News¶

Incus 6.9 has been released¶

Jan 24, 2025

Introduction¶

Happy new year!

The Incus team is pleased to announce the release of Incus 6.9!

This is a bit of a lighter release given the holiday break, but it features some nice feature additions on top of the usual health dose of bugfixes.

As usual, you can try it for yourself online: https://linuxcontainers.org/incus/try-it/

Enjoy!

New features¶

Instance network ACL on bridge networks¶

Network ACLs can now be directly applied to instances running on a managed network bridge, so long as the system is using nft for its firewalling (can be checked with incus info).

This allows for networking micro-segmentation by having various instances running on the same bridged network having individual ingress/egress firewall rules applied to them.

Network ACLs can be created and managed through incus network acl and then applied to the relevant NIC interfaces using the security.acls configuration key.

ACL documentation: https://linuxcontainers.org/incus/docs/main/howto/network_acls/
Bridge documentation: https://linuxcontainers.org/incus/docs/main/reference/network_bridge/
NIC documentation: https://linuxcontainers.org/incus/docs/main/reference/devices_nic/#nic-bridged

Enhancements to QEMU scriptlet¶

The QEMU scriptlet has been further improved in this release.

All scriptlet calls now provide the full instance structure, offering access to the instance configuration, list of profiles, ...

A new config hook was also added which runs prior to QEMU being started at all.
This hook cannot be used to send QMP commands, but it allows calling new functions to alter the QEMU configuration file or command line arguments:

• get_qemu_cmdline
• set_qemu_cmdline
• get_qemu_conf
• set_qemu_conf

Documentation: https://linuxcontainers.org/incus/docs/main/reference/instance_options/#advanced-use

VM memory dumps¶

A new incus debug memory-dump command and matching API has been added to provide an easy way to get a virtual machine memory dump.

Incus VMs also now include the necessary additional device to allow for Windows virtual machines to provide memory debug information allowing for a memory dump that can be loaded in the Windows debugger.

stgraber@dakara:~$ incus launch images:debian/12 v1 --vm
Launching v1
stgraber@dakara:~$ incus debug dump-memory v1 debug --format=elf
stgraber@dakara:~$ file debug
debug: ELF 64-bit LSB core file, x86-64, version 1 (SYSV), SVR4-style

Uplink addresses in OVN network state¶

It's now possible to get the uplink IPv4 and IPv6 addresses directly from incus network info.

stgraber@athos:~# incus network info default
Name: default
MAC address: 00:16:3e:8d:51:b6
MTU: 1500
State: up
Type: broadcast

IP addresses:
  inet   10.22.45.1/24 (link)
  inet6  2602:fc62:b:8006::1/64 (link)

Network usage:
  Bytes received: 0B
  Bytes sent: 0B
  Packets received: 0
  Packets sent: 0

OVN:
  Chassis: delmak
  Logical router: incus-net13-lr
  IPv4 uplink address: 172.17.200.106
  IPv6 uplink address: 2602:fc62:b:200::106

Creation of storage volumes through server preseed file¶

It's now possible to define some initial storage volumes directly through the server preseed file.
This can be useful to set up some shared volumes to be used by a profile that's also part of the preseed, or as a way to define volumes to be used for Incus images or backups storage.

Documentation: https://linuxcontainers.org/incus/docs/main/howto/initialize/#configuration-format

Setting description in create commands¶

All create commands now have a --description option which can be used to directly set the description field on the object.

stgraber@dakara:~$ incus profile create foo --description "Example profile"
Profile foo created
stgraber@dakara:~$ incus profile list
+---------+-----------------------+---------+
|  NAME   |      DESCRIPTION      | USED BY |
+---------+-----------------------+---------+
| default | Default Incus profile | 6       |
+---------+-----------------------+---------+
| foo     | Example profile       | 0       |
+---------+-----------------------+---------+

Complete changelog¶

Here is a complete list of all changes in this release:

Documentation¶

The Incus documentation can be found at:
https://linuxcontainers.org/incus/docs/main/

Packages¶

There are no official Incus packages as Incus upstream only releases regular release tarballs. Below are some available options to get Incus up and running.

Installing the Incus server on Linux¶

Incus is available for most common Linux distributions. You'll find detailed installation instructions in our documentation.

https://linuxcontainers.org/incus/docs/main/installing/

Homebrew package for the Incus client¶

The client tool is available through HomeBrew for both Linux and MacOS.

https://formulae.brew.sh/formula/incus

Chocolatey package for the Incus client¶

The client tool is available through Chocolatey for Windows users.

https://community.chocolatey.org/packages/incus/6.9.0

Winget package for the Incus client¶

The client tool is also available through Winget for Windows users.

https://winstall.app/apps/LinuxContainers.Incus

Support¶

Monthly feature releases are only supported up until the next release comes out. Users needing a longer support length and less frequent changes should consider using Incus 6.0 LTS instead.

Community support is provided at: https://discuss.linuxcontainers.org
Commercial support is available through: https://zabbly.com/incus
Bugs can be reported at: https://github.com/lxc/incus/issues

Incus 6.0.3 LTS has been released¶

Dec 19, 2024

Introduction¶

The Incus team is pleased to announce the release of Incus 6.0.3!

This is the third bugfix release for Incus 6.0 which is supported until June 2029.

Changes¶

As usual this bugfix releases focus on stability and hardening.

Minor improvements have also been backported, specifically anything which does not require data migration, database changes or cause any unexpected change to user facing behavior.

The number of such improvements will decrease over time within the LTS branch.

Some of the highlights for this release are:

• OS info for virtual machines (incus info)
• Console history for virtual machines (incus console --show-log)
• Ability to create clustered LVM pools directly through Incus
• QCOW2 and VMDK support in incus-migrate
• Configurable macvlan mode (bridge, vepa, passthru or private)
• Load-balancer health information (incus network load-balancer info)
• External interfaces in OVN networks (support for bridge.external_interfaces)
• Parallel cluster evacuation/restore (on systems with large number of CPUs)
• Introduction of incus webui as a quick way to access the web interface
• Automatic cluster re-balancing
• Partial instance/volume refresh (incus copy --refresh-exclude-older --refresh)
• Configurable columns, formatting and refresh time in incus top
• Support for DHCP ranges in OVN (ipv4.dhcp.ranges)
• Support for changing the backing interface of a managed physical network
• Extended QEMU scriptlet (additional functions)
• New log file for QEMU QMP traffic (qemu.qmp.log)
• New get_instances_count function available in placement scriptlet
• Support for --format in incus admin sql
• Storage live migration for virtual machines
• New authorization scriptlet as an alternative to OpenFGA
• API to retrieve console screenshots
• Configurable initial owner for custom storage volumes (initial.uid, initial.gid, initial.mode)
• Image alias reuse on import (incus image import --reuse --alias)
• New incus-simplestreams prune command
• Console access locking (incus console --force to override)

The full list of commits is available below:

Support and upgrade¶

The Incus 6.0 branch is supported until June 2029. It's always strongly recommended to keep up and run the latest LTS bugfix release.

Downloads¶

• Main release tarball: incus-6.0.3.tar.xz
• GPG signature: incus-6.0.3.tar.xz.asc

Thanks¶

This LTS release update was made possible thanks to funding provided by the Sovereign Tech Fund (now part of the Sovereign Tech Agency).

[quote]
The Sovereign Tech Fund supports the development, improvement, and maintenance of open digital infrastructure. Its goal is to sustainably strengthen the open source ecosystem, focusing on security, resilience, technological diversity, and the people behind the code.
[/quote]

Find out more at: https://www.sovereign.tech

Incus 6.8 has been released¶

Dec 13, 2024

Introduction¶

The Incus team is pleased to announce the release of Incus 6.8!

This is the last release for 2024 but it still packs a punch with a bunch of VM related improvements, including the ability to move a running VM between storage pools, a new authorization backend, improvements to volume handling for application containers and more.

As usual, you can try it for yourself online: https://linuxcontainers.org/incus/try-it/

Happy holidays!

New features¶

Storage live migration for VMs¶

It's now possible to move a VM between storage pools while it's running.
Note however that for this to work, the VM must also be moved to another server within a cluster, that's needed to avoid having two instances of QEMU for the same VM running on any one server during the migration

Moving from one pool to another can be done with:

incus move NAME --storage NEW-POOL --target ANOTHER-SERVER

Authorization scriptlet¶

A new authorization control method has been introduced in the form of an authorization scriptlet.
This allows for custom built-in authorization control which can be combined with TLS or OIDC authentication.

Documentation: https://linuxcontainers.org/incus/docs/main/authorization/#scriptlet-authorization

Console screenshots for VMs¶

To make it easier to develop GUI or WebUI clients for Incus, we now have an easy way to get a one off screenshot of VM VGA consoles.

Doing so has the advantage of being pretty lightweight and can be done even when a user is currently connected to the VGA console.

To get a PNG screenshot of a VM, just hit GET /1.0/instances/NAME/console?type=vga

Initial owner and mode for custom storage volumes¶

To make it easier to create custom storage volumes used for storage of OCI containers data, a few new custom storage volume configuration options have been added:

• initial.uid
• initial.gid
• initial.mode

Those can be passed at volume creation time and as the name imply, will set the initial values for the uid, gid and mode of the root directory within that volume.

Example:

incus storage volume create default my-volume size=5GiB initial.uid=1000 initial.gid=1000 initial.mode=0700

Small updates to the OpenFGA model¶

The OpenFGA access model has been slightly tweaked with this release.

The initial permission of user:* viewer server:incus which was allowing basic read-only access to global resources for any authenticated user has now been replaced by the equivalent user:* authenticated server:incus.

And in turn the viewer permission can now directly be assigned to users and grants full server-wide read-only access (not just global resources).

The permission will automatically get updated on update.

Additionally a new can_view_sensitive entitlement has been added which allows controlling who can read sensitive configuration like the server configuration.

Image alias reuse on import¶

Similar to what's been around in incus publish, it's now possible to run incus image import --reuse --alias ALIAS image.tar.xz to have the image imported and have it replace the image identified by the alias ALIAS.

New incus-simplestreams prune command¶

A new incus-simplestreams prune command has been added to keep simplestreams image servers clean. When run it will identify and cleanup:

• Image files that don't belong to any image in the index
• Index entries for which image files are missing
• Older index entries (defaults to keeping the previous 2 images)

Console access locking¶

Console access has always been limited to a single user at a time.
Previously whoever would connect last would take over any existing session.

As this was often the source of some surprise and issues, console access is now under a lock. Connecting when a session is already active results in an error which can be overriden with the force flag.

Example:

incus console remote-server:windows-2022 --force

Complete changelog¶

Here is a complete list of all changes in this release:

Documentation¶

The Incus documentation can be found at:
https://linuxcontainers.org/incus/docs/main/

Packages¶

There are no official Incus packages as Incus upstream only releases regular release tarballs. Below are some available options to get Incus up and running.

Installing the Incus server on Linux¶

Incus is available for most common Linux distributions. You'll find detailed installation instructions in our documentation.

https://linuxcontainers.org/incus/docs/main/installing/

Homebrew package for the Incus client¶

The client tool is available through HomeBrew for both Linux and MacOS.

https://formulae.brew.sh/formula/incus

Chocolatey package for the Incus client¶

The client tool is available through Chocolatey for Windows users.

https://community.chocolatey.org/packages/incus/6.8.0

Winget package for the Incus client¶

The client tool is also available through Winget for Windows users.

https://winstall.app/apps/LinuxContainers.Incus

Support¶

Monthly feature releases are only supported up until the next release comes out. Users needing a longer support length and less frequent changes should consider using Incus 6.0 LTS instead.

Community support is provided at: https://discuss.linuxcontainers.org
Commercial support is available through: https://zabbly.com/incus
Bugs can be reported at: https://github.com/lxc/incus/issues

Incus 6.7 has been released¶

Nov 15, 2024

Introduction¶

The Incus team is pleased to announce the release of Incus 6.7!

This is another one of those pretty well rounded releases with new features and improvements for everyone from standalone users to those running a small homelab all the way to large scale cluster users, there's something for everyone!

As usual, you can try it for yourself online: https://linuxcontainers.org/incus/try-it/

Enjoy!

New features¶

Easy access to the Incus web interface¶

A frequent source of frustration for our users have been about how to access the Incus web UI.

That's because out of the box, Incus doesn't listen on the network at all, then once configured to listen on the network, it only does so over HTTPS and unless running in an environment with a central OpenID Connect authentication server, it only authenticates through TLS client certificates.

It's certainly possible to make it work, but the process would normally look like:

1) Enable Incus to listen on the network
2) Access Incus from a web browser
3) Dismiss the certificate warning
4) Generate a client certificate from within the browser
5) Trust the public half through the Incus CLI
6) Import the public+private keypair into the browser as a user certificate
7) Reload the browser and hope it properly authenticates with that user certificate

Now there is a significantly simpler alternative to all that which still provides much of the same security, just run incus webui.

Running that command causes the Incus client tool to run a small HTTP web server on a random port of the loopback device. Access to that web server is limited to a unique token, used to prevent another user or piece of software on the system from interacting with Incus without authorization, when presented the correct token, all further interactions are proxied through to the Incus server using the same credentials as the client tool.

Automatic cluster re-balancing¶

With Incus clusters supporting VM live-migration, having pretty flexible scheduling/placement logic and the ability to automatically heal when a server goes down, the next logic piece was to add the ability for automatic re-balancing of the cluster.

This is now possible and can be configured through a few new configuration keys:

• cluster.rebalance.batch controls how many instances to relocate during one round
• cluster.rebalance.cooldown controls how long to wait before an instance can be moved again
• cluster.rebalance.interval controls how often to consider relocating instances
• cluster.rebalance.threshold controls how much difference (in percent) of estimated load difference is needed between two servers to trigger a re-balancing

Incus effectively calculates a score for each server within the cluster, then compares the one with the highest score to the one with the lowest score, if the difference exceeds the threshold, then a number of instances will be moved between the two.

The score is currently based on the server's 1min load average adjusted for the number of CPUs on the system and how much memory is available.

Only live-migratable virtual machines are moved and only when they meet all migration requirements both as far as their configuration and any restrictions applied to them in their project.

Documentation: https://linuxcontainers.org/incus/docs/main/howto/cluster_manage/#cluster-re-balancing

DHCP renewal for OCI containers¶

A somewhat common issue with running OCI containers on Incus has been related to network configuration. OCI containers generally don't perform their own network configuration, they expect to start up and find a fully configured network stack (address, route, DNS).

To make that work, Incus has been running a small DHCP client during the instance initialization stage, setting up the networking. However this was a one-time process, leading to issues such as DNS records expiring when the DHCP lease would go un-renewed.

Starting with Incus 6.7, the DHCP client now goes into the background and joins the container, allowing it to handle lease renewal, avoiding such issues.

Partial instance/volume refresh¶

A commonly used feature for Incus instance backups is to use copy --refresh, this effectively has Incus compare the source and target instances, transferring any missing snapshots to the target before also synchronizing the current state.

This works quite well but there are cases where it makes sense to do some cleanup on the backup server and delete some of those snapshots. Unfortunately, the next refresh would then bring back anything that was deleted, even if those were older snapshots that didn't make much sense to keep around.

One solution to that is of course to go and delete the snapshots on the source, but there are cases where the source would like to hold on to those snapshots, effectively keeping more history than the backup server.

To accommodate that, a new --refresh-exclude-older flag has been added which when passed in combination with --refresh, will look for the most recent shared snapshot and only transfer any snapshots created after that point, effectively ignoring any missing older snapshots on the target.

Configurable columns, formatting and refresh time for incus top¶

incus top now joins a long list of commands in supporting --format and --columns, allowing to customize how and what to render.

Additionally, it also gets a --refresh flag to configure how often to refresh the output.

Support for DHCP address ranges on OVN networks¶

The ipv4.dhcp.ranges configuration option now also applies to OVN networks.

This allows for having just a subset of the network subnet be used for dynamic IP allocation, leaving the rest reserved for static IP assignments or for other uses.

Changing of parent device for physical networks¶

It's now possible to change the value of the parent property on a managed network of type physical. This allows for moving an OVN uplink network to a different device as sometimes may happen when the physical network is reconfigured or physical network interfaces are replaced.

Additional QMP helpers in QEMU scriptlet¶

A number of additional functions are now available to the QEMU scriptlet.

This includes a new run_command which is a convenience wrapper around run_qmp and makes it easier to run a simple command

As well as simple wrappers for the following commands:

• blockdev_add
• blockdev_del
• chardev_add
• chardev_change
• chardev_remove
• device_add
• device_del
• netdev_add
• netdev_del
• object_add
• object_del
• qom_get
• qom_list
• qom_set

New log file for QEMU QMP commands¶

A new qemu.qmp.log file is now available on virtual-machines and keeps a log of most interactions between Incus and QEMU.

root@castiana:~# incus list v1
+------+---------+-----------------------+-------------------------------------------------+-----------------+-----------+
| NAME |  STATE  |         IPV4          |                      IPV6                       |      TYPE       | SNAPSHOTS |
+------+---------+-----------------------+-------------------------------------------------+-----------------+-----------+
| v1   | RUNNING | 10.178.240.4 (enp5s0) | fd42:8384:a6f8:63a0:216:3eff:fe4d:5cad (enp5s0) | VIRTUAL-MACHINE | 0         |
+------+---------+-----------------------+-------------------------------------------------+-----------------+-----------+
root@castiana:~# cat /var/log/incus/v1/qemu.qmp.log 
[2024-11-15T13:11:52-05:00] QUERY: {"execute":"query-cpus-fast"}
[2024-11-15T13:11:52-05:00] REPLY: {"return": [{"thread-id": 443303, "props": {"core-id": 0, "thread-id": 0, "node-id": 0, "socket-id": 0}, "qom-path": "/machine/unattached/device[0]", "cpu-index": 0, "target": "x86_64"}]}

[2024-11-15T13:11:52-05:00] QUERY: {"execute":"netdev_add","arguments":{"fds":"/dev/net/tun.0:/dev/net/tun.1","id":"incus_eth0","type":"tap","vhost":true,"vhostfds":"/dev/vhost-net.0:/dev/vhost-net.1"}}
[2024-11-15T13:11:52-05:00] REPLY: {"return": {}}

[2024-11-15T13:11:52-05:00] QUERY: {"execute":"device_add","arguments":{"addr":"00.0","bootindex":"1","bus":"qemu_pcie4","driver":"virtio-net-pci","id":"dev-incus_eth0","mac":"00:16:3e:4d:5c:ad","mq":"on","netdev":"incus_eth0","vectors":"6"}}
[2024-11-15T13:11:52-05:00] REPLY: {"return": {}}

[2024-11-15T13:11:52-05:00] QUERY: {"execute":"blockdev-add","arguments":{"aio":"native","cache":{"direct":true,"no-flush":false},"discard":"unmap","driver":"host_device","filename":"/dev/fdset/0","locking":"off","node-name":"incus_root","read-only":false}}
[2024-11-15T13:11:52-05:00] REPLY: {"return": {}}

[2024-11-15T13:11:52-05:00] QUERY: {"execute":"device_add","arguments":{"bootindex":"0","bus":"qemu_scsi.0","channel":"0","drive":"incus_root","driver":"scsi-hd","id":"dev-incus_root","lun":"1","serial":"incus_root"}}
[2024-11-15T13:11:52-05:00] REPLY: {"return": {}}

[2024-11-15T13:11:52-05:00] QUERY: {"execute":"system_reset"}
[2024-11-15T13:11:52-05:00] REPLY: {"return": {}}

[2024-11-15T13:11:52-05:00] QUERY: {"execute":"set-action","arguments":{"panic":"pause","reboot":"shutdown","shutdown":"poweroff"}}
[2024-11-15T13:11:52-05:00] REPLY: {"return": {}}

[2024-11-15T13:11:52-05:00] QUERY: {"execute":"cont"}
[2024-11-15T13:11:52-05:00] REPLY: {"return": {}}

[2024-11-15T13:11:52-05:00] QUERY: {"execute":"query-status"}
[2024-11-15T13:11:52-05:00] REPLY: {"return": {"status": "running", "running": true}}

New get_instances_count command for placement scriptlet¶

A new get_instances_count function was added to the placement scriptlet.

This can be used to get a quick count of the number of instances in total, or within a project/location combination. It can also be made to include instances currently being created rather than just those that are already fully created.

As part of this addition, a small change was also made to the list of candidates provided to the scriptlet, the candidate list is now sorted based on the total number of instances that they hold (from least to most busy).

Support of --format in incus admin sql¶

incus admin sql now supports the usual --format option.

This is particularly useful when querying a single SQL column and using --format=csv as this then allows getting the raw value in a format already usable within scripts.

Complete changelog¶

Here is a complete list of all changes in this release:

Documentation¶

The Incus documentation can be found at:
https://linuxcontainers.org/incus/docs/main/

Packages¶

There are no official Incus packages as Incus upstream only releases regular release tarballs. Below are some available options to get Incus up and running.

Installing the Incus server on Linux¶

Incus is available for most common Linux distributions. You'll find detailed installation instructions in our documentation.

https://linuxcontainers.org/incus/docs/main/installing/

Homebrew package for the Incus client¶

The client tool is available through HomeBrew for both Linux and MacOS.

https://formulae.brew.sh/formula/incus

Chocolatey package for the Incus client¶

The client tool is available through Chocolatey for Windows users.

https://community.chocolatey.org/packages/incus/6.7.0

Winget package for the Incus client¶

The client tool is also available through Winget for Windows users.

https://winstall.app/apps/LinuxContainers.Incus

Support¶

Monthly feature releases are only supported up until the next release comes out. Users needing a longer support length and less frequent changes should consider using Incus 6.0 LTS instead.

Community support is provided at: https://discuss.linuxcontainers.org
Commercial support is available through: https://zabbly.com/incus
Bugs can be reported at: https://github.com/lxc/incus/issues

Incus 6.6 has been released¶

Oct 3, 2024

Introduction¶

The Incus team is pleased to announce the release of Incus 6.6!

A slightly less busy release this time, mostly due to traveling to the Linux Plumbers Conference and associated events a few weeks ago.

But still far from a boring release. On top of the usual bugfix and performance improvements, we're getting a number of nice additions for virtual machines, improved clustered LVM support, improvements to incus-migrate and a number of new network features!

As usual, you can try it for yourself online: https://linuxcontainers.org/incus/try-it/

Enjoy!

New features¶

OS info for virtual machines¶

The Incus VM agent has been extended to pull some additional details about the virtual machine.

stgraber@dakara:~$ incus info v1
Name: v1
Status: RUNNING
Type: virtual-machine
Architecture: x86_64
PID: 3753543
Created: 2024/09/24 10:02 EDT
Last Used: 2024/10/03 11:29 EDT
Started: 2024/10/03 11:29 EDT

Operating System:
  OS: Ubuntu
  OS Version: 24.04.1 LTS (Noble Numbat)
  Kernel Version: 6.10.11-zabbly+
  Hostname: v1
  FQDN: v1

Resources:
  Processes: 35
  Disk usage:
    root: 1.02GiB
  CPU usage:
    CPU usage (in seconds): 4
  Memory usage:
    Memory (current): 374.78MiB
  Network usage:
    enp5s0:
      Type: broadcast
      State: UP
      Host interface: tap84ebf5ff
      MAC address: 00:16:3e:75:89:6e
      MTU: 1500
      Bytes received: 3.13kB
      Bytes sent: 1.30kB
      Packets received: 27
      Packets sent: 12
      IP addresses:
        inet:  172.17.250.94/24 (global)
        inet6: 2602:fc62:c:250:216:3eff:fe75:896e/64 (global)
        inet6: fe80::216:3eff:fe75:896e/64 (link)
    lo:
      Type: loopback
      State: UP
      MTU: 65536
      Bytes received: 5.92kB
      Bytes sent: 5.92kB
      Packets received: 80
      Packets sent: 80
      IP addresses:
        inet:  127.0.0.1/8 (local)
        inet6: ::1/128 (local)

This information is only available for virtual machines at this time as containers don't run an agent and directly fetching that information from the container's filesystem can be unsafe.

Console history for virtual machines¶

Console access with containers has always been pretty flexible with both interactive access (incus console) and non-interactive text log (incus console --show-log) both being available.

For virtual machines however, things were a bit more limited as QEMU didn't allow us to simultaneously send the console to an interactive device as well as recording everything into a ring buffer.

But we have since found a way to make it work by having QEMU switch between an interactive backend and a ringbuffer depending on whether someone is connected to the console.

The end result is that incus console --show-log now works for virtual machines too!

stgraber@dakara:~$ incus console --show-log v1
BdsDxe: loading Boot0006 "Ubuntu" from HD(1,GPT,B7DD04C0-15CE-482C-A6AC-7278FDA10CF6,0x800,0x32000)/\EFI\ubuntu\shimx64.efi
BdsDxe: starting Boot0006 "Ubuntu" from HD(1,GPT,B7DD04C0-15CE-482C-A6AC-7278FDA10CF6,0x800,0x32000)/\EFI\ubuntu\shimx64.efi
rootfs: clean, 58918/6393600 files, 1074908/13081339 blocks

Ubuntu 24.04.1 LTS v1 ttyS0

v1 login:

Ability to create clustered LVM volume groups¶

Incus has supported clustered LVM for a few releases now, but up until now, the shared volume group had to be pre-created by the user.

Now Incus allows you to directly specify the shared block device and have it create the volume group.

root@server01:~# incus storage create demo-lvm lvmcluster source=/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_incus_demo--shared --target server01
Storage pool demo-lvm pending on member server01
root@server01:~# incus storage create demo-lvm lvmcluster source=/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_incus_demo--shared --target server02
Storage pool demo-lvm pending on member server02
root@server01:~# incus storage create demo-lvm lvmcluster source=/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_incus_demo--shared --target server03
Storage pool demo-lvm pending on member server03
root@server01:~# incus storage create demo-lvm lvmcluster source=/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_incus_demo--shared --target server04
Storage pool demo-lvm pending on member server04
root@server01:~# incus storage create demo-lvm lvmcluster
Storage pool demo-lvm created

QCOW2 and VMDK support in incus-migrate¶

The standalone incus-migrate tool can now import existing QCOW2 and VMDK based virtual machines. This relies on qemu-img being available on the system to handle the conversion.

root@dakara:~# incus-migrate 
The local Incus server is the target [default=yes]: 
Would you like to create a container (1) or virtual-machine (2)?: 2
Project to create the instance in [default=default]: 
Name of the new instance: foo
Please provide the path to a disk, partition, or qcow2/raw/vmdk image file: /home/stgraber/demo/rhel9.qcow2
Does the VM support UEFI booting? [default=yes]: 
Does the VM support UEFI Secure Boot? [default=yes]:

Instance to be created:
  Name: foo
  Project: default
  Type: virtual-machine
  Source: /home/stgraber/demo/rhel9.qcow2
  Source format: qcow2

Additional overrides can be applied at this stage:
1) Begin the migration with the above configuration
2) Override profile list
3) Set additional configuration options
4) Change instance storage pool or volume size
5) Change instance network

Please pick one of the options above [default=1]:  
Converting image "/home/stgraber/demo/rhel9.qcow2" to raw format before importing
Instance foo successfully created

Configurable macvlan mode¶

Up until now, the macvlan mode was always fixed to bridged.
This can now be customized, allowing the other modes, such as vepa, passthru and private to be used too.

stgraber@dakara:~$ incus create images:ubuntu/24.04 c1
Creating c1
stgraber@dakara:~$ incus config device add c1 eth0 nic nictype=macvlan parent=enp35s0 mode=private name=eth0
Device eth0 added to c1
stgraber@dakara:~$ incus start c1

Load-balancer health information¶

With the recent addition of health monitoring to our OVN load-balancers, it made sense to further extend the API to also expose that health information.

root@server01:~# incus network load-balancer show default 172.31.254.50
description: ""
config:
  healthcheck: "true"
backends:
- name: c1
  description: ""
  target_port: ""
  target_address: 10.104.61.10
- name: c2
  description: ""
  target_port: ""
  target_address: 10.104.61.11
ports:
- description: ""
  protocol: tcp
  listen_port: "80"
  target_backend:
  - c1
  - c2
- description: ""
  protocol: tcp
  listen_port: "22"
  target_backend:
  - c1
  - c2
listen_address: 172.31.254.50
location: ""

root@server01:~# incus network load-balancer info default 172.31.254.50
Backend health:
  c1 (10.104.61.10):
    - tcp/80: online
    - tcp/22: offline

  c2 (10.104.61.11):
    - tcp/80: offline
    - tcp/22: online

External interfaces for OVN networks¶

It's now possible to attach an external physical interface on a specific server to a virtual OVN network. This allows bridging the gap between physical and virtual networking.

root@server01:~# incus network set bar bridge.external_interfaces=foo --target server02
root@server01:~# incus network info bar
Name: bar
MAC address: 00:16:3e:e6:b6:10
MTU: 1422
State: up
Type: broadcast

IP addresses:
  inet  10.179.82.1/24 (link)
  inet6 fd42:3f01:28ef:4257::1/64 (link)

Network usage:
  Bytes received: 0B
  Bytes sent: 0B
  Packets received: 0
  Packets sent: 0

OVN:
  Chassis: server01
  Logical router: incus-net25-lr
root@server01:~# ovn-nbctl lsp-list incus-net25-ls-int
e7070089-c979-4bc1-b6f2-1f63008af44b (incus-net25-external-n2-foo)
65eba7f1-e150-4dce-b054-180e389e4d58 (incus-net25-ls-int-lsp-router)

Parallel cluster evacuation/restore¶

Cluster evacuation and restoration can be a pretty lengthy process, especially on clusters running a lot of instances.

To improve this, we will now automatically parallelize this process.
In order to limit the impact, this is done pretty conservatively and only adds an extra parallel migration per 16 CPU threads. So even one of the beefiest servers out there with 512 threads will only see 32 instances be moved concurrently.

Complete changelog¶

Here is a complete list of all changes in this release:

Documentation¶

The Incus documentation can be found at:
https://linuxcontainers.org/incus/docs/main/

Packages¶

There are no official Incus packages as Incus upstream only releases regular release tarballs. Below are some available options to get Incus up and running.

Installing the Incus server on Linux¶

Incus is available for most common Linux distributions. You'll find detailed installation instructions in our documentation.

https://linuxcontainers.org/incus/docs/main/installing/

Homebrew package for the Incus client¶

The client tool is available through HomeBrew for both Linux and MacOS.

https://formulae.brew.sh/formula/incus

Chocolatey package for the Incus client¶

The client tool is available through Chocolatey for Windows users.

https://community.chocolatey.org/packages/incus/6.6.0

Winget package for the Incus client¶

The client tool is also available through Winget for Windows users.

https://winstall.app/apps/LinuxContainers.Incus

Support¶

Monthly feature releases are only supported up until the next release comes out. Users needing a longer support length and less frequent changes should consider using Incus 6.0 LTS instead.

Community support is provided at: https://discuss.linuxcontainers.org
Commercial support is available through: https://zabbly.com/incus
Bugs can be reported at: https://github.com/lxc/incus/issues

Older news¶

• Sep 17, 2024
• Sep 6, 2024
• Aug 9, 2024
• Jul 12, 2024
• Jun 28, 2024
• May 31, 2024
• May 7, 2024
• Apr 4, 2024
• Mar 26, 2024
• Feb 23, 2024
• Jan 29, 2024
• Jan 26, 2024
• Dec 21, 2023
• Nov 27, 2023
• Oct 28, 2023
• Oct 7, 2023