBlockFile
  • lxd/storage/drivers: ensureVolumeBlockFile usage
  • lxd/storage/drivers/volume: Adds SetQuota function
  • lxd/storage/drivers/volume: Adds config functions
  • lxd/storage/drivers/driver/lvm/utils: Removes functions moved into Volume struct
  • lxd/storage/drivers/driver/lvm/utils: Usage of volume config functions
  • lxd/storage/drivers/driver/lvm/volumes: Volume config function usage
  • lxd/storage/drivers: Replace volumeSize() with vol.ConfigSize()
  • forknet: add missing "--" to forknet invocation on detach
  • process_utils: remove a bunch of unused functions
  • lxd: Make use of ExitCode
  • share/subprocess: Reduce sleep back to 5
  • lxd/instances/lxc: Fix calls to forknet
  • forkmount: prevent interpreting negative numbers as flags
  • shared/subprocess: Ensure monitor routine exits
  • shared/subprocess: Properly reset state
  • tests: Fix btrfs test on non-shiftfs
  • tests: Old kernels don't let you rmdir btrfs
  • shared/subprocess: Fix Stop handling
  • lxd/storage/utils: Updates ImageUnpack to detect too small volume for qcow2 image and increase size before unpack
  • lxd/storage/utils: Adds checks to ImageUnpack before enlarging volume
  • lxd/storage/drivers/driver/types: Updates VolumeFiller Fill function to take a Volume
  • lxd/storage: Updates volume filler usage to supply Volume rather than mount path
  • lxd/storage/drivers/volume: Adds ConfigSizeFromSource function
  • lxd/storage/drivers/driver/lvm/utils: Updates copyThinpoolVolume to only use vol.config["size"] for resizing
  • lxd/storage/drivers/driver/lvm/utils: Updates Volume type in createLogicalVolumeSnapshot definition
  • lxd/storage/drivers/driver/common: Adds runFiller function
  • lxd/storage/backend/lxd: Updates imageFiller to return volume size
  • lxd/storage/backend/lxd: Updates CreateInstanceFromImage to load image vol DB record
  • lxd/storage/backend/lxd: Updates EnsureImage to record volatile.rootfs.size for block images
  • lxd/storage/drivers/driver/types: Updates VolumeFiller definition to store size
  • lxd/storage/utils: Validates volatile.rootfs.size key for image volumes in validateVolumeCommonRules
  • lxd/storage/utils: Updates ImageUnpack to return image virtual size
  • lxd/storage/drivers/driver/btrfs/volumes: d.runFiller usage
  • lxd/storage/drivers/driver/ceph/volumes: d.runFiller usage
  • lxd/storage/drivers/driver/cephfs/volumes: d.runFiller usage
  • lxd/storage/drivers/driver/dir/volumes: d.runFiller usage
  • lxd/storage/drivers/driver/lvm/volumes: d.runFiller usage
  • lxd/storage/drivers/driver/zfs/volumes: d.runFiller usage
  • lxd/storage/drivers/volume: Adds SetConfigSize function
  • lxd/storage/backend/lxd: Updates CreateInstanceFromImage to use vol.ConfigSizeFromSource to dervice volume size
  • lxd/storage/drivers: Updates CreateVolumeFromCopy to only use vol.config["size"] for resizing
  • lxd: Reduce number of transactions in containerPostClusteringMigrate
  • lxd/db: Use query.SelectStrings helper in LegacyContainersList
  • lxd/db: Rename dbDeviceTypeToString to deviceTypeToString
  • lxd/db: Group ClusterTx image methods together
  • lxd/db: Rename ImageSourceGetCachedFingerprint to GetCachedImageSourceFingerprint
  • lxd/storage/drivers/utils: ensureVolumeBlockFile comment clarification
  • lxd/storage/drivers/utils: Renames BlockDevSizeBytes to BlockDiskSizeBytes
  • lxd/storage/utils: drivers.BlockDiskSizeBytes usage
  • lxd/storage/utils: Simplifies InstanceDiskBlockSize with drivers.BlockDiskSizeBytes usage
  • lxd/storage/drivers/generic/vfs: Simplifies genericVFSBackupVolume with drivers.BlockDiskSizeBytes usage
  • lxd/storage/backend/lxd: Whitespace in CreateInstanceFromBackup
  • lxd/storage/drivers/driver/ceph/volumes: BlockDiskSizeBytes usage in SetQuota
  • lxd/storage/drivers: Updates dir and btrfs to support filler volume enlargement
  • lxd/db: Group ClusterTx instance methods together
  • lxd/db: Rename AddProfilesToInstance to addProfilesToInstance
  • lxd/db: Move instance backup methods to backups.go
  • lxd/db: Rename InstanceBackupArgs to InstanceBackup
  • lxd/db: Remove unused profile functions
  • lxd/db: Move storage volumes methods to storage_volumes.go
  • lxd/storage/drivers/volume/test: Adds tests for Volume.ConfigSizeFromSource()
  • forkuevent: fix slice allocation
  • lxd/images: Set CreatedAt on publish
  • unix-hotplug: fix uevent injection
  • lxd: New command line option to trace SQL statements
  • lxd/firewall/drivers/drivers/xtables: Updates iptablesInUse to kill process once first rule found
  • lxd/backup: Fixes hang in backupCreate when invalid compression argument supplied
  • lxd/storage/utils: Removes duplicated qemu-img call in ImageUnpack
  • lxd/storage/utils: Switch to qemu-img dd mode in ImageUnpack
  • lxd/storage/drivers/utils: Exports MinBlockBoundary
  • lxd/storage/drivers: MinBlockBoundary usage
  • lxd/resources: Handle missing cache size/type
  • Update documentation with backup compression
  • lxd/rbac: New notification API
  • lxd/firewall/nft: Enhance support detection
  • lxd/device/device/utils/network: Adds networkValidVLAN and networkValidVLANList functions
  • lxd/network/network/utils: Adds linux bridge VLAN management functions
  • lxd/network: Enable VLAN filtering for managed Linux bridges
  • lxd/device/nic: Changes nicValidationRules to properly validation vlan
  • lxd/device/nic/bridged: Adds vlan validation
  • lxd/device/nic/bridged: Adds revert for veth pair cleanup on error
  • lxd/device/nic/bridged: Adds support for untagged and tagged vlan membership
  • doc: Documents NIC bridged vlan and vlan.tagged settings
  • api: Adds API extension instance_nic_bridged_vlan
  • lxd/firewall/drivers/drivers/xtables: Drops tagged vlan frames when using IP filtering
  • lxd/firewall/drivers/drivers/nftables: Drops tagged vlan frames when using IP filtering
  • test: Adds bridged VLAN tests
  • Fix regression in GetImageFromAnyProject
  • doc/security: Adds notes about IPv6 router advertisement security
  • lxd/device/nic/bridged: Corrects vlan comment
  • lxd/network/network/utils: Improve comments on ovs switch attach/detach
  • lxd/network/network/utils: Improves arg name in network attach/detach functions
  • lxd/device/bic/bridged: Fixes openvswitch port leak when device is stopped
  • lxd/network/utils: Adds IsNativeBridge function
  • lxd/device/device/utils/network: Allow VLAN ID 0 in networkValidVLAN
  • test: Updates bridged vlan ID range tests
  • lxd/device/nic/bridged: Adds openvswitch vlan support
  • test: Adds LXD_NIC_BRIDGED_DRIVER test environment variable
  • lxd/maas: Fix support for multiple subnets
  • lxd/maas: Support projects
  • lxd/dnsmasq: Add project suffix
  • Remove incorrect statement about supported network devices with virtual machines According documentation supported types with virtual machines are physical, bridged, macvlan, p2p, sriov
  • lxd/rbac: Fix auth for non-RBAC trusted clients
  • global: Add riscv64 to build tags
  • Stop using Driver.SetContextTimeout() which is a no-op
  • use the coreos fork of boltdb since the original is archived/abandoned
  • i18n: Update translations from weblate
  • api: Add network_state_bond_bridge
  • shared/api: Extend NetworkState for bridge/bond
  • lxd/networks: Add bridge/bond details

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

Binary builds are also available for:

  • Linux: snap install lxd
  • MacOS: brew install lxc
  • Windows: choco install lxc

LXD 4.1 has been released

8th of May 2020

Introduction

The LXD team is very excited to announce the release of LXD 4.1!

This is the first feature release following the release of 4.0 LTS. As a normal feature release, LXD 4.1 is only supported until 4.2 is released, usually about a month afterwards.

The bulk of the changes are bugfixes and refactoring we've done since the 4.0 release, but there are also a number of smaller features and improvements.

Enjoy!

New features and highlights

Push and relay support for images

Similar to instance copy/move, it's now possible to have the source server push an image directly to the target server or have the client tool relay between servers.

This makes it easier to deal with firewalls in between servers.

lxc image copy source:some-image target: --mode=push
lxc image copy source:some-image target: --mode=relay

Routing table support for routed NIC devices

Two new options were added on routed NIC devices:

  • ipv4.host_table
  • ipv6.host_table

Those control what routing table to insert the routing rules into. By default, this is the main routing table, but some users have indicated wanting to use alternative routing tables which this enables.

L2 mode for ipvlan NIC devices

ipvlan devices in LXD default to layer 3 symmetric mode (l3s) but a new mode option was now introduced allowing for layer 2 mode (l2) to be used as well.

Tweaks to the resources API

A new system section was added, exposing many DMI fields as well as the type of system used to run LXD (physical, virtual or container).

Additionally, NUMA nodes are now tracked at the CPU thread level and CPU die information is also recorded at the per-core level.

Example CPU output:

stgraber@castiana:~$ lxc query /1.0/resources | jq .cpu
{
  "architecture": "x86_64",
  "sockets": [
    {
      "cache": [
        {
          "level": 1,
          "size": 32768,
          "type": "Data"
        },
        {
          "level": 1,
          "size": 32768,
          "type": "Instruction"
        },
        {
          "level": 2,
          "size": 262144,
          "type": "Unified"
        },
        {
          "level": 3,
          "size": 3145728,
          "type": "Unified"
        }
      ],
      "cores": [
        {
          "core": 0,
          "die": 0,
          "frequency": 639,
          "threads": [
            {
              "id": 0,
              "numa_node": 0,
              "online": true,
              "thread": 0
            },
            {
              "id": 2,
              "numa_node": 0,
              "online": true,
              "thread": 1
            }
          ]
        },
        {
          "core": 1,
          "die": 0,
          "frequency": 658,
          "threads": [
            {
              "id": 1,
              "numa_node": 0,
              "online": true,
              "thread": 0
            },
            {
              "id": 3,
              "numa_node": 0,
              "online": true,
              "thread": 1
            }
          ]
        }
      ],
      "frequency": 648,
      "frequency_minimum": 400,
      "frequency_turbo": 3500,
      "name": "Intel(R) Core(TM) i5-7300U CPU @ 2.60GHz",
      "socket": 0,
      "vendor": "GenuineIntel"
    }
  ],
  "total": 4
}

Example system output:

stgraber@castiana:~$ lxc query /1.0/resources | jq .system
{
  "chassis": {
    "serial": "PF0QD1U7",
    "type": "Notebook",
    "vendor": "LENOVO",
    "version": "None"
  },
  "family": "ThinkPad X1 Carbon 5th",
  "firmware": {
    "date": "02/17/2020",
    "vendor": "LENOVO",
    "version": "N1MET60W (1.45 )"
  },
  "motherboard": {
    "product": "20HRCTO1WW",
    "serial": "L1HF6CX006Y",
    "vendor": "LENOVO",
    "version": "Not Defined"
  },
  "product": "20HRCTO1WW",
  "serial": "PF0QD1U7",
  "sku": "LENOVO_MT_20HR_BU_Think_FM_ThinkPad X1 Carbon 5th",
  "type": "physical",
  "uuid": "7fa1c0cc-2271-11b2-a85c-aab32a05d71a",
  "vendor": "LENOVO",
  "version": "ThinkPad X1 Carbon 5th"
}

Addition of OS data in the server information

OS information is now exposed in /1.0 and lxc info:

stgraber@castiana:~$ lxc info | grep os_
  os_name: Ubuntu
  os_version: "20.04"

New lxd cluster remove-raft-node command

This new command can be used to force the removal of a database member when LXD is unable to start due to missing database quorum.

Improved table sorting in the command line tool

Lists are now sorted by natural order, making numbered items sort properly. Additionally, in volume listings, snapshots are now listed immediately following their parent.

Complete changelog

Here is a complete list of all changes in this release:

  • doc/instances: Fix escaping
  • lxc/network: Updates network detach checks to use bridged network property
  • lxd/network/network/utils: Updates network setting detection in IsInUse
  • lxd/instance/drivers/driver/qemu: Adds host_name info to RenderState when lxd-agent is running
  • Merge pull request #7115 from tomponline/tp-bridged-network
  • lxd/networks: Fix clustered configs
  • Merge pull request #7114 from stgraber/master
  • shared/api: Move NUMANode to thread
  • lxd/resources: Set NUMANode on a per-thread basis
  • lxc/info: Update for NUMANode on thread
  • i18n: Update translation templates
  • api: resources_cpu_threads_numa
  • Merge pull request #7118 from stgraber/master
  • api: resources_cpu_core_die
  • lxd/resources: Parse and report die_id
  • lxd/storage/drivers/driver/lvm/volumes: Mount xfs snapshot with nouuid option
  • Merge pull request #7120 from stgraber/master
  • lxd/storage/drivers/driver/ceph/volumes: Adds mounting logging
  • lxd/instance/drivers/driver/lxc: Updates Render() to accept options arguments
  • lxd/instance/drivers/driver/qemu: Updates Render() to accept options arguments
  • lxd/instance/instance/interface: Updates Render() to accept options arguments
  • lxd/storage/drivers/utils: Zeros btrfs transaction log in regenerateFilesystemBTRFSUUID
  • lxd/storage/utils: Removes unused functions and constants
  • lxd/storage/utils: Adds RenderSnapshotUsage function
  • lxd/instance/snapshot: Adds storagePools.RenderSnapshotUsage to Render() in containerSnapshotsGet and snapshotGet
  • lxd/instance/drivers/driver/lxc: Use storagePools.RenderSnapshotUsage in RenderFull()
  • lxd/instance/drivers/driver/qemu: Use storagePools.RenderSnapshotUsage in RenderFull()
  • lxd/instance/instance/utils: Removes unused WriteBackupFile
  • lxd/storage/drivers/utils: Changes regenerateFilesystemUUID to use expanded arg definitions
  • lxd/storage/drivers/driver/ceph/utils: Changes generateUUID to not map device
  • lxd/storage/drivers/driver/ceph/volumes: d.generateUUID updated signature usage
  • lxd/storage/drivers/driver/ceph/volumes: Adds BTRFS UUID regeneration to MountVolumeSnapshot
  • lxd/storage/drivers/driver/zfs/volumes: Comment clarification
  • lxd/storage/drivers/volume: Adds support for setting custom mount path
  • lxd/storage/drivers/driver/btrfs/volumes: Create temporary snapshot in BackupVolume()
  • lxd/storage/drivers/driver/btrfs/volumes: Renames container vars to instance
  • lxd/storage/drivers/driver/btrfs/volumes: Consistent quoting of error message variables
  • Merge pull request #7117 from tomponline/tp-storage-mountsnapshots-uuid
  • Merge pull request #7122 from tomponline/tp-storage-export-snapshots
  • lxd/main_activateifneeded: s/container/instance/
  • lxd/instance/drivers: Removes storagePools.RenderSnapshotUsage from RenderFull()
  • lxd/storage/drivers/driver/zfs/volumes: Create temporary snapshot in BackupVolume()
  • lxd/storage/backend/lxd: Checks for existance of volume before deleting
  • lxd/instance: Switches to revert package for instanceCreateAsSnapshot
  • lxd/storage/backend/lxd: Comment tweak
  • lxd/storage/drivers/driver/ceph/volumes: Tweaks HasVolume detection
  • Merge pull request #7129 from tomponline/tp-storage-renderfull
  • Merge pull request #7131 from tomponline/tp-storage-export-snapshots-zfs
  • shared/subprocess/proc: Fixes race in process stopping
  • Merge pull request #7132 from tomponline/tp-storage-delete-volume-checks
  • lxd/main_activateifneeded: Retrieve all instances
  • lxd/main_activateifneeded: Check for scheduled instance snapshots
  • lxd/main_activateifneeded: Check for scheduled volume snapshots
  • test/suites/basic: Update activateifneeded tests
  • lxd/main_activateifneeded: Use defer statement to close db
  • Merge pull request #7128 from monstermunchkin/issues/7126
  • lxd/storage/btrfs: Workaround permission issue
  • Merge pull request #7134 from stgraber/master
  • lxd/cluster: add RemoveRaftNode() to force removing a raft node
  • api: Add "DELETE /internal/cluster/raft/
    " endpoint
  • Increase timeout when calling dqlite.Client.Add() to join the cluster
  • Merge pull request #7139 from freeekanayaka/increase-join-timeout
  • lxd/storage/drivers/driver/zfs/volumes: Comment
  • lxd/storage/drivers/driver/lvm/volumes: Always return -1/ErrNotSupported for snapshot usage
  • lxd/storage/drivers/driver/dir/volumes: Always return -1/ErrNotSupported for snapshot usage
  • lxd/storage/drivers/driver/zfs/volumes: Always used 'used' property for ZFS snapshot usage
  • lxd/storage/drivers/driver/cephfs/volumes: Always return -1/ErrNotSupported for snapshot usage
  • lxd/storage/drivers/driver/btrfs/volumes: Return -1/ErrNotSupported when no quota available
  • lxd/instance: Fix typo in comment
  • lxc/action: Fix typo in help message
  • i18n: Update translation templates
  • Merge pull request #7142 from stgraber/master
  • lxd: Add "lxd cluster remove-raft-node" recovery command
  • doc: Add paragraph about "lxd cluster remove-raft-node"
  • test: Add test exercising "lxd cluster remove-raft-node"
  • Merge pull request #7141 from tomponline/tp-storage-snapshot-usage
  • Merge pull request #7138 from freeekanayaka/remove-raft-node
  • lxd/storage/lvm: Always call vgchange on mount
  • Merge pull request #7146 from stgraber/master
  • lxd/patches: Fix snapshot migration
  • tests: Fix btrfs storage usage
  • Merge pull request #7147 from stgraber/master
  • lxd/storage/drivers/volume: Only chmod if needed in EnsureMountPath
  • lxd/storage/drivers/volume: Removes unnecessary variable
  • lxd/storage/drivers/driver/zfs/volumes: Ensure volumes created from copy have correct perms
  • lxd/storage/drivers: Call EnsureMountPath() in MountVolume()
  • lxd/storage/drivers: Call EnsureMountPath() in MountVolumeSnapshot()
  • lxd/storage/drivers/driver/btrfs/volumes: Adds revert to CreateVolume
  • lxd/storage/drivers/driver/btrfs/volumes: Comment in CreateVolumeFromCopy
  • lxd/storage/drivers/driver/lvm/utils: EnsureMountPath after copying thin volume
  • lxd/storage/drivers/driver/cephfs/volumes: typo
  • lxd/storage/drivers/driver/cephfs/volumes: Calls vol.EnsureMountPath after filling
  • lxd/storage/drivers/driver/ceph/volumes: Calls EnsureMountPath to fix perms after copying volume
  • lxd/storage/drivers/driver/lvm/volumes: Fixes temporary snapshot volume cleanup for VMs
  • Merge pull request #7144 from tomponline/tp-storage-snapshot-mnt-create
  • lxd/storagr/drivers/driver/ceph/volumes: Adds support for snapshot usage reporting
  • lxd/storage/drivers/driver/lvm/volumes: Clarifies comments on LVM volume usage reporting
  • Merge pull request #7151 from tomponline/tp-storage-ceph-snapshot-usage
  • shared/osarch: Coding style
  • shared/osarch: Don't fail on missing os-release
  • shared/api: Add OS information
  • lxd/api: Add OS information
  • api: Add api_os
  • lxc: Use natural string sorting
  • lxc: Group snapshot and parent
  • lxd/main: Move forkzfs mntns to cgo
  • Merge pull request #7154 from stgraber/master
  • Merge pull request #7155 from stgraber/cli
  • Merge pull request #7156 from stgraber/zfs
  • doc/networks: Adds note about firewalld and DHCP/DNS
  • Merge pull request #7158 from tomponline/tp-bridged-firewalld
  • lxd/device/nic/routed: Improves validation of sysctl settings when using vlan option
  • lxd/device/nic/routed: Corrects misleading error message when setting sysctls
  • Merge pull request #7159 from tomponline/tp-nic-routed-validation
  • lxd/storage/drivers/generic/vfs: Log when creating snapshots
  • lxd/storage/drivers/driver/zfs/volumes: Fix migrating VM block volumes in MigrateVolume
  • lxd/storage/memorypipe: Adds context support for cancellation
  • lxd/storage/backend/lxd: memorypipe cancellation usage
  • lxd/device/nic/sriov: Updates networkGetVirtFuncInfo to use json output from ip tool
  • Merge pull request #7160 from tomponline/tp-storage-vm-migration
  • doc: Add missing os_api extension
  • Merge pull request #7165 from stgraber/master
  • Merge pull request #7163 from tomponline/tp-nic-sriov
  • lxd/storage/drivers/driver/dir/utils: Removes default project quota
  • Merge pull request #7166 from tomponline/tp-storage-dir-quota
  • forkexec: mark fd cloexec so the attaching process doesn't inherit it
  • Merge pull request #7167 from brauner/2020-04-10/fixes
  • forkexec: close all inherited fds
  • Merge pull request #7168 from brauner/2020-04-10/fixes
  • forkexec: log unexpected fds
  • Merge pull request #7169 from brauner/2020-04-10/fixes
  • lxd/daemon: Ignore .zfs in volumes
  • Merge pull request #7170 from stgraber/master
  • lxd/network: Push MTU over DHCP
  • Merge pull request #7171 from stgraber/master
  • shared/api: Drop invalid Managed key in NetworksPost
  • lxd: Drop invalid use of Managed property
  • Merge pull request #7173 from stgraber/network
  • lxd/devices/disk: Prevent recursive & readonly
  • Merge pull request #7177 from stgraber/master
  • lxc/instance/drivers: Set new name before renaming backups
  • test: Extend backup rename
  • lxd/instance/drivers: Add revert steps when renaming instance
  • Merge pull request #7182 from monstermunchkin/issues/7176
  • lxd/instance/drivers/driver/qemu: Allow up to 8 NIC devices
  • lxd/instance/drivers/driver/qemu/templates: Note that lxd_ disk device name prefix should not be changed
  • Merge pull request #7185 from tomponline/tp-vm-pci
  • Merge pull request #7183 from tomponline/tp-vm-device-comment
  • doc/instances: Clarify config conditions
  • doc/index: Clarify bind-mount in FAQ
  • Merge pull request #7186 from stgraber/master
  • lxd/instances: Better use userRequested on Update
  • Merge pull request #7190 from stgraber/master
  • lxd/device/nic: Adds host_table setting validation rule
  • lxd/device/nic/routed: Fix sysctl command suggestion when using vlans
  • lxd/device/nic/routed: Add host_table support
  • api: Adds container_nic_routed_host_table extension
  • doc: Adds documentation for routed NIC host_table setting
  • suites/container/devices/nic/routed: Adds tests for custom routing tables
  • Merge pull request #7192 from tomponline/tp-nic-routed-hosttable
  • lxd/device/nic/ipvlan: Improve validation of sysctl settings when vlan setting used
  • lxd/device/nic/ipvlan: Adds host_table setting support
  • api: Adds container_nic_ipvlan_host_table extension
  • doc: Adds documentation for ipvlan NIC host_table setting
  • test/suites/container/devices/nic/ipvlan: Adds tests for custom routing tables
  • test/clustering: increase timing to detect offline node
  • Merge pull request #7193 from tomponline/tp-nic-ipvlan-hosttable
  • api: Adds container_nic_ipvlan_mode extension
  • lxd/device/nic/ipvlan: Adds support for l2 mode
  • doc/instances: Documents ipvlan l2 mode
  • test/suites/container/devices/nic/ipvlan: Adds l2 mode tests
  • Merge pull request #7197 from freeekanayaka/tweak-clustering-membership-test-timings
  • Merge pull request #7196 from tomponline/tp-nic-ipvlan-l2
  • shared/version/api: Add resources_system API extension
  • doc/api-extensions: Add resources_system
  • shared/api/resource: Add system resources
  • lxd/resources: Add new system resources
  • lxd/resources: Retrieve system information
  • shared/util: Never look into the snap
  • Merge pull request #7194 from monstermunchkin/issues/7189
  • Merge pull request #7198 from stgraber/master
  • lxd/resources: serial/uuid may not be accessible
  • Merge pull request #7201 from stgraber/master
  • doc/instances: Fixes default ceph.cluster_name value
  • lxd/device/disk: Adds support to use ceph: prefix for disk source for VMs
  • Merge pull request #7206 from tomponline/tp-vm-disk-ceph
  • firewalld & lxd : how to let Firewalld control the LXD's iptables rules this is related to https://github.com/lxc/lxd/pull/7195 but this a bit more generic
  • Update networks.md
  • Merge pull request #7204 from kerphi/patch-2
  • doc/networks: Fix typo
  • i18n: Update translations from weblate
  • Update networks.md
  • Merge pull request #7210 from ckd/patch-1
  • lxd/storage/ceph: Suppport alternate conf syntax
  • Merge pull request #7211 from stgraber/master
  • lxd/init: Try to bind LXD network address when running interactively
  • lxd/instance/drivers/driver/qemu/templates: Use static PCIe address prefix for 9p devices
  • lxd/instance/drivers/drivers/qemu: Adds support for 9p disk device PCIe indexes
  • Merge pull request #7213 from freeekanayaka/validate-listen-address
  • Merge pull request #7214 from tomponline/tp-vm-pcie
  • lxd/device/nic/bridged: Dont load br_netfilter
  • Merge pull request #7217 from tomponline/tp-nic-bridged-brnetfilter
  • doc/instances: Fix swapped description
  • Merge pull request #7219 from stgraber/master
  • index.md: add PATH env variable to sudo command example
  • Merge pull request #7220 from rafaeldtinoco/master
  • shared/simplestreams: Fix VM image preference
  • Merge pull request #7225 from stgraber/master
  • lxd/devoce/device/utils/disk: Comment on diskCephfsOptions
  • lxd/device/disk: Adds cephfs support for VMs
  • lxd/device/proxy: Check for br_netfilter enabled and log warning if not
  • lxd/firewall/drivers/driver/xtables: Adds MASQUERADE hairpin proxy NAT rule
  • lxd/firewall/drivers/drivers/xtables: comments
  • Merge pull request #7226 from tomponline/tp-vm-disk-cephfs
  • lxd/device/proxy: Sets bridge port hairpin mode on when br_netfilter loaded
  • lxd/firewall/drivers/drivers/xtables: Renames toDest to connectDest
  • lxd/firewall/drivers/drivers/nftables: Renames toDest to connectDest
  • lxd/init: Improve error messages when failing to bind an address
  • lxd/firewall/drivers/drivers/nftables: Adds MASQUERADE hairpin proxy NAT rule
  • Merge pull request #7227 from freeekanayaka/improve-cant-listen-error-message
  • test/suites/container/devices/proxy: Updates tests for checking hairpin rule
  • Merge pull request #7228 from tomponline/tp-nic-bridged-nat-hairpin
  • lxd/instance/drivers/driver/qemu: Wait for onStop when restarting
  • lxd/instance/drivers/driver/qemu: Makes onStop unexported
  • lxd/instance/drivers/driver/qemu: Comment
  • Merge pull request #7229 from tomponline/tp-vm-restart
  • lxd/instance/lxc: Don't crash in setNetworkPriority
  • Merge pull request #7230 from stgraber/master
  • lxd/instances: Export type to templates
  • lxd-agent: Reboot after cloud-init seed
  • lxd/util: Tweak NetworkInterfaceAddress to only return global
  • Merge pull request #7231 from stgraber/master
  • Merge pull request #7232 from stgraber/net
  • lxd/net/util: Updates comment on NetworkInterfaceAddress behaviour change
  • Merge pull request #7234 from tomponline/tp-util-networkinterfaceaddress
  • shared/usbid: Use system database
  • Merge pull request #7235 from stgraber/master
  • lxd-agent: Support systemd-notify
  • lxd/qemu: Switch default unit type to notify
  • Merge pull request #7236 from stgraber/master
  • lxd/storage/backend/lxd: Updates CreateInstanceFromImage to use reverter
  • lxd/storage/drivers/errors: Adds ErrCannotBeShrunk error
  • lxd/storage/drivers/utils: Updates to shrinkFileSystem ErrCannotBeShrunk error
  • lxd/storage/backend/lxd: Updates CreateInstanceFromImage to detect ErrCannotBeShrunk
  • lxd/storage/drivers: Returns ErrCannotBeShrunk when block volume cannot be shrunk
  • lxd/device/proxy: Dont allow proxy_protocol to be set when in nat mode
  • lxd/device/proxy: Dont wrap lines
  • lxd/device/proxy: Improves validation
  • test/suites/container/devices/proxy: Updates tests with new validation rules
  • Merge pull request #7238 from tomponline/tp-storage-cached-size
  • lxd: Updates snapshotProtobufToInstanceArgs to support instance type
  • Merge pull request #7240 from tomponline/tp-proxy-validation
  • Merge pull request #7241 from tomponline/tp-migration-inst-type
  • lxd/qemu: Match basic NUMA layout
  • Merge pull request #7243 from stgraber/master
  • lxd/storage/drivers/driver/zfs/volumes: Delete volume on error in CreateVolumeFromCopy
  • lxd-agent/main/agent: Adds comment about reason for systemd-notify usage
  • Merge pull request #7245 from tomponline/tp-vm-agentstart
  • lxd/cgroup: Fix memory controller detection
  • Merge pull request #7244 from tomponline/tp-storage-zfz-revert
  • lxd/migration/migrate/proto: Fix alignment
  • lxd/migration: Adds volumeSize field to MigrationHeader
  • lxd/migrate: Adds VolumeSize to MigrationSinkArgs
  • lxd/migration/migration/volumes: Adds VolumeSize to VolumeTargetArgs
  • lxd/migrate/instance: Use VolumeSize from offer header in Do()
  • lxd/storage/backend/lxd: Use VolumeSize from migration header in CreateInstanceFromMigration
  • lxd/storage/drivers: Exports BlockDevSizeBytes function
  • lxd/storage/utils: Adds InstanceDiskBlockSize
  • lxd/migrate/instance: Populate offerHeader.VolumeSize for VMs
  • lxd/storage/backend/lxd: Adds VM volume size hint to CreateInstanceFromCopy
  • Merge pull request #7248 from stgraber/master
  • Merge pull request #7246 from tomponline/tp-migration-volsize
  • lxd/device/utils: Do not add the Ceph mon port if already present in /etc/ceph config file
  • Merge pull request #7249 from leopaul36/master
  • lxd/instance/qemu: Add comment on cpuTopology
  • lxd/storage/ceph: Support port in URL
  • Merge pull request #7251 from stgraber/master
  • lxd/storage/drivers/utils: Makes minBlockBoundary available to other functions
  • lxd/storage/drivers/driver/zfs/utils: Updates createVolume to use minBlockBoundary
  • lxd/storage/drivers/driver/zfs/volumes: Updates SetVolumeQuota to use minBlockBoundary
  • lxd/storage/drivers/zfs/volumes: Updates CreateVolume to allow regeneration of deleted image volumes
  • lxd/storage/drivers/driver/zfs/volumes: Dont revert on rename success
  • Merge pull request #7250 from tomponline/tp-storage-image-regeneration
  • shared/version/api: Add API extension images_push_relay
  • doc: Add images_push_relay
  • client/interfaces: Add Mode to ImageCopyArgs
  • lxc/image: Add mode flag to image copy
  • client: Add relay mode for image copy
  • lxd/images: Return token response in push mode
  • lxd/images: Allow authentication using secret
  • shared/api/image: Add ImageExportPost
  • client: Add ExportImage to ImageServer
  • lxd/images: Add POST /1.0/images/fingerprint/export
  • client: Add push mode for image copy
  • client: Add GetOperationWaitSecret
  • lxd/images: Use metadata from the client
  • lxd/images: Return operation on token validation
  • lxd/images: Add secret metadata on image create
  • client/lxd_images: Set fingerprint and secret headers
  • lxd/operations: Allow untrusted clients for /1.0/operations/{id}/wait
  • doc/rest-api: Add POST /1.0/images//export
  • test/suites/remote: Add image copy push and relay mode
  • po: Update translations
  • lxd/daemon: Remove duplicated logic
  • Merge pull request #7130 from monstermunchkin/issues/6805
  • lxd/instance/qemu: Announce LXD in SMBIOS
  • Merge pull request #7255 from stgraber/master
  • share/usbid: Don't print error when missing
  • Merge pull request #7257 from stgraber/master
  • lxd/init: Auto-detect and use Ubuntu ZFS setup
  • Merge pull request #7261 from stgraber/master
  • lxc/config: Add --expanded to get
  • i18n: Update translation templates
  • Merge pull request #7267 from stgraber/master
  • Resolve both core.https_address and cluster.https_address when comparing IPs
  • Merge pull request #7269 from freeekanayaka/allow-using-hostnames-as-cluster-addresses
  • lxd/storage/drivers/generic/vfs: Skip missing files during export
  • Merge pull request #7271 from tomponline/tp-backup-walk-missing
  • lxd/images: Fixes hang in export when invalid --compression argument passed
  • Merge pull request #7272 from tomponline/tp-export-hang
  • lxd/storage/drivers/driver/btrfs/volumes: CreateVolumeFromCopy only use expanded volume size when source is image
  • Merge pull request #7276 from tomponline/tp-storage-createfromcopy-size-btrfs
  • lxd/storage/drivers/driver/ceph/volumes: Allow cached volume regeneration in CreateVolume
  • lxd/storage/drivers/driver/ceph/utils: Uses defaultBlockSize rather than hardcoded 10GB
  • lxd/storage/drivers/driver/ceph/volumes: Adds getVolumeSize function
  • lxd/storage/drivers/driver/ceph/volumes: Removes unnecessary mount/unmount
  • lxd/storage/drivers/driver/zfs/volumes: Clarify clone comments
  • lxd/storage/drivers/driver/ceph/volumes: Dont wrap lines
  • lxd/storage/drivers/driver/ceph/volumes: Dont use clone mode when creating volume from cached image when it is disabled
  • lxd/storage/utils: VolumeDBCreate comment formatting
  • lxd/storage/drivers/driver/lvm/volumes: CreateVolumeFromCopy only set volume size from expanded config when source is image
  • lxd/storage/drivers/driver/zfs/volumes: CreateVolumeFromCopy only set volume size from expanded config when source is image
  • lxc/storage/drivers/driver/ceph/utils: Reworks parseParent to return a Volume struct
  • lxd/storage/drivers/driver/ceph/utils: Adds tests for parseParent
  • lxd/storage/drivers/driver/ceph/utils: Adds cephVolumeTypeZombieImage constant
  • lxd/storage/drivers/driver/ceph/utils: Updates rbdCreateVolume to accept string size
  • lxd/storage/drivers/driver/ceph/utils: Pass volume config in rbdMarkVolumeDeleted
  • lxd/storage/drivers/driver/ceph/utils: Pass volume config in rbdRenameVolume
  • lxd/storage/drivers/driver/ceph/utils: Replaces getRBDSize with volumeSize
  • lxd/storage/drivers/driver/ceph/utils: Dont wrap lines
  • lxd/storage/drivers/driver/ceph/utils: Updates usage of d.parseParent in deleteVolume
  • lxd/storage/drivers/driver/ceph/utils: Updates RBD naming logic in getRBDVolumeName
  • lxd/storage/drivers/driver/ceph/volumes: Ensures CreateVolumeFromCopy correctly sizes new volume
  • lxd/storage/drivers/driver/ceph/volumes: If volume doesnt exist in DeleteVolume do nothing
  • lxd/storage/drivers/driver/ceph/utils: Dont wrap lines
  • lxd/db: Rename CertificatesGet to GetCertificates
  • lxd/db: Rename CertificateGet to GetCertificate
  • lxd/db: Rename CertSave to CreateCertificate
  • lxd/db: Rename CertDelete to DeleteCertificate
  • lxd/db: Rename CertUpdate to UpdateCertificate
  • lxd/db: Drop unused ConfigValueSet
  • lxd/instances/post: Fix revert in createFromBackup
  • lxd/storage/drivers/volume: Adds allowUnsafeResize bool to Volume struct
  • lxd/storage/backend/lxd: Adds cannot shrink error handling in CreateInstanceFromBackup
  • lxd/storage/drivers/generic/vfs: Sets block volume size to file size of volume in tarball in genericVFSBackupUnpack
  • lxd/storage/drivers/driver/btrfs/volumes: No need to move GPT header if no filler used in CreateVolume
  • lxd/storage/drivers/driver/btrfs/volumes: Skip GPT header move in SetVolumeQuota when allowUnsafeResize is enabled
  • lxd/storage/drivers/driver/dir/volumes: Skip GPT header move in SetVolumeQuota when allowUnsafeResize is enabled
  • lxd/storage/drivers/driver/lvm/volumes: Allow unsafe shrinking when allowUnsafeResize is enabled
  • lxd/storage/drivers/driver/zfs/volumes: Allow unsafe shrinking when allowUnsafeResize is enabled
  • Merge pull request #7280 from tomponline/tp-storage-createfromcopy
  • lxd/storage/drivers/driver/ceph/volumes: Allow unsafe shrinking when allowUnsafeResize is enabled
  • Merge pull request #7282 from tomponline/tp-storage-backuprestore-size
  • Merge pull request #7270 from tomponline/tp-storage-image-regeneration-ceph
  • lxd/db: Rename InstanceNames to GetInstanceNames
  • lxd/db: Rename ContainerNodeAddress to GetNodeAddressOfInstance
  • lxd/db: Rename ContainersListByNodeAddress to GetInstanceNamesByNodeAddress
  • lxd/db: Rename ContainersByNodeName to GetInstanceToNodeMap
  • lxd/db: Rename ContainerNodeMove to UpdateInstanceNode
  • lxd/db: Rename ContainerNodeProjectList to GetLocalInstancesInProject
  • lxd/db: Rename ContainerConfigInsert to CreateInstanceConfig
  • lxd/db: Rename ContainerConfigUpdate to UpdateInstanceConfig
  • lxd/db: Rename InstanceRemove to RemoveInstance
  • lxd/db: Rename ContainerProjectAndName to GetInstanceProjectAndName
  • lxd/db: Rename ContainerConfigClear to DeleteInstanceConfig
  • lxd/db: Rename ContainerConfigGet to GetInstanceConfig
  • lxd/db: Rename ContainerConfigRemove to DeleteInstanceConfigKey
  • lxd/db: Rename ContainerSetStateful to UpdateInstanceStatefulFlag
  • lxd/db: Rename ContainerProfilesInsert to AddProfilesToInstance
  • lxd/db: Drop unused ContainerProfiles
  • lxd/db: Drop unused ContainerConfig
  • lxd/db: Remove unused ContainersNodeList
  • lxd/db: Rename ContainersResetState to ResetInstancesPowerState
  • lxd/db: Rename ContainerSetState to UpdateInstancePowerState
  • lxd/db: Rename ContainerUpdate to UpdateInstance
  • lxd/db: Rename InstanceSnapshotCreationUpdate to UpdateInstanceSnapshotCreationDate
  • lxd/db: Rename ContainerLastUsedUpdate to UpdateInstanceLastUsedDate
  • lxd/db: Rename ContainerGetSnapshots to GetInstanceSnapshotsNames
  • lxd/db: Rename ContainerNextSnapshot to GetNextInstanceSnapshotIndex
  • lxd/db: Rename InstancePool to GetInstancePool
  • lxd/db: Rename ContainerBackupID to getInstanceBackupID
  • Rename ContainerGetBackup to GetInstanceBackup
  • lxd/db: Rename InstanceCreateBackup to CreateInstanceBackup
  • lxd/db: Rename InstanceBackupRemove to DeleteInstanceBackup
  • lxd/db: ContainerBackupRename to RenameInstanceBackup
  • lxd/db: Rename ContainerBackupsGetExpired to GetExpiredInstanceBackups
  • lxd/storage/drivers/utils: Updates roundVolumeBlockFileSizeBytes and ensureVolumeBlockFile to take size as bytes
  • lxd/storage/drivers/generic/vfs: Updates genericVFSResizeBlockFile to accept size as bytes
  • lxd/storage/drivers/driver/btrfs/utils: Adds volumeSize function
  • lxd/storage/drivers/driver/btrfs/volumes: Updates CreateVolume to use volumeSize()
  • lxd/storage/drivers/driver/btrfs/volumes: Updates SetVolumeQuota to be byte oriented internally
  • lxd/storage/drivers/driver/ceph/utils: Updates volumeSize comment for consistency
  • lxd/storage/drivers/driver/ceph/volumes: Updates CreateVolumeFromCopy to use volumeSize()
  • lxd/storage/drivers/driver/ceph/volumes: Updates SetVolumeQuota to be byte oriented internally
  • lxd/storage/drivers/driver/dir/utils: Adds volumeSize function
  • lxd/storage/drivers/driver/dir/volumes: Updates CreateVolume to use volumeSize
  • lxd/storage/drivers/driver/dir/volumes: Updates SetVolumeQuota to be byte oriented internally
  • lxd/storage/drivers/driver/lvm/utils: Updates copyThinpoolVolume to use volumeSize()
  • lxd/storage/drivers/driver/lvm/volumes: Updates SetVolumeQuota variables and comments
  • lxd/storage/drivers/driver/zfs/utils: Adds volumeSize function
  • lxd/storage/drivers/driver/zfs/volumes: Updates CreateVolume to use volumeSize()
  • lxd/storage/drivers/driver/zfs/volumes: Updates CreateVolumeFromCopy to use volumeSize()
  • lxd/storage/drivers/driver/zfs/volumes: Updates SetVolumeQuota to be byte oriented internally
  • Merge pull request #7281 from freeekanayaka/cleanup-db-function-names
  • lxd/db: Rename DevicesAdd to AddDevicesToEntity
  • lxd/storage/backend/lxd: Detect cached image filesystem changes for VM images too
  • lxd/db: Remove unused Devices
  • lxd/db: Rename ImagesGetLocal to GetLocalImages
  • lxd/db: Rename ImagesGet to GetImages
  • lxd/db: Rename ImagesGetExpired to GetExpiredImages
  • lxd/db: Rename ImageSourceInsert to CreateImageSource
  • lxd/db: Rename ImageSourceGet to GetImageSource
  • lxd/db: Rename ImageGet to GetImage
  • lxd/db: Rename ImageGetFromAnyProject to GetImageFromAnyProject
  • lxd/db: Rename ImageLocate to LocateImage
  • lxd/db: Rename ImageAssociateNode to AddImageToLocalNode
  • lxd/db: Rename ImageDelete to DeleteImage
  • lxd/db: Rename ImageAliasesGet GetImageAliases
  • lxd/db: Rename ImageAliasGet to GetImageAlaias
  • lxd/db: Rename ImageAliasRename to RenameImageAlias
  • lxd/db: Rename ImageAliasDelete to DeleteImageAlias
  • lxd/db: Rename ImageAliasesMove to MoveImageAlias
  • lxd/db: Rename ImageAliasAdd to CreateImageAlias
  • lxd/db: Rename ImageAliasUpdate to UpdateImageAlias
  • lxd/db: Rename ImageCopyDefaultProfiles to CopyDefaultImageProfiles
  • lxd/db: Rename ImageLastAccessUpdate to UpdateImageLastUseDate
  • lxd/db: Rename ImageLastAccessInit to InitImageLastUseDate
  • lxd/db: Rename ImageUpdate to UpdateImage
  • lxd/db: Rename ImageInsert to CreateImage
  • lxd/db: Rename ImageGetPools to GetPoolsWithImage
  • lxd/db: Rename ImageGetPoolNamesFromIDs to GetPoolNamesFromIDs
  • lxd/db: Rename ImageUploadedAt to UpdateImageUploadDate
  • lxd/db: Rename ImagesGetOnCurrentNode to GetImagesOnLocalNode
  • lxd/db: Rename ImagesGetByNodeID to GetImagesOnNode
  • lxd/db: Replace ImageGetNodesWithImage with GetNodesWithImage
  • lxd/db: Rename ImageGetNodesWithoutImage to GetNodesWithoutImage
  • lxc/image: Actually refresh multiple images
  • Merge pull request #7286 from freeekanayaka/cleanup-db-function-names-part-2
  • Merge pull request #7288 from stgraber/master
  • Merge pull request #7285 from tomponline/tp-storage-filesystem-regen
  • Merge pull request #7283 from tomponline/tp-storage-volsize-consistency
  • lxd/resources: Use permanent MAC when available
  • Merge pull request #7290 from stgraber/master
  • lxd/qemu: Restrict NUMA layout to x86_64
  • Merge pull request #7293 from stgraber/master
  • Consider all nodes when looking for the leader, not only voters
  • Only attempt to transfer leadership if we are not standalone
  • Merge pull request #7297 from freeekanayaka/try-all-nodes-when-looking-for-leader
  • lxd/db: Rename NetworksNodeConfig to GetNetworksLocalConfig
  • lxd/db: Rename NetworkIDsNotPending to GetNonPendingNetworkIDs
  • lxd/db: Rename NetworkID to GetNetworkID
  • lxd/db: Rename NetworkConfigAdd to CreateNetworkConfig
  • lxd/db: Rename Networks to GetNetworks
  • lxd/db: Rename NetworksNotPending to GetNonPendingNetworks
  • lxd/db: Rename NetworksNotPending to GetNonNetworks
  • lxd/db: Rename NetworkGetInterface to GetNetworkWithInterface
  • lxd/db: Rename NetworkConfig to getNetworkConfig
  • lxd/db: Rename NetworkCreate to CreateNetwork
  • lxd/db: Rename NetworkUpdate to UpdateNetwork
  • lxd/db: Rename NetworkConfigClear to clearNetworkConfig
  • lxd/db: Rename NetworkDelete to DeleteNetwork
  • lxd/db: Rename NetworkRename to RenameNetwork
  • lxd/db: Rename NetworkNodeConfigKeys to NodeSpecificNetworkNodeConfig
  • Merge pull request #7299 from freeekanayaka/cleanup-db-function-names-part-3
  • lxd/daemon: Detect nodev and improve errors
  • Merge pull request #7300 from stgraber/master
  • lxd/db: Rename NodeByAddress to GetNodeByAddress
  • lxd/db: Rename NodePendingByAddress to GetPendingNodeByAddress
  • lxd/db: Rename NodeByName to GetNodeByName
  • lxd/db: Rename NodeName to GetLocalNodeName
  • lxd/db: Rename NodeAddress to GetLocalNodeAddress
  • lxd/db: Rename Nodes to GetNodes
  • lxd/db: Rename NodesCount to GetNodesCount
  • lxd/db: Rename NodeRename to RenameNode
  • lxd/db: Rename NodeAdd to CreateNode
  • lxd/db: Rename NodeAddWithArch to CreateNodeWithArch
  • lxd/db: Rename NodePending to SetNodePendingFlag
  • lxd/db: Rename NodeUpdate to UpdateNode
  • lxd/db: Rename NodeAddRole to CreateNodeRole
  • lxd/db: Rename NodeRemoveRole to RemoveNodeRole
  • lxd/db: Rename NodeUpdateRoles to UpdateNodeRoles
  • lxd/db: Rename NodeRemove to RemoveNode
  • lxd/db: Rename NodeHeartbeat to SetNodeHeartbeat
  • lxd/db: Rename NodeOfflineThreshold to GetNodeOfflineThreshold
  • lxd/db: Rename NodeClear to ClearNode
  • lxd/db: Rename NodeWithLeastContainers to GetNodeWithLeastInstances
  • lxd/db: Rename NodeUpdateVersion to SetNodeVersion
  • lxd/db: Rename Operations to GetLocalOperations
  • lxd/db: Rename OperationsUUIDs to GetLocalOperationsUUIDs
  • lxd/db: Rename OperationNodes to GetNodesWithRunningOperations
  • lxd/db: Rename OperationByUUID to GetOperationByUUID
  • lxd/db: Rename OperationAdd to CreateOperation
  • lxd/db: Rename OperationRemove to RemoveOperation
  • lxd/db: Rename OperationFlush to removeNodeOperations
  • lxd/db: Rename Patches to GetAppliedPatches
  • lxd/db: Rename PatchesMarkApplied to MarkPatchAsApplied
  • lxd/db: Rename Profiles to GetProfileNames
  • lxd/db: Rename ProfileGet to GetProfile
  • lxd/db: Rename ProfilesGet to GetProfiles
  • lxd/db: Drop ProfileConfig
  • lxd/db: Rename ProfileDescriptionUpdate to UpdateProfileDescription
  • lxd/db: Rename ProfileConfigClear to ClearProfileConfig
  • lxd/db: Rename ProfileConfigAdd to CreateProfileConfig
  • lxd/db: Rename ProfileContainersGet to GetInstancesWithProfile
  • lxd/db: Rename ProfileCleanupLeftover to RemoveUnreferencedProfiles
  • lxd/db: Rename ProfilesExpandConfig to ExpandInstanceConfig
  • lxd/db: Rename ProfilesExpandDevices to ExpandInstanceDevices
  • Merge pull request #7302 from freeekanayaka/rename-db-function-names-part4
  • lxd/storage/drivers/generic/vfs: Dont require access to block device when excluding root image file from rsync in genericVFSMigrateVolume
  • lxd/storage/drivers/driver/zfs/volumes: Updates MigrateVolume to avoid need to premount snapshot volume
  • Merge pull request #7304 from tomponline/tp-storage-zfs-migration
  • ethtool: add ethtoolGset() helper
  • test/suites/storage/volume/attach: Adds test for custom volume root perm persistence
  • lxd/storage/drivers: Fixes custom volume root mount perm issue for BTRFS and DIR
  • lxc/storage/drivers/volume: Removes keepDevice from Volume
  • lxd/storage/drivers/driver/ceph/volumes: Removes keepDevice usage
  • lxc/storage/drivers/driver/ceph/volumes: Mount changes
  • lxd/storage/drivers/driver/ceph/volumes: UnmountVolume modifications
  • lxd/storage/drivers/driver/ceph/volumes: Esnure permission on volume root set in CreateVolume
  • lxd/resources: Skip NVME multipath entries
  • lxd/db: Rename ProjectNames to GetProjectNames
  • lxd/db: Rename ProjectMap to GetProjectIDsToNames
  • lxd/db: Rename ProjectUpdate to UpdateProject
  • Merge pull request #7310 from tomponline/tp-storage-customvol-chmod
  • lxd/db: Rename ProjectLaunchWithoutImages to InitProjectWithoutImages
  • lxd/db: Rename RaftNodes to GetRaftNodes
  • lxd/db: Rename RaftNodeAddresses to GetRaftNodeAddresses
  • lxd/db: Rename RaftNodeAddress to GetRaftNodeAddress
  • lxd/db: Rename RaftNodeFirst to CreateFirstRaftNode
  • lxd/db: Rename RaftNodeAdd to CreateRaftNode
  • lxd/db: Rename RaftNodeDelete to RemoveRaftNode
  • lxd/db: Rename RaftNodesReplace to ReplaceRaftNodes
  • lxd/db: Rename InstanceSnapshotConfigUpdate to UpdateInstanceSnapshotConfig
  • lxd/db: Rename InstanceSnapshotID to GetInstanceSnapshotID
  • lxd/db: Rename StoragePoolsNodeConfig to GetStoragePoolsLocalConfig
  • lxd/db: Rename StoragePoolID to GetStoragePoolID
  • lxd/db: Rename StoragePoolDriver to GetStoragePoolDriver
  • lxd/db: Rename StoragePoolIDsNotPending to GetNonPendingStoragePoolsNamesToIDs
  • lxd/db: Rename StoragePoolNodeJoin to UpdateStoragePoolAfterNodeJoin
  • lxd/db: Rename StoragePoolConfigAdd to CreateStoragePoolConfig
  • lxd/db: Rename StoragePoolNodeConfigs to GetStoragePoolNodeConfigs
  • lxd/db: Rename StoragePools to GetStoragePoolNames
  • lxd/db: Rename StoragePoolsNotPending to GetNonPendingStoragePoolNames
  • lxd/db: Rename StoragePoolsGetDrivers to GetStoragePoolDrivers
  • lxd/db: Rename StoragePoolGetID to GetStoragePoolID
  • lxd/db: Rename StoragePoolGet to GetStoragePool
  • lxd/db: Rename StoragePoolConfigGet to getStoragePoolConfig
  • lxd/db: Rename StoragePoolCreate to CreateStoragePool
  • lxd/db: Rename StoragePoolUpdate to UpdateStoragePool
  • Merge pull request #7314 from stgraber/master
  • lxd/db: Rename StoragePoolConfigClear to clearStoragePoolConfig
  • lxd/db: Rename StoragePoolDelete to RemoveStoragePool
  • lxd/db: Rename StoragePoolVolumesGetNames to GetStoragePoolVolumesNames
  • lxd/db: Rename StoragePoolVolumesGetAllByType to GetStoragePoolVolumesWithType
  • lxd/db: Rename StoragePoolVolumesGet to GetStoragePoolVolumes
  • lxd/db: Rename StoragePoolNodeVolumesGet to GetLocalStoragePoolVolumes
  • lxd/db: Rename StoragePoolVolumeSnapshotsGetType to GetLocalStoragePoolVolumeSnapshotsWithType
  • lxd/db: Rename StoragePoolNodeVolumesGetType to GetLocalStoragePoolVolumesWithType
  • lxd/db: Rename StoragePoolNodeVolumeGetTypeByProject to GetLocalStoragePoolVolume
  • lxd/db: Rename StoragePoolVolumeUpdateByProject to UpdateStoragePoolVolume
  • lxd/db: Rename StoragePoolVolumeDelete to RemoveStoragePoolVolume
  • lxd/db: Rename StoragePoolVolumeRename to RenameStoragePoolVolume
  • lxd/db: Rename StoragePoolVolumeCreate to CreateStoragePoolVolume
  • lxd/db: Rename StoragePoolNodeVolumeGetTypeIDByProject to GetStoragePoolNodeVolumeID
  • lxd/db: Rename StoragePoolInsertZfsDriver to FillMissingStoragePoolDriver
  • Merge pull request #7312 from tomponline/tp-storage-ceph-shrink
  • Merge pull request #7315 from freeekanayaka/rename-db-function-names-part-5
  • lxd/storage/zfs: Use TryUnmount
  • Merge pull request #7317 from stgraber/master
  • Support two-phase creation of a storage pool on single-node cluster
  • Merge pull request #7325 from freeekanayaka/storage-creation-on-single-node
  • lxd/storage/drivers/driver/btrfs/utils: Adds setSubvolumeReadonlyProperty function
  • lxd/storag/drivers/driver/btrfs/volumes: Removes readonly argument from snapshotSubvolume
  • lxd/storage/drivers/driver/btrfs: d.setSubvolumeReadonlyProperty and d.snapshotSubvolume usage
  • lxd/db: Rename StoragePoolVolumeGetType to GetStoragePoolVolume
  • lxd/db: Rename StoragePoolVolumeSnapshotCreate to CreateStorageVolumeSnapshot
  • lxd/db: Rename StoragePoolVolumeSnapshotUpdateByProject to UpdateStoragePoolVolumeSnapshot
  • lxd/db: Rename StorageVolumeSnapshotExpiryGet to GetStorageVolumeSnapshotExpiry
  • lxd/db: Rename StorageVolumeSnapshotsGetExpired to GetExpiredStorageVolumeSnapshots
  • resources/ethtool: implement ETHTOOL_GLINKSETTINGS
  • lxd/storage/drivers/driver/btrfs/utils: Adds getSubvolumesMetaData function
  • lxd/storage/drivers/driver/btrfs/volumes: Maintain subvolume readonly state in snapshot
  • lxd/storage/driversr/driver/btrfs/utils: Allow ro subvolumes to be deleted in deleteSubvolume
  • lxd/storag/drivers/driver/btrfs/volumes: Updates MigrateVolume to send subvolumes
  • lxd/storage/drivers/driver/btrfs/volumes: Fail backup when cleanup fails in BackupVolume
  • lxd/storage/drivers/driver/btrfs/volumes: Better naming of variables in unpackVolume
  • lxd/migration/migrate/proto: Adds BTRFS Features to offer header
  • lxd/migration/utils: Adds GetBtrfsFeaturesSlice function
  • lxd/migration/migration/volumes: Adds BTRFS feature support to TypesToHeader
  • lxd/migration/migration/volumes: Adds BTRFS feature support to MatchTypes
  • lxd/storage/drivers/driver/btrfs: Adds BTRFS features to MigrationTypes
  • lxd/storage/memorypipe: Dont make ioutil.ReadAll panic on cancel
  • lxd/storage/drivers/driver/btrfs/utils: Kill btrfs send on error in sendSubvolume
  • lxd/storage/drivers/driver/btrfs/utils: Support subvolumes in receiveSubvolume
  • lxd/storage/drivers/driver/btrfs/utils: Adds metadataHeader function
  • lxd/storage/drivers/driver/btrfs/volumes: Updates CreateVolumeFromMigration to receive subvolumes
  • Merge pull request #7327 from brauner/2020-05-06/ethtool
  • Merge pull request #7326 from tomponline/tp-storage-btrfs-snapshot
  • lxd/db: Rename StorageVolumeNodeAddresses to GetStorageVolumeNodeAddresses
  • lxd/db: Rename StorageVolumeDescriptionGet to GetStorageVolumeDescription
  • lxd/db: Rename StorageVolumeNextSnapshot to GetNextStorageVolumeSnapshotIndex
  • lxd/db: Rename StorageVolumeCleanupImages to RemoveStorageVolumeImages
  • lxd/db: Rename StorageVolumeMoveToLVMThinPoolNameKey to UpgradeStorageVolumConfigToLVMThinPoolNameKey
  • lxd/db: Update naming pattern for generated database code
  • Merge pull request #7316 from tomponline/tp-storage-btrfs-subvols
  • Merge pull request #7328 from freeekanayaka/rename-db-function-names-part-6
  • client/lxd_images: Fix backward compatibility
  • Merge pull request #7329 from stgraber/master
  • lxd/storage/btrfs: Fix migration from snapshot
  • Merge pull request #7330 from stgraber/master
  • i18n: Update translations from weblate

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

Binary builds are also available for:

  • Linux: snap install lxd
  • MacOS: brew install lxc
  • Windows: choco install lxc

LXD 4.0.1 LTS has been released

21st of April 2020

Introduction

The LXD team is pleased to announce the release of LXD 4.0.1!

This is the first bugfix release for LXD 4.0 which is supported until June 2025.

Bugfixes and improvements

This release fixes a number of issues that were reported shortly following the original 4.0.0 release.

Some of the highlights include:

  • Tweaked and improved the resources API
    • NUMA node tracked on a per core basis
    • Support for CPUs using the die_id kernel attribute
    • DMI information now available in a system section
  • Added os and os_version to Environment data in /1.0
  • Added lxd cluster remove-raft-node disaster recovery function
  • Improved activateifneeded to consider VMs and scheduled snapshots
  • Improved sorting order in the command line tool to improve numbered entries
  • Implemented ceph rbd/fs disk devices can now be attached to virtual machines
  • Fixed some data migration issues for users of < 3.0 upgrading to 4.0 directly
  • Fixed file descriptor leakage in exec

The full list of commits is available below:

  • doc/instances: Fix escaping
  • lxc/network: Updates network detach checks to use bridged network property
  • lxd/network/network/utils: Updates network setting detection in IsInUse
  • lxd/instance/drivers/driver/qemu: Adds host_name info to RenderState when lxd-agent is running
  • lxd/networks: Fix clustered configs
  • shared/api: Move NUMANode to thread
  • lxd/resources: Set NUMANode on a per-thread basis
  • lxc/info: Update for NUMANode on thread
  • i18n: Update translation templates
  • api: resources_cpu_threads_numa
  • api: resources_cpu_core_die
  • lxd/resources: Parse and report die_id
  • lxd/storage/drivers/driver/lvm/volumes: Mount xfs snapshot with nouuid option
  • lxd/storage/drivers/driver/ceph/volumes: Adds mounting logging
  • lxd/instance/drivers/driver/lxc: Updates Render() to accept options arguments
  • lxd/instance/drivers/driver/qemu: Updates Render() to accept options arguments
  • lxd/instance/instance/interface: Updates Render() to accept options arguments
  • lxd/storage/drivers/utils: Zeros btrfs transaction log in regenerateFilesystemBTRFSUUID
  • lxd/storage/utils: Removes unused functions and constants
  • lxd/storage/utils: Adds RenderSnapshotUsage function
  • lxd/instance/snapshot: Adds storagePools.RenderSnapshotUsage to Render() in containerSnapshotsGet and snapshotGet
  • lxd/instance/drivers/driver/lxc: Use storagePools.RenderSnapshotUsage in RenderFull()
  • lxd/instance/drivers/driver/qemu: Use storagePools.RenderSnapshotUsage in RenderFull()
  • lxd/instance/instance/utils: Removes unused WriteBackupFile
  • lxd/storage/drivers/utils: Changes regenerateFilesystemUUID to use expanded arg definitions
  • lxd/storage/drivers/driver/ceph/utils: Changes generateUUID to not map device
  • lxd/storage/drivers/driver/ceph/volumes: d.generateUUID updated signature usage
  • lxd/storage/drivers/driver/ceph/volumes: Adds BTRFS UUID regeneration to MountVolumeSnapshot
  • lxd/storage/drivers/driver/zfs/volumes: Comment clarification
  • lxd/storage/drivers/volume: Adds support for setting custom mount path
  • lxd/storage/drivers/driver/btrfs/volumes: Create temporary snapshot in BackupVolume()
  • lxd/storage/drivers/driver/btrfs/volumes: Renames container vars to instance
  • lxd/storage/drivers/driver/btrfs/volumes: Consistent quoting of error message variables
  • lxd/instance/drivers: Removes storagePools.RenderSnapshotUsage from RenderFull()
  • lxd/storage/drivers/driver/zfs/volumes: Create temporary snapshot in BackupVolume()
  • lxd/storage/backend/lxd: Checks for existance of volume before deleting
  • lxd/instance: Switches to revert package for instanceCreateAsSnapshot
  • lxd/storage/backend/lxd: Comment tweak
  • lxd/storage/drivers/driver/ceph/volumes: Tweaks HasVolume detection
  • shared/subprocess/proc: Fixes race in process stopping
  • lxd/main_activateifneeded: s/container/instance/
  • lxd/main_activateifneeded: Retrieve all instances
  • lxd/main_activateifneeded: Check for scheduled instance snapshots
  • lxd/main_activateifneeded: Check for scheduled volume snapshots
  • test/suites/basic: Update activateifneeded tests
  • lxd/main_activateifneeded: Use defer statement to close db
  • lxd/storage/btrfs: Workaround permission issue
  • lxd/cluster: add RemoveRaftNode() to force removing a raft node
  • api: Add "DELETE /internal/cluster/raft/
    " endpoint
  • Increase timeout when calling dqlite.Client.Add() to join the cluster
  • lxd/storage/drivers/driver/zfs/volumes: Comment
  • lxd/storage/drivers/driver/lvm/volumes: Always return -1/ErrNotSupported for snapshot usage
  • lxd/storage/drivers/driver/dir/volumes: Always return -1/ErrNotSupported for snapshot usage
  • lxd/storage/drivers/driver/zfs/volumes: Always used 'used' property for ZFS snapshot usage
  • lxd/storage/drivers/driver/cephfs/volumes: Always return -1/ErrNotSupported for snapshot usage
  • lxd/storage/drivers/driver/btrfs/volumes: Return -1/ErrNotSupported when no quota available
  • lxd/instance: Fix typo in comment
  • lxc/action: Fix typo in help message
  • i18n: Update translation templates
  • lxd: Add "lxd cluster remove-raft-node" recovery command
  • doc: Add paragraph about "lxd cluster remove-raft-node"
  • test: Add test exercising "lxd cluster remove-raft-node"
  • lxd/storage/lvm: Always call vgchange on mount
  • lxd/patches: Fix snapshot migration
  • tests: Fix btrfs storage usage
  • lxd/storage/drivers/volume: Only chmod if needed in EnsureMountPath
  • lxd/storage/drivers/volume: Removes unnecessary variable
  • lxd/storage/drivers/driver/zfs/volumes: Ensure volumes created from copy have correct perms
  • lxd/storage/drivers: Call EnsureMountPath() in MountVolume()
  • lxd/storage/drivers: Call EnsureMountPath() in MountVolumeSnapshot()
  • lxd/storage/drivers/driver/btrfs/volumes: Adds revert to CreateVolume
  • lxd/storage/drivers/driver/btrfs/volumes: Comment in CreateVolumeFromCopy
  • lxd/storage/drivers/driver/lvm/utils: EnsureMountPath after copying thin volume
  • lxd/storage/drivers/driver/cephfs/volumes: typo
  • lxd/storage/drivers/driver/cephfs/volumes: Calls vol.EnsureMountPath after filling
  • lxd/storage/drivers/driver/ceph/volumes: Calls EnsureMountPath to fix perms after copying volume
  • lxd/storage/drivers/driver/lvm/volumes: Fixes temporary snapshot volume cleanup for VMs
  • lxd/storagr/drivers/driver/ceph/volumes: Adds support for snapshot usage reporting
  • lxd/storage/drivers/driver/lvm/volumes: Clarifies comments on LVM volume usage reporting
  • shared/osarch: Coding style
  • shared/osarch: Don't fail on missing os-release
  • shared/api: Add OS information
  • lxd/api: Add OS information
  • api: Add api_os
  • lxc: Use natural string sorting
  • lxc: Group snapshot and parent
  • lxd/main: Move forkzfs mntns to cgo
  • doc/networks: Adds note about firewalld and DHCP/DNS
  • lxd/device/nic/routed: Improves validation of sysctl settings when using vlan option
  • lxd/device/nic/routed: Corrects misleading error message when setting sysctls
  • lxd/storage/drivers/generic/vfs: Log when creating snapshots
  • lxd/storage/drivers/driver/zfs/volumes: Fix migrating VM block volumes in MigrateVolume
  • lxd/storage/memorypipe: Adds context support for cancellation
  • lxd/storage/backend/lxd: memorypipe cancellation usage
  • lxd/device/nic/sriov: Updates networkGetVirtFuncInfo to use json output from ip tool
  • doc: Add missing os_api extension
  • lxd/storage/drivers/driver/dir/utils: Removes default project quota
  • forkexec: mark fd cloexec so the attaching process doesn't inherit it
  • forkexec: close all inherited fds
  • forkexec: log unexpected fds
  • lxd/daemon: Ignore .zfs in volumes
  • lxd/network: Push MTU over DHCP
  • shared/api: Drop invalid Managed key in NetworksPost
  • lxd: Drop invalid use of Managed property
  • lxd/devices/disk: Prevent recursive & readonly
  • lxc/instance/drivers: Set new name before renaming backups
  • test: Extend backup rename
  • lxd/instance/drivers: Add revert steps when renaming instance
  • lxd/instance/drivers/driver/qemu: Allow up to 8 NIC devices
  • lxd/instance/drivers/driver/qemu/templates: Note that lxd_ disk device name prefix should not be changed
  • doc/instances: Clarify config conditions
  • doc/index: Clarify bind-mount in FAQ
  • lxd/instances: Better use userRequested on Update
  • lxd/device/nic/routed: Fix sysctl command suggestion when using vlans
  • lxd/device/nic/ipvlan: Improve validation of sysctl settings when vlan setting used
  • test/clustering: increase timing to detect offline node
  • shared/version/api: Add resources_system API extension
  • doc/api-extensions: Add resources_system
  • shared/api/resource: Add system resources
  • lxd/resources: Add new system resources
  • lxd/resources: Retrieve system information
  • shared/util: Never look into the snap
  • lxd/resources: serial/uuid may not be accessible
  • doc/instances: Fixes default ceph.cluster_name value
  • lxd/device/disk: Adds support to use ceph: prefix for disk source for VMs
  • firewalld & lxd : how to let Firewalld control the LXD's iptables rules this is related to https://github.com/lxc/lxd/pull/7195 but this a bit more generic
  • Update networks.md
  • doc/networks: Fix typo
  • i18n: Update translations from weblate
  • Update networks.md
  • lxd/storage/ceph: Suppport alternate conf syntax
  • lxd/init: Try to bind LXD network address when running interactively
  • lxd/instance/drivers/driver/qemu/templates: Use static PCIe address prefix for 9p devices
  • lxd/instance/drivers/drivers/qemu: Adds support for 9p disk device PCIe indexes
  • lxd/device/nic/bridged: Dont load br_netfilter
  • doc/instances: Fix swapped description
  • index.md: add PATH env variable to sudo command example
  • shared/simplestreams: Fix VM image preference
  • lxd/devoce/device/utils/disk: Comment on diskCephfsOptions
  • lxd/device/disk: Adds cephfs support for VMs
  • lxd/device/proxy: Check for br_netfilter enabled and log warning if not
  • lxd/firewall/drivers/driver/xtables: Adds MASQUERADE hairpin proxy NAT rule
  • lxd/firewall/drivers/drivers/xtables: comments
  • lxd/device/proxy: Sets bridge port hairpin mode on when br_netfilter loaded
  • lxd/firewall/drivers/drivers/xtables: Renames toDest to connectDest
  • lxd/firewall/drivers/drivers/nftables: Renames toDest to connectDest
  • lxd/init: Improve error messages when failing to bind an address
  • lxd/firewall/drivers/drivers/nftables: Adds MASQUERADE hairpin proxy NAT rule
  • test/suites/container/devices/proxy: Updates tests for checking hairpin rule
  • lxd/instance/drivers/driver/qemu: Wait for onStop when restarting
  • lxd/instance/drivers/driver/qemu: Makes onStop unexported
  • lxd/instance/drivers/driver/qemu: Comment
  • lxd/instance/lxc: Don't crash in setNetworkPriority
  • lxd/instances: Export type to templates
  • lxd-agent: Reboot after cloud-init seed
  • lxd/util: Tweak NetworkInterfaceAddress to only return global
  • lxd/net/util: Updates comment on NetworkInterfaceAddress behaviour change
  • shared/usbid: Use system database

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

Binary builds are also available for:

  • Linux: snap install lxd
  • MacOS: brew install lxc
  • Windows: choco install lxc

LXD 4.0 LTS has been released

31st of March 2020

Introduction

The LXD team is very excited to announce the release of LXD 4.0 LTS!

This is the 3rd LTS release for LXD and a very busy and exciting one! The changelog below is split so that both users of LXD 3.23 and LXD 3.0 can see what we have in store for them.

As with all our other LTS releases, this one will be supported for 5 years (June 2025) and will receive a number of bugfix and security point releases over that time.

As for LXD 3.0, we're hoping to release one last bugfix release as 3.0.5 in the near future before we enter security-only maintenance mode for its remaining 3 years.

Enjoy!

Breaking changes

Removal of --container-only, replaced by --instance-only

Our only CLI breaking changes with this release is the replacement of --container-only by --instance-only. Those following the feature releases will have had both supported for a few months now. With the 4.0 release, we're removing the deprecated ones.

Highlights for 3.23 users

virtual machines: Support for backup (import/export)

It is now possible to use lxc export and lxc import with virtual machines.

A word of caution however. Virtual machines, unlike containers are only accessible as a large block device. This means that several GB of data will need to be read and compressed, no matter how much is actually used inside the VM.

This can lead to long export times and similarly long import times.

Doing so with --optimized on a backend like ZFS should considerably reduce the export time, assuming the backup is to be imported on a storage pool of the same type.

resources: PCI and USB devices in the resource API

The resources API (/1.0/resources) has been extended with a list of all PCI and USB devices on the system. This is of particular use when dealing with VFIO passthrough to virtual machines or passing through USB devices to containers.

stgraber@castiana:~$ lxc query /1.0/resources | jq .pci
{
  "devices": [
    {
      "driver": "skl_uncore",
      "driver_version": "5.4.0-18-generic",
      "numa_node": 0,
      "pci_address": "0000:00:00.0",
      "product": "Xeon E3-1200 v6/7th Gen Core Processor Host Bridge/DRAM Registers",
      "product_id": "5904",
      "vendor": "Intel Corporation",
      "vendor_id": "8086"
    },
    {
      "driver": "i915",
      "driver_version": "5.4.0-18-generic",
      "numa_node": 0,
      "pci_address": "0000:00:02.0",
      "product": "HD Graphics 620",
      "product_id": "5916",
      "vendor": "Intel Corporation",
      "vendor_id": "8086"
    },
    {
      "driver": "",
      "driver_version": "",
      "numa_node": 0,
      "pci_address": "0000:00:08.0",
      "product": "Xeon E3-1200 v5/v6 / E3-1500 v5 / 6th/7th/8th Gen Core Processor Gaussian Mixture Model",
      "product_id": "1911",
      "vendor": "Intel Corporation",
      "vendor_id": "8086"
    },
    {
      "driver": "xhci_hcd",
      "driver_version": "5.4.0-18-generic",
      "numa_node": 0,
      "pci_address": "0000:00:14.0",
      "product": "Sunrise Point-LP USB 3.0 xHCI Controller",
      "product_id": "9d2f",
      "vendor": "Intel Corporation",
      "vendor_id": "8086"
    },
    {
      "driver": "intel_pch_thermal",
      "driver_version": "5.4.0-18-generic",
      "numa_node": 0,
      "pci_address": "0000:00:14.2",
      "product": "Sunrise Point-LP Thermal subsystem",
      "product_id": "9d31",
      "vendor": "Intel Corporation",
      "vendor_id": "8086"
    },
    {
      "driver": "mei_me",
      "driver_version": "5.4.0-18-generic",
      "numa_node": 0,
      "pci_address": "0000:00:16.0",
      "product": "Sunrise Point-LP CSME HECI #1",
      "product_id": "9d3a",
      "vendor": "Intel Corporation",
      "vendor_id": "8086"
    },
    {
      "driver": "pcieport",
      "driver_version": "5.4.0-18-generic",
      "numa_node": 0,
      "pci_address": "0000:00:1c.0",
      "product": "Sunrise Point-LP PCI Express Root Port #1",
      "product_id": "9d10",
      "vendor": "Intel Corporation",
      "vendor_id": "8086"
    },
    {
      "driver": "pcieport",
      "driver_version": "5.4.0-18-generic",
      "numa_node": 0,
      "pci_address": "0000:00:1c.2",
      "product": "Sunrise Point-LP PCI Express Root Port #3",
      "product_id": "9d12",
      "vendor": "Intel Corporation",
      "vendor_id": "8086"
    },
    {
      "driver": "pcieport",
      "driver_version": "5.4.0-18-generic",
      "numa_node": 0,
      "pci_address": "0000:00:1c.4",
      "product": "Sunrise Point-LP PCI Express Root Port #5",
      "product_id": "9d14",
      "vendor": "Intel Corporation",
      "vendor_id": "8086"
    },
    {
      "driver": "pcieport",
      "driver_version": "5.4.0-18-generic",
      "numa_node": 0,
      "pci_address": "0000:00:1d.0",
      "product": "Sunrise Point-LP PCI Express Root Port #9",
      "product_id": "9d18",
      "vendor": "Intel Corporation",
      "vendor_id": "8086"
    },
    {
      "driver": "",
      "driver_version": "",
      "numa_node": 0,
      "pci_address": "0000:00:1f.0",
      "product": "Sunrise Point LPC Controller/eSPI Controller",
      "product_id": "9d4e",
      "vendor": "Intel Corporation",
      "vendor_id": "8086"
    },
    {
      "driver": "",
      "driver_version": "",
      "numa_node": 0,
      "pci_address": "0000:00:1f.2",
      "product": "Sunrise Point-LP PMC",
      "product_id": "9d21",
      "vendor": "Intel Corporation",
      "vendor_id": "8086"
    },
    {
      "driver": "snd_hda_intel",
      "driver_version": "5.4.0-18-generic",
      "numa_node": 0,
      "pci_address": "0000:00:1f.3",
      "product": "Sunrise Point-LP HD Audio",
      "product_id": "9d71",
      "vendor": "Intel Corporation",
      "vendor_id": "8086"
    },
    {
      "driver": "i801_smbus",
      "driver_version": "5.4.0-18-generic",
      "numa_node": 0,
      "pci_address": "0000:00:1f.4",
      "product": "Sunrise Point-LP SMBus",
      "product_id": "9d23",
      "vendor": "Intel Corporation",
      "vendor_id": "8086"
    },
    {
      "driver": "e1000e",
      "driver_version": "3.2.6-k",
      "numa_node": 0,
      "pci_address": "0000:00:1f.6",
      "product": "Ethernet Connection (4) I219-LM",
      "product_id": "15d7",
      "vendor": "Intel Corporation",
      "vendor_id": "8086"
    },
    {
      "driver": "rtsx_pci",
      "driver_version": "5.4.0-18-generic",
      "numa_node": 0,
      "pci_address": "0000:02:00.0",
      "product": "RTS525A PCI Express Card Reader",
      "product_id": "525a",
      "vendor": "Realtek Semiconductor Co., Ltd.",
      "vendor_id": "10ec"
    },
    {
      "driver": "iwlwifi",
      "driver_version": "5.4.0-18-generic",
      "numa_node": 0,
      "pci_address": "0000:04:00.0",
      "product": "Wireless 8265 / 8275",
      "product_id": "24fd",
      "vendor": "Intel Corporation",
      "vendor_id": "8086"
    },
    {
      "driver": "nvme",
      "driver_version": "1.0",
      "numa_node": 0,
      "pci_address": "0000:05:00.0",
      "product": "SSD 600P Series",
      "product_id": "f1a5",
      "vendor": "Intel Corporation",
      "vendor_id": "8086"
    },
    {
      "driver": "pcieport",
      "driver_version": "5.4.0-18-generic",
      "numa_node": 0,
      "pci_address": "0000:06:00.0",
      "product": "JHL6540 Thunderbolt 3 Bridge (C step) [Alpine Ridge 4C 2016]",
      "product_id": "15d3",
      "vendor": "Intel Corporation",
      "vendor_id": "8086"
    },
    {
      "driver": "pcieport",
      "driver_version": "5.4.0-18-generic",
      "numa_node": 0,
      "pci_address": "0000:07:00.0",
      "product": "JHL6540 Thunderbolt 3 Bridge (C step) [Alpine Ridge 4C 2016]",
      "product_id": "15d3",
      "vendor": "Intel Corporation",
      "vendor_id": "8086"
    },
    {
      "driver": "pcieport",
      "driver_version": "5.4.0-18-generic",
      "numa_node": 0,
      "pci_address": "0000:07:01.0",
      "product": "JHL6540 Thunderbolt 3 Bridge (C step) [Alpine Ridge 4C 2016]",
      "product_id": "15d3",
      "vendor": "Intel Corporation",
      "vendor_id": "8086"
    },
    {
      "driver": "pcieport",
      "driver_version": "5.4.0-18-generic",
      "numa_node": 0,
      "pci_address": "0000:07:02.0",
      "product": "JHL6540 Thunderbolt 3 Bridge (C step) [Alpine Ridge 4C 2016]",
      "product_id": "15d3",
      "vendor": "Intel Corporation",
      "vendor_id": "8086"
    },
    {
      "driver": "pcieport",
      "driver_version": "5.4.0-18-generic",
      "numa_node": 0,
      "pci_address": "0000:07:04.0",
      "product": "JHL6540 Thunderbolt 3 Bridge (C step) [Alpine Ridge 4C 2016]",
      "product_id": "15d3",
      "vendor": "Intel Corporation",
      "vendor_id": "8086"
    },
    {
      "driver": "thunderbolt",
      "driver_version": "5.4.0-18-generic",
      "numa_node": 0,
      "pci_address": "0000:08:00.0",
      "product": "JHL6540 Thunderbolt 3 NHI (C step) [Alpine Ridge 4C 2016]",
      "product_id": "15d2",
      "vendor": "Intel Corporation",
      "vendor_id": "8086"
    },
    {
      "driver": "pcieport",
      "driver_version": "5.4.0-18-generic",
      "numa_node": 0,
      "pci_address": "0000:09:00.0",
      "product": "JHL6540 Thunderbolt 3 Bridge (C step) [Alpine Ridge 4C 2016]",
      "product_id": "15d3",
      "vendor": "Intel Corporation",
      "vendor_id": "8086"
    },
    {
      "driver": "pcieport",
      "driver_version": "5.4.0-18-generic",
      "numa_node": 0,
      "pci_address": "0000:0a:00.0",
      "product": "JHL6540 Thunderbolt 3 Bridge (C step) [Alpine Ridge 4C 2016]",
      "product_id": "15d3",
      "vendor": "Intel Corporation",
      "vendor_id": "8086"
    },
    {
      "driver": "pcieport",
      "driver_version": "5.4.0-18-generic",
      "numa_node": 0,
      "pci_address": "0000:0a:01.0",
      "product": "JHL6540 Thunderbolt 3 Bridge (C step) [Alpine Ridge 4C 2016]",
      "product_id": "15d3",
      "vendor": "Intel Corporation",
      "vendor_id": "8086"
    },
    {
      "driver": "pcieport",
      "driver_version": "5.4.0-18-generic",
      "numa_node": 0,
      "pci_address": "0000:0a:02.0",
      "product": "JHL6540 Thunderbolt 3 Bridge (C step) [Alpine Ridge 4C 2016]",
      "product_id": "15d3",
      "vendor": "Intel Corporation",
      "vendor_id": "8086"
    },
    {
      "driver": "pcieport",
      "driver_version": "5.4.0-18-generic",
      "numa_node": 0,
      "pci_address": "0000:0a:04.0",
      "product": "JHL6540 Thunderbolt 3 Bridge (C step) [Alpine Ridge 4C 2016]",
      "product_id": "15d3",
      "vendor": "Intel Corporation",
      "vendor_id": "8086"
    },
    {
      "driver": "ahci",
      "driver_version": "3.0",
      "numa_node": 0,
      "pci_address": "0000:0b:00.0",
      "product": "",
      "product_id": "0622",
      "vendor": "ASMedia Technology Inc.",
      "vendor_id": "1b21"
    },
    {
      "driver": "xhci_hcd",
      "driver_version": "5.4.0-18-generic",
      "numa_node": 0,
      "pci_address": "0000:0c:00.0",
      "product": "FL1100 USB 3.0 Host Controller",
      "product_id": "1100",
      "vendor": "Fresco Logic",
      "vendor_id": "1b73"
    },
    {
      "driver": "atlantic",
      "driver_version": "5.4.0-18-generic-kern",
      "numa_node": 0,
      "pci_address": "0000:0d:00.0",
      "product": "AQC107 NBase-T/IEEE 802.3bz Ethernet Controller [AQtion]",
      "product_id": "87b1",
      "vendor": "Aquantia Corp.",
      "vendor_id": "1d6a"
    }
  ],
  "total": 32
}

stgraber@castiana:~$ lxc query /1.0/resources | jq .usb
{
  "devices": [
    {
      "bus_address": 1,
      "device_address": 4,
      "interfaces": [
        {
          "class": "Wireless",
          "class_id": 224,
          "driver": "btusb",
          "driver_version": "0.8",
          "number": 0,
          "subclass": "Radio Frequency",
          "subclass_id": 1
        },
        {
          "class": "Wireless",
          "class_id": 224,
          "driver": "btusb",
          "driver_version": "0.8",
          "number": 1,
          "subclass": "Radio Frequency",
          "subclass_id": 1
        }
      ],
      "product": "",
      "product_id": "0a2b",
      "speed": 12,
      "vendor": "Intel Corp.",
      "vendor_id": "8087"
    },
    {
      "bus_address": 1,
      "device_address": 3,
      "interfaces": [
        {
          "class": "Video",
          "class_id": 14,
          "driver": "uvcvideo",
          "driver_version": "1.1.1",
          "number": 0,
          "subclass": "Video Control",
          "subclass_id": 1
        },
        {
          "class": "Video",
          "class_id": 14,
          "driver": "uvcvideo",
          "driver_version": "1.1.1",
          "number": 1,
          "subclass": "Video Streaming",
          "subclass_id": 2
        }
      ],
      "product": "Integrated Camera",
      "product_id": "b5ce",
      "speed": 480,
      "vendor": "Chicony Electronics Co., Ltd",
      "vendor_id": "04f2"
    },
    {
      "bus_address": 3,
      "device_address": 2,
      "interfaces": [
        {
          "class": "Audio",
          "class_id": 1,
          "driver": "snd-usb-audio",
          "driver_version": "5.4.0-18-generic",
          "number": 0,
          "subclass": "Control Device",
          "subclass_id": 1
        },
        {
          "class": "Audio",
          "class_id": 1,
          "driver": "snd-usb-audio",
          "driver_version": "5.4.0-18-generic",
          "number": 1,
          "subclass": "Streaming",
          "subclass_id": 2
        },
        {
          "class": "Audio",
          "class_id": 1,
          "driver": "snd-usb-audio",
          "driver_version": "5.4.0-18-generic",
          "number": 2,
          "subclass": "Streaming",
          "subclass_id": 2
        },
        {
          "class": "Human Interface Device",
          "class_id": 3,
          "driver": "usbhid",
          "driver_version": "5.4.0-18-generic",
          "number": 3,
          "subclass": "",
          "subclass_id": 0
        }
      ],
      "product": "TX42C500",
      "product_id": "4933",
      "speed": 12,
      "vendor": "Realtek Semiconductor Corp.",
      "vendor_id": "0bda"
    },
    {
      "bus_address": 3,
      "device_address": 13,
      "interfaces": [
        {
          "class": "Video",
          "class_id": 14,
          "driver": "uvcvideo",
          "driver_version": "1.1.1",
          "number": 0,
          "subclass": "Video Control",
          "subclass_id": 1
        },
        {
          "class": "Video",
          "class_id": 14,
          "driver": "uvcvideo",
          "driver_version": "1.1.1",
          "number": 1,
          "subclass": "Video Streaming",
          "subclass_id": 2
        },
        {
          "class": "Audio",
          "class_id": 1,
          "driver": "snd-usb-audio",
          "driver_version": "5.4.0-18-generic",
          "number": 2,
          "subclass": "Control Device",
          "subclass_id": 1
        },
        {
          "class": "Audio",
          "class_id": 1,
          "driver": "snd-usb-audio",
          "driver_version": "5.4.0-18-generic",
          "number": 3,
          "subclass": "Streaming",
          "subclass_id": 2
        }
      ],
      "product": "HD Pro Webcam C920",
      "product_id": "082d",
      "speed": 480,
      "vendor": "Logitech, Inc.",
      "vendor_id": "046d"
    },
    {
      "bus_address": 3,
      "device_address": 16,
      "interfaces": [
        {
          "class": "Human Interface Device",
          "class_id": 3,
          "driver": "usbhid",
          "driver_version": "5.4.0-18-generic",
          "number": 0,
          "subclass": "",
          "subclass_id": 0
        },
        {
          "class": "Chip/SmartCard",
          "class_id": 11,
          "driver": "usbfs",
          "driver_version": "5.4.0-18-generic",
          "number": 1,
          "subclass": "",
          "subclass_id": 0
        }
      ],
      "product": "YubiKey FIDO+CCID",
      "product_id": "0406",
      "speed": 12,
      "vendor": "Yubico.com",
      "vendor_id": "1050"
    },
    {
      "bus_address": 3,
      "device_address": 17,
      "interfaces": [
        {
          "class": "Human Interface Device",
          "class_id": 3,
          "driver": "usbhid",
          "driver_version": "5.4.0-18-generic",
          "number": 0,
          "subclass": "Boot Interface Subclass",
          "subclass_id": 1
        },
        {
          "class": "Human Interface Device",
          "class_id": 3,
          "driver": "usbhid",
          "driver_version": "5.4.0-18-generic",
          "number": 1,
          "subclass": "Boot Interface Subclass",
          "subclass_id": 1
        }
      ],
      "product": "ThinkPad Compact USB Keyboard with TrackPoint",
      "product_id": "6047",
      "speed": 12,
      "vendor": "Lenovo",
      "vendor_id": "17ef"
    }
  ],
  "total": 6
}

network: Support for multiple ipvlan NIC devices

Multiple ipvlan devices can now be added to the same container provided that one of them has ipv4.gateway and/or ipv6.gateway set to none.

network: Support for host addresses on routed NIC

The host side address on routed nics can now be configured through the ipv4.host_address and ipv6.host_address properties.

clustering: Support for editing cluster roles

A new lxc cluster edit command allows for editing clustering roles.

It's worth noting that there currently are no writable roles, but we expect to be adding some in the near future which will then be manageable through this API and command.

instances: Disk usage for custom volumes

Containers with custom storage volumes attached to them will now report those volume's usage in the state API (and through lxc info):

stgraber@castiana:~$ lxc launch images:ubuntu/bionic c1
Creating c1
Starting c1

stgraber@castiana:~$ lxc storage volume create default vol1
Storage volume vol1 created
stgraber@castiana:~$ lxc storage volume create default vol2
Storage volume vol2 created

stgraber@castiana:~$ lxc storage volume attach default vol1 c1 vol1 /mnt/vol1
stgraber@castiana:~$ lxc storage volume attach default vol2 c1 vol2 /mnt/vol2

stgraber@castiana:~$ lxc info c1
Name: c1
Location: none
Remote: unix://
Architecture: x86_64
Created: 2020/04/01 00:00 UTC
Status: Running
Type: container
Profiles: default
Pid: 1439012
Ips:
  eth0: inet    10.166.11.66    veth12c5ea18
  eth0: inet6   fd42:4c81:5770:1eaf:216:3eff:fee2:43b6  veth12c5ea18
  eth0: inet6   fe80::216:3eff:fee2:43b6    veth12c5ea18
  lo:   inet    127.0.0.1
  lo:   inet6   ::1
Resources:
  Processes: 14
  Disk usage:
    root: 1.11MB
    vol1: 98.30kB
    vol2: 98.30kB
  CPU usage:
    CPU usage (in seconds): 0
  Memory usage:
    Memory (current): 46.94MB
  Network usage:
    eth0:
      Bytes received: 3.06kB
      Bytes sent: 2.93kB
      Packets received: 22
      Packets sent: 28
    lo:
      Bytes received: 0B
      Bytes sent: 0B
      Packets received: 0
      Packets sent: 0

instances: Disk usage for snapshots

The API now exposes the size of each individual snapshots.

stgraber@castiana:~$ lxc snapshot c1
stgraber@castiana:~$ lxc query /1.0/instances/c1/snapshots/snap0 | jq .size
61440

This will soon be displayed in lxc info once it's gone through a redesign.

auth: Support for passwordless PKI mode

For those using LXD with a managed PKI, it is now possible to configure LXD to automatically trust any client certificate signed by the CA.

This is done with core.trust_ca_certificates.

To handle revocation, LXD also now accepts a CRL which should be placed alongside server.ca as server.crl.

Highlights for 3.0 users

In addition to the features and changes listed above, those who were using the LXD 3.0 LTS branch have the following "new" features to look forward to:

Virtual machines

LXD can now run both containers and virtual machines.

The experience and configuration works in much the same way though some device types and configuration options aren't available for virtual machines yet.

Some operations are performed through an agent running in the virtual machine (lxc exec and lxc file). The agent comes pre-installed in the majority of our images.

To create a virtual machine rather than a container, simply pass --vm to lxc launch

VM images are now available for most commonly used Linux distributions with plans to add more in the future.

stgraber@castiana:~$ lxc launch images:centos/8 centos-8 --vm
Creating centos-8
Starting centos-8

stgraber@castiana:~$ lxc info centos-8
Name: centos-8
Location: none
Remote: unix://
Architecture: x86_64
Created: 2020/03/31 23:48 UTC
Status: Running
Type: virtual-machine
Profiles: default
Pid: 1426453
Ips:
  enp5s0:   inet    10.166.11.125
  enp5s0:   inet6   fd42:4c81:5770:1eaf:1c5b:d0a1:d892:5464
  enp5s0:   inet6   fe80::9bbf:7460:2ad0:6a9
  lo:   inet    127.0.0.1
  lo:   inet6   ::1
Resources:
  Processes: 12
  Disk usage:
    root: 6.65MB
  CPU usage:
    CPU usage (in seconds): 5
  Memory usage:
    Memory (current): 123.94MB
    Memory (peak): 115.95MB
  Network usage:
    enp5s0:
      Bytes received: 2.55kB
      Bytes sent: 2.32kB
      Packets received: 21
      Packets sent: 20
    lo:
      Bytes received: 0B
      Bytes sent: 0B
      Packets received: 0
      Packets sent: 0

stgraber@castiana:~$ lxc exec centos-8 bash
[root@centos-8 ~]# cat /etc/redhat-release 
CentOS Linux release 8.1.1911 (Core) 
[root@centos-8 ~]# uname -a
Linux centos-8 4.18.0-147.5.1.el8_1.centos.plus.x86_64 #1 SMP Thu Feb 6 10:31:58 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
[root@centos-8 ~]#

Projects

Projects are a way to segment your LXD server. Each project can contain its own set of instances, images, profiles and storage volumes.

Those various features can be enabled/disabled on a per-project basis. If disable, the project inherit from the default project.

On top of this, there is support for both restrictions (disabling particular device types, privileged containers, ...) and limits (limiting the amount of CPU, memory and instance count).

Instances

  • System call interception on containers
  • Allows for limited mknod in containers
  • Allows for limited setxattr in containers
  • Can be used to allow mounting of privileged filesystems
  • Can be used to redirect some filesystem mounts to FUSE
  • Addition of a backup/restore feature (lxc export and lxc import)
  • Copy/move instances between storage pools
  • Refresh of an instance copy (local or remote) with lxc copy --refresh
  • Protection against accidental deletion and shift (security.protection.delete and security.protection.shift)
  • shiftfs is now supported and used when available (replaces traditional shifting)
  • Automated snapshots and expiration
  • New unix-hotplug device type (similar to unix-char and unix-block)
  • usb device improvements:
  • The add/remove uevent is now forwarded to the container
  • It is possible to pass all USB devices
  • proxy device improvements:
  • Privileged dropping options (security.uid and security.gid)
  • Socket ownership options (uid, gid, mode)
  • Support for HAProxy type header (proxy_protocol)
  • Fast proxying using NAT when available (nat)
  • Support for unix socket, udp and port ranges on udp and tcp
  • disk device improvements:
  • Direct attach of Ceph rbd/fs disks to containers
  • Custom mount options
  • shift property to translate uid/gid into container-readable ones
  • nic device improvements:
  • New ipvlan nictype
  • New routed nictype
  • ipv4.routes and ipv6.routes properties
  • network property to easily connect to LXD managed networks
  • Scurity filtering options
  • VLAN & MAC filtering on SR-IOV devices

Network

  • Configurable NAT source address (ipv4.nat.address and ipv6.nat.address)
  • DHCP leases API and lxc network list-leases command
  • Network state API and lxc network info command
  • Configurable MAC address on managed networks (bridge.hwaddr)
  • Control on firewall rule application order (ipv4.nat.order and ipv6.nat.order)

Storage

  • New internal storage layer rewritten from scratch
  • New cephfs storage backend
  • Backups and images can now be stored inside a storage pool
  • Custom storage volume snapshots (including scheduling & expiry)
  • LVM striping support
  • Separate metadata and data pools for Ceph
  • Quotas on dir backend through ext4/xfs "project quotas"
  • security.shifted property on custom storage volumes

Images

  • API for nested LXD to fetch images from the host (security.devlxd.images)
  • squashfs compression support for new images
  • Profiles can now be tied to images
  • Image expiry can now be changed

Clustering improvements

  • Support for standby database nodes
  • Configurable number of database & standby nodes
  • Mixed architecture clustering
  • Clustering roles
  • New simplified cluster join API
  • Separate addresses for client and cluster traffic
  • Automatic image replication

CLI

  • New columns in lxc list and lxc image list
  • New lxc alias command
  • Consistent list commands including --format support
  • All set commands now accept multiple key=value
  • exec now accepts --uid, --gid and --cwd
  • Config overrides on lxc copy and lxc move
  • More commands now support the --target option for clustering

Future proofing

  • Support for nftables as an alternative to xtables
  • Support for limits through Cgroup2

API

  • Support for RBAC (Role Based Access Control) through Canonical RBAC
  • Default TLS key is now EC384
  • New /1.0/instances endpoint replacing /1.0/containers
  • Addition of server-side collection filtering on /1.0/instances and /1.0/images
  • Much more comprehensive resources API at /1.0/resources
  • Kernel features are now exposed in /1.0
  • LXC features are now exposed in /1.0
  • Built-in debug server (pprof) configurable through core.debug_address
  • Additional bulk-query (recursion) options for high demand endpoints
  • Events and Operations in a clustered environment now have a Location field

Complete changelog

Here is a complete list of all changes in this release:

  • shared/version/api: Add trust_ca_certificates
  • doc: Add core.trust_ca_certificates
  • lxd/cluster/config: Add core.trust_ca_certificates
  • *: Add parameters to CheckTrustState
  • shared/cert: Add CRL to CertInfo
  • lxd/util/http: Check CRL for revoked clients
  • test: Extend PKI test
  • lxd/etag: Quote generated etag values
  • lxd/apparmor: Apparently the order matters
  • shared/version/api: Add snapshot_disk_usage API extension
  • doc: Add snapshot_disk_usage
  • lxd/storage/drivers/btrfs: Fix quota
  • lxd/backup: Removes Privileged field from backup.Info struct
  • lxd/backup: Adds new fields in index.yaml
  • lxd/instances/post: bInfo.OptimizedStorage pointer usage
  • lxd/storage/backend/lxd: CreateInstanceFromBackup OptimizedStorage pointer usage
  • lxd/backup: Updates backupWriteIndex index.yaml fields
  • lxd/backup: Removes Project field from index.yaml
  • test/suites/storage: Add btrfs quota tests
  • shared/api: Add size to InstanceSnapshot
  • lxd/instance/drivers: Get snapshot usage
  • lxd/storage/drivers/btrfs: Don't destroy qgroups
  • lxd/storage/drivers: Moves functions from generic.go to generic_vfs.go
  • lxd/storage/drivers: Generic VFS function usage after move &rename
  • lxd/instance/drivers: Add custom volumes to disk state
  • lxd/instance/drivers: Fix lxd-agent running order
  • lxc: Deprecate --container-only
  • i18n: Update translation templates
  • tests: Move away from container-only
  • lxc: Drop flagContainerOnly
  • lxd/storage/zfs: Fix deleted VM images restoration
  • lxc/storage/drivers/driver/btrfs/volumes: CreateVolumeFromBackup to use tar reader for optimized volume restore
  • lxc/storage/drivers/driver/zfs/volumes: CreateVolumeFromBackup to use tar reader for optimized volume restore
  • shared/archive: Adds CompressedTarReader function
  • lxd/backup/backup: shared.CompressedTarReader usage
  • test/suites/static/analysis: Reinstates checks for shared/instancewriter
  • lxd/instance/post: InstanceID usage
  • lxd/db/containers: Renames ContainerID to InstanceID
  • lxd/instances/post: Logging in createFromBackup
  • lxd/instances/post: Logging message change from container to instance
  • lxd/instances/post: Switches to revert package in createFromBackup
  • lxd: Merges instanceCreateFromBackup into createFromBackup
  • lxd/storage/drivers/utils: Adds blockDevSizeBytes function
  • lxd/storage/drivers/driver/ceph/volumes: Updates SetVolumeQuota to use blockDevSizeBytes
  • shared/instancewriter/instance/file/info: Adds FileInfo for os.FileInfo implementation
  • shared/instancewriter/instance/tar/writer: Adds WriteFileFromReader function
  • lxd/backup: Switches index.yaml file generation to use WriteFileFromReader in backupCreate
  • lxd/api/internal: d.cluster.InstanceID usage
  • lxd/storage/backend/lxd: Better error msg context in CreateInstanceFromBackup
  • lxd/backup: Removes volume type restriction in backupCreate
  • lxd/storage/drivers/generic/vfs: Adds VM support to genericVFSBackupVolume
  • lxd/storage/drivers: Uses sourcePath logging for consistency in BackupVolume
  • lxd/storage/drivers/driver/zfs/volumes: Adds optimised VM backup to BackupVolume
  • lxd/storage/drivers/driver/btrfs/volumes: Adds optimised VM backup to BackupVolume
  • lxd/storage/backend/lxd: Adds volume type logic for VMs to CreateInstanceFromBackup
  • lxd/api/internal: makes internalImport VM aware
  • lxd/storage/drivers/generic/vfs: Adds VM support to genericVFSBackupUnpack
  • lxd/storage/drivers/driver/zfs/volumes: MountVolume comment improvements
  • lxd/storage/drivers/driver/zfs/volumes: UnmountVolume improvements
  • lxd/storage/drivers/driver/zfs/volumes: Adds VM support to generic mode in MigrateVolume
  • lxd/storage/drivers/driver/zfs/volumes: Adds VM support to MountVolumeSnapshot
  • lxd/storage/drivers/driver/zfs/volumes: Adds VM support to UnmountVolumeSnapshot
  • lxd/storage/drivers/driver/zfs/volumes: Adds support for VM optimized backup restore
  • lxd/storage/drivers: Adds existing volume check to optimized backup restore
  • lxd/storage/drivers/driver/btrfs/volumes: Adds support for VM optimized backup restore
  • lxd/storage/backend/lxd: Updates CheckInstanceBackupFileSnapshots to be VM aware
  • lxd/storage/backend/lxd/patches: Ignores snapshots when retrieving list of custom volumes to be renamed
  • lxd/containers: Emit lifecycle event on user shutdown
  • lxd/storage/drivers: Adds OptimizedBackups driver Info flag
  • lxd/backup: Ignore requests for optimized backups when pool driver doesn't support it
  • lxd/instances/post: Ensure optimized backup imports only import into same storage driver pools
  • lxd/instance/exec: Adds protection against clients reconnecting after exec has started
  • doc: Fix escaping
  • lxd/cluster: Tweak errors
  • api: clustering_edit_roles
  • shared/api: Add ClusterMemberPut
  • lxd/cluster: Make ClusterMember editable
  • client: Add UpdateClusterMember
  • lxc/cluster: Add edit sub-command
  • i18n: Update translation templates
  • lxd/firewall/drivers/drivers/consts: Adds FilterIPv6All constant
  • cgroup/init: close controllers file
  • doc/networks: Add missing maas.subnet.ipv4/maas.subnet.ipv6
  • scripts/bash: Add maas.subnet.ipv4/maas.subnet/ipv6 to network
  • client: Fix bad description for UpdateClusterMember
  • lxd/device/nic/bridged: Allow security.ipv6_filtering to be used on networks without IPv6
  • lxd/firewall/drivers/drivers/xtables: Adds FilterIPv6All support
  • lxd/firewall: Dont use compact function arg definitions
  • lxd/firewall/drivers/drivers/nftables: Adds FilterIPv6All support
  • lxd/network/network/utils: Adds support for bridged NIC network property when rebuilding dnsmasq static config
  • lxd/network/network/utils: Comment consistency
  • lxd/device/nic/bridged: Allow security.ipv4_filtering to be used on networks without IPv4
  • lxd/firewall/drivers/drivers/consts: Adds FilterIPv4All constant
  • lxd/firewall/drivers/drivers/xtables: Adds Adds FilterIPv4All support
  • lxd/firewall/drivers/drivers/nftables: Adds FilterIPv4All support
  • test: Adds bridged NIC tests for total protocol filtering
  • lxd/device/nic: Adds ipv4.host_address and ipv6.host_address keys
  • lxd/device/nic/routed: Adds ability to specify host-side veth interface IP address
  • api: Adds container_nic_routed_host_address API extension
  • doc/instances: Updates routed nic doc with ipv4.host_address and ipv6.host_address keys
  • scripts/bash/lxd-client: Updates bash device keys for routed NIC
  • lxd/device/nic/ipvlan: Adds ipv4.gateway and ipv6.gateway support
  • api: Adds container_nic_ipvlan_gateway API extension
  • doc/instances: Adds ipvlan ipv4.gateway and ipv6.gateway docs
  • lxd/device/nic/routed: Sets accept_ra=0 on host interface
  • lxc: Fix for current cobra
  • lxd/device/nic_routed: Don't fail on missing IPv6
  • lxd/device/nic_routed: Set rp_filter=1
  • forkexec: rework
  • forkexec: tweak
  • lxd/firewall/firewall/interface: Adds InstanceSetupRPFilter and InstanceClearRPFilter
  • lxd/firewall/drivers/drivers/xtables: Improves proxy NAT rule removal errors
  • lxd/firewall/drivers/drivers/xtables: Renames iptablesConfig to iptablesAdd
  • lxd/firewall/drivers/drivers/xtables: Implements reverse path filters
  • lxd/device/nic/routed: Applies firewall based reverse path filter for IPv4 and IPv6
  • lxd/storage/drivers/ceph: Re-create image snapshot
  • lxd/storage/drivers: Update comment on readonly snapshot
  • lxd/firewall/drivers/drivers/nftables: Implements reverse path filters
  • shared/instancewriter/instance/tar/writer: Adds ignoreGrowth arg to WriteFile
  • lxd/storage/drivers/generic/vfs: Sets ignoreGrowth arg true in WriteFile usage
  • lxd: Existing WriteFile usage updated to set ignoreGrowth to false
  • lxd/device/nic/bridged: Disables IPv6 on bridged host side interface
  • lxd/exec: Fix forwarding for VMs
  • lxd: Rename forwarding functions
  • i18n: Update translations from weblate
  • lxd/networks: Fix network leases list for instances using "network" option
  • lxd/instance/drivers/driver/qemu: Restart on failure
  • shared/idmap: Better root fallback
  • lxd/instance/drivers/driver/qemu: Fixes dependencies for lxd-agent
  • lxd-agent/main/agent: Better logging
  • shared/version/api: Add resources_usb_pci API extension
  • doc: Add resources_usb_pci
  • shared/api: Add USB and PCI resources
  • shared/usbid: Add USB vendor and devices
  • lxd/resources: Add USB resource
  • lxd/resources: Add PCI resource
  • test/suites/static_analysis: Skip shared/usbid/load_data.go

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

Binary builds are also available for:

  • Linux: snap install lxd
  • MacOS: brew install lxc
  • Windows: choco install lxc

LXD 3.23 has been released

20th of March 2020

Introduction

The LXD team is very excited to announce the release of LXD 3.23!

This should be the last release of the 3.x series with LXD 4.0 planned to be released next week with very minimal changes on top of that (a few backward-incompatible CLI tweaks).

This is also a rather feature packed release, especially for those using custom storage volumes, projects or virtual machines.

Enjoy!

Highlights

Custom storage volumes in projects

A new project feature (features.storage-volumes) is now available to all new projects and ties custom storage volumes to the project.

This allows projects to have their own separate set of custom storage volumes without risk of conflicts. When combined with Canonical RBAC, this also now properly isolates storage between diferent projects.

stgraber@castiana:~$ lxc storage volume list default | grep custom
+--------+----------+-------------+---------+
|  TYPE  |   NAME   | DESCRIPTION | USED BY |
+--------+----------+-------------+---------+
| custom | backups  |             | 1       |
+--------+----------+-------------+---------+
| custom | blah     |             | 0       |
+--------+----------+-------------+---------+
| custom | images   |             | 1       |
+--------+----------+-------------+---------+

stgraber@castiana:~$ lxc project create blah
Project blah created
stgraber@castiana:~$ lxc project switch blah

stgraber@castiana:~$ lxc storage volume create default foo
Storage volume foo created
stgraber@castiana:~$ lxc storage volume list default | grep custom
+--------+------+-------------+---------+
|  TYPE  | NAME | DESCRIPTION | USED BY |
+--------+------+-------------+---------+
| custom | foo  |             | 0       |
+--------+------+-------------+---------+
stgraber@castiana:~$

Schedule snapshots for custom storage volumes

Similar to instances, the snapshots.schedule and snapshots.pattern configuration keys are now available to custom volumes too.

They can be set directly using lxc storage volume set POOL VOL KEY VALUE.

Expiry for custom storage volumes

With automatic snapshots now being possible on custom storage volumes, an expiry mechanism is a good idea. Matching what's available in instances, this can be configured through snapshots.expiry.

Editing the expiry on existing snapshots can be done with lxc storage volume edit POOL VOL/SNAP.

Limits for projects

Some limits can now be applied on a per-project basis. The limits available at this time are:

  • limits.containers for the total number of containers allowed
  • limits.virtual-machines for the total number of virtual-machines allowed
  • limits.cpu for the number virtual CPUs that may be used
  • limits.memory for the total amount of memory that can be given
  • limits.processes for the total number of processes that can be used

Note that the last 3 require all instances in the project to have the matching configuration key set on them. The limit applies to the total configured limit on the instances rather than to the live usage.

Restrictions for projects

Additionally, some feature restrictions can now be applied to projects too.

The full list of options can be found at https://linuxcontainers.org/lxd/docs/master/projects

This is designed so that marking a project as restricted using restricted=true should default to it being safe for untrusted users. Restrictions can then be relaxed to allow potentially more dangerous or less confined configuration and devices.

Combined with Canonical RBAC, this can be used to run a shared LXD server or cluster with mostly untrusted users having the ability to spawn containers and virtual-machines wihout effectively having to trust them with full privileges on the hosts.

Improved backup/export logic

The backup/export logic as used by lxc export has been updated to reduce the amount of disk space needed during an export. The container files are now directly written to the compressed tarball, without any intermediate copy being made on disk.

This should significantly reduce the amount of disk space used by an export as well as speed up the process quite a bit.

VM: Support for migration

Virtual machines can now be copied and moved between local storage pools as well as to remote LXD servers.

Note that this is only "cold" migration, that is, virtual machines must be stopped prior to being moved. Live migration is planned for a later stage.

VM: Support for publishing

It is now possible to lxc publish a virtual machine, resulting in a functional image which can be used to spawn more virtual machines or transfer it to another server.

While this all works like it does for containers, we do have to highlight the fact that virtual machine disks are much larger than containers and as our images require the disk be repacked to qcow2 during the publishing process, you will need a significant amount of free disk space on the system in order to handle large virtual machines.

Complete changelog

Here is a complete list of all changes in this release:

  • lxd/storage/zfs: Fix usage calculation
  • Add go 1.14.x check
  • lxd: Cleanup error messages
  • lxd: Rename container files to instance
  • tests: Update for rename
  • production-setup: add net.core.bpf_jit_limit and kernel.keys.maxbytes
  • doc/instances: Adds missing host_name key on routed nic device
  • doc/instances: Documents ipv4.gateway and ipv6.gateway routed NIC keys
  • lxd/device/device/utils/network: Adds NetworkValidGateway helper
  • lxd/device/nic: Adds ipv4.gateway and ipv6.gateway validation
  • lxd/device/nic/routed: Adds support for not adding automatic default gateway
  • api: Adds extension container_nic_routed_gateway
  • lxd/util/fs: Fixes go vet conversion from int64 to string yields a string of one rune error
  • lxd/device/disk: Only unmounts non-root volumes attached
  • lxd/daemon: Adds comment to AllowAuthenticated
  • lxc/storage/volumes: Adds API permission check for permission "manage-storage-volumes"
  • lxd/project/project: Comment tweak to Instance()
  • lxd/project/project: Adds StorageVolume()
  • lxd/project/project/test: Adds StorageVolume() test
  • lxd/project/project: Adds StorageVolumeParts function
  • lxd/project/project: Adds StorageVolumeProject function
  • lxc/project: Adds STORAGE VOLUMES col to projects list
  • doc/projects: Documents features.storage.volumes flag
  • lxd/api/project: Adds features.storage.volumes to API
  • lxd/db/migration: Adds features.storage.volumes true to default project on importPreClusteringData
  • lxd/db/cluster/open: Adds features.storage.volumes true to default project in EnsureSchema
  • scripts/bash/lxd-client: Adds features.storage.volumes to bash autocomplete
  • lxd/daemon/storage: Error message quoting
  • lxd/daemon/storage: Updates storage custom volume functions to pass project.Default
  • lxd/daemon/storage: Adds support for custom volume projects
  • lxd/device/disk: Updates custom volume disks to support projects
  • lxd/patches: Updates patchStorageApiPermissions to use project.Default for custom volumes
  • lxd/storage/backend/mock: Updates custom volume signatures to support projectName
  • lxd/storage/pool/interface: Updates custom volume functions to support projectName
  • lxd/storage/volumes: Error message quoting and comment tweaks
  • lxd/storage/volumes: Improve volume type checks
  • lxd/storage/volumes: Add custom volume project support
  • lxd/storage/volumes: Migration project aware
  • lxd/storage/volumes/snapshots: Improve volume type validation
  • lxd/storage/volumes/snapshot: Error message quoting
  • lxd/storage/volumes/snapshot: Adds project support for custom volumes
  • lxd/storage/backend/lxd: Updates custom volume functions to support projects
  • lxd/db/storage/pools: Removes incorrect assumption about custom vol projects in storagePoolVolumeGetType
  • lxd/db/storage/pools: Comment and error msg tweaks
  • lxd/db/storage/pools: Removes incorrect filter for project default when vol type is StoragePoolVolumeTypeCustom
  • lxd/db/storage/pools: Updates StoragePoolVolumeSnapshotsGetType to filter by project
  • lxd/db/storage: Removes StoragePoolNodeVolumeGetType
  • lxd/db/storage: Fixes StoragePoolVolumeSnapshotsGetType to be project aware
  • lxd/patches: Switches to using storageDrivers.GetVolumeMountPath
  • lxd/storage/storage: Removes unused GetStoragePoolVolumeMountPoint
  • lxd/api: Updates projectParam to use project.Default
  • lxd: project.Default usage
  • lxd/images: Comment weaks
  • lxd/images: golint fixes
  • lxd/project/limits: Default const usage
  • lxd/storage/load: Adds support for custom vol projects to volIDFuncMake
  • lxd/storage/load: Error msg quoting tweaks
  • lxd/storage/volumes/utils: Error msg tweaks
  • lxd/storage/volumes/utils: Removes unused supportedVolumeTypesExceptImages
  • lxd/storage/volumes/utils: Updates storagePoolVolumeUpdateUsers to be project aware
  • lxd/storage/volumes/utils: Removes storagePoolVolumeUsedByRunningInstancesWithProfilesGet and old link var
  • lxd/container: Removes unused function instanceLoadAll
  • lxd/storage/backend/lxd: Updates use of database functions to use projectName
  • lxd/storage/utils: Adds VolumeUsedByRunningInstancesWithProfilesGet and removes old link var
  • lxd/storage/utils: Makes VolumeSnapshotsGet project aware
  • lxd/storage/utils: Makes VolumeUsedByInstancesGet project aware
  • lxd/migrate/storage/volumes: Makes custom volume project aware
  • lxd/storage/backend/lxd: b.state.Cluster.StoragePoolNodeVolumeGetTypeByProject usage
  • lxd/storage/backend/lxd: Updates migration functions to be project aware
  • lxd/storage/backend/mock: Updates migration functions to be storage aware
  • lxd/storage/pool/interface: Updates migration functions to be project aware
  • test: Updates tests for custom storage volume projects
  • lxd/db/storage/pools: Makes StoragePoolNodeVolumesGetType project aware
  • lxd/db/storage/pools: Removes StoragePoolNodeVolumeGetTypeID function
  • lxd/patches: StoragePoolNodeVolumeGetTypeIDByProject usage
  • lxd/patches: Improves error messages context
  • lxd/storage/backend/lxd/patches: Adds custom volume rename patch to add project prefix
  • lxd/storage/drivers/utils: Captures error context from e2fsck
  • lxd/storage/drivers/utils: Dont use TryCommand when resizing
  • i18n: Update translation templates
  • lxd: Replaces == "true" with shared.IsTrue() for projects and profiles
  • lxc: Replaces == "true" with shared.IsTrue() for project features
  • lxd/firewall: Don't create zombies
  • lxd/patches: Adds concept of stage to patch system
  • lxd/daemon: Applies pre daemon storage patches
  • lxd/storage/backend/lxd/patches: Skip already renamed volumes
  • lxd/db/images: Removes unnecessary whitespace
  • lxd/db/images: Updates ImagesGetExpired to return ExpireImage struct with projectName
  • lxd/images: Updates pruneExpiredImages to support removing expired images from non-default projects
  • driver_qemu: delete vm id from vmConsole
  • ExecReaderToChannel: Prevent endless loops
  • lxd/daemon/storage: Removes daemonStorageUsed function
  • lxd/storage/utils: Adds VolumeUsedByDaemon function
  • lxd: storagePools.VolumeUsedByDaemon usage
  • lxd/storage/backend/lxd/patches: Adds daemon storage symlink update to lxdPatchStorageRenameCustomVolumeAddProject
  • lxd/firewall/nft: Flush chain on delete
  • lxd/firewall/nft: Handle json errors
  • lxd/firewall/nft: Refuse to run on old kernels
  • lxd/project: Rename limits.go to permissions.go
  • shared/util/linux: Updates ExecReaderToChannel to accept a finisher chan as struct{}
  • lxd-agent/exec: Updates usage of ExecReaderToChannel channel definitions
  • shared/network: Removes logging internal state of websocket in WebsocketRecvStream
  • shared/netutils/network/linux: Updates WebsocketExecMirror to use struct{} exited indicator channel
  • lxd/instance/exec: Fixes VM read loop when agent not started
  • lxd/project: Rename CheckLimitsUponInstanceCreation to AllowInstanceCreation
  • lxd/project: Rename CheckLimitsUponInstanceUpdate to AllowInstanceUpdate
  • lxd/project: Rename CheckLimitsUponProfileUpdate to AllowProfileUpdate
  • lxd/project: Rename ValidateLimitsUponProjectUpdate to AllowProjectUpdate
  • lxd/project: Rename checkAggregateInstanceLimits to checkRestrictionsAndAggregateLimits
  • lxd/project: Extract checkAggregateLimits from checkRestrictionsAndAggregateLimits
  • lxd/project: Honor the "restricted.containers.nesting" config
  • lxd/project: Prevent using low-level container options
  • lxd/project: Check if restrictions are consistent when updating a project config
  • lxd/project: Honor the "restricted.containers.lowlevel" config
  • lxd/project: Honor the "restricted.containers.privilege" config
  • lxd/project: Also expand instance devices
  • lxd/project: Add machinery to perform checks on instance devices
  • lxc/project: Honor the "restricted.devices.unix-char" config
  • lxd/project: Perform restrictions checks also on profiles config and devices
  • lxc/project: Honor the "restricted.devices.unix-block" config
  • lxc/project: Honor the "restricted.devices.unix-hotplug" config
  • lxc/project: Honor the "restricted.devices.infiniband" config
  • lxc/project: Honor the "restricted.devices.nic" config
  • lxd/project: Honor the "restricted.devices.disk" config
  • lxc/project: Honor the "restricted.devices.gpu" config
  • lxc/project: Honor the "restricted.devices.usb" config
  • lxc/project: Honor the "restricted.virtual-machines.lowlevel" config
  • lxd/project: Pass current configuration to AllowInstanceUpdate
  • lxd/project: Check restrictions for volatile config keys
  • lxd/project: Adjust import order
  • lxd/project: Drive-by lint fixes
  • api: Add new restrict.* config keys to projects
  • shared/version: Add "projects_restrictions" API extension
  • doc/projects.md: Document project restrictions
  • test: Add projects restrictions tests
  • scripts: Update bash completion profile with new project config keys
  • lxd/images: Allow virtual-machine and instance as source
  • lxd/images: Set right image type on publish
  • lxd/vm: Implement Export
  • lxd/instance: Fix expiry check
  • lxd/storage: Unpack unified VM images
  • lxd/migration: Rebuilds migrate.pb.go
  • lxd/migration: Adds BLOCK_AND_RSYNC migration transport type
  • lxd/instances/post: Adds VM support to createFromMigration
  • lxd/migrate/instance: Adds VM support to migrationSourceWs.Do
  • lxd/rsync: Adds support for passing arguments to rsync send command
  • lxd/storage/drivers/utils: Error quoting
  • lxd/storage/drivers/driver/common: Updates MigrationTypes to support block volumes for VMs
  • lxd/storage/drivers/driver/dir/volumes: Updates migration to support VMs
  • lxd/storage/drivers/driver/dir/utils: Skips initial quota for VM block migration
  • lxd/storage/drivers: Switches to ErrNotSupported for non-block volume paths
  • lxd/storage/drivers/generic/vfs: Adds VM migration support to genericVFSMigrateVolume
  • lxd/storage/drivers/generic: Adds VM migration support to genericCreateVolumeFromMigration
  • lxd/storage/drivers: Removes dupe checks using genericVFSMigrateVolume
  • lxd/storage/drivers/generic: Adds volume type specific migration transport type checks
  • lxd/storage/drivers/driver/lvm/volumes: Removes dupe check done in genericCreateVolumeFromMigration
  • lxd/migrate/storage/volumes: whitespace
  • lxd/storage/drivers/driver/btrfs: Adds block migration negotiation
  • lxd/storage/drivers/driver/btrfs/volumes: Adds VM migration support
  • lxd/storage/backend/lxd: Improve delete error messages
  • lxd/storage/utils: Adds FallbackMigrationType function
  • lxd: Replaces hardcoded instances of migration.MigrationFSType_RSYNC
  • lxd/storage/drivers/driver/zfs: Adds block migration negotiation
  • lxd/storage/drivers/driver/zfs/volumes: Adds VM migration support
  • lxd/storage/drivers/driver/ceph: Adds block migration negotiation support
  • lxd/storage/drivers/driver/ceph/volumes: Adds VM migration support
  • lxd/migrate/instance: Prevent live migrations for VMs
  • lxd: Add "instance" string where necessary
  • lxd/instances/snapshot: Fix expiration in profiles
  • lxd/images: Fix source type handling
  • lxc/export: Make API call more correct
  • lxd/storage/drivers/driver/btrfs/volumes: Dont activate quotas if not used
  • lxd/storage/drivers/driver/ceph/volumes: Adds VM block resize support
  • doc/security: Adds network security section
  • lxd: Unexport NewMigrationSource
  • lxd/storage: Fix crash on VM unpack
  • lxd: Unexport NewDaemon
  • lxd: Unexport RestServer
  • lxd: Unexport DefaultDaemonConfig and DefaultDaemon
  • lxd: Unexports AllowAuthenticated and AllowProjectPermission
  • lxd: Unexports DevLxdServer
  • lxd: Unexports daemon feature functions
  • lxd: Unexports migration setup functions
  • lxd: Unexports forwarded response helpers
  • client: Removes nullReadWriteCloser
  • client: Removes unused proxyInstanceMigration function
  • lxc-to-lxd: Removes unused vars
  • lxc-to-lxd: Removes unused connectTarget
  • lxc-to-lxd: Removes unused setupSource
  • lxd/cluster: Removes unused flagForce
  • lxc: Removes unused profile
  • lxc/console: Removes unused getStdout
  • lxd-agent: Removes unused rootUID and rootGID
  • lxc: Removes unused func showByDefault
  • lxd/cgroup: Removes unused cgCgroup2SuperMagic
  • lxd-agent: Unexports NewDaemon
  • memory_utils: align lxc + lxd
  • tree-wide: consistently initialize raw fds to -EBADF instead of -1 in cgo
  • lxd/storage/ceph: Fix ext4 shrinking
  • lxc/remote: Use helpers
  • lxc/remote: Validate remote name
  • i18n: Update translation templates
  • doc: Update requirements
  • lxd/init: Don't offer dir as a remote backend
  • lxc/config: Fix behaviour of instance snapshot expiry
  • db/cluster: Bump the value of sqlite_sequence for storage_volumes
  • po: Update translations
  • shared/version/api: Add custom_volume_snapshot_expiry extension
  • doc: Add custom_volume_snapshot_expiry
  • lxd/db: Add expiry_date to storage_volumes_snapshots
  • shared/api: Add expiry fields to StorageVolumeSnapshot*
  • lxd/storage: Add expiry to volume snapshot pool functions
  • lxd: Add snapshots.expiry config key for storage volumes
  • lxd/db: Add custom volume snapshot functions
  • lxd: Handle volume snapshot expiry
  • lxd/storage: Add expiry date to VolumeDBCreate
  • lxd/storage: Update expiry date when updating volume snapshots
  • lxd/db: Add ProjectName to StorageVolumeArgs
  • lxd/db: Add new OperationCustomVolumeSnapshotsExpire
  • lxd/db: Add StorageVolumeSnapshotsGetExpired
  • lxd: Remove expired custom volume snapshots
  • *: Remove snapshot code from StoragePoolVolumeCreate
  • lxc: Add --no-expiry for volume snapshots
  • test: Add volume snapshot expiry test
  • doc: Add keys to volume config
  • po: Update translations
  • lxd/storage/drivers/driver/lvm/volumes: Fixes LVM VM snapshot list
  • lxd/cluster: Ignore CEPH custom volumes on removal
  • shared/version: Add volume_snapshot_scheduling API extension
  • lxd/storage: Add snapshots.* config keys
  • lxd/db: Extend StorageVolumeArgs
  • lxd: Support patterns in StorageVolumeNextSnapshot
  • lxd/db: Add StoragePoolVolumesGetAllByType
  • lxd: Add volume snapshot scheduling
  • doc: Add volume snapshot scheduling
  • lxd: Clean up logging for expired volume snapshots
  • doc/networks: describe how to notify systemd-resolved of lxd nameserver
  • lxd/storage/utils: Add missing comments
  • lxd/storage/utils: Add forceRemoveAll
  • lxd/storage/dir: Use forceRemoveAll
  • lxd/api/cluster/test: Removes unused DISABLED_TestCluster_Failover
  • lxd/api/cluster/test: Removes unused FLAKY_TestCluster_LeaveAndPromote
  • lxd/cluster/gateway: Removes unused cachedRaftNodes
  • lxd/cluster/heartbeat/test: Removes unused DISABLE_TestHeartbeat_MarkAsDown
  • lxd/cluster/membership/test: Removes unused FLAKY_TestPromote
  • lxd/db/containers: Removes unused snapshotIDsAndNames
  • lxd/db/db/internal/test: Removes unused dir var
  • lxd/db/testing: Removes unused var
  • lxd/device/device/utils/unix: Removes unused unixDeviceInstanceAttributes
  • lxd/device/nic/bridged: Removes unused dhcpAllocation
  • lxd/firewall: Removes unused constants
  • lxd/instance/drivers/driver/lxc: Removes unused cgroup2 var
  • lxd/main/forkproxy: Removes unused udpConn var
  • lxd/storage/drivers/driver/common: Removes unused load
  • shared/generate/file/buffer: Removes unused varDeclSliceToString
  • shared/generate/db/parse: Removes unused simpleTypeNames
  • shared/generated/file/path: Removes unused absPath
  • lxd/db/node: Tweaks LEFT JOIN to just JOIN in NodeIsEmpty()
  • lxd/sys: Don't fail chmod on unresolvable symlinks
  • shared/containerwriter: Renames to instancewriter
  • lxd/instance/drivers: instancetarwriter usage
  • shared/instancewriter/instance/tar/writer: Modifies WriteFile to accept a file name arg
  • shared/instancewriter/instance/tar/writer: Adds ResetHardLinkMap function
  • lxd/instance/drivers: instancetarwriter.WriteFile name arg usage
  • lxd/db/containers: Renames ContainerBackupCreate and ContainerBackupRemove
  • i18n: Update translations from weblate
  • lxd/backup: Removes backupCreateTarball function
  • lxd/backup: Updates instance backup to use tar writer rather than tar cmd
  • lxd/backup: InstanceBackupRemove usage
  • lxd/storage/drivers/utils: Minor tweak to copyDevice error message
  • lxd/stroage/drivers/generic: Tweak error message of genericCreateVolumeFromMigration
  • lxd/storage/drivers/generic/vfs: Switches genericVFSBackupVolume to tar writer
  • lxd/images: Fixes unhandled error
  • lxd/storage/backend/lxd: Adds tarWriter to BackupInstance function
  • lxd/storage/backend/mock: Adds tarWriter to BackupInstance function
  • lxd/storage/drivers/driver/ceph/volumes: Adds tarWriter arg to BackupVolume
  • lxd/storage/drivers/driver/cephfs/volumes: Adds tarWriter arg to BackupVolume
  • lxd/storage/drivers/driver/dir/volumes: Adds tarWriter arg to BackupVolume
  • lxd/storage/drivers/driver/lvm/volumes: Adds tarWriter arg to BackupVolume
  • lxd/storage/drivers/drivers/mock: Adds tarWriter arg to BackupVolume
  • lxd/storage/drivers/interface: Adds tarWriter arg to BackupVolume
  • lxd/storage/pool/interace: Adds tarWriter arg to BackupInstance
  • lxd/storage/drivers/driver/btrfs/volumes: Adds tarWriter arg to BackupVolume
  • lxd/storage/drivers/driver/zfs/volumes: Adds tarWriter arg to BackupVolume
  • lxd/internal: Log some memory stats
  • shared: Drop Pipe function
  • lxd/containers: Add configfs and tracefs
  • btrfs quota to simulate total disk size

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

Binary builds are also available for:

  • Linux: snap install lxd
  • MacOS: brew install lxc
  • Windows: choco install lxc

LXD 3.22 has been released

6th of March 2020

Introduction

The LXD team is very excited to announce the release of LXD 3.22!

This release comes with quite a few improvements for containers and virtual machines alike. The addition of the nftables support also makes it much more compatible with some modern Linux distributions that have now switched away from xtables.

Somewhat separate from this release, we have also now added quite a few VM images to our image server. You'll now find VM images for Ubuntu, Debian, Fedora, CentOS, OpenSUSE and ArchLinux.

Enjoy!

Highlights

Resource limits for projects

Projects grew a new set of configuration keys that can be used to restrict the amount of resources used by a project:

  • limits.containers
  • limits.virtual-machines
  • limits.cpu
  • limits.memory
  • limits.processes

There are a few special restrictions that apply when using the limits for cpu, memory or processes. More details can be found here: https://linuxcontainers.org/lxd/docs/master/projects#project-limits

nftables backend for firewalling

Recent LXD releases introduced an internal abstraction layer for firewalling requests. This covers anything from LXD networks firewalling and NAT, proxy devices for containers, IP and MAC filtering, ...

With this release of LXD, a new backend, nft joins our existing xtables implementation. On startup, LXD will detect which is currently in use by your system and then go on using that one.

The existing backend can be found in lxc info.

stgraber@castiana:~$ lxc info | grep firewall:
  firewall: nftables

Container: Hugepages in unprivileged containers

It is now possible to allow unpriivleged containers access to hugepages. This is done with two things:

  • Mount interception of the hugetlbfs filesystem
  • New limits for hugepages

A configuration on x86_64 would look something like:

  • security.syscalls.intercept.mount=true
  • security.syscalls.intercept.mount.allowed=hugetlbfs
  • limits.hugepages.1MB=1GB

Note the the allocation of hugepages is in addition to whatever regular memory the container already has access too. Also note that similar to other limits, not setting the limit will allow an unlimited amount of hugepages to be used.

root@edfu:~# lxc init ubuntu:18.04 c1
Creating c1
root@edfu:~# lxc config set c1 security.syscalls.intercept.mount true
root@edfu:~# lxc config set c1 security.syscalls.intercept.mount.allowed hugetlbfs
root@edfu:~# lxc config set c1 limits.hugepages.2MB 1GB
root@edfu:~# lxc start c1

root@edfu:~# lxc exec c1 bash
root@c1:~# mkdir /dev/hugepages ; mount -t hugetlbfs hugetlbfs /dev/hugepages
root@c1:~# ls -lh /dev/hugepages/
total 0

VM: Support for 9p disk devices

One long awaited feature of LXD virtual machines was the ability to pass arbitrary paths from the host into the virtual machine.

LXD 3.22 now supports that through a combination of logic in LXD itself and in the agent.

This can then be used by both containers and virtual machines through profiles.

root@edfu:~# lxc profile create shared-data
Profile shared-data created
root@edfu:~# lxc profile device add shared-data home disk source=/home path=/mnt/home
Device home added to shared-data
root@edfu:~# lxc profile device add shared-data srv disk source=/srv path=/mnt/srv
Device srv added to shared-data

root@edfu:~# lxc launch images:fedora/31 f31-ctn -p default -p shared-data
Creating f31-ctn
Starting f31-ctn
root@edfu:~# lxc launch images:fedora/31 f31-vm -p default -p shared-data --vm
Creating f31-vm
Starting f31-vm

root@edfu:~# lxc exec f31-ctn -- df -ah | grep /mnt
/dev/sdb1                   220G   12G  197G   6% /mnt/home
/dev/sdb1                   220G   12G  197G   6% /mnt/srv
root@edfu:~# lxc exec f31-vm -- df -ah | grep /mnt
lxd_home        220G   12G  197G   6% /mnt/home
lxd_srv         220G   12G  197G   6% /mnt/srv

VM: File templating support

The template files in images are now used for virtual machines too. The templates are rendered by LXD on the host using the metadata available in the configuration, the rendered files are then passed on to the agent for installation into the virtual machine.

Adding templates to custom images now works identicallty to containers and can be seen in use by our own VM images on the images: remote.

Complete changelog

Here is a complete list of all changes in this release:

  • lxc-to-lxd: golint fix
  • lxd/cluster: golint fixes
  • lxd/migration: golint fixes
  • shared/containerwriter: golint fixes
  • shared/generate: golint fixes
  • shared/netutils: golint fixes
  • tests: Update golint list
  • shared: Fix HostPathFollow for stdin/stdout
  • Allow build with GNU Make 4.3
  • add mips architectures
  • doc: tweak markdown format
  • lxd/vm: Use -sandbox
  • lxd/firewall/firewall/interface: Adds String() and Compat()
  • lxd/network/network: Handle errors during firewall setup
  • lxd/firewall/drivers/drivers/xtables: Changes XTables to Xtables for consistency
  • lxd/firewall/drivers/drivers/xtables: Better validation in InstanceSetupProxyNAT
  • lxd/firewall/drivers/drivers/xtables: Adds String() and Compat()
  • lxd/firewall/firewall/load: Detect which firewall driver to use
  • lxd/daemon: Log which firewall driver as selected
  • api: API extension firewall_driver
  • lxd/firewall/drivers/drivers/nftables: Adds nftables driver
  • test: Updates container devices nic bridged filtering tests for nftables
  • test: Updates proxy tests for nftables
  • add riscv architecture definitions
  • rv->riscv
  • correct mips names (le->el), no aliases required
  • lxd/storage/backend/lxd: Adds logging for CreateInstanceFromBackup post hook
  • lxd/storage/backend/lxd: Refuse to create storage pool if dir exists on disk
  • as the kernel only reports mips/mips64, specify 32 and 64bit arch and el as aliases
  • lxd/main/import: Adds --project flag support to lxd import
  • lxd/api/internal: Updates error messages in internalImport
  • shared/util: Fix relative paths in HostPathFollow
  • lxd/api/internal: Removes duplicate storage package import
  • lxd/storage: Adds InstanceImportingFilePath function
  • lxd/api/internal: storagePools.InstanceImportingFilePath usage
  • lxd/container/lxc: storagePools.InstanceImportingFilePath usage
  • lxd/api: projectParam comments
  • lxd/api/internal: Uses StoragePoolNodeVolumeGetTypeByProject for project support
  • lxd/storage/drivers/driver/lvm: Adds lvm.vg.force_reuse config option
  • lxd/storage/pools/config: Adds lvm.vg.force_reuse option
  • doc/api: Adds API extension storage_lvm_vg_force_reuse
  • doc/storage: Adds lvm.vg.force_reuse option to storage pool config
  • lxd/images: Removes hardcoded default project arg for ImageGet in autoUpdateImage
  • lxd/images: Golint and comments
  • lxd/instances: Pick correct default type from URL
  • lxd/db: Set ceph.user.name if missing
  • lxd/vm: Fix disk files and snap
  • lxd/db: Fix ceph username in patch
  • lxd/db: Revert 3da5aea1 fix, since in turn testify reverted the change
  • lxd/db: un-export StorageVolumeNodeGet
  • lxd/db: un-export StoragePoolVolumesGetType
  • lxd/db: un-export StoragePoolVolumeGetTypeID
  • lxd/db: un-export StoragePoolVolumeGetType
  • lxd/db: un-export StorageVolumeConfigGet
  • lxd/db: un-export StoragePoolVolumeTypeToName
  • lxd/db: un-export StorageVolumeDescriptionUpdate
  • lxd/db: un-export StorageVolumeConfigAdd
  • lxd/db: un-export StorageVolumeConfigClear
  • lxd/db/cluster: add new storage volume snapshots table
  • lxd/db/cluster: drop snapshot column from storage_volumes table
  • lxd/db/cluster: add storage_volumes_all view
  • lxd/db/schema: include triggers when generating SQL for fresh schemas
  • lxd/db/cluster: add triggers to check that volume IDs don't overlap
  • lxd/db: change StoragePoolVolumeSnapshotsGetType to query the snapshots table
  • lxd/db: change StorageVolumeNextSnapshot to query the snapshot table
  • lxd/db: update StorageVolumeNodeAddresses to use storage_volumes_all
  • lxd/db: update storagePoolVolumeGetTypeID to use storage_volumes_all
  • lxd/db: update storageVolumeNodeGet to use storage_volumes_all
  • lxd/db: update StorageVolumeDescriptionGet to use storage_volumes_all
  • lxd/db: update storageVolumeIDsGet to use storage_volumes_all
  • lxd/db: update StoragePoolVolumesGetNames to use storage_volumes_all
  • lxd/db: update StoragePoolVolumesGet to use storage_volumes_all
  • lxd/db: update storagePoolVolumesGetType to use storage_volumes_all
  • lxd/db: update InstancePool to use storage_volumes_all
  • lxd/db: update instancePoolSnapshot to use storage_volumes_all
  • lxd/db: make StoragePoolVolumeDelete differentiate between regular volumes and snapshots
  • lxd/db: make storageVolumeConfigGet differentiate between regular volumes and snapshots
  • lxd/db: make storageVolumeDescriptionUpdate differentiate between regular volumes and snapshots
  • lxd/db: make storageVolumeConfigAdd differentiate between regular volumes and snapshots
  • lxd/db: make storageVolumeConfigClear differentiate between regular volumes and snapshots
  • lxd/db: make StoragePoolVolumeRename differentiate between regular volumes and snapshots
  • lxd/db: consider snapshots in StorageVolumeMoveToLVMThinPoolNameKey
  • lxd/db: add ClusterTx.storagePoolVolumeGetTypeID() method
  • lxd/db: make StoragePoolVolumeCreate differentiate between regular volumes and snapshots
  • lxd/db: no need to update snapshot names in ContainerNodeMove
  • lxd/db: copy volume snapshots in StoragePoolNodeJoinCeph
  • lxd: no need to rename snapshot volumes when renaming a container
  • lxd/db/cluster: migrate existing volume snapshots to the new table
  • tests: some runs of "lxd import" don't fail anymore due to improved data integrity
  • lxd/logging: Handle projects in log expiry
  • doc: Fix escaping
  • shared/api: Fix ServerEnvironment ordering
  • lxd/vm: Fix snapshots
  • lxd/storage/ceph: Fix leftover rbd
  • lxd/storage/ceph: Fix zombie handling
  • lxd/init: Use new network syntax
  • tests: Check UUIDs while running
  • Increase timeout of standalone SQL statements
  • lxd/storage/ceph: Improve error reporting on map
  • lxd/containers: Have findIdmap look at projects
  • lxd/storage: Remove legacy dir implementation
  • lxd/storage: Remove legacy btrfs implementation
  • lxd/storage: Remove legacy zfs implementation
  • lxd/storage: Remove legacy lvm implementation
  • lxd/storage: Removes unused getPoolMountLockID
  • lxd/storage/pools/utils: Comment on storagePoolDBCreate
  • lxd/api/internal: Removes legacy storage pool loading
  • lxd/api/internal: Consistent comment style
  • lxd/api/internal: Stops using backup pkg name as variable
  • lxd/api/internal: Switches internalImport to use pool.CheckInstanceBackupFileSnapshots
  • lxd/storage/pool/interface: Adds CheckInstanceBackupFileSnapshots
  • lxd/storage/errors: Adds ErrBackupSnapshotsMismatch error
  • lxd/storage/backend/mock: Adds CheckInstanceBackupFileSnapshots
  • lxd/storage/backend/lxd: Adds CheckInstanceBackupFileSnapshots implementation
  • lxd/patches/utils: Removes unused functions
  • lxd/api/internal: Adds sanity check for instance name in internalImport
  • lxd/backup: Have tar not transform symlink targets
  • lxd/storage/drivers/driver/lvm/volumes: Updates VolumeSnapshots to use lvs for snapshot list
  • lxd/backup: Removes old storage loader
  • lxd/container/lxc: Removes old storage loader
  • lxd/storage: Removes unused storagePoolVolumeContainerCreateInit
  • lxd/container: Removes old storage loader
  • lxd/containers/post: Removes old storage loader
  • lxd/daemon/storage: Consistent comment ending
  • lxd/daemon/storage: Removes old storage loader
  • lxd/images: Removes old storage loader
  • lxd/migrate/container: Removes old storage loader
  • lxd/migrate/storage/volumes: Removes old storage loader
  • lxd/resources: Removes old storage loader
  • lxd/storage/pools/utils: Removes old storage loader
  • lxd/storage/pools: Removes old storage loader
  • lxd/storage/volumes/snapshot: Removes old storage loader
  • lxd/storage/volumes: Removes old storage loader
  • lxd/storage: Removes old storage loader
  • lxd/instance/drivers/driver/qemu: Removes storage layer transition workaround
  • lxd/container/lxc: Makes Delete pool load logic same as VM type
  • lxd: Storage loader comments
  • lxd/storage: Removes unused functions
  • lxd/storage/drivers/drivers/mock: Adds mock driver
  • lxd/storage: Adds mock driver loading
  • lxd/storage: Additional error checking
  • lxd/storage/zfs: Set volmode=none for VM datasets
  • lxd/logging: Updates log rotate to only remove .log files
  • lxd/db: Rename ContainerListExpanded to instanceListExpanded
  • lxd/db: Make instanceListExpanded account for projects without "features.profiles" enabled
  • Removed Erroneous Space
  • i18n: Update translation templates
  • scripts: Update Project Tab Complete Script
  • lxd/storage/drivers/driver/zfs/volumes: Create block volumes with volmode=none
  • lxd/storage/drivers/driver/zfs/volumes: Use MountTask with CreateVolume
  • lxd/storage/drivers/zfs/volumes: Makes MountVolume and UnmountVolume more thorough in detecting mounts
  • lxd/storage/drivers/driver/lvm/volumes: Always ensure mount path after mount in CreateVolume
  • lxd/storage/drivers/driver/common: Adds moveGPTAltHeader
  • lxd/storage/drivers/driver/lvm/volumes: Adds moveGPTAltHeader usage
  • lxd/storage/drivers/driver/zfs/volumes: Adds moveGPTAltHeader usage
  • lxd/storage/drivers/driver/dir/volumes: Adds moveGPTAltHeader usage
  • lxd/storage/drivers/driver/btrfs/volumes: Adds moveGPTAltHeader usage
  • lxd/storage/drivers/driver/ceph/volumes: Adds moveGPTAltHeader usage
  • lxd/storage/drivers/utils: Separates block file rounding logic into own function
  • lxd/storage/drivers/generic/vfs: Adds genericVFSResizeBlockFile
  • lxd/storage/drivers/driver/btrfs/volumes: ensureVolumeBlockFile usage
  • lxd/storage/drivers/driver/dir/volumes: Adds block resize support to SetVolumeQuota
  • lxd/storage/drivers/driver/btrfs/volumes: Adds block resize support to SetVolumeQuota
  • lxd/storage/drivers/driver/zfs/volumes: Call SetVolumeQuota from CreateVolumeFromCopy
  • lxd/storage/drivers/driver/zfs/volumes: Apply block size changes in SetVolumeQuota
  • lxd/storage/drivers/driver/btrfs/volumes: Calls SetVolumeQuota when creating/updating volumes
  • lxd/storage/drivers: SetVolumeQuota falls back to defaultBlockSize
  • lxd/patches: Updates patches to use new storage driver mount/unmount
  • lxd/patches: Replaces s.StoragePoolCreate with new storage framework
  • lxd/storage: Removes storagePoolInit
  • scripts: Fix syntax errror
  • lxd/main/init: Removes legacy storage drivers from availableStorageDrivers
  • lxd/patches: Updates patchStorageApiPermissions to use new storage drivers
  • lxd/storage: Removes storageCoreInit function
  • lxd/storage: Removes legacy drivers from storagePoolDriversCacheUpdate
  • lxd/db: Start-up check ignores pending nodes with out-of-date schema
  • lxd/patches: Removes old storage layer from upgradeFromStorageTypeLvm
  • lxd/container/lxc: Removes some calls to the old storage layer
  • lxd/migrate/container: Removes calls to old storage layer
  • lxd/migrate/storage/volumes: Removes calls to old storage layer
  • lxd/patches: Switches upgradeFromStorageTypeLvm to use new storage layer
  • lxd/storage/migration: Removes unused functions
  • lxd/instance: Extract LoadInstanceDatabaseObject from fetchInstanceDatabaseObject
  • lxd/project: Add initial CheckLimitsUponInstanceCreation
  • lxd/project: Check that the project's "limits.memory" is honored when creating an instance
  • lxd/project: Add CheckLimitsUponInstanceUpdate
  • lxd/project: Add initial ValidateLimitsUponProjectUpdate
  • lxd/project: Validate changes to the project's "limits.memory" value
  • lxd/project: Add CheckLimitsUponProfileUpdate
  • lxd/project: Check that the project's "limits.processes" config is honored
  • lxd/project: Don't allow percentage values for limits.memory
  • lxd/project: Skip limit checks if the project has no limits configured
  • lxd/project: Check that the project's "limits.cpu" config is honored
  • api: Use project.Config as etag field, without specifiying individual keys.
  • api: Properly detect which project config keys were specified in a PATCH request
  • api: Add helper logic to detect if a project config key has changed
  • api: Add new "limits.*" project configuration keys
  • api: Plug ValidateLimitsUponProjectUpdate into projectChange
  • api: Plug CheckLimitsUponInstanceCreation into containersPost
  • api: Plug CheckLimitsUponInstanceUpdate into containerPut and containerPatch
  • api: Plug CheckLimitsUponProfileUpdate into profilePut and profilePatch
  • test: Add project limits tests
  • shared/version: Add "projects_limits" API extension
  • doc: Add documentation about projects limits
  • lxd/storage/drovers/driver/lvm/utils: Dont format block volumes with filesystem
  • lxd/storage/zfs: Skip volmode on 0.6
  • lxd/storage: Removes unused files
  • lxd/container: Removes containerCreateEmptySnapshot
  • lxd/container/lxc: Removes legacy storage functions
  • lxd/main/init: Refactors availableStorageDrivers to not use old storage layer
  • lxd/main/init/auto: Removes dep on supportedStoragePoolDrivers
  • lxd/migrate: Removes old storage type reference
  • lxd/migrate/storage/volumes: Removes reference to old storage type
  • lxd/storage: Removes legacy storage interface and unused functions
  • lxd/storage/drivers/load: Adds AllDriverNames
  • lxd/storage/migration: Removes unused functions
  • lxd/storage/pools/config: Removes ref to supportedStoragePoolDrivers
  • lxd/storage/utils: Remove unused functions
  • lxd/storage/volumes/utils: Removes unused function
  • lxd/storage: Removes unused files
  • lxd/main/test: Removes legacy mock storage references
  • lxd/migrate: Removes unused struct
  • lxd/storage: Removes unused functions
  • lxc/containers: Fix cgns-less fallback
  • lxd/storage/drivers/driver/ceph/volume: Don't format block volumes with a filesystem
  • lxd/storage/drivers: Don't use named temporary dirs
  • lxd/instance/drivers/driver/lxc: Removes temporary lxc placeholder
  • lxd/container/lxc: Moves to instance/drivers package
  • lxd/container/lxc/exec/cmd: Moves to instance/drivers package
  • lxd/api/internal: instance.Container usage
  • lxd/container: instance.CriuMigrationArgs, inst.Migrate() and instance.Container usage
  • lxd/container/console: instance.Container usage
  • lxd/container/exec: instance.Container usage
  • lxd/container/lxc/utils: Removes idmapsetFromString
  • lxd/container/test: instance.Container usage
  • lxd/devices: inst.RegisterDevices usage
  • lxd/devlxd: Removes devlxdEventSend
  • lxd/devlxd: instance.Container usage
  • lxd/instance/drivers/driver/lxc: Renames containerLXC to lxc
  • lxd/instance/drivers/driver/lxc: Removes temporary loader placeholders
  • lxd/instance/drivers/driver/lxc: Renames lxc to liblxc
  • lxd/instance/drivers/driver/lxc: db.StoragePoolVolumeTypeContainer usage
  • lxd/instance/drivers/driver/lxc: Adds devLxdSendEvent
  • lxd/instance/drivers/driver/lxc: Updates use of instance.CriuMigrationArgs
  • lxd/instance/drivers/driver/lxc: Adds RegisterDevices function
  • lxd/instance/drivers/driver/lxc: Moves storage util functions and updates usage
  • lxd/instance/drivers/driver/lxc: Adds SaveConfigFile function
  • lxd/instance/drivers/driver/lxc/cmd: Renames ContainerLXCCmd to lxcCmd
  • lxd/instance/drivers/driver/qemu: Adds RegisterDevices as a no-op
  • lxd/instance/instance/interface: Adds RegisterDevices
  • lxd/instance/drivers/load: LXC loader functions renamed
  • lxd/migrate/container: instance.CriuMigrationArgs and instance.Container usage
  • lxd/patches: Updates patchContainerConfigRegen to use LXC.SaveConfigFile()
  • lxd/patches: BTRFS storage functions usage
  • lxd/patches/utils: storageDrivers.BTRFSSubVolumesGet and removes unused functions
  • lxd/storage: instance.Container usage
  • lxd/storage: storageDrivers util functions usage
  • lxd/storage/drivers/utils: Adds util functions moved from main pkg
  • lxd/apparmor/apparmor: Removes dependency on c.DaemonState()
  • lxd/container/snapshot: Removes dependency on sc.DaemonState()
  • lxd/instance/drivers/driver/test/utils: Adds PrepareEqualTest function
  • lxd/container/test: instanceDrivers.PrepareEqualTest usage to fix crash
  • lxd/instance/drivers/driver/lxc: golint fixes
  • lxd/instance/drivers/driver/lxc: Removes DaemonState function
  • lxd/instance/drivers/driver/qemu: Removes DaemonState function
  • lxd/instance/instance/interface: Removes DaemonState function
  • lxd/instance/instance/interface: Adds SaveConfigFile
  • lxd/migrate/container: Removes s.instance.DaemonState dependency
  • lxd/profiles/utils: Removes use of containerLXC type
  • lxd/seccomp/seccomp: Removes c.DaemonState dependency
  • lxd/storage/drivers/utils: golint fixes
  • lxd/instance/instance/interface: Adds Container interface
  • lxd/instance/instance/interface: Adds CriuMigrationArgs type
  • lxd/backup/backup: Comment clarifying existence of Instance interface
  • lxd/seccomp/seccomp: Comment clarifying existence of Instance interface
  • lxd/daemon: Moves shared mount state to use daemon.SharedMountsSetup var
  • lxd/instance/drivers/driver/lxc: Updates to use daemon.SharedMountsSetup var
  • lxd/instance/instance/interface: Adds Migrate function
  • lxd/instance/drivers/qemu: Adds Migrate placeholder function
  • lxd: Ensure gopkg.in/lxc/go-lxc.v2 is consistently imported as liblxc
  • lxd/instanc/instance/errors: Adds ErrNotImplemented error
  • lxd/instance/drivers/driver/qemu: instance.ErrNotImplemented usage
  • lxd/instance/drivers/driver/qemu: Adds SaveConfigFile placeholder
  • lxd/instance/instance/interface: Adds OnHook function to interface and adds hook constants
  • lxd/instance/drivers/driver/lxc: Implements OnHook function
  • lxd/instance/drivers/driver/qemu: Implements OnHook placeholder function
  • lxd/api/internal: Updates hook usage to OnHook
  • shared/idmap/idmapset/linux: Adds JSONUnmarshal function
  • lxd/storage: idmap.JSONUnmarshal usage
  • lxd/daemon: Import instance/drivers package so init() function runs
  • lxd/vm: Generate the template files
  • lxd-agent: Put templates in place
  • doc: Typo and formatting improvements
  • shared/idmap: Adds JSONMarshal function
  • lxd/device/disk: Replaces call to StorageVolumeMount with functions on disk device
  • lxd/storage: Removes storageVolumeMount and storagePoolVolumeAttachPrepare
  • lxd/storage/utils: Adds VolumeUsedByInstancesGet
  • lxd/storage/volumes/utils: storagePools.VolumeUsedByInstancesGet usage
  • lxd/storage: Removes unused functions
  • lxd/device: Removes usage of StorageRootFSApplyQuota, StorageVolumeMount and StorageVolumeUmount
  • lxd: Removes old storagePoolVolumeType constants
  • lxd: Removes storagePoolVolumeType constants
  • lxd/container/lxc/utils: Removes unused file
  • lxd/instance: Removes CGroupGet as is unused
  • seccomp: handle hugetlbfs mount syscall interception
  • lxd/device/disk: Validation error message quoting consistency
  • Promote nodes if for whatever reason the n of voters drop below 3
  • api: add container_syscall_intercept_hugetlbfs
  • cgroup: add support for the hugetlb controller
  • containers: add support for hugepage limits
  • api: add limits_hugepages api extension
  • doc: add limits.hugepages.* keys
  • lxd/vm: Set gic-version on arm64
  • lxd/device/disk: Adds support for adding directory source for VM 9p sharing
  • lxd/device/disk: Adds support for disk 9p directory share
  • lxd/instance/instance/type: Adds VMAgentMount type
  • lxd/instance/drivers/driver/qemu: Removes unused architecture var
  • lxd/instance/drivers/driver/qemu: Adds support for passing through unix socket FD to qemu
  • lxd/instance/drivers/driver/qemu: Adds openUnixSocket function
  • lxd/instance/drivers/driver/qemu: Adds addFileDescriptor function
  • lxd/instance/drivers/driver/qemu: Adds addDriveDirConfig function
  • lxd/instance/drivers/driver/qemu/templates: Adds 9p directory disk device template
  • lxd-agent/main/agent: Adds support for mounting 9p shares
  • lxd/instance/drivers/driver/qemu: Tweaks template whitespace removal to leave newline between sections
  • lxd/project/project: Renames Prefix() to Instance()
  • lxd: project.Instance() usage
  • lxd/project/project/test: Updates for project.Instance rename
  • lxd/instance/drivers: Add trans=virtio to 9p mount
  • Missing bootstrap error check
  • lxd-agent: Load vhost module
  • lxd/storage/zfs: Fix default VM size
  • lxd/vm: Tweak to mount field names
  • lxd-agent: Create mount path if missing
  • doc: Tweak markdown format for itemization
  • lxd/storage/ceph: Implement GetVolumeUsage
  • lxd/device/disk: Adds mountPoolVolume function
  • lxd/device/disk: Error message quoting
  • lxd/device/disk: Adds pool volume support for VMs
  • lxd/device/disk: Switches createDevice to use d.mountPoolVolume for containers
  • lxd/device/disk: Renames storagePoolVolumeAttachPrepare to storagePoolVolumeAttachShift
  • lxd/device/disk: Ensures custom pool volumes are unmounted on VM device stop
  • unix-hotplug: fix device removal and zero padding
  • i18n: Update translations from weblate

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

Binary builds are also available for:

  • Linux: snap install lxd
  • MacOS: brew install lxc
  • Windows: choco install lxc

LXD 3.21 has been released

13th of February 2020

Introduction

The LXD team is very excited to announce the release of LXD 3.21!

This was another shorter two weeks development cycle for us, full of storage, VM and network bugfixes and refactoring.

On the feature side of things, we have a new easier way to attach network interfaces, clustering database configurations and a variety of virtual machine improvements.

Enjoy!

Highlights

New way to attach to LXD managed networks

When using a bridge network that's directly managed by LXD (see lxc network list), you can now attach instances to it directly by using:

eth0:
    type: nic
    network: lxdbr0
    name: eth0

Or lxc config device add c1 eth0 nic network=lxdbr0 name=eth0

No need to set nictype: bridged or the parent: lxdbr0 property. Instead just set network to the name of the LXD network and you're done.

In this mode, the bridge MTU is automatically inherited by the network interface, IPv4/IPv6 addresses are validated against the network's configured subnets and the MAAS IPv4 and IPv6 subnets can now be configured through the network rather than the individual interfaces.

Ceph ported to new storage driver infrastructure

The Ceph storage driver is the latest and last storage driver to be ported to the new storage infrastructure. This should be an invisible change to users, but we would recommend users of Ceph on LXD try upgrading non-critical systems to 3.21 first and promptly report any issue related to storage.

With this last driver ported, we can now begin the work of removing all the old storage infrastructure from the LXD codebase, which should make things significantly easier to maintain going forward.

Clustering: Configurable number of active and standby database members

Two new configuration options have been added for clusters.

  • cluster.max_voters configures the expected number of active database cluster members (voting)
  • cluster.max_standby configures the expected number of standby database cluster members (non-voting)

The default configuration is for 3 voting members and 2 standby members. When a voting member goes down, a standby immediately gets promoted to voting and a spare idle member may then get promoted to standby.

Increasing the number of voting members will slow down the database performance as more members will need to agree on a change. Increasing the number of standby members will not affect database performance but will increase network load as more members will need to get the database binary stream.

Only the largest of clusters where loosing 2 or 3 members almost immediately is a possibility should consider increasing those default values.

VM: CPU pinning and topology

The limits.cpu key can now be set to specific CPU IDs just as is supported for containers. An example would be limits.cpu: 0,2 or limits.cpu: 0-3.

On top of pinning the VM's virtual CPUs to those listed physical CPUs (or threads), LXD also attempts to match up the CPU topology of the VM.

In the example above, limits.cpu: 0,2, on a dual-core Intel system with hyper-threading, this refers to the first core and its hyper-thread. The resulting virtual machine will therefore be configured with a single socket, single core, hyper-threaded CPU and have both threads be pinned to match the physical hardware.

The same logic supports, multi-socket, multi-core systems with or without hyperthreading. So long as the CPUs listed in limits.cpu correspond to a realistic hardware configuration (same number of cores coming from each socket, same number of threads on all cores, ...), then LXD will make the VM configuration match and will ensure that the pinning is done to match too.

If the requested configuration isn't correct (doesn't line up with hardware), LXD will fallback to providing a single socket, multi-core VM without hyperthreading, treating each of the list CPU IDs as a core. This obviously isn't ideal and a warning will be logged to the LXD log when this happens.

VM: Network and storage optimizations

For improved network performance, LXD now uses vhost_net for its network devices.

On the storage front, discard is now enabled on our virtio-scsi drives, allowing for blocks to be discarded, shrinking the underlying file storage or allowing backing drives to better manage their blocks.

VM: Agent-less reporting of IPv6 addresses

Up until now, virtual-machine IP addresses were retrieved only from LXD's DHCP server. This works quite reliably for IPv4, but most IPv6 deployments use SLAAC which doesn't come with a DHCPv6 lease and so wouldn't be reported by LXD.

One way around this was to rely on the LXD agent as when it's running inside the VM, it will be used to retrieve the network information for the virtual machine.

But for cases where that's not possible, LXD now also looks at the IPv6 neighborhood records for any matching IPv6 addresses.

stgraber@castiana:~$ lxc list win10
+-------+---------+----------------------+----------------------------------------------+-----------------+-----------+
| NAME  |  STATE  |         IPV4         |                     IPV6                     |      TYPE       | SNAPSHOTS |
+-------+---------+----------------------+----------------------------------------------+-----------------+-----------+
| win10 | RUNNING | 10.166.11.118 (eth0) | 2001:470:b368:4242:9dff:908:98a9:c0c3 (eth0) | VIRTUAL-MACHINE | 0         |
+-------+---------+----------------------+----------------------------------------------+-----------------+-----------+

Complete changelog

Here is a complete list of all changes in this release:

  • lxd/migrate/container: Fixes migrate refresh final sync snapshot bug
  • lxd/migration/migration/volumes: Comment on Data property of VolumeSourceArgs
  • lxd/storage/drivers/driver/zfs/volumes: Explain use of volSrcArgs.Data for migration
  • lxd/instance/drivers/load: Pass copy of device config to device.Validate
  • lxd/device/nic/bridged: Updates use of network pkg functions
  • lxd/device/nic/bridged: Uses network.LoadByName to access n.HasDHCPvX() helpers
  • lxd/device: networkRandomDevName usage
  • lxd/network/network/load: Adds LoadByName function
  • lxd/network: Adds network type in network pkg
  • lxd/network/network/utils: Moves network utils from main pkg
  • lxd/instance/instance/utils: Removes NetworkUpdateStatic function link
  • lxd/instance/instance/utils: Adds more instance load functions
  • lxd/container: Removes instance load functions moved to instance pkg
  • container/lxc: network.UpdateDNSMasqStatic usage
  • lxd: instance.LoadNodeAll usage
  • lxd: instance.LoadByProject usage
  • lxd: instance.LoadByProjectAndName usage
  • lxd/device/device/utils/network: Updates network package usage
  • lxd/device/device/utils/network: Unexports some non-shared functions
  • lxd/network/utils: Removes network utils functions used by network type
  • lxd/networks/config: Removes networkFillAuto function
  • lxd/networks: Removes network type and networkLoadByName function
  • lxd/device: networkCreateVlanDeviceIfNeeded and networkRandomDevName usage
  • lxd: network package usage
  • test: static analysis of network pkg
  • lxd/instance/drivers/driver/qemu: network.GetLeaseAddresses usage
  • lxd/instance/instance/utils: Removes linked function NetworkGetLeaseAddresses var
  • lxd/network/network/utils: Adds GetMACSlice and GetLeaseAddresses functions
  • lxd/networks: Removes networkGetLeaseAddresses functions
  • lxd/networks/utils: Removes networkGetMacSlice function
  • lxd/instances: Fix URLs to use /1.0/instances
  • seccomp: make device number checking more robust
  • Define MS_LAZYTIME for compatibility with old glibc
  • lxd/vm: Use vhost_net
  • lxd/vm: Enable block discard
  • shared/archive: Fix out of space logic
  • lxd/vm: Set Documentation in systemd units
  • lxd/vm: Silence writeback warning for config drive
  • lxd/device/nic/bridged: Load br_netfilter kernel module when using IPv6 filtering
  • lxd/networks/configs: Adds maas.subnet.ipv{4,6} to allowed network keys
  • lxd: Device name quoting in device errors
  • lxd/device/nic: Adds network as valid nic property
  • lxd/networks: Uses HasDHCPv6 function and updates comment
  • lxd/network: Adds DHCP range parsing functions
  • lxd/device/nic/bridged: Updates to use network type DHCP ranges functions and types
  • lxd/device/nic/bridged: Adds support for network property
  • doc: Adds API extension for instance_nic_network
  • shared/version/api: Adds API extension for instance_nic_network
  • test/suites/container/devices/nic/bridged: Adds network property tests
  • doc: Adds network property to instance NIC bridged device
  • lxd/storage/zfs: Fix argument ordering
  • unix hotplug: skip devices without associated devpath or major/minor
  • lxd: Switches to simpler conn.WriteMessage function
  • lxd/storage/drivers: Add MountedRoot to Info
  • lxd/storage: Honor MountedRoot in pool actions
  • lxd/networks: Consider IPv6 neighborhood entries
  • lxd: Uses gorilla WriteJSON where possible
  • lxd/storage/drivers: Set MountedRoot option
  • lxd/main_checkfeature: add explicit _exit() even if it's not needed
  • lxd/main_checkfeature: s/exit()/_exit()/g
  • cgo: export wait_for_pid() helper
  • lxd/main_checkfeature: close listener
  • lxd/main_checkfeature: don't depend on kcmp header
  • lxd/device: Async CEPH unmap
  • lxd/storage/drivers/driver/lvm: Uses d.thinpoolName() rather than d.config["lvm.thinpool_name"]
  • lxd/patches: setupStorageDriver usage
  • lxd/storage: Renames SetupStorageDriver to setupStorageDriver for consistency
  • lxd/storage/drivers/driver/zfs: Adds zfs kernel module load fail detection
  • lxd/daemon: setupStorageDriver usage
  • lxd/daemon: Comment consistency
  • lxd/storage/drivers/driver/lvm: Makes lvm.vg_name required for mounting
  • lxd/db/cluster/update: Adds updateFromV23 for ensuring lvm.vg_name key is set
  • lxd/db/cluster/update: Superfluous trailing whitespace
  • lxd/db/cluster/schema: v24 update
  • lxd/device/config/devices: Adds NICType function on Device type
  • lxd: Device.NICType usage
  • lxd/device/nic/bridged: Bans use of nictype when using network property
  • test: Updates nic bridged tests for NICType logic
  • lxd/network/network/utils: Fix network in use detection
  • lxd-agent/exec: Logs signal forwarding as info rather than error
  • lxd/container/exec: Only log finished mirror websocket when go routine exits
  • lxd/instance/drivers/driver/qemu: Fix go routine leak and hanging lxc clients
  • shared: Upper case first character of some debug messages
  • lxd/device/nic/bridged: Switches to dnsmasq.DHCPAllocatedIPs()
  • lxd/device/nic/bridged: Switches to dnsmasq.DHCPStaticIPs()
  • test/suites/container/devices/nic/bridged: Adds test to detect leaked filters
  • lxd/device/nic/bridged: Fixes bug that leaks ebtables filters
  • lxd/project: Adds InstanceParts() function for separating project prefixed Instance name
  • lxd/storage/load: Updates volIDFuncMake to use project.InstanceParts()
  • lxd/util: Fix IP/host tests on other distros
  • lxd/storage/drivers: Add Ceph driver
  • lxd: Use new storage code for Ceph clustering
  • Unlock when isLeader failure
  • lxd/storage/ceph: Function ordering and comments
  • lxd/storage/ceph: Properly handle os.Remove
  • lxd/storage/ceph: Comment consistency
  • lxd/storage/ceph: Set DirectIO
  • lxd/storage/ceph: Unwrap if statement
  • lxd/storage/ceph: Unwrap function signatures
  • lxd/storage/ceph: Rework MountVolume
  • lxd/patches: Re-run VM path creation
  • tests: Add ceph to list of new drivers
  • lxd/firewall: Moves iptables/xtables implementation into firewall/drivers package
  • Consider the default port when checking address overlap
  • lxd/firewall: Updates interface and loader for new pkg
  • lxd: firewall/drivers pkg usage
  • lxd/device/config/device/proxyaddress: Moves ProxyAddress type
  • lxd/main/forkproxy: Updates use of ProxyAddress type
  • lxd/device/proxy: Switches to use firewall.InstanceSetupProxyNAT()
  • lxd/firewall/firewall/interface: Reworks firewall interface
  • Re-disable clustering upgrade test
  • lxd: Fix error message when deleting storage pools
  • lxd/firewall/drivers/drivers/xtables: Implements xtables driver
  • lxd/network/network/utils: Adds UsesIPv4Firewall and UsesIPv6Firewall functions
  • lxd/device/nic/bridged: Switches to firewall.InstanceSetupBridgeFilter and InstanceClearBridgeFilter
  • lxd/network/network: firewall.NetworkSetupForwardingPolicy usage
  • lxd/network: firewall.NetworkSetupOutboundNAT usage
  • lxd/network: Updates firewall DHCP/DNS function usage
  • lxd/firewall/drivers/consts: Removes unused constants
  • lxd/network: Updates to use firewall helper functions
  • lxd/dnsmasq: Makes DHCPStaticIPs project aware
  • lxd/device/nic/bridged: dnsmasq.DHCPStaticIPs project usage
  • lxd/network/network/utils: dnsmasq.DHCPStaticIPs project usage
  • test: Removes old iptables package from static analysis
  • test: Fixes iptables rule leak in clustering test
  • shared: Add HostPathFollow
  • lxc/file: Follow symlinks on individual file transfers
  • lxd/container: Protect file push/pull from shift
  • Add cluster.n_voters and cluster.n_standby configuration keys
  • Load configuration keys when checking for n of voters/stand-by
  • doc/clustering.md: describe usage of clustering size config keys
  • Drive-by: fix check for degraded cluster
  • doc/server.md: add cluster.max_voters/max_standby
  • api: Add clustering_sizing extension
  • Revert "lxd/instance/drivers/driver/qemu: Fix go routine leak and hanging lxc clients"
  • lxd/instance: Move ParseCpuset
  • lxd/vm/qmp: Allow retrieving vCPU pids
  • lxd/vm: Implement CPU pinning
  • shared: get_poll_revents(): handle EAGAIN in addition to EINTR
  • lxc: send SIGTERM when there's no controlling terminal
  • shared: Add Uint64InSlice
  • lxd/vm: Template sockets/cores/threads config
  • lxd/vm: Attempt to line up CPU topology
  • lxd init: Don't allow empty strings for the cluster host name
  • node/config.go: Don't allow wild card addresses for cluster.https_address
  • idmap:acl: don't add but update the acls
  • shared/util: Tweak HostPathFollow to use readlink
  • lxc/file: Expand complex symlink chains
  • i18n: Update translations from weblate

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

Binary builds are also available for:

  • Linux: snap install lxd
  • MacOS: brew install lxc
  • Windows: choco install lxc

LXD 3.20 has been released

30th of January 2020

Introduction

The LXD team is very excited to announce the release of LXD 3.20!

We purposefully accelerated our normal monthly release cycle to just two weeks as a way to quickly integrate the many enhancements and bugfixes that followed the release of LXD 3.19. We intend to keep up this pace until the release of LXD 4.0 at which point we'll resume the monthly cadence.

This release includes 3 features/improvements contributed by students at the University of Texas in Austin:

  • Server side support of API collections
  • New unix-hotplug device type
  • Reworked background process management

On top of integrating those, we've also been focusing on filling in some of the current gaps in our VM story, fixing many bugs since 3.19 came out and now completing its network interface handling, adding support for ppc64le and support for boot device ordering.

Enjoy!

Highlights

Server side support of API collections

As our users are dealing with increasingly larger sets of instances and images, filtering all those records on the client side can become quite expensive. With this release, we're now adding the infrastructure and initial implementation of server side filtering.

This looks like:

stgraber@castiana:~/data/code/lxc/lxd (lxc/master)$ lxc query '/1.0/instances?filter=config.image.os%20eq%20ubuntu'
[
    "/1.0/instances/snapcraft",
    "/1.0/instances/ups-monitor",
    "/1.0/instances/v1",
    "/1.0/instances/maas01",
    "/1.0/instances/steam",
    "/1.0/instances/lxd-build"
]

This is using config.image.os eq ubuntu as a filter using URL encoding. More details on the filtering options can be found here.

New unix-hotplug device type

This device type is a bit of a cross between usb and unix-char and unix-block.

It allows specifying a specific vendorid/productid and have any resulting unix-char/unix-block devices be automatically passed to the container.

An example with a USB drive:

stgraber@castiana:~$ lxc config device add c1 kingston unix-hotplug vendorid=0951 productid=1666
Device kingston added to c1

stgraber@castiana:~$ lxc exec c1 bash
root@c1:~# ls -lh /dev/
total 0
crw--w---- 1 root   tty     136,   0 Jan 30 23:00 console
lrwxrwxrwx 1 root   root          11 Jan 30 22:59 core -> /proc/kcore
lrwxrwxrwx 1 root   root          13 Jan 30 22:59 fd -> /proc/self/fd
crw-rw-rw- 1 nobody nogroup   1,   7 Jan 13 03:59 full
crw-rw-rw- 1 nobody nogroup  10, 229 Jan 30 22:59 fuse
lrwxrwxrwx 1 root   root          25 Jan 30 22:59 initctl -> /run/systemd/initctl/fifo
lrwxrwxrwx 1 root   root          28 Jan 30 22:59 log -> /run/systemd/journal/dev-log
drwxr-xr-x 2 nobody nogroup       60 Jan 30 22:46 lxd
drwxrwxrwt 2 nobody nogroup       40 Jan 13 03:59 mqueue
drwxr-xr-x 2 root   root          60 Jan 30 22:59 net
crw-rw-rw- 1 nobody nogroup   1,   3 Jan 13 03:59 null
crw-rw-rw- 1 root   root      5,   2 Jan 30 22:59 ptmx
drwxr-xr-x 2 root   root           0 Jan 30 22:59 pts
crw-rw-rw- 1 nobody nogroup   1,   8 Jan 13 03:59 random
drwxrwxrwt 2 root   root          40 Jan 30 22:59 shm
lrwxrwxrwx 1 root   root          15 Jan 30 22:59 stderr -> /proc/self/fd/2
lrwxrwxrwx 1 root   root          15 Jan 30 22:59 stdin -> /proc/self/fd/0
lrwxrwxrwx 1 root   root          15 Jan 30 22:59 stdout -> /proc/self/fd/1
crw-rw-rw- 1 nobody nogroup   5,   0 Jan 30 21:23 tty
crw-rw-rw- 1 nobody nogroup   1,   9 Jan 13 03:59 urandom
crw-rw-rw- 1 nobody nogroup   1,   5 Jan 13 03:59 zero

root@c1:~# ls -lh /dev/
total 1.0K
drwxr-xr-x 3 root   root          60 Jan 30 23:01 bus
crw--w---- 1 root   tty     136,   0 Jan 30 23:00 console
lrwxrwxrwx 1 root   root          11 Jan 30 22:59 core -> /proc/kcore
lrwxrwxrwx 1 root   root          13 Jan 30 22:59 fd -> /proc/self/fd
crw-rw-rw- 1 nobody nogroup   1,   7 Jan 13 03:59 full
crw-rw-rw- 1 nobody nogroup  10, 229 Jan 30 22:59 fuse
lrwxrwxrwx 1 root   root          25 Jan 30 22:59 initctl -> /run/systemd/initctl/fifo
lrwxrwxrwx 1 root   root          28 Jan 30 22:59 log -> /run/systemd/journal/dev-log
drwxr-xr-x 2 nobody nogroup       60 Jan 30 22:46 lxd
drwxrwxrwt 2 nobody nogroup       40 Jan 13 03:59 mqueue
drwxr-xr-x 2 root   root          60 Jan 30 22:59 net
crw-rw-rw- 1 nobody nogroup   1,   3 Jan 13 03:59 null
crw-rw-rw- 1 root   root      5,   2 Jan 30 22:59 ptmx
drwxr-xr-x 2 root   root           0 Jan 30 22:59 pts
crw-rw-rw- 1 nobody nogroup   1,   8 Jan 13 03:59 random
brw-rw---- 1 root   root      8,   0 Jan 30 23:01 sda
brw-rw---- 1 root   root      8,   1 Jan 30 23:01 sda1
drwxrwxrwt 2 root   root          40 Jan 30 22:59 shm
lrwxrwxrwx 1 root   root          15 Jan 30 22:59 stderr -> /proc/self/fd/2
lrwxrwxrwx 1 root   root          15 Jan 30 22:59 stdin -> /proc/self/fd/0
lrwxrwxrwx 1 root   root          15 Jan 30 22:59 stdout -> /proc/self/fd/1
crw-rw-rw- 1 nobody nogroup   5,   0 Jan 30 21:23 tty
crw-rw-rw- 1 nobody nogroup   1,   9 Jan 13 03:59 urandom
crw-rw-rw- 1 nobody nogroup   1,   5 Jan 13 03:59 zero
root@c1:~# exit

Above you'll notice sda and sda1 showing up when I plug my USB key.

And with a yubikey:

stgraber@castiana:~$ lxc config device add c1 yubikey unix-hotplug vendorid=1050
Device yubikey added to c1

stgraber@castiana:~$ lxc exec c1 bash
root@c1:~# ykman info
Device type: YubiKey 5C
Serial number: 11576019
Firmware version: 5.2.4
Form factor: Keychain (USB-C)
Enabled USB interfaces: FIDO+CCID

Applications
OTP         Disabled    
FIDO U2F    Enabled     
OpenPGP     Enabled     
PIV         Enabled     
OATH        Disabled    
FIDO2       Enabled     
root@c1:~#

Support for standby cluster members

The dqlite-based cluster database logic was extended to make use of newly supported standby and idle roles in dqlite.

With this change in place, all cluster members will now be integrated with dqlite, they will then each hold one of the following three roles:

  • voting member
  • standby member
  • idle member

The configuration is for 3 voting members, followed by 2 standby members with the rest of the members being idle. In the event of a loss of a voting member, after a short timeout a non-voting member will get auto-promoted to voting. Idle members will be promoted to non-voting as needed to keep the set number of voting and standby members.

The end result is a much more resilient LXD cluster which will better handle cluster members going offline for maintenance or power failure.

VM: Extended NIC support

With this release, nic devices for virtual machines now support:

  • macvlan (using macvtap)
  • sriov
  • physical
  • p2p

Both SR-IOV and physical NIC passthrough rely on PCI passthrough to the virtual machines. This requires a properly configured IOMMU setup as well as adequate PCI setup.

VM: boot priority

A new boot.priority option is now present on all disk and nic type devices for use with virtual machines. The higher the priority, the more likely the VM is to boot from the device.

This is of particular use when one wants a VM to always boot from the network rather than use the default behavior of booting from its root disk.

VM: ppc64le host support

Initial support for ppc64le hosts has been added. This behaves in much the same way as x86_64 and aarch64 except for the fact that a regular PCI bus is used rather than PCIe and the firmware is SLOF rather than UEFI.

Complete changelog

Here is a complete list of all changes in this release:

  • Fix typo
  • Add role column to raft_nodes table
  • Make db.RaftNode an alias for dqlite.NodeInfo, which has a Role field
  • lxd/cluster: rename raft.go to info.go
  • Drop legacy newRaft() function, leftover from the hashicorp/raft time
  • Replace raftAddressProvider intefrace with a simple raftAddress() method
  • Gateway.currentRaftNodes(): return only voting nodes
  • Use the ID from the cluster nodes table as raft ID
  • Make RaftNodesReplace() skip non-voters
  • Include role when exchanging nodes in join/rebalance internal APIs
  • Always join the dqlite cluster, possibly as non-voter
  • Attempt to probe to a member which is considered offline
  • Connect to the target node before spanwing the image replication goroutine
  • Only contact voter nodes when searching for the cluster leader
  • Configure the dqlite client store to only connect to voter nodes
  • Load the role column of raft_nodes in db.RaftNodes()
  • Store the role of a node in RaftNodesReplace
  • Only start the dqlite engine for voter nodes
  • Include role information in heartbeat messages
  • Return also non-voter nodes in currentRaftNodes
  • Fix ineffective heartbeat upon join
  • Drop unused target variable in Join/Promote/Leave cluster functions
  • Start the dqlite engine also on non-voter nodes
  • Add cluster.Handover which finds a node eligible to become voter
  • Extract logic to POST a promote request into a new changeMemberRole() function
  • Attempt to transfer leadership to another member when shutting down
  • Add /internal/cluster/handover endpoint to transfer voter role
  • Add handoverMemberRole() helper to transfer the responsibilities of a member
  • Update gateway's identify info upon role change
  • Rename cluster.Promote to cluster.Assign
  • Rename /internal/cluster/promote to /internal/cluster/assign
  • Remove database role when demoting
  • When a voter is shutdown, handover the role to another member
  • Assign up to 2 StandBy roles beyond the initial 3 voters
  • Return only voter nodes in cluster.ListDatabaseNodes()
  • When leaving, use currentRaftNodes() instead of querying the raft_nodes table
  • Redirect member delete requests to the leader
  • Serialize membership-related requests on the leader
  • Drop clusterRebalance helper, since it is used only once
  • Drop ineffective post-join heartbeat
  • Add rebalanceMemberRoles() helper and use it in the delete member API handler
  • Drop unused tryClusterRebalance()
  • Test shutting down two members concurrently
  • Close dqlite clients after use
  • Automatically demote offline nodes when running cluster.Rebalance
  • Automatically promote spare nodes if a voter goes offline
  • Assign roles to members not part of the raft configuration
  • Export MaxVoters and MaxStandBys
  • Trigger rebalance also if there are not enough voters or standbys
  • Downgrade rebalance error to warning, it should not block node removal
  • lxd/container: Improves error messages in instanceValidDevices
  • lxd/container: instance.ValidDevices usage
  • lxd/container/lxc: instance.ValidDevices usage
  • lxd/device/config/devices: Improves error messages
  • lxd/device/disk: Adds support for VM disk devices
  • lxd/instance/instance/interface: Comment ending consistency
  • lxd/instance/qemu/vm/qemu: Fixes driver index loop bug
  • lxd/instance/instance/utils: Introduces constant to indicate profile validation in instance name
  • lxd/profiles: Switches to use instance.ProfileValidationName during profile validation
  • lxd/device/disk: Updates Stop device to understand VM disks
  • Make cluster.Rebalance fail immediately if not leader
  • Export cluster.ErrNotLeader
  • Silence warning about failing to rebalance when not leader
  • lxd/storage/drivers/driver/common: Removes generic vfs functions as not common to all driver types
  • Re-enable clustering upgrade test
  • lxd/storage/drivers/generic/vfs: Moves generic VFS drivers into standalone file
  • lxd/storage/drivers: Updates usage of generic VFS functions
  • Add upgrade test for an 8-member cluster
  • Make upgrade notifications more robust
  • Wait for leadership to settle before running lxc cluster list
  • lxd/instance: Moves vm qemu pkg into instance/drivers pkg
  • lxd/instance/drivers/container/lxc: Adds placeholder for future lxc implementation
  • lxd/instance/drivers/load: Adds instance load functions
  • lxd/container: Removes unused functions
  • lxd/db/containers: Renames ContainerToArgs to InstanceToArgs
  • lxd/container: db.InstanceToArgs usage
  • lxd/profiles/utils: db.InstanceToArgs usage
  • lxd/profiles/utils: Updates use of containerLXCInstantiate
  • lxd/container/lxc: Push containerLXC load functions into instance/drivers package
  • lxd/container/lxc: containerLXCInstantiate usage
  • lxd/container/lxc: Makes containerLXCInstantiate compatiable with generic instance load functions
  • lxd/containers: instance.Load usage
  • lxd/containers/post: instance.Load usage
  • lxd/instance/drivers/vm/qemu: Unexport and rename load functions
  • lxd/instance/instance/utils: Load function comments
  • lxd/instance/instance/utils: Adds Create instance function placeholder
  • lxd/instance/instance/utils: db.InstanceToArgs usage
  • lxd/instance/drivers/vm/qemu: Unexports qemu implementation
  • lxd/exec: Pass full req through
  • lxd/exec: Forward control messages
  • lxd/containers: Fix error handling on stop
  • lxd/vm: Fix stop race condition
  • lxd/vm: Add locking for stop and shutdown
  • lxd/vm: Don't crash on vm-initiated reboots
  • lxd/storage: Remove legacy volume.size check
  • lxc/init: Consider image type for instance type
  • i18n: Update translation templates
  • tests: Update volume.size tests
  • lxd/vm: Store qemu log
  • [Makefiles] Whitelist ldflags in libcap pkgconfig
  • lxd/vm: Fix incorrect bootindex
  • lxd/vm: Implement snapshot restore
  • lxd/instance: Move LoadAllInternal
  • lxd/vm: Implement Snapshots
  • lxd/storage/drivers/utils: Updates ensureVolumeBlockFile to use minimum block boundary size of 8192 bytes
  • lxd/storage/drivers/driver/lvm/utils: Avoid repetition of 512 bytes in roundedSizeBytesString
  • doc: Corrects lvm striping options
  • lxd/instance: Renames driver files for consistency
  • lxd/instance: Comment clarification
  • lxd-agent: Fixes bug when agent not seen as started if LXD restarted
  • lxd/device/device/utils/network: Adds host MTU support for VM tap devices
  • lxd/device/nic/bridged: Makes VM host side TAP interface name prefixed with "tap"
  • lxd/instance/drivers/qemu: Switch to template pkg to generate qemu conf
  • doc/api-extensions: Fix syntax
  • api: vm_boot_priority
  • lxd/vm: Add boot.priority
  • lxd/container/logs: Makes log file retrieval project aware
  • lxd/container/lxc: Adds devName skipping for startCommon
  • lxd/device/config/device/runconfig: Adds DevName to MountEntryItem
  • lxd/device/disk: Adds DevName to MountEntryItem
  • lxd/device: Adds devName property to network interface run config
  • lxd/instance/drivers/driver/qemu: Adds support for Disk and NIC device boot.priority setting
  • Use a light TCP/TLS connection attempt instead of a client request
  • lxd/container/exec: Removes duplication of env map now its being stored back into post data
  • Revert "lxd/exec: Forward control messages"
  • lxd/instance/drivers/driver/qemu/cmd: Makes qemu cmd struct qemu specific
  • lxd/instance/drivers/driver/qemu: Simplifies Exec with revert
  • lxd/container/exec: Cleaned up logging
  • lxd/container/exec: Switches to use instance command for resizing window
  • lxd/container/lxc/exec/cmd: Adds WindowResize
  • lxd/instance/instance/exec/cmd: Adds WindowResize function to signature
  • lxd/instance/drivers/driver/qemu: Reworks command control
  • lxd/instance/drivers/driver/qemu/cmd: Adds WindowResize support
  • lxd/instance/drivers/driver/qemu: Sets PID to 0 for VM commands
  • lxd/instance/drivers/driver/qemu: comment on forwardControlCommand
  • lxd/device/nic/p2p: Adds VM support
  • Fix translation of hard-coded address of first node
  • Close http transports since they might keep connections around
  • lxd/daemon: Ignore SIGHUP
  • lxd/instance/drivers/driver/qemu: Switch to unsafe async I/O mode on ZFS pools backed by loop files
  • lxd/storage: Improves pool init failure messages
  • lxd/storage/drivers: Indicates DirectIO support for most storage drivers
  • lxd/storage/drivers/driver/types: Adds DirectIO indicator to driver info struct
  • shared/version/version: Quotes malformed version string in error message
  • lxd/storage/drivers/driver/zfs: Adds DirectIO detection based on version
  • lxd/instance/drivers/driver/qemu: Unmounts volume on start failure if needed
  • lxd/device: Relaxes requirement for name property when not using containers
  • lxd/device/nic/macvlan: Clean up valid fields
  • lxd/device/nic/macvlan: Adds VM support and improves revert
  • lxd/instance/drivers/driver/qemu: Adds macvtap support
  • lxd/instance/drivers/driver/qemu/templates: Moves templates to separate file
  • lxd/instance/drivers/driver/qemu: Updates template usage
  • lxd/storage/drivers/driver/dir: Adds HostPath support
  • storage: Fix xfs_growfs command for older versions
  • shared/simplestreams: Fix architecture filtering
  • lxd/patches: Reset ZFS mountpoint/canmount
  • shared/simplestreams: Fix inconsistent sorting
  • lxd/instances: Don't rquire type on copy
  • lxc/config: Tweak argument processing
  • lxd/vm: Prevent attaching directory as disk
  • lxd/storage/zfs: Ignore bookmarks
  • lxd/storage/btrfs: Skip missing quota
  • doc/instance: Clarifies disk path not available for VMs
  • lxd/instance/drivers/qmp/monitor: Prevent crashes with races closing closed channel
  • lxd/instance/drivers/driver/qemu: Improve clean up on start failure
  • Fix request redirect when removing a cluster member
  • lxd/storage/backend/lxd: Only detect volume.block.filesystem changes on block backed pool FS volumes
  • lxd/migration/migration/volumes: Adds support for pre-bidirectional negotiation targets
  • lxd/container/lxc: Removes VM specific NIC config ignoring
  • lxd/device: Only return devName NIC config item for VMs
  • lxd/device/nic/physical: Improves revert and deletion of created VLAN devices
  • lxd/instance/drivers/driver/qemu/templates: Clarifies qemuNetdevPhysical variables
  • lxd/device/nic/macvlan: Differentiates config parent from actual parent
  • lxd/device/device/utils/network: Adds networkGetDevicePCIDevice function
  • lxd/device/nic/sriov: Updates networkGetVFDevicePCISlot to use networkGetDevicePCIDevice
  • lxd/instance/drivers/driver/qemu: Adds physical NIC passthrough support
  • shared/instance: Updates config key checker to allow ".driver" keys
  • doc/instance: Documents which device types can be used with which instance types
  • lxd/device/device/utils/network: Adds generic PCI device bind/unbind functions
  • lxd/device/device/utils/network: Adds networkVFIOPCIRegister
  • lxd/device/nic/sriov: Switches PCI device bind/unbind to generic functions
  • lxd/device/nic/physical: Adds VM PCI passthrough support
  • lxd/device: Unexports NetworkRemoveInterfaceIfNeeded
  • lxd/instance: Add NetworkUpdateStatic
  • Add maasRename to VM
  • lxd/storage/generic: Don't fail rename on missing path
  • lxd/storage/zfs: Fix block mounts
  • lxd/storage/zfs: Fix renames
  • lxd/vm: Implement Rename
  • lxd/device/nic/sriov: Adds VM support
  • lxd/instance/drivers/driver/qemu: Mount VM config vol before generating NVRAM file
  • lxd/device: Add unix_hotplug device type
  • lxd/device: Add support for listening to unix char and block udev events
  • lxd/storage: Pass config when deleting images
  • lxd/devices: Remove dead xtables code
  • lxd/iptables: Fix matching of IPv6 link-local
  • lxd: Updates usage of migration.MatchTypes
  • lxd/migration/migration/volumes: Updates MatchTypes to return all supported migration types
  • lxd/migration/migration/volumes: Break after first rsync transport features extracted
  • shared/subprocess: Cleanup test script
  • shared/subprocess: Fix Wait, tty and ignore stdin
  • shared/subprocess: Better handle not running
  • lxd/networks: Avoid dnsmasq reload on start
  • lxd: Switch to using the new subprocess module
  • lxd/patches: Convert PID files
  • shared/subprocess: Cleanup tests
  • shared/subprocess: Use channel for Wait
  • lxd/apparmor: Allow ro,remount,noatime,bind
  • lxd/storage/drivers: Pass mountPath to xfs_growfs
  • lxd/container: Removes containerValidName function
  • lxd/container: Switches to instance.ValidName
  • lxd/instance/instance/utils: Adds ValidName function
  • shared/util: Modifies ValidHostname to return specific error
  • shared/instance: InstanceGetParentAndSnapshotName comments
  • lxd/storgage/locking/lock: Fixes concurrent access race to map
  • global: Replace Fatalf by Errorf in tests
  • shared/generate: Fix regression caused by Fatalf fix
  • devices: retrieve vendor and product for hidraw devices
  • lxd/db: Fix for new testify
  • lxd/main: Adds cmdGlobal.rawArgs function
  • lxd: Adds forklimits command
  • lxd/instance/drivers/driver/qemu: Switches to launching qemu via forklimits
  • devices: substract libudev header
  • lxd/db: adds unix-hotplug device type to database
  • lxd/instance/drivers/driver/qemu: Adds qemu binary path lookup
  • lxd/main/forklimits: Switches forklimits to use syscall.Exec
  • shared/cert: Replace default IPs with localhost
  • shared/subprocess: Improve error in test
  • spelling: yaml should be YAML
  • spelling: Busybox should be BusyBox
  • i18n: Update translation templates
  • doc/storage: Update for snap package
  • api: Add extension for new device type unix hotplug
  • doc/instances: added new device type unix hotplug
  • doc: Add libudev-dev dependency
  • lxd/vm: Record architecture name
  • lxd/vm: Cleanup qemu config
  • lxd/vm: Add ppc64el support
  • lxd/device/device/common: Splits device common into own file
  • lxd/device/device: Removes original device.go file
  • lxd/device/device/interface: Splits device interfaces into own file
  • lxd/device/device/load: Separates device load functions into own file
  • lxd/instance/drivers/driver/common: Adds common driver type
  • lxd/instance/instance/interface: Adds ConfigRead interface
  • lxd/instance/drivers/load: Updates validDevices() to use device.Validate function
  • lxd/instance/instance/utils: Removes instanceName from validateDevices function
  • lxd/instance/drivers/driver/qemu: Embeds common type and removes dupe functionality
  • lxd: instance.ValidDevices usage
  • lxd/device/device/utils/instance: Adds instanceSupported function
  • lxd/device: Updates device validateConfig to support instance.ConfigReader argument
  • api: Add api_filtering extension
  • lxd/filter: Add API filtering package
  • lxd/instance: Add instance list filtering functions
  • lxd: Make use of filtering for instances and images
  • doc/rest-api: Document filtering
  • tests: Add tests for API filtering
  • lxd/filter: Workaround gofmt bug
  • lxd/device/disk: Adds a check for mkisofs tool for qemu config drive
  • lxd/device/nic/sriov: Loads vfio-pci module
  • tests: Fix BusyBox spelling for filtering
  • lxd/vm: Fix bad bus name on ppc64el
  • lxd/vm: Don't specify addresses for pci on ppc64
  • i18n: Update translations from weblate

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

Binary builds are also available for:

  • Linux: snap install lxd
  • MacOS: brew install lxc
  • Windows: choco install lxc

LXD 3.19 has been released

16th of January 2020

Introduction

The LXD team is very excited to announce the release of LXD 3.19!

This is a jam packed release, including one huge feature we've been working on for the past few months, virtual machine support! It's now possible to run LXD on a system and manage both containers and virtual machines through the exact same CLI, API or even as part of a cluster deployment!

We also have a lot of other features, user experience improvements and fixes in this release, quite possibly making it our busiest release yet!

Enjoy!

PS: This release took quite a bit longer than our usual one month development cycle. This delay was caused by us wanting to complete the majority of our storage layer re-implementation as well as landing the virtual machine support based on top of it. We expect the next couple of LXD releases to come out on an accelerated cadence ahead of the big LXD 4.0 release in March/April.

Highlights

Virtual machine support

No doubt the main highlight of this release is the initial support for running virtual machines through LXD.

This is exactly what it sounds like. You can now mix and match system containers and virtual machines. Those virtual machines are also created from images, stored on the same storage pools as containers, connected to the same networks and even share configuration through profiles.

Interacting with a running virtual machine can be made almost identical to interacting with a container thanks to the LXD agent which when running inside a virtual machine allows the use of the standard exec, file and info features.

This is early work and we have a lot more pieces yet to be implemented, but as it stands, virtual machines can be created from Ubuntu images (with more distributions to come) or PXE booted.

All virtual machines run UEFI with secure boot enabled and we have support for configuring the number of cores and memory allocation as well as whether to use dedicated hugepages for memory backing. Cloud-init configuration can be exposed to the VM through a config drive or by using the agent if backed into an image.

Here is a basic example of creating an Ubuntu 18.04 VM, installing the agent and querying details and getting a shell inside it:

stgraber@castiana:~$ lxc profile create vm
stgraber@castiana:~$ lxc profile edit vm
stgraber@castiana:~$ lxc profile show vm
config:
  user.user-data: |
    #cloud-config
    ssh_pwauth: yes
    apt_mirror: http://us.archive.ubuntu.com/ubuntu/
    users:
      - name: ubuntu
        passwd: "$6$s.wXDkoGmU5md$d.vxMQSvtcs1I7wUG4SLgUhmarY7BR.5lusJq1D9U9EnHK2LJx18x90ipsg0g3Jcomfp0EoGAZYfgvT22qGFl/"
        lock_passwd: false
        groups: lxd
        shell: /bin/bash
        sudo: ALL=(ALL) NOPASSWD:ALL
description: VM specific configuration
devices:
  config:
    source: cloud-init:config
    type: disk
name: vm
used_by:

stgraber@castiana:~$ lxc launch ubuntu:18.04 v1 --vm --profile default --profile vm
Creating v1
Starting v1

stgraber@castiana:~$ lxc console v1
To detach from the console, press: <ctrl>+a q

Ubuntu 18.04.3 LTS v1 ttyS0

v1 login: ubuntu
Password: 
Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 4.15.0-74-generic x86_64)

ubuntu@v1:~$ sudo -i
root@v1:~# mount -t 9p config /mnt/
root@v1:~# cd /mnt/
root@v1:/mnt# ./install.sh 
Created symlink /etc/systemd/system/multi-user.target.wants/lxd-agent.service → /lib/systemd/system/lxd-agent.service.
Created symlink /etc/systemd/system/multi-user.target.wants/lxd-agent-9p.service → /lib/systemd/system/lxd-agent-9p.service.

LXD agent has been installed, reboot to confirm setup.
To start it now, unmount this filesystem and run: systemctl start lxd-agent-9p lxd-agent
root@v1:/mnt# reboot

stgraber@castiana:~$ lxc info v1
Name: v1
Location: none
Remote: unix://
Architecture: x86_64
Created: 2020/01/17 02:23 UTC
Status: Running
Type: virtual-machine
Profiles: default, vm
Pid: 2490333
Ips:
  enp5s0:   inet    10.166.11.3
  enp5s0:   inet6   2001:470:b368:4242:216:3eff:fed2:cd5
  enp5s0:   inet6   fe80::216:3eff:fed2:cd5
  lo:   inet    127.0.0.1
  lo:   inet6   ::1
Resources:
  Processes: 22
  Disk usage:
    root: 23.51MB
  CPU usage:
    CPU usage (in seconds): 6
  Memory usage:
    Memory (current): 179.20MB
    Memory (peak): 201.19MB
  Network usage:
    enp5s0:
      Bytes received: 1.71kB
      Bytes sent: 1.94kB
      Packets received: 14
      Packets sent: 18
    lo:
      Bytes received: 6.19kB
      Bytes sent: 6.19kB
      Packets received: 84
      Packets sent: 84

stgraber@castiana:~$ lxc exec v1 bash
root@v1:~# ps aux | grep lxd
root       787  1.5  1.6 747700 16300 ?        Ssl  02:25   0:00 /run/lxd_config/9p/lxd-agent
root      1024  0.0  0.0  14856  1004 pts/0    S+   02:26   0:00 grep --color=auto lxd

Reworked storage layer

As part of the virtual machine work, we have completely rewritten our storage layer. This was done partly to add support for storing the block devices backing the virtual machines and to cleanup a lot of cruft that's been accumulating over the years and evolution of the storage layer.

This has no user visible repercussions, if it works properly, the new logic should be acting exactly like the old one, though possibly with quite a few less bugs.

It is now easier than ever to add support for a new storage driver and thanks to good abstractions having been put in place, the vast majority of the storage operations now use shared logic, significantly reducing code duplication and risk of duplicated bugs throughout the codebase.

As with any work of this magnitude, there will be bugs. We will try to be as reactive as we can to address any issue reported to us and would strongly recommend testing LXD 3.19 on some less important systems through the candidate channel ahead of it hitting stable.

Contributions by students of the University of Texas

A number of group of students from the University of Texas in Austin have been contributing LXD features as part of an assignment in their virtualization class.

For this release, this includes:

  • Multi architecture clustering
  • Direct attach of Ceph rbd/fs volumes
  • Attaching profiles to images
  • Custom mount options for disk devices
  • LVM striping (partial work superseded by the re-implementation of the storage layer)

A number more are currently being polished and will be included in the next LXD release.

The LXD team really enjoyed those contributions and interacting with new contributors to the project and are wishing all the best to the participating students!

Other new features

Device keys as lxc list columns

It is now possible to define additional columns in lxc list to show the value of device configuration keys.

For example:

stgraber@castiana:~$ lxc list -c nst,config:image.os:OS,devices:eth0.parent:BRIDGE
+--------+---------+-----------------+--------+--------+
|  NAME  |  STATE  |      TYPE       |   OS   | BRIDGE |
+--------+---------+-----------------+--------+--------+
| maas01 | STOPPED | CONTAINER       | ubuntu | lxdbr0 |
+--------+---------+-----------------+--------+--------+
| v1     | STOPPED | VIRTUAL-MACHINE | ubuntu | lxdbr0 |
+--------+---------+-----------------+--------+--------+
| v2     | STOPPED | VIRTUAL-MACHINE | ubuntu | lxdbr0 |
+--------+---------+-----------------+--------+--------+
| v3     | STOPPED | VIRTUAL-MACHINE |        | lxdbr0 |
+--------+---------+-----------------+--------+--------+

Routed networking mode

A new routed mode (nictype) for network interfaces is now supported. This requires a very recent feature of underlying liblxc and will effectively setup a point to point link between the container and host and will then route an IP to the container over it.

stgraber@castiana:~$ lxc config device add c1 eth0 nic nictype=routed ipv4.address=10.255.243.155
Device eth0 added to c1
stgraber@castiana:~$ lxc start c1
stgraber@castiana:~$ lxc list c1
+------+---------+-----------------------+------+-----------+-----------+
| NAME |  STATE  |         IPV4          | IPV6 |   TYPE    | SNAPSHOTS |
+------+---------+-----------------------+------+-----------+-----------+
| c1   | RUNNING | 10.255.243.155 (eth0) |      | CONTAINER | 0         |
+------+---------+-----------------------+------+-----------+-----------+

Direct attach of Ceph RBD or FS to containers

For those users who have existing RBD or FS volumes on Ceph which aren't managed by LXD itself and so cannot be attached through a traditional disk device, it is now possible to attach such a volume directly to a container.

This is done with special values for the source config key of disk devices.

Examples include: - source=ceph-rbd:pool/volume - source=ceph-fs:fs/path

Additionally some configuration keys were added to select the Ceph cluster and user.

  • ceph.cluster_name
  • ceph.user_name

Custom mount options for disk devices

A new raw.mount_options config key was added to disk devices. It takes an arbitrary list of comma separated mount options to be used when attaching the disk to the container.

Attaching profiles to images

A set of profiles can now be attached to profiles. Any new instance created from that image will be using that set of profiles rather than the default profile.

This is configured through lxc image edit and is kept as images auto-update.

stgraber@castiana:~$ lxc image show a722a8eb4d31
auto_update: true
properties:
  architecture: amd64
  description: Alpine 3.8 amd64 (20200116_13:00)
  os: Alpine
  release: "3.8"
  serial: "20200116_13:00"
  type: squashfs
public: false
expires_at: 1969-12-31T19:00:00-05:00
profiles:
- default

stgraber@castiana:~$ lxc image edit a722a8eb4d31

stgraber@castiana:~$ lxc image show a722a8eb4d31
auto_update: true
properties:
  architecture: amd64
  description: Alpine 3.8 amd64 (20200116_13:00)
  os: Alpine
  release: "3.8"
  serial: "20200116_13:00"
  type: squashfs
public: false
expires_at: 1969-12-31T19:00:00-05:00
profiles:
- blah

stgraber@castiana:~$ lxc launch a722a8eb4d31 a1
Creating a1
Starting a1

stgraber@castiana:~$ lxc info a1 | grep Profiles
Profiles: blah

Interception of the mount system call

Our system call interception layer has been extended to support intercepting the mount syscall.

This can be used to allow normally restricted filesystems to be mounted inside unprivileged containers, but maybe more importantly, it allows for transparent redirection of mount calls to FUSE drivers.

The new configuration options are: - security.syscalls.intercept.mount (enable/disable the feature) - security.syscalls.intercept.mount.allowed (list of filesystems to allow mounting) - security.syscalls.intercept.mount.fuse (list of filesystems to redirect to FUSE) - security.syscalls.intercept.mount.shift (whether to automatically setup a shiftfs layer)

WARNING: You should never grant the allowed permission to a container that you don't completely trust. This directly exposes your container to the kernel superblock parser and can be used to attack the kernel, crashing the host or even breaking out of the container.

Here is an example of both mounting through by allowing ext4 as well as then using FUSE as a much safer alternative:

root@vm02:~# lxc launch ubuntu:18.04 c1
Creating c1
Starting c1

root@vm02:~# mkfs.ext4 /dev/sdb
mke2fs 1.44.1 (24-Mar-2018)
Discarding device blocks: done                            
Creating filesystem with 2621440 4k blocks and 655360 inodes
Filesystem UUID: 134bc6d4-e7d3-4db1-a3aa-a398c1acff85
Superblock backups stored on blocks: 
    32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done

root@vm02:~# lxc config device add c1 sdb unix-block path=/dev/sdb
Device sdb added to c1

root@vm02:~# lxc exec c1 -- mount /dev/sdb /mnt
mount: /mnt: permission denied.

root@vm02:~# lxc config set c1 security.syscalls.intercept.mount true
root@vm02:~# lxc config set c1 security.syscalls.intercept.mount.shift true
root@vm02:~# lxc config set c1 security.syscalls.intercept.mount.allowed ext4
root@vm02:~# lxc restart c1

root@vm02:~# lxc exec c1 -- mount /dev/sdb /mnt
root@vm02:~# lxc exec c1 -- ls -lh /mnt
total 16K
drwx------ 2 root root 16K Jan 17 01:56 lost+found

root@vm02:~# lxc exec c1 -- apt-get install -y fuse2fs
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following package was automatically installed and is no longer required:
  libfreetype6
Use 'apt autoremove' to remove it.
The following NEW packages will be installed:
  fuse2fs
0 upgraded, 1 newly installed, 0 to remove and 4 not upgraded.
Need to get 28.8 kB of archives.
After this operation, 143 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 fuse2fs amd64     1.44.1-1ubuntu1.2 [28.8 kB]
Fetched 28.8 kB in 0s (117 kB/s)
Selecting previously unselected package fuse2fs.
(Reading database ... 28654 files and directories currently installed.)
Preparing to unpack .../fuse2fs_1.44.1-1ubuntu1.2_amd64.deb ...
Unpacking fuse2fs (1.44.1-1ubuntu1.2) ...
Setting up fuse2fs (1.44.1-1ubuntu1.2) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...

root@vm02:~# lxc config unset c1 security.syscalls.intercept.mount.allowed
root@vm02:~# lxc config set c1 security.syscalls.intercept.mount.fuse ext4=/usr/sbin/fuse2fs
root@vm02:~# lxc restart c1

root@vm02:~# lxc exec c1 -- mount /dev/sdb /mnt
root@vm02:~# lxc exec c1 -- ls -lh /mnt
total 128K
drwx------ 2 root root 16K Jan 17 01:56 lost+found
root@vm02:~# lxc exec c1 -- ps aux | grep fuse
root       304  0.0  0.0 170172   788 ?        Ssl  02:00   0:00 /usr/sbin/fuse2fs /dev/sdb /mnt -o dev,suid
root@vm02:~#

Additions to the resources API

Two new fields have been added to the disk entries in the resources API.

  • FirmwareVersion exposes the firmware revision of the network card
  • DeviceID shows a device identifier suitable for lookup under /dev/disk/by-id

An example for a NVME drive now looks like:

stgraber@castiana:~$ lxc query /1.0/resources | jq .storage.disks[0]
{
  "block_size": 512,
  "device": "259:0",
  "device_id": "nvme-eui.0000000001000000e4d25cafae2e4c00",
  "device_path": "pci-0000:05:00.0-nvme-1",
  "firmware_version": "PSF121C",
  "id": "nvme0n1",
  "model": "INTEL SSDPEKKW256G7",
  "numa_node": 0,
  "partitions": [
    {
      "device": "259:1",
      "id": "nvme0n1p1",
      "partition": 1,
      "read_only": false,
      "size": 52428800
    },
    {
      "device": "259:2",
      "id": "nvme0n1p2",
      "partition": 2,
      "read_only": false,
      "size": 1073741824
    },
    {
      "device": "259:3",
      "id": "nvme0n1p3",
      "partition": 3,
      "read_only": false,
      "size": 254933278208
    }
  ],
  "read_only": false,
  "removable": false,
  "rpm": 0,
  "serial": "BTPY63440ARH256D",
  "size": 256060514304,
  "type": "nvme",
  "wwn": "eui.0000000001000000e4d25cafae2e4c00"
}

Multi-architecture clustering

It is now possible to mix cluster members of different architectures. LXD will automatically place containers on the right systems based on image architecture.

As a bit of an extreme example, here is a cluster made of 3 different non-Intel architectures:

root@cluster:~# lxc cluster list
+---------------+----------------------------+----------+--------+-------------------+--------------+
|     NAME      |            URL             | DATABASE | STATE  |      MESSAGE      | ARCHITECTURE |
+---------------+----------------------------+----------+--------+-------------------+--------------+
| bos01-arm64   | https://240.0.200.92:8443  | YES      | ONLINE | fully operational | aarch64      |
+---------------+----------------------------+----------+--------+-------------------+--------------+
| bos01-ppc64el | https://240.0.202.246:8443 | YES      | ONLINE | fully operational | ppc64le      |
+---------------+----------------------------+----------+--------+-------------------+--------------+
| bos01-s390x   | https://240.0.203.11:8443  | YES      | ONLINE | fully operational | s390x        |
+---------------+----------------------------+----------+--------+-------------------+--------------+
| bos02-arm64   | https://240.0.204.139:8443 | NO       | ONLINE | fully operational | aarch64      |
+---------------+----------------------------+----------+--------+-------------------+--------------+
| bos02-ppc64el | https://240.0.206.145:8443 | NO       | ONLINE | fully operational | ppc64le      |
+---------------+----------------------------+----------+--------+-------------------+--------------+
| bos02-s390x   | https://240.0.207.35:8443  | NO       | ONLINE | fully operational | s390x        |
+---------------+----------------------------+----------+--------+-------------------+--------------+

Improved clustering setup logic

Prior to this release, when building up a LXD cluster, the first 3 servers to be part of the cluster would act as database nodes, receiving a full copy of the database and starting to vote on database transactions.

This behavior led many to believe that a cluster of just 2 servers was safe to operate despite the number of database members being even, preventing a proper quorum and effectively taking down the entire database should either of the servers go offline.

The new behavior is to keep operating with a single database server until the 3rd server is joined, at which point all 3 servers become database servers.

This will be further improved in LXD 3.20 with the introduction of standby database nodes allowing for multiple database nodes to go offline without the cluster itself going offline.

MAC filtering on unmanaged bridge

The security.mac_filtering configuration key can now be used with nic devices attached to network bridges that aren't managed by LXD itself.

Configurable Ceph data pool name

For those wanting separate OSD pools for their data and metadata, a new configuration key ceph.osd.data_pool_name was added allowing control of where the data should be stored. The metadata will be stored at the pool referenced by ceph.osd.pool_name.

LVM striping support

LVM striping is now supported, it can be configured through the volume.lvm.stripes and volume.lvm.stripes.size.

Initial CGroup2 resource restrictions

A new CGroup abstraction layer was added to LXD as well as an initial mapping for v2 resource controlers. This combined with recent improvements to liblxc should allow for most resource constraints to function in a CGroup V2 environment.

Configurable backup compression at creation time

The compression algorithm used for backups can be configured through backups.compression_algorithm but this is a global setting which will apply to all new backups.

In line with instance publishing (lxc publish), it is now possible to override the compression algorithm of backups at the time of their creation. This is exposed through lxc export --compression-algorithm.

Support for compressing backups and images using squashfs

squashfs can now be selected as compression algorithm for both images and backups. Prior to this, LXD could consume images compressed through squashfs but couldn't create them itself.

Complete changelog

Here is a complete list of all changes in this release:

  • lxd/cgroup: Adds cgroup package with CPU task balancing functions
  • lxd: Updates to use cgroup package
  • lxd: Changes instance and containerLXC function Id() to ID()
  • lxd: Updates error handling of MakeFSType after stderr split of RunCommand
  • api: Add resources_network_firmware extension
  • shared/api: Add FirmwareVersion to ResourcesNetworkCard
  • lxd/resources/network: Add FirmwareVersion retrieval
  • lxd/container: Adds instanceLoad function
  • lxd: Replaces use of containerLXCLoad with instanceLoad
  • lxc: Changes lxc list and lxc info Type field to show instance type
  • i18n: Update translation templates
  • lxc/{list,info}: Fix type on older LXD
  • lxd/device/disk: Apply limits through post hook
  • lxd/main_migratedumpsuccess: Use fast connection
  • lxd/main_sql: Use fast connection
  • lxd/daemon: Allow internal queries during startup
  • test: Adds host-side MTU veth checks
  • lxd/device/disk: Improvements in disk limits
  • lxd: Fix backup expiry
  • lxd: Fix backup expiry check
  • api: Add backup_compression_algorithm API extension
  • shared/api: Add CompressionAlgorithm to InstanceBackupsPost
  • lxc/export: Add --compression option
  • i18n: Update translation templates
  • lxd/backups: Add support for CompressionAlgorithm
  • lxd: Fix container restore with projects in Ceph
  • test: Add container restore with projects
  • lxd/daemon: Adds daemon package
  • lxd: Updates use of debug and verbose vars in daemon pkg
  • lxd/rsync: Moves rsync functions to own package
  • lxd: Updates usage of moved rsync functions
  • doc: Add ceph.osd.data_pool_name
  • storage/ceph: Implement --data-pool argument
  • scripts: Add ceph.osd.data_pool_name to bash completion
  • api: Add ceph_data_pool_name extension
  • doc: Add commit structure to contributing.md
  • lxd/cluster: Process upgrade notifications on all members
  • lxd/cluster: Relax upgrade notification target
  • lxd/db: Export GetNodeID
  • lxd/daemon: Skip heartbeat processing during startup
  • lxd/db: Backward compat code for Nodes()
  • lxd/daemon: Set gateway.Cluster during WaitUpgradeNotification
  • lxd/storage/ceph: Fix to work on older releases
  • lxd: Move backup to separate package
  • test: Add backup package to static analysis
  • test: Add project testing to backup
  • lxd/device/nic: Pass --concurrent to ebtables
  • tests: Update ebtables calls
  • fix debugging.md rendering
  • lxd/sys: Enforce directory permissions
  • lxd/daemon: Bump NOFILE to max on startup
  • lxd/list: Modify parseColumns to allow for the config:KEY:NAME:WIDTH syntax
  • lxd/list: Modify TestColumns to allow for the config:KEY:NAME:WIDTH syntax
  • lxd/cluster: Tweak joining error messages
  • lxd/cluster: Fix already-clustered test
  • lxd/list: Add support for devices:KEY:NAME:WIDTH to parseColumns
  • lxd/list: Add tests to check support for devices:KEY:NAME:WIDTH and config:KEY:NAME:WIDTH in parseColumns
  • lxd/list: Add description in command help section about devices:KEY:NAME:WIDTH and config:KEY:NAME:WIDTH support
  • i18n: Update translation templates
  • lxc/storage/volume: Fix panic when invalid snapshot rename argument supplied
  • shared/util: Removes ExtractSnapshotName
  • lxd: Changes use of ExtractSnapshotName to ContainerGetParentAndSnapshotName
  • lxd/storage/volumes: Removes unused snapshot logic from storagePoolVolumeTypePost
  • seccomp: test for syscall continuation support
  • seccomp: implement syscall continuation for mknod(), mknodat(), and setxattr()
  • unixfd: split into unixfd.{c,h}
  • unixfd: hide symbols
  • Makefile: Switch to tsenart/deadcode
  • lxd/include: Don't include missing file
  • Revert "unixfd: hide symbols"
  • tree-wide: handle _GNU_SOURCE ifdefs correctly
  • Makefile: add "nocache" target
  • tree-wide: rework cgo compilation
  • Add step to trigger reread on loopback device when resizing BTRFS storage pool.
  • lxd/db/storage/pools: StoragePoolVolumeSnapshotsGetType returns StorageVolumeArgs slice
  • lxd/db/storage/pools: Makes StoragePoolVolumeSnapshotsGetType return in volume ID order
  • lxd: Updates use of StoragePoolVolumeSnapshotsGetType return type change
  • seccomp: log syscall arguments
  • package: lxd: add cgo.go
  • package: lxd-p2c: add cgo.go
  • package: seccomp: add cgo.go
  • package: quota: add cgo.go
  • package: storage: add cgo.go
  • package: ucred: add cgo.go
  • package: idmap: add cgo.go
  • package: netutils: add cgo.go
  • package: termios: add cgo.go
  • package: shared: add cgo.go
  • lxd: add cgo hardening flags and fix minor bugs found by them
  • lxd/storage/utils: Add common helpers to utils
  • lxd/storage/volumes/config: Removes functions moved to storage package
  • lxd: Updates use of funcs/vars moved to storage pkg
  • lxd/storage/drivers/utils: Add common functions
  • lxd/storage/drivers/utils: Adds GetVolumeMountPoint and GetPoolMountPoint functions
  • lxd/storage/drivers/utils: Adds DeleteParentSnapshotDirIfEmpty
  • lxd/storage/drivers/utils: Add GetVolumeSnapshotDir
  • lxd/storage/drivers/volume: Adds VolumeType and ContentType definitions
  • lxd/storage/storage: Deprecates pool path function
  • lxd/storage/drivers/errors: Adds storage drivers errors
  • lxd/storage/errors: Adds shared errors for storage
  • lxd/db/storage/pools: Improves comments on StoragePoolVolumeSnapshotsGetType
  • tests: Fixes zfs snapshot restore bug in tests
  • lxd/migration/migration/volumes: Adds migration volume arg types
  • lxd/storage: Removes progress wrapper functions
  • lxd: Update use of migration progress functions
  • seccomp: protect against syscall supervision override
  • client/lxd/storage/volumes: Fixes bug where migration errors were ignored
  • lxc/storage/volume: Adds volume snapshot rename check for same parent volume
  • lxd/storage/quota: Fix bad typing
  • lxd/containers: Return disk usage when stopped
  • lxd/storage/utils: Removes default empty "size" property for dir volumes
  • lxd/storage/utils: Makes dir driver allowed to translate the size property
  • tree-wide: cgo: add -Wunused and fix errors detected by this option
  • tree-wide: cgo: mark some global variables ro
  • lxc/config: Handle config/profile in examples
  • i18n: Update translation templates
  • forksyscall: add acquire_final_creds()
  • seccomp: implement mount syscall interception
  • api: add container_syscall_intercept_mount extension
  • doc: add security.syscalls.intercept.mount
  • scripts: add security.syscalls.intercept.mount to bash completion
  • client: Ignore unresolvable addresses
  • lxd/include: Fix definition of SECCOMP_USER_NOTIF_FLAG_CONTINUE
  • api: Add compression_squashfs extension
  • lxd/cluster: Validate squashfs-tools-ng executables
  • lxd: Modify compressFile() to support SquashFS
  • lxd/networks: Nicer error on misisng IPv6
  • global: Drop -Wcast-align (breaks armhf)
  • lxd: Support SquashFS compressed backup imports
  • lxd: Add SquashFS compressed image publish/export support
  • lxd/device/nic/bridged: Allow MAC filtering on unmanaged bridges
  • test: Adds test for using security.mac_filtering with unmanaged parent
  • doc: fix link to security.md from README.md
  • doc: use HTTPS links for criu and #lxcontainers (they have STS preload)
  • lxd/rsync: Switch to using io.ReadWriteCloser
  • shared: Implement a WebsocketIO ReadWriteCloser abstraction
  • lxd/migration: Introduce ProgressTracker
  • lxd/migration: Switch over to ReadWriteCloser for rsync
  • lxd/devlxd: Fixes event socket close on client disconnect during wait
  • lxd/events/events: Adds context to event listener Wait() function
  • lxd/events: Fixes event socket close on client disconnect during wait
  • lxd/migrate: Close control web socket on disconnect()
  • lxd/migrate/storage/volunes: Always close web socket after migration
  • lxd/storage: Adds interfaces
  • lxd/storage/load: Adds storage pool loader functions
  • lxd/storage/drivers/driver: Adds storage driver load functions
  • lxd/storage/backend/lxd: Adds lxd backend implementation
  • lxd/storage/backend/mock: Adds mock backend implementation
  • lxd/storage/drivers/driver/common: Adds common driver
  • lxd/storage/drivers/driver/dir: Add dir backend
  • lxd/storage/volumes: Links doVolumeCreateOrCopy to use storage pkg
  • test/suites/static/analysis: Updates to recurse storage package
  • lxd/storage/volumes: Links volume delete function to use new storage pkg
  • lxd/storage/utils: Adds VolumeTypeToDBType function
  • lxd/storage/utils: Modifies VolumeValidateConfig to hook into new storage API
  • lxd/storage/utils: Deprecates SupportedPoolTypes
  • lxd/storage/drivers/volume: Adds Volume struct type
  • lxd/storage/volumes: Re-works storagePoolVolumeTypePost into sub-actions
  • lxd/storage/volumes/snapshot: Renames driver import to storagePools
  • lxd/storage/volumes/snapshot: Links rename snapshot volume to new storage pkg
  • lxd/storage/volumes/snapshot: Links snapshot delete to new storage pkg
  • lxd/storage/volumes/snapshot: Links create custom snapshot to new storage pkg
  • lxd/storage/volumes: Moves DB lookup into migration function
  • lxd/migrate/storage/volumes: Links volume migrate functions to new storage pkg
  • lxd/storage/volumes: Linking volume move to new storage pkg
  • lxd/storage/volumes: Adds existing volume checks to storagePoolVolumeTypePost and storagePoolVolumesTypePost
  • lxd/storage/drivers/utils: Adds GetSnapshotVolumeName function
  • lxd/storage/drivers/utils: Renames GetVolumeMountPath and GetPoolMountPath
  • lxd/storage: Updates deprecation notice
  • lxd/storage/drivers/utils/test: Updates tests
  • lxd/storage/utils: Adds validateVolumeCommonRules
  • lxd/migration/migration/volumes: Updates MatchTypes to log offered and our types on mismatch
  • lxd/storage/memorypipe: Adds in-memory bidirectional pipe
  • lxd/migrate/storage/volumes: Updates use of migrate TrackProgress args
  • lxd/storage/backend/lxd: Updates CreateCustomVolumeFromCopy to use migration logic
  • lxd/storage/drivers/driver/common: Improves comment
  • lxd/migration/migration/volumes: Adds TrackProgress bool to MigrationSourceArgs and MigrationTargetArgs
  • lxd/storage/drivers/driver/dir: Updates migration functions to use TrackProgress bool
  • lxd/containers: Push MAAS entry after dev creation
  • lxd/storage/drivers/interface: Modifies ValidateVolume definition
  • lxd/storage/utils: Updates ValidateVolume usage
  • lxd/storage/backend/lxd: Updates use of validate function
  • lxd/storage/drivers/driver/common: Updates validate function
  • lxd/storage/drivers/driver/dir: Updates validation function
  • forksyscall: remove left-over advance_arg() call
  • lxd/migration/migration/volumes: Updates MatchTypes to accept fallback type
  • lxd/migration/storage/volumes: Updates MatchTypes usage
  • lxd/storage/backend/lxd: Updates MatchTypes usage
  • lxc/storage/volumes: Links storagePoolVolumeTypePatch to new storage pkg
  • lxd/storage/volumes/utils: Links storagePoolVolumeUsedByRunningContainersWithProfilesGet to storage pkg
  • lxd/storage/utils: Adds VolumeUsedByInstancesWithProfiles
  • lxd/storage/volumes: Links storagePoolVolumeTypePut to storage pkg
  • lxd/storage/drivers/interface: Updates function definitions
  • lxd/storage/backend: UpdateCustomVolume and RestoreCustomVolume
  • lxd/storage/drivers/driver/dir: Adds UpdateVolume function
  • lxd/storage/volumes: Consistent casing on error messages
  • lxd/storage/utils: Consistent casing on error messages
  • lxd/storage/interfaces: Adds RestoreCustomVolume
  • lxd/storage/drivers/interface: Adds RestoreVolume
  • lxd/storage/drivers/driver/dir: Implements RestoreVolume
  • lxd/storage/backend/mock: Adds RestoreCustomVolume
  • lxd/storage/volumes: Makes storagePoolVolumeTypePut logic consistent with storagePoolVolumeSnapshotTypePut
  • lxd/storage/volumes/snapshot: Moves storagePoolVolumeSnapshotTypePut DB logic
  • lxd/storage/volumes/utils: Removes unused storagePoolVolumeSnapshotUpdate
  • lxd/storage: Use correct operation type
  • lxd/storage/backend/lxd: Adds basic debug logging
  • lxd/storage/backend/mock: Adds logger support
  • lxd/storage/load: Initialises logger
  • lxd/storage/drivers/driver/common: Adds driver logger with pool context
  • lxd/storage/drivers/interface: Updates with pool context logger
  • lxd/storage/utils: Updates VolumeValidateConfig to use update driver loader
  • lxd/storage/load: Updates loaders to support contextual loggers
  • lxd/storage/drivers/load: Updates loaders to support contextual loggers
  • container/lxc: Hooks up root device usage to new storage package
  • lxd/storage/backend/lxd: Updates name of instance arg to inst from i
  • lxd/storage/backend/lxd: Implements GetInstanceUsage
  • lxd/storage/backend/mock: Changes GetInstanceUsage signature
  • lxd/storage/drivers/driver/dir: Implements GetVolumeUsage
  • lxd/storage/drivers/interface: Adds GetVolumeUsage
  • lxd/storage/interfaces: Changes GetInstanceUsage signature
  • lxd/images: Links imageCreateInPool to new storage package
  • lxd/storage/backend/lxd: Implements CreateImage
  • lxd/storage/backend/mock: Updates CreateImage definition
  • lxd/storage/interfaces: Updates CreateImage definition
  • lxd/resources/storage: Improve cdrom handling
  • Bring Go current in Travis
  • lxd/storage/drivers/driver/dir: Adds warnings of ext4 project quota not supported
  • lxd/storage/load: Adds GetPoolByInstanceName
  • lxd/container: Links containerCreateFromImage to new storage layer
  • lxd/containers/post: Moves progress tracker into containerCreateFromImage
  • lxd/images: Removes old unpackImage
  • lxd/storage/backend/lxd: Implements CreateInstanceFromImage
  • lxd/storage/drivers/driver/dir: Switches to using volume.CreateMounthPath()
  • lxd/storage/drivers/volume: Adds CreateMountPath
  • lxd/storage/load: Improves getVolID error when volume not found
  • lxd/storage/utils: Adds InstanceTypeToVolumeType
  • lxd/storage/utils: Adds ImageUnpack
  • test/suites/basic: Updates tests to take into account more secure volume perms
  • lxd: Updates use of driver.ImageUnpack
  • lxd/storage/load: Makes volIDFuncMake project aware
  • lxd/storage/drivers/driver/dir: Ensures old snapshor dir removed in RenameVolume
  • lxd/storage/drivers: Expose BlockBacking property
  • lxd/storage: Pass BlockBacking to ImageUnpack
  • lxd/storage: Change default container permissions to 0100
  • lxd/storage: Implement CreateImage
  • lxd/storage/dir: Don't fail/complain about missing quotas
  • lxd/devices/nic: Handle recent ebtables
  • lxd/rsync: Tweaks Recv's internal synchronisation to avoid race
  • lxd: Minor changes
  • lxd/storage: Fix custom volume with underscores
  • lxd/images: Updates imageCreateInPool to use EnsureImage
  • lxd/storage/backend/lxd: Updates EnsureImage usage and adds more comments
  • lxd/storage/backend/mock: Updates with EnsureImage
  • lxd/storage/interfaces: Renames CreateImage to EnsureImage
  • lxd/storage/load: Adds comments
  • lxd/cluster: add Recover() and ListDatabaseNodes() utilities
  • lxd/storage/drivers: Add mountReadOnly helper
  • lxd/storage/dir: Make snapshot mounts read-only
  • lxd/storage/dir: Only log project quota failures when relevant
  • lxd/container/lxc: Links container Delete() to new storage package
  • lxd/container/lxc: Improves error logging in diskState
  • lxd/storage/backend/lxd: Removes duplicated code from DeleteCustomVolume
  • lxd/storage/backend/lxd: Adds symlink management functions
  • lxd/storage/backend/lxd: Adds Instance and Instance Snapshot delete functions
  • lxd/storage/drivers/driver/dir: Reinstates DeleteParentSnapshotDirIfEmpty for volume and snapshot deletion
  • lxd/storage/drivers/utils: Updates DeleteParentSnapshotDirIfEmpty to also remove symlink
  • lxd/storage/interfaces: Adds IsSnapshot to Instance interface
  • lxd/storage/dir: Don't write to snapshots
  • lxd/container: Fix apply_quota
  • lxd/storage/lvm: Fix version parsing
  • lxd/storage/drivers/driver/dir: Comment grammar consistency
  • lxd/storage/load: Renames GetPoolByInstanceName to GetPoolByInstance
  • lxd/container: Updates use of storagePools.GetPoolByInstance and fallback for container types
  • lxd/storage/drivers/errors: Removes unused error
  • lxc/init: Properly handle errors with --empty
  • lxd/container: Links containerCreateAsEmpty to new storage package
  • lxd/container: Adds revert to containerCreateFromImage
  • lxd/container: containerCreateFromImage comment
  • lxd/storage/drivers/utils: Makes GetVolumeSnapshotDir work with either snapshot or parent vol name
  • lxd/storage/drivers/utils: Removes symlink removal from DeleteParentSnapshotDirIfEmpty
  • lxd/storage/backend/lxd: CreateInstance
  • lxd/storage/backend/lxd: Updates instance snapshot symlink removal
  • lxd/storage/backend/lxd: Updates instance snapshot symlink management functions
  • lxd/container/lxc: Removes TemplateApply() and adds DeferTemplateApply()
  • lxd/containers/post: DeferTemplateApply usage
  • lxd/instance/interface: DeferTemplateApply usage
  • lxd/storage/interfaces: DeferTemplateApply signature
  • lxd/storage: DeferTemplateApply usage
  • lxd/storage/interfaces: Updates instance mount function definitions
  • lxd/storage/backend/mock: Updates instance mount function definitions
  • lxd/storage/backend/lxd: Implements instance mount and unmount functions
  • lxd/operations: Fix remote Wait
  • lxc/query: Fix handling of ?project=
  • lxd/storage/backend/lxd: Instance function comment consistency
  • lxd/device/device/utils/disk: Changes signature of StorageRootFSApplyQuota
  • lxd/device/disk: Updates applyQuota to use error from storage package
  • lxd/storage: Links storageRootFSApplyQuota to new storage package
  • lxd/storage/backend/lxd: SetInstanceQuota
  • lxd/storage/backend/mock: SetInstanceQuota
  • lxd/storage/drivers/dir: Adds SetVolumeQuota and RunningQuotaResize info flag
  • lxd/storage/drivers/interface: SetVolumeQuota signature
  • lxd/storage/drivers/load: Adds RunningQuotaResize to driver Info struct
  • lxd/storage/errors: Adds ErrRunningQuotaResizeNotSupported error
  • lxd/storage/interfaces: SetInstanceQuota signature
  • lxd/container: Links containerConfigureInternal to new storage package
  • lxd/db: Cover all combinations of instance filters
  • lxd/db: Re-generate DB code
  • lxd/storage/drivers: Add locking
  • lxd/storage/drivers: Add cephfs
  • lxd/storage/drivers: Make locks per-pool
  • lxd/storage/cephfs: Fill remaining Info fields
  • lxd/storage/cephfs: Use SetVolumeQuota in UpdateVolume
  • lxd/storage/cephfs: Don't run RemoveAll on snapshots
  • lxd/container/lxc: Links Rename to new storage package
  • lxd/storage/backend/lxd: Reworks symlink functions
  • lxd/storage/cephfs: Simplify rename logic
  • lxd/storage/cephfs: Comment consistency
  • lxd/storage/backend/lxd: RenameInstance
  • lxd/storage/interfaces: Removes unused Path function in Instance interface
  • lxc/move: Fixes instance snapshot rename validation and crash
  • lxd/storage/backend/lxd: RenameInstanceSnapshot
  • lxd/storage/cephfs: Implement GetVolumeUsage
  • lxd/storage/dir: Properly revert snapshots
  • lxd/storage/cephfs: Fix SetVolumeQuota
  • lxd/storage/cephfs: Fix ordering in Copy/Migration
  • Move renderTable to utils.RenderTable()
  • Add new "lxd cluster" sub-command
  • Add clustering_recover integration test
  • clustering.md: add documentation about disaster recovery
  • lxd/storage/dir: Add check for bad source path
  • lxd/storage: Add localOnly handling of create/delete
  • lxd/operations: Support nil state
  • lxd/storage: Switch Create to new logic
  • lxd/storage/utils: Only create needed directories
  • lxd/storage/cephfs: Fix bad config keys
  • lxd/storage: Switch Delete to new logic
  • lxd/storage: Switch Mount to new logic
  • lxd/storage/cephfs: Don't fail if already mounted
  • lxd/api/internal: Updates use of renamed functions
  • lxd/container: Updates return values of instance create and load functions
  • lxc/container: Renames containerCreateFromImage to instanceCreateFromImage
  • lxd/container: Renames containerCreateInternal to instanceCreateInternal
  • lxd/container/lxc: Updates use of renamed c.state.Cluster.InstanceRemove
  • lxd/containers/post: Adds VM support to createFromImage
  • lxd/db/containers: Renames ContainerRemove to InstanceRemove
  • lxd/container: Renames containerCreateAsEmpty to containerCreateAsEmpty
  • lxd/containers/post: Updates use of instanceCreateAsEmpty
  • lxd/storage/backend/lxd: Pass correct content type to storage drivers for VMs
  • lxd/storage/drivers/utils: Unexports deleteParentSnapshotDirIfEmpty
  • lxd/storage/drivers/driver/dir: Updates use of deleteParentSnapshotDirIfEmpty
  • lxd/container/lxc: Updating DB usage to be instance type agnostic
  • lxd/container/post: Updates usage of InstancePool
  • lxd/container/test: Updates instanceCreateInternal usage
  • lxd/api/internal: InstancePath usage
  • lxd/container/lxc: InstancePath usage
  • lxd/storage/backend/lxd: InstancePath usage
  • lxd/storage/storage: Renames ContainerPath to InstancePath
  • lxd/storage/dir: InstancePath usage
  • lxd/storage/zfs: InstancePath usage
  • lxd/container/test: InstancePath usage
  • lxd/db/storage/pools: Adds VM instance type constant and conversion codes
  • lxd/db/containers: Updates pool lookup functions to be instance type agnostic
  • lxd/storage/load: InstancePool usage
  • lxd/db/containers/test: InstancePool usage
  • lxd/storage: InstancePool usage
  • lxd/storage/dir: Don't apply quotas on snapshots
  • lxd/device/nic: Fix race in vlan creation
  • lxd/device/nic: Fix handling of shared vlans
  • lxd/storage/cephfs: Store version globally
  • lxd/storage/drivers: Drop Usable field
  • lxd/storage/drivers: Implement load function
  • lxd/storage/cephfs: Implement load
  • lxc/init: Adds vm flag to init command
  • lxc/copy: copyContainer tweaks
  • lxd/container: Adds support for VM creation to instanceCreateInternal
  • lxd/container: Adds VM support to instanceLoad
  • lxd/storage/drivers/utils: Adds createSparseFile
  • lxd/storage/backend/lxd: Signature and comment tweaks for filler function
  • lxd/storage/drivers/driver/cephfs: filler usage update
  • lxd/storage/drivers/driver/dir: Adds VM support to CreateVolume
  • lxd/storage/drivers/driver/dir: Adds content type checking to some functions
  • lxd/storage/drivers/interface: CreateVolume signature update for filler change
  • lxd/storage/utils: Adds VM type conversion
  • lxd/storage/utils: Updates ImageUnpack to support VM images
  • lxd/storage: Updates ImageUnpack usage
  • lxd/sys/fs: Adds VM dirs
  • lxd/containers: Renames containerDeleteSnapshots to instanceDeleteSnapshots
  • lxd/container/lxc: instanceDeleteSnapshots usage
  • lxd/device/device/utils/network: Adds networkCreateTap
  • lxd/device/nic/bridged: Adds initial support for VM
  • lxd/device/disk: Initial VM support
  • lxd/storage/backend/lxd: GetInstanceDisk implementation
  • lxd/storage/drivers/driver/ceph: GetVolumeDiskPath placeholder
  • lxd/storage/drivers/driver/dir: GetVolumeDiskPath implementation
  • lxd/storage/drivers/interface: Adds GetVolumeDiskPath
  • lxd/container/console: Improves resilience of console checking
  • shared/container: Adds support for vm.uuid volatile key
  • lxd/container: progress meta data
  • lxd/containers/post: createFromImage instances created field
  • lxd/storage/backend/lxd: CreateInstanceFromCopy qcow2 comment
  • i18n: Update translation templates
  • lxd/containers/post: createFromNone VM support
  • lxd: Move IsJSONRequest to util package
  • client: Add vsock support
  • client: Add ConnectLXDHTTP function
  • lxd/vsock: Add vsock HTTP client
  • lxd-agent: Add basic structure
  • lxd-agent: Add state command
  • lxd-agent: Add operations command
  • lxd-agent: Add exec command
  • lxd-agent: Add file command
  • shared/idmap: Fix build tags
  • lxd/util: Restrict sys.go to LXD itself
  • lxd/sys: Restrict to LXD itself
  • lxd/state: Use empty struct when not LXD
  • lxd/response: Split SmartError into LXD/non-LXD
  • lxd/operations: Disconnect from DB on non-LXD
  • lxd/endpoints: Allow building on non-Linux
  • lxd/db: Allow external use without dqlite
  • Fix golint warnings
  • lxd/container: Improves create from imate type mismatch error
  • lxd/container/console: Makes console logic instance type agnostic
  • lxd/container/lxc: Updates Console to return an os.File
  • lxd/instance/interface: Updates Console signature
  • lxd/db/images: Fixes bug in ImageSourceGetCachedFingerprint not applying image type filter
  • shared/cert: Useful comment about cert type on FindOrGenCert
  • lxd/vm/qemu: Initial implementation of VM Qemu instance type
  • client/connection: Simplifies ConnectLXDHTTP
  • lxd/vm/qemu: Adds agent connection setup
  • lxd/vsock: Simplifies HTTPClient
  • lxd/vm/qemu: Implement FilePush for VMs
  • lxd/vm/qemu: Implement FilePull for VMs
  • lxc/storage: Add support for virtual-machine volumes
  • lxd/storage: Add support for virtual-machine volumes
  • lxd/vm: Set WorkingDirectory in unit
  • lxd/vm: Fix TLS authentication to agent
  • lxd-agent: Fix golint
  • lxd-agent: Remove dead code
  • lxd-agent: Function name consistency
  • lxd-agent: Avoid global variables
  • lxd-agent: Load certs from current dir
  • Makefile: Have default build static lxd-p2c
  • Makefile: Add lxd-agent
  • lxd-agent: Port to cobra
  • lxd-agent: Re-order imports
  • lxd/vsock: Switch to single implementation
  • api: Add extention for passing in raw mount options
  • doc/container: added raw_mount_options to disk options
  • lxd/device add support for raw_mount_options for disk device mounts
  • tests: Add test for raw.mount.options for disk device mounts
  • lxc/image: Truncate image files down to size
  • lxd/images: Truncate image files down to size
  • client: Add Disconnect function
  • lxd/vm: Fix UEFI secure boot
  • lxd/vm: Use filepath rather than manual joining
  • lxd/device/nic/ipvlan: removes unused optional "host_name" config field.
  • lxd/device/nic/routed: Adds veth routed NIC device
  • shared/version/api: Adds container_nic_routed API extension
  • doc/containers: Adds routed nic type docs
  • test: Adds routed nic tests
  • seccomp: implement redirection to fuse
  • api: add container_syscall_intercept_mount_fuse extension
  • doc: add security.syscalls.intercept.mount.fuse
  • scripts: add security.syscalls.intercept.mount.fuse
  • lxd/vm: Cleanup config layout
  • lxd/vm: Add an identifying serial device
  • lxd/vm/qemu: Adds missing secure boot EFI firmware error
  • seccomp: only apply shift when it is needed
  • shared/simplestreams: Support disk-kvm.img
  • shared/cert: Make adding of ip/names optional
  • lxc/config: Update to changed cert functions
  • lxd/util: Update to changed cert functions
  • lxd/vm: Update to changed cert functions
  • lxd-agent: Update to changed cert functions
  • lxd-p2c: Update to changed cert functions
  • lxc-to-lxd: Update to changed cert functions
  • seccomp: test flag parsing and log ignored flags
  • shared: Update to changed cert functions
  • seccomp: attach to pid namespace when mounting through fuse
  • lxd-agent: Generate the cloud-init configuration
  • lxd/vm: Use 9p for agent drive
  • lxd/storage: Only use raw images
  • lxd/storage/drivers: Don't return disk type
  • lxd/storage: Don't return disk type
  • lxd: Use raw disk images only
  • lxd/vm: Add install script in 9p
  • lxd/device/disk: Adds support for generating VM config drive
  • lxd/device/nic/bridged: Adds hwaddr to runConf when instance type is VM
  • lxd/vm/qemu: Modifies qemu config generation to support dynamic devices
  • lxd/container: Renames containerValidDevices to instanceValidDevices
  • lxd/device/device/instance: Adds Path() to Instance interface
  • lxd/device/disk: Adds support for generating VM cloud-init config drive
  • lxd: Updates instanceValidDevices usage
  • lxd: Fixes bug in fillNetworkDevice volatile hwaddr generation
  • lxd/vm/qemu: Fix root disk path in device
  • lxd/vm/qemu: Only connect to VM agent to get state if VM is running
  • lxd/vm/qemu: Comment about generateConfigShare meta-data generation
  • lxd/device/unix/common: Device naming functions usage
  • lxd/device/device/utils/generic: Adds generic device naming functions
  • lxd/device/gpu: Device naming functions usage
  • lxd/device/disk: Uses generic device name path functions
  • lxd/device/device/utils/unix: Device naming functions usage
  • lxd/device/device/utils/unix: Removes unused device naming functions
  • lxd/include: Fix SECCOMP_GET_ACTION_AVAIL define
  • lxd/vm: Update systemd units
  • lxd: Cleanup storage volumes properly for VMs
  • lxd/instances: Add /1.0/virtual-machines
  • lxd/storage: Fix GetVolumeSnapshotDir return value
  • lxd/vm: Implement Exec for VMs
  • lxd-agent: Proper logger
  • lxd/container/exec: Don't require cmd to be returned from inst.Exec()
  • lxd-agent/exec: Add buffered channel to prevent deadlock on cmd exit
  • client/lxd: log websocket URL
  • client/lxd/events: Fixes /events connect bug
  • lxd-agent/exec: Fixes go routine leak
  • lxd-agent/daemon: Adds daemon for storing event server to agent
  • lxd-agent/events: Adds /events websocket route to agent
  • lxd/state/notlinux: Adds Events field to non-linux/agent State struct
  • lxd/operations/operations: Adds SetEventServer function
  • lxd/operations: Reinstates sending events when no state
  • lxd-agent/exec: Links daemon's event server to operation
  • lxd-agent: Adds daemon to request
  • lxd: More event socket logging
  • lxd/vm/qemu: Disconnects VM agent after use
  • lxd/vm/qemu: Interactive unbuffered exec console
  • lxd-agent: Add missing setsid call on exec
  • lxd-agent: Fix uid/gid/cwd in exec
  • lxd/agent/exec: More debug status messages for exec handler
  • lxd/container/exec: Updates exec handler to use new inst.Exec signature
  • lxd/container/lxc: Updates Exec() to return a instance.Cmd
  • lxd/instance/interface: Updates Exec() function to be local or remote command agnostic
  • lxd/vm/qemu: Updates Exec() to return instance.Cmd
  • lxd/container/lxc/exec/cmd: Implementation of instance.Cmd for containerLXC
  • lxd/vm/qemu/cmd: Implementation of instance.Cmd for vmQemu
  • lxd/instance/instance/exec/cmd: Cmd interface
  • lxd-agent/exec: Removes \n from logging
  • lxd/vm/qemu: Better error message to users when failing to connect to lxd-agent
  • lxd-agent/exec: Makes the terminal the controlling terminal of the calling process
  • lxd/vm: Make OVMF path configurable
  • lxd/vm/qemu: Comment ending consistency
  • lxd/vm/qemu: Handle deletion of storage volume DB record when reverting VM create
  • lxd/storage/backend/lxd: Adds same pool optimisation to CreateCustomVolumeFromCopy
  • lxd/container: container to instance renames, comment improvements
  • lxd/containers/post: Adds instances field to response from createFromCopy
  • lxd/container: instanceCreateAsCopy rename and revertion logic
  • lxd/container: instanceCreateInternal comment
  • lxd/containers/post: instanceCreateAsCopy usage
  • scripts/bash: Refresh list of commands
  • api: Add container_disk_ceph API extension
  • lxd: Add support for CEPH FS backed disks and CEPH RBD backed disks
  • tests: Add test for CEPH backed disks
  • doc: Add support for CEPH backed disks
  • lxd: Fixing srcPath check for cephs
  • lxd: Correct srcPath check for cephs
  • lxd: Fixing single quote on ceph check
  • lxd/device/disk: Fix mounting cephfs
  • lxd/device/disk: Format blocks a bit
  • tests: Fix typo in cephfs test
  • lxd: Fix ceph_rbd volatile key
  • lxd/storage: Rename storagePoolVolumeUsedByContainersGet
  • lxd/storage: Rename storagePoolVolumeUsedByRunningInstancesWithProfilesGet
  • lxd: Have instanceLoadByProject return all instances
  • lxd/vm: Use leases to get IP
  • lxd/storage/zfs: Fix migration on zfs 0.6
  • lxd/vm/qemu: Removes deprecated Storage() function
  • lxd/instance/instance/interface: Moves Instance interface into instance pkg
  • lxd/instance/interface: Removes old Instance interface
  • lxd: Updates references to Instance interface
  • lxd/storage: Fix DeleteImage return value
  • lxd/storage/cephfs: Properly handle root path
  • lxd/vm: Reverse interface counters
  • lxd/container: Adds operation arg to instanceCreateAsCopy
  • lxd/containers/post: Passes operation to instanceCreateAsCopy
  • lxd/container: Links instanceCreateAsCopy to new storage pkg
  • lxd/container: source snapshot var naming for clarity
  • lxd/storage/interfaces: Exposes ExpandedDevices() on Instance interface
  • lxd/storage/interfaces: Updates Instance migration signatures
  • lxd/storage/interfaces: Changes i arg var to inst to represent Instance
  • lxd/storage/backend/mock: Updates instance migration signatures
  • lxd/db/containers: Removes unused ContainerCreationUpdate replaces with InstanceSnapshotCreationUpdate
  • lxd/migrate/storage/volumes: Fixes typo
  • lxd/migration/interfaces: Removes unused definitions
  • lxd/storage/backend/lxd: Updates CreateInstance to use root disk device config
  • lxd/storage/backend/lxd: Implements CreateInstanceFromCopy
  • lxd/storage/backend/lxd: Updates CreateInstanceFromImage to use instance root disk config
  • lxd/storage/backend/lxd: Implements CreateInstanceFromMigration
  • lxd/storage/backend/lxd: Implements MigrateInstance
  • lxd/storage/backend/lxd: Adds comment to EnsureImage explaining for volume config not needed
  • lxd/storage/backend/lxd: Comment consistency in CreateCustomVolumeFromCopy
  • lxd/storage/backend/lxd: Add comment to MigrateCustomVolume explaining volume config not needed
  • lxd/storage/backend/lxd: Close migration connection on error in CreateCustomVolumeFromMigration
  • lxd/device/device/runconfig: Moves to device/config pkg
  • lxd/instance/instance/interface: Removes device pkg import
  • lxd: Updates use of deviceConfig.RunConfig
  • Use the node ID from the nodes ID table, not the raft one
  • lxd/patches: Fix database roles
  • lxd/container/lxc: Reorders containerLXC Delete() stages
  • lxd/vm/qemu: Makes Delete() aligned with containerLXC's Delete()
  • lxd/container: Removes instanceCompareSnapshots
  • lxd/instance/instance/utils: Adds CompareSnapshots function
  • lxd/container: Updates instance.CompareSnapshots usage
  • lxd/container: Links instanceCreateAsCopy refresh instance to new storage pkg
  • lxd/storage/interfaces: RefreshInstance signature
  • lxd/storage/backend/lxd: Implements RefreshInstance
  • lxd/storage/backend/mock: RefreshInstance placeholder
  • lxd/storage/drivers/interface: Adds RefreshVolume
  • lxd/storage/drivers/driver/cephfs: Adds RefreshVolume placeholder
  • lxd/migration/migration/volumes: Adds Refresh property to VolumeTargetArgs
  • lxd/storage/drivers/driver/dir: RefreshVolume implementation
  • lxd/storage/drivers/volume: Adds Name() function
  • lxd/storage/backend/lxd: Adds HasVolume checks to CreateInstanceFromMigration and CreateInstanceFromCopy
  • lxd/cluster: Only promote to database role if >= 3 members
  • doc/clustering: Document database role during cluster scaling
  • lxd/vm/qemu: Adds storage pool Mount/Unmount calls
  • lxd/device/disk: Prevents error logs about unsupported disk drive on VM stop
  • lxd/vm: Add support for aarch64
  • api: Add virtual-machines API extension
  • shared: Rename ContainerAction to InstanceAction
  • shared: Rename KnownContainerConfigKeys to KnownInstanceConfigKeys
  • shared: Rename ContainerGetParentAndSnapshotName to InstanceGetParentAndSnapshotName
  • lxc: Update for ContainerGetParentAndSnapshotName rename
  • lxd/containers: Update for ContainerAction rename
  • lxd: Update for ContainerGetParentAndSnapshotName rename
  • doc/api-extensions: Fix escaping
  • doc: Rename containers to instances
  • doc/instances: Description consistency
  • doc/instances: Fix escaping and alignment
  • doc/profiles: Update for instances
  • doc: Add containers/virtual-machines pages
  • lxc: Update for KnownInstanceConfigKeys
  • doc/instances: Remove API extensions
  • doc/instances: Add missing volatile keys
  • doc: Add new pages to metadata
  • tests: Update unit and integration tests for cluster join
  • lxd: Add raw.qemu
  • shared: Add raw.qemu
  • doc: Add raw.qemu
  • scripts/bash: Add raw.qemu
  • lxd: Add security.secureboot
  • shared: Add security.secureboot
  • doc: Add security.secureboot
  • scripts/bash: Add security.secureboot
  • lxd: Instance is not container type error consistency
  • lxd/container: Removes container type
  • lxd: Removes use of container type
  • lxd: Renames containerCreateAsSnapshot to instanceCreateAsSnapshot
  • lxd/container/snaphot: Returns instances property in response
  • lxd/container/snapshot: Removes duplicated instance type check
  • lxd/storage: Changes CreateInstanceSnapshot signature to accept source instance
  • lxd: Hooks instanceCreateAsSnapshot up to new storage pkg
  • lxd/storage/drivers/load: Adds RunningSnapshotFreeze to driver Info struct
  • shared/generate: Insert build tag
  • lxd/storage/drivers/driver/dir: Defines dir driver needs freeze during snapshot
  • lxd/storage/backend/lxd: Adds snapshot check to ensureInstanceSymlink
  • lxd/storage/backend/lxd: Implements CreateInstanceSnapshot
  • doc: Documents the VM cloud-init:config drive option
  • lxd-agent: Put /snap/bin in PATH
  • lxd/storage/btrfs: Fix StorageEntitySetQuota
  • seccomp: block new mount API when mount interception is requested
  • lxd/networks: Merge clsuter config on create
  • lxd/networks: Forward config updates
  • lxd/storage: Renames interfaces.go to pool_interface.go
  • lxd/storage/pool/interface: Removes Instance interface
  • lxd/storage: Switches to use instance.Instance interface
  • lxd/container/put: Renames containerSnapRestore to instanceSnapRestore
  • lxd/container/lxc: Links snapshot Restore() to new storage pkg
  • lxd/storage/interfaces: RestoreInstanceSnapshot signature
  • lxd/storage/backend/mock: RestoreInstanceSnapshot signature
  • lxd/storage/backend/lxd: Implements RestoreInstanceSnapshot
  • lxd/container/backup: Comment tweaks and inst var rename
  • lxd/backup: Links backupCreate to new storage pkg
  • lxd/storage/drivers/driver/dir: rsync.LocalCopy return value consistency
  • lxd/storage/backend/lxd: Ensures all instance functions use project aware storage names
  • lxd/storage/backend/lxd: Implements BackupInstance
  • lxd/storage/drivers/interface: Adds BackupVolume
  • lxd/storage/drivers/driver/cephfs: Adds BackupVolume placeholder
  • lxd/storage/drivers/driver/dir: Adds BackupVolume
  • shared/archive/linux: Adds some explanation to DetectCompressionFile
  • lxd/images: Adds more output detail when tar2sqfs fails in compressFile
  • lxd/container: instanceCreateFromBackup restructure so as not to return storage
  • lxd/containers/post: Updates createFromBackup to not need storage returned from instanceCreateFromBackup
  • lxd/images: Fix image pruning with projects
  • lxd/images: Fix VM image export
  • client: Fix VM image export
  • shared: Un-restrict archive.go
  • shared: Add qcow2
  • client: Fix VM image import
  • lxc/image: Detect type on import
  • Rename containers to instances in db views
  • Drive-by fix of UsedBy for networks
  • lxd/vm: Add limits.memory.hugepages
  • shared: Add limits.memory.hugepages
  • doc: Add limits.memory.hugepages
  • scripts/bash: Add limits.memory.hugepages
  • doc/instances: Indicate VM support when applicable
  • shared: Cleanup console on error
  • lxd: Cleanup console on error
  • lxd/console: Improve disconnection handling
  • lxd/vm: Add locking around console
  • Remove accidentally committed testimage.tar.xz
  • Add arch column to nodes table
  • Add NodeAddWithArch() method to add a node with a specific arch
  • lxd/backup/backup/instance/config: Adds instance config backup.yml tools
  • lxd/api/internal: Removes slurpBackupFile and switches to backup.ParseInstanceConfigYamlFile
  • lxd/backup: Removes backupFixStoragePool
  • lxd/containers/post: Updates instanceCreateFromBackup usage
  • lxd/container: Updates instanceCreateFromBackup signature
  • lxd/backup/backup/instance/config: UpdateInstanceConfigStoragePool no longer updates snapshots backup.yaml
  • lxd: Comment improvements
  • lxd/containers/post: Adds storage pool check to createFromBackup
  • lxd/container: Removes storage pool check from instanceCreateFromBackup
  • lxd/backup/backup: Removes squashfs handling from GetInfo
  • lxd/container: Removes squashfs handling from instanceCreateBackup
  • lxd/containers/post: Moves backup restore squashfs handling to createFromBackup
  • Document container launch algorithm on cluster
  • lxd/storage/utils: Adds InstanceContentType
  • lxd/container/post: Cleans up createFromMigration
  • lxd/storage/zfs: Fix pool import
  • lxd/container/lxc: Updates use of backupFile to backup.InstanceConfig
  • lxd/storage/backend/lxd: Implements CreateInstanceFromBackup
  • lxd/storage: Updates CreateInstanceFromBackup signature
  • lxd/container: Updates instanceCreateFromBackup to use new storage pkg
  • lxd/containers/post: Updates instanceCreateFromBackup usage with hooks
  • lxd/backup/backup/instance/config: Updates UpdateInstanceConfigStoragePool to take mount path
  • lxd/container: Updates backup.UpdateInstanceConfigStoragePool usage
  • lxd/storage/backend/lxd: Switches to InstanceContentType function
  • lxd/storage/drivers/interface: RestoreBackupVolume signature
  • lxd/storage/drivers/driver/cephfs: RestoreBackupVolume placeholder
  • lxd/storage/drivers/driver/dir: Moves initial project quota setup to own function
  • lxd/storage/drivers/driver/dir: Implements RestoreBackupVolume
  • lxd/containers/post: Pass state to migration Do function
  • lxd/migrate/container: Restructure of migrationSink.Do()
  • lxd/migrate/storage/volumes: Comment restructure
  • lxd: Pass instance type to instanceLoadNodeAll
  • lxd/vm: Tweak default memory
  • lxd/vm: Add a virtio graphics card
  • lxd/vm: Add ringbuffer on vserial
  • lxd-agent: Add vserial state notification
  • lxd/qmp: Introduce new QMP wrapper
  • tests: Add lxd/qmp to golint
  • lxd/vm: Port to new qmp package
  • lxd/vm: Don't start or reboot the VM
  • lxd/vm: Use agent detection from QMP
  • lxd/vm: Restart monitor on startup
  • lxd/vm: Use shared ringbuf size definition
  • lxd/vm: Implement freeze/unfreeze
  • lxd/vm: Privileged mode doesn't apply
  • client: Add agent version of DeleteInstanceFile
  • lxd/vm: Add FileRemove support
  • lxd/seccomp: Fix golint
  • lxd/daemon: Don't block on RBAC
  • lxd/storage/backend/lxd: Fixes comments
  • lxd/storage/backend/lxd: Adds symlink and revert support to CreateInstanceFromMigration
  • lxd/storage/backend/lxd: Adds optimised migration over image support to CreateInstanceFromMigration
  • lxd/migrate/container: Links migrationSink.Do to new storage pkg
  • lxd/containers/post: Links createFromMigration to new storage pkg
  • lxd/cluster: More reliable event delivery
  • lxd/response: Coding style
  • lxd/operations: Use ForwardedResponse
  • lxd/images: Coding style
  • lxd/cluster: Coding style
  • lxd: Tweak cluster.Connect calls
  • lxd/container/post: Returns instances resources from containerPost
  • lxd/migrate/container: Removes duplicated instance type checks from migrationSourceWs.Do
  • lxd: Removes dependency on instance.DaemonState() from migrationSourceWs
  • lxd/storage: Removes DaemonState() from pool interface
  • lxd/migrate/storage/volumes: Removes unrelated comment
  • lxd/migrate/container: Restructures migrationSourceWs.Do() ready for new storage layer.
  • lxd/storage: Properly handle driver config changes
  • lxd/storage/backend/lxd: Comment typos
  • lxd/storage/drivers/drive/dir: Add support for 2-phase migration
  • lxd/migration/migration/volumes: Adds Live property to VolumeTargetArgs
  • lxd/migrate/container: Add support for 2-phase sync in migrationSink.Do()
  • lxd/migrate/container: Sends refresh request indicator in migration response header
  • lxd/rsync/rsync: Adds more info to error returned in sendSetup
  • lxd/storage/drivers: Adds Config() function to return read-only copy of pool config
  • lxd/container/post: Minor cleanup and instance info output in containerPost
  • lxd/migrate/container: Links migrationSourceWs.Do to new storage pkg
  • lxd/migration/migration/volumes: Adds FinalSync bool to VolumeSourceArgs
  • lxd/storage/backend/lxd: Adds sanity check to MigrateInstance during FinalSync
  • lxc/copy: Updates copyContainer to not modify volatile.idmap.next
  • lxd/util: Add HasFilesystem
  • lxd: Detect built-in shiftfs too
  • api: Add image_profiles extension
  • shared/api: Add image profiles
  • lxc/image: Add support for image profiles
  • lxd/db: Add images_profiles table
  • lxd/images: Add support for image profiles
  • doc/image-handling: Add image profiles
  • lxd/cluster: Fix handling of ceph/cephfs on join
  • tests: Always use force with stop/restart
  • tests: Tighten sleep calls
  • lxc/storage: Fix template apply on cross-pool copy
  • tests: Add tests for image profiles
  • tests: Respect projects in ensure_import_testimage
  • i18n: Update translation template
  • lxd/storage/drivers/driver/types: Moves Info definition and adds VolumeFiller type
  • lxd/storage/drivers/load: Removes non-load related types from this file
  • lxd/storage/drivers/interface: Updates CreateVolumeFromMigration and CreateVolume to use VolumeFiller
  • lxd/storage/drivers/driver/cephfs: Updates CreateVolumeFromMigration and CreateVolume to use VolumeFiller
  • lxd/storage/drivers/driver/dir: Updates CreateVolume to use VolumeFiller
  • lxd/storage/drivers/driver/dir: Updates CreateVolumeFromMigration to accept a pre-VolumeFiller argument
  • lxd/storage/backend/lxd: Updates to use VolumeFillers
  • lxd/backup: Comment consistency
  • lxd/daemon: Adds LXD_SHIFTFS_DISABLE env var to disable shiftfs
  • doc/environment: Documents LXD_SHIFTFS_DISABLE env var
  • lxd/container/lxc: Updates Export to use new storage pkg for mounting
  • shared/containerwriter/container/tar/writer: Fixes bug with rootfs dir not being unshifted
  • lxd/vm: Remove default GPU
  • lxd/vm: Update comment
  • lxd/vm: Record power state
  • lxd/container/lxc: Unexport storageStartSensitive
  • lxd/vm/qemu: Makes mount and unmount functions behave the same as containerLXC's
  • lxd/storage/backend/lxd: Fixes MountInstanceSnapshot/UnmountInstanceSnapshot functions
  • lxd/container/lxc: Links to new storage pkg
  • lxd/container/lxc: Updates containerLXCCreate to init new storage layer
  • lxd/container/lxc: Updates initStorage to warn if init old storage layer when new layer is running
  • lxd/container/lxc: Updates Delete to not use old storage layer when using new storage layer
  • lxd/container/lxc: Updates Update() to detect whether to write backup file without using old storage layer
  • lxd/container/lxc: Updates Migrate to access PreservesInodes from old and new storage layers
  • lxd/vm: Don't use named return variables
  • lxd/resources: Port to new storage API
  • lxd/storage: Fix new storage API handling for snapshots
  • lxd/storage: Remove legacy cephfs implementation
  • lxd/storage/cephfs: Use all monitors on mount
  • lxd/storage: List VM volumes in UsedBy
  • lxd/storage: Fix UsedBy with projects
  • Enable SQLITE_CONFIG_MULTITHREAD
  • tests: Don't use fixed timestamp
  • lxd/forkdns: Fix help message
  • lxd/forkdns: Fix logging
  • lxd/forkdns: Use clean request messages
  • tests: Fix security test on non-shiftfs
  • lxd/vmqemu: Moves vmqemu files into sub folder for their own package
  • lxd/instance/vmqemu/vm/qemu: Updates VMQemu to exist in own package
  • lxd/instance/vqemu/vm/qemu/cmd: Updates to be in own package
  • lxd/networks: networkGetLeaseAddresses into instance package
  • lxd/backup/backup: Adds New() function
  • lxd: Moves instance load and instance validation functions into instance pkg
  • lxd/vm: Rename vmqemu to qemu
  • lxd/vm: Move qmp under qemu
  • lxd/container: Fix comment
  • lxd/vm: Remove reference to container
  • lxd/networks: Simplify instance hwaddr logic
  • tests: Really fix non-shiftfs security test
  • lxc/image: Rename ARCH to ARCHITECTURE
  • i18n: Update translation templates
  • lxd/instance/qemu: Sets log file to qemu.log
  • lxd/storage/cephfs: Fix rsync migration
  • lxd/container: Cleanup mount logic
  • lxd/container: Remove unused initStorage
  • lxd/import: Fix handling of new drivers
  • lxd/backup: Fix backup creation on new drivers
  • lxd/storage/zfs: Use StoragePool to get pool name
  • tests: Remove pointless loop/check
  • tests: Test copy on cephfs
  • Rename database_update.sh to database.sh
  • Don't retry in case of generic I/O errors
  • Add test_database_no_disk_space
  • lxd: Fix backup handling with hyphenated names
  • test/suites/backup: Test hyphenated instance names
  • lxd/cgroup: Add basic cgroup abstraction
  • lxd/container: Add wrapper for cgroup abstraction
  • lxd/container: Port pids.max to cgroup abstraction
  • tests: Always pass --force
  • tests: Use lazy unmount in DB test
  • lxd/instance: Split instance image resolving
  • lxd/state: Expose proxy function
  • lxd/container: Don't crash test on differing state
  • shared/simplestreams: Implement GetAliasArchitectures
  • client: Add arch-dependent aliases
  • client: Add caching options
  • lxd/instance: Implement SuitableArchitectures
  • shared/simplestreams: Implement caching support
  • client: Setup caching for simplestreams
  • lxd/daemon: Remove custom cache implementation
  • lxd/daemon: Port daemon storage to new functions
  • Improve build-from-source instructions to be clearer and also cover building a specific release of LXD.
  • lxd/{device,networks,util}: Move Sysctl to util from device and change usage
  • lxd/{firewall,iptables}: Introduce firewall interface and xtables implementation, add firewall interface to static analysis
  • lxd/{daemon,state}: Firewall struct added to daemon and state
  • lxd/{device,networks}: Switch from iptables to xtables through firewall interface
  • tests: Don't leak storage in ENOSPC test
  • lxd/db: Rename ContainerNames to InstanceNames
  • cgroups: pre-mount on pure-cgroup2 systems with cgroup namespaces
  • lxd/iptables: Fix ebtables handling regression
  • lxd/storage: Port volume attach/detach
  • lxd/storage: Store pool db entry in backend
  • lxd/storage/drivers: Implement Update/Validate
  • lxd/storage: Implement pool updates
  • lxd/storage: Port pool update to new functions
  • lxd/main/forkdns: Adds recursion desired comment that got removed during refactor
  • lxd/instance/qemu/vm/qemu: Adds -no-user-config to qemu start flags
  • lxd/instance/qemu/vm/qemu: Adds chroot flag to qemu start up command
  • lxd/{test,cgroup}: Add cgroup package to static analysis tests
  • daemon: log cgroup layout on startup
  • lxd/instance/qemu/vm/qemu: Implements deviceAdd and deviceRemove
  • shared/simplestreams: Only write cache if configured
  • lxd/vm: Reduce 9p mount access
  • lxd/sys: Expose UnprivUser/UnprivUID
  • lxd/networks: Port to os.UnprivUser
  • lxd/instance/qemu/vm/qemu: Adds -runas flag to qemu
  • lxd/db: Add missing unique key
  • lxd/db: Add upgrade logic for UNIQUE fix
  • lxc/cgroup: Fix bad error handling
  • lxd/storage: Create image volume DB entry
  • lxd/images: Port to new storage functions
  • lxd/storage: Move storage_cgo.go to drivers package
  • lxd/storage/drivers: Add FS and mount functions
  • lxd: Use FS and mount functions from drivers package
  • lxd/storage: Remove FS and mount functions
  • Add basic bridge documentation
  • lxd: Mark container snapshots as such
  • lxd/storage/locking: New storage locking package
  • lxd/storage: Lock image creation
  • lxd/backup: Rename HasBinaryFormat to OptimizedStorage
  • lxd/storage/drivers: Update RestoreBackupVolume signature
  • lxd/storage: Update call to RestoreBackupVolume
  • test/suites: Satisfy shellcheck
  • lxd/storage: Add refresh to MigrationTypes
  • lxd/storage/drivers: Add refresh to MigrationTypes
  • lxd: Update call to MigrationTypes
  • shared: Implemented Background Process Manager
  • shared: Implemented Background Process Manager tests
  • lxd/storage/drivers: Always pass Volume argument
  • lxd/storage/drivers: Use new driver interface
  • lxd/storage: Always pass Volume to drivers
  • lxd/storage: Removes unnecessary argument in backendLXD.create()
  • lxd/storage/backend/lxd: Comment on function description
  • lxd/storage/backend/lxd: Implements UpdateInstance
  • lxd/storage/backend/lxd: Implements UpdateImage
  • lxd/storage/backend/lxd: Adds detectChangedConfig and updates usage
  • lxd/storage/backend/lxd: Switches to StoragePoolVolumeUpdateByProject
  • lxd/db/storage/pools: Replaces StoragePoolVolumeUpdate with StoragePoolVolumeUpdateByProject
  • lxd/storage/volumes: Updates storagePoolVolumeTypePut to be project aware
  • lxd/storage/pool/interface: Adds Update functions for volumes
  • lxd/storage/drivers/driver/common: Only allow size property on custom volumes
  • lxd/storage/backend/mock: Adds Update functions for volumes
  • lxd: Updates StoragePoolVolumeUpdateByProject usage
  • lxd/storage/backend/lxd: Updates Update() to use detectChangedConfig()
  • lxd/storage/backend/lxd: Implements UpdateInstanceSnapshot
  • lxd/storage/backend/lxd: Adds updateVolumeDescriptionOnly
  • lxd/storage/backend/lxd: Adds UpdateCustomVolumeSnapshot
  • lxd/storage/volumes/snapshot: Updates storagePoolVolumeSnapshotTypePut to use new storage pkg
  • lxd/cgroup: Additional resource get/set functions through cgroup abstraction layer
  • lxd/{container_lxc, cgroup}: Use abstraction layer functions for cgroup V1 functionality
  • lxd/cgroup: Return ErrControllerMissing on incomplete V2
  • lxd/storage/dir: Use MountPath
  • lxd/storage/dir: Move vfsResources
  • lxd/storage/common: Add vfsRenameVolume
  • lxd/storage/common: Add vfsVolumeSnapshots
  • lxd/storage/common: Add vfsRenameVolumeSnapshot
  • lxd/storage/common: Simplify vfsRenameVolume
  • lxd/storage: Add createParentSnapshotDirIfMissing
  • doc: Add new developer guide to contributing.md
  • lxd/storage/cephfs: Cleanup driver
  • lxd/storage: Rename RestoreBackupVolume to CreateVolumeFromBackup
  • lxd/storage/dir: Cleanup driver
  • lxc/storage/utils: Updates validateVolumeCommonRules to accept volume argument
  • lxd/storage/drivers/volume: Exposes BlockBacking property from storage driver via IsBlockBacked()
  • lxd/storage: Updates commonVolRulesFunc usage
  • lxd: Fix order of cgroup initialization
  • lxd/storage/backend/lxd: Adds protection against updating volume properties that cant be changed
  • lxd/storage/drivers/volume: Exposes volume type and content type of Volume
  • lxd/storage/utils: Improves common volume validation
  • lxd/db/storage/pools: Adds StoragePoolNodeVolumeGetTypeIDByProject
  • lxd/storage/utils: Makes VolumeDBCreate project aware
  • lxd/storage/volumes/utils: Updates usage of VolumeDBCreate
  • lxd/storage/backend/lxd: Updates usage of VolumeDBCreate
  • lxd/storage/backend/lxd: Adds instanceRootVolumeConfig
  • lxd/storage/backend/lxd: Updates to use instanceRootVolumeConfig
  • lxd/storage/backend/lxd: Switches to use StoragePoolNodeVolumeGetTypeByProject
  • lxd/storage/backend/lxd: Fixed UpdateInstance's incorrect used volStorageName for DB queries
  • lxd/storage/drivers: Re-order utils
  • lxd/storage: Move BaseDirectories to drivers
  • lxd/storage/cephfs: Don't hardcode directory names
  • lxd/storage/cephfs: Simplify Delete
  • shared: Handle btrfs in IsMountPoint
  • lxd/storage: Allow deletion of missing pools
  • lxd/storage/dir: Move MigrateVolume to common
  • lxd/storage/drivers/interface: Changes load() definition as no longer returns error
  • lxd/storage/drivers/common: Removes calling driver's load() func from init()
  • lxd/storage/drivers/load: Calls driver's load() function from main loader
  • lxd/storage/drivers/driver/cephfs: Fix typo in tool detection
  • lxd/storage/cephfs: Use common functions
  • lxd/storage/common: Add vfsHasVolume
  • lxd/storage/common: Add vfsGetVolumeDiskPath
  • lxd/storage: Always init driver with state/logger
  • lxd/storage: Replace CreateMountPath with EnsureMountPath
  • lxd/storage/cephfs: Use helper functions
  • lxd/storage/dir: Use helper functions
  • lxd/cgroups: enable cgroup2 limit support
  • lxd/storage: Pass state to SupportedDrivers
  • lxd/storage: Expand volume config in newVolume
  • lxd/storage/drivers: Use expanded config
  • lxd/storage/drivers: Don't hardcode default block size
  • lxd/storage/drivers/interface: Comments on pool mount/unmount definitions
  • shared/util: Adds comment to TryRunCommand
  • lxd/storage/backend/lxd: Fixes bug with non-project aware vol storage name in RenameInstance
  • lxd/storage/drivers/utils: Removes implication of project awareness from driver mount point helpers
  • lxd/storage/drivers: Move ensureVolumeBlockFile to utils
  • lxd/storage: Split out backup unpack logic
  • lxd/storage/dir: Fix for consistency
  • lxd/storage/utils: Removes mount helper functions
  • lx/storage/utils: Adds legacy mount functions to main pkg
  • lxd/storage/drivers/utils: Unexports mount helper funcs except TryMount/TryUnmount
  • lxd/patches: Updates to use TryMount/TryUnmount from storage/drivers pkg
  • lxd/storage/drivers/driver/cephfs: TryMount usage
  • lxd/storage/drivers/driver/dir: TryMount usage
  • lxd/storage/btrfs: Updates to use unexported legacy mount functions
  • lxd/storage/ceph: Updates to use legacy unexported mount functions, except TryMount/TryUnmount
  • lxd/storage/lvm: Updates to use legacy unexported mount functions, except TryMount/TryUnmount
  • lxd/storage/zfs/utils: Consistent import name for storage/drivers pkg
  • lxd/storage/drivers: Export Name and Logger
  • lxd/storage/drivers: Introduce genericCopyVolume
  • lxd/storage/drivers: Introduce genericCreateVolumeFromMigration
  • lxd/storage/drivers: Simplify genericBackupUnpack
  • lxd/backup: Adds check for supported instance type when loading storage pool
  • lxd/container: Adds check for supported instance type when restoring backup
  • lxd/container/lxc: Adds check for supported instance type when loading storage pool
  • lxd/migrate/container: Adds check for supported instance type when loading storage pool
  • lxd/storage/drivers: Introduce vfsBackupVolume
  • lxd/storage/drivers: Rename driver_cgo to utils_cgo
  • lxd/storage/drivers: Add releaseLoopDev
  • lxd/storage/utils: Improve error handling in forceUnmount
  • lxd/storage/utils: Add fsUUID
  • lxd/storage/utils: Add tryExists
  • lxd/storage/utils: Add hasFilesystem
  • lxd/storage/drivers: Add btrfs
  • tests: Update exclusion for btrfs
  • Update /operations endpoint API doc
  • lxd/revert: Adds revert helper package for running revert functions in reverse order
  • lxd/revert/revert/test: Adds revert tests
  • lxd/storage/backend/lxd: Updates to use revert pkg rather than custom revertFuncs slice
  • lxd/storage/drivers/driver/dir: Updates to use revert pkg rather than custom revertFuncs slice
  • lxd/storage/drivers/driver/btrfs/volumes: Switches to revert pkg for CreateVolumeFromBackup
  • lxd/storage/drivers/generic: Switches to revert pkg for genericBackupUnpack
  • lxd/storage/utils: Clarifies comment on ImageUnpack
  • lxd/storage/backend/lxd: Typo in error
  • lxd/storage/memorypipe: Increases channel buffer size to allow Close() cleanup
  • lxd/storage/backend/lxd: Close migration send end when error occurs
  • lxd/storage/drivers/volume: Differentiates between volume config and pool config
  • lxd/storage/backend/lxd: Removes expansion of pool's volume config into volume config in newVolume()
  • lxd/storage/backend/lxd: Updates CreateCustomVolumeFromMigration to use Volume.Config() to create DB record
  • lxd/storage/utils: drivers.NewVolume usage
  • lxd/storage/drivers/driver/cephfs/volumes: drivers.NewVolume usage
  • lxd/storage/drivers/driver/cephfs/volumes: vol.ExpandedConfig usage
  • lxd/storage/drivers/driver/cephfs/volumes: Comments
  • lxd/storage/drivers/driver/dir/utils: vol.ExpandedConfig usage
  • lxd/storage/drivers/driver/dir/volumes: Comments
  • lxd/storage/drivers/generic: NewVolume usage
  • lxd/storage/drivers/utils: vol.ExpandedConfig usage
  • lxd/storage/backend/lxd: Ensures VolumeDBCreate uses config from the Volume and not the request
  • lxd/storage/drivers/driver/btrfs/volumes: Fixes usage of NewVolume
  • Use JSON markdown blocks in docs
  • cgroup: shortcut cgroup2 only layouts
  • cgroups: detect blkio.bfq.weight knob
  • lxd/instances: Export FillNetworkDevice
  • doc/networks: Clarify raw.dnsmasq
  • lxc-to-lxd: Set useragent
  • lxd-p2c: Set useragent
  • lxd: Always set user agent
  • shared: Set user-agent in GetRemoteCertificate
  • lxd/storage/drivers: Rename applyQuota to initVolume
  • lxd/storage/drivers: Fix bad ExpandedConfig
  • lxd/storage: Include size in instance update
  • lxd/device/nic/routed: Improves IPv6 forwarding and proxy_ndp sysctl detection
  • doc/instances: Updates routed nic sysctl requirements
  • tests: Updates routed nic tests to enable proxy_ndp on all interfaces
  • lxd/storage/backend/lxd: Switches create to use revert package
  • lxd/storage/drivers/generic: Uses revert package on genericCreateVolumeFromMigration
  • lxd/storage/drivers/generic: Adds refresh arg to genericCopyVolume
  • lxd/storage/drivers: genericCopyVolume updated usage for refresh arg
  • lxd/storage/drivers/driver/dir/volumes: Use SetVolumeQuota from UpdateVolume
  • lxd/storage/backend/lxd: Makes specific lock name for volume EnsureImage action
  • lxd/storage/drivers/volume: Adds UnmountTask function
  • lxd/storage/drivers/utils: Adds volume filesystem shrink and grow functions
  • lxd/storage/drivers/errors: Adds "not supported" error type
  • lxd/container/lxc: Detects storage drivers that dont support volume usage stats
  • tests: Don't leak CEPH pools
  • lxd/storage: Set contentType during image deletion
  • lxd/storage/drivers/generic: Improves genericBackupUnpack
  • lxd/revert: Adds Clone function to revert
  • lxd/storage/drivers/utils: Comments on wipeDirectory
  • lxd/containers/post: Improves comment in createFromBackup
  • lxd/storage/backend/lxd: Adds error checking to MountTask in CreateInstanceFromBackup
  • lxd/storage/pool/interface: Adds UpdateInstanceBackupFile
  • lxd/storage/backend/mock: Adds UpdateInstanceBackupFile
  • lxd/storage/backend/lxd: Implements UpdateInstanceBackupFile
  • lxd/instance/instance/interface: Adds UpdateBackupFile
  • lxd/instance/qemu/vm/qemu: Implements UpdateBackupFile
  • lxd/container/lxc: Implements UpdateBackupFile
  • lxd/container: Switches to inst.UpdateBackupFile()
  • lxd/container/lxc: Switches to inst.UpdateBackupFile()
  • lxd/instance/instance/utils: Deprecates WriteBackupFile function
  • lxd/instance/qemu/vm/qemu: UpdateBackupFile usage
  • lxd/storage: Support deleting snapshots during restore
  • lxd/images: Fix clustering handling on delete
  • tests: Remove un-needed image volume delete
  • lxd/storage: Update driver cache for new drivers
  • Improve websocket doc in container exec
  • lxd/qemu: Fix multiple NICs
  • lxd/storage/drivers/volume: Adds DefaultFilesystem constant of ext4
  • lxd/storage/utils: Uses DefaultFilesystem in VolumeFillDefault
  • lxd/storage/backend/lxd: Updates EnsureImage to detech filesystem changes and regenerate
  • lxd/storage/drivers/utils: Comment on shrinkFileSystem
  • lxd/storage/drivers/utils: Mounts btrfs filesystems during shrinkFileSystem
  • lxd/storage/drivers/utils: Adds regenerateFilesystemUUID functions
  • lxd/storage/drivers: Use standard errors
  • lxd/storage/btrfs: Disable send/receive inside containers
  • lxd/init: Support new storage drivers
  • lxd/storage/drivers: Use standard errors
  • lxd/storage/btrfs: Disable send/receive inside containers
  • lxd/init: Support new storage drivers
  • lxd/migration: Improve multi-pass transfers
  • lxd/storage: Pass VolumeSourceArgs as pointer
  • lxd/storage: Port "zfs" to new driver logic
  • tests: Add zfs to list of new drivers
  • lxd/storage/backend/lxd: Applies root disk quota as part of backup import post hook
  • lxd/storage/backend/lxd: Adds errors.Wrapf around os. and unix. function errors
  • lxd/storage/drivers/driver/btrfs/volumes: tmpVolSuffix usage
  • lxd/storage/drivers/volume: Adds tmpVolSuffix const
  • lxd/storage/drivers/utils: Adds errors.Wrapf to mount/unmount functions
  • lxd/storage/drivers/utils: Adds renegerateFilesystemUUIDNeeded
  • lxd/storage/backend/lxd: Triggers backup file update in BackupInstance and and RenameInstanceSnapshot
  • lxd/storage/backend/lxd: Improves revert in RenameInstance
  • lxd/storage/drivers: Fix comments
  • tests: Fix storage_compatible for zfs
  • lxd/storage/drivers/generic: Adds EnsureMount path calls after mounting volumes
  • lxd/device/disk: Defer instance type check until start time for cloud-init config drive
  • lxd/migrate/container: Merges duplicate multi sync logic and adds comments
  • lxd/storage/drivers/volume: Adds NewVMBlockFilesystemVolume and IsVMBlock functions
  • lxd/storage/drivers/driver/zfs/volumes: VM block function usage
  • lxd/storage/drivers/driver/zfs/utils: Removes unused checkVMBlock
  • lxd/storage/pools: Support non-default project in storagePoolDelete
  • lxd/device/device/instance: Removes interface in place of instance.Instance
  • lxd/container: Replaces device.Instance with instance.Instance
  • lxd/storage: Replaces device.Instance with instance.Instance
  • lxd/device: Replaces device.Instance with instance.Instance
  • lxd/device: Renames d.instance to d.inst to avoid conflicts with instance package
  • lxd/storage: Updates storageRootFSApplyQuota to support VMs
  • lxd/device/disk: Allow VM disks to be updated
  • lxd/storage/drivers/utils: Adds copyDevice function
  • lxd/storage/drivers: Filler logging
  • lxd/storage/drivers/generic: Updates genericCopyVolume to be VM block aware using copyDevice
  • client/lxd/instances: Sends instance type when copying instances
  • lxc: Don't use instance when referring to server
  • lxc: Rename container to instance
  • lxc/info: Fix VM support
  • i18n: Update translation templates
  • lxd/storage/zfs: Fix set on 0.6
  • lxd/storage/drivers: Use errors.Wrap
  • lxd/storage/drivers: Wrap os/ioutil calls
  • api: Add clustering_architecture extension
  • shared/api: Add Architecture to ClusterMember
  • lxd/db: Add Architecture to NodeInfo
  • lxd/cluster: Track member architecture
  • lxc/cluster: Add architecture column in list
  • lxd/storage/backend/lxd: Add project support to GetInstanceUsage
  • lxd/storage/utils: Removes default volume size from VolumeFillDefault
  • test/suites/storage: Updates LVM quota tests to take into account new SI units conversion
  • test/suites/backup: Fixes issue with import testing with LVM
  • tests: Add lvm to list of new drivers
  • lxd/storage/ceph: Fix volume size handling
  • lxd/storage/drivers/utils: Adds loopFilePath function
  • lxd/storage/drivers: Replace repetitive loop path generation with call to loopFilePath
  • lxd/storage/drivers/load: Enables LVM driver
  • lxd/db: Silence normal sql errors
  • lxd/db: Fix image profile copying logic
  • lxd/util: IsAddressCovered takes into account host names
  • lxd/db: Add archs filter to ClusterTx.NodeWithLeastContainers()
  • lxd/instance: make SuitableArchitectures handle snapshots too
  • lxd/containers_post.go: Use cluster architecture in placement
  • lxd/db: Ensure zfs.pool_name is set
  • lxd/storage/drivers/lvm: LVM driver implementation
  • lxd/containers: Use 'instance' key in templates
  • lxc: Fix typo
  • lxc: Bump examples to 18.04
  • i18n: Update translation templates
  • doc: s/container/instance/
  • doc: Bump releases in examples
  • doc/rest-api: Cover the three instance endpoints
  • lxd/instance/qemu/vm/qemu: Adds running disk usage stats to disk state
  • lxd/storage/backend/lxd: Adds VM support to GetInstanceUsage
  • lxd/container: Adds VM support to instanceCreateAsSnapshot
  • lxd/container/snapshot: Adds VM support to containerSnapshotHandler
  • lxd/migration/migration/volumes: Fixes crash when storage driver has no transfer methods
  • lxd/storage/drivers/driver/common: Adds VM support for migration types
  • lxd/storage/drivers/driver/lvm: Adds VM support
  • lxd/storage/drivers/drivers/lvm/utils: VM support
  • lxd/storage/drivers/drivers/lvm/volumes: VM support
  • lxd/instances: Fix creation from simplestreams
  • lxd/db: Fix multi-arch cached images
  • lxd/storage/drivers: Rename drivers_ to driver_
  • lxd/storage/drivers: Implement patch mechanism
  • lxd/storage: Add patch mechanism to backend
  • lxd/patches: Add storage_create_vm
  • Skip updating instances and profiles not using a volume being renamed
  • i18n: Update translations from weblate
  • lxd/storage/btrfs: Fix usage inside containers
  • lxd/storage/backend/lxd: Validate config on pool create
  • shared/instance: Adds IsSize to validate size strings
  • lxd/storage/pools/config: Removes old LVM validation from storagePoolValidateConfig
  • lxd/storage/utils: shared.IsSize usage
  • lxd/storage/load: commonRules usage
  • lxd/storage/utils: commonRules usage
  • lxd/storage/drivers/load: Adds Validators type for common rules
  • lxd/storage/drivers/interface: commonRules usage
  • lxd/storage/drivers: Call d.validatePool in Validate function
  • lxd/storage/drivers/drivers/common: Updates for commonRules
  • lxd/storage/drivera/driver/common: Adds validatePool function
  • lxd/storage/drivers/driver/dir/utils: commonRules usage
  • lxd/storage/drivers/driver/btrfs: pool validation
  • lxd/storage/drivers/driver/zfs: pool validation
  • lxd/storage/drivers/driver/cephfs: pool validation
  • lxd/storage/drivers/driver/common: Improved error messages in validatePool and validateVolume
  • lxd/storage/pools: Fixes empty values for non-compat pools in storagePoolClusterConfigForEtag
  • lxd/storage/pools/config: shared.IsSize usage
  • lxd/storage/pools/config: comment
  • lxd/storage/drivers/driver/lvm: Adds validation
  • doc/api-extension: Fix formatting
  • api: Add resources_disk_id extension
  • shared/api: Add device_id to resources
  • lxd/resources: Add device_id
  • lxd/storage/drivers/driver/lvm: Adds stripe validation
  • lxd/storage/pools/config: Adds volume.lvm.stripes and volume.lvm.stripes.size to pool validation
  • lxd/storage/drivers/driver/lvm/utils: Updates createDefaultThinPool to support stripes
  • lxd/storage/drivers/driver/lvm/utils: Updates createLogicalVolume to support stripes
  • doc/storage: Documents storage_lvm_stripes options
  • doc/api-extensions: trim whitespace
  • doc/api-extensions: Adds storage_lvm_stripes
  • shared/version/api: Adds storage_lvm_stripes extension
  • lxd/storage/btrfs: Fix bad check
  • lxd/containers: Properly setup cgroup writer
  • lxd/cgroup: Fix memory limit handling

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

Binary builds are also available for:

  • Linux: snap install lxd
  • MacOS: brew install lxc
  • Windows: choco install lxc

LXD 3.18 has been released

2nd of October 2019

Introduction

The LXD team is very excited to announce the release of LXD 3.18!

This release includes a lot of the preliminary work needed in order to implement virtual machine support alongside containers in future LXD releases. LXD 3.18 comes with a number of API additions and changes to the Go client and CLI tools to allow driving virtual machines.

The bulk of this is the slow replacement of containers in the API and internal code base for the more generic instances which will then encompass both containers and virtual machines.

The vast majority of that work will currently be invisible to our normal users, everything was done to make this fully backward compatible, so older API clients will keep working as usual.

As far as immediately usable improvements, this release extends our resources API to expose more disk information, adds the ability to alter image expiry dates, switches to a new clustering role mechanism and allows some more configuration options when using Fan networking.

Enjoy!

New features

New /1.0/instances endpoint

Part of the move to supporting virtual machines is the replacement of our current /1.0/containers API with a new /1.0/instances API which will then return both containers and virtual machines. The structure of this new API endpoint is identical and the former endpoint is now just a type filter on top of the new one.

For consistency, once virtual machine support is ready, we will also be providing a /1.0/virtual-machines endpoint, which will similarly type filter /1.0/instances and only show virtual machines.

As part of this work, the Go client package was also modified to include new functions for all the /1.0/instances endpoints, detecting the availability of that new API and falling back to the old one when interacting with an older LXD server.

Our command line tool (lxc) was then updated to use those new functions too.

Support for storing VM images

This release of LXD is able to query virtual machine images from other LXD servers and from simplestreams servers where such images are already available. Current the only two servers which have such images are ubuntu: and ubuntu-daily:.

stgraber@castiana:~$ lxc image list ubuntu: serial=20190918 release=bionic architecture=amd64
+-------------+--------------+--------+---------------------------------------------+--------+-----------------+----------+-------------------------------+
|    ALIAS    | FINGERPRINT  | PUBLIC |                 DESCRIPTION                 |  ARCH  |      TYPE       |   SIZE   |          UPLOAD DATE          |
+-------------+--------------+--------+---------------------------------------------+--------+-----------------+----------+-------------------------------+
| b (11 more) | 8d1e0577b1d1 | yes    | ubuntu 18.04 LTS amd64 (release) (20190918) | x86_64 | VIRTUAL-MACHINE | 328.25MB | Sep 18, 2019 at 12:00am (UTC) |
+-------------+--------------+--------+---------------------------------------------+--------+-----------------+----------+-------------------------------+
| b (11 more) | 9ff5784302bf | yes    | ubuntu 18.04 LTS amd64 (release) (20190918) | x86_64 | CONTAINER       | 177.98MB | Sep 18, 2019 at 12:00am (UTC) |
+-------------+--------------+--------+---------------------------------------------+--------+-----------------+----------+-------------------------------+
|             | be760b6a51a0 | yes    | ubuntu 18.04 LTS amd64 (release) (20190918) | x86_64 | CONTAINER       | 141.19MB | Sep 18, 2019 at 12:00am (UTC) |
+-------------+--------------+--------+---------------------------------------------+--------+-----------------+----------+-------------------------------+

In the example above, we can see 3 versions of the same image, the first being a qcow2 virtual machine image, the second being a squashfs container image and the third being a tar.xz container image.

VM images can be copied to a local LXD server:

stgraber@castiana:~$ lxc image copy ubuntu:b local: --vm --alias b-vm
Image copied successfully!                   
stgraber@castiana:~$ lxc image list
+-------+--------------+--------+---------------------------------------------+--------+-----------------+----------+-----------------------------+
| ALIAS | FINGERPRINT  | PUBLIC |                 DESCRIPTION                 |  ARCH  |      TYPE       |   SIZE   |         UPLOAD DATE         |
+-------+--------------+--------+---------------------------------------------+--------+-----------------+----------+-----------------------------+
| b-vm  | 8d1e0577b1d1 | no     | ubuntu 18.04 LTS amd64 (release) (20190918) | x86_64 | VIRTUAL-MACHINE | 328.25MB | Oct 2, 2019 at 8:22pm (UTC) |
+-------+--------------+--------+---------------------------------------------+--------+-----------------+----------+-----------------------------+
|       | 0c3ce5efa22e | no     | Ubuntu bionic amd64 (20191002_07:42)        | x86_64 | CONTAINER       | 93.79MB  | Oct 2, 2019 at 5:51pm (UTC) |
+-------+--------------+--------+---------------------------------------------+--------+-----------------+----------+-----------------------------+

Note that while all of this works already, without LXD being able to run virtual machines, we don't expect this to be particularly useful to anyone at this point.

Extended disk resources information

The storage section of our /1.0/resources API was extended to provide more information on a variety of disks, this now includes:

  • Firmware version
  • Device path
  • Serial number
  • RPM
  • A more detailed type, including detection of cdrom drives

Example output on a system with a variety of drives:

root@lantea:~# lxc query /1.0/resources | jq .storage
{
  "disks": [
    {
      "block_size": 512,
      "device": "8:0",
      "device_path": "pci-0000:05:00.0-sas-phy0-lun-0",
      "firmware_version": "05.00K05",
      "id": "sda",
      "model": "WDC WD1001FALS-0",
      "numa_node": 0,
      "partitions": [],
      "read_only": false,
      "removable": false,
      "rpm": 7200,
      "serial": "WD-WMATV0861474",
      "size": 1000204886016,
      "type": "sata"
    },
    {
      "block_size": 512,
      "device": "8:16",
      "device_path": "pci-0000:05:00.0-sas-phy1-lun-0",
      "firmware_version": "05.00K05",
      "id": "sdb",
      "model": "WDC WD1001FALS-0",
      "numa_node": 0,
      "partitions": [],
      "read_only": false,
      "removable": false,
      "rpm": 7200,
      "serial": "WD-WMATV0724608",
      "size": 1000204886016,
      "type": "sata"
    },
    {
      "block_size": 512,
      "device": "8:32",
      "device_path": "pci-0000:05:00.0-sas-phy2-lun-0",
      "firmware_version": "CC45",
      "id": "sdc",
      "model": "ST33000651AS",
      "numa_node": 0,
      "partitions": [],
      "read_only": false,
      "removable": false,
      "rpm": 7200,
      "serial": "Z2912RXB",
      "size": 3000592982016,
      "type": "sata"
    },
    {
      "block_size": 4096,
      "device": "8:48",
      "device_path": "pci-0000:05:00.0-sas-phy3-lun-0",
      "firmware_version": "CC27",
      "id": "sdd",
      "model": "ST3000DM001-1CH1",
      "numa_node": 0,
      "partitions": [],
      "read_only": false,
      "removable": false,
      "rpm": 7200,
      "serial": "W1F46QP2",
      "size": 3000592982016,
      "type": "sata"
    },
    {
      "block_size": 512,
      "device": "8:64",
      "device_path": "pci-0000:00:1f.2-ata-1",
      "firmware_version": "EXT0CB6Q",
      "id": "sde",
      "model": "Samsung SSD 840",
      "numa_node": 0,
      "partitions": [],
      "read_only": false,
      "removable": false,
      "rpm": 0,
      "serial": "S1D5NSCF560605W",
      "size": 120034123776,
      "type": "sata"
    },
    {
      "block_size": 512,
      "device": "8:80",
      "device_path": "pci-0000:00:1f.2-ata-2",
      "firmware_version": "300i",
      "id": "sdf",
      "model": "INTEL SSDSC2CT12",
      "numa_node": 0,
      "partitions": [
        {
          "device": "8:81",
          "id": "sdf1",
          "partition": 1,
          "read_only": false,
          "size": 120033058304
        }
      ],
      "read_only": false,
      "removable": false,
      "rpm": 0,
      "serial": "CVMP213200L8120BGN",
      "size": 120034123776,
      "type": "sata"
    },
    {
      "block_size": 0,
      "device": "11:0",
      "device_path": "pci-0000:00:1f.2-ata-3",
      "firmware_version": "C108",
      "id": "sr0",
      "model": "DVD+-RW GSA-H73N",
      "numa_node": 0,
      "partitions": [],
      "read_only": false,
      "removable": true,
      "rpm": 0,
      "size": 1073741312,
      "type": "cdrom"
    }
  ],
  "total": 8
}

Modification of image expiry date

Thanks to a contribution from students at the University of Texas in Austin, it is now possible to edit the expiry of an image in the LXD image store.

This can be done through lxc image edit, modifying the expires_at timestamp.

Clustering roles

In preparation for future clustering work, a new way to report the role of cluster members has been added. This is a list of roles attached directly to the member. Currently, the only role supported is database and indicates that the cluster member is one of the database servers.

root@lantea:~# lxc cluster show lantea
server_name: lantea
url: https://[2001:470:b0f8:1016:d250:99ff:fec2:9263]:8443
database: true
status: Online
message: fully operational
roles:
- database

This feature will soon be used as the basis for two new roles:

eventhub

Cluster members with this role will be receiving events from other cluster members and syncronise events with other event hubs. This will replace the current event handling approach of having every cluster member notify every other cluster member, reducing bandwidth and CPU usage when sending events.

database_standby

Cluster members with this role will be receiving the live database stream, similar to normal database members. The difference is that those will not be voting members in the raft consensus, meaning that such members can be added without increasing the time needed for a database transaction to be committed.

Those standby database nodes can then be promoted to voting members very quickly, making clusters much more resilient and allowing for maintenance activities like rolling updates without the risk of taking down the cluster database.

IPv4 configuration when in Fan mode

Networks in Fan mode may now configure:

  • ipv4.dhcp.expiry
  • ipv4.firewall
  • ipv4.nat
  • ipv4.nat.order

Bugs fixed

  • api: Add instances extension
  • client: Rename ContainerServer to InstanceServer
  • client/interfaces: Populate InstanceServer with rest of functions
  • client/instances: Add instance related functions
  • doc: Initial Github code of conduct
  • doc: Initial Github security policy
  • doc: Update remaining reference to readthedocs
  • doc/index: Point to https://linuxcontainers.org/lxd/docs/master/
  • doc/storage: Typo and example fix
  • i18n: Update translations from weblate
  • i18n: Update translation templates
  • lxc: Don't print first-use on init/launch
  • lxc: Switch cli tool to use InstanceServer
  • lxc: Switch to using client Instance functions
  • lxc/exec: Fix usage for --cwd
  • lxc/remote: Trailing space in translatable string
  • lxd: Add instance interface
  • lxd: Add instance-type query param filter to LXD API
  • lxd: Add support for InstanceOnly in API requests
  • lxd: Add type field to instance API output
  • lxd: Make import alias of device config package consistent throughout codebase
  • lxd: Migrate storage references to container interface to instance interface
  • lxd: Move events to new events package
  • lxd: Move operations to its own package
  • lxd: Move response to its own package
  • lxd: Remove unix cred functions/types and updates usage to ucred package
  • lxd: Rename containerLoadByID to instanceLoadById and returns Instance type
  • lxd: Rename containerLoadByProjectAndName to instanceLoadByProjectAndName
  • lxd: Rename containerLoadNodeAll to instanceLoadNodeAll
  • lxd: Rename use of instance package to instancetype package
  • lxd: Replace CType with instance.Type
  • lxd: Require "ip" be installed
  • lxd: Switch over to Instance types
  • lxd: Switch to new event structure
  • lxd: Update to use seccomp package
  • lxd: Update usage of ContainerArgs to InstanceArgs
  • lxd: Update usage of ContainerBackupArgs to InstanceBackupArgs
  • lxd: Update use of device.Instance interface
  • lxd: Update use of ForwardedResponseIfContainerIsRemote to supply instanceType
  • lxd: Update use of string instance.Type to int type
  • lxd/api: Contructs endpoint alias routes
  • lxd/api: Rename container endpoint vars to instance prefix
  • lxd/apparmor: Move apparmor into its own package
  • lxd/backup: Change container field to instance type
  • lxd/cluster/connect: Add instanceType filter to ConnectIfContainerIsRemote
  • lxd/cluster/upgrade: Prevent crash if heartbeat occurs before dqlite init
  • lxd/config: Allow modifying cluster.https_address
  • lxd/containers: Embed the Instance interface into the container interface
  • lxd/containers: Remove lxcSupportSeccompNotify
  • lxd/containers: Update use of apparmor package
  • lxd/containers: Fix comment
  • lxd/containers: Migrate container_lxc to use operationlock package
  • lxd/containers: Respect raw.lxc on stop/shutdown
  • lxd/containers: Tigthen directory ownership
  • lxd/containers: Update containerLoadNodeProjectAll to support Type filtering
  • lxd/containers: Validate POST instance type field and stores in DB
  • lxd/daemon: Add Name and Aliases support to APIEndpoint
  • lxd/daemon: Fix logging events
  • lxd/daemon: Update to use seccomp package
  • lxd/db: Band aid for https://github.com/canonical/dqlite/issues/163
  • lxd/db: Flush any leftover operation on startup
  • lxd/db: Use consts for cluster roles
  • lxd/db/containers: Add db:ignore tag to Instance.Snapshot field
  • lxd/db/containers: Add instanceType filter to ContainerNodeAddress
  • lxd/db/containers: Fix tests
  • lxd/db/containers: Remove ContainerType, CTypeRegular and CTypeSnapshot
  • lxd/db/containers: Rename ContainerArgs to InstanceArgs
  • lxd/db/containers: Rename ContainerBackupArgs to InstanceBackupArgs
  • lxd/db/containers: Update container filtering functions for instance.Type
  • lxd/db/instances: Re-run db generate
  • lxd/db/instances: Update InstanceList to use instance.TypeAny
  • lxd/devices: Allow uppercase in MACs
  • lxd/devices: Update instance interface inline with others
  • lxd/devices/disk: Properly return error messages
  • lxd/devices/network: Fix typo in comment
  • lxd/devices/nic: Set MTU on both side of veth
  • lxd/devlxd: Fix handling of projects
  • lxd/dnsmasq: Support uppercase MACs in UpdateStaticEntry
  • lxd/events: Support multiple servers
  • lxd/images: Fix image type during refresh
  • lxd/images: Tweak wrapping
  • lxd/images: Use native tar parser for metadata
  • lxd/main_forkdns: Don't setup event logger
  • lxd/main_init: Properly handle ceph/cephfs
  • lxd/instance: Add functions to convert to/from instance.Type and string
  • lxd/instance: Change instance types to own int type
  • lxd/instance: Add operationlock package
  • lxd/instance: Rename instance to instancetype
  • lxd/instance: Use API instance types for string comparison
  • lxd/networks: Allow ipv6.dhcp=true with ipv6.firewall=false
  • lxd/networks: Properly return error messages
  • lxd/networks: Reduce calls to iptables clear
  • lxd/networks: Split functions and pass oldConfig
  • lxd/operations: Fix operation events
  • lxd/operations: Use state struct
  • lxd/patches: Properly return error messages
  • lxd/resources: Implement NVIDIA device fallback
  • lxd/response: Add instanceType filter to ForwardedResponseIfContainerIsRemote
  • lxd/seccomp: Add seccomp package
  • lxd/state: Carry event server instances
  • lxd/storage: Consistent error messages
  • lxd/storage/btrfs: Fix bug with BTRFS snapshot copy
  • lxd/storage/btrfs: Properly return error messages
  • lxd/storage/ceph: Fix volume snapshot handling
  • lxd/storage/cephfs: Fix querying volume on cluster
  • lxd/storage/dir: Don't hide error message
  • lxd/storage/lvm: Properly return error messages
  • lxd/storage/zfs: Better handle broken images
  • lxd/storage/zfs: Fix error handling in ImageCreate
  • lxd/storage/zfs: Tweak destroy logic
  • lxd/ucred: Add ucred package for ucred functions and types
  • shared: Use Lchown when copying symlinks
  • shared/api: Add new instance types
  • shared/api: Add InstanceOnly field to InstancePost and InstanceSource
  • shared/api: Location field of Event as omitempty
  • shared/api: Make some NVIDIA fields omitempty
  • shared/generate: Add support for db:"ignore" tag on fields
  • shared/generate: Re-run update-schema
  • shared/generate: Support instance.Type
  • shared/netutils: Update NetnsGetifaddrs to use Instance types
  • tests: Add apparmor to static analysis
  • tests: Add events package to static analysis test
  • tests: Add operations package to static analysis
  • tests: Add response package to static analysis
  • tests: Add seccomp package to static analysis
  • tests: Add unixcred to static analysis
  • tests: Fix static analysis for ucred package
  • tests: Switch to instance.Type
  • tests: Tunes ZFS quota tests after intermittent failures
  • tests: Update devlxd tests to use ucred package
  • tests: Update security test

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

Binary builds are also available for:

  • Linux: snap install lxd
  • MacOS: brew install lxc
  • Windows: choco install lxc

LXD 3.17 has been released

6th of September 2019

Introduction

The LXD team is very excited to announce the release of LXD 3.17!

The main new feature for this release is the ability to use LXD storage pools to store container tarballs and images rather than the host's root filesystem.

Most of the rest of the changes in this release are refactoring and porting existing logic to new internal APIs. This work while invisible to our users has let us uncover a number of long time issues, improve our testing and simplify a lot of complex logic.

Enjoy!

New features

Storage pool backed image tarballs and backups

Two new server configuration keys have been introduced:

  • storage.backups_volume
  • storage.images_volume

They can each be set to a different, unused, storage volume using a POOL-NAME/VOLUME-NAME syntax. Existing data stored on the system will be moved to the storage volume.

This allows for systems with very limited available space on their root filesystem to run LXD with almost all data stored onto LXD managed storage pools.

stgraber@castiana:~$ lxc storage volume create default backups
Storage volume backups created
stgraber@castiana:~$ lxc storage volume create default images
Storage volume images created
stgraber@castiana:~$ lxc config set storage.backups_volume default/backups
stgraber@castiana:~$ lxc config set storage.images_volume default/images

Container configuration as YAML on lxc init and lxc launch

It is now possible to pass complex configuration and devices right at container creation time by having those stored in a YAML file which is read from standard input during lxc init and lxc launch.

stgraber@castiana:~$ cat gui.yaml 
config:
  environment.DISPLAY: :0
  environment.PULSE_LATENCY_MSEC: "30"
  environment.PULSE_SERVER: /mnt/.pulse-native
  environment.QT_X11_NO_MITSHM: "1"
devices:
  gpu:
    type: gpu
  pulse:
    bind: container
    connect: unix:/run/user/1000/pulse/native
    listen: unix:/mnt/.pulse-native
    mode: "0666"
    security.gid: "1000"
    security.uid: "1000"
    type: proxy
  x11:
    bind: container
    connect: unix:@/tmp/.X11-unix/X0
    listen: unix:@/tmp/.X11-unix/X0
    security.gid: "1000"
    security.uid: "1000"
    type: proxy

stgraber@castiana:~$ lxc launch ubuntu:18.04 gui-steam < gui.yaml 
Creating gui-steam
Starting gui-steam

stgraber@castiana:~$ lxc config show gui-steam
architecture: x86_64
config:
  environment.DISPLAY: :0
  environment.PULSE_LATENCY_MSEC: "30"
  environment.PULSE_SERVER: /mnt/.pulse-native
  environment.QT_X11_NO_MITSHM: "1"
  image.architecture: amd64
  image.description: ubuntu 18.04 LTS amd64 (release) (20190813.1)
  image.label: release
  image.os: ubuntu
  image.release: bionic
  image.serial: "20190813.1"
  image.version: "18.04"
  volatile.base_image: 2dd611e2689a8efc45807bd2a86933cf2da0ffc768f57814724a73b5db499eac
  volatile.eth0.host_name: vethe8c1ff8b
  volatile.eth0.hwaddr: 00:16:3e:65:36:88
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},    {"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},    {"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.last_state.idmap: '[]'
  volatile.last_state.power: RUNNING
devices:
  gpu:
    type: gpu
  pulse:
    bind: container
    connect: unix:/run/user/1000/pulse/native
    listen: unix:/mnt/.pulse-native
    mode: "0666"
    security.gid: "1000"
    security.uid: "1000"
    type: proxy
  x11:
    bind: container
    connect: unix:@/tmp/.X11-unix/X0
    listen: unix:@/tmp/.X11-unix/X0
    security.gid: "1000"
    security.uid: "1000"
    type: proxy
ephemeral: false
profiles:
- default
stateful: false
description: ""

Notes

Backup API consistency

This release contains a small API breakage which is very unlikely to affect any of our users as it's not in a part of the LXD API which is used by any of the existing tools.

This renames:

  • creation_date to created_at (CreatedAt in Go binding)
  • expiry_date to expires_at (ExpiresAt in Go binding)

This makes that API consistent with the other endpoints which expose timestamps.

New documentation website

A new documentation website is now being published at: https://linuxcontainers.org/lxd/docs/master/

Effort was put into better titles and grouping of topics to be easier to get started with LXD. All content still comes straight from the doc directory in the upstream repository, making it easy for anyone to send updates on Github.

Improved initial user experience on Windows/MacOS

Windows and MacOS builds of the LXD client still default to a local remote, despite the fact that the LXD daemon cannot work on those operating systems.

This caused some confusion to users in the past, so rather than showing a confusing error about a missing unix socket, those users are now greeted with:

C:\Users\stgraber>lxc list
This client hasn't been configured to use a remote LXD server yet.
As your platform can't run native Linux containers, you must connect to a remote LXD server.

If you already added a remote server, make it the default with "lxc remote switch NAME".
To easily setup a local LXD server in a virtual machine, consider using: https://multipass.run

Ported to final Dqlite 1.0

Dqlite 1.0 final has now been released and as part of the release effort a number of improvements and small design changes went in. LXD 3.17 is now based on that final 1.0 version.

Database rework

This release comes with some internal database reshuffling. All the containers tables have now been renamed to instances and snapshots have now been split out to their own set of instances_snapshots tables, making it easier to enforce consistency through the schema.

If you have custom scripts that directly look for data in the database, they may very well need updating for this.

Container devices rework

LXD 3.17 concludes our effort to split out all our device handling code, making it much more modular and improve coding patterns and testing. LXD 3.16 had the nic, infiniband and proxy devices ported, 3.17 now ports unix-char, unix-block, usb, gpu and disk, completing the set.

Storage rework

A first set of commit has been included in this release which cleans up some of our storage backends and similar to the devices rework will begin us moving every storage backend to a new cleaner structure.

Bugs fixed

  • client: Use PathEscape rather than QueryEscape for URL part parts
  • doc: Add documentation metadata
  • doc: Add required property to disk device type
  • doc: Update infiniband hwaddr docs
  • doc: Update NIC MTU descriptions
  • doc/server: Add missing key namespaces
  • doc/server: Add scope column
  • doc/server: Fix defaults for rbac
  • doc/storage: Clarify defaults for size
  • global: Remove accidentally included lxc.exe
  • i18n: Update translations from weblate
  • i18n: Update translation templates
  • lxc: Better error handling on non-Linux
  • lxc: Don't show header in CSV output
  • lxc: Just show help on missing subcommand
  • lxc: Update for fixed backup fields
  • lxc/config: Detect non-Linux systems
  • lxc/copy: Really always strip volatile.last_state.power
  • lxc/file: Fix error handling
  • lxc/file: Intercept user cancelation
  • lxc/init: Fix usage with no args
  • lxc/remote: Add basic auth example
  • lxc-to-lxd: Remove dependency of lxd/device/config package
  • lxc-to-lxd: Remove dependency on deviceConfig package
  • lxd: Add call to devicesRegister function on startup
  • lxd: Add unit test for creating a snapshot
  • lxd: Check RemoveAll() error properly
  • lxd: Remove MS_LAZYTIME definition
  • lxd: Reorganised the uevent and inotify event handler startup
  • lxd/apparmor: Prevent writes to /proc/acpi/**
  • lxd/backup: Call tar with --numeric-owner
  • lxd/containers: Add DeviceEventHandler
  • lxd/containers: Add DeviceEventHandler to interface
  • lxd/containers: Add deviceHandleMounts to handle mount and unmount
  • lxd/containers: Add safety net for deviceStop() in case no device returned
  • lxd/containers: Fix description
  • lxd/containers: Fix inotify dynamic hotplug on existing container start
  • lxd/containers: Further switchover to lxd/device/config Device types
  • lxd/containers: Improve error messages
  • lxd/containers: Modify deviceStop and deviceRemove to skip validation errors
  • lxd/containers: Move device folder creation before device setup during boot
  • lxd/containers: Move disk device to use device package
  • lxd/containers: Move missing device type validation into device package
  • lxd/containers: Remove deviceAttachMounts
  • lxd/containers: Remove device Register() after device start
  • lxd/containers: Remove gpu validation as moved to device package
  • lxd/containers: Remove old moved rootfs quota code
  • lxd/containers: Remove reference to non-existent infiniband nictype
  • lxd/containers: Remove unused arg from deviceAddCgroupRules
  • lxd/containers: Remove unused setupUnixDevice()
  • lxd/containers: Remove unused unix-char and unix-block code
  • lxd/containers: Remove unused unix-char and unix-block validation
  • lxd/containers: Remove unused USB code
  • lxd/containers: Remove unused USB related code
  • lxd/containers: Remove volatile device keys when device is actually removed
  • lxd/containers: Rename runConfig vars to runConf for consistency
  • lxd/containers: Simplify device validation now all devices are ported
  • lxd/containers: Supply all old devices to device Update() function
  • lxd/containers: Update all device major/minor parsing to use uint32
  • lxd/containers: Update deviceShiftMounts to ignore unmount requests
  • lxd/containers: Update deviceStart to call device's Register() function
  • lxd/containers: Update gpu device support to use device package
  • lxd/containers: Update use of shared.RunCommandSplit
  • lxd/containers: Use shared.GetRootDiskDevice for dup root device detection
  • lxd/db: Adapt lxd/cluster to new dqlite sub-packages
  • lxd/db: Adapt lxd/cluster to Server -> Node rename
  • lxd/db: Adapt lxd/db/cluster to Server -> Node rename
  • lxd/db: Adapt lxd/db package to new dqlite driver import
  • lxd/db: Adapt lxd/db to new dqlite driver package
  • lxd/db: Adapt lxd/db to Server -> Node rename
  • lxd/db: Adapt main package to new dqlite sub packages
  • lxd/db: Adapt main package to Server -> Node rename
  • lxd/db: Adapt to changed dqlite.New() signature, not requiring NodeInfo
  • lxd/db: Adapt to new Server.Leader() API
  • lxd/db: Add basic unit tests for generated snapshot code
  • lxd/db: Add copy of cluster schema version 14
  • lxd/db: Add Delete and Rename methods to Snapshot db model
  • lxd/db: Add Dump parameter to db.OpenCluster()
  • lxd/db: Add initial Snapshot db model
  • lxd/db: Add project column to views
  • lxd/db: Add schema update 16 adding the instances_snapshots table
  • lxd/db: Add schema update function to rename containers-related tables
  • lxd/db: Add type column to images table
  • lxd/db: Amend InstanceFilter docstring
  • lxd/db: At shutdown, wait a bit for the in-flight force request to settle
  • lxd/db: Change container special-casing in db code generator
  • lxd/db: Change db code generator to comply with Go naming standards
  • lxd/db: Convert containerCreateInternal to use InstanceSnapshotCreate()
  • lxd/db: Convert dump to new client API
  • lxd/db: Create instances_snapshots_config in schema update 16
  • lxd/db: Create instances_snapshots_config_ref view
  • lxd/db: Create instances_snapshots_devices_config in schema update 16
  • lxd/db: Create instances_snapshots_devices in schema update 16
  • lxd/db: Create instances_snapshots_devices_ref view
  • lxd/db: Detect possible leadership change through ougoing dqlite connections
  • lxd/db: Drop obsolete snapshot-related tests
  • lxd/db: Drop Parent filter from Instance
  • lxd/db: Drop unneeded logic to relink snapshots to new nodes
  • lxd/db: Drop unused Container and ContainerFilter structs
  • lxd/db: Extract configUpdate method from ContainerConfigUpdate
  • lxd/db: Fix failing unit test
  • lxd/db: Fix selecting NULL description columns
  • lxd/db: Generate Snapshot db mapping code
  • lxd/db: Improve dqlite proxy error messages and abort both sides on error
  • lxd/db: Invoke data migration from db.OpenCluster, before schema updates
  • lxd/db: Make the db code generator handle indirect foreign key
  • lxd/db: Migrate snapshots to the new tables
  • lxd/db: No need to manually bootstrap
  • lxd/db: Pass a context to server.Cluster()
  • lxd/db: Properly account for project when moving ceph-based containers
  • lxd/db: Regenerate db code
  • lxd/db: Re-generate db mapper code
  • lxd/db: Regenerate db mappers code
  • lxd/db: Regenerate db schema
  • lxd/db: Regenerate global db schema
  • lxd/db: Remove legacy unit test making use of old snapshot apis
  • lxd/db: Replace references to the "containers" table with "instances"
  • lxd/db: Skip clustering-related unit tests, see issue #6122
  • lxd/db: Update db code generator to handle composite entity names
  • lxd/db: Update top-level daemon package to new auto-generated method names
  • lxd/db: Update unit tests after containers -> instances conversion
  • lxd/db: Use Client.Add() API
  • lxd/db: Use Client.Cluster() API
  • lxd/db: Use Client.Leader() API
  • lxd/db: Use Client.Remove() API
  • lxd/db: Use correct db APIs depending on the container type
  • lxd/db: Use new LeaderAddress() api
  • lxd/db: Use new snapshot db APIs in ClusterTx.SnapshotIDsAndNames()
  • lxd/db: Use new snapshots APIs in ContainerGetSnapshotsFull
  • lxd/db: Use new snapshots tables in ContainerNextSnapshot()
  • lxd/db: Use new snapshot tables in Cluster.ContainerGetSnapshots()
  • lxd/db: Use new snapshot tables in daemon patches
  • lxd/db: Use query.Transaction instead of manual tx management
  • lxd/db: Use WithServerBindAddress
  • lxd/devices: Add Register function and links USB implementation
  • lxd/devices: Change Update() to accept all old devices
  • lxd/devices: Fix dynamic hotplug of unix devices when they exist on startup
  • lxd/devices: Link gpu device
  • lxd/devices: Link up disk device
  • lxd/devices: Link up unix-char and unix-block devices
  • lxd/devices: Modify New function to return device even if validation fails
  • lxd/devices: Move empty device type validation into device package
  • lxd/devices: Move USB event handling into device package
  • lxd/devices: Remove disk related functions
  • lxd/devices: Remove gpu related code moved to device package
  • lxd/devices: Remove inotify code
  • lxd/devices: Rename USBDevice to USBEvent
  • lxd/devices: Update sorted devices usage
  • lxd/devices: Update use of Device type
  • lxd/devices/config: Change Devices type to map[string]Device
  • lxd/devices/config: Make device set sorting exported
  • lxd/devices/config: Replace DeviceNames() with Sorted() and Reversed()
  • lxd/devices/config/validate: Move function to be attached to Device type
  • lxd/devices/device: Link up none device type
  • lxd/devices/device/utils/usb/events: Add USB event handler functions
  • lxd/devices/device/utils/usb: Move bits into usb and device_utils_usb_events
  • lxd/devices/disk: Add disk device implementation
  • lxd/devices/disk: Add StorageVolumeMount and StorageVolumeUmount functions
  • lxd/devices/disk: Add validation for root disk having a pool property
  • lxd/devices/disk: Link StorageRootFSApplyQuota
  • lxd/devices/gpu: Add gpu implementation
  • lxd/devices/gpu: Move nvidia device loading to use resources package
  • lxd/devices/gpu: Update all device major/minor parsing to use uint32
  • lxd/devices/gpu: Update unix function usage
  • lxd/devices/gpu: Use device package validation functions
  • lxd/devices/gpu: Validate vendorid and productid
  • lxd/devices/infiniband: Add IB MAC functions
  • lxd/devices/infiniband: Remove unused code after switch to resources package
  • lxd/devices/infiniband: Update use of unix functions
  • lxd/devices/infiniband: Workaround weird sysfs behavior
  • lxd/devices/infiniband/physical: Improve MAC address support
  • lxd/devices/infiniband/physical: Switch to use resources package
  • lxd/devices/infiniband/physical: Update unix function usage
  • lxd/devices/infiniband/physical: Update use of unix device functions
  • lxd/devices/infiniband/sriov: Improve MAC address support
  • lxd/devices/infiniband/sriov: Switches to use resources package
  • lxd/devices/infiniband/sriov: Update unix function usage
  • lxd/devices/infiniband/sriov: Update use of unix device functions
  • lxd/devices/inotify: Move inotify functions to device package
  • lxd/devices/instance: Add DeviceEventHandler function
  • lxd/devices/instance: Add LocalDevices() to interface
  • lxd/devices/instance: Add RootfsPath() to InstanceIdentifier interface
  • lxd/devices/network: Add networkValidMAC
  • lxd/devices/network: MTU inheriting from parent on bridged devices
  • lxd/devices/network: Remove NetworkSRIOVGetFreeVFInterface
  • lxd/devices/nic: Update bridged and p2p types to new Update signature
  • lxd/devices/nic: Update nic validation of hwaddr
  • lxd/devices/nic/bridged: DHCP release fixes
  • lxd/devices/nic/sriov: Add getFreeVFInterface after moving from shared utils
  • lxd/devices/none: Add none device type
  • lxd/devices/proxy: Update validation to use d.instance.ExpandedDevices()
  • lxd/devices/proxy: Use device package validation functions
  • lxd/devices/runconfig: Add RootFS support
  • lxd/devices/runconfig: Add Uevents slice
  • lxd/devices/runconfig: Change mount Shift to OwnerShift
  • lxd/devices/runconfig: Fix typo in comment
  • lxd/devices/unix: Add implementation for unix-char and unix-block devices
  • lxd/devices/unix: Add unix event handling functions
  • lxd/devices/unix: Clarify required property logic
  • lxd/devices/unix: Comment clarification
  • lxd/devices/unix: Device management function rework
  • lxd/devices/unix: Ensure unix devices are mounted with MountOwnerShiftStatic
  • lxd/devices/unix: Fix double device name encoding in file name
  • lxd/devices/unix: Make unixDeviceAttributes unexported
  • lxd/devices/unix: Move some config validation functions into device package
  • lxd/devices/unix: Update all device major/minor parsing to uin32
  • lxd/devices/unix: Update device removal functions to accept file filter
  • lxd/devices/unix: Update use of unixDeviceAttributes
  • lxd/devices/unix: Various small improvements
  • lxd/devices/usb: Add unexported usbIsOurDevice and switch to USBEvent
  • lxd/devices/usb: Add USB device implementation
  • lxd/devices/usb: Add USB event handling functions
  • lxd/devices/usb: Clarify required property logic
  • lxd/devices/usb: Remove unused function
  • lxd/devices/usb: Update Register() to be called by post start hook
  • lxd/dnsmasq: Update version check to use shared.RunCommandCLocale
  • lxd/main_forkuevent: Fix error when >3 arguments used (normal case)
  • lxd/migration: Remove unused Snapshots() function from interface
  • lxd/networks: Handle error from dnsmasq version check
  • lxd/networks: Remove old dnsmasq.leases file on network start
  • lxd/patches: Update sorted devices usage
  • lxd/projects: Remove dependency on deviceConfig package
  • lxd/response: Show wrapped errors
  • lxd/seccomp: Update use of shared.RunCommandSplit
  • lxd/storage: Add storageRootFSApplyQuota
  • lxd/storage: Add storageVolumeMount and storageVolumeUmount
  • lxd/storage: Fix bad UsedBy check
  • lxd/storage: Move btrfs migration code
  • lxd/storage: Move ceph migration code
  • lxd/storage: Move ContainerGetParentAndSnapshotName to shared
  • lxd/storage: Move ContainerPath() to storage package
  • lxd/storage: Move Create{Container,Snapshot}Mountpoint to storage
  • lxd/storage: Move get*MountPoint() to storage package
  • lxd/storage: Move storage cgo to storage package
  • lxd/storage: Move storage_utils to storage/utils
  • lxd/storage: Move zfs migration code
  • lxd/storage: Remove ContainerCanRestore from storage interface
  • lxd/storage: Remove Image{Umount,Mount} from storage interface
  • lxd/storage: Remove shared code from backends
  • lxd/storage/lvm: Log actual error
  • lxd/storage/quota: Move use of Major and Minor functions to unix package
  • lxd/storage/zfs: Fix error reporting
  • lxd/sys: Add CGroupBlkioWeightController check
  • lxd: Update for fixed backup fields
  • lxd: Update tests to use updated Devices type
  • lxd: Update top-level unit-tests for DB changes
  • lxd: Update use of Devices type
  • lxd: Use unix.MS_LAZYTIME
  • Makefile: Fix sqlite manifest path
  • Makefile: Fix update-schema target
  • shared: Handle symlinks in FileCopy()
  • shared/api: Fix backup timestamps
  • shared/container: Add IsDeviceID validation
  • shared/container: Improve comments on IsRootDiskDevice
  • shared/container: Move global hex regex into specific function
  • shared/container: Remove device related validation functions
  • shared/containerwriter: Updates use of GetFileStat
  • shared/simplestreams: Make golint clean
  • shared/simplestreams: Record all images
  • shared/simplestreams: Remove dead code
  • shared/simplestreams: Rename index structs
  • shared/simplestreams: Rename internal functions
  • shared/simplestreams: Rename product structs
  • shared/simplestreams: Rename SimpleStreamsFile
  • shared/simplestreams: Rename ssDefaultOS
  • shared/simplestreams: Split index/manifest out
  • shared/simplestreams: Split out sortedImages
  • shared/util: Add RunCommandCLocale() and update RunCommandSplit()
  • shared/util: Remove Major and Minor functions
  • tests: Add golint for storage package
  • tests: Add infiniband MAC tests
  • tests: Add more bridged DHCP release tests
  • tests: Add proxy tests for invalid config
  • tests: Add GPU tests
  • tests: Add simplestreams to golint
  • tests: Add storage quota tests
  • tests: Add test for bridged MTU parent inheritance
  • tests: Add test for ipvlan MTU parent inheritance
  • tests: Add test for macvlan MTU parent inheritance
  • tests: Add tests for unix-char and unix-block devices
  • tests: Enable quota checks for ceph engine
  • tests: Fix broken lxd import integration test
  • tests: Fix CEPH RBD leakage
  • tests: Fix typo in comment
  • tests: Remove MAC tests from infiniband tests
  • tests: Remove the attached testvolume
  • tests: Remove tmpfs references from gpu tests
  • tests: Remove use of uppercase chars in MAC tests
  • tests: Split server tests
  • tests: Update backup test for new error
  • tests: Update integration tests for DB changes

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

Binary builds are also available for:

  • Linux: snap install lxd
  • MacOS: brew install lxc
  • Windows: choco install lxc

LXD 3.16 has been released

9th of August 2019

Introduction

The LXD team is very excited to announce the release of LXD 3.16!

This release includes a number of new features, configuration options and improvements to the command line tool.

Behind the scenes, a lot of work has gone into reworking the infrastructure used for container devices with the nic, infiniband and proxy devices having switched over to the new logic. This should result in much cleaner code that is easier to debug, better tests and more thorough error handling and configuration validation.

Enjoy!

New features

shift property for disk devices

It is now possible to request LXD setup a shiftfs overlay on any disk device.

This effectively allows exposing any disk or directory from your host system into an unprivileged container without having to resort to ACL/chown trickery to get the ownership right.

stgraber@castiana:~$ lxc config device add c1 home disk path=/home source=/home
Device home added to c1
stgraber@castiana:~$ lxc exec c1 -- ls -lh /home
total 537K
drwxr-xr-x 14 nobody nogroup 18 Mar 13 20:32 blah
drwx--x--x 33 nobody nogroup 86 Aug  9 22:25 stgraber
stgraber@castiana:~$ lxc config device remove c1 home
Device home removed from c1

stgraber@castiana:~$ lxc config device add c1 home disk path=/home source=/home     shift=true
Device home added to c1
stgraber@castiana:~$ lxc exec c1 -- ls -lh /home
total 537K
drwxr-xr-x 14 ubuntu ubuntu 18 Mar 13 20:32 blah
drwx--x--x 33 201105 200512 86 Aug  9 22:25 stgraber
stgraber@castiana:~$

NOTE: This relies on shiftfs which requires an Ubuntu kernel of version 5.0 or higher and for snap users, must be opted into through a snap configuration. More details here.

security.shifted property for custom storage volumes

Building onto the new shift logic for disk devices, it's also now possible to configure custom storage volumes to be attached to containers using shiftfs.

This now makes it possible to attach a shared custom volume to a mix of privileged, unprivileged and isolated containers.

stgraber@castiana:~$ lxc launch ubuntu:18.04 c1
Creating c1
Starting c1
stgraber@castiana:~$ lxc launch ubuntu:18.04 c2 -c security.privileged=true
Creating c2
Starting c2
stgraber@castiana:~$ lxc launch ubuntu:18.04 c3 -c security.idmap.isolated=true
Creating c3
Starting c3

stgraber@castiana:~$ lxc storage volume create default demo security.shifted=true
Storage volume demo created
stgraber@castiana:~$ lxc storage volume attach default demo c1 demo /demo
stgraber@castiana:~$ lxc storage volume attach default demo c2 demo /demo
stgraber@castiana:~$ lxc storage volume attach default demo c3 demo /demo

stgraber@castiana:~$ lxc exec c1 -- touch /demo/blah
stgraber@castiana:~$ lxc exec c1 -- chown 123:456 /demo/blah
stgraber@castiana:~$ lxc exec c2 -- ls -lh /demo
total 512
-rw-r--r-- 1 123 456 0 Aug  9 23:17 blah
stgraber@castiana:~$ lxc exec c3 -- ls -lh /demo
total 512
-rw-r--r-- 1 123 456 0 Aug  9 23:17 blah
stgraber@castiana:~$

NOTE: This relies on shiftfs which requires an Ubuntu kernel of version 5.0 or higher and for snap users, must be opted into through a snap configuration. More details here.

Empty container creation

Up until now, the only way to create a new container with the default command line tool was to use an existing image, be it local or remote.

LXD has long supported creating an empty container, but that mechanism was only available directly through the API and used by a number of data migration tools.

Following some user request for this, we now have a --empty option to lxc init which lets you create an empty container. Such a container cannot start and its filesystem must be manually populated, either through lxc file or by directly modifying it on the host system.

stgraber@castiana:~$ lxc init --empty c1
Creating c1
stgraber@castiana:~$ lxc list c1
+------+---------+------+------+------------+-----------+
| NAME |  STATE  | IPV4 | IPV6 |    TYPE    | SNAPSHOTS |
+------+---------+------+------+------------+-----------+
| c1   | STOPPED |      |      | PERSISTENT | 0         |
+------+---------+------+------+------------+-----------+

Syscall interception configuration

The system call interception logic was extended to support setxattr on top of the existing mknod. At the same time, the feature was moved under a configuration key with each system call being individually toggable.

The two new options are:

  • security.syscall.intercept.mknod
  • security.syscall.intercept.setxattr

Both of them default to false and turning on this feature requires a 5.0 kernel, LXC 3.2 and an upstream snapshot of libseccomp.

Added infiniband data to resources API

Building onto the rework of the resources API from LXD 3.15, infiniband devices now report a bit more information, specifically the character devices used to drive them.

The relevant section of lxc info --resources now looks like:

Card 0:
    NUMA node: 1
    Vendor: Mellanox Technologies (15b3)
    Product: MT27500 Family [ConnectX-3] (1003)
    PCI address: 0000:82:00.0
    Driver: mlx4_core (4.0-0)
    Ports:
      - Port 1 (ethernet)
        ID: enp130s0d1
        Address: 00:02:c9:a0:00:91
        Supported modes: 1000baseKX/Full, 10000baseKX4/Full, 10000baseKR/Full
        Supported ports: fibre
        Port type: fibre
        Transceiver type: internal
        Auto negotiation: false
        Link detected: false
      - Port 0 (infiniband)
        ID: ib0
        Address: 80:00:0a:80:fe:80:00:00:00:00:00:00:00:02:c9:03:00:a0:00:91
        Auto negotiation: false
        Link detected: false
        Infiniband:
          IsSM: issm0 (231:64)
          MAD: umad0 (231:0)
          Verb: uverbs0 (231:192)
    SR-IOV information:
      Current number of VFs: 4
      Maximum number of VFs: 31
      VFs: 31
      - NUMA node: 1
        Vendor: Mellanox Technologies (15b3)
    Product: MT27500/MT27520 Family [ConnectX-3/ConnectX-3 Pro Virtual Function]     (1004)
        PCI address: 0000:82:00.1
        Driver: mlx4_core (4.0-0)
        Ports:
          - Port 1 (ethernet)
            ID: enp130s0f1d1
            Address: 5e:93:07:c6:ae:4c
            Auto negotiation: false
            Link detected: false
          - Port 0 (infiniband)
            ID: ib1
            Address: 80:00:0a:81:fe:80:00:00:00:00:00:00:6a:fc:bc:b5:23:4f:ba:c9
            Auto negotiation: false
            Link detected: false
            Infiniband:
              IsSM: issm2 (231:66)
              MAD: umad2 (231:2)
              Verb: uverbs1 (231:193)
      - NUMA node: 1
        Vendor: Mellanox Technologies (15b3)
    Product: MT27500/MT27520 Family [ConnectX-3/ConnectX-3 Pro Virtual Function]     (1004)
        PCI address: 0000:82:00.2
        Driver: mlx4_core (4.0-0)
        Ports:
          - Port 1 (ethernet)
            ID: enp130s0f2d1
            Address: c2:21:28:88:3a:00
            Auto negotiation: false
            Link detected: false
          - Port 0 (infiniband)
            ID: ib2
            Address: 80:00:0a:82:fe:80:00:00:00:00:00:00:ae:12:68:fa:cd:db:53:f1
            Auto negotiation: false
            Link detected: false
            Infiniband:
              IsSM: issm4 (231:68)
              MAD: umad4 (231:4)
              Verb: uverbs2 (231:194)
      - NUMA node: 1
        Vendor: Mellanox Technologies (15b3)
    Product: MT27500/MT27520 Family [ConnectX-3/ConnectX-3 Pro Virtual Function]     (1004)
        PCI address: 0000:82:00.3
        Driver: mlx4_core (4.0-0)
        Ports:
          - Port 1 (ethernet)
            ID: enp130s0f3d1
            Address: c6:f0:fb:b2:0b:81
            Auto negotiation: false
            Link detected: false
          - Port 0 (infiniband)
            ID: ib3
            Address: 80:00:0a:83:fe:80:00:00:00:00:00:00:0a:94:39:75:2d:fe:6e:19
            Auto negotiation: false
            Link detected: false
            Infiniband:
              IsSM: issm6 (231:70)
              MAD: umad6 (231:6)
              Verb: uverbs3 (231:195)
      - NUMA node: 1
        Vendor: Mellanox Technologies (15b3)
    Product: MT27500/MT27520 Family [ConnectX-3/ConnectX-3 Pro Virtual Function]     (1004)
        PCI address: 0000:82:00.4
        Driver: mlx4_core (4.0-0)
        Ports:
          - Port 1 (ethernet)
            ID: enp130s0f4d1
            Address: fa:4a:c2:9d:f0:2d
            Auto negotiation: false
            Link detected: false
          - Port 0 (infiniband)
            ID: ib4
            Address: 80:00:0a:84:fe:80:00:00:00:00:00:00:0a:73:ab:6d:2c:c6:62:df
            Auto negotiation: false
            Link detected: false
            Infiniband:
              IsSM: issm8 (231:72)
              MAD: umad8 (231:8)
              Verb: uverbs4 (231:196)

This matches similar reporting used for DRM and NVIDIA device node information on GPUs.

Reworked set commands in client

In order to make things more consistent in the command line tool, all set commands now accept multiple key=value options. This makes it easier to set configuration that requires multiple keys be changed at the same time, without having to rely to the edit commands and using an interactive text editor.

Both new and old syntax work in parallel, with the key=value now being the preferred one.

stgraber@castiana:~$ lxc config set c1 user.foo 1
stgraber@castiana:~$ lxc config get c1 user.foo
1
stgraber@castiana:~$ lxc config set c1 user.foo=2 user.bar=3
stgraber@castiana:~$ lxc config get c1 user.foo
2
stgraber@castiana:~$ lxc config get c1 user.bar
3

--format option for all lists in client

Another command line tool improvement is that all of the list commands now behave the same and support the same --format option, allowing output in:

  • table (default)
  • csv
  • json
  • yaml

The full list of such commands is:

  • lxc alias list
  • lxc cluster list
  • lxc config template list
  • lxc config trust list
  • lxc image list
  • lxc image alias list
  • lxc list
  • lxc network list
  • lxc network list-leases
  • lxc operation list
  • lxc profile list
  • lxc project list
  • lxc remote list
  • lxc storage list
  • lxc storage volume list

Support for combined images in simplestreams

It is now possible to publish a LXD combined image (single tarball) on a simplestreams image server by using the filetype lxd_combined.tar.gz.

This is an alternative to the more common (and flexible) split image which is made of distinct metadata (lxd.tar.xz) and rootfs (root.tar.xz or squashfs) files.

Bugs fixed

  • bash: Update contain er options
  • bash: Update device options
  • bash: Update network options
  • bash: Update server options
  • bash: Update storage options
  • doc: Update Github URLs
  • doc/containers: Fix markdown escaping
  • doc/containers: Remove incorrect host_name setting from ipvlan and macvlan
  • doc/containers: Update container volatile keys for host_name
  • doc/containers/: Update proxy bind settings to host or guest
  • doc/containers: Update proxy default mode value to 0644
  • doc/storage: Make descriptions consistent
  • doc/userns: Update to match current behavior
  • i18n: Update translations from weblate
  • i18n: Update translation templates
  • lxc/list: If no snapshots, show 0
  • lxd: Update Github URLs
  • lxd/cluster: Use hook for initial heartbeat
  • lxd/cluster: Workaround watchFunc kicking heartbeat a bit too early
  • lxd/cluster/hearbeat: Add new RaftID field to heartbeat Members struct
  • lxd/cluster/membership: Fix new DB server id
  • lxd/containers: Add access to containerLoadByProjectAndName from device
  • lxd/containers: Add DevicesPath() function to interface
  • lxd/containers: Add InstanceLoadNodeAll link to device package
  • lxd/containers: Add state to containerValidDevices and updates references
  • lxd/containers: Add Type function
  • lxd/containers: Add Type() function to interface
  • lxd/containers: Delete on creation failure
  • lxd/containers: Don't validate liblxc version during config parsing
  • lxd/containers: Fix infiniband support
  • lxd/containers: Link device interface into LXD, removes unused functions
  • lxd/containers: Move fillNetworkDevice into startInfiniband
  • lxd/containers: NIC device validation to device interface
  • lxd/containers: Remove migrated infiniband validation
  • lxd/containers: Remove old infiniband logic
  • lxd/containers: Remove proxy validation
  • lxd/containers: Restore update of disk limit options
  • lxd/containers: Restructure deviceStop to support post stop hooks
  • lxd/containers: Rework MAAS calls
  • lxd/containers: Update infiniband to use device package
  • lxd/containers: Update references for proxy to use device package
  • lxd/containers: Update references to deviceGetAttributes to device package
  • lxd/containers: Update references to proxy functions and vars after move
  • lxd/containers: Update use of device.New with device name
  • lxd/containers: Update use of device.New() with device name
  • lxd/daemon: Check for non-empty members list from heartbeat
  • lxd/device: Add device interface and common device implementation
  • lxd/device: Add device name to device structure
  • lxd/device: Hook up proxy device
  • lxd/device: Link up infiniband device
  • lxd/device: Move device related functions into device package
  • lxd/device: Remove single line if assignments
  • lxd/device: Remove old static update fields list
  • lxd/device: Update interface for Stop() to return RunConfig
  • lxd/device/config: Move types. to device.config.
  • lxd/device/errors: Add errors file for device error definitions
  • lxd/device/infiniband: Add infiniband device loader
  • lxd/device/infiniband/physical: Add new infiniband physical implementation
  • lxd/device/infiniband/sriov: Add infiniband sriov device implementation
  • lxd/device/instance/id: Add DevicesPath() function
  • lxd/device/instance/id: Add functions to interface to expose config
  • lxd/device/instance/id: Add instanceIdentifier interface
  • lxd/device/instance/id: Add LogPath() to instance identifier interface
  • lxd/device/nic: Add NIC device loader, nic type map and validation
  • lxd/device/nic: Rename runConfig to runConf for consistency
  • lxd/device/nic: Update comments to remove "container" references
  • lxd/device/nic: Update nic devices to use new RunConfig format
  • lxd/device/nic/bridged: Add bridged NIC device implementation
  • lxd/device/nic/bridged: Add checks for DHCP being enabled if no static IP
  • lxd/device/nic/bridged: Fix issue with non-dhcp, non-addressed parent device
  • lxd/device/nic/bridged: Update for post stop hooks
  • lxd/device/nic/ipvlan: Add IPVLAN NIC device implementation
  • lxd/device/nic/macvlan: Add MACVLAN NIC device implementation
  • lxd/device/nic/macvlan: Update for post stop hooks
  • lxd/device/nic/p2p: Add P2P NIC device implementation
  • lxd/device/nic/p2p: Update for post stop hooks
  • lxd/device/nic/physical: Add physical NIC device implementation
  • lxd/device/nic/physical: Update for post stop hooks
  • lxd/device/nic/sriov: Add SR-IOV NIC device implementation
  • lxd/device/nic/sriov: Fix mac_filtering when no hwaddr specified
  • lxd/device/nic/sriov: Switch to use shared instanceGetReservedDevices
  • lxd/device/nic/sriov: Update for post stop hooks
  • lxd/device/nic/vlan: Update for post stop hooks
  • lxd/device/proxy: Add proxy device implementation
  • lxd/device/proxy: Implement default listen file mode of 0644
  • lxd/device/proxy: Remove unnecessary CanHotPlug function
  • lxd/device/proxy: Update for post stop hooks
  • lxd/device/runconfig: Add CGroups slice to RunConfig
  • lxd/device/runconfig: Add MountEntryItem struct definition for mounts
  • lxd/device/runconfig: Add PostStartHooks and simplifies NetworkInterface
  • lxd/device/runconfig: Add the struct types returned when a device is started
  • lxd/device/runconfig: Rename PostStartHooks to PostHooks
  • lxd/device/utils: Add cidr list validation functions
  • lxd/device/utils: Add InstanceLoadNodeAll var
  • lxd/device/utils: Add network{Snapshot,Restore}PhysicalNic and networkRestorePhysicalNic functions
  • lxd/device/utils: Add NetworkSRIOVGetFreeVFInterface function
  • lxd/device/utils: Add veth management functions
  • lxd/device/utils: Bring VLAN parent interface up
  • lxd/device/utils: Move IP validation functions from network_utils
  • lxd/device/utils: Move NetworkAttachInterface to device_utils
  • lxd/device/utils: Move networkGetDevMAC and networkSetDevMAC to device_utils
  • lxd/device/utils: Move networkGetDevMTU and networkSetDevMTU to device_utils
  • lxd/device/utils: Move networkGetHostDevice to device_utils
  • lxd/device/utils: Move networkSysctlGet to device_utils
  • lxd/device/utils: Move networkSysctlSet to device_utils
  • lxd/device/utils: Rename createVlanDeviceIfNeeded to NetworkCreateVlanDeviceIfNeeded
  • lxd/device/utils: Rename deviceNextVeth to NetworkRandomDevName
  • lxd/device/utils: Rename deviceRemoveInterface to NetworkRemoveInterface
  • lxd/device/utils/disk: Add disk management utils file
  • lxd/device/utils/infiniband: Add infiniband utils file
  • lxd/device/utils/instance: Add access to InstanceLoadByProjectAndName function
  • lxd/device/utils/instance: Add instanceGetReservedDevices function
  • lxd/device/utils/network: Move proxy related network functions into device package
  • lxd/device/utils/proxy: Add proxy specific shared functions
  • lxd/device/utils/unix: Add unix device utils file
  • lxd/device/validate: Add device config validation framework
  • lxd/device/validate: Update validation to understand infiniband has nictype
  • lxd/dnsmasq: Adds dnsmasq package and updates usage
  • lxd/dnsmasq: Adds RemoveStaticEntry function
  • lxd/dnsmasq: Don't fail file deletion if missing
  • lxd/dnsmasq: Removes RebuildConfig function link to networkUpdateStatic
  • lxd/images: Fix crash on refresh error
  • lxd/instance: Add new type instance
  • lxd/internal: Remove OnNetworkUp hook command
  • lxd/iptables: Moves iptables helper functions into own package
  • lxd/maas: Do more configuration validation
  • lxd/main_checkfeature: Add ifdef SECCOMP_GET_ACTION_AVAIL
  • lxd/main_forkmount: Error on invalid calls
  • lxd/main_forkmount: Fix cobra parsing
  • lxd/main_forkmount: Properly exit on success
  • lxd/main_forkproxy: Fix crash when listener cannot be setup
  • lxd/main_forkproxy: Rework log messages to better define the different types
  • lxd/main_forkproxy: Update references to shared types in device package
  • lxd/main_forksyscall: Add and use setnsat()
  • lxd/main_forksyscall: Add chdirchroot()
  • lxd/main_forksyscall: Avoid calling close on garbage fd
  • lxd/main_forksyscall: Don't break chdirchroot() with setns(CLONE_NEWNS)
  • lxd/main_forksyscall: Fix variable declarations
  • lxd/main_forksyscall: Harden open()-calls via O_PATH and O_DIRECTORY
  • lxd/main_forksyscall: Introduce acquire_basic_creds()
  • lxd/main_forksyscall: Protect CLONE_NEWCGROUP with ifdef
  • lxd/main_forksyscall: Re-introduce setns(CLONE_NEWNS) properly
  • lxd/main_forksyscall: Remove same_fsinfo() logic completely
  • lxd/main_forksyscall: Remove st_ino check from same_fsinfo()
  • lxd/main_forksyscall: Replace target_fd with cwd_fd
  • lxd/main_forksyscall: Switch chdirchroot() and setns() order
  • lxd/main_forksyscall: Use correct error handling for chdirchroot()
  • lxd/networks/config: Update references to NetworkValidAddress
  • lxd/networks/config: Update to use IP validation in device_utils
  • lxd/networks/utils: Remove functions that are moved to device implementations
  • lxd/networks/utils: Remove networkUpdateStaticContainer
  • lxd/networks/utils: Remove networkValidAddress
  • lxd/networks/utils: Remove unused IP validation functions
  • lxd/project: Adds project package and updates references to it
  • lxd/proxy: Remove unused code
  • lxd/response: Fix SmartError
  • lxd/seccomp: Abstract syscall handling
  • lxd/seccomp: Always use setfattr
  • lxd/seccomp: Bugfix, cleanup, and simplify
  • lxd/seccomp: Don't hardcode ns type
  • lxd/seccomp: Don't mask errors
  • lxd/seccomp: Fix broken setxattr
  • lxd/seccomp: Fix setattr of directories
  • lxd/seccomp: Fix whiteout detection
  • lxd/seccomp: Handle setxattr syscall
  • lxd/seccomp: Only define Go arch (and include elf)
  • lxd/seccomp: Remove shiftfs special-casing
  • lxd/seccomp: Rename getSeccompProfileContent to seccompGetPolicyContent
  • lxd/seccomp: Retrieve fs{g,u}id for mknod{at}() syscalls
  • lxd/seccomp: Retrieve fs{g,u}id for setxattr() syscalls
  • lxd/seccomp: Use int64 for uid/gid
  • lxd/seccomp: Use LXD uidmap functions
  • lxd/storage: Fix hangs on volume migration failures
  • lxd/storage/ceph: Handle EBUSY on unmap
  • lxd/storage/ceph: Slightly speed up creation
  • lxd/storage/zfs: Fix transfer on encrypted pool
  • lxd/storage/zfs: Properly wrap mount error
  • lxd/storage/zfs: Properly wrap mount error
  • lxd/task: Attempt to run tasks on schedule
  • lxd/task/group: Move wait group Done() after g.running update to avoid race on task end
  • Makefile: Include libraft and libco
  • Makefile: Make it easier to build from tarball
  • Makefile: Rename dist to _dist to avoid Go recursion
  • Makefile: Update Github URLs
  • shared: Don't open files to get their mode
  • shared/container: Add IsNotEmpty to help with validation required fields
  • shared/container: Add IsUnixUserID and IsOctalFileMode functions
  • shared/osarch: Add more aliases
  • shared/util: Remove BlockFsDetect as moved into device package
  • tests: Add basic infiniband tests
  • tests: Add nic bridged filtering tests for when DHCP is disabled
  • tests: Add sleep for DHCP release tests for slower machines
  • tests: Always pass -f to stop
  • tests: Always use pg_num=1 during tests
  • tests: Avoid ceph pool conflict
  • tests: Avoid event forwarding race condition
  • tests: Ensure SR-IOV tests remove all containers
  • tests: Fix bridge tests detection of busybox udhcpc6 presence
  • tests: Fix CEPH pool names
  • tests: Fix proxy device unix tests on Ubuntu Eoan
  • tests: Make shellcheck happy
  • tests: Rename ct_name to ctName for consistent naming in NIC tests
  • tests: Rename the proxy device tests to fit with other device tests
  • tests: Update forkproxy tests
  • tests: Update nic bridged filtering tests for non-IP addressed parent
  • tests: Update NIC SR-IOV test to check for device reservation
  • tests: Update NIC tests to check for volatile key cleanup
  • tests: Update static_analysis.sh
  • tests: Workaround race condition in image import event listener

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

Binary builds are also available for:

  • Linux: snap install lxd
  • MacOS: brew install lxc
  • Windows: choco install lxc

LXD 3.15 has been released

11th of July 2019

Introduction

The LXD team is very excited to announce the release of LXD 3.15!

This release both includes a number of major new features as well as some significant internal rework of various parts of LXD.

One big highlight is the transition to the dqlite 1.0 branch which will bring us more performance and reliability, both for our cluster users and for standalone installations. This rework moves a lot of the low-level database/replication logic to dedicated C libraries and significantly reduces the amount of back and forth going on between C and Go.

On the networking front, this release features a lot of improvements, adding support for IPv4/IPv6 filtering on bridges, MAC and VLAN filtering on SR-IOV devices and much improved DHCP server management.

We're also debuting a new version of our resources API which will now provide details on network devices and storage disks on top of extending our existing CPU, memory and GPU reporting.

And that's all before looking into the many other performance improvements, smaller features and bugfixes that went into this release.

For our Windows users, this is also the first LXD release to be available through the Chocolatey package manager: choco install lxc

Enjoy!

Major improvements

Switch to dqlite 1.0

After over a year of running all LXD servers on the original implementation of our distributed sqlite database, it's finally time for LXD to switch to its 1.0 branch.

This doesn't come with any immediately noticeable improvements for the user, but reduces the number of external dependencies, CPU usage and memory usage for the database. It will also make it significantly easier for us to debug issues and better integrate with more complex database operations when running clusters.

Upon upgrading to LXD 3.15, the on-disk database format will change, getting automatically converted following an automated backup. For cluster users, the protocol used for database queries between cluster nodes is also changing, which will cause all cluster nodes to refresh at the same time so they all transition to the new database.

Reworked DHCP lease handling

In the past, LXD's handling of DHCP was pretty limited. We would write static lease entries to the configuration and then kick dnsmasq to read it. For changes and deletions of static leases, we'd need to completely restart the dnsmasq process which was rather costly.

LXD 3.15 changes that by instead having LXD itself issue DHCP requests to the dnsmasq server based on what's currently in the DHCP lease table. This can be used to manually release a lease when a container's configuration is altered or a container is deleted, all without ever needing to restart dnsmasq.

Reworked cluster heartbeat handling

In the past, the cluster leader would send a message to all cluster members on a 10s cadence, spreading those heartbeats over time. The heatbeat data itself was just the list of database nodes so that all cluster members would know where to send database queries.

Separately from that mechanism, we then had background tasks on all cluster members which would periodically look for version mismatches between members to detect pending updates and another task to detect changes in the list of members or in their IP addresses to re-configure clustered DNS.

For large size clusters, those repetitive tasks ended up being rather costly and also un-needed.

LXD 3.15 now extends this internal heartbeat to include the most recent version information from the cluster as well as the status of all cluster members, not just the database ones. This means that only the cluster leader needs to retrieve that data and all other members will now have a consistent view of everything within 10s rather than potentially several minutes (as was the case for the update check).

Better syscall interception framework

Quite a bit of work has gone into the syscall interception feature of LXD. Currently this covers mknod and mknodat for systems that run a 5.0+ kernel along with a git snapshot of both liblxc and libseccomp.

The changes involve a switch of API with liblxc ahead of the LXC 3.2 release as well as fixing handling of shiftfs backed containers and cleaning common logic to make it easier to intercept additional syscalls in the near future.

More reliable unix socket proxying

A hard to track down bug in the proxy device code was resolved which will now properly handle unix socket forwarding. This was related to end of connection detection and forwarding of the disconnection event.

Users of the proxy device for X11 and/or pulseaudio may in the past have noticed windows that won't close on exit or the sudden inability to start new software using that unix socket. This has now been resolved and so should make the life of those running graphical applications in LXD much easier.

New features

Hardware VLAN and MAC filtering on SR-IOV

The security.mac_filtering and vlan properties are now avaiable to SR-IOV devices. This directly controls the matching SR-IOV options on the virtual function and so will completely prevent any MAC spoofing from the container or in the case of VLANs will perform hardware filtering at the VF level.

root@athos:~# lxc init ubuntu:18.04 c1
Creating c1
root@athos:~# lxc config device add c1 eth0 nic nictype=sriov parent=eth0 vlan=1015 security.mac_filtering=true
Device eth0 added to c1
root@athos:~# lxc start c1
root@athos:~# lxc list c1
+------+---------+------+-----------------------------------------------+------------+-----------+
| NAME |  STATE  | IPV4 |                     IPV6                      |    TYPE    | SNAPSHOTS |
+------+---------+------+-----------------------------------------------+------------+-----------+
| c1   | RUNNING |      | 2001:470:b0f8:1015:7010:a0ff:feca:e7e1 (eth0) | PERSISTENT | 0         |
+------+---------+------+-----------------------------------------------+------------+-----------+

New storage-size option for lxd-p2c

A new --storage-size option has been added which when used together with --storage allows specifying the desired volume size to use for the container.

root@mosaic:~# ./lxd-p2c 10.166.11.1 p2c / --storage btrfs --storage-size 10GB
Generating a temporary client certificate. This may take a minute...
Certificate fingerprint: fd200419b271f1dc2a5591b693cc5774b7f234e1ff8c6b78ad703b6888fe2b69
ok (y/n)? y
Admin password for https://10.166.11.1:8443: 
Container p2c successfully created

stgraber@castiana:~/data/code/go/src/github.com/lxc/lxd (lxc/master)$ lxc config show p2c
architecture: x86_64
config:
  volatile.apply_template: copy
  volatile.eth0.hwaddr: 00:16:3e:12:39:c8
  volatile.idmap.base: "0"
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.last_state.idmap: '[]'
devices:
  root:
    path: /
    pool: btrfs
    size: 10GB
    type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""

Ceph FS storage backend for custom volumes

Ceph FS was added as a storage driver for LXD. Support is limited to custom storage volumes though, containers will not be allowed on Ceph FS and it's indeed recommended to use Ceph RBD for them.

Ceph FS support includes size restrictions (quota) and native snapshot supports when the server, server configuration and client kernel support those features.

This is a perfect match for users of LXD clustering with Ceph as Ceph FS will allow you to attach the same custom volume to multiple containers at the same time, even if they're located on different hosts (which isn't the case for RBD).

stgraber@castiana:~$ lxc storage create test cephfs source=persist-cephfs/castiana
Storage pool test created
stgraber@castiana:~$ lxc storage volume create test my-volume
Storage volume my-volume created
stgraber@castiana:~$ lxc storage volume attach test my-volume c1 data /data

stgraber@castiana:~$ lxc exec c1 -- df -h
Filesystem                                               Size  Used Avail Use% Mounted on
/var/lib/lxd/storage-pools/default/containers/c1/rootfs  142G  420M  141G   1% /
none                                                     492K  4.0K  488K   1% /dev
udev                                                     7.7G     0  7.7G   0% /dev/tty
tmpfs                                                    100K     0  100K   0% /dev/lxd
tmpfs                                                    100K     0  100K   0% /dev/.lxd-mounts
tmpfs                                                    7.8G     0  7.8G   0% /dev/shm
tmpfs                                                    7.8G  156K  7.8G   1% /run
tmpfs                                                    5.0M     0  5.0M   0% /run/lock
tmpfs                                                    7.8G     0  7.8G   0% /sys/fs/cgroup
[2001:470:b0f8:1015:5054:ff:fe5e:ea44]:6789:/castiana     47G     0   47G   0% /data

IPv4 and IPv6 filtering (spoof protection)

One frequently requested feature is to extend our spoofing protection beyond just MAC spoofing, doing proper IPv4 and IPv6 filtering too.

This effectively allows multiple containers to share the same underlying bridge without having concerns about root in one of those containers being able to spoof the address of another, hijacking traffic or causing connectivity issues.

To prevent a container from being able to spoof the MAC or IP of any other container, you can now set the following properties on the nic device:

  • security.mac_filtering=true
  • security.ipv4_filtering=true
  • security.ipv6_filtering=true

NOTE: Setting those will prevent any internal bridging/nesting inside that container as those rely on multiple MAC addresses being used for a single container.

stgraber@castiana:~$ lxc config device add c1 eth0 nic nictype=bridged name=eth0 parent=lxdbr0 security.mac_filtering=true security.ipv4_filtering=true security.ipv6_filtering=true
Device eth0 added to c1
stgraber@castiana:~$ lxc start c1
stgraber@castiana:~$ lxc list c1
+------+---------+----------------------+----------------------------------------------+------------+-----------+
| NAME |  STATE  |         IPV4         |                     IPV6                     |    TYPE    | SNAPSHOTS |
+------+---------+----------------------+----------------------------------------------+------------+-----------+
| c1   | RUNNING | 10.166.11.178 (eth0) | 2001:470:b368:4242:216:3eff:fefa:e5f8 (eth0) | PERSISTENT | 0         |
+------+---------+----------------------+----------------------------------------------+------------+-----------+

Reworked resources API (host hardware)

The resources API (/1.0/resources) has seen a lot of improvements as well as a re-design of the existing bits. Some of the changes include:

  • CPU
  • Improved reporting of NUMA nodes (now per-core)
  • Improved reporting of frequencies (minimum, current and turbo)
  • Added cache information reporting
  • Added full core/thread topology
  • Added ID (to use for pinning)
  • Added architecture name
  • Memory
  • Added NUMA node reporting
  • Added hugepages tracking
  • GPU
  • Added sub-section for DRM information
  • Now detecting cards which aren't bound to a DRM driver
  • Support for GPU SR-IOV reporting
  • NIC
  • Added reporting of ethernet & infiniband cards
  • Support for SR-IOV
  • Per-port link information
  • Disks
  • Added support for disk reporting
  • Bus type reporting
  • Partition list
  • Disk identifiers (vendor, WWN, ...)

The lxc info --resources command was updated to match.

NOTE: This version of the resources API isn't compatible with the previous one. The data structures had to change to properly handle more complex CPU topologies (like AMD Epyc) and couldn't be done in a properly backward compatible way. As a result, the command line client will detect the resources_v2 API and fail for servers which do not support it.

root@athos:~# lxc info --resources
CPUs (x86_64):
  Socket 0:
    Vendor: GenuineIntel
    Name: Intel(R) Xeon(R) CPU E5-2695 v2 @ 2.40GHz
    Caches:
      - Level 1 (type: Data): 33kB
      - Level 1 (type: Instruction): 33kB
      - Level 2 (type: Unified): 262kB
      - Level 3 (type: Unified): 31MB
    Cores:
      - Core 0
        Frequency: 2814Mhz
        NUMA node: 0
        Threads:
          - 0 (id: 0, online: true)
          - 1 (id: 24, online: true)
      - Core 1
        Frequency: 2800Mhz
        NUMA node: 0
        Threads:
          - 0 (id: 1, online: true)
          - 1 (id: 25, online: true)
      - Core 2
        Frequency: 2652Mhz
        NUMA node: 0
        Threads:
          - 0 (id: 2, online: true)
          - 1 (id: 26, online: true)
      - Core 3
        Frequency: 2840Mhz
        NUMA node: 0
        Threads:
          - 0 (id: 27, online: true)
          - 1 (id: 3, online: true)
      - Core 4
        Frequency: 2613Mhz
        NUMA node: 0
        Threads:
          - 0 (id: 28, online: true)
          - 1 (id: 4, online: true)
      - Core 5
        Frequency: 2811Mhz
        NUMA node: 0
        Threads:
          - 0 (id: 29, online: true)
          - 1 (id: 5, online: true)
      - Core 8
        Frequency: 2710Mhz
        NUMA node: 0
        Threads:
          - 0 (id: 30, online: true)
          - 1 (id: 6, online: true)
      - Core 9
        Frequency: 2807Mhz
        NUMA node: 0
        Threads:
          - 0 (id: 31, online: true)
          - 1 (id: 7, online: true)
      - Core 10
        Frequency: 2805Mhz
        NUMA node: 0
        Threads:
          - 0 (id: 32, online: true)
          - 1 (id: 8, online: true)
      - Core 11
        Frequency: 2874Mhz
        NUMA node: 0
        Threads:
          - 0 (id: 33, online: true)
          - 1 (id: 9, online: true)
      - Core 12
        Frequency: 2936Mhz
        NUMA node: 0
        Threads:
          - 0 (id: 10, online: true)
          - 1 (id: 34, online: true)
      - Core 13
        Frequency: 2819Mhz
        NUMA node: 0
        Threads:
          - 0 (id: 11, online: true)
          - 1 (id: 35, online: true)
    Frequency: 2790Mhz (min: 1200Mhz, max: 3200Mhz)
  Socket 1:
    Vendor: GenuineIntel
    Name: Intel(R) Xeon(R) CPU E5-2695 v2 @ 2.40GHz
    Caches:
      - Level 1 (type: Data): 33kB
      - Level 1 (type: Instruction): 33kB
      - Level 2 (type: Unified): 262kB
      - Level 3 (type: Unified): 31MB
    Cores:
      - Core 0
        Frequency: 1762Mhz
        NUMA node: 1
        Threads:
          - 0 (id: 12, online: true)
          - 1 (id: 36, online: true)
      - Core 1
        Frequency: 2440Mhz
        NUMA node: 1
        Threads:
          - 0 (id: 13, online: true)
          - 1 (id: 37, online: true)
      - Core 2
        Frequency: 1845Mhz
        NUMA node: 1
        Threads:
          - 0 (id: 14, online: true)
          - 1 (id: 38, online: true)
      - Core 3
        Frequency: 2899Mhz
        NUMA node: 1
        Threads:
          - 0 (id: 15, online: true)
          - 1 (id: 39, online: true)
      - Core 4
        Frequency: 2727Mhz
        NUMA node: 1
        Threads:
          - 0 (id: 16, online: true)
          - 1 (id: 40, online: true)
      - Core 5
        Frequency: 2345Mhz
        NUMA node: 1
        Threads:
          - 0 (id: 17, online: true)
          - 1 (id: 41, online: true)
      - Core 8
        Frequency: 1931Mhz
        NUMA node: 1
        Threads:
          - 0 (id: 18, online: true)
          - 1 (id: 42, online: true)
      - Core 9
        Frequency: 1959Mhz
        NUMA node: 1
        Threads:
          - 0 (id: 19, online: true)
          - 1 (id: 43, online: true)
      - Core 10
        Frequency: 2137Mhz
        NUMA node: 1
        Threads:
          - 0 (id: 20, online: true)
          - 1 (id: 44, online: true)
      - Core 11
        Frequency: 3065Mhz
        NUMA node: 1
        Threads:
          - 0 (id: 21, online: true)
          - 1 (id: 45, online: true)
      - Core 12
        Frequency: 2603Mhz
        NUMA node: 1
        Threads:
          - 0 (id: 22, online: true)
          - 1 (id: 46, online: true)
      - Core 13
        Frequency: 2543Mhz
        NUMA node: 1
        Threads:
          - 0 (id: 23, online: true)
          - 1 (id: 47, online: true)
    Frequency: 2354Mhz (min: 1200Mhz, max: 3200Mhz)

Memory:
  Hugepages:
    Free: 0B
    Used: 171.80GB
    Total: 171.80GB
  NUMA nodes:
    Node 0:
      Hugepages:
        Free: 0B
        Used: 85.90GB
        Total: 85.90GB
      Free: 119.93GB
      Used: 150.59GB
      Total: 270.52GB
    Node 1:
      Hugepages:
        Free: 0B
        Used: 85.90GB
        Total: 85.90GB
      Free: 127.28GB
      Used: 143.30GB
      Total: 270.58GB
  Free: 250.14GB
  Used: 290.96GB
  Total: 541.10GB

GPUs:
  Card 0:
    NUMA node: 0
    Vendor: Matrox Electronics Systems Ltd. (102b)
    Product: MGA G200eW WPCM450 (0532)
    PCI address: 0000:08:03.0
    Driver: mgag200 (5.0.0-20-generic)
    DRM:
      ID: 0
      Card: card0 (226:0)
      Control: controlD64 (226:0)
  Card 1:
    NUMA node: 1
    Vendor: NVIDIA Corporation (10de)
    Product: GK208B [GeForce GT 730] (1287)
    PCI address: 0000:82:00.0
    Driver: vfio-pci (0.2)
  Card 2:
    NUMA node: 1
    Vendor: NVIDIA Corporation (10de)
    Product: GK208B [GeForce GT 730] (1287)
    PCI address: 0000:83:00.0
    Driver: vfio-pci (0.2)

NICs:
  Card 0:
    NUMA node: 0
    Vendor: Intel Corporation (8086)
    Product: I350 Gigabit Network Connection (1521)
    PCI address: 0000:02:00.0
    Driver: igb (5.4.0-k)
    Ports:
      - Port 0 (ethernet)
        ID: eth0
        Address: 00:25:90:ef:ff:31
        Supported modes: 10baseT/Half, 10baseT/Full, 100baseT/Half, 100baseT/Full, 1000baseT/Full
        Supported ports: twisted pair
        Port type: twisted pair
        Transceiver type: internal
        Auto negotiation: true
        Link detected: true
        Link speed: 1000Mbit/s (full duplex)
    SR-IOV information:
      Current number of VFs: 7
      Maximum number of VFs: 7
      VFs: 7
      - NUMA node: 0
        Vendor: Intel Corporation (8086)
        Product: I350 Ethernet Controller Virtual Function (1520)
        PCI address: 0000:02:10.0
        Driver: igbvf (2.4.0-k)
        Ports:
          - Port 0 (ethernet)
            ID: enp2s16
            Address: 72:10:a0:ca:e7:e1
            Auto negotiation: false
            Link detected: false
      - NUMA node: 0
        Vendor: Intel Corporation (8086)
        Product: I350 Ethernet Controller Virtual Function (1520)
        PCI address: 0000:02:10.4
        Driver: igbvf (2.4.0-k)
        Ports:
          - Port 0 (ethernet)
            ID: enp2s16f4
            Address: 3e:fa:1d:b2:17:5e
            Auto negotiation: false
            Link detected: false
      - NUMA node: 0
        Vendor: Intel Corporation (8086)
        Product: I350 Ethernet Controller Virtual Function (1520)
        PCI address: 0000:02:11.0
        Driver: igbvf (2.4.0-k)
        Ports:
          - Port 0 (ethernet)
            ID: enp2s17
            Address: 36:33:bf:74:89:8e
            Auto negotiation: false
            Link detected: false
      - NUMA node: 0
        Vendor: Intel Corporation (8086)
        Product: I350 Ethernet Controller Virtual Function (1520)
        PCI address: 0000:02:11.4
        Driver: igbvf (2.4.0-k)
        Ports:
          - Port 0 (ethernet)
            ID: enp2s17f4
            Address: 86:a4:f0:b5:2f:e1
            Auto negotiation: false
            Link detected: false
      - NUMA node: 0
        Vendor: Intel Corporation (8086)
        Product: I350 Ethernet Controller Virtual Function (1520)
        PCI address: 0000:02:12.0
        Driver: igbvf (2.4.0-k)
        Ports:
          - Port 0 (ethernet)
            ID: enp2s18
            Address: 56:0a:5a:0c:e7:ff
            Auto negotiation: false
            Link detected: false
      - NUMA node: 0
        Vendor: Intel Corporation (8086)
        Product: I350 Ethernet Controller Virtual Function (1520)
        PCI address: 0000:02:12.4
        Driver: igbvf (2.4.0-k)
        Ports:
          - Port 0 (ethernet)
            ID: enp2s18f4
            Address: 0a:a9:b3:21:13:8c
            Auto negotiation: false
            Link detected: false
      - NUMA node: 0
        Vendor: Intel Corporation (8086)
        Product: I350 Ethernet Controller Virtual Function (1520)
        PCI address: 0000:02:13.0
        Driver: igbvf (2.4.0-k)
        Ports:
          - Port 0 (ethernet)
            ID: enp2s19
            Address: ae:1a:db:06:8a:51
            Auto negotiation: false
            Link detected: false
  Card 1:
    NUMA node: 0
    Vendor: Intel Corporation (8086)
    Product: I350 Gigabit Network Connection (1521)
    PCI address: 0000:02:00.1
    Driver: igb (5.4.0-k)
    Ports:
      - Port 0 (ethernet)
        ID: eth1
        Address: 00:25:90:ef:ff:31
        Supported modes: 10baseT/Half, 10baseT/Full, 100baseT/Half, 100baseT/Full, 1000baseT/Full
        Supported ports: twisted pair
        Port type: twisted pair
        Transceiver type: internal
        Auto negotiation: true
        Link detected: true
        Link speed: 1000Mbit/s (full duplex)
    SR-IOV information:
      Current number of VFs: 0
      Maximum number of VFs: 7

Disks:
  Disk 0:
    NUMA node: 0
    ID: nvme0n1
    Device: 259:0
    Model: INTEL SSDPEKNW020T8
    Type: nvme
    Size: 2.05TB
    WWN: eui.0000000001000000e4d25c8b7c705001
    Read-Only: false
    Removable: false
    Partitions:
      - Partition 1
        ID: nvme0n1p1
        Device: 259:1
        Read-Only: false
        Size: 52.43MB
      - Partition 2
        ID: nvme0n1p2
        Device: 259:2
        Read-Only: false
        Size: 26.84GB
      - Partition 3
        ID: nvme0n1p3
        Device: 259:3
        Read-Only: false
        Size: 8.59GB
      - Partition 4
        ID: nvme0n1p4
        Device: 259:4
        Read-Only: false
        Size: 53.69GB
      - Partition 5
        ID: nvme0n1p5
        Device: 259:5
        Read-Only: false
        Size: 1.96TB
  Disk 1:
    NUMA node: 0
    ID: nvme1n1
    Device: 259:6
    Model: INTEL SSDPEKNW020T8
    Type: nvme
    Size: 2.05TB
    WWN: eui.0000000001000000e4d25cca7c705001
    Read-Only: false
    Removable: false
    Partitions:
      - Partition 1
        ID: nvme1n1p1
        Device: 259:7
        Read-Only: false
        Size: 52.43MB
      - Partition 2
        ID: nvme1n1p2
        Device: 259:8
        Read-Only: false
        Size: 26.84GB
      - Partition 3
        ID: nvme1n1p3
        Device: 259:9
        Read-Only: false
        Size: 8.59GB
      - Partition 4
        ID: nvme1n1p4
        Device: 259:10
        Read-Only: false
        Size: 53.69GB
      - Partition 5
        ID: nvme1n1p5
        Device: 259:11
        Read-Only: false
        Size: 1.96TB
  Disk 2:
    NUMA node: 0
    ID: sda
    Device: 8:0
    Model: WDC WD60EFRX-68M
    Type: scsi
    Size: 6.00TB
    Read-Only: false
    Removable: false
    Partitions:
      - Partition 1
        ID: sda1
        Device: 8:1
        Read-Only: false
        Size: 6.00TB
      - Partition 9
        ID: sda9
        Device: 8:9
        Read-Only: false
        Size: 8.39MB
  Disk 3:
    NUMA node: 0
    ID: sdb
    Device: 8:16
    Model: WDC WD60EFRX-68M
    Type: scsi
    Size: 6.00TB
    Read-Only: false
    Removable: false
    Partitions:
      - Partition 1
        ID: sdb1
        Device: 8:17
        Read-Only: false
        Size: 6.00TB
      - Partition 9
        ID: sdb9
        Device: 8:25
        Read-Only: false
        Size: 8.39MB
  Disk 4:
    NUMA node: 0
    ID: sdc
    Device: 8:32
    Model: WDC WD60EFRX-68M
    Type: scsi
    Size: 6.00TB
    Read-Only: false
    Removable: false
    Partitions:
      - Partition 1
        ID: sdc1
        Device: 8:33
        Read-Only: false
        Size: 6.00TB
      - Partition 9
        ID: sdc9
        Device: 8:41
        Read-Only: false
        Size: 8.39MB
  Disk 5:
    NUMA node: 0
    ID: sdd
    Device: 8:48
    Model: WDC WD60EFRX-68L
    Type: scsi
    Size: 6.00TB
    Read-Only: false
    Removable: false
    Partitions:
      - Partition 1
        ID: sdd1
        Device: 8:49
        Read-Only: false
        Size: 6.00TB
      - Partition 9
        ID: sdd9
        Device: 8:57
        Read-Only: false
        Size: 8.39MB
  Disk 6:
    NUMA node: 0
    ID: sde
    Device: 8:64
    Model: CT1000MX500SSD1
    Type: scsi
    Size: 1.00TB
    Read-Only: false
    Removable: false
    Partitions:
      - Partition 1
        ID: sde1
        Device: 8:65
        Read-Only: false
        Size: 52.43MB
      - Partition 2
        ID: sde2
        Device: 8:66
        Read-Only: false
        Size: 1.07GB
      - Partition 3
        ID: sde3
        Device: 8:67
        Read-Only: false
        Size: 17.18GB
      - Partition 4
        ID: sde4
        Device: 8:68
        Read-Only: false
        Size: 4.29GB
      - Partition 5
        ID: sde5
        Device: 8:69
        Read-Only: false
        Size: 977.60GB
  Disk 7:
    NUMA node: 0
    ID: sdf
    Device: 8:80
    Model: WDC WD60EFRX-68M
    Type: scsi
    Size: 6.00TB
    Read-Only: false
    Removable: false
    Partitions:
      - Partition 1
        ID: sdf1
        Device: 8:81
        Read-Only: false
        Size: 6.00TB
      - Partition 9
        ID: sdf9
        Device: 8:89
        Read-Only: false
        Size: 8.39MB
  Disk 8:
    NUMA node: 0
    ID: sdg
    Device: 8:96
    Model: WDC WD60EFRX-68M
    Type: scsi
    Size: 6.00TB
    Read-Only: false
    Removable: false
    Partitions:
      - Partition 1
        ID: sdg1
        Device: 8:97
        Read-Only: false
        Size: 6.00TB
      - Partition 9
        ID: sdg9
        Device: 8:105
        Read-Only: false
        Size: 8.39MB
  Disk 9:
    NUMA node: 0
    ID: sdh
    Device: 8:112
    Model: WDC WD60EFRX-68M
    Type: scsi
    Size: 6.00TB
    Read-Only: false
    Removable: false
    Partitions:
      - Partition 1
        ID: sdh1
        Device: 8:113
        Read-Only: false
        Size: 6.00TB
      - Partition 9
        ID: sdh9
        Device: 8:121
        Read-Only: false
        Size: 8.39MB
  Disk 10:
    NUMA node: 0
    ID: sdi
    Device: 8:128
    Model: WDC WD60EFRX-68M
    Type: scsi
    Size: 6.00TB
    Read-Only: false
    Removable: false
    Partitions:
      - Partition 1
        ID: sdi1
        Device: 8:129
        Read-Only: false
        Size: 6.00TB
      - Partition 9
        ID: sdi9
        Device: 8:137
        Read-Only: false
        Size: 8.39MB

Control over uid, gid and cwd during command execution

It is now possible to specify what user id (uid), group id (gid) or current working directory (cwd) to use for a particular command. Note that user names and group names aren't supported.

stgraber@castiana:~$ lxc exec c1 --user 1000 --group 1000 --cwd /tmp -- bash
ubuntu@c1:/tmp$ id
uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu)
ubuntu@c1:/tmp$

Quota support for custom storage volumes on dir backend

When using a storage pool backend by the dir driver and with a source path that supports filesystem project quotas, it is now possible to set disk usage limits on custom volumes.

stgraber@castiana:~$ sudo truncate -s 100G test.img
stgraber@castiana:~$ sudo mkfs.ext4 test.img
mke2fs 1.45.2 (27-May-2019)
Discarding device blocks: done                            
Creating filesystem with 26214400 4k blocks and 6553600 inodes
Filesystem UUID: 50ee78cb-e4e3-4e09-b38b-3fb06c6740a4
Superblock backups stored on blocks: 
    32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
    4096000, 7962624, 11239424, 20480000, 23887872

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (131072 blocks): done
Writing superblocks and filesystem accounting information: done   
stgraber@castiana:~$ sudo tune2fs -O project -Q prjquota test.img
tune2fs 1.45.2 (27-May-2019)
stgraber@castiana:~$ sudo mkdir /mnt/test
stgraber@castiana:~$ sudo mount -o prjquota test.img /mnt/test
stgraber@castiana:~$ sudo rmdir /mnt/test/lost+found

stgraber@castiana:~$ lxc storage create dir dir source=/mnt/test
Storage pool dir created
stgraber@castiana:~$ lxc storage volume create dir blah
Storage volume blah created
stgraber@castiana:~$ lxc storage volume attach dir blah c1 blah /blah

stgraber@castiana:~$ lxc exec c1 -- df -h /blah
Filesystem      Size  Used Avail Use% Mounted on
/dev/loop32      98G   61M   93G   1% /blah
stgraber@castiana:~$ lxc storage volume set dir blah size 10GB
stgraber@castiana:~$ lxc exec c1 -- df -h /blah
Filesystem      Size  Used Avail Use% Mounted on
/dev/loop32     9.4G  4.0K  9.4G   1% /blah

Bugs fixed

  • client: Move to units package
  • doc: Fix underscore escaping
  • doc/devlxd: Fix path to host's communication socket
  • doc/README: Add basic install instructions
  • doc/README: Update linker flags
  • i18n: Update translations from weblate
  • i18n: Update translation templates
  • lxc: Fix renaming storage volume snapshots
  • lxc: Move to units package
  • lxc/copy: Always strip volatile.last_state.power
  • lxc/export: Expire the backup after 24 hours
  • lxd: Better handle bad commands
  • lxd: Fix renaming volume snapshots
  • lxd: Move to units package
  • lxd: Use RunCommandSplit when needed
  • lxd/api: Update handler funcs to take nodeRefreshFunc
  • lxd/cluster: Always return node list on rebalance
  • lxd/cluster: Better handle DB node removal
  • lxd/cluster: Export some heartbeat code
  • lxd/cluster: Perform heartbeats only on the leader
  • lxd/cluster: Update HandlerFuncs calls in tests
  • lxd/cluster: Update heartbeat test to pass last leader heartbeat time
  • lxd/cluster: Update tests not to use KeepUpdated in tests
  • lxd/cluster: Use correct node id on promote
  • lxd/cluster/gateway: Update to receive new heartbeat format
  • lxd/cluster/heartbeat: Add new heartbeat request format
  • lxd/cluster/heartbeat: Compare both ID and Address
  • lxd/cluster/heartbeat: Fix bug when nodes join during heartbeat
  • lxd/cluster/heartbeat: Remove unneeded go routine (as context does cancel)
  • lxd/cluster/heartbeat: Use current timestamp for DB record
  • lxd/cluster/membership: Update Join to send new heartbeat format
  • lxd/cluster/upgrade: Remove KeepUpdated and use MayUpdate directly
  • lxd/cluster/upgrade: Remove unused context
  • lxd/cluster/upgrade: Remove unused context from test
  • lxd/containers: Add allocateNetworkFilterIPs
  • lxd/containers: Add error checking for calls to networkClearLease
  • lxd/containers: Add SR-IOV parent restoration
  • lxd/containers: Better detect and alert on missing br_netfilter module
  • lxd/containers: Combine state updates
  • lxd/containers: Consistent comment endings
  • lxd/containers: Disable auto mac generation for sriov devices
  • lxd/containers: Ensure dnsmasq config refresh if bridge nic added/removed
  • lxd/containers: Ensure that sriov devices use volatile host_name for removal
  • lxd/containers: Fix return value of detachInterfaceRename
  • lxd/containers: Fix showing host_name of veth pair in lxc info
  • lxd/containers: Fix snapshot restore on ephemeral
  • lxd/containers: Fix template handling
  • lxd/containers: generateNetworkFilterEbtablesRules to accept IP info as args
  • lxd/containers: generateNetworkFilterIptablesRules to accept IP info as args
  • lxd/containers: Improve comment on DHCP host config removal
  • lxd/containers: Made detection of veth nic explicit
  • lxd/containers: Move all nic hot plug functionality into separate functions
  • lxd/containers: Move container taring logic into standalone class
  • lxd/containers: Move network filter setup into setupHostVethDevice
  • lxd/containers: Move stop time nic device detach into cleanupNetworkDevices
  • lxd/containers: Remove containerNetworkKeys as unused
  • lxd/containers: Remove ineffective references to containerNetworkKeys
  • lxd/containers: Remove the need for fixed veth peer when doing mac_filtering
  • lxd/containers: Remove unused arg from setNetworkRoutes
  • lxd/containers: Separate cleanupHostVethDevices into cleanupHostVethDevice
  • lxd/containers: Speed up startCommon a bit
  • lxd/containers: Update removeNetworkFilters to use dnsmasq config
  • lxd/containers: Update setNetworkFilters to allocate IPs if needed
  • lxd/containers: Update setupHostVethDevice to wipe old DHCPv6 leases
  • lxd/containers: Use current binary for early hooks
  • lxd/daemon: Update daemon to support node refresh tasks from heartbeat
  • lxd/db: Add Gateway.isLeader() function
  • lxd/db: Better formatting
  • lxd/db: Bootstrap dqlite for new servers
  • lxd/db: Check dqlite version of connecting nodes
  • lxd/db: Check TLS cert in raft connection handler
  • lxd/db: Conditionally check leadership in dqlite dial function
  • lxd/db: Convert tests to the new go-dqlite API
  • lxd/db: Copy network data between TLS Go conn and Unix socket
  • lxd/db: Custom dqlite dial function
  • lxd/db: Don't use the db in legacy patch 12
  • lxd/db: Drop dependencies on hashicorp/raft
  • lxd/db: Drop hashicorp/raft setup code
  • lxd/db: Drop the legacy /internal/raft endpoint
  • lxd/db: Drop unused hashicorp/raft network transport wrapper
  • lxd/db: Fix comment
  • lxd/db: Fix import
  • lxd/db: Fix lint
  • lxd/db: Get information about current servers from dqlite
  • lxd/db: Ignore missing WAL files when reproducing snapshots
  • lxd/db: Improve gateway standalone test
  • lxd/db: Instantiate dqlite
  • lxd/db: Move container list from containersShutdown into containersOnDisk
  • lxd/db: No need to shutdown hashicorp/raft instance
  • lxd/db: Only use the schema db transaction in legacy patches
  • lxd/db: Perform data migration to dqlite 1.0 format
  • lxd/db: Retry copy-related errors
  • lxd/db: Return HTTP code 426 (Upgrade Required) if peer has old version
  • lxd/db: Set max open conns before running schema upgrades
  • lxd/db: Translate address of first node
  • lxd/db: Turn patchShrinkLogsDBFile into a no-op
  • lxd/db: Update comment
  • lxd/db: Update docstring
  • lxd/db: Update unit tests
  • lxd/db: Use dqlite leave primitive
  • lxd/db: Use dqlite's join primitive
  • lxd/db: Use ID instead of address to detect initial node
  • lxd/db: Wire isLeader()
  • lxd/instance_types: Improve errors
  • lxd/main: Fix debug mode flag to actually enable debug mode
  • lxd/main: Fix test runner by allowing empty command arg
  • lxd/main_callhook: Don't call /1.0
  • lxd/main_checkfeature: Remove unused variable
  • lxd/main_forkmknod: Check for MS_NODEV
  • lxd/main_forkmknod: Correctly handle shiftfs
  • lxd/main_forkmknod: Ensure correct device ownership
  • lxd/main_forkmknod: Remove unused variables
  • lxd/main_forkmknod: Simplify
  • lxd/main_forknet: Clean up forknet detach error logging and output
  • lxd/networks: Add DHCP range functions
  • lxd/networks: Add --dhcp-rapid-commit when dnsmasq version > 2.79
  • lxd/networks: Add IP allocation functions
  • lxd/networks: Add networkDeviceBindWait function
  • lxd/networks: Add networkDHCPv4Release function
  • lxd/networks: Add networkDHCPv6Release function and associated packet helper
  • lxd/networks: Add networkGetVirtFuncInfo function
  • lxd/networks: Add networkUpdateStaticContainer
  • lxd/networks: Add SR-IOV related PCI bind/unbind helper functions
  • lxd/networks: Allow querying state on non-managed
  • lxd/networks: Call networkUpdateForkdnsServersTask from node refresh
  • lxd/networks: Cleaned up the device bind/unbind functions for SR-IOV
  • lxd/networks: Fix bug preventing 3rd party routes restoration on startup
  • lxd/networks: Remove unused context
  • lxd/networks: Remove unused state.State from networkClearLease()
  • lxd/networks: Start dnsmasq with --no-ping option to avoid delayed writes
  • lxd/networks: Update networkClearLease to support a mode flag
  • lxd/networks: Update networkClearLease to use DHCP release helpers
  • lxd/networks: Update networkUpdateStatic to use existing config for filters
  • lxd/networks: Update networkUpdateStatic to use networkUpdateStaticContainer
  • lxd/networks: Update refreshForkdnsServerAddresses to run from node refresh
  • lxd/patches: Handle btrfs snapshots properly
  • lxd/proxy: Fix error handling for unix
  • lxd/rsync: Allow disabling xattrs during copy
  • lxd/rsync: Don't double-specify --xattrs
  • lxd/seccomp: Add insertMount() helpers
  • lxd/seccomp: Cause a default message to be sent
  • lxd/seccomp: Check permissions before handling mknod via device injection
  • lxd/seccomp: Cleanup + simplify
  • lxd/seccomp: Define __NR_mknod if missing
  • lxd/seccomp: Ensure correct owner on __NR_mknod{at}
  • lxd/seccomp: Fix error reporting
  • lxd/seccomp: Handle compat arch syscalls
  • lxd/seccomp: Handle new liblxc seccomp notify updates
  • lxd/seccomp: Retry with mount hotplug
  • lxd/seccomp: Rework missing syscall number definitions
  • lxd/seccomp: Simplify and make more secure
  • lxd/storage: Fix copies of volumes with snapshots
  • lxd/storage/ceph: Fix snapshot deletion cleanup
  • lxd/storage/dir: Allow size limits on dir volumes
  • lxd/storage/dir: Fix quotas on dir
  • lxd/storage/dir: Fix some deletion cases
  • lxd/storage/lvm: Adds space used reporting for LVM thinpools
  • lxd/task/group: Improve locking of Start/Add/Stop functions to avoid races
  • Makefile: Update make deps to build also libco and raft
  • shared: Add volatile key suffixes for SR-IOV
  • shared: Better handle stdout/stderr in RunCommand
  • shared: Move to units package
  • shared/netutils: Add lxc_abstract_unix_recv_fds_iov()
  • shared/netutils: Fix bug with getting container PID
  • shared/termios: Fix port to sys/unix
  • shared/units: Move unit functions
  • tests: Add check for dnsmasq host config file removal on container delete
  • tests: Add DHCP lease release tests
  • tests: Add p2p test for adding new nic rather than updating existing
  • tests: Add SR-IOV tests
  • tests: Add test for dnsmasq host config update when nic added/removed
  • tests: Add tests for security.mac_filtering functionality
  • tests: Always pass --force to stop/restart
  • tests: Don't leak remotes in tests
  • tests: Fix bad call to spawn_lxd
  • tests: Fix typo in test/suites/clustering.sh
  • tests: Increase nic bridge ping sleep time to 2s
  • tests: Make new shellcheck happy
  • tests: Make shellcheck happy
  • tests: Optimize ceph storage test
  • tests: Properly scope LXD_NETNS
  • tests: Remove un-needed LXD_DIR
  • tests: Re-order tests a bit
  • tests: Scope cluster LXD variables
  • tests: Test renaming storage volume snapshots
  • tests: Update godeps
  • tests: Update nic bridge tests to check for route restoration
  • various: Removes use of golang.org/x/net/context in place of stdlib context
  • vendor: Drop vendor directory

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

Binary builds are also available for:

  • Linux: snap install lxd
  • MacOS: brew install lxc
  • Windows: choco install lxc

LXD 3.0.4 has been released

21st of June 2019

Introduction

The LXD team is pleased to announce the release of LXD 3.0.4!

As a stable bugfix release, no major changes have been done, instead focusing on bugfixes and minor usability improvements.

Highlights

Migration feature negotiation

Rsync and ZFS options are now being negotiated as part of migration, avoiding container migration issues when moving between different LXD versions or different host OS versions.

Additional progress reporting

Some commands like lxc launch and lxc publish will now report additional progress information in some situations.

Bugfixes

  • fix newline error in ja.po
  • test: Support AppArmor policy cache directory
  • lxd: Fix AppArmor cache policy version check
  • lxd/storage: user_subvol_rm_allowed for btrfs
  • lxd/containers: Improve hwaddr retry logic
  • lxd/storage/zfs: Detect tool version on Ubuntu
  • lxd/db: Fix unit test not actually checking error
  • lxd/db: Fix typo in existing docstring
  • lxd/migration: Bi-directional rsync negotiation
  • lxd/migration: Negotiate ZFS compression
  • lxd/migration: Simplify MigrationSource
  • lxd/migration: Simplify StorageMigrationSink
  • lxd/migration: Simplify MigrationSink
  • tests: Always pass -w to iptables
  • lxd/migration: Cleanup feature negotiation
  • shared: Fix import order
  • lxd/init: Fix typo
  • shared/termios: Add shim for non-cgo builds
  • lxd/storage/lvm: Run pvremove on VG deletion
  • tests: Bump size to 120MB for btrfs
  • shared/idmap: Workaround Go tip change
  • client: convert EventListener to use api.Event
  • client: Fix crash on missing ProgressTracker
  • shared: Fix windows cert handling
  • lxd/proxy: Improve shutdown code
  • lxd/migration: Re-spawn proxy devices
  • lxd/migration: Fix shutdown race
  • lxd/db: Make ContainerSetState use single query
  • tests: Improve live-migration tests
  • lxd/storage_zfs_utils: Add zfsPoolVolumeExists
  • lxd/cluster: Tweak error messages
  • Updated documentation of /cluster/members/ to have correct keys
  • lxd/init: Checks if a zfs storage pool or dataset exists
  • README: Update doc links
  • shared/util: Export DownloadFileHash
  • client: Use exported DownloadFileHash
  • tests: Add env variable to skip static analysis
  • tests: Remove sleep in console test
  • tests: Reduce delays in devlxd test
  • tests: Speed up basic tests
  • tests: Reduce sleep in network test
  • tests: Reduce teardown delays
  • tests: Drop startup sleep for cluster
  • lxc/monitor: Fix rendering
  • shared: Read certificates from host
  • lxd/cluster: Fix schema upgrades
  • image-handling.md: 'release' should be a string and not a list
  • doc: Cleanup security.md
  • lxd/containers: Adapt to go-lxc Release
  • lxc: Fix image list help
  • client: Properly reset listener on error
  • shared/osarch: Add armhfp (centos)
  • doc: Document btrfs resize
  • lxd/containers: Fix lxc.mount.entry for musl
  • client: Strip trailing slashes in URLs
  • lxd/apparmor: Tweak default set of rules
  • *: Rename {Creation,LastUsed}Date to {Created,LastUsed}At
  • tests: Tweak fdleak test
  • lxd: Add internal command to trigger GC
  • shared: Properly handle uncompressed tarballs
  • lxd/containers: Always delete container on create error
  • lxd/containers: Fix disk limits at creation
  • tests: Fix negative tests in basic.sh
  • tests: Fix negative tests in config.sh
  • tests: Fix negative tests in database_update.sh
  • tests: Fix negative tests in devlxd.sh
  • tests: Fix negative tests in external_auth.sh
  • tests: Fix negative tests in idmap.sh
  • tests: Fix negative tests in pki.sh
  • tests: Fix negative tests in remote.sh
  • tests: Fix negative tests in serverconfig.sh
  • tests: Fix negative tests in sql.sh
  • tests: Fix negative tests in storage.sh
  • tests: Fix negative tests in storage_driver_ceph.sh
  • tests: Fix negative tests in storage_local_volume_handling.sh
  • tests: Fix negative tests in storage_profiles.sh
  • tests: Fix negative tests in storage_volume_attach.sh
  • tests: Fix negative tests in template.sh
  • tests: Fix bad test in external_auth
  • tests: Fix bad test in sql
  • tests: Fix bad test in storage
  • tests: Fix volume list in cluster
  • lxd/storage: Fix validation of CEPH config
  • tests: Fix container leak
  • lxd/storage/ceph: Unmap volume after creation
  • lxd/storage/ceph: Create custom mountpoints if missing
  • lxd/containers: Call storage unmount on detach
  • lxd/storage/ceph: Unmap on unmount
  • lxd/migration: Fix race in abort
  • lxd/migration: Handle crashing rsync
  • lxd/migration: Fix sender side errors handling
  • lxd/storage: Fix broken error handling
  • lxd: finish converting events to api.Event
  • lxd/storage: Freeze containers during rsync
  • tests: Reduce sleeps in proxy tests
  • tests: Reduce clustering delays
  • i18n: Fix duplicate language
  • doc: Clarify measurement units
  • lxd: Send metadata in CreateImage error response
  • lxd: Fix possible segfaults in tasks
  • lxd: Send metadata in CreateImage error importing image
  • lxd/images: change compressFile to take io.Reader and io.Writer
  • lxd/images: calculate sha256 as image is written
  • shared.Unpack: Add support for a ProgressTracker during unpack
  • storage: Add ioprogress.ProgressTracker field to storage
  • lxd: Send progress info for export and import operations
  • shared: Progress metadata as a map
  • tests: Fix negative tests in clustering.sh
  • tests: Fix negative tests in migration.sh
  • tests: Fix negative tests in security.sh
  • tests: Fix bad test in clustering
  • images: Tar and compress in a combined stream when packing an image
  • i18n: Update translation templates
  • tests: Fix bad test in security
  • lxd/cluster: Fix config test
  • shared/osarch: Add gentoo armhf variant
  • fix variable in range
  • lxd/db: Fix tests for current go-sqlite3
  • lxd/storage: Drop unused function
  • lxd/network: Rework IP validation functions
  • lxd/containers: Validate ipv4/ipv6 address
  • lxd/network: Reword sysctl network functions
  • lxd/containers: Skip interface removal if missing
  • client: Add UpdateContainerSnapshot
  • client: Support overriding pool when importing backups
  • shared/api: Support updating container snapshots
  • lxd/containers: Update for ContainerSnapshot
  • client: fix goroutine leak in ExecContainer
  • shared/osarch: Add ArchLinux name for armv7
  • lxd: remove /proc/self/cmdline parsing
  • Revert "lxd: remove /proc/self/cmdline parsing"
  • nsexec: make cmdline parsing more reliable
  • lxd/storage/lvm: Call wipesignatures
  • config: Keep candid domains and cookies per-remote
  • lxc: Update for per-remote candid domain/cookies
  • tests: Update godeps
  • lxd/containers: Set liblxc env for CVE-2019-5736
  • lxd/storage/ceph: Rework df handling
  • lxc/remote: Tweak remote list
  • shared: Tweak progress metadata
  • lxd: Set correct progress data for backup/publish
  • lxc/publish: Add progress reporting
  • shared/api: Add snapshot expiry configuration on create
  • client: Add snapshot expiry configuration on create
  • i18n: Update translation templates
  • lxc/publish: Fix bad cherry-pick
  • lxd: copy C smarts from LXC into lxd/include/
  • nsexec: cleanup macros do_setns
  • nsexec: cleanup macros in_same_namespace
  • nsexec: cleanup macros attach_userns
  • nsexec: cleanup macros file_to_buf
  • devlxd_gccgo: initialize to 0
  • network: include macro.h
  • checkfeature: cleanup macros netns_set_nsid
  • forkfile: cleanup macros manip_file_in_ns
  • storage_cgo: include macro.h
  • storage_cgo: cleanup macros find_associated_[...]
  • storage_cgo: cleanup macros get_un[...]_legacy
  • storage_cgo: cleanup macros get_unused_loop_dev
  • storage_cgo: cleanup macros prepare_loop_dev
  • shift_linux: cleanup macros shiftowner
  • util_linux_cgo: cleanup macros lxc_abstract_[...]
  • Revert "client: fix goroutine leak in ExecContainer"
  • util_linux_cgo: restore old behavior
  • lxc/exec: Cleanup terminal logic
  • client: Empty stdin channel on exec completion
  • lxc/list: Fix multiple filters
  • lxd/main_nsexec: Fix type of length in file_to_buf
  • Use capital case in error messages returned by db.NodeInfo.IsEmpty()
  • db.NodeInfo.IsEmpty(): a node with custom volumes is not empty
  • Add integration test checking that nodes with custom volumes can't be removed
  • Prompt for confirmation when using --delete to remove a server
  • lxc/monitor: Don't directly use Exit
  • lxc/console: Remove unused code
  • lxc: Improve error handling in execIfAliases
  • lxc/exec: Don't use Exit
  • lxc/remote: Use candid if supported
  • Add first stab at FAQ
  • doc: Fix typoes in faq.md
  • lxd/response: Simplify SmartError
  • lxc/info: Add targeting to 'lxc info'
  • lxc/storage: Add targeting to 'lxc storage info'
  • lxd: Fix targeting for /1.0 and /1.0/resources
  • shared/api: Add Location to NetworkLeases
  • lxd/migration: Fix handling of missing profiles
  • terminal: do not chown master fd
  • shared/api: Drop StoragePool from Resources struct
  • lxd/resources: Fix bad CPU reporting
  • doc: Inform about ZFS pool default compression
  • shared: Switch ParseNumberFromFile to simple read
  • shared/api: Add CPU socket to resources
  • shared/api: Add GPU to Resources
  • lxd/devices: Cleanup GPU structs
  • shared/idmap: Use separate uid and gid entries
  • lxd-p2c: Workaround for broken /proc/self/exe
  • simplestreams: Align JSON struct for index.json
  • shared/api: Add more GPU info
  • network: Bring mtu device up
  • lxd: Don't leak netlink fds
  • shared/api: Add Location field to operations
  • shared/api: Add NUMA information to resources
  • shared/api: Add KernelFeatures
  • shared/api: Sort ServerEnvironment struct
  • lxd/cluster: Workaround new raft logging
  • simplestreams: Align JSON struct for images.json
  • Fix typo in faq.md
  • Tweak markdown format in storage.md
  • lxc/action: skip containers with intended state
  • lxd/storage/ceph: Fix copying existing volume snap
  • lxd/storage: Rename shiftRootfs to initialShiftRootfs
  • lxd/containers: Use LXC hook version 1
  • lxd/containers: Fix owner/mode of container path
  • lxd/storage: Rename ShiftIfNecessary to resetContainerDiskIdmap
  • lxd/storage: Remove setUnprivUserACL
  • lxc/launch: Show start progress
  • lxd/containers: Implement new idmap functions
  • lxd/containers: Port to new idmap functions
  • doc: Introduce volatile.idmap.current
  • lxd/migrate: Shift CRIU files to current map
  • lxd/containers: Cleanup template application
  • lxd/containers: Properly handle tar shifting
  • lxd/containers: Handle mid-remap containers
  • lxd/containers: Stop proxy before storage
  • shared/api: Add Location field to api.Event
  • client: Properly generate events URL
  • client: Optimize copies on same nodes
  • shared/osarch: Add Plamo x86 arch
  • lxd/internal: Have GC endpoint release memory
  • lxd/cluster: Export Snapshot function
  • lxd/internal: Expose raft-snapshot
  • tests: Allow up to 15s for container reboot
  • lxd/tasks: Avoid races on startup
  • lxc/config: Use shared.IsSnapshot
  • shared/osarch: Add i586 to arch aliases
  • client: Don't crash on missing stdin
  • shared/api: Extend StorageVolumePost
  • client: Consider volumeOnly option when migrating
  • client: Copy volume config and description
  • client: Fix copying between two unix sockets
  • client: Fix copy from snapshot
  • client: Add support for cluster_internal_copy
  • shared/api: Add lxc_features
  • shared/idmap: Add comparison function
  • shared: Fix Windows build
  • shared/network: Fix reporting of down interfaces
  • shared/getifaddrs: Export peer link id
  • shared/network: Get HostName field when possible
  • shared: Adds StringMapHasStringKey helper function
  • shared: handle SCM_CREDENTIALS when receiving fds
  • shared: add AbstractUnixReceiveFdData()
  • shared: fix $SNAP handling under new snappy
  • checkfeature: cleanup macros is_netnsid_aware
  • forkmount: cleanup macros
  • misc(rest-api.md): formatting
  • lxc/info: Show snapshot expiry
  • lxd/backup: Re-order checks for backup.yaml
  • lxc/config: Add targeting to 'lxc config'
  • lxd/containers: Export container location
  • lxd/storage/lvm: Pass nouuid for xfs backups
  • lxd/operations: Fill the Location field
  • lxc/operation: Show location column
  • lxd/cluster: Initialize candid on join
  • lxd/storage/ceph: Always unmap after use
  • lxd: Add username/fingerprint to request context
  • lxd: Cleanup authentication code
  • lxd: Drop initialShiftRootfs and always shift on start
  • lxd: Port to new idmap functions
  • api: Add id_map_current API extension
  • lxd/containers: Cleanup shifting
  • vendor: Temporary Raft vendoring
  • tests: Ignore vendor/
  • i18n: Update translation templates
  • lxd/storage/zfs: Run rename in clean mntns
  • lxd/cluster: Limit log message forwarding
  • lxd/images: Don't keep an in-memory simplestreams cache
  • patches: Fix names of pool volume LVs
  • lxd/patches: Fix LVM VG name
  • lxd/images: Fix simplestreams cache expiry
  • lxd/storage/ceph: Don't mix stderr with json
  • lxd/storage: Fix error message on differing maps
  • lxd/container: Moves network limits to be run as a network up hook rather than container start hook
  • lxd/container: removes unused arg from network limits function
  • forkproxy: make logfile close on exec
  • forkproxy: use standard macros on exit
  • lxd/db: Properly handle unsetting keys
  • lxd: More reliably grab interface host name
  • lxc/utils: Updates progress to stop outputting if msg is longer than window
  • lxd/candid: Cleanup config handling
  • lxd/cluster: Bump heartbeatInterval to 10s
  • lxd/cluster: Spread hearbeats in time
  • netns_getifaddrs: adapt to kernel changes
  • lxd/container: Only runs network up hook for nics that need it
  • test: Updates config tests to use host_name for nic tests
  • lxd/container: Changes disable_ipv6=1 to accept_ra=0 on host side interface
  • doc: Adds missing packages to install guide
  • lxd/profile: Port to APIEndpoint
  • lxd/internal: Port to APIEndpoint
  • lxd/cluster: Port to APIEndpoint
  • lxd/event: Port to APIEndpoint
  • lxd/daemon: Port to APIEndpoint
  • lxd/storage: Handle XFS with leftover journal entries
  • lxd/certificates: Make certificate add more robust
  • doc: Correct host_name property
  • lxd/storage/btrfs: Don't make ro snapshots when unpriv
  • lxd/containers: Don't needlessly mount snapshots
  • lxd/containers: Avoid costly storage calls during snapshot
  • lxd/cluster: Avoid panic in Gateway
  • lxd/cluster: Use current time for hearbeat
  • lxd/cluster: Fix race condition during join
  • lxd/images: Properly handle invalid protocols
  • network: Fixes custom MTU not being applied on hot plug
  • lxd/db: Fix bad test
  • tests: Fix race condition in proxy test
  • lxd: Use idmap.Equals
  • lxd/proxy: Fix goroutine leak
  • forkproxy: Retry epoll on EINTR
  • forkproxy: make helpers static
  • lxd: Rename parseAddr to proxyParseAddr
  • lxd/api: Rename serverResources to api10Resources
  • lxd/api: Rename snapshotHandler to containerSnapshotHandler
  • lxd/api: Rename operation functions for consistency
  • lxd/proxy: Drop unused function
  • lxd: Have Authenticate return the protocol
  • lxd: Don't allow remote access to internal API
  • lxd/migration: Fix feature negotiation
  • lxd/api: Rename certificateFingerprint to certficate
  • lxd/certificate: Port to APIEndpoint
  • lxd/resource: Port to APIEndpoint
  • lxd/operation: Port to APIEndpoint
  • lxd/api: Rename alias commands to imageAlias
  • lxd/api: Replace Command with APIEndpoint
  • lxd/storage: Port to APIEndpoint
  • lxd/network: Port to APIEndpoint
  • lxd/container: Port to APIEndpoint
  • lxd/image: Port to APIEndpoint
  • lxd/api: Handle AccessHandler
  • lxd/storage/ceph: Fix snapshot of running xfs/btrfs
  • lxd/containers: Be consistent with timestamps
  • lxd/db: Introduce ContainerConfigUpdate
  • lxd/containers: Don't diff go-lxc structs
  • lxd/network: Log failures to reload
  • lxd: Don't start on migration
  • api/cluster: Fixes missing return on SmartError
  • container/metadata: Fixes missing return on InternalError
  • doc: Clarify API security and options to restrict
  • Trigger the upgrade script if we detect a dqlite client with higher version
  • lxd/storage/ceph: Fix UUID re-generation
  • lxd/storage/ceph: Fix snapshot of running containers
  • lxd/containers: Speed up simple snapshot list
  • lxd/storage/ceph: Only rewrite UUID once
  • lxd/sys: Cleanup State struct
  • shared: Move network cgo to shared/netutils
  • shared/netutils: Move send/recv fd functions
  • test: Added more tests for container nics
  • lxd/containers: Replace ConfigKeySet with VolatileSet
  • test: Updates physical tests to detect MTU support in LXC
  • test: Updates macvlan tests to detect MTU support in LXC
  • lxc/move: Start container when appropriate
  • doc: Add section on container security
  • doc: s/HTTPs/HTTPS/g
  • doc: Remove mention of RBAC
  • doc: Re-structures container nic docs into each nic type
  • test: Re-works nic p2p and bridged tests to check for static routes working
  • lxd/container: Re-work limits handling
  • tests: Remove route testing
  • container/lxc: Records hotplugged p2p/bridged nic's host_name into volatile data
  • container/lxc: Runs network up hook for all p2p and bridged nics
  • container/lxc: Records host_name from LXC on p2p/bridged nic start
  • lxc/container: Removes unused getHostInterface()
  • lxd/networks: Fix ETag handling on clusters
  • container/lxc: Removes volatile host_name enrichment from fillNetworkDevice()
  • lxd/containers: Fix bad error
  • lxd/images fix compressErr return
  • lxd: Satisfy static analysis
  • lxc: Transition to golang.org/x/sys
  • lxd-p2c: Transition to golang.org/x/sys
  • lxd: Transition to golang.org/x/sys
  • shared: Transition to golang.org/x/sys
  • lxd/storage/btrfs: Delete any orphaned .ro snapshots See #5763 During a publish, a .ro subvolume snapshot copy is made whilst the original snapshot is set read-write. If lxd is killed before publish finishes, the *.ro copy can be left orphaned, and should be deleted when the associated snapshot is deleted.
  • This fixes #5804.
  • idmap: shift ro btrfs subvolumes
  • lxd/internal: Fix backup.Pool.Name check error message
  • Drop unless call to createContainerMountpoint
  • container: Adds OnStopNS() function that is run by LXC's stop hook feature
  • networks/utils: Adds networkGetDevMTU function
  • networks/utils: Adds networkGetDevMAC function
  • networks/utils: Adds networkSetDevMAC function
  • networks/utils: Adds networkSetDevMTU function
  • networks: Refactors fan mtu detection to use networkGetDevMTU
  • container/lxc: Adds snapshotPhysicalNic function
  • container/lxc: Stores mtu and mac of parent physical nic before start
  • container/lxc: Fix copy/paste error in error removeNetworkDevice
  • container/lxc: Adds detachInterfaceRename() function
  • container/lxc: Restores physical parent mtu and mac on device removal
  • doc: Upates volatile keys used for physical mtu and mac restoration
  • test: Tests for physical mtu and mac application and restoration
  • lxd/storage/btrfs: Fix qgroup handling
  • lxd/storage/btrfs: Fix argument ordering
  • container/lxc: Disables auto mac generation for sriov devices
  • tests: Always pass --force to stop/restart
  • checkfeature: remove unused variable
  • main: Fixes debug mode flag to actually enable debug mode
  • container/lxc: Adds error checking for calls to networkClearLease
  • networks/utils: Adds networkDHCPv4Release function
  • networks/utils: Adds networkDHCPv6Release function and associated packet helpers
  • networks/utils: Updates networkClearLease to use DHCP release helpers
  • container/lxc: Moves networkUpdateStatic during Stop with the other lease related code
  • networks: Starts dnsmasq with --no-ping option to avoid delaying lease file writes
  • tests: Adds DHCP lease release tests
  • lxd/networks: Adds --dhcp-rapid-commit when dnsmasq version > 2.79
  • tests: Make shellcheck happy
  • tests: Remove unused variable
  • lxd/containers: Fix cleanupHostVethDevices logic
  • lxd/storage/ceph: Fix bad cherry-pick from master
  • shared/termios: Fix port to sys/unix

Support and upgrade

LXD 3.0.4 is supported until June 2023 and is our current LTS release, users are encouraged to update to the latest bugfix releases as they're made available.

Downloads

LXD 3.14 has been released

17th of June 2019

Introduction

The LXD team is very excited to announce the release of LXD 3.14!

This release's focus is on stability and performance with a strong focus on networking and clustering.

Users of advanced networking features will see a lot of improvements in interface tracking, restoration of past state and error handling. On the clustering side, some database improvements should reduce overall load when containers start/stop and DNS handling with Ubuntu Fan bridges was completely reworked for a much better experience.

Enjoy!

New features

Cluster: Re-worked DNS forwarding

The DNS forwarding logic used for clusters using Ubuntu Fan bridges has been updated to better handle nodes joining/leaving the cluster as well as now handling PTR (reverse DNS) records.

Script to factory reset LXD

A new script is now included for those users who would like to completely empty a LXD server of all containers, images, profiles, networks and projects. This can be particularly useful as part of cleanly removing LXD from the system.

Improvements to syscall interception

The syscall interception feature got some nice improvements, adding support for the mknodat syscall alongside the existing mknod syscall, offloading of some of the argument comparison to the kernel so only device nodes request get intercepted and overlayfs' whiteout file has been added to the list of allowed syscalls, resolving a number of issues with running Docker inside of LXD.

This feature requires a 5.0 kernel or higher, a current git snapshot of libseccomp and a current git snapshot of liblxc, so it will not be widely available in distributions shipping LXD but the edge snap package, combined with a suitable kernel will have all the needed bits in place.

Bugs fixed

  • doc: Add IPVLAN required sysctls to container docs
  • doc: Add section on container security
  • doc: Clarify API security and options to restrict
  • doc: Fix typo in networks.md
  • doc: IPVLAN doc tweaks for gateway and DNS nameservers
  • doc: Remove trailing whitespace
  • doc: Re-structures container nic docs into each nic type
  • doc: s/HTTPs/HTTPS/g
  • doc: Upate volatile keys used for physical mtu and mac restoration
  • i18n: Update translations from weblate
  • lxc: Transition to golang.org/x/sys
  • lxc/move: Start container when appropriate
  • lxc-to-lxd: Transition to golang.org/x/sys
  • lxd/api: Expose LXC network_phys_macvlan_mtu feature
  • lxd: Satisfy static analysis
  • lxd: Transition to golang.org/x/sys
  • lxd/backup: Fix crash when renaming non-existent backup
  • lxd/backups: Fix backup.Pool.Name check error message
  • lxd/cluster: Fix missing return on SmartError
  • lxd/cluster: Trigger the upgrade if we detect a higher dqlite client version
  • lxd/containers: Add detachInterfaceRename() function
  • lxd/containers: Add IPVLAN L3S mode l2proxy sysctl checks
  • lxd/containers: Add OnStopNS() function run by LXC's stop hook feature
  • lxd/containers: Add snapshotPhysicalNic function
  • lxd/containers: Add static routes for bridged veth devices
  • lxd/containers: Be consistent with timestamps
  • lxd/containers: Don't diff go-lxc structs
  • lxd/containers: Don't start on migration
  • lxd/containers: Fix bad error
  • lxd/containers: Fix copy/paste error in error removeNetworkDevice
  • lxd/containers: Fixes custom MTU not being applied on hot plug
  • lxd/containers: Fix ipvlan support check
  • lxd/containers: Fix minute rollover issue in scheduled snapshots
  • lxd/containers: Fix missing return on InternalError
  • lxd/containers: Make static routes use boot proto for tracking
  • lxd/containers: Move IPVLAN init code into own function
  • lxd/containers: Record host_name from LXC on p2p/bridged nic start
  • lxd/containers: Record hotplugged p2p/bridged nic host_name in volatile data
  • lxd/containers: Remove unused getHostInterface()
  • lxd/containers: Remove volatile host_name from fillNetworkDevice()
  • lxd/containers: Replace ConfigKeySet with VolatileSet
  • lxd/containers: Restore physical parent mtu and mac on device removal
  • lxd/containers: Run network up hook for all p2p and bridged nics
  • lxd/containers: Store mtu and mac of parent physical nic before start
  • lxd/daemon: Add forkdns server list refresh task to cluster tasks
  • lxd/db: Introduce ContainerConfigUpdate
  • lxd/db: Sort container snapshots by creation date
  • lxd/forkdns: Add constants for forkdns servers path and file
  • lxd/forkdns: Answer PTR and A requests from leases file
  • lxd/forkdns: Ensure forkdns remains running when LXD exits
  • lxd/forkdns: Implement logging
  • lxd/forkdns: Remove unused includes
  • lxd/forkdns: Restore usage output text when running with no arguments
  • lxd/forkdns: Update forkdns to live reload from config files
  • lxd/forkmknod: Attach to mntns when task is chrooted
  • lxd/images: Fix compressErr return
  • lxd/networks: Add container boot route functions
  • lxd/networks: Add forkdns servers file refresh functions
  • lxd/networks: Add networkGetDevMAC function
  • lxd/networks: Add networkGetDevMTU function
  • lxd/networks: Add networkSetDevMAC function
  • lxd/networks: Add networkSetDevMTU function
  • lxd/networks: Add networkUpdateForkdnsServersTask function
  • lxd/networks: Add refreshForkdnsServerAddresses function
  • lxd/networks: Create forkdns.servers directory and empty config file
  • lxd/networks: DNS clustered mode is correctly detected during LXD init
  • lxd/networks: Fix ETag handling on clusters
  • lxd/networks: Log failures to reload
  • lxd/networks: Refactor fan mtu detection to use networkGetDevMTU
  • lxd/networks: Remove __internal dnsmasq domain
  • lxd/networks: Remove own address from addresses passed to forkdns
  • lxd/networks: Save/restore container (boot proto) routes when starting
  • lxd/networks: Simplify spawnForkDNS to not get cluster server list
  • lxd/patches: Fix handling of containers-snapshots
  • lxd/seccomp: Filter based on arguments
  • lxd/seccomp: Fix building on older kernels
  • lxd/seccomp: Fix missing ";"
  • lxd/storage: Allow quota on dir custom volumes
  • lxd/storage: Drop useless call to createContainerMountpoint
  • lxd/storage/btrfs: Delete any orphaned *.ro snapshots
  • lxd/storage/btrfs: Fix argument ordering
  • lxd/storage/btrfs: Fix copy of nested subvolumes
  • lxd/storage/btrfs: Fix qgroup handling
  • lxd/storage/zfs: Fix snapshot restore on project
  • lxd/storage/zfs: Handle projects correctly
  • lxd-p2c: Transition to golang.org/x/sys
  • shared: Transition to golang.org/x/sys
  • shared/idmap: Shift ro btrfs subvolumes
  • tests: Add DNS clustering tests
  • tests: Add further p2p nic tests for various scenarios
  • tests: Add more tests for container nics
  • tests: Add tests for container backup renames
  • tests: Have ipvlan test activates ipv4 forwarding
  • tests: Ignore vendor/
  • tests: Re-work nic p2p and bridged tests to check for static routes working
  • tests: Test for physical mtu and mac application and restoration
  • tests: Update forkdns tests to work with double fork
  • tests: Update macvlan tests to detect MTU support in LXC
  • tests: Update physical tests to detect MTU support in LXC
  • vendor: Temporary Raft vendoring

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 3.13 has been released

9th of May 2019

Introduction

The LXD team is very excited to announce the release of LXD 3.13!

This is another very exciting LXD release, packed with useful features and a lot of bugfixes and performance improvements!

The latest addition to the LXD team, @tomp has been busy improving the LXD networking experience with quite a few new features and bugfixes already making it into this release.

We've also gotten all the plumbing needed for system call interception done and in place in this release, currently handling mknod on supported systems.

Cluster users will enjoy this release too, thanks to scaling improvements, reducing the load on the leader a bit and improving container copies and migration, especially on CEPH clusters.

Enterprise users will like the addition of Role Based Access Control through the external Canonical RBAC service, making it possible to control permissions to individual projects on your LXD servers and assign roles to your users and groups.

And we've even managed to get quotas working for the dir storage backend at last, thanks to the addition of filesystem project quotas in recent kernels.

Enjoy!

New features

Cluster: Improved heartbeat interval

In a LXD cluster, the current leader periodically sends a hearbeat to all other cluster members. The main purpose of this is to detect offline cluster members, marking them as offline in the database so that queries no longer block on them. A secondary use for those hearbeats is to refresh the list of database nodes.

Previously, this was done every 4s with all cluster members being contacted at the same time, resulting in spikes in CPU and network traffic, especially on the current cluster leader.

LXD 3.13 changes that by bumping the interval to 10s and by adding randomization to the timing of the hearbeats so that not all cluster members are contacted at the same time. Extra logic was also added to detect cluster members that get added during a hearbeat run.

Cluster Internal container copy

LXD 3.13 now properly implements one step container copies, similar to how you would normally copy a container on a standalone LXD instance. Prior to this, the client had to know whether to perform a copy (if staying on the same cluster member) or a migration (if going to another cluster member), this is now all done internally.

A side benefit of this fix is that all CEPH copies are now near instantaneous on clusters as those do not require any migration at all.

Initial syscall interception support

LXD 3.13 when combined with a 5.0 or higher kernel, as well as the very latest libseccomp and liblxc can now intercept and mediate system calls in userspace.

For this first pass, we have focused on mknod, implementing a basic allow list of devices which can now be created by unprivileged containers.

It will take a little while before this feature can be commonly used as we will need an upstream release of both libseccomp and liblxc and are waiting for further improvements to the feature in the kernel too.

We will be building upon this capability to allow specific filesystems to be mounted inside unprivileged containers in the future as well as allow things like kernel module loading and more (all will require opt-in from the administrator).

Role Based Access Control (RBAC)

Users of the Canonical RBAC service can now integrate LXD with it.

LXD will register all its projects with RBAC, allowing administrators to assign roles to users/groups for specific projects or for the entire LXD instance.

Currently this includes the following permissions:

  • Full administrative access to LXD
  • Management of containers (creation, deletion, re-configuration, ...)
  • Operation of containers (start/stop/restart, exec, console, ...)
  • Management of images (creation, deletion, aliases, ...)
  • Management of profiles (creation, deletion, re-configuration, ...)
  • Management of the project itself (re-configuration)
  • Read-only access (view everything tied to a project)

This gets us one step closer to being able to run a shared LXD cluster with unprivileged users being able to run containers on it without concerns of them escalating their privileges.

IPVLAN support

LXD can now make use of the recent implementation of ipvlan in LXC. When running a suitably recent version of LXC, IPVLAN can now be configured in LXD through a nic device:

  • Setting the nictype property to ipvlan
  • Setting the parent property to the expected outgoing device
  • For IPv4, setting ipv4.address to the desired address
  • For IPv6, setting ipv6.address to the desired address

Here is an example of it in action:

stgraber@castiana:~$ lxc init ubuntu:18.04 ipvlan
Creating ipvlan
stgraber@castiana:~$ lxc config device add ipvlan eth0 nic nictype=ipvlan parent=wlan0 ipv4.address=172.17.0.100 ipv6.address=2001:470:b0f8:1000:1::100
Device eth0 added to ipvlan
stgraber@castiana:~$ lxc start ipvlan
stgraber@castiana:~$ lxc exec ipvlan bash
root@ipvlan:~# ifconfig 
eth0: flags=4291<UP,BROADCAST,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 172.17.0.100  netmask 255.255.255.255  broadcast 255.255.255.255
        inet6 2001:470:b0f8:1000:1::100  prefixlen 128  scopeid 0x0<global>
        inet6 fe80::28:f800:12b:bdf8  prefixlen 64  scopeid 0x20<link>
        ether 00:28:f8:2b:bd:f8  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 5 overruns 0  carrier 0  collisions 0

    lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

root@ipvlan:~# ip -4 route show
default dev eth0

root@ipvlan:~# ip -6 route show
2001:470:b0f8:1000:1::100 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
default dev eth0 metric 1024 pref medium

root@ipvlan:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=57 time=14.4 ms
--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 14.476/14.476/14.476/0.000 ms

root@ipvlan:~# ping6 -n 2607:f8b0:400b:800::2004
PING 2607:f8b0:400b:800::2004(2607:f8b0:400b:800::2004) 56 data bytes
64 bytes from 2607:f8b0:400b:800::2004: icmp_seq=1 ttl=57 time=21.2 ms
--- 2607:f8b0:400b:800::2004 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 21.245/21.245/21.245/0.000 ms
root@ipvlan:~#

Quota support on dir storage backend

Support for the project quota feature of recent Linux kernels has been added.

When the backing filesystem for a dir type storage pool is suitably configured, container quotas can now be set as with other storage backends and disk usage is also properly reported.

stgraber@castiana:~$ sudo truncate -s 10G /tmp/ext4.img
stgraber@castiana:~$ sudo mkfs.ext4 /tmp/ext4.img 
mke2fs 1.44.6 (5-Mar-2019)
Discarding device blocks: done                            
Creating filesystem with 2621440 4k blocks and 655360 inodes
Filesystem UUID: d8ab56d9-1e84-40ee-921a-c68c06ad6625
Superblock backups stored on blocks: 
    32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done     
stgraber@castiana:~$ sudo tune2fs -O project -Q prjquota /tmp/ext4.img 
tune2fs 1.44.6 (5-Mar-2019)

stgraber@castiana:~$ sudo mount -o prjquota /tmp/ext4.img /mnt/
stgraber@castiana:~$ sudo rmdir /mnt/lost+found/
stgraber@castiana:~$ lxc storage create mnt dir source=/mnt
Storage pool mnt created

stgraber@castiana:~$ lxc launch ubuntu:18.04 c1 -s mnt
Creating c1
Starting c1
stgraber@castiana:~$ lxc exec c1 -- df -h
Filesystem                                           Size  Used Avail Use% Mounted on
/var/lib/lxd/storage-pools/mnt/containers/c1/rootfs  9.8G  742M  8.6G   8% /
none                                                 492K     0  492K   0% /dev
udev                                                 7.7G     0  7.7G   0% /dev/tty
tmpfs                                                100K     0  100K   0% /dev/lxd
tmpfs                                                100K     0  100K   0% /dev/.lxd-mounts
tmpfs                                                7.8G     0  7.8G   0% /dev/shm
tmpfs                                                7.8G  152K  7.8G   1% /run
tmpfs                                                5.0M     0  5.0M   0% /run/lock
tmpfs                                                7.8G     0  7.8G   0% /sys/fs/cgroup

stgraber@castiana:~$ lxc config device set c1 root size 1GB
stgraber@castiana:~$ lxc exec c1 -- df -h
Filesystem                                           Size  Used Avail Use% Mounted on
/var/lib/lxd/storage-pools/mnt/containers/c1/rootfs  954M  706M  249M  74% /
none                                                 492K     0  492K   0% /dev
udev                                                 7.7G     0  7.7G   0% /dev/tty
tmpfs                                                100K     0  100K   0% /dev/lxd
tmpfs                                                100K     0  100K   0% /dev/.lxd-mounts
tmpfs                                                7.8G     0  7.8G   0% /dev/shm
tmpfs                                                7.8G  152K  7.8G   1% /run
tmpfs                                                5.0M     0  5.0M   0% /run/lock
tmpfs                                                7.8G     0  7.8G   0% /sys/fs/cgroup

stgraber@castiana:~$ lxc info c1
Name: c1
Location: none
Remote: unix://
Architecture: x86_64
Created: 2019/05/09 16:09 UTC
Status: Running
Type: persistent
Profiles: default
Pid: 10096
Ips:
  eth0: inet    10.166.11.38    vethKM0DFY
  eth0: inet6   2001:470:b368:4242:216:3eff:fe4b:2c3    vethKM0DFY
  eth0: inet6   fe80::216:3eff:fe4b:2c3 vethKM0DFY
  lo:   inet    127.0.0.1
  lo:   inet6   ::1
Resources:
  Processes: 24
  Disk usage:
    root: 739.77MB
  CPU usage:
    CPU usage (in seconds): 7
  Memory usage:
    Memory (current): 104.91MB
    Memory (peak): 229.67MB
  Network usage:
    lo:
      Bytes received: 1.23kB
      Bytes sent: 1.23kB
      Packets received: 12
      Packets sent: 12
    eth0:
      Bytes received: 480.35kB
      Bytes sent: 27.21kB
      Packets received: 332
      Packets sent: 277

Routes on container NIC devices

New ipv4.routes and ipv6.routes options on the nic devices make it possible to tie a particular route to a specific container, making it follow the container as it's moved between hosts.

This will usually be a better option than using the similarly named key on the network itself.

Configurable NAT source address

New ipv4.nat.address and ipv6.nat.address properties on LXD networks now make it possible to override the outgoing IP address for a particular bridge.

LXC features exported in API

Similar to what was done in the previous release with kernel features, specific LXC features which LXD can use when present are now exported by the LXD API so that clients can check what advanced feature to expect on the target.

  lxc_features:
    mount_injection_file: "true"
    network_gateway_device_route: "true"
    network_ipvlan: "true"
    network_l2proxy: "true"
    seccomp_notify: "true"

Bugs fixed

  • client: Consider volumeOnly option when migrating
  • client: Copy volume config and description
  • client: Don't crash on missing stdin
  • client: Fix copy from snapshot
  • client: Fix copying between two unix sockets
  • doc: Adds missing packages to install guide
  • doc: Correct host_name property
  • doc: Update storage documentation
  • i18n: Update translations from weblate
  • lxc/copy: Don't strip volatile keys on refresh
  • lxc/utils: Updates progress to stop outputting if msg is longer than window
  • lxd/api: Rename alias commands to imageAlias
  • lxd/api: Rename apiProject to project
  • lxd/api: Rename certificateFingerprint to certficate
  • lxd/api: Rename operation functions for consistency
  • lxd/api: Rename serverResources to api10Resources
  • lxd/api: Rename snapshotHandler to containerSnapshotHandler
  • lxd/api: Replace Command with APIEndpoint
  • lxd/api: Sort API commands list
  • lxd/candid: Cleanup config handling
  • lxd/certificates: Make certificate add more robust
  • lxd/certificates: Port to APIEndpoint
  • lxd/cluster: Avoid panic in Gateway
  • lxd/cluster: Fix race condition during join
  • lxd/cluster: Port to APIEndpoint
  • lxd/cluster: Use current time for hearbeat
  • lxd/cluster: Workaround new raft logging
  • lxd/containers: Avoid costly storage calls during snapshot
  • lxd/containers: Change disable_ipv6=1 to accept_ra=0 on host side interface
  • lxd/containers: Don't fail on old libseccomp
  • lxd/containers: Don't needlessly mount snapshots
  • lxd/containers: Early check for running container refresh
  • lxd/containers: Fix bad operation type
  • lxd/containers: Fix profile snapshot settings
  • lxd/containers: Moves network limits to network up hook
  • lxd/containers: Only run network up hook for nics that need it
  • lxd/containers: Optimize snapshot retrieval
  • lxd/containers: Port to APIEndpoint
  • lxd/containers: Remove unused arg from network limits function
  • lxd/containers: Speed up simple snapshot list
  • lxd/daemon: Port to APIEndpoint
  • lxd: Don't allow remote access to internal API
  • lxd: Fix volume migration with snapshots
  • lxd: Have Authenticate return the protocol
  • lxd: More reliably grab interface host name
  • lxd: Port from HasApiExtension to LXCFeatures
  • lxd: Rename parseAddr to proxyParseAddr
  • lxd: Use idmap.Equals
  • lxd/db: Fix substr handling for containers
  • lxd/db: Parent filter for ContainerList
  • lxd/db/profiles: Fix cross-project updates
  • lxd/db: Properly handle unsetting keys
  • lxd/event: Port to APIEndpoint
  • lxd/images: Fix project handling on copy
  • lxd/images: Fix simplestreams cache expiry
  • lxd/images: Port to APIEndpoint
  • lxd/images: Properly handle invalid protocols
  • lxd/images: Replicate images to the right project
  • lxd/internal: Port to APIEndpoint
  • lxd/migration: Fix feature negotiation
  • lxd/network: Filter leases by project
  • lxd/network: Fix DNS records for projects
  • lxd/network: Port to APIEndpoint
  • lxd/operation: Port to APIEndpoint
  • lxd/patches: Fix LVM VG name
  • lxd/profiles: Optimize container updates
  • lxd/profiles: Port to APIEndpoint
  • lxd/projects: Port to APIEndpoint
  • lxd/proxy: Correctly handle unix: path rewriting with empty bind=
  • lxd/proxy: Don't wrap string literal
  • lxd/proxy: Fix goroutine leak
  • lxd/proxy: Handle mnts for abstract unix sockets
  • lxd/proxy: Make helpers static
  • lxd/proxy: Make logfile close on exec
  • lxd/proxy: Only attach to mntns for unix sockets
  • lxd/proxy: Retry epoll on EINTR
  • lxd/proxy: Use standard macros on exit
  • lxd/proxy: Validate the addresses
  • lxd/resource: Port to APIEndpoint
  • lxd/storage: Don't hardcode default project
  • lxd/storage: Fix error message on differing maps
  • lxd/storage: Handle XFS with leftover journal entries
  • lxd/storage: Port to APIEndpoint
  • lxd/storage/btrfs: Don't make ro snapshots when unpriv
  • lxd/storage/ceph: Don't mix stderr with json
  • lxd/storage/ceph: Fix snapshot of running containers
  • lxd/storage/ceph: Fix snapshot of running xfs/btrfs
  • lxd/storage/ceph: Fix UUID re-generation
  • lxd/storage/ceph: Only rewrite UUID once
  • lxd/sys: Cleanup State struct
  • scripts/bash: Add bash completion for profile/container device get, set, unset
  • shared: Add StringMapHasStringKey helper function
  • shared: Fix $SNAP handling under new snappy
  • shared: Fix Windows build
  • shared/idmap: Add comparison function
  • shared/netutils: Adapt to kernel changes
  • shared/netutils: Add AbstractUnixReceiveFdData()
  • shared/netutils: Export peer link id in getifaddrs
  • shared/netutils: Handle SCM_CREDENTIALS when receiving fds
  • shared/netutils: Move network cgo to shared/netutils
  • shared/netutils: Move send/recv fd functions
  • shared/network: Fix reporting of down interfaces
  • shared/network: Get HostName field when possible
  • shared/osarch: Add i586 to arch aliases
  • tests: Extend migration tests
  • tests: Handle built-in shiftfs
  • tests: Updates config tests to use host_name for nic tests

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 3.12 has been released

5th of April 2019

Introduction

The LXD team is very excited to announce the release of LXD 3.12!

This is one of the more feature packed releases and if you are a cluster user, there should be a lot to be happy about!

We have taken a look through all LXD commands and how they work against clusters, improved our APIs where they were lacking and tweaked the commands to give cluster operators a better experience.

But cluster improvements are far from the only thing improved with this LXD releases.

We've also finally got shiftfs support! This feature we've been planning for well over a year is finally there when combined with a suitable kernel. With this, LXD containers don't need any slow shifting on initial startup, reducing the filesystem delta and making container creation so much faster!

Lastly, resource reporting was significantly improved, both in the API and the CLI. We now have more details about the CPU topology, especially NUMA for multi-socket systems and are also now exposing GPU configuration.

Enjoy!

New features

Cluster: Aggregated DHCP leases

LXD managed networks that span multiple cluster members now show a unified view of their DHCP leases, showing hostname, MAC, address and the cluster member's name for each lease.

root@edfu:~# lxc network list-leases lxdfan0
+----------+-------------------+--------------+---------+----------+
| HOSTNAME |    MAC ADDRESS    |  IP ADDRESS  |  TYPE   | LOCATION |
+----------+-------------------+--------------+---------+----------+
| a1       | 00:16:3e:2b:de:8c | 240.31.0.206 | DYNAMIC | edfu     |
+----------+-------------------+--------------+---------+----------+
| a2       | 00:16:3e:01:99:58 | 240.34.0.124 | DYNAMIC | djanet   |
+----------+-------------------+--------------+---------+----------+
| a3       | 00:16:3e:b4:8b:94 | 240.36.0.96  | DYNAMIC | nuturo   |
+----------+-------------------+--------------+---------+----------+
| a4       | 00:16:3e:52:13:2b | 240.31.0.212 | DYNAMIC | edfu     |
+----------+-------------------+--------------+---------+----------+
| a5       | 00:16:3e:45:54:80 | 240.34.0.68  | DYNAMIC | djanet   |
+----------+-------------------+--------------+---------+----------+
| a6       | 00:16:3e:d1:81:e3 | 240.36.0.90  | DYNAMIC | nuturo   |
+----------+-------------------+--------------+---------+----------+

Cluster: Events now show location

Event messages are now all marked with the name of the originating cluster member as their location.

location: edfu
metadata:
  class: task
  created_at: "2019-04-05T04:13:21.212580932Z"
  description: Creating container
  err: ""
  id: 0c8e4a7d-ef7b-41a0-b949-7030f9aa6827
  location: edfu
  may_cancel: false
  metadata: null
  resources:
    containers:
    - /1.0/containers/a10
  status: Running
  status_code: 103
  updated_at: "2019-04-05T04:13:21.212580932Z"
timestamp: "2019-04-05T04:13:21.223834434Z"
type: operation

Additionally LXD will now only forward log messages of importance WARN or higher to other members, keeping the INFO and DBUG messages local to reduce network chatter. This behavior can be changed by starting the LXD daemon in debug mode, at which point all log levels will be broadcasted again.

Cluster: Operations now show location

Another area that now benefits from clear tracking of cluster members is operations, as can be seen in lxc operation list:

root@edfu:~# lxc operation list
+--------------------------------------+-----------+-------------------+---------+------------+----------------------+----------+
|                  ID                  |   TYPE    |    DESCRIPTION    | STATUS  | CANCELABLE |       CREATED        | LOCATION |
+--------------------------------------+-----------+-------------------+---------+------------+----------------------+----------+
| 36c11142-52d8-4c1e-a342-63657096cdec | WEBSOCKET | Executing command | RUNNING | NO         | 2019/04/05 04:19 UTC | edfu     |
+--------------------------------------+-----------+-------------------+---------+------------+----------------------+----------+
| 701175cf-df82-4ef5-8078-a25d83b770b3 | WEBSOCKET | Executing command | RUNNING | NO         | 2019/04/05 04:19 UTC | djanet   |
+--------------------------------------+-----------+-------------------+---------+------------+----------------------+----------+

This now makes it clear what cluster member is busy doing what and should simplify making sure that a system isn't actively used before performing maintenance on it.

Cluster: Support for --target in more commands

The following commands have now grown support for --target:

  • lxc config edit/get/show/set/unset
  • lxc info [--resources]
  • lxc network info
  • lxc storage info

This makes it possible to configure some member-specific daemon configuration options, query cluster member runtime information and system resources, get detailed network statistics and storage usage.

Shiftfs support

This is a feature we've been looking forward to for years and that we are really excited to finally see coming to completion. shiftfs allows for an unprivileged container experience that doesn't need any shifting of the filesystem, instead having the kernel do it on the fly.

This requires kernel support through the shiftfs filesystem which is currently a custom patchset that will be present in the Ubuntu 19.04 kernel.

LXD automatically detects support for this and will transparently start using it whenever possible.

Kernel features now exported over API

For some time now, LXD has been detecting a number of optional kernel features on startup and would print an overview then. That same information is now exposed over the API and visible in lxc info.

  kernel_features:
    netnsid_getifaddrs: "true"
    shiftfs: "true"
    uevent_injection: "true"
    unpriv_fscaps: "true"

Improved CPU reporting

The server resources API now exposes CPU sockets and NUMA node information, making it easier to do CPU pinning for containers.

root@djanet:~# lxc info --resources --target edfu
CPUs:
  Socket 0:
    Vendor: GenuineIntel
    Name: Intel(R) Xeon(R) CPU           E5430  @ 2.66GHz
    Cores: 4
    Threads: 4
    Frequency: 1999Mhz (max: 2336Mhz)
    NUMA node: 0
  Socket 1:
    Vendor: GenuineIntel
    Name: Intel(R) Xeon(R) CPU           E5430  @ 2.66GHz
    Cores: 4
    Threads: 4
    Frequency: 1999Mhz (max: 2336Mhz)
    NUMA node: 1

Memory:
  Free: 18.37GB
  Used: 557.76MB
  Total: 18.93GB

GPU:
  Vendor: ASPEED Technology, Inc. (1a03)
  Product: ASPEED Graphics Family (2000)
  PCI address: 0000:06:03.0
  Driver: ast (4.15.0-47-generic)
  NUMA node: 0

The output of lxc info --resources has also been tweaked to adapt to the hardware present on the system.

GPU reporting

As you may have noticed in the previous listing, GPUs are now present in the system resources output. Additional information can also be seen for NVIDIA cards:

root@vm10:~# lxc info --resources
CPU:
  Vendor: GenuineIntel
  Name: Intel(R) Xeon(R) CPU E5-2695 v2 @ 2.40GHz
  Cores: 2
  Threads: 4
  Frequency: 2400Mhz
  NUMA node: 0

Memory:
  Free: 8.14GB
  Used: 225.81MB
  Total: 8.36GB

GPUs:
  Card 0:
    Vendor: NVIDIA Corporation (10de)
    Product: GK208B [GeForce GT 730] (1287)
    PCI address: 0000:00:07.0
    Driver: nvidia (418.56)
    NUMA node: 0
    NVIDIA information:
      Architecture: 3.5
      Brand: GeForce
      Model: GeForce GT 730
      CUDA Version: 10.1
      NVRM Version: 418.56
      UUID: GPU-6ddadebd-dafe-2db9-f10f-125719770fd3
  Card 1:
    Vendor: NVIDIA Corporation (10de)
    Product: GK208B [GeForce GT 730] (1287)
    PCI address: 0000:00:09.0
    Driver: nvidia (418.56)
    NUMA node: 0
    NVIDIA information:
      Architecture: 3.5
      Brand: GeForce
      Model: GeForce GT 730
      CUDA Version: 10.1
      NVRM Version: 418.56
      UUID: GPU-253db1df-f725-a174-99d4-a8933288c39e

Snapshot expiry now visible in lxc info

On top of showing when a snapshot was taken, snapshots that have an expiry will now show their expiry in the listing too.

root@djanet:~# lxc info a1
Name: a1
Location: edfu
Remote: unix://
Architecture: x86_64
Created: 2019/04/05 04:07 UTC
Status: Stopped
Type: persistent
Profiles: default
Snapshots:
  snap0 (taken at 2019/04/05 04:20 UTC) (expires at 2019/04/05 05:20 UTC) (stateless)
  snap1 (taken at 2019/04/05 04:50 UTC) (expires at 2019/04/05 05:50 UTC) (stateless)
  snap2 (taken at 2019/04/05 04:55 UTC) (expires at 2019/04/05 05:55 UTC) (stateless)
  snap3 (taken at 2019/04/05 04:52 UTC) (stateless)
  snap4 (taken at 2019/04/05 05:00 UTC) (expires at 2019/04/05 06:00 UTC) (stateless)

Bugs fixed

  • client: Optimize copies on same nodes
  • client: Properly generate events URL
  • doc: Fix typo in api-extensions.md
  • doc: Inform about ZFS pool default compression
  • doc: Introduce volatile.idmap.current
  • doc: Fix typo in faq.md
  • doc: Tweak markdown format in storage.md
  • doc: Update documentation for snapshots.pattern
  • i18n: Update translations from weblate
  • i18n: Update translation templates
  • lxc: Use shared.IsSnapshot
  • lxc/action: skip containers with intended state
  • lxc/config: Use shared.IsSnapshot
  • lxc/launch: Show start progress
  • lxd: Don't leak netlink fds
  • lxd: Drop initialShiftRootfs and always shift on start
  • lxd/backups: Attempt to delete storage on failure
  • lxd/backups: Cleanup on failure
  • lxd/backups: Re-order checks for backup.yaml
  • lxd/cluster: Export Snapshot function
  • lxd/cluster: Initialize candid on join
  • lxd/cluster: Limit log message forwarding
  • lxd/containers: Cleanup shifting
  • lxd/containers: Cleanup template application
  • lxd/containers: Export container location
  • lxd/containers: Fix crash on refresh of non-existing
  • lxd/containers: Fix owner/mode of container path
  • lxd/containers: Handle mid-remap containers
  • lxd/containers: Properly handle tar shifting
  • lxd/containers: Stop proxy before storage
  • lxd/containers: Use LXC hook version 1
  • lxd/devices: Cleanup GPU structs
  • lxd/devices: Track vendor/product names and driver
  • lxd/images: Don't keep an in-memory simplestreams cache
  • lxd/internal: Expose raft-snapshot
  • lxd/internal: Have GC endpoint release memory
  • lxd/main_forkproxy: Fix epoll
  • lxd/migration: Shift CRIU files to current map
  • lxd/migration: Fix handling of missing profiles
  • lxd/networks: Bring mtu device up
  • lxd/patches: Fix names of pool volume LVs
  • lxd/resources: Fix bad CPU reporting
  • lxd/response: Simplify SmartError
  • lxd/storage: Make use of shared.IsSnapshot
  • lxd/storage: Remove setUnprivUserACL
  • lxd/storage: Rename ShiftIfNecessary to resetContainerDiskIdmap
  • lxd/storage: Rename shiftRootfs to initialShiftRootfs
  • lxd/storage: Add helper function to get volume snapshots
  • lxd/storage: Fix copying and moving volume snapshots
  • lxd/storage/btrfs: Fix volume copy with snapshots
  • lxd/storage/ceph: Always unmap after use
  • lxd/storage/ceph: Fix copying existing volume snap
  • lxd/storage/ceph: Fix volume copy with snapshots
  • lxd/storage/ceph: Only freeze if needed
  • lxd/storage/dir: Fix volume copy with snapshots
  • lxd/storage/lvm: Fix LV naming
  • lxd/storage/lvm: Fix volume copy with snapshots
  • lxd/storage/lvm: Pass nouuid for xfs backups
  • lxd/storage/zfs: Fix volume copy with snapshots
  • lxd/storage/zfs: Run rename in clean mntns
  • lxd/tasks: Avoid races on startup
  • lxd-p2c: Workaround for broken /proc/self/exe
  • shared: Switch ParseNumberFromFile to simple read
  • shared/api: Drop StoragePool from Resources struct
  • shared/api: Sort ServerEnvironment struct
  • shared/idmap: Use separate uid and gid entries
  • shared/osarch: Add Plamo x86 arch
  • shared/simplestreams: Align JSON struct for images.json
  • shared/simplestreams: Align JSON struct for index.json
  • shared/utils: Do not chown terminal master fd
  • tests: Add volume copy tests
  • tests: Allow up to 15s for container reboot
  • tests: Fix race condition in proxy test
  • tests: Make proxy tests work with shiftfs
  • tests: Make security tests work with shiftfs
  • tests: Remove dead code
  • tests: Update resources test

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 3.11 has been released

6th of March 2019

Introduction

The LXD team is very excited to announce the release of LXD 3.11!

As most of our current work is large features and refactoring, this release mostly contains bugfixes based on reported issues and bugs we found along the way.

It also features the same C hardening work which has been ongoing on the LXC side for a while now, which should reduce the chances of any mistakes being made in that sensitive code.

That's not to say there isn't anything new in this release, a number of small improvements to our user experience have been included, improving progress reporting, snapshot handling and centralized authentication.

Enjoy!

New features

Configurable snapshot expiry at creation time

Past releases introduced automated snapshots and then automated snapshot expiry.

As a configured default expiry applies to all snaphosts, not just automated ones and it's a bit of a hassle to manually create snapshots just to then go and edit them to change their expiry, it's now possible to set an expiry at snapshot creation time.

At the API level this can be done with an exact timestamp which if set to null will make a persistent snapshot regardless of any configured auto-expiry.

At the CLI level, this can be used with the new --no-expiry flag to lxc snapshot.

Progress reporting for publish operations

When running lxc publish against a container or snapshot, some progress information is now displayed. This is similar to image transfers and container migrations and should help confirm that something is indeed happening.

Improvements to Candid authentication

A few changes happened to how Candid authentication is handled by the CLI:

Per-remote authentication cookies

Prior to this release, a shared "cookie jar" was used for all remotes.

This would sometimes cause inconsistent behaviors when two remotes were using the same Candid authentication server as adding the second remote would re-use the existing cookie, potentially ignoring the authentication domain and not requiring a new authentication roundtrip.

Now every remote has its own "cookie jar" and LXD's behavior when adding remotes is now always identical.

Candid preferred over TLS for new remotes

When using lxc remote add to add a new remote, if that remote supports Candid for authentication, this will be used instead of TLS authentication.

The authentication type can always be overriden with --auth-type.

Remote list now shows Candid domain

The remote list will now indicate what Candid domain is used, when one was specified during lxc remote add:

stgraber@castiana:~$ lxc remote list
+-----------------+------------------------------------------+---------------+-----------------------+--------+--------+
|      NAME       |                   URL                    |   PROTOCOL    |       AUTH TYPE       | PUBLIC | STATIC |
+-----------------+------------------------------------------+---------------+-----------------------+--------+--------+
| images          | https://images.linuxcontainers.org       | simplestreams | none                  | YES    | NO     |
+-----------------+------------------------------------------+---------------+-----------------------+--------+--------+
| local (default) | unix://                                  | lxd           | file access           | NO     | YES    |
+-----------------+------------------------------------------+---------------+-----------------------+--------+--------+
| nuc01           | https://nuc01.maas.mtl.stgraber.net:8443 | lxd           | candid (usso)         | NO     | NO     |
+-----------------+------------------------------------------+---------------+-----------------------+--------+--------+
| nuc02           | https://nuc02.maas.mtl.stgraber.net:8443 | lxd           | candid (stgraber.net) | NO     | NO     |
+-----------------+------------------------------------------+---------------+-----------------------+--------+--------+
| ubuntu          | https://cloud-images.ubuntu.com/releases | simplestreams | none                  | YES    | YES    |
+-----------------+------------------------------------------+---------------+-----------------------+--------+--------+
| ubuntu-daily    | https://cloud-images.ubuntu.com/daily    | simplestreams | none                  | YES    | YES    |
+-----------------+------------------------------------------+---------------+-----------------------+--------+--------+

Bugs fixed

  • client: Empty stdin channel on exec completion
  • client: Fix goroutine leak in ExecContainer
  • client: Revert "client: fix goroutine leak in ExecContainer"
  • doc: Add first stab at FAQ
  • doc: Fix typoes in faq.md
  • doc: Update rest-api.md formatting
  • i18n: Update translations from weblate
  • i18n: Update translation templates
  • lxc: Improve error handling in execIfAliases
  • lxc: Update for per-remote candid domain/cookies
  • lxc/cluster: Prompt for confirmation when using --delete to remove a server
  • lxc/console: Remove unused code
  • lxc/exec: Cleanup terminal logic
  • lxc/exec: Don't use Exit
  • lxc/list: Fix multiple filters
  • lxc/monitor: Don't directly use Exit
  • lxc/profile: Make json/yaml consistent
  • lxc/remote: Tweak remote list
  • lxd: Add username/fingerprint to request context
  • lxd: Cleanup authentication code
  • lxd: Copy C smarts from LXC into lxd/include/
  • lxd: Fix duplicate scheduled snapshots
  • lxd: Fix failing backup import
  • lxd: Fix snapshot expiry for scheduled snapshots
  • lxd: Fix variable in range
  • lxd: Remove backup directory after creating tarball
  • lxd: Set correct progress data for backup/publish
  • lxd/checkfeature: Cleanup macros is_netnsid_aware
  • lxd/checkfeature: Cleanup macros netns_set_nsid
  • lxd/containers: Set liblxc env for CVE-2019-5736
  • lxd/containers: Skip interface removal if missing
  • lxd/containers: Validate ipv4/ipv6 address
  • lxd/daemon: Move autoSyncImagesTask to clusterTasks
  • lxd/daemon: When starting up, use the cluster.https_address as key for updating the nodes table
  • lxd/db: A node with custom volumes is not empty
  • lxd/db: Fix tests for current go-sqlite3
  • lxd/db: Support to fetch a list of project for an image
  • lxd/db: Use capital case in error messages returned by db.NodeInfo.IsEmpty()
  • lxd/db: Use proper function names for the query of the image nodes
  • lxd/devlxd: Initialize variable to 0
  • lxd/forkfile: Cleanup macros manip_file_in_ns
  • lxd/forkmount: Cleanup macros
  • lxd/forkuevent: Cleanup macros
  • lxd/images: Add a task that auto synchronize images across the cluster and run it on the background
  • lxd/images: Associate image with the right project on the joined node
  • lxd/images: Do not iterate all available nodes across the cluster for image synchronization
  • lxd/images: Fetch the images fingerprints of the current online node
  • lxd/images: Import all images from the leader node to the new node after it's joined
  • lxd/images: Only show the image auto-sync log when clustering
  • lxd/main_nsexec: Fix type of length in file_to_buf
  • lxd/network: Reword sysctl network functions
  • lxd/network: Rework IP validation functions
  • lxd/nsexec: Cleanup macros attach_userns
  • lxd/nsexec: Cleanup macros do_setns
  • lxd/nsexec: Cleanup macros file_to_buf
  • lxd/nsexec: Cleanup macros in_same_namespace
  • lxd/nsexec: Make cmdline parsing more reliable
  • lxd/profiles: Fix project update when clustered
  • lxd/proxy: Add locking around UDP timer
  • lxd/storage/ceph: Rework df handling
  • lxd/storage_cgo: Cleanup macros find_associated_[...]
  • lxd/storage_cgo: Cleanup macros get_un[...]_legacy
  • lxd/storage_cgo: Cleanup macros get_unused_loop_dev
  • lxd/storage_cgo: Cleanup macros prepare_loop_dev
  • lxd/storage_cgo: Include macro.h
  • lxd/storage: Drop unused function
  • lxd/storage/lvm: Call wipesignatures
  • shared: Tweak progress metadata
  • shared/network: Include macro.h
  • shared/osarch: Add ArchLinux name for armv7
  • shared/osarch: Add gentoo armhf variant
  • shared/shift_linux: Cleanup macros shiftowner
  • shared/util_linux_cgo: Cleanup macros lxc_abstract_[...]
  • shared/util_linux_cgo: Restore old behavior
  • tests: Add integration test checking that nodes with custom volumes can't be removed
  • tests: Add snapshot expiry configuration on create
  • tests: avoid needless wait times during image synchronization when clustering
  • tests: Update godeps
  • tests: Update the test case to cover the image sync scenario for joined node

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 3.10 has been released

8th of February 2019

Introduction

The LXD team is very excited to announce the release of LXD 3.10!

This release introduces snapshot expiry which combined with automated snapshots in LXD 3.8 should make for a nice way to have LXD generate and cleanup snapshots in the background.

We also did some work on our import/export of containers, now allowing overriding the storage pool during import.

This release also fixes a wide variety of bugs and has a number of nice performance improvements around compression/decompression and improved progress reporting thanks to the ChromeOS team at Google.

Enjoy!

New features

Snapshot expiry

A new snapshots.expiry container configuration option now lets you define an expiry for newly created containers. Alternatively, a snapshot can now be directly edited to set the newly introduced Expiry field.

When a snapshot expires, it is automatically deleted. This feature is particularly useful when combined with automated snapshots.

Pool override on import

It is now possible to select what storage pool a container backup should be imported into. On the command line, this can be specified with --storage.

Bugs fixed

  • client: Properly reset listener on error
  • client: Strip trailing slashes in URLs
  • doc: Document btrfs resize
  • doc: Fixed typo in backup.md
  • global: Rename {Creation,LastUsed}Date to {Created,LastUsed}At
  • i18n: Fix duplicate language
  • i18n: Update translations from weblate
  • i18n: Update translation templates
  • lxc/image: Fix help
  • lxd/apparmor: Tweak default set of rules
  • lxd/backups: Don't waste memory during unpack
  • lxd/backups: Fix fd leak
  • lxd/backups: Handle missing storage pool for backups properly
  • lxd/backups: Send progress info for export and import operations
  • lxd/cluster: Don't prompt for internal config keys
  • lxd/containers: Always delete container on create error
  • lxd/containers: Call storage unmount on detach
  • lxd/containers: Fix disk limits at creation
  • lxd/containers: Fix error handling for auto-snap
  • lxd/containers: Fix lxc.mount.entry for musl
  • lxd/containers: Refuse refresh on running containers
  • lxd/images: calculate sha256 as image is written
  • lxd/images: change compressFile to take io.Reader and io.Writer
  • lxd/images: Send metadata in CreateImage error importing image
  • lxd/images: Send metadata in CreateImage error response
  • lxd/images: Tar and compress in a combined stream when packing an image
  • lxd/internal: Add internal command to trigger GC
  • lxd/migration: Fix race in abort
  • lxd/migration: Fix sender side errors handling
  • lxd/migration: Handle crashing rsync
  • lxd/storage/ceph: Create custom mountpoints if missing
  • lxd/storage/ceph: Fix validation of CEPH config
  • lxd/storage/ceph: Unmap on unmount
  • lxd/storage/ceph: Unmap volume after creation
  • lxd/storage/lvm: Use right VG name for exports
  • lxd/tasks: Fix possible segfaults in tasks
  • shared: Add support for a ProgressTracker during unpack
  • shared: Progress metadata as a map
  • shared: Properly handle uncompressed tarballs
  • shared/osarch: Add armhfp (centos)
  • storage: Add ioprogress.ProgressTracker field to storage
  • tests: Add more container snapshot tests
  • tests: Delete leftover container
  • tests: Extend backup import tests
  • tests: Fix bad test in clustering
  • tests: Fix bad test in container local pool handling
  • tests: Fix bad test in external_auth
  • tests: Fix bad test in security
  • tests: Fix bad test in sql
  • tests: Fix bad test in storage
  • tests: Fix container leak
  • tests: Fix negative tests in backup.sh
  • tests: Fix negative tests in basic.sh
  • tests: Fix negative tests in clustering.sh
  • tests: Fix negative tests in config.sh
  • tests: Fix negative tests in container_local_cross_pool_handling.sh
  • tests: Fix negative tests in database_update.sh
  • tests: Fix negative tests in devlxd.sh
  • tests: Fix negative tests in external_auth.sh
  • tests: Fix negative tests in idmap.sh
  • tests: Fix negative tests in incremental_copy.sh
  • tests: Fix negative tests in lxc-to-lxd.sh
  • tests: Fix negative tests in migration.sh
  • tests: Fix negative tests in pki.sh
  • tests: Fix negative tests in projects.sh
  • tests: Fix negative tests in remote.sh
  • tests: Fix negative tests in security.sh
  • tests: Fix negative tests in serverconfig.sh
  • tests: Fix negative tests in snapshots.sh
  • tests: Fix negative tests in sql.sh
  • tests: Fix negative tests in storage_driver_ceph.sh
  • tests: Fix negative tests in storage_local_volume_handling.sh
  • tests: Fix negative tests in storage_profiles.sh
  • tests: Fix negative tests in storage.sh
  • tests: Fix negative tests in storage_snapshots.sh
  • tests: Fix negative tests in storage_volume_attach.sh
  • tests: Fix negative tests in template.sh
  • tests: Fix volume list in cluster
  • tests: Fix volume list in projects
  • tests: Tweak fdleak test

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 3.9 has been released

8th of January 2019

Introduction

The LXD team is very excited to announce the release of LXD 3.9!

As the development period for this LXD release was right over the holidays, no new features were merged during this time, making this effectively a bugfix release on top of LXD 3.8.

Enjoy!

Bugs fixed

  • bash: Add snapshot keys
  • client: Use exported DownloadFileHash
  • doc: Clarify measurement units
  • doc: Cleanup security.md
  • doc: Update doc links in README
  • i18n: Update translations from weblate
  • image-handling.md: 'release' should be a string and not a list
  • lxc/monitor: Fix rendering
  • lxc/storage: Fix argument count check for delete
  • lxc-to-lxd: Fix go test
  • lxd/cluster: Fix schema upgrades
  • lxd/containers: Adapt to go-lxc Release
  • lxd/containers: bind default value is host
  • lxd/containers: Fix unix devices with liblxc 3.1
  • lxd/containers: Handle projects in forkmount
  • lxd/db: Re-generate the fresh schema, bumping the schema version
  • lxd: Fix go test
  • lxd/forkmount: Fix version detection
  • lxd/forkmount: Require mount_injection_file
  • lxd/main_forkmount: Remove debug statements
  • lxd/projects: Fix crashes on project list
  • lxd/storage/zfs: Fix dataset handling on copy
  • shared: Read certificates from host
  • shared/util: Export DownloadFileHash
  • tests: Add env variable to skip static analysis
  • tests: Drop startup sleep for cluster
  • tests: Reduce clustering delays
  • tests: Reduce delays in devlxd test
  • tests: Reduce sleep in network test
  • tests: Reduce sleeps in proxy tests
  • tests: Reduce teardown delays
  • tests: Remove sleep in console test
  • tests: Speed up basic tests

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 3.8 has been released

13th of December 2018

Introduction

The LXD team is very excited to announce the release of LXD 3.8!

This is the last release for 2018 and is a pretty feature packed one, improving on a lot of previously introduced features.

Enjoy!

New features

Automated container snapshots

Three configuration keys were introduced to control automated snapshots and configure how they will be named.

  • snapshots.schedule takes a CRON pattern to determine when to perform the snapshot
  • snapshots.schedule.stopped is a boolean used to control whether to snapshot stopped containers too
  • snapshots.pattern is a format string with pongo2 templating support used to set what the name of the snapshots should be when none is specified. This applies both to automated snapshots and to manually created snapshots where no name is provided.

Support for copy/move between projects

A new --target-project option has been added to both lxc copy and lxc move, making it possible to copy or move containers between projects.

stgraber@castiana:~$ lxc move test1 test1 --target-project blah
stgraber@castiana:~$ lxc list --project blah
+-------+---------+------+------+------------+-----------+
| NAME  |  STATE  | IPV4 | IPV6 |    TYPE    | SNAPSHOTS |
+-------+---------+------+------+------------+-----------+
| test1 | STOPPED |      |      | PERSISTENT |           |
+-------+---------+------+------+------------+-----------+

cluster.https_address server option

Up till now, clustered LXD servers had to be configured to listen on a single IPv4 or IPv6 address with both internal cluster traffic and regular client traffic all using that same address.

LXD 3.8 changes that by introducing a new cluster.https_address option. This write-once key holds the address used for cluster communication and cannot currently be changed without having to remove the node from the cluster.

With this separate key in place, it's now possible to change the regular core.https_address on clustered nodes to any address you want, including to wildcard patterns like :8443.

This makes it possible to use a completely different network for internal cluster communication, making it easy to prioritize and filter cluster traffic.

Cluster image replication

Another improvement for our cluster users is the introduction of automatic image replication. Prior to LXD 3.8, images would only get copied to other cluster members as containers on those systems request them.

While good for performance, bandwidth and disk usage, this had the obvious downside that if the image is only present on a single system and that system goes offline, then there is no way for that image to be used until the system recovers.

LXD 3.8 changes this by having all manually created or imported images be replicated on at least 3 systems. Images that are stored in the image store only as a cache entry do not get replicated.

The behavior can be configured through cluster.images_minimal_replica with 3 being the new default behavior, 1 being the previous behavior and -1 used to replicate on all cluster members.

security.protection.shift container option

Until such time as we get shiftfs into Linux distributions and land support for it in LXD, LXD has to rely on slow rewriting of all uid/gid on the filesystem whenever the container's idmap changes.

This can be a dangerous operation when run on systems that are prone to sudden power less or shutdown as this operation cannot be safely resumed if interrupted partway.

When set, the new security,protection.shift configuration option will prevent any such remapping, instead making any action that would result in one fail until the key is unset.

Support for passing all USB devices

Similar to how you can pass all GPUs to a container by not specifying any filter, it is now possible to do the same with USB devices by not specifying any vendorid or productid filter.

In such cases, every USB device will be made visible to the container, including any device hotplugged after the fact.

CLI override of default project

Many users reported that interacting with multiple projects can be tedious due to having to constantly use lxc project switch to switch the client between projects. This is especially true when all you want to do in a particular project is a simple action like starting a container.

LXD 3.8 now has a --project option available throughout the command line client, which lets you override the project for a particular operation.

stgraber@castiana:~$ lxc project list
+-------------------+--------+----------+---------+
|       NAME        | IMAGES | PROFILES | USED BY |
+-------------------+--------+----------+---------+
| blah              | NO     | NO       | 2       |
+-------------------+--------+----------+---------+
| default (current) | YES    | YES      | 14      |
+-------------------+--------+----------+---------+

stgraber@castiana:~$ lxc list test
+-------+---------+------+------+------------+-----------+
| NAME  |  STATE  | IPV4 | IPV6 |    TYPE    | SNAPSHOTS |
+-------+---------+------+------+------------+-----------+
| test1 | STOPPED |      |      | PERSISTENT | 0         |
+-------+---------+------+------+------------+-----------+

stgraber@castiana:~$ lxc list test --project blah
+-------+---------+------+------+------------+-----------+
| NAME  |  STATE  | IPV4 | IPV6 |    TYPE    | SNAPSHOTS |
+-------+---------+------+------+------------+-----------+
| test2 | STOPPED |      |      | PERSISTENT | 0         |
+-------+---------+------+------+------------+-----------+

Bi-directional rsync negotiation

Recent LXD releases have introduced rsync feature negotiation where the source could tell the server what rsync features it's using so that the server can match them on the receiving end.

LXD 3.8 introduces the reverse of that by having the LXD server indicate what it supports as part of the migration protocol, allowing for the source to restrict the features it uses.

This should provide very robust migration in the future where a newer LXD will be able to migrate containers out to an older LXD without running into rsync feature mismatches.

ZFS compression support

Another improvement to our migration protocol is the detection and use of ZFS compression support when available.

When combined with zpool compression, this can very significantly reduce the size of the migration stream.

Bugs fixed

  • client: convert EventListener to use api.Event
  • client: Fix crash on missing ProgressTracker
  • doc: Add kernel.keys.maxkeys to production-setup
  • doc: Add project documentation
  • doc: Updated documentation of /cluster/members/ to have correct keys
  • i18n: Update translations from weblate
  • i18n: Update translation templates
  • lxc/image: Fix rootfs file handling on snap
  • lxc/import: gzip is the default
  • lxc/project: Check existence on switch
  • lxd: Finish converting events to api.Event
  • lxd: Fix AppArmor cache policy version check
  • lxd: Handle AppArmor policy cache directory
  • lxd/cluster: Tweak error messages
  • lxd/containers: Drop needless function
  • lxd/containers: Fix snapshot URLs in projects
  • lxd/containers: Hide duplicate log entries
  • lxd/containers: Improve hwaddr retry logic
  • lxd/containers: Properly clear static leases
  • lxd/containers: Respect optional=true for disks
  • lxd/db: Avoid un-needed query on container move
  • lxd/db: Fix typo in existing docstring
  • lxd/db: Fix unit test not actually checking error
  • lxd/db: Make ContainerSetState use single query
  • lxd/images: Fix bad project handling
  • lxd/init: Better handle disk sizes
  • lxd/init: Checks if a zfs storage pool or dataset exists
  • lxd/init: Fix typo
  • lxd/migration: Cleanup feature negotiation
  • lxd/migration: Fix CRIU rsync option negotiation
  • lxd/migration: Fix rsync project prefix
  • lxd/migration: Fix shutdown race
  • lxd/migration: Remove leftover debugging
  • lxd/migration: Re-spawn proxy devices
  • lxd/migration: Simplify MigrationSink
  • lxd/migration: Simplify MigrationSource
  • lxd/migration: Simplify StorageMigrationSink
  • lxd/networks: Fix projects in dnsmasq.hosts
  • lxd/projects: Add config validation
  • lxd/projects: Fix copy of snapshots
  • lxd/proxy: Improve shutdown code
  • lxd/storage: Fix broken error handling
  • lxd/storage: Fix check for custom volume restore
  • lxd/storage: Fix custom volume copies
  • lxd/storage: Fix more project copy issues
  • lxd/storage: Fix snapshot migration with projects
  • lxd/storage: Freeze containers during rsync
  • lxd/storage: user_subvol_rm_allowed for btrfs
  • lxd/storage/btrfs: Fix project migrations
  • lxd/storage/btrfs: Tweak errors
  • lxd/storage/ceph: Fix copies within project
  • lxd/storage/ceph: Fix project migration
  • lxd/storage/dir: Don't fail when quota are set
  • lxd/storage/dir: Fix project snapshot symlink
  • lxd/storage/lvm: Fix project handling
  • lxd/storage/lvm: Run pvremove on VG deletion
  • lxd/storage/zfs: Add zfsPoolVolumeExists
  • lxd/storage/zfs: Detect tool version on Ubuntu
  • lxd/storage/zfs: Fix missing dir on copy
  • lxd/storage/zfs: Fix project copies
  • lxd/storage/zfs: Fix project migrations
  • lxd/storage/zfs: Fix setting quotas on project
  • shared: Fix import order
  • shared: Fix windows cert handling
  • shared/idmap: Workaround Go tip change
  • shared/termios: Add shim for non-cgo builds
  • storage/zfs: Fix arguments in function call
  • tests: Always pass -w to iptables
  • tests: Bump size to 120MB for btrfs
  • tests: Fix leftover file
  • tests: Improve live-migration tests
  • tests: Test migration in projects
  • test: Support AppArmor policy cache directory

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 3.0.3 has been released

23rd of November 2018

Introduction

The LXD team is pleased to announce the release of LXD 3.0.3!

As a stable bugfix release, no major changes have been done, instead focusing on bugfixes and minor usability improvements.

Highlights

Cluster refreshes for snap environments

A common issue with LXD clusters is the requirement that all nodes run the same LXD version and have a matching set of API extensions and DB schema.

When any node goes ahead of the rest, all database operations are held back until the remainder of the nodes are upgraded.

As we're talking about a number of separate machines, coordinating that upgrade may be a bit tricky and in the case of the LXD snap, could take up to 24h without user intervention.

To improve this, we introduced a new LXD_CLUSTER_UPDATE environment variable which packagers can set, pointing it to a script which will update the local LXD daemon through the relevant package manager. When LXD detects that another node is now ahead of itself, it will call this script which will then update the local LXD and have it match.

Rsync option negotiation

This release includes support for the rsync option negotiation which got rolled out in LXD 3.5, 3.6 and 3.7. This should result in smoother migrations between varying LXD releases.

Improved Candid support

Candid external authentication was extended to support multiple domains as well as providing with configurable expiry for the authentication tokens (defaulting to 1h).

This allows administrators in large organizations to choose what Candid domains will be allowed on a particular LXD server and configure exactly how long a user will be trusted before having to renew their authentication token with Candid.

The relevant configuration keys are: - candid.domains (comma separate listed of domains, default to allow all) - candid.expiry (token expiry in seconds, default to 3600)

Added support for PEM encrypted keys

For added security, LXD now supports PEM encrypted keys, this means that you can now manually encrypt your ~/.config/lxc/client.crt using openssl and LXD will then prompt you for the password as needed.

stgraber@castiana:~$ lxc project list s-vorash:
Password for client.crt: 
+-------------------+--------+----------+---------+
|       NAME        | IMAGES | PROFILES | USED BY |
+-------------------+--------+----------+---------+
| default (current) | YES    | YES      | 28      |
+-------------------+--------+----------+---------+

Added support for LXD_INSECURE_TLS

While all our own image servers and internal communications support modern ciphers, it's been brought to our attention that some corporate environments will intercept TLS traffic through their proxy and using a company CA, terminate the TLS connection on the proxy to inspect the traffic.

This would work fine so long as the company CA is trusted on the system and LXD is configured to use the company proxy. Unfortunately, it appears that many such proxies also do not support the modern ciphers that LXD requires, effectively causing all outgoing TLS connections to fail.

For those environments, we have now added a new LXD_INSECURE_TLS environment variable which is respected by both lxd and lxc and that will instruct LXD to relax the ciphers requirements, using the default TLS settings from Go rather than using our restricted set of trusted ciphers.

Expanded exec operation metadata

Ever wondered what that exec session is about in lxc operation list?

Well, now LXD lets you find that out by looking at some extra metadata that's recorded as part of the exec operation.

stgraber@castiana:~$ lxc exec xenial -- sleep 30 &
[1] 25911

stgraber@castiana:~$ lxc operation list
+--------------------------------------+-----------+-------------------+---------+------------+----------------------+
|                  ID                  |   TYPE    |    DESCRIPTION    | STATUS  | CANCELABLE |       CREATED        |
+--------------------------------------+-----------+-------------------+---------+------------+----------------------+
| 274ab284-ed07-4834-b3f5-6ec1d7cf3b74 | WEBSOCKET | Executing command | RUNNING | NO         | 2018/11/09 04:20 UTC |
+--------------------------------------+-----------+-------------------+---------+------------+----------------------+

stgraber@castiana:~$ lxc operation show 274ab284-ed07-4834-b3f5-6ec1d7cf3b74
id: 274ab284-ed07-4834-b3f5-6ec1d7cf3b74
class: websocket
description: Executing command
created_at: 2018-11-08T23:20:30.323852365-05:00
updated_at: 2018-11-08T23:20:30.323852365-05:00
status: Running
status_code: 103
resources:
  containers:
  - /1.0/containers/xenial
metadata:
  command:
  - bash
  environment:
    HOME: /root
    LANG: C.UTF-8
    PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
    TERM: xterm
    USER: root
  fds:
    "0": d79593f74c3e566987a3bdb109d2f4102aea5915ad344f64ea665082c1a3177e
    control: 0ed5ba645a9f6f0b2956282bba274ce015407a6309e1a9ec1a897fab0483d6fe
  interactive: true
may_cancel: false
err: ""

This records the command that was executed, its environment and whether it was run interactively or not.

Bugfixes

  • doc: add note about ignoring mount options
  • shared/idmap: test fcaps support
  • Add a few missing rows.Close() calls
  • lxd/patches: Profiles are in the cluster db
  • lxd/storage/ceph: Only freeze container if running
  • lxc: Only target if --target is passed
  • shared: Return decompressor in DetectCompression
  • lxd/containers: Don't return nil on Storage calls
  • tests: Fix mode of proxy.sh
  • shared/api: Don't re-define fields
  • lxd/storage/btrfs: Fix clearing quotas
  • lxd/containers: Also use apply_quota for CEPH
  • lxd/containers: Simplify and fix pool update logic
  • Add NodeIsOutdated() db API to check is a node is outdated
  • Trigger whatever is in the LXD_CLUSTER_UPDATE var is node is outdated
  • lxd/images: Add missing cleanup code
  • lxd/containers: Fix bad function name
  • tests: Avoid err == nil pattern
  • lxd: Don't mask database errors
  • Honor the CC environment variable when invoking go install
  • client: Avoid err == nil pattern
  • lxd/profiles: Don't list snapshots in UsedBy
  • Make database queries timeout after 10s if cluster db is unavail
  • tests: Fix pki with newer easyrsa
  • lxd/db: Fix internal DB test
  • doc: Fix and improve the description
  • operations: return true if operation is done before timeout
  • lxd/containers: Avoid root device name conflict
  • lxd/import: Add root disk if needed
  • global: Advertise rsync features
  • lxd/db: Use NoSuchObject consistently
  • proxy: Only log errors
  • lxd/import: Don't delete container on import failure
  • i18n: Update translation templates
  • Support --domain flag for lxc remote
  • Add configurable macaroon expiry
  • Support Candid domain validation
  • Update Candid docs
  • Update i18n
  • lxd: Rename API endpoints
  • network_linux: add netns_getifaddrs()
  • main_checkfeature: check kernel for netnsid support
  • network: add NetworkGetCounters()
  • container_lxc: switch to NetnsGetifaddrs()
  • shared: Add network state API
  • api: Add extended cluster join API
  • lxd/init: Fix struct conflict
  • lxc: Identify snapshots when listed
  • shared/version: Support detecting ChromeOS versions
  • lxd/containers: Force bring up of SRIOV parent
  • netns_getifaddrs: fix argument passing
  • netnsid_getifaddrs: fix check for netnsid support
  • doc: Fix storage API endpoints
  • container_lxc: handle network retrieval smarter
  • shared: Add storage volume snapshot support
  • client: Add storage volume snapshot support
  • netns_getifaddrs: don't print useless info
  • shared/api: Fix StorageVolumeSource struct
  • Makefile: Set LDFLAGS for dqlite
  • lxd: Fix handling of CGroup-V2 systems
  • tree-wide: pass -std=gnu11 -Wvla
  • lxd/containers: Rework exec FD handling
  • Added optional ?target= to /containers POST documentation
  • lxd/storage/lvm: Don't un-necessarily start/stop storage
  • lxd/storage/ceph: Don't un-necessarily mount snapshots
  • lxd/containers: Fix cleanup on create failure
  • shared/network: Don't crash on VPN devices
  • lxd/containers: Fix bad nvidia information parsing
  • netns_getifaddrs: fix network stats retrieval
  • network: Fix counters on non-ethernet interfaces
  • doc: Add configuration for readthedocs
  • storage: Fix error strings
  • lxd/storage/btrfs: Don't fail deleting pools on misisng disk
  • Split code in 2 seperate files
  • network: provide #ifdefs for RTM_* requests
  • Document LVM support for storage quotas
  • candid: Cleanup code a bit
  • network: fix netns_get_nsid() signature
  • apparmor: Allow cgroupv2 in cgns
  • candid: Fix client when using https candid server
  • lxd-p2c: Fix static build
  • config: Add support for PEM encrypted keys
  • lxc: Setup password helper
  • lxc/config: Only setup needed connection args
  • lxc/config: More TLS optimizations
  • i18n: Update translation templates
  • macro: add SOL_NETLINK
  • macro: add NETLINK_DUMP_STRICT_CHK
  • netns_ifaddrs: check for NETLINK_DUMP_STRICT_CHK
  • Fix Potential Event Race
  • devices: Fix bad disk limits
  • Fix root disk limits on container startup
  • checkfeature: Rework structure
  • checkfeature: simplify is_netnsid_aware() check
  • checkfeature: Avoid double line break
  • checkfeature: dial logging down from to debug
  • lxc/progress: Add terminal detection
  • doc: Rework backup documentation
  • client: Add GetNetworkState
  • client: Add extended cluster join API
  • client: Add UseProject
  • shared/api: Add projects
  • client: Add support for projects
  • lxc/config: Add support for projects
  • Change query.SelectObjects signature to support a prepared statement
  • Add query.SelectURIs convenience for getting API resource URIs
  • Add cluster statements registry
  • api: Add Project.Config reference
  • Improve some error messages around container creation
  • Lookup for the "target" API parameter only in the URL query string
  • Automatically add ?project=x query param to image server
  • Improve error reporting when creating a container
  • Change ContainerStorageRead() to take a container object instead of its name
  • Improve error messages around LVM volume creation
  • Change Storage.ContainerUmount to accept a container vs a container name
  • lxd/init: Update for current client package
  • lxc/progress: Don't print empty lines
  • candid: Improve domain validation and pubkey
  • lxd/images: Fix parsing of public property
  • client: Always use the "do()" wrapper
  • client: Fix URLs with missing project/target
  • Improve error messages
  • lxd/containers: Fix cluster shutdown
  • i18n: Update Japanese translation
  • idmap: use global variable for vfs3 fcaps support
  • checkfeature: check for vfs3 fscaps support
  • lxd/db: Fix bad limits.cpu
  • shared: Add limits.cpu validator
  • doc: add the appropriate titles to some documents
  • shared/network: Allow TLS1.3
  • global: Implement LXD_INSECURE_TLS env variable
  • netns_getifaddrs: simplify
  • Fix bad check for recursive mounts
  • Prevent event listeners from lying around even after Disconnect()
  • client: Support creating project-bound container using an image on another node
  • client: Filter lifecycle and operations events by project
  • client: Make container backups code honor projects
  • client: Make GET /profiles return only profiles for the project
  • Bump Go versions and use '.x' to always get latest patch versions
  • Update build instruction
  • doc: Bump to 1.10 or higher everywhere
  • Don't expire lxd.log by accident
  • lxd/storage: Fix importing preseed dump
  • lxd/migration: Use current idmap instead of next
  • lxd/db: Send raft/dqlite logging to debug
  • lxd/daemon: Clarify early loggging
  • checkfeature: Don't log error on missing feature
  • lxd/daemon: Improve logging of inherited fds
  • shared/logging: Improve logfile output
  • lxd/daemon: Don't mention MAAS unless configured
  • exec: Expose command, env and mode in metadata
  • client: Fix cancelation of image download
  • Detect and shrink large boltdb files
  • lxd/daemon: Fix build
  • loop: retry on EBUSY
  • lxd/storage: Improve loop device errors
  • lxd/containers: Detect root disk pool changes
  • doc: Update cloud-init network documentation
  • client: Fix error handling in operations
  • lxd/containers: Prevent duplicate profiles
  • lxc/copy: --container-only is meaningless for snapshots
  • shared/api: Add support for incremental container copy
  • client: Add support for incremental container copy
  • doc: Add kernel.keys.maxkeys to production-setup
  • lxd/storage/dir: Don't fail when quota are set
  • lxd: Handle AppArmor policy cache directory
  • test: Support AppArmor policy cache directory
  • lxd/containers: Respect optional=true for disks
  • use empty usb vendorid to pass through all usb devices
  • doc: Add usb_optional_vendorid API extension
  • lxc/image: Fix rootfs file handling on snap
  • lxd/containers: Properly clear static leases
  • shared/api: Support copy between projects
  • client: Support copy between projects
  • lxc/config: Allow overriding the current project
  • rsync: Tweak transfer options (delete & compress)
  • lxd/daemon: Improve logging of kernel features
  • lxd: Register background tasks as operations
  • lxc: Switch all progress op handling to cancelable
  • Increase go-dqlite client timeout when not-clustered
  • lxd: Rework task handling
  • lxd/migration: Fix CRIU rsync option negotiation
  • lxd/storage/btrfs: Tweak errors
  • lxd/init: Better handle disk sizes
  • lxd/db: Avoid un-needed query on container move
  • i18n: Update translation templates
  • Add StorageVolumeIsAvailable to check if a Ceph volume can be attached
  • Wire StorageVolumeIsAvailable to containerValidDevices
  • Add integration test

Support and upgrade

LXD 3.0.3 is supported until June 2023 and is our current LTS release, users are encouraged to update to the latest bugfix releases as they're made available.

Downloads

LXD 3.7 has been released

9th of November 2018

Introduction

The LXD team is very excited to announce the release of LXD 3.7!

We started off this release cycle by fixing a number of issues and edge cases surrounding our recently introduced projects feature as more and more of our users started making use of it.

But that's not to say that we've spent the entire past month fixing bugs and LXD 3.7 also debuts support for container refreshes, got a few tweaks to our TLS setup, improved exec operations and an extra VXLAN configuration key.

On top of the project fixes, we've also done a number of improvements to our database, logging and fixed quite a few other bugs.

New features

Container refresh

It is now possible to tell LXD to refresh a container based on another container, either locally or remotely. On the command line, this is controlled by a new --refresh argument to lxc copy.

This can be used to setup a backup LXD server that will then get regular updates from production servers, keeping the containers and their snapshots in sync until such time as they need to be restore or just started from the backup server.

The initial copy uses our usual migration code, subsequent refreshes will then compare the list of snapshots, delete any snapshot which was removed from the source or which appears to have been changed and then sync the missing snapshots and container state using rsync.

Switch default key type to EC384

LXD has always used RSA4096 has the algorithm and key strength of choice for its private keys. This has unfortunately cause a number of issues on some CPU architectures where RSA can get very very slow.

The switch to using an elliptic-curve key by default fixes that issue by considerably reducing the generation time without compromising on private key security.

Note that this is only used for newly generated keys, existing users will keep using their RSA private keys. It's also worth noting that LXD will happily let you generate your own private key and certificate and just put them into place on the filesystem for it to use.

New environment variable to control cipher selection

While all our own image servers and internal communications support modern ciphers, it's been brought to our attention that some corporate environments will intercept TLS traffic through their proxy and using a company CA, terminate the TLS connection on the proxy to inspect the traffic.

This would work fine so long as the company CA is trusted on the system and LXD is configured to use the company proxy. Unfortunately, it appears that many such proxies also do not support the modern ciphers that LXD requires, effectively causing all outgoing TLS connections to fail.

For those environments, we have now added a new LXD_INSECURE_TLS environment variable which is respected by both lxd and lxc and that will instruct LXD to relax the ciphers requirements, using the default TLS settings from Go rather than using our restricted set of trusted ciphers.

Added metadata to exec operations

Ever wondered what that exec session is about in lxc operation list?

Well, now LXD lets you find that out by looking at some extra metadata that's recorded as part of the exec operation.

stgraber@castiana:~$ lxc exec xenial -- sleep 30 &
[1] 25911

stgraber@castiana:~$ lxc operation list
+--------------------------------------+-----------+-------------------+---------+------------+----------------------+
|                  ID                  |   TYPE    |    DESCRIPTION    | STATUS  | CANCELABLE |       CREATED        |
+--------------------------------------+-----------+-------------------+---------+------------+----------------------+
| 274ab284-ed07-4834-b3f5-6ec1d7cf3b74 | WEBSOCKET | Executing command | RUNNING | NO         | 2018/11/09 04:20 UTC |
+--------------------------------------+-----------+-------------------+---------+------------+----------------------+

stgraber@castiana:~$ lxc operation show 274ab284-ed07-4834-b3f5-6ec1d7cf3b74
id: 274ab284-ed07-4834-b3f5-6ec1d7cf3b74
class: websocket
description: Executing command
created_at: 2018-11-08T23:20:30.323852365-05:00
updated_at: 2018-11-08T23:20:30.323852365-05:00
status: Running
status_code: 103
resources:
  containers:
  - /1.0/containers/xenial
metadata:
  command:
  - bash
  environment:
    HOME: /root
    LANG: C.UTF-8
    PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
    TERM: xterm
    USER: root
  fds:
    "0": d79593f74c3e566987a3bdb109d2f4102aea5915ad344f64ea665082c1a3177e
    control: 0ed5ba645a9f6f0b2956282bba274ce015407a6309e1a9ec1a897fab0483d6fe
  interactive: true
may_cancel: false
err: ""

This records the command that was executed, its environment and whether it was run interactively or not.

New VXLAN TTL configuration key

A new tunnel.NAME.ttl key has been added to LXD managed bridges. This lets you configure the TTL to use for multicast VXLAN tunnels (default is 1).

Bugs fixed

  • backup: Allow backups to not expire
  • client: Always use the "do()" wrapper
  • client: Fix cancelation of image download
  • client: Fix error handling in operations
  • client: Fix URLs with missing project/target
  • doc: Add the appropriate titles to some documents
  • doc: Bump to 1.10 or higher everywhere
  • doc: Update build instruction
  • doc: Update cloud-init network documentation
  • i18n: Update translations from weblate
  • i18n: Update translation templates
  • lxc: Switch all progress op handling to cancelable
  • lxc/copy: --container-only is meaningless for snapshots
  • lxd: Register background tasks as operations
  • lxd: Remove expired container backups
  • lxd: Rework task handling
  • lxd/backups: Set default expiry for backups
  • lxd/checkfeature: Check for vfs3 fscaps support
  • lxd/checkfeature: Don't log error on missing feature
  • lxd/containers: Add ContainerListExpanded to load containers and expand their configs/devices
  • lxd/containers: Associate a container with the profile from its own project
  • lxd/containers: Consider the container's project when loading profiles
  • lxd/containers: Detect root disk pool changes
  • lxd/containers: Expand container devices and configs from the associated project
  • lxd/containers: Fix bad check for recursive mounts
  • lxd/containers: Fix cluster shutdown
  • lxd/containers: Fix lxc exec when using a container inside a project
  • lxd/containers: Fix missing project in args
  • lxd/containers: Improve error messages
  • lxd/containers: Make containers on other nodes visible also in the non-default project
  • lxd/containers: Prefix the container name with the project name when invoking forkconsole
  • lxd/containers: Prevent duplicate profiles
  • lxd/containers: Use liblxc mount injection api
  • lxd/daemon: Clarify early loggging
  • lxd/daemon: Don't expire lxd.log by accident
  • lxd/daemon: Don't mention MAAS unless configured
  • lxd/daemon: Improve logging of inherited fds
  • lxd/daemon: Improve logging of kernel features
  • lxd/db: Add logic to the db package to expand devices
  • lxd/db: Add logic to the db package to load and expand profiles
  • lxd/db: Detect and shrink large boltdb files
  • lxd/db: Fix bad limits.cpu in test
  • lxd/db: Fix listing container backups
  • lxd/db: Increase database timeout when creating indexes in db update 12
  • lxd/db: Increase go-dqlite client timeout when not-clustered
  • lxd/db: Make the db mapper code generator handle compound natural keys
  • lxd/db: Sanitize references to containers table
  • lxd/db: Send raft/dqlite logging to debug
  • lxd/db: Speed up execution of update from v11 of the db
  • lxd/db: Wire expand config logic fromt the db package
  • lxd/db: Wire expand devices logic fromt the db package
  • lxd/events: Prevent event listeners from lying around even after Disconnect()
  • lxd/images: Auto-update images also in projects other than the default one
  • lxd/images: Avoid downloading an image twice if it's already in another project
  • lxd/images: Link an image to a project when downloading it to init a container
  • lxd/images: Support creating project-bound container using an image on another node
  • lxd/main_forkmount: Use pkg-config
  • lxd/main_forknet: Simplify getifaddrs
  • lxd/migration: Use current idmap instead of next
  • lxd/networks: Include containers from all projects in the UsedBy field of a network
  • lxd/patches: Add missing transition for symlinks
  • lxd/profiles: Fix project-aware URIs in the UsedBy field of api.Profile
  • lxd/projects: Fix clustered exec/console
  • lxd/projects: Fix profile updates
  • lxd/projects: Propagate events about all projects to all cluster nodes
  • lxd/projects: Re-create the project default profile when turning on the project profiles feature
  • lxd/storage: Add StorageVolumeIsAvailable to check if a Ceph volume can be attached
  • lxd/storage: Destroy the correct ZFS volume when deleting a container in a project
  • lxd/storage: Fix importing preseed dump
  • lxd/storage: Improve loop device errors
  • lxd/storage: Make custom volumes visible from non-default projects
  • lxd/storage: Retry loop device allocation on EBUSY
  • lxd/storage: Wire StorageVolumeIsAvailable to containerValidDevices
  • rsync: Tweak transfer options (introduce delete & compress)
  • scripts: Add 'project' to bash completion
  • shared: Add limits.cpu validator
  • shared/idmap: Use global variable for vfs3 fcaps support
  • shared/logging: Improve logfile output
  • shared/network: Allow TLS1.3
  • tests: Add integration test for CEPH cross-node volumes
  • tests: Small unrelated cleanup in projects integration test
  • travis: Bump Go versions and use '.x' to always get latest patch versions

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 3.6 has been released

11th of October 2018

Introduction

The LXD team is very excited to announce the release of LXD 3.6!

This is a rather feature packed release with a variety of new configuration options as well as big features like LXD projects and ability to snapshot/restore custom storage volumes.

New features

Introducing LXD projects

LXD projects let you effectively split your LXD server. Each project has its own list of containers and can also have its own profiles and images.

You can define as many projects as you want and easily switch between them with lxc project switch.

Newly created projects have all features enabled, meaning that at this point, they will be able to hold:

  • containers
  • images
  • profiles

When some of those features are disabled, they simply inherit from the default project.

For example, let's create a new project which only holds containers and then start a container inside it:

stgraber@castiana:~$ lxc list
+-------------+---------+----------------------+----------------------------------------------+------------+-----------+
|    NAME     |  STATE  |         IPV4         |                     IPV6                     |    TYPE    | SNAPSHOTS |
+-------------+---------+----------------------+----------------------------------------------+------------+-----------+
| centos3     | STOPPED |                      |                                              | PERSISTENT |           |
+-------------+---------+----------------------+----------------------------------------------+------------+-----------+
| centos4     | STOPPED |                      |                                              | PERSISTENT |           |
+-------------+---------+----------------------+----------------------------------------------+------------+-----------+
| snapcraft   | RUNNING | 10.166.11.213 (eth0) | 2001:470:b368:4242:216:3eff:fe77:c7f8 (eth0) | PERSISTENT | 1         |
+-------------+---------+----------------------+----------------------------------------------+------------+-----------+
| tutorials   | RUNNING | 172.17.0.1 (docker0) | 2001:470:b368:4242:216:3eff:fea7:1816 (eth0) | PERSISTENT |           |
+-------------+---------+----------------------+----------------------------------------------+------------+-----------+

stgraber@castiana:~$ lxc project list
+-------------------+--------+----------+---------+
|       NAME        | IMAGES | PROFILES | USED BY |
+-------------------+--------+----------+---------+
| default (current) | YES    | YES      | 19      |
+-------------------+--------+----------+---------+

stgraber@castiana:~$ lxc project create demo -c features.images=false -c features.profiles=false
Project demo created
stgraber@castiana:~$ lxc project switch demo

stgraber@castiana:~$ lxc list
+------+-------+------+------+------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+------+-------+------+------+------+-----------+

stgraber@castiana:~$ lxc launch ubuntu:18.04 c1
Creating c1
Starting c1

stgraber@castiana:~$ lxc list
+------+---------+----------------------+----------------------------------------------+------------+-----------+
| NAME |  STATE  |         IPV4         |                     IPV6                     |    TYPE    | SNAPSHOTS |
+------+---------+----------------------+----------------------------------------------+------------+-----------+
| c1   | RUNNING | 10.166.11.147 (eth0) | 2001:470:b368:4242:216:3eff:fef6:58a8 (eth0) | PERSISTENT |           |
+------+---------+----------------------+----------------------------------------------+------------+-----------+

Custom storage volume snapshots

It is now possible to create and manage snapshots on your custom storage volumes.

stgraber@castiana:~$ lxc storage volume create default data
Storage volume data created
stgraber@castiana:~$ lxc storage volume snapshot default data my-snapshot
stgraber@castiana:~$ lxc storage volume list default
+----------------------+------------------------------------------------------------------+-------------+---------+
|         TYPE         |                               NAME                               | DESCRIPTION | USED BY |
+----------------------+------------------------------------------------------------------+-------------+---------+
| container            | centos3                                                          |             | 1       |
+----------------------+------------------------------------------------------------------+-------------+---------+
| container            | centos4                                                          |             | 1       |
+----------------------+------------------------------------------------------------------+-------------+---------+
| container            | snapcraft                                                        |             | 1       |
+----------------------+------------------------------------------------------------------+-------------+---------+
| container            | tutorials                                                        |             | 1       |
+----------------------+------------------------------------------------------------------+-------------+---------+
| container (snapshot) | snapcraft/snap0                                                  |             | 1       |
+----------------------+------------------------------------------------------------------+-------------+---------+
| custom               | data                                                             |             | 0       |
+----------------------+------------------------------------------------------------------+-------------+---------+
| custom (snapshot)    | data/my-snapshot                                                 |             | 0       |
+----------------------+------------------------------------------------------------------+-------------+---------+
| image                | 0381c3c01c04b937579e0f055f5378a548eefcc18dd928249d4752ac47a6aa08 |             | 1       |
+----------------------+------------------------------------------------------------------+-------------+---------+
stgraber@castiana:~$ lxc storage volume restore default data my-snapshot
stgraber@castiana:~$

New volumes may also be created by copying a snapshot.

New NVIDIA configuration options

This introduces a few extra config keys when using nvidia.runtime and the libnvidia-container library. Those keys translate pretty much directly to the matching nvidia-container environment variables:

  • nvidia.driver.capabilities = NVIDIA_DRIVER_CAPABILITIES
  • nvidia.require.cuda = NVIDIA_REQUIRE_CUDA
  • nvidia.require.driver = NVIDIA_REQUIRE_DRIVER

More details about those can be found here

New columns in lxc list and lxc image list

New columns have been added to lxc list to show the image that was used to create the container. The f column shows the short hash, the F column shows the full hash.

stgraber@castiana:~$ lxc list -c nfF
+-------------+--------------+------------------------------------------------------------------+
|    NAME     |  BASE IMAGE  |                            BASE IMAGE                            |
+-------------+--------------+------------------------------------------------------------------+
| centos3     | 3265a2551f2a | 3265a2551f2a8b3a08896f0a5b487bc4fa1d2a71fee3220b2077b8a4850d8f7a |
+-------------+--------------+------------------------------------------------------------------+
| centos4     | d22c637f6420 | d22c637f6420570b0b6d5a4ad687672a59d6f13acd19ad07901a47469ea78137 |
+-------------+--------------+------------------------------------------------------------------+
| snapcraft   | 3e50ba589426 | 3e50ba589426c21f26370e2f949f30210f2d0419fbb9d4d4a0f860a035373353 |
+-------------+--------------+------------------------------------------------------------------+
| tutorials   | d72ae2e5073f | d72ae2e5073f20450c5260e6f227484c23452a46c6bb553ffe6be55e48602bb4 |
+-------------+--------------+------------------------------------------------------------------+

And similarly, a F column was added to lxc image list.

stgraber@castiana:~$ lxc image list -c fFd
+--------------+------------------------------------------------------------------+---------------------------------------------+
| FINGERPRINT  |                           FINGERPRINT                            |                 DESCRIPTION                 |
+--------------+------------------------------------------------------------------+---------------------------------------------+
| 5ceb96c7eb29 | 5ceb96c7eb29ed3bf971cca95e4f9c7c95b7fcb1528e2733fca143e3908a384d | ubuntu 18.10 amd64 (daily) (20181010)       |
+--------------+------------------------------------------------------------------+---------------------------------------------+
| c966933fdfd3 | c966933fdfd390d301fed3447528e2f910bf72c0615b2caaf3235a791fed3541 | ubuntu 16.04 LTS amd64 (release) (20181004) |
+--------------+------------------------------------------------------------------+---------------------------------------------+
| d72ae2e5073f | d72ae2e5073f20450c5260e6f227484c23452a46c6bb553ffe6be55e48602bb4 | ubuntu 18.04 LTS amd64 (release) (20181003) |
+--------------+------------------------------------------------------------------+---------------------------------------------+
| ef20901f9494 | ef20901f94946ebe05e05c63f54fda8e366ca47677b55e9c021527065c11459c | ubuntu 16.04 LTS i386 (release) (20181004)  |
+--------------+------------------------------------------------------------------+---------------------------------------------+

Basic support for CGroupV2-only systems

On systems that only have CGroupV2 enabled, LXD will now start properly and most container operations will work as expected.

Note that resource limits on CGroupV2 only systems will not be applied at this time. Getting to feature parity with CGroupV1 will need quite a lot more work.

New security.unmapped storage volume property

A new security.unmapped property has been added to the storage volumes. This effectively allows you to attach a custom volume to a first container, letting LXD remap it for you, then set that property and attach it to as many other containers as you want even if they have mismatching uid/gid maps.

Without this property set, LXD refuses to attach the volume because of uid/gid mismatch, with it set, it makes it the user's problem to either use pretty wide open file permissions to allow access or setup some POSIX ACLs for the various containers.

Support for PEM encrypted client key

For added security, LXD now supports PEM encrypted keys, this means that you can now manually encrypt your ~/.config/lxc/client.crt using openssl and LXD will then prompt you for the password as needed.

stgraber@castiana:~$ lxc project list s-vorash:
Password for client.crt: 
+-------------------+--------+----------+---------+
|       NAME        | IMAGES | PROFILES | USED BY |
+-------------------+--------+----------+---------+
| default (current) | YES    | YES      | 28      |
+-------------------+--------+----------+---------+

Uevent injection for USB devices

On very recent kernels, containers that have USB devices setup in LXD will now get add/remove and bind/unbind uevents forwarded to them, allowing for the use of udev rules and other software that listen for uevents.

Here is an example of a phone getting plugged in:

stgraber@castiana:~$ lxc exec tutorials udevadm monitor
monitor will print the received events for:
UDEV - the event which udev sends out after rule processing
KERNEL - the kernel uevent

KERNEL[894420.794945] add      /devices/pci0000:00/0000:00:1d.0/0000:06:00.0/0000:07:02.0/0000:3c:00.0/usb3/3-1/3-1.1/3-1.1.4/3-1.1.4.1 (usb)
UDEV  [894420.796425] add      /devices/pci0000:00/0000:00:1d.0/0000:06:00.0/0000:07:02.0/0000:3c:00.0/usb3/3-1/3-1.1/3-1.1.4/3-1.1.4.1 (usb)
KERNEL[894420.809028] bind     /devices/pci0000:00/0000:00:1d.0/0000:06:00.0/0000:07:02.0/0000:3c:00.0/usb3/3-1/3-1.1/3-1.1.4/3-1.1.4.1 (usb)
UDEV  [894420.810630] bind     /devices/pci0000:00/0000:00:1d.0/0000:06:00.0/0000:07:02.0/0000:3c:00.0/usb3/3-1/3-1.1/3-1.1.4/3-1.1.4.1 (usb)

Optimized retrieval of network information

Support for a set of upcoming netlink APIs has been added to LXD. With those, it is now possible to retrieve all container network information without requiring the use of subprocesses and without having to switch between namespaces.

On systems with a kernel supporting those new APIs, we can observe up to 40% performance improvement in lxc list.

Bugs fixed

  • client: Fix client when using HTTPs candid server
  • client: Fix Potential Event Race
  • doc: Add configuration for readthedocs
  • doc: Added optional ?target= to /containers POST documentation
  • doc: Document LVM support for storage quotas
  • doc: Fix storage API endpoints
  • doc: Rework backup documentation
  • global: Pass -std=gnu11 -Wvla
  • i18n: Update translations from weblate
  • lxc/config: More TLS optimizations
  • lxc/config: Only setup needed connection args
  • lxc/import: Fix error handling
  • lxc/progress: Add terminal detection
  • lxc/progress: Don't print empty lines
  • lxc/storage: Identify snapshots when listed
  • lxd: Fix handling of CGroup-V2 systems
  • lxd: Lookup for the "target" API parameter only in the URL query string
  • lxd/candid: Cleanup code a bit
  • lxd/candid: Improve domain validation and pubkey
  • lxd/containers: Fix bad nvidia information parsing
  • lxd/containers: Fix cleanup on create failure
  • lxd/containers: Fix root disk limits on container startup
  • lxd/containers: Force bring up of SRIOV parent
  • lxd/containers: Improve error reporting when creating a container
  • lxd/containers: Improve some error messages around container creation
  • lxd/containers: Rework exec FD handling
  • lxd/containers: Use the ID field from db.Container directly
  • lxd/db: Add cluster statements registry
  • lxd/db: Add query.SelectURIs convenience for getting API resource URIs
  • lxd/db: Change query.SelectObjects signature to support a prepared statement
  • lxd/db: More efficient profile delete API handler
  • lxd/db: Switch over to code generation
  • lxd/db: Use ClusterTx.ProfileDelete instead of Cluster.ProfileDelete
  • lxd/db: Use ClusterTx.ProfileRename instead of Cluster.ProfileUpdate
  • lxd/db: Use tx.ProfileCreate() instead of db.ProfileCreate()
  • lxd/devices: Fix bad disk limits
  • lxd/images: Fix parsing of public property
  • lxd/nvidia: Default to compute,utility
  • lxd-p2c: Fix static build
  • lxd/storage/btrfs: Don't fail deleting pools on misisng disk
  • lxd/storage/ceph: Don't un-necessarily mount snapshots
  • lxd/storage: Change ContainerStorageReady() to take a container struct
  • lxd/storage: Change ContainerUmount to accept a container struct
  • lxd/storage: Fix some storage URLs in API
  • lxd/storage/lvm: Don't un-necessarily start/stop storage
  • lxd/storage/lvm: Improve error messages around LVM volume creation
  • Makefile: Set LDFLAGS for dqlite
  • shared/network: Don't crash on VPN devices
  • shared/version: Support detecting ChromeOS versions
  • storage: Fix error strings

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 3.5 has been released

12th of September 2018

Introduction

The LXD team is very excited to announce the release of LXD 3.5!

You'll no doubt notice the smaller than usual feature changes. That's explained by the beginning of conference season as well as some of our ongoing work being so large that it won't fit in a single release cycle and so will land in the LXD 3.6 or 3.7 timeframe.

This release still contains a number of welcome improvements, especially for those cluster and enterprise users as well as a good number of bugfixes and performance improvements.

New features

Additional configuration options for external Candid authentication

Candid external authentication was extended to support multiple domains as well as providing with configurable expiry for the authentication tokens (defaulting to 1h).

This allows administrators in large organizations to choose what Candid domains will be allowed on a particular LXD server and configure exactly how long a user will be trusted before having to renew their authentication token with Candid.

The relevant configuration keys are: - candid.domains (comma separate listed of domains, default to allow all) - candid.expiry (token expiry in seconds, default to 3600)

--quiet option in the command line client

Users of the lxc command from scripts will be happy to hear that we've finally introduced a --quiet option which will silence all progress information and limit output to error messages.

Configurable compression for backups

We reworked the way backups are stored and handled quite a bit in this LXD release. Most of this won't be visible in day to day operations, other than making retrieving backups significantly faster and using much less memory.

One thing that is visible however is a new configuration option to control what compression to apply to backups.

The new configuration key is: - backups.compression_algorithm (default to "gzip")

Hook to handle cluster-wide release updates

A common issue with LXD clusters is the requirement that all nodes run the same LXD version and have a matching set of API extensions and DB schema.

When any node goes ahead of the rest, all database operations are held back until the remainder of the nodes are upgraded.

As we're talking about a number of separate machines, coordinating that upgrade may be a bit tricky and in the case of the LXD snap, could take up to 24h without user intervention.

To improve this, we introduced a new LXD_CLUSTER_UPDATE environment variable which packagers can set, pointing it to a script which will update the local LXD daemon through the relevant package manager. When LXD detects that another node is now ahead of itself, it will call this script which will then update the local LXD and have it match.

Bugs fixed

  • client: Avoid err == nil pattern
  • doc: Add example of exec with record-output
  • doc: Add note about ignoring mount options
  • doc: Fix and improve the description
  • global: Advertise rsync features
  • i18n: Update translations from weblate
  • i18n: Update translation templates
  • lxc: Only target if --target is passed
  • lxc/export: Don't crash on failure to delete backup
  • lxd: Don't mask database errors
  • lxd/api: Sort list of endpoints
  • lxd/backups: Rework to behave as intended
  • lxd/cluster: Consider pending containers when placing a new container
  • lxd/cluster: Make database queries timeout after 10s
  • lxd/containers: Also use apply_quota for CEPH
  • lxd/containers: Avoid root device name conflict
  • lxd/containers: Don't return nil on Storage calls
  • lxd/containers: Fix bad function name
  • lxd/containers: Simplify and fix pool update logic
  • lxd/db: Add a few missing rows.Close() calls
  • lxd/db: Add NodeIsOutdated() db API to check is a node is outdated
  • lxd/db: Add type column to operations table
  • lxd/db: Fix internal DB test
  • lxd/db: Use NoSuchObject consistently
  • lxd/devices: Iterate /sys/class/drm for GPUs
  • lxd/forkdns: Properly rewrite answer
  • lxd/images: Add missing cleanup code
  • lxd/import: Add root disk if needed
  • lxd/import: Don't delete container on import failure
  • lxd/operations: Fill the type column when creating a new operation
  • lxd/operations: Return true if operation is done before timeout
  • lxd/patches: Profiles are in the cluster db
  • lxd/profiles: Don't list snapshots in UsedBy
  • lxd/proxy: Fix unix socket paths in snap
  • lxd/proxy: Only log errors
  • lxd/storage/btrfs: Fix clearing quotas
  • lxd/storage/ceph: Only freeze container if running
  • Makefile: Honor the CC environment variable when invoking go install
  • scripts: Update auto-complete
  • shared/api: Don't re-define fields
  • shared/idmap: Test for fscaps support
  • shared: Return decompressor in DetectCompression
  • tests: Always pass --force to stop
  • tests: Avoid err == nil pattern
  • tests: Fix mode of proxy.sh
  • tests: Fix pki with newer easyrsa

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 3.0.2 has been released

21st of August 2018

Introduction

The LXD team is pleased to announce the release of LXD 3.0.2!

As a stable bugfix release, no major changes have been done, instead focusing on bugfixes and minor usability improvements.

Highlights

Fixed container snapshot and backup naming

In the past, the name property of all snapshots and backups included the container name followed by a slash and then by the snapshot or backup name.

This was redundant given that you could only get this information by querying a particular container.

The API now only returns the snapshot or backup name but LXD still understands the old syntax to allow for migrations and restoring of existing backups.

Switched to a newer implementation of dqlite

dqlite, the distributed sqlite3 implementation that we started using for LXD in LXD 3.0 has been significantly reworked to remove a number of performance bottlenecks.

Most of the database logic is now done inside a C library (libdqlite) with a matching Go package (go-dqlite) providing the SQL interface for LXD.

The on-disk format remains unchanged, so there's no risky upgrade step for this but packagers need to be aware of the new library and package it with LXD.

File capabilities support

All calls to tar and rsync now pass the required options to save and restore extended attributes, including file capabilities.

On top of that, we've implemented logic in our idmap package to shift and unshift files that include file capabilities, using the recently introduced unprivileged file capabilities.

On suitable kernels (upstream 4.14+) this will now allow LXD images to include file capabilities for utilities such as ping or mtr and have users of privileged or unprivileged containers alike be able to set and use those capabilities.

Progress information in lxc file and lxc import

Transferring files or uploading a backup to LXD will now get you progress information. When available, you'll get the percentage transferred and current speed, when the size is unknown, you'll still get how much was transferred and the transfer speed.

Bugfixes

  • container: containerCreateAsCopy() update pool
  • forkmount: ignore ENOENT and EINVAL on umount2()
  • nsexec: simplify attach_userns()
  • Fall back to alternate way of detecting minor version of Nvidia driver if needed
  • lxd/maas: Make error more readable
  • lxd-p2c: Send rsync output to stderr
  • lxd/migration: Don't pass -vP to a hidden rsync
  • lxc: Properly handle --target in copy and move
  • memory: fix format string
  • lxc/move: Support config and profile overrides
  • i18n: Update translation templates
  • exec: fix format string
  • images: fix format string
  • migrate: remove debug residuals
  • lvm: fix format string
  • db: fix format string
  • nsexec: prevent fd leak
  • Fix the storage_pool_id filter from the WHERE clause of StoragePoolsConfig
  • Fix lints
  • Extract cmdInit.ApplyConfig into a separete initApplyConfig function
  • Split initApplyConfig into initDataNodeApply and initDataClusterApply
  • Fix broken alternate TLS server cert in integration tests
  • lxd/containers: Don't update MAAS for snapshots
  • lxd/maas: Allow starting with MAAS offline
  • Enable tcp KeepAlive
  • lxd/cluster: Improve error on bad target
  • reader: Handle EINTR
  • allow uidmaps to be parsed from alternate roots
  • lxd/storage/zfs: Improve defaults
  • test: Fix static analysis
  • Allow identity mappings for unprivileged containers
  • container: adapt allowedUnprivilegedOnlyMap()
  • shared: Dereference directory symlinks
  • lxd,shared: Move parseNumberFromFile to shared
  • lxc/network: Add --format option to list
  • lxd/db: Don't hang after bad request
  • lxd/apparmor: Allow ro bind-mounts and remounts
  • idmap: support skipping directories
  • lxd: Properly set containerArgs in all cases
  • lxd/storage: Fix PATCH on storage pools
  • container: use lxcSetConfigItem() for lxc.log.file
  • lxc/cluster: Remove bad alias
  • lxd/storage: Fix volume creation API
  • tests: Add alternative TCP port finder
  • doc: Document hostname requirements
  • networks: Support stateful DHCPv6 with prefixes longer than /64
  • lxd/networks: Skip DHCP mangle if firewall off
  • network: do not print writer struct on error
  • lxd/patches: Force a one-time config re-gen
  • storage pools: move structs
  • storage volumes: move structs
  • images: move structs
  • client: Export OperationWait
  • lxd/cluster: Only restart local containers
  • images: consistenly name command structs
  • cluster: move structs
  • api 1.0: move struct
  • api internal: move structs
  • certificates: move structs
  • events: move structs
  • operations: move structs
  • profiles: move structs
  • resources: move structs
  • container logs: move structs
  • container post: move structs
  • lxd/storage/btrfs: Fix recursive snapshots
  • lxd/cluster: Fix attaching CEPH custom volumes
  • lxd/storage: Fix double quoting
  • Reduce the frequency of raft snapshots
  • lxd/storage/ceph: Don't keep snapshots mounted
  • util linux: add abstract unix socket helpers
  • proxy: Rework to match master
  • lxd: Cleanup logging
  • lxd: Improve error messages
  • proxy: Properly handle relay errors
  • lxd/certificates: Log password failures
  • proxy: handle full socket buffer
  • gpu: special case passing all GPUs
  • gpu: don't fail during parse
  • gpu: handle cards among Nvidia devices
  • gpu: fix Nvidia minor index parsing
  • lxd/containers: Fix removing NVIDIA containers
  • doc: Add links to REST API
  • doc: Fix storage volume examples
  • lxd/operations: Forward to right cluster node
  • lxc/{copy,move}: Allow overriding device config
  • i18n: Update translations
  • tests: Perform a lazy umount in case of errors
  • lxd/networks: Improve dnsmasq leases cleanup
  • migration: fix cross version migrations
  • doc: Note that default profile cannot be deleted/renamed
  • lxc/profile: Fix "get" command
  • lxd: Prevent renaming/deletion of the default profile
  • test: Test default profile renaming/deletion
  • Fix "neighbour: ndisc_cache: neighbor table overflow"
  • lxd: Fix StoragePoolVolumesGetNames
  • lxd/apparmor: Fix typo in nesting profile
  • lxd/patches: Make config re-gen fault tollerant
  • fix links in api-extension
  • lxd/db: Fix handling of NetworkConfigClear
  • lxd/networks: Fix PATCH operations
  • lxd/networks: Improve error on missing openvswitch
  • tests: Add test for network put/patch
  • lxd/networks: Fix revert on update failure
  • Allow deleting storage pools that only contain image volumes
  • lxd/storage: Remove image on pool deletion
  • lxd/storage: Keep images when deleting pool
  • lxd/init: Allow selecting custom Fan underlay
  • lxd/init: Fix typo in Fan question
  • lxd/networks: Calculate Fan MTU based on parent
  • shared/util: Fix unit parsing (metric vs iec)
  • lxd/storage/lvm: Round size to closest 512 bytes
  • lxd/storage: Drop late size check
  • lxd/storage/lvm: Fix umount logic during btrfs copy
  • lxd/storage/ceph: Mount the fs after growing the block
  • tests: Switch to MiB for btrfs resize
  • tests: Fix race in network test
  • lxc: Switch to Ubuntu 18.04 as initial container
  • lxc: Be clever about when showing "lxd init"
  • client: Split LXD download code into own function
  • client: Attempt to fetch through devlxd
  • Make lvm.thinpool_name and lvm.vg_name node-specific
  • This should have been a patch, for easier backporting
  • i18n: Update translation templates
  • zfs: Support querying version through modinfo
  • lxd/networks: Fix port number for DHCPv6
  • Don't include container name in backups/snapshots
  • client: Fix CopyContainerSnapshot API
  • lxc/copy: Update to fixed CopyContainerSnapshot
  • lxd/import: Fix support for snapshots without container name
  • doc: Fix API output for snapshots
  • lxc: Make answer to remote add translatable
  • doc: Fix typo
  • lxc/storage: Fix bad argument parsing
  • tests: Fix new storage get/set test
  • *: Unify error messages
  • i18n: Update translation templates
  • Use mattn's sqlite3 bindings in the lxd/db sub package
  • Drop go-1.6 code
  • Replace grpc-sql with dqlite custom protocol
  • Wire dqlite server
  • Adapt main package to new cluster sub-package API
  • Drop raft snapshot workaround
  • Fetch containers info in parallel
  • Fix some missing error checks
  • Add support for "lxd sql global .sync", to sync the cluster db to disk
  • Capitalize error messages
  • Enforce the limit of open connections to local db after initialization is over
  • Re-enable empty table checks
  • Fix lints
  • lxd/cluster/gateway: Tweak errors
  • lxd/cluster/gateway: Log proxy errors
  • lxd: Improve shutdown logic for cluster nodes
  • Redirect dqlite logging to lxd logging
  • Fix unit test regression
  • Makefile: Respect CGO_CFLAGS
  • Makefile: Fix typo in .PHONY
  • Makefile: Rename protobuf to update-protobuf
  • Makefile: Drop gccgo
  • Makefile: Drop outdated comment
  • Makefile: Fix tags handling
  • Makefile: Require libsqlite3
  • Makefile: Include dqlite in dist tarball
  • Makefile: Add deps target
  • lxd: Fix --syslog flag
  • lxd/containers: Don't flush leases for snapshots
  • shared/idmap: Shift fscaps
  • lxd/cluster: Fix typo in errors
  • tar: Support xattrs
  • rsync: Support xattrs
  • test: Add test for cluster shutdown logic
  • tar: Use --xattrs-include=* during extract
  • idmap: C coding style fixups
  • idmap: s/set_caps/set_vfs_ns_caps/g
  • idmap: convert uid from big to little endian
  • client: Centrally handle targeting
  • shared/idmap: Fix xattr.h import
  • lxc/utils: Handle empty progress
  • lxc/file: Show progress
  • lxd/containers: Use internal struct values
  • networks: Ignore veth devices
  • networks: Don't try listing containers for lo
  • lxd/cluster: Only query the containers we need
  • Add ContainerArgsList and ContainerArgsNodeList
  • lxd/db: Fix snapshot filtering
  • lxd/containers: Add helpers for retrieving containers
  • lxd: Port over to new containerLoadNodeAll function
  • lxd: Port over to new containerLoadAll function
  • lxd: Only get the profiles once
  • lxd/containers: Speed up recursive list
  • shared/api: Define ContainerFull
  • lxd/storage: Don't log every storage init
  • lxc/list: Port to ContainerFull
  • lxd/storage: Cache storage version
  • Fix "no transaction is active" error during database updates
  • lxc/remote: Fix crash on bad remote name
  • lxd/storage/zfs: Optimize getting disk usage
  • lxd/networks: Drop unused db property
  • lxd: Add endpoints to state struct
  • lxc/container: CEPH also needs offline quotas
  • lxd/storage/ceph: Fix default container quotas
  • Makefile: Set PKG_CONFIG_PATH
  • i18n: Update translation templates
  • client: Implement support for recursion=2
  • doc: Update requirements
  • lxd/images: Cleanup any leftovers on startup
  • Send a notification to other nodes when an image is removed
  • Silence shellcheck
  • doc: Update README a bit
  • doc: Add some more packages to README
  • doc: Add tcl to README
  • Makefile: Tweak sqlite build flags
  • doc: Pass LD_LIBRARY_PATH through sudo
  • Support moving a container within a cluster, keeping the same name
  • lxc/image: Fix URL-based imports
  • Update rest-api.md
  • shallow clone for deps
  • Shallow clone for dist
  • *: Rename macaroon(s) -> candid
  • lxd/patches: Add patch for macaroon/candid config
  • auth: Support URL based auth
  • Update i18n
  • doc: Add example of exec with record-output
  • lxd/devices: Iterate /sys/class/drm for GPUs
  • lxd/api: Sort list of endpoints

Support and upgrade

LXD 3.0.2 is supported until June 2023 and is our current LTS release, users are encouraged to update to the latest bugfix releases as they're made available.

Downloads

LXD 3.4 has been released

14th of August 2018

Introduction

The LXD team is very excited to announce the release of LXD 3.4!

The main highlight for this release is the major performance improvement that made it in. We upgraded to a newer version of our database backend, introduced new internal APIs for batch queries, made it possible to query all container states in one API call and fixed a number of bottlenecks that were quite negatively affecting cluster performance.

Initial tests show that a cluster running several thousand containers will now usually return basic container status (lxc list --fast) in just a couple of seconds with most other operations also significantly faster than in the past. Things aren't quite as fast as we'd like them to be yet, especially when querying the full container state of hundreds/thousands of containers (lxc list) but we're working on a few options to improve that too.

As for new features, we added progress reporting to a few missing commands in our command line client, added support for aliasing to external commands and added support for cross-host DNS when using a Fan bridge on a LXD cluster.

Enjoy!

Important notes

Fixed container snapshot and backup naming

In the past, the name property of all snapshots and backups included the container name followed by a slash and then by the snapshot or backup name.

This was redundant given that you could only get this information by querying a particular container.

The API now only returns the snapshot or backup name but LXD still understands the old syntax to allow for migrations and restoring of existing backups.

Switched to a newer implementation of dqlite

dqlite, the distributed sqlite3 implementation that we started using for LXD in LXD 3.0 has been significantly reworked to remove a number of performance bottlenecks.

Most of the database logic is now done inside a C library (libdqlite) with a matching Go package (go-dqlite) providing the SQL interface for LXD.

The on-disk format remains unchanged, so there's no risky upgrade step for this but packagers need to be aware of the new library and package it with LXD.

Renamed lxc remote set-default to lxc remote switch

We renamed lxc remote set-default to the much friendlier and shorter lxc remote switch, this is in preparation for work on LXD projects which will have a similar switch subcommand.

lxc remote set-default remains valid as an alias of lxc remote switch.

Renamed the macaroon authentication options to candid

Now that a standard implementation of macaroon based authentication is publicly available in the Candid project we have updated LXD to support it and renamed our configuration options to match.

This primarily affects the old core.macaroon.endpoint which has now been renamed to candid.api.url. Upgrading to LXD 3.4 will automatically convert one into the other.

New features

Fan-aware DNS resolving for clusters

One problem several users ran into when running a LXD cluster using the Ubuntu Fan as an overlay network was that even though all traffic was properly routed between the various nodes, attempting to resolve the name of a container would only work if it happened to be running on the same cluster node.

LXD 3.4 changes that by now attempting to resolve DNS queries for the network's defined domain (lxd by default) against all of the nodes until one returns a value, making it feel like it's all handled by a single unified DNS server.

Faster API for container status

A new /1.0/containers?recursion=2 API has been added which allows for retrieving all containers, their configuration, their state, their snapshot list and their backup list in a single call.

This effectively lets you move from making 1 main API call followed by 3 additional calls per container to just doing a single call.

Progress information in lxc file and lxc import

Transferring files or uploading a backup to LXD will now get you progress information. When available, you'll get the percentage transferred and current speed, when the size is unknown, you'll still get how much was transferred and the transfer speed.

Aliases to external commands

It's now possible to setup aliases in the command line client which point to external commands. All you have to do is have the alias begin with the absolute path to the command to execute.

lxc alias add my-script "/usr/local/bin/myscript @ARGS@ --extra-args"

File capabilities support

All calls to tar and rsync now pass the required options to save and restore extended attributes, including file capabilities.

On top of that, we've implemented logic in our idmap package to shift and unshift files that include file capabilities, using the recently introduced unprivileged file capabilities.

On suitable kernels (upstream 4.14+) this will now allow LXD images to include file capabilities for utilities such as ping or mtr and have users of privileged or unprivileged containers alike be able to set and use those capabilities.

Bugs fixed

  • client: Centrally handle targeting
  • client: Fix CopyContainerSnapshot API
  • doc: Fix API output for snapshots
  • doc: Fix typo in storage documentation
  • doc: Update README to cover make deps and new requirements
  • doc: Update requirements
  • global: Support xattrs in rsync calls
  • global: Support xattrs in tar calls
  • global: Unify error messages
  • i18n: Update translations from weblate
  • i18n: Update translation templates
  • lxc: Allow aliases to external commands
  • lxc: Make answer to remote add translatable
  • lxc/container: CEPH also needs offline quotas
  • lxc/copy: Update to fixed CopyContainerSnapshot
  • lxc/file: Show progress
  • lxc/image: Fix URL-based imports
  • lxc/import: Show progress
  • lxc/list: Port to ContainerFull
  • lxc/list: Support for recursion=2
  • lxc/remote: Fix crash on bad remote name
  • lxc/remote: Rename set-default to switch
  • lxc/storage: Fix bad argument parsing
  • lxc/utils: Handle empty progress
  • lxc-to-lxd: Fix lxc.rootfs parsing
  • lxc-to-lxd: Fix rootfs tests
  • lxd: Add dns forwarder
  • lxd: Don't include container name in backups/snapshots
  • lxd: Fix --syslog flag
  • lxd: Port over to new containerLoadAll function
  • lxd: Port over to new containerLoadNodeAll function
  • lxd/backups: No need for interfaces
  • lxd/cluster: Allow for MemberConfig to be empty in new join API
  • lxd/cluster: Fix typo in errors
  • lxd/cluster: Fix unit test regression
  • lxd/cluster: Only query the containers we need
  • lxd/cluster: Properly skip pending networks/pools
  • lxd/cluster/gateway: Log proxy errors
  • lxd/cluster/gateway: Tweak errors
  • lxd/containers: Add helpers for retrieving containers
  • lxd/containers: Don't flush leases for snapshots
  • lxd/containers: Fetch containers info in parallel
  • lxd/containers: Implement support for recursion=2
  • lxd/containers: Improve shutdown logic for cluster nodes
  • lxd/containers: Only get the profiles once
  • lxd/containers: Speed up recursive list
  • lxd/containers: Use internal struct values
  • lxd/db: Adapt main package to new cluster sub-package API
  • lxd/db: Add ContainerArgsList and ContainerArgsNodeList
  • lxd/db: Add support for "lxd sql global .sync"
  • lxd/db: Capitalize error messages
  • lxd/db: Drop go-1.6 backward compatibility
  • lxd/db: Drop raft snapshot workaround
  • lxd/db: Fix lints
  • lxd/db: Fix snapshot filtering
  • lxd/db: Fix some missing error checks
  • lxd/db: Limit open connections to local db after initialization
  • lxd/db: Redirect dqlite logging to lxd logging
  • lxd/db: Re-enable empty table checks
  • lxd/db: Replace grpc-sql with dqlite custom protocol
  • lxd/db: Use mattn's sqlite3 bindings instead of our fork
  • lxd/db: Wire dqlite server
  • lxd/forkproxy: use correct types for {g,u}ids
  • lxd/images: Cleanup any leftovers on startup
  • lxd/images: Send a notification to other nodes when an image is removed
  • lxd/import: Fix support for snapshots without container name
  • lxd/init: Make use of the new cluster join API
  • lxd/networks: Add support for FAN clustered DNS
  • lxd/networks: Don't try listing containers for lo
  • lxd/networks: Drop unused db property
  • lxd/networks: Fix packet stats logic for containers
  • lxd/networks: Ignore veth devices
  • lxd/networks/state: Skip non-existing interfaces
  • lxd/patches: Fix "no transaction is active" error during database updates
  • lxd/state: Add endpoints to state struct
  • lxd/storage: Cache storage version
  • lxd/storage: Don't log every storage init
  • lxd/storage/ceph: Fix default container quotas
  • lxd/storage/zfs: Optimize getting disk usage
  • Makefile: Add deps target
  • Makefile: Drop gccgo
  • Makefile: Drop outdated comment
  • Makefile: Fix tags handling
  • Makefile: Fix typo in .PHONY
  • Makefile: Include dqlite in dist tarball
  • Makefile: Rename protobuf to update-protobuf
  • Makefile: Require libsqlite3
  • Makefile: Respect CGO_CFLAGS
  • Makefile: Set PKG_CONFIG_PATH
  • Makefile: Tweak sqlite build flags
  • Makefile: Use shallow clone for dist
  • Makefile: Use shallow clone for deps
  • shared/api: Define ContainerFull
  • shared/idmap: C coding style fixups
  • shared/idmap: Convert uid from big to little endian
  • shared/idmap: Fix xattr.h import
  • shared/idmap: Shift fscaps
  • shared/idmap: s/set_caps/set_vfs_ns_caps/g
  • tests: Add test for cluster shutdown logic
  • tests: Fix lxc-to-lxd unit tests
  • tests: Fix new storage get/set test

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 3.3 has been released

27th of July 2018

Introduction

The LXD team is very excited to announce the release of LXD 3.3!

This is a rather feature packed release, containing significant improvements to the proxy device, a complete rewrite of lxc-to-lxd, container deletion protection, improved debugging/profiling abilities, some improvements to network management and a number of new CLI options.

As well as the usual set of bugfixes.

New features

Rewrote and improved lxc-to-lxd

Our LXC to LXD migration tool has been rewritten in Go to match the rest of our codebase. It now uses the LXD migration API to transfer the containers (similar to lxd-p2c) and has support for both LXC 2.x and 3.x.

Network state API

A new API at /1.0/networks/<NAME>/state was added to return information about an existing network interface, example output is:

{
    "addresses": [
        {
            "address": "10.166.11.1",
            "family": "inet",
            "netmask": "24",
            "scope": "global"
        },
        {
            "address": "2001:470:b368:4242::1",
            "family": "inet6",
            "netmask": "64",
            "scope": "global"
        },
        {
            "address": "fe80::4865:17ff:fed5:e347",
            "family": "inet6",
            "netmask": "64",
            "scope": "link"
        }
    ],
    "counters": {
        "bytes_received": 45866443,
        "bytes_sent": 3087152218,
        "packets_received": 600757,
        "packets_sent": 772253
    },
    "hwaddr": "fe:65:0e:c3:df:3d",
    "mtu": 1500,
    "state": "up",
    "type": "broadcast"
}

A new sub-command was added to the command line client to query this:

stgraber@castiana:~$ lxc network info lxdbr0
Name: lxdbr0
MAC address: fe:65:0e:c3:df:3d
MTU: 1500
State: up

Ips:
  inet  10.166.11.1
  inet6 2001:470:b368:4242::1
  inet6 fe80::4865:17ff:fed5:e347

Network usage:
  Bytes received: 45.87MB
  Bytes sent: 3.09GB
  Packets received: 600756
  Packets sent: 772248

Deletion protection for containers

A new security.protection.delete configuration key can now be set to true on containers that you want to protect from accidental deletion.

It can be used like this:

stgraber@castiana:~$ lxc config set c1 security.protection.delete true
stgraber@castiana:~$ lxc delete c1
Error: Container is protected
stgraber@castiana:~$ lxc config unset c1 security.protection.delete
stgraber@castiana:~$ lxc delete c1

New configuration options for the proxy device type

The proxy device got some significant improvements in this release.

It's now possible to control ownership and permissions on listening unix sockets with the following new properties:

  • uid
  • gid
  • mode

As well as control privilege dropping of the proxy process itself with:

  • security.uid
  • security.gid

The proxy can also now set a Haproxy compatible PROXY header (V1) for TCP connections by setting the proxy_protocol key to true.

And lastly, it's possible to skip the proxy process entirely in some cases and use NAT instead by setting the nat property to true. Note that for it to work, the connection must be either UDP or TCP on both ends and a static IP address must be set for the container through the ipv4.address or ipv6.address properties on its nic device.

Downloading images through the host

LXD 3.2 introduced a new devlxd API that allowed downloading of public or cached images from the LXD daemon from within the container so long as security.devlxd was enabled (default) and security.devlxd.images was set to true.

LXD 3.3 now itself supports using that new API and will attempt to fetch image artifacts from the host before hitting the network. This can result in significant bandwidth savings for users of nested LXD.

Built-in debugging and profiling server

LXD now has a built-in pprof server which can be enabled by setting the core.debug_address property using the same syntax as core.https_address.

You can then access http://<address>/debug/pprof to get some basic information out of the LXD daemon. The same URL can be used with the pprof tool to extract much more detailed information.

--format option to lxc network list

This new option matches that on a number of other sub-commands and let you choose between table, csv, json and yaml output.

Overriding device configuration during copy and move

It is now possible to override specific device configuration keys during remote copy or move operations by passing -d <device>,<key>=<value> to lxc copy or lxc move.

--dump option to lxd init

LXD supports configuration pre-seeding through lxd init --preseed, up until now, the only way to get a preseed was at the end of an interactive lxd init run or by manually writing one.

The new lxd init --dump will now generate a preseed file based on the running LXD configuration. This can make configuring a new, near-identical LXD server much easier.

bridge.hwaddr property for LXD networks

Setting the new bridge.hwaddr property on a network will let you control the MAC address of the LXD bridge. This can be useful for systems that are monitored/graphed and where the ever changing MAC address was causing some issues.

ipv4.nat.order and ipv6.nat.order properties for LXD networks

Those two new options control the order in which the NAT rules are added to the firewall. They default to before, meaning that the generated rules will apply before any pre-existing user rules. Setting to after instead may be useful when manually added firewall rules should be run prior to LXD's own rules.

Bugs fixed

  • client: Export OperationWait
  • client: Split LXD download code into own function
  • doc: Document hostname requirements
  • doc: Fix links in api-extension
  • doc: Fix missing escaping in api-extensions
  • doc: Fix "neighbour: ndisc_cache: neighbor table overflow"
  • doc: Fix storage volume examples
  • doc: Note that default profile cannot be deleted/renamed
  • i18n: Update translations from weblate
  • i18n: Update translation templates
  • lxc: Be clever about when to show "lxd init"
  • lxc: Switch to Ubuntu 18.04 as initial container
  • lxc/cluster: Remove bad alias
  • lxc/profile: Fix "get" command
  • lxd: Fix StoragePoolVolumesGetNames
  • lxd: Make iptables logic usable for containers
  • lxd: Move command structs around
  • lxd: Prevent renaming/deletion of the default profile
  • lxd: Properly set containerArgs in all cases
  • lxd/apparmor: Allow ro bind-mounts and remounts
  • lxd/apparmor: Fix typo in nesting profile
  • lxd/certificates: Log password failures
  • lxd/cluster: Fix attaching CEPH custom volumes
  • lxd/cluster: Only restart local containers
  • lxd/cluster: Reduce the frequency of raft snapshots
  • lxd/containers: adapt allowedUnprivilegedOnlyMap()
  • lxd/containers: Allow identity mappings for unprivileged containers
  • lxd/containers: Don't fail while parsing NVIDIA GPU list
  • lxd/containers: Fix Nvidia minor index parsing
  • lxd/containers: Fix removing NVIDIA containers
  • lxd/containers: Handle cards among Nvidia devices
  • lxd/containers: Special case passing all GPUs
  • lxd/containers: use lxcSetConfigItem() for lxc.log.file
  • lxd/containers: Validate proxy config early
  • lxd/db: Don't hang after bad request
  • lxd/db: Fix handling of NetworkConfigClear
  • lxd/init: Allow selecting custom Fan underlay
  • lxd/init: Fix typo in Fan question
  • lxd/migration: Fix cross version migrations
  • lxd/networks: Calculate Fan MTU based on parent
  • lxd/networks: Fix PATCH operations
  • lxd/networks: Fix port number for DHCPv6
  • lxd/networks: Fix revert on update failure
  • lxd/networks: Improve dnsmasq leases cleanup
  • lxd/networks: Improve error on missing openvswitch
  • lxd/networks: Skip DHCP mangle if firewall off
  • lxd/networks: Support stateful DHCPv6 with prefixes longer than /64
  • lxd/operations: Forward to right cluster node
  • lxd/patches: Force a one-time config re-gen
  • lxd/patches: Make config re-gen fault tollerant
  • lxd/patches: Make lvm.thinpool_name and lvm.vg_name node-specific
  • lxd/proxy: Convert mode from string to octal
  • lxd/proxy: Handle full socket buffer
  • lxd/storage: Allow deleting storage pools that only contain image volumes
  • lxd/storage/btrfs: Fix recursive snapshots
  • lxd/storage/ceph: Don't keep snapshots mounted
  • lxd/storage/ceph: Mount the fs after growing the block
  • lxd/storage: Drop late size check
  • lxd/storage: Fix double quoting
  • lxd/storage: Fix PATCH on storage pools
  • lxd/storage: Fix volume creation API
  • lxd/storage: Keep images when deleting pool
  • lxd/storage/lvm: Fix umount logic during btrfs copy
  • lxd/storage/lvm: Round size to closest 512 bytes
  • lxd/storage: Remove image on pool deletion
  • lxd/storage/zfs: Support querying version through modinfo
  • shared: Dereference directory symlinks
  • shared: Do not print writer struct on network error
  • shared: Move parseNumberFromFile to shared
  • shared/idmap: support skipping directories
  • shared/util: Fix unit parsing (metric vs iec)
  • tests: Add alternative TCP port finder
  • tests: Add test for network put/patch
  • tests: Fix race in network test
  • tests: Fix static analysis
  • tests: Perform a lazy umount in case of errors
  • tests: Switch to MiB for btrfs resize
  • tests: Test default profile renaming/deletion

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 3.2 has been released

23rd of June 2018

Introduction

This month's LXD release comes with a lot of bugfixes and performance improvements, especially for those using LXD clustering.

Feature wise, this release has a lot of improvements for those using the proxy device type first introduced in LXD 3.0, foundation work for image download improvements in nested environments and closes a big gap in our storage story by allowing containers to be copied and moved between pools.

The changes in this release include

Features:

  • Added a new API to /dev/lxd allowing for direct download of public and cached images from the host (requires security.devlxd.images)
  • Added support for copying and moving containers between storage pools
  • Big improvements to the proxy device:
    • Unix socket support (including OOB packets)
    • UDP support
    • Port ranges for UDP and TCP
  • New simplified cluster join API

Bugfixes:

  • client: Enable TCP KeepAlive
  • doc: Add links to REST API
  • doc: Fix typo in api-extensions.md
  • i18n: Update translations from weblate
  • i18n: Update translation templates
  • lxc: Properly handle --target in copy and move
  • lxc/{import,export}: Deal with snap paths
  • lxc/move: Support config and profile overrides
  • lxd: Cleanup logging
  • lxd: Drop manual GC calls
  • lxd: Fix some format strings
  • lxd: Improve error messages
  • lxd/cluster: Broadcast profile changes to other cluster nodes
  • lxd/cluster: Fix bad database query when updating storage pools
  • lxd/cluster: Improve error on bad target
  • lxd/cluster: Improve errors and docs for member-specific config keys
  • lxd/cluster: Redirect container/snapshost publish to the relevant member
  • lxd/cluster: Serialize reads to the cluster database
  • lxd/containers: Assume device node for older NVIDIA GPUs
  • lxd/containers: Don't update MAAS for snapshots
  • lxd/containers: Fix fd leak in metadata
  • lxd/containers: Manually release the liblxc structs
  • lxd/forkmount: Ignore ENOENT and EINVAL on umount2()
  • lxd/maas: Allow starting with MAAS offline
  • lxd/maas: Make errors more readable
  • lxd/migrate: Remove debug residuals
  • lxd/migration: Don't pass -vP to a hidden rsync
  • lxd/nsexec: Prevent fd leak
  • lxd/nsexec: Simplify attach_userns()
  • lxd/storage/lvm: Fix mixup between pool name and VG name
  • lxd/storage/lvm: Rename default thinpool to LXDThinPool
  • lxd/storage/zfs: Improve defaults
  • lxc-to-lxd: Respect LXD_SOCKET environment variable
  • lxd-p2c: Add rsync version check
  • lxd-p2c: Allow overriding rsync args
  • lxd-p2c: Better report rsync errors
  • lxd-p2c: Delete containers on failure
  • lxd-p2c: Handle target URL smarter
  • lxd-p2c: Ignore missing arg errors
  • lxd-p2c: Send rsync output to stderr
  • shared: Add abstract unix socket helpers
  • shared/eagain: Handle EINTR
  • shared/idmap: Allow uidmaps to be parsed from alternate roots
  • tests: Fix broken alternate TLS server cert in integration tests
  • tests: Reduce ceph pg_num down to 1

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 3.0.1 has been released

5th of June 2018

Introduction

The LXD team is pleased to announce the release of LXD 3.0.1!

As a stable bugfix release, no major changes have been done, instead focusing on bugfixes and minor usability improvements.

Minor improvements

  • Added version subcommands to lxc and lxd
  • Reworked lxd init for clustering a bit to offer better network configuration options
  • Added a new lxc cluster enable command
  • Reworked the lxd sql subcommand to support both local and global databases
  • lxd init --auto now also configures a default bridge

Bugfixes

  • lxc: Fix mistakenly hidden commands
  • i18n: Update translation templates
  • lxd/migration: Pre-validate profiles
  • client: Improve remote operation errors
  • Fix some typos and wording.
  • Wording fix.
  • lxc/image: Fix crash due to bad arg parsing
  • lxd: add missing limits.h include
  • lxd/init: Fix --auto with network config
  • lxc: Consistent naming of clustering terms
  • i18n: Update translation templates
  • lxc/file: Fix pushing files to remote
  • lxd/init: Don't setup a remote storage pool by default
  • Fix lxd init failing to join a cluster in interactive mode with an existing zfs dataset
  • lxc/query: Fix -d and -X
  • lxc/help: Make help respect --all too
  • Fix typo in help of "lxc network"
  • Properly filter node-level storage configs by pool ID
  • i18n: Update translation templates
  • lxd/init: Consistency
  • Make new gofmt happy
  • lxc/file: Allow using -r to follow symlinks
  • Replace juju/idmclient with CanonicalLtd/candidclient
  • lxc/config: Fix adding trust cert on snap
  • lxc/alias: Fix example in help message
  • i18n: Update translation templates
  • client: Introduce LXD_SOCKET
  • Makefile: Add a manifest
  • containers: fix snapshot deletion
  • lxc/init: Add missing --no-profiles
  • i18n: Update translations
  • lxc/file: Fix pull target logic
  • doc: Fix example in userns-idmap
  • devices: fail if Nvidia device minor is missing
  • Add db.ContainersNodeList
  • storage: createContainerMountpoint() fix perms
  • ceph: s/0755/0711/g
  • lvm: s/0755/0711/g
  • storage utils: s/0755/0711/g
  • zfs: s/0755/0711/g
  • patches: add "storage_api_path_permissions"
  • sys/fs: s/MkdirAll/Mkdir/g
  • btrfs: fix permissions
  • Pass a logger to raft-http
  • Add new cluster.Promote function to turn a non-database node into a database one
  • Add new cluster.Rebalance function to check if we need to add database nodes
  • Notify the cluster leader after a node removal, so it can rebalance
  • Add integration test
  • doc: Tweak backup.md
  • lxd/init: Require root for interactive cluster join
  • Disable flaky unit tests for now
  • Log the error that made Daemon.Init() fail
  • client: Expose http URL in ConnectionInfo
  • lxc/query: Add support for non-JSON endpoints
  • Handle empty query strings
  • Support reading queries from standard in
  • Support passing multiple queries
  • Rename database files
  • Support querying both local and global database
  • Update integration tests
  • Normalize name of images_aliases table
  • Add query.Dump helper to dump schema and data
  • Add support for dump command in lxd sql
  • lxd/containers: Fix lxc.net check
  • doc/backup.md: update snap path
  • Add lxc cluster enable command
  • Fix command description formatting
  • Update .pot files
  • Use an isolated LXD instance in integration tests
  • Start a container in the integration test
  • Address style comments
  • add LXD_UNPRIVILEGED_ONLY to disallow privileged containers.
  • lxd: tweak LXD_UNPRIVILEGED_ONLY
  • doc: add LXD_UNPRIVILEGED_ONLY
  • tests: add tests for LXD_UNPRIVILEGED_ONLY
  • Reword errors when LXD_UNPRIVILEGED_ONLY is set
  • lxd/containers: Allow sending progress
  • lxc/rename: Deal with remote renames
  • lxd/db: Don't crash on empty queries
  • lxd/sql: Drop custom table renderer
  • lxd/network: Fix fan subnet calculation logic
  • Update translations from weblate
  • lxc/main: Fix remote caching
  • lxc/storage_volumes: Various fixes
  • tests: Add extra cleanup code
  • lxd/storage: Also set zfs.pool_name on upgrade
  • migration: fix btrfs live migration
  • lxd/containers: Fix broken unix hotplug logic
  • lxc/list: Reduce number of API calls
  • Make the interaction betwean lxd daemon and waitready non-blocking
  • Increase logging during startup
  • Remove log alias for waitready
  • Remove log alias for db.OpenCluster
  • Make Unavailable accept an error parameter
  • Add a new Schema.File() method to load extra queries from a file
  • Add support for patch.local.sql and patch.global.sql
  • Add integration tests
  • Add shared.DirCopy to recursively copy a directory.
  • Update database.md
  • Backup global database if non-clustered
  • lxd/init: Offer to setup a Fan bridge when clustered
  • lxd init: fix maas.api.url check when setting up existing bridge
  • Take raft snapshots more frequently and at shutdown
  • Add --schema flag to lxd sql to dump only the schema.
  • Update database.md with information about lxd sql and patch.*.sql
  • Document how to dump the content or schema of databases
  • Fix shell lints
  • Disable snapshot logging, as it's too verbose now
  • Make .dump and .schema special queries, for consistency with sqlite3
  • Run make i18n
  • xattr: Support empty values
  • doc: s/status command/info command/
  • lxd/init: Explain password less behavior
  • Make waitready less verbose
  • devices: clone mode of device
  • lxd/init: Have --auto setup networkng if missing
  • container_lxc: fix optional property for disk devs
  • test: Fix busybox image
  • lxc/action: Fix pause
  • lxd/callhook: Respect LXD_SOCKET environment variable
  • forkfile: only open O_RDWR if necessary
  • Consider a copy to be local only when not clustered
  • Add integration tests
  • api: Add backup structs
  • client: Implement backup functionality
  • shared: Implement RunCommandWithFds
  • btrfs: add doContainerCreate()
  • btrfs: add doContainerSnapshotCreate()
  • ceph: ensure fs consistency when snapshotting
  • ceph: ensure fs consistency when restoring
  • ceph: add doContainerCreate()
  • ceph: add doContainerMount()
  • lvm: add doContainerMount()
  • zfs: add doContainerMount()
  • zfs: add do*() helpers
  • lvm: use internal pool name
  • lxd-p2c: Handle target URL smarter
  • lxd-p2c: Ignore missing arg errors
  • lxd-p2c: Delete containers on failure
  • lxd-p2c: Better report rsync errors
  • lxd-p2c: Allow overriding rsync args
  • Serialize reads to the cluster database
  • doc: Fix typo in api-extensions
  • Redirect container/snapshost publish API requests to the relevant node
  • gpu: fallback to default device mode
  • Improve error messages and docs about node-specific config keys for pools and networks
  • Avoid wrapping long lines
  • lxd-p2c: Add rsync version check
  • lvm: s/LXDPool/LXDThinPool/g
  • Extract expandConfigFromProfiles from expandConfig to avoid db interaction
  • Broadcast profile changes to other cluster nodes
  • lvm: use LXD pool name
  • tests: Reduce ceph pg_num down to 1
  • lxc-to-lxd: Respect LXD_SOCKET environment variable
  • Manually release the liblxc structs
  • Drop manual GC calls
  • lxd/containers: Fix fd leak in metadata

Support and upgrade

LXD 3.0.1 is supported until June 2023 and is our current LTS release, users are encouraged to update to the latest bugfix releases as they're made available.

Downloads

LXD 3.1 has been released

15th of May 2018

Introduction

LXD 3.1 is the first feature release following our last LTS release (3.0). As a feature release, it will only be supported until LXD 3.2 is released next month.

We recommend critical production environments stick to the LTS branch instead. If you're using the snap, you can enforce that with snap refresh lxd --channel=3.0.

Note that LXD does not support downgrades, so a system that's upgraded to LXD 3.1 will not be able to go back to LXD 3.0.0.

Note for Ubuntu users

LXD 3.1 will only be made available as a snap package. We will not be uploading it as a deb to Ubuntu 18.10 or through backports to previous releases. Moving forward all feature releases of LXD will only be available through the snap.

Note that this does NOT affect users of LXD 3.0.x as present in Ubuntu 18.04 where further bugfix/security releases will be uploaded as debs until Ubuntu 18.04 reaches end of life.

The changes in this release include

Features: - Introduced a new backup API and ability to export/import containers using it. In the CLI those are new lxc export and lxc import commands: asciicast - Made it possible to override the LXD socket path with LXD_SOCKET - Made it possible to disable the use of privileges containers through a new LXD_UNPRIVILEGED_ONLY environment variable. - Improved the lxd sql command to support interacting with both databases, support making database and schema dumps, run multiple queries an read from a script. - Added a new lxc cluster enable command to easily convert an existing LXD server into an initial cluster node - Extended lxd init to offer setting up a Fan overlay for clustering users - Extended lxd init --auto to also auto-configure an initial network

Bugfixes: - client: Expose http URL in ConnectionInfo - client: Improve remote operation errors - doc: Document how to dump the content or schema of databases - doc: Fix example in userns-idmap (Issue #4437) - doc: Fix some typos and wording - doc: s/status command/info command/ (Issue #4527) - doc: Tweak backup.md - doc: Update database.md with information about lxd sql and patch..sql - doc: Update snap path in backup.md - global: Make new gofmt happy - global: Replace juju/idmclient with CanonicalLtd/candidclient - i18n: Update translations from weblate - lxc: Add version subcommand (Issue #4381, Issue #4382) - lxc: Consistent naming of clustering terms - lxc: Fix mistakenly hidden commands (Issue #4380) - lxc/action: Fix pause - lxc/alias: Fix example in help message (Issue #4424) - lxc/config: Fix adding trust cert on snap (Issue #4418) - lxc/copy: Consider a copy to be local only when not clustered - lxc/file: Allow using -r to follow symlinks (Issue #4411) - lxc/file: Fix pull target logic - lxc/file: Fix pushing files to remote (Issue #4394) - lxc/help: Make help respect --all too (Issue #4406) - lxc/image: Fix crash due to bad arg parsing - lxc/init: Add missing --no-profiles - lxc/list: Reduce number of API calls - lxc/main: Fix remote caching - lxc/network: Fix typo in help message - lxc/query: Add support for non-JSON endpoints (Issue #4452) - lxc/query: Fix -d and -X (Issue #4406) - lxc/remote: Add format option to list - lxc/rename: Deal with remote renames (Issue #4486) - lxc/storage_volumes: Various fixes - lxd: Add missing limits.h include - lxd: Add version subcommand - lxd: Increase logging during startup - lxd: Log the error that made Daemon.Init() fail - lxd: Make the interaction betwean lxd daemon and waitready non-blocking - lxd: Make Unavailable accept an error parameter - lxd/cluster: Add new cluster.Promote function - lxd/cluster: Add new cluster.Rebalance function - lxd/cluster: Notify the leader after a node removal, so it can rebalance - lxd/cluster: Pass a logger to raft-http - lxd/cluster: Properly filter node-level storage configs by pool ID - lxd/containers: Allow configuration of mount-propagation - lxd/containers: Allow sending progress (Issue #4447) - lxd/containers: Fix broken unix hotplug logic (Issue #4495) - lxd/containers: Fix lxc.net check (Issue #4466) - lxd/containers: Fix optional property for disk devs (Issue #4538) - lxd/containers: Fix snapshot deletion (Issue #4431) - lxd/database: Add a new Schema.File() method to load extra queries from disk - lxd/database: Add db.ContainersNodeList - lxd/database: Add query.Dump helper to dump schema and data - lxd/database: Add support for patch.local.sql and patch.global.sql - lxd/database: Backup global database on upgrade if non-clustered - lxd/database: Rename database files - lxd/database: Take raft snapshots more frequently and at shutdown - lxd/db: Don't crash on empty queries - lxd/devices: Clone mode of source device (Issue #4534) - lxd/devices: Fail if Nvidia device minor is missing (Issue #4441) - lxd/forkfile: Only open O_RDWR if necessary (Issue #4552) - lxd/init: Don't setup a remote storage pool by default - lxd/init: Explain passwordless behavior (Issue #4524) - lxd/init: Fix --auto with network config - lxd/init: Fix interactive cluster join with an existing ZFS (Issue #4404) - lxd/init: Fix maas.api.url check when setting up existing bridge - lxd/init: Make questions more consistent - lxd/init: Require root for interactive cluster join (Issue #4451) - lxd/migration: Fix btrfs live migration (Issue #4475) - lxd/migration: Pre-validate profiles (Issue #4379) - lxd/network: Fix fan subnet calculation logic - lxd/patches: Add "storage_api_path_permissions" patch - lxd/sql: Drop custom table renderer - lxd/sql: Handle empty query strings - lxd/storage: Also set zfs.pool_name on upgrade (Issue #4489) - lxd/storage/btrfs: Add doContainerCreate() - lxd/storage/btrfs: Add doContainerSnapshotCreate() - lxd/storage/ceph: Add doContainerCreate() - lxd/storage/ceph: Add doContainerMount() - lxd/storage/ceph: Ensure fs consistency when restoring - lxd/storage/ceph: Ensure fs consistency when snapshotting - lxd/storage: createContainerMountpoint() fix perms - lxd/storage: Handle ContainerDelete() correctly - lxd/storage: Handle ContainerRename() correctly - lxd/storage/lvm: Add doContainerMount() - lxd/storage/zfs: Add doContainerMount() - lxd/storage/zfs: Add do() helpers - lxd/sys/fs: s/MkdirAll/Mkdir/g (Issue #4433) - Makefile: Add a manifest (Issue #4421) - shared: Support empty values in xattr - tests: Add extra cleanup code - tests: Fix busybox image

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 3.0.0 has been released

2nd of April 2018

Introduction

The LXD team is pleased to announce the release of LXD 3.0.0! This is the second LTS release for the LXD project and will be supported until June 2023.

New features (since 2.21)

LXD 3.0 is going to be our main LTS release for the next two years, receiving frequent bugfix updates backported from the current feature release.

We spent over 3 months since the LXD 2.21 release to land all the features we wanted to see in LXD 3.0 and clean up a lot of existing code to make it maintainable for the duration of the LTS, below are the main highlights.

Clustering

The biggest new feature for LXD 3.0 is the introduction of clustering support. This allows for identically configured LXD servers to be joined together as part of a cluster, appearing to the outside world as one big LXD server.

The LXD database is replicated using dqlite (a combination of sqlite3 and raft), making it so that 3 of the cluster members have a copy of the entire database at any given time.

No special system configuration or services are required to setup LXD clustering, all you need is a few available machines or VMs with similar network and storage properties, then lxd init will walk you through the process of creating the cluster and then joining some servers into it.

Here's a short recording of setting up a LXD cluster on 3 nodes using MAAS to allocate machines and networks: https://www.youtube.com/watch?v=RnBu7t2wD4U

The main contributor for this feature, Free Ekanayaka also gave a longer presentation on LXD clustering at FOSDEM 2018 which you can check out here: https://www.youtube.com/watch?v=DVqMeo3lvv0

You can also check the documentation here: https://lxd.readthedocs.io/en/stable-3.0/clustering/

Physical to container migration with lxd-p2c

A new tool called lxd-p2c makes it possible to import a system's filesystem into a LXD container using the LXD API.

After building a copy of the tool, the resulting binary can be transferred to any system that you want to turn into a container. Point it to a remote LXD server and the entire system's filesystem will be transferred over the LXD migration API and a new container be created.

The main contributor for this feature, Stéphane Graber, also gave a presentation about it at FOSDEM 2018, the video is available here: https://www.youtube.com/watch?v=JKztAWZOj9g

Support for NVIDIA runtime passthrough

A common issue for those using NVIDIA GPUs inside containers is the requirement to keep the userspace libraries in sync with the kernel driver.

This is made particularly difficult if the container's owner isn't also the host's owner as the two are then likely to become out of sync at any time and without warning.

A newly introduced nvidia.runtime container configuration key, combined with a copy of the nvidia-container-cli tool and liblxc 3.0 now makes it possible to automatically detect all the right bits on the host system and pass them into the container at boot time.

This lets you save a lot of space and greatly simplifies maintenance.

asciicast

Hotplug support for unix-char and unix-block devices

A new required property has been added to all unix type devices. When set to false, LXD will wait until the requested path is available on the host before automatically passing it into the container.

This allows for something like this:

lxc config device add c1 ttyUSB0 unix-char path=/dev/ttyUSB0 required=false

The c1 container will now get access to that USB serial device as soon as it's plugged into the system and it will automatically be removed from the container when unplugged.

Local copy/move of storage volumes

It's now possible to copy and move custom storage volumes between storage pools.

stgraber@castiana:~$ lxc storage volume copy ssd/example default/example
Storage volume copied successfully!

stgraber@castiana:~$ lxc storage volume move ssd/example default/example
Storage volume moved successfully!

Remote transfer of custom storage volumes

A new storage migration API was introduced allowing for the exact same operations as shown above to work between LXD servers as well, using the same syntax as would be used for container migration.

proxy device type to forward network connections

The new proxy device type allows for forwarding TCP connections between host and containers.

For example, to forward any connection to port 80 on the host to container c1 on it's localhost IP on port 80:

lxc config device add c1 http proxy listen=tcp:0.0.0.0:80 connect=tcp:127.0.0.1:80

Events through /dev/lxd

The REST API endpoint exposed inside the container can now be used to receive events whenever a configuration key or device is added, removed or modified.

root@c1:~# curl -i -N -H "Connection: Upgrade" -H "Upgrade: websocket" --header "Sec-WebSocket-Version: 13" --header "Sec-WebSocket-Key: SGVsbG8sIHdvcmxkIQ==" --unix-socket /dev/lxd/sock lxd/1.0/events
HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: qGEgH3En71di5rrssAZTmtRTyFk=

{"metadata":{"key":"user.foo","old_value":"","value":"bar"},"timestamp":"2018-04-02T23:58:54.433992023-04:00","type":"config"}
{"metadata":{"action":"added","config":{"path":"/home","source":"/home","type":"disk"},"name":"home"},"timestamp":"2018-04-02T23:59:25.65007597-04:00","type":"device"}

Switched command line parser

Our previous command line parser, gnuflag, didn't match our command line structure particularly well, causing confusing help and error messages. We have now transitioned to using the cobra command line parser, joining a number of other major Go projects.

Process count column in lxc list

An optional "processes" column was added to lxc list showing the number of processes running inside the container.

stgraber@castiana:~$ lxc list -c nsN c1
+------+---------+-----------+
| NAME |  STATE  | PROCESSES |
+------+---------+-----------+
| c1   | RUNNING | 33        |
+------+---------+-----------+

lxc storage info sub-command

A new info subcommand was added as a way to get easy human readable information about a storage pool:

stgraber@castiana:~$ lxc storage info ssd
info:
  description: ""
  driver: dir
  name: ssd
  space used: 9.29GB
  total space: 173.12GB
used by: {}

Option for alternate IPv4 gateway

A new ipv4.dhcp.gateway option is now available for LXD managed bridges. This lets you set a gateway other than LXD itself and can be useful when mixing LXD bridges with physical networks.

When doing recursive file transfers including some symlinks, those will be properly created as symlinks on the target, rather than the content of the file they point to be pushed or pulled.

Pretty rendering of log entries in lxc monitor

The LXD log messages have always been available over the event interface, accessible through the lxc monitor tool. However those raw events were sometimes pretty hard to read.

The command line client now knows how to filter and re-format those log events to look exactly as if you were looking at the server's log output.

stgraber@castiana:~$ lxc monitor --pretty --loglevel=info --type=logging
INFO[04-02|22:57:39] Stopping container                       action=stop created="2018-02-27 18:02:02 -0500 EST" ephemeral=false name=snapcraft stateful=false used="2018-03-29 15:33:05 -0400 EDT"
INFO[04-02|22:57:40] Stopped container                        action=stop created="2018-02-27 18:02:02 -0500 EST" ephemeral=false name=snapcraft stateful=false used="2018-03-29 15:33:05 -0400 EDT"
INFO[04-02|22:57:40] Starting container                       action=start created="2018-02-27 18:02:02 -0500 EST" ephemeral=false name=snapcraft stateful=false used="2018-03-29 15:33:05 -0400 EDT"
INFO[04-02|22:57:41] Started container                        action=start created="2018-02-27 18:02:02 -0500 EST" ephemeral=false name=snapcraft stateful=false used="2018-03-29 15:33:05 -0400 EDT"

lxc network list-leases sub-command

DHCP leases on LXD managed bridges can now be queried directly through the API and the command line tool.

stgraber@castiana:~$ lxc network list-leases lxdbr0
+-----------+-------------------+---------------+---------+
| HOSTNAME  |    MAC ADDRESS    |  IP ADDRESS   |  TYPE   |
+-----------+-------------------+---------------+---------+
| bar       | 00:16:3e:e0:36:3a | 10.166.11.185 | DYNAMIC |
+-----------+-------------------+---------------+---------+
| snapcraft | 00:16:3e:be:f1:87 | 10.166.11.120 | DYNAMIC |
+-----------+-------------------+---------------+---------+

lxc alias command

It's now possible to list, create and delete command line aliases directly from the command line tool, rather than having to manually edit the configuration file.

stgraber@castiana:~$ lxc alias list
+--------+-------------------------------------------+
| ALIAS  |                  TARGET                   |
+--------+-------------------------------------------+
| delete | delete -f                                 |
+--------+-------------------------------------------+
| ls     | list -c ns46S                             |
+--------+-------------------------------------------+
| ubuntu | exec @ARGS@ -- sudo --login --user ubuntu |
+--------+-------------------------------------------+

lxc config device override sub-command

To override a particular option of a device that's inherited from a profile, such as the default network interface, you need to create a device that's local to the container and uses the same name as the one from the profile. This device will then take priority over the one coming from the profile and let you set any configuration you want.

To simplify this process, this can all be done now by using lxc config device override, passing it the container, device and configuration keys that should be changed.

stgraber@castiana:~$ lxc launch ubuntu:16.04 c1
Creating c1
Starting c1
stgraber@castiana:~$ lxc config device override c1 eth0 ipv4.address=10.166.11.42
Device eth0 overridden for c1
stgraber@castiana:~$ lxc restart c1
stgraber@castiana:~$ lxc list c1
+------+---------+---------------------+----------------------------------------------+------------+-----------+
| NAME |  STATE  |        IPV4         |                     IPV6                     |    TYPE    | SNAPSHOTS |
+------+---------+---------------------+----------------------------------------------+------------+-----------+
| c1   | RUNNING | 10.166.11.42 (eth0) | 2001:470:b368:4242:216:3eff:fed1:aff3 (eth0) | PERSISTENT | 0         |
+------+---------+---------------------+----------------------------------------------+------------+-----------+

Operations now have a description

A new description field is now present in the API for all background operations and is exposed in the command line tool.

stgraber@castiana:~$ lxc operation list
+--------------------------------------+-----------+---------------------+---------+------------+----------------------+
|                  ID                  |   TYPE    |     DESCRIPTION     | STATUS  | CANCELABLE |       CREATED        |
+--------------------------------------+-----------+---------------------+---------+------------+----------------------+
| 343b1700-c0bd-44fa-8b1f-e6a8fdb91b42 | WEBSOCKET | Migrating container | RUNNING | NO         | 2018/04/03 02:51 UTC |
+--------------------------------------+-----------+---------------------+---------+------------+----------------------+
| 65494c6e-7643-4ed5-8abf-497e57cfdd5c | WEBSOCKET | Executing command   | RUNNING | NO         | 2018/04/03 02:51 UTC |
+--------------------------------------+-----------+---------------------+---------+------------+----------------------+

lifecycle type events

A new event class called lifecycle has been introduced, to provide much easier tracking of what LXD is doing from scripts or other API clients, without having to interpret LXD's log messages.

stgraber@castiana:~$ lxc monitor --type=lifecycle
metadata:
  action: container-updated
  source: /1.0/containers/bar
timestamp: "2018-04-02T22:53:06.742745596-04:00"
type: lifecycle


metadata:
  action: container-started
  source: /1.0/containers/bar
timestamp: "2018-04-02T22:53:07.234066242-04:00"
type: lifecycle


metadata:
  action: container-shutdown
  source: /1.0/containers/bar
timestamp: "2018-04-02T22:53:19.885795751-04:00"
type: lifecycle


metadata:
  action: container-deleted
  source: /1.0/containers/bar
timestamp: "2018-04-02T22:53:23.813480386-04:00"
type: lifecycle

Requirements

LXD 3.0 now requires Go 1.9 or higher. While it may be possible to build it with an older version at this point, there is no guarantee that we won't start making use of newer Go functions in later bugfix releases.

Support and upgrade

LXD 3.0.0 will be supported until June 2023 and our current LTS release, LXD 2.0 will now switch to a slower maintenance pace, only getting critical bugfixes and security updates.

Users of the LXD feature branch (currently at 2.21) should update to 3.0 to keep being supported and get all the bugfixes and new features that LXD 3.0 provides.

Users of the LXD LTS branch (2.0.11) can choose to stay on LXD 2.0 and keep getting critical security fixes or upgrade to LXD 3.0. Those using LXD LTS in critical production environments will likely want to start upgrading a few test systems to LXD 3.0 to check for any potential issue and then upgrade the rest of their machines after LXD 3.0.1 is released.

Availability as a snap package from upstream

The recommended way to install and keep LXD up to date is by using the upstream provided snap package. This ensures that all systems are running the exact same copy of LXD and simplifies the bug reporting and debugging process.

For the LXD snap, 3 tracks are provided:

  • latest (latest LXD feature release, currently 3.0)
  • 2.0 (previous LTS release)
  • 3.0 (current LTS release)

For each of those tracks, 3 channels are maintained:

  • edge (automatic, untested builds from the upstream repository)
  • candidate (the future stable build, available for testing about 48h prior to promotion)
  • stable (the current stable, supported build)

Users who wish to install LXD 3.0 and then get upgraded to 3.1 in a month or so, should use:

snap install lxd

Users who wish to install LXD 3.0 and then only get bugfixes and security updates, should use:

snap install lxd --channel=3.0

If running staging systems, you may want to run those on the candidate channels, using --channel=candidate and --channel=3.0/candidate respectively.

Switching between tracks and channels is possible by using snap refresh but note that LXD doesn't support downgrading and will fail to start if you attempt it.

Downloads

Contributors

The LXD 3.0.0 release was brought to you by a total of 18 contributors.

LXD 2.21 has been released

20th of December 2017

The changes in this release include

Features:

  • The lxc start/stop/restart/pause commands now accept a new --all flag.
  • Introduced a new infiniband device type which supports physical passthrough of Infiniband devices as well as SR-IOV allocated cards.
  • Added a new security.devlxd configuration key to control the presence of /dev/lxd inside the container.
  • Added support for incremental memory copy with container live-migration. This is controlled by a set of new migration.incremental.memory configuration keys.
  • A new boot.stop.priority configuration key can be used to control container shutdown order when LXD is brought down.
  • LXD users that use MAAS to manage their networks can now have LXD directly drive MAAS, recording all containers in MAAS and setting up static allocations in MAAS managed subnets. This is controlled with the maas.api.url and maas.api.key daemon keys as well as the maas.subnet.ipv4 and maas.subnet.ipv6 network interface configuration keys.

Bugfixes:

  • client: URL escape all user input (Issue #4077)
  • doc: Add example to create an storage pool from existing LVM thinpool.
  • doc: Fix markdown escaping for prlimits
  • doc: Update LVM documentation to cover scalability issues
  • extra: Fix some profile autocompletions
  • i18n: Update translations from weblate
  • lxc: Detect first-run based on conf file not dir (Issue #4112)
  • lxc/exec: Update help to cover shell behavior
  • lxc/shell: Switch to using su -l (Issue #4036)
  • lxd-benchmark: Change the default count of containers from 100 to 1
  • lxd/certificates: Add missing name value (Issue #4080)
  • lxd/console: Adapt to new liblxc changes
  • lxd/containers: Actually return an error
  • lxd/containers: Add new disk-{char,block} path format
  • lxd/containers: Add new unix-{char,block} path format
  • lxd/containers: Escape paths fstab style (Issue #4064)
  • lxd/containers: Fix insertNetworkDevice()
  • lxd/containers: Fix race condition in shutdown (Issue #4102)
  • lxd/containers: Fix typo in prlimit error
  • lxd/containers: Log auto-start errors (Issue #4054)
  • lxd/containers: Only init the config if needed
  • lxd/containers: Skip non-existing Nvidia GPU devices (Issue #4044)
  • lxd/containers: Skip sockets in tarballs
  • lxd/daemon: Fix unsetting https address
  • lxd/daemon: Properly cache the storage information (Issue #4025)
  • lxd/dameon: Add LXD_EXEC_PATH to override execPath
  • lxd/devlxd: Cleanup in preparation for events
  • lxd/devlxd: Properly lock the internal struct
  • lxd/migration: Add handler for CRIU feature checking
  • lxd/migration: Default to pre-copy migration if CRIU supports it
  • lxd/migration: Move pre-dump check to its own function
  • lxd/migration: Remove obsolete TODO comment
  • lxd/networks: Extend allowed character set for interfaces (Issue #4042)
  • lxd/patches: Skip containers that don't have a devices dir
  • lxd/patches: Update to new device name scheme
  • lxd/storage: Use HostPath for dir/btrfs
  • lxd/storage/zfs: Fix argument order of zfs get commands
  • lxd/storage/zfs: Fix storage pool import (Issue #4056)
  • lxd/storage/zfs: Make sure to allow devices, setuid and exec (Issue #4084)
  • Makefile: Better detect sqlite3.h (Issue #4078)
  • shared/idmap: Fix handling of hardlinks
  • shared/util: Add EscapePathFstab() (Issue #4064)
  • shared/utils: Deal with symlinks (Issue #4097)
  • tests: Adapt to changes in console API behavior
  • tests: Deal with missing ttyS0/ttyS1 (on s390x)
  • tests: Skip console tests on lower liblxc versions
  • travis: Limit to just Go 1.9

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.20 has been released

15th of November 2017

The changes in this release include

Features:

  • New lxc console subcommand and console API to attach to the container's boot console or retrieve the boot log
  • New lxc operation subcommand to list and cancel background operations.
  • Added support for SR-IOV network devices (nictype=sriov) including dynamic allocation of new virtual functions
  • Support for delegated external authentication through macarroons (using the go-bakery v2 protocol)

Bugfixes:

  • client: Add GetOperationUUIDs and GetOperations
  • client: Name all the return values in interfaces
  • doc: Fix markdown escaping
  • doc: Sort container config keys
  • doc: Sort network config keys
  • doc: Sort server.md config keys
  • doc: Sort storage config keys
  • extra: Update bash completion for all the new keys
  • global: Fix a number of unchecked variables
  • global: Fix some typos
  • global: Revert "Temporary workaround for log15 API breakage"
  • global: Switch to the built-in log15
  • lxc/file: Log downloads/uploads (Issue #4018)
  • lxc/network: Fix error message
  • lxd-benchmark: use NewConfig to get a default configuration
  • lxd/containers: Detect version at runtime (Issue #3934)
  • lxd/containers: Don't allow removing lxc.conf or lxc.log
  • lxd/containers: Rename container.StateObject() to container.DaemonObject()
  • lxd/daemon: Add a endpoints.Endpoints class for managing HTTP endpoints
  • lxd/daemon: Add cpu profiling and goroutines printing to the debug sub-package
  • lxd/daemon: Add error messages to lxdTestSuite setup and teardown
  • lxd/daemon: Add initial Go-level daemon integration-like test
  • lxd/daemon: Add lxd/config sub-package implementing structured config maps
  • lxd/daemon: Add lxd/task sub-package for running functions periodically
  • lxd/daemon: Add new debug sub-package with support for memory profiling
  • lxd/daemon: Add node.Config high-level API for modifying node-level config
  • lxd/daemon: Cleanup test state at every test, to improve isolation.
  • lxd/daemon: Control all goroutines spawned in Daemon.Ready() using task.Task
  • lxd/daemon: Don't skip Daemon.Ready() in tests, it can be run unconditionally
  • lxd/daemon: Don't use global path variables in sys.OS
  • lxd/daemon: Drop logging setup in Daemon.Init()
  • lxd/daemon: Drop support for "setup mode"
  • lxd/daemon: Drop the containerLXC.OS() convenience
  • lxd/daemon: Drop unnecessary checks on MockMode
  • lxd/daemon: Extract initialization of the REST and /dev/lxd http Server
  • lxd/daemon: Gracefully cancel tasks on daemon shutdown
  • lxd/daemon: Improve error on invalid config key (Issue #3925)
  • lxd/daemon: Move directory initialization to sys.OS.
  • lxd/daemon: Move execPath global variable to sys.OS.ExecPath
  • lxd/daemon: Move global aaAdmin global variable to sys.OS
  • lxd/daemon: Move global aaAvailable global variable to sys.OS
  • lxd/daemon: Move global aaConfined global variable to sys.OS
  • lxd/daemon: Move global aaStacking global variable to sys.OS
  • lxd/daemon: Move global cgBlkioController global variable to sys.OS
  • lxd/daemon: Move global cgCpuController global variable to sys.OS
  • lxd/daemon: Move global runningInUserns global variable to sys.OS
  • lxd/daemon: Move optional Daemon config values to DaemonConfig
  • lxd/daemon: Move remaining global cgXXX global variables to sys.OS
  • lxd/daemon: Move util.AppArmorCanStack to a private appArmorCanStack in lxd/sys
  • lxd/daemon: Streamline Daemon init and shutdownn
  • lxd/daemon: Track the lifecycle of the goroutine performing log expiration
  • lxd/daemon: Tweak schedule function for pruning images
  • lxd/daemon: Use instance-level cache dir variable instead of the environment one
  • lxd/daemon: Use instance-level log dir variable instead of the environment one
  • lxd/daemon: Use instance-level var dir variable instead of the environment one
  • lxd/daemon: Wire debug utilities into main_daemon.go
  • lxd/daemon: Wire endpoints.Endpoints into Daemon
  • lxd/db: Add a db.NodeTx structure to abstract away low-level transactions
  • lxd/db: Add a Schema.Fresh() method to set a "bootstrap" SQL statement
  • lxd/db: Add db APIs for fetching and changing node-local config values
  • lxd/db: Add db.NewTestNode helper for database-related unit tests
  • lxd/db: Add low-level query helpers for changing config tables
  • lxd/db: Add query.Count utility
  • lxd/db: Add Schema.ExerciseUpdate() for testing a individual update
  • lxd/db: Add support for gracefully aborting schema.Ensure
  • lxd/db: Complete moving schema creation logic to schema.Schema
  • lxd/db: Convert a few call sites of sql.DB.Begin to db.DB.Begin
  • lxd/db: Convert remaining call sites of the low-level db.Begin function
  • lxd/db: Drop all references to Daemon.nodeDB
  • lxd/db: Fix spurious tx.Exec argument in lxd/db/schema/query.go
  • lxd/db: Move certificate db APIs to the db.Node facade
  • lxd/db: Move container db APIs to the db.Node facade
  • lxd/db: Move devices db APIs to the db.Node facade
  • lxd/db: Move image db APIs to the db.Node facade
  • lxd/db: Move network db APIs to the db.Node facade
  • lxd/db: Move node-level schema updates to their own db/local/ sub-package.
  • lxd/db: Move patches db APIs to the db.Node facade
  • lxd/db: Move profile db APIs to the db.Node facade
  • lxd/db: Move storage db APIs to the db.Node facade
  • lxd/db: Remove direct use of the low-level db.Exec() func outside of lxd/db/
  • lxd/db: Rename Daemon.db to Daemon.nodeDB
  • lxd/db: Rename db.Exec to db.exec, making it unexported
  • lxd/db: Rename db.QueryScan to db.queryScan, making it unexported
  • lxd/db: Rename db_test.go to db_internal_test.go, since it's white box
  • lxd/db: Rename State.DB to State.NodeDB
  • lxd/db: Return the initial schema version in Schema.Ensure()
  • lxd/import: Use the right VG name on delete
  • lxd/main: Fix output of --print-goroutines-every
  • lxd/networks: Don't require a 1400 MTU with tunnels (Issue #3999)
  • lxd/seccomp: Fix security.syscalls.blacklist handling
  • lxd/storage: Drop the storageShared.OS() convenience
  • lxd/storage: Generate new UUID on thinpools for btrfs
  • lxd/storage/zfs: Try to import missing zpools (Issue #3976)
  • lxd/storage/zfs: Update for newer ZFS releases (Issue #3986)
  • shared: Add a shared.KeyPairAndCA function to get coventionally named certs
  • shared: Fix file transfers to/from stdin/stdout in snap
  • shared: Make current gofmt happy
  • shared/api: Add API extension label to AuthMethods
  • shared/log15: Vendor a copy of log15 in shared/log15
  • shared/logger: Add helper to redirect the global logger to the testing logger
  • shared/logging: Add freebsd build conditional to log_posix.go
  • shared/version: Extract the APIExtensions list from api10Get
  • shared/version: Split version declarations in shared/version into several files
  • tests: Add test for unique btrfs UUID generation
  • tests: Add test for unused variables
  • tests: Check for typos
  • tests: Don't use godeps for import check
  • tests: Skip prlimits on liblxc < 2.1
  • tests: Update for new dependencies

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.11 release announcement

19th of October 2017 This is the eleventh bugfix release for LXD 2.0.

The changes since LXD 2.0.10 are

Minor improvements:

  • LXD 2.0.11 is now snap aware and can be installed from the "2.0" track.
  • The documentation is now available on ReadTheDocs: https://lxd.readthedocs.io/en/stable-2.0/
  • It's now possible to interrupt image downloads.
  • Added a new security.idmap.base config key (overrides the base uid/gid of the container).
  • Added support for delta image downloads.
  • Implemented instance types as a proxy for resource limits.
  • The user-agent string was expanded to include OS and kernel information.
  • The client library and related code is now kept in sync with master.
  • The command line client has been ported to the new client library.

Bugfixes:

  • client: Add CancelTarget to RemoteOperation
  • client: Add CreateContainerFromImage function
  • client: Added insecureSkipVerify flag the ConnectionArgs struct
  • client: Add extra exec option to block on I/O
  • client: Add GetServerResources()
  • client: Add GetStoragePoolResources()
  • client: Add image_create_aliases backward compat
  • client: Add RenameStoragePoolVolume()
  • client: Allow canceling image download from LXDs
  • client: Allow specifying base http client
  • client: Cleanup code duplication in image download code
  • client: Commonize error handling
  • client: Don't live migrate stopped containers
  • client: Drop experimental tag from new client
  • client: Fail if source isn't listening on network
  • client: Fix crash in operation handler
  • client: Fix crash when missing cookiejar
  • client: Fix handling of public LXD remote
  • client: Fix image copy
  • client: Fix non-interactive exec hangs
  • client: Fix potential race in event handler setup
  • client: Fix race condition in operation handling
  • client: Implement container and snapshot copy
  • client: Implement push and relay container copy
  • client: Implement remote operations
  • client: Improve error on image copy
  • client: Improve migration relay code
  • client: Keep track of protocol
  • client: Make it possible to retrieve HTTP client
  • client: Make the authentication Interactor configurable
  • client: Move CopyImage to the target server
  • client: Only set file headers if value is provided
  • client: Properly handle remote disconnections
  • client: Reduce request logging to Debug
  • client: Simplify ConnectPublicLXD logic
  • client: Support for macaroons-based authentication
  • client: Sync with master branch
  • client: Use RemoteOperation for CopyImage
  • config: Add support for CookieJar
  • config: Try to be clever about ":" in snapshots
  • doc: Add a note about blkio limits
  • doc: Add section on macvlan vs bridge
  • doc: Add SUPPORT.md
  • doc: Document instance types
  • doc: Document that squashfs images can also be used
  • doc: Document the exec control API
  • doc: Extend/rework security-related documentation.
  • doc: Fix lxd.log location in issue template
  • doc: Fix spaces, commas, quotes, brackets where needed
  • doc: Initial documentation of container env
  • doc: Refresh the issue template
  • doc: Seriously rework the content of the README
  • doc: Sort container config keys
  • doc: Sort server.md config keys
  • doc: Update containers.md
  • extra/lxc-to-lxd: Fix bad test
  • extra/lxc-to-lxd: Ignore capabilities dropped by default
  • extra/lxc-to-lxd: Ignore sysfs/proc mounts
  • extra/lxc-to-lxd: Properly handle lxc.seccomp
  • i18n: Update Japanese translation (for stable-2.0)
  • lxc: Add plumbing for operation cancelation
  • lxc: Cross-platform HOME handling
  • lxc: Fix help to provide sample that actually works
  • lxc: Fix import crash when adding properties
  • lxc: Fix race in progress reporter
  • lxc: Properly record alias source on copy
  • lxc: Re-introduce remote protocol migration
  • lxc: Respect HOME if set
  • lxc/config: Removal of multiple devices at once
  • lxc/copy: Report progress data
  • lxc/delete: Fix lxc delete --force description
  • lxc/exec: Fix signal handler for Windows
  • lxc/exec: Fix Windows port
  • lxc/file: Fix file push/pull with names containing spaces.
  • lxc/file: Read file perms from Windows FS
  • lxc/file: Use shared.HostPath for push/pull
  • lxc/image: Always use long fingerprint in exported filenames
  • lxc/image: Expose the "cached" flag
  • lxc/image: Fix aliases with simplestreams remotes
  • lxc/image: Fix "lxc image copy" not recording the source
  • lxc/image: Fix regression in exported filename
  • lxc/image: Improve filter handling
  • lxc/image: Make "lxc image copy" fast again
  • lxc/image: Update image aliases when they already exist
  • lxc/image: Use shared.HostPath for import/export
  • lxc/init: Fix failure to launch containers with random names
  • lxc/list: Error if --columns and --fast are used together
  • lxc/move: Use force on delete
  • lxc/publish: Fix fingerprint printing
  • lxc/remote: Don't require a cert for public remotes
  • lxc/utils: Avoid potential progress race condition
  • lxc/utils: Println doesn't do format strings
  • lxd-benchmark: Add CreateContainers function
  • lxd-benchmark: Add csv reporting
  • lxd-benchmark: Add freezeContainer function
  • lxd-benchmark: Add processBatch function, use it in SpawnContainers and DeleteContainers
  • lxd-benchmark: Add "spawn" as equivalent but deprecated to "launch"
  • lxd-benchmark: Add start and stop commands
  • lxd-benchmark: Add StartContainers function
  • lxd-benchmark: Add StopContainers function
  • lxd-benchmark: Change name of spawn command to launch
  • lxd-benchmark: Extract deleteContainer and copyImage functions
  • lxd-benchmark: Extract ensureImage function
  • lxd-benchmark: Extract getBatchSize function
  • lxd-benchmark: Extract GetContainers function
  • lxd-benchmark: Extract logic to separate package
  • lxd-benchmark: Extract PrintServerInfo function
  • lxd-benchmark: Extract printTestConfig function
  • lxd-benchmark: Fix ensureImage when a local alias is passed
  • lxd-benchmark: Fix local image handling
  • lxd-benchmark: Return operations duration
  • lxd-benchmark: Split private functions to separate files
  • lxd-benchmark: Use NewConfig to get a default configuration
  • lxd: Add initial lxd/sys sub-package and OperatingSystem structure
  • lxd: Fix typo now -> know
  • lxd: Make .dir-locals.el play nice with flycheck
  • lxd: Replace some uses of InternalError with SmartError
  • lxd: Use sql.DB or sys.OS instead of Daemon where possible
  • lxd/apparmor: Drop useless apparmor denies
  • lxd/apparmor: Support new stacking syntax
  • lxd/containers: Allow passing disk devices with the LXD snap
  • lxd/containers: Better handle errors in memory reporting
  • lxd/containers: Check for container mountpoint too
  • lxd/containers: Check whether disk device exists
  • lxd/containers: Cleanup volatile keys on update
  • lxd/containers: Detect POLLNVAL when poll()ing during exec
  • lxd/containers: Fix readonly mode for directory mount
  • lxd/containers: Make "dev" work as a network interface name
  • lxd/containers: Remove from db on storage failure
  • lxd/containers: Show underlying error when container delete fails
  • lxd/containers: Update to support LXC 2.1 configuration keys
  • lxd/containers: Use lxc.network.N.
  • lxd/daemon: Don't update images while pruning
  • lxd/daemon: d.os.Init must be run after all paths are created
  • lxd/daemon: Extract Daemon.ExpireLogs into a standalone function
  • lxd/daemon: Extract Daemon.GetListeners into a standalone function
  • lxd/daemon: Extract Daemon.httpClient into a standalone HTTPClient function
  • lxd/daemon: Extract Daemon.ListenAddresses into a standalone function
  • lxd/daemon: Extract Daemon.PasswordCheck into a standalone function
  • lxd/daemon: Extract Daemon.SetupStorageDriver into a standalone function
  • lxd/daemon: Finish replacing Daemon with State also in higher-level entity APIs
  • lxd/daemon: Fix handling of config triggers
  • lxd/daemon: Improve error on invalid config key
  • lxd/daemon: Log a warning for unknown config keys and don't crash
  • lxd/daemon: Move Daemon.BackingFs to the OS struct
  • lxd/daemon: Move Daemon.IdmapSet to OS.IdmapSet
  • lxd/daemon: Move Daemon.isRecursionRequest to the lxd/util sub-package
  • lxd/daemon: Move Daemon.lxcpath to OS.LxcPath
  • lxd/daemon: Move Daemon.MockMode to OS.MockMode
  • lxd/daemon: Move Deamon.CheckTrustState and Deamon.isTrustedClient to lxd/util
  • lxd/daemon: Move filesystemDetect function into lxd/util subpackage.
  • lxd/daemon: Move lxd/util.go into its own lxd/util/ sub-package
  • lxd/daemon: Replace Daemon with State in all model entities
  • lxd/daemon: Reset the images auto-update loop when configuration changes
  • lxd/daemon: Simplify time channels
  • lxd/daemon: Use select and save goroutines
  • lxd/db: Add db/query sub-package with common query helpers
  • lxd/db: Add db/schema sub-package for managing database schemas
  • lxd/db: Add query.Transaction
  • lxd/db: Add Schema.Dump() method for flattening a series of schema updates
  • lxd/db: Add schema.NewFromMap convenience to create a schema from a map.
  • lxd/db: Automatically generate database schema from database updates
  • lxd/db: Don't special-case mock mode unnecessarily in db patches
  • lxd/db: Drop dependencies on Daemon
  • lxd/db: Fix bad DB schema update between schema 30 and 31
  • lxd/db: Fix database upgrade logic not inserting interim versions
  • lxd/db: Move db*.go files into their own db/ sub-package
  • lxd/db: Separate db-level update logic from daemon-level one
  • lxd/db: Wire new schema code into db.go
  • lxd/devices: Add support for isolcpu in CPU scheduler
  • lxd/devices: Don't mark all cpus isolated by default
  • lxd/devices: Fix handling of major and minor numbers in device IDs
  • lxd/devices: Fix sorting order of devices
  • lxd/devices: Handle empty isolcpus set
  • lxd/devices: Take all 32 bits of minor device number
  • lxd/events: Fix race condition in event handlers
  • lxd/images: Actually get the list of images to remove
  • lxd/images: Always expand fingerprint
  • lxd/images: Carry old "cached" value on refresh
  • lxd/images: Clear error for image not found
  • lxd/images: Don't access the returned struct in case of error
  • lxd/images: Fix image refresh when fingerprint is passed
  • lxd/images: Fix ordering of compressor arguments
  • lxd/images: Fix potential double unlock
  • lxd/images: Fix private image copy with partial fp
  • lxd/images: Fix regression in image auto-update logic
  • lxd/images: Initialize image info in direct download case
  • lxd/images: Properly extract the image expiry
  • lxd/images: Respect disabled cache expiry
  • lxd/images: Store UploadedAt as RFC3339
  • lxd/init: Add a cmd.Parser helper for parsing command line flags
  • lxd/init: Consolidate interactive/auto init logic with the preseed one
  • lxd/init: Extract code asking init questions to individual methods
  • lxd/init: Extract logic to fill init data to standalone methods
  • lxd/init: Extract validation of --auto args into a separate method
  • lxd/init: Make the log cmdInit unit-testable
  • lxd/init: Move state-changing inline functions to own methods
  • lxd/init: Plug cmd.Parser into main.go
  • lxd/init: Properly set default port
  • lxd/main: Fix error message when log path is missing
  • lxd/migration: Fix live migration (bad URL in dumpsuccess)
  • lxd/networks: Don't require ipt_checksum
  • lxd/patches: Convert UploadedAt to RFC3339
  • lxd/rsync: Handle sparse files when rsyncing
  • lxd/shutdown: Only timeout if told to
  • lxd/storage/btrfs: Workaround btrfs bug
  • lxd/storage/dir: Unfreeze on rsync error
  • lxd/storage/rsync: Ignore vanished file warnings
  • Makefile: Fix static-analysis target
  • Makefile: Update pot before po
  • network: Do not update limits unconditionally
  • shared: Add wrapper to translate host paths
  • shared: Cleanup use of log
  • shared: Fix bad check for snap paths
  • shared: Fix growing of buf in GroupId
  • shared: Fix new golint warning
  • shared: Move GetRemoteCertificate from lxc/remote
  • shared: Move idmap/acl functions to a separate package
  • shared: Move testhelpers into shared/osarch for now
  • shared: Use custom error type for RunCommand
  • shared: Vendor the subtest compatibility schim in shared/subtest
  • shared: Websocket proxy should proxy everything
  • shared/api: Add API for editing containers metadata.yaml and template files
  • shared/api: Add container template files operations.
  • shared/api: Add server resource api structs
  • shared/api: Add storage pool resource api structs
  • shared/api: Add StorageVolumePost
  • shared/api: Add support for macaroons-based authentication indicator
  • shared/api: Extensions go at the bottom
  • shared/api: Implement complete push migration
  • shared/api: Migration: state{ful,less} snapshot migration
  • shared/api: Split storage in separate files for pools and volumes
  • shared/api: Sync with master branch
  • shared/canceler: Support canceling with parallel downloads
  • shared/canceler: Fix return value ordering
  • shared/canceler: Use request Cancel channel
  • shared/cmd: Don't depend on testify in the cmd package
  • shared/cmd: Update to match master
  • shared/idmap: Disallow hostids intersecting subids
  • shared/idmap: Fix numerous issues
  • shared/idmap: Fix tests
  • shared/idmap: Make ACL failures more verbose
  • shared/logger: Temporary workaround for log15 API breakage
  • shared/network: Add some more TLS ciphers
  • shared/network: Sync TLS handling with master
  • shared/osarch: Add function for parsing /etc/os-release
  • shared/osarch: Add missing architecture aliases
  • shared/osarch: Fix uname handling on some architectures
  • shared/util: Add helper to create tempfiles
  • shared/util: Extract helper to get uname
  • shared/util: Guess size when sysconf() returns -1
  • shared/util: Implement mountpoint checking
  • shared/util: More snap handling logic
  • shared/util: Shift xattr ACLs uid/gid
  • shared/util: Sync ParseLXDFileHeaders with master
  • shared/version: Add helper to get platform-specific versions
  • shared/version: Only include kernel version, not build id
  • tests: Add a test for read-only disks
  • tests: Add new dependencies
  • tests: Add performance regression tests
  • tests: Add storage helpers
  • tests: Add support for LXD_TMPFS to perf.sh
  • tests: Add test for disallowing hostid in subuid
  • tests: Also measure batch startup time in perf.sh
  • tests: bump image auto update limit to 20min
  • tests: Clear database state in the mock daemon after each lxdSuiteTest
  • tests: Don't attempt to finger public remotes
  • tests: Don't copy running lvm/ceph containers
  • tests: Fix bad raw.lxc test
  • tests: Fix dependency check
  • tests: Fix image_auto_update test
  • tests: Fix image expiry test
  • tests: Fix shell return value masking
  • tests: Function to include storage backends helpers
  • tests: include lvm in image auto update
  • tests: More apparmor presence checking
  • tests: Refactor cleanup functions
  • tests: Setup basic channel handler for triggers
  • tests: Skip apparmor tests when no kernel support
  • tests: Split out lxc and lxd related helper functions
  • tests: Split out network-related helper functions
  • tests: Split out storage-related helper functions
  • tests: Split out test setup related helper functions
  • tests: Support running individual testify test suites
  • tests: Switch to new storage helpers
  • tests: Update perf.sh to "lxd-benchmark launch"
  • tests: use "--force" everywhere on stop
  • tests: Use in-memory db for tests (makes them faster)
  • tests: Use testimage for perf testing
  • tests: Validate that the right busybox is present
  • tests: Wait up to 2 minutes for image updates

Downloads

The release tarballs can be found on our download page.

LXD 2.19 has been released

18th of October 2017

The changes in this release include

Features:

  • The LXD documentation is now available at https://lxd.readthedocs.io
  • A new "resources" API was added allowing to get CPU and memory information as well as storage pool sizes from the API. In the client, this maps to "lxc info --resources" and "lxc storage show NAME --resources".
  • A new set of limits.kernel.[limit name] container configuration keys are available to tweak the various kernel process limits for the container.
  • The command line client now has a number of "rename" subcommands, for profiles, networks and image aliases. The toplevel "rename" command was also updated to match.
  • The LXD API now allows renaming of custom storage volumes. In the client tool, this can be done through "lxc storage volume rename".
  • Extended the LXD user-agent to include the kernel version, architecture and OS name and release. This will allow LXD image servers to show a filtered image list when applicable.
  • Added a new insecureSkipVerify flag to ConnectionArgs struct in the client allowing to connect to a LXD host bypassing any kind of TLS validation.

Bugfixes:

  • doc: Document instance types
  • doc: Document that squashfs images can also be used
  • github: Add SUPPORT.md
  • github: Refresh the issue template
  • global: Add some more TLS ciphers (Issue #3822)
  • lxc/file: Use shared.HostPath for push/pull
  • lxc/image: Fix regression in exported filename (Issue #3869)
  • lxc/image: Use shared.HostPath for import/export
  • lxc/storage: Fix remote operations
  • lxd-benchmark: Add "spawn" as equivalent but deprecated to "launch"
  • lxd-benchmark: Change name of spawn command to launch
  • lxd/apparmor: Drop useless apparmor denies
  • lxd/daemon: Don't update images while pruning
  • lxd/daemon: Fix handling of config triggers
  • lxd/daemon: Simplify time channels
  • lxd/db: Fix bad DB schema update between schema 30 and 31 (Issue #3878) (Issue #3890)
  • lxd/images: Actually get the list of images to remove
  • lxd/images: Fix bad error message
  • lxd/images: Respect disabled cache expiry
  • lxd/images: Store UploadedAt as RFC3399
  • lxd/import: Check for on-disk only snapshots
  • lxd/import: Re-create mountpoints and symlinks
  • lxd/import: Rewrite (Issue #3682)
  • lxd/init: Only nest btrfs if container is on btrfs
  • lxd/migration: Fix lvm stateful restores
  • lxd/migration: Fix stateless incremental containers (Issue #3798)
  • lxd/network: Better handle dnsmasq version checks (Issue #3837)
  • lxd/network: Do not update limits unconditionally (Issue #3920)
  • lxd/networks: Fix renaming networks (Issue #3912)
  • lxd/networks: Update dnsmasq on container renames
  • lxd/patches: Convert UploadedAt to RFC3399
  • lxd/resources: Deal with missing cpufreq directory
  • lxd/storage: Add growFileSystem helper
  • lxd/storage: Add shrinkFileSystem helper
  • lxd/storage: Add shrinkVolumeFilesystem helper
  • lxd/storage: Have "usedby" functions return empty slice
  • lxd/storage: Ignore vanished file warnings during rsync (Issue #3859)
  • lxd/storage: Move check for type into api
  • lxd/storage: Re-import image if volume filesystem has changed
  • lxd/storage: Rework container volume properties
  • lxd/storage: Rework storage pool updating (Issue #3834)
  • lxd/storage: Rework storage volume updating
  • lxd/storage: Support resizing btrfs-based volumes
  • lxd/storage/btrfs: Existence check before container delete (Issue #3775)
  • lxd/storage/btrfs: Existence check before custom delete (Issue #3775)
  • lxd/storage/btrfs: Existence check before image delete (Issue #3775)
  • lxd/storage/btrfs: Existence check before snapshot delete (Issue #3775)
  • lxd/storage/btrfs: Remove dependency on symlink
  • lxd/storage/btrfs: Workaround btrfs bug (Issue #3843)
  • lxd/storage/ceph: Check for mountpoint before calling umount
  • lxd/storage/ceph: Correctly implement (none-)live migration
  • lxd/storage/ceph: Existence check before container delete (Issue #3775)
  • lxd/storage/ceph: Existence check before custom delete (Issue #3775)
  • lxd/storage/ceph: Existence check before pool delete (Issue #3775)
  • lxd/storage/ceph: Existence check before snapshot delete (Issue #3775)
  • lxd/storage/ceph: Handle volume.block.filesystem update
  • lxd/storage/ceph: Remove size property from OSD pools
  • lxd/storage/ceph: Use [grow|shrink]FileSystem helpers
  • lxd/storage/dir: Check whether pool is already mounted (Issue #3938)
  • lxd/storage/dir: Make sure pool is mounted (Issue #3938)
  • lxd/storage/lvm: Existence check before container delete (Issue #3775)
  • lxd/storage/lvm: Existence check before custom delete (Issue #3775)
  • lxd/storage/lvm: Existence check before image delete (Issue #3775)
  • lxd/storage/lvm: Existence check before pool delete (Issue #3775)
  • lxd/storage/lvm: Mount xfs snapshots with "nouuid"
  • lxd/storage/lvm: Non-functional changes
  • lxd/storage/lvm: Re-import image on thinpool-based pools if volume filesystem has changed
  • lxd/storage/lvm: Use DottedVersion for version comparison
  • lxd/storage/zfs: Existence check before custom delete (Issue #3775)
  • lxd/storage/zfs: Existence check before delete for pools (Issue #3775)
  • shared: Cleanup use of the log package
  • shared: Move testhelpers into shared/osarch for now
  • shared/api: Consistent file names
  • shared/api: Split storage in separate files for pools and volumes
  • shared/canceler: Support canceling with parallel downloads
  • shared/idmap: Fix numerous issues (Issue #3946)
  • shared/idmap: Make ACL failures more verbose
  • shared/logger: Temporary workaround for log15 API breakage
  • shared/util: Implement mountpoint checking (Issue #3877)
  • shared/util: More snap handling logic
  • tests: Add stateless live migration tests
  • tests: Add tests for btrfs resize
  • tests: Add tests using btrfs on LVM and ceph volumes
  • tests: Fix bad raw.lxc test
  • tests: Fix dependency check
  • tests: Fix image expiry test
  • tests: Fix shell return value masking
  • tests: Setup basic channel handler for triggers
  • tests: Test mountpoint and symlink recreation
  • tests: Update and expand container import tests
  • tests: Update perf.sh to "lxd-benchmark launch"
  • tests: Use 50MB as minimal block dev size for xfs

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.18 has been released

20th of September 2017

The changes in this release include

New features:

  • The btrfs filesystem can now be used on LVM and Ceph storage pools
  • Our internal "lxd-benchmark" tool is now a first class utility
  • "lxd-benchmark" can now generate performance reports
  • It's now possible to move a running container in the background, only stopping it at the last minute (using --stateless option)
  • A new "ceph.osd.force_reuse" storage pool property was added to limit accidental import of used Ceph pools

Bugfixes:

  • client: Reduce request logging to Debug level
  • doc: Link to release notes and downloads (Issue #3709)
  • doc: Tweak docker instructions (Issue #3712)
  • lxc/delete: Fix the --force description
  • lxc/image: Fix import crash when adding properties (Issue #3803)
  • lxc/move: Use force on delete
  • lxd-benchmark: Big code refactoring
  • lxd/apparmor: Support new stacking syntax
  • lxd/containers: Check for container mountpoint too
  • lxd/containers: Fix handling of major and minor numbers in device IDs
  • lxd/containers: Remove from db on storage failure (Issue #3782)
  • lxd/daemon: Refactoring of State as a separate package
  • lxd/daemon: Reset the images auto-update loop when configuration changes
  • lxd/db: Add db/query sub-package with common query helpers
  • lxd/db: Add db/schema sub-package for managing database schemas
  • lxd/db: Automatically generate database schema from database updates
  • lxd/events: Fix race condition in event handlers (Issue #3770)
  • lxd: Fix typo in comment
  • lxd/images: Fix ordering of compressor arguments
  • lxd/images: Fix private image copy with partial fp
  • lxd/images: Properly extract the image expiry
  • lxd/init: Code refactoring
  • lxd/init: Fix btrfs subvolume creation
  • lxd/init: Improve default storage backend selection
  • lxd/init: Re-order btrfs questions
  • lxd/main: Fix error message when log path is missing
  • lxd/migration: Fix live migration (bad URL in dumpsuccess) (Issue #3715)
  • lxd/networks: Allow for duplicate IPs (Issue #3721)
  • lxd/networks: Don't require ipt_checksum
  • lxd/networks: Fix bridging devices with IPv6 link-local (Issue #3727)
  • lxd/networks: Make dnsmasq quiet when not in debug mode
  • lxd/networks: Only add --quiet options to dnsmasq if version supports them
  • lxd/networks: Switch to a directory based dhcp-host (Issue #3694)
  • lxd/patches: Make dir pool use bind-mount
  • lxd/patches: Move patch to the right part of the file
  • lxd/storage: Don't mask error messages
  • lxd/storage: Extend makeFSType, remove duplicated mkfs.* code
  • lxd/storage: If volume creation fails, delete DB entry
  • lxd/storage: Only validate config changes
  • lxd/storage/ceph: Add note about filesystems for Ceph cluster
  • lxd/storage/ceph: Fix divide error in size calculation
  • lxd/storage/ceph: Generate a new xfs UUID (Issue #3752)
  • lxd/storage/ceph: Implement resizing (Issue #3760)
  • lxd/storage/ceph: Sanitize path return from rbd map (Issue #3726)
  • lxd/storage/ceph: Set ACL on container copy
  • lxd/storage/ceph: Use Storage{Start,Stop}()
  • lxd/storage/ceph: Use UUID when creating zombie storage volumes (Issue #3780)
  • lxd/storage/dir: Use bind-mount for pools outside ${LXD_DIR}
  • lxd/storage/dir: Use correct function
  • lxd/storage/lvm: Generate a new xfs UUID on thinpool copy
  • lxd/storage/lvm: Report error on wrong storage type
  • lxd/storage/lvm: Require resize request to be at least 1MB
  • lxd/storage/zfs: Use "referenced" property when zfs.use_refquota=true
  • shared: Add helpers to parse/compare versions
  • shared: Fix growing of buf in GroupId (Issue #3711)
  • shared: Guess size when sysconf() returns*1
  • shared/api: Fix new golint warning
  • shared/idmap: Disallow hostids intersecting subids
  • shared/idmap: Move idmap/acl functions to a separate package
  • shared/subtest: Vendor the subtest package
  • tests: Add more ceph tests
  • tests: Add support for LXD_TMPFS to perf.sh
  • tests: Add test for disallowing hostid in subuid (Issue #3416)
  • tests: Also measure batch startup time in perf.sh
  • tests: Bump image auto update limit to 20min
  • tests: Ceph test volume resizing
  • tests: Container import fixes
  • tests: Don't copy running lvm/ceph containers
  • tests: Include LVM in image auto update
  • tests: Limit ceph volumes to 25MB
  • tests: Lower pg number for OSD pools
  • tests: Non-functional changes
  • tests: Resize block size to 200MB
  • tests: Use "--force" everywhere on stop
  • tests: Use testimage for perf testing
  • tests: Wait up to 2 minutes for image updates

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.17 has been released

23rd of August 2017

The changes in this release include

New features:

  • Add support for specifying the ceph user (using the "ceph.user.name" property)
  • Implement "instance types" as an easy way to specify limits (e.g. "lxc launch ubuntu:16.04 -t t2.micro")
  • Add a new "lxc query" command as a low level query tool for the LXD API (similar to curl but with LXD knowledge)
  • Filesystem ACLs are now rewritten when the container changes uid/gid map
  • LXD now supports using binary deltas when refreshing daily images
  • "lxc image info" now shows whether an image was automatically cached by LXD

Bugfixes:

  • client: Cleanup code duplication in image download function
  • client: Remove deprecated client code
  • client: Simplify ConnectPublicLXD logic
  • doc: Add storage documentation for volatile.pool.pristine
  • doc: Add the volatile.initial_source key
  • doc: Fix bad JSON in rest-api.md (Issue #3654)
  • doc: Properly escape path params
  • extra/lxc-to-lxd: Ignore capabilities that are dropped by default
  • extra/lxc-to-lxd: Ignore sysfs/proc mounts
  • extra/lxc-to-lxd: Properly handle lxc.seccomp
  • i18n: Update translations from weblate
  • lxc: Fix race in progress reporter
  • lxc: Re-introduce remote protocol migration
  • lxc/config: Expose extra certificate functions (Issue #3606)
  • lxc/image: Fix copy of image aliases
  • lxc/image: Wait for the refresh to complete
  • lxc/remote: Don't require a crt for public remotes (Issue #3627)
  • lxd: Move lxd/util.go into its own lxd/util/ sub-package
  • lxd/containers: Allow passing disk devices with the LXD snap (Issue #3660)
  • lxd/containers: Another LXC 2.1 key rename, lxc.idmap
  • lxd/containers: Fix a typo: now -> know
  • lxd/containers: Fix gpu attach when mixing GPU vendors (Issue #3642)
  • lxd/containers: Fix sorting order of devices (Issue #2895)
  • lxd/containers: Fix support for isolcpu in CPU scheduler (Issue #3624)
  • lxd/containers: Make stateful snapshot restores work again
  • lxd/daemon: Add initial lxd/sys sub-package and OperatingSystem structure
  • lxd/daemon: d.os.Init must be run after all paths are created
  • lxd/daemon: Extract Daemon.ExpireLogs into a standalone function
  • lxd/daemon: Extract Daemon.GetListeners into a standalone function
  • lxd/daemon: Extract Daemon.httpClient into a standalone HTTPClient function
  • lxd/daemon: Extract Daemon.ListenAddresses into a standalone function
  • lxd/daemon: Extract Daemon.PasswordCheck into a standalone function
  • lxd/daemon: Extract Daemon.SetupStorageDriver into a standalone function
  • lxd/daemon: Log a warning for unknown config keys instead of crashing
  • lxd/daemon: Move Daemon.BackingFs to the OS struct
  • lxd/daemon: Move Daemon.IdmapSet to OS.IdmapSet
  • lxd/daemon: Move Daemon.isRecursionRequest to the lxd/util sub-package
  • lxd/daemon: Move Daemon.lxcpath to OS.LxcPath
  • lxd/daemon: Move Daemon.MockMode to OS.MockMode
  • lxd/daemon: Move Deamon.CheckTrustState and Deamon.isTrustedClient to lxd/util
  • lxd/daemon: Move filesystemDetect function into lxd/util subpackage
  • lxd/daemon: Replace Daemon with State in all model entities
  • lxd/daemon: Use select and save a few goroutines
  • lxd/daemon: Use sql.DB or sys.OS instead of Daemon where possible
  • lxd/db: Drop dependencies on Daemon in db.go
  • lxd/db: Move db*.go files into their own db/ sub-package
  • lxd/images: Carry old "cached" value on refresh (Issue #3698)
  • lxd/import: Don't use un-initialized structs
  • lxd/networks: Allow starting LXD without dnsmasq (Issue #3678)
  • lxd/networks: Fix networkIptablesClear with missing ip{6}tables (Issue #3688)
  • lxd/networks: Make "dev" work as a network name
  • lxd/networks: Set dnsmasq.raw to be 0644 (Issue #3652)
  • lxd/networks: Stop networks on clean shutdown
  • lxd/patches: Fix canmount=noauto patch (Issue #3594)
  • lxd/patches: Unset "size" for ZFS containers + images (Issue #3679)
  • lxd/storage: Count custom volumes in pool UsedBy
  • lxd/storage: Enable "volume.size" for {btrfs,zfs}
  • lxd/storage: Fix "size" property
  • lxd/storage: Fix wrong driver name for log output
  • lxd/storage: Non-functional changes
  • lxd/storage/ceph: Fix double --cluster
  • lxd/storage/ceph: Unmap until EINVAL
  • lxd/storage/ceph: Use "/dev/rbd" via sysfs
  • lxd/storage/ceph: Use minimal image feature set for clones
  • lxd/storage/dir: Check if directory is empty (Issue #3680)
  • lxd/storage/zfs: Always require existing datasets to be empty (Issue #3657)
  • lxd/storage/zfs: Refactoring
  • shared: Add wrapper to translate host paths
  • shared: Move GetRemoteCertificate from lxc/remote (Issue #3606)
  • tests: function to include storage backends helpers
  • tests: Refactor cleanup functions
  • tests: Split out lxc and lxd related helper functions
  • tests: Split out network-related helper functions
  • tests: Split out storage-related helper functions
  • tests: Split out test setup related helper functions
  • tests: Use $storage_backends variable

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.16 has been released

25th of July 2017

The changes in this release include

New features:

  • Ceph RBD can now be used as a LXD storage backend (including "lxd init" support).
  • A new security.idmap.base key has been added. This controls what base uid/gid to use on the host when using security.idmap.isolated.
  • Image downloads can now be interrupted.
  • File transfers now support sending symlinks
  • "lxc copy" and "lxc move" will now show progress information
  • "lxc copy" and "lxc move" now support "relay" and "push" modes to go around firewalls and NAT
  • Custom storage volumes can now have their size set and modified
  • "lxc image import" now supports reading from a directory containing an unpacked image
  • The "vlan" property can now be set on "physical" network interfaces (was just "macvlan")
  • It's now possible to delete image volumes from a storage pool. This allows removing a storage pool without having to remove the images from the image store.
  • The image metadata and template files can now be created and modified over the API. This allows fine tuning of all image metadata prior to publishing.
  • Stateful snapshots can now be restored as a new container on a remote host.

Bugfixes:

  • client: Allow specifying base http client (Issue #3580)
  • client: Commonize error handling
  • client: Don't live migrate stopped containers
  • client: Fix crash in operation handler
  • client: Fix file push/pull with names containing spaces
  • client: Fix handling of public LXD remote (Issue #3464)
  • client: Fix race condition in operation handling
  • client: Improve migration relay code
  • client: Make it possible to retrieve HTTP client (Issue #3580)
  • client: Properly handle remote disconnections
  • client.go: Make deprecation warnings visible in godoc (Issue #3466)
  • config: Try to be clever about ":" in snapshots
  • doc: Add note on use of previous image from cache (Issue #3590)
  • doc: Document storage_images_delete API extension (Issue #3539)
  • doc: Document the exec control API (Issue #3574)
  • doc: Expand lxd import documentation
  • doc: Extend/rework security-related documentation.
  • doc: Fix help to provide sample that actually works
  • doc: Fix spaces, commas, quotes, brackets where needed
  • doc: Initial documentation of container env (Issue #477)
  • doc: Need quotes for /1.0/networks/ "config"."ipv6.nat"
  • doc: Remove extraneous backslash
  • doc: Update containers.md
  • github: ISSUE_TEMPLATE.md: Fix lxd.log location
  • global: Fix a few typos
  • lxc/config: Removal of multiple devices at once
  • lxc: Create missing config paths
  • lxc: Cross-platform HOME handling (Issue #3573)
  • lxc/exec: Fix signal handler for Windows (Issue #3496)
  • lxc/file: Don't specify mode for intermediate directories created with push -p
  • lxc/image: Always use long fingerprint in exported filenames.
  • lxc/image: Fix "lxc image copy" not recording the source
  • lxc/image: Improve "lxc image list" filter handling (Issue #3555)
  • lxc/image: Missing error handling
  • lxc/image: Properly record alias source on copy (Issue #3586)
  • lxc/image: Update image aliases when they already exist
  • lxc/launch: Fix failure to launch containers with random names
  • lxc/list: Error if --columns and --fast are used together
  • lxc/publish: Change compression_algorithm to compressionAlgorithm
  • lxc/publish: Fix fingerprint printing
  • lxc/utils: Avoid potential progress race condition
  • lxc/utils: Println doesn't do format strings
  • lxd/container: Fix broken error handling
  • lxd/containers: Better handle errors in memory reporting (Issue #3482)
  • lxd/containers: Show underlying error when container delete fails
  • lxd/containers: Support for LXC 2.1 configuration keys (and fallback)
  • lxd/images: Clear error for image not found
  • lxd/images: Fix image refresh when fingerprint is passed.
  • lxd/import: Keep volatile keys
  • lxd/import: Remove last dependency on symlink
  • lxd/init: Detect LVM thin provisioning tools (Issue #3497)
  • lxd/networks: Don't fail on non-process PIDs
  • lxd/storage: Check idmaps of all attaching containers (Issue #3548)
  • lxd/storage: Fix ETag handling of volumes
  • lxd/storage: Fix readonly mode for directory mount
  • lxd/storage: Fix UsedBy for containers and images
  • lxd/storage: Fix volume config logic
  • lxd/storage: Introduce a new storagePoolVolumeUsedByContainersGet function
  • lxd/storage: Move db deletion to driver implementation
  • lxd/storage: Restrict size property in pool config
  • lxd/storage/lvm: Convert to RunCommand (Issue #3507)
  • lxd/storage/lvm: Fix broken error handling
  • lxd/storage/lvm: Fix non-thinpool container creation (Issue #3543)
  • lxd/storage/lvm: Non-functional changes
  • lxd/storage/zfs: Moved all the helper functions to storage_zfs_utils.go (Issue #3471)
  • lxd/storage/zfs: Removed s.zfsPoolVolumeCreate() and changed all s.zfsPoolVolumeCreate() to use zfsPoolVolumeCreate()
  • lxd/storage/zfs: Set canmount=noauto on all mountable datasets (Issue #3437)
  • lxd/storage/zfs: Used s.getOnDiskPoolName() instead of s.pool.Name
  • README: Fix broken links
  • README: Seriously rework the content
  • shared/cancel: Fix crash if no canceler is setup
  • shared/cancel: Fix return value ordering
  • shared/cancel: Use request Cancel channel
  • shared: Use custom error type for RunCommand (issue #3502)
  • shared/util: Guess size when sysconf() returns -1 (Issue #3581)
  • shared: Websocket proxy should proxy everything
  • tests: Add a test for "lxc storage volume set"
  • tests: Add a test for read-only disks
  • tests: Add import test when symlink has been removed
  • tests: Add test for push and relay mode
  • tests: Allow running tests without lxdbr0
  • tests: Always pass --force to stop/restart
  • tests: More apparmor presence checking
  • tests: Skip apparmor tests when no kernel support
  • tests: Validate that the right busybox is present
  • zfs: Use tryMount when mounting filesystem

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.15 has been released

28th of June 2017

The changes in this release include

New features:

  • "lxc image list" now support column customization.
  • "lxc list" and "lxc image list" now both support table, json, yaml and csv as output formats.
  • It's now possible to cancel (DELETE) some background operations while they're downloading content.
  • The "lxc" command line tool was ported from our old client code to the new client package. This was the last bit of code which needed porting and we're now planning on removing the old client package from our tree with LXD 2.16.
  • New CopyContainer and CopyContainerSnapshot functions were added to the client package.
  • LXD will now dynamically remap custom storage volumes when attached to containers.

Bugfixes:

  • client: Add extra exec option to block on I/O
  • client: Fail copy if the source isn't listening on network
  • client: Fix potential race in event handler setup
  • client: Only set file headers if value is provided
  • doc: Add a note for blkio limits (Issue #3378)
  • doc: Document image refresh API call
  • doc: Fix missing markdown escaping
  • doc: Tweak storage formatting (Issue #3376)
  • lxc/file: Clean source path for recursive push
  • lxc/file: Properly read file permissions on Windows (Issue #3363)
  • lxd/containers: Also support lxc.net..* configuration keys on newer LXC
  • lxd/containers: Check whether the disk device exists on the host before unmount
  • lxd/containers: Detect POLLNVAL when polling during exec (Issue #2964)
  • lxd/containers: Fail if we get EBUSY during startup (Issue #3412)
  • lxd/containers: Use the lxc.network..* configuration keys
  • lxd/db: Replace some uses of InternalError with SmartError
  • lxd/images: Always expand the fingerprint (Issue #3424)
  • lxd/images: If multiple cache hits, pick the latest
  • lxd/images: Properly initialize image info in direct case
  • lxd/images: Skip cached images without auto-update
  • lxd/networks: Always pass --conf-file to dnsmasq (Issue #3367)
  • lxd/networks: Only generate DHCP fw rules if enabled (Issue #3432)
  • lxd/networks: Remove IPv6 leases on container delete
  • lxd/networks: Tweak error in subnet auto detection
  • lxd/patches: Fix bad upgrade for ZFS pools (Issue #3386)
  • lxd/patches: Make sure localdevices are properly updated (Issue #3169)
  • lxd/shutdown: Only timeout if told to (Issue #3434)
  • lxd/storage: Fix ETag calculation for pools
  • lxd/storage: Insert driver correctly (Issue #3386)
  • lxd/storage/btrfs: Apply default flags BEFORE detecting type (Issue #3409)
  • lxd/storage/btrfs: Enable filesystem quotas on demand
  • lxd/storage/dir: Still create the needed symlinks on freeze failure
  • lxd/storage/dir: Unfreeze on rsync errors
  • lxd/storage/lvm: Allow non-empty VGs when thinpool exists (Issue #3456)
  • lxd/storage/rsync: Handle sparse files when rsyncing (Issue #3287)
  • lxd/storage/zfs: Fix container snapshot copy (Issue #3395)
  • lxd/storage/zfs: Improve dummy dataset creation (Issue #3399)
  • Makefile: Update pot before po
  • shared/api: API extensions go at the bottom
  • tests: Add more copy/migration tests
  • tests: Add tests for custom storage volume attach
  • tests: Add tests for "lxc file push -r ./"
  • tests: Don't attempt to finger public remotes
  • tests: Don't run migration tests again on LVM when backend is random
  • tests: Use in-memory database for tests

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.14 has been released

30th of May 2017

The changes in this release include

New features:

  • New client library
    • Add a CreateContainerFromImage function
    • Implement image upload
    • Implement remote operations
  • API additions
    • New "description" field for containers, networks, storage pools and storage volumes
    • Allow for image refreshes (lxc image refresh)
  • When launching containers, an existing cached image is now preferred over downloading a refreshed one
  • "lxd init" can now be preseeded with "--preseed" and a yaml config file
  • Introduce a new btrfs.mount_options pool property
  • Implement volume resizing for LVM (grow/shrink for ext4, grow only for xfs)

Bugfixes:

  • client: Add image_create_aliases backward compat
  • client: Always pass pointer to queryStruct
  • client: Don't return cache on GetServer
  • client: Fill the server fingerprint if missing
  • client: Fix private image handling
  • client: Fix race condition in operation handler
  • client: Improve error on image copy
  • client: Keep track of protocol
  • client: Move CopyImage to the target server
  • client: Remove unneeded condition
  • client: Require the volume type for storage volume
  • client: Support partial fingerprints
  • client: Track the server certificate, not client
  • client: Use RemoteOperation for CopyImage
  • doc: Add documentation about the init preseed feature
  • doc: Correct typo in device type name
  • doc: Fix markdown escaping
  • doc: Update README.md Docker instructions
  • doc/network: Add section on macvlan vs bridge (Issue #3273)
  • doc/storage: Correct grammer
  • doc/storage: Document zfs quota vs refquota (Issue #2959)
  • doc/storage: Fix ordering
  • extra/lxc-to-lxd: Don't crash on missing mount file (Issue #3237)
  • global: Fix typos
  • global: Replace file Chmod() with os.Chmod() (Issue #3275)
  • global: Use containerGetParentAndSnapshotName() everywhere
  • i18n: Pre-release update
  • i18n: Update translations from weblate
  • lxc: Fix obscure error on missing object name (Issue #3230)
  • lxc: Implement progress tracking for operations
  • lxc/copy: Improve error handling (Issue #3243)
  • lxc/copy: Simplify the code
  • lxc/file: Fix broken file push on Windows
  • lxc/file: Fix recursive file push on Windows
  • lxc/init: Drop unnecessary else statement
  • lxc/remote: Show the fingerprint as string not hex (Issue #3293)
  • lxc/storage: Don't ignore yaml errors
  • lxd: Support running individual testify test suites
  • lxd/containers: Also clear the host_name volatile key
  • lxd/containers: Cleanup volatile keys on update (Issue #3231)
  • lxd/containers: Disable IPv6 on created macvlan parents
  • lxd/containers: fillNetworkDevice is only for nic
  • lxd/containers: Use networkSysctl whenever possible
  • lxd/daemon: Fix ETag handling for /1.0
  • lxd/daemon: Actually set ServerFingerprint
  • lxd/db: Add a testify test suite for db tests, rework existing tests
  • lxd/db: Clear database state in the mock daemon after each lxdSuiteTest
  • lxd/db: Don't special-case mock mode unnecessarily in db patches
  • lxd/db: Return NoSuchObjectError on missing storage pools (Issue #3257)
  • lxd/db: Separate db-level update logic from daemon-level one
  • lxd/images: Check if the image already exists on upload
  • lxd/images: Fix potential double unlock
  • lxd/images: Fix regression in image auto-update logic
  • lxd/images: Save image source certificate and pass it to the download
  • lxd/images: Split autoUpdateImage function
  • lxd/import: Error on out missing name
  • lxd/init: Extract validation of --auto args into a separate method
  • lxd/init: Move state-changing inline functions to own methods
  • lxd/init: Rollback to initial state if anything goes wrong
  • lxd/init: Properly set the default port (Issue #3341)
  • lxd/networks: Fix ETag regression
  • lxd/patches: Drop unused variable
  • lxd/profiles: Remove the Docker profile
  • lxd/storage: Add helper to detect if pool is in use
  • lxd/storage: Add lxdResolveMountoptions()
  • lxd/storage: Add MS_LAZYTIME to mount options
  • lxd/storage: Add permission helpers
  • lxd/storage: Avoid an infinite loop
  • lxd/storage: Fix bad internal types
  • lxd/storage: Move mount helpers to storage utils
  • lxd/storage: Only delete custom volumes
  • lxd/storage: Pass container struct to ContainerMount()
  • lxd/storage: Re-order storage pool checks
  • lxd/storage/btrfs: Add getBtrfsPoolMountOptions()
  • lxd/storage/btrfs: Handle migration on different LXDs (Issue #3323)
  • lxd/storage/btrfs: Remove unused variable
  • lxd/storage/btrfs: Use lxdResolveMountoptions()
  • lxd/storage/lvm: Allow re-using existing thinpools (Issue #3351)
  • lxd/storage/lvm: Check whether volume group is already in use
  • lxd/storage/lvm: Disallow using non-empty volume groups (Issue #3351)
  • lxd/storage/lvm: Only delete VG when empty (Issue #3351)
  • lxd/storage/lvm: Resolve mount options properly (Issue #3284)
  • lxd/storage/lvm: Simplify and improve pool creation
  • lxd/storage/zfs: Create image dataset with mountpoint=none (Issue #3359)
  • lxd/storage/zfs: Fix folder permissions after dataset creation (Issue #3090)
  • lxd/storage/zfs: Try to work around zfs EBUSY bug (Issue #3228)
  • Makefile: Add update-po to i18n target
  • Makefile: Fix static-analysis target
  • shared: Add yaml-mode marker in template for "lxc edit" actions
  • shared/cmd: Add new package with initial command I/O logic
  • shared/cmd: Complete cmd.Context support for various AskXXX methods
  • shared/cmd: Don't depend on testify
  • shared/cmd: Make the log cmdInit unit-testable
  • shared/logger: Make golint clean
  • shared/logger: Replace PrintStack with GetStack
  • shared/logging: Export LogfmtFormat
  • shared/logging: Make golint clean
  • shared/termios: Make golint clean
  • tests: Add btrfs.mount_options test (Issue #3264)
  • tests: Add LV resizing tests
  • tests: Add mount option test for LVM (Issue #3284)
  • tests: Add quota tests
  • tests: Allow random storage backend selection
  • tests: Don't rely on busybox shutting down nicely
  • tests: Drop jenkins-specific check again
  • tests: Explicitly pass shell type to shellcheck
  • tests: Honor the LXD_BACKEND environment variable in storage tests
  • tests: Make sure storage volume is mounted
  • tests: Remove invalid test for Jenkins
  • tests: Test suites use space indent
  • tests/deps: Make golint clean

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.10 release announcement

11th of May 2017 This is the tenth bugfix release for LXD 2.0.

The changes since LXD 2.0.9 are

Minor improvements:

  • client: Backported the new client library and ported some of the internal commands over to it
  • lxc: Add a manpage command
  • lxc: Allow --version to be passed with any command
  • lxc: Reworked all help messages in the client to be compatible with help2man
  • lxd: AppArmor namespacing is now also enabled for privileged containers

Bugfixes:

  • build: Add debug logging
  • client: Fix profile list
  • client: Remove unneeded condition
  • doc: Add instructions to grow ZFS loop
  • doc: Add note about escaping btrfs qgroups
  • doc: Add note about restricting access to kernel ring buffer
  • doc: Extract containers documentation to containers.md
  • doc: Extract profiles documentation to profiles.md
  • doc: Extract server documentation to server.md
  • doc: Fix badly named example device
  • doc: Fix broken table
  • doc: Note that LXD assumes full control over the pool
  • doc: Update configuration.md with links to other documents
  • doc: Update README.md for new API client
  • extra/lxc-to-lxd: Don't crash on missing mount file
  • extra/lxc-to-lxd: Typo in description of --move-rootfs
  • extra/vagrant: Trailing whitespace
  • global: Fix error handling in all filepath.Walk calls
  • global: Fix a number of typos
  • global: Forward user-agent and other headers on redirect
  • global: Replace file Chmod() with os.Chmod()
  • global: Use containerGetParentAndSnapshotName()
  • global: Use RunCommand everywhere
  • lxc: Don't include spaces in translated strings
  • lxc: Improve batch mode
  • lxc: Make help/usage a bit more consistent
  • lxc: Move common functions/types to utils.go
  • lxc: Properly clear transfer stats on error
  • lxc: Rework for better manpages
  • lxc/config: Add new config handling code
  • lxc/config: Always use "simplestreams" for images:
  • lxc/config: Fix path handling
  • lxc/config: Fix SaveConfig's DeepCopy call
  • lxc/copy: Improve error handling
  • lxc/copy: Return the source error too
  • lxc/copy: Simplify
  • lxc/copy: Wait asynchronously
  • lxc/image: Show the alias description
  • lxc/image: Trailing whitespace
  • lxc/init: Drop unnecessary else statement
  • lxc/list: Document list format options
  • lxc/list: Fix regression in json output
  • lxc/list: Move common data extraction to a helper function
  • lxc/profile: Properly implement "profile unset"
  • lxc/publish: Wait for the conainer to be running
  • lxc/remote: Show the fingerprint as string not hex
  • lxc/utils: Implement progress tracking for operations
  • lxd: Drop use of logger.Log when not needed
  • lxd/apparmor: Fix AppArmor stack handling with nesting
  • lxd/containers: Add containerGetParentAndSnapshotName()
  • lxd/containers: Added soft limit in initLXD()
  • lxd/containers: Added soft memory limit even when hard is selected
  • lxd/containers: Add extra validation for unix-block/unix-char
  • lxd/containers: Add function to detect root disk device
  • lxd/containers: Allow for stable host interface names
  • lxd/containers: Clarify uid/gid error
  • lxd/containers: Cleanup root device validation
  • lxd/containers: Disable IPv6 on host side veth when bridged
  • lxd/containers: Don't ignore snapshot deletion failures
  • lxd/containers: Don't parse id ranges as int32
  • lxd/containers: Don't report migration success on failure
  • lxd/containers: Don't use FindProcess, just pass exec.Cmd
  • lxd/containers: Find current max snapshot value
  • lxd/containers: Fix bad root device detection code
  • lxd/containers: Fix base image tracking
  • lxd/containers: Fix concurent read/write to s.conns in exec
  • lxd/containers: Fix error handling on FileRemove
  • lxd/containers: Fix handling of devices with minor>255
  • lxd/containers: Fix override of Devices during copy
  • lxd/containers: Fix soft limit logic to use float64
  • lxd/containers: Initialize idmap on demand
  • lxd/containers: Kill forkexec on abnormal websocket closure
  • lxd/containers: Path may only be used by one disk
  • lxd/containers: Properly invalidate the idmap cache
  • lxd/containers: Properly revert memory limits on failure
  • lxd/containers: Properly validate architectures
  • lxd/containers: Set default values for USER, HOME and LANG
  • lxd/containers: This condition has already been deal
  • lxd/containers: Use int64 for uid and gid everywhere
  • lxd/containers: Validate container idmap as early as possible
  • lxd/containers: Validate expanded configuration after root setup
  • lxd/containers: Validate the expanded config at container create
  • lxd/daemon: Check for the validity of the id maps at startup
  • lxd/daemon: Fix some race conditions
  • lxd/daemon: Mount a tmpfs under devlxd
  • lxd/daemon: s/Default map/Available map/
  • lxd/daemon: Set ServerFingerprint
  • lxd/daemon: Use a tmpfs for shmounts
  • lxd/db: Actually enable foreign keys per connection
  • lxd/db: Deal with the case where no updates exist
  • lxd/db: Detect downgrades with newer DB and fail
  • lxd/db: Raise DB lock timeout to 30s, retry every 30ms
  • lxd/db: Rely on CASCADE
  • lxd/db: Remove some extra cleanup code
  • lxd/devlxd: Fix extraction of fd from UnixConn with go tip
  • lxd/events: Improve formatting in events API
  • lxd/images: Check if the image already exists
  • lxd/images: Drop leftover debug statement
  • lxd/images: Fix partial image fingerprint matches
  • lxd/images: Move imagesDownloading out of the daemon struct
  • lxd/images: Properly return the alias description
  • lxd/images: Record the server certificate in the cache
  • lxd/images: Refactor code a bit
  • lxd/images: Save image source certificate and pass it to the download
  • lxd/images: Split autoUpdateImage function
  • lxd/init: Only show userns message if lacking uid/gid
  • lxd/init: The 'storageBackend' has already been checked
  • lxd/main: Fix comment in activateifneeded
  • lxd/main_forkexec: Remove os.FindProcess
  • lxd/main_netcat: Implement logging
  • lxd/main_netcat: Switch to new helper
  • lxd/main_nsexec: cgo: Free allocated memory
  • lxd/main: Restrict daemon and activateifneeded to root
  • lxd/migration: Better handle rsync errors (subprocesses)
  • lxd/migration: Clarify CRIU related errors
  • lxd/migration: Handle EAGAIN properly
  • lxd/migration: Make our netcat handle EAGAIN
  • lxd/migration: Tweak rsync logging a bit
  • lxd/operations: Remove useless for loops
  • lxd/profiles: Verify root disk devices
  • lxd/storage/btrfs: Always use the recursive subvol functions
  • lxd/storage/btrfs: Cleanup empty migration dirs
  • lxd/storage/btrfs: Fix recursive subvol deletion
  • lxd/storage/btrfs: Properly handle nested subvolumes
  • lxd/storage: Ensure the container directory has the right permission
  • lxd/storage: Move mount helpers to storage utils
  • lxd/storage: Optimize containerGetRootDiskDevice a bit
  • Makefile: Always include gorilla/context
  • Makefile: Drop repeated calls to "go get"
  • Makefile: Use system libsqlite3 if available
  • shared: coding-style pedantry
  • shared/api: Add the Stateful field to ContainerPut
  • shared/api: Properly define the image creation source
  • shared/api: Use consistent json and yaml field names
  • shared/cmd: Add a new shared/cmd package with initial command I/O logic
  • shared/cmd: Complete cmd.Context support for various AskXXX methods
  • shared/gnuflag: Fix golint
  • shared/i18n: Simplify and make golint clean
  • shared/idmap: DefaultIdmapSet is always for root
  • shared/idmap: Drop GetOwner
  • shared/idmap: Fix various issues
  • shared/idmap: Implement parsing of kernel id maps
  • shared/idmap: Implement Usable() functions
  • shared/idmap: Improve parsing of the shadow id files
  • shared/idmap: Make more of an effort to find a default
  • shared/idmap: Remove debugging during idmap changes
  • shared/ioprogress: Simplify and make golint clean
  • shared/logger: Add pretty formatting
  • shared/logger: Create new package for logger
  • shared/logger: Make golint clean
  • shared/logger: Replace PrintStack with GetStack
  • shared/logging: Export LogfmtFormat
  • shared/logging: Make golint clean
  • shared/simplestreams: Always prefer squashfs when available
  • shared/simplestreams: Export image file list
  • shared/simplestreams: Improve error handling
  • shared/simplestreams: Properly handle image rebuilds
  • shared/termios: Make golint clean
  • shared/util: Add function to detect errno
  • shared/util: Add yaml-mode marker in template for "lxc edit" actions.
  • shared/util: Don't do chown on windows
  • shared/util: FileCopy should also keep owner
  • shared/util: FileCopy should keep the same mode
  • shared/version: Make golint clean
  • tests: Add a testify test suite for db tests, rework existing tests
  • tests: Add golint
  • tests: Add lxd init --auto tests
  • tests: Allow random storage backend selection
  • tests: Also unmount the devlxd path
  • tests: Always cleanup loop devices
  • tests: Avoid a zfs race
  • tests: Don't leak zpools in "lxd init" test
  • tests: Explicitly pass shell type to shellcheck
  • tests: Fix lxd auto init test suite
  • tests: Fix typo
  • tests: Give more time to reboot test
  • tests: Honor the LXD_BACKEND environment variable in storage tests
  • tests: Improve performance of deadcode test
  • tests: Make sure a client certificate is generated
  • tests: Make sure storage volume is mounted
  • tests: Properly cleanup in template testsuite
  • tests: Record how long the tests take
  • tests: Remove invalid test for Jenkins
  • tests: Run golint on client/ and lxc/config/
  • tests: Switch to use gofmt instead of "go fmt"
  • tests: Testsuites are sourced, not executed
  • tests: The monitor can exit on its own
  • tests: Trailing whitespaces
  • tests: Update for new client
  • tests: Update init test for stable branch
  • tests: Use flake8 instead of separate pyflakes and pep8
  • tests/deps: Make golint clean
  • tests/lxd-benchmark: Fix --help and --version handling

Downloads

The release tarballs can be found on our download page.

LXD 2.13 has been released

26th of April 2017

The changes in this release include

New features:

  • lxc/copy: Allow copying a container without its snapshots (--container-only)
  • lxd/storage/zfs: Introduce a new "zfs.clone_copy" property (will make a full copy rather than using a clone)
  • client: New, better designed, client library available for testing
  • lxd/containers: unix-char/unix-block devices can now be mapped to a different name in the container (set "source" and "path" keys)
  • lxd/containers: AppArmor namespacing is now enabled for privileged containers too
  • lxd/storage/lvm: Implement non-thinpool LVM storage pools (set "lvm.use_thinpool" to "false")
  • lxc/list: Support for CSV as an output format
  • lxd/init: Support for creating a subvolume in an existing btrfs environment
  • lxd/storage: Implement the "rsync.bwlimit" pool property to restrict rsync bandwidth
  • lxd/network: Allow overriding the VXLAN multicast interface (set "tunnel.NAME.interface")

Bugfixes:

  • client: Add basic logging code
  • client: Fix file push path handling (Issue #3153)
  • doc/api-extensions: Properly escape markdown
  • doc/configuration: Drop deprecated config options
  • doc/configuration: Extract containers documentation to containers.md
  • doc/configuration: Extract networking documentation to networks.md
  • doc/configuration: Extract profiles documentation to profiles.md
  • doc/configuration: Extract server documentation to server.md
  • doc/configuration: Extract storage documentation to storage.md
  • doc/configuration: Fix storage volume configuration (Issue #3140)
  • doc/configuration: Update with links to other documents
  • doc/lxd-ssl-authentication: Drop mention of PKI CRL (not implemented)
  • doc/production-setup: Fix broken table
  • doc/README: Update for new API client
  • doc/storage: Add note about escaping btrfs qgroups (Issue #3135)
  • doc/storage: Re-format a bit
  • i18n: Update translations from weblate
  • lxc/copy: Return the source error too (Issue #3086)
  • lxc/copy: Wait for operations asynchronously
  • lxc/list: Document list format options
  • lxc/manpage: Show all commands in "man lxc" (Issue #3214)
  • lxd/containers: Add containerGetParentAndSnapshotName()
  • lxd/containers: Added soft memory limit even when hard is selected
  • lxd/containers: Allow for stable host interface names (Issue #3143)
  • lxd/containers: Fix handling of devices with minor>255
  • lxd/containers: Fix typo in securtiy.syscalls.blacklist
  • lxd/containers: Fix unix device removal (bad cgroup.deny entry) (Issue #3107)
  • lxd/containers: Improve storage error messages on creation (Issue #3110)
  • lxd/containers: Properly invalidate the idmap cache
  • lxd/daemon: Improve PKI certificate handling (Issue #3162)
  • lxd/db: Deal with the case where no updates exist
  • lxd/images: Drop leftover debug statement
  • lxd/init: Add all storage options
  • lxd/main_activateifneeded: Port to new client code
  • lxd/main_callhook: Port to new client code
  • lxd/main_daemon: Port to new client code
  • lxd/main_forkexec: Remove use of os.FindProcess (Issue #3037)
  • lxd/main_import: Handle non-existing snapshots path (Issue #3198)
  • lxd/main_import: Port to new client code
  • lxd/main_init: Port to new client code
  • lxd/main_migratedumpsuccess: Port to new client code
  • lxd/main_netcat: Implement logging (Issue #2494)
  • lxd/main_netcat: Switch to new helper
  • lxd/main_ready: Port to new client code
  • lxd/main_shutdown: Port to new client code
  • lxd/main_waitready: Port to new client code
  • lxd/migration: Fix stateful restore
  • lxd/operations: Remove useless for loops
  • lxd/profiles: Fix ETag handling
  • lxd/rsync: Make our netcat handle EAGAIN (Issue #3168)
  • lxd/storage: Check that pool exists on profile changes (Issue #3137)
  • lxd/storage: Fix and improve config validation
  • lxd/storage/lvm: Improve snapshot handling
  • lxd/storage/lvm: Tweak {Try}RunCommand() calls
  • shared/api: Add the Stateful field to ContainerPut
  • shared/api: Properly define the image creation source
  • shared/gnuflag: Fix golint
  • shared/i18n: Simplify and make golint clean
  • shared/ioprogress: Simplify and make golint clean
  • shared/logger: Add line number logging
  • shared/logger: Add pretty formatting
  • shared/logger: Create new package for logger
  • shared/util_linux: Add function to detect errno (Issue #2494)
  • shared/version: Make golint clean
  • tests/lxd-benchmark: Port to new client code
  • tests: Add additional "file push -p" tests
  • tests: Add additional import tests (Issue #3198)
  • tests: Add additional storage pool tests
  • tests: Add migration tests for copy and move (Issue #3006)
  • tests: Keep testsuite non-executable (they're sourced)
  • tests: Make sure a client certificate is generated
  • tests: Make sure we also delete dependent records in import tests
  • tests: Record how long the tests take
  • tests: Run golint on client/ and lxc/config/
  • tests: Stop containers before modifying the DB
  • tests: Use flake8 instead of separate pyflakes and pep8
  • tests: Use shutdown/respawn helpers to simplify import tests

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.12 release announcement

20th of March 2017

The changes in this release include

New features:

  • lxc/exec: Implement ssh-style -t/-T/-n
  • lxd/init: Support all storage drivers

Bugfixes:

  • doc: Add a note about restricting access to kernel ring buffer
  • doc: Document backup strategies
  • doc: Document that X-LXD-type is valid for POST
  • lxc: Properly clear transfer stats on error
  • lxc/copy: Don't attempt to live migration on copy
  • lxc/list: Add a simple list formatting example
  • lxd/backup: Improve backup handling
  • lxd/backup: Record container's storage volume
  • lxd/backup: Record storage pool struct
  • lxd/containers: Find max value currently used
  • lxd/daemon: Allow unsetting deprecated keys with default
  • lxd/daemon: Skip StoragePoolCheck() broken patch
  • lxd/images: Record the server certificate in the cache
  • lxd/init: Better render available storage backends
  • lxd/internal: Check for container storage volume
  • lxd/patches: Check if config is empty before update
  • lxd/patches: Ensure existing pool config is kept
  • lxd/storage: Adapt SetupStorageDriver()
  • lxd/storage: Fix container_lxc to match shared/api
  • lxd/storage: Make Storage{Start,Stop}() return bool and error
  • lxd/storage/btrfs: Add isBtrfsFilesystem()
  • lxd/storage/lvm: Force lvmetad cache update
  • lxd/storage/zfs: Create a volume entry for re-used images
  • lxd/storage/zfs: Load kernel module in case it isn't
  • lxd/storage/zfs: Prevent removal of the snapshot mountpoint
  • lxd/storage/zfs: Try lazy umount if zfs umount fails
  • scripts/lxc-to-lxd: Typo in description of --move-rootfs
  • shared/api: Update storage.go to cover POST too
  • shared/simplestreams: Export image file list
  • tests: Add tests for lxd import
  • tests: Fix btrfs detection code
  • tests/lxd-benchmark: Fix --help and --version handling

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.11 release announcement

8th of March 2017

The changes in this release include

New features:

  • New "aliases" field in POST /1.0/images allowing for an initial set of aliases to be passed.
  • Reworked help messages and "lxc manpage" command to generate manpages for the client.
  • New "vlan" nic property for "macvlan" devices, allowing to connect to a particular VLAN on the host device.

Bugfixes:

  • doc: Add instructions to grow ZFS loop
  • doc: Improve storage doc (Issue #3013)
  • global: Use RunCommand everywhere
  • i18n: Refresh templates
  • i18n: Update translations from weblate
  • i18n: Update translation templates
  • lxc: Allow --version to be passed with any command
  • lxc: Make help/usage a bit more consistent
  • lxc: Rework for better manpages
  • lxc/image: Show the alias description
  • lxc/profile: Properly implement "profile unset"
  • lxd/containers: Don't use FindProcess, just pass exec.Cmd (Issue #3037)
  • lxd/containers: Properly revert memory limits on failure (Issue #3017)
  • lxd/images: Properly return the alias description
  • lxd/images: Refactor code a bit
  • lxd/migration: Actually unset the storage pool if unavailable (Issue #3036)
  • lxd/migration: Better handle rsync errors (subprocesses)
  • lxd/migration: Set correct pool property for btrfs (Issue #3036)
  • lxd/migration: Set correct pool property for zfs (Issue #3036)
  • lxd/migration: Tweak rsync logging a bit
  • lxd/patches: Call tryMount() if not already mounted (Issue #3026)
  • lxd/patches: Conditionalize lvrename (Issue #3026)
  • lxd/patches: Delete image db entry if LV is missing (Issue #3026)
  • lxd/patches: Detect the logical volume size
  • lxd/patches: Fix incorrect btrfs source properties (Issue #3020)
  • lxd/patches: Handle mixed-storage upgrade (Issue #3026)
  • lxd/patches: Use MNT_DETACH for lvm (Issue #3026)
  • lxd/patches: Use RemoveAll() for lvm snapshots dir (Issue #3026)
  • lxd/storage/btrfs: Correctly handle loop-backed pools (Issue #3020)
  • lxd/storage/btrfs: Handle custom subvolume paths (Issue #3020)
  • lxd/storage/dir: Limit valid pool source paths (Issue #3023)
  • lxd/storage/lvm: Call {pv,vg}scan
  • lxd/storage/lvm: Dumb down functions from methods to functions (Issue #3026)
  • lxd/storage: Deal with source not being btrfs (Issue #3024)
  • lxd/storage: Ensure correct pool for snapshots (Issue #3036)
  • lxd/storage: Harden the btrfs migration code (Issue #3024)
  • lxd/storage: Report prepareLoopDev() error directly
  • shared/idmap: Fix various issues
  • tests: Add more dir and btrfs tests (Issue #3023)
  • tests: Improve lvm part of storage tests

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.10.1 release announcement

2nd of March 2017

The changes in this release include

This is a bugfix release for LXD 2.10, fixing a number of issues reported after release.

Bugfixes:

  • global: Fix error handling in all filepath.Walk calls
  • lxd/images: Fix base image tracking (Issue #2999)
  • lxd/init: Allow running as non-root
  • lxd/storage: Add set_autoclear_loop_device()
  • lxd/storage/lvm: Allow loop-backed lvm storage pools
  • lxd/storage/lvm: Fix defer calls
  • lxd/storage/lvm: Make sure loop devices stays around on volume delete
  • lxd/storage/lvm: Set LO_FLAGS_AUTOCLEAR before file removal
  • lxd/storage/lvm: Use lvmized container name for LV
  • lxd/storage/zfs: Do not revert on success
  • lxd/storage/zfs: Import loop-backed storage pools on startup
  • shared/simplestreams: Improve error handling
  • shared/util: Check for err in {UUID, BlockDev} lookup
  • tests: Fix yet another LVM pool's volume size
  • tests: Give more time to reboot
  • tests: Rely on "lxc storage" create only for lvm

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.10 release announcement

28th of February 2017

The changes in this release include

New features:

  • With the LVM backend, lvm.vg_name and lvm.thinpool_name can now be modified
  • "lxd init" can now be run even after containers and images are present

Bugfixes:

  • doc: Escape markdown
  • doc: Fix badly named example device
  • global: Use int64 for uid and gid everywhere
  • i18n: Refresh translations and templates
  • i18n: Update translations from weblate
  • lxc: Move common functions/types to utils.go
  • lxc/action: Improve batch mode (Issue #2966)
  • lxc/file: Detect and fail to transfer symlinks (Issue #2970)
  • lxc/publish: Wait for the container to be running
  • lxd/containers: Clarify uid/gid error
  • lxd/containers: Don't parse id ranges as int32
  • lxd/containers: Fix override of Devices during copy (Issue #2872)
  • lxd/containers: Fix uint32 check
  • lxd/containers: Initialize idmap on demand
  • lxd/containers: Kill forkexec on abnormal websocket closure
  • lxd/containers: Properly validate architectures (Issue #2971)
  • lxd/containers: Remove debugging during idmap changes
  • lxd/containers: Simplify container storage init
  • lxd/containers: Validate container idmap as early as possible
  • lxd/containers: Validate the expanded config at container create
  • lxd/daemon: Check for the validity of the id maps at startup (Issue #2885)
  • lxd/daemon: Detect downgrades with newer DB and fail
  • lxd/daemon: Fix some race conditions
  • lxd/events: Improve formatting in events API
  • lxd/images: Properly handled non-optimized stores
  • lxd/init: Only show userns message if lacking uid/gid
  • lxd/patches: Activate volume group and logical volumes
  • lxd/patches: Do not parse volume.size for lvm
  • lxd/patches: Fix zfs upgrade from existing dataset
  • lxd/storage: Add proper logging
  • lxd/storage: Check if profiles use pool or volume
  • lxd/storage: Detect if loop file is already in use
  • lxd/storage: Improve storage volume attachment
  • lxd/storage: Make flag argument configurable
  • lxd/storage: Move storage drivers cache to storage.go
  • lxd/storage: Remove unused function argument
  • lxd/storage: Return correct error messages
  • lxd/storage: Simplifiy StoragePoolInit()
  • lxd/storage/btrfs: Quotas can't be enabled when unprivileged
  • lxd/storage/lvm: Activate volume groups and logical volumes
  • lxd/storage/lvm: Don't set volume size
  • shared/idmap: Drop GetOwner
  • shared/idmap: Implement Usable() functions
  • shared/idmap: Make more of an effort to find a default
  • tests: Add test for storage volume {attach,detach}
  • tests: Don't leak zpools in "lxd init" test

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.9.3 release announcement

24th of February 2017

The changes in this release include

This is another bugfix release for LXD 2.9, fixing migration issues reported by our users.

Bugfixes:

  • client: Always use "simplestreams" for the images: remote
  • doc: Add client tool examples to storage.md
  • doc: Add lvm.{thinpool,vg}_name pool properties
  • lxd: Cleanup root device validation
  • lxd/containers: Add extra validation for unix-block/unix-char
  • lxd/containers: Check whether storage is ready before applying quota
  • lxd/containers: Don't ignore snapshot deletion failures
  • lxd/daemon: s/Default map/Available map/
  • lxd/init: "lxd init" can now be run as a normal user
  • lxd/main: Fix comment in activateifneeded
  • lxd/main: Restrict daemon and activateifneeded to root
  • lxd/patches: Fix pool and volume configuration on upgrade
  • lxd/patches: Move to lvm.thinpool_name pool key
  • lxd/storage: Add ContainerStorageReady()
  • lxd/storage: Call storageVolumeFillDefault() on demand
  • lxd/storage: Don't modify configuration during config check
  • lxd/storage: Ensure image is wiped from DB on error
  • lxd/storage: Fill in default configuration for images
  • lxd/storage: Implement correct config inheritance for pools and volumes
  • lxd/storage: Only fill in defaults on creation
  • lxd/storage: Only set size property on lvm
  • lxd/storage: Properly report UsedBy
  • lxd/storage: Store size values as given to us
  • lxd/storage/btrfs: Always pass the mount options
  • lxd/storage/btrfs: Always use the recursive subvol functions
  • lxd/storage/btrfs: Drop dead code
  • lxd/storage/btrfs: Improve upgrade
  • lxd/storage/btrfs: Only use size in the loop case
  • lxd/storage/btrfs: Properly handle nested subvolumes
  • lxd/storage/btrfs: Set loop file if "source" is empty
  • lxd/storage/dir: Handle cross-device upgrade
  • lxd/storage/lvm: Add lvm.thinpool_name and lvm.vg_name
  • lxd/storage/lvm: Allow to reuse existing volume groups
  • lxd/storage/lvm: Always set lvm.thinpool_name
  • lxd/storage/lvm: Don't unmount the container twice on delete
  • lxd/storage/lvm: Handle "i" in sizes
  • lxd/storage/lvm: Parse "volume.size" not "size" property
  • lxd/storage/lvm: Remove volume.lvm.thinpool_name
  • lxd/storage/lvm: Lock during StoragePoolVolume{M,Um}ount
  • lxd/storage/zfs: Lock during StoragePoolVolume{M,Um}ount
  • lxd/storage/zfs: Correctly handle configuration keys
  • lxd/storage/zfs: Only use size property in the loop case
  • lxd/storage/zfs: Remove very repetitive log message
  • lxd/storage/zfs: Set mountpoint=none on old images
  • shared/idmap: DefaultIdmapSet is always for root
  • shared/idmap: Implement parsing of kernel id maps
  • shared/idmap: Improve parsing of the shadow id files
  • shared/simplestreams: Properly handle image rebuilds
  • tests: Adapt to command line unification
  • tests: Add LVM specific storage pool tests
  • tests: Also unmount the devlxd path
  • tests: Always cleanup loop devices
  • tests: Always use 25MB volumes for LVM
  • tests: Fix lxd auto init test suite
  • tests: Improve performance of deadcode test
  • tests: Test custom storage volume creation

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.9.2 release announcement

20th of February 2017

The changes in this release include

This is another bugfix release for LXD 2.9, fixing migration issues reported by our users.

Bugfixes:

  • lxd/containers: Add fun to detect root disk device
  • lxd/containers: Ensure proper root disk device
  • lxd/containers: Helper to retrieve pool from devices
  • lxd/containers: Path may only be used by one disk
  • lxd/init: Fix regressions caused by storage work
  • lxd/init: Small fixes
  • lxd/migration: Call helper to detect valid storage pool
  • lxd/migration: Fix moving containers with storage api
  • lxd/patches: Handle partial upgrades + pool fixes
  • lxd/patches: Handle partial upgrades + pool fixes
  • lxd/patches: Improve btrfs upgrade
  • lxd/patches: Improve dir upgrade
  • lxd/patches: Only rerun pool updates
  • lxd/profiles: Verify root disk devices
  • lxd/storage/btrfs: Enable quotas on the pools we create
  • lxd/storage/dir: Delete image from database
  • Makefile: Always include gorilla/context
  • Makefile: Drop repeated calls to "go get"
  • tests: Add lxd init --auto tests
  • tests: Add test for root disk devices in profiles
  • tests: Execute tests based on available tools
  • tests: Fix mixed tab/spaces again

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.9.1 release announcement

16th of February 2017

The changes in this release include

We made this follow-up bugfix release to correct a few regressions introduced by LXD 2.9.

Bugfixes:

  • doc: Document the "pool" property for disk devices
  • lxc/storage: Fix help output for create
  • lxc/storage: simplify
  • lxd/daemon: Allow unsetting the deprecated storage keys
  • lxd/patches: Add more comments to storage upgrade code
  • lxd/storage: Improve logging
  • lxd/storage: Rename and add opcode functions
  • lxd/storage: Use existing ZFS {pool, dataset} or create it
  • lxd/storage: Use unified operation ids when locking
  • tests: Use dataset as pool or existing pool for ZFS

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.9 release announcement

15th of February 2017

The changes in this release include

New features:

  • Introduce the LXD storage management API
    • Allows for multiple storage pools in LXD
    • Pools can be used to store containers and custom volumes
    • New /1.0/storage-pools API (see rest-api.md)
    • New "lxc storage" set of commands
    • Updated "lxd init" to support creating storage pools
  • Allow setting network interface name with "lxc network attach"
  • New "lxc file delete" command and API
  • Ability to append to rather than overwrite a file through the API
  • New "ipv4.dhcp.expiry" and "ipv6.dhcp.expiry" config options for DHCP lease time

Bugfixes:

  • doc: Clarify PUT vs PATCH (Issue 2873)
  • doc: Note that LXD assumes full control over its ZFS dataset
  • doc: Update database.md to match current DB schema
  • lxc: Don't include spaces in translated strings
  • lxc/list: Fix regression in json output (Issue 2887)
  • lxd/containers: Disable IPv6 on host side veth when bridged (issue 2845)
  • lxd/containers: Don't block resolution on non-existing paths
  • lxd/containers: Don't check the image fingerprint twice
  • lxd/containers: Fix concurent read/write to s.conns in exec (Issue 2862)
  • lxd/containers: Fix error handling on FileRemove
  • lxd/containers: Set default values for USER, HOME and LANG (Issue 2830)
  • lxd/daemon: Mount a tmpfs under devlxd (Issue 2877)
  • lxd/daemon: Use a tmpfs for shmounts
  • lxd/db: Actually enable foreign keys per connection
  • lxd/db: Raise DB lock timeout to 30s, retry every 30ms (Issue 2826)
  • lxd/db: Rely on CASCADE (Issue 2844)
  • lxd/db: Remove some extra cleanup code
  • lxd/devlxd: Fix extraction of fd from UnixConn with go tip
  • lxd/images: Fix partial image fingerprint matches
  • lxd/images: Move imagesDownloading out of the daemon struct
  • lxd/init: Don't check the storage backend twice
  • lxd/migration: Clarify CRIU related errors
  • lxd/migration: Don't report migration success on failure
  • lxd/nsexec: Close *DIR stream returned by fdopendir()
  • lxd/nsexec: Free allocated memory
  • lxd/storage/btrfs: Fix recursive subvol deletion
  • lxd/storage/zfs: Simplify device tracking logic
  • Makefile: Use system libsqlite3 if available
  • network: Skip ip6tables clear on non-ipv6 hosts (Issue 2842)
  • shared: Forward user-agent and other headers on redirect (Issue 2805)
  • shared/api: Use consistent json and yaml field names
  • shared/simplestreams: Always prefer squashfs when available
  • shared/utils: Don't do chown on windows
  • shared/utils: FileCopy should also keep owner
  • shared/utils: FileCopy should keep the same mode
  • tests: Add golint for shared/api
  • tests: Avoid a zfs race
  • tests: Empty and validate network tables
  • tests: Fix typo
  • tests: Properly cleanup in template testsuite
  • tests: Switch to use gofmt instead of "go fmt"
  • tests: The monitor can exit on its own (ignore kill failure)

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.9 release announcement

26th of January 2017 This is the ninth bugfix release for LXD 2.0.

The changes since LXD 2.0.8 are

Minor improvements:

  • Exec sessions being killed by a signal will now report the signal number as part of their exit code.
  • VLAN device types are now properly reported in the API and client.
  • The client will now show the date an image was last used at (in lxc image info).
  • The client will now let you delete multiple images at once.
  • LXD is now using Weblate for its translations.

Bugfixes:

  • client: Add a done signal to Monitor API
  • client: Better handle http errors
  • client: Commonize update methods
  • doc: Add Documentation on Network Configuration via cloud-init
  • doc: Added reference to godoc to README.md
  • doc: Update README.md for CI and Weblate status
  • extra/lxc-to-lxd: Add more unsupported config keys
  • extra/lxc-to-lxd: All properties must be strings
  • extra/lxc-to-lxd: Copy the rootfs by default, don't move it
  • extra/lxc-to-lxd: Show nicer error on missing python3-lxc
  • extra/lxc-to-lxd: Switch to using a config whitelist
  • global: Fix typos
  • global: "gofmt -s" run
  • lxc: Better handle timestamps
  • lxc: Make help messages more consistent
  • lxc: Properly check yaml errors
  • lxc/init: Fix example
  • lxc/init: Properly replace args list
  • lxc/launch: Just use init.go's flags()
  • lxc/list: Sort IPv4 and IPv6 addresses
  • lxc/remote: Update help
  • lxd-bridge: Add ip6tables filter rules
  • lxd-bridge: DHCP happens over UDP only
  • lxd-bridge: Make IPv4 firewalling optional (default is enabled)
  • lxd/containers: Add basic logging to container creation
  • lxd/containers: Allow passing in-memory buffers to a FileResponse
  • lxd/containers: Also call setgroups when attaching to the container
  • lxd/containers: Avoid race condition in network fill function
  • lxd/containers: Blacklist lxc.syslog and lxc.ephemeral in raw.lxc
  • lxd/containers: Detect background tasks to allow clean exit
  • lxd/containers: Do mounts in the right order
  • lxd/containers: Don't attempt to read xattrs from symlinks
  • lxd/containers: Don't block resolution on non-existing paths
  • lxd/containers: Don't record last_state.power twice
  • lxd/containers: Exec() return attached PID && take bool arg
  • lxd/containers: Fix container state recording
  • lxd/containers: Fix device hotplug with major/minor set
  • lxd/containers: Fix file push error handling
  • lxd/containers: Fix generated seccomp profile
  • lxd/containers: Fix logging for file_manip commands
  • lxd/containers: Improve error handling and reporting during export
  • lxd/containers: Return a clear error when replacing a directory
  • lxd/daemon: Common codepath for http client
  • lxd/daemon: Don't set InsecureSkipVerify on daemon's tls config
  • lxd/daemon: Log daemon version
  • lxd/daemon: Make directories with stricter permissions
  • lxd/daemon: Make LXD_DIR with +x for group and everyone
  • lxd/daemon: Only mark ready once containers are up
  • lxd/daemon: Properly validate daemon keys on unset
  • lxd/daemon: Use our custom http server when updating HTTPS address too
  • lxd/db: Drop unused code from db.go
  • lxd/images: Close race condition in image download
  • lxd/images: Track speed during network transfers
  • lxd/main: Move activateifneeded to own file
  • lxd/main: Move callhook to own file
  • lxd/main: Move daemon to own file
  • lxd/main: Move forkexec to own file
  • lxd/main: Move forkgetnet to own file
  • lxd/main: Move forkmigrate to own file
  • lxd/main: Move forkstart to own file
  • lxd/main: Move init to own file
  • lxd/main: Move migratedumpsuccess to own file
  • lxd/main: Move netcat to own file
  • lxd/main: Move ready to own file
  • lxd/main: Move shutdown to own file
  • lxd/main: Move waitready to own file
  • lxd/main: Rename nsexec.go to main_nsexec.go
  • lxd/migrate: Use the generated snapshot list
  • lxd/patches: Mark all patches as applied on create
  • lxd/profiles: Fix unusued variable
  • lxd/storage: btrfs: Don't assume a path is a subvolume
  • lxd/storage: Change ContainerStart to take the name and path to start
  • lxd/storage: Rework EEXISTS detection on create
  • lxd/storage: zfs: Simplify device tracking logic
  • Makefile: Rework "make dist" to be more reliable
  • shared: add GetPollRevents()
  • shared: Add WebsocketExecMirror()
  • shared: Centralize all cert fingerprint generation
  • shared: Convert TransferProgress to ReadCloser
  • shared: ExecReaderToChannel() use sync.Once
  • shared: Give Architecture handling its own package
  • shared: Give IO progress tracker its own package
  • shared: Give simplestreams client its own package
  • shared: Give version handling its own package
  • shared: Implement write tracking
  • shared: Make a helper to compute cert fingerprint
  • shared: Move Device/Devices types to lxd package
  • shared: Move FromLXCState out of shared
  • shared: Move REST API to new package: certificate
  • shared: Move REST API to new package: container
  • shared: Move REST API to new package: godoc
  • shared: Move REST API to new package: image
  • shared: Move REST API to new package: network
  • shared: Move REST API to new package: operation
  • shared: Move REST API to new package: profile
  • shared: Move REST API to new package: response
  • shared: Move REST API to new package: server
  • shared: Move REST API to new package: status
  • shared: Move WebsocketUpgrader to network.go
  • shared: Remove GroupName function and add UserId one
  • shared: Rename idmapset_test_linux.go to idmapset_linux_test.go
  • shared: Support absolute file transfer tracking
  • shared/idmapset: Drop debugging code
  • shared/idmapset: Fix intersection test
  • shared/logging: Introduce our own formatter
  • shared/logging: Make PrintStack print at the Error level
  • shared/simplestreams: Don't depend on custom http handler
  • shared/simplestreams: Pass UserAgent as argument
  • shared/util: Add Int64InSlice()
  • shared/util: GetByteSizeString() take precision argument
  • shared/util: Improve byte parsing
  • shared/util: ParseByteSizeString() deal with bytes
  • tests: Don't ignore errors in db tests
  • tests: Fix bad variable name
  • tests: Fix deadcode to work with new upstream
  • tests: Fix shellcheck being confused by cd
  • tests: Fix standalone remote test
  • tests: Shorten test name to fit on Jenkins
  • tests: Simplify testsuite spawn code
  • tests: Test lxd shutdown
  • tests: Use lxc restart instead of reboot

Downloads

The release tarballs can be found on our download page.

LXD 2.8 release announcement

24th of January 2017

The changes in this release include

New features:

  • Exec sessions being killed by a signal will now report the signal number as part of their exit code.
  • The first stage of our Go client API rework is now done with a new api module containing all REST API definitions.
  • The dnsmasq instance used for LXD managed bridges is now running as an unprivileged user.
  • VLAN device types are now properly reported in the API and client.
  • The client will now show the date an image was last used at (in lxc image info).
  • LXD is now using Weblate for its translations.

Bugfixes:

  • client: Add a done signal to Monitor API
  • client: Better handle http errors
  • doc: Add Documentation on Network Configuration via cloud-init
  • doc: Update README.md for CI and Weblate
  • doc: Update README.md for godoc
  • global: Fix typos
  • global: "gofmt -s" run
  • i18n: Improved and completed french translation
  • i18n: Update message catalogs and Japanese translation
  • i18n: Update translations from weblate
  • lxc: Better handle timestamps
  • lxc/file: Fix directory permissions on recursive push (Issue #2759)
  • lxc/init: Properly replace args list
  • lxc/list: Fix unused variable
  • lxc/list: Sort IP addresses in output
  • lxc/network: Better handle network modifications (Issue #2785)
  • lxc/network: Sort UsedBy list on show
  • lxc: Properly check yaml errors
  • lxc/remote: Update help
  • lxd/containers: Allow passing in-memory buffers to a FileResponse
  • lxd/containers: Don't attempt to read xattrs from symlinks (Issue #2801)
  • lxd/containers: Improve error handling and reporting during export
  • lxd/containers: Report -1 (255) on signal exit during exec
  • lxd/containers: Report exit code when we got killed by signal
  • lxd/db: Drop unused code from db.go
  • lxd/devices: Don't ignore regexp failures
  • lxd/images: Close race condition in image download (Issue #2739)
  • lxd/init: We need an address in CIDR notation instead of CIDR subnet
  • lxd/migrate: Use the generated snapshot list
  • lxd/network: Clean up leases for static assignments (Issue #2781)
  • lxd/networks: Handle empty dnsmasq pid file (Issue #2767)
  • lxd/network: Update permissions of network directories (Issue #2804)
  • lxd/patches: Mark all patches as applied on create
  • lxd/profiles: Fix unusued variable
  • lxd/storage: Don't assume a path is a subvolume (Issue #2748)
  • shared: Add Int64InSlice()
  • shared: Have GetByteSizeString() take a precision argument
  • shared: Improve byte parsing in GetByteSizeString() and ParseByteSizeString()
  • shared: Move Device/Devices types to lxd package
  • shared: ParseByteSizeString() deal with bytes
  • shared: Remove GroupName function and add UserId one
  • tests: Don't ignore errors in db tests
  • tests: Fix deadcode to work with new upstream
  • tests: Fix shellcheck being confused by cd
  • tests: Use lxc restart whenever possible

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.7 release announcement

20th of December 2016

The changes in this release include

New features:

  • New "ipv4.firewall" and "ipv6.firewall" network attributes controlling the generation of iptables FORWARD rules
  • New "ipv4.routes" and "ipv6.routes" network attributes allowing for additional static routes to be set to the network.
  • New "lxd import" command allowing importing of containers when all that exists is the "containers" directory.

Bugfixes:

  • client: Commonize update methods and add PATCH
  • extra/lxc-to-lxd: Add more unsupported config keys
  • extra/lxc-to-lxd: All properties must be strings (Issue #2663)
  • extra/lxc-to-lxd: Copy rootfs by default, do not move
  • extra/lxc-to-lxd: Show nicer error on missing python3-lxc
  • extra/lxc-to-lxd: Switch to using whitelist
  • i18n: Update french translation
  • lxc/file: Fix off by one error in push
  • lxc: Improve help messages (Issue #2719)
  • lxc/init: Fix example
  • lxc/launch: Just use init.go's flags()
  • lxd: Common codepath for http client
  • lxd: Don't set InsecureSkipVerify on daemon's tls config
  • lxd: Log daemon version
  • lxd: Make LXD_DIR 711 by default (needed for unprivileged containers)
  • lxd: Only mark daemon ready once containers are up
  • lxd: Properly validate daemon keys on unset (Issue #2698)
  • lxd: Refactoring of sub-command code
  • lxd: Use our custom http server when updating HTTPS address too
  • lxd/containers: Add basic logging to container creation
  • lxd/containers: Avoid race condition in network fill function
  • lxd/containers: Blacklist lxc.syslog and lxc.ephemeral
  • lxd/containers: Cleanup leftover temp file
  • lxd/containers: Detect background tasks to allow clean exit on exec
  • lxd/containers: Do mounts in the right order (Issue #2717)
  • lxd/containers: Don't record last_state.power twice
  • lxd/containers: Fix container state recording (Issue #2686)
  • lxd/containers: Fix device hotplug with major/minor set
  • lxd/containers: Fix file push error handling
  • lxd/containers: Fix logging for file_manip commands
  • lxd/containers: Move FromLXCState out of shared
  • lxd/containers: Return a clear error when replacing a directory (Issue #2668)
  • lxd/containers: Rework EEXISTS detection on create
  • lxd/networks: Allow for network-specific lease updates
  • lxd/networks: DHCP over TCP has never been implemented
  • lxd/nsexec: Also call setgroups (Issue #2724)
  • lxd/seccomp: Fix generated seccomp profile
  • lxd/storage: Change ContainerStart to take the name and path to start
  • Makefile: Rework "make dist"
  • shared: Give Architecture handling its own package
  • shared: Give IO progress tracker its own package
  • shared: Give simplestreams client its own package
  • shared: Give version handling its own package
  • shared: Introduce our own formatter
  • shared: Make a helper to compute cert fingerprint
  • shared: Make PrintStack print at the Error level
  • shared: Move WebsocketUpgrader to network.go
  • shared: Rename idmapset_test_linux.go to idmapset_linux_test.go
  • shared/idmap: Drop debugging code
  • shared/idmap: Fix intersection test
  • shared/simplestreams: Don't depend on custom http handler
  • shared/simplestreams: Pass UserAgent as argument
  • tests: Add pki test
  • tests: Only attach lxdbr0 if it is present on the host
  • tests: Simplify testsuite spawn code
  • tests: Test lxd shutdown

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.8 release announcement

24th of November 2016 Follow-up bugfix release to fix a regression introduced by the rushed 2.0.7 release.

The changes since LXD 2.0.7 are

Bugfixes:

  • Don't grab addresses from public remotes

Downloads

The release tarballs can be found on our download page.

LXD 2.6.2 release announcement

24th of November 2016 Follow-up bugfix release to fix a regression introduced by the rushed 2.6.1 release.

The changes in this release include

Bugfixes:

  • Don't grab addresses from public remotes

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.7 release announcement

24th of November 2016 This is an emergency bugfix release to fix a critical regression in LXD 2.0.6.

The regression was causing pre-existing unprivileged containers to potentially start as privileged containers upon restart.

The changes since LXD 2.0.6 are

Bugfixes:

  • extra/bash: Better parse containers list
  • lxc/copy: Make container copy more robust (Issue #2640)
  • lxd/containers: Don't assign idmaps to privileged containers
  • lxd/containers: Don't break when parsing old containers
  • lxd/containers: Don't double apply templates
  • lxd/containers: Fix concurrent map iteration+modification
  • lxd/containers: Fix idmap handling of pre-idmap containers (Issue #2644)
  • tests: Add tests for file templating (Issue #2642)

Downloads

The release tarballs can be found on our download page.

LXD 2.6.1 release announcement

24th of November 2016 This is an emergency bugfix release to fix a critical regression in LXD 2.6.

The regression was causing pre-existing unpriivleged containers to potentially start as privileged containers upon restart.

The changes in this release include

Bugfixes:

  • extra/bash: Better parse containers list
  • lxc/copy: Make container copy more robust (Issue #2640)
  • lxc/init: Remove unicode character from lxc warning
  • lxd/containers: Don't assign idmaps to privileged containers
  • lxd/containers: Don't break when parsing old containers
  • lxd/containers: Don't double apply templates
  • lxd/containers: Fix concurrent map iteration+modification
  • lxd/containers: Fix idmap handling of pre-idmap containers (Issue #2644)
  • tests: Add tests for file templating (Issue #2642)

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.6 release announcement

23rd of November 2016 This is the sixth bugfix release for LXD 2.0.

The changes since LXD 2.0.5 are

Minor improvements:

  • Support for container specific uid/gid maps (see userns-idmap.md)

Bugfixes:

  • appveyor: Add config to git (Issue #2537)
  • appveyor: Cleanup appveyor.yml before modifications
  • appveyor: Create archive with platform specifier in its name
  • appveyor: Do verbose testing for test names and timings
  • appveyor: Publish compiled binaries for download
  • client: Rework progress handling
  • doc: Add hacking guide (debugging.md)
  • doc: Add official Windows support in README
  • doc: Bump liblxc version required in README
  • doc: Sort API endpoints in rest-api.md
  • doc: Update README to specify docker installation details
  • doc: Update requirements, we actually require 2.0.0 or higher
  • doc: Use consistent method ordering in rest-api.md
  • extra/bash: Allow dash in parameters to lxc-client bash-completion
  • extra/bash: Fix _lxd_profiles in lxc-client bash-completion
  • extra/lxc-to-lxd: Better output with no container
  • extra/lxc-to-lxd: Check that source path exists (disk) (Issue #2572)
  • extra/lxc-to-lxd: Consistent logging
  • extra/lxc-to-lxd: Don't fail dry-run with runnning containers
  • extra/lxc-to-lxd: Drop dependency on pylxd
  • extra/lxc-to-lxd: Fix lxdpath handling
  • extra/lxc-to-lxd: Formatting
  • extra/lxc-to-lxd: Migrate lxc.aa_profile if set
  • extra/lxc-to-lxd: Print summary and proper exit code
  • lxc/copy: Don't use the operation as a marker of success
  • lxc/copy: Wait on the source operation too
  • lxc/delete: update help text
  • lxc/exec: Set term to "dumb" on windows (Issue #2288)
  • lxc/finger: update help text
  • lxc: Fix tests on Windows/Mac
  • lxc/list: Fix typo in help message
  • lxc/remote: Fix remote add with Go tip
  • lxc/restore: update help text
  • lxc: Use .yaml as the yaml extension in examples
  • lxd/certificates: Export all documented certificate fields
  • lxd/containers: Add /snap/bin to PATH even if only /snap exists
  • lxd/containers: Also clean up apparmor stuff in OnStart when something fails
  • lxd/containers: Attach to userns on file operations
  • lxd/containers: Be more verbose on mkdir failure
  • lxd/containers: Better handle concurrent stop/shutdown
  • lxd/containers: Catch and return more errors in OnStop
  • lxd/containers: Clarify container delete failure error
  • lxd/containers: Don't destroy ephemeral container on restart (Issue #2555)
  • lxd/containers: Don't double delete ephemeral containers
  • lxd/containers: Don't show invalid logs
  • lxd/containers: Fix forkmount to work with 4.8 and higher
  • lxd/containers: Fix invalid filename of metadata on export (Issue #2467)
  • lxd/containers: Improve config validation on update
  • lxd/containers: Improve container error handling
  • lxd/containers: Improve container locking mechanism (Issue #2612)
  • lxd/containers: log OnStart/OnStop hook errors
  • lxd/containers: More reliable container autostart (Issue #2469)
  • lxd/containers: Only load kernel modules if not loaded
  • lxd/containers: Properly validate CPU allowance
  • lxd/containers: Properly validate memory limits (Issue #2483)
  • lxd/containers: Record the err from go-lxc
  • lxd/containers: Remove legacy code from OnStop
  • lxd/containers: Remove unused code
  • lxd/containers: Save properties on publish
  • lxd/containers: Set LXC loglevel to match daemon (Issue #2528)
  • lxd/containers: Skip leading whitespace in raw.lxc
  • lxd/containers: Start storage when necessary in stateful start
  • lxd/containers: Timeout container freeze on stop
  • lxd/images: Detect out of disk space unpack errors (Issue #2201)
  • lxd/images: Don't make unnecessary image copies (Issue #2508)
  • lxd/images: Don't update images at all if interval is 0
  • lxd/images: Store the simplestreams cache to disk (Issue #2487)
  • lxd/init: Detect zfs kernel support
  • lxd/init: Ignore ZFS if in a container
  • lxd/main: Immediately exit when no DB in activateifneeded
  • lxd/migration: Fix a race for collecting logs
  • lxd/migration: Remove debugging by file creation
  • lxd/migration: Start migration storage at the right time (Issue #2505)
  • lxd/storage: Fix 10s delay on removing used ZFS images (Issue #2617)
  • lxd/storage: Freeze before copying in dir backend
  • lxd/storage: Simplify rsync code
  • shared/certificates: Be more thorough when parsing ip addr
  • shared: Disable keepalives in http.Transports
  • shared: Move Linux specific tests away (Issue #2449)
  • shared/simplestreams: Cleanup unused properties
  • tests: Better fix LXD_DEBUG
  • tests: Cleanup leftover containers
  • tests: Don't depend on main.sh for filemanip
  • tests: Implement LXD_VERBOSE
  • tests: Reduce verbosity under LXD_DEBUG
  • travis: Run the client tests
  • travis: Update to match Jenkins Go versions

Downloads

The release tarballs can be found on our download page.

LXD 2.6 release announcement

22nd of November 2016

The changes in this release include

New features:

  • Support for container specific uid/gid maps (see userns-idmap.md)
  • Send progress notification during container migration (API only)
  • Copy the source image properties into the container properties (image. namespace)

Bugfixes:

  • doc: Add hacking guide (debugging.md)
  • doc: Add missing pci options for gpu in configuration.md
  • doc: Bump liblxc version required in README
  • doc: Document user.network-config
  • doc: Exec recording needs an API extension
  • doc: Specify docker installation details in README
  • lxc/delete: Update help text
  • lxc/file: Fix recursive file pull/push on Windows
  • lxc/finger: Update help text
  • lxc/restore: Update help text
  • lxc: Rework progress handling
  • lxd/containers: Actually surface the last used update error
  • lxd/containers: Add /snap/bin to PATH even if only /snap exists
  • lxd/containers: Attach to userns on file operations
  • lxd/containers: Better handle concurent stop/shutdown
  • lxd/containers: Clarify container delete failure error
  • lxd/containers: Correctly set liblxc loglevel to debug when in --debug mode
  • lxd/containers: Don't double delete ephemeral containers
  • lxd/containers: Improve container error handling
  • lxd/containers: Improve container locking mechanism (Issue #2612)
  • lxd/containers: Save properties on publish
  • lxd/containers: Skip leading whitespace in raw.lxc
  • lxd/containers: Start storage when necessary during stateful start
  • lxd/containers: Timeout container freeze on stop
  • lxd/containers: Track speed during network transfers
  • lxd/images: Don't update images at all if interval is 0
  • lxd/main: Immediately exit when no DB in activateifneeded
  • lxd/networks: Fixed minor typo in checkNetwork
  • lxd/networks: Spawn dnsmasq on FAN bridges
  • lxd/storage: Fix 10s delay on removing ZFS used images (Issue #2617)
  • lxd/storage: Freeze container during copy on directory backend
  • scripts/lxc-to-lxd: Better output with no container
  • scripts/lxc-to-lxd: Check that source path exists (disk) (Issue #2572)
  • scripts/lxc-to-lxd: Consistent logging
  • scripts/lxc-to-lxd: Don't fail dry-run with runnning containers
  • scripts/lxc-to-lxd: Drop dependency on pylxd
  • scripts/lxc-to-lxd: Fix lxdpath handling
  • scripts/lxc-to-lxd: Formatting
  • scripts/lxc-to-lxd: Migrate lxc.aa_profile if set
  • scripts/lxc-to-lxd: Print summary and proper exit code
  • shared/idmapset: Fix typo in Intersects
  • shared/simplestreams: Cleanup unused properties
  • tests: Cleanup leftover containers
  • tests: Don't depend on main.sh for filemanip
  • tests: Implement LXD_VERBOSE for reduced verbosity
  • tests: Reduce verbosity under LXD_DEBUG

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.5 release announcement

25th of October 2016

The changes in this release include

New features:

  • lxc/remote: Allow adding a new remote just by FQDN/IP (without a name)
  • lxd/containers: Implement exec output recording in the API
  • lxd/images: Store the simplestreams cache to disk (allows for offline use of those remote images)
  • lxd/certificates: Add support for PUT/PATCH of certificates
  • lxd/containers: Support signal forwarding in exec session
  • lxd/containers: Add support for GPU hotplug ("gpu" device type)

Bugfixes:

  • appveyor: Add appveyor config to git (Issue #2537)
  • client: Disable keepalives in http.Transports
  • client: Fix tests of client on Windows/Mac
  • doc: Add official Windows support to README
  • doc: Sort API endpoints in rest-api
  • doc: Use consistent method ordering in rest-api
  • doc: Use spaces everywhere
  • doc: We actually require 2.0.0 or higher
  • doc: Workaround github markdown renderer
  • examples: Use .yaml as the yaml extension
  • extra: Added the command network to lxc-client bash-completion
  • extra: Allow dash in parameters to lxc-client bash-completion
  • extra: Fix _lxd_profiles in lxc-client bash-completion
  • lxc/copy: Don't use the operation as a marker of success
  • lxc/copy: Wait on the source operation too
  • lxc/exec: Set term to "dumb" on windows (Issue #2288)
  • lxc/file: Fix help typo
  • lxc/file: Fix mkdir -p /
  • lxc/file: Normalize paths before sending them to the server (Issue #2557)
  • lxc/init: Fix typo in nictype value for -n
  • lxc/list: Fix typo in lxc list help
  • lxc/push: Fix typo (Issue #2501)
  • lxc/remote: Fix remote add with Go tip
  • lxd/certificates: Export all documented certificate fields
  • lxd/containers: Be more verbose on mkdir failure
  • lxd/containers: Catch and return more errors in OnStop
  • lxd/containers: Clean up apparmor stuff in OnStart when something fails
  • lxd/containers: Don't destroy ephemeral container on restart (Issue #2555)
  • lxd/containers: Don't show invalid logs
  • lxd/containers: exec: Remove unused code
  • lxd/containers: Fix forkmount to work with 4.8 and higher
  • lxd/containers: Fix wording of seccomp error message
  • lxd/containers: Improve config validation on update
  • lxd/containers: Log OnStart/OnStop hook errors
  • lxd/containers: More reliable container autostart (Issue #2469)
  • lxd/containers: Only load kernel modules if not loaded
  • lxd/containers: Properly validate CPU allowance
  • lxd/containers: Properly validate memory limits (Issue #2483)
  • lxd/containers: Record the err from go-lxc
  • lxd/containers: Remove legacy code from OnStop
  • lxd/containers: Report correct dev type in log
  • lxd/containers: Set LXC loglevel to match daemon (Issue #2528)
  • lxd/containers: USB vendorid is mandatory, productid isn't
  • lxd/devices: Be less optimistic about netlink info
  • lxd/devices: Use DEVNAME entry of netlink for usb
  • lxd/images: Detect out of disk space unpack errors (Issue #2201)
  • lxd/images: Don't make unnecessary image copies (Issue #2508)
  • lxd/images: Fix invalid filename of metadata on export (Issue #2467)
  • lxd/init: Detect zfs kernel support
  • lxd/init: Ignore ZFS if in a container
  • lxd/migration: Fix a race for collecting logs
  • lxd/migration: Remove debugging by file creation
  • lxd/migration: Start migration storage at the right time (Issue #2505)
  • lxd/networks: Always allow communication with dnsmasq (Issue #2506)
  • lxd/networks: Always pass --enable-ra with IPv6 (Issue #2481)
  • lxd/networks: Fill DHCP checksums
  • lxd/networks: Fix IPv6 DHCP logic
  • shared/cert: be more thorough when parsing ip addr
  • shared: Move Linux specific tests away (Issue #2449)
  • travis: Run the client tests
  • travis: Update to match Jenkins Go versions

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.4.1 release announcement

5th of October 2016 The primary goal for this release is to publish release tarballs that actually report LXD as "2.4.1" rather than "2.3" as the release ones mistakenly did.

We're including a couple of bugfixes in the process too.

The changes in this release include

Bugfixes:

  • shared: Remove logging import
  • tests: add a test to make sure we don't accidentally include new deps
  • extras: Added the command shell to lxc-client bash-completion

Downloads

The release tarballs can be found on our download page.

LXD 2.0.5 release announcement

5th of October 2016 This is the fifth bugfix release for LXD 2.0.

The changes since LXD 2.0.4 are

Note that several migration fixes included in this release depend on a newer go-lxc. If building manually, you may need to update your copy of go-lxc. If building for a distribution, you may need to update your packaged version of go-lxc to a newer snapshot.

Minor improvements:

  • Support for AppArmor namespacing and stacking
  • Rework LXD daemon logging to be cleaner and more generally useful (Issue #1928)
  • "lxc info CONTAINER" now shows the name of the remote for the container
  • Client errors now include the remote the container is on
  • /snap/bin is included to PATH if present in the container

Bugfixes:

  • doc: Add txqueuelen tweak.
  • doc: Clarify that user_subvol_rm_allowed is needed for btrfs nesting (Issue #2338)
  • doc: Fix the table style of environment.md (Issue: #2410)
  • doc: Fix typos in production-setup.md
  • doc: Remove trailing spaces in production-setup.md
  • doc: Spacing cleanup
  • extras: Containers state checking for start, stop and exec commands
  • extras: Fixed container convert from LXC to LXD
  • fuidshift: expand symlinks to last path component
  • lxc: Drop unused httpAddr property
  • lxc/exec: Document lxc exec -- args
  • lxc/exec: Use os.LookupEnv from go 1.5 to find environment vars
  • lxc: Fix spacing alignment in config.go's examples
  • lxc/help: Send error to stdout (Issue #2301)
  • lxd/apparmor: Be less restrictive when unprivileged
  • lxd-bridge: Fail on dnsmasq failure
  • lxd-bridge: Fix crash in lxd-bridge-proxy
  • lxd: Consistently handle name conflicts
  • lxd/container: Allow unsetting any config key
  • lxd/container_lxc: handle xattrs
  • lxd/container: Retry generating petnames
  • lxd/container: Return an error on "restart" without force of a paused container (Issue #2311)
  • lxd/container: Rework container operation locking (Issue #2297)
  • lxd/daemon: Do our own socket activation (Issue #2333)
  • lxd/db: Fix int64 handling
  • lxd/db: Make a database backup on schema updates (Issue #2299)
  • lxd/db: Rework DB schema updates
  • lxd/image: Fix support for lzma alone file format (Issue #2360)
  • lxd/image: Tweak squashfs for low-memory systems (Issue #2382)
  • lxd/init: Change default host to all (::)
  • lxd/init: Change validation functions for consistency
  • lxd/init: Default to "dir" when "zfs" isn't available (Issue #2340)
  • lxd/init: Don't fail when passed "all" as an IP
  • lxd/init: Enable compression on new zfs pools
  • lxd/init: Fix listed default value for ZFS pool (Issue #2339)
  • lxd/init: use more intelligent logic for partition sizing
  • lxd/migration: Actually support copying across different CoW based backend types (Issue #2359)
  • lxd/migration: Also show warnings on c/r errors
  • lxd/migration: Bump ghost limit
  • lxd/migration: Don't use ActionScript if it's not available
  • lxd/migration: Preserve snapshot configuration
  • lxd/migration: Resume dumped container on failed restore
  • lxd/migration: Use liblxc's new preserves_inodes feature
  • lxd/network: Detect bonds
  • lxd/network: Detect openvswitch
  • lxd/network: Fix networkIsInUse
  • lxd/network: Move and rename isOnBridge
  • lxd/profile: Cleaner error on existing profile name
  • lxd/profile: Properly cleanup on profile removal (Issue #2347)
  • lxd/storage: Copy everything on container copy (Issue #2371)
  • lxd/storage: Extra checks and config for ZFS pools
  • Makefile: Don't recursively include test deps
  • README: Add AppVeyor badge (Windows testing)
  • shared: Add GetOwner stub for Windows (fixes #2438)
  • shared: Generate client certificate with proper extended usage info
  • shared: Make TestReaderToChannel transfer smaller
  • shared: New RunCommand wrapper function
  • tests: Add a test to make sure we don't accidentally include new deps
  • tests: add test for GetAllXattr()
  • tests: Fix apparmor version check
  • tests: Fix for newer shellcheck
  • tests: Force UTC timezone
  • tests: Only check leftovers on active LXD
  • tests: skip tests when xatts are not supported

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.4 release announcement

4th of October 2016

The changes in this release include

New features:

  • Add API support for push based migration (with a client acting as relay)
  • Add a new used_by property to profiles (similar to networks)
  • Update "lxc profile list" to show a table
  • Support configuring NAT through "lxd init"

Bugfixes:

  • lxd/init: Actually add new network to profile
  • lxd/init: Typo fix
  • lxd/migration: Don't use ActionScript if it's not available
  • lxd/network: Allow nil network config
  • lxd/network: Better deal with partially disabled IPv6
  • lxd/network: Fix automatic nat settings
  • lxd/network: Fix IPv6 forwarding logic
  • lxd/network: Fix rare race condition with sysctl
  • lxd/network: Fix typo discovered by lintian
  • lxd/zfs: Extra checks and config for ZFS pools
  • doc: Add AppVeyor badge (Windows testing)
  • Makefile: Don't recursively include test deps
  • shared: Add GetOwner stub for Windows
  • shared: Generate client certificate with proper extended usage info
  • test: Fix apparmor version check
  • test: Fix shellcheck warning
  • test: Force UTC timezone
  • test: Make container cleanup more reliable

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.3 release announcement

27th of September 2016 LXD 2.3 includes a few major features we've been working on for months.

The main one is a completely new set of API endpoints, configuration options and commands. This allows creating and configuring bridges through LXD, including IPv4 and IPv6 connectivity, Ubuntu FAN support, cross-host tunnels with GRE or VXLAN, various DNS modes, DHCP configuration and MAC filtering.

The other feature we're very excited about is support for AppArmor namespaces and stacking. This will allow containers to load apparmor profiles and further confine their workloads.

The changes in this release include

New features:

  • Introduce the new network management API
    • POST to /1.0/networks (see rest-api.md)
    • PUT to /1.0/networks/NAME (see rest-api.md)
    • PATCH to /1.0/networks/NAME (see rest-api.md)
    • DELETE to /1.0/networks/NAME (see rest-api.md)
    • "lxc network" commands
    • Network configuration in "lxd init"
    • The default profile now comes without network configuration
    • The old lxd-bridge code has been removed
    • Details of configuration options in configuration.md
  • Support for AppArmor namespaces and profile stacking
    • On supported kernels, containers will now be able to use apparmor
  • Introduce a new storage.lvm_mount_options daemon configuration option
  • Rework log message priorities and add more context to log messages
  • "lxc info" now shows the remote name in its output
  • The client now includes the remote name in error messages

Bugfixes:

  • apparmor: Be less restrictive when unprivileged
  • apparmor: create an apparmor namespace for each container
  • doc: Fix rest-api for PATCH addition
  • doc: Fix the table sytle of environment.md
  • extras: Containers state checking for start, stop and exec commands in bash completion
  • extras: Fixed container convert from LXC to LXD
  • extras: Update bash completion for current options
  • lxc: Drop unused httpAddr property
  • lxc/exec: Document lxc exec -- args
  • lxc/file: Make the target directory on recursive pull
  • lxd/db: Don't try to backup the database when running tests
  • lxd/db: Fix int64 handling
  • lxd/images: Tweak squashfs for low-memory systems
  • lxd/init: Change validation functions for consistency
  • lxd/init: Enable compression on new zfs pools
  • lxd/log: Add format wrappers for log functions
  • lxd/log: Add wrappers for log functions
  • lxd/log: Transition to new wrappers
  • lxd/migration: Actually support copying across different CoW based backend types
  • lxd/migration: Also show warnings on c/r errors
  • lxd/migration: Preserve snapshot configuration during copy
  • lxd/network: Detect bonds
  • lxd/network: Detect openvswitch
  • lxd/network: Fix networkIsInUse
  • lxd/network: Move and rename isOnBridge
  • shared: Export type checking functions
  • shared: fuidshift: Expand symlinks to last path component
  • shared: New RunCommand wrapper function
  • snappy: Add /snap/bin to PATH if present

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.2 release announcement

14th of September 2016

The changes in this release include

New features:

  • client: Add a "manpage" command (Issue #2280)
  • client: Add a "rename" alias (Issue #2320)
  • client/file: Recursive file push/pull (-r) (Issue #1218)
  • client/file: Support recursive directory creation (-p) (Issue #2290)
  • client/info: Add cpu usage (Issue #1867)
  • client/publish: Allow overriding compression algorithm (Issue #2296)
  • daemon: Make a database backup on schema updates (Issue #2299)
  • daemon/container: Expose CPU usage (Issue #1867)
  • daemon/container: Recursive file push/pull (Issue #1218)
  • daemon/image: Allow overriding compression algorithm (Issue #2296)
  • daemon/init: Ask for images.auto_update_interval (Issue #2167)
  • daemon/storage: Add new storage.zfs_use_refquota option (Issue #2354)

Bugfixes:

  • client/exec: Use os.LookupEnv from go 1.5 to find environment vars
  • client/help: Change lxc help to to go to stdout (Issue #2301)
  • daemon: Consistently handle name conflicts
  • daemon/container: Allow unsetting any config key
  • daemon/container: Fix USB transposed major/minor
  • daemon/container: Handle xattrs on publish
  • daemon/container: Retry generating petnames on conflict
  • daemon/container: Return an error on "restart" without force of a paused container (Issue #2311)
  • daemon/container: Rework container operation locking (Issue #2297)
  • daemon/container: Try to remove the usb bus dir after device disconnect (Issue #2306)
  • daemon/container: Various USB hotplug fixes (Issue #2312)
  • daemon/dir: Copy everything on container copy (Issue #2371)
  • daemon: Do our own socket activation (Issue #2333)
  • daemon/image: Fix support for lzma alone file format (Issue #2360)
  • daemon/init: Change default host to all (::)
  • daemon/init: Default to "dir" when "zfs" isn't available (Issue #2340)
  • daemon/init: Fix listed default value for ZFS pool (Issue #2339)
  • daemon/init: Use more intelligent logic for partition sizing
  • daemon/profile: Cleaner error on existing profile name
  • daemon/profile: Properly cleanup on profile removal (Issue #2347)
  • doc: Add txqueuelen tweak
  • doc: Clarify that user_subvol_rm_allowed is needed for btrfs nesting (Issue #2338)
  • doc: Fix typos in production-setup.md
  • doc: Rename api_extensions to api-extensions
  • i18n: Update po files and Japanese translation
  • lxd-bridge: Fix crash in lxd-bridge-proxy
  • tests: Fix race in alias test
  • tests: Make TestReaderToChannel transfer smaller
  • tests: Only check leftovers on active LXD

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.1 release announcement

16th of August 2016 LXD 2.1 is the first feature release following LXD 2.0 LTS.

Note that this release does not have LTS status and as such will not benefit from multi-year support or bugfix releases.

For production environments, we recommend that you stick to the LXD 2.0 LTS release.

The changes in this release include

New features:

  • client: Add a lxc shell alias by default
  • client: Build unix-like aliases directly into LXC (lxc {cp,ls,mv,rm}, lxc image {cp,ls,rm}, lxc image alias {ls,rm}, lxc remote {ls,mv,rm} and lxc config device {ls,rm})
  • client: Generate the client certificate on-demand
  • client/copy: Allow additional profiles and config to be set
  • client/copy: Pick a random name if not specified and same host
  • client/image: Add --format and json output
  • client/image: Allow deleting multiple images at once
  • client/list: Add support for config key columns (e.g. lxc list -c ns,security.privileged:privileged)
  • client/profile: lxc profile apply is now lxc profile assign
  • client/profile: New lxc profile add and lxc profile remove sub-commands
  • client/version: Do not show the version command by default
  • daemon: Add a global core.https_allowed_credentials key
  • daemon: Implement ETag support for all PUT calls
  • daemon: Implement PKI authentication (see doc/lxd-ssl-authentication.md)
  • daemon: Implement the PATCH method for all endpoints already supporting PUT
  • daemon/container: : Add config key for container force shutdown timeout (boot.host_shutdown_timeout)
  • daemon/container: Add some seccomp knobs (security.syscalls.{blacklist,blacklist_default,blacklist_compat,whitelist} and raw.seccomp)
  • daemon/container: Add support for the "usb" device type (see doc/configuration.md)
  • daemon/container: Record the last used date for containers (also expose in lxc info and lxc list)
  • daemon/zfs: Allow forcing snapshot removal through configuration (storage.zfs_remove_snapshots)

Bugfixes:

  • All the bugfixes listed as part of LXD 2.0.1, 2.0.2, 2.0.3 and 2.0.4
  • tests: Fix for newer shellcheck
  • lxd-bridge: Fail on dnsmasq failure
  • c/r: switch to the new ->migrate API
  • c/r: use liblxc's new preserves_inodes feature
  • c/r: bump ghost limit

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.4 release announcement

15th of August 2016 This is the fourth bugfix release for LXD 2.0.

The changes since LXD 2.0.3 are

Minor improvements:

  • /dev/net/tun is now a default device (always present)
  • lxd-bridge: dnsmasq is now configured with IPv6 name resolution
  • lxd-bridge: iptables rules now have a comment (Issue #2125)
  • "lxd init" now comes with reasonable defaults (Issue #1933)
  • The "images:" remote now uses simplestreams on new installations
  • "lxc image export" now always uses the image fingerprint as filename
  • Import progress is now reported for URL imports in "lxc image import"

Bugfixes:

  • apparmor: Add feature detection and clean things a bit
  • apparmor: Don't depend on the LXC apparmor profile (Issue #1942)
  • apparmor: Rename main two chunks of rules (Issue #1942)
  • apparmor: Setup a more modular apparmor profile (Issue #1942)
  • client: Don't share http client with go routines (Issue #2186)
  • client: Error when trying to remove a non-existent device (Issue #2277)
  • client: Fix API info reporting in "lxc info"
  • client: Fix spelling: permisson -> permission (Issue #2211)
  • client: Make client.websocket a public API
  • client: Make --version option visible (Issue #2171)
  • client: Relax constraints on WebsocketRecvStream args
  • client: Use named args for actionCmds
  • client/finger: Remove unused field from finger cmd (Issue #2170)
  • client/image: Fix image import from URL (Issue #2272)
  • client/list: fix concurrent read/write (Issue #2183)
  • client/list: Fix error handling and race in "lxc list" (Issue #1753)
  • client/pause: Add some additional help to lxc pause
  • client/profile: Add "lxc profile unset" to help message (Issue #2227)
  • daemon/container: Actually handle containers list error
  • daemon/container: Add sanity checks for common problems (Issue #2190)
  • daemon/container: Alphabetize device processing (Issue #2233)
  • daemon/container: Better errors when sanity checking devices
  • daemon/container: Better handle missing or invalid device types (Issue #2210)
  • daemon/container: Document and validate limits.*.priority values (Issue #2231)
  • daemon/container: Document image export target behavior and fix bugs (Issue #2205)
  • daemon/container: Don't unfreeze a container on stop (Issue #2164)
  • daemon/container: Fix flag name in init error message
  • daemon/container: Fix limits.disk.priority when set to 0 (Issue #2230)
  • daemon/container: Fix nic hotplug with openvswitch (Issue #2106)
  • daemon/container: Fix unix-char/unix-block in nested containers (Issue #2279)
  • daemon/container: Improve check for invalid physical devices
  • daemon/container: Remember the return code in the non wait-for-websocket case (Issue #2243)
  • daemon/container: Remove unused "name" argument from {create,remove}UnixDevice
  • daemon/container: Return more error information back to the user (Issue #2190)
  • daemon/container: Sort disk devices by their path before their names (Issue #2249)
  • daemon/container: Unfreeze frozen container on shutdown (Issue #2164)
  • daemon/db: Don't fail db upgrade if $LXD_DIR/containers doesn't exist (LP: #1602025)
  • daemon/db: remove fuse device from docker profile (Issue #2213)
  • daemon/migration: fix tempdir handling
  • daemon/profile: Prevent using invalid profile names (Issue #2274)
  • daemon/zfs: Fix ZFS volume size on 32bit architectures (Issue #2158)
  • daemon/zfs: Only delete copy- snapshots on delete (Issue #2127)
  • daemon/zfs: Remove subvolume in zfs.ImageCreate error flow (Issue #2194)
  • doc: Add /dev/net/tun and /dev/fuse to docs
  • doc: Added command to install squashfs-tools in README.md
  • doc: Document config_get in pongo templates
  • doc: Fixed errors on api examples with curl
  • doc: Initial documentation for production use of LXD (Issue #2256)
  • doc: Shuffle packages a bit in README.md
  • lxd-bridge-proxy: Remove unused code
  • Makefile: Also have "make dist" run multiple go get
  • scripts: Make lxc-to-lxd work inside virtualenv (Issue #2175)
  • simplestreams: Fix size reporting (Issue #2223)
  • simplestreams: Handle images without labels
  • simplestreams: List images available as both squashfs and tar.xz
  • simplestreams: Properly deal with unset expiry
  • simplestreams: Set proper user-agent
  • simplestreams: Use the hashes in the right order (Issue #2239)

Downloads

The release tarballs can be found on our download page.

LXD 2.0.3 release announcement

28th of June 2016 This is the third bugfix release for LXD 2.0.

The changes since LXD 2.0.2 are

Notes:

  • The "unsquashfs" command is now a LXD requirement as it is needed to unpack the newer Ubuntu images.
  • The REST API will now return a 201 code accompanied with a Location header following a POST to an endpoint returning an Sync response. It used to be sometimes returning a 200 without the Location header.
  • Containers now get a /dev/fuse device by default.

Minor improvements:

  • extras: Better bash completion coverage
  • client/delete: Allow -f as a shortcut of --force
  • client/info: Include the certificate fingerprint in server info (Issue #2098)
  • client/info: Show remote in the --show-log example provided on error
  • core: Add squashfs support as needed by newer Ubuntu images
  • core: Tweak TLS cipher list a bit to allow browsers to talk to LXD (Issue #2034)
  • daemon/container: Setup /dev/fuse by default

Bugfixes:

  • client: Better handle connection errors
  • client: Check all alias args to support subcommand aliases (Issue #2095)
  • client/file: Don't modify file permissions on edit
  • client/image: Use the daemon provided fingerprint on image copy (Issue #2162)
  • client: Normalize the URLs in the client (Issue #2112)
  • client/remote: Fix a panic in 'remote add' (Issue #2089)
  • client/remote: Fix parsing of <FQDN>:<PORT>
  • core: Better handle PEM decoding errors (Issue #2119)
  • core: Check for zero byte send in ReaderToChannel (Issue #2072)
  • core: Fix a concurrent websocket write crash
  • core: Use default buffer size for WebsocketUpgrader
  • daemon: Add missing linebreak to lxd help
  • daemon/api: Set Location on sync POST requests (Issue #2092)
  • daemon/btrfs: Fix failure to restore on btrfs (Issue #2058)
  • daemon/certificate: Fail to add an existing certificate
  • daemon/config: Allow "none" as compression algorithm (regression fix)
  • daemon/container: Add target path to rootfs tarball in image export (Issue #1980)
  • daemon/container: Better handle bind mounts
  • daemon/container: GET of a nonexistent file now 404s (Issue #2059)
  • daemon/container: Make devices cgroup config more readable
  • daemon/container: Improve error message on disk setup failure
  • daemon/container: Use defer to undo changes on failed update
  • daemon/db: Don't try to chmod zfs.img when testing db upgrades
  • daemon/db: Don't try to update /var/lib/lxd/containers in go tests
  • daemon/init: Actually unset the storage keys
  • daemon/lvm: Don't call lvextend with recent LVM versions
  • daemon/migration: Setup some buffering for zfs/btrfs send
  • daemon/migration: Simplify checkpoint/restore code everywhere
  • daemon/migration: switch to the new LXC migrate API
  • daemon/zfs: Improve block device detection
  • daemon/zfs: Mount if not mounted (Issue #1888)
  • doc: Clarify ZFS snapshot shortcomings (Issue #2055)
  • doc: Drop JSON example from configuration.md
  • doc: Fix certificates JSON examples to cover all fields
  • doc: Fix typo in "unix-block" description
  • doc: Improve shared folder documentation (README) (Issue #2123)
  • lxd/patches: Add support for one-time patches (separate from DB schema updates)
  • Makefile: go get has become worse, now need 3 runs
  • Makefile: Update repository URL for xgettext-go
  • migration: Consolidate error handling
  • test: 201 is a valid return code for alias creation
  • test: Add a test for ReaderToChannel
  • test: Add test for "lxc file edit" target file owner and permission

Downloads

The release tarballs can be found on our download page.

LXD 2.0.2 release announcement

30th of May 2016 This is the second bugfix release for LXD 2.0 and its first security update.

CVE-2016-1581

Robie Basak noticed that after setting up a loop based ZFS pool through "lxd init" the resulting file (/var/lib/lxd/zfs.img) was world readable.

This would allow any user on the system, and a potential attacker to copy and then read the data of any LXD container, regardless of file permissions inside the container.

LXD 2.0.2 fixes the "lxd init" logic to always set the mode of zfs.img to 0600.

Additionally a one-time upgrade step will trigger on first run and reset any existing zfs.img mode to be 0600.

If you manage an affected system and suspect an unauthorized user may have accessed the zfs.img file, you should consider replacing any secret that was stored in the affected containers (private keys and similar credentials).

CVE-2016-1582

Robie Basak noticed that when switching an unprivileged container (default, security.privileged=false) into privileged mode (by setting security.privileged to true), the container rootfs is properly remapped but the container directory itself (/var/lib/lxd/containers/XYZ) remains at 0755.

This is a problem because it allows an unprivileged user on the host to access any world readable path under /var/lib/lxd/containers/XYZ which may include setuid binaries.

Such setuid binaries could then be used on the host to access otherwise unaccessible data or to escalate one's privileges.

LXD 2.0.2 fixes this behavior by making sure all privileged containers are always root-owned and have their mode set to 0700 to prevent traversal by unprivileged users.

Additionally a one-time upgrade step will trigger on first run and reset any existing privileged containers' ownership and mode to root:root 0700

Downloads

The release tarballs can be found on our download page.

Commits

LXD 2.0.1 release announcement

16th of May 2016 This is the first bugfix release for LXD 2.0.

The bugfixes since LXD 2.0.0 are

  • Don't fail to start when shmounts can't be mounted, instead fail container startup
  • Invalidate the simplestreams cache on proxy change
  • Write the container's config file on start to the log path directly
  • Fix crash in list due to empty responses (Issue #1903)
  • Fail when removing non-existent profiles (Issue #1886)
  • Document --alias to image import (Issue #1900)
  • Fix "lxc start" and "lxc stop" options (stateful/stateless)
  • Give better error on invalid source stream (simplestreams)
  • Add basic REST API usage example to README.md
  • Fix typo in lxc stop --help
  • Convert lxc-to-lxd to stable supported pylxd API (Issue #1901)
  • Properly log image update failures
  • Better validate and rollback bad images (Issue #1913)
  • Send operation return value through SmartError
  • Fix basic filtering in lxc list (Issue #1917)
  • Tell the user how to launch a container on first start (Issue #1931)
  • Redirect "remote" to "remote:" when not conflicting (Issue #1931)
  • Don't load the LXC config for snapshots (Issue #1935)
  • list: Allow filtering by unset key (Issue #1917)
  • Fix example in lxc launch
  • Update Japanese translation and other po files
  • Fall back to cpuset.cpus on older kernels (Issue #1929)
  • Properly validate the server configuration keys (Issue #1939)
  • Fix daemonConfig handling of storage
  • Don't remove config file on forkmigrate
  • Fix config handling following config validation change
  • Fixed Markdown syntax in documentation
  • Don't fail early when removing disks (Issue #1964)
  • Don't recursively delete devices
  • Don't fail when some unix devices fail to be deleted
  • Use the same config checks for unix-char and unix-block
  • Allow removing when fs object no longer exists (Issue #1967)
  • Do proper logfile expiry (Issue #1966)
  • Make logging a bit more consistent
  • Don't ignore zfs errors
  • Properly update the mode, uid and gid on existing files (Issue #1975)
  • Detect invalid certificate files (Issue #1977)
  • Fix broken apparmor status check
  • Allow on/off as boolean strings
  • Properly validate the container configuration keys (Issue #1940)
  • Don't mask rsync transfer errors
  • Move execPath to a global variable
  • Use custom netcat instead of nc -U for rsync over websocket (Issue #1944)
  • Fix wrong state dir path in migration
  • Don't fail deleting images when the storage delete fails
  • Improve messages in the Japanese translation
  • Add more checks for the criu binary
  • Rework (live) migration tests
  • Make it explicit in documentation that devices on create are optional
  • Properly record the source of all image copies (Issue #2010)
  • Don't mark containers as ERROR while being created (Issue #1988)
  • Cleanup events sent for operations (Issue #1992)
  • Fix ZFS refcounting issues (Issue #1916 and Issue #2013)
  • Propagate snapshot config when copying a snapshot (Issue #2017)
  • Implement lxc config show for snapshots
  • Add Unix socket example to REST API usage.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.0 release announcement

11th of April 2016 This is the final release of LXD 2.0!

LXD 2.0 is a Long Term Support release, similar to LXC 2.0 and LXCFS 2.0 and so comes with a 5 years support commitment from upstream, ending on 1st of June 2021.

A walkthrough of the LXD 2.0 features can be found here: LXD 2.0: Blog post series

Packages for LXD 2.0 should be available in Ubuntu and other Linux distributions shortly.

Until then, you can just try it online using our demo service

The main changes since LXD 2.0.0 rc9 are

  • client: Add a json format option to "lxc list".
  • client: Recommend running lxd init
  • lxd: Allow setting security.privileged when nested

The bugfixes since LXD 2.0.0 rc9 are

  • client: Filter on expanded config rather than local config
  • client: Fix wrong mode being passed by file push
  • client: Show the snapshot name instead of the path
  • client: Tweak help messages
  • client: Update Japanese translation
  • core: Don't let umask mess with modes
  • core: Fix uid, gid and mode of retrieved files
  • core: zfs: Clean any leftover snapshot
  • core: zfs: Ignore non-LXD paths in user count
  • doc: Mark API as stable for release

Downloads

The release tarballs can be found on our download page.

LXD 2.0.0.rc9 release announcement

6th of April 2016

The main changes for this release are

  • The 1.0 API is now considered stable
  • A new lxd-benchmark tool has been added as part of the testsuite
  • The client has been translated into Japanese

Bugfixes

  • core: Check that the target is set on alias update
  • core: Don't use the cpu map from /proc/self/status
  • core: Fix all non-gzip compression algorithms
  • core: Improve ZFS reliability and performance
  • core: lxcbr0 is no more, replace it by lxdbr0
  • core: Prevent container actions while in setup mode
  • core: Set lxc.rootfs.bdev (performance improvement)
  • core: Stop the storage code after we're done remapping
  • core: Support holes in CPU usage (disabled CPUs)
  • core: Throttle the event listeners
  • core: Workaround bad go-lxc Start() behavior
  • extra: Update bash completion to use --fast (performance improvement)
  • list: Don't crash on missing disk or network info
  • lxd-bridge: Don't set link-local without a proxy
  • lxd-bridge-proxy: Bump port number to 13128
  • lxd-bridge: Run dnsmasq as the lxd user instead of the non-existing lxd-dnsmasq user
  • main: Have ActiveIfNeeded trigger if we have running containers
  • specs: Images are auto-updated every 6 hours
  • tests: Don't rely on the filesystem so much

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.0.rc8 release announcement

31st of March 2016

The main changes for this release are

  • The LVM volume size is now configurable through configuration rather than environment variables
  • "lxc image alias list" now supports filtering like the other list commands

Bugfixes

  • Fix initial exec size
  • Fix wrong packets sent value
  • Workaround RemoveAll failures on long paths
  • doc: Fix bad markdown
  • Apply all templates at container startup time
  • simplestreams: cleanup
  • Use fork for command execution
  • Failure to unload the apparmor profile isn't fatal
  • Prevent deadlock on container stop failure

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.0.rc7 release announcement

28th of March 2016

The main changes for this release are

  • "lxc info" now reports resource consumption
  • Improved bash completions
  • Implement container creation from image properties

Bugfixes

  • exec: remove dead code path
  • exec: send initial window size
  • exec: client: don't always send window size
  • exec: only access terminal size in interactive mode
  • docs: s/initial/Initial
  • Tests: Don't translate lxc output for parsing it.
  • Workaround a URL parser issue
  • Clarify the ZFS restore error
  • lxd-bridge: Don't fail due to missing IPv6

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.0.rc6 release announcement

23rd of March 2016

The main changes for this release are

  • New daemon "setup mode" to be used to feed configuration to the LXD daemon after startup and before it starts spawning containers.
  • The "get", "set" and "unset" commands have been added to "lxc config device" and "lxc profile device"
  • Broken containers are now marked as "ERROR" in "lxc list" rather than being hidden

Bugfixes

  • lxd init: clarify no port is wanted with server address
  • lxd init: accept empty trust password
  • lxd init: recommend port 8443
  • README: document composing docker and default profiles.
  • Rename IsMock to MockMode
  • Cleanup daemon initialization
  • Remove the startDaemon function
  • Cleanup function names in main.go
  • Improve waitready
  • Fix permissions of new devices nodes
  • Allow the bridge to be brought down even if disabled
  • Some more lxd-bridge fixes
  • lxd-bridge: Make shellcheck happy

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.0.rc5 release announcement

21st of March 2016

The main changes for this release are

  • Fix DELETE /1.0/images/ to actually be Async. This is a minor API change to match the specification and will break backward compatibility with older clients (only when performing image deletion).
  • The deprecated lxd-images script has now been entirely removed.

Bugfixes

  • Improve error reporting on image POST
  • Fix error handling logic around snapshots
  • Fix container shutdown to actually happen in parallel
  • Document 'auto_update' parameter for 'POST /1.0/images'
  • stateful start: rework behavior
  • stateful snapshots: rework behavior
  • Bind-mount mqueue if unprivileged
  • update documentation on using docker in containers
  • bump the monitor timeout to 5s
  • lxd-bridge: Some tweaks

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.0.rc4 release announcement

16th of March 2016

The main changes for this release are

  • Support for recursive bind-mounts (recursive property on disk entries)
  • Add a new "ERROR" state for containers, used to indicate a communication problem with LXC
  • Make it possible to have templates only apply for non-existing files (create_only property)
  • All the specifications have been updated and moved to the doc/ directory
  • /dev/lxd access is now restricted to uid 0 in the container

Bugfixes

  • devices client: only print success message when successful
  • Fix devlxd failing to detect container
  • Have "device show" print yaml
  • specs: Clarify image handling
  • specs: Remove command-line-user-experience
  • specs: Remove dia database diagram
  • specs: Clarify the daemon spec
  • specs: Update /dev/lxd spec to match current state
  • specs: Update environment variables list
  • specs: Update SSL spec to match current state
  • specs: Re-format the migration document
  • specs: Update requirements
  • specs: Update storage backend spec
  • specs: Update userns to match reality
  • docker profile: add the apparmor enabled overmount
  • More strictly parse remote URLs
  • Fix devlxd access outside of an exec session
  • Return better errors for public and simplestream remotes
  • Block sys_rawio by default

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.0.rc3 release announcement

11th of March 2016

The main changes for this release are

  • GET /1.0/containers/NAME/snapshots/SNAPNAME now returns the configuration and devices included in the snapshot
  • Three new configuration options have been introduced to configure the daemon to use an HTTP proxy
    • core.proxy_https (if not set, uses HTTPS_PROXY env variable)
    • core.proxy_http (if not set, uses HTTP_PROXY env variable)
    • core.proxy_ignore_hosts (if not set, uses NO_PROXY env variable)
  • Cache remote simplestream data for an hour in the daemon so we don't hammer the remote server
  • Allow for auto-update of images coming from a LXD server

Bugfixes

  • Change ConnectInfo to take a RemoteConfig.
  • Workaround kernel overmounting protection
  • migration: attempt to be slightly smart about moving filesystems
  • tests: disarm the gremlins by comparing things in UTC
  • zfs: fix handling of the "snapshot only" send case
  • Allow reducing the LVM LV size and update tests
  • profiles: don't mask error message when not found
  • mounting: only block devices hold filesystems
  • Rework event locking
  • Fix panic due to concurrent read/edit of container lock
  • zfs: Skip the pool header line
  • Make it clear that the init arguments only apply in auto mode
  • Fix error message when snapshotting with existing name
  • lvm: make errors log as errors
  • Don't generate client certificates when calling NewClient
  • Fix parsing image names
  • Forward errors from forkgetfile and forkputfile
  • Make changing https_address more reliable
  • migration: don't defer cleanup of sending snapshots

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.0.rc2 release announcement

7th of March 2016

The main changes for this release are

  • Add configuration keys for the rest of the CORS headers
  • Get one step closer to dropping lxd-images, lxd-images is now just a shim
  • Deprecate support for Go < 1.5 as some of our dependencies dropped 1.4 support

Bugfixes

  • Fix image import from remote lxd using aliases
  • Fix creation of extra volatile entries
  • Fix testsuite for when stdout is a file
  • Initialize the storage driver before messing with images
  • Restrict lxd init to root
  • Only attempt to load containers AFTER the socket is setup
  • Fix default protocol in image download
  • Only setup forwarding when an IP is set
  • client: add default config in NewClientFromInfo
  • Fix incorrect device type in dbUpdateFromV26

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.0.rc1 release announcement

2nd of March 2016 This is the first release candidate for LXD 2.0. This means that we believe all features required for LXD 2.0 have now been merged and we only expect bugfixes and minor usability improvements to land between now and final release.

The main changes for this release are

  • Support for the Cgroup namespace.
  • It is now possible to set the lxc.network.X.ipv{4,6}[.gateway] raw.lxc keys (with usual caution with regard to raw.lxc)
  • /proc and /sys are now clean straight mounts when the container is unprivileged
  • The scope of IP addresses is now exported and used to filter local addresses out by default
  • lxc exec now defaults to non-interactive mode when stdout isn't a tty
  • All the tables rendered by the client now look alike
  • Simplestreams is now natively supported by both the client and the server, eliminating the need for lxd-images
  • Background image syncronization is now supported by the server and done by-default for all cached images
  • The last time an image was used and whether it's stored in the cached is now exported over the API and visible in "lxc image info"
  • Profiles now have a description field
  • It is now possible to do a stateful container stop where the container is checkpointed to disk rather than killed, then resumed on next start.
  • A "docker" profile is now present by default with those settings required to be able to run Docker inside a LXD container.
  • Image import now reports upload progress.

Bugfixes

  • Refactor the GenCert function so it can be reused.
  • tests: get rid of commented out code
  • Rework lxd.NewClient so we don't need a disk cache.
  • shared: export limit parsing function
  • Add upgrade procedure to README
  • websocket: fix panic() on concurrent writes
  • Don't allow the state functions to fail
  • specs: Remove section on Etag (not implemented)
  • specs: Fix rest-api layout
  • list: Fix crash on PID column
  • Fix name printing on lxc init
  • Fix a variety of issues with blkio limits
  • Fix hardcoded architecture path in apparmor profile
  • tests: Fix failure on networked test
  • tests: Fix the number of certs check
  • Fix snapshot configuration
  • Don't rely on the filesystem to check if stateful
  • Catch checkpoint failures
  • Fix DB test
  • Better lock around event listeners
  • Fix container not rebooting properly
  • Add package "make" to build dependencies installation command
  • Don't stop at an unsatisfactory sub?id entry
  • client: better error on lxc stop remote:
  • Just use the shared struct whenever possible in the client
  • Fix download progress on launch
  • Fix alignment of numbers in tables

Upgrade notes

  • This release deprecates the lxd-images tool, instead use the ubuntu: and ubuntu-daily: default remotes to achieve the same feature. If you absolutely must copy an image into the local store, it can be done with "lxc image copy ubuntu:14.04 local: --alias ubuntu".

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.0.beta4 release announcement

23rd of February 2016

The main changes for this release are

  • REST API changes
    • The API versioning data at /1.0 has changed, now includes, api_status, api_version and api_extensions
    • Architecture fields are now returned as strings instead of obscure integer
    • GET /1.0/containers/NAME/state has been reworked, now includes more detailed network information, disk usage information as well as memory consumption data.
  • New --fast mode for "lxc list" which only lists "cheap" fields
  • The container architecture is now listed in "lxc info"
  • Add process count limit (pids cgroup)

Bugfixes

  • Fix container creation from remote image alias
  • Fix Content-Type value for errors
  • Don't stop containers before asking the user
  • Re-implement terminal functions through cgo (fixes ppc64el)
  • Allow access to /dev/zero
  • tests: Keep pprof self-contained
  • Use iproute2 instead of bridge-utils
  • lxd-images: Fix sync
  • allow cgroupfs mounting on cgns kernels
  • Optimize container process count (use pid cgroup)
  • Fix file push permissions
  • list: Query containers by batch of 10
  • Only re-balance on host network changes
  • list: Attempt to optimize the go routines slightly

Upgrade notes

  • This release breaks backward compatibility with older LXD versions. Please make sure all your clients and servers run the same version.
  • See notes above for changes to the REST API.

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.0.beta3 release announcement

18th of February 2016

The main changes for this release are

  • "lxc publish" can now be forced to publish running containers (it will temporarily stop them)
  • "lxc image list" now shows images sorted by description
  • Complete review of the REST API and update to make it all match the specification.
    • GET /1.0 now shows the "public" field
    • GET /1.0/certificates now returns a valid list of endpoints
    • GET /1.0/containers/NAME for performance reasons no longer returns the detailed container runtime status ("status" key), a separate query to /1.0/containers/NAME/state is now needed
    • GET /1.0/containers/NAME/logs now returns a valid list of endpoints
    • POST /1.0/containers/NAME/snapshots no longer requires the "stateful" field to be set (defaults to false)
    • POST /1.0/images now lets you override "properties" and "filename" for all supported input types
    • GET /1.0/images/aliases/NAME now returns valid data (the "name" and "target" fields were swapped)
    • POST /1.0/images/aliases/NAME has been implemented
    • PUT /1.0/images/aliases/NAME has been implemented
    • GET /1.0/images/FINGERPRINT no longer shows an empty "target" field for aliases
    • GET /1.0/networks/NAME has been re-designed
    • GET /1.0/operations/UUID/wait?timeout=X now actually times out
    • POST /1.0/profiles/NAME has been implemented
    • All timestamps are now RFC3339 strings and consistently named (created_at, updated_at, expires_at, uploaded_at)
    • Syncronous replies no longer contain an empty "operation" field
  • Extra security now applies for cross-server communication:
    • Unless a certificate is passed along with the query, the following operations now require the remote certificate to be valid according to system CA:
      • Container creation from migration (copy, move & live migration)
      • Container creation from remote image
      • Image copy from other LXD server
      • Image import from https
    • The command client will automatically set the necessary "certificate" field for you for those requests
  • Starting with this release, Go 1.3 is no longer supported by LXD.

Bugfixes

  • Fix invalid container name in lxc file
  • tests: Add test for aliases with slashes
  • Fix updating ephemeral and architecture flags
  • Clarify publish error message a bit
  • Fix interacting with aliases with a trailing slash
  • specs: Update rest-api to match reality
  • Don't move the image into place until it's been parsed
  • Make sure we always use the right dialer and proxy
  • specs: Fix wrong key name
  • Fix lxc file on Windows
  • Fix broken DB migration when upgrading from LXD 0.27 or older
  • Avoid global variables in client tool
  • Fix errors due to early failure to connect
  • Always export the file size on transfer
  • Fixed some typos
  • lxd-images: Register atexit at init time
  • specs: Update storage spec for btrfs send/receive
  • Use upstream go-systemd (this breaks backward compatibility with Go 1.3)

Upgrade notes

  • This release breaks backward compatibility with older LXD versions. Please make sure all your clients and servers run the same version.
  • See notes above for changes to the REST API and security policies.

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.0.beta2 release announcement

10th of February 2016

The main changes for this release are

  • /dev/console has been re-enabled
  • The btrfs backend now supports optimized container transfer (send/receive)
  • Source file ownership and permissions are conserved by default on "lxc file push"
  • Both "lxc list" and "lxc image list" now accept regular expressions as filter
  • lxc info now shows the container creation date (if known), the list of profiles and detailed snapshot information
  • Recursive aliases are now supported in the client (e.g. "delete: delete -f")
  • "lxc delete" now requires a "-f/--force" flag when run against a running container
  • "lxc delete" now has a -i option to always request user confirmation on delete

Bugfixes

  • Fix building LXD on arm64
  • Fix "make dist" for new version numbers
  • specs: Re-sync database spec with reality
  • Fail when unsetting a key that's not currently set
  • Remove backward compatibility code
  • Fix copying snapshot as new container root
  • Fix failure to stop snapshots on migration failure
  • Fix migration of snapshots using rsync
  • Implement migration fallback to rsync
  • Change ShiftIfNecessary to shift on startup
  • make i18n for profiles output in info
  • reduce verbiage to fit help text more efficiently
  • Make blkio limits more robust
  • add eth0 "name" to the default profile
  • only print profile applied message on success
  • init: Attempt to modprobe the zfs module
  • init: Use zpool create -f to work on unformatted disks
  • init: Improve detection of available backends
  • zfs: Fix cross-backend copies
  • fix stresstest.sh to use byte suffix for limits.memory
  • fix command-line-user-experience examples of limits.memory to include byte suffix

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.0.beta1 release announcement

26th of January 2016

The main changes for this release are