News¶
LXC/LXD/LXCFS 2.0 - End of Life のお知らせ¶
14th of June 2021
はじめに ¶
2.0 LTS ブランチがサポート終了(End of Life)をむかえました。
これは次のプロジェクトに影響します:
- LXC 2.0(2016 年 4 月 6 日リリース)
- LXCFS 2.0(2016 年 3 月 31 日リリース)
- LXD 2.0(2016 年 4 月 11 日リリース)
5年以上にわたるバグフィックスとセキュリティメンテナンスを経て、これらのリリースはサポート期間が終了しました。
具体的には、これは新規リリースは今後行わず、対象の stable ブランチをクローズし、関連する CI を無効化します。
まだ対象のプロダクトをご利用のユーザーは、できるだけ早くサポートされているリリースへアップデートしてください。
長期サポートリリース ¶
開発元は LTS ブランチの 5 年間のサポートをコミットしています。 LTS ブランチは LXC、LXCFS、LXD に存在し、バグフィックスやセキュリティフィックスがバックポートされます。
LTS ブランチには新しい機能は追加されません。そして、最新の LTS ブランチにのみ、大部分のバグフィックスがバックポートされます。新しい LTS ブランチがリリースされると、その前の LTS ブランチにはセキュリティと重要なバグフィックスのみが適用されます。
サポート中のリリース ¶
現在サポート中の LTS リリースは 2 つあります。2023 年 6 月までサポートされる 3.0 リリースと、2025 年 6 月までサポートされる 4.0 です。
さらに、いくつかのプロジェクト(現在は LXD)では、もっと頻繁な機能(feature)リリースが行われます。このようなリリースは、長期的なサポートはなく、通常は次の機能リリースがリリースされるまでしかサポートされません。
LXD 4.15 リリースのお知らせ ¶
4th of June 2021
はじめに ¶
LXD チームは LXD 4.15 のリリースをお知らせできることにとてもワクワクしています!
このリリースは、ほぼすべての人に対する新機能が含まれたエキサイティングなリリースです。 そのトップを飾る機能は間違いなく LXD の仮想マシンでネットワークインターフェースをホットアド・削除(動的に追加・削除)する機能です。これにより仮想マシンの使用感がコンテナの使用感により近づきます。 他に、様々なコマンドライン、監査機能、クラスター機能も改良されています。
Enjoy!
新機能とハイライト ¶
VM でのネットワークインターフェースのホットプラグ ¶
実行中の仮想マシンに、最大で 4 つまでのネットワークインターフェースが追加できるようになりました。 また、既存のネットワークインターフェースを実行中の仮想マシンから削除することもできます。
この機能は PCI ホットプラグ機能に依存していますので、ゲスト OS が適切にそれを処理する必要があります。
シャットダウンのタイムアウトが設定可能に ¶
新たな設定 core.shutdown_timeout は、LXD がシャットダウンを指示されたときに、既存の操作の完了を待つ時間を何分にするかが制御します。
この設定で、5 分というデフォルト値を上書きできます。長く実行されているlxc exec セッションを中断することが問題にならない環境では、この時間を短くしたり、LXD が終了する前に、すべての既存の操作を完了させたいような環境では、この時間を長くしたりできます。
新しい永続的な警告(時間のずれ、AppArmor、virtiofs) ¶
LXD 4.14 で導入した警告 API に、さらに警告を追加しました。
追加したのは:
- (ハートビートを通して行う)クラスターの時刻のずれの検出
- AppArmor サポートの不足や破損
- virtiofs サポートの不足や破損
新しい警告は適切なときに lxc warning list で表示されます。そして lxc warning ack で確認済みにできます。警告はその警告の原因がなくなったときもクリアされます(例えば時刻のずれがあるシステム上で NTP を実行した後など)。
/dev/lxd API の Location フィールド ¶
/dev/lxd API にアクセスできるゲストは、LXD クラスター上で実行されているとき、どのサーバー上で実行されているかを知ることができるようになりました。これは、ピアが同じホスト上で動作しているかどうか(つまり同時にダウンする可能性があるかどうか)がわかるようになり、インスタンス内で高可用性サービスを設定するのに役立ちます。
root@shell01:~# curl -s --unix-socket /dev/lxd/sock lxd/1.0 | jq .location "abydos"
lxc config trust list コマンドの新たな type と name カラム ¶
LXD 4.14 で証明書タイプとして server が追加されたのを受けて、証明書ごとにカスタマイズ可能な名前とタイプを表示できるように lxc config trust list の出力の再実装を行いました。
stgraber@castiana:~$ lxc config trust list +--------+--------------------+----------------+--------------+------------------------------+------------------------------+ | TYPE | NAME | COMMON NAME | FINGERPRINT | ISSUE DATE | EXPIRY DATE | +--------+--------------------+----------------+--------------+------------------------------+------------------------------+ | client | nsec-ansible01 | root@ansible01 | f256b2ab81a0 | Mar 21, 2021 at 6:50pm (UTC) | Mar 19, 2031 at 6:50pm (UTC) | +--------+--------------------+----------------+--------------+------------------------------+------------------------------+ | client | stgraber-ansible01 | root@ansible01 | 58ea2754fe55 | Dec 16, 2020 at 3:07am (UTC) | Dec 14, 2030 at 3:07am (UTC) | +--------+--------------------+----------------+--------------+------------------------------+------------------------------+ | server | abydos | root@abydos | 1a9ab6d52b76 | Dec 14, 2020 at 5:58pm (UTC) | Dec 12, 2030 at 5:58pm (UTC) | +--------+--------------------+----------------+--------------+------------------------------+------------------------------+ | server | langara | root@langara | e3e4701ef455 | Dec 14, 2020 at 5:58pm (UTC) | Dec 12, 2030 at 5:58pm (UTC) | +--------+--------------------+----------------+--------------+------------------------------+------------------------------+ | server | orilla | root@orilla | d015dc8484da | Dec 14, 2020 at 5:58pm (UTC) | Dec 12, 2030 at 5:58pm (UTC) | +--------+--------------------+----------------+--------------+------------------------------+------------------------------+
データベースのスタンバイサーバーとして動作しているクラスターメンバーが確認可能に ¶
LXD クラスターでは、最初の 3 つのサーバーがデータベースサーバーとして動作します。そして、その次の 2 つがスタンバイデータベースサーバーとして動作し、残りのサーバーはクライアントとしてだけ動作します。そしてマシンの増減に応じてクラスター内で動的に役割を切り替えます。
この動きは変わっていませんが、どのサーバーがスタンバイデータベースサーバーであるかを知ることができるようになりました。
データーベースに参加しているサーバーはすべて、lxc cluster list で database フラグが YES に設定され、lxc cluster show を実行すると、ロールリストに database または database-standby のいずれかが表示されるようになりました。
lxc monitor --pretty がライフサイクルイベントをサポートしました ¶
すでに --type=logging でサポートされていたのと同様に、lxc monitor --type=lifecycle のコンパクトバージョンが --pretty フラグで利用できるようになりました。
stgraber@castiana:~$ lxc monitor --type=lifecycle --pretty INFO[06-04|13:34:46] Action: instance-restarted, Source: /1.0/instances/redoc
lxc publish への新しい --expire フラグの追加 ¶
lxc publish で、新たにタイムスタンプを使った --expire フラグが使えるようになりました。
このフラグは、インスタンスのイメージメタデータに既に存在する有効期限を上書きするために使います。
Requestor がライフサイクルイベントをを記録するようになりました ¶
ライフサイクルイベントが新たに requestor セクションを持つようになりました。ここで、プロトコルと、アクションを実行したユーザー情報が提供されるようになりました。
location: none
metadata:
action: instance-restarted
requestor:
protocol: unix
username: stgraber
source: /1.0/instances/redoc
timestamp: "2021-06-04T13:33:05.33764627-04:00"
type: lifecycle
メインの API エンドポイントでのプロキシーヘッダーのサポート ¶
新たな設定オプション core.https_trusted_proxy が追加されました。この設定には、LXD API のフロントに存在するリバースプロキシーサーバーを、カンマ区切りの IP アドレスのリストとして設定できます。
これにより、LXD クラスターの前面に HAProxy のようなプロキシーサーバーを置くことができるようになり、LXD のログでクライアントの IP アドレスが確認できるようにしたまま、クラスター全体にリクエストを送出できるようになります。
REST API がすべて swagger でカバーされるようになりました ¶
REST API 全体へのメタデータの追加が完了しました。従来のマークダウン形式の API ドキュメントを廃止し、Swagger 仕様へ変更しました。
そのドキュメントはこちらにあります: https://linuxcontainers.org/lxd/api/master/
すべての変更点(翻訳なし)¶
このリリースでの完全な変更点のリストは次の通りです:
- lxd/main/init/interactive: Clear config.Cluster.ClusterPassword after setting up trust
- lxc/config_trust: Add type and name columns
- [Doc] fix description of PATCH warning in rest-api.md
- tests: Update for trust list change
- i18n: Update translation templates
- [Doc] Fix remove duplicated sentences in doc/network-acls.md
- lxd/images: Improve logging
- lxd/api/1/0: Whitespace
- lxd/api/1/0: Update d.gateway.HeartbeatOfflineThreshold when cluster.offline_threshold is changed
- lxd/cluster/config: Add minThreshold to offlineThresholdValidator
- lxd/cluster/gateway: Add HeartbeatOfflineThreshold var
- lxd/cluster/heartbeat: Improve logging and errors in HeartbeatNode
- lxd/cluster/heartbeat: Actually use taskCtx in HeartbeatNode for HTTP request base
- lxd/cluster/heartbeat: Don't re-run Update as this throws away discovered node liveness times
- lxd/cluster/heartbeat: tx.SetNodeHeartbeat to actual last heartbeat time
- lxd/cluster/heartbeat: Update Send to support dynamic spread duration
- lxd/cluster/heartbeat: Adds heartbeatInterval function
- lxd/cluster/heartbeat: Updates HeartbeatTask to use gateway.heartbeatInterval
- lxd/cluster/heartbeat: Removes heartbeatInterval constant
- lxd/cluster/heartbeat: Updates heartbeat to use interval derived from offline threshold
- lxd/daemon: Populate d.gateway.HeartbeatOfflineThreshold on init
- lxd/daemon: Adds taskClusterHeartbeat var and populates it
- lxd/cluster/heartbeat: Logging improvements
- lxc: Update interactive editor fail message to indicate ctrl+c can be used to abort change
- i18n: Update translation templates
- shared/api: Add swagger metadata for instance backups
- lxd/instances: Swagger for backups
- lxd: Support for reading cluster certificate from file
- doc: cluster_certificate_path documentation
- shared/api: Add swagger metadata for image metadata
- lxd/instances: Swagger for instance metadata
- doc/rest-api: Refresh swagger YAML
- lxd/images: Fix typo in swagger
- lxd/network/openvswitch: Adds shared unquote function
- lxd/network/openvswitch: Replace strconv.Unquote with unquote
- lxd/network/driver/bridge: Reuse consistent bridgeLink var rather than keep creating new vars
- lxd/network/driver/bridge: Bring up vxlan tunnel link
- lxd/network/driver/bridge: Use clearer naming for different link types
- lxd/network/driver/bridge: Don't use Link suffix for var names that don't represent links
- lxd/instances: Unmount shiftfs on startup failures
- lxd/cluster: Add core.shutdown_timeout
- lxd/api/cluster: Check if LXD closing down in rebalanceMemberRoles
- lxd/api/cluster: Call rebalanceMemberRoles from internalClusterRaftNodeDelete
- lxd/cluster/gateway: Logging improvements
- lxd/daemon: Logging improvements
- lxd/images: Logging improvements
- shared/api: Add swagger metadata for instances
- lxd/instances: Swagger for instances
- doc/rest-api: Refresh swagger YAML
- lxd/cluster/gateway: Add heartbeatCancelLock and heartbeatCancel vars
- lxd/cluster/heartbeat: Introduces heartbeatMode type and constants for heartbeat modes
- lxd/cluster/heartbeat: Updates heartbeat to accept mode argument
- lxd/cluster/heartbeat: Make end of heartbeat log message include local address for clarity
- lxd/cluster/heartbeat: Adds heartbeatRestart function
- lxd/cluster: g.heartbeat() usage
- lxd/cluster/gateway: Call g.heartbeatRestart from HandlerFuncs when handling a heartbeat
- lxd/cluster/heartbeat/test: Fixes TestHeartbeat so that it waits for join notification heartbeats to occur
- lxd/daemon/images: imageDownloadLock typo
- lxd: Support for core.shotdown_timeout
- doc: Add core.shutdown_timeout
- lxd/storage/ceph: Always return VolumeUsage
- doc/production-setup: Cover name leakage
- lxd/apparmor/instance: Deref OVMF path
- lxd/device/pci: Adds DeviceIOMMUGroup function
- lxd/device/nic/physical: Pass pciIOMMUGroup number to VM driver
- lxd/device/nic/sriov: Pass pciIOMMUGroup number to VM driver
- lxd/instance/drivers/qmp/commands: Adds AddNIC function
- lxd/instance/drivers/driver/qemu: Adds one missing op.Done call and removes 2 unnecessary ones
- lxd/instance/drivers/driver/qemu/templates: Correct comment on qemuPCIPhysical
- lxd/instance/drivers/driver/qemu/templates: Remove NIC specific templates
- lxd/instance/drivers/driver/qemu: Remove -chroot flag usage
- lxd/instance/drivers/driver/qemu: Converts NICs to be added via QMP rather than static config
- lxd/instance/drivers/driver/qemu: Remove old pid file on start if exists
- lxd/cluster/heartbeat: Fix heartbeatInterval()
- lxd/instance/qemu: queues is uint64
- lxd: Support for location in devlxd api
- lxd/instance/qemu: Support for location in writeInstanceData
- lxd-agent: Support for location in devlxd api
- lxd/instance/qemu: Support for security.devlxd default (true) value
- doc/environment: Documents LXD_CONF and LXD_GLOBAL_CONF env vars
- lxd/ip/link: MTU is an acronym and so should be uppercased in SetMtu function name
- lxd/ip/link: Renames Mtu field to MTU as it is an acronym
- lxd/device/device/utils/network: SetMTU usage
- lxd/network/network/utils: Removes InterfaceSetMTU
- lxd/network/network/utils: Adds InterfaceStatus function
- lxd/device/infiniband/physical: SetMTU usage
- lxd/device/infiniband/sriov: SetMTU usage
- lxd/device/nic/macvlan: SetMTU usage
- lxd/device/nic/physical: SetMTU usage
- lxd/device/nic/sriov: SetMTU usage
- lxd/network/driver/ovn: SetMTU usage
- lxd/network/driver/bridge: SetMTU usage
- lxd/network/network/utils/sriov: Updates sriovGetFreeVFInterface to use InterfaceStatus
- lxd/network/driver/physical: SetMTU usage
- lxd/network/driver/physical: Check that physical parent interface has no global unicast IPs configured on it before starting
- lxd/network/driver/ovn: Updates startUplinkPortPhysical to check uplink has no global unicast IPs configured
- lxd/instance/drivers/driver/qemu: Don't set multifunction=off as this upsets ccw driver
- lxd/instances/get: Renames doContainersGet to doInstancesGet
- lxd/instances/get: Remove some of the container specific terminology in doInstancesGet
- lxd/instances/get: Remove potential source of nil pointer dereference panic in doInstancesGet
- lxd/instance: Don't use RawOperation
- lxd/operations: Remove code duplication
- lxd/operations: Close forwarded websocket
- shared/network: Fix channel handling in WebsocketProxy
- client: Update for WebsocketProxy change
- lxd/instance/drivers/qmp/commands: Adds Reset function
- lxd/instance/drivers/driver/qemu: Updates getMonitorEventHandler to handle guest RESET events
- lxd/instance/drivers/driver/qemu: Workaround QEMU bug that prevents QMP added devices from using their bootindex setting
- lxc: Use consistent messaging when offering to respawn interactive editor
- i18n: Update translation templates
- lxd/operations: Spacing
- lxd/operations: Fix bug in operationsGet and operationsGetByType that was overwriting list entries with loop iterator pointer
- lxc/cluster: Always use default project in list-tokens command
- lxd/db: Expose database stand-by role on cluster members
- lxd/main/init/interactive: Don't attempt to connect to all join token candidates
- lxd/operations/operations: Use structured logging in Cancel
- lxd/images: Include operation ID in error in imageValidSecret
- lxd/certificates: Include operation ID in error in clusterMemberJoinTokenValid
- lxd/api/cluster: Delete any existing join token operation for potential member in clusterNodesPost
- shared/subprocess/proc: Add exit code to error message
- lxd/images: Maintain image public indicator when copying to member in imageSyncBetweenNodes
- lxd/images: Improve logging in imageSyncBetweenNodes
- lxd/images: Improve error message in imageSyncBetweenNodes
- lxd/daemon/images: Adds ImageDownloadArgs type
- lxd/daemon/images: Updates ImageDownload to accept ImageDownloadArgs argument
- lxd/images: Updates imgPostRemoteInfo to use d.ImageDownload
- lxd/images: Updates imgPostURLInfo to use d.ImageDownload
- lxd/images: Improves error message in imagesPost
- lxd/images: Updates autoUpdateImage to use d.ImageDownload
- lxd/instances/post: Updates createFromImage to use ImageDownload
- lxd/images: Don't generate args for every member in imageSyncBetweenNodes
- shared/subprocess/proc: Adds context support to Wait
- lxd/instance/drivers/qemu: p.Wait() usage
- lxd/network/driver/bridge: Check dnsmasq process remains running after being started
- shared/subprocess: Fix tests to use p.Wait() with context
- tests: Support for database stand-by role on cluster members
- lxd/instance/drivers/qmp/commands: Improve comment on SendFile to aid searchability
- lxd/instance/drivers/driver/qemu: Only add bootindex if bootIndexes is non-empty
- lxd/instance/drivers/driver/qemu: bus name is populated later so these lines do nothing
- lxd/instance/drivers/driver/qemu: Switch to using monitor.SendFile to pass macvlan file descriptor to QEMU
- lxd/instance/drivers/driver/qemu: Updates addNetDevConfig to remove unused args and allow preconfiguring of port to be used
- lxd: Move ResolveWarningsByNodeAndType to separate package
- lxd/db: Add time skew warning type
- README: Update IRC
- lxd/cluster: Add cluster time skew warning
- lxd-agent/main/agent: Log when rebooting
- lxd-agent/main/agent: Mount shares after vsock listener
- lxd/device/disk: VM directory share improvements
- lxd/instance/drivers/driver/qemu/templates: Always use virtfs-proxy-helper for 9p disk directory shares
- lxd/instance/drivers/driver/qemu: Return consistent error in setupNvram for missing EFI firmware file
- lxd/instance/drivers/driver/qemu: Log where lxd-agent is being installed from in generateConfigShare
- lxd/instance/drivers/driver/qemy: Always use virtfs-proxy-helper for 9p directory shares
- lxd/device/disk: Populate readonly mount option even for block device type disks
- lxd/instance/drivers/driver/qemu: Convert readonly mount option to readonly template boolean in addDriveConfig
- lxd/instance/drivers/driver/qemu/templates: Add support for readonly block device disks
- lxd/instance/drivers/driver/lxc: Add revert to deviceStart
- lxd/instance/drivers/driver/lxc: Add revert to updateDevices
- lxd/instance/drivers/driver/qemu: Add revert to updateDevices
- lxd/instance/drivers/qmp/commands: Adds revert to AddNIC
- lxd/device/disk: Add DiskVirtiofsdSockMountOpt constant
- lxd/device/disk: Add vmVirtfsProxyHelperPaths and vmVirtiofsdPaths functions
- lxd/device/disk: Update startVM to use d.vmVirtiofsdPaths and d.vmVirtfsProxyHelperPaths
- lxd/device/disk: Comment improvement in startVM
- lxd/device/disk: Check virtfs-proxy-helper has bound successfully in startVM
- lxd/device/disk: d.vmVirtiofsdPaths and d.vmVirtfsProxyHelperPaths usage in stopVM
- lxd/instance/drivers/driver/qemu: Update addDriveDirConfig to handle getting virtiofsd socket path from disk device mount options
- lxd/instance/drivers/driver/qemu: Improve comments in addDriveDirConfig
- lxd/instance/drivers/driver/qemu: Ensure bootindex is generated in a stable manner in deviceBootPriorities
- shared/api: Support for lxc monitor --pretty lifecycle events
- lxc: Support for lxc monitor --pretty lifecycle events
- lxd: Move warning creation to the end of init()
- lxd/db: Add WarningAppArmorNotAvailable
- lxd/sys: Have OS.Init() return warnings
- lxd/sys: Add AppArmor warning
- lxd/device/errors: Add UnsupportedError type and update ErrUnsupportedDevType to use it
- lxd/device/device/utils/disk: Add DiskVMVirtiofsdStart and DiskVMVirtiofsdStop functions
- lxd/device/disk: Remove unnecessary log context field in startVM
- lxd/device/disk: Switch to using DiskVMVirtiofsdStart and DiskVMVirtiofsdStop functions for virtiofsd management
- lxd/instance/drivers/driver/qemu: Switch to using device.DiskVMVirtiofsdStart and device.DiskVMVirtiofsdStop for config drive virtiofsd management
- lxd/instance/drivers/driver/qemu: Add comment about 9p vs virtio-fs config drive shares in generateQemuConfigFile
- lxd/instance/drivers/driver/qemu: Clean up comments in removeDiskDevices and removeUnixDevices
- lxd/apparmor/instance/qemu: Allow rw access to instance devicesPath
- lxd/apparmor/instance/qemu: Make the difference between external device paths and devices in the instance devices path clearer
- lxd/instance/qemu: Remove duplicate key
- lxd/apparmor/instance: Switch to externalDevPaths template var
- lxd/apparmor/instance: Populate VM devicesPath var
- lxd/instance/drivers/driver/qemu: Don't add config disk path in the instance's devices directory to the external devPaths var
- lxc/publish: Fix ETag race condition
- lxd/storage/drivers/driver/zfs/utils: Retry ZFS recursive delete command
- tests: Test publishing ephemeral instance
- Revert "lxd/network/driver/physical: Check that physical parent interface has no global unicast IPs configured on it before starting"
- lxd/network/driver/ovn: Don't prevent the use of a physical uplink with IP addresses if the parent is a bridge
- lxd/device/device/utils/disk: Adds DiskMountClear function
- lxd/instance/drivers/driver/qemu: Add configDriveMountPath and configDriveMountPathClear helper functions
- lxd/instance/drivers/driver/qemu: Comment
- lxd/instance/drivers/driver/qemu: Improve error in onStop
- lxd/instance/drivers/driver/qemu: Call device.DiskVMVirtiofsdStop and d.configDriveMountPathClear in cleanupDevices
- lxd/instance/drivers/driver/qemu: Bind mount config directory into instance devices directory as readonly
- lxd/instance/drivers/driver/qemu: Clearer var naming in generateQemuConfigFile
- lxd/instance/drivers/driver/qemu: Update 9p config drive share to use readonly bind mount in generateQemuConfigFile
- lxd/instance/drivers/driver/qemu: addDriveDirConfig comment tweak
- lxd/storage/drivers/driver/zfs/volumes: Retry zvol deactivation if ZFS ignores us in UnmountVolume
- lxd/device/disk: Update startContainer to mount pool volume before calling createDevice
- lxd/device/disk: Update startVM to mount directories as bind mounts
- lxd/device/disk: Rename reverter argument to revert in mountPoolVolume for consistency
- lxd/device/disk: Detect unsupported non-filesystem volumes for containers in mountPoolVolume
- lxd/device/disk: Update createDevice to accept revert and pool volume source path override
- lxd/device/disk: Ensure that host-side device mounts are cleaned up in postStop
- lxd/device/disk: Rework wait for virtfs-proxy-helper socket in startVM for clarity
- lxd/device/disk: Remove check that prevents use of virtiofsd for readonly disks in startVM
- lxd/instance/drivers/driver/qemu: Remove check in addDriveDirConfig that prevents virtiofsd for readonly shares
- doc: mention /var/snap/lxd/common/lxd for snap users
- lxc cluster add shouldn't have any alias
- doc: mention /var/snap/lxd/common/lxd for snap users
- lxd: print the join token on a separate line
- tests: fix token extraction of
lxc cluster add - i18n: Update translation templates
- lxd/lxd: Record requestor as part of lifecycle events
- lxd: Pass request to OperationCreate
- lxd-agent: Pass request to OperationCreate
- lxd/resources: Add swagger documentation for storage
- shared/api: Add swagger metadata to storage pools
- lxd/cluster: Add core.https_trusted_proxy
- lxd/storage: Add swagger documentation for pools
- shared/api: Split storage volume backup
- shared/api: Add swagger metadata to storage volumes
- doc/rest-api: Refresh swagger YAML
- lxd/storage/drivers/driver/zfs/volumes: Include unmount action in the revert hook returned from CreateVolumeFromBackup
- lxd/storage/backend/lxd: Improve error context returned when applying imported root disk quota
- lxd/instances/post: Improve post hook failed context in error
- lxd/instance/drivers/driver/qemu: Adds start and stop debug logging
- lxd/instance/drivers/driver/qemu: Clarifies return values of pid function
- lxd/instance/drivers/driver/qemu: Updated d.pid usage
- lxd/instance/drivers/driver/qemu: Comment clean up in Stop
- lxd/instance/drivers/driver/qemu: Dont start device cleanup in onStop until QEMU process has ended
- lxc/publish: add --expire flag
- lxd/instance/drivers/driver/qemu: Increase max wait time for qemu process to exit
- lxd/images: pass publish expiration date to Export(); fallback to metadata.yaml expiration date
- lxd/instance/instance_interface.go: add expiration date parameter to Export()
- lxd/instance/drivers/driver_lxc: Export(): handle expiration date
- lxd/instance/drivers/driver_qemu: Export(): handle expiration date
- i18n: update translation templates
- lxd/instance/drivers/driver/qemu: Fix logger in onStop
- lxd/cluster/heartbeat: Don't send heartbeat from member that doesn't know its own address
- lxd/endpoints: Update endpoints Config doc
- lxd/cluster/heartbeat: Get local cluster address from node.ClusterAddress in heartbeat
- lxd/storage: Add swagger documentation for volumes
- shared/api: Add swagger metadata for storage volume state
- lxd/storage: Add swagger documentation for volume state
- shared/api: Add swagger metadata for storage volume snapshots
- lxd/storage: Add swagger documentation for volume snapshots
- lxd/storage: Fix operation type for snapshot rename
- shared/api: Add swagger metadata for storage volume backups
- lxd/storage: Add swagger documentation for volume backups
- lxd/swagger: Remove partial coverage warning
- lxd/swagger: Fix bad typing
- doc/rest-api: Strip and point to swagger
- doc/rest-api: Refresh swagger YAML
- lxd/db/warnings: Adds UpsertWarningLocalNode helper function
- lxd/warnings/warnings: Adds ResolveWarningsByLocalNodeAndType helper function
- lxd/daemon: d.cluster.UpsertWarningLocalNode and warnings.ResolveWarningsByLocalNodeAndType usage
- lxd/cluster/gateway: Only create persistent warning for cluster time skew when cluster is operational
- lxd/db/warnings: Convert Warning struct's TypeCode and Status to their custom types
- lxd/cgroup/init: db.Warning usage
- lxd/sys/apparmor: db.Warning usage
- lxd/db/warnings: db.Warning field usage in UpsertWarning
- lxd/db/warnings: Improve error in UpdateWarningStatus
- lxd/db/warnings: Renames UpdateWarningMessage to UpdateWarningState
- lxd/db/warnings: Improve error in UpdateWarningState
- lxd/db/warnings: Switch to tx.UpdateWarningState and fix bug preventing reoccurring warning to reactivate resolved warning
- lxd/daemon: w.TypeCode usage
- README: Add liblz4-dev dependency when building from source
- doc: btrfs-tools was replaced by btrfs-progs after Bionic
- doc: bzr isn't used anymore
- lxc/remote: accept fingerprint as input on confirming new remote
- doc/rest-api: Linkify API doc
- lxd/db: Add warning type WarningMissingVirtiofsd
- lxd/warnings: Add more resolver functions
- lxd/device: Add and use ErrMissingVirtiofsd
- lxd/instance/drivers: Add missing virtiofsd warning
- lxd/device: Add virtiofsd warning
- lxd/main_init_interactive: accept fingerprint as input on confirming cluster join
- i18n: update translation templates
- lxd/main_init_interactive: replace empty validator for choosing cluster config with nil
- lxd/endpoints: Support HAProxy protocol header
- lxd: Support HAProxy protocol header
- doc: Add core.https_trusted_proxy
- lxd/main_init_interactive: accept token as input on cluster join
- api: server_trusted_proxy
- lxd/instance/drivers/qmp/commands: Updates revert in AddNIC for consistency/clarity
- lxd/instance/drivers/qmp/commands: Adds RemoveNIC function
- lxd/instance/drivers/qmp/commands: Adds QueryPCI function and associated types
- lxd/device/nic: Enable VM hotplug for macvlan, bridged, p2p, physical and sriov NIC types
- lxd/instance/drivers/driver/common: Removes unnecessary check in runHooks
- lxd/instance/drivers/driver/qemu/bus: Adds busDevicePortPrefix constant and uses it
- lxd/instance/drivers/driver/qemu/templates: Uses busDevicePortPrefix constant indirectly
- lxd/instance/drivers/driver/qemu: Allocate 4 additional PCI slots for hotplugging in generateQemuConfigFile
- lxd/instance/drivers/driver/qemu: Adds qemuPCIDeviceIDStart constant
- lxd/instance/drivers/driver/qemu: Update addCPUMemoryConfig to just return cpu count if nil stringbuilder supplied
- lxd/instance/drivers/driver/qemu: Adds qemuNetDevIDPrefix and qemuDeviceIDPrefix constants
- lxd/instance/drivers/driver/qemu: qemuDeviceIDPrefix and qemuNetDevIDPrefix usage
- lxd/instance/drivers/driver/qemu: Adds deviceAttachNIC function
- lxd/instance/drivers/driver/qemu: Handle hotplugging NICs by using d.deviceAttachNIC from deviceStart
- lxd/instance/drivers/driver/qemu: Add revert to deviceStart
- lxd/instance/drivers/driver/qemu: Adds deviceDetachNIC function
- lxd/instance/drivers/driver/qemu: Updates deviceStop to hot unplug NICs
- lxc/config_trust: Support stdin and allow name override
- i18n: Update translation templates
- i18n: Update translations from weblate
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.14 リリースのお知らせ ¶
7th of May 2021
はじめに¶
LXD チームは LXD 4.14 のリリースをお知らせできることにとてもワクワクしています!
私たちにとっては少し短い開発サイクルでしたが、スタンドアローンとクラスターユーザーにとってすばらしい改善が行えたかなり忙しいサイクルでした。
Enjoy!
新機能とハイライト ¶
マネージドブリッジでの ACL サポート ¶
従来から存在するマネージドなブリッジでネットワーク ACL が使えるようになりました。
この機能は OVN ネットワークで使う場合とは少し異なります。通常のブリッジでトラフィックラベリングを使ったポートベースの ACL を実行する実用的な方法がなかったためです。
代わりに、1 つ以上の ACL をマネージドブリッジに結びつけ、それらの ACL をブリッジの入出力(egress/ingress)に結びつけることができます。ブリッジ内部のトラフィックはこれらの ACL の影響を受けません。
クラスターメンバー証明書 ¶
LXDは、各クラスターメンバーが他とは異なる自身のサーバー証明書を持ち、このサーバー証明書がメンバー間の通信に使われていることを確認します。
クライアントが使う API には、クラスターワイドの証明書が常に提供されているので、これで何かが変わるわけではありません。代わりに、この変更により、どのクラスターメンバーが特定のリクエストを送ったのかを簡単に検証できるようになり、以前のクラスターが削除された場合に、それ以上の通信を防ぐこともできるようになります。
注意: server.crt を直接使って、それが公開 TLS API と一致することを期待していた場合、クラスターでは当てはまりません。代わりに cluster.crt を使ってください。
クラスターメンバーの説明 ¶
クラスターメンバーに説明を設定できるようになりました。これは lxc cluter edit で編集でき、lxc cluster list で表示できます。
stgraber@castiana:~$ lxc cluster list +---------+-------------------------------------+----------+--------------+----------------+----------------------+--------+-------------------+ | NAME | URL | DATABASE | ARCHITECTURE | FAILURE DOMAIN | DESCRIPTION | STATE | MESSAGE | +---------+-------------------------------------+----------+--------------+----------------+----------------------+--------+-------------------+ | abydos | https://[2602:fd23:8:200::100]:8443 | YES | x86_64 | default | HIVE - top server | ONLINE | Fully operational | +---------+-------------------------------------+----------+--------------+----------------+----------------------+--------+-------------------+ | langara | https://[2602:fd23:8:200::101]:8443 | YES | x86_64 | default | HIVE - middle server | ONLINE | Fully operational | +---------+-------------------------------------+----------+--------------+----------------+----------------------+--------+-------------------+ | orilla | https://[2602:fd23:8:200::102]:8443 | YES | x86_64 | default | HIVE - bottom server | ONLINE | Fully operational | +---------+-------------------------------------+----------+--------------+----------------+----------------------+--------+-------------------+
クラスタートークンを使ったクラスターへの参加 ¶
事前に参加するサーバーの証明書をクラスターに追加しておいたり、共有のトラストパスワードに依存する必要がある代わりに、新しいクラスターメンバー用の使い捨てのトークンを生成できるようになりました。
lxc cluster add を使って次のように行います:
root@vm01:~# lxc cluster add vm02 Member vm02 join token: eyJzZXJ2ZXJfbmFtZSI6InZtMDIiLCJmaW5nZXJwcmludCI6IjkxYjE5MmEwZDBiZGRmZjdhYzI1NDE2NWMxNTI4N2Q2OWEyYmFmZDVhMTlhMjExYTc5ZjJiMDYzMTQ2NDZmNDYiLCJhZGRyZXNzZXMiOlsiMTcyLjE3LjE2LjgwOjg0NDMiXSwic2VjcmV0IjoiNThlMjlhZDc4MWI5NjRmN2UxMzMxNDgyMjVhNTc1ODNhMWEyNDY3YmRkMmE0MGVlZmU5ZDc3YWVmYzc0MzNhMiJ9
そして、参加時に、次のように指定します:
root@vm02:~# lxd init Would you like to use LXD clustering? (yes/no) [default=no]: yes What name should be used to identify this node in the cluster? [default=vm02]: What IP address or DNS name should be used to reach this node? [default=172.17.16.81]: Are you joining an existing cluster? (yes/no) [default=no]: yes Do you have a join token? (yes/no) [default=no]: yes Please provide join token: eyJzZXJ2ZXJfbmFtZSI6InZtMDIiLCJmaW5nZXJwcmludCI6IjkxYjE5MmEwZDBiZGRmZjdhYzI1NDE2NWMxNTI4N2Q2OWEyYmFmZDVhMTlhMjExYTc5ZjJiMDYzMTQ2NDZmNDYiLCJhZGRyZXNzZXMiOlsiMTcyLjE3LjE2LjgwOjg0NDMiXSwic2VjcmV0IjoiNTg1YzVhZDFhMzI4Mjg5YTkwYjc2NGMzMWM4MDdkNGViYTNiMDM3MDQ5OWNlMjA2MjgxNzQwYWQ4YWM2OWQ1MiJ9 All existing data is lost when joining a cluster, continue? (yes/no) [default=no] yes
サーバー警告 ¶
ログファイルに警告を入れるだけでなく、API を通して警告を提供できるようになりました。現時点では、cgroup の警告だけが提供されますが、将来のリリースで少しずつ使用されていくようになるでしょう。
警告はクラスターワイドで追跡され、(LXD が解決したことを検出できる場合は)解決されると自己解決できます。そして、警告を確認してそれを黙らせることもできます。
stgraber@castiana:~$ lxc warning list +--------------------------------------+---------------------------------------+--------+----------+-------+---------+----------+-----------------------------+ | UUID | TYPE | STATUS | SEVERITY | COUNT | PROJECT | LOCATION | LAST SEEN | +--------------------------------------+---------------------------------------+--------+----------+-------+---------+----------+-----------------------------+ | 51526df0-b71b-41ca-8936-5c8c9298111c | Couldn't find the CGroup blkio.weight | NEW | LOW | 1 | | | May 7, 2021 at 5:40pm (UTC) | +--------------------------------------+---------------------------------------+--------+----------+-------+---------+----------+-----------------------------+ stgraber@castiana:~$ lxc warning ack 51526df0-b71b-41ca-8936-5c8c9298111c stgraber@castiana:~$ lxc warning list +------+------+--------+----------+-------+---------+----------+-----------+ | UUID | TYPE | STATUS | SEVERITY | COUNT | PROJECT | LOCATION | LAST SEEN | +------+------+--------+----------+-------+---------+----------+-----------+ stgraber@castiana:~$ lxc warning list -a +--------------------------------------+---------------------------------------+--------------+----------+-------+---------+----------+-----------------------------+ | UUID | TYPE | STATUS | SEVERITY | COUNT | PROJECT | LOCATION | LAST SEEN | +--------------------------------------+---------------------------------------+--------------+----------+-------+---------+----------+-----------------------------+ | 51526df0-b71b-41ca-8936-5c8c9298111c | Couldn't find the CGroup blkio.weight | ACKNOWLEDGED | LOW | 1 | | | May 7, 2021 at 5:40pm (UTC) | +--------------------------------------+---------------------------------------+--------------+----------+-------+---------+----------+-----------------------------+
バックアップとスナップショットのプロジェクトでの制限 ¶
バックアップとスナップショットを制御するための新たなプロジェクトにおける制限のプロパティが追加されました。
バックアップとスナップショットは、CPU 時間とディスク容量の両方でリソースを消費するので、全プロジェクトユーザーに使用許可を与えたくない場合もあるでしょう。
restricted.snapshotsとrestricted.backupsという設定をこれらの制御に使えます。これらはインスタンスとカスタムボリュームのスナップショット・バックアップの両方に適用され、スケジュールされたスナップショットにも影響します。
デバイス設定のユーザー定義キー ¶
デバイス設定内に user.XYZ という形式の設定を直接使えるようになりました。
stgraber@castiana:~$ lxc config device set cgroup2 root user.foo bar stgraber@castiana:~$ lxc config device get cgroup2 root user.foo bar
LXD の API で、まだ user の名前空間が許可されていなかったのはここだけだったと思います。これが追加されたので、サードパーティーのツールが LXD オブジェクトに直接メタデータを追加するのが容易になるはずです。
さらなる自動生成の REST-API ドキュメント ¶
API に swagger メタデータを追加する作業がさらに進みました。インスタンスのエンドポイントの半分以上がカバーされ、残りのエンドポイントも近日中に追加される予定です。これでドキュメント化の残りはストレージ API だけになりました。
これは LXD 4.15 で完了するでしょう。
仮で生成したものがこちらにあります: https://dl.stgraber.org/swag-lxd/
すべての変更点(翻訳なし) ¶
このリリースでの完全な変更点のリストは次のとおりです:
- lxd/firewwall/drivers/drivers/nftables: Changes nftables to use a single inet table rather than separate ip and ip6 tables
- test: Updates proxy tests to check nftables inet table
- tests: Fix failure on 5.11 kernel
- lxd/network/acl/driver/common: Improve error messages in d.validateRuleSubjects
- lxd/network/acl/driver/common: Allow single IP addresses in source/destination subjects
- lxd/network/driver/ovn: Renames logName var to logPrefix
- lxd/network/acl/acl/ovn: Handle single IP in source/destination subjects
- lxd/network/acl/acl/ovn: Renames logName arg to logPrefix in OVNApplyInstanceNICDefaultRules
- lxd/firewall/drivers/drivers/xtables: Don't check for existing rule in iptablesAdd
- lxd/firewall/drivers/drivers/xtables: Updates d.iptablesChainExists to return if chain has any rules
- shared/validate/validate: Check IsNetworkPortRange range starts lower than end
- forkexec: log more failures
- Revert "lxd/firewall/drivers/drivers/xtables: Don't check for existing rule in iptablesAdd"
- lxd/daemon/images: Adds imageDownloadLock function
- lxd/daemon/images: Use d.imageDownloadLock in ImageDownload
- lxd/daemon/images: Improve error messages in ImageDownload
- lxd/instance: Improve error messages in instanceCreateFromImage
- lxd/instance: Use d.imageDownloadLock in instanceCreateFromImage
- lxd/firewall/drivers/drivers/xtables: Only add multiple instance <> instance NAT rules for proxy if connect port range used in InstanceSetupProxyNAT
- lxd/firewall/drivers/drivers/xtables: Don't look for existing rules in iptablesAdd
- lxd/firewall/drivers/drivers/nftables: Only add multiple instance <> instance NAT rules for proxy if connect port range used in InstanceSetupProxyNAT
- lxd/network/acl/driver/common: Add check for incorrect use of mixed IP family subjects in validateRule
- lxd/network/acl/driver/common: Improve IP family validation for ICMP
- lxd/networks: Updates doNetworksCreate to skip network validation during pre-join phase
- lxd/network/acl/driver/common: Fix typo
- lxd/project: Only consider syscall interception as low-level
- lxd/network/driver/bridge: Validate ACL options
- lxd/firewall/firewall/interface: Adds NetworkApplyACLRules function
- lxd/firewall/drivers/drivers/consts: Adds ACL field to Opts to indicate we should ready firewall setup for ACL rules
- lxd/firewall/drivers/drivers/consts: Define ACLRule type
- lxd/network/acl/acl/firewall: Adds ACL firewall helper functions
- lxd/network/acl/acl/interface: Adds clientType to Update
- lxd/network/acl/acl/load: Add Config field to NetworkACLUsage
- lxd/network/acl/acl/load: Update NetworkUsage to return bridge and ovn networks
- lxd/network/acl/driver/common: Modifies Update to support clientType arg
- lxd/network/acls: Pass clientType to netACL.Update
- lxd/network/driver/ovn: Populate acl.NetworkACLUsage Config field
- lxd/network/driver/bridge: Set ACL field in fwOpts if ACLs specified
- lxd/network/driver/bridge: Apply ACLs on network start
- lxd/firewall/drivers/drivers/xtables: Add ACL support
- lxd/firewall/drivers/drivers/nftables: NetworkApplyACLRules WIP
- test: Adds container_devices_nic_bridged_acl test for bridge ACL tests with iptables and nftables
- api: Adds network_bridge_acl extension
- doc/networks: Adds security.acls* config keys for bridge networks
- doc: Adds network ACLs limitations section and links to it from bridge security.acls config key
- shared/simplestreams: Improve error messages
- lxd/daemon/images: Improve error messages
- client/simplestreams/images: Improve error messages
- test/godeps.list: Adds github.com/pkg/errors
- Renames container_devices_nic_bridged_acl test file to align with other tests
- test: Fix Udhcpc6 detection for nic bridged acl tests
- lxd: don't set device cgroup values for unpriv containers
- lxd/storage: Re-introduce cluster distributino of volume snapshots
- lxc/remote: Only update URL in set-url
- lxd/instance/drivers: Don't overwrite template triggers
- lxd/daemon/images: Removes unnecessary imagesDownloadingLock mutex
- lxc: Fix help for string arguments
- tests: Fix apply_template check
- lxd/cluster/membership: Updates Bootstrap to generate new cluster certificate
- lxd/util/encryption: Comment on LoadCert
- lxd/util/encryption: Adds LoadClusterCert function
- test: load cluster.crt not server.crt when bootstrapping a cluster
- lxc-to-lxd: Fix TestConvertNetworkConfig loopback only test
- lxd/db: Add cluster ToAPI
- lxd: Switch to using GetNodes
- lxd/cluster: Drop List function
- tests: Update for current cluster messages
- lxd/lxd: Prevent multiple routed NIC devices from using "auto" gateway mode
- lxd/db: Add node ID to StorageVolumeArgs
- lxd/storage/volumes/snapshots: Updates autoCreateCustomVolumeSnapshotsTask to always snapshot local custom volumes
- lxd/storage/volumes/snapshots: Update autoCreateCustomVolumeSnapshots return value
- lxd/storage/volumes/snapshots: Adds comments to autoCreateCustomVolumeSnapshots
- lxd: Move image-refresh to /internal/testing/
- test/suites: Use /internal/testing/image-refresh
- lxc/storage_volume: Properly use cluster target
- lxc/storage_volume: Add missing target
- vm/qemu: configure spice using -spice parameter
- lxd/storage_volume_snapshots: Fix cluster redirection
- lxd/db/storage: Properly increment snapshots
- lxd/storage_pools: Fix ordering of pool delete
- lxd/endpoint: Retry binding on startup
- lxd/instance/qemu: Move to query-cpus-fast
- shared/api/certificate: Adds certificate type constants
- lxd/db/certificates: Adds CertificateAPITypeToDBType and ToAPIType functions
- lxd/db/certificates: Comment on Certificate
- lxc: Switch to CertificateTypeClient constant
- lxd: Switch to CertificateTypeClient constant
- lxd-p2c/utils: Switch to CertificateTypeClient constant
- lxd/util/encryption: Adds LoadServerCert function
- lxd/certificates: updateCertificateCache error quoting consistency
- lxd/certificates: Store certificateCache by certificate type
- lxd/certificates: db.CertificateAPITypeToDBType usage and set certificate type to server
- lxd/certificates: Comment ending consistency
- lxd/daemon: Adds getTrustedCertificates function
- lxd/daemon: Update Authenticate to use d.getTrusterCertificates
- lxd/daemon: Comment ending consistency in Authenticate
- lxd/daemon: Ensure d.clientCerts.Projects isn't accessed without a lock
- tests: Removes use of -v flag for nc inside busybox
- lxd/network/driver/bridge: Don't attempt to setup ipv6 firewall when no ipv6.address
- lxd/swagger: Add NotFound response
- lxd/snapshots: Fix multiple schedules
- lxd/images: Ignore intervals on manual refreshes
- api: Add warnings
- shared/api: Add warning structs
- lxd/db/cluster: Create warnings table
- lxd/db: Add operation type OperationWarningsPruneResolved
- lxd/db: Allow object retrieval by ID
- lxd/db: Add getURIFromEntity
- lxd/db: Add warning severity
- lxd/db: Add warning types
- lxd/db: Add warning status
- lxd/db: Add warning functions
- lxd: Add warnings endpoints
- lxd: Prune resolved warnings
- lxd: Add internal /testing/warnings endpoint
- client: Add warning functions
- lxc: Add warning sub-command
- test: Add warnings test
- po: Update translations
- lxd/db: Fix typo in error
- doc/rest-api: Refresh swagger YAML
- doc/rest-api: Add warnings
- lxd: Add function to resolve warnings by their type code
- lxd/db: Add GetWarningsByType
- lxd/db: Add CGroup warning types
- lxd/cgroup: Replace Log() with Warnings()
- lxd: Handle CGroup logging and warnings in daemon
- lxd/util/http: Fix CheckTrustState to block access for revoked certificates that were formerly trusted
- lxd/certificates: Adds comment about the importance of a check related to CA mode in certificatesPost
- test: Remove trusted remote before checking adding untrusted remote
- test: Don't use CA PKI generated server certs for LXD
- test/deps: Removes alternative pre-generated server cert and key
- test: Remove LXD_ALT_CERT
- test: Update PKI tests to comply with expectations of revocation behaviour
- lxd/ip: Add ip package
- lxd/device: Replace ip command with ip package
- lxd: Replace ip command with ip package
- lxd/network: Replace ip command with ip package
- lxd/openvswitch: Replace ip command with ip package
- tests: Add ip package to static_analysis test
- lxd/networks/utils: Log forkdns refresh task starting in networkUpdateForkdnsServersTask
- lxd/db/node: Adds certificates table to local database
- lxd/db/certificates: Adds GetCertificates function
- lxd/db/certificates: Adds ReplaceCertificates function
- lxd/db/certificates: Adds DeleteCertificateByNameAndType function
- lxd/certificates: Fix import ordering
- lxd/certificates: Updates updateCertificateCache to handle per-certificate upgrade
- Revert "lxd/instance/qemu: Move to query-cpus-fast"
- lxd/certificates: Adds updateCertificateCacheFromLocal function
- lxd/certificates: Notify other cluster members of certificate update in doCertificateUpdate
- lxd/certificates: Notify other cluster members of certificate deletion in certificateDelete
- lxd/certificates: Allow certificate type change in doCertificateUpdate
- lxd/certificates: cluster.ErrCertificateExists and serverCert usage in certificatesPost
- lxd/daemon: Adds serverCert and serverCertInt vars
- lxd/daemon: Updates State to populate serverCert
- lxd/daemon: Load trusted server certs from local DB on startup using updateCertificateCacheFromLocal
- lxd/daemon: Refresh cached trusted certificates when heartbeat node count changes in NodeRefreshTask
- lxd/daemon: Pass d.serverCert and networkCert to startClusterTasks Add
- lxd/daemon: Updates Authenticate to check trusted server certs
- lxd/state: Updates NewState to have a serverCert and updateCertificateCache arg
- lxd/state: Update tests with NewState usage
- lxd/util/http: Updates CheckTrustState to use networkCert argument
- lxd/cluster/notify: Update NewNotifier to accept networkCert and serverCert args
- lxd/cluster/tls: Update tlsClientConfig to accept networkCert and serverCert
- lxd/cluster/tls: Updates tlsCheckCert to accept networkCert and serverCert
- lxd/cluster/connect: Adds ErrCertificateExists var
- lxd/cluster/connect: Updates Connect to accept networkCert and serverCert args
- lxd/cluster/connect: Updates SetupTrust to accept serverName arg
- lxd/cluster/connect: Adds UpdateTrust function
- lxd/cluster/connect: Updates HasConnectivity to accept networkCert and serverCert
- lxd/cluster/events: Updates events functions to accept networkCert and serverCert
- lxd/cluster/gateway: Store networkCert and serverCert in Gateway and update NewGateway
- lxd/cluster/gateway: Updates HandlerFuncs to accept trustedCerts function
- lxd/cluster/gateway: HasConnectivity usage
- lxd/cluster/gateway: Update Reset to handle networkCert
- lxd/cluster/gateway: tlsClientConfig usage
- lxd/cluster/gateway: loadInfo usage
- lxd/cluster/heartbeat: tlsClientConfig in Send and Heartbeat
- lxd/cluster/upgrade: Updates NotifyUpgradeCompleted with networkCert and serverCert args
- lxd/cluster/membership: Adds EnsureServerCertificateTrusted function
- lxd/cluster/membership: Updates Bootstrap to store serverCert in trusted certificates table
- lxd/cluster/membership: Update Join to handle per-server certificates
- lxd/cluster/membership: Updates notifyNodesUpdate to handle serverCert
- lxd/cluster/membership: HasConnectivity usage
- lxd/cluster/membership: Update Purge to remove trusted server certificate
- lxd/cluster: Update tests to work with changes
- lxd/api: d.gateway.HandlerFuncs usage
- lxd/api/cluster: Updates clusterPutJoin to handle per server certificates
- lxd/api/cluster: d.gateway.Reset usage
- lxd/api/cluster: Call updateCertificateCache in clusterNodeDelete after certificate removed
- lxd/api/cluster/test: server name as cert name
- lxd/main/init: state.NewState usage
- lxd/main/init/interactive: cluster.SetupTrust usage and serverCert naming for consistency
- lxd: cluster.NewNotifier usage
- lxd: cluster.Connect and related function usage
- lxd/patches: Adds patchClusteringServerCertTrust
- doc/clustering: Update guide to show that cluster.crt on bootstrap member should be used
- test: Add check for trusted server certificate removal on cluster member removal
- test: Update table count check to account for local certificates table
- lxd/firewall/drivers/drivers/nftables: Require kernel version >= 5.2 to allow support for inet table NAT rules
- test/suites: Update warning tests
- lxd/images: Specify image type during distribution
- client/connection: Correct HTTPs to HTTPS in ConnectPublicLXD
- lxd/operations: Clarify return values in comment on Render
- lxd/db/operations: Adds GetOnlineNodesWithRunningOperationsOfType function
- lxd/operations: Adds operationCancel function
- lxd/operations: Adds operationsGetByType function
- lxd/images: Updates imageValidSecret to accept projectName and opType arguments
- lxd/images: projectName argument in createTokenResponse
- lxd/images: imageValidSecret usage
- lxd/operations: Updates operationsGet to use projectName when retrieving remote operations
- lxd/operations: Updates operationsGetByType to use projectName when retrieving remote operations
- lxd/instances: Swagger for logs
- lxd/instances: Update error message
- lxd/instances: Swagger for files
- doc/rest-api: Refresh swagger YAML
- lxc/warning: Fix argument parsing
- lxc/warning: Fix usage and comments
- i18n: Update translation templates
- lxd/project: Add AllowBackupCreation and AllowSnapshotCreation
- lxd/projects: Add restricted.backups and restricted.snapshots
- lxd: Support for restricted.backups and restricted.snapshots
- api: projects_restricted_backups_and_snapshots
- doc/projects: Add restricted.backups and restricted.snapshots
- shared/api: Add swagger metadata for instance exec
- lxd/instances: Swagger for exec
- lxd/swagger: Fix json name of metadata
- shared/api: Add swagger metadata for instance state
- lxd/instances: Swagger for state
- shared/api: Add swagger metadata for instance console
- lxd/instances: Swagger for console
- shared/api: Add swagger metadata for instances
- lxd/instances: Swagger for instance
- doc/rest-api: Refresh swagger YAML
- lxd/instance/qmp: Switch to query-cpus-fast
- lxd/apparmor: Respect LXD_OVMF_PATH
- lxd/daemon: Improved logging in NodeRefreshTask
- lxd/db/operations: Import ordering
- lxd/db/operations/types: Adds OperationClusterJoinToken type
- lxd/db/operations: Replace GetOnlineNodesWithRunningOperationsOfType with GetOperationsOfType
- lxd/operations: Updates operationCancel with correct remote address
- lxd/operations: Fixes operationsGetByType to filter operations by type correctly
- lxd/node/raft/test: Corrects typo
- api: Adds clustering_join_token extension
- shared/api/cluster: Adds ClusterMembersPost type
- shared/api/cluster: Adds ClusterMemberJoinToken type
- lxd/api/cluster: Adds clusterNodesPost handler
- client/interfaces: Adds CreateClusterMember function to interface
- client/lxd/cluster: Adds CreateClusterMember function
- lxc/cluster: Add lxc cluster add command
- lxd/certificates: Adds clusterMemberJoinTokenValid and clusterMemberJoinTokenDecode functions
- lxd/certificates: Updates certificatesPost to check supplied password against active cluster join token operations
- lxd/main/init/interactive: Adds join token support to askClustering
- lxc/cluster: Adds cluster list-tokens command
- lxc/cluster: Adds clusterJoinTokenOperationToAPI function
- lxd/operations: Updates OperationClass.String() to use constants from shared/api
- shared/api/operations: Adds operation class name constants
- doc/clustering: Adds details on using the join token during adding cluster members
- i18n: Update translation templates
- test: Adds overridable join secret to spawn_lxd_and_join_cluster
- test: Adds join token tests to clustering_membership
- test: Increase the offline thresholds to above 12 as heartbeat interval is hardcoded to 10
- doc/rest-api: Refresh swagger YAML
- Makefile: Set GO111MODULE=on for update-api swagger build
- shared/api: Fix snapshot structs
- lxc/config: Update following InstanceSnapshotPut fix
- shared/api: Add swagger metadata for instance snapshots
- lxd/instances: Swagger for snapshots
- doc/rest-api: Refresh swagger YAML
- i18n: Update translations from weblate
- shared/units: Add GetByteSizeStringIEC
- lxc/project: Use IEC units in info
- api: clustering_description
- shared/api: Add cluster member description
- lxd: Expose cluster member description
- lxc/cluster: Tweak cluster list, add description
- Revert "test: Increase the offline thresholds to above 12 as heartbeat interval is hardcoded to 10"
- api: Adds description back for clustering_join_token extension
- lxd/images: Dont log error in autoSyncImagesTask when not clustered
- lxd/images: Make logging consistent in autoSyncImagesTask
- lxd/db/node: Display last heartbeat time in ToAPI
- tests: Update for project info change
- lxc: Add -f as shorthand for --format
- lxd/devices: Allow user.XYZ
- lxd/db/node: Updates SetNodeHeartbeat to return ErrNoSuchObject if row doesn't exist to be updated
- lxd/db/query/retry: Use errors.Cause in Retry
- lxd/cluster/heartbeat: Single call to time.Now() in heartbeat
- lxd/cluster/heartbeat: Fixes bug in heartbeat that causes heartbeat round to be discarded if member removed during round
- lxd/cluster/heartbeat: Keep error handling from g.currentRaftNodes together
- lxd/cluster/heartbeat: Error logging consistency
- lxd/cluster/heartbeat: Use contextual logging
- lxd/cluster/events: Improve logging consistency in eventsUpdateListeners
- lxd/task/group: Adds context arg to Start
- lxd/task/start: Add context arg to Start
- lxd/task: Start context usage
- lxd/daemon: Updates Start functions usage by passing daemon context
- lxd/images: Improve logging in imageSyncBetweenNodes
- test: Add lxc cluster list before comparison in test_clustering_handover for visability into cluster state
- test: Separate stop and publish commands in test_clustering_image_replication
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.0.6 LTS リリースのお知らせ ¶
6th of May 2021
はじめに ¶
LXD チームが LXD 4.0.6 のリリースをお知らせします!
このリリースは、2025 年 6 月までサポートされる LXD 4.0 に対する 6 つめのバグフィックスリリースです。
バグ修正と改良 ¶
このリリースには、開発ブランチからの数カ月分のバグフィックスと細かな改善が含まれています。
主な変更点は次の通りです:
lxc storage volume listで--columnが使えるようになりました- VM のステートフルなスナップショットと停止で
migration.statefulとsize.stateが使えるようになりました - Ceph ストレージバックエンドに
ceph.rbd.features設定オプションを追加しました - swagger API ドキュメントの初期実装
lxc stopに--consoleオプションを追加しました- コンテナでの NVIDIA MIG サポート
- スナップショットのスケジュールエイリアス
コミットの全リストは次の通りです(翻訳なし):
- doc/instances: Tweaks to make device type linking work
- doc/storage: Add mention of zfs.remove_snapshots
- simplestreams: Review and sanitize urls join
- lxd/storage/volume: Snapshot PUT is supposed to be blocking
- lxd/storage: Fix snapshot edit routes
- lxc/storage_volume: Use correct API for snapshots
- lxd/storage: Cleanup volume API endpoints
- lxd/instance/metadata: Fix API to line up with files
- client: Drop UpdateInstanceTemplateFile
- client: Drop UpdateInstanceTemplateFile
- client: Fix legacy UpdateContainerTemplateFile
- client: Rename SetInstanceMetadata to UpdateInstanceMetadata
- lxc/config: Switch to UpdateInstanceMetadata
- lxc/config: Always use CreateInstanceTemplateFile
- lxd/instance/metadata: Modernize instanceMetadataPut
- lxd/instance/metadata: Implement PATCH
- lxd/instance/snapshots: Implement PATCH
- lxd/storage: Tweak volume snapshot etag
- lxd/storage/volume/snapshot: Implement PATCH
- shared/api: Add StorageVolumeState
- client: Add GetStoragePoolVolumeState
- lxc/storage_volume: Add support for column argument
- i18n: Update translation templates
- lxd/instance/qemu: Don't use the RAM backend
- lxd/resources: More flexible PCI handling
- lxd/resources: Make usb address handling match PCI
- lxd/resources: Use %q when possible
- containers: simplify wstatus.Close() logic in Exec()
- containers: reap zombies on attach failure
- seccomp: block openat2()
- lxd/instance/qemu/qmp: Add SendFile, Migrate and MigrateIncoming
- lxd/instance/qemu/qmp: Add ping function
- lxd/instance/qemu/qmp: Re-shuffle functions
- lxd/instance/qemu/qmp: Rework run() function
- lxd/instance/qemu/qmp: Update commands to use run()
- lxd/network/network/utils: Fixes InterfaceExists to not return true if arg is empty string
- lxd/device/nic/routed: Dont give sysctl read error when invalid value
- lxd/device/nic/ipvlan: Dont give sysctl read error when invalid value
- lxd/device/nic/ipvlan: network.InterfaceExists usage
- lxd/device/nic/ipvlan: Detach ipvlan interface back to random host name on stop, then delete
- lxd/device/nic/sriov: network.InterfaceExists usage
- lxd/network/network/utils: InterfaceExists usage in InterfaceBindWait
- lxd/device/nic/sriov: Use random VF MAC if VF has no automatic MAC set
- lxd/db/instances: Adds ErrInstanceListStop that can be returned from InstanceList to stop search
- shared/validate/validate: Adds IsNetworkRange and IsNetworkAddressCIDR functions
- shared/validate/validate: Adds IsNetworkPort and IsNetworkPortRange functions
- lxd/util/config: Adds SplitNTrimSpace function
- lxd/util/config: Avoid unnecessary allocations in CopyConfig
- shared/api/network/acl: Adds shared struct types for Network ACLs
- shared/api/network/acl: Adds rule Normalise function
- client/interfaces: Adds CreateNetworkACL
- client/interfaces: Adds GetNetworkACLs
- client/interfaces: Adds GetNetworkACL
- client/interfaces: Adds UpdateNetworkACL
- client/interfaces: Adds RenameNetworkACL
- client/interfaces: Adds DeleteNetworkACL
- client/interfaces: Adds GetNetworkACLNames
- client/lxd/network/acls: Implements CreateNetworkACL function
- client/lxd/network/acls: Implements GetNetworkACLs function
- client/lxd/network/acls: Implements GetNetworkACL function
- client/lxd/network/acls: Implements UpdateNetworkACL function
- client/lxc/network/acls: Implements RenameNetworkACL function
- client/lxd/network/acls: Implements DeleteNetworkACL function
- client/lxd/network/acls: Implements GetNetworkACLNames function
- lxd/network: Add check for overlapping ovn.ranges and dhcp.ranges
- lxd/instance/qemu: Rework lxd-agent startup
- lxd/device/disk: Validate that the pool is not pending
- api: migration_stateful
- shared: Add migration.stateful
- doc/instance: Add migration.stateful
- lxd/instance/qemu: Add migration.stateful support
- lxd/device: Add migration.stateful support
- lxd/instance/qemu: Add checks for migration.stateful
- api: disk_state_quota
- doc/instances: Add size.state
- lxd/storage: Add support for size.state
- lxd/api: Port to updated SetInstanceQuota
- lxd/device/disk: Add support for size.state
- lxd/instance: Prevent stateful snapshots of VMs
- lxd/instance/qemu: Add stateful stop/start
- doc: Drop API extension columns
- api: storage_ceph_features
- lxd/storage: Add ceph.rbd.features
- doc/storage: Add ceph.rbd.features
- scripts/bash: Add ceph.rbd.features
- doc: Fix bad Github action link
- lxd/instance/qemu/qmp: Switch back to upstream repo
- lxd/device/device/interface: Adds Type interface for accessing type specific functions of a device
- lxd/device/device/common: UpdatableFields signature change
- lxd/device/nic/bridged: UpdatableFields signature change
- lxd/device/nic/routed: UpdatableFields signature change
- lxd/device/nic/p2p: UpdatableFields signature change
- lxd/device/disk: UpdatableFields signature change
- lxd/device/device/load: Adds newByType and LoadByType functions
- lxd/device/nic/bridged: Switches to use NIC type agnostic route helper functions
- lxd/device/nic/p2p: Switches to use NIC type agnostic route helper functions
- lxd/instance/drivers/driver/common: Update comment for deviceVolatileReset to match
- lxd/instance/drivers: d.deviceVolatileReset usage
- doc/preseed: LXD is pronounced lex-dee
- doc/api-extensions: LXD is pronounced lex-dee
- tests: Typo fix
- lxd/storage: LXD is pronounced lex-dee
- lxd/firewall: LXD is pronounced lex-dee
- lxd/network: LXD is pronounced lex-dee
- lxd/api: LXD is pronounced lex-dee
- lxd/device: LXD is pronounced lex-dee
- lxd/storage/utils: Updates VolumeUsedByExclusiveRemoteInstancesWithProfiles to use db.ErrInstanceListStop
- lxd/network/network/utils: Removes whitespace trimming from SubnetParseAppend
- lxd/instance/drivers: UpdatableFields usage
- lxd/device/device/utils/network: Changes veth route functions to not depend on device specific logic
- lxd/instance/drivers/driver/lxc: Removes deviceResetVolatile provided by common
- lxd/instance/drivers/driver/qemu: Removes deviceResetVolatile provided by common
- utils: trim whitespace from block device UUID
- lxd/storage/drivers/btrfs: Add up fs and block quota for VMs
- lxd/storage/drivers/dir: Pass int64 size to setQuota
- lxd/storage/drivers/dir: Add up fs and block quota for VMs
- shared/validate/validate: Add IsCompressionAlgorithm
- lxd/cluster: Update compression validation
- lxd/instance: Move CreateInternal
- lxd/instance/drivers: Rename restart to restartCommon
- lxd/instance/drivers: Move snapshot creation to the driver
- lxd/instance/qemu: Add restoreState
- lxd/instance/qemu: Add saveState
- lxd/instance/qemu: Add stateful snapshot
- lxd/cluster: Guarantee single hearbeat loop
- doc/rest-api: Fix and clarify backup API
- lxd/cluster: Improve heartbeat logging
- lxd/api: Don't use potentially nil struct
- lxd/init: Better error on invalid auto-detect fan underlays
- lxd/network/network/utils: Converts UsedBy to use InstanceList function
- lxd/network/network/utils: Changes isInUseByDevices to isInUseByDevice
- lxd/network/network/utils: Adds usedByInstanceDevices function
- lxd/network: Fix for stable-4.0
- doc/rest-api: More fixes for backups
- lxd: Remove ReadToJSON
- lxd/db: Fix RenameCertificate
- lxd/certificate: Modernize DB handling
- lxd/certificate: Rework cache
- doc/backup: Mention subuid/subgid
- lxd/db/certificates: Fix bad error handling
- shared/api: Add restricted and projects to certificate
- lxd/instance/drivers/driver/lxc: Log when skipping volume delete in a recovery import scenario
- lxd/api/internal: Don't create .importing file when performing a backup import in internalImport
- lxd/api/internal: internalImport usage
- lxd/instance/instance/utils: CreateInternal usage of revert package
- lxd/instances/post: internalImport usage
- tests: Reword deadcode
- shared/log15: Remove dead code
- lxd/storage/drivers/driver/btrfs: Unset pool size setting during creation if not relevant
- lxd/storage/drivers/driver/btrfs: Consisent error quoting in Create
- lxd/storage/pools/config: Consistent error quoting in storagePoolValidateConfig
- driver_lxc: pass flags to shiftfs mount
- lxd/network/driver/bridge: Ensure that DHCP firewall rules are added in fan mode
- lxd/network: Drop unused usedByInstanceDevices
- lxd/network/network/utils: Reorders UsedBy to do cheapest search first
- Merge pull request #8480 from tomponline/tp-network-usedby-stable-4.0
- Makefile: Add update-api
- shared/api: Label Server structs
- lxd: Setup API metadata
- lxd: Add / and /1.0 to swagger
- tests: Update deadcode for swagger
- doc: Include initial YAML version of rest-api
- lxd/certificates: Add to swagger
- shared/api: Label Certificate structs
- doc/rest-api/swagger: Update for certificates
- lxd/storage/drivers/utils: Comment clarify in BlockDiskSizeBytes
- lxd/resources/storage: Rework block size handling
- Updated instanceLogDelete function
- lxd/device/disk: Tweak mkisofs flags
- lxd/instance/post: Update instancePostClusteringMigrate to respect instance's project
- lxd/instance/backup: Makes returned containers resource conditional on instance type
- lxd/instance/console: Conditional containers resources
- lxd/instance/delete: Updates instanceDelete to use inst var and makes returned containers resources conditional on instance type
- lxd/instance/exec: Makes containers resources conditional on instance type
- lxd/instance/post: Renames c to inst and makes containers resources conditional on instance type
- lxd/instance/put: Renames c to inst and makes containers resources conditional on instance type
- lxd/instance/snapshot: Renames sc to snapInst and makes containers resources conditional on instance type
- lxd/instances/post: Makes containers resources conditional on instance type
- doc/rest-api: Updates backup endpoint docs
- lxd/cluster: Don't warn about pending nodes
- lxd/instances: Fix instance copy within project
- netutils: improve file descriptor retrieval and increase robustness
- lxd/api: Add project and target arguments to doc
- shared/api: Add comments to certificate fields
- shared/api: Add comments to server fields
- lxd/resources: Add swagger documentation
- shared/api: Label Resources structs
- doc/rest-api: Refresh swagger YAML
- doc/projects: Projects aren't restricted by default
- lxd/storage/drivers/util: Updates ensureVolumeBlockFile to add unsupportedResizeTypes argument
- lxd/storage/drivers/driver/btrfs/volumes: Updates CreateVolume with ensureVolumeBlockFile comments
- lxd/storage/drivers/driver/btrfs/volumes: Updates SetVolumeQuota to pass VolumeTypeImage to ensureVolumeBlockFile
- lxd/storage/drivers/driver/dir/volumes: Comment improvement in CreateVolume
- lxd: improve unix fd retrieval infrastructure
- Update for Go 1.17 go:build tags
- lxd/db: Don't fail preparing statements for activateifneeded
- unixfd: vet all parameters
- lxd/internal: Don't access undefined fields
- tests: Fix project limits on arm64
- doc/README: Drop readthedocs
- lxc/remote: Update working to line up with project
- i18n: Update translation template
- lxd/profiles: Add to swagger
- shared/api: Label Profiles structs
- lxd/projects: Add to swagger
- shared/api: Label Projects structs
- lxd/events: Add to swagger
- shared/api: Label Events structs
- lxd/networks: Add to swagger
- shared/api: Label Networks structs
- shared/api: Hide API extensions from swagger
- doc/rest-api: Refresh swagger YAML
- lxd/device/gpu: Optimize setupSriovParent
- lxd/device: Save parent PCI address for GPU SR-IOV
- lxd/network/network/utils/sriov: Refactors SRIOVFindFreeVirtualFunction and sriovGetFreeVFInterface
- lxd/network/network/utils/sriov: Modifies sriovGetFreeVFInterface to check a VF is down and has no IPs before considering it available
- shared/validate/validate: Adds IsInterfaceName function
- lxd/network/network/utils: Removes validInterfaceName function
- lxd/network/driver: validate.IsInterfaceName usage
- lxd/device/nic: Validate that NIC name property is valid interface name
- lxd/device/nic: Adds nicCheckNamesUnique function
- lxd/device/nic: Updates nicValidationRules to accept a instance.ConfigReader argument and use nicCheckNamesUnique
- lxd/device: nicValidationRules usage
- lxd/device: Return -1 if all VFs are in use
- lxd/device: Support multiple GPUs for SR-IOV
- shared/api/cluster: Architecture is a read-only field
- shared/api: Label Network ACLs structs
- lxd/cluster: Add to swagger
- shared/api: Label Cluster structs
- doc/rest-api: Refresh swagger YAML
- lxd/network/network/utils/sriov: Don't fail when missing vfListPath in sriovGetFreeVFInterface
- lxd/vsock: Better handle errors
- shared/util: Add GetStableRandomInt64FromList
- lxd/db/images: Add AutoUpdate filter
- lxd/db/images: Add helper functions
- docs: typo on JSON schema
- lxd/vsock: Retry timeouts once
- lxd/db: Set nodes.id to auto-increment
- lxd: Add internal endpoints for updates
- lxd/images: Fix auto image updates
- test/suites: Test image refresh in cluster
- lxd/images: Properly spread replicated images
- lxd/migration: Refresh protobuf
- lxd/storage/ceph: Fix ceph.rbd.features
- lxd/cluster/gateway: Expose node is not clustered error
- lxd/cluster/gateway/test: TestGateway_Single ErrNodeIsNotClustered usage
- lxd/patches: Adds db_nodes_autoinc patch
- lxd/storage/drivers/driver/ceph/utils: util.SplitNTrimSpace usage
- shared/util: Removes GetStableRandomInt64FromList and GetStableRandomGenerator from shared pkg
- lxd/util/random: Adds GetStableRandomGenerator and GetStableRandomInt64FromList functions
- lxd/images: util.GetStableRandomInt64FromList usage
- lxd/network/driver/bridge: util.GetStableRandomGenerator usage
- lxd/patches: Update DB tweak for 4.0
- shared/api/netork/acl: Adds missing example doc fields
- test/suites: Fix sed command
- shared/api: Mark most ACL rule fields omitempty
- client/lxd: Don't treat % chars from LXD server response as placeholders in lxdParseResponse
- Doc: fix typo on network type
- doc/rest-api: Refresh swagger YAML
- doc/rest-api: Refresh swagger YAML
- lxd: Unmount image and backup volume on shutdown
- lxd: Fix static analysis
- shared: Remove WriteTempFile
- shared/osarch: Remove dependency on shared package
- shared/osarch: Add SupportedArchitectures
- shared/validate: Add IsArchitecture
- lxd/storage/drivers/generic/vfs: Error quoting in genericVFSVolumeSnapshots
- lxd/storage/drivers/driver/btrfs/volumes: Ensure subvolumes in snapshots are copied during CreateVolumeFromCopy
- lxd/images: Optimize image distribution
- lxd: Properly unmount old image volume
- lxd/instance/qemu: Add 5s QMP timeout
- lxd/storage/drivers/volume: Optimized creation of slice in Snapshots()
- lxd/storage/drivers/volume: Adds SnapshotsMatch function
- lxd/storage/drivers/interface: Updates BackupVolume to take a slice of snapshot names
- lxd/db/instances: Clarifies expected return order of snapshots in GetInstanceSnapshotsWithName
- lxd/storage/backend/lxd: Updates BackupInstance to provide list of snapshot names to b.driver.BackupVolume
- lxd/storage/drivers/generic/vfs: Updates genericVFSBackupVolume to accept a list of snapshot names
- lxd/storage/drivers/driver/btrfs/volumes: Updates BackupVolume to accept a list of snapshot names
- lxd/storage/drivers/driver/ceph/volumes: Updates BackupVolume to accept a list of snapshot names
- lxd/storage/drivers/driver/cephfs/volumes: Updates BackupVolume to accept a list of snapshot names
- lxd/storage/drivers/driver/dir/volumes: Updates BackupVolume to accept a list of snapshot names
- lxd/storage/drivers/driver/lvm/volumes: Updates BackupVolume to accept a list of snapshot names
- lxd/storage/drivers/driver/mock: Updates BackupVolume to accept a list of snapshot names
- lxd/storage/drivers/driver/zfs/volumes: Updates BackupVolume to accept a list of snapshot names
- lxd/storage/drivers: Clarifies ordering of VolumeSnapshots and volume.Snapshots() in comment
- lxd/storage/volumes/snapshot: Use requested project name for operation
- lxd/storage/volumes: Use requested project name for operation
- lxd/operations: Renames project to projectName
- lxd: Renames project to projectName
- clustering: Force config when bootstrapping
- test: Run test_clustering_image_refresh
- test/main: Fix clustering test typo
- test/clustering: Cleanup properly
- test/clustering: s/localhost/public/
- test/clustering: Replace sleep with wait
- test/clustring: Unset LXD_NETNS
- lxd/device/disk: Fallback to using mount device path for major/minor number extraction for BTRFS
- lxd/instance/drivers/driver/lxc: Ensure container is stopped if post start hooks fail
- lxd/instance/drivers/driver/qemu: Adds comment clarifying order of post start hook failure actions
- tests: Don't block on /dev/random
- lxd/db/images: Fix incorrect cached attribute handling
- lxd/images: Improve error logging in autoUpdateImages
- doc: Added a Table of Content in /doc/index.md
- doc: Added "Feature Requests" to Bug Reports section in /doc/index.md
- lxd/patches: Fix typo in patchNetworkClearBridgeVolatileHwaddr
- shared/api/network/acl: Updates example with non-depcared reserved subject
- shared/api/network/acl: Removes reference to default.action in config
- lxd/migrate: Set TrackProgress to
trueto track in-cluster progress information - lxd: Support for in-cluster progress information
- lxd/device/nic/bridged: Check br_netfilter for security.ipv6_filtering loaded before clearing existing rules
- lxd/images: Skip update if image cannot be found
- lxd/db/cluster: Extend list of entities
- lxd/db/cluster: Fix entity URI for images
- lxd/network/network/utils: Updates GetNeighbourIPs to return slice of NeighbourIP struct (with State)
- lxd/device/nic/bridge: Updates State IP neighbour scanning to return valid state neighbours first
- lxd/instance/drivers/driver/lxc: Adds statusCode function and update State to use it
- lxd/instance/drivers/driver/lxc: Adds isRunningStatusCode function and updates IsRunning to use it
- lxd/instance/drivers/driver/lxc: Adds renderState function and updates RenderState to use it
- lxd/instance/drivers/driver/lxc: Updates RenderFull to use d.renderState
- lxd/instance/drivers/driver/lxc: Updates IsFrozen to use d.statusCode()
- lxd/instance/drivers/driver/lxc: Updates Render to use d.statusCode
- lxd/instance/drivers/driver/lxc: Updates RenderState to use statusCode
- lxd/instance/drivers/driver/qemu: Updates RenderState to use d.isRunningStatusCode
- lxd/instance/drivers/driver/qemu: Updates IsRunning to use d.isRunningStatusCode
- lxd/instance/drivers/driver/qemu: Updates IsFrozen to use d.statusCode
- lxd/instance/drivers/driver/qemu: Reduce calls to statusCode in Render
- lxd/instance/drivers/driver/qemu: Updates RenderFull to use d.renderState
- lxd/instance/drivers/driver/qemu: Adds renderState and updates RenderState to use it
- lxd/instances: Removes check for invalid state BROKEN in instancesShutdown
- lxc/action: Allow --console with stop action.
- i18n: Update translation templates
- shared/api: Label Operation structs
- lxd/operations: Add to swagger
- doc/rest-api: Refresh swagger YAML
- Makefile: Set GO111MODULE=off
- doc/rest-api: Refresh swagger YAML
- lxd/operations: Cover public endpoints
- shared/api: Fix cluster labeling
- lxd: Add project arguments to swagger
- lxd/swagger: Add background operations
- shared/api: Label Image structs
- lxd/images: Add to swagger
- doc/rest-api: Refresh swagger YAML
- lxd/instance/qemu: Disable net vectors on ccw
- lxc/list: Handle dots in device keys
- lxd/network/driver/bridge: Error quoting
- lxd/device: Ensure type field in NetworkInterface is specified first for liblxc
- lxd/storage/drivers/driver/ceph/volumes: Don't ignore unmount/unmap failures in DeleteVolume
- lxd/images: Remove images backed by remote storage
- lxd/db: Renames isRemoteStorage to IsRemoteStorage
- Merge pull request #8620 from tomponline/tp-storage-ceph-stable-4.0
- Revert "doc: Added a Table of Content in /doc/index.md"
- lxd/device/gpu_mdev: Simplify start logic
- lxd/device/gpu_mdev: Support mdev on top of SR-IOV
- lxc/list: Rename state to inst
- lxc/list: Cleanup comments
- lxc/list_test: Rename state to inst
- lxc/info: Sort the mdev profiles
- lxc-to-lxd: Fix test (type always goes first)
- test/suites/clustering: Retry removing node from database in test_clustering_remove_raft_node
- lxd/gpu/physical: Fix compute-only passthrough
- doc/instances: Mark mdev field as required
- lxd/db/profiles: Cleanup arg names and errors in GetProfiles
- lxd/api/internal: Adds internalImportRootDevicePopulate function
- lxd/api/internal/test: Add tests for internalImportRootDevicePopulate
- lxd/api/internal: Updates internalImport to use internalImportRootDevicePopulate
- lxd/storage/errors: Removes ErrNotImplemented
- lxd/storage/load: Return drivers.ErrNotSupported in GetPoolByInstance when storage pool doesn't support instance type
- lxd/storage/backend/lxd: drivers.ErrNotImplemented usage
- lxd/storage/backend/mock: drivers.ErrNotImplemented usage
- lxd/instance/drivers/driver/lxc: Check pool supports instance type in lxcCreate
- lxd/instance/drivers/driver/qemu: Check pool supports instance type in qemuCreate
- lxd/instance/drivers/driver/lxc: Use errors.Cause
- lxd/instance/drivers/driver/qemu: Use errors.Cause
- lxd/instance/drivers: Clearer pool load failure message
- lxd/backup: Clearer pool load failure message
- lxd/instance: Add revert package usage
- lxd/instance: Clearer error messages
- lxd/migrate/instance: storageDrivers.ErrNotImplemented usage
- test/suites/backup: Add tests for checking lxd import profile root disk support
- lxd/storage/backend/lxd: Check custom volume type is supported by storage pool
- cluster: Larger Timeout to find leader
- lxd/firewall/firewall/interface: Add NetworkSetup and remove feature specific network setup functions
- lxd/firewall/drivers/driver/consts: Add network firewall Opts
- lxd/firewall/drivers/drivers/nftables: Implement NetworkSetup and unexport per-feature setup functions
- lxd/firewall/drivers/drivers/xtables: Implement NetworkSetup and unexport per-feature setup functions
- lxd/network/driver/bridge: Switch to n.state.Firewall.NetworkSetup usage
- doc/instance: Fix escaping
- lxd/device/gpu: Add NVIDIA MIG support
- doc/instances: Add GPU MIG
- api: gpu_mig extension
- lxd/project: Add skipUnset
- lxd/project: Refactor instance counting
- shared/api: Add ProjectState
- client: Add GetProjectState
- client: Fixes GetContainerLogfiles and GetInstanceLogfiles
- lxd/firewall/drivers/drivers/xtables: errors.Wrapf usage
- lxd/firewall/drivers/drivers/xtables: Removes unused args from generateFilterIptablesRules
- lxd/firewall/drivers/drivers/xtables: Adds iptablesChainCreate and iptablesChainExists functions
- lxd/firewall/drivers/drivers/xtables: Moves NIC level security filtering rules into own chain
- shared/validate: Allow uppercase letters in PCI addresses
- shared/validate: Update unit tests for PCI addresses
- lxd/instance/drivers: Restrict virtiofs to Intel architectures
- lxd/device/disk: Restrict virtiofs to x86_64
- lxd/cluster: Don't copy all images on startup
- tests: Disable test_clustering_image_replication
- lxd/task: Add Hourly convenience function
- lxd/firewall/firewall/interface: Adds delete and ipVersions slice args to NetworkClear
- lxd/network/driver/bridge: n.state.Firewall.NetworkClear usage in setup
- lxd/network/driver/bridge: firewall setup debug logging
- lxd/network/driver/bridge: n.state.Firewall.NetworkClear usage in Stop
- lxd/firewall/drivers/drivers/nftables: NetworkClear updated with new arguments
- lxd/firewall/drivers/drivers/xtables: Updates networkSetupNICFilteringChain to use network-specific chain
- lxd/firewall/drivers/drivers/xtables: Updates generateFilterIptablesRules to use network-specific chain
- lxd/firewall/drivers/drivers/xtables: No need to use LookPath in iptablesChainCreate
- lxd/firewall/drivers/drivers/xtables: Adds iptablesChainDelete function
- lxd/firewall/drivers/drivers/xtables: NetworkClear updated to add new arguments
- lxd/instance: Move NextSnapshotName
- lxd/operations: Fix possible NPE
- shared/validate: Add IsCron validator
- lxd/storage/drivers/driver/zfs/volumes: Only mount instance filesystem volumes in postHook for CreateVolumeFromBackup
- lxd/operations: Don't wait for tokens
- lxd/images: Run autoSyncImagesTask hourly
- lxd/db/images: Add GetImages
- lxd/images: Retrieve all images on sync
- lxd/images: Use CopyImage() in autoSyncImages
- lxd/daemon: Fix comment about autoSyncImages
- lxd: Sync images on cluster node removal
- lxd: Sync images when cluster.images_minimal_replica changes
- tests: Re-enable image replication tests
- lxd: Sync images on cluster node join
- lxd/images: Pick a random source node for replication
- lxd/operations: Export OperationClass type
- lxd/firewwall/drivers/drivers/nftables: Changes nftables to use a single inet table rather than separate ip and ip6 tables
- client: Fix copy of VM snapshots
- test: Updates proxy tests to check nftables inet table
- tests: Fix failure on 5.11 kernel
- lxd/firewall/drivers/drivers/xtables: Don't check for existing rule in iptablesAdd
- lxd/firewall/drivers/drivers/xtables: Updates d.iptablesChainExists to return if chain has any rules
- shared/validate/validate: Check IsNetworkPortRange range starts lower than end
- forkexec: log more failures
- Revert "lxd/firewall/drivers/drivers/xtables: Don't check for existing rule in iptablesAdd"
- lxd/daemon/images: Adds imageDownloadLock function
- lxd/daemon/images: Use d.imageDownloadLock in ImageDownload
- lxd/daemon/images: Improve error messages in ImageDownload
- lxd/instance: Improve error messages in instanceCreateFromImage
- lxd/instance: Use d.imageDownloadLock in instanceCreateFromImage
- lxd/firewall/drivers/drivers/xtables: Only add multiple instance <> instance NAT rules for proxy if connect port range used in InstanceSetupProxyNAT
- lxd/firewall/drivers/drivers/xtables: Don't look for existing rules in iptablesAdd
- lxd/firewall/drivers/drivers/nftables: Only add multiple instance <> instance NAT rules for proxy if connect port range used in InstanceSetupProxyNAT
- lxd/networks: Updates doNetworksCreate to skip network validation during pre-join phase
- lxd/instance: Drop unused function
- lxd/project: Only consider syscall interception as low-level
- lxd/instance: Fix stable-4.0 build
- shared/simplestreams: Improve error messages
- lxd/daemon/images: Improve error messages
- client/simplestreams/images: Improve error messages
- test/godeps.list: Adds github.com/pkg/errors
- lxd: don't set device cgroup values for unpriv containers
- lxd/storage: Re-introduce cluster distributino of volume snapshots
- lxc/remote: Only update URL in set-url
- lxd/instance/drivers: Don't overwrite template triggers
- lxd/daemon/images: Removes unnecessary imagesDownloadingLock mutex
- lxc: Fix help for string arguments
- tests: Fix apply_template check
- lxd/cluster/membership: Updates Bootstrap to generate new cluster certificate
- lxd/util/encryption: Comment on LoadCert
- lxd/util/encryption: Adds LoadClusterCert function
- test: load cluster.crt not server.crt when bootstrapping a cluster
- lxc-to-lxd: Fix TestConvertNetworkConfig loopback only test
- lxd/db: Add cluster ToAPI
- lxd: Switch to using GetNodes
- lxd/cluster: Drop List function
- tests: Update for current cluster messages
- lxd/lxd: Prevent multiple routed NIC devices from using "auto" gateway mode
- lxd/db: Add node ID to StorageVolumeArgs
- doc: Add aliases to snapshots.schedule
- api: snapshots_schedule_aliases
- lxd/util: Rework random functions
- lxd/snapshot: Add snapshot aliases
- lxd: Use snapshot aliases
- lxd/instance: Add startup snapshot
- shared/validate: Add IsCron validator
- tests: Add snapshot scheduling
- lxd/storage/volumes/snapshots: Updates autoCreateCustomVolumeSnapshotsTask to always snapshot local custom volumes
- lxd/storage/volumes/snapshots: Update autoCreateCustomVolumeSnapshots return value
- lxd/storage/volumes/snapshots: Adds comments to autoCreateCustomVolumeSnapshots
- lxd: Move image-refresh to /internal/testing/
- test/suites: Use /internal/testing/image-refresh
- lxc/storage_volume: Properly use cluster target
- lxc/storage_volume: Add missing target
- vm/qemu: configure spice using -spice parameter
- lxd/storage_volume_snapshots: Fix cluster redirection
- lxd/db/storage: Properly increment snapshots
- lxd/storage_pools: Fix ordering of pool delete
- lxd/endpoint: Retry binding on startup
- lxd/instance/qemu: Move to query-cpus-fast
- shared/api/certificate: Adds certificate type constants
- lxd/db/certificates: Adds CertificateAPITypeToDBType and ToAPIType functions
- lxd/db/certificates: Comment on Certificate
- lxc: Switch to CertificateTypeClient constant
- lxd: Switch to CertificateTypeClient constant
- lxd-p2c/utils: Switch to CertificateTypeClient constant
- lxd/util/encryption: Adds LoadServerCert function
- lxd/certificates: updateCertificateCache error quoting consistency
- lxd/network/driver/bridge: Don't attempt to setup ipv6 firewall when no ipv6.address
- lxd/swagger: Add NotFound response
- lxd/certificates: Store certificateCache by certificate type
- lxd/certificates: db.CertificateAPITypeToDBType usage and set certificate type to server
- lxd/certificates: Comment ending consistency
- lxd/daemon: Adds getTrustedCertificates function
- lxd/daemon: Update Authenticate to use d.getTrusterCertificates
- lxd/daemon: Comment ending consistency in Authenticate
- lxd/snapshots: Fix multiple schedules
- lxd/images: Ignore intervals on manual refreshes
- shared/api: Add warning structs
- client: Add warning functions
- lxd/db: Fix typo in error
- lxd/util/http: Fix CheckTrustState to block access for revoked certificates that were formerly trusted
- lxd/certificates: Adds comment about the importance of a check related to CA mode in certificatesPost
- test: Remove trusted remote before checking adding untrusted remote
- test: Don't use CA PKI generated server certs for LXD
- test/deps: Removes alternative pre-generated server cert and key
- test: Remove LXD_ALT_CERT
- test: Update PKI tests to comply with expectations of revocation behaviour
- Revert "lxd/instance/qemu: Move to query-cpus-fast"
- lxd/firewall/drivers/drivers/nftables: Require kernel version >= 5.2 to allow support for inet table NAT rules
- lxd/ip: Add ip package
- lxd/device: Replace ip command with ip package
- lxd: Replace ip command with ip package
- lxd/network: Replace ip command with ip package
- tests: Add ip package to static_analysis test
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.13 リリースのお知らせ ¶
10th of April 2021
はじめに ¶
LXD チームは LXD 4.13 のリリースをお知らせできることにとてもワクワクしています!
このリリースでは、プロジェクトのリソース使用量の確認、NVIDIA MIG サポート、スナップショットのスケジュールのエイリアス、デフォルトのクラスターアーキテクチャーの指定、多数の CLI ツールの改良を含む、多数のエキサイティングな新機能が含まれています。
Enjoy!
新機能とハイライト ¶
lxc list でのインスタンスのフィルタリング ¶
lxc list で key=value 形式のフィルタとして指定できるオプションが追加されました。
- type= (コンテナ or 仮想マシン)
- status= (running, frozen, stopped or broken)
- architecture= (有効なアーキテクチャー名)
- location= (クラスターのサーバー名)
- ipv4= (アドレスまたはCIDR)
- ipv6= (アドレスまたはCIDR)
IPv6 の CIDR でフィルタリングを行っている例です:
stgraber@penguin:~$ lxc list ipv6=2001:470:b368::/48 +----------+---------+-----------------------+----------------------------------------------+-----------------+-----------+----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | LOCATION | +----------+---------+-----------------------+----------------------------------------------+-----------------+-----------+----------+ | buildd01 | RUNNING | 10.232.117.1 (lxdbr0) | 2602:fd23:8:1005:216:3eff:fe19:fd6e (enp5s0) | VIRTUAL-MACHINE | 7 | abydos | | | | | 2001:470:b368:4242::1 (lxdbr0) | | | | +----------+---------+-----------------------+----------------------------------------------+-----------------+-----------+----------+ | buildd02 | RUNNING | 10.181.173.1 (lxdbr0) | 2602:fd23:8:1005:216:3eff:fec8:841b (enp5s0) | VIRTUAL-MACHINE | 8 | langara | | | | | 2001:470:b368:4242::1 (lxdbr0) | | | | +----------+---------+-----------------------+----------------------------------------------+-----------------+-----------+----------+ | buildd03 | RUNNING | 10.232.46.1 (lxdbr0) | 2602:fd23:8:1005:216:3eff:fe67:f919 (enp5s0) | VIRTUAL-MACHINE | 7 | orilla | | | | | 2001:470:b368:4242::1 (lxdbr0) | | | | +----------+---------+-----------------------+----------------------------------------------+-----------------+-----------+----------+
コンテナでの NVIDIA MIG サポート ¶
新しい GPU タイプとして NVIDIA Multi-Instance GPU のサポートを導入しました。 この機能をサポートするシステム上で、あらかじめ作成した MIG コンピュートインスタンスを LXD コンテナに与えられるようになりました。
これは gpu デバイスタイプで mig gputype を指定することで使えます。
lxc config device add c1 gpu0 gpu gputype=mig mig.gi=5 mig.ci=1 pci=09:00.0
この例では、アドレス 09:00.0 の GPU の GPU インスタンス 5 のコンピュートインスタンス 1 が使われます。
関連する値はすべて、MIG インスタンスを作成したあと、nvidia-smi から見つけられます。
システムワイドなリモート設定 ¶
lxc コマンドラインツールが /etc/lxd/ を設定のソースとして見るようになりました。
ここに置かれた config.yaml はユーザー自身の設定とマージされます。
これにより、LXD のリモートに関する設定をシステムワイドに行なえます。サーバー証明書も同様に /etc/lxd/servercerts/ に置けます。
注意: この設定は snap をお使いのユーザーではまだ有効にはなりません。すぐに snap 向けの設定を行い、グローバル設定を /var/snap/lxd/common 内に置けるようにする予定です。
プロジェクトのリソース使用量の確認 ¶
リソース制限が設定されているプロジェクトでは、制限と現在のリソース消費の概要が確認できるようになりました。消費の状況は制限が設定されている場合のみ正確に表示されます。
stgraber@penguin:~$ lxc project info nsec +------------------+-----------+---------+ | RESOURCE | LIMIT | USAGE | +------------------+-----------+---------+ | CONTAINERS | UNLIMITED | 3 | +------------------+-----------+---------+ | CPU | 4 | 3 | +------------------+-----------+---------+ | DISK | 53.69GB | 33.29GB | +------------------+-----------+---------+ | INSTANCES | UNLIMITED | 3 | +------------------+-----------+---------+ | MEMORY | 4.29GB | 3.22GB | +------------------+-----------+---------+ | NETWORKS | 10 | 1 | +------------------+-----------+---------+ | PROCESSES | 100000 | 30000 | +------------------+-----------+---------+ | VIRTUAL-MACHINES | UNLIMITED | 0 | +------------------+-----------+---------+
スナップショットのスケジュール設定のエイリアス ¶
LXDは、インスタンスとカスタムストレージボリュームの両方について、スナップショットの自動スケジューリングをサポートしています。これはsnapshots.scheduleという設定オプションを使って設定します。
cron 形式での設定に加えて、次のエイリアスでも設定できるようになりました:
@hourly@daily@midnight@weekly@monthly@annually@yearly
また、インスタンスの場合に限り、追加の @startup という設定が存在し、インスタンスが起動、再起動するごとにスナップショットを実行できます。
cronパターンと比較した場合のエイリアスのもう一つの利点は、それらが時間的にランダムに分散されることです。つまり、@daily はすべてのインスタンスやストレージボリュームで同時にトリガーされることはありませんが、特定のインスタンスやストレージボリュームについては同時にトリガーされます。
マルチアーキテクチャーで設定されている場合の images.default_architecture ¶
マルチアーキテクチャーのクラスターを運用している場合、特定のターゲットを指定せず、複数アーキテクチャーで使用できるイメージを使用してインスタンスを起動すると、LXD はアーキテクチャに関わらず、すべてのサーバーのうちもっともビジーでないサーバーを見つけて、そこでインスタンスを作成します。
ほとんどのマルチアーキテクチャークラスターはメインのアーキテクチャー(x86_64 であることが多い)と、メインのアーキテクチャーより容量の少ないあまり一般的ではないアーキテクチャー(aarch64, ppc64le, s390x, ...)を持っていることが多いので、これはあまり望ましい動作ではありません。ですので、LXD がこれらを等しく扱い、インスタンスを全体に分散させるだけではかなり混乱してしまいます。
新たな設定オプションである images.default_architecture には、イメージが単一アーキテクチャー固有ではない場合に使用するアーキテクチャー名を設定できます。
例えば、マルチアーキテクチャークラスターでは次のようになります:
lxc config set images.default_architecture x86_64 lxc launch images:ubuntu/20.04 c1
この例では x86_64 アーキテクチャーのインスタンスがデプロイされます。そして、次のように使うと:
lxc launch images:ubuntu/20.04/arm64 c1
明示的に aarch64 イメージを指定すると、aarch64 イメージを実行できるクラスターサーバーが選択されます(訳注: 例は arm64 になってますが、aarch64 の Ubuntu での arch が arm64 です)。
lxc project list, lxc profile list, lxc storage list の新しい DESCRIPTION カラム ¶
この変更で、ほぼすべてのトップレベルのリストコマンドで description 属性を表示するようになりました。次のようなコマンドで同じように利用できます:
- lxc profile list
- lxc image list
- lxc project list
- lxc storage list
- lxc network list
これは、lxc list ではデフォルトでは表示されません。これは横方向のスペースがないためですが、設定できるカラムの1つですので有効にもできます。
ネットワーク ACL のデフォルトアクションの処理を見直しました ¶
最近導入されたネットワーク ACL は、ACL レベルで default.action と default.logged というオプションが設定できました。これは、1つのインスタンスに多くの ACL が適用できるため、これらの設定キーを混乱させる悪い設計でした。
結果的に、この 2 つの設定キーを ACL 設定から完全に削除し、代わりにインスタンスのネットワークデバイスやネットワークを直接設定できる設定を導入しました。
新しい設定キーは次のとおりです:
security.acls.default.egress.actionsecurity.acls.default.egress.loggedsecurity.acls.default.ingress.actionsecurity.acls.default.ingress.logged
また、これは内向き(ingress)と外向き(egress)の通信を分離することにより、ブロックする内向きの通信を静かに無視したまま、ブロックされた外向きのトラフィックをログに記録することが容易になります。
lxc stop コマンドの --console オプション ¶
lxc start、lxc restartに加えて、lxc stopで--consoleオプションが使えるようになりました。
これを使って、インスタンスがシャットダウンのシグナルを受け取った瞬間、インスタンスのコンソールに接続できます。 これは、シャットダウンシーケンスを観察したり、シャットダウン時のエラーを見つける際に便利です。
自動生成の REST-API ドキュメントの追加 ¶
/1.0/instancesと /1.0/storage-poolsを除くすべてが、Swagger API ファイルでカバーされるようになりました。これで LXD API とやりとりするすべてのパラメーターと方法をカバーしているはずです。
仮に出力したものがこちらにあります: https://dl.stgraber.org/swag-lxd/
すべての変更点(翻訳なし)¶
このリリースでの完全な変更点のリストは次のとおりです:
- lxd/migration: Refresh protobuf
- lxd/storage/ceph: Fix ceph.rbd.features
- lxd/cluster/gateway: Expose node is not clustered error
- lxd/cluster/gateway/test: TestGateway_Single ErrNodeIsNotClustered usage
- lxd/patches: Adds db_nodes_autoinc patch
- lxd/storage/drivers/driver/ceph/utils: util.SplitNTrimSpace usage
- lxd/network/openvswitch/ovs: Adds TCP flag constants
- lxd/network/acl/acl/ovn: Switches to openvswitch TCP flag constants in OVNApplyNetworkBaselineRules
- shared/util: Removes GetStableRandomInt64FromList and GetStableRandomGenerator from shared pkg
- lxd/util/random: Adds GetStableRandomGenerator and GetStableRandomInt64FromList functions
- lxd/images: util.GetStableRandomInt64FromList usage
- lxd/network/driver/bridge: util.GetStableRandomGenerator usage
- lxd/network/driver/ovn: util.GetStableRandomGenerator usage
- lxd/storage/volumes/snapshot: util.GetStableRandomInt64FromList usage
- test: Run test_clustering_image_refresh
- shared/api/netork/acl: Adds missing example doc fields
- lxc/network/acl: Update field examples
- i18n: Update translation template
- lxd/network/acl/acl/load: Fix UsedBy with project profiles
- test/suites: Fix sed command
- shared/api: Mark most ACL rule fields omitempty
- Fix typo in doc/projects.md, replace images with backups
- Fix a typo in rest-api.md for renaming a network ACL
- client/lxd: Don't treat % chars from LXD server response as placeholders in lxdParseResponse
- doc/network/acls: Changes reserved subject names
- lxd/network/acl/acl/ovn: Handles deprecated aliases for subjects
- shared/api/network/acl: Updates example with non-depcared reserved subject
- lxd/network/acl/driver/common: Deprecates #internal and #external subjects and replaces them with @internal and @external
- Doc: fix typo on network type
- doc/rest-api: Refresh swagger YAML
- doc/rest-api: Refresh swagger YAML
- lxd: Unmount image and backup volume on shutdown
- lxd: Fix static analysis
- shared: Remove WriteTempFile
- shared/osarch: Remove dependency on shared package
- shared/osarch: Add SupportedArchitectures
- shared/validate: Add IsArchitecture
- lxd/project: Add images.default_architecture
- lxd/cluster: Add images.default_architecture
- lxd/db: Support images.default_architecture
- lxd: Support images.default_architecture
- doc: Add images.default_architecture
- api: images_default_architecture
- lxd/network/driver/ovn: Adds n.ensureNetworkPortGroup and use it in setup() and Start()
- lxd/network/driver/ovn: Clarifies comment
- lxd/storage/drivers/generic/vfs: Error quoting in genericVFSVolumeSnapshots
- lxd/storage/drivers/driver/btrfs/volumes: Ensure subvolumes in snapshots are copied during CreateVolumeFromCopy
- lxd/images: Optimize image distribution
- lxd: Properly unmount old image volume
- lxd/network/acl/acl/ovn: Ensure to parenthesised || when used with && in rule match
- lxd/instance/qemu: Add 5s QMP timeout
- lxd/storage/drivers/volume: Optimized creation of slice in Snapshots()
- lxd/storage/drivers/volume: Adds SnapshotsMatch function
- lxd/storage/drivers/interface: Updates BackupVolume to take a slice of snapshot names
- lxd/db/instances: Clarifies expected return order of snapshots in GetInstanceSnapshotsWithName
- lxd/storage/backend/lxd: Updates BackupInstance to provide list of snapshot names to b.driver.BackupVolume
- lxd/storage/backend/lxd: Updates BackupCustomVolume to provide list of snapshot names to b.driver.BackupVolume
- lxd/storage/drivers/generic/vfs: Updates genericVFSBackupVolume to accept a list of snapshot names
- lxd/storage/drivers/driver/btrfs/volumes: Updates BackupVolume to accept a list of snapshot names
- lxd/storage/drivers/driver/ceph/volumes: Updates BackupVolume to accept a list of snapshot names
- lxd/storage/drivers/driver/cephfs/volumes: Updates BackupVolume to accept a list of snapshot names
- lxd/storage/drivers/driver/dir/volumes: Updates BackupVolume to accept a list of snapshot names
- lxd/storage/drivers/driver/lvm/volumes: Updates BackupVolume to accept a list of snapshot names
- lxd/storage/drivers/driver/mock: Updates BackupVolume to accept a list of snapshot names
- lxd/storage/drivers/driver/zfs/volumes: Updates BackupVolume to accept a list of snapshot names
- lxd/storage/drivers: Clarifies ordering of VolumeSnapshots and volume.Snapshots() in comment
- lxd/storage/volumes/backup: Use requested project name for operation
- lxd/storage/volumes/snapshot: Use requested project name for operation
- lxd/storage/volumes: Use requested project name for operation
- lxd/operations: Renames project to projectName
- lxd: Renames project to projectName
- clustering: Force config when bootstrapping
- lxd/network/openvswitch/ovn: Work around ovn-nbctl NAT bugs in LogicalRouterDNATSNATAdd
- lxd/network/openvswitch/ovn: Use same technique as LogicalRouterDNATSNATAdd when mayExist is true
- lxd/network/openvswitch/ovn: Merge LogicalSwitchPortAdd and LogicalSwitchPortSet
- lxd/network/driver/ovn: client.LogicalSwitchPortAdd usage
- lxd/network/openvswitch/ovn: Reduce ovn-nbctl calls in LogicalSwitchPortDeleteDNS
- lxd/network/openvswitch/ovn: Reduce calls to ovn-nbctl in LogicalSwitchPortLinkRouter
- lxd/network/openvswitch/ovn: Reduce calls to ovn-nbctl in LogicalSwitchPortLinkProviderNetwork
- lxd/network/openvswitch/ovn: Updates LogicalRouterDNATSNATDelete to support removing multiple entries in single call
- lxd/network/driver/ovn: Updates InstanceDevicePortDelete to always attempt to remove its IPs from DNAT entries
- lxd/network/openvswitch/ovn: Updates LogicalRouterRouteDelete to support removing multiple routes
- lxd/network/driver/ovn: LogicalRouterRouteDelete usage to reduce ovn-nbctl calls
- lxc/network_acl: Fix example
- i18n: Update translation templates
- lxc/project: Show description
- lxc/profile: Add description column
- lxc/storage: Add description column
- doc: improve wording of network ACLs
- doc/instances: Adds ipv4.routes and ipv6.routes for OVN NICs
- test/main: Fix clustering test typo
- test/clustering: Cleanup properly
- test/clustering: s/localhost/public/
- test/clustering: Replace sleep with wait
- test/clustring: Unset LXD_NETNS
- lxd/device/disk: Fallback to using mount device path for major/minor number extraction for BTRFS
- lxd/instance/drivers/driver/lxc: Ensure container is stopped if post start hooks fail
- lxd/instance/drivers/driver/qemu: Adds comment clarifying order of post start hook failure actions
- lxd/network/openvswitch/ovn: Adds LogicalSwitchPorts function
- lxd/network/driver/ovn: Use client.LogicalSwitchPorts in handleDependencyChange and Update
- tests: Don't block on /dev/random
- lxd/network/acl/acl/ovn: Removes unused state arg from ovnApplyToPortGroup
- lxd/network/driver/ovn: Improved comment in InstanceDevicePortAdd
- lxd/db/images: Fix incorrect cached attribute handling
- lxd/images: Improve error logging in autoUpdateImages
- doc: Added a Table of Content in /doc/index.md
- doc: Added "Feature Requests" to Bug Reports section in /doc/index.md
- lxd/patches: Fix typo in patchNetworkClearBridgeVolatileHwaddr
- lxd/patches: Adds patchNetworkACLRemoveDefaults to remove ACL default.action and default.logged keys
- doc/network-acls: Removes references to default.action and default.logged
- shared/api/network/acl: Removes reference to default.action in config
- lxd/network/acl/acl/ovn: Removes default.action and default.logged behavior
- lxd/network/acl/driver/common: Removes references to default.action and default.logged in config validation
- doc/rest-api: Refresh swagger YAML
- lxd/network/driver/ovn: Renames instance device structs to OVNInstanceNICSetupOpts and OVNInstanceNICStopOpts
- lxd/network/driver/ovn: Renames InstanceDevicePortConfigParse to instanceDevicePortRoutesParse
- lxd/network/driver/ovn: Renames InstanceDevicePortAdd to InstanceDevicePortSetup
- lxd/network/driver/ovn: Updates InstanceDevicePortDelete to accept OVNInstanceNICStopOpts
- lxd/network/driver/ovn: Updates handleDependencyChange to use n.InstanceDevicePortSetup
- lxd/device/nic/ovn: Updates ovnNet interface
- lxd/device/nic/ovn: d.network.InstanceDevicePortSetup and d.network.InstanceDevicePortDelete usage in Start()
- lxd/device/nic/ovn: d.network.InstanceDevicePortSetup usage in Update()
- lxd/device/nic/ovn: d.network.InstanceDevicePortDelete usage in Stop()
- lxd/network/acl/driver/common: Export ValidActions for network and NIC validation
- lxd/device/nic: Add support for validating security.acls.default.{in,e}gress.{action,logged} config keys
- lxd/device/nic/ovn: Validates security.acls.default.{in,e}gress.{action,logged} config keys
- doc/networks: Adds security.acls.default.{in,e}gress.{action,logged} keys to ovn network
- doc/instances: Adds security.acls.default.{in,e}gress.{action,logged} keys to OVN NIC
- api: Adds network_ovn_acl_defaults extension
- lxd/network/openvswitch/ovn: space trimming cleanup
- lxd/network/openvswitch/ovn: Renames setACLRules to aclRuleAddAppendArgs
- lxd/network/openvswitch/ovn: Updates LogicalSwitchSetACLRules to use o.aclRuleAddAppendArgs
- lxd/network/openvswitch/ovn: Updates PortGroupSetACLRules to use o.aclRuleAddAppendArgs
- lxd/network/openvswitch/ovn: Adds logicalSwitchPortACLRules function
- lxd/network/openvswitch/ovn: Updates LogicalSwitchPortDeleteDNS to use o.logicalSwitchPortDeleteDNSAppendArgs
- lxd/network/openvswitch/ovn: Adds logicalSwitchPortDeleteAppendArgs function
- lxd/network/openvswitch/ovn: Updates LogicalSwitchPortDelete to use o.logicalSwitchPortDeleteAppendArgs
- lxd/network/openvswitch/ovn: Adds LogicalSwitchPortCleanup function
- lxd/network/openvswitch/ovn: Adds aclRuleDeleteAppendArgs, PortGroupPortSetACLRules and PortGroupPortClearACLRules functions
- lxd/network/acl/acl/ovn: Renames ovnACLPriorityPortGroupDefaultReject to ovnACLPriorityPortGroupDefaultAction
- lxd/network/acl/acl/ovn: Adds OVNApplyInstanceNICDefaultRules function
- lxd/network/acl/acl/ovn: ovnApplyToPortGroup change default action to drop
- lxd/network/driver/ovn: Error improvement
- lxd/network/driver/ovn: Updates InstanceDevicePortSetup to setup NIC port default ACL rules
- lxd/network/driver/ovn: Updates InstanceDevicePortDelete to use LogicalSwitchPortCleanup
- lxd/network/driver/ovn: Adds security.acls.default.{in,e}gress.{action,logged} config key validation
- lxd/network/driver/ovn: Adds default rule config change detection to Update
- lxd/migrate: Set TrackProgress to
trueto track in-cluster progress information - lxd: Support for in-cluster progress information
- lxc/move: Support for in-cluster progress information
- lxd/device/nic/bridged: Check br_netfilter for security.ipv6_filtering loaded before clearing existing rules
- lxd/device/nic/ovn: Typo in comment
- lxd/network/openvswitch/ovn: Removes LogicalSwitchDHCPOptionsGetID
- lxd/network/driver/ovn: Use client.LogicalSwitchDHCPOptionsGet in InstanceDevicePortSetup
- lxd/network/openvswitch/ovn: Simplify LogicalSwitchDHCPOptionsDelete and make more efficient
- lxd/network/openvswitch/ovn: Use more efficient o.LogicalSwitchDHCPOptionsDelete in LogicalSwitchDelete
- lxd/network/openvswitch/ovn: Makes logicalSwitchDNSRecordsDelete more efficient
- lxd/images: Skip update if image cannot be found
- lxc/move: Support for quietFlag for in-cluster instance move
- lxd/db/cluster: Extend list of entities
- lxd/db/cluster: Fix entity URI for images
- lxd/network/network/utils: Updates GetNeighbourIPs to return slice of NeighbourIP struct (with State)
- lxd/device/nic/bridge: Updates State IP neighbour scanning to return valid state neighbours first
- lxd/instance/drivers/driver/lxc: Adds statusCode function and update State to use it
- lxd/instance/drivers/driver/lxc: Adds isRunningStatusCode function and updates IsRunning to use it
- lxd/instance/drivers/driver/lxc: Adds renderState function and updates RenderState to use it
- lxd/instance/drivers/driver/lxc: Updates RenderFull to use d.renderState
- lxd/instance/drivers/driver/lxc: Updates IsFrozen to use d.statusCode()
- lxd/instance/drivers/driver/lxc: Updates Render to use d.statusCode
- lxd/instance/drivers/driver/lxc: Updates RenderState to use statusCode
- lxd/instance/drivers/driver/qemu: Updates RenderState to use d.isRunningStatusCode
- lxd/instance/drivers/driver/qemu: Updates IsRunning to use d.isRunningStatusCode
- lxd/instance/drivers/driver/qemu: Updates IsFrozen to use d.statusCode
- lxd/instance/drivers/driver/qemu: Reduce calls to statusCode in Render
- lxd/instance/drivers/driver/qemu: Updates RenderFull to use d.renderState
- lxd/instance/drivers/driver/qemu: Adds renderState and updates RenderState to use it
- lxd/instances: Removes check for invalid state BROKEN in instancesShutdown
- lxc/action: Allow --console with stop action.
- i18n: Update translation templates
- shared/api: Label Operation structs
- lxd/operations: Add to swagger
- doc/rest-api: Refresh swagger YAML
- Makefile: Set GO111MODULE=off
- lxd/operations: Cover public endpoints
- shared/api: Fix cluster labeling
- lxd: Add project arguments to swagger
- lxd/swagger: Add background operations
- shared/api: Label Image structs
- lxd/images: Add to swagger
- doc/rest-api: Refresh swagger YAML
- lxd/instance/qemu: Disable net vectors on ccw
- lxc/list: Handle dots in device keys
- lxd/device/nic/bridged: Comment typo
- lxd/network/driver/bridge: Error quoting
- lxc/network/acl: Allow output of lxc network acl show to be used as input to lxc network acl edit
- lxd/device: Ensure type field in NetworkInterface is specified first for liblxc
- lxc/list: Add more instance filters
- i18n: Update translation templates
- Revert "doc: Added a Table of Content in /doc/index.md"
- lxd/device/gpu_mdev: Simplify start logic
- lxd/device/gpu_mdev: Support mdev on top of SR-IOV
- lxc/list: Remove name filter
- lxc/list: Rename state to inst
- lxc/list: Cleanup comments
- lxc/list: Pass state to filters
- lxc/list: ipv4/ipv6 filters apply to state
- lxc/list: Optimize filtering
- lxc/list_test: Rename state to inst
- lxc/list_test: Fix function signature
- lxc/list_test: Fix name filter
- lxc/list_test: Add state testing
- i18n: Update translation templates
- lxc/config: Add system-wide remotes
- lxc/remote: Add system-wide remotes
- lxc/info: Sort the mdev profiles
- lxc-to-lxd: Fix test (type always goes first)
- lxd/storage/drivers/driver/ceph/volumes: Don't ignore unmount/unmap failures in DeleteVolume
- doc: Remotes documentation
- i18n: Update translation templates
- test/suites/clustering: Retry removing node from database in test_clustering_remove_raft_node
- lxd/gpu/physical: Fix compute-only passthrough
- doc/instances: Mark mdev field as required
- lxd/db/profiles: Cleanup arg names and errors in GetProfiles
- lxd/api/internal: Adds internalImportRootDevicePopulate function
- lxd/api/internal/test: Add tests for internalImportRootDevicePopulate
- lxd/api/internal: Updates internalImport to use internalImportRootDevicePopulate
- lxd/storage/errors: Removes ErrNotImplemented
- lxd/storage/load: Return drivers.ErrNotSupported in GetPoolByInstance when storage pool doesn't support instance type
- lxd/storage/backend/lxd: drivers.ErrNotImplemented usage
- lxd/storage/backend/mock: drivers.ErrNotImplemented usage
- lxd/instance/drivers/driver/lxc: Check pool supports instance type in lxcCreate
- lxd/instance/drivers/driver/qemu: Check pool supports instance type in qemuCreate
- lxd/instance/drivers/driver/lxc: Use errors.Cause
- lxd/instance/drivers/driver/qemu: Use errors.Cause
- lxd/instance/drivers: Clearer pool load failure message
- lxd/backup: Clearer pool load failure message
- lxd/instance: Add revert package usage
- lxd/instance: Clearer error messages
- lxd/migrate/instance: storageDrivers.ErrNotImplemented usage
- test/suites/backup: Add tests for checking lxd import profile root disk support
- lxd/storage/backend/lxd: Check custom volume type is supported by storage pool
- cluster: Larger Timeout to find leader
- lxd/firewall/firewall/interface: Add NetworkSetup and remove feature specific network setup functions
- lxd/firewall/drivers/driver/consts: Add network firewall Opts
- lxd/firewall/drivers/drivers/nftables: Implement NetworkSetup and unexport per-feature setup functions
- lxd/firewall/drivers/drivers/xtables: Implement NetworkSetup and unexport per-feature setup functions
- lxd/network/driver/bridge: Switch to n.state.Firewall.NetworkSetup usage
- doc/instance: Fix escaping
- lxd/device/gpu: Add NVIDIA MIG support
- doc/instances: Add GPU MIG
- api: gpu_mig extension
- doc/projects: Sort config keys
- lxd/project: Add skipUnset
- lxd/project: Refactor instance counting
- api: project_usage
- shared/api: Add ProjectState
- lxd/project: Add getAggregateLimits
- lxd/project: Add GetCurrentAllocations
- lxd/projects: Add state endpoint
- client: Add GetProjectState
- lxc/project: Add info sub-command
- i18n: Update translation templates
- doc/rest-api: Add project state
- doc/rest-api: Refresh swagger YAML
- tests: Test for lxc project info
- client: Fixes GetContainerLogfiles and GetInstanceLogfiles
- doc/metadata: Adds remotes section
- lxd/firewall/drivers/drivers/xtables: errors.Wrapf usage
- lxd/firewall/drivers/drivers/xtables: Removes unused args from generateFilterIptablesRules
- lxd/firewall/drivers/drivers/xtables: Adds iptablesChainCreate and iptablesChainExists functions
- lxd/firewall/drivers/drivers/xtables: Moves NIC level security filtering rules into own chain
- shared/validate: Allow uppercase letters in PCI addresses
- shared/validate: Update unit tests for PCI addresses
- lxd/instance/drivers: Restrict virtiofs to Intel architectures
- lxd/device/disk: Restrict virtiofs to x86_64
- lxd/cluster: Don't copy all images on startup
- tests: Disable test_clustering_image_replication
- lxd/task: Add Hourly convenience function
- lxd/images: Use Hourly() in autoUpdateImagesTask
- lxd/firewall/firewall/interface: Adds delete and ipVersions slice args to NetworkClear
- lxd/network/driver/bridge: n.state.Firewall.NetworkClear usage in setup
- lxd/network/driver/bridge: firewall setup debug logging
- lxd/network/driver/bridge: n.state.Firewall.NetworkClear usage in Stop
- lxd/firewall/drivers/drivers/nftables: NetworkClear updated with new arguments
- lxd/firewall/drivers/drivers/xtables: Updates networkSetupNICFilteringChain to use network-specific chain
- lxd/firewall/drivers/drivers/xtables: Updates generateFilterIptablesRules to use network-specific chain
- lxd/firewall/drivers/drivers/xtables: No need to use LookPath in iptablesChainCreate
- lxd/firewall/drivers/drivers/xtables: Adds iptablesChainDelete function
- lxd/firewall/drivers/drivers/xtables: NetworkClear updated to add new arguments
- doc: Add aliases to snapshots.schedule
- api: snapshots_schedule_aliases
- lxd/util: Rework random functions
- lxd/instance: Move NextSnapshotName
- lxd/snapshot: Add snapshot aliases
- lxd: Use snapshot aliases
- lxd/operations: Fix possible NPE
- lxd/instance: Add startup snapshot
- shared/validate: Add IsCron validator
- tests: Add snapshot scheduling
- i18n: Update translations from weblate
- lxd/storage/drivers/driver/zfs/volumes: Only mount instance filesystem volumes in postHook for CreateVolumeFromBackup
- lxd/operations: Don't wait for tokens
- lxd/images: Run autoSyncImagesTask hourly
- lxd/db/images: Add GetImages
- lxd/images: Retrieve all images on sync
- lxd/images: Use CopyImage() in autoSyncImages
- lxd/daemon: Fix comment about autoSyncImages
- lxd: Sync images on cluster node removal
- lxd: Sync images when cluster.images_minimal_replica changes
- tests: Re-enable image replication tests
- lxd: Sync images on cluster node join
- lxd/images: Pick a random source node for replication
- lxd/operations: Export OperationClass type
- client: Fix copy of VM snapshots
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.12 リリースのお知らせ¶
5th of March 2021
はじめに ¶
LXD チームは LXD 4.12 のリリースをお知らせできることにとてもワクワクしています!
このリリースの目玉機能は間違いなく、ネットワーク ACL を導入したことです。現時点では、この機能は OVN ネットワークでのみ使えますが、すぐに普通の LXD ブリッジでも使えるようになるでしょう。
さらに、このリリースでは仮想マシンのステートフルな停止とスナップショット、新しい Ceph の設定オプション、そしてプロジェクト向けのたくさんの新機能も追加されています。
最後に LXD チームは、このリリースでの多数の LXD の新機能に取り組んでくれた Piotr Resztak に感謝の意を表したいと思います。
Enjoy!
新機能とハイライト ¶
ネットワーク ACL の初期サポート(OVN のみ) ¶
LXD はネットワーク ACL (access control list) の仕組みを持つようになりました。これを使って、ACL をいくつでも作成でき、それをネットワーク全体や特定のインスタンス NIC に割り当てられるようになりました。
各 ACL は、入出力のルールの組や、いくつかの設定を含む場合があります。
ACL は、トラフィックのソースとディスティネーションとしてお互いを参照でき、アドレスですべてをトラッキングするのではなく、インスタンスをラベリングし、ルール内でそれらのラベルを使うことができます。
例えば、3 つの ACL を持つネットワークがあるとします:
- default(ネットワークに対して適用)、一般的な外部サービス向けの外向きの通信を許可します
- web(Web サーバーに対して適用)、TCP 80/443 番ポートに対する内向きの通信を許可します
- database(データベースサーバーに対して適用)、
web内のサーバーから TCP 5432 番ポートに対する内向きの通信を許可します
この機能はすべて lxc network acl コマンドで設定でき、設定すると security.acls を使ってネットワークやインスタンスに割り当てられます。
この機能は現時点では OVN ネットワークでのみ使えます。LXD 4.13 では、いくつかの制限はあるかもしれませんが、xtables と nft ファイアウォールドライバーを使った、マネージドな LXD ブリッジにも拡張する予定です。
仮想マシンでのステートフルな停止とスナップショット ¶
LXD が仮想マシンの実行中の状態をディスクにダンプできるようになりました。この機能は lxc stop --stateful と lxc snapshot --stateful コマンドで実行できます。
ステートフルな停止の場合、VM の状態はディスクに書き出され、その後エミュレーターは停止します。再度 VM を実行したい場合は、単に lxc start と実行すると、VM の状態がリストアされ、停止した時点から実行が再開されます。
同様に、ステートフルなスナップショットは、スナップショット時点の VM の実行状態を記録します。lxc restore --stateful コマンドを使って、VM 実行時の状態も含めて、その VM をその時間に戻すことができます。
この機能は、特にホストの再起動前に実行中の VM を限定的に中断できるので便利です。また、lxc move を使ってこのような VM を再配置し、他のシステム上で停止していた所から処理を再開することもできます(現時点では全く同じ CPU が必要です)。
これらと同じメカニズムは近い将来、VM のライブマイグレーション機能を実現するために拡張される予定です。そして、ダウンタイムをさらに短縮し、VM を少し違う CPU に移動できるようにいくつかの制限を追加する予定です。
これを可能にするために、VM では migration.stateful を true に設定し、size.state を root ディスクデバイスに設定し、実行状態を保存するための追加スペースを確保しなければなりません。このモードでは、PCI パススルーと virtiofs は無効化されます。
プロジェクト内に制限された証明書 ¶
LXD のトラストストア内の特定の証明書を、特定のプロジェクトでのみ有効にできるようになりました。このように設定すると、制限された証明書は制限されたロールとなり、グローバルな設定に影響を与えるのを防いだり、プロジェクトの再設定を防いだりできます。
これは LXD で Canonical の RBAC サービスを通して operator ロールを取得しているのとほぼ同等です。
このような管理を行うために、新しいコマンドである lxc config trust edit と lxc config trust show を追加しました。lxc config trust add は --restricted と --projects が使えるように拡張されました。
プロジェクトレベルのサーバーの設定オプションサポート ¶
多数のグローバルな設定オプションがプロジェクト特有の値を持てるようになりました:
- images.compression_algorithm
- backups.compression_algorithm
- images.remote_cache_expiry
- images.auto_update_cache
これらをプロジェクト内に設定すると、グローバル設定のそれぞれの値が上書きされます。
プロジェクトでクラスターのターゲット指定を制限可能 ¶
4.12 で追加されたもうひとつのプロジェクト設定キーは restricted.cluster.target です。
これを設定すると、制限のかかったプロジェクト内の管理者以外のユーザーは、クラスターメンバーのターゲット指定(--target)が使えなくなります。その際でも、管理者にはそれが許可されていますので、手動でのクラスターのリバランスやノードの退避操作を行えます。
Ceph 機能の設定オプション ¶
新たに Ceph ストレージプール用の設定オプションが追加されました。ceph.rbd.features は新たなボリュームで有効にする RBD 機能のカンマ区切りのリストです。これは、これまではハードコードされていたデフォルト値の layering を置き換えます。そして、すべてのシステムでサポートされている場合に、最新の Ceph の機能を有効にできます。
lxd init --dump と --preseed でのプロジェクトサポート ¶
lxd init --dump は YAML 出力の一部としてプロジェクトを含むようになりました:
projects:
- config:
features.images: "true"
features.networks: "true"
features.profiles: "true"
features.storage.volumes: "true"
description: Default LXD project
name: default
- config:
features.images: "true"
features.profiles: "true"
features.storage.volumes: "true"
description: ""
name: demo
そしてこれにより、当然 lxd init --preseed にフィードバックして新しいサーバーを設定できます。
Initial auto-generated REST-API documentation¶
LXD は手動で更新されている REST API documentation の代わりに、API ドキュメントをゆっくり Swagger に移行しています。
現在はいくつかのエンドポイントのみをサポートしており、LXD 4.13 でこの作業が終えるつもりです。プレビューは https://dl.stgraber.org/swag-lxd/ でご覧になれます。
すべての変更点(翻訳なし) ¶
このリリースでの完全な変更点のリストは次のとおりです:
- containers: simplify wstatus.Close() logic in Exec()
- containers: reap zombies on attach failure
- seccomp: block openat2()
- lxd/instance/qemu/qmp: Add SendFile, Migrate and MigrateIncoming
- lxd/instance/qemu/qmp: Add ping function
- lxd/instance/qemu/qmp: Re-shuffle functions
- lxd/instance/qemu/qmp: Rework run() function
- lxd/instance/qemu/qmp: Update commands to use run()
- lxd/network/network/utils: Fixes InterfaceExists to not return true if arg is empty string
- lxd/device/nic/routed: Dont give sysctl read error when invalid value
- lxd/device/nic/ipvlan: Dont give sysctl read error when invalid value
- lxd/device/nic/ipvlan: network.InterfaceExists usage
- lxd/device/nic/ipvlan: Detach ipvlan interface back to random host name on stop, then delete
- lxd/db/instances: Adds ErrInstanceListStop that can be returned from InstanceList to stop search
- shared/validate/validate: Adds IsNetworkRange and IsNetworkAddressCIDR functions
- shared/validate/validate: Adds IsNetworkPort and IsNetworkPortRange functions
- lxd/util/config: Adds SplitNTrimSpace function
- lxd/util/config: Avoid unnecessary allocations in CopyConfig
- api: Adds network_acl extension
- shared/api/network/acl: Adds shared struct types for Network ACLs
- shared/api/network/acl: Adds rule Normalise function
- lxd/db/cluster: Adds networks_acls and networks_acls_config tables
- lxd/db/network/acls: Adds GetNetworkACL function
- lxd/db/network/acls: Adds CreateNetworkACL function
- lxd/db/network/acls: Adds GetNetworkACLs function
- lxd/db/network/acls: Adds UpdateNetworkACL function
- lxd/db/network/acls: Adds RenameNetworkACL function
- lxd/db/network/acls: Adds DeleteNetworkACL function
- lxd/network/acl: Adds ACL package for managing Network ACLs
- lxd: Add network-acls API hooks
- lxd/network/acls: Implements networkACLGet function
- lxd/network/acls: Implements networkACLsPost function
- lxd/network/acls: Implements networkACLsGet function
- lxd/network/acls: Implements networkACLPut function
- lxd/network/acls: Adds PATCH support to networkACLPut
- lxd/network/acls: Implements networkACLPost function
- lxd/network/acls: Implements networkACLDelete function
- client/interfaces: Adds CreateNetworkACL
- client/interfaces: Adds GetNetworkACLs
- client/interfaces: Adds GetNetworkACL
- client/interfaces: Adds UpdateNetworkACL
- client/interfaces: Adds RenameNetworkACL
- client/interfaces: Adds DeleteNetworkACL
- client/interfaces: Adds GetNetworkACLNames
- client/lxd/network/acls: Implements CreateNetworkACL function
- client/lxd/network/acls: Implements GetNetworkACLs function
- client/lxd/network/acls: Implements GetNetworkACL function
- client/lxd/network/acls: Implements UpdateNetworkACL function
- client/lxc/network/acls: Implements RenameNetworkACL function
- client/lxd/network/acls: Implements DeleteNetworkACL function
- client/lxd/network/acls: Implements GetNetworkACLNames function
- lxc/network: Registers acl subcommand from network command
- lxc/network/acl: Add network acl command section
- lxc/network/acl: Adds cmdNetworkACLCreate command
- lxc/network/acl: Adds cmdNetworkACLList command
- lxc/network/acl: Adds cmdNetworkACLGet and cmdNetworkACLShow commands
- lxc/network/acl: Adds cmdNetworkACLSet command
- lxc/network/acl: Adds cmdNetworkACLUnset command
- lxc/network/acl: Adds cmdNetworkACLEdit command
- lxc/network/acl: Adds cmdNetworkACLRename command
- lxc/network/acl: Adds cmdNetworkACLDelete command
- lxc/network/acl: Adds cmdNetworkACLRule subcommand with add/remove rule commands
- doc/rest-api: Adds network ACL endpoint docs
- test: Adds network ACL tests
- doc/network-acls: Adds Network ACLs documentation
- i18n: Update translation templates
- lxd/network/driver/ovn: Uplink loading error improvements
- lxd/device/nic/sriov: network.InterfaceExists usage
- lxd/network/network/utils: InterfaceExists usage in InterfaceBindWait
- lxd/device/nic/sriov: Use random VF MAC if VF has no automatic MAC set
- lxd/instance/qemu: Rework lxd-agent startup
- lxd/device/disk: Validate that the pool is not pending
- api: migration_stateful
- shared: Add migration.stateful
- doc/instance: Add migration.stateful
- lxd/instance/qemu: Add migration.stateful support
- lxd/device: Add migration.stateful support
- lxd/instance/qemu: Add checks for migration.stateful
- api: disk_state_quota
- doc/instances: Add size.state
- lxd/storage: Add support for size.state
- lxd/api: Port to updated SetInstanceQuota
- lxd/device/disk: Add support for size.state
- lxd/instance: Prevent stateful snapshots of VMs
- lxd/instance/qemu: Add stateful stop/start
- doc: Drop API extension columns
- api: storage_ceph_features
- lxd/storage: Add ceph.rbd.features
- doc/storage: Add ceph.rbd.features
- scripts/bash: Add ceph.rbd.features
- doc: Fix bad Github action link
- lxd/instance/qemu/qmp: Switch back to upstream repo
- lxd/device/device/interface: Adds Type interface for accessing type specific functions of a device
- lxd/device/device/common: UpdatableFields signature change
- lxd/device/nic/bridged: UpdatableFields signature change
- lxd/device/nic/p2p: UpdatableFields signature change
- lxd/device/nic/routed: UpdatableFields signature change
- lxd/device/disk: UpdatableFields signature change
- lxd/device/device/load: Adds newByType and LoadByType functions
- lxd/instance/drivers: UpdatableFields usage
- lxd/device/device/utils/network: Changes veth route functions to not depend on device specific logic
- lxd/device/nic/bridged: Switches to use NIC type agnostic route helper functions
- lxd/device/nic/p2p: Switches to use NIC type agnostic route helper functions
- lxd/instance/drivers/driver/common: Update comment for deviceVolatileReset to match
- lxd/instance/drivers/driver/lxc: Removes deviceResetVolatile provided by common
- lxd/instance/drivers/driver/qemu: Removes deviceResetVolatile provided by common
- lxd/instance/drivers: d.deviceVolatileReset usage
- doc/preseed: LXD is pronounced lex-dee
- doc/api-extensions: LXD is pronounced lex-dee
- tests: Typo fix
- lxd/storage: LXD is pronounced lex-dee
- lxd/firewall: LXD is pronounced lex-dee
- lxd/network: LXD is pronounced lex-dee
- lxd/api: LXD is pronounced lex-dee
- lxd/device: LXD is pronounced lex-dee
- lxd/storage/utils: Updates VolumeUsedByExclusiveRemoteInstancesWithProfiles to use db.ErrInstanceListStop
- lxd/network/network/utils: Adds optimisation to UsedBy when firstOnly is true
- lxd/network/network/utils: Removes whitespace trimming from SubnetParseAppend
- lxd/api/project: Updates projectValidateRestrictedSubnets to use util.SplitNTrimSpace
- lxd/network/driver/ovn: Switch to util.SplitNTrimSpace
- lxd/device/nic/ovn: Updates usage of network.SubnetParseAppend to use util.SplitNTrimSpace
- lxd/network/acl/acl/load: Adds Exists function
- lxd/network/acl/acl/load: Adds UsedBy function
- lxd/network/acl/driver/common: Updates usedBy to use UsedBy
- lxd/network/driver/ovn: Adds OVNInstanceNICSetupOpts and OVNInstanceNICOpts types
- lxd/network/driver/ovn: InstanceDevicePortAdd updated arguments
- lxd/network/driver/ovn: InstanceDevicePortDelete updated arguments
- lxd/network/driver/ovn: n.InstanceDevicePortAdd usage
- lxd/device/nic/ovn: ovnNet update of arguments
- lxd/device/nic/ovn: d.network.InstanceDevicePortAdd and d.network.InstanceDevicePortDelete usage
- lxd/network/openvswitch/ovn: Converts LogicalSwitchPortExists to LogicalSwitchPortUUID
- lxd/network/openvswitch/ovn: Converts string UUID variables to their own dedicated types
- lxd/network/driver/ovn: Updates usage of OVN UUID types
- lxd/network/driver/ovn: client.LogicalSwitchPortUUID usage
- lxd/network/driver/ovn: Adds DNSName to OVNInstanceNICStartOpts
- lxd/network/driver/ovn: Updates InstanceDevicePortAdd with opts.DNSName field name change
- lxd/network/driver/ovn: Updates InstanceDevicePortAdd with opts.DNSName field name change in handleDependencyChange
- lxd/device/nic/ovn: Updates use of d.network.InstanceDevicePortAdd with DNSName
- utils: trim whitespace from block device UUID
- lxd/storage/drivers/btrfs: Add up fs and block quota for VMs
- lxd/storage/drivers/dir: Pass int64 size to setQuota
- lxd/storage/drivers/dir: Add up fs and block quota for VMs
- shared/validate/validate: Add IsCompressionAlgorithm
- lxd/projects: Add backups.compression_algorithm and images.compression_algorithm
- lxd/cluster: Update compression validation
- lxd/images: Add checks for images.compression_algorithm
- lxd/backup: Add checks for backups.compression_algorithm
- doc/projects: Add backups.compression_algorithm and images.compression_algorithm
- api: projects_compression
- lxd/instance: Move CreateInternal
- lxd/instance/drivers: Rename restart to restartCommon
- lxd/instance/drivers: Move snapshot creation to the driver
- lxd/network/network/utils: Converts UsedBy to use InstanceList function
- lxd/network/network/utils: Changes isInUseByDevices to isInUseByDevice
- lxd/network/network/utils: Adds usedByInstanceDevices function
- lxd/device/nic/ovn: Removes non-ovn related limit code, use network.InterfaceExist
- lxd/network/driver/ovn: Removes unnecessary calls to CloneNative in ovnNICExternalRoutes
- lxd/instance/qemu: Add restoreState
- lxd/instance/qemu: Add saveState
- lxd/instance/qemu: Add stateful snapshot
- lxd/db: Fix bad indent
- lxd/db: Fix projects_used_by_ref for remote storage
- lxd/cluster: Guarantee single hearbeat loop
- doc/rest-api: Fix and clarify backup API
- lxd/cluster: Improve heartbeat logging
- lxd/api: Don't use potentially nil struct
- lxd/init: Better error on invalid auto-detect fan underlays
- doc/rest-api: More fixes for backups
- lxd: Remove ReadToJSON
- lxd/db: Fix RenameCertificate
- lxd/certificate: Modernize DB handling
- lxd/certificate: Rework cache
- lxd/projects: Add images.remote_cache_expiry
- lxd/db/images: Changes GetExpiredImages to GetExpiredImagesInProject
- lxd/images: Support images.remote_cache_expiry per-project
- doc/projects: Add images.remote_cache_expiry
- api: projects_images_remote_cache_expiry
- doc/backup: Mention subuid/subgid
- lxd/db/certificates: Fix bad error handling
- api: certificate_project
- shared/api: Add restricted and projects to certificate
- lxd/db: Add support for restricted certificates
- lxd/certificates: Add support for restricted and projects
- lxd/daemon: Add TLS permission checks
- doc/security: Cover TLS restrictions
- lxc/config/trust: Add Edit
- lxc/config/trust: Add Show
- i18n: Update translation templates
- tests: Validate TLS restrictions
- lxd/instance/drivers/driver/lxc: Log when skipping volume delete in a recovery import scenario
- lxd/api/internal: Don't create .importing file when performing a backup import in internalImport
- lxd/api/internal: internalImport usage
- lxd/instance/instance/utils: CreateInternal usage of revert package
- lxd/instances/post: internalImport usage
- lxd/network/network/utils: Reorder UsedBy logic to do cheapest searches first
- lxd/db/network/acls: Makes slice allocation more efficient in GetNetworkACLs
- lxd/db/network/acls: Adds GetNetworkACLIDsByNames function
- lxd/network/openvswitch/ovn: Adds PortGroupUUID function
- lxd/network/openvswitch/ovn: Adds PortGroupAdd function
- lxd/network/openvswitch/ovn: Adds PortGroupMemberAdd function
- lxd/network/openvswitch/ovn: Adds OVNACLRule struct type
- lxd/network/openvswitch/ovn: Adds PortGroupSetACLRules function
- lxd/network/openvswitch/ovn: Adds PortGroupDelete function
- lxd/network/openvswitch/ovn: Adds LogicalSwitchSetACLRules function
- lxd/network/openvswitch/ovn: Adds PortGroupMemberDelete function
- lxd/network/acl/acl/ovn: Adds OVN ACL helper functions
- lxd/network/acl: Adds support for using state when creating ACL record
- lxd/network/acl/acl/load: Updates UsedBy to allow searching for multiple ACLs in one pass
- lxd/network/acl/driver/common: Updates usedBy to use updated UsedBy helper function
- lxd/network/acl/driver/common: Makes Update apply new ACL rules to OVN port groups and instance ports
- lxd/network/driver/ovn: Applies baseline network ACL rules in setup via acl.OVNApplyNetworkBaselineRules
- lxd/network/driver/ovn: Adds SecurityACLs and SecurityACLsRemove to OVNInstanceNICStartOpts
- lxd/network/driver/ovn: Adds Security ACL support to InstanceDevicePortAdd
- lxd/network/driver/ovn: Adds PortGroupDeleteIfUnused to remove unused ACL port groups
- lxc/network/driver/ovn: Adds support for security.acls assigned to OVN networks
- lxd/device/nic: Adds security.acls optional field
- lxd/device/nic/ovn: Adds security.acls support for OVN NICs
- doc/metadata: Adds Network ACL left menu item section
- api: Adds network_ovn_acl extension
- doc: Adds security.acls property to OVN networks and NICs
- tests: Reword deadcode
- lxd/db: Remove unused code
- shared/log15: Remove dead code
- lxd/network/acl: Remove unused code
- lxd/storage/drivers/driver/btrfs: Unset pool size setting during creation if not relevant
- lxd/storage/drivers/driver/btrfs: Consisent error quoting in Create
- lxd/storage/pools/config: Consistent error quoting in storagePoolValidateConfig
- driver_lxc: pass flags to shiftfs mount
- lxd/network/driver/bridge: Ensure that DHCP firewall rules are added in fan mode
- lxd/network/driver/ovn: Don't delete port groups if their associated ACLs are referenced by rules in other ACLs
- lxd/network/acl/acl/ovn: Adds OVNEnsureACLs function and unexports ovnApplyToPortGroup
- lxd/network/acl/driver/common: Switch Update to use OVNEnsureACLs
- lxd/network/driver/ovn: Switch setup to use OVNEnsureACLs
- lxd/network/driver/ovn: Switch InstanceDevicePortAdd to use OVNEnsureACLs
- Makefile: Add update-api
- shared/api: Label Server structs
- lxd: Setup API metadata
- lxd: Add / and /1.0 to swagger
- tests: Update deadcode for swagger
- doc: Include initial YAML version of rest-api
- lxd/certificates: Add to swagger
- shared/api: Label Certificate structs
- doc/rest-api/swagger: Update for certificates
- lxd/storage/drivers/utils: Comment clarify in BlockDiskSizeBytes
- lxd/network/openvswitch/ovn: Renames PortGroupUUID to PortGroupInfo
- lxd/network/acl/acl/ovn: client.PortGroupInfo usage
- lxd/network/driver/ovn: client.PortGroupInfo usage
- lxd/network/acl/acl/ovn: Refactors OVNEnsureACLs to be smarter in how it sets up referenced ACLs
- lxd/network/driver/ovn: Don't check if port group exists when removing port member in InstanceDevicePortAdd
- lxd/resources/storage: Rework block size handling
- Updated instanceLogDelete function
- lxd/device/disk: Tweak mkisofs flags
- lxd/init: Add projects to dump/init preseed
- lxd/network/driver/ovn: Consistently use aclNameIDs var name
- lxd/instance/post: Update instancePostClusteringMigrate to respect instance's project
- lxd/instance/backup: Makes returned containers resource conditional on instance type
- lxd/instance/console: Conditional containers resources
- lxd/instance/delete: Updates instanceDelete to use inst var and makes returned containers resources conditional on instance type
- lxd/instance/exec: Makes containers resources conditional on instance type
- lxd/instance/post: Renames c to inst and makes containers resources conditional on instance type
- lxd/instance/put: Renames c to inst and makes containers resources conditional on instance type
- lxd/instance/snapshot: Renames sc to snapInst and makes containers resources conditional on instance type
- lxd/instances/post: Makes containers resources conditional on instance type
- lxd/device/nic/ovn: Clearer error message in validateConfig
- lxd/network/openvswitch: Centralises DB OVN connection string retrieval in NewOVN
- lxd/network/driver/ovn: openvswitch.NewOVN usage
- lxd/network/acl/driver/common: openvswitch.NewOVN usage
- lxd/network/acl/acl/ovn: Adds OVNPortGroupDeleteIfUnused
- lxd/network/driver/ovn: Removes PortGroupDeleteIfUnused and acl.OVNPortGroupDeleteIfUnused usage
- lxd/device/nic/ovn: acl.OVNPortGroupDeleteIfUnused usage
- lxd/network/acl/driver/common: Calls OVNPortGroupDeleteIfUnused during Update
- lxd/network/acl/acl/load: Only return unique list of ACLs when matching on ACL rulesets in UsedBy
- lxd/network/acl/acl/ovn: Create referenced ACL port groups when reapplying rules from an existing ACL
- doc/rest-api: Updates backup endpoint docs
- lxd/cluster: Don't warn about pending nodes
- lxd/instances: Fix instance copy within project
- netutils: improve file descriptor retrieval and increase robustness
- lxd/cluster: Remove AutoUpdateInterval and RemoteCacheExpiry
- lxd/daemon: Add daemon startTime variable, remove taskAutoUpdate
- lxd/instances/post: Support images.auto_update_cached per-project
- lxd/api: Remove taskAutoUpdate reset
- lxd/projects: Add images.auto_update_cached and images.auto_update_interval
- lxd/images: Support images.auto_update_interval per-project
- api: projects_images_auto_update
- doc/projects: Add images.auto_update_cached and images.auto_update_interval
- Update for Go 1.17 go:build tags
- lxd/api: Add project and target arguments to doc
- shared/api: Add comments to certificate fields
- shared/api: Add comments to server fields
- lxd/resources: Add swagger documentation
- shared/api: Label Resources structs
- doc/rest-api: Refresh swagger YAML
- doc/projects: Projects aren't restricted by default
- lxc/config/trust: Allow restricting on add
- i18n: Update translation templates
- lxd/storage/drivers/util: Updates ensureVolumeBlockFile to add unsupportedResizeTypes argument
- lxd/storage/drivers/driver/btrfs/volumes: Updates CreateVolume with ensureVolumeBlockFile comments
- lxd/storage/drivers/driver/btrfs/volumes: Updates SetVolumeQuota to pass VolumeTypeImage to ensureVolumeBlockFile
- lxd/storage/drivers/driver/dir/volumes: Comment improvement in CreateVolume
- lxd: improve unix fd retrieval infrastructure
- lxd/db: Don't fail preparing statements for activateifneeded
- unixfd: vet all parameters
- lxd/internal: Don't access undefined fields
- tests: Fix project limits on arm64
- doc/README: Drop readthedocs
- lxd/network/acl/acl/load: Adds NetworkUsage function
- lxd/network/acl/driver/common: Adds ruleSubjectInternal and ruleSubjectExternal constants
- lxd/network/acl/driver/common: Updates validateRule to allow ruleSubjectInternal and ruleSubjectExternal values
- lxd/network/openvswitch/ovn: Updates LogicalSwitchDelete to delete associated port groups
- lxd/network/openvswitch/ovn: Adds setACLRules to more efficiently set multiple rules in one command
- lxd/network/openvswitch/ovn: Updates LogicalSwitchSetACLRules to use o.setACLRules
- lxd/network/openvswitch/ovn: Updates PortGroupAdd to support associating to a project and optionally another port group and/or logical switch
- lxd/network/openvswitch/ovn: Updates PortGroupDelete to support multiple specified port groups
- lxd/network/openvswitch/ovn: Updates PortGroupSetACLRules to use o.setACLRules
- lxd/network/openvswitch/ovn: Replaces PortGroupMemberAdd and PortGroupMemberDelete with PortGroupMemberChange
- lxd/network/openvswitch/ovn: Adds PortGroupListByProject function
- lxd/network/openvswitch/ovn: Use constants for OVN external IDs
- lxd/network/acl/acl/ovn: Adds ovnACLPortGroupPrefix constant
- lxd/network/acl/acl/ovn: Adds helper functions for entity name generation
- lxd/network/acl/acl/ovn: Updates ovnAddReferencedACLs to ignore ruleSubjectInternal and ruleSubjectExternal values
- lxd/network/acl/acl/ovn: Updates ovnApplyToPortGroup and associated functions to support network specific port group ACL rules
- lxd/network/acl/acl/ovn: Removes trailing space in generated rule in OVNApplyNetworkBaselineRules
- lxd/network/acl/acl/ovn: Comment improvements
- lxd/network/acl/acl/ovn: Updates OVNEnsureACLs to support applying network specific port group rules
- lxd/network/acl/acl/ovn: Adds OVNPortGroupInstanceNICSchedule helper function
- lxd/network/acl/acl/ovn: Updates OVNPortGroupDeleteIfUnused to delete unused per-ACL-per-network port groups
- lxd/network/acl/driver/common: Updates to use NetworkUsage and pass list of networks using ACL to OVNEnsureACLs
- lxd/network/driver/ovn: Updates OVN driver to use helper functions from ACL package rather than duplicate logic
- lxd/network/driver/ovn: Create internal port group for instance NICs on setup
- lxd/network/driver/ovn: acl.OVNEnsureACLs and client.PortGroupMemberChange usage
- lxd/network/driver/ovn: client.PortGroupAdd usage in setup
- lxd/network/acl/driver/common: Adds support for default.logged and default.action ACL config properties
- doc/network/acls: Documents default.logged and default.action ACL config properties
- lxd/network/acl/acl/ovn: Adds support for default.logged and default.action
- lxd/network/acl/driver/common: Adds reject support
- lxd/network/acl/acl/ovn: Allow IPv4 IGMP and IPv6 MLD reports in network baseline rules
- lxd/network/acl/acl/ovn: Add network baseline rules to allow reject packets from ACL reject rules
- lxc/remote: Update working to line up with project
- i18n: Update translation template
- lxd/profiles: Add to swagger
- shared/api: Label Profiles structs
- lxd/projects: Add to swagger
- shared/api: Label Projects structs
- lxd/events: Add to swagger
- shared/api: Label Events structs
- lxd/networks: Add to swagger
- shared/api: Label Networks structs
- shared/api: Hide API extensions from swagger
- doc/rest-api: Refresh swagger YAML
- lxd/device/gpu: Optimize setupSriovParent
- lxd/device: Save parent PCI address for GPU SR-IOV
- lxd/network/network/utils/sriov: Refactors SRIOVFindFreeVirtualFunction and sriovGetFreeVFInterface
- lxd/network/network/utils/sriov: Modifies sriovGetFreeVFInterface to check a VF is down and has no IPs before considering it available
- shared/validate/validate: Adds IsInterfaceName function
- lxd/network/network/utils: Removes validInterfaceName function
- lxd/network/driver: validate.IsInterfaceName usage
- lxd/device/nic: Validate that NIC name property is valid interface name
- lxd/device/nic: Adds nicCheckNamesUnique function
- lxd/device/nic: Updates nicValidationRules to accept a instance.ConfigReader argument and use nicCheckNamesUnique
- lxd/device: nicValidationRules usage
- lxd/device: Return -1 if all VFs are in use
- lxd/device: Support multiple GPUs for SR-IOV
- shared/api/cluster: Architecture is a read-only field
- lxd/network_acls: Add to swagger
- shared/api: Label Network ACLs structs
- lxd/cluster: Add to swagger
- shared/api: Label Cluster structs
- doc/rest-api: Refresh swagger YAML
- lxd/network/network/utils/sriov: Don't fail when missing vfListPath in sriovGetFreeVFInterface
- shared/util: Add GetStableRandomInt64FromList
- lxd/db/images: Add AutoUpdate filter
- lxd/vsock: Better handle errors
- lxd/db/images: Add helper functions
- docs: typo on JSON schema
- lxd/vsock: Retry timeouts once
- lxd/db: Set nodes.id to auto-increment
- lxd/images: Fix auto image updates
- lxd: Add internal endpoints for updates
- test/suites: Test image refresh in cluster
- i18n: Update translations from weblate
- lxd/images: Properly spread replicated images
- lxd/project: Add CheckClusterTargetRestriocion
- lxd/projects: Add restricted.cluster.target
- lxd: Support for restricted.cluster.target
- api: projects_restricted_cluster_target
- doc/projects: Add restricted.cluster.target
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.11 リリースのお知らせ¶
5th of February 2021
はじめに ¶
LXD チームは LXD 4.11 のリリースをお知らせできることにとてもワクワクしています!
このリリースはかなり機能的なリリースで、たくさんの新しい API 機能や、ネットワーク設定、仮想マシンで使用するための新しいデバイスが追加されました。
Enjoy!
新機能とハイライト ¶
インスタンスの状態を一括で変更する API ¶
新しい API が PUT /1.0/instances として追加されました。これによりターゲットのプロジェクト内のすべてのインスタンスの状態を更新できます。
簡単に、次のように行うと:
{"state": {
{"action": "restart"}
}
LXD は並列でプロジェクト内のすべてのインスタンスを再起動します。
これは、--all フラグを指定すると、コマンドラインユーティリティ自身に一括操作を行わせるのではなく、lxc start/stop/restart/pause コマンドで自動的に使われるようになりました。
ダイナミックな vlan 設定のための GVRP サポート ¶
physical、macvlan、ipvlan、routed ネットワークに、新たに gvrp プロパティを追加しました。有効にすると、親ポートの VLAN 設定を広報するように Linux に指示し、適切に設定されたスイッチがそれに応じて VLAN テーブルとポートのメンバーシップを更新できるようにします。
サーバーサイドのインスタンスストレージプールマイグレーション ¶
新たに pool フィールドを POST /1.0/instances/NAME のマイグレーション API に追加しました。
これでストレージプール間で完全にサーバーサイドでインスタンスの移行を行うことができます。
これまでは同じことを行うには、クライアントから一時的なコピー+削除操作が必要でした。
これは、最新の LXD サーバーで新しい API を自動的に使う lxc move NAME --storage TARGET とも統合されました。
ボリューム利用 API ¶
新たな API として GET /1.0/storage-pools/POOL/volumes/TYPE/VOLUME/state を追加しました。これはボリュームのディスク使用状況を取得します。
LXD はこれまでもずっとこの情報を持っていました。しかし、これまではインスタンスにボリュームがアタッチされているときのみ、インスタンスの状態を取得することで、この情報にアクセスできました。
新たな lxc storage volume info コマンドを、この API に問い合わせを行うために追加しました。
さらに、lxc storage volume list が拡張されました。カスタマイズできるカラムがサポートされ、ボリュームサイズを表示するための新たなオプションカラムが追加されました(一部のストレージドライバーでは、API 呼び出しのコストが高くなる可能性があるためです)。
この結果、このような表示になります:
stgraber@castiana:~$ lxc storage volume list default -ctncuU +-----------------+------------------------------------------------------------------+--------------+---------+----------+ | TYPE | NAME | CONTENT-TYPE | USED BY | USAGE | +-----------------+------------------------------------------------------------------+--------------+---------+----------+ | container | lxd-build | filesystem | 1 | 2.67GB | +-----------------+------------------------------------------------------------------+--------------+---------+----------+ | container | lxd-build-focal | filesystem | 1 | 1.32GB | +-----------------+------------------------------------------------------------------+--------------+---------+----------+ | container | metrics | filesystem | 1 | 709.67MB | +-----------------+------------------------------------------------------------------+--------------+---------+----------+ | container | snapcraft-lxd | filesystem | 1 | 6.61GB | +-----------------+------------------------------------------------------------------+--------------+---------+----------+ | container | snapcraft-lxd-bgp | filesystem | 1 | 1.49GB | +-----------------+------------------------------------------------------------------+--------------+---------+----------+ | container | steam | filesystem | 1 | 11.13GB | +-----------------+------------------------------------------------------------------+--------------+---------+----------+ | custom | backups | filesystem | 1 | 98.30kB | +-----------------+------------------------------------------------------------------+--------------+---------+----------+ | custom | images | filesystem | 1 | 5.83GB | +-----------------+------------------------------------------------------------------+--------------+---------+----------+ | image | b31b2d483586fd143e4081b292179330235d081e923db39f7f864db2e1f4045d | block | 1 | | +-----------------+------------------------------------------------------------------+--------------+---------+----------+ | image | bb0c2a5d24b424943154f0a16d909a84a394378c567f950159b2d58f06960cbe | block | 1 | | +-----------------+------------------------------------------------------------------+--------------+---------+----------+ | virtual-machine | cgroup2 | block | 1 | 2.96GB | +-----------------+------------------------------------------------------------------+--------------+---------+----------+ | virtual-machine | ubuntu-desktop | block | 1 | 2.40GB | +-----------------+------------------------------------------------------------------+--------------+---------+----------+ | virtual-machine | win10 | block | 1 | 9.14GB | +-----------------+------------------------------------------------------------------+--------------+---------+----------+
SR-IOV GPU のサポート(VM のみ) ¶
新たに sriov の gputype がサポートされました。
これは SR-IOV をサポートするいくつかのレアな GPU でのみ動きます。しかし、幸運にも適切なホストドライバーを持つ GPU を持っている場合は、次のように実行できます:
lxc config device add NAME my-gpu gpu gputype=sriov pci=ADDR
親 GPU のアドレスを使うと、LXD は自動的に未使用な VF を見つけ、GPU としてそれを VM に与えます。
PCI デバイスタイプ(VM のみ)¶
LXD に新しい pci デバイスタイプが追加されました。仮想マシンに任意の PCI デバイスを渡すことができるようになりました。
このようなデバイスを扱う場合は nic または gpu の SR-IOV を使う方が望ましいです。しかし、この機能により使いたい PCI ストレージデバイス、FPGA、その他の任意の PCI デバイスを渡すことができるようになりました。
ISO イメージを CD-ROM として公開(VM のみ) ¶
LXD の仮想マシン内に Windows をインストールする際の問題をいくつか回避するため、ISO イメージを検出し、自動的に仮想マシンに CD-ROM としてアタッチするロジックを追加しました。
これはインストールソースとターゲットが何であるのかという混乱を回避します。そして、最近 distrobuilder で Windows ISO イメージの再パッキングがサポートされましたので、それと組み合わせたときに LXD 仮想マシン内に Windows をインストールすることを格段に簡単にします。
lxc manpage コマンドの拡張 ¶
lxc manpage コマンドが --format オプションをサポートしました。これによりヘルプページを次のフォーマットでエクスポートできるようになりました:
- man(デフォルト、これまでの動き)
- md (markdown)
- rest (REStructured Text)
- yaml
私たちは、ヘルプページをウェブサイトで利用できるようにするために Markdown 出力を使う予定です。
すべての変更点(翻訳なし) ¶
このリリースでの完全な変更点のリストは次のとおりです:
- client: Fix output of GetClusterMemberNames
- openvswitch/ovs.go: Simplify return in Installed method
- rbac/server.go: Sleep for seconds instead of nanoseconds
- lxd/instance/drivers/driver/qemu: Updates SaveConfigFile to return nil
- lxd/api/internal: Updates internalImportFromRecovery to call inst.SaveConfigFile
- test/suites/backup: Adds test to check exec works after recovery of running container
- cluster/raft/file_snapshot.go: defer after checking error
- lxd/storage/drivers/driver/cephfs/volumes: Updates RenameVolume newName arg to newVolName to bring inline with other drivers
- lxd/storage/drivers/driver/ceph/volumes: Fix UnmountVolume to actually deactivate VM block volumes
- lxd/storage/drivers/driver/ceph/volumes: Fix RenameVolume to also rename FS volume for VM volumes
- test/suites/container/devices/nic/bridged: Adds port isolation feature test
- lxc/network: Adds support for attaching instance to a managed network using
networkproperty - test/suites/container/devices/proxy: Ensure ipv6 nat tests use a network with stateful DHCPv6 enabled
- test/suites/network: Updates static IPv6 allocation test to actually test stateful DHCPv6
- test/suites/container/devices/nic/bridged: Improve validation of DHCPv6 allocation
- lxc/query: Prevent using --project
- i18n: Update translation templates
- lxd/utils: Compare all addresses from lookup in IsAddressCovered, lxc#8340
- lxd/resources: Support DMI for CPU information
- lxd/device/nic/routed: Ensure IP neighbour proxy entries are removed on stop
- lxd/device/nic/routed: Adds duplicate address detection
- lxd/device/disk: Validate size field properly
- lxd/device/nic/bridged: Only attempt to release DHCP leases if bridge interface exists
- lxd/device/nic/bridged: Improve error context prefix in networkClearLease
- lxd/device/nic/bridged: Use %q for error quoting in networkClearLease
- lxd/device/nic/bridged: Improve error context prefix in State
- lxd/instance: Fix progress on ceph instance move
- lxd/storage/backend/lxd: Use volume config in UpdateInstanceBackupFile so that volume.block.filesystem setting is used
- lxd/storage/drivers/utils: Adds filesystem being used to TryMount error
- lxd: Smarter handling of volatile keys in projects
- lxd/project: Strip volatile on copy/migrate
- tests: Update project restrictions test
- lxd/instance/drivers/driver/lxc: Copy parent volume config to snapshot volume config in lxcCreate
- lxd/instance/drivers/driver/qemu: Copy parent volume config to snapshot volume config in qemuCreate
- lxd/instance/drivers/driver/lxc: Umount instance after CRIU state path check in Restore
- lxd/instance/drivers/driver/lxc: Avoid duplicated call to UpdateBackupFile in Restore
- lxd/instance/drivers/driver/lxc: Log instance restarting after snapshot restore
- lxd/instance/drivers/driver/lxc: Always run UpdateBackupFile in Update
- lxd/instance/drivers/driver/qemu: Removes unnecessary call to UnmountInstance in Restore
- lxd/instance/drivers/driver/qemu: Remove unnecessary call to UpdateBackupFile
- lxd/instance/drivers/driver/qemu: Log instance restarting after snapshot restore
- doc/rest-api: Fix typo
- doc/rest-api: Fix missing escaping
- lxd/instance: Tweak error and resource links
- api: Adds support for bulk instance state change.
- shared/api: Adds support for bulk instance state change.
- doc: Adds doc for bulk instance state change endpoint.
- lxd: Adds support for bulk instance state change.
- client: Adds support for bulk instance state change.
- lxc: Adds support for bulk instance state change.
- lxd: Process bulk action in parallel
- test/suites/snapshots: Adds snapshot block.filesystem config check for LVM & Ceph
- lxd/instances: Reduce code duplication
- shared/api: Change mass update API
- lxc/action: Update to new InstancesPut
- lxd/instances: Update to new bulk API
- doc/rest-api: Update for new bulk API
- client: Re-order functions
- lxd: Rename container functions
- lxd/instance_state: Simplify
- lxd/instance: Refactor state handling
- lxd/instances_state: Simplify logic
- lxd/instance/drivers: Move ephemeral restart logic
- lxd/vm: Expose ISO images as SCSI cdroms
- lxd/storage: Cleanup CreateInstanceFromCopy
- lxd/storage/utils: Updates VolumeDBCreate to accept volume and content type typed arguments
- lxd/storage/backend/lxd: Error quoting and wrapping
- lxd/storage/backend/lxd: Expand argument type in updateVolumeDescriptionOnly
- lxd/storage/backend/lxd: VolumeDBCreate updated usage
- api: Adds network_gvrp extension
- doc: Adds gvrp option for selected networks and instance NICs
- lxd/network/network/utils: Adds GVRP support to VLANInterfaceCreate
- lxd/network: Adds GVRP support to macvlan and physical networks
- lxd/device/device/utils/network: Adds GVRP support to networkCreateVlanDeviceIfNeeded
- lxd/device/nic: Adds GVRP support to ipvlan, macvlan, physical and routed NICs
- lxd/network: Add check for overlapping ovn.ranges and dhcp.ranges
- lxd/db/instances: Improve error message from CreateInstanceConfig
- lxd/instance/drivers/driver/common: Adds insertConfigkey function
- lxd/instance/drivers/driver/lxc: Updates FillNetworkDevice to use d.insertConfigkey
- lxd/instance/drivers/driver/qemu: Updates FillNetworkDevice to use d.insertConfigkey
- lxc/instance/drivers/driver/common: Removes empty value check from insertConfigkey
- lxd/instance/drivers: Detect failed volatile key generation
- lxd/instance/drivers/driver/lxc: Fix volatile config key scoping issue in FillNetworkDevice
- lxd/network/driver/bridge: Only validate non-overlapping DHCPv6 ranges with OVN ranges when stateful DHPCv6 being used
- lxd/instance/drivers/driver/common: Prevent existing row check from wiping out desired key value in insertConfigkey
- lxd/instance/drivers: More checks and error contexts in FillNetworkDevice
- lxd/instance/drivers/driver/qemu: Error alignment with container driver in Rename
- lxd/storage/utils: Improves error in VolumeDBCreate
- lxd/db/storage/volumes: Populates ProjectName field in GetLocalStoragePoolVolumeSnapshotsWithType
- lxd/instance/drivers/driver/lxc: Error context in Rename
- lxd/instances/post: Unwraps long error and using double quotes placeholder
- lxd/instance/instance/interface: Adds TemplateTrigger type and constants for template trigger types
- lxd/instance: Adds instanceCreateAsCopyOpts argument for instanceCreateAsCopy options
- lxd/instances/post: instanceCreateAsCopy updated usage
- lxd/instance/instance/interface: Updates DeferTemplateApply to accept TemplateTrigger type argument
- lxd/instance/drivers/driver/common: Updates DeferTemplateApply to accept a TemplateTrigger type argument
- lxd/storage/backend: inst.DeferTemplateApply usage
- lxd/instances/post: inst.DeferTemplateApply usage
- lxd/instance/drivers/driver/lxc: Updates templateApplyNow to accept a TemplateTrigger argument
- lxd/instance/drivers/driver/lxc: d.templateApplyNow usage
- lxd/instance/drivers/driver/qemu: Updates templateApplyNow to accept a TriggerTemplate type argument
- lxd/instance/drivers/driver/qemu: d.templateApplyNow usage
- lxd/instance/instance/interface: Adds applyTemplateTrigger argument to Rename
- lxd/instance/drivers/driver/lxc: Adds applyTemplateTrigger argument to Rename
- lxd/instance/drivers/driver/qemu: Adds applyTemplateTrigger argument to Rename
- lxd/instance/post: inst.Rename usage
- lxd/instance/snapshot: sc.Rename usage
- lxd/storage/backend/lxd: Removes call to deferred template apply in RenameInstance
- lxd/instance/test: c.Rename usage
- shared/api: Add Pool field to InstancePost
- api: instance_pool_move extension
- lxc/move: Support server-side pool migration
- client: Add extension check for pool migration
- lxd/instance: Implement pool migration API with instancePostPoolMigration
- test: Add tests for volatile.apply_template config during create, copy and move
- test: Adds check for volatile.apply_template state after rename
- i18n: Update translation templates
- test: Add test for moving instance between pools without renaming
- lxd/images: Skip keys with empty values
- lxd/instances_put: Limit to local server
- lxd/device: Fix instance type validations
- shared/instance: Adds ErrNoRootDisk error var and returns it from GetRootDiskDevice
- lxd/instance: Enforces that target instance should have valid root disk config after DB create in instanceCreateAsCopy
- lxd/instance: Don't assume root disk is called "root" when copying snapshots from a source instance
- lxd/db/query/retry: Adds detection of checkpoint in progress to IsRetriableError
- lxd/instances_put: Properly handle clusters
- lxd/instance/drivers/driver_qemu: attempt to kill qemu proc on stop
- lxd/instance/driver_qemu: Add check for qemu cmdline args to pid()
- forkproxy: prevent zombies
- lxd: Change some references of container to instance in comments
- lxd/instance/post: Change error message to instance from container in instancePost
- lxd/main/forkdns: Returns empty AAAA record response when equivalent A record exists
- lxd/main/forkdns: Fixes typo in comment
- test: Adds test for empty AAAA response when equivalent A record exist in clustering forkdns
- lxd/device/pci: Consider DeviceUnbind successful on missing driver
- shared/validate: Validate PCI addresses
- lxd/device/gpu: Validate PCI addresses
- lxd/device: Add function to validate PCI path
- lxd/device: Add support for GPU SR-IOV
- api: gpu_sriov extension
- doc: Add SR-IOV GPU
- lxd/device/gpu_mdev: Valdiate PCI address and path
- lxd/device/gpu_physical: Validate PCI address and path
- lxd/instance/qemu: Cleanup VGA ROM check
- lxd/network/driver/bridge: Update DHCPv4Subnet to return fan bridge address subnet when in fan mode
- lxd/device/nic/bridge: Updates validateConfig to use parent networks DHCP subnet functions when validating address
- shared/termios: Fix static builds
- shared/idmap: Fix shared/ build on non-cgo
- shared/instancewriter/: Fix shared/ build on non-cgo
- shared/eagain: Restrict to Linux
- shared/subprocess: Restrict to unix
- lxd/db/generate: Move DB generator
- github: Replace Travis and Appveyor with Actions
- lxc/manpage: Add markdown, reST and YAML output
- i18n: Update translation templates
- lxd/device/gpu: Skip nvidia directories
- api: pci_device_type extension
- doc/instance: Add pci device type
- lxd/device: Free up the pci name
- lxd/device: Support for both pci= and address= in checker
- lxd/device/config: Add PCIDevice
- lxd/device/pci: Add NormaliseAddress
- lxd/device: Have validatePCIDevice take an address
- lxd/device: Add PCI device type
- lxd/instance/qemu: Rename qemuNetDevPhysical to qemuPCIPhysical
- lxd/instance/qemu: Add PCI device support
- cgroup: fix cgroup2 device driver settings
- doc/instances: Tweaks to make device type linking work
- doc/storage: Add mention of zfs.remove_snapshots
- simplestreams: Review and sanitize urls join
- lxd/storage/volume: Snapshot PUT is supposed to be blocking
- lxd/storage: Fix snapshot edit routes
- lxc/storage_volume: Use correct API for snapshots
- lxd/storage: Cleanup volume API endpoints
- lxd/instance/metadata: Fix API to line up with files
- client: Drop UpdateInstanceTemplateFile
- client: Drop UpdateInstanceTemplateFile
- client: Fix legacy UpdateContainerTemplateFile
- client: Rename SetInstanceMetadata to UpdateInstanceMetadata
- lxc/config: Switch to UpdateInstanceMetadata
- lxc/config: Always use CreateInstanceTemplateFile
- lxd/instance/metadata: Modernize instanceMetadataPut
- lxd/instance/metadata: Implement PATCH
- lxd/instance/snapshots: Implement PATCH
- lxd/storage: Tweak volume snapshot etag
- lxd/storage/volume/snapshot: Implement PATCH
- api: storage_volume_state extension
- shared/api: Add StorageVolumeState
- client: Add GetStoragePoolVolumeState
- lxd/storage: Add storagePoolVolumeTypeStateGet
- doc/rest-api: Add storage volume state API
- lxc/storage_volume: Add support for column argument
- lxc/storage_volume: Add usage column
- lxc/storage_volume: Add info subcommand
- i18n: Update translation templates
- lxd/instance/qemu: Don't use the RAM backend
- lxd/db/images: Include remote storage pools in GetPoolsWithImage
- lxd/db: Export function IsRemoteStorage
- lxd/resources: More flexible PCI handling
- lxd/resources: Make usb address handling match PCI
- lxd/resources: Use %q when possible
- lxd/images: Remove images backed by remote storage
- i18n: Update translations from weblate
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.0.5 リリースのお知らせ ¶
2nd of February 2021
はじめに ¶
LXD チームが LXD 4.0.5 のリリースをお知らせします!
このリリースは、2025 年 6 月までサポートされる LXD 4.0 に対する 5 つめのバグフィックスリリースです。
バグ修正と改良 ¶
このリリースには、開発ブランチからの数カ月分のバグフィックスと細かな改善が含まれています。
主な変更点は次の通りです:
- GPU の媒介(mediated)デバイスをパススルーできるようになりました
- GPU の SR-IOV パススルーができるようになりました
- リソース API に IOMMU の詳細情報を追加しました
- リソース API にネットワークデバイスの USB アドレス情報を追加しました
- リソース API にディスクデバイスの PCI もしくは USB アドレス情報を追加しました
- ネットワーク state API に VLAN の詳細情報を追加しました
lxc listにメモリと CPU の使用状況のカラムを追加しましたlxc snapshotで--reuseオプションが使えるようになりましたlxc storage volume snapshotで--reuseオプションが使えるようになりました
コミットの全リストは次の通りです(翻訳なし):
- extract restart logic to new instance interface function of lxc and qemu
- scripts/bash: Fix snap handling
- extract common restart code to driver_common.go
- lxd/storage: Rename RunningSnapshotFreeze to RunningCopyFreeze
- lxd/storage: Ensure source is frozen during copy
- lxd/instance/drivers: Write out updated backup.yaml after rename
- lxd: Switch to new candid URL
- lxd/storage/zfs: No need to remove dashes from UUID
- shared: Drop GroupId and UserId
- lxd: Port to os/user
- lxd/daemon: Log protocol
- lxd/daemon: Pass writer to Authenticate
- lxd/daemon: Record username on unix queries
- lxd/storage: Lock during the whole image replace
- lxd/db/errors: Adds ErrNoClusterMember var used to indicate no cluster member has been found for a resource
- lxd/db/storage/volumes: Modifies GetStorageVolumeNodeAddresses to detect volumes that are not bound to a single node
- lxd/db/storage/volumes: Removes StorageVolumeIsAvailable
- lxd/response: Updates forwardedResponseIfVolumeIsRemote to accept poolName rather than poolID
- lxd/storage/volumes: forwardedResponseIfVolumeIsRemote usage
- lxd/storage/volumes/snapshot: forwardedResponseIfVolumeIsRemote usage
- lxd/project/project: Adds StorageVolumeProjectFromRecord function
- lxd/db/instances: Renames and reworks instanceListExpanded to InstanceList
- lxd/db/instances/export/test: Removes unused file
- lxd/db/instances/test: Renames TestInstanceListExpanded to TestInstanceList
- lxd/patches: driver.VolumeTypeNameToDBType usage
- lxd/profiles/utils: Comment on doProfileUpdateContainer for clarity
- lxd/response: cluster.ConnectIfVolumeIsRemote usage
- lxd/storage/drivers/driver/types: Adds VolumeMultiNode field to Info
- lxd/storage/drivers/driver/cephfs: Adds VolumeMultiNode=true to Info struct
- lxd/storage/utils: Renames VolumeTypeNameToType to VolumeTypeNameToDBType
- lxd/storage/utils: Adds VolumeDBTypeToTypeName function
- lxd/storage/utils: Comment consistency
- lxd/storage/utils: Renames and reworks VolumeUsedByRunningInstancesWithProfilesGet to VolumeUsedByInstances
- lxd/storage/utils: Adds VolumeUsedByExclusiveRemoteInstancesWithProfiles function
- lxd/cluster/connect: Reworks ConnectIfVolumeIsRemote to use storagePools.VolumeUsedByExclusiveRemoteInstancesWithProfiles
- lxd/storage/volumes: storagePools.VolumeTypeNameToDBType usage
- lxd/storage/volumes: Updates storagePoolVolumeTypePost to use updated storagePools.VolumeUsedByInstances
- lxd/storage/backend/lxd: Updates RestoreCustomVolume with VolumeUsedByInstances
- lxd/storage/utils: Removes VolumeUsedByInstancesGet function as not properly project compliant
- lxd/storage/volumes/utils: Replaces storagePools.VolumeUsedByInstancesGet usage with storagePools.VolumeUsedByInstances in storagePoolVolumeUsedByGet
- lxd/device/disk: Replace storagePools.VolumeUsedByInstancesGet usage with storagePools.VolumeUsedByInstances in storagePoolVolumeAttachShift
- lxd/endpoints: Update error string in test
- shared/simplestreams: Record variant
- shared/simplestreams: Fix sorting of images
- lxd/project/project: Updates StorageVolumeProjectFromRecord to not return error (as never populated)
- lxd/storage/utils: project.StorageVolumeProjectFromRecord usage
- lxd/instance/qmp: Merge Go routines
- shared/cancel: Close chDone on failure
- lxd: Only close doneCh on success
- exec: make sure to only use TIOCGPTPEER if available
- lxd/instance/drivers: Change memory backend
- lxd/instance/drivers: Add virtio-fs config drive template
- lxd/instance/drivers: Handle virtio-fs config drive
- lxd/instance/drivers: Add system unit file for virtio-fs config drive
- lxd/device/disk: Support virtio-fs
- lxd/device/disk: Handle alternative virtfs-proxy-helper location
- lxd-agent: Prefer virtio-fs over 9p
- lxd: Replace use of tx.GetProject with cluster.GetProject
- lxd/storage: VolumeTypeNameToDBType usage
- lxd/device/disk: storagePools.VolumeUsedByExclusiveRemoteInstancesWithProfiles usage
- lxd/storage/backend/lxd: Updates UpdateCustomVolume to check for online resize support when resizing
- lxd/db/storage/volumes: Adds workaround for old remote volume schema in GetStorageVolumeNodeAddresses
- lxd/instances: Fix virtiofsd for config drive
- lxd/instance/drivers: Issue warning if virtiofsd is missing
- lxd/device: Issue warning if virtiofsd is missing
- lxd/instance/drivers: Fix lxd-agent systemd unit conditions
- lxd/storage: Only freeze if not frozen
- lxd/device/sriov: Harden calls to ip link vf
- lxd/storage/zfs: Add support for clone_copy rebase
- lxd/qmp: Ensure checkbuffer is called
- lxd/virtiofs: Fix handling of config drive
- lxd/storage/lvm: Properly make lvm.thinpool_name node-specific
- lxd/instance/drivers/driver/qemu: Call MountInstanceSnapshot when mounting vm snapshots
- lxd/instance/drivers/driver/qemu: Ensure consistent mount state when restoring snapshot irrespective of whether instance was running
- lxd/instance/drivers/driver/lxc: Ensure consistent mount state when restoring snapshot irrespective of whether instance was running
- lxd/storage/drivers/volume: Comment clarification
- lxd/storage/drivers/driver/zfs/volumes: Only resurrect deleted image volume if same size in CreateVolume
- lxd/storage/drivers/driver/zfs/volumes: Improved logging
- lxd/storage/drivers/driver/zfs/volumes: Return ErrNotSupported in SetVolumeQuota when trying to resize an image block volume
- lxd/storage/drivers/driver/ceph/volumes: Only resurrect deleted image volume if same size in CreateVolume
- lxd/storage/drivers/driver/ceph/volumes: Improves logging in CreateVolume
- lxd/storage/drivers/driver/ceph/volumes: Don't allow image volume size in SetVolumeQuota
- lxd/storage/backend/lxd: Adds size to logging in SetInstanceQuota
- lxd/storage/backend/lxd: Update EnsureImage to resize/regenerate optimized image volumes if existing volume is different size than pool's volume.size setting
- lxd/storage/backend/lxd: Updates CreateInstanceFromImage to detect ErrCannotBeShrunk and create one-off non-optimized volume for instance
- lxd/storage/drivers/driver/ceph/utils: Updates getRBDMappedDevPath to allow control of mapping
- lxd/storage/drivers/driver/ceph/utils: d.rbdUnmapVolumeSnapshot on one line
- lxd/storage/drivers/driver/ceph/volumes: d.getRBDMappedDevPath usage
- lxd/storage/utils: Makes InstanceDiskBlockSize snapshot aware
- lxd/storage/drivers/driver/ceph/volumes: Removes extraneous comment
- lxd/storage/drivers/driver/ceph/volumes: Activate volume before genericVFSMigrateVolume in MigrateVolume
- lxd/storage/pool/interface: Adds MountInfo struct
- lxd/storage/pool/interface: Return MountInfo from MountInstance and MountInstanceSnapshot
- lxd/storage/backend/lxd: Populate MountInfo with OurMount and DiskPath in MountInstance
- lxd/storage/backend/lxd: Unexports getInstanceDisk
- lxd/storage/backend/lxd: Populates OurMount and DiskPath in MountInstanceSnapshot
- lxd/storage/utils: Updates InstanceDiskBlockSize to use MountInfo
- lxd/storage/backend/mock: Interface changes
- lxd/instance: Updates instanceCreateAsSnapshot to use MountInfo
- lxd/patches: Updates to use MountInfo
- lxd/instance/drivers/driver/lxc: Updates mount to return MountInfo and usage
- lxd/instance/drivers/driver/qemu: Updates mount to return MountInfo and usage
- lxd/storage/drivers/generic/vfs: Adds genericVolumeDiskFile constant for excluding generic disk block files
- lxd/storage/drivers/generic/vfs: Avoid using d.GetVolumeDiskPath in genericVFSMigrateVolume
- lxd/storage/drivers/generic/vfs: Use genericVolumeDiskFile in genericVFSGetVolumeDiskPath
- lxd/storage/drivers/driver/ceph/utils: Add logging to rbdMapVolume and rbdUnmapVolume
- lxd/storage/drivers/driver/ceph/utils: Updates getRBDMappedDevPath to support snapshots
- lxd/storage/drivers/driver/ceph/volumes: Updates MountVolume to return ourMount for block volumes
- lxd/storage/drivers/driver/ceph/volumes: Updates UnmountVolumeSnapshot to handle block volumes
- lxd/storage/drivers/driver/ceph/volumes: Renames RBDDevPath to devPath
- lxd/storage/utils: Improves logging and uses size value from vol.ConfigSizeFromSource in ImageUnpack
- lxd/storage/backend/lxd: Improves logging in CreateInstanceFromImage
- lxd/storage/backend/lxd: Improves logging and uses imgVol.ConfigSizeFromSource in EnsureImage
- doc/instances: Rephrase limits.memory.swap
- doc/instances: Typo fix
- lxd/storage: Use same defaults as "lxd init"
- lxd/instance/drivers/driver/qemu: Converts all supplied memory byte values to mebibytes for comparison
- lxd/rbac: Fix URL encoding
- lxd/cgroup: Fix V2 detection/handling
- lxd/cgroup: Add file read/writer
- lxd/cgroup: Fix controller detection
- lxd/cgroup: Add cpuset functions
- lxd/cgroup: Fix warning wording
- lxd/devices: Drop old workaround
- lxd/devices: Port to cgroup package
- lxd/instance: Replace CGroupGet/CGroupSet
- lxd/devices: Update to use cgroup abstraction
- lxd/cgroup: Implement proper typing
- lxd/cgroup: Change ParseCPU to return int64
- lxd/instance/lxc: Update for cgroup function changes
- lxd/cgroup: Improve naming
- lxd/instance: Update for new naming
- lxd/cgroup: Add V2 for GetBlkioWeight and SetBlkioWeight
- lxd/device: Move disk priority back to lxc
- lxd/cgroup: Fix get blkio weight
- lxd/cgroup: Add abstraction for SetBlkioLimit
- lxd/device: Port disk limits to abstraction
- lxd/db/storage/volumes: Renames GetStorageVolumeNodeAddresses to GetStorageVolumeNodes
- lxd/cluster/connect: Updates ConnectIfVolumeIsRemote to use tx.GetStorageVolumeNodes
- lxd/db/storage/volumes/test: Updates test for TestGetStorageVolumeNodes
- lxd/storage/utils: Updates VolumeUsedByInstances to accept an api.StorageVolume arg
- lxd/storage/utils: Updates VolumeUsedByExclusiveRemoteInstancesWithProfiles to use an api.StorageVolume arg
- lxd/storage/volumes/utils: Updates storagePoolVolumeUsedByGet to accept an api.StorageVolume arg
- lxd/cluster/connect: Updates ConnectIfVolumeIsRemote to use VolumeUsedByExclusiveRemoteInstancesWithProfiles with vol arg
- lxd/device/disk: Updates validateConfig to use storagePools.VolumeUsedByExclusiveRemoteInstancesWithProfiles with vol arg
- lxd/device/disk: Updates storagePoolVolumeAttachShift to use storagePools.VolumeUsedByInstances with vol arg
- lxd/storage/backend/lxd: Updates UpdateCustomVolume to use VolumeUsedByInstances with vol arg
- lxd/storage/backend/lxd: Updates RestoreCustomVolume to use VolumeUsedByInstances with vol arg
- lxd/storage/volumes: storagePoolVolumeUsedByGet usage
- lxd/storage/volumes: Updates storagePoolVolumeTypePost to use storagePools.VolumeUsedByInstances with a vol arg
- lxd/storage/volumes: Use db.StoragePoolVolumeTypeName constants
- lxd/storage/volumes: Updates storagePoolVolumeTypeGet to use storagePoolVolumeUsedByGet with a vol arg
- lxd/storage/volumes: Updates storagePoolVolumeTypeDelete to use storagePoolVolumeUsedByGet with a vol arg
- lxd/storage/volumes/snapshots: storagePoolVolumeUsedByGet usage
- lxd/storage/volumes/utils: Removes storagePoolVolumeAPI constants and converter functions
- lxd/patches: Recreates patchStoragePoolVolumeAPI constants and function for historical patches
- lxd/storage/volumes: Simplifies volume type in URL in storagePoolVolumes routes
- lxd/storage/volumes/snapshot: Simplifies volume type in URL generation
- lxd/storage/volumes: Updates storagePoolVolumeTypePostRename args
- lxd/storage/volumes: Removes unnecessary var init in storagePoolVolumeTypePostMove
- lxd/storage/drivers/driver/ceph/volumes: Fix rbd device leak in RenameVolume
- lxd/storage/drivers/generic/vfs: Use revert package in genericVFSRenameVolume
- lxd/storage/utils: Adds matching of instances on same node as local volume in VolumeUsedByInstances
- lxd/storage/volume: Removes need for loading storage volume when doing lxc storage volume attach
- lxd/storage/utils: Renames VolumeUsedByInstanceDevices and passes usedByDevices into callback function
- lxd/device/disk: storagePools.VolumeUsedByInstanceDevices usage
- lxd/storage/backend/lxd: VolumeUsedByInstanceDevices usage
- lxd/storage/utils: VolumeUsedByInstanceDevices usage
- lxd/storage/volumes/utils: storagePools.VolumeUsedByInstanceDevices usage
- lxd/storage/volumes: storagePools.VolumeUsedByInstanceDevices usage
- lxd/storage/volumes: Updates storagePoolVolumeTypePost to use updated storagePoolVolumeTypePostRename and storagePoolVolumeTypePostMove
- lxd/storage/volumes: Updates storagePoolVolumeTypePostRename to use updated storagePoolVolumeUpdateUsers
- lxd/storage/volumes: Updates storagePoolVolumeTypePostMove to use updated storagePoolVolumeUpdateUsers
- lxd/instance/drivers/driver/lxc: Removes common function LocalDevices implemented in LXC driver
- lxd/db/instances: Better errors in InstanceList
- lxd/storage/utils: Adds VolumeUsedByProfileDevices function
- lxd/storage/utils: Removes unused volume name matching logic in VolumeUsedByInstanceDevices
- lxd/storage/volumes/utils: Updates storagePoolVolumeUpdateUsers to use storagePools.VolumeUsedByProfileDevices and storagePools.VolumeUsedByInstanceDevices
- lxd/storage/volumes/utils: Updates storagePoolVolumeUsedByGet to use storagePools.VolumeUsedByProfileDevices
- lxd/storage/volumes/utils: Golint suggestions in storagePoolVolumeUsedByGet
- lxd/cluster/connect: Removes CLI command flag in error response in ConnectIfVolumeIsRemote
- lxd/storage: Fix building on stable-4.0
- lxd/db/storage/pools: Adds isRemoteStorage function
- lxd/db/storage/volumes: Updates storagePoolVolumeGetType to not populate Location when driver is remote
- lxd/db/storage/pools/test: Initialise db.StorageRemoteDriverNames in db_test package
- lxd/db: Removes duplicated db.StorageRemoteDriverNames init from tests
- lxd/locking/lock: Adds UnlockFunc type and updates Lock() signature
- lxd/storage/drivers/utils: Extends OperationLockName to take into account content type.
- lxd/storage/drivers/volume: Adds MountLock function
- lxd/storage/drivers/driver/lvm/utils: drivers.OperationLockName usage
- lxd/storage/backend/lxd: drivers.OperationLockName usage
- lxd/storage/drivers: Adds mount and unmount locking
- lxd/storage/drivers/volume: Removes locking from MountTask and UnmountTask
- lxd/instance/drivers/driver/lxc: Stop devices in two phases
- lxd/device/disk: Removes workaround for ceph disks now that disks are stopped after instance is stopped
- doc/rest-api: auth property is never set to guest
- lxd/apparmor: Workaround socket handling
- lxd/storage: Expand local config
- lxd/cgroup: Fix swap limits
- lxd/instance/lxc: Fix crash in cgroup function
- lxc/snapshot: Add reuse option
- lxc/storage: Add reuse option to snapshot
- i18n: Update translation templates
- lxd/instance: Removes instanceConfigureInternal
- lxd/instance: Replace instanceConfigureInternal usage with update backup file which was only relevant part
- lxd/storage/backend/lxd: Adds log to CreateInstanceFromMigration showing if migration volume size header not sent
- lxd/cgroup: Support SetCPUShare on V2
- lxd/cgroup: Implement SetCPUCfsLimit for V2
- lxd/instance/lxc: Port to SetCPUCfsLimit
- lxd/cgroup: Support CGroup V2 in ParseCPU
- lxd-agent: Don't allow connections when rebooting
- lxd/api/project: Reject quotes in project names
- lxd/instance/drivers/driver/lxc: Updates initLXC to use project and instance name in callhook hook commands
- lxd/instance/drivers/driver/lxc: Updates startCommon to quote hook command arguments
- lxd/main/callhook: Updates cmdCallhook to support using project name and instance name in arguments
- lxd/api/internal: Adds support for using instance name and project name in container hook routes
- lxd/storage: Apply rename template
- lxd/patches: Adds patchVMRenameUUIDKey patch to rename config key from volatile.vm.uuid to volatile.uuid
- shared/validate: Adds IsUUID function
- shared/instance: Adds volatile.uuid key to instance validation
- shared/instance: Removes vm.uuid from instance validation in ConfigKeyChecker
- doc/instances: Replaces volatile.vm.uuid with volatile.uuid
- lxd/instance/drivers/driver/qemu: Updates Start to use and populate volatile.uuid instead of volatile.vm.uuid
- lxd/instance/drivers/driver/lxc: Generate instance UUID if not set in startCommon
- lxd/instance/drivers/driver/qemu: Makes UUID generation terminology consistent with container
- lxc/list: Fix typo in help
- i18n: Update translation templates
- lxc/list: Add two new columns (memory % and CPU)
- i18n: Update translation templates
- doc: fix typos in instances.md
- lxd/storage/drivers/driver/zfs/volumes: Remove workarounds for snapshot volume mounting
- lxd/refcount: Adds ref counting package
- lxd/storage/drivers/volume: Adds ref counting functions
- lxd/storage/drivers/volume: Updates MountTask to use new MountVolume signature
- lxd/storage/pool/interface: Removes OurMount from MountInfo struct
- lxd/storage/pool/interface: Removes "our mount" bool return value from MountCustomVolume
- lxd/storage/drivers/interface: Removes "our mount" bool return value from MountVolume
- lxd/storage/drivers/errors: Adds ErrInUse error
- lxd/storage/drivers/drivers/mock: Updates MountVolume signature
- lxd/storage/drivers/utils: Error quoting in shrinkFileSystem
- lxd/storage/drivers/driver/btrfs/volumes: Updates MountVolume signature
- lxd/storage/drivers/driver/ceph/volumes: Adds ref counting to MountVolume and UnmountVolume
- lxd/storage/drivers/driver/cephfs/volumes: Updates MountVolume signature
- lxd/storage/drivers/driver/dir/volumes: Updates MountVolume signature
- lxd/storage/drivers/driver/lvm/volumes: Adds ref counting to MountVolume and UnmountVolume
- lxd/storage/drivers/driver/zfs/volumes: Adds ref counting to MountVolume and UnmountVolume
- lxd/storage/drivers/generic/vfs: Updates genericVFSBackupUnpack to use new MountVolume signature
- lxd/storage/utils: Adds InstanceMount and InstanceUnmount and updates InstanceDiskBlockSize to use them
- lxd/storage/backend/mock: Removes OurMount
- lxd/storage/backend/mock: Removes "our mount" bool return value from MountCustomVolume
- lxd/storage/backend/lxd: Updates mount functions to remove OurMount and use new MountVolume signature
- lxd/storage/backend/lxd/patches: b.driver.MountVolume usage
- lxd/instance/drivers/driver: Unexports common restart function
- lxd/instance/instance/interface: Removes deprecated StorageStart and StorageStop functions
- lxd/instance/drivers/driver/common: Import ordering
- lxd/instance/drivers/driver/lxc: Updates mount usage with ref counting in mind
- lxd/instance/drivers/driver/lxc: Removes deprecated StorageStart and StorageStop
- lxd/instance/drivers/driver/qemu: Updates mount usage with ref counting in mind
- lxd/instance/drivers/driver/qemu: Implements RegisterDevices
- lxd/instance/drivers/driver/qemu: Removes deprecated StorageStart and StorageStop
- lxd/patches: Updates instance mount usage
- lxd/instance/metadata: Removes use of c.StorageStart and c.StorageStop
- lxd/instance/test: Removes use of StorageStart
- lxd/instance: Updates instanceCreateAsSnapshot to use updated mount functions
- lxd/devices: Register devices on all instance types
- lxd/device/disk: Implements Register function
- lxd/device/disk: Updates mount function usage in mountPoolVolume
- lxd/instance/drivers/driver/qemu: mount fixes
- lxd/storage/backend/lxd: Adds revert to MountInstance
- lxd/storage/drivers/driver/ceph/volumes: Adds revert to MountVolume
- lxd/storage/drivers/driver/lvm/volumes: Adds revert to MountVolume
- lxd/storage/drivers/driver/zfs/volumes: Adds revert to CreateVolumeFromBackup
- lxd/storage/drivers/driver/zfs/volumes: Adds revert to MountVolume
- lxd/storage/drivers/driver/zfs/volumes: Simplifies MountVolumeSnapshot and adds revert for parent volume mount
- lxd/storage/drivers/generic/vfs: Adds revert to genericVFSBackupUnpack
- lxd/api/internal: Adds internalImportFromRecovery function for instance recovery import
- lxd/instances/post: Updates createFromBackup to use updated internalImport signature
- lxd/device/disk comments
- test/suites/backup: Updates lxd import tests to expect instance to be unmounted after import
- lxd/instance/drivers/driver/lxc: Moves instance mount before idmap related var loading
- lxd/instance/drivers/driver/lxc: Rotate log file same stage as VM for consistency
- lxd/instance/drivers/driver/qemu: Use instance.LoadByProjectAndName in getMonitorEventHandler
- test: Updates container_import tests to remove lxd import followed by kill and start test
- lxd/storage/backend/lxd: Detect unsupported live copy of VMs and fail with clear message
- lxd/instance/lxc: Add extra check for devpts_fd
- lxd/device/nic/bridged: Clarifies when device's Add function is called
- lxd/migrate/instance: Improves comments when instantiating migration.VolumeTargetArgs
- lxd/storage/backend/lxd: Improves comments when instantiating migration.VolumeTargetArgs
- lxd/storage/backend/lxd: Reject custom volume config if supplied in CreateInstanceFromMigration
- lxd/storage/drivers/driver/zfs/volumes: Use srcVol.NewVMBlockFilesystemVolume in CreateVolumeFromCopy
- lxd/storage/drivers/driver/zfs/volumes: Apply filesystem quota in CreateVolumeFromMigration
- lxd/storage/drivers/driver/btrfs/volumes: Apply quota in CreateVolumeFromMigration
- lxd/storage/drivers/driver: Makes size update consistent with other drivers in UpdateVolume
- lxd/storage/drivers/driver/cephfs/volumes: Use vol.ConfigSize() rather than vol.ExpandedConfig("size") for consistency with other drivers
- lxd/storage/drivers/driver/cephfs/volumes: Makes CreateVolumeFromMigration volume quota setting consistent with other non-block-backed drivers
- lxd/ap/internal: Improved error messages from instanceCreateInternal
- lxd/instance: Improved error messages from instanceCreateInternal
- lxd/instances/post: Improved error messages from instanceCreateInternal
- lxd/migrate/instance: Improved error messages from instanceCreateInternal
- lxd/device/disk: Only validate external disk source paths when real instance is loaded
- lxd/instance/drivers/driver/lxc: Remove user facing reference to "common start logic" in error
- lxd/instance/drivers/driver: Just log device add failures when adding device in non-user requested context
- lxd/instance/drivers/driver/lxc: Pass existing isRunning to c.updateDevices to avoid extra call to IsRunning()
- lxd/storage: Fix build on 4.0
- shared: Allow volatile uuid config keys
- lxd/instance/drivers: Support vgpu in qemu template
- lxd/instance/drivers: Support vgpu in VMs
- lxd/device/nic/sriov: Don't fail when resetting VF MAC to 00:00:00:00:00:00
- lxd/device/config: Allow gputype property
- lxd/device: Support mdev GPUs
- doc: Document mdev config key
- api: Add gpu_mdev
- lxc/info: Show mdev profiles
- po: Update translation
- lxd/images: Replace fp with fingerprint in logs
- lxd/daemon/images: Add contextual logging and use "fingerprint" rather than "image" for consistency with other code areas
- lxd/profiles/utils: Remove container references, improve comments
- lxd/db/profiles: Updates GetInstancesWithProfile to return all instance types, not just containers
- shared/instance: Improves comments
- lxd/profiles: Use project.ProfileProject instead of tx.ProjectHasProfiles
- test/suites/projects: Fix bug in test that assumed project wasnt checked for existance
- lxd/profiles/utils: Updates doProfileUpdate and doProfileUpdateCluster to return project and instance name in error
- lxd/device/device/interface: Moves updatable fields from CanHotPlug() into UpdatableFields()
- lxd/device/errors: Adds ErrCannotUpdate error
- lxd/device/device/common: Updates common implementation of CanHotPlug() and UpdatableFields()
- lxd/device/disk: Adds UpdatableFields function based on instance type
- lxd/device/disk: Only apply running IO limits to containers in Update
- lxd/device/nic/bridged: Adds UpdatableFields function and removes custom CanHotPlug function
- lxd/device/nic/ipvlan: Updates CanHotPlug function
- lxd/device/nic/p2p: Removes custom CanHotPlug function and adds UpdatableFields function
- lxd/device/nic/routed: Splits CanHotPlug function into new CanHotPlug and UpdatableFields functions
- lxd/instance/drivers/driver/lxc: Updates device management functions to use new CanHotPlug and UpdatableFields functions
- lxd/instance/drivers/driver/qemu: Updates device management functions to use new CanHotPlug and UpdatableFields functions
- lxd/device/config/devices/sort: Improves comments in Less
- lxd/device/disk: Removes use of global logger and use device contextual logger
- lxd/device/disk: Rework volatile apply_quota key handling to support virtual machines
- lxd/refcount: Adds Get function
- lxd/storage/backend/lxd: Removes dependence on RunningQuotaResize in SetInstanceQuota
- lxd/storage/backend/lxd: Removes dependence on RunningQuotaResize in UpdateCustomVolume
- lxd/storage/errors: Removes ErrRunningQuotaResizeNotSupported
- lxd/storage/drivers/volume: Adds MountInUse function
- lxd/storage/drivers/utils: Adds vol.MountInUse usage to ensureVolumeBlockFile
- lxd/storage/drivers/utils: Adds filesystemTypeCanBeShrunk and updates shrinkFileSystem to use it
- lxd/storage/drivers/utils: Updates growFileSystem to use DefaultFilesystem
- lxd/storage/drivers/driver/types: Removes RunningQuotaResize
- lxd/storage/drivers: Renames drivers_mock.go to driver_mock.go to align with other driver naming
- lxd/storage/drivers/driver/mock: Removes RunningQuotaResize
- lxd/storage/drivers/driver/btrfs: Updates BTRFS to use ensureVolumeBlockFile's in-use detection
- lxd/storage/drivers/driver/dir: Updates to use ensureVolumeBlockFile's in-use detection
- lxd/storage/drivers/driver/ceph/utils: Adds resizeVolume function
- lxd/storage/drivers/driver/ceph: Removes RunningQuotaResize
- lxd/storage/drivers/driver/ceph/volumes: Reworks SetVolumeQuota to be more aligned with LVM driver structure
- lxd/storage/drivers/driver/cephfs: Removes RunningQuotaResize
- lxd/storage/drivers/driver/lvm: Removes RunningQuotaResize
- lxd/storage/drivers/driver/lvm/volumes: Updates SetVolumeQuota to use Volume's in-use detection
- lxd/storage/drivers/driver/zfs: Removes RunningQuotaResize
- lxd/storage/drivers/driver/zfs/volumes: Updates SetVolumeQuota to use Volume's in-use detection
- lxd/storage/utils: Updates validatePoolCommonRules to differentiate VM volumes and filesystem volumes
- lxd/instance: Error quoting and logging improvements in instanceCreateInternal
- lxd/instance/drivers/driver/lxc: Adds revert to lxcCreate
- lxd/instance/drivers/driver/qemu: Adds revert to qemuCreate
- lxd/storage/backend/lxd: Set the correct volume content type for custom volumes
- lxd/project/project: Adds ProfileProject and ProfileProjectFromRecord functions
- lxd/db/storage/volumes: Adds content type constants and populates ContentType field in storagePoolVolumeGetType
- lxd/storage/backend/lxd: Use volume's ContentType field in MountCustomVolume
- lxc/info: Extend mdev details
- i18n: Update translation templates
- lxd/device/disk: Ignore ErrNotRunning for virtfs-proxy-helper
- lxd/patches/utils: Adds legacy volumeFillDefault function for patches
- lxd/patches: Updates patches to switch from driver.VolumeFillDefault to volumeFillDefault
- lxd/storage/drivers/interface: Adds FillVolumeConfig
- lxd/storage/drivers/driver/common: Adds FillVolumeConfig no-op for common drivers
- lxd/storage/drivers/driver/{ceph,lvm}: Adds FillVolumeConfig function to populate default filesystem settings
- lxd/storage/utils: Updates VolumeDBCreate to accept a Pool and call driver.FillVolumeConfig
- lxd/storage/backend/lxd: VolumeDBCreate usage
- lxd/storage/utils: Removes VolumeFillDefault and VolumeValidateConfig
- lxd/storage/pool/interface: Adds FillInstanceConfig
- lxd/storage/backend/lxd: Implements FillInstanceConfig
- lxd/storage/backend/mock: Adds FillInstanceConfig
- lxd/instance/drivers/driver/lxc: Updates lxcCreate to use storagePool.FillInstanceConfig
- lxd/instance/drivers/driver/qemu: Updates qemuCreate to use storagePool.FillInstanceConfig
- lxd/instance/drivers: Better errors in instance create functions
- lxd/storage/backend/mock: Return storage pool ID 1 rather than -1 to allow tests to run
- lxd/instance/qemu: Always render disk
- Support zstd compression.
- lxd-agent: Don't rely on systemd for rebooting
- lxd/instance: Move id field to common
- lxd/instance/common: Use 'd' as main variable
- lxd/instance/qemu: Rename d to dev
- lxd/instance/qemu: Replace vm with d
- lxd/instance/lxc: Rename d to dev
- lxd/instance/lxc: Replace c with d
- lxd/isntance: Move most properties to common
- lxd/instance: Move common functions to drive_common
- shared/instance: golint fixes
- shared/instance: Adds ConfigVolatilePrefix constant
- shared/instance: ConfigVolatilePrefix usage
- shared/instance: Adds InstanceIncludeWhenCopying function
- lxd/copy: shared.InstanceIncludeWhenCopying usage in copyInstance
- lxc: shared.ConfigVolatilePrefix usage
- lxd: shared.ConfigVolatilePrefix usage
- lxd/instances/post: shared.InstanceIncludeWhenCopying usage in createFromCopy
- lxd/storage: Add volatile idmap setting debug log to resetContainerDiskIdmap
- lxd/device/disk: Include network-config in cidata
- lxd/instance: Fix build on 4.0
- lxd/resources: Add GetNetworkState and GetNetworkCounters
- lxd/storage/pools/utils: Updates comment and error for storagePoolCreateLocal
- lxd/storage/pools: Error quoting
- lxd/networks: Whitespace
- lxd/network/driver/bridge: Adds some basic revert to setup()
- lxd/network/driver/bridge: Only initialise revert if config has changed
- lxd/network/driver/bridge: Fix incorrect return value
- api: add resources_pci_iommu extension
- shared/api: Add IOMMUGroup field to ResourcesPCIDevice
- Add IOMMU group value to PCI devices
- lxd/instance: Use revert package in instanceCreateFromImage
- lxd/storage/backend/lxd: Remove revert from CreateInstanceFromImage
- lxd/storage/drivers/driver/common: Enable unsafe resize mode in runFiller when unpacking into image volumes
- lxd/storage/drivers/driver/ceph/volume: Allow image resize when in unsafe mode in SetVolumeQuota
- lxd/storage/drivers/driver/zfs/volume: Allow image resize when in unsafe mode in SetVolumeQuota
- lxd/storage/backend/lxd: Log new volume size in CreateInstanceFromImage
- lxd/instance/qemu: Follow symlink to lxd-agent
- lxd/db/networks: Comments
- lxd/network/network/interface: Updates init to take api.Network and network nodes map
- lxd/network/network/interface: Adds LocalStatus
- lxd/network/network/load: Updates LoadByName to pass network nodes from s.Cluster.GetNetworkInAnyState to init()
- lxd/db/networks: Adds NetworkState type and uses it in place of int
- lxd/db/networks: Renames networkFillStatus to NetworkStateToAPIStatus
- lxd/db/networks: Adds NetworkNode type
- lxd/db/networks: Exports NetworkNodes and updates to return map of NetworkNodes
- lxd/db/networks: Updates GetNonPendingNetworks usage of NetworkNodes()
- lxd/db/networks: Modifies getNetwork and GetNetworkInAnyState to return map of NetworkNodes for network
- lxd/db/networks: Exports NetworkNodes
- lxd/db/networks: c.GetNetworkInAnyState usage
- lxd/db/networks: Updates comments to reference state constants
- lxd/patches: d.cluster.GetNetworkInAnyState usage
- lxd/api/cluster: d.cluster.GetNetworkInAnyState usage
- lxd/device/nic: d.state.Cluster.GetNetworkInAnyState usage
- lxd/network/driver/common: Adds LocalStatus function and store node info inside network via init()
- lxd/network/driver/bridge: Only perform local date if local status is api.NetworkStatusCreated
- lxd/networks: Updates doNetworksCreate to skip creation if node is already marked created
- lxd/networks: d.cluster.GetNetworkInAnyState usage
- lxd/networks: Don't skip network clean up if network is pending in networkDelete()
- lxd/db/migration/test: cluster.GetNetworkInAnyState usage
- lxd/network/network/interface: Adds IsManaged function
- lxd/network/driver/common: Adds IsManaged function and associated internal variable
- lxd/networks: Prevent rename of pending networks
- lxd/network/driver: Only apply local DB change in Update() when local node is in pending state
- lxd/networks: Updates networksPostCluster to only mark global network states as created once all nodes created
- lxd/networks: Reduce duplicate query loading network in networkPut and doNetworkUpdate
- lxd/networks: Prevent update of global network config when network is pending in networkPut
- lxd/network/bridge: Also delete on unknown status
- lxd/instance/qemu: Fix GPU passthrough
- lxd/instance/operations: Allow Wait/Done on nil struct
- lxd/instance/lxc: Improve use of operations
- lxd/instance/lxc: Improve locking on file ops
- lxd/instance/operations: Introduce CreateWaitGet
- lxd/instance: Introduce restart tracking
- Makefile: Fix golint URL
- lxd/network/driver/bridge: Improve IP parsing errors
- lxd/network/driver/bridge: Don't fill default config on update
- lxd/network/driver/bridge: Regenerate auto values on update
- test/suites/network: Adds test for unsetting ipv4.address and ipv6.address
- test/suites/network: Adds test for regeneration of auto values
- doc/networks: Clarify bridge default auto values
- lxd/device/disk: Only validate disk source pool when an actual instance is set
- test/suites/migration: Adds tests for copying instance with snapshots containing invalid disk devices
- lxc-to-lxd: Fix handling on snap
- lxd/instance: Bypass delete protection for internal calls
- lxd/instance/qemu: Improve state handling
- lxd/instance/operationlock: Allow Reset
- lxd/instance/qemu: Stretch start/stop timeout
- lxd/instance/qemu: Increase virtiofsd timeout to 10s
- lxd/instance/qemu: Move more logic into qemuArchConfig
- lxd/instance: Add Info function
- lxd/instance: Add SupportedInstanceDrivers
- lxd/instance: Add driver cache
- lxd/api: Show all instance drivers
- lxd/qemu: Don't stop processing events on shutdown
- lxd/rbac: Improve access to user information
- lxd/daemon: Improve request context
- lxd/rbac: Move userIsAdmin and userHasPermission
- lxd: Move to new RBAC helpers
- lxd/storage/volumes: Error quoting in storagePoolVolumesTypePost
- lxd/storage/volumes: Fixes misleading comment in storagePoolVolumesPost
- lxd/storage/volumes: Error quoting in storagePoolVolumesPost
- lxd/networks: Use SmartError for response when loading networks
- lxd/project: Add new FilterUsedBy helper
- lxd: Filter all UsedBy based on RBAC
- lxc/file: Fix typo in fileGetWrapper
- lxc/restore: Fix typo in help
- lxd/networks: Fix bad logging level
- lxd/daemon: Fix bad permission check
- lxd/storage/drivers/generic: Fix VM rename with ZFS
- lxd/instance: Remove duplicate event
- lxd/instance/common: Implement lifecycle wrapper
- lxd/instance/lxc: Port to new wrapper
- lxd/instance/lxc: Lock restore operations
- lxd/instance/qemu: Port to new wrapper
- lxd/instance/qemu: Lock restore operations
- lxd/backup: Add lifecycle events
- lxd/network: Add lifecycle function
- lxd/network: Implement create wrapper
- lxd/network: Add lifecycle events
- lxd/cluster/request/clienttype: Moves client type constants and helper into own package
- lxd/cluster/connect: Removes client type constants and helper
- lxd: Updates use of ClientType now moved to cluster/request package
- lxd/networks: Ensure etag generation uses its own copy of config in networkPut
- lxd/networks: Comment in networksPostCluster
- lxd/networks: Corrects log level in networksPostCluster
- lxd/networks: golint fix
- lxd/db/networks: Removes unused NetworkErrored function
- lxd/db/networks: Updates network state comments to indicate node usage
- lxd/apparmor/qemu: Allow some more files
- lxd/storage/drivers/drivers/zfs/volumes: Fixes 10s delay when using VMs with ZFS in snap
- lxd/instance: Adds per-struct contextual logger.
- lxd/instance/drivers: Fixes instanceType in instance logger
- i18n: Update translation templates
- Revert "lxd/db/networks: Removes unused NetworkErrored function"
- lxd/db/storage/pools: Updates storage pool state comments to indicate node usage
- lxd/db/storage/pools: Replace use of networkCreated with storagePoolCreated in getStoragePool
- lxd/storage/pools/utils: Consistent commnent endings
- lxd/storage/pools/utils: Fix comment in storagePoolCreateLocal
- lxd/storage/pools: Add logging for storage pool state updates in storagePoolsPostCluster
- lxd/db/storage/pools: Updates comment on StoragePoolCreated
- lxd/storage/pools: Fix copy paste error in comment
- lxd/storage/load: Updates GetPoolByName to use state.Cluster.GetStoragePoolInAnyState
- lxc/storage: Adds --target flag support to cmdStorageSet
- lxd/db/storage/pools: Adds StoragePoolState type and updates state constants to be of that type
- lxd/db/storage/pools: Adds StoragePoolNode type
- lxd/db/storage/pools: StoragePoolState usage
- lxd/db/storage/pools: Adds storagePoolNodes function
- lxd/db/storage/pools: Updates storage pool load functions to return nodes
- lxd/db/storage/pools: Updates storagePoolNodes to return map of StoragePoolNode
- lxd/db/storage/pools: c.GetStoragePoolInAnyState usage
- shared/api/storage/pool: Adds storage pool status contants
- lxd/db/storage/pools: Adds StoragePoolStateToAPIStatus and updates getStoragePool to use it
- lxd/patches: d.cluster.GetStoragePoolInAnyState usage
- lxd/api/cluster: d.cluster.GetStoragePoolInAnyState usage
- lxd/backup/backup/config: c.GetStoragePool usage
- lxd/daemon/storage: s.Cluster.GetStoragePool usage
- lxd/device/disk: d.state.Cluster.GetStoragePool usage
- lxd/instance/post: d.cluster.GetStoragePool usage
- lxd/instances/post: d.cluster.GetStoragePoolInAnyState usage
- lxd/storage/pools: d.cluster.GetStoragePoolInAnyState usage
- lxd/storage/volumes/snapshot: d.cluster.GetStoragePool usage
- lxd/storage/pool/interface: Adds Description, Status and LocalStatus functions to definition
- lxd/storage/backend/mock: Adds Description, Status and LocalStatus functions
- lxd/storage/backend/lxd: Adds Description, Status, LocalStatus functions and adds nodes property
- lxd/storage/load: state.Cluster.GetStoragePoolInAnyState usage and populates pool nodes in GetPoolByName
- lxd/storage/pool/interface: Adds IsUsed and Create functions
- lxd/storage/backend/lxd: Exports Create and adds IsUsed
- lxd/storage/backend/mock: Adds IsUsed and Create
- lxd/storage/load: Deprecates CreatePool
- lxd/storage/load: Updates CreatePool to initialise empty node list
- lxd/db/migration/test: cluster.GetStoragePool usage
- lxd/storage/pools: Removes unused storagePoolValidateClusterConfig, storagePoolClusterConfigForEtag, storagePoolClusterFillWithNodeConfig functions
- lxd/storage/pools/utils: Removes unused storagePoolUpdate
- lxd/api/cluster: Updates client type usage to new package
- lxd/storage/load: Updates deprecated CreatePool to use client type
- lxd/patches: storagePools.CreatePool usage
- lxd/storage/pool/interface: Replaces localOnly and driverOnly indicators with clientType
- lxd/storage/backend/mock: Replace localOnly and driverOnly with clientType
- lxd/storage/drivers/driver/ceph: Simplify Delete logic
- lxd/api/cluster: Removal special casing for ceph/cephfs
- lxd/storage/backend/lxd: Adds protection against using a pending pool
- lxd/storage: Adds target support to cmdStorageGet
- lxd/storage/pools: Updates storagePoolsPostCluster to only forward non-node specific config
- shared: Add IsUserConfig() utility function
- lxd/config: Allow user keys in server config
- lxd/storage/backend/lxd: Comment typo fix
- lxd/storage/drivers/driver/btrfs/volumes: Enable allowUnsafeResize in CreateVolume when creating initial image volume
- lxd/storage/drivers/utils: Updates ensureVolumeBlockFile to return unsupported when trying to resize image volume without allowUnsafeResize enabled
- lxd/storage/utils: Ensure pool's volume.size is checked when unpacking images to pools that use file based images
- lxd/instance/qemu: Deref OVMF path
- lxc: Clarify --compression option
- doc/image-handling: Update compression details
- i18n: Update translation templates
- lxd/rbac: Fix checks by matching proper name
- api: Add resources_network_usb and resources_disk_address
- shared/api: Add PCIAddress/USBAddress on network and storage
- lxd/resources: Add PCIAddress/USBAddress for networks and disks
- lxd/storage/drivers/utils: Modifies roundVolumeBlockFileSizeBytes to round up
- lxd/storage/drivers/utils: roundVolumeBlockFileSizeBytes usage
- lxd/storage/drivers/driver/zfs/utils: Use roundVolumeBlockFileSizeBytes in createVolume
- lxd/storage/drivers/driver/zfs/volumes: Use roundVolumeBlockFileSizeBytes in CreateVolume
- lxd/storage/drivers/driver/zfs/volumes: Use roundVolumeBlockFileSizeBytes in SetVolumeQuota
- lxd/storage/backend/lxd: Use revert in CreateInstanceFromCopy
- lxd/storage/backend/lxd: Don't fail in DeleteInstance if DB record already removed
- lxd/instance: Use revert in instanceCreateAsCopy
- lxd/storage/drivers/driver/ceph/volumes: Whitespace
- lxd/storage/drivers/driver/ceph/volumes: Adds a hasVolume function that accepts an RBD volume name
- lxd/storage/drivers/driver/ceph/volumes: Fixes issue in DeleteVolume that prevented image volume deletion if no readonly snapshot existed
- lxd/storage/backend/lxd: Return error in EnsureImage when cannot delete orphaned volume
- doc/networks: Mention DNSSEC setting
- lxd/storage/pools/utils: Updates storagePoolCreateLocal to mark local node state as created
- lxd/db/storage/pools: Removes unused function StoragePoolErrored
- lxd/storage/pools: Adds doStoragePoolUpdate function
- lxd/storage/pools/utils: Updates storagePoolCreateLocal to use GetPoolByName
- lxd/storage/pools: Reworks storagePoolDelete to only delete locally if node has created state
- lxd/storage/pools: Reworks storagePoolPut and calls storagePoolPut from storagePoolPatch
- lxd/storage/backend/lxd: Reworks Update to only apply changes to local node if not pending
- lxd/storage/backend/lxd: Replace localOnly and driverOnly with clientType
- lxd/storage/pools: Switch to clientType
- lxd/storage/pools/utils: Switch to clientType
- lxd/db/storage: Hardcode unknown node state
- tests: Add test for import after deleted snapshot
- lxd/instances: Update backup file when deleting a snapshot
- lxd/instance/lxc: Fix backup.yaml delete logic to trigger properly
- lxd/instance/qemu: Also update backup.yaml on snapshot delete
- lxd/instance/qemu: Update backup.yaml on startup
- lxd/db/storage/pools: Comment wrapping
- lxd/storage/backend/lxd: Prevent modification of source field on non-pending nodes
- lxd/storage/drivers/driver/lvm: Comment typo
- lxd/apparmor/qemu: Allow ceph snap paths
- lxd/network/network/interface: Adds Project function
- lxd/network/driver/common: Adds Project function
- lxd/network/driver: Always delete when requested, ignore LocalStatus() pending
- lxc/networks: Remove revert removal on failure of clustered network in networksPost
- lxd/networks: Allow re-create of pending network when pending nodes already exist in networksPost
- lxd/networks: Adds revert to doNetworksCreate
- shared/api: Fix typo
- shared/api: Add NetworkStateVLAN
- lxd/resources: Add VLAN struct
- api: Add network_state_vlan
- lxd/instance/qmp: Update for go-qmp change
- lxd/backup: Fix URL in lifecycle events
- Add DeepSource config
- Use result of type assertion to simplify cases
- Replace .Sub(time.Now()) with time.Until() handler
- Remove unnecessary fmt.Sprintf() on string
- Omit comparison with boolean constant
- lxd/network/driver/common: Remove cluster notification and DB record removal from delete() function
- lxd/networks: Moves cluster notification an DB record removal into networkDelete
- lxd/db/networks: Adds duplicate key detection to getNetworkConfig
- lxd/instance/drivers/qmp/monitor: Handle closed event channel from qmp package in run
- lxd/instance/drivers/driver/qemu: Logs when instance is stopped in getMonitorEventHandler
- lxd/instance/operationlock: Fixes deadlock caused by call to Reset in Create
- lxd/instance/operationlock: Store operation in instanceOperations before calling go routine
- lxd/instance/operationlock: Exit go routine started in Create when the operation is done
- lxd/device: allow adding proxy device to VM instances
- lxd/instance/drivers: run device post-start hooks in QEMU driver
- doc: update
proxydoc to reflect VM support - lxd/device/nic/routed: Switches to network.InterfaceExists for clarity
- lxd/device/nic/routed: Remove host side veth interface if exists in postStop
- lxd/db/networks: Changes UpdateNetwork to not set created status
- lxd/networks: Updates doNetworksCreate to accept a Network rather than load its own
- lxd/networks: Debug log consistency in doNetworksCreate
- lxd/networks: doNetworksCreate usage
- lxd/networks: When auto creating pending nodes, don't pass global config into DB function in networksPost
- lxd/networks: Adds networkPartiallyCreated helper function
- lxd/networks: Updates networksPostCluster to detect existing global config and skip create if already exists
- lxd/api/cluster: Skip non-created networks when joining
- lxd/device/nic: Don't allow NICs to use networks that are not created
- lxd/db/networks: Renames ClusterTx GetNonPendingNetworks to GetCreatedNetworks
- lxd/db/networks: Renames Cluster GetNonPendingNetworks to GetCreatedNetworks
- lxd/api/cluster: cluster.GetCreatedNetworks usage
- lxd/networks: s.Cluster.GetCreatedNetworks usage
- lxd/patches: tx.GetCreatedNetworks usage
- lxd/db/networks: Tighten restrictions in CreatePendingNetwork to only allow pending nodes to be added while network is pending
- lxd/networks: Allow single node cluster network create using --target
- lxd/storage/pools/utils: Debug log consistency in storagePoolCreateLocal
- lxd/db/storage/pools: Adds duplicate key detection to getStoragePoolConfig
- lxd/storage/pools: storagePoolsPost comments line width
- lxd/db/storage/pools: Adds StoragePoolErrored function
- lxd/db/storage/pools: Renames GetNonPendingStoragePoolNames to GetCreatedStoragePoolNames
- lxd/api/cluster: cluster.GetCreatedStoragePoolNames usage
- lxd/storage: s.Cluster.GetCreatedStoragePoolNames usage
- lxd/storage/pools: Restructures storagePoolsPost to align with networksPost
- lxd/storage/pools: Updates storagePoolsPostCluster to reject global config on re-create attempts
- lxd/storage/pools: Adds storagePoolPartiallyCreated function
- lxd/db/storage/pools: Improve errors in CreatePendingStoragePool
- stable-4.0: Remove debug/accidental files
- lxd/db/networks: Corrects comment on GetCreatedNetworks
- lxd/networks: Prevent re-create attempts on errored networks
- lxd/networks: Don't allow config modification on errored networks in networkPut
- lxd/network/driver/bridge: Don't apply updates to node when network is pending
- lxd/storage/pools: Prevent re-create attempts on errored pools
- lxd/storage/backend/lxd: Prevent changing pool node source if pool state isn't pending
- lxd/storage/backend/lxd: Only apply local node changes if both pool and node status are not pending
- lxd/storage/pools: Dont allow config modification on errored pools in storagePoolPut
- test/suites/clustering: Adds adapted tests for stable-4.0 clustered storage setup
- test/suites/clustering: Adds adapted tests for stable-4.0 clustered network setup
- shared/util: Adds StringHasPrefix function
- lxd/device/disk: Adds sourceIsLocalPath function
- lxd/device/disk: Use shared.StringHasPrefix when validating ceph/cephfs prefixes
- lxd/device/disk: Use d.sourceIsLocalPath when validating source host path exists
- lxd/instance/qemu: Enable multiqueue on tap NICs
- lxd/instance/qemu: Use a minimum of 2 network queues
- lxd/storage/drivers/driver/zfs/volumes: Error quoting in RestoreVolume
- lxd/storage/backend/lxd: Don't fail in DeleteInstanceSnapshot if volume DB record already deleted
- lxd/storage/backend/lxd: Fix deleting subsequent snapshots for ZFS in RestoreInstanceSnapshot
- lxd/instances/post: Use source.Project when loading instance to get instance type in containersPost
- lxd/instances/post: Error quoting in containersPost
- lxd/instances/post: Add comment about default instance type for migration in containersPost
- lxd/instances/post: Populate req.Source.Project with project.Default if not specified in containersPost
- test/suites/projects: Adds tests for copying snapshot to another project
- lxd/instances/post: Rename project to targetProject to differentiate between source.Project in containersPost
- lxd/instances/project: Import project package normally and rename project var to projectName
- doc/image-handling: Fix typo
- shared/proxy: Support CIDR ranges in
no_proxy - simplestreams: Drop duplicated slash
- lxd/instance/drivers/qmp: Fix race in Disconnect
- test/suites/static/analysis: Fixes ineffassign usage due to upstream changes
- lxd/instance: Copy snapshot expiry in instanceCreateAsCopy
- lxd/migration: Rebuilds protobuf using protoc v3.14 and latest google.golang.org/protobuf/cmd/protoc-gen-go
- lxd/migration: Adds expiry_date field to snapshots protobuf
- lxd/migrate/instance: Populate expiry date in snapshotToProtobuf
- lxd/migrate/storage/volumes: Populate zero expiry date in volumeSnapshotToProtobuf
- lxd/storage/migration: Populate expiry date in snapshotProtobufToInstanceArgs
- lxd/migration/migration/volumes: Updates TypesToHeader and MatchTypes to use a pointer to MigrationHeader
- lxd/migrate/instance: Avoid copying migration.MigrationHeader due to new internal state lock added by protobuf
- lxd/migrate/storage/volumes: Avoid copying migration.MigrationHeader due to new internal state lock added by protobuf
- lxd/migrate/instance: Fix snapshotToProtobuf to not use loop pointer for device name
- lxd/storage/migration: Conistently use accessor functions in snapshotProtobufToInstanceArgs
- test/suites/snapshots: Adds test for local copy of snapshot expiry date
- test/suites/migration: Adds test for copying snapshot expiry date during migration
- test/suites/migration: Adds test to ensure snapshot devices are copied during migration
- lxd/storage/quota/projectquota: Consistent comment endings and error quoting
- lxd/storage/drivers/driver/dir/utils: Updates setQuota to remove old quota if volID has changed
- lxd/storage/drivers/driver/dir/utils: Modifies setupInitialQuota to not use initQuota
- lxd/api/internal: Updates internalImportFromRecovery to reinitialise root disk quota
- lxd: Rename Operation types
- lxd/db: Rename operation type descriptions
- lxd/network/network/interface: Adds handleDependencyChange function
- lxd/network/driver/common: Adds notifyDependentNetworks function and no-op placeholder handleDependencyChange function
- lxd/resources: Always initialize lists
- lxd/storage/utils: Improves error message in VolumeUsedByExclusiveRemoteInstancesWithProfiles
- lxd/db/instances: Updates InstanceList to accept filter to pass to GetInstances()
- lxd/db/instances: Clarifies comment and arg name on GetLocalInstancesInProject
- lxd/db/instances/test: cluster.InstanceList usage
- lxd/storage/utils: s.Cluster.InstanceList usage
- lxd/patches: InstanceList usage
- lxd/network/network/utils/sriov: Adds SR-IOV allocation functions
- lxd/network/network/utils/sriov: Updates SRIOVGetHostDevicesInUse to use InstanceList()
- lxd/network/network/utils/sriov: Adds network usage support to SRIOVGetHostDevicesInUse
- lxd/network/network/utils/sriov: SRIOVGetHostDevicesInUse usage
- lxd/network/network/utils/sriov: Updates SRIOVFindFreeVirtualFunction args to not need Device
- lxd/network/network/utils/sriov: Adds SRIOVGetVFDevicePCISlot function
- lxd/network/network/utils: Adds InterfaceBindWait function
- lxd/device/pci: Adds PCI device management package
- lxd/device/infiniband/sriov: SRIOV network function usage
- lxd/device/nic/physical: Use pci package
- lxd/device/gpu: Use pci package
- lxd/device/nic/sriov: network.InterfaceBindWait
- lxd/device/nic/sriov: Use pci package
- lxd/device/nic/sriov: SRIOV network function usage
- lxd/device/nic/sriov: Comment clarity in setupSriovParent
- lxd/device/nic/sriov: Removes networkGetVFDevicePCISlot function
- lxd/device/device/utils/generic: Removes pci functions
- lxd/device/device/utils/network: Removes networkInterfaceBindWait function
- lxd/device/device/utils/instance: Removes instanceGetReservedDevices function
- lxd/network/driver/bridge: Comment improvements
- lxd/init: Clarify https listener question
- client: Fix output of GetClusterMemberNames
- openvswitch/ovs.go: Simplify return in Installed method
- rbac/server.go: Sleep for seconds instead of nanoseconds
- lxd/instance/drivers/driver/qemu: Updates SaveConfigFile to return nil
- lxd/api/internal: Updates internalImportFromRecovery to call inst.SaveConfigFile
- test/suites/backup: Adds test to check exec works after recovery of running container
- cluster/raft/file_snapshot.go: defer after checking error
- lxd/storage/drivers/driver/cephfs/volumes: Updates RenameVolume newName arg to newVolName to bring inline with other drivers
- lxd/storage/drivers/driver/ceph/volumes: Fix UnmountVolume to actually deactivate VM block volumes
- lxd/storage/drivers/driver/ceph/volumes: Fix RenameVolume to also rename FS volume for VM volumes
- lxc/network: Adds support for attaching instance to a managed network using
networkproperty - test/suites/container/devices/proxy: Ensure ipv6 nat tests use a network with stateful DHCPv6 enabled
- test/suites/network: Updates static IPv6 allocation test to actually test stateful DHCPv6
- test/suites/container/devices/nic/bridged: Improve validation of DHCPv6 allocation
- lxc/query: Prevent using --project
- i18n: Update translation templates
- lxd/utils: Compare all addresses from lookup in IsAddressCovered, lxc#8340
- lxd/resources: Support DMI for CPU information
- lxd/device/nic/routed: Ensure IP neighbour proxy entries are removed on stop
- lxd/device/nic/routed: Adds duplicate address detection
- lxd/device/disk: Validate size field properly
- lxd/device/nic/bridged: Only attempt to release DHCP leases if bridge interface exists
- lxd/device/nic/bridged: Improve error context prefix in networkClearLease
- lxd/device/nic/bridged: Use %q for error quoting in networkClearLease
- lxd/device/nic/bridged: Improve error context prefix in State
- lxd/instance: Fix progress on ceph instance move
- lxd/storage/backend/lxd: Use volume config in UpdateInstanceBackupFile so that volume.block.filesystem setting is used
- lxd/storage/drivers/utils: Adds filesystem being used to TryMount error
- lxd: Smarter handling of volatile keys in projects
- lxd/project: Strip volatile on copy/migrate
- tests: Update project restrictions test
- lxd/instance/drivers/driver/lxc: Umount instance after CRIU state path check in Restore
- lxd/instance/drivers/driver/lxc: Avoid duplicated call to UpdateBackupFile in Restore
- lxd/instance/drivers/driver/lxc: Log instance restarting after snapshot restore
- lxd/instance/drivers/driver/lxc: Always run UpdateBackupFile in Update
- lxd/instance/drivers/driver/qemu: Removes unnecessary call to UnmountInstance in Restore
- lxd/instance/drivers/driver/qemu: Remove unnecessary call to UpdateBackupFile
- lxd/instance/drivers/driver/qemu: Log instance restarting after snapshot restore
- lxd/instance/drivers/driver/lxc: Copy parent volume config to snapshot volume config in lxcCreate
- lxd/instance/drivers/driver/qemu: Copy parent volume config to snapshot volume config in qemuCreate
- doc/rest-api: Fix typo
- doc/rest-api: Fix missing escaping
- lxd/instance: Tweak error and resource links
- client: Adds support for bulk instance state change.
- test/suites/snapshots: Adds snapshot block.filesystem config check for LVM & Ceph
- shared/api: Adds support for bulk instance state change.
- shared/api: Change mass update API
- client: Re-order functions
- lxd: Rename container functions
- lxd/instance_state: Simplify
- lxd/instance: Refactor state handling
- lxd/instance/drivers: Move ephemeral restart logic
- lxd/db/instances: Improve error message from CreateInstanceConfig
- lxd/instance/drivers/driver/common: Adds insertConfigkey function
- lxd/instance/drivers/driver/lxc: Updates FillNetworkDevice to use d.insertConfigkey
- lxd/instance/drivers/driver/qemu: Updates FillNetworkDevice to use d.insertConfigkey
- lxd/vm: Expose ISO images as SCSI cdroms
- lxd/storage: Cleanup CreateInstanceFromCopy
- lxd/storage/utils: Updates VolumeDBCreate to accept volume and content type typed arguments
- lxd/storage/backend/lxd: Error quoting and wrapping
- lxd/storage/backend/lxd: Expand argument type in updateVolumeDescriptionOnly
- lxd/storage/backend/lxd: VolumeDBCreate updated usage
- lxd/instance/drivers/driver/lxc: Fix volatile config key scoping issue in FillNetworkDevice
- lxd/instance/drivers: Detect failed volatile key generation
- lxc/instance/drivers/driver/common: Removes empty value check from insertConfigkey
- lxd/instance/drivers/driver/common: Prevent existing row check from wiping out desired key value in insertConfigkey
- lxd/instance/drivers: More checks and error contexts in FillNetworkDevice
- lxd/db/query/retry: Adds detection of checkpoint in progress to IsRetriableError
- lxd/instance/drivers/driver/qemu: Error alignment with container driver in Rename
- lxd/storage/utils: Improves error in VolumeDBCreate
- lxd/db/storage/volumes: Populates ProjectName field in GetLocalStoragePoolVolumeSnapshotsWithType
- lxd/instance/drivers/driver/lxc: Error context in Rename
- lxd/instances/post: Unwraps long error and using double quotes placeholder
- lxd/instance/instance/interface: Adds TemplateTrigger type and constants for template trigger types
- lxd/instance: Adds instanceCreateAsCopyOpts argument for instanceCreateAsCopy options
- lxd/instances/post: instanceCreateAsCopy updated usage
- lxd/instance/instance/interface: Updates DeferTemplateApply to accept TemplateTrigger type argument
- lxd/instance/drivers/driver/common: Updates DeferTemplateApply to accept a TemplateTrigger type argument
- lxd/storage/backend: inst.DeferTemplateApply usage
- lxd/instances/post: inst.DeferTemplateApply usage
- lxd/instance/drivers/driver/lxc: Updates templateApplyNow to accept a TemplateTrigger argument
- lxd/instance/drivers/driver/lxc: d.templateApplyNow usage
- lxd/instance/drivers/driver/qemu: Updates templateApplyNow to accept a TriggerTemplate type argument
- lxd/instance/drivers/driver/qemu: d.templateApplyNow usage
- lxd/instance/instance/interface: Adds applyTemplateTrigger argument to Rename
- lxd/instance/drivers/driver/lxc: Adds applyTemplateTrigger argument to Rename
- lxd/instance/drivers/driver/qemu: Adds applyTemplateTrigger argument to Rename
- lxd/instance/post: inst.Rename usage
- lxd/instance/snapshot: sc.Rename usage
- lxd/storage/backend/lxd: Removes call to deferred template apply in RenameInstance
- lxd/instance/test: c.Rename usage
- shared/api: Add Pool field to InstancePost
- client: Add extension check for pool migration
- test: Add tests for volatile.apply_template config during create, copy and move
- test: Adds check for volatile.apply_template state after rename
- test: Add test for moving instance between pools without renaming
- lxd/images: Skip keys with empty values
- lxd/device: Fix instance type validations
- shared/instance: Adds ErrNoRootDisk error var and returns it from GetRootDiskDevice
- lxd/instance: Enforces that target instance should have valid root disk config after DB create in instanceCreateAsCopy
- lxd/instance: Don't assume root disk is called "root" when copying snapshots from a source instance
- lxd/instance/drivers/driver_qemu: attempt to kill qemu proc on stop
- lxd/instance/driver_qemu: Add check for qemu cmdline args to pid()
- forkproxy: prevent zombies
- lxd: Change some references of container to instance in comments
- lxd/instance/post: Change error message to instance from container in instancePost
- lxd/main/forkdns: Returns empty AAAA record response when equivalent A record exists
- lxd/main/forkdns: Fixes typo in comment
- test: Adds test for empty AAAA response when equivalent A record exist in clustering forkdns
- lxd/device/pci: Consider DeviceUnbind successful on missing driver
- shared/validate: Validate PCI addresses
- lxd/device/gpu: Validate PCI addresses
- lxd/device: Add function to validate PCI path
- lxd/device: Add support for GPU SR-IOV
- api: gpu_sriov extension
- doc: Add SR-IOV GPU
- lxd/device/gpu_mdev: Valdiate PCI address and path
- lxd/device/gpu_physical: Validate PCI address and path
- lxd/instance/qemu: Cleanup VGA ROM check
- lxd/network/driver/bridge: Update DHCPv4Subnet to return fan bridge address subnet when in fan mode
- lxd/device/nic/bridge: Updates validateConfig to use parent networks DHCP subnet functions when validating address
- Revert "test: Add test for moving instance between pools without renaming"
- tests: Fix for stable-4.0
- shared/termios: Fix static builds
- shared/idmap: Fix shared/ build on non-cgo
- shared/instancewriter/: Fix shared/ build on non-cgo
- shared/eagain: Restrict to Linux
- shared/subprocess: Restrict to unix
- lxd/db/generate: Move DB generator
- github: Replace Travis and Appveyor with Actions
- README: Update for 4.0
- lxc/manpage: Add markdown, reST and YAML output
- i18n: Update translation templates
- lxd/device/gpu: Skip nvidia directories
- lxd/device: Free up the pci name
- lxd/device: Support for both pci= and address= in checker
- lxd/device/pci: Add NormaliseAddress
- lxd/device: Have validatePCIDevice take an address
- lxd/instance/qemu: Rename qemuNetDevPhysical to qemuPCIPhysical
- cgroup: fix cgroup2 device driver settings
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.10 リリースのお知らせ¶
8th of January 2021
はじめに ¶
LXD チームは LXD 4.10 のリリースをお知らせできることにとてもワクワクしています!
このリリースは軽めのリリースです。それは、LXD チームは 12 月 18 日から 1 月 4 日までお休みをいただいていたためです。しかし、多くのバグフィックスといくつか新しい改良が行われました。
Enjoy!
新機能とハイライト ¶
ネットワークの状態表示内の VLAN 情報 ¶
ボンディングやブリッジの情報のように、新たに VLAN 構造をネットワーク状態のエンドポイントに追加しました。これは下位デバイスとインターフェースの VLAN ID を表示します。
root@abydos:~# lxc query /1.0/networks/bond-sw01.100/state
{
"addresses": [],
"bond": null,
"bridge": null,
"counters": {
"bytes_received": 213651991756,
"bytes_sent": 42453202,
"packets_received": 97607519,
"packets_sent": 431818
},
"hwaddr": "0a:0f:7c:6e:db:d9",
"mtu": 1500,
"state": "up",
"type": "broadcast",
"vlan": {
"lower_device": "bond-sw01",
"vid": 100
}
}
VM のプロキシーデバイスのサポート(NAT のみ) ¶
仮想マシンで proxy デバイスが使えるようになりました。
これは NAT モード(nat=true)でのみ機能するので、両サイドで同じプロトコルを使う必要があります。
ブリッジポートの隔離 ¶
ブリッジネットワークインターフェースに新たに security.port_isolation を追加しました。これによりインターフェース間の通信を制限できるようになりました。
イメージプロパティに関する新しいサブコマンド ¶
イメージプロパティへのアクセス、設定、解除のために、新たに lxc image コマンドに 3 つの新しいサブコマンドを追加しました。
- lxc image get-property
- lxc image set-property
- lxc image unset-property
例 :
stgraber@castiana:~$ lxc image get-property 305db7054652 os Ubuntu stgraber@castiana:~$ lxc image set-property 305db7054652 foo bar stgraber@castiana:~$ lxc image get-property 305db7054652 foo bar stgraber@castiana:~$ lxc image unset-property 305db7054652 foo stgraber@castiana:~$
VM 内のマルチキューネットワーキング ¶
仮想マシン上のネットワークインターフェースは、仮想マシンに割り当てられた仮想 CPU の数と一致するように RX キューおよび TX キューの数を自動的に設定するようになりました。
これにより、高速ネットワークを扱う場合には特にネットワークパフォーマンスが大幅に向上するはずです。
すべての変更点(翻訳なし) ¶
このリリースでの完全な変更点のリストは次のとおりです:
- lxd/network/network/interface: Adds Project function
- lxd/network/driver/common: Adds Project function
- lxd/network/driver/common: Remove cluster notification and DB record removal from delete() function
- lxd/network/driver: Always delete when requested, ignore LocalStatus() pending
- lxc/networks: Remove revert removal on failure of clustered network in networksPost
- lxd/networks: Allow re-create of pending network when pending nodes already exist in networksPost
- lxd/networks: Adds revert to doNetworksCreate
- lxd/networks: Moves cluster notification an DB record removal into networkDelete
- shared/api: Fix typo
- shared/api: Add NetworkStateVLAN
- lxd/resources: Add VLAN struct
- api: Add network_state_vlan
- lxd/instance/qmp: Update for go-qmp change
- lxd/backup: Fix URL in lifecycle events
- Add DeepSource config
- Use result of type assertion to simplify cases
- Replace .Sub(time.Now()) with time.Until() handler
- Remove unnecessary fmt.Sprintf() on string
- Omit comparison with boolean constant
- lxd/db/networks: Adds duplicate key detection to getNetworkConfig
- lxd/db/networks: Adds NetworkErrored function
- lxd/db/networks: Changes UpdateNetwork to not set created status
- lxd/network/driver/ovn: Reject instance port start if cannot find DHCP options
- lxd/networks: Updates doNetworksCreate to accept a Network rather than load its own
- lxd/networks: Debug log consistency in doNetworksCreate
- lxd/networks: doNetworksCreate usage
- lxd/networks: When auto creating pending nodes, don't pass global config into DB function in networksPost
- lxd/networks: Adds networkPartiallyCreated helper function
- lxd/networks: Updates networksPostCluster to detect existing global config and skip create if already exists
- lxd/api/cluster: Skip non-created networks when joining
- lxd/device/nic: Don't allow NICs to use networks that are not created
- lxd/db/networks: Renames ClusterTx GetNonPendingNetworks to GetCreatedNetworks
- lxd/db/networks: Renames Cluster GetNonPendingNetworks to GetCreatedNetworks
- lxd/api/cluster: cluster.GetCreatedNetworks usage
- lxd/network: tx.GetCreatedNetworks usage
- lxd/networks: s.Cluster.GetCreatedNetworks usage
- lxd/patches: tx.GetCreatedNetworks usage
- test/suites/clustering: More network clustering tests
- lxd/db/networks: Tighten restrictions in CreatePendingNetwork to only allow pending nodes to be added while network is pending
- lxd/networks: Allow single node cluster network create using --target
- lxd/db/cluster/update: Adds patch updateFromV41 function
- lxd/storage/pools/utils: Debug log consistency in storagePoolCreateLocal
- lxd/db/storage/pools: Adds duplicate key detection to getStoragePoolConfig
- lxd/storage/pools: storagePoolsPost comments line width
- lxd/db/storage/pools: Adds StoragePoolErrored function
- lxd/db/storage/pools: Renames GetNonPendingStoragePoolNames to GetCreatedStoragePoolNames
- lxd/api/cluster: cluster.GetCreatedStoragePoolNames usage
- lxd/storage/pools/utils: Renames id arg to poolID in storagePoolCreateLocal
- lxd/storage: s.Cluster.GetCreatedStoragePoolNames usage
- lxd/storage/pools: Restructures storagePoolsPost to align with networksPost
- lxd/storage/pools: Updates storagePoolsPostCluster to reject global config on re-create attempts
- lxd/storage/pools: Adds storagePoolPartiallyCreated function
- test/suites/clustering: Updates storage pool status tests
- lxd/db/storage/pools: Improve errors in CreatePendingStoragePool
- test/suites/clustering: Adds additional storage pool state tests
- lxd/db/cluster/update: Adds patch updateFromV42 function
- lxd/device: Add support for bridge port isolation
- api: Add instance_nic_port_isolation extension
- lxd/instance/drivers/qmp/monitor: Handle closed event channel from qmp package in run
- lxd/instance/drivers/driver/qemu: Logs when instance is stopped in getMonitorEventHandler
- lxd/instance/operationlock: Fixes deadlock caused by call to Reset in Create
- lxd/instance/operationlock: Store operation in instanceOperations before calling go routine
- lxd/instance/operationlock: Exit go routine started in Create when the operation is done
- lxd/network/driver/ovn: Detect IPv6 DHCP options correctly
- lxd/device: allow adding proxy device to VM instances
- lxd/instance/drivers: run device post-start hooks in QEMU driver
- doc: update
proxydoc to reflect VM support - lxd/device/nic/routed: Switches to network.InterfaceExists for clarity
- lxd/device/nic/routed: Remove host side veth interface if exists in postStop
- lxd/network/driver/ovn: Adds support for physical uplink interface to be a bridge
- lxd/db/networks: Corrects comment on GetCreatedNetworks
- lxd/network/driver/physical: Clarify error when changing parent interface when in use
- lxd/network/driver/bridge: Don't apply updates to node when network is pending
- lxd/network/driver: Don't apply changes to node if network is pending
- lxd/storage/backend/lxd: Only apply local node changes if both pool and node status are not pending
- lxc/image: Add support for directly getting, setting and unsetting image properties
- i18n: Update translation templates
- lxd/db/cluster/update: Modifies updateFromV43 and updateFromV42 to use IFNULL(node_id, -1) to avoid nodes with 0 ID
- lxd/db/cluster: Adds updateFromV43 patch that adds unique index to storage_pools_config and networks_config table
- doc: features.networks is not enabled by default for projects
- shared/util: Adds StringHasPrefix function
- lxd/device/disk: Adds sourceIsLocalPath function
- lxd/device/disk: Use shared.StringHasPrefix when validating ceph/cephfs prefixes
- lxd/device/disk: Use d.sourceIsLocalPath when validating source host path exists
- lxd/instance/qemu: Enable multiqueue on tap NICs
- lxd/instance/qemu: Use a minimum of 2 network queues
- lxd/storage/drivers/driver/zfs/volumes: Error quoting in RestoreVolume
- lxd/storage/backend/lxd: Don't fail in DeleteInstanceSnapshot if volume DB record already deleted
- lxd/storage/backend/lxd: Fix deleting subsequent snapshots for ZFS in RestoreInstanceSnapshot
- lxd/instances/post: Use source.Project when loading instance to get instance type in containersPost
- lxd/instances/post: Rename project to targetProject to differentiate between source.Project in containersPost
- lxd/instances/post: Error quoting in containersPost
- lxd/instances/post: Add comment about default instance type for migration in containersPost
- lxd/instances/project: Import project package normally and rename project var to projectName
- lxd/instances/post: Populate req.Source.Project with project.Default if not specified in containersPost
- test/suites/projects: Adds tests for copying snapshot to another project
- doc/image-handling: Fix typo
- shared/proxy: Support CIDR ranges in
no_proxy - simplestreams: Drop duplicated slash
- lxd/instance/drivers/qmp: Fix race in Disconnect
- test/suites/static/analysis: Fixes ineffassign usage due to upstream changes
- lxd/instance: Copy snapshot expiry in instanceCreateAsCopy
- lxd/migration: Rebuilds protobuf using protoc v3.14 and latest google.golang.org/protobuf/cmd/protoc-gen-go
- lxd/migration: Adds expiry_date field to snapshots protobuf
- lxd/migrate/instance: Populate expiry date in snapshotToProtobuf
- lxd/migrate/storage/volumes: Populate zero expiry date in volumeSnapshotToProtobuf
- lxd/storage/migration: Populate expiry date in snapshotProtobufToInstanceArgs
- lxd/migration/migration/volumes: Updates TypesToHeader and MatchTypes to use a pointer to MigrationHeader
- lxd/migrate/instance: Avoid copying migration.MigrationHeader due to new internal state lock added by protobuf
- lxd/migrate/storage/volumes: Avoid copying migration.MigrationHeader due to new internal state lock added by protobuf
- lxd/migrate/instance: Fix snapshotToProtobuf to not use loop pointer for device name
- lxd/storage/migration: Conistently use accessor functions in snapshotProtobufToInstanceArgs
- test/suites/snapshots: Adds test for local copy of snapshot expiry date
- test/suites/migration: Adds test for copying snapshot expiry date during migration
- test/suites/migration: Adds test to ensure snapshot devices are copied during migration
- lxd/storage/quota/projectquota: Consistent comment endings and error quoting
- lxd/storage/drivers/driver/dir/utils: Updates setQuota to remove old quota if volID has changed
- lxd/storage/drivers/driver/dir/utils: Modifies setupInitialQuota to not use initQuota
- lxd/api/internal: Updates internalImportFromRecovery to reinitialise root disk quota
- lxd/network/openvswitch/ovn: Adds mayExist argument to LogicalRouterAdd
- lxd/network/openvswitch/ovn: Adds mayExist argument to LogicalRouterSNATAdd
- lxd/network/openvswitch/ovn: Simplifies LogicalRouterRouteAdd
- lxd/network/openvswitch/ovn: Adds mayExist argument to LogicalRouterPortAdd
- lxd/network/openvswitch/ovn: Adds LogicalRouterSNATDeleteAll function
- lxd/network/openvswitch/ovn: Clear unused keys in LogicalSwitchSetIPAllocation
- lxd/network/openvswitch/ovn: Adds support for clearing unused settings in LogicalRouterPortSetIPv6Advertisements
- lxd/network/openvswitch/ovn: Adds LogicalRouterPortDeleteIPv6Advertisements function
- lxd/network/driver/ovn: Enforce that ipv6.address if specified is at least a /64 subnet
- lxd/network/driver/ovn: Pass update flag to mayExist where possible
- lxd/network/driver/ovn: Delete SNAT rules from route before adding new ones
- lxd/network/driver/ovn: Improve SNAT failure errors
- lxd/network/driver/ovn: Pass update to mayExists when setting up default routes
- lxd/network/driver/ovn: Create internal router port before DHCP option setup
- lxd/network/driver/ovn: Modifies IPv6 RA settings and removes them entirely when IPv6 disabled
- lxd/network/driver/ovn: Don't return DHCPv6 subnet if IPv6 prefix smaller than /64
- lxd: Rename Operation types
- lxd/db: Rename operation type descriptions
- lxd/network/network/interface: Adds handleDependencyChange function
- lxd/network/driver/common: Adds notifyDependentNetworks function and no-op placeholder handleDependencyChange function
- lxd/network/driver/ovn: Adds handleDependencyChange function
- lxd/network/driver/physical: Calls notifyDependentNetworks when config is updated
- lxd/network/openvswitch/ovn: Adds LogicalRouterDNATSNATDeleteAll function
- lxd/network/openvswitch/ovn: Clarifies DNAT_AND_SNAT related function comments
- lxd/network/openvswitch/ovn: Adds LogicalSwitchPortExists function
- lxd/network/driver/ovn: Moves instance NIC port config parsing into InstanceDevicePortConfigParse function
- lxd/network/driver/ovn: Updates InstanceDevicePortAdd to accept an uplinkConfig argument
- lxd/network/driver/ovn: Clarifies argument names in the context of an OVN dependent network in handleDependencyChange
- lxd/network/driver/ovn: Updates handleDependencyChange to handle changes to uplink network's ovn.ingress_mode setting
- lxd/device/nic/ovn: Updates NIC to use d.network.InstanceDevicePortConfigParse and updated d.network.InstanceDevicePortAdd
- lxd/resources: Always initialize lists
- lxd/storage/utils: Improves error message in VolumeUsedByExclusiveRemoteInstancesWithProfiles
- lxd/db/instances: Updates InstanceList to accept filter to pass to GetInstances()
- lxd/db/instances: Clarifies comment and arg name on GetLocalInstancesInProject
- lxd/db/instances/test: cluster.InstanceList usage
- lxd/storage/utils: s.Cluster.InstanceList usage
- lxd/network/driver/ovn: n.state.Cluster.InstanceList usage
- lxd/patches: InstanceList usage
- lxd/network/network/utils/sriov: Adds SR-IOV allocation functions
- lxd/network/network/utils/sriov: Updates SRIOVGetHostDevicesInUse to use InstanceList()
- lxd/network/network/utils/sriov: Adds network usage support to SRIOVGetHostDevicesInUse
- lxd/network/network/utils/sriov: SRIOVGetHostDevicesInUse usage
- lxd/network/network/utils/sriov: Updates SRIOVFindFreeVirtualFunction args to not need Device
- lxd/network/network/utils/sriov: Adds SRIOVGetVFDevicePCISlot function
- lxd/network/network/utils: Adds InterfaceBindWait function
- lxd/device/pci: Adds PCI device management package
- lxd/device/infiniband/sriov: SRIOV network function usage
- lxd/device/nic/physical: Use pci package
- lxd/device/gpu: Use pci package
- lxd/device/nic/sriov: network.InterfaceBindWait
- lxd/device/nic/sriov: Use pci package
- lxd/device/nic/sriov: SRIOV network function usage
- lxd/device/nic/sriov: Comment clarity in setupSriovParent
- lxd/device/nic/sriov: Removes networkGetVFDevicePCISlot function
- lxd/device/device/utils/generic: Removes pci functions
- lxd/device/device/utils/network: Removes networkInterfaceBindWait function
- lxd/device/device/utils/instance: Removes instanceGetReservedDevices function
- lxd/network/driver/bridge: Comment improvements
- lxd/network/driver/ovn: Updates addChassisGroupEntry to generate chassis priority using stable random value
- i18n: Update translations from weblate
- lxd/init: Clarify https listener question
- doc: Fixes typo in macvlan NIC section
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.9 リリースのお知らせ¶
11th of December 2020
はじめに ¶
LXD チームは LXD 4.9 のリリースをお知らせできることにとてもワクワクしています!
このリリースには、オースティンにあるテキサス大学の学生からの次のコントリビューションが含まれています:
- プロジェクトに対する
limits.instances設定 - サーバー情報に qemu ドライバーとバージョンを表示
- リソース API 内に
IOMMUグループを表示 - サーバー設定内の
user.設定
それに加えて、GPU の媒介(mediated)デバイスのパススルーが使えるようになり、ライフサイクルイベントにいくつか改良をほどこし、リソース API へいくつか追加を行い、zstd 圧縮が使えるようになり、OVN ユーザーのための様々な新しいオプションを追加しています。
Enjoy!
新機能とハイライト ¶
仮想マシンに対する GPU 媒介デバイス ¶
LXDで、媒介デバイス(mediated device)をサポートしているGPUから媒介デバイスを割り当てることができるようになり、それを仮想マシンにアタッチできるようになりました。
これは、新たに導入された gpu のための設定 gputype によって行います。設定値は現時点では次の値をサポートしています:
physical(全 GPU。従来のデフォルトの動作)mdevプロファイルを指定するための追加のmdevキーと組み合わせて使います
lxc info --resources でも mdev プロファイルが表示されるようになりました。
GPU:
NUMA node: 0
Vendor: Intel Corporation (8086)
Product: HD Graphics 620 (5916)
PCI address: 0000:00:02.0
Driver: i915 (5.8.0-29-generic)
DRM:
ID: 0
Card: card0 (226:0)
Control: controlD64 (226:0)
Render: renderD128 (226:128)
Mdev profiles:
- i915-GVTg_V5_4 (1 available)
low_gm_size: 128MB
high_gm_size: 512MB
fence: 4
resolution: 1920x1200
weight: 4
- i915-GVTg_V5_8 (2 available)
low_gm_size: 64MB
high_gm_size: 384MB
fence: 4
resolution: 1024x768
weight: 2
PCI デバイスの IOMMU グループ ¶
リソース API(/1.0/resources)の PCI セクションのデバイスそれぞれには、IOMMU グループの ID を示す iommu_group が表示されるようになりました。
これは、パススルーネットワークや GPU デバイスを仮想マシンに追加する前に IOMMU トポロジーを確認するのにとても役立ちます。
stgraber@castiana:~$ lxc query /1.0/resources | jq .pci.devices[-1]
{
"driver": "xhci_hcd",
"driver_version": "5.8.0-29-generic",
"iommu_group": 16,
"numa_node": 0,
"pci_address": "0000:3c:00.0",
"product": "JHL6540 Thunderbolt 3 USB Controller (C step) [Alpine Ridge 4C 2016]",
"product_id": "15d4",
"vendor": "Intel Corporation",
"vendor_id": "8086"
}
サーバ環境情報内の QEMU バージョン表示 ¶
次の lxc info の実行例に表示されているように、システムの QEMU のバージョンが driver と driver_version に含まれるようになりました。
stgraber@castiana:~$ lxc info | grep " driver" driver: lxc | qemu driver_version: 4.0.0 (devel) | 5.2.0
ライフサイクルイベントの改良 ¶
ライフサイクルイベントを実装しなおして拡張しました。
現時点の完全なリストは次のとおりです:
- instance-created
- instance-renamed
- instance-deleted
- instance-updated
- instance-started
- instance-stopped
- instance-shutdown
- instance-restarted
- instance-paused
- instance-resumed
- instance-snapshot-create
- instance-snapshot-renamed
- instance-snapshot-deleted
- instance-restored
- instance-backup-created (new)
- instance-backup-renamed (new)
- instance-backup-deleted (new)
- network-created (new)
- network-updated (new)
- network-renamed (new)
- network-deleted (new)
お気づきのように、従来の container と virtual-machine のプレフィックスが混じった状態ではなく、一貫して instance が使われるようになりました。バックアップのためにイベントが不足していた問題がいくつか解消され、ネットワークイベントの初期カバレッジも追加されました。
user. キーがすべてのオブジェクトで使用可能に¶
このリリースで、設定を保持するすべての LXD オブジェクト内で user. キーが使えるようになりました。これらのキーは、追加のコンテキストを保存する必要がある外部のオーケストレーションシステムやモニタリングシステムで特に役に立ちます。
最近、これらのキーはサーバ自身を除くすべてのオブジェクトで使えましたが、これが解決されました。
stgraber@castiana:~$ lxc config set user.foo bar stgraber@castiana:~$ lxc config get user.foo bar
USB・ネットワークリソースの usb_address と pci_address プロパティ ¶
usb_address フィールドが、新たにソース API 内のネットワークとストレージデバイスの両方に追加されました。USB 接続がなされた際、デバイスの <bus>:<dev> で表示されます。これは PCI デバイスの pci_address にとても似ています。
同時に、ストレージデバイスになかった pci_address フィールドも追加されました。
stgraber@castiana:~$ lxc query /1.0/resources | jq .storage.disks[-1]
{
"block_size": 512,
"device": "8:0",
"device_id": "usb-Kingston_DataTraveler_3.0_08606E6B6612BE50D7168119-0:0",
"device_path": "pci-0000:00:14.0-usb-0:1:1.0-scsi-0:0:0:0",
"firmware_version": "PMAP",
"id": "sda",
"model": "DataTraveler 3.0",
"numa_node": 0,
"partitions": [
{
"device": "8:1",
"id": "sda1",
"partition": 1,
"read_only": false,
"size": 7863254528
}
],
"read_only": false,
"removable": true,
"rpm": 0,
"serial": "08606E6B6612BE50D7168119",
"size": 7864320000,
"type": "usb",
"usb_address": "2:7"
}
OVN ネットワークの ipv4.dhcp と ipv6.dhcp ¶
OVN ネットワークで IPv4 と IPv6 の DHCP をそれぞれ無効化できるようになりました。
これは、従来のマネージドブリッジと同様に、ipv4.dhcp と ipv6.dhcp の設定により行います。
物理ネットワーク上の ovn.ingress_mode ¶
OVN ネットワークに外部アドレスもしくはサブネットを割り当てる場合、特定の OVN ルーターがそのトラフィックを取り扱っていることを上流のゲートウェイに知らせる必要があります。
これまでは、L2 プロキシーを使って行っており、事実上 OVN は、処理を行わなければいけないネットワークとインスタンス上で、アップリンクネットワーク上の ARP/NDP パケットに対して応答することになっています。
これは多くのケースでうまく機能し、外部でルートを設定する必要はなくなります。しかし、OVN 自体で個別のアドレスレコードが必要となり、特に大きなサブネットではスケールしません(IPv4 での /24 や IPv6 での /64 を考えてみてください)。
このようなケースのために、新たに ovn.ingress_mode という設定が追加され、routed と設定できるようになりました。これは上流のルーターが、どのサブネットがどの OVN ルーターにルーティングされるのかを知っているため、OVN が各単独のアドレスごとに個別に処理する必要がないことを示しています。
これを https://github.com/stgraber/lxd-bgp のようなものと組み合わせて、上流のルーターのダイナミックなルーティング・プロトコルを使って、関連する OVN ルーターに対する必要なルートを自動的に設定できます。
物理ネットワーク上の ipv4.routes.anycast と ipv6.routes.anycast ¶
前のエントリーに関連して、LXD がルーティングされたサブネットに対して実行するチェックをバイパスするために、2つの新しい設定が追加されました。
この設定だけで、ふたつのネットワークのバックで使われたり、同時にふたつのインスタンスに割り当てられたりするのを防ぎます。しかし、外部ルーティングとダイナミックルーティングをサポートすることで、anycast を行うことができるようになります。
これがサポートされている環境では、ipv4.routes.anycast と ipv6.routes.anycast を true に設定し、サブネットの重複チェックを回避し、ふたつのインスタンスが同じパブリックアドレスを保持できるようにし、トラフィックの取得の決定を上流ルーターに任せることができます。
limits.instances プロジェクトオプション ¶
プロジェクトに設定できた limits.containers と limits.virtual-machines という制限に加えて、新たな制限が設定できるようになりました。
limits.instances を使って、プロジェクト内でタイプに関係なくインスタンス数を全体的に制限できます。
これに従って、次のように設定できます:
- limits.instances: 5
- limits.containers: 5
- limits.virtual-machines: 2
これにより、設定したプロジェクトでは 5 インスタンスまで持つことができます。そのすべてをコンテナにできますが、仮想マシンにできるのは 2 つだけとなります。
イメージとバックアップの zstd 圧縮 ¶
イメージとバックアップで zstd が使えるようになりました。
これは images.compression_algorithmとbackups.compression_algorithmで設定するか、lxc publish や lxc export で直接 --compression を使って指定できます。
すべての変更点(翻訳なし)¶
このリリースでの完全な変更点のリストは次のとおりです:
- lxd/api/project: Reject quotes in project names
- lxd/instance/drivers/driver/lxc: Updates initLXC to use project and instance name in callhook hook commands
- lxd/instance/drivers/driver/lxc: Updates startCommon to quote hook command arguments
- lxd/main/callhook: Updates cmdCallhook to support using project name and instance name in arguments
- lxd/api/internal: Adds support for using instance name and project name in container hook routes
- lxd/storage: Apply rename template
- lxd/patches: Adds patchVMRenameUUIDKey patch to rename config key from volatile.vm.uuid to volatile.uuid
- shared/validate: Adds IsUUID function
- shared/instance: Adds volatile.uuid key to instance validation
- shared/instance: Removes vm.uuid from instance validation in ConfigKeyChecker
- doc/instances: Replaces volatile.vm.uuid with volatile.uuid
- lxd/instance/drivers/driver/qemu: Updates Start to use and populate volatile.uuid instead of volatile.vm.uuid
- lxd/instance/drivers/driver/lxc: Generate instance UUID if not set in startCommon
- lxd/instance/drivers/driver/qemu: Makes UUID generation terminology consistent with container
- lxc/list: Fix typo in help
- i18n: Update translation templates
- lxc/list: Add two new columns (memory % and CPU)
- i18n: Update translation templates
- doc: fix typos in instances.md
- lxd/storage/drivers/driver/zfs/volumes: Remove workarounds for snapshot volume mounting
- lxd/refcount: Adds ref counting package
- lxd/storage/drivers/volume: Adds ref counting functions
- lxd/storage/drivers/volume: Updates MountTask to use new MountVolume signature
- lxd/storage/pool/interface: Removes OurMount from MountInfo struct
- lxd/storage/pool/interface: Removes "our mount" bool return value from MountCustomVolume
- lxd/storage/drivers/interface: Removes "our mount" bool return value from MountVolume
- lxd/storage/drivers/errors: Adds ErrInUse error
- lxd/storage/drivers/drivers/mock: Updates MountVolume signature
- lxd/storage/drivers/utils: Error quoting in shrinkFileSystem
- lxd/storage/drivers/driver/btrfs/volumes: Updates MountVolume signature
- lxd/storage/drivers/driver/ceph/volumes: Adds ref counting to MountVolume and UnmountVolume
- lxd/storage/drivers/driver/cephfs/volumes: Updates MountVolume signature
- lxd/storage/drivers/driver/dir/volumes: Updates MountVolume signature
- lxd/storage/drivers/driver/lvm/volumes: Adds ref counting to MountVolume and UnmountVolume
- lxd/storage/drivers/driver/zfs/volumes: Adds ref counting to MountVolume and UnmountVolume
- lxd/storage/drivers/generic/vfs: Updates genericVFSBackupUnpack to use new MountVolume signature
- lxd/storage/utils: Adds InstanceMount and InstanceUnmount and updates InstanceDiskBlockSize to use them
- lxd/storage/backend/mock: Removes OurMount
- lxd/storage/backend/mock: Removes "our mount" bool return value from MountCustomVolume
- lxd/storage/backend/lxd: Updates mount functions to remove OurMount and use new MountVolume signature
- lxd/storage/backend/lxd/patches: b.driver.MountVolume usage
- lxd/instance/drivers/driver: Unexports common restart function
- lxd/instance/instance/interface: Removes deprecated StorageStart and StorageStop functions
- lxd/instance/drivers/driver/common: Import ordering
- lxd/instance/drivers/driver/lxc: Updates mount usage with ref counting in mind
- lxd/instance/drivers/driver/lxc: Removes deprecated StorageStart and StorageStop
- lxd/instance/drivers/driver/qemu: Updates mount usage with ref counting in mind
- lxd/instance/drivers/driver/qemu: Implements RegisterDevices
- lxd/instance/drivers/driver/qemu: Removes deprecated StorageStart and StorageStop
- lxd/patches: Updates instance mount usage
- lxd/instance/metadata: Removes use of c.StorageStart and c.StorageStop
- lxd/instance/test: Removes use of StorageStart
- lxd/instance: Updates instanceCreateAsSnapshot to use updated mount functions
- lxd/devices: Register devices on all instance types
- lxd/device/disk: Implements Register function
- lxd/device/disk: Updates mount function usage in mountPoolVolume
- lxd/instance/drivers/driver/qemu: mount fixes
- lxd/storage/backend/lxd: Adds revert to MountInstance
- lxd/storage/drivers/driver/ceph/volumes: Adds revert to MountVolume
- lxd/storage/drivers/driver/lvm/volumes: Adds revert to MountVolume
- lxd/storage/drivers/driver/zfs/volumes: Adds revert to CreateVolumeFromBackup
- lxd/storage/drivers/driver/zfs/volumes: Adds revert to MountVolume
- lxd/storage/drivers/driver/zfs/volumes: Simplifies MountVolumeSnapshot and adds revert for parent volume mount
- lxd/storage/drivers/generic/vfs: Adds revert to genericVFSBackupUnpack
- lxd/api/internal: Adds internalImportFromRecovery function for instance recovery import
- lxd/instances/post: Updates createFromBackup to use updated internalImport signature
- lxd/device/disk comments
- test/suites/backup: Updates lxd import tests to expect instance to be unmounted after import
- lxd/instance/drivers/driver/lxc: Moves instance mount before idmap related var loading
- lxd/instance/drivers/driver/lxc: Rotate log file same stage as VM for consistency
- lxd/instance/drivers/driver/qemu: Use instance.LoadByProjectAndName in getMonitorEventHandler
- test: Updates container_import tests to remove lxd import followed by kill and start test
- lxd/storage/backend/lxd: Detect unsupported live copy of VMs and fail with clear message
- lxd/instance/lxc: Add extra check for devpts_fd
- lxd/device/nic/ovn: Removes unused Add function
- lxd/device/nic/bridged: Clarifies when device's Add function is called
- lxd/migrate/instance: Improves comments when instantiating migration.VolumeTargetArgs
- lxd/storage/backend/lxd: Improves comments when instantiating migration.VolumeTargetArgs
- lxd/storage/backend/lxd: Reject custom volume config if supplied in CreateInstanceFromMigration
- lxd/storage/drivers/driver/zfs/volumes: Use srcVol.NewVMBlockFilesystemVolume in CreateVolumeFromCopy
- lxd/storage/drivers/driver/zfs/volumes: Apply filesystem quota in CreateVolumeFromMigration
- lxd/storage/drivers/driver/btrfs/volumes: Apply quota in CreateVolumeFromMigration
- lxd/storage/drivers/driver: Makes size update consistent with other drivers in UpdateVolume
- lxd/storage/drivers/driver/cephfs/volumes: Use vol.ConfigSize() rather than vol.ExpandedConfig("size") for consistency with other drivers
- lxd/storage/drivers/driver/cephfs/volumes: Makes CreateVolumeFromMigration volume quota setting consistent with other non-block-backed drivers
- lxd/ap/internal: Improved error messages from instanceCreateInternal
- lxd/instance: Improved error messages from instanceCreateInternal
- lxd/instances/post: Improved error messages from instanceCreateInternal
- lxd/migrate/instance: Improved error messages from instanceCreateInternal
- lxd/device/disk: Only validate external disk source paths when real instance is loaded
- lxd/instance/drivers/driver/lxc: Remove user facing reference to "common start logic" in error
- lxd/instance/drivers/driver: Just log device add failures when adding device in non-user requested context
- lxd/instance/drivers/driver/lxc: Pass existing isRunning to c.updateDevices to avoid extra call to IsRunning()
- shared: Allow volatile uuid config keys
- lxd/instance/drivers: Support vgpu in qemu template
- lxd/instance/drivers: Support vgpu in VMs
- lxd/device/nic/sriov: Don't fail when resetting VF MAC to 00:00:00:00:00:00
- lxd/device/config: Allow gputype property
- lxd/device: Support mdev GPUs
- doc: Document mdev config key
- api: Add gpu_mdev
- lxc/info: Show mdev profiles
- po: Update translation
- lxd/images: Replace fp with fingerprint in logs
- lxd/daemon/images: Add contextual logging and use "fingerprint" rather than "image" for consistency with other code areas
- lxd/profiles/utils: Remove container references, improve comments
- lxd/db/profiles: Updates GetInstancesWithProfile to return all instance types, not just containers
- shared/instance: Improves comments
- lxd/project/project: Adds ProfileProject and ProfileProjectFromRecord functions
- lxd/profiles: Use project.ProfileProject instead of tx.ProjectHasProfiles
- test/suites/projects: Fix bug in test that assumed project wasnt checked for existance
- lxd/profiles/utils: Updates doProfileUpdate and doProfileUpdateCluster to return project and instance name in error
- lxd/device/device/interface: Moves updatable fields from CanHotPlug() into UpdatableFields()
- lxd/device/errors: Adds ErrCannotUpdate error
- lxd/device/device/common: Updates common implementation of CanHotPlug() and UpdatableFields()
- lxd/device/disk: Adds UpdatableFields function based on instance type
- lxd/device/disk: Only apply running IO limits to containers in Update
- lxd/device/nic/bridged: Adds UpdatableFields function and removes custom CanHotPlug function
- lxd/device/nic/ipvlan: Updates CanHotPlug function
- lxd/device/nic/ovn: Removes custom CanHotPlug function
- lxd/device/nic/p2p: Removes custom CanHotPlug function and adds UpdatableFields function
- lxd/device/nic/routed: Splits CanHotPlug function into new CanHotPlug and UpdatableFields functions
- lxd/instance/drivers/driver/lxc: Updates device management functions to use new CanHotPlug and UpdatableFields functions
- lxd/instance/drivers/driver/qemu: Updates device management functions to use new CanHotPlug and UpdatableFields functions
- lxd/device/config/devices/sort: Improves comments in Less
- lxd/device/disk: Removes use of global logger and use device contextual logger
- lxd/device/disk: Rework volatile apply_quota key handling to support virtual machines
- lxd/refcount: Adds Get function
- lxd/storage/backend/lxd: Removes dependence on RunningQuotaResize in SetInstanceQuota
- lxd/storage/backend/lxd: Removes dependence on RunningQuotaResize in UpdateCustomVolume
- lxd/storage/errors: Removes ErrRunningQuotaResizeNotSupported
- lxd/storage/drivers/volume: Adds MountInUse function
- lxd/storage/drivers/utils: Adds vol.MountInUse usage to ensureVolumeBlockFile
- lxd/storage/drivers/utils: Adds filesystemTypeCanBeShrunk and updates shrinkFileSystem to use it
- lxd/storage/drivers/utils: Updates growFileSystem to use DefaultFilesystem
- lxd/storage/drivers/driver/types: Removes RunningQuotaResize
- lxd/storage/drivers: Renames drivers_mock.go to driver_mock.go to align with other driver naming
- lxd/storage/drivers/driver/mock: Removes RunningQuotaResize
- lxd/storage/drivers/driver/btrfs: Updates BTRFS to use ensureVolumeBlockFile's in-use detection
- lxd/storage/drivers/driver/dir: Updates to use ensureVolumeBlockFile's in-use detection
- lxd/storage/drivers/driver/ceph/utils: Adds resizeVolume function
- lxd/storage/drivers/driver/ceph: Removes RunningQuotaResize
- lxd/storage/drivers/driver/ceph/volumes: Reworks SetVolumeQuota to be more aligned with LVM driver structure
- lxd/storage/drivers/driver/cephfs: Removes RunningQuotaResize
- lxd/storage/drivers/driver/lvm: Removes RunningQuotaResize
- lxd/storage/drivers/driver/lvm/volumes: Updates SetVolumeQuota to use Volume's in-use detection
- lxd/storage/drivers/driver/zfs: Removes RunningQuotaResize
- lxd/storage/drivers/driver/zfs/volumes: Updates SetVolumeQuota to use Volume's in-use detection
- lxd/storage/utils: Updates validatePoolCommonRules to differentiate VM volumes and filesystem volumes
- lxd/instance: Error quoting and logging improvements in instanceCreateInternal
- lxd/instance/drivers/driver/lxc: Adds revert to lxcCreate
- lxd/instance/drivers/driver/qemu: Adds revert to qemuCreate
- lxd/storage/backend/lxd: Set the correct volume content type for custom volumes
- lxc/info: Extend mdev details
- i18n: Update translation templates
- lxd/device/disk: Ignore ErrNotRunning for virtfs-proxy-helper
- lxd/patches/utils: Adds legacy volumeFillDefault function for patches
- lxd/patches: Updates patches to switch from driver.VolumeFillDefault to volumeFillDefault
- lxd/storage/drivers/interface: Adds FillVolumeConfig
- lxd/storage/drivers/driver/common: Adds FillVolumeConfig no-op for common drivers
- lxd/storage/drivers/driver/{ceph,lvm}: Adds FillVolumeConfig function to populate default filesystem settings
- lxd/storage/utils: Updates VolumeDBCreate to accept a Pool and call driver.FillVolumeConfig
- lxd/storage/backend/lxd: VolumeDBCreate usage
- lxd/storage/utils: Removes VolumeFillDefault and VolumeValidateConfig
- lxd/storage/pool/interface: Adds FillInstanceConfig
- lxd/storage/backend/lxd: Implements FillInstanceConfig
- lxd/storage/backend/mock: Adds FillInstanceConfig
- lxd/instance/drivers/driver/lxc: Updates lxcCreate to use storagePool.FillInstanceConfig
- lxd/instance/drivers/driver/qemu: Updates qemuCreate to use storagePool.FillInstanceConfig
- lxd/instance/drivers: Better errors in instance create functions
- lxd/storage/backend/mock: Return storage pool ID 1 rather than -1 to allow tests to run
- lxd/network/openvswitch/ovs: Adds InterfaceAssociatedOVNSwitchPort function
- lxd/network/driver/ovn: Updates Instance port functions to use instance UUID rather than instance ID
- lxd/network/driver/ovn: Updates InstanceDevicePortDelete to accept an instance UUID and a ovsExternalOVNPort hint
- lxd/device/nic/ovn: Update ovnNet interface to use instance UUIDs.
- lxd/device/nic/ovn: Use volatile.uuid instance UUID rather than instance ID for OVN switch port name
- lxd/device/nic/ovn: No need for intermediate v variable
- lxd/device/nic/ovn: Updates Stop to pass instance UUID and an OVS external OVN switch port hint to InstanceDevicePortDelete
- lxd/instance/qemu: Always render disk
- Support zstd compression.
- api: add resources_pci_iommu extension
- lxd-agent: Don't rely on systemd for rebooting
- lxd/instance: Move id field to common
- lxd/instance/common: Use 'd' as main variable
- lxd/instance/qemu: Rename d to dev
- lxd/instance/qemu: Replace vm with d
- lxd/instance/lxc: Rename d to dev
- lxd/instance/lxc: Replace c with d
- lxd/isntance: Move most properties to common
- lxd/instance: Move common functions to drive_common
- shared/instance: golint fixes
- shared/instance: Adds ConfigVolatilePrefix constant
- shared/instance: ConfigVolatilePrefix usage
- shared/instance: Adds InstanceIncludeWhenCopying function
- lxd/copy: shared.InstanceIncludeWhenCopying usage in copyInstance
- lxc: shared.ConfigVolatilePrefix usage
- lxd: shared.ConfigVolatilePrefix usage
- lxd/instances/post: shared.InstanceIncludeWhenCopying usage in createFromCopy
- lxd/storage: Add volatile idmap setting debug log to resetContainerDiskIdmap
- lxd/device/disk: Include network-config in cidata
- lxd/resources: Add GetNetworkState and GetNetworkCounters
- shared/api: Add IOMMUGroup field to ResourcesPCIDevice
- Add IOMMU group value to PCI devices
- lxd/storage/pools/utils: Updates comment and error for storagePoolCreateLocal
- lxd/storage/pools: Error quoting
- lxd/db/cluster: Adds state column to networks_nodes table and set existing rows to state=1 (created)
- lxd/db/networks: Populate node state column in NetworkNodeJoin
- lxd/db/networks: Populate node state column in CreatePendingNetwork
- lxd/db/networks: Adds networkNodeState and NetworkNodeCreated functiond
- lxd/db/networks: Comments
- lxd/db/networks: Populate node state column in CreateNetwork
- lxd/network/driver: Remove check that prevents starting network in pending state
- lxd/networks: Whitespace
- lxd/network/network/interface: Updates init to take api.Network and network nodes map
- lxd/network/network/interface: Adds LocalStatus
- lxd/network/network/load: Updates LoadByName to pass network nodes from s.Cluster.GetNetworkInAnyState to init()
- lxd/db/networks: Adds NetworkState type and uses it in place of int
- lxd/db/networks: Renames networkFillStatus to NetworkStateToAPIStatus
- lxd/db/networks: Adds NetworkNode type
- lxd/db/networks: Exports NetworkNodes and updates to return map of NetworkNodes
- lxd/db/networks: Updates GetNonPendingNetworks usage of NetworkNodes()
- lxd/db/networks: Modifies getNetwork and GetNetworkInAnyState to return map of NetworkNodes for network
- lxd/db/networks: Exports NetworkNodes
- lxd/db/networks: c.GetNetworkInAnyState usage
- lxd/db/networks: Updates comments to reference state constants
- lxd/patches: d.cluster.GetNetworkInAnyState usage
- lxd/api/cluster: d.cluster.GetNetworkInAnyState usage
- lxd/api/project: s.Cluster.GetNetworkInAnyState usage
- lxd/device/nic: d.state.Cluster.GetNetworkInAnyState usage
- lxd/network/driver/ovn: n.state.Cluster.GetNetworkInAnyState usage
- lxd/network/driver/common: Adds LocalStatus function and store node info inside network via init()
- lxd/network/driver/bridge: Only perform local date if local status is api.NetworkStatusCreated
- lxd/network/driver/ovn: Only perform local date if local status is api.NetworkStatusCreated
- lxd/network/driver/physical: Only perform local date if local status is api.NetworkStatusCreated
- lxd/networks: Updates doNetworksCreate to skip creation if node is already marked created
- lxd/networks: d.cluster.GetNetworkInAnyState usage
- lxd/networks: Don't skip network clean up if network is pending in networkDelete()
- lxd/networks: d.cluster.GetNetworkInAnyState usage
- lxd/networks: Updates networksPostCluster to only mark global network states as created once all nodes created
- lxd/db/migration/test: cluster.GetNetworkInAnyState usage
- lxd/network/network/interface: Adds IsManaged function
- lxd/network/driver/common: Adds IsManaged function and associated internal variable
- lxd/networks: Prevent rename of pending networks
- lxd/networks: Reduce duplicate query loading network in networkPut and doNetworkUpdate
- lxd/networks: Prevent update of global network config when network is pending in networkPut
- lxd/network/driver/bridge: Adds some basic revert to setup()
- lxd/network/driver/bridge: Only initialise revert if config has changed
- lxd/network/driver: Only apply local DB change in Update() when local node is in pending state
- lxd/network/driver/bridge: Fix incorrect return value
- test/suites/clustering: Add network node state tests for bridge networking
- lxd/instance: Use revert package in instanceCreateFromImage
- lxd/storage/backend/lxd: Remove revert from CreateInstanceFromImage
- lxd/storage/drivers/driver/common: Enable unsafe resize mode in runFiller when unpacking into image volumes
- lxd/storage/drivers/driver/ceph/volume: Allow image resize when in unsafe mode in SetVolumeQuota
- lxd/storage/drivers/driver/zfs/volume: Allow image resize when in unsafe mode in SetVolumeQuota
- lxd/storage/backend/lxd: Log new volume size in CreateInstanceFromImage
- lxd/instance/qemu: Follow symlink to lxd-agent
- lxd/instance/qemu: Fix GPU passthrough
- lxd/instance/operations: Allow Wait/Done on nil struct
- lxd/instance/lxc: Improve use of operations
- lxd/instance/lxc: Improve locking on file ops
- lxd/instance/operations: Introduce CreateWaitGet
- lxd/instance: Introduce restart tracking
- Makefile: Fix golint URL
- lxd/network/driver/bridge: Improve IP parsing errors
- lxd/network/driver/bridge: Don't fill default config on update
- lxd/network/driver/ovn: Improve IP parsing errors
- lxd/network/driver/ovn: Don't fill default config on update
- lxd/network/driver/bridge: Regenerate auto values on update
- lxd/network/driver/ovn: Regenerate auto values on update
- test/suites/network: Adds test for unsetting ipv4.address and ipv6.address
- test/suites/network: Adds test for regeneration of auto values
- doc/networks: Clarify bridge default auto values
- doc/networks: Clarifies default values for ovn ranges settings
- doc/networks: Clarify ovn default auto values
- lxd/device/disk: Only validate disk source pool when an actual instance is set
- test/suites/migration: Adds tests for copying instance with snapshots containing invalid disk devices
- lxc-to-lxd: Fix handling on snap
- lxd/instance: Bypass delete protection for internal calls
- lxd/instance/qemu: Improve state handling
- lxd/instance/operationlock: Allow Reset
- lxd/instance/qemu: Stretch start/stop timeout
- lxd/instance/qemu: Increase virtiofsd timeout to 10s
- lxd/instance/qemu: Move more logic into qemuArchConfig
- lxd/instance: Add Info function
- lxd/instance: Add SupportedInstanceDrivers
- lxd/instance: Add driver cache
- lxd/api: Show all instance drivers
- lxd/qemu: Don't stop processing events on shutdown
- lxd/rbac: Improve access to user information
- lxd/daemon: Improve request context
- lxd/rbac: Move userIsAdmin and userHasPermission
- lxd: Move to new RBAC helpers
- lxd/storage/volumes: Replace hardcoded "filesystem" with db.StoragePoolVolumeContentTypeNameFS in storagePoolVolumesTypePost
- lxd/storage/volumes: Error quoting in storagePoolVolumesTypePost
- lxd/storage/volumes: Fixes misleading comment in storagePoolVolumesPost
- lxd/storage/volumes: Set default volume content type to filesystem in storagePoolVolumesPost
- lxd/storage/volumes: Error quoting in storagePoolVolumesPost
- lxd/storage/utils: Align error returned from VolumeContentTypeNameToContentType with similar functions
- lxd/storage/volumes: Removes stuttering in errors in storagePoolVolumesTypePost
- lxd/networks: Use SmartError for response when loading networks
- lxd/project: Add new FilterUsedBy helper
- lxd: Filter all UsedBy based on RBAC
- lxd/images: Fix incorrect RBAC on push
- lxc/file: Fix typo in fileGetWrapper
- i18n: Update translation templates
- lxc/restore: Fix typo in help
- i18n: Update translation templates
- lxd/networks: Fix bad logging level
- lxd/daemon: Fix bad permission check
- lxd/storage/drivers/generic: Fix VM rename with ZFS
- lxd/instance: Remove duplicate event
- lxd/instance/common: Implement lifecycle wrapper
- lxd/instance/lxc: Port to new wrapper
- lxd/instance/lxc: Lock restore operations
- lxd/instance/qemu: Port to new wrapper
- lxd/instance/qemu: Lock restore operations
- lxd/backup: Add lifecycle events
- lxd/network: Add lifecycle function
- lxd/network: Implement create wrapper
- lxd/network: Add lifecycle events
- lxd/cluster/request/clienttype: Moves client type constants and helper into own package
- lxd/cluster/connect: Removes client type constants and helper
- lxd: Updates use of ClientType now moved to cluster/request package
- lxd/networks: Ensure etag generation uses its own copy of config in networkPut
- lxd/network/driver: Takes NetworkStatus safety patch from stable-4.0 and applies to master
- lxd/networks: Comment in networksPostCluster
- lxd/networks: Corrects log level in networksPostCluster
- lxd/networks: golint fix
- lxd/db/networks: Removes unused NetworkErrored function
- lxd/db/networks: Updates network state comments to indicate node usage
- lxd/instance: Adds per-struct contextual logger.
- lxd/instance/drivers: Fixes instanceType in instance logger
- lxd/db/cluster: Adds state column to storage_pools_nodes table and set existing rows to state=1 (created)
- lxd/db/storage/pools: Updates storage pool state comments to indicate node usage
- lxd/db/storage/pools: Replace use of networkCreated with storagePoolCreated in getStoragePool
- lxd/db/storage/pools: Set storage pool node state to created in UpdateStoragePoolAfterNodeJoin
- lxd/db/storage/pools: Set storage pool node state to pending in CreatePendingStoragePool
- lxd/db/storage/pools: Adds StoragePoolNodeCreated and storagePoolNodeState functions
- lxd/db/storage/pools: Set storage pool node state to pending in CreateStoragePool
- lxd/storage/pools/utils: Consistent commnent endings
- lxd/storage/pools/utils: Fix comment in storagePoolCreateLocal
- lxd/storage/pools: Add logging for storage pool state updates in storagePoolsPostCluster
- lxd/storage/pools/utils: Updates storagePoolCreateLocal to mark local node state as created
- lxd/db/storage/pools: Removes unused function StoragePoolErrored
- lxd/db/storage/pools: Updates comment on StoragePoolCreated
- lxd/storage/pools: Fix copy paste error in comment
- lxd/storage/load: Updates GetPoolByName to use state.Cluster.GetStoragePoolInAnyState
- lxc/storage: Adds --target flag support to cmdStorageSet
- lxd/storage/pools: Adds doStoragePoolUpdate function
- lxd/db/storage/pools: Adds StoragePoolState type and updates state constants to be of that type
- lxd/db/storage/pools: Adds StoragePoolNode type
- lxd/db/storage/pools: StoragePoolState usage
- lxd/db/storage/pools: Adds storagePoolNodes function
- lxd/db/storage/pools: Updates storage pool load functions to return nodes
- lxd/db/storage/pools: Updates storagePoolNodes to return map of StoragePoolNode
- lxd/db/storage/pools: c.GetStoragePoolInAnyState usage
- shared/api/storage/pool: Adds storage pool status contants
- lxd/db/storage/pools: Adds StoragePoolStateToAPIStatus and updates getStoragePool to use it
- lxd/patches: d.cluster.GetStoragePoolInAnyState usage
- lxd/api/cluster: d.cluster.GetStoragePoolInAnyState usage
- lxd/backup/backup/config: c.GetStoragePool usage
- lxd/daemon/storage: s.Cluster.GetStoragePool usage
- lxd/device/disk: d.state.Cluster.GetStoragePool usage
- lxd/instance/post: d.cluster.GetStoragePool usage
- lxd/instances/post: d.cluster.GetStoragePoolInAnyState usage
- lxd/storage/pools: d.cluster.GetStoragePoolInAnyState usage
- lxd/storage/volumes: GetStoragePoolInAnyState usage
- lxd/storage/volumes/backup: d.cluster.GetStoragePool usage
- lxd/storage/volumes/snapshot: d.cluster.GetStoragePool usage
- lxd/storage/pool/interface: Adds Description, Status and LocalStatus functions to definition
- lxd/storage/backend/mock: Adds Description, Status and LocalStatus functions
- lxd/storage/backend/lxd: Adds Description, Status, LocalStatus functions and adds nodes property
- lxd/storage/load: state.Cluster.GetStoragePoolInAnyState usage and populates pool nodes in GetPoolByName
- lxd/storage/pool/interface: Adds IsUsed and Create functions
- lxd/storage/backend/lxd: Exports Create and adds IsUsed
- lxd/storage/backend/mock: Adds IsUsed and Create
- lxd/storage/load: Deprecates CreatePool
- lxd/storage/load: Updates CreatePool to initialise empty node list
- lxd/storage/pools/utils: Updates storagePoolCreateLocal to use GetPoolByName
- lxd/storage/pools: Reworks storagePoolDelete to only delete locally if node has created state
- lxd/db/migration/test: cluster.GetStoragePool usage
- lxd/storage/pools: Reworks storagePoolPut and calls storagePoolPut from storagePoolPatch
- lxd/storage/pools: Removes unused storagePoolValidateClusterConfig, storagePoolClusterConfigForEtag, storagePoolClusterFillWithNodeConfig functions
- lxd/storage/pools/utils: Removes unused storagePoolUpdate
- lxd/storage/backend/lxd: Reworks Update to only apply changes to local node if not pending
- lxd/api/cluster: Updates client type usage to new package
- lxd/storage/load: Updates deprecated CreatePool to use client type
- lxd/patches: storagePools.CreatePool usage
- lxd/storage/pool/interface: Replaces localOnly and driverOnly indicators with clientType
- lxd/storage/backend/lxd: Replace localOnly and driverOnly with clientType
- lxd/storage/backend/mock: Replace localOnly and driverOnly with clientType
- lxd/storage/drivers/driver/ceph: Simplify Delete logic
- lxd/storage/pools: Switch to clientType
- lxd/storage/pools/utils: Switch to clientType
- lxd/api/cluster: Removal special casing for ceph/cephfs
- lxd/storage/backend/lxd: Adds protection against using a pending pool
- lxd/storage: Adds target support to cmdStorageGet
- lxd/storage/pools: Updates storagePoolsPostCluster to only forward non-node specific config
- test/suites/clustering: Add pool node state tests
- lxd/apparmor/qemu: Allow some more files
- lxd/storage/drivers/drivers/zfs/volumes: Fixes 10s delay when using VMs with ZFS in snap
- shared: Add IsUserConfig() utility function
- lxd/config: Allow user keys in server config
- lxd/storage/backend/lxd: Comment typo fix
- lxd/storage/drivers/driver/btrfs/volumes: Enable allowUnsafeResize in CreateVolume when creating initial image volume
- lxd/storage/drivers/utils: Updates ensureVolumeBlockFile to return unsupported when trying to resize image volume without allowUnsafeResize enabled
- lxd/storage/utils: Ensure pool's volume.size is checked when unpacking images to pools that use file based images
- lxd/instance/qemu: Deref OVMF path
- lxc: Clarify --compression option
- doc/image-handling: Update compression details
- i18n: Update translation templates
- lxd/rbac: Fix checks by matching proper name
- api: Add resources_network_usb and resources_disk_address
- shared/api: Add PCIAddress/USBAddress on network and storage
- lxd/resources: Add PCIAddress/USBAddress for networks and disks
- lxd/storage/drivers/utils: Modifies roundVolumeBlockFileSizeBytes to round up
- lxd/storage/drivers/utils: roundVolumeBlockFileSizeBytes usage
- lxd/storage/drivers/driver/zfs/utils: Use roundVolumeBlockFileSizeBytes in createVolume
- lxd/storage/drivers/driver/zfs/volumes: Use roundVolumeBlockFileSizeBytes in CreateVolume
- lxd/storage/drivers/driver/zfs/volumes: Use roundVolumeBlockFileSizeBytes in SetVolumeQuota
- lxd/storage/backend/lxd: Use revert in CreateInstanceFromCopy
- lxd/storage/backend/lxd: Don't fail in DeleteInstance if DB record already removed
- lxd/instance: Use revert in instanceCreateAsCopy
- lxd/storage/drivers/driver/ceph/volumes: Whitespace
- lxd/storage/drivers/driver/ceph/volumes: Adds a hasVolume function that accepts an RBD volume name
- lxd/storage/drivers/driver/ceph/volumes: Fixes issue in DeleteVolume that prevented image volume deletion if no readonly snapshot existed
- lxd/storage/backend/lxd: Return error in EnsureImage when cannot delete orphaned volume
- lxd/network/driver/ovn: Improve error message
- lxd/network/driver/physical: Adds ovn.ingress_mode config key
- lxd/network/driver/ovn: Updates uplinkRoutes to accept an *api.Network argument
- lxd/network/driver/ovn: n.uplinkRoutes usage
- lxd/network/driver/ovn: Moves subnet size validation into InstanceDevicePortValidateExternalRoutes
- lxd/network/driver/ovn: Updates InstanceDevicePortAdd to only publish external IPs using DNAT when uplink l2proxy mode enabled
- lxd/device/nic/ovn: Removes external subnet validation
- doc/networks: Adds ovn.ingress_mode to physical networks
- api: Adds network_physical_ovn_ingress_mode extensions
- lxd/network/network/utils: Don't reference ourselves in UsedBy
- lxd/network/driver/ovn: Only delete DNAT rules in InstanceDevicePortDelete if ingress mode is l2proxy
- lxd/network/openvswitch/ovn: Exports LogicalSwitchDHCPOptionsDelete and adds optional UUID filter for deletion
- lxc/network/driver/ovn: Adds ipv4.dhcp and ipv6.dhcp boolean settings
- lxc/network/driver/ovn: Modifies setup to only activate DHCP/RA if its enabled on network
- lxd/network/driver/ovn: Updates InstanceDevicePortAdd to respect DHCP options on network
- lxd/network/driver/ovn: Updates DHCPv4Subnet and DHCPv6Subnet to use IP helper functions
- api: Adds network_ovn_dhcp extension
- doc/networks: Adds ipv4.dhcp and ipv6.dhcp docs for OVN networks
- doc/networks: Mention DNSSEC setting
- doc/networks: Adds ipv4.routes.anycast and ipv6.routes.anycast to physical networks
- lxd/network/driver/physical: Adds ipv4.routes.anycast and ipv6.routes.anycast options
- lxd/network/driver/ovn: Adds uplinkHasIngressRoutedAnycastIPv4 and uplinkHasIngressRoutedAnycastIPv6 functions
- lxc/network/driver/ovn: Skip overlap detection of networks external subnets when uplink is in anycast routed ingress mode
- lxd/network/driver/ovn: Skip NIC external route overlap detection when uplink is in anycast routed ingress mode
- api: Adds network_physical_routes_anycast extension
- tests: Add test for import after deleted snapshot
- lxd/instances: Update backup file when deleting a snapshot
- lxd/instance/lxc: Fix backup.yaml delete logic to trigger properly
- lxd/instance/qemu: Also update backup.yaml on snapshot delete
- lxd/instance/qemu: Update backup.yaml on startup
- lxd/db/storage/pools: Comment wrapping
- lxd/storage/backend/lxd: Prevent modification of source field on non-pending nodes
- lxd/storage/drivers/driver/lvm: Comment typo
- lxd/network/driver/ovn: Only add default route and SNAT rules to router after adding external router port
- i18n: Update translations from weblate
- doc/networks: Add missing escaping
- lxd/apparmor/qemu: Allow ceph snap paths
- doc: Adds limits.instances key description.
- lxd/project: Adds 'limits.instances' configuration key
- api: Add projects_limits_instances extension
- doc/api-extensions: Fix escaping
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.8 リリースのお知らせ¶
12th of November 2020
はじめに ¶
LXD チームは LXD 4.8 のリリースをお知らせできることにとてもワクワクしています!
このリリースでは vTPM と VirtioFS のサポートが追加されました。そして cgroup2 サポートの作業が終了し、いくつか有用な機能の追加と改良を行いました。
また、ネットワークとストレージのトラッキングとライフサイクルが大幅に改良され、競合状態のクラス全体と通常のバグ修正の山が完全に排除されました。
Enjoy!
新機能とハイライト ¶
vTPM のサポート ¶
新しい tpm デバイスタイプが追加されました。コンテナと仮想マシンの両方でサポートされます。これは永続的な swtpm インスタンスを使い、通常は /dev/tpmX デバイスをインスタンス内で公開します。
stgraber@castiana:~$ lxc config device add tpm1 tpm tpm path=/dev/tpm0 Device tpm added to tpm1 stgraber@castiana:~$ lxc config device add tpm2 tpm tpm path=/dev/tpm0 Device tpm added to tpm2 stgraber@castiana:~$ lxc start tpm1 tpm2 stgraber@castiana:~$ lxc list tpm +------+---------+------------------------+-------------------------------------------------+-----------------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +------+---------+------------------------+-------------------------------------------------+-----------------+-----------+ | tpm1 | RUNNING | 10.166.11.45 (eth0) | fd42:4c81:5770:1eaf:216:3eff:fe95:4a5 (eth0) | CONTAINER | 0 | +------+---------+------------------------+-------------------------------------------------+-----------------+-----------+ | tpm2 | RUNNING | 10.166.11.120 (enp5s0) | fd42:4c81:5770:1eaf:216:3eff:fe71:4323 (enp5s0) | VIRTUAL-MACHINE | 0 | +------+---------+------------------------+-------------------------------------------------+-----------------+-----------+ stgraber@castiana:~$ lxc exec tpm1 -- tpm2_gettestresult status: success stgraber@castiana:~$ lxc exec tpm2 -- tpm2_gettestresult status: success
仮想マシンに対する VirtioFS ¶
これまで、LXD はエージェントが構成するデバイスと disk デバイスを使って仮想マシンに対して公開される追加パスの両方のトランスポートとして 9p を使ってきました。
信頼性が高く、一般的に十分サポートされていますが、9p は高速ではありません。
virtiofs がこのための高速なオプションです。LXD エージェントがインスタンス内部で使用できる方を使用し、LXD は 9p と virtiofs の両方を通してアタッチしたデバイスを公開しています。
stgraber@castiana:~$ lxc init images:ubuntu/20.04/cloud vm1 --vm Creating vm1 stgraber@castiana:~$ lxc config device add vm1 home disk source=/home/stgraber path=/mnt/virtiofs Device home added to vm1 stgraber@castiana:~$ lxc start vm1 stgraber@castiana:~$ lxc exec vm1 bash root@vm1:~# mkdir /mnt/9p root@vm1:~# mount -t 9p lxd_home /mnt/9p/ root@vm1:~# dd if=/dev/zero of=/mnt/9p/test.img bs=4M count=100 conv=fdatasync 100+0 records in 100+0 records out 419430400 bytes (419 MB, 400 MiB) copied, 5.19642 s, 80.7 MB/s root@vm1:~# dd if=/dev/zero of=/mnt/virtiofs/test.img bs=4M count=100 conv=fdatasync 100+0 records in 100+0 records out 419430400 bytes (419 MB, 400 MiB) copied, 0.831076 s, 505 MB/s root@vm1:~#
cgroup2 のフルサポート ¶
LXD はかなり長い間、ハイブリッドとフル cgroup2 システム上で機能してきました。しかし、その環境で実行された場合、必ずしもすべての制限が適用されていたわけではありませんでした。実際、ほとんどのコントローラーが起動時に制限された状態、またはサポートされないとして報告されていました。
次のものをのぞいて、LXD でサポートされるすべての制限に cgroup2 サポートを追加することで、これを大幅に改善しました。
- スワップの優先度指定とスワップの無効化(swappinessコントロールが必要)
- ネットワークの優先度(net_prioコントローラーが必要)
これら2つは現在、最新の Linux カーネルで相当する機能が cgroup2 にないためです。同等のソリューションが実装された際には、必ずその機能を使います。
デイリーのテストに cgroup1, スワップのアカウンティング付きのcgroup1、cgroup2 のテストを追加し、すべての制限が期待通り動作していることを https://jenkins.linuxcontainers.org/job/lxd-test-cgroup/ で確認しました。
zfs.clone_copy の rebase モード ¶
ZFS ストレージプールに追加された新しいオプションは、ソースのインスタンスが作成された元のイメージを追跡し、新しいインスタンスのオリジンとしてそれを使うように LXD に指示します。
これは、ソースインスタンスがイメージとともに持っているディスク上の差分を効率的に複製するので、そのコピーの結果としてディスク使用量が増えることを意味します。しかし、新しいインスタンスがソースと結びつくことも防ぎます。これにより、LXD が削除されたコピーのために削除されたデータセットを保持する必要がなくなり、ソースインスタンスを削除し、そのディスク領域を再利用できるようになります。
stgraber@castiana:~$ lxc launch images:ubuntu/20.04/cloud u1 Creating u1 Starting u1 stgraber@castiana:~$ sudo zfs list -t all -o name,origin castiana/lxd/containers/u1 NAME ORIGIN castiana/lxd/containers/u1 castiana/lxd/images/0d8a2b851ecb4a2dfc6313cb8bae203f15c5ca51c3c80bc65b573224e7f59f59@readonly stgraber@castiana:~$ lxc copy u1 u2 stgraber@castiana:~$ sudo zfs list -t all -o name,origin castiana/lxd/containers/u2 NAME ORIGIN castiana/lxd/containers/u2 castiana/lxd/containers/u1@copy-e51ca348-32b5-4101-ac05-c656bf7c2a1e stgraber@castiana:~$ lxc storage set default zfs.clone_copy false stgraber@castiana:~$ lxc copy u1 u3 stgraber@castiana:~$ sudo zfs list -t all -o name,origin castiana/lxd/containers/u3 NAME ORIGIN castiana/lxd/containers/u3 - stgraber@castiana:~$ lxc storage set default zfs.clone_copy rebase stgraber@castiana:~$ lxc copy u1 u4 stgraber@castiana:~$ sudo zfs list -t all -o name,origin castiana/lxd/containers/u4 NAME ORIGIN castiana/lxd/containers/u4 castiana/lxd/images/0d8a2b851ecb4a2dfc6313cb8bae203f15c5ca51c3c80bc65b573224e7f59f59@readonly
この例では:
- u1 はイメージからコピーして作られた通常のコンテナです
- u2 はソースのスナップショットから作られた通常のコピーです
- u3 はスタンドアロンコピーで、u1 のデータ全体とイメージを複製します
- u4 はリベースコピーで、u1 の差分とイメージを複製します
lxc snapshot と lxc storage volume snapshot コマンドの --reuse オプション¶
lxc snapshot と lxc storage volume snapshot コマンドで、同じ名前で新しいスナップショットを作成する前に既存のスナップショットを削除できるようになりました。
stgraber@castiana:~$ lxc snapshot u1 foo stgraber@castiana:~$ lxc snapshot u1 foo Error: Add snapshot info to the database: This instance_snapshot already exists stgraber@castiana:~$ lxc snapshot u1 foo --reuse stgraber@castiana:~$
restarted ライフサイクルイベント ¶
LXD は重要な状態の変更を容易に追跡できるように lifecycle イベントをログに記録します。
これまで、インスタンスが再起動されたり内部から再起動されると、ログには stopped イベントとそれに続く started イベントが記録されていました。
これが、何が起こったかを正確に記述する単一の restarted イベントに置き換えられました。
stgraber@castiana:~$ lxc monitor --type=lifecycle location: none metadata: action: virtual-machine-restarted source: /1.0/virtual-machines/u2 timestamp: "2020-11-12T17:47:50.559795164-05:00" type: lifecycle
ユーザからのリクエストのロギングの改良 ¶
LXD はすべての API 呼び出しの要求元をログメッセージと内部コンテキストデータに記録しています。しかし、これには少し制限がありました。どのプロトコル(unix, candid, tls)が使われたのかをログに記録しない、unix ソケット経由のリクエストの場合はユーザー名をログに記録できると言ったようなことのためです。
この問題は修正され、基本的な要求は次のように記録を行うようになりました:
DBUG[11-12|18:26:10] Handling method=GET url=/1.0 ip=@ protocol=unix username=stgraberDBUG[11-12|23:26:59] Handling method=GET url=/1.0 ip=[2001:470:b0f8:1000:223:a4ff:fe01:16f]:48334 protocol=candid username=stgraber@stgraber.netDBUG[11-12|18:28:23] Handling method=GET url=/1.0 ip=127.0.0.1:47508 protocol=tls username=390fdd27ed5dc2408edc11fe602eafceb6c025ddbad9341dfdcb1056a8dd98b1
すべての変更点(翻訳なし) ¶
このリリースでの完全な変更点のリストは次のとおりです:
- lxd/device/usb: Fix check for required USB device
- seccomp: switch back to pread()
- nsexec: simplify userns attach
- forksyscall: preserve root and cwd fds for shifted mount emulation
- lxc/init.go: remove for-loop in create()
- lxd/device/nic/ovn: Improved error messages
- lxd/network/driver/ovn: Generates static EUI64 IPv6 address for instance switch ports in instanceDevicePortAdd
- lxd/network/openvswitch/ovn: Adds LogicalSwitchPortGetDNS to return switch port DNS info
- lxd/network/openvswitch/ovn: Updates LogicalSwitchPortDeleteDNS to only accept DNS UUID rather than port name
- lxd/network/openvswitch/ovn: Updates LogicalSwitchPortSetDNS to return the DNS UUID record ID
- lxc/network/driver/ovn: Adds validateExternalSubnet function
- lxd/network/driver/ovn: Updates Validate to ensure ipv4.address and ipv6.address are allowed external subnets
- lxd/network/driver/ovn: Adds support for publishing instance port IPs to uplink network
- revert/revert.go: remove a for-loop from Clone()
- doc/networks: Adds ipv4.nat and ipv6.nat to ovn network
- lxc/copy.go: Remove unneeded for-loop in c.Run()
- lxd/db/networks: Fix NULL description
- lxd/network/driver/ovn: Allows "none" as value for ipv4.address and ipv6.address
- lxd/network/driver/ovn: Re-run validation of auto generated address used in FillConfig
- lxd/network/driver/ovn: Modify setup() to support optional IP addresses
- lxd/network/driver/ovn: Updates instanceDevicePortAdd to support optional IP addresses
- lxd/network/driver/ovn: Only call Validate in FillConfig if state is set
- lxd/db/projects: Adds GetProject function
- lxd/network/driver/ovn: Converts instance port functions to exported
- lxd/network/driver/ovn: Removes ipv4.routes.external and ipv6.routes.external
- lxc/network/driver/ovn: Adds projectRestrictedSubnets and uplinkRoutes functions
- lxd/network/driver/ovn: Simplifies Validate by using separate data loader functions
- lxd/network/driver/ovn: Passes project into allowedUplinkNetworks
- lxd/network/driver/ovn: Passes project into validateUplinkNetwork
- lxd/network/driver/ovn: Load project in setup() to pass to n.validateUplinkNetwork()
- lxd/network/driver/ovn: Adds InstanceDevicePortValidateExternalRoutes function
- lxd/network/network/utils/ovn: Remvoes unused functions
- lxd/device/nic/ovn: Adds ovnNet interface and use OVN instance port functions directly from network
- lxd/device/nic/ovn: Removes validation of external routes against network's external routes
- lxd/device/nic/ovn: Validate NICs external routes using d.network.InstanceDevicePortValidateExternalRoutes
- doc/networks: Removes ipv4.routes.external and ipv6.routes.external from ovn network
- lxd/patches: Adds patch for removing ipv4.routes.external and ipv6.routes.external from ovn networks
- api: Adds network_ovn_external_routes_remove extension
- lxd/network/driver/ovn: Fix project restricted subnets check in validateExternalSubnet
- lxd/images: Fixes ineffectual assign warning
- lxd/resources/usb: Fixes ineffectual assign warning
- lxd/storage/drivers/driver/lvm/volumes: Fixes ineffectual assign warning
- lxd/instance: Use project aware inst.LogPath() function when clearing log dir in instanceCreateInternal
- lxd/instance/drivers/driver/lxc: Project aware rename of log path in Rename()
- lxd/instance/drivers/driver/qemu: Project aware rename of log path in Rename()
- lxd/instance/drivers/driver/lxc: Makes collectCRIULogFile project log path aware
- lxd/instance/logs: Makes containerLogsGet project aware
- lxd/main/init/interactive: Clarifies question about using an existing empty disk
- lxd/network/driver/bridge: Sets ipv4.nat=true when adding a new fan network with fan.underlay_subnet=auto
- lxd/patches: Adds patchNetworkFANEnableNAT to set ipv4.nat=true for fan networks missing the setting
- doc/networks: Clarifies comment defaults for bridge ipv4.nat when not specified during creation
- lxd/seccomp: Fix go vet
- lxd/instance: Add Architecture to common
- lxd/devices: Disable USB on s390x
- add new "restarted" event to reboot section of onStop in both lxc and qemu
- tests: Fix missing clustering cleanup
- lxd/storage/zfs: Properly recurse delete volumes
- tests: Fix cleanup in backup
- lxd/storage/backend/lxd: b.driver.UnmountVolume usage
- lxd/instance/drivers/driver/lxc: Moves log rotate and mount before devices start in startCommon
- lxd/storage/drivers/interface: Adds keepBlockDev arg to UnmountVolume
- lxf/storage/drivers/volume: v.driver.UnmountVolume usage
- lxd/storage/drivers/volume: Adds keepBlockDev arg to UnmountTask
- lxd/storage/drivers/utils: Passes true for keepBlockDev arg to UnmounTask in shrinkFileSystem
- lxd/storage/drivers/generic/vfs: d.UnmountVolume usage
- lxd/storage/drivers/drivers/mock: Adds keepBlockDev arg to UnmountVolume
- lxd/storage/drivers/driver/btrfs/volumes: Adds keepBlockDev arg to UnmountVolume
- lxd/storage/drivers/driver/dir/volumes: Adds keepBlockDev arg to UnmountVolume
- lxd/storage/drivers/driver/cephfs/volumes: Adds keepBlockDev arg to UnmountVolume
- lxd/storage/drivers/driver/lvm/volumes: UnmountVolume usage
- lxd/storage/drivers/driver/lvm/volumes: Adds keepBlockDev arg to UnmountVolume
- lxd/storage/drivers/driver/lvm/volumes: UnmountTask usage
- lxd/storage/drivers/driver/ceph/volumes: d.UnmountVolume usage
- lxd/storage/drivers/driver/ceph/volumes: Adds keepBlockDev arg to UnmountVolume
- lxd/storage/drivers/driver/zfs/volumes: Adds keepBlockDev arg to UnmountVolume
- lxd/storage/drivers/driver/zfs/volumes: d.UnmountVolume usage
- lxd/device/config/devices/sort: Sort disks between nics and other types of devices
- lxd/device/config/devices/sort: Comment improvement
- lxd/instance/drivers: Device lifecycle logging improvements
- lxd/instance/drivers: Stop devices in reverse order to how they were started
- lxd/instance/drivers/driver/lxc: Only use postStartHooks var where actually needed
- lxd/instance/drivers/driver/qemu: Adds log rotation to Start
- lxd/storage/zfs: Fix argument ordering
- lxd/device/config: Add TPMDevice to RunConfig
- lxd/cluster/connect: Renames project arg to projectName in ConnectIfInstanceIsRemote
- lxd/cluster/connect: Adds projectName arg to ConnectIfVolumeIsRemote
- lxd/response: Adds projectName argument to forwardedResponseIfVolumeIsRemote
- lxd/storage/volumes: forwardedResponseIfVolumeIsRemote projectName argument usage
- lxd/db/storage/volumes: Corrects mispelled argument name in GetStorageVolumeNodeAddresses
- lxc/move: Bypass security.protection.delete
- lxd/device: Add TPM device type
- lxd/db: Add device type "tpm"
- lxd/instance/drivers: Support TPM devices in VMs
- lxd/device: Fix typo
- api: Add tpm_device_type API extension
- doc: Add tpm device
- test: Add TPM device
- doc/instances: usb and gpu are available in VMs
- doc/instances: Add missing header in usb device
- extract restart logic to new instance interface function of lxc and qemu
- scripts/bash: Fix snap handling
- extract common restart code to driver_common.go
- lxd/storage: Rename RunningSnapshotFreeze to RunningCopyFreeze
- lxd/storage: Ensure source is frozen during copy
- lxd/instance/drivers: Write out updated backup.yaml after rename
- lxd: Switch to new candid URL
- lxd/storage/zfs: No need to remove dashes from UUID
- shared: Drop GroupId and UserId
- lxd: Port to os/user
- lxd/daemon: Log protocol
- lxd/daemon: Pass writer to Authenticate
- lxd/daemon: Record username on unix queries
- lxd/storage: Lock during the whole image replace
- lxd/db/errors: Adds ErrNoClusterMember var used to indicate no cluster member has been found for a resource
- lxd/db/storage/volumes: Modifies GetStorageVolumeNodeAddresses to detect volumes that are not bound to a single node
- lxd/db/storage/volumes: Removes StorageVolumeIsAvailable
- lxd/response: Updates forwardedResponseIfVolumeIsRemote to accept poolName rather than poolID
- lxd/storage/volumes: forwardedResponseIfVolumeIsRemote usage
- lxd/storage/volumes/backup: forwardedResponseIfVolumeIsRemote usage
- lxd/storage/volumes/snapshot: forwardedResponseIfVolumeIsRemote usage
- lxd: Replace use of tx.GetProject with cluster.GetProject
- lxd/project/project: Adds StorageVolumeProjectFromRecord function
- lxd/db/instances: Renames and reworks instanceListExpanded to InstanceList
- lxd/db/instances/export/test: Removes unused file
- lxd/db/instances/test: Renames TestInstanceListExpanded to TestInstanceList
- lxd/patches: driver.VolumeTypeNameToDBType usage
- lxd/profiles/utils: Comment on doProfileUpdateContainer for clarity
- lxd/response: cluster.ConnectIfVolumeIsRemote usage
- lxd/storage/drivers/driver/types: Adds VolumeMultiNode field to Info
- lxd/storage/drivers/driver/cephfs: Adds VolumeMultiNode=true to Info struct
- lxd/storage/utils: Renames VolumeTypeNameToType to VolumeTypeNameToDBType
- lxd/storage: VolumeTypeNameToDBType usage
- lxd/storage/utils: Adds VolumeDBTypeToTypeName function
- lxd/storage/utils: Comment consistency
- lxd/storage/utils: Renames and reworks VolumeUsedByRunningInstancesWithProfilesGet to VolumeUsedByInstances
- lxd/storage/utils: Adds VolumeUsedByExclusiveRemoteInstancesWithProfiles function
- lxd/cluster/connect: Reworks ConnectIfVolumeIsRemote to use storagePools.VolumeUsedByExclusiveRemoteInstancesWithProfiles
- lxd/device/disk: storagePools.VolumeUsedByExclusiveRemoteInstancesWithProfiles usage
- lxd/storage/volumes: storagePools.VolumeTypeNameToDBType usage
- lxd/storage/volumes: Updates storagePoolVolumeTypePost to use updated storagePools.VolumeUsedByInstances
- lxd/storage/backend/lxd: Updates UpdateCustomVolume to check for online resize support when resizing
- lxd/storage/backend/lxd: Updates RestoreCustomVolume with VolumeUsedByInstances
- lxd/storage/utils: Removes VolumeUsedByInstancesGet function as not properly project compliant
- lxd/storage/volumes/utils: Replaces storagePools.VolumeUsedByInstancesGet usage with storagePools.VolumeUsedByInstances in storagePoolVolumeUsedByGet
- lxd/device/disk: Replace storagePools.VolumeUsedByInstancesGet usage with storagePools.VolumeUsedByInstances in storagePoolVolumeAttachShift
- lxd/endpoints: Update error string in test
- shared/simplestreams: Record variant
- shared/simplestreams: Fix sorting of images
- lxd/project/project: Updates StorageVolumeProjectFromRecord to not return error (as never populated)
- lxd/project/project: Adds NetworkProjectFromRecord function
- lxd/storage/utils: project.StorageVolumeProjectFromRecord usage
- lxd/network/driver/ovn: Adds NIC external route overlap validation of other OVN external network subnets and OVN NIC external routes
- lxd/device/nic/ovn: Updates ovnNet interface's InstanceDevicePortValidateExternalRoutes to add instance argument
- lxd/device/nic/ovn: d.network.InstanceDevicePortValidateExternalRoutes usage
- lxd/instance/qmp: Merge Go routines
- shared/cancel: Close chDone on failure
- lxd: Only close doneCh on success
- i18n: Update translations from weblate
- lxd/network/driver/ovn: Adds ovnProjectNetworksWithUplink function
- lxd/network/driver/ovn: Updates ovnNetworkExternalSubnets to allow optional filtering of our own network's subnets
- lxd/network/driver/ovn: Updates ovnNICExternalRoutes to optionally filter our own NIC's external routes
- lxd/network/driver/ovn: Updates InstanceDevicePortValidateExternalRoutes to use new functions and signatures
- lxd/network/driver/ovn: Updates Validate to check external subnets dont overlap with other OVN networks or NICs sharing our uplink
- lxd/network/openvswitch/ovn: Return ErrOVNNoPortIPs in LogicalSwitchPortSetDNS when no port IPs found
- lxd/network/driver/ovn: Retry LogicalSwitchPortSetDNS up to 5 times to avoid missing dynamic IP allocation by OVN
- exec: make sure to only use TIOCGPTPEER if available
- lxd/instance/drivers: Change memory backend
- lxd/instance/drivers: Add virtio-fs config drive template
- lxd/instance/drivers: Handle virtio-fs config drive
- lxd/instance/drivers: Add system unit file for virtio-fs config drive
- lxd/device/disk: Support virtio-fs
- lxd/device/disk: Handle alternative virtfs-proxy-helper location
- lxd-agent: Prefer virtio-fs over 9p
- lxd/instances: Fix virtiofsd for config drive
- lxd/instance/drivers: Issue warning if virtiofsd is missing
- lxd/device: Issue warning if virtiofsd is missing
- lxd/instance/drivers: Fix lxd-agent systemd unit conditions
- lxd/storage: Only freeze if not frozen
- lxd/device/sriov: Harden calls to ip link vf
- api: Add storage_zfs_clone_copy_rebase extension
- doc/storage: Allow 'rebase' in zfs.clone_copy
- lxd/storage: Allow 'rebase' as value for zfs.clone_copy
- lxd/storage/zfs: Add support for clone_copy rebase
- lxd/qmp: Ensure checkbuffer is called
- lxd/network/driver/ovn: Adds support for using uplink bridge using bridge.driver=openvswitch
- lxd/virtiofs: Fix handling of config drive
- lxd/storage/lvm: Properly make lvm.thinpool_name node-specific
- lxd/instance/drivers/driver/qemu: Call MountInstanceSnapshot when mounting vm snapshots
- lxd/instance/drivers/driver/qemu: Ensure consistent mount state when restoring snapshot irrespective of whether instance was running
- lxd/instance/drivers/driver/lxc: Ensure consistent mount state when restoring snapshot irrespective of whether instance was running
- lxd/storage/drivers/volume: Comment clarification
- lxd/storage/drivers/driver/zfs/volumes: Only resurrect deleted image volume if same size in CreateVolume
- lxd/storage/drivers/driver/zfs/volumes: Improved logging
- lxd/storage/drivers/driver/zfs/volumes: Return ErrNotSupported in SetVolumeQuota when trying to resize an image block volume
- lxd/storage/drivers/driver/ceph/volumes: Only resurrect deleted image volume if same size in CreateVolume
- lxd/storage/drivers/driver/ceph/volumes: Improves logging in CreateVolume
- lxd/storage/drivers/driver/ceph/volumes: Don't allow image volume size in SetVolumeQuota
- lxd/storage/backend/lxd: Adds size to logging in SetInstanceQuota
- lxd/storage/backend/lxd: Update EnsureImage to resize/regenerate optimized image volumes if existing volume is different size than pool's volume.size setting
- lxd/storage/backend/lxd: Updates CreateInstanceFromImage to detect ErrCannotBeShrunk and create one-off non-optimized volume for instance
- lxd/storage/drivers/driver/ceph/utils: Updates getRBDMappedDevPath to allow control of mapping
- lxd/storage/drivers/driver/ceph/utils: d.rbdUnmapVolumeSnapshot on one line
- lxd/storage/drivers/driver/ceph/volumes: d.getRBDMappedDevPath usage
- lxd/storage/utils: Makes InstanceDiskBlockSize snapshot aware
- lxd/storage/drivers/driver/ceph/volumes: Removes extraneous comment
- lxd/storage/drivers/driver/ceph/volumes: Activate volume before genericVFSMigrateVolume in MigrateVolume
- lxd/storage/pool/interface: Adds MountInfo struct
- lxd/storage/pool/interface: Return MountInfo from MountInstance and MountInstanceSnapshot
- lxd/storage/backend/lxd: Populate MountInfo with OurMount and DiskPath in MountInstance
- lxd/storage/backend/lxd: Unexports getInstanceDisk
- lxd/storage/backend/lxd: Populates OurMount and DiskPath in MountInstanceSnapshot
- lxd/storage/utils: Updates InstanceDiskBlockSize to use MountInfo
- lxd/storage/backend/mock: Interface changes
- lxd/instance: Updates instanceCreateAsSnapshot to use MountInfo
- lxd/patches: Updates to use MountInfo
- lxd/instance/drivers/driver/lxc: Updates mount to return MountInfo and usage
- lxd/instance/drivers/driver/qemu: Updates mount to return MountInfo and usage
- lxd/storage/drivers/generic/vfs: Adds genericVolumeDiskFile constant for excluding generic disk block files
- lxd/storage/drivers/generic/vfs: Avoid using d.GetVolumeDiskPath in genericVFSMigrateVolume
- lxd/storage/drivers/generic/vfs: Use genericVolumeDiskFile in genericVFSGetVolumeDiskPath
- lxd/storage/drivers/driver/ceph/utils: Add logging to rbdMapVolume and rbdUnmapVolume
- lxd/storage/drivers/driver/ceph/utils: Updates getRBDMappedDevPath to support snapshots
- lxd/storage/drivers/driver/ceph/volumes: Updates MountVolume to return ourMount for block volumes
- lxd/storage/drivers/driver/ceph/volumes: Updates UnmountVolumeSnapshot to handle block volumes
- lxd/storage/drivers/driver/ceph/volumes: Renames RBDDevPath to devPath
- lxd/storage/utils: Improves logging and uses size value from vol.ConfigSizeFromSource in ImageUnpack
- lxd/storage/backend/lxd: Improves logging in CreateInstanceFromImage
- lxd/storage/backend/lxd: Improves logging and uses imgVol.ConfigSizeFromSource in EnsureImage
- doc/instances: Rephrase limits.memory.swap
- doc/instances: Typo fix
- lxd/storage: Use same defaults as "lxd init"
- lxd/instance/drivers/driver/qemu: Converts all supplied memory byte values to mebibytes for comparison
- lxd/rbac: Fix URL encoding
- lxd/cgroup: Fix V2 detection/handling
- lxd/cgroup: Add file read/writer
- lxd/cgroup: Fix controller detection
- lxd/cgroup: Add cpuset functions
- lxd/cgroup: Fix warning wording
- lxd/devices: Drop old workaround
- lxd/devices: Port to cgroup package
- lxd/instance: Replace CGroupGet/CGroupSet
- lxd/devices: Update to use cgroup abstraction
- lxd/cgroup: Implement proper typing
- lxd/cgroup: Change ParseCPU to return int64
- lxd/instance/lxc: Update for cgroup function changes
- lxd/cgroup: Improve naming
- lxd/instance: Update for new naming
- lxd/cgroup: Add V2 for GetBlkioWeight and SetBlkioWeight
- lxd/device: Move disk priority back to lxc
- lxd/cgroup: Fix get blkio weight
- lxd/cgroup: Add abstraction for SetBlkioLimit
- lxd/device: Port disk limits to abstraction
- lxd/db/storage/volumes: Adds workaround for old remote volume schema in GetStorageVolumeNodeAddresses
- lxd/db/storage/volumes: Renames GetStorageVolumeNodeAddresses to GetStorageVolumeNodes
- lxd/cluster/connect: Updates ConnectIfVolumeIsRemote to use tx.GetStorageVolumeNodes
- lxd/db/storage/volumes/test: Updates test for TestGetStorageVolumeNodes
- lxd/storage/utils: Updates VolumeUsedByInstances to accept an api.StorageVolume arg
- lxd/storage/utils: Updates VolumeUsedByExclusiveRemoteInstancesWithProfiles to use an api.StorageVolume arg
- lxd/storage/volumes/utils: Updates storagePoolVolumeUsedByGet to accept an api.StorageVolume arg
- lxd/cluster/connect: Updates ConnectIfVolumeIsRemote to use VolumeUsedByExclusiveRemoteInstancesWithProfiles with vol arg
- lxd/device/disk: Updates validateConfig to use storagePools.VolumeUsedByExclusiveRemoteInstancesWithProfiles with vol arg
- lxd/device/disk: Updates storagePoolVolumeAttachShift to use storagePools.VolumeUsedByInstances with vol arg
- lxd/storage/backend/lxd: Updates UpdateCustomVolume to use VolumeUsedByInstances with vol arg
- lxd/storage/backend/lxd: Updates RestoreCustomVolume to use VolumeUsedByInstances with vol arg
- lxd/storage/volumes: storagePoolVolumeUsedByGet usage
- lxd/storage/volumes: Updates storagePoolVolumeTypePost to use storagePools.VolumeUsedByInstances with a vol arg
- lxd/storage/volumes: Use db.StoragePoolVolumeTypeName constants
- lxd/storage/volumes: Updates storagePoolVolumeTypeGet to use storagePoolVolumeUsedByGet with a vol arg
- lxd/storage/volumes: Updates storagePoolVolumeTypeDelete to use storagePoolVolumeUsedByGet with a vol arg
- lxd/storage/volumes/snapshots: storagePoolVolumeUsedByGet usage
- lxd/storage/volumes/utils: Removes storagePoolVolumeAPI constants and converter functions
- lxd/patches: Recreates patchStoragePoolVolumeAPI constants and function for historical patches
- lxd/storage/volumes: Simplifies volume type in URL in storagePoolVolumes routes
- lxd/storage/volumes/snapshot: Simplifies volume type in URL generation
- lxd/storage/volumes: Updates storagePoolVolumeTypePostRename args
- lxd/storage/volumes: Removes unnecessary var init in storagePoolVolumeTypePostMove
- lxd/storage/drivers/driver/ceph/volumes: Fix rbd device leak in RenameVolume
- lxd/storage/drivers/generic/vfs: Use revert package in genericVFSRenameVolume
- lxd/storage/utils: Adds matching of instances on same node as local volume in VolumeUsedByInstances
- lxd/storage/volume: Removes need for loading storage volume when doing lxc storage volume attach
- lxd/device/disk: Reject path property for block disk devices
- lxd/storage/utils: Renames VolumeUsedByInstanceDevices and passes usedByDevices into callback function
- lxd/device/disk: storagePools.VolumeUsedByInstanceDevices usage
- lxd/storage/backend/lxd: VolumeUsedByInstanceDevices usage
- lxd/storage/utils: VolumeUsedByInstanceDevices usage
- lxd/storage/volumes/utils: storagePools.VolumeUsedByInstanceDevices usage
- lxd/storage/volumes: storagePools.VolumeUsedByInstanceDevices usage
- lxd/storage/volumes: Updates storagePoolVolumeTypePost to use updated storagePoolVolumeTypePostRename and storagePoolVolumeTypePostMove
- lxd/storage/volumes: Updates storagePoolVolumeTypePostRename to use updated storagePoolVolumeUpdateUsers
- lxd/storage/volumes: Updates storagePoolVolumeTypePostMove to use updated storagePoolVolumeUpdateUsers
- lxd/instance/drivers/driver/lxc: Removes common function LocalDevices implemented in LXC driver
- lxd/db/instances: Better errors in InstanceList
- lxd/storage/utils: Adds VolumeUsedByProfileDevices function
- lxd/storage/utils: Removes unused volume name matching logic in VolumeUsedByInstanceDevices
- lxd/storage/volumes/utils: Updates storagePoolVolumeUpdateUsers to use storagePools.VolumeUsedByProfileDevices and storagePools.VolumeUsedByInstanceDevices
- lxd/storage/volumes/utils: Updates storagePoolVolumeUsedByGet to use storagePools.VolumeUsedByProfileDevices
- lxd/storage/volumes/utils: Golint suggestions in storagePoolVolumeUsedByGet
- lxd/cluster/connect: Removes CLI command flag in error response in ConnectIfVolumeIsRemote
- lxd/db/storage/pools/test: Initialise db.StorageRemoteDriverNames in db_test package
- lxd/db: Removes duplicated db.StorageRemoteDriverNames init from tests
- lxd/locking/lock: Adds UnlockFunc type and updates Lock() signature
- lxd/storage/drivers/utils: Extends OperationLockName to take into account content type.
- lxd/storage/drivers/volume: Adds MountLock function
- lxd/storage/drivers/driver/lvm/utils: drivers.OperationLockName usage
- lxd/storage/backend/lxd: drivers.OperationLockName usage
- lxd/storage/drivers: Adds mount and unmount locking
- lxd/storage/drivers/volume: Removes locking from MountTask and UnmountTask
- lxd/instance/drivers/driver/lxc: Stop devices in two phases
- lxd/device/disk: Removes workaround for ceph disks now that disks are stopped after instance is stopped
- doc/rest-api: auth property is never set to guest
- lxd/apparmor: Workaround socket handling
- lxd/storage: Expand local config
- lxd/cgroup: Fix swap limits
- lxd/instance/lxc: Fix crash in cgroup function
- lxc/snapshot: Add reuse option
- lxc/storage: Add reuse option to snapshot
- i18n: Update translation templates
- lxd/instance: Removes instanceConfigureInternal
- lxd/instance: Replace instanceConfigureInternal usage with update backup file which was only relevant part
- lxd/storage/backend/lxd: Adds log to CreateInstanceFromMigration showing if migration volume size header not sent
- lxd/cgroup: Support SetCPUShare on V2
- lxd/cgroup: Implement SetCPUCfsLimit for V2
- lxd/instance/lxc: Port to SetCPUCfsLimit
- lxd/cgroup: Support CGroup V2 in ParseCPU
- lxd-agent: Don't allow connections when rebooting
- i18n: Update translations from weblate
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.0.4 LTS リリースのお知らせ ¶
22nd of October 2020
はじめに ¶
LXD チームが LXD 4.0.4 のリリースをお知らせします!
このリリースは、2025 年 6 月までサポートされる LXD 4.0 に対する 4 つめのバグフィックスリリースです。
バグ修正と改良 ¶
このリリースには、開発ブランチからの数カ月分のバグフィックスと細かな改善が含まれています。
主な変更点は次の通りです:
- 使える場合は常にサブプロセスで
pidfdsを使うようになりました - Windows で
remote-viewerが使えるようになりました(lxc console --type=vgaで) - proxy デバイス向けの AppArmor プロファイル
- qemu プロセス向けの AppArmor プロファイル
- 仮想マシンのメモリの縮小と再拡大(
limits.memoryの動的変更) - ストレージプールへの
rsync.compression設定キーの追加(転送時の圧縮を無効化するために) - 仮想マシンでの USB デバイスのサポート(
remote-viewerのリモートへのポートを含む)
コミットの全リストは次の通りです(翻訳なし):
- main_checkfeature: remove logging failed shiftfs mounts
- seccomp: log errors to convert unix connection to file
- unixfd: improve SCM_RIGHTs file descriptor retrieval
- seccomp: simplify the seccomp message retrieval
- lxd/apparmor: Disable cgroup2 on legacy hosts
- lxc/manpage: Fix behavior in snap
- shared/subprocess: Add StartWithFiles
- lxd/forkproxy: Switch to using subprocess
- daemon: check namespace management support through pidfds
- nsexec: remove unused dosetns() function
- nsexec: add new change_namespace() helper
- forksyscall: use pidfds to attach to namespaces
- forknet: use pidfds to attach to namespaces
- forkmount: use pidfds to attach to namespaces
- forkproxy: use pidfds to attach to namespaces
- forkfile: use pidfds to attach to namespaces
- nsexec: remove unused setnsat()
- lxd/db/networks: Separates network type and status conversion into separate functions
- lxd/db/networks: Adds ClusterTx.GetNonPendingNetworks function
- lxd/db/networks: Adds ClusterTx.UpdateNetwork function
- lxd/db/networks: Populates network nodes in ClusterTx.GetNonPendingNetworks
- lxd/db/networks: Populate description col with empty string in CreatePendingNetwork
- shared/validate: Adds IsNetworkMTU function
- lxd/network/driver: validates mtu using IsNetworkMTU
- lxd/device/nic: Validates mtu using IsNetworkMTU
- lxd/network/driver/common: Moves notifier for delete into common
- lxd/networks: Moves cluster notification and storage clean up for networkDelete into common
- shared/validate: Use consistent quoting for outputting input value when there is an error
- lxc: Bundle sortorder
- lxd/network/network/utils: Adds pingIP function
- lxd/storage/drivers/utils: Fixes shrinkFileSystem to detect e2fsck filesystem modifications
- lxd/db/instances: Ensure correct pool name is returned in GetInstancePool
- shared/cert: Fix on Windows
- lxc/console: Support remote-viewer on Windows
- lxc/export: Use HostPathFollow
- lxd/cluster: Re-try listening for a minute
- lxd/init: Don't fail on existing address
- lxd/storage/zfs: Fix bad transfer logic on block
- lxd/storage/zfs: Always discard mountpoint on recv
- lxd/db/projects: go imports order
- lxd/db/projects: Removes unnecessary whitespace
- lxd/storage/zfs: Don't filter mountpoint on block
- lxd/db/instances: Removes instancePoolSnapshot function
- lxc/network: Fix usage
- i18n: Update translation templates
- lxd/apparmor/dnsmasq: drop dup rule, /snap/lxd/*/ includes /snap/lxd/current/
- lxd/apparmor/forkdns: drop dup rule, /snap/lxd/*/ includes /snap/lxd/current/
- lxd/instance: Always put snapshots on same pool as parent
- doc/security: Adds note about non-IP ethernet frame filtering to stop VLAN QinQ bypass
- shared/util: Converts DefaultPort from string to int
- lxd/util/net: Updates CanonicalNetworkAddress to use net.JoinHostPort rather than manual fmt.Sprintf
- lxd/util/net: Adds CanonicalNetworkAddressFromAddressAndPort function
- lxd/device/device/utils/proxy: Use net.JoinHostPort rather than manual fmt.Sprintf
- lxd/main/init/interactive: Error wrapping
- lxd/main/init/interactive: Use canonical address after port has been added for comparison
- lxd/main/init/auto: util.CanonicalNetworkAddressFromAddressAndPort usage
- lxc/remote: shared.DefaultPort usage
- lxd-agent/main/agent: shared.DefaultPort usage
- lxd-p2c/utils: shared.DefaultPort usage
- lxd/vsock: shared.DefaultPort usage
- lxd/util/http: shared.DefaultPort usage
- lxd/main/init: shared.DefaultPort usage
- lxd/storage: Refuse BLOCK_AND_RSYNC with running instance
- lxd/apparmor: Simplify profile name generation
- lxd/device: Export Name and Config
- lxd/apparmor: Shrink instance interface
- lxd/apparmor/forkdns: Alignment
- lxd/apparmor/forkdns: Support LD_LIBRARY_PATH
- lxd/api/cluster: Makes ServerAddress field required for clusterPutJoin
- lxd/init: Updates initDataNodeApply to use revert package and to revert itself on error
- lxd/cluster/connect: Adds UserAgentNotifier constant
- lxd/cluster/connect: Adds UserAgentJoiner constant
- lxd/cluster/connect: Adds ClientType type and UserAgentClientType function
- lxd/api: Updates isClusterNotification to use cluster.UserAgentNotifier
- lxd/api/cluster: clusterInitMember comments
- lxd/api/cluster: initDataNodeApply usage
- lxd/main/init: initDataNodeApply usage
- lxd/api/cluster: Updates clusterPutJoin to use cluster.UserAgentJoiner when sending requests to local node
- lxd/network/network/interfaces: Replaces clusterNotification bool with cluster.ClientType
- lxd/network/driver/common: cluster.ClientType usage
- lxd/networks: cluster.ClientType usage
- lxd/apparmor/dnsmasq: Add /proc/self/fd
- lxd/apparmor/forkdns: Allow reading/mapping the binary
- lxd/apparmor: Add forkproxy
- lxd/device/forkproxy: Add apparmor
- lxd/instance/instance/interface: Moves Project() function into ConfigReader interface
- lxd/instance/drivers/driver/common: Adds Project function
- lxd/instance/drivers/driver/lxc: Updates lxc to use common fields
- lxd/instance/drivers/driver/lxc: Removes driver specific Project function
- lxd/instance/drivers/driver/qemu: Removes driver specific Project function
- lxd/network/network/utils: Improves UpdateDNSMasqStatic error message
- lxd/storage/drivers/load: Cache supported drivers
- lxd/storage/drivers/load: Remove references to "support" in AllDriverNames
- lxd/apparmor/forkproxy: Fix running on i386
- lxd/storage/drivers/interface: Adds isRemote function
- lxd/storage/drivers/driver/common: Adds isRemote() function that returns false
- lxd/storage/drivers/driver: Updates driver's Info() function to call d.isRemote()
- lxd/storage/drivers/ceph: Implements isRemote function for ceph and cephfs
- lxd/storage/drivers/load: Removes SupportedDrivers caching and updates comment
- lxd/network/driver: cluster.ClientType usage
- lxd/storage/drivers/load: Remove references to "support" in AllDriverNames
- lxd/storage/drivers/load: Simplifies RemoteDriverNames to use the isRemote function
- lxd/network: Add missing import
- shared/log15: Fix due to recent unix change
- Handle signals in non-interactive sessions.
- Fix hang when control is not provided in non-interactive mode.
- lxd/storage/volumes: Only apply config changes when restoring snapshot if non-nil config is supplied
- lxd/network/driver/bridge: Exclude /32 underlay addresses from overlay address generation
- lxd/device/device/utils/network: Removes networkRandomDevName
- lxd/network/network/utils: Adds RandomDevName function
- lxd/device: network.RandomDevName usage
- lxd/network: Adds Description function
- doc/api: Removes underscore escaping when used inside backticks
- lxd/instance/drivers: Fixes crash when removing device that cant be loaded
- lxc/storage_volume: Fix usage string
- po: Update translations
- lxd/drivers/qemu: Use gic-version=max on aarch64
- lxc/config: Update wording for profile/config
- lxc/export: Support writing to stdout
- i18n: Update translation templates
- Drop custom SQLite and libco
- validate: Consider + as unsafe in URL
- lxd/instance/snapshots: Restrict naming
- lxd/storage/drivers/utils: Corrects argument order of mkfs in makeFSType for wider compatibility
- lxd/api/cluster: Start networks after cluster join
- lxd/networks: Only call n.Start() during doNetworksCreate if client type isn't joiner
- lxd/network/network/utils: Adds UsedBy function and unexports related functions not used elsewhere
- lxd/network/driver/common: Updates IsUsed to use UsedBy
- lxd/network/driver/bridge: Adds existing interface check as Create function
- lxd/network/driver/bridge: Push down interface name conflict check to Rename
- lxd/profiles/utils: Renames project arg to projectName in doProfileUpdate
- lxd/profiles: Updates usage of ValidDevices in profilesPost
- lxd/networks: Updates networkPost validation
- lxd/networks/utils: Removes networkGetInterfaces function
- lxd/instance/instance/utils: Project name is needed to validate instance devices
- lxd/instance: instance.ValidDevices project argument usage
- lxd/instance/drivers/driver/lxc: instance.ValidDevices project usage
- lxd/instance/drivers/driver/lxc: Error quoting
- lxd/instance/drivers/driver/qemu: instance.ValidDevices project usage
- lxd/instance/drivers/load: Adds project support to validDevices
- lxd/device/device/load: Adds project support to load function
- lxd/networks: Updates doNetworkGet to support projects and to use network.UsedBy
- lxd/networks: Drop networkGetInterfaces
- shift_linux: tweak ACL handling
- tar_write: switch to PAXRecords to preserve ACLs too
- shift_linux: handle ACL unshifting correctly
- shift_linux: handle capability unshifting correctly
- shift_linux: converty to CBytes not to CString
- lxc/utils: Add usage function
- lxc: Drop command name from translation
- i18n: Update translation template
- lxd/init: Updates initDataNodeApply to return a revert function
- lxd/main/init: Updates Run to use revert
- lxd/api/cluster: Updates clusterPutJoin to use revert
- lxd/api/cluster: Updates clusterInitMember to return a revert function
- lxd/api/cluster: Logging quoting
- lxd/network: Adds Info struct and function
- shared/subprocess: Set err on non-zero
- lxd/instances/qemu: Use subprocess
- lxd/instance: Add DevPaths
- lxd/apparmor: Fix unload/delete
- lxd/apparmor/instance: Sort context
- lxd/apparmor: Prepare for qemu
- lxd/apparmor: Add qemu profile
- lxd/instance/drivers/driver/qemu: Switch to threads locking mode and writeback cache mode for BTRFS
- doc/instance: raw.apparmor now implemented for VM
- lxd/apparmor: Tweak qemu profile for non-snap
- shared/idmap/shift/linux: Handle nil IdmapSet in UnshiftACL and UnshiftCaps
- shared/instancewriter/instance/tar/writer: Handle nil idmapSet and log shifting errors in WriteFile
- lxc: Better handle arguments
- lxc: Unbundle sortorder
- lxd/util/sys: Fixes GetExecPath when lxd binary has been removed/changed
- lxd/db/images: Error message uppercase first letter
- lxd/instance: Adds instanceImageTransfer and updates instanceCreateFromImage to use it
- lxd/daemon/images: Error quoting
- lxd/daemon/image: Adds logic to download image from another cluster node into ImageDownload
- lxd/db/images/test: Fixes tests for LocateImage
- test/suites/clustering: Adds test for image transfer between cluster nodes
- bash-completion: use "list --format=csv" consistently
- bash-completion: use regex grouping for
lxc start - lxd/instance/qemu: Fix mem device naming
- proxy bind= should accept host|instance as the doc says
- Valid proxy type= values are all lower case so fix doc
- s/descriptros/descriptors/
- Revert "lxd/network/driver/bridge: Exclude /32 underlay addresses from overlay address generation"
- lxd/network/driver/bridge: Skip lo interface when generating fan overlay address in addressForSubnet
- lxd/apparmor: Allow unix sockets binding
- doc/server: Sort config keys
- lxd: Ensure all use of db.InstanceFilter defines instance type
- lxd/project/permissions: Fixes AllowInstanceCreation tests
- lxd/project/permissions: Error quoting
- doc/storage: no need to escape underscore in bash examples
- shared/validate: Use ParseUint in IsNetworkMTU
- lxd/device/device/utils/network: Change argument for NetworkSetDevMTU to uint32
- lxd/device/device/utils/network: NetworkSetDevMTU usage
- lxd/network/network/utils: Changes GetDevMTU to return uint32
- doc/projects: Sort config keys
- lxd/project/permissions: Typo
- lxd/storage/cephfs: Fix quota on new volumes
- lxc/remote: Add project selection logic
- i18n: Update translation templates
- lxd/backup: Adds WorkingDirPrefix constant
- lxd: backup.WorkingDirPrefix usage
- lxd/backup: Rename comment ending
- lxd/backup: DoBackupDelete comment ending
- lxd/network/network/interface: Adds Type interface and moves non-DB depedent functions into it
- lxd/network/network/load: Adds LoadByType function and removes ValidateNameAndProject function
- lxd/main/init/interactive: netType.ValidateName usage
- lxd/networks: Switch to network type validation in networksPost
- lxd/networks: Use ValidateName function on loaded DB network in networkPost
- lxd/network/network/interface: Exports FillConfig
- lxd/network/network/load: Removes FillConfig function
- lxd/networks: netType.FillConfig usage
- lxd/network/driver/common: Exports FillConfig
- lxd/network/driver/bridge: FillConfig usage
- lxd/network/driver/common: Removes common Type() and netType
- lxd/network: Adds Type() to each driver
- lxd/db/errors: Updates ErrAlreadyDefined text to be generic
- lxd/network/network/interface: Adds DBType function
- lxd/network/driver: Implements DBType()
- lxd/network/driver: Adds NodeSpecificConfig Info var
- lxd/instances: Fix ceph cluster target move
- lxd/cgroup: Fix memory.swappiness detection
- lxd/db: Adds boolean support to doDbQueryScan
- lxd/sys/fs: initDirs comment
- lxd/sys/fs: initDirs error quoting
- lxd/sys/fs: Adds initStorageDirs to be called after storage pools and daemon volumes are mounted
- lxd/sys/os: Adds InitStorage
- lxd/daemon: Call d.os.InitStorage after daemon storage volumes are mounted
- lxd/backup/instance/config: Renames InstanceConfig to Config
- lxd/backup/backup/config: Makes Config fields omitempty so custom volume's encoded yaml doesn't contain instance fields
- lxd/backup/backup/config: Adds comment to Container field explaining that VM backups use this too
- lxd/storage/pool/interface: backup.Config usage
- lxd/api/internal: backup.ParseConfigYamlFile usage
- lxd/storage/backend: backup.Config usage
- lxd/backup: Moves Instance interface into own file
- lxd/backup: Moves Info struct and GetInfo function into own file
- lxd/backup: Renames backup to backup_common
- lxd/rbac: Avoid tight retry loop
- lxd/rbac: Directly handle re-tries on 504
- lxd/networks: netType.DBType usage in networksPost
- lxd/networks: Create pending network node entries when network driver doesn't support per node config in networksPost
- lxd/networks: Comments in networksPostCluster
- lxd/networks: Comments in networkGet
- lxd/network: Only adding pseudo pending node records when in cluster in networksPost
- lxd/networks: Updates doNetworkUpdate to use n.Validate so that project is available to validator
- lxd/network/network/load: Removes unused Validate
- lxd/networks: Fix build
- lxd/backup/backup/common: Renames Backup to BackupCommon
- lxd/backup/backup/instance: Adds InstanceBackup using CommonBackup as basis
- lxd/backup: Changes pruneExpiredContainerBackups to use InstanceBackup.Delete() function
- lxd/instance/instance/utils: backup.InstanceBackup usage
- lxd/instance/instance/interface: backup.InstanceBackup usage
- lxd/instance/drivers: backup.InstanceBackup usage
- lxd/backup/backup/utils: Adds TarReader function
- lxd/backup/backup/info: Changes Type field from api.InstanceType to Type
- lxd/backup/backup/info: Updates GetInfo to use TarReader
- lxc/backup: Updates backupWriteIndex to use backup.Type
- lxd/backup/backup/info: GetInfo consistent comment endings
- lxd/backup/backup/info: Updates GetInfo to support backup.Type
- lxd/db/backups: InstanceBackup comment
- lxd/db/backups: projectName argument renaming
- lxd/db/storage/volumes: Set Snapshot: true in StorageVolumeArgs returned from GetLocalStoragePoolVolumeSnapshotsWithType
- lxd/instance: Spacing
- lxd/storage/drivers/driver/btrfs/utils: Switches to backup.TarReader
- lxd/storage/drivers/driver/btrfs: Consistent comment ending
- lxd/storage/drivers/driver/zfs/volumes: consistent comment ending
- lxd/storage/drivers/generic/vfs: Consistent comment ending
- lxd/backup/backup/info: Adds note about legacy container.bin optimized type check
- lxd/backup/backup/instance: Fix old parent directory removal in InstanceBackup.Rename()
- lxd/backup: Backtrack path changes
- lxd/backup/backup/config: Adds VolumeSnapshots to Config struct
- lxd/backup/backup/info: Adds Config field to Info struct
- client/interfaces: Add custom volume backup functions
- client/interfaces: Adds StoragePoolVolumeBackupArgs struct
- client/lxd/storage/volumes: Add custom volume backup functions
- lxd/db/storage/volume/snapshots: Adds GetStorageVolumeSnapshotsNames function
- lxd/storage/drivers/driver/btrfs/volumes: Adds support for optimized custom volume backups
- lxd/storage/drivers/driver/dir/volumes: Adds support for custom volume backups nil post hooks
- lxd/storage/drivers/driver/zfs/volumes: Adds support for optimized custom volume backups
- lxd/storage/drivers/driver/zfs/volumes: Adds support for custom volume backups nil post hooks
- lxd/storage/drivers/generic/vfs: Adds support for custom volume backups to genericVFSBackupVolume
- lxd/storage/drivers/generic/vfs: Adds support for custom volume backups to genericVFSBackupUnpack
- shared/api/storage/pool/volume: Adds custom volume backup structs
- lxd/storage/drivers: Support block volumes
- lxd/cluster: Changing "no heartbeat" language in membership.go "no heartbeat since
" changed to "no heartbeat for " - lxc: Always use HostPathFollow
- lxd/storage/drivers/generic/vfs: Fixes custom volume root dir ownership issue in genericVFSBackupUnpack
- test/suites/backup: Use project argument in test_backup_import_with_project
- test/suites/backup: Use project argument in test_backup_export_with_project
- test/suites/backup: Adds test for backup import into different project in test_backup_import_with_project
- lxd/api: Restrict access to daemon config
- lxd/storage: Allow ceph/cephfs for images/backups
- client/interfaces: Adds Name field to InstanceBackupArgs
- client/lxd/instances: Adds custom name restore support to CreateInstanceFromBackup
- lxd/instance/drivers/qmp/monitor: Adds GetBalloonSizeBytes and SetBalloonSizeBytes
- lxd/instance/drivers/driver/qemu: Adds live shrinking of memory
- lxd/devices/config/devices/utils: Adds doc block for deviceEquals and deviceEqualsDiffKeys
- lxd/device/config/devices: Comment clean up
- lxd/device/config/devices: Improves comments and variable naming in Update
- lxd/device/config/devices: Fixes bug in Update where allChangedKeys only contains changed keys from last device
- lxd/device/config/devices: Handles nil updateFields function in Update
- lxd/instances/post: Adds custom name support for backup import to createFromBackup
- lxd/instances/post: createFromBackup usage
- lxd/instance/drivers/driver/lxc: Whitespace
- lxd/instance/drivers/driver/qemu: Removes logic duplication in live update
- lxd/api/internal: Adds AllowNameOverride to internalImportPost
- lxd/api/internal: Override instance name in internalImport when AllowNameOverride is set
- client/interfaces: Adds Name field to StoragePoolVolumeBackupArgs to bring in line with InstanceBackupArgs
- client/lxd/storage/volumes: Updates CreateStoragePoolVolumeFromBackup to accept volume name override via X-LXD-name header
- shared/api: Not all disks have a device path
- lxd/resources: Ignore rbd devices
- lxd/device/device/interface: Adds NICState interface for getting NIC state
- lxd/device/nic/bridged: Implements NICState interface by adding State function
- lxd/instance/drivers/driver/qemu: Refactors RenderState to support multiple NIC types in the future
- lxd/instance/drivers/qmp/monitor: Renames GetMemoryBalloonSizeBytes
- lxd/instance/drivers/qmp/monitor: Renames SetMemoryBalloonSizeBytes
- lxd/instance/drivers/qmp/monitor: Adds GetMemorySizeBytes function
- lxd/instance/drivers/driver/qemu: Adds qemuDefaultMemSize constant
- lxd/instance/drivers/driver/qemu: Updates updateMemoryLimit to allow memory resize back to boot time size
- lxd/instance/drivers/driver/qemu: Updates IsRunning to not check for BROKEN state
- lxd/instance/drivers/driver/qemu: Updates statusCode() to detect if monitor failure with running VM
- lxd/apparmor: Allow access to zoneinfo files
- lxd/apparmor: Add /etc/localtime to the list
- lxd/project: Always allow cloud-init:config drives
- doc/image-handling: Cover publishing
- lxd/network/network/utils: Adds GetNeighbourIPs function
- lxd/network/network/utils: Updates GetLeaseAddresses to return only net.IP list
- lxd/device/nic/bridged: Updates State() to return partial data
- lxd/device/nic: Fix build on stable
- shared/simplestreams: Fix stream's index download url
- refuse empty passwords
- lxd/storage: Adds rsync.compression config key
- doc: Adds rsync.compression
- api: storage_rsync_compression
- tests: Valid rsync.compression
- doc/index: Add libsqlite3-dev back to dependencies
- lxd/firewall/drivers/driver/nftables: Updates nft parser to handle nft sets with composite
typefield - shared/validate/validate: Increases max MTU to 16384 to support super jumbo packets
- lxd/apparmor/forkproxy: Fix bad profile name
- lxd/apparmor/forkproxy: Allow writing to log path
- lxc: Better handle copy/move between projects
- lxd/apparmor: Fix version parsing
- lxd/dnsmasq: Switch to Parse for version parsing
- lxd/firewall/drivers: Fix to Parse for version parsing
- lxd/rsync: Switch to Parse for version parsing
- shared/version: Make patch optional
- lxd/networks: Log error in doNetworksCreate after failed create if cleanup fails too
- lxd/network/network/utils: Moves bridge related functions into own file
- static_analysis: exclude vendored headers from spell checking
- static_analysis: exclude .git
- shift_linux: vendor posix_acl_xattr.h
- shares/validate: Whitespace
- lxd/apparmor/forkproxy: Socket path fixes
- lxd/images: Fix crash when no "info" struct
- lxd/util/net: Updates SysctlSet to support setting multiple keys
- shared/validate: Adds IsNetworkAddressList function
- lxd/network/network/utils: Adds VLANInterfaceCreate function
- lxd/device/device/utils/network: network.VLANInterfaceCreate usage
- lxd/device/device/utils/network: Removes NetworkRemoveInterface function
- lxd/network/network/utils: Adds InterfaceRemove and InterfaceExists functions
- lxd/network/network/utils: InterfaceExists usage
- lxd/device/device/utils/network: network.InterfaceRemove usage
- lxd/device/nic: network.InterfaceRemove usage
- lxd/network/driver/bridge: InterfaceExists usage
- lxd/network/network/utils: Adds InterfaceSetMTU function
- lxd/device: network.InterfaceSetMTU usage
- lxd/storage/pools: Gives clear error message when trying to create duplicate storage pool in single node
- lxd/network/driver: Improves comments
- lxd/device/sriov: Fix build
- lxd/events: Validate type
- lxd/events: Prevent logging access to non-admin
- lxd/daemon: Clean shutdown on SIGPWR/SIGTERM
- lxd/operations: Don't directly trigger shutdown
- lxd: Prevent internal cluster migration of instances with backups
- lxd/instance/drivers: Enable USB for VMs
- lxd/instance/drivers: Add USB controller to QEMU config
- lxd/apparmor: Fix devPaths in QEMU profile
- db: Retry transient errors for longer
- db: Always retry driver.ErrBusy, regardless of the error message
- db: Retry failed rollbacks if they are due to transient errors
- db: Explicitly rollback leftover transactions when a new one can't be started
- db: Retry to begin a new transaction after an explicit rollback attempt
- lxd/operations: Fix timeout
- lxd/daemon: Allow more operations during shutdown
- lxd/include: Relocate ifndef for NEWCGROUP
- doc: Remove stray _ escapes in security.md
- lxc-to-lxd: Handle snap better
- lxd/events: Handle default permissiosn in projects
- lxd/dnsmasq: Adds 100ms sleep to successful Kill() to allow sockets to be released by OS
- lxd/instance/drivers/driver/qemu: Restores ability to resize VM disks
- lxd/device/disk: Adds comment about VM instances depending on CanHotPlug fields for stopped disk resize
- lxd/instance/qemu: Fix bad event name
- lxd/storage: Check base image is available locally
- lxd/instance: Fix building on 4.0
- lxd/device/usb: Allow USB devices for VMs
- lxd/device: Add bus and dev number to USBEvent
- lxd/apparmor: Allow USB specific paths
- lxd/device/config: Add USBDevice to RunConfig
- lxd/storage/drivers/driver/lvm: Don't remove empty thinpool and volume group if lvm.vg.force_reuse enabled
- shared/validate/validate: Removes inaccurate comments about optional values
- shared/validate/validate: Adds IsNetwork and IsNetworkList functions
- shared/validate/validate: Re-orders IP validation functions
- lxd/network/driver/common: Ban : char from network names in ValidateName()
- lxd/device: Handle USB devices for VMs
- lxd/instance/drivers: Add qemuUSBDev template
- lxd/instance/drivers: Add USB devices to qemu config
- Revert "lxd/instance/drivers: Enable USB for VMs"
- lxd/driver/qemu: Add spice usb ports
- forksyscall: use correct function
- lxd-agent: Fix defer in for loop
- shared/util.go: use string method with stdout and stderr
- simplestreams.go: remove unneeded fmt.Sprintf and simplify getImages()
- lxd/instance/drivers: Updates templateApplyNow to close files at end of each iteration
- lxd/network/network/utils: Adds SubnetContains function
- lxd/network/network/utils: Adds SubnetIterate function
- lxd/network/network/utils: Adds SubnetParseAppend function
- lxd/api/project: Moves projectConfigKeys inside projectValidateConfig and adds state
- lxd/api/project: projectValidateConfig usage
- forkmount: improve
- seccomp: improve logging for the seccomp notifier
- seccomp: make sure that insertMountLXD() doesn't call into LXC
- lxd/network/driver/bridge: Fixes inconsistency between normal bridge and fan bridge default ipv4.nat value
- lxd/device/usb: Fix check for required USB device
- seccomp: switch back to pread()
- nsexec: simplify userns attach
- forksyscall: preserve root and cwd fds for shifted mount emulation
- lxc/init.go: remove for-loop in create()
- revert/revert.go: remove a for-loop from Clone()
- lxc/copy.go: Remove unneeded for-loop in c.Run()
- lxd/db/projects: Adds GetProject function
- lxd/db/networks: Fix NULL description
- doc/instances: Re-organises NIC device type docs introducing section about network property
- lxd/images: Fixes ineffectual assign warning
- lxd/resources/usb: Fixes ineffectual assign warning
- lxd/storage/drivers/driver/lvm/volumes: Fixes ineffectual assign warning
- lxd/instance: Use project aware inst.LogPath() function when clearing log dir in instanceCreateInternal
- lxd/instance/drivers/driver/lxc: Project aware rename of log path in Rename()
- lxd/instance/drivers/driver/qemu: Project aware rename of log path in Rename()
- lxd/instance/drivers/driver/lxc: Makes collectCRIULogFile project log path aware
- lxd/instance/logs: Makes containerLogsGet project aware
- lxd/main/init/interactive: Clarifies question about using an existing empty disk
- lxd/network/driver/bridge: Sets ipv4.nat=true when adding a new fan network with fan.underlay_subnet=auto
- lxd/patches: Adds patchNetworkFANEnableNAT to set ipv4.nat=true for fan networks missing the setting
- doc/networks: Clarifies comment defaults for bridge ipv4.nat when not specified during creation
- lxd/seccomp: Fix go vet
- lxd/instance: Add Architecture to common
- lxd/devices: Disable USB on s390x
- add new "restarted" event to reboot section of onStop in both lxc and qemu
- tests: Fix missing clustering cleanup
- lxd/storage/zfs: Properly recurse delete volumes
- lxd/storage/backend/lxd: b.driver.UnmountVolume usage
- lxd/instance/drivers/driver/lxc: Moves log rotate and mount before devices start in startCommon
- lxd/storage/drivers/interface: Adds keepBlockDev arg to UnmountVolume
- lxf/storage/drivers/volume: v.driver.UnmountVolume usage
- lxd/storage/drivers/volume: Adds keepBlockDev arg to UnmountTask
- lxd/storage/drivers/utils: Passes true for keepBlockDev arg to UnmounTask in shrinkFileSystem
- lxd/storage/drivers/generic/vfs: d.UnmountVolume usage
- lxd/storage/drivers/drivers/mock: Adds keepBlockDev arg to UnmountVolume
- lxd/storage/drivers/driver/btrfs/volumes: Adds keepBlockDev arg to UnmountVolume
- lxd/storage/drivers/driver/dir/volumes: Adds keepBlockDev arg to UnmountVolume
- lxd/storage/drivers/driver/cephfs/volumes: Adds keepBlockDev arg to UnmountVolume
- lxd/storage/drivers/driver/lvm/volumes: UnmountVolume usage
- lxd/storage/drivers/driver/lvm/volumes: Adds keepBlockDev arg to UnmountVolume
- lxd/storage/drivers/driver/lvm/volumes: UnmountTask usage
- lxd/storage/drivers/driver/ceph/volumes: d.UnmountVolume usage
- lxd/storage/drivers/driver/ceph/volumes: Adds keepBlockDev arg to UnmountVolume
- lxd/storage/drivers/driver/zfs/volumes: Adds keepBlockDev arg to UnmountVolume
- lxd/storage/drivers/driver/zfs/volumes: d.UnmountVolume usage
- lxd/device/config/devices/sort: Sort disks between nics and other types of devices
- lxd/device/config/devices/sort: Comment improvement
- lxd/instance/drivers: Device lifecycle logging improvements
- lxd/instance/drivers: Stop devices in reverse order to how they were started
- lxd/instance/drivers/driver/lxc: Only use postStartHooks var where actually needed
- lxd/instance/drivers/driver/qemu: Adds log rotation to Start
- lxd/storage/zfs: Fix argument ordering
- lxd/patches: Fix for stable-4.0
- lxd/cluster/connect: Renames project arg to projectName in ConnectIfInstanceIsRemote
- lxd/cluster/connect: Adds projectName arg to ConnectIfVolumeIsRemote
- lxd/response: Adds projectName argument to forwardedResponseIfVolumeIsRemote
- lxd/db/storage/volumes: Corrects mispelled argument name in GetStorageVolumeNodeAddresses
- lxc/move: Bypass security.protection.delete
- lxd/device: Fix typo
- doc/instances: usb and gpu are available in VMs
- doc/instances: Add missing header in usb device
- lxd/storage/volumes: forwardedResponseIfVolumeIsRemote projectName argument usage
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.7 リリースのお知らせ¶
16th of October 2020
はじめに ¶
LXD チームは LXD 4.7 のリリースをお知らせできることにとてもワクワクしています!
このリリースには、VM でとても歓迎すべきいくつかの改良(USB と Live メモリのアップデート)、バックアップ機能の充実、OVN 仮想ネットワークを使う場合の多数の改良が含まれています。
Enjoy!
新機能とハイライト ¶
カスタムストレージボリュームのバックアップ(export/import) ¶
新たにカスタムボリュームに対する backup API が追加されました。これにより、cli で lxc storage volume export と lxc storage volume import が使えるようになりました。
stgraber@castiana:~$ lxc storage volume create default foo Storage volume foo created stgraber@castiana:~$ lxc storage volume export default foo Backup exported successfully! stgraber@castiana:~$ lxc storage volume delete default foo Storage volume foo deleted stgraber@castiana:~$ lxc storage volume import default backup.tar.gz stgraber@castiana:~$ lxc storage volume list default +----------------------------+------------------------------------------------------------------+-------------+--------------+---------+ | TYPE | NAME | DESCRIPTION | CONTENT TYPE | USED BY | +----------------------------+------------------------------------------------------------------+-------------+--------------+---------+ | container | lxd-build | | filesystem | 1 | +----------------------------+------------------------------------------------------------------+-------------+--------------+---------+ | container | lxd-build-focal | | filesystem | 1 | +----------------------------+------------------------------------------------------------------+-------------+--------------+---------+ | container | steam | | filesystem | 1 | +----------------------------+------------------------------------------------------------------+-------------+--------------+---------+ | custom | backups | | filesystem | 1 | +----------------------------+------------------------------------------------------------------+-------------+--------------+---------+ | custom | foo | | filesystem | 0 | +----------------------------+------------------------------------------------------------------+-------------+--------------+---------+ | custom | images | | filesystem | 1 | +----------------------------+------------------------------------------------------------------+-------------+--------------+---------+
別の名前でのインスタンスのインポート ¶
ついに別の名前でインスタンスのバックアップをインポートできるようになりました!
stgraber@castiana:~$ lxc init images:alpine/edge a1 Creating a1 stgraber@castiana:~$ lxc export a1 Backup exported successfully! stgraber@castiana:~$ lxc import backup.tar.gz a2 stgraber@castiana:~$ lxc list a +------+---------+------+------+-----------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +------+---------+------+------+-----------+-----------+ | a1 | STOPPED | | | CONTAINER | 0 | +------+---------+------+------+-----------+-----------+ | a2 | STOPPED | | | CONTAINER | 0 | +------+---------+------+------+-----------+-----------+
仮想マシンのメモリの圧縮(と再増加) ¶
仮想マシン内のバルーンデバイスを制御できるようになりました。メモリ容量を縮小させ、その後で再度前の制限にまで戻すことができるようになりました(さらなるメモリの追加にはリブートが必要です)。
stgraber@castiana:~$ lxc config show ubuntu-desktop | grep memory
limits.memory: 2GiB
stgraber@castiana:~$ lxc exec ubuntu-desktop -- free -m
total used free shared buff/cache available
Mem: 1983 437 822 7 722 1386
Swap: 448 0 448
stgraber@castiana:~$ lxc config set ubuntu-desktop limits.memory 1500MiB
stgraber@castiana:~$ lxc exec ubuntu-desktop -- free -m
total used free shared buff/cache available
Mem: 1435 436 276 7 722 840
Swap: 448 0 448
stgraber@castiana:~$ lxc config set ubuntu-desktop limits.memory 2GiB
stgraber@castiana:~$ lxc exec ubuntu-desktop -- free -m
total used free shared buff/cache available
Mem: 1983 437 822 7 722 1387
Swap: 448 0 448
stgraber@castiana:~$
仮想マシンに対する USB デバイスのパススルー ¶
usb デバイスタイプが仮想マシンで使えるようになりました。
新しいデバイスを追加するには再起動が必要な点をのぞいては、コンテナと全く同じように動作します。
さらに、3 つの仮想ポートが LXD の VM に接続されており、lxc console --type=vga を使って、リモートの USB デバイスへのリダイレクションが使えます。
マイグレーション時の rsync 圧縮が設定可能に ¶
新たに真偽値の rsync.compression オプションがストレージプールに対して追加されました。
これにより、ネットワークが充分に高速でボトルネックにならず、圧縮が原因で CPU 使用率が問題となるような場合に、マイグレーション操作中の rsync 圧縮を無効にできるようになりました。
プロジェクトのネットワークで使えるアップリンクの制限 ¶
OVN ネットワーク機能を有効にしたプロジェクトを使っている場合、仮想マシンが使うアップリンクネットワークを制限できるようになりました。
アップリンクネットワークがひとつだけの場合、ユーザーが指定しなくても LXD は自動的にそのネットワークを使います。
これはプロジェクトに新たに追加された restricted.networks.uplinks オプションで行います。
新たに追加された管理 physical ネットワークタイプ ¶
新たに physical ネットワークタイプが追加されました。これは、現時点では OVN ネットワークに対するアップリンクとしてのみ使えます。設定には OVN ネットワークで使える IP アドレスのセットと、ゲートウェイ、DNS サーバが含まれています。
stgraber@castiana:~$ lxc network create external parent=eth0 ipv4.gateway=172.17.0.1/24 ipv4.ovn.ranges=172.17.0.100-172.17.0.150 dns.nameservers=1.1.1.1 --type=physical Network external created stgraber@castiana:~$ lxc network list +----------+----------+---------+----------------+---------------------------+-------------+---------+ | NAME | TYPE | MANAGED | IPV4 | IPV6 | DESCRIPTION | USED BY | +----------+----------+---------+----------------+---------------------------+-------------+---------+ | eth1 | physical | NO | | | | 0 | +----------+----------+---------+----------------+---------------------------+-------------+---------+ | external | physical | YES | | | | 0 | +----------+----------+---------+----------------+---------------------------+-------------+---------+ | lxdbr0 | bridge | YES | 10.166.11.1/24 | fd42:4c81:5770:1eaf::1/64 | | 15 | +----------+----------+---------+----------------+---------------------------+-------------+---------+ | virbr0 | bridge | NO | | | | 0 | +----------+----------+---------+----------------+---------------------------+-------------+---------+ | wlan0 | physical | NO | | | | 0 | +----------+----------+---------+----------------+---------------------------+-------------+---------+
OVN ネットワークでの外部ルーティングアドレス・サブネットのサポート ¶
新たな設定キー ipv4.routes.external と ipv6.routes.external を使って、外部の IP アドレスとサブネットを OVN ネットワーク上で実行中のインスタンスにルーティングできるようになりました。
プロジェクト設定の新たな restricted.networks.subnets キーと一緒に使用して、まずは外部の IPv4/IPv6 サブネットのセットを特定のプロジェクトに委任し、そのプロジェクト内でそれらのアドレスをインスタンスにルーティングできます。
すべての変更点(翻訳なし) ¶
このリリースでの完全な変更点のリストは次のとおりです:
- lxd/cluster: Changing "no heartbeat" language in membership.go "no heartbeat since
" changed to "no heartbeat for " - lxd/apparmor: Allow unix sockets binding
- doc/server: Fix escaping
- doc/server: Sort config keys
- lxd/backup: Adds WorkingDirPrefix constant
- lxd: backup.WorkingDirPrefix usage
- lxd/backup: Updates backupCreate to store backups in backups/instances
- lxd/backup: Updates Rename to support new backup location
- lxd/backup: Rename comment ending
- lxd/backup: Updates DoBackupDelete to handle new backup location
- lxd/backup: DoBackupDelete comment ending
- lxd/instance/backup: Updates containerBackupExportGet to support new backup location
- lxd/patches: Adds patchMoveBackupsInstances to move backups into backups/instances dir
- lxd/sys/fs: Adds backups/custom and backups/instances to initDirs()
- lxd/network/driver/ovn: Improve error message when parent 'network' option not specified
- lxd/network/network/interface: Adds Type interface and moves non-DB depedent functions into it
- lxd/network/network/load: Adds LoadByType function and removes ValidateNameAndProject function
- lxd/main/init/interactive: netType.ValidateName usage
- lxd/networks: Switch to network type validation in networksPost
- lxd/networks: Use ValidateName function on loaded DB network in networkPost
- lxd/network/network/interface: Exports FillConfig
- lxd/network/network/load: Removes FillConfig function
- lxd/networks: netType.FillConfig usage
- lxd/network/driver/common: Exports FillConfig
- lxd/network/driver/bridge: FillConfig usage
- lxd/network/driver/ovn: FillConfig usage
- lxd/network/driver/common: Removes common Type() and netType
- lxd/network: Adds Type() to each driver
- lxd/db/errors: Updates ErrAlreadyDefined text to be generic
- lxd/network/network/interface: Adds DBType function
- lxd/network/driver: Implements DBType()
- lxd/network/driver: Adds NodeSpecificConfig Info var
- lxd/networks: netType.DBType usage in networksPost
- lxd/networks: Create pending network node entries when network driver doesn't support per node config in networksPost
- lxd/networks: Comments in networksPostCluster
- lxd/networks: Comments in networkGet
- lxd/networks: Start parent networks before dependents in networkStartup
- lxd: Ensure all use of db.InstanceFilter defines instance type
- lxd/project/permissions: Fixes AllowInstanceCreation tests
- lxd/project/permissions: Error quoting
- api: Add projects_networks
- doc/storage: no need to escape underscore in bash examples
- seccomp: fix bpf support detection
- seccomp: improve bpf support detection
- shared/validate: Use ParseUint in IsNetworkMTU
- lxd/device/device/utils/network: Change argument for NetworkSetDevMTU to uint32
- lxd/device/device/utils/network: NetworkSetDevMTU usage
- lxd/network/network/utils: Changes GetDevMTU to return uint32
- lxd/network/openvswitch/ovs: Adds OVNEncapIP function
- lxd/network/driver/ovn: Removes ovnGeneveTunnelMTU constant
- lxd/network/network/utils/ovn: Removes OVNInstanceDeviceMTU function
- lxd/network/driver/ovn: Updates getBridgeMTU() to not depend on ovnGeneveTunnelMTU
- lxd/network/driver/ovn: Adds getOptimalBridgeMTU and getUnderlayInfo functions
- lxd/network/driver/ovn: Updates setup to generate an optimal bridge.mtu setting if not specified manually
- lxd/device/nic/ovn: Read mtu directly from parent network config bridge.mtu setting
- doc/projects: Sort config keys
- lxd/networks: Enforces manage-networks RBAC permission for managing networks
- lxd/network: Only adding pseudo pending node records when in cluster in networksPost
- lxd/project/permissions: Typo
- lxd/db/cluster/open: Adds features.networks to default project on new database
- lxd/storage/cephfs: Fix quota on new volumes
- lxd/networks: Allow network deletion in projects
- lxc/remote: Add project selection logic
- i18n: Update translation templates
- lxd/network: Removes client side default network type when creating network
- lxd/networks: Default to ovn network type when creating non-default network project
- lxd/network: Removes client side default network type when creating network
- lxd/networks: Default to ovn network type when creating non-default network project
- api: Adds projects_networks_restricted_uplinks extension
- doc/projects: Adds restricted.networks.uplinks
- lxd/networks: Updates doNetworkUpdate to use n.Validate so that project is available to validator
- lxd/network/network/load: Removes unused Validate
- lxd/network/network/load: Renames project arg to projectName for clarity
- lxd/api/project: Adds restricted.networks.uplinks to validation
- lxd/network/driver/ovn: Adds allowedUplinkNetworks function
- lxd/network/driver/ovn: Enforce project restricted.networks.uplinks setting
- lxd/instances: Fix ceph cluster target move
- lxd/cgroup: Fix memory.swappiness detection
- lxd/db: Adds boolean support to doDbQueryScan
- lxd/sys/fs: initDirs comment
- lxd/sys/fs: Removes backups/instances and backups/custom from pre-storage mount setup
- lxd/sys/fs: initDirs error quoting
- lxd/sys/fs: Adds initStorageDirs to be called after storage pools and daemon volumes are mounted
- lxd/sys/os: Adds InitStorage
- lxd/daemon: Call d.os.InitStorage after daemon storage volumes are mounted
- lxd/backup/instance/config: Renames InstanceConfig to Config
- lxd/backup/backup/config: Makes Config fields omitempty so custom volume's encoded yaml doesn't contain instance fields
- lxd/backup/backup/config: Adds comment to Container field explaining that VM backups use this too
- lxd/storage/pool/interface: backup.Config usage
- lxd/api/internal: backup.ParseConfigYamlFile usage
- lxd/storage/backend: backup.Config usage
- lxd/backup: Moves Instance interface into own file
- lxd/backup: Moves Info struct and GetInfo function into own file
- lxd/backup: Renames backup to backup_common
- lxd/backup/backup/common: Renames Backup to BackupCommon
- lxd/backup/backup/instance: Adds InstanceBackup using CommonBackup as basis
- lxd/backup: Changes pruneExpiredContainerBackups to use InstanceBackup.Delete() function
- lxd/instance/instance/utils: backup.InstanceBackup usage
- lxd/instance/instance/interface: backup.InstanceBackup usage
- lxd/instance/drivers: backup.InstanceBackup usage
- lxd/rbac: Avoid tight retry loop
- lxd/rbac: Directly handle re-tries on 504
- lxd/backup/backup/utils: Adds TarReader function
- lxd/backup/backup/info: Changes Type field from api.InstanceType to Type
- lxd/backup/backup/info: Updates GetInfo to use TarReader
- lxc/backup: Updates backupWriteIndex to use backup.Type
- lxd/backup/backup/info: GetInfo consistent comment endings
- lxd/backup/backup/info: Updates GetInfo to support backup.Type
- lxd/db/backups: InstanceBackup comment
- lxd/db/backups: projectName argument renaming
- lxd/db/storage/volumes: Set Snapshot: true in StorageVolumeArgs returned from GetLocalStoragePoolVolumeSnapshotsWithType
- lxd/instance: Spacing
- lxd/storage/drivers/driver/btrfs/utils: Switches to backup.TarReader
- lxd/storage/drivers/driver/btrfs: Consistent comment ending
- lxd/storage/drivers/driver/zfs/volumes: consistent comment ending
- lxd/storage/drivers/generic/vfs: Consistent comment ending
- lxd/backup/backup/info: Adds note about legacy container.bin optimized type check
- lxd/backup/backup/instance: Fix old parent directory removal in InstanceBackup.Rename()
- lxd/backup/backup/config: Adds VolumeSnapshots to Config struct
- lxd/backup/backup/info: Adds Config field to Info struct
- lxd/backup/backup/info: Adds TypeCustom backup type for custom volumes
- lxd/backup/backup/volume: Adds custom volume type
- lxd/storage/volumes/backup: Adds custom volume backup route handlers
- client/interfaces: Add custom volume backup functions
- client/interfaces: Adds StoragePoolVolumeBackupArgs struct
- client/lxd/storage/volumes: Add custom volume backup functions
- api: Adds custom_volume_backup extension
- doc/rest-api: Documents custom volume backup routes
- lxc/storage/volumes: Add import and export for custom volumes
- lxd/backup: Adds volumeBackupCreate and volumeBackupWriteIndex functions
- lxd/api/1/0: Registers custom volume backup route handlers
- lxd/db/backups: Adds StoragePoolVolumeBackup type
- lxd/db/backups: Adds custom volume backup lifecycle functions
- lxd/db/cluster: Adds storage_volumes_backups table
- lxd/db/operations/types: Adds custom volume backup operations types
- lxd/db/storage/volume/snapshots: Adds GetStorageVolumeSnapshotsNames function
- lxd/storage/backend: Adds BackupCustomVolume and CreateCustomVolumeFromBackup functions
- lxd/storage/backend/lxd: Renames custom volume backups in RenameCustomVolume
- lxd/storage/backend/lxd: Deletes custom volume backups in DeleteCustomVolume
- lxd/storage/drivers/driver/btrfs/volumes: Adds support for optimized custom volume backups
- lxd/storage/drivers/driver/dir/volumes: Adds support for custom volume backups nil post hooks
- lxd/storage/drivers/driver/zfs/volumes: Adds support for optimized custom volume backups
- lxd/storage/drivers/driver/zfs/volumes: Adds support for custom volume backups nil post hooks
- lxd/storage/drivers/generic/vfs: Adds support for custom volume backups to genericVFSBackupVolume
- lxd/storage/drivers/generic/vfs: Adds support for custom volume backups to genericVFSBackupUnpack
- lxd/storage/pool/interface: Adds BackupCustomVolume and CreateCustomVolumeFromBackup
- lxd/storage/volume: Adds createStoragePoolVolumeFromBackup and hook in storagePoolVolumesTypePost
- lxd/storage/volumes/utils: Adds storagePoolVolumeBackupLoadByName function
- shared/api/storage/pool/volume: Adds custom volume backup structs
- test/suites/backup: Adds tests for custom volume backups
- i18n: Update translation template
- i18n: Update translations from weblate
- lxc: Always use HostPathFollow
- lxd/storage/drivers/generic/vfs: Fixes custom volume root dir ownership issue in genericVFSBackupUnpack
- test/suites/backup: Use project argument in test_backup_import_with_project
- test/suites/backup: Use project argument in test_backup_export_with_project
- test/suites/backup: Use project argument in test_backup_volume_export_with_project
- test/suites/backup: Adds test for backup import into different project in test_backup_import_with_project
- test/suites/backup: Comment consistency
- test/suites/backup: Add test for custom volume import
- test/suites/backup: Add test for importing custom volume into other project
- lxd/api: Restrict access to daemon config
- lxd/storage: Allow ceph/cephfs for images/backups
- client/interfaces: Adds Name field to InstanceBackupArgs
- client/lxd/instances: Adds custom name restore support to CreateInstanceFromBackup
- lxd/instance/drivers/qmp/monitor: Adds GetBalloonSizeBytes and SetBalloonSizeBytes
- lxd/instance/drivers/driver/qemu: Adds live shrinking of memory
- lxd/devices/config/devices/utils: Adds doc block for deviceEquals and deviceEqualsDiffKeys
- lxd/device/config/devices: Comment clean up
- lxd/device/config/devices: Improves comments and variable naming in Update
- lxd/device/config/devices: Fixes bug in Update where allChangedKeys only contains changed keys from last device
- lxd/instance/drivers/driver/lxc: Whitespace
- lxd/device/config/devices: Handles nil updateFields function in Update
- lxd/instance/drivers/driver/qemu: Removes logic duplication in live update
- lxc/import: Adds optional instance name argument to lxc import command
- lxd/instances/post: Adds custom name support for backup import to createFromBackup
- lxd/instances/post: createFromBackup usage in containersPost for custom backup name restore
- lxd/api/internal: Adds AllowNameOverride to internalImportPost
- lxd/api/internal: Override instance name in internalImport when AllowNameOverride is set
- client/interfaces: Adds Name field to StoragePoolVolumeBackupArgs to bring in line with InstanceBackupArgs
- client/lxd/storage/volumes: Updates CreateStoragePoolVolumeFromBackup to accept volume name override via X-LXD-name header
- lxc/storage/volume: Adds optional volume name argument to lxc storage volume import
- lxd/storage/volumes: Adds volName arg to createStoragePoolVolumeFromBackup
- lxd/storage/volumes: createStoragePoolVolumeFromBackup usage in storagePoolVolumesTypePost
- lxd/storage/backend/lxd: Updates CreateCustomVolumeFromBackup to support custom volume import name
- api: Adds backup_override_name extension
- test/suites/backup: Adds tests for custom volume import name override
- test/suites/backup: Adds instance import name override tests
- i18n: Update translation template
- doc/networks: Simplifies OVN single node setup instructions
- lxd/device/nic/ovn: Improves error message in Start
- lxd/network/driver/ovn: Implements DHCPv4Subnet and DHCPv6Subnet to allow static IPs to be set
- lxd/network/openvswitch/ovn: Fix spelling of OVNIPv6AddressModeDHCPStateful and OVNIPv6AddressModeDHCPStateless values
- lxd/network/driver/ovn: Adds support for ipv6.dhcp.stateful
- doc/networks: Documents ipv6.dhcp.stateful option for OVN networks
- shared/api: Not all disks have a device path
- lxd/resources: Ignore rbd devices
- shared/simplestreams: Fix stream's index download url
- lxd/device/device/interface: Adds NICState interface for getting NIC state
- lxd/device/nic/bridged: Implements NICState interface by adding State function
- lxd/instance/drivers/driver/qemu: Refactors RenderState to support multiple NIC types in the future
- lxd/network/openvswitch/ovn: Adds LogicalSwitchPortDynamicIPs function
- lxd/network/openvswitch/ovn: Updates LogicalSwitchPortSetDNS to use LogicalSwitchPortDynamicIPs
- lxd/network/driver/ovn: Adds instanceDevicePortDynamicIPs function
- lxd/network/network/utils/ovn: Adds OVNInstanceDevicePortDynamicIPs function
- lxd/device/nic/ovn: Implements NICState interface by adding State function
- lxd/instance/drivers/qmp/monitor: Renames GetMemoryBalloonSizeBytes
- lxd/instance/drivers/qmp/monitor: Renames SetMemoryBalloonSizeBytes
- lxd/instance/drivers/qmp/monitor: Adds GetMemorySizeBytes function
- lxd/instance/drivers/driver/qemu: Adds qemuDefaultMemSize constant
- lxd/instance/drivers/driver/qemu: Updates updateMemoryLimit to allow memory resize back to boot time size
- lxd/instance/drivers/driver/qemu: Updates IsRunning to not check for BROKEN state
- lxd/instance/drivers/driver/qemu: Updates statusCode() to detect if monitor failure with running VM
- lxd/apparmor: Allow access to zoneinfo files
- lxd/apparmor: Add /etc/localtime to the list
- lxd/project: Always allow cloud-init:config drives
- doc/image-handling: Cover publishing
- lxd/network/network/utils: Adds GetNeighbourIPs function
- lxd/network/network/utils: Updates GetLeaseAddresses to return only net.IP list
- lxd/device/nic/bridged: Updates State() to return partial data
- refuse empty passwords
- lxd/storage: Adds rsync.compression config key
- doc: Adds rsync.compression
- api: storage_rsync_compression
- tests: Valid rsync.compression
- doc/index: Add libsqlite3-dev back to dependencies
- lxd/firewall/drivers/driver/nftables: Updates nft parser to handle nft sets with composite
typefield - shared/validate/validate: Increases max MTU to 16384 to support super jumbo packets
- lxd/apparmor/forkproxy: Fix bad profile name
- lxd/apparmor/forkproxy: Allow writing to log path
- lxc: Better handle copy/move between projects
- lxd/apparmor: Fix version parsing
- lxd/dnsmasq: Switch to Parse for version parsing
- lxd/firewall/drivers: Fix to Parse for version parsing
- lxd/rsync: Switch to Parse for version parsing
- shared/version: Make patch optional
- lxd/networks: Log error in doNetworksCreate after failed create if cleanup fails too
- lxd/network/driver: Improve missing parent network error message
- lxd/network/driver/ovn: Moves uplink type agnostic parent port allocation logic into allocateParentPortIPs()
- lxd/network/driver/ovn: Better error messages
- lxd/network/driver/ovn: Moves parent port lock into deleteParentPort
- lxd/network/driver/ovn: Moves parent port lock into startParentPort
- lxd/network/driver/ovn: deleteParentPortBridge comments
- lxd/network/driver/ovn: Don't setup SNAT if no external uplink IPs
- lxd/network/driver/ovn: Makes setting up external router port and switch conditional on having external IPs
- lxd/network/driver/ovn: Removes old comment
- lxd/network/driver/ovn: Fix sentence in startParentPortBridge error
- lxd/network/driver/ovn: Fixes error message in setupParentPortBridge
- lxd/network/network/utils: Moves bridge related functions into own file
- static_analysis: exclude vendored headers from spell checking
- static_analysis: exclude .git
- shift_linux: vendor posix_acl_xattr.h
- seccomp: vendor bpf headers
- shares/validate: Whitespace
- lxd/network/openvswitch/ovn: Updates RecursiveDNSServer to be list of IPs
- lxd/network/driver/ovn: Updates allocateParentPortIPs to detect the parent network IP address and DNS settings
- lxd/network/driver/ovn: Updates n.allocateParentPortIPs usage
- lxd/network/driver/ovn: Updates setup IPv6 RDNSS setting
- lxd/apparmor/forkproxy: Socket path fixes
- lxd/images: Fix crash when no "info" struct
- doc/networks: Clarifies use of ovn ranges settings in bridge network
- lxd/util/net: Updates SysctlSet to support setting multiple keys
- shared/validate: Adds IsNetworkAddressList function
- lxd/network/network/utils: Adds VLANInterfaceCreate function
- lxd/device/device/utils/network: network.VLANInterfaceCreate usage
- lxd/device/device/utils/network: Removes NetworkRemoveInterface function
- lxd/network/network/utils: Adds InterfaceRemove and InterfaceExists functions
- lxd/network/network/utils: InterfaceExists usage
- lxd/device/device/utils/network: network.InterfaceRemove usage
- lxd/device/nic: network.InterfaceRemove usage
- lxd/network/driver/bridge: InterfaceExists usage
- lxd/network/driver/ovn: InterfaceExists usage
- lxd/network/network/utils: Adds InterfaceSetMTU function
- lxd/device: network.InterfaceSetMTU usage
- lxd/network/driver/ovn: Inherit MTU from uplink bridge for OVS bridge and connecting veth pair
- lxd/network/driver/ovn: Remove dependency on sysctl command and use util.SysctlSet instead
- lxd/network/driver: Improves comments
- api: Adds network_type_physical extension
- doc/networks: Adds docs for physical network type
- lxd/db/networks: Adds physical network type constant
- lxd/network/driver/physical: Adds physical driver
- lxd/network/driver/ovn: Adds support for physical network as uplink
- lxd/network/driver/physical: Change checkParentUse to return a bool if in use
- lxd/network/driver/ovn: Changes uplink network in use check to look at LXD DB
- lxd/network/driver/ovn: Handle uplink network changing
- lxd/network/driver/ovn: Comment clarity
- lxd/storage/pools: Gives clear error message when trying to create duplicate storage pool in single node
- lxd/events: Validate type
- lxd/events: Prevent logging access to non-admin
- lxd/daemon: Clean shutdown on SIGPWR/SIGTERM
- lxd/operations: Don't directly trigger shutdown
- lxd: Prevent internal cluster migration of instances with backups
- lxd/instance/drivers: Enable USB for VMs
- lxd/instance/drivers: Add USB controller to QEMU config
- lxd/apparmor: Fix devPaths in QEMU profile
- db: Retry transient errors for longer
- db: Always retry driver.ErrBusy, regardless of the error message
- db: Retry failed rollbacks if they are due to transient errors
- db: Explicitly rollback leftover transactions when a new one can't be started
- db: Retry to begin a new transaction after an explicit rollback attempt
- lxd/operations: Fix timeout
- lxd/daemon: Allow more operations during shutdown
- lxd/include: Relocate ifndef for NEWCGROUP
- doc: Remove stray _ escapes in security.md
- lxc-to-lxd: Handle snap better
- lxd/device/usb: Allow USB devices for VMs
- lxd/device: Add bus and dev number to USBEvent
- lxd/apparmor: Allow USB specific paths
- lxd/device/config: Add USBDevice to RunConfig
- lxd/events: Handle default permissiosn in projects
- lxd/dnsmasq: Adds 100ms sleep to successful Kill() to allow sockets to be released by OS
- lxd/instance/drivers/driver/qemu: Restores ability to resize VM disks
- lxd/device/disk: Adds comment about VM instances depending on CanHotPlug fields for stopped disk resize
- lxd/instance/qemu: Fix bad event name
- lxd/storage: Check base image is available locally
- lxd/storage/drivers/driver/lvm: Don't remove empty thinpool and volume group if lvm.vg.force_reuse enabled
- shared/validate/validate: Removes inaccurate comments about optional values
- shared/validate/validate: Adds IsNetwork and IsNetworkList functions
- shared/validate/validate: Re-orders IP validation functions
- lxd/device/nic/ovn: Comment
- doc/api-extensions: Removes mention of "parent" from projects_networks_restricted_uplinks feature
- doc/networks: Switch to "uplink" terminology for external OVN network access
- lxd/network/driver/ovn: Replace parent terminology with uplink
- lxd/network/driver/common: Ban : char from network names in ValidateName()
- lxd/device: Handle USB devices for VMs
- lxd/instance/drivers: Add qemuUSBDev template
- lxd/instance/drivers: Add USB devices to qemu config
- Revert "lxd/instance/drivers: Enable USB for VMs"
- lxd/driver/qemu: Add spice usb ports
- lxd-agent: Fix defer in for loop
- forksyscall: use correct function
- shared/util.go: use string method with stdout and stderr
- simplestreams.go: remove unneeded fmt.Sprintf and simplify getImages()
- lxd/instance/drivers: Updates templateApplyNow to close files at end of each iteration
- lxd/network/network/utils: Adds SubnetContains function
- lxd/network/network/utils: Adds SubnetIterate function
- lxd/network/network/utils: Adds SubnetParseAppend function
- api: Adds network_ovn_external_subnets extension
- doc/networks: Adds ipv4.routes and ipv6.routes settings to physical network
- lxd/network/driver/physical: Adds ipv4.routes and ipv6.routes config keys
- doc/projects: Removes trailing full stop
- doc/projects: Adds restricted.networks.subnets
- lxd/api/project: Adds restricted.networks.subnets config key
- lxd/api/project: Moves projectConfigKeys inside projectValidateConfig and adds state
- lxd/api/project: projectValidateConfig usage
- lxd/api/project: Adds projectValidateRestrictedSubnets function
- lxd/api/project: Adds restricted.networks.subnets validation to projectValidateConfig
- doc/networks: Adds ipv4.routes.external and ipv6.routes.external to ovn networks
- lxd/network/openvswitch/ovn: Adds LogicalRouterRouteDelete function
- lxd/network/openvswitch/ovn: Updates LogicalSwitchPortSetDNS to return IPs used for DNS records
- lxd/network/openvswitch/ovn: Adds LogicalRouterDNATSNATAdd function
- lxd/network/openvswitch/ovn: Adds LogicalRouterDNATSNATDelete function
- lxd/network/openvswitch/ovn: Updates LogicalRouterRouteAdd to support mayExist argument
- lxd/network/network/utils/ovn: Updates OVNInstanceDevicePortAdd to take an externalRoutes argument
- lxd/network/network/utils/ovn: Updates OVNInstanceDevicePortDelete to accept an externalRoutes argument
- lxd/network/driver/ovn: Moves uplink network validation into validateUplinkNetwork function
- lxd/network/driver/ovn: Updates Validate to check network exists and checks external IP routes
- lxd/network/driver/ovn: Adds DNS revert to instanceDevicePortAdd
- lxd/network/driver/ovn: client.LogicalRouterRouteAdd usage
- lxd/network/driver/ovn: Adds externalRoutes support to instanceDevicePortAdd
- lxd/network/driver/ovn: Delete externalRoutes in instanceDevicePortDelete
- forkmount: improve
- seccomp: improve logging for the seccomp notifier
- seccomp: make sure that insertMountLXD() doesn't call into LXC
- lxd/device/nic: Adds ipv4.routes.external and ipv6.routes.external to nicValidationRules
- lxd/device/nic/ovn: Adds support for ipv4.routes.external and ipv6.routes.external
- doc/instances: Adds ovn NIC documentation
- doc/instances: Re-works NIC device docs to explain nictype and network fields
- lxd/network/driver/ovn: Adds support for OVN NIC internal routes
- lxd/network/network/utils/ovn: Adds OVN NIC internal route support to OVNInstanceDevicePortAdd and OVNInstanceDevicePortDelete
- lxd/device/nic/ovn: Adds ipv4.routes and ipv6.routes settings for internal route support
- lxd/network/driver/bridge: Fixes inconsistency between normal bridge and fan bridge default ipv4.nat value
- api: Adds network_ovn_nat extension
- doc/networks: Adds ipv4.nat and ipv6.nat to OVN networks
- lxd/network/driver/ovn: Adds ipv4.nat and ipv6.nat support
- lxd/patches: Adds patchNetworkOVNEnableNAT patch to enable NAT on OVN networks
- i18n: Update translations from weblate
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.6 リリースのお知らせ¶
18th of September 2020
はじめに ¶
LXD チームは LXD 4.6 のリリースをお知らせできることにとてもワクワクしています!
このリリースは短い開発サイクルでしたが、それでもかなり忙しいリリースでした。
このリリースのハイライトは、LXD プロジェクト内にネットワークを置くことができるようになったことに間違いありません。これで共有 LXD 環境内に自前のネットワークが作成できるようになりました。
Enjoy!
新機能とハイライト ¶
プロジェクト内のネットワーク ¶
OVN ネットワークに関するこれまでの作業をもとに、プロジェクト内に新たに features.networks が設定できるようになりました。これによりプロジェクトは OVN ベースで、他のプロジェクトから見えない自身のネットワークを持てるようになりました。
stgraber@castiana:~$ lxc network list +---------+------+---------+-----------------+---------------------------+-------------------------------------+---------+---------+ | NAME | TYPE | MANAGED | IPV4 | IPV6 | DESCRIPTION | USED BY | STATE | +---------+------+---------+-----------------+---------------------------+-------------------------------------+---------+---------+ | default | ovn | YES | 10.187.181.1/24 | fd42:bb2b:e7d1:f3ba::1/64 | Default OVN network for the project | 3 | CREATED | +---------+------+---------+-----------------+---------------------------+-------------------------------------+---------+---------+
この機能を有効にすると、ホストインタフェースと OVN 以外のネットワークは見えなくなり、プロジェクトが直接所有するネットワークだけが残ります。
qemu 用の AppArmor プロファイル ¶
過去のリリースでの色々なサブプロセスに対する AppArmor プロファイルの生成に加えて、このリリースでは LXD 仮想マシンで使う qemu の制約が設定されるようになりました。
このリリースで raw.apparmor を仮想マシンに導入します。これは raw.qemu と同時に使われるときのみ有効です。通常の LXD 設定オプションは LXD が生成したプロファイルによって処理されます(そうでなければバグです)。
Dqlite の変更 ¶
LXD 4.5 をリリースした直後に、dqlite に大きな変更が加えられました。
ファイルシステムへの書き込みをインターセプトして、他のノードへのレプリケーションを行うためのフックを追加した sqlite3 のフォークに頼るのでなく、標準の sqlite3 から VFS アクセスを取得するこれまでとは異なるアプローチを使用するようになりました。
これはユーザーからは見えませんが、カスタムの sqlite3 と libco というふたつの依存関係を削除することで、パッケージを作成する際の助けになるでしょう。
dqlite を使う LXD は、標準の sqlite3 3.25 以上を使えるようになりました。
すべての変更点(翻訳なし) ¶
このリリースでの完全な変更点のリストは次のとおりです:
- shared/log15: Fix due to recent unix change
- Handle signals in non-interactive sessions.
- Fix hang when control is not provided in non-interactive mode.
- lxd/db/cluster: Fix incorrect storage volume node IDs
- lxd/db/cluster: Fix node id nil values
- lxd/storage/volumes: Only apply config changes when restoring snapshot if non-nil config is supplied
- lxd/network/driver/bridge: Exclude /32 underlay addresses from overlay address generation
- lxd/network/driver/ovn: Removes unnecessary dnsmasq logic in deleteParentPortBridge
- lxd/device/device/utils/network: Removes networkRandomDevName
- lxd/network/network/utils: Adds RandomDevName function
- lxd/device: network.RandomDevName usage
- lxd/network: Adds Description function
- api: Adds network_bridge_ovn_bridge API extension
- lxd/network/driver/ovn: Updates parentPortBridgeVars to use ovn.ovs_bridge from parent network
- lxd/network/driver/bridge: Adds ovn.ovs_bridge config key for OVN networks using bridge as parent
- doc/api: Removes underscore escaping when used inside backticks
- doc/networks: Adds ovn.ovs_bridge key to bridge networks
- lxd/instance/drivers: Fixes crash when removing device that cant be loaded
- lxd/db/cluster: Adds networks to project usage view
- lxc/storage_volume: Fix usage string
- po: Update translations
- lxd/network/driver/ovn: Add and delete local chassis ID to HA chassis group on start/stop
- lxd/network/openvswitch/ovn: Adds ChassisGroupChassisDelete function
- lxd/network/driver/ovn: Adds ovn.name setting to store OVN logical network name
- doc/networks: Adds ovn.name to OVN network doc
- api: Adds network_ovn_name API extension
- lxd/drivers/qemu: Use gic-version=max on aarch64
- seccomp: fix compilation on kernels without proper bpf.h
- lxc/config: Update wording for profile/config
- i18n: Update translation templates
- lxc/export: Support writing to stdout
- Drop custom SQLite and libco
- validate: Consider + as unsafe in URL
- lxd/instance/snapshots: Restrict naming
- db: Handle NULL storage_volume description column in patch 34
- lxd/storage/drivers/utils: Corrects argument order of mkfs in makeFSType for wider compatibility
- Revert "api: Adds network_ovn_name API extension"
- Revert "doc/networks: Adds ovn.name to OVN network doc"
- Revert "lxd/network/driver/ovn: Adds ovn.name setting to store OVN logical network name"
- Revert "doc/networks: Adds ovn.ovs_bridge key to bridge networks"
- Revert "lxd/network/driver/bridge: Adds ovn.ovs_bridge config key for OVN networks using bridge as parent"
- Revert "lxd/network/driver/ovn: Updates parentPortBridgeVars to use ovn.ovs_bridge from parent network"
- lxd/network/driver/ovn: Removes unused import
- lxd/network/driver/ovn: Removes unnecessary network ID lookup
- lxd/api/cluster: Start networks after cluster join
- lxd/networks: Only call n.Start() during doNetworksCreate if client type isn't joiner
- lxd/network/driver/ovn: Adds pause between chassis group entry deletion and uplink port removal
- lxd/network/driver/ovn: parentPortBridgeVars whitespace
- Revert "api: Adds network_bridge_ovn_bridge API extension"
- lxd/db/cluster/update: Adds features.networks to default project
- lxd/project: Adds NetworkProject function
- lxd/db/networks: Updates networkState and usage to support projects
- lxd/db/networks: Updates getNetwork and usage to support projects
- lxd/network/network/utils: Updates IsInUseByInstance to translate instance's project to a network project
- lxd/network/network/utils: Updates isInUseByDevices to support projects
- lxd/network/network/utils: Updates IsInUseByProfile to accept a db.Profile rather than api.Profile
- lxd/network/network/utils: Updates UpdateDNSMasqStatic to use default project
- lxd/network/network/utils: Updates GetLeaseAddresses to use default project
- lxd/network/network/utils: Adds UsedBy function and unexports related functions not used elsewhere
- lxd/db/networks: Updates GetNonPendingNetworks to return a map of project networks
- lxd/network/driver/ovn: Updates parentAllAllocatedIPs to use update GetNonPendingNetworks
- lxd/network/network/utils: Adds network usage by other networks detection in UsedBy
- lxd/network/driver/common: Updates IsUsed to use UsedBy
- lxd/network/driver/bridge: Adds existing interface check as Create function
- lxd/network/driver/bridge: Push down interface name conflict check to Rename
- lxd/network/driver: Removes duplicated "in use" check that is now done at top level
- lxd/profiles/utils: Renames project arg to projectName in doProfileUpdate
- lxd/profiles: Updates usage of ValidDevices in profilesPost
- lxd/patches: Updates to support network projects
- lxd/networks/utils: Removes networkGetInterfaces function
- lxd/networks/utils: Updates networkUpdateForkdnsServersTask to support projects
- lxd/networks: Updates networkPost validation
- lxd/networks: Updates networksGet to support projects
- lxd/networks: Updates networksPost to support projects
- lxd/networks: Updates networksPostCluster to support projects
- lxd/networks: Updates doNetworksCreate to support projects
- lxd/networks: Updates networkGet to support projects
- lxd/networks: Updates doNetworkGet to support projects and to use network.UsedBy
- lxd/networks: Updates networkDelete to support projects
- lxd/networks: Updates networkPost to support projects
- lxc/networks: Updates networkPut to support projects
- lxd/networks: Updates doNetworkUpdate to support projects
- lxd/networks: Updates networkLeasesGet to support network projects
- lxd/networks: Updates networkStartup and networkShutdown to load networks from all projects
- lxd/network/network/load: Updates load functions to support projects
- lxd/network/network/interface: Adds project name to init function
- lxd/network/driver/common: Adds project support
- lxd/network/driver/ovn: Load parent network from default project
- lxd/device/nictype: Adds conversion of device project to network project for NICType validation
- lxd/instance/instance/utils: Project name is needed to validate instance devices
- lxd/instance: instance.ValidDevices project argument usage
- lxd/instance/drivers/driver/lxc: instance.ValidDevices project usage
- lxd/instance/drivers/driver/lxc: Error quoting
- lxc/instance/drivers/driver/lxc: nictype.NICType project usage
- lxd/instance/drivers/driver/qemu: instance.ValidDevices project usage
- lxd/instance/drivers/driver/qemu: nictype.NICType project usage
- lxd/instance/drivers/load: Adds project support to validDevices
- lxd/device/device/load: Adds project support to load function
- lxd/device/device/utils/network: Use default project for veth route functions
- lxd/device/nic/bridged: Use default project for bridge networks
- lxd/device/nic/macvlan: Use default project for macvlan networks
- lxd/device/nic/ovn: Load parent network's project from instance's project
- lxd/device/nic/sriov: Use default project for parent network
- lxd/device/proxy: NICType project usage
- lxd/network/driver/common: Send project when notifying nodes of network changes
- lxd/networks: Send project when creating network on remote node
- lxd/db/migration/test: Add network project support
- lxd/cluster/membership/test: Add network project support
- lxd/api/cluster: Uses default project for networks during cluster join
- lxd/networks: Updates networksPostCluster to use tx.GetNetworkID with project
- lxd/db/networks: Adds project support to CreatePendingNetwork
- lxd/db/networks: Adds project support to GetNetworkID
- lxd/db/networks/test: Updates GetNetworkID usage with project
- shift_linux: tweak ACL handling
- tar_write: switch to PAXRecords to preserve ACLs too
- doc/projects: Adds features.networks
- lxc/project: Adds features.networks to project list output
- lxd/api/project: Adds features.networks support but does not enable by default
- lxd/init: Updates initDataNodeApply to return a revert function
- lxd/main/init: Updates Run to use revert
- lxd/api/cluster: Adds project support for networks
- lxd/api/cluster: Updates clusterPutJoin to use revert
- lxd/api/cluster: Updates clusterInitMember to return a revert function
- lxd/api/cluster: Logging quoting
- lxd/api/cluster: clusterPutJoin project support
- lxd/api/cluster: clusterInitMember project support
- lxd/api/cluster: Adds NetworksPost to internalClusterPostNetwork
- lxd/api/cluster: Checks network types match in clusterCheckNetworksMatch
- lxd/init: Adds internalClusterPostNetwork to initDataNode
- lxd/init: initDataNodeApply project support
- lxd/init: initDataNodeApply comment consistency
- lxd/main/init/auto: Updates RunAuto to send internalClusterPostNetwork
- lxd/main/init/dump: Updates RunDump to use internalClusterPostNetwork
- lxd/main/init/interactive: Updates RunInteractive to use internalClusterPostNetwork
- lxd/main/init/interactive: Updates askNetworking to use internalClusterPostNetwork
- lxd/network: Adds Info struct and function
- lxd/network/network/load: Renames ValidateName to ValidateNameAndProject
- lxd/network/driver/ovn: Adds Info function
- lxd: network.ValidateNameAndProject usage
- lxd/network/driver/ovn: deleteParentPort fixed to allow deletion of network with no parent
- lxd/project: Updates NetworkProject to return project config
- doc/project: Adds limits.networks setting
- lxd/api/project: Adds limits.networks setting
- lxd/networks: Enforces limits.networks in networksPost
- lxd: project.NetworkProject usage
- lxd/networks: Don't allow non-default network projects to access info about the physical interfaces in doNetworkGet
- lxd/api/cluster: Create or update local node projects to sync with cluster in clusterInitMember
- i18n: Update translation templates
- shift_linux: handle ACL unshifting correctly
- shift_linux: handle capability unshifting correctly
- shift_linux: converty to CBytes not to CString
- lxc/utils: Add usage function
- lxc: Drop command name from translation
- i18n: Update translation template
- shared/subprocess: Set err on non-zero
- lxd/instances/qemu: Use subprocess
- lxd/instance: Add DevPaths
- lxd/apparmor: Fix unload/delete
- lxd/apparmor/instance: Sort context
- lxd/apparmor: Prepare for qemu
- lxd/apparmor: Add qemu profile
- lxd/instance/drivers/driver/qemu: Switch to threads locking mode and writeback cache mode for BTRFS
- doc/instance: raw.apparmor now implemented for VM
- lxd/apparmor: Tweak qemu profile for non-snap
- shared/idmap/shift/linux: Handle nil IdmapSet in UnshiftACL and UnshiftCaps
- shared/instancewriter/instance/tar/writer: Handle nil idmapSet and log shifting errors in WriteFile
- lxc: Better handle arguments
- lxc: Unbundle sortorder
- lxd/util/sys: Fixes GetExecPath when lxd binary has been removed/changed
- lxd/db/images: Error message uppercase first letter
- i18n: Update translations from weblate
- lxd/instance: Adds instanceImageTransfer and updates instanceCreateFromImage to use it
- lxd/daemon/images: Error quoting
- lxd/daemon/image: Adds logic to download image from another cluster node into ImageDownload
- lxd/db/images/test: Fixes tests for LocateImage
- test/suites/clustering: Adds test for image transfer between cluster nodes
- bash-completion: use "list --format=csv" consistently
- bash-completion: use regex grouping for
lxc start - lxd/instance/qemu: Fix mem device naming
- proxy bind= should accept host|instance as the doc says
- Valid proxy type= values are all lower case so fix doc
- s/descriptros/descriptors/
- Revert "lxd/network/driver/bridge: Exclude /32 underlay addresses from overlay address generation"
- lxd/network/driver/bridge: Skip lo interface when generating fan overlay address in addressForSubnet
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.5 リリースのお知らせ¶
29th of August 2020
はじめに ¶
LXD チームは LXD 4.5 のリリースをお知らせできることにとてもワクワクしています!
これは LXD の非常に忙しいリリースです。主なハイライトは、ネットワークオプションに OVN が加わったことであることは間違いありません。
さらに、bpf システムコールのインターセプトと pts デバイスの新たな割り当てロジックという、コンテナサポートで歓迎すべき改良がいくつか加わりました。
最後に、リモートストレージの改良と新しい AppArmor プロファイルに対する改良による、セキュリティとクラスタリングに対する素晴らしい改良が行われました。
Enjoy!
新機能とハイライト ¶
OVN 仮想ネットワークの初期サポート ¶
LXD 4.5 には OVN 仮想ネットワークのサポートが含まれます。
これは通常の LXD が管理するネットワークとして定義でき、これまでのブリッジと非常に似ています。しかし、クラスターノードをまたぐことができますし、サブネットが重複したり競合したりできます。
これは OVN を使って実現されています。そして、次の LXD リリースでは LXD プロジェクト内部のネットワークの基礎となります。LXD の OVN ネットワークは、親となる管理されたネットワークが必要です。現状では管理されたブリッジのみがサポートされます(SR-IOV と macvlan は 4.6 で対応予定)。
現時点では、ホスト上で OVN と Open vSwitch がセットアップされていれば、LXD で仮想ネットワークを作成できますし、通常のブリッジに対する方法と同じようにインスタンスに接続できます。
(4.5 の snap を使った Ubuntu 20.04 LTS での実行例です)
root@nuc01:~# apt install ovn-host ovn-central --yes [snip] root@nuc01:~# snap install lxd --channel=latest/candidate lxd (candidate) 4.5 from Canonical✓ installed root@nuc01:~# ovs-vsctl set open_vswitch . \ > external_ids:ovn-remote=unix:/var/run/ovn/ovnsb_db.sock \ > external_ids:ovn-encap-type=geneve \ > external_ids:ovn-encap-ip=172.17.16.139 root@nuc01:~# lxd init --auto root@nuc01:~# lxc network list +--------+----------+---------+----------------+---------------------------+-------------+---------+ | NAME | TYPE | MANAGED | IPV4 | IPV6 | DESCRIPTION | USED BY | +--------+----------+---------+----------------+---------------------------+-------------+---------+ | br0 | bridge | NO | | | | 0 | +--------+----------+---------+----------------+---------------------------+-------------+---------+ | br-int | bridge | NO | | | | 0 | +--------+----------+---------+----------------+---------------------------+-------------+---------+ | eno1 | physical | NO | | | | 0 | +--------+----------+---------+----------------+---------------------------+-------------+---------+ | lxdbr0 | bridge | YES | 10.19.114.1/24 | fd42:56de:74c7:40f5::1/64 | | 1 | +--------+----------+---------+----------------+---------------------------+-------------+---------+ root@nuc01:~# lxc network set lxdbr0 ipv4.dhcp.ranges=10.19.114.2-10.19.114.199 root@nuc01:~# lxc network set lxdbr0 ipv4.ovn.ranges=10.19.114.200-10.19.114.254 root@nuc01:~# lxc network set lxdbr0 ipv6.ovn.ranges=fd42:56de:74c7:40f5::200-fd42:56de:74c7:40f5::254 root@nuc01:~# lxc network create my-virtual-01 network=lxdbr0 --type=ovn Network my-virtual-01 created root@nuc01:~# lxc network create my-virtual-02 network=lxdbr0 --type=ovn Network my-virtual-02 created root@nuc01:~# lxc network list +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | NAME | TYPE | MANAGED | IPV4 | IPV6 | DESCRIPTION | USED BY | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | br0 | bridge | NO | | | | 0 | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | br-int | bridge | NO | | | | 0 | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | eno1 | physical | NO | | | | 0 | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | lxdbr0 | bridge | YES | 10.19.114.1/24 | fd42:56de:74c7:40f5::1/64 | | 1 | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | lxdovn1 | bridge | NO | | | | 0 | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | my-virtual-01 | ovn | YES | 10.178.251.1/24 | fd42:39c7:797c:7977::1/64 | | 0 | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | my-virtual-02 | ovn | YES | 10.82.211.1/24 | fd42:5045:b316:b251::1/64 | | 0 | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ root@nuc01:~# lxc network create my-virtual-03 network=lxdbr0 ipv4.address=10.82.211.1/24 ipv6.address=fd42:5045:b316:b251::1/64 --type=ovn Network my-virtual-03 created root@nuc01:~# lxc network list +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | NAME | TYPE | MANAGED | IPV4 | IPV6 | DESCRIPTION | USED BY | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | br0 | bridge | NO | | | | 0 | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | br-int | bridge | NO | | | | 0 | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | eno1 | physical | NO | | | | 0 | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | lxdbr0 | bridge | YES | 10.19.114.1/24 | fd42:56de:74c7:40f5::1/64 | | 1 | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | lxdovn1 | bridge | NO | | | | 0 | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | my-virtual-01 | ovn | YES | 10.178.251.1/24 | fd42:39c7:797c:7977::1/64 | | 0 | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | my-virtual-02 | ovn | YES | 10.82.211.1/24 | fd42:5045:b316:b251::1/64 | | 0 | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | my-virtual-03 | ovn | YES | 10.82.211.1/24 | fd42:5045:b316:b251::1/64 | | 0 | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+
このセットアップでは、3 つの OVN ネットワークが存在します。そのうち 2 つは意図的に全く同じ IPv4/IPv6 サブネットを共有しており、分離された状態を見ることができます。
root@nuc01:~# lxc init images:ubuntu/20.04 u1 Creating u1 root@nuc01:~# lxc init images:ubuntu/20.04 u2 Creating u2 root@nuc01:~# lxc init images:ubuntu/20.04 u3 Creating u3 root@nuc01:~# lxc config device add u1 eth0 nic name=eth0 network=my-virtual-01 Device eth0 added to u1 root@nuc01:~# lxc config device add u2 eth0 nic name=eth0 network=my-virtual-02 Device eth0 added to u2 root@nuc01:~# lxc config device add u3 eth0 nic name=eth0 network=my-virtual-03 Device eth0 added to u3 root@nuc01:~# lxc start u1 u2 u3 root@nuc01:~# lxc list +------+---------+---------------------+-----------------------------------------------+-----------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +------+---------+---------------------+-----------------------------------------------+-----------+-----------+ | u1 | RUNNING | 10.178.251.2 (eth0) | fd42:39c7:797c:7977:216:3eff:fe3a:6498 (eth0) | CONTAINER | 0 | +------+---------+---------------------+-----------------------------------------------+-----------+-----------+ | u2 | RUNNING | 10.82.211.2 (eth0) | fd42:5045:b316:b251:216:3eff:fe7d:7826 (eth0) | CONTAINER | 0 | +------+---------+---------------------+-----------------------------------------------+-----------+-----------+ | u3 | RUNNING | 10.82.211.2 (eth0) | fd42:5045:b316:b251:216:3eff:fe9d:52af (eth0) | CONTAINER | 0 | +------+---------+---------------------+-----------------------------------------------+-----------+-----------+
bpf システムコールインターセプションの初期実装 ¶
bpf システムコールに対するシステムコールインターセプションを有効化できるようになりました。これはコンテナの security.syscalls.intercept.bpf を使ってコントロールできます。
この機能を有効にした場合、特定のタイプの bpf プログラムを有効にしなければなりません。現時点では、security.syscalls.intercept.bpf.devices のみをサポートします。この機能は、device cgroup に紐付けられたプログラムをコンテナ内から読み込めるようにしています。
警告: 実際のプログラムで行われるバリデーションは、ホストからの明確な DoS を避けるための単純なサイズチェックのみです。この機能を有効にしたコンテナでは、かなり複雑な bpf プログラムをロードできます。そしてコンテナのスコープ外の情報を取得する可能性があります。信用できないコンテナに対しては許可するべきではありません。
ネイティブなターミナルデバイスの割り当てのサポート ¶
これまで、lxc exec のような操作のためのデバイス割り当てはホストシステムの devpts を通して行われていました。これは、コンテナのファイルシステムにアクセスしたり、ユーザーがコンテナ内の /dev/pts を何か悪意のあるものでマスクしたりすることを防ぐためのセキュリティの手段として行われていました。しかし、このアプローチには問題があります。コンテナ内部で見える制御デバイスは(外部に属するため)解決できないからです。
カーネルと LXC の作業で、コンテナ起動時に最初にマウントされる devpts インスタンスを安全に追跡できるようになりました。そして、コンテナ内の現在のマウントテーブルとやりとりすることなく、デバイスを割り当てできるようになりました。
これによる目に見える効果には次のようなものがあります。stdin/stdout/stderr 上で何かをリダイレクトする時に AppArmor ポリシーが混乱しにくくなったり、他の様々なソフトウェアが is-a-tty タイプのチェックを行うようなことがより通常の方法で動作するようになったりしました。
VGA コンソールが Windows 上で動くようになりました ¶
Windows ユーザーは、virt-viewer を Chocolatey 経由かマニュアルでインストールできるようになりました。インストールすると、仮想マシンで lxc console --type=VGA を実行した場合に自動的にそれを検出し、使います。
リモートのストレージプールの扱いの改良 ¶
これまで、リモートのストレージプールにあるカスタムボリュームの処理方法は、クラスターメンバーごとにひとつのレコードを持つことで行われていました。これは、特にスナップショットを考慮すると、多数の重複するデータが生じていました。
スナップショットについては、ボリュームの重複のために、自動化されたスナップショットが各クラスターメンバーごとに発生し、意図したよりも多くのスナップショットと全体的な負荷につながっていました。
新たなデータベースの設計でこれはすべて解決しました。この設計では、シングルボリュームのエントリーが保持され、クラスター化されているとマークされます。したがって、特定のクラスターメンバーに結び付けられることはなくなりましたし、スケジュールされたスナップショットは、安定したハッシュメカニズムを使ってクラスター全体に分散するようになり、現在オンラインのクラスターメンバーがそれをどのように処理するかを決定します。
forkdns と forkproxy が AppArmor の制限のもとで実行されるようになりました ¶
LXD 4.4 での dnsmasq の制限に続き、LXD 4.5 では forkdns も制限するようになりました。このプロセスは、LXD クラスター上で Fan ベースのネットワークが実行されているときに使います。その名前のとおり、forkdns はすべてのクラスターメンバーに対するクエリを効果的に複製することで DNS 処理を行います。この制限により、重要なデータへのアクセスによる攻撃の可能性を防ぐことができます。
同様に、NAT ではない proxy デバイスで使われる forkproxy も、自身の AppArmor プロファイルを持っています。これは、アクセスする前提であるソケットと、プロキシーを行うのに必要なカーネルインフラストラクチャーの部分のみに制限をします。
lxc move でクラスターのターゲットを指定できるようになりました ¶
クラスター外部からクラスターにインスタンスを移動する際、--target を与えることで、インスタンスをホストするクラスターメンバーを指定できるようになりました。
すべての変更点(翻訳なし) ¶
このリリースでの完全な変更点のリストは次のとおりです:
- lxc/move: Allow --target with cluster destination
- i18n: Update translation templates
- lxd/networks: Validate network config before starting networks on startup
- lxd/network/driver/common: Call init() in update() to consistency apply new internal state
- lxd/device/device/utils/network: Removes networkDHCPValidIP
- lxd/dnsmasq/dhcpalloc: Adds static DHCP allocation package for dnsmasq
- lxd/dnsmasq: Renames DHCPStaticIPs to DHCPStaticAllocation
- lxd/dnsmasq: Renames DHCPAllocatedIPs to DHCPAllAllocations
- lxd/network/network/utils: Removes GetIP
- lxd/network/network/utils: dhcpalloc.GetIP usage
- lxd/network/network/utils: dnsmasq.DHCPStaticAllocation usage
- lxd/network/network/interface: Changes of functions to accomodate dhcpalloc package
- lxd/network/driver/common: Implements default no-op function for non-dhcp enabled networks
- lxd/network/driver/common: dhcpalloc.DHCPRange usage
- lxd/network/driver/bridge: dhcpalloc package function usage
- lxd/network/driver/bridge: DHCPv4Subnet and DHCPv6Subnet implementations
- lxd/device/nic/bridged: Comment correction
- lxd/device/nic/bridged: n.DHCPv4Subnet and n.DHCPv6Subnet usage
- lxd/device/nic/bridged: dnsmasq.DHCPStaticAllocation usage
- lxd/device/nic/bridged: dhcpalloc.DHCPValidIP usage
- lxd/device/nic/bridged: Switches static DHCP allocation for IP filtering to dnsmasq/dhcpalloc
- lxd/main_activateifneeded: Clarify 'No DB' debug statements
- lxd/cluster: Fix failure domain updates
- tests: Fix failure domain test
- doc: s/container/instance/g
- doc/backup: Add note about the snap mntns
- lxd/apparmor: Don't fail on missing apparmor
- shared/validate: Makes IsUint32 non-optional
- lxd: Wraps validate.IsUint32 in validate.Optional
- shared/instance: Wraps validate.IsUint32 in validate.Optional
- shared/validate: Makes IsUint8 non-optional
- lxd/network/driver/bridge: Wraps validate.IsUint8 in validate.Optional
- shared/validate: Makes IsPriority non-optional
- shared/instance: Wraps validate.IsPriority in validate.Optional
- shared/validate: Makes IsBool non-optional
- lxd: Wraps validate.IsBool in validate.Optional
- shared/instance: Wraps validate.IsBool in validate.Optional
- shared/validate: Makes IsSize non-optional
- lxd: Wraps validate.IsSize in validate.Optional
- shared/instance: Wraps validate.IsSize in validate.Optional
- shared/validate: Makes IsNetworkAddress non-optional
- lxd: Wraps validate.IsNetworkAddress in validate.Optional
- shared/validate: Makes IsNetworkV4 non-optional
- lxd/network/driver/bridge: Wraps validate.IsNetworkV4 in shared.Optional
- shared/validate: Makes IsNetworkAddressV4 non-optional
- lxd/device/nic: Wraps validate.IsNetworkAddressV4 in validate.Optional
- lxd/device/nic/ipvlan: Wraps validate.IsNetworkAddressV4 in validate.Optional
- lxd/device/nic/ipvlan: Fixes incorrect IPv4 address check in IPv6 context
- lxd/network/driver/bridge: Wraps validate.IsNetworkAddressV4 in validate.Optional
- shared/validate: Makes IsNetworkAddressCIDRV4 non-optional
- lxd: Wraps validate.IsNetworkAddressCIDRV4 in validate.Optional
- shared/validate: Makes IsDeviceID non-optional
- lxd/device: Wraps validate.IsDeviceID in validate.Optional
- shared/validate: Makes IsNetworkV6 non-optional
- shared/validate: Makes IsNetworkAddressCIDRV6 non-optional
- lxd: Wraps validate.IsNetworkAddressCIDRV6 in validate.Optional
- shared/validate: Makes IsNetworkAddressV6 non-optional
- lxd: Wraps validate.IsNetworkAddressV6 in validate.Optional
- lxd/device/nic/ipvlan: validate.IsNetworkAddressVX tweaks
- lxd/device/nic/routed: Wraps validate.IsNetworkAddressV4List in validate.Optional
- lxd: Wraps validate.IsNetworkV4List and validate.IsNetworkV6List in validate.Optional
- shared/validate: Tweaks IsNetworkVLAN error message ordering
- shared/validate: comment spacing
- daemon: check whether shiftfs is useable
- lxd/network/network/utils: Renames ValidNetworkName to validInterfaceName
- lxd/network/network/utils: Adds validVirtualNetworkName
- lxd/network/network/interfaces: Adds ValidateName
- lxd/network/driver/bridge: Implements ValidateName
- lxd/network/driver/macvlan: Implements ValidateName
- lxd/network/driver/sriov: Implements ValidateName
- lxd/network/network/load: Adds ValidateName helper function
- lxd/main/init/interactive: Switches to network.ValidateName for bridge validation
- lxd/networks: Switches to network.ValidateName
- lxd/storage/utils: Simplifies error message from ValidName
- doc/networks: Fixes typo in bridge docs
- lxd/cluster/config: Fix import ordering of external package
- lxd/network/openvswitch: Name functions consistently using ObjectAction format
- lxd/network/driver/bridge: OVS function naming usage
- lxd/network/network/utils: OVS function naming usage
- lxd/device/nic/bridged: OVS function naming usage
- lxd/storage/locking: Moves package to lxd/locking
- lxd/locking: Renames variables to make them generic
- lxd/storage/drivers/utils: Adds OperationLockName function
- lxd/network/network/interface: Adds ID() function
- lxd/network/driver/common: Implements ID() function
- lxd/storage: locking.Lock usage with OperationLockName wrapper
- lxd/resources: Fix total memory for per NUMA node
- lxd: enable safe native container terminal allocation
- lxd/rsync: Don't pass --bwlimit when no limits set
- exec: fix OpenPtyInDevpts()
- test/suites/storage: LVM size tweaks
- lxd/instance/drivers/driver/lxc: Adds nil check in getLxcState
- client/operations: Fixes race conditions
- lxd/operations: Fixes race conditions
- client: More races fixed
- Makefile: Adds race target for enabling race detector
- Makefile: Correctly builds lxd-p2c and lxd-agent in debug and nocache targets
- client/operations: Race fix
- lxd/db: Adds mutex to fix races
- lxd/operations: Fixes races
- shared/validate: Adds IsURLSegmentSafe function
- lxd/network/driver/common: Adds common ValidateName function
- lxd/network/driver/bridge: Changes ValidateName to use common validation too
- lxd/network/driver: Removes ValidateName from sriov and macvlan
- lxd/network/network/load: Adds field name context to name validation errors
- lxd/network/network/utils: Removes validVirtualNetworkName
- lxd/networks: Returns network context on network startup failure
- shared/validate: Adds Required() and makes Optional() accept multiple validators
- lxd/network/driver/bridge: Don't allow stable volatile MAC with fan network
- lxd/network/driver/bridge: Don't allow hwaddr to be set in fan mode
- seccomp: update comment about blocking the new mount api
- syscall_numbers: fix pidfd_open() definition
- lxd_seccomp: add SECCOMP_IOCTL_NOTIF_ADDFD definitions and types
- checkfeature: check for seccomp notify fd injection feature
- syscall_numbers: add pidfd_getfd()
- syscall_numbers: add bpf()
- seccomp: report helpful errors when determining support for features
- seccomp: handle liblxc sending the notify fd as part of the seccomp message
- seccomp: enable bpf in unprivileged containers
- doc: add security.syscalls.intercept.bpf and security.syscalls.intercept.bpf.prog.devices
- api: add container_syscall_intercept_bpf_devices extension
- lxd-client: add security.syscalls.intercept.bpf security.syscalls.intercept.bpf.devices to completion
- production-setup: mention bpf-specific memlock settings
- seccomp: check the return value of pwrite()
- syscall_numbers: add close_range()
- exec: switch to close_range() syscall
- process_utils: remove faulty license
- lxd/apparmor/dnsmasq: Add binary for nesting
- lxd/storage/drivers/ceph: Fix volume deletion
- lxd/instance/drivers/driver/qemu: Fix race in onStop getting operation
- lxd/db: Fix premature failure when listing cluster volumes
- lxd/db/storage_volumes: Add comments regarding behaviour
- doc/production-setup: Fix escaping
- doc/production-setup: Update introduction
- lxd: Fix automatic storage volume snapshots
- cluster: Don't upgrade nodes without raft role concurrently
- lxd/network/network/load: Moves fillAuto logic into per-driver fillConfig function
- lxd/network/utils: Moves fillAuto into bridge's fillConfig function
- lxd/network/network/utils: Adds randomHwaddr function
- lxd/patches: Adds patch to remove volatile.bridge.hwaddr network key
- lxd/network/bridge/driver: Removes volatile.bridge.hwaddr and adds stable MAC generation
- shared/usbid: Don't auto-load
- lxd/resources: Load USB database
- lxd/apparmor: Move dnsmasq functions
- lxd/apparmor: forkdns profile
- lxd/sys: Add unpriv uid/group
- lxd/instances: Update for OS type change
- shared/subprocess: s/Pid/PID/
- shared/subprocess: Add credentials
- lxd/network: forkdns and creds drop for forkdns
- lxd/network: Run dnsmasq as unpriv group
- lxd/device/device/common: Adds common contextual logger
- doc/networks: dns.search clarification
- lxd/network/driver/bridge: Validates bridge.external_interfaces using validate.Optional() helper
- shared/validate: Adds network IP range validators
- lxd/network/driver/bridge: Adds DHCP IP range validation
- shared/network/ip: Defines IPRange struct
- lxd/dnsmasq/dhcpalloc: Removes DHCPRange and switches to shared.IPRange
- lxd/network: Replaces dhcpalloc.DHCPRange with shared.IPRange
- lxd/storage: Fix delete of remote pools
- lxd/storage/ceph: Allow for small size variation
- seccomp: cap instruction limit and log buffer to reasonable sizes
- seccomp: initialize almost everything
- main_checkfeature: remove logging failed shiftfs mounts
- seccomp: log errors to convert unix connection to file
- unixfd: improve SCM_RIGHTs file descriptor retrieval
- seccomp: simplify the seccomp message retrieval
- api: Adds API extension network_type_ovn
- doc/server: Documents global OVN networking config keys
- lxd/cluster/config: Adds OVN networking global config keys
- lxd/network/network/utils: Updates isInUseByDevices to support ovn
- lxd/db/networks: Adds OVN network type
- lxd/network/network/load: Adds ovn network type to loader
- lxd/networks: Adds ovn network type
- lxd/device/device/load: Adds OVN nic type support
- lxd/device/nictype: Adds ovn support
- lxd/network/network/utils: Adds OVN instance device port helpers
- lxd/network/openvswitch/ovs: Adds InterfaceAssociateOVNSwitchPort
- lxd/network/openvswitch/ovs: Adds ChassisID function
- lxd/network/openvswitch/ovs: Adds OVN bridge mapping functions
- lxd/network/openvswitch/ovs: Adds BridgePortList function
- lxd/network/openvswitch/ovs: Adds OVNBridgeMappingDelete function
- lxd/network/openvswitch/ovn: Adds OVN command wrapper
- lxd/network/network/utils: Adds parseIPRange functions
- lxd/network/driver/bridge: Adds OVN ranges keys
- lxd/network/driver/ovn: Adds OVN network driver
- lxd/device/nic/ovn: Adds OVN nic type
- doc/networks: Adds initial OVN doc
- doc/networks: Add OVN range keys
- doc/networks: Fix key ordering
- bash: Update completion profile
- lxd/apparmor: Disable cgroup2 on legacy hosts
- lxc/manpage: Fix behavior in snap
- shared/subprocess: Add StartWithFiles
- lxd/forkproxy: Switch to using subprocess
- daemon: check namespace management support through pidfds
- nsexec: remove unused dosetns() function
- nsexec: add new change_namespace() helper
- forksyscall: use pidfds to attach to namespaces
- forknet: use pidfds to attach to namespaces
- forkmount: use pidfds to attach to namespaces
- forkproxy: use pidfds to attach to namespaces
- forkfile: use pidfds to attach to namespaces
- nsexec: remove unused setnsat()
- lxd/db/networks: Separates network type and status conversion into separate functions
- lxd/db/networks: Adds ClusterTx.GetNonPendingNetworks function
- lxd/db/networks: Adds ClusterTx.UpdateNetwork function
- lxd/network/driver/ovn: Use DB transactions to safely allocate OVN external IPs on parent network
- lxd/network/driver/ovn: Include last IP in OVN range for allocatable IPs
- lxd/db/networks: Populates network nodes in ClusterTx.GetNonPendingNetworks
- lxd/db/networks: Populate description col with empty string in CreatePendingNetwork
- shared/validate: Adds IsNetworkMTU function
- lxd/network/driver: validates mtu using IsNetworkMTU
- lxd/device/nic: Validates mtu using IsNetworkMTU
- lxd/network/network/utils: Removes OVN specific helper functions
- lxd/network/network/utils/ovn: Adds OVNInstanceDeviceMTU function
- lxd/network/openvwitch/ovn: Adds MTU support for DHCP and IPv6 RA
- lxd/network/driver/ovn: Adds bridge.mtu config option and passes to DHCP/RA setup
- lxd/device/nic/ovn: Use parent network's bridge.mtu setting for setting device MTU
- lxd/network/driver/common: Moves notifier for delete into common
- lxd/networks: Moves cluster notification and storage clean up for networkDelete into common
- shared/validate: Use consistent quoting for outputting input value when there is an error
- lxc: Bundle sortorder
- lxd/network/ovn: Use snap path
- doc/networks: Adds link to OVN network
- lxd/network/network/utils: Adds pingIP function
- lxd/network/driver/ovn: Pings OVN external IPv6 router IP on bridge port start
- lxd/network/openvswitch/dns: Adds LogicalSwitchPortSetDNS and LogicalSwitchPortDeleteDNS functions
- lxd/network/openvswitch/ovn: Updates LogicalSwitchDelete to clear any remaining DNS records
- lxd/network/network/utils/ovn: Updates OVNInstanceDevicePortAdd to take instanceName for DNS records
- lxd/network/driver/ovn: Updates instance port functions to setup and remove DNS records
- lxd/device/nic/ovn: Updates usage of network.OVNInstanceDevicePortAdd to supply instance name for DNS records
- lxd/storage/drivers/utils: Fixes shrinkFileSystem to detect e2fsck filesystem modifications
- lxd/db/instances: Ensure correct pool name is returned in GetInstancePool
- shared/cert: Fix on Windows
- lxc/console: Support remote-viewer on Windows
- lxc/export: Use HostPathFollow
- lxd/cluster: Re-try listening for a minute
- lxd/init: Don't fail on existing address
- lxd/storage/zfs: Fix bad transfer logic on block
- lxd/storage/zfs: Always discard mountpoint on recv
- lxd/db/projects: go imports order
- lxd/db/projects: Removes unnecessary whitespace
- lxd/db/cluster: Adds patch for adding project_id to networks table
- lxd/db/networks: Adds project support to CreatePendingNetwork
- lxd/db/networks: Adds project support to CreateNetwork
- lxd/networks: Pass project.Default when creating networks
- lxd/instance/test: Updates tests to use project.Default for new networks
- lxd/db/networks/test: Updates tests to use project.Default for new networks
- lxd/storage/zfs: Don't filter mountpoint on block
- lxd/db/instances: Removes instancePoolSnapshot function
- lxc/network: Fix usage
- i18n: Update translation templates
- lxd/apparmor/dnsmasq: drop dup rule, /snap/lxd/*/ includes /snap/lxd/current/
- lxd/apparmor/forkdns: drop dup rule, /snap/lxd/*/ includes /snap/lxd/current/
- lxd/instance: Always put snapshots on same pool as parent
- doc/security: Adds note about non-IP ethernet frame filtering to stop VLAN QinQ bypass
- lxd/db/cluster: Update tables to allow null value for node ID
- shared/util: Converts DefaultPort from string to int
- lxd/util/net: Updates CanonicalNetworkAddress to use net.JoinHostPort rather than manual fmt.Sprintf
- lxd/util/net: Adds CanonicalNetworkAddressFromAddressAndPort function
- lxd/device/device/utils/proxy: Use net.JoinHostPort rather than manual fmt.Sprintf
- lxd/main/init/interactive: Error wrapping
- lxd/main/init/interactive: Use canonical address after port has been added for comparison
- lxd/main/init/auto: util.CanonicalNetworkAddressFromAddressAndPort usage
- lxc/remote: shared.DefaultPort usage
- lxd-agent/main/agent: shared.DefaultPort usage
- lxd-p2c/utils: shared.DefaultPort usage
- lxd/vsock: shared.DefaultPort usage
- lxd/util/http: shared.DefaultPort usage
- lxd/main/init: shared.DefaultPort usage
- lxd/db: Handle null value for nodeID
- lxd/daemon: Make db aware of remote storage drivers
- lxd/daemon: Perform automatic snapshots on random node
- lxd/storage: Refuse BLOCK_AND_RSYNC with running instance
- lxd/apparmor: Simplify profile name generation
- lxd/device: Export Name and Config
- lxd/apparmor: Shrink instance interface
- lxd/apparmor/forkdns: Alignment
- lxd/apparmor/forkdns: Support LD_LIBRARY_PATH
- lxd/api/cluster: Makes ServerAddress field required for clusterPutJoin
- lxd/network/driver/ovn: Makes ping test in startParentPortBridge async
- lxd/init: Updates initDataNodeApply to use revert package and to revert itself on error
- lxd/cluster/connect: Adds UserAgentNotifier constant
- lxd/cluster/connect: Adds UserAgentJoiner constant
- lxd/cluster/connect: Adds ClientType type and UserAgentClientType function
- lxd/api: Updates isClusterNotification to use cluster.UserAgentNotifier
- lxd/api/cluster: clusterInitMember comments
- lxd/api/cluster: initDataNodeApply usage
- lxd/main/init: initDataNodeApply usage
- lxd/api/cluster: Updates clusterPutJoin to use cluster.UserAgentJoiner when sending requests to local node
- lxd/network/network/interfaces: Replaces clusterNotification bool with cluster.ClientType
- lxd/network/driver/common: cluster.ClientType usage
- lxd/network/driver: cluster.ClientType usage
- lxd/network/driver/ovn: cluster.ClientType usage
- lxd/networks: cluster.ClientType usage
- lxd/apparmor/dnsmasq: Add /proc/self/fd
- lxd/apparmor/forkdns: Allow reading/mapping the binary
- lxd/apparmor: Add forkproxy
- lxd/device/forkproxy: Add apparmor
- lxd/instance/instance/interface: Moves Project() function into ConfigReader interface
- lxd/instance/drivers/driver/common: Adds Project function
- lxd/instance/drivers/driver/lxc: Updates lxc to use common fields
- lxd/instance/drivers/driver/lxc: Removes driver specific Project function
- lxd/instance/drivers/driver/qemu: Removes driver specific Project function
- lxd/network/network/utils: Improves UpdateDNSMasqStatic error message
- lxd/daemon: db.StorageRemoteDriverNames usage
- lxd/db: StorageRemoteDriverNames usage
- lxd/db/storage/pools: Renames GetRemoteDrivers to StorageRemoteDriverNames for clarity
- lxd/storage/drivers/load: Cache supported drivers
- lxd/storage/drivers/load: Remove references to "support" in AllDriverNames
- lxd/apparmor/forkproxy: Fix running on i386
- lxd/storage/drivers/interface: Adds isRemote function
- lxd/storage/drivers/driver/common: Adds isRemote() function that returns false
- lxd/storage/drivers/driver: Updates driver's Info() function to call d.isRemote()
- lxd/storage/drivers/ceph: Implements isRemote function for ceph and cephfs
- lxd/storage/drivers/load: Removes SupportedDrivers caching and updates comment
- lxd/storage/drivers/load: Simplifies RemoteDriverNames to use the isRemote function
- lxd/daemon: storageDrivers.RemoteDriverNames usage simplifcation
- doc/networks: Rename OVN parent to network
- lxd/networks/ovn: Rename parent to network
- scripts/bash: Add network config key
- i18n: Update translations from weblate
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 2.0.12 リリースのお知らせ ¶
14th of August 2020
はじめに ¶
LXD チームが LXD 2.0.12 のリリースをお知らせします!
このリリースは、2021 年 6 月までサポートされる LXD 2.0 に対する 12 個目のバグフィックスリリースです。
バグ修正と改良点 ¶
一番古い LTS リリースである LXD 2.0 は 2017 年 10 月以来リリースがありませんでした。
この 2.0 系の LTS ブランチはセキュリティフィックスのみが行われるモードに入っています。このリリースは 2.0.11 に入らなかった古いバグ修正のいくつかと、LXD のこのブランチをビルドできるようにするための修正のみを含んでいます。
この一部として、LXD の依存関係のいくつかが、古いバージョンの Go でビルドできなくなり、LXD 2.0.11 が Go 1.13, 1.14, 1.15 で実行でき、少なくとも 1.11 ではビルドできないことを確認しました。
重要な修正やセキュリティ上の修正はないため、古い Go のバージョンを必要とするディストリビューションは 2.0.11 を維持するべきです。
最後に、LXD 2.0 LTS をまだ使っているユーザーは、このブランチでは重要なセキュリティ上の問題のみが修正され、1 年以内にサポートが終了しますので、より新しいバージョンにアップグレードすることをおすすめします。2.0 LTS から直接 4.0 LTS へアップグレードすることがサポートされています。
コミットの全リストは次のとおりです(翻訳なし):
- Fix file transfers to/from stdin/stdout in snap
- If running as root in the snap, use /proc/1/root
- Fix failure due to bind-mount through /proc
- all: move to bakery.v2
- Update the "lxc list" help to match stable-2.0
- tests: Don't use godeps for import check
- Make current gofmt happy
- Make current gofmt happy (stable-2.0 specific)
- liblxc: detect version at runtime
- Update for newer ZFS releases
- zfs: try pool import
- Revert most of the macaroon support in client
- client: Add GetOperationUUIDs and GetOperations
- lxd/logs: Don't allow removing lxc.conf or lxc.log
- shared/api: Add API extension label to AuthMethods
- Drop logging setup in Daemon.Init()
- Add helper to redirect the global logger to the testing logger
- Add a shared.KeyPairAndCA function to get coventionally named certs
- Add new debug sub-package with support for memory profiling
- Add lxd/task sub-package for running functions periodically
- Fix output of --print-goroutines-every
- Add cpu profiling and goroutines printing to the debug sub-package
- Move execPath global variable to sys.OS.ExecPath
- Move global aaAvailable global variable to sys.OS
- Move global aaStacking global variable to sys.OS
- Move global runningInUserns global variable to sys.OS
- Move global aaAdmin global variable to sys.OS
- Move global aaConfined global variable to sys.OS
- Move global cgBlkioController global variable to sys.OS
- Move global cgCpuController global variable to sys.OS
- Move remaining global cgXXX global variables to sys.OS
- Move directory initialization to sys.OS.
- Drop unnecessary checks on MockMode
- Vendor a copy of log15 in shared/log15
- Revert "Temporary workaround for log15 API breakage"
- Switch to the built-in log15
- Add a endpoints.Endpoints class for managing HTTP endpoints
- Wire endpoints.Endpoints into Daemon
- lxd/daemon: Fix unsetting https address
- Move optional Daemon config values to DaemonConfig
- Don't skip Daemon.Ready() in tests, it can be run unconditionally
- Wire debug utilities into main_daemon.go
- Track the lifecycle of the goroutine performing log expiration
- Streamline Daemon init and shutdownn
- Control all goroutines spawned in Daemon.Ready() using task.Task
- Don't use global path variables in sys.OS
- Switch to the built-in log15
- Return the initial schema version in Schema.Ensure()
- Add a Schema.Fresh() method to set a "bootstrap" SQL statement
- Complete moving schema creation logic to schema.Schema
- Rename Daemon.db to Daemon.nodeDB
- Convert a few call sites of sql.DB.Begin to db.DB.Begin
- Rename State.DB to State.NodeDB
- Convert remaining call sites of the low-level db.Begin function
- Rename db.QueryScan to db.queryScan, making it unexported
- Remove direct use of the low-level db.Exec() func outside of lxd/db/
- Rename db.Exec to db.exec, making it unexported
- Move certificate db APIs to the db.Node facade
- Move container db APIs to the db.Node facade
- zfs: Fix slowdown because of mountpoint check
- tests: Deal with missing ttyS0/ttyS1 (on s390x)
- Move profile db APIs to the db.Node facade
- Move patches db APIs to the db.Node facade
- Move image db APIs to the db.Node facade
- Move devices db APIs to the db.Node facade
- Drop all references to Daemon.nodeDB
- Use instance-level cache dir variable instead of the environment one
- Use instance-level log dir variable instead of the environment one
- Use instance-level var dir variable instead of the environment one
- Add initial Go-level daemon integration-like test
- Add lxd/config sub-package implementing structured config maps
- Rename db_test.go to db_internal_test.go, since it's white box
- Add db.NewTestNode helper for database-related unit tests
- Add a db.NodeTx structure to abstract away low-level transactions
- Add low-level query helpers for changing config tables
- Add db APIs for fetching and changing node-local config values
- Add node.Config high-level API for modifying node-level config
- Cleanup test state at every test, to improve isolation.
- Move node-level schema updates to their own db/local/ sub-package.
- Add Schema.ExerciseUpdate() for testing a individual update
- Fix spurious tx.Exec argument in lxd/db/schema/query.go
- Extract the APIExtensions list from api10Get
- Add error messages to lxdTestSuite setup and teardown
- Add query.Count utility
- Switch to the built-in log15
- Setup mock storage driver
- Extract initialization of the REST and /dev/lxd http Server
- Add support for gracefully aborting schema.Ensure
- Drop the containerLXC.OS() convenience
- Rename container.StateObject() to container.DaemonObject()
- Drop the storageShared.OS() convenience
- Move util.AppArmorCanStack to a private appArmorCanStack in lxd/sys
- Drop trailing slash from cgroup paths definitions
- Drop pointless comments about function calls being no-op
- Rename variable "code" to "kind" for consistency
- Drop logging message when retrying to listen to a network port
- Fixed typos in the task sub-package
- Fix docstring in shared.KeyPairAndCA
- Drop unused import in lxd/db/certificates.go
- Rename Cert to Certificate in API names of lxd/db/certificates.go
- Fix import formatting in lxd/db/patches.go
- Split version declarations in shared/version into several files
- shared/logging: Add freebsd build conditional to log_posix.go
- Switch to the built-in log15
- Gracefully cancel tasks on daemon shutdown
- Fixed wording in comment
- Tweak schedule function for pruning images
- Expose task.Task instead of returning an integer handle
- client: Name all the return values in interfaces
- Fix some typos
- Fix some typos
- tests: Check for typos
- tests: Add test for unused variables
- api: add console structs
- client: add client API ConsoleContainer()
- container_lxc: add lxcParseRawLXC()
- client: add client API GetContainerConsoleLog()
- client: add client API DeleteContainerConsoleLog()
- container_exec: check for OpenPty() error
- client: add "ConsoleDisconnect" argument
- shared/idmap: Fix handling of hardlinks
- lxd/containers: Skip sockets in tarballs
- lxd/dameon: Add LXD_EXEC_PATH to override execPath
- Fix a number of unchecked variables
- lxd/containers: Only init the config if needed
- lxc/file: Log downloads/uploads
- lxd/init: Re-add missing ZFS pool name question
- lxd/init: Fix bad handling of dir backend
- Added documentation about shell env to lxc exec
- lxd-benchmark: Change the default count of containers from 100 to 1
- shared/util: add EscapePathFstab()
- devlxd: Properly lock the internal struct
- migrate.proto: silence protobuf compiler warning
- migrate: older than lxc 2.0.4 will fail
- Makefile: Better detect sqlite3.h
- client: URL escape all user input
- devlxd: Cleanup in preparation for events
- lxd/certificates: Add missing name value
- Makefile: Don't hardcode gcc
- container_lxc: actually return an error
- i18n: Update translation templates
- travis: Bump Go versions
- shared/utils: deal with symlinks
- travis: Limit to just Go 1.9
- Update LVM documentation
- zfs: fix argument order of zfs get commands.
- network: fix insertNetworkDevice()
- container_lxc: escape paths fstab style
- migrate: prepare for pre-copy migration
- Fixed typo in comment about SubCommands in lxd/main.go KishanRPatel katiewasnothere dinopanda jialin-li kianaalcala
- lxd/containers: Fix race condition in shutdown
- lxd/containers: Log auto-start errors
- lxc/exec: Fix typo
- lxd/containers: Fix tc egress rules
- lxd/events: Cleanup event listener setup
- Update issue template
- doc: Add /images/
/secret to API list - lxd/containers: No slahses in snapshot names
- lxd/init: Strip leading and trailing spaces
- change “your first time using LXD” to something less confusing
- doc/README: Update source build instructions
- doc/containers: Document CPU limits
- i18n: Update translation template
- scripts/vagrant: The LXD PPA is gone
- allow arbitrary users to read idmaps
- drop \n from IdmapSet's ToLxcString
- lxd/containers: Fix container shutdown on exit
- lxd/main: Don't mention --preseed on 2.0
- i18n: Fix bad japanese translation
- fix parsing for container name tab-completion
- lxc/file: Fix edit in a snap environment
- shared/idmap:DefaultIdmapSet(): take a user argument
- *: move download function to shared
- shared/hostpath: Also check SNAP_NAME
- shared/hostpath: Properly handle prefix check
- termios: Workaround vet on go tip
- test: fix shellcheck complaints
- lxd,shared: move archive functions to shared
- containers: Default to pids cgroup for fork bomb mitigation
- tests: Check for mixed tabs/spaces and trailing whitespaces
- tests: Fix mixed tabs/spaces
- api: Include message format for events
- events: Use api message type
- api: Add NetworkLease struct
- client: Add network leases handling
- lxc: Properly handle the --version flag
- lxd-benchmark: Fix new go vet warnings
- lxc: Make the
/ syntax work - i18n: Update translation templates
- Make the test suite use lxc.apparmor.profile instead of lxc.aa_profile
- Check for LXC version to decide which apparmor profile config key to use
- setup-lvm: Fix pyflakes warnings
- shared/cancel: Properly lock map
- shared/cancel: Make the cancel code golint clean
- lxd: Rework listening logic
- lxd-benchmark: Fix golint
- lxd/types: Make golint clean
- client: Check API extension for storage
- client: Check API extension for network
- shared/api: add local storage volume {copy,move}
- client: add {Copy,Move}StoragePoolVolume()
- api: Add description field on operation
- shared/eagain: Make our EAGAIN code a new package
- lxd/netcat: Port to using shared/eagain
- lxd/daemon: Cleanup startup code a bit
- tests: Wait up to 20s for image to expire
- tests: Consistency
- fuidshift: Drop specific Makefile
- shared/version: Include storage backends in agent
- lxc: Fix golint
- lxd/util: Fix golint
- tests: Update list of golint clean packages
- i18n: Look at all lxc files
- lxc: Introduce a new utils package
- lxd: Move migration code to own package
- shared: Remove dead code
- lxd: Restrict pongo2 file functions
- tests: Fix recent Go test breakages
- lxc/utils: Sync stringList with master
- scripts/bash: tweak complete line for snaps
- Add some missing "Return:" headings to make sample return values formatting right
- container_lxc: keep full capability set
- Fix version parsing of LXC betas
- Ignore io.EOF errors when performing PUT /internal/shutdown
- lxd/shutdown: Fix error string check
- lxd/shutdown: Fix typo in error handling
- lxd/init: Prevent non-root execution
- lxd/init: Don't fail test when non-root
- memory: fix format string
- db: Fix bad format string
- client: Remove debug statements
- db: Fix more format issues
- lxd/migration: Update protocol
- i18n: Update message catalogs and Japanese translation
- shared/api: Don't re-define fields
- doc: add the appropriate titles to some documents
- lxc: Fix manpage subcommand
- shared/idmap: Workaround Go tip change
- lxc: Remove dead code
- Manually release the liblxc structs
- lxd/containers: Adapt to go-lxc Release
- tests: Bump LV size to 50MB
- lxd/util: Fix formatting
- tests: Tweak fdleak test
- lxd/util: Add missing import
- travis: Sync with current
- Release LXD 2.0.12
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.0.3 リリースのお知らせ¶
12th of August 2020
Introduction¶
LXD チームが LXD 4.0.3 のリリースをお知らせします!
このリリースは、2025 年 6 月までサポートされる LXD 4.0 に対する 3 つめのバグフィックスリリースです。
バグ修正と改良 ¶
このリリースには、開発ブランチからの数カ月分のバグフィックスと細かな改善が含まれています。
このリリースでは、VGA コンソール(LXD API 内の SPICE)とプロジェクトのディスク制限が含まれており、少し拡張された「マイナーな改良」となっています。4.0 リリースの主要な機能のいくつかのギャップを埋めるには、これが重要で(そして簡単だ)と思ったのです。
これらの機能は、データベーススキーマの更新を必要とせず、ダウングレードを防止したり、ディスク上の構造を変更したりすることもありませんので、変更を行うことは安全で重要であると感じました。
主な変更点は次のとおりです:
lxc launchに新たに--consoleフラグが追加されました- 仮想マシン内の
/dev/lxdAPI のサポート /1.0/resourcesAPI 内で GPU 媒介(mediated)デバイスのサポート- 仮想マシンに対する VGA コンソールのサポートの追加。クライアントで
--console=vga(lxc launchもしくはlxc start)や--type=vga(lxc console)を指定します dnsmasqとforkdnsに対する自動的な AppArmor プロファイルの生成- プロジェクトに対するディスク制限(
limits.disk設定オプション)
コミットの全リストは次のとおりです(翻訳なし):
- lxd/storage: Better handle broken volumes
- client: Handle unknown image sizes
- lxd/response: Stream multi-part responses
- lxd/device/disk: Fixes cloud-init errors for VMs
- lxc/action: Show usage on missing target
- lxd/storage: Rely on UsedBy for deletion error
- lxd/instances/qemu: Use images dir during compression
- lxd/storage/drivers: Rename fs to filesystem
- shared/api: Add ContentType to storage volume structs
- client: Support custom block volumes
- lxd/util: Detect hugetlbfs mount point
- lxd/cluster: Always check for dqlite protocol version mismatches
- lxd/cluster: Don't run unncessary HEAD probe upon dqlite connections
- forksyscall: use nsids for shiftfs syscall intercepts
- lxd/db: Drop ClusterRoleDatabase records from the database
- lxd/cluster: Fetch database role information directly from raft
- lxd/storage: Fix regression in truncate handling
- lxd/cluster: Only look up raft_nodes for resolving the address of node 1
- lxd/cluster: Leverage RolesChanges.Handover() to choose handover target
- lxd: Increase timeout of go unit tests when ran from Emacs
- lxd/cluster: Skip unncessary loading of nodes from database in Rebalance()
- lxd/cluster: Leverage RolesChanges.Adjust() to choose rebalance target
- lxd/cluster: Increase time budget of client.Assign() when assigning voter role
- lxd/cluster: When demoting to Spare only transition to StandBy if Voter
- lxd/project: Add more name checks
- doc/server: Cover listen + authentication
- lxd/qemu: Don't do file lock on custom volumes
- shared/api: Add FailureDomain field to ClusterMemberPut
- client: Check clustering_failure_domains extension when updating a member
- instance: update terminology I
- lxd/network: Validate ipv4/ipv6 routes
- lxd/proxy: Fix govet
- lxd/rsync: Add AtLeast
- lxd/rsync: Filter out security.selinux
- lxd-p2c: Filter out security.selinux
- lxc-to-lxd: Filter out security.selinux
- lxc/launch: Add --console
- instance: introduce container_syscall_filtering_allow_deny extension
- tests: remove trailing comma
- lxd/instance/drivers: Provide instance-data file
- lxd-agent: Support /dev/lxd
- lxd/instance/drivers: Allow updating running VMs
- tests: Fix bad ipv6.routes value
- lxc/instance/drivers/qemu: Support ephemeral VMs
- lxd/qemu: Use memory backend ram/file
- lxc/image: Fix dir handling on snap
- lxd/qemu: Fix crash on non-pinned VM
- lxc/image: Fix more dir handling on snap
- terminals: update terminology again
- doc/instances: Improves proxy docs
- lxc/main_alias: Handle leading arguments
- lxd/storage: Fix block volume migration
- lxd/rbac: Always allow internal cluster traffic
- units: handle multiplication integer overflow
- lxd/rsync: Untangle from daemon package
- lxd/qemu: Don't use file.locking with rbd
- lxd/storage/zfs: Use autotrim when available
- lxd: Add clustering_fix_raft_address_zero patch to fix node with "0" as address
- Revert "lxd/storage: Fix block volume migration"
- lxd/resources: Use udev model data if available
- Decode error
- doc/api-extensions: Fix escaping
- share/api: Add GPU mdev
- lxd/resources: Add GPU mdev
- api: Add GPU mdev
- lxd/qemu: Fix unbound hugepages
- lxd/qemu: Properly connect memory
- api: console_vga_type
- doc/rest-api: Add type field to console
- shared/api: Add Type field to InstanceConsolePost
- lxd/instance: Add protocol argument to Instance.Console()
- lxd/instance/drivers: Support VGA output in qemu.Console()
- lxd: Handle "vga" type in console API handler
- client: Add ConsoleInstanceDynamic() to support multiple websocket connections
- lxc: Add --type flag to "lxc console"
- i18n: Update translation templates
- lxc/console: Missing error handling
- lxc/console: Prefer remote-viewer
- lxc: Populate cmdConsole.flagType also when ran manually
- lxc/console: Short argument for type
- lxc: Allow using --console=TYPE
- lxd/images: Rename imgPostContInfo to imgPostInstanceInfo
- lxd/instances: Return and set image properties
- lxd/qemu: Add support for spice agent
- lxc/console: Disconnect on shutdown
- lxd/db: Drive-by removal of leftover fmt.Printf's
- lxd/main_daemon: s/containers/instances/
- lxd: s/containersShutdown/instancesShutdown/
- lxd: Add context to daemon
- lxd/operations: Add db operation type to Operation
- lxd: Add waitForOperations()
- lxd: Shut down gracefully
- lxd/operations/operations: Fix hanging cancelation
- lxd/instance_post: Pass cancel function to websocket operation
- client/lxd_instances: Cancel websocket op if needed
- lxd/daemon: Return 503 when shutting down
- doc/api-extensions: Fix over-escaping
- lxd: Add --force flag to lxd shutdown
- shared/instance: Move network validation functions to shared
- lxd/db/networks: Adds internal network type constants
- lxd/db/networks: Updates CreateNetwork to accept a network type
- lxd/db/networks: Updates CreatePendingNetwork to accept a network type
- lxd/network/network/interface: Adds network interface
- lxd/network/network/load: LoadByName to use Network interface, add Validate
- lxd/network/errors: Adds error constants
- lxd/network/network/utils: Moved validation functions from main package
- lxd/network/driver/common: Adds common driver
- lxd/network/driver/bridge: Renames network to driver_bridge
- lxd/networks/utils: Remove unused network validation functions in main
- lxd/device/device/utils/network: Removes unused validation functions
- lxd/device/device/utils/proxy: shared.IsNetworkAddress usage
- lxd/device/nic: shared validation function usage
- lxd/device/nic/bridged: Support Network interface
- lxd/device/nic/ipvlan: shared validation function usage
- lxd/device/nic/routed: shared validation function usage
- lxd/main/init/interactive: Uses network name validation from network package
- lxd/networks: ValidNetworkName usage in networkPost
- lxd/networks: Updates doNetworkUpdate to use network package validation
- lxd/networks: Updates networksPost to support network type
- lxd/networks: Remove use of network.IsRunning in networkShutdown
- lxd/networks/config: Removed
- lxd/networks/utils: Updates usage of n.RefreshForkdnsServerAddresses to generic n.HandleHearbeat
- lxd: Updates network tests to pass netType
- lxd/network/network/utils: Unexports usesIPv4Firewall and usesIPv6Firewall
- lxd/network/driver/bridge: usesIPv4Firewall and usesIPv6Firewall usage
- lxd/apparmor: Use templating
- lxd/apparmor: Use proper version parsing
- lxd/network/driver/common: Adds config diff and db update common functions
- lxd/network/driver/common: Adds contextual logger
- lxd/network/driver/common: Removes stuttering on "common" in validation rules function
- lxd/network/driver/bridge: Updates to use contextual logger
- lxd/network/driver/bridge: Simplifies Update function to use common update functions
- lxc/networks: Renames notify to clusterNotification in doNetworkUpdate
- lxd/network/network/interface: Clarifies Update arguments
- lxd/network/network/interface: Renames Delete withDatabase arg to clusterNotification
- lxd/network/driver/common: Adds common delete function
- lxd/networks: Cleans up networksPost to use clusterNotification argument correctly
- lxd/networks: Log quoting in networksPostCluster
- lxd/networks: Cleans up doNetworksCreate to use clusterNotification argument
- lxd/network/driver/bridge: Updates Delete to use common delete function
- lxd/network/driver/bridge: Adds logging to Update
- lxd/networks: Removes bridge specific logic in doNetworkUpdate
- lxd/network/driver/bridge: Adds fan auto detection logic to Update
- lxd/network/driver/common: Adds rename common function
- lxd/network/driver/bridge: Updates Rename to use common rename function
- lxd/networks: networkPost logging quoting
- lxc/network/driver/bridge: isRunning comment
- lxd/network/driver/bridge: Unexports hasIPv4Firewall and hasIPv6Firewall
- lxd/networks: Detect unknown network type in networksPost, dont assume bridge
- lxd/networks: comment fix in networksPostCluster
- lxd/networks: Allow for different managed network types in doNetworkGet
- lxd/network/network/interface: Adds fillConfig to interface
- lxd/network/driver/common: Adds default fillConfig function
- lxd/network/driver/common: Adds default HandleHeartbeat function
- lxd/network/network/load: Adds per-driver FillConfig wrapper
- lxd/network/network/utils: Removes generic FillConfig
- lxd/network/driver/bridge: fillConfig implementation
- lxd/network/driver/bridge: Exposes error message from ValidNetworkName in Validate
- shared/version: Add projects_limits_disk extension
- doc: Document limits.disk project configuration key
- lxd: Add "limits.disk" to supported project config keys
- lxd/project: Check that root disk sizes are within limits.disk
- lxd/project: Add projectInfo struct to hold together project's extra info
- lxd/db: Add GetCustomVolumesInProject() to fetch custom volumes in a project
- lxd/project: Fetch the project's custom volumes
- lxd/project: Consider custom volumes sizes in checkAggregateLimits
- lxd/project: Add AllowVolumeCreation() to check limits upon volume creation
- lxd: Call project.AllowVolumeCreation() before creating custom volumes
- lxd/project: Add AllowVolumeUpdate() to check custom volumes config updates
- lxd: Call project.AllowVolumeUpdate() before modifying a custom volume
- shared: Add QuotaWriter
- lxd/project: Add GetImageSpaceBudget() returning image disk space budget
- lxd: Possibly limit the disk space that can be used by POST /1.0/images
- lxd: Check available project budget when publishing an instance as image
- lxd/project: Fill missing fields when checking instance creation
- lxd/project: Skip checks when unsetting limits
- lxd: Honor project disk budget when downloading images
- test: Add tests for the "limits.disk" project config key
- lxd/sys: Create apparmor/seccomp paths
- lxd/apparmor: Split and rename instance functions
- lxd/resources/storage: Use ID_MODEL_ENC when possible
- shared: Add InSnap
- shared/subprocess: Add AppArmor support
- lxd/apparmor: Rename template
- lxd/apparmor: Add dnsmasq profile
- lxd/networks: Use AppArmor when available
- tests: Delete leftover storage volume
- lxd/operations/operations: Renames Operations to Clone
- lxd-agent/operations: operations.Clone() usage
- lxd: operations.Clone() usage
- Drop from .travis.yaml Go versions we don't support anymore
- shared/api/network: Adds network status constants
- lxd/networks: API constant usage in networkDelete
- lxd/network/network/load: Adds status
- lxd/network/network/interface: Adds status function
- lxd/network/driver/common: Adds status field and function
- lxd/network/driver/bridge: Don't allow starting a pending network
- lxd/device/nic/bridged: Usage of d.state.Cluster.GetNetworkInAnyState in rebuildDnsmasqEntry
- lxd/api/cluster: Usage of api.NetworkStatusPending
- lxd/db/networks: Usage of api package's NetworkStatus constants in getNetwork
- lxd/db/networks: Removes unused GetNetwork
- lxd/db/networks: GetNonPendingNetworks comment
- lxd/db/networks: Allow pending nodes to be added to errored networks in CreatePendingNetwork
- lxd/db/networks: CreatePendingNetwork comments and line spacing
- lxd/networks/utils: Skip network load error in networkUpdateForkdnsServersTask
- lxd/device/nic/bridged: Validates network is type bridge
- lxc/device/nic/bridged: Only allow using non-Pending networks
- lxd/networks: Various comment and error quoting consistency fixes
- lxd/networks: Validate network name earlier in networksPost
- lxc/networks: Validate config in doNetworksCreate
- lxd/db/networks: Ensure that network type matches existing pending network in CreatePendingNetwork
- lxd/db/networks: Remove errored state on successful update in UpdateNetwork
- lxd/network/driver/bridge: Adds targetNode arg to Update
- lxd/network/network/interface: Adds targetNode arg to Update
- lxd/network/driver/common: Tweaks to update function in cluster environment
- lxd/networks: networksPost error response tweaks
- lxd/networks: Updates networksPostCluster
- lxd/networks: Unifies networkPut and networkPatch
- lxd/device/nictype: Adds small package to resolve NIC device nictype from network
- lxd/device/config/devices: Removes NICType
- lxd/device/config/devices: Improves comment on Update
- lxd/device/device/load: Removes devTypes map and updates load to use NICType function
- lxd/device: Removes device load helpers
- lxd/device/device/utils/network: nictype.NICType usage
- lxd/device/nic/bridged: Updates usage of functions whos signatures changed due to NICType
- lxd/device/nic/p2p: Updates usage of functions that changed signature due to NICType
- lxd/device/proxy: nictype.NICType usage
- lxd/instance/drivers/driver/lxc: nictype.NICType usage
- lxd/instance/drivers/driver/qemu: nictype.NICType usage
- lxd/network/driver/bridge: Usage of functions that changed signature due to NICType
- lxd/network/driver/common: Updates IsUsed for NICType signature changes and checks for profile usage
- lxd/network/network/interface: Signature change of IsUsed to accomodate NICType
- lxd/network/network/utils: Usage of nictype.NICType and signature changes to accomodate it
- lxd/networks: nictype.NICType usage and comment improvements
- lxd/networks: Comment ending consistency
- test: Updates tests to delete profiles before networks
- lxd/networks: Remove database record on error in networksPost
- test: sriov NIC comment ending consistency
- doc/networks: Re-arranges network docs to support different types
- doc/networks: Fixes typo
- lxd/network/openvswitch/ovs: Adds OVS wrapper
- lxd/network/driver/bridge: ovs usage
- lxd/network/network/utils: ovs usage
- lxd/networks: ovs.BridgeExists usage
- tree-wide: add dummy include package for cgo
- doc/images: Cover the various image servers
- doc: Typo fix
- lxd/networks: Fixes bug in doNetworkUpdate that prevents removal of non-node specific keys
- lxd/network/driver/bridge: Consistent comment ending in setup()
- lxd/network/network/interface: fillConfig signature
- lxd/network/driver/common: Updates fillConfig signature
- lxd/network/driver/bridge: Updates fillConfig signature
- lxd/network/network/load: Updates FillConfig to use new signature
- lxd/network/driver/bridge: Fixes Update to regenerate default values if missing
- test/suites/container/devices/nic/bridged: Fixes DHCP disable by setting IP address none
- lxd/network/driver/bridge: Dont fail start if cannot restore third party route
- lxd/migrate: Fix crash in sendControl when no active connection
- lxd/operations: Fix typo
- lxc/export: Plug in cancelable wait
- i18n: Update translation templates
- lxd/devices/device/utils/network: Removes networkValidMAC
- shared/instance: Adds IsNetworkMAC for use in network and device packages
- lxd/device/nic: shared.IsNetworkMAC usage
- lxd/network/driver/bridge: Adds volatile.bridge.hwaddr key
- shared/validate: Adds validate helper package
- lxd: Updates use of validate helper functions now in validate package
- shared: Removes validate helper functions
- lxd/device/device/utils/infiniband: Changes infinibandValidMAC to use net.ParseMAC
- lxd/device/device/utils/infiniband/test: Changes test name for linter
- lxd/networks: Allow update/removal of node-specific key in non-clustered mode
- lxd/network/driver/bridge: Adds safety check for volatile MAC address usage
- lxd/device: fix empty error message when tc fails
- test: Wait for operations to be removed from the database
- shared/validate: Adds Optional() validate wrapper
- shared/validate: Makes IsInt64 non-optional
- lxd/network/driver/bridge: Add validate.Optional() wrapper for validate.IsInt64 usage
- lxd/storage/utils: Adds validate.Optional() wrapper for validate.IsInt64 usage
- shared/instance: Adds validate.Optional() wrapper for validate.IsInt64 usage
- lxd/device/device/utils/network: Removes networkValidVLAN
- shared/validate: Adds IsNetworkVLAN
- lxd/device/nic: validate.IsNetworkVLAN usage
- seccomp: switch from individual pread() to process_vm_readv()
- seccomp: fix i386 builds
- seccomp: ensure that target process is still valid
- client: Move proxyMigration
- lxd: Port remaining calls to instance
- lxd/network/driver/common: Adds Create function no-op
- lxd/network/network/interface: Adds Create function
- lxd/networks: Adds call to network Create in doNetworksCreate
- lxd/device/device/utils/network: Adds networkDHCPValidIP
- lxd/device/nic/bridged: Removes networkDHCPValidIP
- lxd/device/device/utils/networks: Splits networkSetupHostVethDevice into multiple functions
- lxd/device/nic/bridged: networkVethFillFromVolatile usage and other host-veth functions
- lxd/device/nic/p2p: networkVethFillFromVolatile usage and other host-veth helper functions
- lxd/device/nic/routed: networkVethFillFromVolatile usage and other host-veth helper functions
- lxd/network/network/utils: Updates isInUseByDevices to support networks that don't match their physical parent
- lxd/device: Add missing sriov type
- lxc/move: Allow --target with cluster destination
- i18n: Update translation templates
- lxd/networks: Validate network config before starting networks on startup
- lxd/network/driver/common: Call init() in update() to consistency apply new internal state
- lxd/device/device/utils/network: Removes networkDHCPValidIP
- lxd/dnsmasq/dhcpalloc: Adds static DHCP allocation package for dnsmasq
- lxd/dnsmasq: Renames DHCPStaticIPs to DHCPStaticAllocation
- lxd/dnsmasq: Renames DHCPAllocatedIPs to DHCPAllAllocations
- lxd/network/network/utils: Removes GetIP
- lxd/network/network/utils: dhcpalloc.GetIP usage
- lxd/network/network/utils: dnsmasq.DHCPStaticAllocation usage
- lxd/network/network/interface: Changes of functions to accomodate dhcpalloc package
- lxd/network/driver/common: Implements default no-op function for non-dhcp enabled networks
- lxd/network/driver/common: dhcpalloc.DHCPRange usage
- lxd/network/driver/bridge: dhcpalloc package function usage
- lxd/network/driver/bridge: DHCPv4Subnet and DHCPv6Subnet implementations
- lxd/device/nic/bridged: Comment correction
- lxd/device/nic/bridged: n.DHCPv4Subnet and n.DHCPv6Subnet usage
- lxd/device/nic/bridged: dnsmasq.DHCPStaticAllocation usage
- lxd/device/nic/bridged: dhcpalloc.DHCPValidIP usage
- lxd/device/nic/bridged: Switches static DHCP allocation for IP filtering to dnsmasq/dhcpalloc
- lxd/main_activateifneeded: Clarify 'No DB' debug statements
- doc: s/container/instance/g
- doc/backup: Add note about the snap mntns
- lxd/apparmor: Don't fail on missing apparmor
- shared/validate: Makes IsUint32 non-optional
- lxd: Wraps validate.IsUint32 in validate.Optional
- shared/instance: Wraps validate.IsUint32 in validate.Optional
- shared/validate: Makes IsUint8 non-optional
- lxd/network/driver/bridge: Wraps validate.IsUint8 in validate.Optional
- shared/validate: Makes IsPriority non-optional
- shared/instance: Wraps validate.IsPriority in validate.Optional
- shared/validate: Makes IsBool non-optional
- lxd: Wraps validate.IsBool in validate.Optional
- shared/instance: Wraps validate.IsBool in validate.Optional
- shared/validate: Makes IsSize non-optional
- lxd: Wraps validate.IsSize in validate.Optional
- shared/instance: Wraps validate.IsSize in validate.Optional
- shared/validate: Makes IsNetworkAddress non-optional
- lxd: Wraps validate.IsNetworkAddress in validate.Optional
- shared/validate: Makes IsNetworkV4 non-optional
- lxd/network/driver/bridge: Wraps validate.IsNetworkV4 in shared.Optional
- shared/validate: Makes IsNetworkAddressV4 non-optional
- lxd/device/nic: Wraps validate.IsNetworkAddressV4 in validate.Optional
- lxd/network/driver/bridge: Wraps validate.IsNetworkAddressV4 in validate.Optional
- shared/validate: Makes IsNetworkAddressCIDRV4 non-optional
- lxd: Wraps validate.IsNetworkAddressCIDRV4 in validate.Optional
- shared/validate: Makes IsDeviceID non-optional
- lxd/device: Wraps validate.IsDeviceID in validate.Optional
- shared/validate: Makes IsNetworkV6 non-optional
- shared/validate: Makes IsNetworkAddressCIDRV6 non-optional
- lxd: Wraps validate.IsNetworkAddressCIDRV6 in validate.Optional
- shared/validate: Makes IsNetworkAddressV6 non-optional
- lxd: Wraps validate.IsNetworkAddressV6 in validate.Optional
- lxd/device/nic/routed: Wraps validate.IsNetworkAddressV4List in validate.Optional
- lxd: Wraps validate.IsNetworkV4List and validate.IsNetworkV6List in validate.Optional
- shared/validate: Tweaks IsNetworkVLAN error message ordering
- shared/validate: comment spacing
- daemon: check whether shiftfs is useable
- lxd/network/network/utils: Renames ValidNetworkName to validInterfaceName
- lxd/network/network/utils: Adds validVirtualNetworkName
- lxd/network/network/interfaces: Adds ValidateName
- lxd/network/driver/bridge: Implements ValidateName
- lxd/network/network/load: Adds ValidateName helper function
- lxd/main/init/interactive: Switches to network.ValidateName for bridge validation
- lxd/networks: Switches to network.ValidateName
- lxd/storage/utils: Simplifies error message from ValidName
- lxd/cluster/config: Fix import ordering of external package
- lxd/network/openvswitch: Name functions consistently using ObjectAction format
- lxd/network/driver/bridge: OVS function naming usage
- lxd/network/network/utils: OVS function naming usage
- lxd/network/network/interface: Adds ID() function
- lxd/network/driver/common: Implements ID() function
- lxd/resources: Fix total memory for per NUMA node
- lxd/rsync: Don't pass --bwlimit when no limits set
- client/operations: Fixes race conditions
- lxd/operations: Fixes race conditions
- client: More races fixed
- Makefile: Adds race target for enabling race detector
- Makefile: Correctly builds lxd-p2c and lxd-agent in debug and nocache targets
- client/operations: Race fix
- lxd/db: Adds mutex to fix races
- lxd/operations: Fixes races
- shared/validate: Adds IsURLSegmentSafe function
- lxd/network/driver/common: Adds common ValidateName function
- lxd/network/driver/bridge: Changes ValidateName to use common validation too
- lxd/network/network/load: Adds field name context to name validation errors
- lxd/network/network/utils: Removes validVirtualNetworkName
- lxd/networks: Returns network context on network startup failure
- shared/validate: Adds Required() and makes Optional() accept multiple validators
- test/suites/storage: LVM size tweaks
- lxd: enable safe native container terminal allocation
- exec: fix OpenPtyInDevpts()
- lxd/instance/drivers/driver/lxc: Adds nil check in getLxcState
- lxd/storage/locking: Moves package to lxd/locking
- lxd/locking: Renames variables to make them generic
- lxd/storage/drivers/utils: Adds OperationLockName function
- lxd/storage: locking.Lock usage with OperationLockName wrapper
- lxd/network/driver/bridge: Don't allow stable volatile MAC with fan network
- lxd/network/driver/bridge: Don't allow hwaddr to be set in fan mode
- seccomp: update comment about blocking the new mount api
- syscall_numbers: fix pidfd_open() definition
- lxd_seccomp: add SECCOMP_IOCTL_NOTIF_ADDFD definitions and types
- checkfeature: check for seccomp notify fd injection feature
- syscall_numbers: add pidfd_getfd()
- syscall_numbers: add bpf()
- seccomp: report helpful errors when determining support for features
- seccomp: handle liblxc sending the notify fd as part of the seccomp message
- syscall_numbers: add close_range()
- exec: switch to close_range() syscall
- process_utils: remove faulty license
- lxd/apparmor/dnsmasq: Add binary for nesting
- lxd/storage/drivers/ceph: Fix volume deletion
- lxd/instance/drivers/driver/qemu: Fix race in onStop getting operation
- lxd/db: Fix premature failure when listing cluster volumes
- lxd/db/storage_volumes: Add comments regarding behaviour
- doc/production-setup: Fix escaping
- doc/production-setup: Update introduction
- lxd: Fix automatic storage volume snapshots
- cluster: Don't upgrade nodes without raft role concurrently
- lxd/network/network/load: Moves fillAuto logic into per-driver fillConfig function
- lxd/network/utils: Moves fillAuto into bridge's fillConfig function
- lxd/network/network/utils: Adds randomHwaddr function
- lxd/patches: Adds patch to remove volatile.bridge.hwaddr network key
- lxd/network/bridge/driver: Removes volatile.bridge.hwaddr and adds stable MAC generation
- shared/usbid: Don't auto-load
- lxd/resources: Load USB database
- lxd/apparmor: Move dnsmasq functions
- lxd/apparmor: forkdns profile
- lxd/sys: Add unpriv uid/group
- lxd/instances: Update for OS type change
- shared/subprocess: s/Pid/PID/
- shared/subprocess: Add credentials
- lxd/network: forkdns and creds drop for forkdns
- lxd/network: Run dnsmasq as unpriv group
- lxd/device/device/common: Adds common contextual logger
- lxd/network/driver/bridge: Validates bridge.external_interfaces using validate.Optional() helper
- shared/validate: Adds network IP range validators
- lxd/network/driver/bridge: Adds DHCP IP range validation
- shared/network/ip: Defines IPRange struct
- lxd/dnsmasq/dhcpalloc: Removes DHCPRange and switches to shared.IPRange
- lxd/network: Replaces dhcpalloc.DHCPRange with shared.IPRange
- lxd/storage: Fix delete of remote pools
- lxd/storage/ceph: Allow for small size variation
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.4 リリースのお知らせ¶
31st of July 2020
はじめに ¶
LXD チームは LXD 4.4 のリリースをお知らせできることにワクワクしています!
このリリースは、ユーザーの方々すべてに新しい機能を提供する非常に忙しいリリースのひとつになりました。クラスタリングとマルチユーザーのデプロイメントを大幅に改良し、今後さらにエキサイティングな機能を追加するための基盤になっています。
Enjoy!
新機能とハイライト ¶
仮想マシン向けの VGA コンソール ¶
LXD 4.3 では、QEMU の設定に、デフォルトの virtio-gpu デバイスと SPICE 通信チャンネルのサポートを追加しました。
このリリースでは、実際に仮想 GPU にアタッチして操作するための通信メカニズムとクライアントロジックが追加されました。
lxc launch もしくは lxc start に --console=vga を指定するか、lxc console に --type=vga を指定できます。これを使うには、クライアントシステム上で remote-viewer か spicy が利用できる必要があります。もしどちらもない場合は、SPICE ソケットがクライアント上にマッピングされ、パスが提供されます。
この API は LXD 自身の websocket コンソール API に基づいていますが、spice-html5 と互換性があるため、LXD にアクセスする Web インターフェースに使用できます。
クラスタリングの failure domain ¶
LXD はクラスターメンバーに対する failure domain のコンセプトを公開するようになりました。
これにより、どのシステムが同時にオフラインになりそうかを LXD データベースに伝えることができますので、リーダーを選出する際や、クラスターメンバーを別のデータベースロールに昇格させたりするときに、より良い決定を下せるようになります。
failure domain の例としては、物理システムの電源回路、仮想マシン上で LXD が実行されている場合のホストシステム、クラウドインスタンス上で LXD が実行されている場合のクラウドアベイラビリティゾーンやリージョンがあります。
root@nuc01:~# lxc cluster list +-------+----------------------------+----------+--------+-------------------+--------------+----------------+ | NAME | URL | DATABASE | STATE | MESSAGE | ARCHITECTURE | FAILURE DOMAIN | +-------+----------------------------+----------+--------+-------------------+--------------+----------------+ | nuc01 | https://172.17.16.140:8443 | YES | ONLINE | fully operational | x86_64 | pdu01 | +-------+----------------------------+----------+--------+-------------------+--------------+----------------+ | nuc02 | https://172.17.16.139:8443 | NO | ONLINE | fully operational | x86_64 | pdu02 | +-------+----------------------------+----------+--------+-------------------+--------------+----------------+
仮想マシンの /dev/lxd ¶
/dev/lxd API(英語サイト)が仮想マシンでも利用できるようになりました。
これはコンテナ内の場合と同じように動作します。しかし、イメージダウンロードの転送機能は利用できません。
デーモンの graceful シャットダウン ¶
これまでは、システムがシャットダウンされる際や LXD がアップデートされる際に、LXD がシャットダウンの指示を受けたときは、実行中のすべての操作が即座に中断されていました。
これはいくつかの不具合を引き起こしていました:
- いかなる lxc exec/console コマンドも即座に切断されていた
- イメージの更新が中断され、イメージが壊れたり失われたりする可能性があった
- マイグレーション中のインスタンスが、移行元サーバー上で停止したままの状態になっている可能性があった
新しいロジックは次のように処理しようとします:
- キャンセルできる操作はクリーンにキャンセルする
- 新しい操作の開始を防ぐ
- シャットダウン中のいかなる API 操作も防ぐ
- (exec/console のような)キャンセルできない操作を最大で 5 分待機する
残念ながら、lxc exec や lxc console のユーザーに数分後に切断されることを通知する良い方法はありません。どんな出力でも、その操作を妨げる可能性があるからです。しかし、5 分間の猶予時間は多くの場合で充分であり、現在の動作に比べて大きな改善になると考えています。
管理ネットワークの macvlan タイプと sriov タイプ ¶
管理ネットワークに、すでにある bridged に加えて新たにふたつのネットワークタイプが加わりました。
これは、macvlan もしくは sriov を使った管理ネットワークを定義し、(管理されたネットワークしか使えない)制限されたプロジェクトで使用できるようにすることができるようになったということです。
このように定義すると、MAAS サブネット、MTU、VLAN を事前に定義することができ、インスタンスごとに定義を繰り返し行う必要がありません。
これは、今後実装される仮想ネットワーク(OVN 経由)の外部レイヤーの基盤となります。これによりプロジェクトユーザーは、許可された管理ネットワークを使った独自のネットワークを、ホストシステムとコンフリクトする危険性なく構築できます。
root@lantea:~# lxc network create my-macvlan parent=enp11s0 --type=macvlan Network my-macvlan created root@lantea:~# lxc network create my-sriov parent=enp7s0 vlan=1017 --type=sriov Network my-sriov created root@lantea:~# lxc init images:ubuntu/20.04/cloud c1 Creating c1 root@lantea:~# lxc config device add c1 eth0 nic network=my-macvlan name=eth0 Device eth0 added to c1 root@lantea:~# lxc init images:ubuntu/20.04/cloud c2 Creating c2 root@lantea:~# lxc config device add c2 eth0 nic network=my-sriov name=eth0 Device eth0 added to c2 root@lantea:~# lxc start c1 c2 root@lantea:~# lxc list +------+---------+----------------------+-----------------------------------+-----------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +------+---------+----------------------+-----------------------------------+-----------+-----------+ | c1 | RUNNING | 172.17.16.224 (eth0) | 2001:470:b0f8:1016:1::dcba (eth0) | CONTAINER | 0 | +------+---------+----------------------+-----------------------------------+-----------+-----------+ | c2 | RUNNING | 172.17.17.241 (eth0) | 2001:470:b0f8:1017:1::c36d (eth0) | CONTAINER | 0 | +------+---------+----------------------+-----------------------------------+-----------+-----------+ root@lantea:~#
プロジェクト内のディスク使用量制限 ¶
最近、プロジェクトに対する制限(limit)と制約(restriction)が設定できるようになり、信頼できないユーザーが LXD を安全に使えるようになりました。その後、プロジェクトに欠けていた機能として、プロジェクトがディスクスペースのないホストシステムを実行できていたことがあります。
これは、新たに追加された limits.disk 設定キーがプロジェクトで利用可能になり、プロジェクトに対してトータルのディスク使用量を制限できるようになったことで問題ではなくなりました。
これはすべてのプロジェクトのインスタンス、イメージ、カスタムストレージボリュームに対して適用されます。
dnsmasq に対する AppArmor 制限 ¶
AppArmor サポートが拡張され、インスタンスに対する保護だけでなく、LXD が操作する他のサービスも保護するようになりました。
最初のこのような外部サービスは dnsmasq です。ネットワークごとの AppArmor プロファイルで実行されるようになりました。
LXD が起動する、長時間実行しつづけるプロセスのすべてをカバーするように、forkdns、forkproxy、qemu についても同様のプロファイルを追加する予定です。
リソース API の GPU 媒介(mediated)デバイス ¶
LXD は GPU の媒介デバイスを検出するようになりました。
これは Intel と NVIDIA の一部のデバイスでサポートされています。そして複数のプロファイルから選択できる物理デバイス上に仮想デバイスを作成できます。作成したデバイスは、仮想マシンの VFIO として使用できます。
現時点では、LXD は媒介デバイスを検出して表示するだけで、まだ仮想マシンでそれらを使用できません。
stgraber@castiana:~$ lxc query /1.0/resources | jq .gpu.cards
[
{
"driver": "i915",
"driver_version": "5.4.0-42-generic",
"drm": {
"card_device": "226:0",
"card_name": "card0",
"control_device": "226:0",
"control_name": "controlD64",
"id": 0,
"render_device": "226:128",
"render_name": "renderD128"
},
"mdev": {
"i915-GVTg_V5_4": {
"api": "vfio-pci",
"available": 0,
"description": "low_gm_size: 128MB\nhigh_gm_size: 512MB\nfence: 4\nresolution: 1920x1200\nweight: 4",
"devices": []
},
"i915-GVTg_V5_8": {
"api": "vfio-pci",
"available": 1,
"description": "low_gm_size: 64MB\nhigh_gm_size: 384MB\nfence: 4\nresolution: 1024x768\nweight: 2",
"devices": [
"7c43babb-cf2a-403c-ae5a-7c45aeb5fb2f"
]
}
},
"numa_node": 0,
"pci_address": "0000:00:02.0",
"product": "HD Graphics 620",
"product_id": "5916",
"vendor": "Intel Corporation",
"vendor_id": "8086"
}
]
lxc launch の --console オプション ¶
LXD 4.3 で lxc start と lxc restart に --console オプションが追加されました。このバージョンで、lxc launch でもインスタンスのコンソールにすばやくアクセスできるようになりました。
すべての変更点(翻訳なし) ¶
このリリースでのすべての変更点のリストは次のとおりです:
- lxd/cluster: Leverage RolesChanges.Handover() to choose handover target
- lxd: Increase timeout of go unit tests when ran from Emacs
- lxd/cluster: Skip unncessary loading of nodes from database in Rebalance()
- lxd/cluster: Leverage RolesChanges.Adjust() to choose rebalance target
- lxd/cluster: Increase time budget of client.Assign() when assigning voter role
- lxd/cluster: When demoting to Spare only transition to StandBy if Voter
- lxd/project: Add more name checks
- doc/server: Cover listen + authentication
- lxd/db: Add failure_domains table and nodes column reference
- lxd/qemu: Don't do file lock on custom volumes
- lxd/db: Add UpdateNodeFailureDomain() and GetNodesFailureDomains()
- lxd/cluster: Honor failure domains when changing roles
- shared/version: Add clustering_failure_domains extension
- shared/api: Add FailureDomain field to ClusterMemberPut
- lxd/cluster: Populate FailureDomain field when listing cluster members
- lxd: Support changing failure domain in PUT /1.0/cluster/
- client: Check clustering_failure_domains extension when updating a member
- doc: Add documentation about failure domains
- lxc: Add failure domain column in "lxc cluster list" output
- make i18n
- test: Add new clustering_failure_domains test case
- instance: update terminology I
- lxd/network: Validate ipv4/ipv6 routes
- lxd/proxy: Fix govet
- lxd/rsync: Add AtLeast
- lxd/rsync: Filter out security.selinux
- lxd-p2c: Filter out security.selinux
- lxc-to-lxd: Filter out security.selinux
- lxc/launch: Add --console
- instance: introduce container_syscall_filtering_allow_deny extension
- tests: remove trailing comma
- lxd/instance/drivers: Provide instance-data file
- lxd-agent: Support /dev/lxd
- lxd/instance/drivers: Allow updating running VMs
- tests: Fix bad ipv6.routes value
- lxc/instance/drivers/qemu: Support ephemeral VMs
- lxd/qemu: Use memory backend ram/file
- lxc/image: Fix dir handling on snap
- lxd/qemu: Fix crash on non-pinned VM
- lxc/image: Fix more dir handling on snap
- terminals: update terminology again
- doc/instances: Improves proxy docs
- lxc/main_alias: Handle leading arguments
- lxd/storage: Fix block volume migration
- lxd/rbac: Always allow internal cluster traffic
- units: handle multiplication integer overflow
- lxd/rsync: Untangle from daemon package
- lxd/qemu: Don't use file.locking with rbd
- lxd/storage/zfs: Use autotrim when available
- lxd: Add clustering_fix_raft_address_zero patch to fix node with "0" as address
- lxd/resources: Use udev model data if available
- Decode error
- doc/api-extensions: Fix escaping
- share/api: Add GPU mdev
- lxd/resources: Add GPU mdev
- api: Add GPU mdev
- lxd/qemu: Fix unbound hugepages
- lxd/qemu: Properly connect memory
- api: console_vga_type
- doc/rest-api: Add type field to console
- shared/api: Add Type field to InstanceConsolePost
- lxd/instance: Add protocol argument to Instance.Console()
- lxd/instance/drivers: Support VGA output in qemu.Console()
- lxd: Handle "vga" type in console API handler
- client: Add ConsoleInstanceDynamic() to support multiple websocket connections
- lxc: Add --type flag to "lxc console"
- i18n: Update translation templates
- lxc/console: Missing error handling
- i18n: Update translations from weblate
- lxc/console: Prefer remote-viewer
- lxc: Populate cmdConsole.flagType also when ran manually
- lxc/console: Short argument for type
- lxc: Allow using --console=TYPE
- lxd/images: Rename imgPostContInfo to imgPostInstanceInfo
- lxd/instances: Return and set image properties
- lxd/qemu: Add support for spice agent
- lxd/main_daemon: s/containers/instances/
- lxd: s/containersShutdown/instancesShutdown/
- lxd: Add context to daemon
- lxd/operations: Add db operation type to Operation
- lxd: Add waitForOperations()
- lxd: Shut down gracefully
- lxd/operations/operations: Fix hanging cancelation
- lxd/instance_post: Pass cancel function to websocket operation
- client/lxd_instances: Cancel websocket op if needed
- lxc/console: Disconnect on shutdown
- lxd/daemon: Return 503 when shutting down
- lxd/db: Drive-by removal of leftover fmt.Printf's
- doc/api-extensions: Fix over-escaping
- lxc/network: Adds flagType to cmdNetwork
- shared/instance: Move network validation functions to shared
- lxd/db/cluster: Adds type field to networks table
- lxd/db/networks: Adds internal network type constants
- lxd/db/networks: Updates CreateNetwork to accept a network type
- lxd/db/networks: Updates CreatePendingNetwork to accept a network type
- lxd/db/networks: Populate network type in getNetwork
- lxd/network/network/interface: Adds network interface
- lxd/network/network/load: LoadByName to use Network interface, add Validate
- lxd/network/errors: Adds error constants
- lxd/network/network/utils: Moved validation functions from main package
- lxd/network/driver/common: Adds common driver
- lxd/network/driver/bridge: Renames network to driver_bridge
- lxd/networks/utils: Remove unused network validation functions in main
- lxd/device/device/utils/network: Removes unused validation functions
- lxd/device/device/utils/proxy: shared.IsNetworkAddress usage
- lxd/device/nic: shared validation function usage
- lxd/device/nic/bridged: Support Network interface
- lxd/device/nic/ipvlan: shared validation function usage
- lxd/device/nic/routed: shared validation function usage
- lxd/main/init/interactive: Uses network name validation from network package
- lxd/networks: ValidNetworkName usage in networkPost
- lxd/networks: Updates doNetworkUpdate to use network package validation
- lxd/networks: Updates networksPost to support network type
- lxd/networks: Remove use of network.IsRunning in networkShutdown
- lxd/networks/config: Removed
- lxd/networks/utils: Updates usage of n.RefreshForkdnsServerAddresses to generic n.HandleHearbeat
- i18n: Update translation templates
- lxd: Updates network tests to pass netType
- lxd/network/network/utils: Unexports usesIPv4Firewall and usesIPv6Firewall
- lxd/network/driver/bridge: usesIPv4Firewall and usesIPv6Firewall usage
- lxd: Add --force flag to lxd shutdown
- lxd/apparmor: Use templating
- lxd/apparmor: Use proper version parsing
- shared/version: Add projects_limits_disk extension
- doc: Document limits.disk project configuration key
- lxd: Add "limits.disk" to supported project config keys
- lxd/project: Check that root disk sizes are within limits.disk
- lxd/project: Add projectInfo struct to hold together project's extra info
- lxd/db: Add GetCustomVolumesInProject() to fetch custom volumes in a project
- lxd/project: Fetch the project's custom volumes
- lxd/project: Consider custom volumes sizes in checkAggregateLimits
- lxd/project: Add AllowVolumeCreation() to check limits upon volume creation
- lxd: Call project.AllowVolumeCreation() before creating custom volumes
- lxd/project: Add AllowVolumeUpdate() to check custom volumes config updates
- lxd: Call project.AllowVolumeUpdate() before modifying a custom volume
- shared: Add QuotaWriter
- lxd/project: Add GetImageSpaceBudget() returning image disk space budget
- lxd: Possibly limit the disk space that can be used by POST /1.0/images
- lxd/network/driver/common: Adds config diff and db update common functions
- lxd/network/driver/common: Adds contextual logger
- lxd/network/driver/common: Removes stuttering on "common" in validation rules function
- lxd/network/driver/bridge: Updates to use contextual logger
- lxd/network/driver/bridge: Simplifies Update function to use common update functions
- lxc/networks: Renames notify to clusterNotification in doNetworkUpdate
- lxd/network/network/interface: Clarifies Update arguments
- lxd/network/network/interface: Renames Delete withDatabase arg to clusterNotification
- lxd/network/driver/common: Adds common delete function
- lxd/networks: Cleans up networksPost to use clusterNotification argument correctly
- lxd/networks: Log quoting in networksPostCluster
- lxd/networks: Cleans up doNetworksCreate to use clusterNotification argument
- lxd/network/driver/bridge: Updates Delete to use common delete function
- lxd/network/driver/bridge: Adds logging to Update
- lxd: Check available project budget when publishing an instance as image
- lxd/project: Fill missing fields when checking instance creation
- lxd/project: Skip checks when unsetting limits
- lxd/networks: Removes bridge specific logic in doNetworkUpdate
- lxd: Honor project disk budget when downloading images
- lxd/network/driver/bridge: Adds fan auto detection logic to Update
- lxd/network/driver/common: Adds rename common function
- lxd/network/driver/bridge: Updates Rename to use common rename function
- lxd/networks: networkPost logging quoting
- test: Add tests for the "limits.disk" project config key
- lxc/network/driver/bridge: isRunning comment
- lxd/network/driver/bridge: Unexports hasIPv4Firewall and hasIPv6Firewall
- lxd/networks: Detect unknown network type in networksPost, dont assume bridge
- lxd/networks: comment fix in networksPostCluster
- lxd/db/network: Provide way to identifty unknown network type in getNetwork
- lxd/networks: Allow for different managed network types in doNetworkGet
- lxd/network/network/interface: Adds fillConfig to interface
- lxd/network/driver/common: Adds default fillConfig function
- lxd/network/driver/common: Adds default HandleHeartbeat function
- lxd/network/network/load: Adds per-driver FillConfig wrapper
- lxd/network/network/utils: Removes generic FillConfig
- lxd/network/driver/bridge: fillConfig implementation
- lxd/network/driver/bridge: Exposes error message from ValidNetworkName in Validate
- lxd/sys: Create apparmor/seccomp paths
- lxd/apparmor: Split and rename instance functions
- lxd/resources/storage: Use ID_MODEL_ENC when possible
- shared: Add InSnap
- shared/subprocess: Add AppArmor support
- lxd/apparmor: Rename template
- lxd/apparmor: Add dnsmasq profile
- lxd/networks: Use AppArmor when available
- tests: Delete leftover storage volume
- lxd/operations/operations: Renames Operations to Clone
- lxd-agent/operations: operations.Clone() usage
- lxd: operations.Clone() usage
- Drop from .travis.yaml Go versions we don't support anymore
- shared/api/network: Adds network status constants
- lxd/networks: API constant usage in networkDelete
- lxd/network/network/load: Adds status
- lxd/network/network/interface: Adds status function
- lxd/network/driver/common: Adds status field and function
- lxd/network/driver/bridge: Don't allow starting a pending network
- lxd/device/nic/bridged: Usage of d.state.Cluster.GetNetworkInAnyState in rebuildDnsmasqEntry
- lxd/api/cluster: Usage of api.NetworkStatusPending
- lxd/db/networks: Usage of api package's NetworkStatus constants in getNetwork
- lxd/db/networks: Removes unused GetNetwork
- lxd/db/networks: GetNonPendingNetworks comment
- lxd/db/networks: Allow pending nodes to be added to errored networks in CreatePendingNetwork
- lxd/db/networks: CreatePendingNetwork comments and line spacing
- lxd/networks/utils: Skip network load error in networkUpdateForkdnsServersTask
- lxd/device/nic/bridged: Validates network is type bridge
- lxc/device/nic/bridged: Only allow using non-Pending networks
- lxd/networks: Various comment and error quoting consistency fixes
- lxd/networks: Validate network name earlier in networksPost
- lxc/networks: Validate config in doNetworksCreate
- lxd/db/networks: Ensure that network type matches existing pending network in CreatePendingNetwork
- lxd/db/networks: Remove errored state on successful update in UpdateNetwork
- lxd/network/driver/bridge: Adds targetNode arg to Update
- lxd/network/network/interface: Adds targetNode arg to Update
- lxd/network/driver/common: Tweaks to update function in cluster environment
- lxd/networks: networksPost error response tweaks
- lxd/networks: Updates networksPostCluster
- lxd/networks: Unifies networkPut and networkPatch
- lxd/device/nictype: Adds small package to resolve NIC device nictype from network
- lxd/device/config/devices: Removes NICType
- lxd/device/config/devices: Improves comment on Update
- lxd/device/device/load: Removes devTypes map and updates load to use NICType function
- lxd/device: Removes device load helpers
- lxd/device/device/utils/network: nictype.NICType usage
- lxd/device/nic/bridged: Updates usage of functions whos signatures changed due to NICType
- lxd/device/nic/p2p: Updates usage of functions that changed signature due to NICType
- lxd/device/proxy: nictype.NICType usage
- lxd/instance/drivers/driver/lxc: nictype.NICType usage
- lxd/instance/drivers/driver/qemu: nictype.NICType usage
- lxd/network/driver/bridge: Usage of functions that changed signature due to NICType
- lxd/network/driver/common: Updates IsUsed for NICType signature changes and checks for profile usage
- lxd/network/network/interface: Signature change of IsUsed to accomodate NICType
- lxd/network/network/utils: Usage of nictype.NICType and signature changes to accomodate it
- lxd/networks: nictype.NICType usage and comment improvements
- lxd/networks: Comment ending consistency
- test: Updates tests to delete profiles before networks
- doc: Updates clustering docs with network parent optional per-node key
- lxd/db/networks: Adds parent as optional per-node network key
- lxd/db/networks: Adds constant for NetworkTypeMacvlan
- lxd/network/network/load: Adds macvlan driver as supported network type
- lxd/networks: Adds macvlan support to networksPost
- lxd/network/driver/macvlan: macvlan driver implementation
- lxd/device/nic/macvlan: Adds support for network config key
- lxd/device/nic/macvlan: Only allow non-pending networks to be used
- test: Adds macvlan network test
- lxd: Adds NetworkTypeSriov constant and conversion handling
- lxd/network: Adds sriov driver
- lxd/networks: Remove database record on error in networksPost
- lxd/device/nic/sriov: Adds network key support
- lxd/device/nictype: Adds sriov support
- test: sriov NIC comment ending consistency
- test: sriov network test
- doc/networks: Re-arranges network docs to support different types
- doc/networks: Adds doc for macvlan and sriov networks
- doc/instances: Updates macvlan and sriov NIC to indicate network support
- doc/networks: Fixes typo
- doc/networks: Adds example usage of --type flag
- lxd/network/openvswitch/ovs: Adds OVS wrapper
- lxd/device/nic/bridged: ovs.PortSet usage
- lxd/network/driver/bridge: ovs usage
- lxd/network/network/utils: ovs usage
- lxd/networks: ovs.BridgeExists usage
- api: Adds network_type_macvlan extension
- api: Adds network_type_sriov extension
- tree-wide: add dummy include package for cgo
- doc/images: Cover the various image servers
- doc: Typo fix
- lxd/networks: Fixes bug in doNetworkUpdate that prevents removal of non-node specific keys
- lxd/network/driver/bridge: Consistent comment ending in setup()
- lxd/network/network/interface: fillConfig signature
- lxd/network/driver/common: Updates fillConfig signature
- lxd/network/driver/bridge: Updates fillConfig signature
- lxd/network/network/load: Updates FillConfig to use new signature
- lxd/network/driver/bridge: Fixes Update to regenerate default values if missing
- test/suites/container/devices/nic/bridged: Fixes DHCP disable by setting IP address none
- lxd/network/driver/bridge: Dont fail start if cannot restore third party route
- lxd/migrate: Fix crash in sendControl when no active connection
- lxd/operations: Fix typo
- lxc/export: Plug in cancelable wait
- i18n: Update translation templates
- lxd/devices/device/utils/network: Removes networkValidMAC
- shared/instance: Adds IsNetworkMAC for use in network and device packages
- lxd/device/nic: shared.IsNetworkMAC usage
- lxd/network/driver/bridge: Adds volatile.bridge.hwaddr key
- shared/validate: Adds validate helper package
- lxd: Updates use of validate helper functions now in validate package
- shared: Removes validate helper functions
- lxd/device/device/utils/infiniband: Changes infinibandValidMAC to use net.ParseMAC
- lxd/device/device/utils/infiniband/test: Changes test name for linter
- lxd/networks: Allow update/removal of node-specific key in non-clustered mode
- lxd/network/driver/bridge: Adds safety check for volatile MAC address usage
- lxd/device: fix empty error message when tc fails
- test: Wait for operations to be removed from the database
- shared/validate: Adds Optional() validate wrapper
- shared/validate: Makes IsInt64 non-optional
- lxd/network/driver/bridge: Add validate.Optional() wrapper for validate.IsInt64 usage
- lxd/storage/utils: Adds validate.Optional() wrapper for validate.IsInt64 usage
- shared/instance: Adds validate.Optional() wrapper for validate.IsInt64 usage
- lxd/device/device/utils/network: Removes networkValidVLAN
- shared/validate: Adds IsNetworkVLAN
- lxd/device/device/utils/network: validate.IsNetworkVLAN usage
- lxd/device/nic: validate.IsNetworkVLAN usage
- lxd/network/driver: Adds mtu and vlan support for macvlan and sriov network types
- lxd/device/nic: Inherit mtu and vlan settings from network for macvlan and sriov NICs
- doc/networks: Adds mtu and vlan options for macvlan and sriov network types
- seccomp: switch from individual pread() to process_vm_readv()
- seccomp: fix i386 builds
- seccomp: ensure that target process is still valid
- client: Move proxyMigration
- lxd: Port remaining calls to instance
- lxd/network/driver/common: Adds Create function no-op
- lxd/network/network/interface: Adds Create function
- lxd/networks: Adds call to network Create in doNetworksCreate
- lxd/device/device/utils/network: Adds networkDHCPValidIP
- lxd/device/nic/bridged: Removes networkDHCPValidIP
- lxd/device/device/utils/networks: Splits networkSetupHostVethDevice into multiple functions
- lxd/device/nic/bridged: networkVethFillFromVolatile usage and other host-veth functions
- lxd/device/nic/p2p: networkVethFillFromVolatile usage and other host-veth helper functions
- lxd/device/nic/routed: networkVethFillFromVolatile usage and other host-veth helper functions
- lxd/network/network/utils: Updates isInUseByDevices to support networks that don't match their physical parent
- i18n: Update translations from weblate
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.3 リリースのお知らせ¶
1st of July 2020
はじめに ¶
LXD チームは LXD 4.3 のリリースをお知らせできることにワクワクしています!
このリリースは、特に仮想マシンの使用における多数の改良を行っています。また、クラスターユーザー向けのかなりの数のバグ修正と一般的なパフォーマンスの改良が含まれています。
Enjoy!
新機能とハイライト ¶
カスタムのブロックストレージボリューム ¶
これまで、カスタムストレージボリュームはすべてファイルシステムでした。それをサポートするストレージバックエンド上のディレクトリ・サブボリューム・データセット、または他のバックエンド上のフォーマットされたブロックのいずれかでした。
LXD が仮想マシンをサポートするようになりましたので、(以前から可能であった 9p を使った)従来のボリューム上のファイルシステムを仮想マシンにアタッチできるのと同様に、追加の RAW ディスクを仮想マシンにアタッチできるようにする必要性がでてきました。
これによりブロックのカスタムストレージボリュームが使えるようになりました。
stgraber@castiana:~$ lxc storage volume create default my-fs size=10GiB Storage volume my-fs created stgraber@castiana:~$ lxc storage volume create default my-block size=10GiB --type=block Storage volume my-block created stgraber@castiana:~$ lxc storage volume list default +-----------------+------------------------------------------------------------------+-------------+--------------+---------+ | TYPE | NAME | DESCRIPTION | CONTENT TYPE | USED BY | +-----------------+------------------------------------------------------------------+-------------+--------------+---------+ | custom | my-block | | block | 0 | +-----------------+------------------------------------------------------------------+-------------+--------------+---------+ | custom | my-fs | | filesystem | 0 | +-----------------+------------------------------------------------------------------+-------------+--------------+---------+ | image | a4dc839edd35d50158d57818938775669265a3af004bd93b8281115ee0abd29d | | block | 1 | +-----------------+------------------------------------------------------------------+-------------+--------------+---------+ | virtual-machine | f1 | | block | 1 | +-----------------+------------------------------------------------------------------+-------------+--------------+---------+ stgraber@castiana:~$ lxc config device add f1 my-fs disk source=my-fs pool=default path=/srv/my-fs Device my-fs added to f1 stgraber@castiana:~$ lxc config device add f1 my-block disk source=my-block pool=default Device my-block added to f1 stgraber@castiana:~$ lxc start f1 stgraber@castiana:~$ lxc exec f1 bash root@f1:~# gdisk -l /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_lxd_my-block GPT fdisk (gdisk) version 1.0.5 Partition table scan: MBR: not present BSD: not present APM: not present GPT: not present Creating new GPT entries in memory. Disk /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_lxd_my-block: 20971520 sectors, 10.0 GiB Sector size (logical/physical): 512/512 bytes Disk identifier (GUID): EA616112-9C49-4809-AA68-53895E752A34 Partition table holds up to 128 entries Main partition table begins at sector 2 and ends at sector 33 First usable sector is 34, last usable sector is 20971486 Partitions will be aligned on 2048-sector boundaries Total free space is 20971453 sectors (10.0 GiB) Number Start (sector) End (sector) Size Code Name root@f1:~# df -h /srv/my-fs/ Filesystem Size Used Avail Use% Mounted on lxd_my-fs 10G 128K 10G 1% /srv/my-fs root@f1:~#
VM: グラフィカルコンソールの初期作業 ¶
すべての LXD VM で virtio-gpu と virtio-input デバイスがすぐに使える状態になりました。同様にローカルの Unix ソケットに接続されている spice チャンネルも使える状態になっています。
現状、spicy のようなクライアントを使ってソケットに直接接続できます。しかし、すぐに LXD で lxc console を使った websocket 経由でリモートアクセスできるようになるでしょう。
VM: PCIe レイアウトの見直し ¶
VM に公開している全 virtio デバイスが確実に PCIe バス上にあるようにし、スロットの数を節約するために可能な限りデバイスはファンクションにマージするようにしました。
また、ネットワークデバイスは常に同じスロットに表示され、ハードウェアベースのネーミングが有効なときは一定の名前が得られるようなロジックが導入されています。
VM: GPU パススルー ¶
gpu タイプのデバイスを VM にアタッチし、VFIO 経由で物理 GPU を与えることができるようになりました。ホストと GPU を共有できるコンテナとは違い、VM では共有できないことに注意してください。
lxc start と lxc restart での直接のコンソールアタッチ ¶
単一のインスタンスを扱う場合、lxc start と lxc restart で --console オプションを指定できるようになりました。これにより、コマンドラインからすぐにコンソールにアタッチできるようになり、インスタンスのブートシーケンスを見ることができるようになります。
リソース API での Isolated CPU の表示 ¶
新たに、/1.0/resources API の全 CPU スレッドに isolated フィールドが追加されました。もし特定のスレッドが isolated な CPU と設定されている場合、このフィールドが true に設定されます。
これは通常はカーネルのコマンドラインで isolcpus= を指定してシステムを起動した場合に起こります。
すべての変更点(翻訳なし) ¶
このリリースでのすべての変更点のリストは次のとおりです:
- lxd/instance/drivers/driver/lxc: Adds debug logging to deviceStop
- lxd/instance/drivers/driver/lxc: Adds driver revert on failed start in startCommon
- lxd/instance/drivers/driver/qemu: Adds debug logging to deviceStop
- lxd/instance/drivers/driver/qemu: Simplifies failed start device cleanup in Start
- lxd/storage/drivers/driver/ceph/utils: Removes getRBDFilesystem
- lxd/storage/drivers/driver/ceph: Replaces use of d.getRBDFilesystem with vol.ConfigBlockFilesystem
- lxd/storage/drivers/volume: Adds ConfigBlockMountOptions function
- lxd/storage/drivers/driver/ceph/utils: Removes getRBDMountOptions in place of vol.ConfigBlockMountOptions()
- lxd/storage/drivers/driver/lvm/utils: Removes volumeMountOptions in place of vol.ConfigBlockMountOptions()
- lxd/storage/drivers: Replaces driver specific mount options resolution with vol.ConfigBlockMountOptions()
- lxd/rbac: Don't close body when missing
- doc/storage: Cover host/disk/loop setups
- lxd/init: Tweak default loop sizing
- lxd/vm: Rename some functions
- client: Expand snap path in ConnectLXDUnix
- lxd/vm: Add virtio-vga card
- lxd/vm: Add spice channel
- client: Fix ConnectLXDUnix regression
- lxd/vm: Fix PCIe slot for physical/sriov nic
- lxd/network: Make setting bridge VLAN filtering & default PVID optional
- lxd/instance/drivers/driver/qemu: Integrates built in GPU device PCI range with future passthrough GPU devices
- lxd/instance/drivers/driver/qemu/templates: Updates built in GPU device to use GPU address range prefix
- lxd/vm: Move to separate devices
- lxd/vm: Remove tiny wrapper functions
- lxd/vm: Per-architecture bus type
- add type to specify the instance type on creation Signed-off-by: Salem Yaslem s@sy.sa
- lxd/vm: Centralize port generation
- lxd/device: Sort nic devices ahead of others
- lxd/device/device/utils/generic: Adds PCI management functions for overriding driver
- lxd/device/device/utils/network: Removes network specific PCI bind/unbind functions
- lxd/device/nic/physical: Updates to use generic PCI management functions
- lxd/device/nic/sriov: Updates to use generic PCI management functions
- lxd/vm: Separate template keys in global/local
- lxd/vm: Use virtio-gpu-pci on non-x86
- lxd/vm: Rename qemuVGA to qemuGPU
- lxd/vm: Add virtio-input keyboard/mouse
- lxd/vm: Move bus allocator to own file
- lxc/volume: Fix typo in help message
- i18n: Update translation templates
- lxc/snapshot: Allow using snapshot delimiter
- i18n: Update translation templates
- doc/instances: Updates GPU device docs to show VM support
- lxd/device/gpu: Updates validation for VM support
- lxd/device/config/device/runconfig: Adds GPU field to RunConfig
- lxd/device/device/utils/generic: pciDeviceDriverOverride only check for driver binding if specified
- lxd/device/gpu: Adds VM GPU passthrough support
- lxd/instance/drivers/driver/qemu/templates: Consistent naming and casing for net dev templates
- lxd/instance/drivers/driver/qemu: Consistent net dev naming usage
- lxd/instance/drivers/driver/qemu/templates: Adds qemuGPUDevPhysical template
- lxd/instance/drivers/driver/qemu: Adds GPU passthrough support
- lxd/instance/drivers/driver/qemu/bus: Adds comments, clarifies var names, and constants for defined multi-function groups
- lxd/instance/drivers/driver/qemu: Switches to multi-function group constants and adds comments
- lxd/instance/drivers/qmp/monitor: Allow serial char device name to be passed in
- lxd/instance/drivers/driver/qemu: Defines qemuSerialChardevName to share with qemu and qmp
- lxd/instance/drivers/driver/qemu: qemuSerialChardevName usage
- lxd/instance/drivers/driver/qemu/templates: Add serial chardev name injection
- lxd/storage/quota/projectquota: Only set quota on directories and regular files
- lxd/db: Automatically strip ?project=default
- lxc/action: Properly handle --all with remotes
- lxd/projects: Properly clear empty keys
- lxd/db: Add missing feature to default project
- lxd/instance/drivers/driver/qemu: Pass-through GPU VGA mode status from host
- lxd/storage/drivers/driver/zfs/volumes: Remove snapshot when migrating as main volume
- lxd/cluster/heartbeat: Fix race in HeartbeatNode
- lxc/console: Split Console to own function
- lxc/start: Allow direct console attach
- i18n: Update translation templates
- lxd/instance/drivers/driver/qemu: Only enable GPU vga mode on x86_64 systems
- lxd/resources: Fix golint warning
- doc/api-extensions: Fix escaping
- api: resource_cpu_isolated
- lxd/resources: Add Isolated property
- lxd/resources: Don't use shared
- lxd/devices: Use resources for cpuset parsing
- lxc: Don't over-escape URLs
- lxd: Don't over-escape URLs
- lxd/db/storage: Rework UsedBy for pools
- lxd/instance/drivers/driver/qemu: Adds trans=virtio to 9p mounts
- lxc/action: Also add --console to restart
- lxd/resources/net: More flexible PCI detection
- lxc/query: Add path check
- i18n: Update translation templates
- tests: Fix bad lxc query call
- lxd/storage-pools: Tweak UsedBy URLs
- lxd/networks: Reports profiles in UsedBy
- lxd/db: Tweak joins
- lxd/db: Fix UsedBy on projects
- lxd/storage_volumes: Fix UsedBy
- api: usedby_consistency
- lxd-agent/main/agent: Fix 9p mount when relative target path is supplied
- test: Updates udhcpd args to ensure process quits one lease acquired
- util_linux: update terminology
- lxd: Fix snapshot index retrieval
- lxd/backups: Use backups dir for unpack
- lxd/vm: Add udev rule fallback
- lxd/images: Set arch names when downloading
- lxd: More flexible compression algorithms
- tests: Add test for compression options
- doc/rest-api: Rename rootfs to root
- doc/rest-api: Fix instance PATCH example
- lxd: Fix building with clang
- lxd/db: Add missing criteria for querying a specific public image
- lxd/db: Add the Errored storage state when rendering the Status field
- lxd/cluster: If raft node 1 gets remove during recovery, add it back
- lxd/db: Make GetNework() return an error if the network is pending
- lxd/db: Rename NetworkCreatePending to CreatePendingNetwork
- lxd/db: Make GetStoragePool() return an error if the pool is pending
- lxd/db: Rename StoragePoolCreatePending to CreatePendingStoragePool
- lxd/firewall: Filter unwanted ethernet frame types when IP filtering is enabled
- lxd/storage/drivers: Bump VM fs size to 100MB
- lxd/db: Fix UsedBy for profiles on storage pools
- lxd/storage: Use Truncate to create/grow VM files
- lxd/db: Consider personalities in GetNodeWithLeastInstances
- lxd/db: Avoid test failure in arch matching
- lxd/storage: Better handle broken volumes
- client: Handle unknown image sizes
- lxd/response: Stream multi-part responses
- lxd/device/disk: Fixes cloud-init errors for VMs
- lxc/action: Show usage on missing target
- lxd/storage: Rely on UsedBy for deletion error
- lxd/instances/qemu: Use images dir during compression
- lxd/storage/drivers: Rename fs to filesystem
- api: custom_block_volumes
- shared/api: Add ContentType to storage volume structs
- lxd/migration: Add ContentType to structs
- lxd/db/cluster: Add content type to storage volumes
- lxd/db: Add content type constants
- lxd/db: Add content type to storage volumes
- lxd/storage/utils: Add content type conversion functions
- lxd: Support custom block volumes
- lxd/storage: Show type in error
- lxd/device/disk: Handle custom block volumes
- client: Support custom block volumes
- lxc/storage_volume: Support custom block volumes
- test/suites: Add tests for custom block volumes
- po: Update translations
- lxd/storage: Backward compatibility for content types
- doc/storage: Document block storage volumes
- lxd/util: Detect hugetlbfs mount point
- lxd/cluster: Always check for dqlite protocol version mismatches
- lxd/cluster: Don't run unncessary HEAD probe upon dqlite connections
- forksyscall: use nsids for shiftfs syscall intercepts
- lxd/db: Drop ClusterRoleDatabase records from the database
- lxd/cluster: Fetch database role information directly from raft
- lxd/storage: Fix regression in truncate handling
- lxd/cluster: Only look up raft_nodes for resolving the address of node 1
- i18n: Update translations from weblate
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.0.2 リリースのお知らせ¶
25th of June 2020
はじめに ¶
LXD チームは LXD 4.0.2 のリリースを発表します!
このリリースは、2025 年 6 月までサポートされる LXD 4.0 に対するふたつめのバグフィックスリリースです。
バグ修正と改良 ¶
このリリースには、開発ブランチからの数カ月分のバグフィックスと細かな改善が含まれています。
その主なものは次の通りです:
- VM での CPU NUMA レイアウトの自動マッチング
- VM で PCIe レイアウトの更新(入力デバイスと仮想GPUを含む)
- zsys ZFS レイアウトのサポートと自動検出
lxc config getに--expandedオプションを追加- image/backup時の圧縮ツールの引数のサポート
lxc listに新たにdiskとmemory(オプション)カラムを追加- VM での GPU パススルーのサポート
lxc startとlxc restartに--consoleオプションを追加
コミットの全リストは次のとおりです(翻訳なし):
- lxd-agent: Support systemd-notify
- lxd/qemu: Switch default unit type to notify
- lxd/storage/backend/lxd: Updates CreateInstanceFromImage to use reverter
- lxd/storage/drivers/errors: Adds ErrCannotBeShrunk error
- lxd/storage/drivers/utils: Updates to shrinkFileSystem ErrCannotBeShrunk error
- lxd/storage/backend/lxd: Updates CreateInstanceFromImage to detect ErrCannotBeShrunk
- lxd/storage/drivers: Returns ErrCannotBeShrunk when block volume cannot be shrunk
- lxd/device/proxy: Dont allow proxy_protocol to be set when in nat mode
- lxd/device/proxy: Dont wrap lines
- lxd/device/proxy: Improves validation
- test/suites/container/devices/proxy: Updates tests with new validation rules
- lxd: Updates snapshotProtobufToInstanceArgs to support instance type
- lxd/qemu: Match basic NUMA layout
- lxd/storage/drivers/driver/zfs/volumes: Delete volume on error in CreateVolumeFromCopy
- lxd-agent/main/agent: Adds comment about reason for systemd-notify usage
- lxd/cgroup: Fix memory controller detection
- lxd/migration/migrate/proto: Fix alignment
- lxd/migration: Adds volumeSize field to MigrationHeader
- lxd/migrate: Adds VolumeSize to MigrationSinkArgs
- lxd/migration/migration/volumes: Adds VolumeSize to VolumeTargetArgs
- lxd/migrate/instance: Use VolumeSize from offer header in Do()
- lxd/storage/backend/lxd: Use VolumeSize from migration header in CreateInstanceFromMigration
- lxd/storage/drivers: Exports BlockDevSizeBytes function
- lxd/storage/utils: Adds InstanceDiskBlockSize
- lxd/migrate/instance: Populate offerHeader.VolumeSize for VMs
- lxd/storage/backend/lxd: Adds VM volume size hint to CreateInstanceFromCopy
- lxd/device/utils: Do not add the Ceph mon port if already present in /etc/ceph config file
- lxd/instance/qemu: Add comment on cpuTopology
- lxd/storage/ceph: Support port in URL
- lxd/storage/drivers/utils: Makes minBlockBoundary available to other functions
- lxd/storage/drivers/driver/zfs/utils: Updates createVolume to use minBlockBoundary
- lxd/storage/drivers/driver/zfs/volumes: Updates SetVolumeQuota to use minBlockBoundary
- lxd/storage/drivers/zfs/volumes: Updates CreateVolume to allow regeneration of deleted image volumes
- lxd/storage/drivers/driver/zfs/volumes: Dont revert on rename success
- lxd/daemon: Remove duplicated logic
- lxd/instance/qemu: Announce LXD in SMBIOS
- share/usbid: Don't print error when missing
- lxd/init: Auto-detect and use Ubuntu ZFS setup
- lxc/config: Add --expanded to get
- client/interfaces: Add Mode to ImageCopyArgs
- shared/api/image: Add ImageExportPost
- client/lxd_images: Set fingerprint and secret headers
- i18n: Update translation templates
- client: Add relay mode for image copy
- client: Add ExportImage to ImageServer
- client: Add push mode for image copy
- client: Add GetOperationWaitSecret
- Resolve both core.https_address and cluster.https_address when comparing IPs
- lxd/storage/drivers/generic/vfs: Skip missing files during export
- lxd/images: Fixes hang in export when invalid --compression argument passed
- lxd/storage/drivers/driver/btrfs/volumes: CreateVolumeFromCopy only use expanded volume size when source is image
- lxd/storage/drivers/driver/ceph/volumes: Allow cached volume regeneration in CreateVolume
- lxd/storage/drivers/driver/ceph/utils: Uses defaultBlockSize rather than hardcoded 10GB
- lxd/storage/drivers/driver/ceph/volumes: Adds getVolumeSize function
- lxd/storage/drivers/driver/ceph/volumes: Removes unnecessary mount/unmount
- lxd/storage/drivers/driver/zfs/volumes: Clarify clone comments
- lxd/storage/drivers/driver/ceph/volumes: Dont wrap lines
- lxd/storage/drivers/driver/ceph/volumes: Dont use clone mode when creating volume from cached image when it is disabled
- lxd/storage/utils: VolumeDBCreate comment formatting
- lxd/storage/drivers/driver/lvm/volumes: CreateVolumeFromCopy only set volume size from expanded config when source is image
- lxd/storage/drivers/driver/zfs/volumes: CreateVolumeFromCopy only set volume size from expanded config when source is image
- lxc/storage/drivers/driver/ceph/utils: Reworks parseParent to return a Volume struct
- lxd/storage/drivers/driver/ceph/utils: Adds tests for parseParent
- lxd/storage/drivers/driver/ceph/utils: Adds cephVolumeTypeZombieImage constant
- lxd/storage/drivers/driver/ceph/utils: Updates rbdCreateVolume to accept string size
- lxd/storage/drivers/driver/ceph/utils: Pass volume config in rbdMarkVolumeDeleted
- lxd/storage/drivers/driver/ceph/utils: Pass volume config in rbdRenameVolume
- lxd/storage/drivers/driver/ceph/utils: Replaces getRBDSize with volumeSize
- lxd/storage/drivers/driver/ceph/utils: Dont wrap lines
- lxd/storage/drivers/driver/ceph/utils: Updates usage of d.parseParent in deleteVolume
- lxd/storage/drivers/driver/ceph/utils: Updates RBD naming logic in getRBDVolumeName
- lxd/storage/drivers/driver/ceph/volumes: Ensures CreateVolumeFromCopy correctly sizes new volume
- lxd/storage/drivers/driver/ceph/volumes: If volume doesnt exist in DeleteVolume do nothing
- lxd/storage/drivers/driver/ceph/utils: Dont wrap lines
- lxd/db: Rename CertificatesGet to GetCertificates
- lxd/db: Rename CertificateGet to GetCertificate
- lxd/db: Rename CertSave to CreateCertificate
- lxd/db: Rename CertDelete to DeleteCertificate
- lxd/db: Rename CertUpdate to UpdateCertificate
- lxd/db: Drop unused ConfigValueSet
- lxd/instances/post: Fix revert in createFromBackup
- lxd/storage/drivers/volume: Adds allowUnsafeResize bool to Volume struct
- lxd/storage/backend/lxd: Adds cannot shrink error handling in CreateInstanceFromBackup
- lxd/storage/drivers/generic/vfs: Sets block volume size to file size of volume in tarball in genericVFSBackupUnpack
- lxd/storage/drivers/driver/btrfs/volumes: No need to move GPT header if no filler used in CreateVolume
- lxd/storage/drivers/driver/btrfs/volumes: Skip GPT header move in SetVolumeQuota when allowUnsafeResize is enabled
- lxd/storage/drivers/driver/dir/volumes: Skip GPT header move in SetVolumeQuota when allowUnsafeResize is enabled
- lxd/storage/drivers/driver/lvm/volumes: Allow unsafe shrinking when allowUnsafeResize is enabled
- lxd/storage/drivers/driver/zfs/volumes: Allow unsafe shrinking when allowUnsafeResize is enabled
- lxd/storage/drivers/driver/ceph/volumes: Allow unsafe shrinking when allowUnsafeResize is enabled
- lxd/db: Rename InstanceNames to GetInstanceNames
- lxd/db: Rename ContainerNodeAddress to GetNodeAddressOfInstance
- lxd/db: Rename ContainersListByNodeAddress to GetInstanceNamesByNodeAddress
- lxd/db: Rename ContainersByNodeName to GetInstanceToNodeMap
- lxd/db: Rename ContainerNodeMove to UpdateInstanceNode
- lxd/db: Rename ContainerNodeProjectList to GetLocalInstancesInProject
- lxd/db: Rename ContainerConfigInsert to CreateInstanceConfig
- lxd/db: Rename ContainerConfigUpdate to UpdateInstanceConfig
- lxd/db: Rename InstanceRemove to RemoveInstance
- lxd/db: Rename ContainerProjectAndName to GetInstanceProjectAndName
- lxd/db: Rename ContainerConfigClear to DeleteInstanceConfig
- lxd/db: Rename ContainerConfigGet to GetInstanceConfig
- lxd/db: Rename ContainerConfigRemove to DeleteInstanceConfigKey
- lxd/db: Rename ContainerSetStateful to UpdateInstanceStatefulFlag
- lxd/db: Rename ContainerProfilesInsert to AddProfilesToInstance
- lxd/db: Drop unused ContainerProfiles
- lxd/db: Drop unused ContainerConfig
- lxd/db: Remove unused ContainersNodeList
- lxd/db: Rename ContainersResetState to ResetInstancesPowerState
- lxd/db: Rename ContainerSetState to UpdateInstancePowerState
- lxd/db: Rename ContainerUpdate to UpdateInstance
- lxd/db: Rename InstanceSnapshotCreationUpdate to UpdateInstanceSnapshotCreationDate
- lxd/db: Rename ContainerLastUsedUpdate to UpdateInstanceLastUsedDate
- lxd/db: Rename ContainerGetSnapshots to GetInstanceSnapshotsNames
- lxd/db: Rename ContainerNextSnapshot to GetNextInstanceSnapshotIndex
- lxd/db: Rename InstancePool to GetInstancePool
- lxd/db: Rename ContainerBackupID to getInstanceBackupID
- Rename ContainerGetBackup to GetInstanceBackup
- lxd/db: Rename InstanceCreateBackup to CreateInstanceBackup
- lxd/db: Rename InstanceBackupRemove to DeleteInstanceBackup
- lxd/db: ContainerBackupRename to RenameInstanceBackup
- lxd/db: Rename ContainerBackupsGetExpired to GetExpiredInstanceBackups
- lxd/storage/drivers/utils: Updates roundVolumeBlockFileSizeBytes and ensureVolumeBlockFile to take size as bytes
- lxd/storage/drivers/generic/vfs: Updates genericVFSResizeBlockFile to accept size as bytes
- lxd/storage/drivers/driver/btrfs/utils: Adds volumeSize function
- lxd/storage/drivers/driver/btrfs/volumes: Updates CreateVolume to use volumeSize()
- lxd/storage/drivers/driver/btrfs/volumes: Updates SetVolumeQuota to be byte oriented internally
- lxd/storage/drivers/driver/ceph/utils: Updates volumeSize comment for consistency
- lxd/storage/drivers/driver/ceph/volumes: Updates CreateVolumeFromCopy to use volumeSize()
- lxd/storage/drivers/driver/ceph/volumes: Updates SetVolumeQuota to be byte oriented internally
- lxd/storage/drivers/driver/dir/utils: Adds volumeSize function
- lxd/storage/drivers/driver/dir/volumes: Updates CreateVolume to use volumeSize
- lxd/storage/drivers/driver/dir/volumes: Updates SetVolumeQuota to be byte oriented internally
- lxd/storage/drivers/driver/lvm/utils: Updates copyThinpoolVolume to use volumeSize()
- lxd/storage/drivers/driver/lvm/volumes: Updates SetVolumeQuota variables and comments
- lxd/storage/drivers/driver/zfs/utils: Adds volumeSize function
- lxd/storage/drivers/driver/zfs/volumes: Updates CreateVolume to use volumeSize()
- lxd/storage/drivers/driver/zfs/volumes: Updates CreateVolumeFromCopy to use volumeSize()
- lxd/storage/drivers/driver/zfs/volumes: Updates SetVolumeQuota to be byte oriented internally
- lxd/db: Rename DevicesAdd to AddDevicesToEntity
- lxd/storage/backend/lxd: Detect cached image filesystem changes for VM images too
- lxd/db: Remove unused Devices
- lxd/db: Rename ImagesGetLocal to GetLocalImages
- lxd/db: Rename ImagesGet to GetImages
- lxd/db: Rename ImagesGetExpired to GetExpiredImages
- lxd/db: Rename ImageSourceInsert to CreateImageSource
- lxd/db: Rename ImageSourceGet to GetImageSource
- lxd/db: Rename ImageGetFromAnyProject to GetImageFromAnyProject
- lxd/db: Rename ImageLocate to LocateImage
- lxd/db: Rename ImageDelete to DeleteImage
- lxd/db: Rename ImageAliasesGet GetImageAliases
- lxd/db: Rename ImageAliasGet to GetImageAlaias
- lxd/db: Rename ImageAliasRename to RenameImageAlias
- lxd/db: Rename ImageAliasDelete to DeleteImageAlias
- lxd/db: Rename ImageAliasesMove to MoveImageAlias
- lxd/db: Rename ImageAliasAdd to CreateImageAlias
- lxd/db: Rename ImageAliasUpdate to UpdateImageAlias
- lxd/db: Rename ImageCopyDefaultProfiles to CopyDefaultImageProfiles
- lxd/db: Rename ImageLastAccessUpdate to UpdateImageLastUseDate
- lxd/db: Rename ImageLastAccessInit to InitImageLastUseDate
- lxd/db: Rename ImageUpdate to UpdateImage
- lxd/db: Rename ImageInsert to CreateImage
- lxd/db: Rename ImageGetPools to GetPoolsWithImage
- lxd/db: Rename ImageGetPoolNamesFromIDs to GetPoolNamesFromIDs
- lxd/db: Rename ImageUploadedAt to UpdateImageUploadDate
- lxd/db: Rename ImagesGetOnCurrentNode to GetImagesOnLocalNode
- lxd/db: Rename ImagesGetByNodeID to GetImagesOnNode
- lxd/db: Replace ImageGetNodesWithImage with GetNodesWithImage
- lxd/db: Rename ImageGetNodesWithoutImage to GetNodesWithoutImage
- lxc/image: Actually refresh multiple images
- lxd/resources: Use permanent MAC when available
- lxd/qemu: Restrict NUMA layout to x86_64
- Consider all nodes when looking for the leader, not only voters
- Only attempt to transfer leadership if we are not standalone
- lxd/db: Rename NetworksNodeConfig to GetNetworksLocalConfig
- lxd/db: Rename NetworkIDsNotPending to GetNonPendingNetworkIDs
- lxd/db: Rename NetworkID to GetNetworkID
- lxd/db: Rename NetworkConfigAdd to CreateNetworkConfig
- lxd/db: Rename Networks to GetNetworks
- lxd/db: Rename NetworksNotPending to GetNonPendingNetworks
- lxd/db: Rename NetworksNotPending to GetNonNetworks
- lxd/db: Rename NetworkGetInterface to GetNetworkWithInterface
- lxd/db: Rename NetworkConfig to getNetworkConfig
- lxd/db: Rename NetworkCreate to CreateNetwork
- lxd/db: Rename NetworkUpdate to UpdateNetwork
- lxd/db: Rename NetworkConfigClear to clearNetworkConfig
- lxd/db: Rename NetworkDelete to DeleteNetwork
- lxd/db: Rename NetworkRename to RenameNetwork
- lxd/db: Rename NetworkNodeConfigKeys to NodeSpecificNetworkNodeConfig
- lxd/db: Rename ImageGet to GetImage
- lxd/db: Rename ImageAssociateNode to AddImageToLocalNode
- lxd/daemon: Detect nodev and improve errors
- lxd/db: Rename NodeByAddress to GetNodeByAddress
- lxd/db: Rename NodePendingByAddress to GetPendingNodeByAddress
- lxd/db: Rename NodeByName to GetNodeByName
- lxd/db: Rename NodeName to GetLocalNodeName
- lxd/db: Rename NodeAddress to GetLocalNodeAddress
- lxd/db: Rename Nodes to GetNodes
- lxd/db: Rename NodesCount to GetNodesCount
- lxd/db: Rename NodeRename to RenameNode
- lxd/db: Rename NodeAdd to CreateNode
- lxd/db: Rename NodeAddWithArch to CreateNodeWithArch
- lxd/db: Rename NodePending to SetNodePendingFlag
- lxd/db: Rename NodeUpdate to UpdateNode
- lxd/db: Rename NodeAddRole to CreateNodeRole
- lxd/db: Rename NodeRemoveRole to RemoveNodeRole
- lxd/db: Rename NodeUpdateRoles to UpdateNodeRoles
- lxd/db: Rename NodeRemove to RemoveNode
- lxd/db: Rename NodeHeartbeat to SetNodeHeartbeat
- lxd/db: Rename NodeOfflineThreshold to GetNodeOfflineThreshold
- lxd/db: Rename NodeClear to ClearNode
- lxd/db: Rename NodeWithLeastContainers to GetNodeWithLeastInstances
- lxd/db: Rename NodeUpdateVersion to SetNodeVersion
- lxd/db: Rename Operations to GetLocalOperations
- lxd/db: Rename OperationsUUIDs to GetLocalOperationsUUIDs
- lxd/db: Rename OperationNodes to GetNodesWithRunningOperations
- lxd/db: Rename OperationByUUID to GetOperationByUUID
- lxd/db: Rename OperationAdd to CreateOperation
- lxd/db: Rename OperationRemove to RemoveOperation
- lxd/db: Rename OperationFlush to removeNodeOperations
- lxd/db: Rename Patches to GetAppliedPatches
- lxd/db: Rename PatchesMarkApplied to MarkPatchAsApplied
- lxd/db: Rename Profiles to GetProfileNames
- lxd/db: Rename ProfileGet to GetProfile
- lxd/db: Rename ProfilesGet to GetProfiles
- lxd/db: Drop ProfileConfig
- lxd/db: Rename ProfileDescriptionUpdate to UpdateProfileDescription
- lxd/db: Rename ProfileConfigClear to ClearProfileConfig
- lxd/db: Rename ProfileConfigAdd to CreateProfileConfig
- lxd/db: Rename ProfileContainersGet to GetInstancesWithProfile
- lxd/db: Rename ProfileCleanupLeftover to RemoveUnreferencedProfiles
- lxd/db: Rename ProfilesExpandConfig to ExpandInstanceConfig
- lxd/db: Rename ProfilesExpandDevices to ExpandInstanceDevices
- lxd/storage/drivers/generic/vfs: Dont require access to block device when excluding root image file from rsync in genericVFSMigrateVolume
- lxd/storage/drivers/driver/zfs/volumes: Updates MigrateVolume to avoid need to premount snapshot volume
- test/suites/storage/volume/attach: Adds test for custom volume root perm persistence
- lxd/storage/drivers: Fixes custom volume root mount perm issue for BTRFS and DIR
- lxc/storage/drivers/volume: Removes keepDevice from Volume
- lxd/storage/drivers/driver/ceph/volumes: Removes keepDevice usage
- lxc/storage/drivers/driver/ceph/volumes: Mount changes
- lxd/storage/drivers/driver/ceph/volumes: UnmountVolume modifications
- lxd/storage/drivers/driver/ceph/volumes: Esnure permission on volume root set in CreateVolume
- lxd/resources: Skip NVME multipath entries
- lxd/db: Rename ProjectNames to GetProjectNames
- lxd/db: Rename ProjectMap to GetProjectIDsToNames
- lxd/db: Rename ProjectUpdate to UpdateProject
- lxd/db: Rename ProjectLaunchWithoutImages to InitProjectWithoutImages
- lxd/db: Rename RaftNodes to GetRaftNodes
- lxd/db: Rename RaftNodeAddresses to GetRaftNodeAddresses
- lxd/db: Rename RaftNodeAddress to GetRaftNodeAddress
- lxd/db: Rename RaftNodeFirst to CreateFirstRaftNode
- lxd/db: Rename RaftNodeAdd to CreateRaftNode
- lxd/db: Rename RaftNodeDelete to RemoveRaftNode
- lxd/db: Rename RaftNodesReplace to ReplaceRaftNodes
- lxd/db: Rename InstanceSnapshotConfigUpdate to UpdateInstanceSnapshotConfig
- lxd/db: Rename InstanceSnapshotID to GetInstanceSnapshotID
- lxd/db: Rename StoragePoolsNodeConfig to GetStoragePoolsLocalConfig
- lxd/db: Rename StoragePoolID to GetStoragePoolID
- lxd/db: Rename StoragePoolDriver to GetStoragePoolDriver
- lxd/db: Rename StoragePoolIDsNotPending to GetNonPendingStoragePoolsNamesToIDs
- lxd/db: Rename StoragePoolNodeJoin to UpdateStoragePoolAfterNodeJoin
- lxd/db: Rename StoragePoolConfigAdd to CreateStoragePoolConfig
- lxd/db: Rename StoragePoolNodeConfigs to GetStoragePoolNodeConfigs
- lxd/db: Rename StoragePools to GetStoragePoolNames
- lxd/db: Rename StoragePoolsNotPending to GetNonPendingStoragePoolNames
- lxd/db: Rename StoragePoolsGetDrivers to GetStoragePoolDrivers
- lxd/db: Rename StoragePoolGetID to GetStoragePoolID
- lxd/db: Rename StoragePoolGet to GetStoragePool
- lxd/db: Rename StoragePoolConfigGet to getStoragePoolConfig
- lxd/db: Rename StoragePoolCreate to CreateStoragePool
- lxd/db: Rename StoragePoolUpdate to UpdateStoragePool
- lxd/db: Rename StoragePoolConfigClear to clearStoragePoolConfig
- lxd/db: Rename StoragePoolDelete to RemoveStoragePool
- lxd/db: Rename StoragePoolVolumesGetNames to GetStoragePoolVolumesNames
- lxd/db: Rename StoragePoolVolumesGetAllByType to GetStoragePoolVolumesWithType
- lxd/db: Rename StoragePoolVolumesGet to GetStoragePoolVolumes
- lxd/db: Rename StoragePoolNodeVolumesGet to GetLocalStoragePoolVolumes
- lxd/db: Rename StoragePoolVolumeSnapshotsGetType to GetLocalStoragePoolVolumeSnapshotsWithType
- lxd/db: Rename StoragePoolNodeVolumesGetType to GetLocalStoragePoolVolumesWithType
- lxd/db: Rename StoragePoolNodeVolumeGetTypeByProject to GetLocalStoragePoolVolume
- lxd/db: Rename StoragePoolVolumeUpdateByProject to UpdateStoragePoolVolume
- lxd/db: Rename StoragePoolVolumeDelete to RemoveStoragePoolVolume
- lxd/db: Rename StoragePoolVolumeRename to RenameStoragePoolVolume
- lxd/db: Rename StoragePoolVolumeCreate to CreateStoragePoolVolume
- lxd/db: Rename StoragePoolNodeVolumeGetTypeIDByProject to GetStoragePoolNodeVolumeID
- lxd/db: Rename StoragePoolInsertZfsDriver to FillMissingStoragePoolDriver
- lxd/storage/zfs: Use TryUnmount
- ethtool: add ethtoolGset() helper
- Support two-phase creation of a storage pool on single-node cluster
- lxd/storage/drivers/driver/btrfs/utils: Adds setSubvolumeReadonlyProperty function
- lxd/storag/drivers/driver/btrfs/volumes: Removes readonly argument from snapshotSubvolume
- lxd/storage/drivers/driver/btrfs: d.setSubvolumeReadonlyProperty and d.snapshotSubvolume usage
- lxd/db: Rename StoragePoolVolumeGetType to GetStoragePoolVolume
- lxd/db: Rename StoragePoolVolumeSnapshotCreate to CreateStorageVolumeSnapshot
- lxd/db: Rename StoragePoolVolumeSnapshotUpdateByProject to UpdateStoragePoolVolumeSnapshot
- lxd/db: Rename StorageVolumeSnapshotExpiryGet to GetStorageVolumeSnapshotExpiry
- lxd/db: Rename StorageVolumeSnapshotsGetExpired to GetExpiredStorageVolumeSnapshots
- resources/ethtool: implement ETHTOOL_GLINKSETTINGS
- lxd/storage/drivers/driver/btrfs/utils: Adds getSubvolumesMetaData function
- lxd/storage/drivers/driver/btrfs/volumes: Maintain subvolume readonly state in snapshot
- lxd/storage/driversr/driver/btrfs/utils: Allow ro subvolumes to be deleted in deleteSubvolume
- lxd/storag/drivers/driver/btrfs/volumes: Updates MigrateVolume to send subvolumes
- lxd/storage/drivers/driver/btrfs/volumes: Fail backup when cleanup fails in BackupVolume
- lxd/storage/drivers/driver/btrfs/volumes: Better naming of variables in unpackVolume
- lxd/migration/migrate/proto: Adds BTRFS Features to offer header
- lxd/migration/utils: Adds GetBtrfsFeaturesSlice function
- lxd/migration/migration/volumes: Adds BTRFS feature support to TypesToHeader
- lxd/migration/migration/volumes: Adds BTRFS feature support to MatchTypes
- lxd/storage/drivers/driver/btrfs: Adds BTRFS features to MigrationTypes
- lxd/storage/memorypipe: Dont make ioutil.ReadAll panic on cancel
- lxd/storage/drivers/driver/btrfs/utils: Kill btrfs send on error in sendSubvolume
- lxd/storage/drivers/driver/btrfs/utils: Support subvolumes in receiveSubvolume
- lxd/storage/drivers/driver/btrfs/utils: Adds metadataHeader function
- lxd/storage/drivers/driver/btrfs/volumes: Updates CreateVolumeFromMigration to receive subvolumes
- lxd/db: Rename StorageVolumeNodeAddresses to GetStorageVolumeNodeAddresses
- lxd/db: Rename StorageVolumeDescriptionGet to GetStorageVolumeDescription
- lxd/db: Rename StorageVolumeNextSnapshot to GetNextStorageVolumeSnapshotIndex
- lxd/db: Rename StorageVolumeCleanupImages to RemoveStorageVolumeImages
- lxd/db: Rename StorageVolumeMoveToLVMThinPoolNameKey to UpgradeStorageVolumConfigToLVMThinPoolNameKey
- lxd/db: Update naming pattern for generated database code
- client/lxd_images: Fix backward compatibility
- lxd/storage/btrfs: Fix migration from snapshot
- shared/generate/db: Fix generation of Exists method
- lxd/db: Make generated code stable across "make update-schema" runs
- lxd/db: Leverage code-generation for certificates
- shared: Rewrite OpenPty without cgo
- openpty: use O_CLOEXEC directly
- openpty: use fchown()
- openpty: first unlock the master, then get a slave fd
- openpty: use TIOCGPTPEER if available
- lxd/storage/drivers/driver/lvm/utils: Adds lvmSnapshotSeparator constant and updates lvmFullVolumeName to use it
- lxd/storage/drivers/driver/lvm/utils: Adds lvmEscapedHyphen and updates lvmFullVolumeName usage
- lxd/storage/drivers/driver/lvm/utils: Adds parseLogicalVolumeSnapshot function
- lxd/storage/drivers/driver/lvm/utils: Adds tests for parseLogicalVolumeSnapshot
- lxd/storage/drivers/driver/lvm/volumes: Updates VolumeSnapshots to use parseLogicalVolumeSnapshot
- test: Adds tests for snapshot naming conflicts
- lxd/firewall/drivers: Fix nft syntax
- lxc/project: Fix remote handling
- tests: Fix bad project switch call
- lxd/seccomp: Fix profile conflict between projects
- lxd/storage/drivers/driver/lvm/utils: Adds activateVolume and deactivateVolume functions
- lxd/storage/drivers/driver/lvm/utils: Set --setactivationskip on in createLogicalVolume
- lxd/storage/drivers/driver/lvm/utils: Set --setactivationskip on in createLogicalVolumeSnapshot
- lxd/storage/drivers/driver/lvm/utils: Activate volume in copyThinpoolVolume when regeneration FS UUID
- lxd/storage/drivers/driver/lvm: Dont activate all volumes on pool mount
- lxd/storage/drivers/driver/lvm/volumes: Activate volume before generic copy in CreateVolumeFromCopy
- lxd/storage/drivers/driver/lvm/volumes: Activate volume in SetVolumeQuota
- lxd/storage/drivers/driver/lvm/volumes: Activate volume in MountVolume
- lxd/storage/drivers/driver/lvm/volumes: Deactivate volume in UnmountVolume
- lxd/storage/drivers/driver/lvm/volumes: Acticate volume before generic migrate in MigrateVolume
- lxd/storage/drivers/driver/lvm/volumes: Activate volume in MountVolumeSnapshot
- lxd/storage/drivers/driver/lvm/volumes: Deactivate volume in UnmountVolumeSnapshot
- lxd/storage/drivers/driver/lvm/volumes: Activate volume before FS UUID regen in RestoreVolume
- openpty: fix TIOCGPTPEER usage
- Make network address bind error fatal when clustered
- lxd/storage/drivers/driver/btrfs/utils: Renames metadatHeader to restorationHeader
- lxd/storage/drivers/driver/btrfs/volumes: d.restorationHeader usage
- lxd/storage/drivers/driver/btrfs/volumes: Clarifies comments in MigrateVolume
- lxd/storage/drivers/driver/btrfs/volumes: Adds safety net against failed matching of subvolumes
- lxd/storage/drivers/driver/btrfs/utils: Fix deleteSubvolume to support recursive delete with intermediate ro subvols
- lxd/storage/drivers/utils: Mark BTRFSSubVolumeMakeRo and BTRFSSubVolumeMakeRw deprecated
- lxd/storage/drivers/driver/btrfs/volumes: Updates RestoreVolume to restore subvolume ro property
- test: Adds BTRFS subvolume tests
- lxd/storage/memorypipe: Fixes issue with partial reads losing data
- lxd/storage/drivers/driver/btrfs/volumes: Restores subvolumes ro property in CreateVolumeFromCopy
- lxd/storage/drivers/driver/btrfs/utils: Adds marshal tags to BTRFSSubVolume and BTRFSMetaDataHeader
- lxd/device/nic/bridged: Updates github.com/mdlayher/netx/eui64
- fix IPVLAN docs
- lxd/cluster: Don't run a connection proxy when connecting with the Go dqlite client
- lxd/cluster: Extract dqlite network proxy logic to standalone function and support cancellation
- lxd/cluster: Use dqliteProxy in raftDial
- lxd/cluster: Use ReadClose() to gracefully stop the dqlite proxy
- lxd/device/device/utils/generic: Removes deviceNameEncode and deviceNameDecode
- lxd/storage/drivers/utils: Adds PathNameEncode and PathNameDecode
- lxd/device/device: PathNameEncode and PathNameDecode usage
- lxd/storage/drivers/driver/types: Adds OptimizedBackupHeader field to Info
- lxd/backup/backup: Adds OptimizedHeader field to Info struct
- lxd/backup: Updates backupWriteIndex to populate the OptimizedHeader field
- lxd/storage/drivers/driver/btrfs: Sets OptimizedBackupHeader to true in Info struct response
- lxd/storage/drivers/driver/btrfs/utils: Adds warning to BTRFSSubVolume and BTRFSMetaDataHeader about shared usage
- lxd/storage/drivers/driver/btrfs/volumes: Updates BackupVolume to add subvolumes to optimized backup file
- lxd/storage/drivers/interface: Update CreateVolumeFromBackup to pass srcBackup backup.Info
- lxd/storage/backend/lxd: Pass srcBackup in CreateInstanceFromBackup
- lxd/storage/drivers: CreateVolumeFromBackup srcBackup backup.Info usage
- lxd/backup/backup: Updates GetInfo to set optimizedHeaderFalse false if not present in yaml file
- lxd/storage/drivers/driver/btrfs/utils: Adds loadOptimizedBackupHeader
- lxd/storage/drivers/driver/btrfs/volumes: Updates CreateVolumeFromBackup to restore subvolumes using optimized header file
- lxd/storage/drivers/driver/btrfs/volumes: Simplifies parent volume logic in BackupVolume
- lxd/storage/drivers/driver/btrfs/volumes: Simplifies parent volume logic for MigrateVolume
- test: Adds BTRFS backup subvolume tests
- lxd/storage/drivers/driver/btrfs/utils: Removes receiveSubvolume
- lxd/storage/drivers/driver/btrfs/utils: Adds receiveSubVolume function
- lxd/storage/drivers/driver/btrfs/volumes: Updates CreateVolumeFromMigration to use receiveSubVolume
- lxd/resources/memory: Fix memory calculation
- lxd: Improve logging of shutdown errors
- lxd/instances/post: Delete restored instance on backup post hook failure
- Fix 'how to mount home directory' shiftfs FAQ
- shared: build fs_{32,64}bit.go on mips*
- lxd/util: build fs_{32,64}bit.go on mips*
- lxd/rsync: Adds optional rsync arguments to LocalCopy
- lxd/storage/utils: Fixes ImageUnpack to not erase generated rootfs block file when doing rsync
- ethtool: don't report -1 for speed in ethtoolLink()
- lxd/storage/quota/projectquota: Fixes leaking file handles in quota_set_path and quota_get_path
- lxd/storage/quota/projectquota: Adds inherit argument to quota_set_path
- lxd/storage/quota/projectquota: Updates SetProject to recursively set project and support non-directory files
- lxd/storage/drivers/driver/dir/utils: Updates deleteQuota to use DeleteProject
- lxd/storage/drivers/driver/dir/volumes: Adds quota revert in CreateVolumeFromBackup post hook
- Always skip offline servers when rebalancing
- When demoting a voter to spare, transition to stand-by first
- test/clustering: Make sure that a killed voter can't dsirupt current leader
- lxd/cluster: Use a dedicated channel to stop the dqlite proxy
- lxd: Call Deamon.Kill() also when receiving signals (so db transactions won't be retried)
- lxd/db: Add Cluster.Kill() method to prevent retrying upon shutdown
- lxd/firewall/drivers/driver/nftables/templates: Fixes proxy nat rule dynamic family
- shared/util_linux.go: cast Rdev uint64 for mips
- lxd/storage/quota/projectquota.go: cast Rdev uint64 for mips
- lxd/device/device_utils_unix.go: cast Rdev uint64 for mips
- lxd/device/gpu.go: cast Rdev uint64 for mips
- shared: Reimplement GetPollRevents without cgo
- lxd-agent: Build statically
- Drop gccgo
- lxd-p2c: Drop cgo
- shared/ucred: Cleanup package
- lxd/api: Don't strip double slashes
- lxd/operations: Improve error message when database insertion fails
- lxd/db: Change UpdateCertificate to RenameCertificate (only renaming supported)
- lxd/db: Rename containers.go to instances.go
- shared/generate/db: Statement for deleting references (config and devices)
- lxd/db: Generate delete stements for profile config and devices
- shared/generate/db: update statement: take ID instead of natural key
- shared/generate/db: Handle config and devices in Update method
- lxd/db: Generate Update method for profiles
- lxd: Plug new UpdateProfile() db method into doProfileUpdate
- lxd: Plug new UpdateProfile() db method into updatePoolPropertyForAllObjects
- lxd/db: Generate delete statements for instance config, devices and profiles
- lxd/db: Generate UpdateInstance method
- lxd/instance: Plug the new UpdateInstance method and replace legacy logic
- lxd/db: Drop AddDevicesToEntity
- lxd/storage/drivers/driver/common: Logging quoting consistency
- lxd/storage/drivers: Adds storage_lvm_skipactivation patch
- test: Drive-by fix for flaky clustering rebalance test
- Recommend to increase the value of aio-max-nr for production use
- lxd/firewall/firewall/interface: Change definition of Compat() to return compat issue error
- lxd/firewall/drivers/driver/nftables: Updates Compat() to return compat issues as error
- lxd/firewall/drivers/drivers/xtables: Updates Compat() to return compat issues as error
- shared/simplestreams: Support uefi1.img
- lxd/firewall/firewall/load: Updates driver detection to warn when falling back to non-compatible xtables
- lxd/storage/pools: Improves delete pool error info
- instance_exec: don't panic
- lxd/qemu: Handle quoted raw.qemu
- lxd/main_forkproxy: Reduce logging
- lxd/networks: Warn on small IPv6 subnets
- lxd/network: Force DHCP custom gateway
- lxc/list: Add disk and memory columns
- i18n: Update translation template
- lxd/storage/drivers: Make sure tar reader context is cancelled before defer
- lxc/list: Fix test
- shared/archive: Wraps cancelFunc to wait until unpacker process has finished in CompressedTarReader
- lxd/cluster: Transfer leadership before adjusting roles, not after
- lxd/cluster: Add time skew detection
- test: Wait a few more seconds for the rebalance to happen
- lxd/daemon.go: Don't try to rebalance after shutdown sequence has started
- lxd/cluster: Don't try to rebalance a standalone node
- lxc/ucred: Simplify logic
- lxd/qemu: Cleanup arch checks
- lxd/qemu: Add s390x support
- lxd/api: Fail /internal/ready requests made after shutdown has started
- lxc/config: Add -e shorthand
- forkfile: port to using pidfds
- forkmount: port to using pidfds
- forkproxy: port to using pidfds
- syscall_numbers: update
- forknet: port to pidfds
- forkuevent: port to pidfds
- forksyscall: port to pidfds
- daemon: record "pidfd" extension
- lxd/storage/lvm: Correct bad VG name in patch
- shared/subprocess: Better handle slow systems
- tests: Don't assume bridge MTU can be forced up
- fork*: add "--" to not misinterpret negative integers as flags
- lxd/storage/utils: Removes unused name arg from VolumeFillDefault
- lxd/instance/drivers: storagePools.VolumeFillDefault usage
- lxd/patches: driver.VolumeFillDefault usage
- lxd/storage/utils: VolumeFillDefault usage
- lxd/storage/utils: Updates VolumeValidateConfig to require volume type
- lxd/storage/utils: Adds VolumeDBTypeToType function
- lxd/storage/utils: Updates VolumeDBCreate to pass volume type
- lxd/storage/drivers/utils: Updates ensureVolumeBlockFile to reject unsafe volume shrinking
- lxd/storage/drivers/geneirc/vfs: Removes genericVFSResizeBlockFile
- lxd/storage/drivers: ensureVolumeBlockFile usage
- lxd/storage/drivers/volume: Adds SetQuota function
- lxd/storage/drivers/volume: Adds config functions
- lxd/storage/drivers/driver/lvm/utils: Removes functions moved into Volume struct
- lxd/storage/drivers/driver/lvm/utils: Usage of volume config functions
- lxd/storage/drivers/driver/lvm/volumes: Volume config function usage
- lxd/storage/drivers: Replace volumeSize() with vol.ConfigSize()
- forknet: add missing "--" to forknet invocation on detach
- process_utils: remove a bunch of unused functions
- lxd: Make use of ExitCode
- share/subprocess: Reduce sleep back to 5
- lxd/instances/lxc: Fix calls to forknet
- forkmount: prevent interpreting negative numbers as flags
- shared/subprocess: Ensure monitor routine exits
- shared/subprocess: Properly reset state
- tests: Fix btrfs test on non-shiftfs
- tests: Old kernels don't let you rmdir btrfs
- lxd/db: Use query.SelectString helper in GetLocalImages()
- lxd/db: Use query.SelectString helper in GetImagesFingerprints()
- shared/generate/db: Support int64 fields
- lxd/db: Initial code generation for images (without references)
- lxd/db: Use the generated GetImages code to implement GetExpiredImages
- lxd/db: Use query.SelectObjects helper in GetImageSource
- lxd/db: Use query.SelectStrings helper in ImageSourceGetCachedFingerprint
- lxd/db: Use query.Count helper in ImageExists
- lxd/db: Use query.Count helper in ImageIsReferencedByOtherProjects
- lxd/db: Use query.UpsertObject helper in CreateImageSource
- lxd/cluster: Drive-by fix for flaky rebalance test
- lxd/db: Usage query.DeleteObject to implement DeleteImage
- lxd/db: Use query.SelectStrings to implement GetImageAliases
- lxd/db: Use a single transaction in GetImageAlias
- lxd/db: Use a single transaction in DeleteImageAlias
- lxd/db: Use single transaction in CreateImageAlias
- lxd/db: Usage single transaction in CreateImage
- lxd/db: Use query.SelectIntegers helper in GetPoolsWithImage
- lxd/db: Use a single transaction in GetPoolNamesFromIDs
- lxd/db: Use explicit transaction in GetInstanceProjectAndName
- lxd/db: Drop unused DeleteInstanceConfig
- shared/subprocess: Fix Stop handling
- lxd/storage/utils: Updates ImageUnpack to detect too small volume for qcow2 image and increase size before unpack
- lxd/storage/utils: Adds checks to ImageUnpack before enlarging volume
- lxd/storage/drivers/driver/types: Updates VolumeFiller Fill function to take a Volume
- lxd/storage: Updates volume filler usage to supply Volume rather than mount path
- lxd/storage/drivers/volume: Adds ConfigSizeFromSource function
- lxd/storage/drivers/driver/lvm/utils: Updates copyThinpoolVolume to only use vol.config["size"] for resizing
- lxd/storage/drivers/driver/lvm/utils: Updates Volume type in createLogicalVolumeSnapshot definition
- lxd/storage/drivers/driver/common: Adds runFiller function
- lxd/storage/backend/lxd: Updates imageFiller to return volume size
- lxd/storage/backend/lxd: Updates CreateInstanceFromImage to load image vol DB record
- lxd/storage/backend/lxd: Updates EnsureImage to record volatile.rootfs.size for block images
- lxd/storage/drivers/driver/types: Updates VolumeFiller definition to store size
- lxd/storage/utils: Validates volatile.rootfs.size key for image volumes in validateVolumeCommonRules
- lxd/storage/utils: Updates ImageUnpack to return image virtual size
- lxd/storage/drivers/driver/btrfs/volumes: d.runFiller usage
- lxd/storage/drivers/driver/ceph/volumes: d.runFiller usage
- lxd/storage/drivers/driver/cephfs/volumes: d.runFiller usage
- lxd/storage/drivers/driver/dir/volumes: d.runFiller usage
- lxd/storage/drivers/driver/lvm/volumes: d.runFiller usage
- lxd/storage/drivers/driver/zfs/volumes: d.runFiller usage
- lxd/storage/drivers/volume: Adds SetConfigSize function
- lxd/storage/backend/lxd: Updates CreateInstanceFromImage to use vol.ConfigSizeFromSource to dervice volume size
- lxd/storage/drivers: Updates CreateVolumeFromCopy to only use vol.config["size"] for resizing
- lxd: Reduce number of transactions in containerPostClusteringMigrate
- lxd/db: Use query.SelectStrings helper in LegacyContainersList
- lxd/db: Rename dbDeviceTypeToString to deviceTypeToString
- lxd/storage/drivers/utils: ensureVolumeBlockFile comment clarification
- lxd/storage/drivers/utils: Renames BlockDevSizeBytes to BlockDiskSizeBytes
- lxd/storage/utils: drivers.BlockDiskSizeBytes usage
- lxd/storage/utils: Simplifies InstanceDiskBlockSize with drivers.BlockDiskSizeBytes usage
- lxd/storage/drivers/generic/vfs: Simplifies genericVFSBackupVolume with drivers.BlockDiskSizeBytes usage
- lxd/storage/backend/lxd: Whitespace in CreateInstanceFromBackup
- lxd/storage/drivers/driver/ceph/volumes: BlockDiskSizeBytes usage in SetQuota
- lxd/storage/drivers: Updates dir and btrfs to support filler volume enlargement
- lxd/db: Group ClusterTx instance methods together
- lxd/db: Rename AddProfilesToInstance to addProfilesToInstance
- lxd/db: Move instance backup methods to backups.go
- lxd/db: Rename InstanceBackupArgs to InstanceBackup
- lxd/db: Remove unused profile functions
- lxd/db: Move storage volumes methods to storage_volumes.go
- lxd/storage/drivers/volume/test: Adds tests for Volume.ConfigSizeFromSource()
- forkuevent: fix slice allocation
- unix-hotplug: fix uevent injection
- lxd/db: Use auto-generated GetImages() to implement GetImage()
- lxd/db: Use auto-generated GetImages to implement GetImageFromAnyProject
- lxd/db: Group ClusterTx image methods together
- lxd/db: Rename ImageSourceGetCachedFingerprint to GetCachedImageSourceFingerprint
- lxd/images: Set CreatedAt on publish
- lxd: New command line option to trace SQL statements
- lxd/firewall/drivers/drivers/xtables: Updates iptablesInUse to kill process once first rule found
- lxd/backup: Fixes hang in backupCreate when invalid compression argument supplied
- lxd/storage/utils: Removes duplicated qemu-img call in ImageUnpack
- lxd/storage/utils: Switch to qemu-img dd mode in ImageUnpack
- lxd/storage/drivers/utils: Exports MinBlockBoundary
- lxd/storage/drivers: MinBlockBoundary usage
- lxd/resources: Handle missing cache size/type
- Update documentation with backup compression
- lxd/rbac: New notification API
- lxd/firewall/nft: Enhance support detection
- Fix regression in GetImageFromAnyProject
- doc/security: Adds notes about IPv6 router advertisement security
- lxd/device/nic: Changes nicValidationRules to properly validation vlan
- lxd/device/nic/bridged: Adds revert for veth pair cleanup on error
- lxd/firewall/drivers/drivers/xtables: Drops tagged vlan frames when using IP filtering
- lxd/firewall/drivers/drivers/nftables: Drops tagged vlan frames when using IP filtering
- lxd/network/network/utils: Improve comments on ovs switch attach/detach
- lxd/network/network/utils: Improves arg name in network attach/detach functions
- lxd/device/bic/bridged: Fixes openvswitch port leak when device is stopped
- lxd/network/utils: Adds IsNativeBridge function
- lxd/maas: Fix support for multiple subnets
- lxd/maas: Support projects
- lxd/dnsmasq: Add project suffix
- Remove incorrect statement about supported network devices with virtual machines According documentation supported types with virtual machines are physical, bridged, macvlan, p2p, sriov
- lxd/rbac: Fix auth for non-RBAC trusted clients
- global: Add riscv64 to build tags
- Stop using Driver.SetContextTimeout() which is a no-op
- use the coreos fork of boltdb since the original is archived/abandoned
- lxd/device/device/utils/network: Adds networkValidVLAN and networkValidVLANList functions
- lxd/device/device/utils/network: Allow VLAN ID 0 in networkValidVLAN
- lxd/instance/drivers/driver/lxc: Adds debug logging to deviceStop
- lxd/instance/drivers/driver/lxc: Adds driver revert on failed start in startCommon
- lxd/instance/drivers/driver/qemu: Adds debug logging to deviceStop
- lxd/instance/drivers/driver/qemu: Simplifies failed start device cleanup in Start
- lxd/storage/drivers/driver/ceph/utils: Removes getRBDFilesystem
- lxd/storage/drivers/driver/ceph: Replaces use of d.getRBDFilesystem with vol.ConfigBlockFilesystem
- lxd/storage/drivers/volume: Adds ConfigBlockMountOptions function
- lxd/storage/drivers/driver/ceph/utils: Removes getRBDMountOptions in place of vol.ConfigBlockMountOptions()
- lxd/storage/drivers/driver/lvm/utils: Removes volumeMountOptions in place of vol.ConfigBlockMountOptions()
- lxd/storage/drivers: Replaces driver specific mount options resolution with vol.ConfigBlockMountOptions()
- shared/api: Extend NetworkState for bridge/bond
- lxd/rbac: Don't close body when missing
- doc/storage: Cover host/disk/loop setups
- lxd/init: Tweak default loop sizing
- lxd/vm: Rename some functions
- client: Expand snap path in ConnectLXDUnix
- client: Fix ConnectLXDUnix regression
- lxd/vm: Fix PCIe slot for physical/sriov nic
- lxd/vm: Add virtio-vga card
- lxd/vm: Add spice channel
- lxd/instance/drivers/driver/qemu: Integrates built in GPU device PCI range with future passthrough GPU devices
- lxd/instance/drivers/driver/qemu/templates: Updates built in GPU device to use GPU address range prefix
- lxd/vm: Move to separate devices
- lxd/vm: Remove tiny wrapper functions
- lxd/vm: Per-architecture bus type
- add type to specify the instance type on creation Signed-off-by: Salem Yaslem s@sy.sa
- lxd/vm: Centralize port generation
- lxd/device: Sort nic devices ahead of others
- lxd/device/device/utils/generic: Adds PCI management functions for overriding driver
- lxd/device/device/utils/network: Removes network specific PCI bind/unbind functions
- lxd/device/nic/physical: Updates to use generic PCI management functions
- lxd/device/nic/sriov: Updates to use generic PCI management functions
- lxd/vm: Separate template keys in global/local
- lxd/vm: Use virtio-gpu-pci on non-x86
- lxd/vm: Rename qemuVGA to qemuGPU
- lxd/vm: Add virtio-input keyboard/mouse
- lxd/vm: Move bus allocator to own file
- lxc/volume: Fix typo in help message
- lxc/snapshot: Allow using snapshot delimiter
- doc/instances: Updates GPU device docs to show VM support
- lxd/device/gpu: Updates validation for VM support
- lxd/device/config/device/runconfig: Adds GPU field to RunConfig
- lxd/device/device/utils/generic: pciDeviceDriverOverride only check for driver binding if specified
- lxd/device/gpu: Adds VM GPU passthrough support
- lxd/instance/drivers/driver/qemu/templates: Consistent naming and casing for net dev templates
- lxd/instance/drivers/driver/qemu: Consistent net dev naming usage
- lxd/instance/drivers/driver/qemu/templates: Adds qemuGPUDevPhysical template
- lxd/instance/drivers/driver/qemu: Adds GPU passthrough support
- lxd/instance/drivers/driver/qemu/bus: Adds comments, clarifies var names, and constants for defined multi-function groups
- lxd/instance/drivers/driver/qemu: Switches to multi-function group constants and adds comments
- lxd/instance/drivers/qmp/monitor: Allow serial char device name to be passed in
- lxd/instance/drivers/driver/qemu: Defines qemuSerialChardevName to share with qemu and qmp
- lxd/instance/drivers/driver/qemu: qemuSerialChardevName usage
- lxd/instance/drivers/driver/qemu/templates: Add serial chardev name injection
- lxd/storage/quota/projectquota: Only set quota on directories and regular files
- lxd/db: Automatically strip ?project=default
- lxc/action: Properly handle --all with remotes
- lxd/projects: Properly clear empty keys
- lxd/db: Add missing feature to default project
- lxd/instance/drivers/driver/qemu: Pass-through GPU VGA mode status from host
- i18n: Update translation templates
- lxd/storage/drivers/driver/zfs/volumes: Remove snapshot when migrating as main volume
- lxd/cluster/heartbeat: Fix race in HeartbeatNode
- lxc/console: Split Console to own function
- lxc/start: Allow direct console attach
- i18n: Update translation templates
- lxd/instance/drivers/driver/qemu: Only enable GPU vga mode on x86_64 systems
- lxd/resources: Fix golint warning
- doc/api-extensions: Fix escaping
- api: resource_cpu_isolated
- lxd/resources: Add Isolated property
- lxd/resources: Don't use shared
- lxd/devices: Use resources for cpuset parsing
- lxc: Don't over-escape URLs
- lxd: Don't over-escape URLs
- lxd/db/storage: Rework UsedBy for pools
- lxd/instance/drivers/driver/qemu: Adds trans=virtio to 9p mounts
- lxc/action: Also add --console to restart
- lxd/resources/net: More flexible PCI detection
- lxc/query: Add path check
- i18n: Update translation templates
- tests: Fix bad lxc query call
- lxd/storage-pools: Tweak UsedBy URLs
- lxd/db: Tweak joins
- lxd/db: Fix UsedBy on projects
- lxd/storage_volumes: Fix UsedBy
- api: usedby_consistency
- lxd-agent/main/agent: Fix 9p mount when relative target path is supplied
- test: Updates udhcpd args to ensure process quits one lease acquired
- util_linux: update terminology
- lxd/networks: Reports profiles in UsedBy
- lxd: Fix snapshot index retrieval
- lxd/backups: Use backups dir for unpack
- lxd/vm: Add udev rule fallback
- lxd/images: Set arch names when downloading
- lxd: More flexible compression algorithms
- tests: Add test for compression options
- doc/rest-api: Rename rootfs to root
- doc/rest-api: Fix instance PATCH example
- lxd: Fix building with clang
- lxd/db: Add missing criteria for querying a specific public image
- lxd/db: Add the Errored storage state when rendering the Status field
- lxd/cluster: If raft node 1 gets remove during recovery, add it back
- lxd/db: Make GetNework() return an error if the network is pending
- lxd/db: Rename NetworkCreatePending to CreatePendingNetwork
- lxd/db: Make GetStoragePool() return an error if the pool is pending
- lxd/db: Rename StoragePoolCreatePending to CreatePendingStoragePool
- lxd/firewall: Filter unwanted ethernet frame types when IP filtering is enabled
- lxd/storage/drivers: Bump VM fs size to 100MB
- lxd/db: Fix UsedBy for profiles on storage pools
- lxd/storage: Use Truncate to create/grow VM files
- lxd/db: Consider personalities in GetNodeWithLeastInstances
- lxd/db: Avoid test failure in arch matching
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.2 リリースのお知らせ¶
5th of June 2020
はじめに ¶
LXD チームは、LXD 4.2 のリリースをお知らせすることにとてもワクワクしています!
このリリースでは、完全に新しい機能の導入と、多数のバックグラウンドの安定性の向上と速度の改良を行っています。
このリリースでのネットワークの改良は、プロジェクトごとの仮想ネットワークを OVN を使って実装するという最終的なゴールへ向かって設定した作業の始まりを示しています。この一環として、既存の OVS の扱いをいくつか修正し、VLAN フィルタリングと設定レポートをいくつか LXD に追加しました。
データベースやクラスタリングロジックの改良、問題の修正、テストカバレッジの改良、パフォーマンスの改善にもかなりの努力が払われています。
最後の注目点はセキュリティです。我々がここ数ヶ月〜数年の間に行ってきたアップストリームのカーネルでの作業から利益が得られるようになっています。このような機能を使って競合状態を避けながら、全体的に LXD をスピードアップしています。
Enjoy!
新機能とハイライト ¶
ブリッジでの VLAN フィルタリング ¶
物理的なネットワークスイッチに精通している人は、ポートやボンディングにタグなしやタグ付きの VLAN を設定するのに慣れているでしょう。Linux のソフトウェアスイッチでも、タグなし VLAN のポートごとの選択や、タグ付き VLAN のリストを全く同じように扱えます。
今回のリリースで、LXD はネイティブな Linux のブリッジと OVS の両方をサポートするようになりました。
ブリッジされた nic での vlan と vlan.tagged 設定キーを通して実装されます。vlan プロパティはタグなし VLAN を制御します。一方で、vlan.tagged は通過させるカンマ区切りのタグ付き VLAN のリストです。
ネットワーク状態情報の拡張 ¶
/1.0/networks/NAME/state API エンドポイントが拡張され、ボンディングとブリッジ固有の詳細が表示できるようになりました。これにより、LXD ホストをリモートから調査するのが容易になりました。特にクラスターの場合に役に立ちます。
ボンディングの詳細は次のように見えます:
stgraber@castiana:~$ lxc query /1.0/networks/bond0/state | jq .bond
{
"down_delay": 500,
"lower_devices": [
"dum0",
"dum1"
],
"mii_frequency": 100,
"mii_state": "up",
"mode": "balance-rr",
"transmit_policy": "layer2",
"up_delay": 100
}
ブリッジの詳細は次のように見えます:
stgraber@castiana:~$ lxc query /1.0/networks/lxdbr0/state | jq .bridge
{
"forward_delay": 1500,
"id": "8000.06099e00b912",
"stp": false,
"upper_devices": [
"tap1053b4fd",
"tapef45d46d",
"veth1651f83f",
"veth8eb3fb1a"
],
"vlan_default": 1,
"vlan_filtering": true
}
カスタムの検索ドメインのサポート ¶
新たにネットワークで domain.search 設定キーが設定でき、これを使ってインスタンスに広告する検索のためのドメインのリストをカンマ区切りで設定するために使えます。
ネットワークリストの新たな IPv4 と IPv6 カラム ¶
lxc network list のデフォルト出力で新たに IPv4 と IPv6 のサブネットを表示するようになりました。
ネットワークを識別するのがかなり簡単になりました。
stgraber@castiana:~$ lxc network list +--------+----------+---------+----------------+---------------------------+-------------+---------+ | NAME | TYPE | MANAGED | IPV4 | IPV6 | DESCRIPTION | USED BY | +--------+----------+---------+----------------+---------------------------+-------------+---------+ | bond0 | bond | NO | | | | 0 | +--------+----------+---------+----------------+---------------------------+-------------+---------+ | eth0 | physical | NO | | | | 0 | +--------+----------+---------+----------------+---------------------------+-------------+---------+ | eth1 | physical | NO | | | | 0 | +--------+----------+---------+----------------+---------------------------+-------------+---------+ | lxdbr0 | bridge | YES | 10.166.11.1/24 | fd42:4c81:5770:1eaf::1/64 | | 16 | +--------+----------+---------+----------------+---------------------------+-------------+---------+ | wlan0 | physical | NO | | | | 0 | +--------+----------+---------+----------------+---------------------------+-------------+---------+
コンテナで mips と riscv64 の VM で s390x のサポート ¶
色々な MIPS バリアントのサポートが追加され、LXD で MIPS システムをビルドして実行できるようになりました。
RISC-V 64bit のサポートも追加され、コンテナで動作することを確認しました。
ubuntu@riscv64:~$ lxc list -cns46ta +------+---------+----------------------+-----------------------------------------------+-----------+--------------+ | NAME | STATE | IPV4 | IPV6 | TYPE | ARCHITECTURE | +------+---------+----------------------+-----------------------------------------------+-----------+--------------+ | b1 | RUNNING | 10.108.12.160 (eth0) | fd42:5832:5781:1eaf:216:3eff:fedd:884d (eth0) | CONTAINER | riscv64 | +------+---------+----------------------+-----------------------------------------------+-----------+--------------+
両方とも、事実上イメージが存在しないので、今の所は Busybox を使うしかありません。
VM 側では、s390x 仮想マシンのサポートを追加しました。
すべてのコンテナのサブプロセスで pidfd を使用 ¶
LXD はコンテナ由来の PID を受け取るサブプロセスを頻繁に生成します。 これは状況次第では競合状態になる可能性があります。プロセスが終了し、我々がそれを検知する前に PID がリサイクルされる可能性があり、偶然間違った相手とやりとりしてしまう可能性があります。
Linux カーネルの pidfd に関する @brauner 氏の作業はこれを修正することを目的としています。LXD と LXC は PID を渡すのではなく、可能な限りファイルディスクリプタを特定のプロセスに渡すようにしています。
LVM ボリュームは必要なときのみアクティブに ¶
LVM はインスタンスが実行されていない限り、LV を非アクティブに保つことにより、ZFS や CEPH と同じように動作します。これにより /dev が乱雑さが減少し、小さなパフォーマンスの向上につながる可能性があります。
DB クエリのトレースサポート ¶
LXD のデータベースクエリをデバッグするために、新たに trace オプションが追加されました。
デーモンを --debug --trace database オプション付きで起動すると、すべての SQL クエリがログに記録されます。
より良いクラスターライフサイクルの扱い ¶
最近、外部の dqlite/raft/libco プロジェクトに対する自動テストを拡張し、他のダウンストリームユーザーが発見した多数の問題を修正し、LXD のロジックの一部をアップストリームのコードベースに移動しました。
LXD のクラスタリングテストは、リーダーシップの変更、ノードの再起動、デグレードのセットアップのより多くのケースをテストするために拡張されました。
クラスター化された環境でよくある問題の原因は時間のズレ(Time skew)です。数秒以上ずれると、スケジュールされたタスクやイベントなどで大混乱が引き起こされる可能性があります。これを解決するために、LXD は時間のズレを検出する方法として内部的なハートビートを使います。そして検出されたり解決された場合にログに警告を出力するようになりました。
データベース関数のクリーンアップ ¶
データベースの面では、データベースロジックのより多くがコードジェネレーターに移動され、コードを書く際にミスをするリスクを制限しています。その結果、多数の関数が非推奨となり、コードパスの一部が単一のトランザクション内で実行されるように最適化されました。
すべての変更点(翻訳なし)¶
Here is a complete list of all changes in this release:
- shared/generate/db: Fix generation of Exists method
- lxd/db: Make generated code stable across "make update-schema" runs
- lxd/db: Leverage code-generation for certificates
- shared: Rewrite OpenPty without cgo
- openpty: use O_CLOEXEC directly
- openpty: use fchown()
- openpty: first unlock the master, then get a slave fd
- openpty: use TIOCGPTPEER if available
- lxd/storage/drivers/driver/lvm/utils: Adds lvmSnapshotSeparator constant and updates lvmFullVolumeName to use it
- lxd/storage/drivers/driver/lvm/utils: Adds lvmEscapedHyphen and updates lvmFullVolumeName usage
- lxd/storage/drivers/driver/lvm/utils: Adds parseLogicalVolumeSnapshot function
- lxd/storage/drivers/driver/lvm/utils: Adds tests for parseLogicalVolumeSnapshot
- lxd/storage/drivers/driver/lvm/volumes: Updates VolumeSnapshots to use parseLogicalVolumeSnapshot
- test: Adds tests for snapshot naming conflicts
- lxd/firewall/drivers: Fix nft syntax
- lxc/project: Fix remote handling
- tests: Fix bad project switch call
- lxd/seccomp: Fix profile conflict between projects
- lxd/storage/drivers/driver/lvm/utils: Adds activateVolume and deactivateVolume functions
- lxd/storage/drivers/driver/lvm/utils: Set --setactivationskip on in createLogicalVolume
- lxd/storage/drivers/driver/lvm/utils: Set --setactivationskip on in createLogicalVolumeSnapshot
- lxd/storage/drivers/driver/lvm/utils: Activate volume in copyThinpoolVolume when regeneration FS UUID
- lxd/storage/drivers/driver/lvm: Dont activate all volumes on pool mount
- lxd/storage/drivers/driver/lvm/volumes: Activate volume before generic copy in CreateVolumeFromCopy
- lxd/storage/drivers/driver/lvm/volumes: Activate volume in SetVolumeQuota
- lxd/storage/drivers/driver/lvm/volumes: Activate volume in MountVolume
- lxd/storage/drivers/driver/lvm/volumes: Deactivate volume in UnmountVolume
- lxd/storage/drivers/driver/lvm/volumes: Acticate volume before generic migrate in MigrateVolume
- lxd/storage/drivers/driver/lvm/volumes: Activate volume in MountVolumeSnapshot
- lxd/storage/drivers/driver/lvm/volumes: Deactivate volume in UnmountVolumeSnapshot
- lxd/storage/drivers/driver/lvm/volumes: Activate volume before FS UUID regen in RestoreVolume
- openpty: fix TIOCGPTPEER usage
- Make network address bind error fatal when clustered
- lxd/storage/drivers/driver/btrfs/utils: Renames metadatHeader to restorationHeader
- lxd/storage/drivers/driver/btrfs/volumes: d.restorationHeader usage
- lxd/storage/drivers/driver/btrfs/volumes: Clarifies comments in MigrateVolume
- lxd/storage/drivers/driver/btrfs/volumes: Adds safety net against failed matching of subvolumes
- lxd/storage/drivers/driver/btrfs/utils: Fix deleteSubvolume to support recursive delete with intermediate ro subvols
- lxd/storage/drivers/utils: Mark BTRFSSubVolumeMakeRo and BTRFSSubVolumeMakeRw deprecated
- lxd/storage/drivers/driver/btrfs/volumes: Updates RestoreVolume to restore subvolume ro property
- test: Adds BTRFS subvolume tests
- lxd/storage/memorypipe: Fixes issue with partial reads losing data
- lxd/storage/drivers/driver/btrfs/volumes: Restores subvolumes ro property in CreateVolumeFromCopy
- lxd/storage/drivers/driver/btrfs/utils: Adds marshal tags to BTRFSSubVolume and BTRFSMetaDataHeader
- lxd/device/nic/bridged: Updates github.com/mdlayher/netx/eui64
- fix IPVLAN docs
- lxd/cluster: Don't run a connection proxy when connecting with the Go dqlite client
- lxd/cluster: Extract dqlite network proxy logic to standalone function and support cancellation
- lxd/cluster: Use dqliteProxy in raftDial
- lxd/cluster: Use ReadClose() to gracefully stop the dqlite proxy
- lxd/device/device/utils/generic: Removes deviceNameEncode and deviceNameDecode
- lxd/storage/drivers/utils: Adds PathNameEncode and PathNameDecode
- lxd/device/device: PathNameEncode and PathNameDecode usage
- lxd/storage/drivers/driver/types: Adds OptimizedBackupHeader field to Info
- lxd/backup/backup: Adds OptimizedHeader field to Info struct
- lxd/backup: Updates backupWriteIndex to populate the OptimizedHeader field
- lxd/storage/drivers/driver/btrfs: Sets OptimizedBackupHeader to true in Info struct response
- lxd/storage/drivers/driver/btrfs/utils: Adds warning to BTRFSSubVolume and BTRFSMetaDataHeader about shared usage
- lxd/storage/drivers/driver/btrfs/volumes: Updates BackupVolume to add subvolumes to optimized backup file
- lxd/storage/drivers/interface: Update CreateVolumeFromBackup to pass srcBackup backup.Info
- lxd/storage/backend/lxd: Pass srcBackup in CreateInstanceFromBackup
- lxd/storage/drivers: CreateVolumeFromBackup srcBackup backup.Info usage
- lxd/backup/backup: Updates GetInfo to set optimizedHeaderFalse false if not present in yaml file
- lxd/storage/drivers/driver/btrfs/utils: Adds loadOptimizedBackupHeader
- lxd/storage/drivers/driver/btrfs/volumes: Updates CreateVolumeFromBackup to restore subvolumes using optimized header file
- lxd/storage/drivers/driver/btrfs/volumes: Simplifies parent volume logic in BackupVolume
- lxd/storage/drivers/driver/btrfs/volumes: Simplifies parent volume logic for MigrateVolume
- test: Adds BTRFS backup subvolume tests
- lxd/storage/drivers/driver/btrfs/utils: Removes receiveSubvolume
- lxd/storage/drivers/driver/btrfs/utils: Adds receiveSubVolume function
- lxd/storage/drivers/driver/btrfs/volumes: Updates CreateVolumeFromMigration to use receiveSubVolume
- lxd/resources/memory: Fix memory calculation
- lxd: Improve logging of shutdown errors
- lxd/instances/post: Delete restored instance on backup post hook failure
- Fix 'how to mount home directory' shiftfs FAQ
- shared: build fs_{32,64}bit.go on mips*
- lxd/util: build fs_{32,64}bit.go on mips*
- lxd/rsync: Adds optional rsync arguments to LocalCopy
- lxd/storage/utils: Fixes ImageUnpack to not erase generated rootfs block file when doing rsync
- ethtool: don't report -1 for speed in ethtoolLink()
- lxd/storage/quota/projectquota: Fixes leaking file handles in quota_set_path and quota_get_path
- lxd/storage/quota/projectquota: Adds inherit argument to quota_set_path
- lxd/storage/quota/projectquota: Updates SetProject to recursively set project and support non-directory files
- lxd/storage/drivers/driver/dir/utils: Updates deleteQuota to use DeleteProject
- lxd/storage/drivers/driver/dir/volumes: Adds quota revert in CreateVolumeFromBackup post hook
- Always skip offline servers when rebalancing
- When demoting a voter to spare, transition to stand-by first
- test/clustering: Make sure that a killed voter can't dsirupt current leader
- lxd/cluster: Use a dedicated channel to stop the dqlite proxy
- lxd: Call Deamon.Kill() also when receiving signals (so db transactions won't be retried)
- lxd/db: Add Cluster.Kill() method to prevent retrying upon shutdown
- lxd/firewall/drivers/driver/nftables/templates: Fixes proxy nat rule dynamic family
- shared/util_linux.go: cast Rdev uint64 for mips
- lxd/storage/quota/projectquota.go: cast Rdev uint64 for mips
- lxd/device/device_utils_unix.go: cast Rdev uint64 for mips
- lxd/device/gpu.go: cast Rdev uint64 for mips
- shared: Reimplement GetPollRevents without cgo
- lxd-agent: Build statically
- Drop gccgo
- lxd-p2c: Drop cgo
- shared/ucred: Cleanup package
- lxd/api: Don't strip double slashes
- lxd/operations: Improve error message when database insertion fails
- lxd/db: Change UpdateCertificate to RenameCertificate (only renaming supported)
- lxd/db: Rename containers.go to instances.go
- shared/generate/db: Statement for deleting references (config and devices)
- lxd/db: Generate delete stements for profile config and devices
- shared/generate/db: update statement: take ID instead of natural key
- shared/generate/db: Handle config and devices in Update method
- lxd/db: Generate Update method for profiles
- lxd: Plug new UpdateProfile() db method into doProfileUpdate
- lxd: Plug new UpdateProfile() db method into updatePoolPropertyForAllObjects
- lxd/db: Generate delete statements for instance config, devices and profiles
- lxd/db: Generate UpdateInstance method
- lxd/instance: Plug the new UpdateInstance method and replace legacy logic
- lxd/db: Drop AddDevicesToEntity
- lxd/storage/drivers/driver/common: Logging quoting consistency
- lxd/storage/drivers: Adds storage_lvm_skipactivation patch
- test: Drive-by fix for flaky clustering rebalance test
- Recommend to increase the value of aio-max-nr for production use
- lxd/firewall/firewall/interface: Change definition of Compat() to return compat issue error
- lxd/firewall/drivers/driver/nftables: Updates Compat() to return compat issues as error
- lxd/firewall/drivers/drivers/xtables: Updates Compat() to return compat issues as error
- shared/simplestreams: Support uefi1.img
- lxd/firewall/firewall/load: Updates driver detection to warn when falling back to non-compatible xtables
- lxd/storage/pools: Improves delete pool error info
- instance_exec: don't panic
- lxd/qemu: Handle quoted raw.qemu
- lxd/main_forkproxy: Reduce logging
- lxd/networks: Warn on small IPv6 subnets
- lxd/network: Force DHCP custom gateway
- api: Add network_dns_search
- lxd/network: Support specifying search domain
- lxc/list: Add disk and memory columns
- i18n: Update translation template
- lxd/storage/drivers: Make sure tar reader context is cancelled before defer
- lxc/list: Fix test
- shared/archive: Wraps cancelFunc to wait until unpacker process has finished in CompressedTarReader
- lxd/cluster: Transfer leadership before adjusting roles, not after
- lxd/cluster: Add time skew detection
- test: Wait a few more seconds for the rebalance to happen
- lxd/daemon.go: Don't try to rebalance after shutdown sequence has started
- lxd/cluster: Don't try to rebalance a standalone node
- lxc/ucred: Simplify logic
- lxd/qemu: Cleanup arch checks
- lxd/qemu: Add s390x support
- lxd/api: Fail /internal/ready requests made after shutdown has started
- lxc/config: Add -e shorthand
- lxc/network: Add IPv4/IPv6 columns
- forkfile: port to using pidfds
- forkmount: port to using pidfds
- forkproxy: port to using pidfds
- syscall_numbers: update
- forknet: port to pidfds
- forkuevent: port to pidfds
- forksyscall: port to pidfds
- daemon: record "pidfd" extension
- api: Add container_nic_routed_limits
- lxd/device/nic/routed: Add limits support
- lxd/storage/lvm: Correct bad VG name in patch
- shared/subprocess: Better handle slow systems
- tests: Don't assume bridge MTU can be forced up
- lxd/db: Use query.SelectString helper in GetLocalImages()
- lxd/db: Use query.SelectString helper in GetImagesFingerprints()
- shared/generate/db: Support int64 fields
- lxd/db: Initial code generation for images (without references)
- lxd/db: Use the generated GetImages code to implement GetExpiredImages
- lxd/db: Use query.SelectObjects helper in GetImageSource
- lxd/db: Use query.SelectStrings helper in ImageSourceGetCachedFingerprint
- lxd/db: Use query.Count helper in ImageExists
- lxd/db: Use query.Count helper in ImageIsReferencedByOtherProjects
- lxd/db: Use query.UpsertObject helper in CreateImageSource
- lxd/db: Use auto-generated GetImages() to implement GetImage()
- lxd/cluster: Drive-by fix for flaky rebalance test
- lxd/db: Use auto-generated GetImages to implement GetImageFromAnyProject
- lxd/db: Usage query.DeleteObject to implement DeleteImage
- lxd/db: Use query.SelectStrings to implement GetImageAliases
- lxd/db: Use a single transaction in GetImageAlias
- lxd/db: Use a single transaction in DeleteImageAlias
- lxd/db: Use single transaction in CreateImageAlias
- lxd/db: Usage single transaction in CreateImage
- lxd/db: Use query.SelectIntegers helper in GetPoolsWithImage
- lxd/db: Use a single transaction in GetPoolNamesFromIDs
- lxd/db: Use explicit transaction in GetInstanceProjectAndName
- lxd/db: Drop unused DeleteInstanceConfig
- fork*: add "--" to not misinterpret negative integers as flags
- lxd/storage/utils: Removes unused name arg from VolumeFillDefault
- lxd/instance/drivers: storagePools.VolumeFillDefault usage
- lxd/patches: driver.VolumeFillDefault usage
- lxd/storage/utils: VolumeFillDefault usage
- lxd/storage/utils: Updates VolumeValidateConfig to require volume type
- lxd/storage/utils: Adds VolumeDBTypeToType function
- lxd/storage/utils: Updates VolumeDBCreate to pass volume type
- lxd/storage/drivers/utils: Updates ensureVolumeBlockFile to reject unsafe volume shrinking
- lxd/storage/drivers/geneirc/vfs: Removes genericVFSResizeBlockFile
- lxd/storage/drivers: ensureVolumeBlockFile usage
- lxd/storage/drivers/volume: Adds SetQuota function
- lxd/storage/drivers/volume: Adds config functions
- lxd/storage/drivers/driver/lvm/utils: Removes functions moved into Volume struct
- lxd/storage/drivers/driver/lvm/utils: Usage of volume config functions
- lxd/storage/drivers/driver/lvm/volumes: Volume config function usage
- lxd/storage/drivers: Replace volumeSize() with vol.ConfigSize()
- forknet: add missing "--" to forknet invocation on detach
- process_utils: remove a bunch of unused functions
- lxd: Make use of ExitCode
- share/subprocess: Reduce sleep back to 5
- lxd/instances/lxc: Fix calls to forknet
- forkmount: prevent interpreting negative numbers as flags
- shared/subprocess: Ensure monitor routine exits
- shared/subprocess: Properly reset state
- tests: Fix btrfs test on non-shiftfs
- tests: Old kernels don't let you rmdir btrfs
- shared/subprocess: Fix Stop handling
- lxd/storage/utils: Updates ImageUnpack to detect too small volume for qcow2 image and increase size before unpack
- lxd/storage/utils: Adds checks to ImageUnpack before enlarging volume
- lxd/storage/drivers/driver/types: Updates VolumeFiller Fill function to take a Volume
- lxd/storage: Updates volume filler usage to supply Volume rather than mount path
- lxd/storage/drivers/volume: Adds ConfigSizeFromSource function
- lxd/storage/drivers/driver/lvm/utils: Updates copyThinpoolVolume to only use vol.config["size"] for resizing
- lxd/storage/drivers/driver/lvm/utils: Updates Volume type in createLogicalVolumeSnapshot definition
- lxd/storage/drivers/driver/common: Adds runFiller function
- lxd/storage/backend/lxd: Updates imageFiller to return volume size
- lxd/storage/backend/lxd: Updates CreateInstanceFromImage to load image vol DB record
- lxd/storage/backend/lxd: Updates EnsureImage to record volatile.rootfs.size for block images
- lxd/storage/drivers/driver/types: Updates VolumeFiller definition to store size
- lxd/storage/utils: Validates volatile.rootfs.size key for image volumes in validateVolumeCommonRules
- lxd/storage/utils: Updates ImageUnpack to return image virtual size
- lxd/storage/drivers/driver/btrfs/volumes: d.runFiller usage
- lxd/storage/drivers/driver/ceph/volumes: d.runFiller usage
- lxd/storage/drivers/driver/cephfs/volumes: d.runFiller usage
- lxd/storage/drivers/driver/dir/volumes: d.runFiller usage
- lxd/storage/drivers/driver/lvm/volumes: d.runFiller usage
- lxd/storage/drivers/driver/zfs/volumes: d.runFiller usage
- lxd/storage/drivers/volume: Adds SetConfigSize function
- lxd/storage/backend/lxd: Updates CreateInstanceFromImage to use vol.ConfigSizeFromSource to dervice volume size
- lxd/storage/drivers: Updates CreateVolumeFromCopy to only use vol.config["size"] for resizing
- lxd: Reduce number of transactions in containerPostClusteringMigrate
- lxd/db: Use query.SelectStrings helper in LegacyContainersList
- lxd/db: Rename dbDeviceTypeToString to deviceTypeToString
- lxd/db: Group ClusterTx image methods together
- lxd/db: Rename ImageSourceGetCachedFingerprint to GetCachedImageSourceFingerprint
- lxd/storage/drivers/utils: ensureVolumeBlockFile comment clarification
- lxd/storage/drivers/utils: Renames BlockDevSizeBytes to BlockDiskSizeBytes
- lxd/storage/utils: drivers.BlockDiskSizeBytes usage
- lxd/storage/utils: Simplifies InstanceDiskBlockSize with drivers.BlockDiskSizeBytes usage
- lxd/storage/drivers/generic/vfs: Simplifies genericVFSBackupVolume with drivers.BlockDiskSizeBytes usage
- lxd/storage/backend/lxd: Whitespace in CreateInstanceFromBackup
- lxd/storage/drivers/driver/ceph/volumes: BlockDiskSizeBytes usage in SetQuota
- lxd/storage/drivers: Updates dir and btrfs to support filler volume enlargement
- lxd/db: Group ClusterTx instance methods together
- lxd/db: Rename AddProfilesToInstance to addProfilesToInstance
- lxd/db: Move instance backup methods to backups.go
- lxd/db: Rename InstanceBackupArgs to InstanceBackup
- lxd/db: Remove unused profile functions
- lxd/db: Move storage volumes methods to storage_volumes.go
- lxd/storage/drivers/volume/test: Adds tests for Volume.ConfigSizeFromSource()
- forkuevent: fix slice allocation
- lxd/images: Set CreatedAt on publish
- unix-hotplug: fix uevent injection
- lxd: New command line option to trace SQL statements
- lxd/firewall/drivers/drivers/xtables: Updates iptablesInUse to kill process once first rule found
- lxd/backup: Fixes hang in backupCreate when invalid compression argument supplied
- lxd/storage/utils: Removes duplicated qemu-img call in ImageUnpack
- lxd/storage/utils: Switch to qemu-img dd mode in ImageUnpack
- lxd/storage/drivers/utils: Exports MinBlockBoundary
- lxd/storage/drivers: MinBlockBoundary usage
- lxd/resources: Handle missing cache size/type
- Update documentation with backup compression
- lxd/rbac: New notification API
- lxd/firewall/nft: Enhance support detection
- lxd/device/device/utils/network: Adds networkValidVLAN and networkValidVLANList functions
- lxd/network/network/utils: Adds linux bridge VLAN management functions
- lxd/network: Enable VLAN filtering for managed Linux bridges
- lxd/device/nic: Changes nicValidationRules to properly validation vlan
- lxd/device/nic/bridged: Adds vlan validation
- lxd/device/nic/bridged: Adds revert for veth pair cleanup on error
- lxd/device/nic/bridged: Adds support for untagged and tagged vlan membership
- doc: Documents NIC bridged vlan and vlan.tagged settings
- api: Adds API extension instance_nic_bridged_vlan
- lxd/firewall/drivers/drivers/xtables: Drops tagged vlan frames when using IP filtering
- lxd/firewall/drivers/drivers/nftables: Drops tagged vlan frames when using IP filtering
- test: Adds bridged VLAN tests
- Fix regression in GetImageFromAnyProject
- doc/security: Adds notes about IPv6 router advertisement security
- lxd/device/nic/bridged: Corrects vlan comment
- lxd/network/network/utils: Improve comments on ovs switch attach/detach
- lxd/network/network/utils: Improves arg name in network attach/detach functions
- lxd/device/bic/bridged: Fixes openvswitch port leak when device is stopped
- lxd/network/utils: Adds IsNativeBridge function
- lxd/device/device/utils/network: Allow VLAN ID 0 in networkValidVLAN
- test: Updates bridged vlan ID range tests
- lxd/device/nic/bridged: Adds openvswitch vlan support
- test: Adds LXD_NIC_BRIDGED_DRIVER test environment variable
- lxd/maas: Fix support for multiple subnets
- lxd/maas: Support projects
- lxd/dnsmasq: Add project suffix
- Remove incorrect statement about supported network devices with virtual machines According documentation supported types with virtual machines are physical, bridged, macvlan, p2p, sriov
- lxd/rbac: Fix auth for non-RBAC trusted clients
- global: Add riscv64 to build tags
- Stop using Driver.SetContextTimeout() which is a no-op
- use the coreos fork of boltdb since the original is archived/abandoned
- i18n: Update translations from weblate
- api: Add network_state_bond_bridge
- shared/api: Extend NetworkState for bridge/bond
- lxd/networks: Add bridge/bond details
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.1 リリースのお知らせ¶
8th of May 2020
はじめに ¶
LXD チームは、LXD 4.1 のリリースをお知らせすることにとてもワクワクしています!
このリリースは 4.0 LTS リリースに続く初めてのフィーチャーリリースです。 通常のフィーチャーリリースですので、LXD 4.1 は、通常は約 1 ヶ月後にリリースされる 4.2 リリースまでのみサポートされます。
変更の大部分は、4.0 リリース以来行ってきたバグフィックスとリファクタリングです。しかし、多数の小さい機能の追加や改良が多数あります。
Enjoy!
新機能とハイライト ¶
イメージのプッシュとリレーのサポート ¶
インスタンスのコピー・移動と同様に、ソースサーバーが直接ターゲットサーバーにイメージをプッシュしたり、クライアントツールがサーバー間を中継したりできるようになりました。
これにより、サーバー間に存在するファイアウォールに対応するのが容易になります。
lxc image copy source:some-image target: --mode=push lxc image copy source:some-image target: --mode=relay
routed NIC デバイスのルーティングテーブルサポート ¶
routed NIC デバイスに新たにオプションがふたつ追加されました:
- ipv4.host_table
- ipv6.host_table
このオプションは、どのルーティングテーブルにルーティングルールを挿入するかをコントロールします。 デフォルトでは、これはメインのルーティングテーブルですが、これを有効にすることで代替のルーティングテーブルを使いたいというユーザーがいました。
ipvlan NIC デバイスの L2 モード ¶
LXD の ipvlan デバイスはデフォルトでは Layer 3 シンメトリックモード(l3s)です。しかし、新たな mode オプションが導入され、Layer 2 モード(l2)も使えるようになりました。
リソース API の調整 ¶
新たに system セクションが追加され、多数の DMI フィールドと LXD を実行するのに使っているシステムのタイプ(物理、仮想、コンテナ)が表示されるようになりました。
加えて、NUMA ノードが CPU スレッドレベルでトラッキングされるようになり、CPU ダイの情報もコアレベルで記録されるようになりました。
次は CPU 出力の例です:
stgraber@castiana:~$ lxc query /1.0/resources | jq .cpu
{
"architecture": "x86_64",
"sockets": [
{
"cache": [
{
"level": 1,
"size": 32768,
"type": "Data"
},
{
"level": 1,
"size": 32768,
"type": "Instruction"
},
{
"level": 2,
"size": 262144,
"type": "Unified"
},
{
"level": 3,
"size": 3145728,
"type": "Unified"
}
],
"cores": [
{
"core": 0,
"die": 0,
"frequency": 639,
"threads": [
{
"id": 0,
"numa_node": 0,
"online": true,
"thread": 0
},
{
"id": 2,
"numa_node": 0,
"online": true,
"thread": 1
}
]
},
{
"core": 1,
"die": 0,
"frequency": 658,
"threads": [
{
"id": 1,
"numa_node": 0,
"online": true,
"thread": 0
},
{
"id": 3,
"numa_node": 0,
"online": true,
"thread": 1
}
]
}
],
"frequency": 648,
"frequency_minimum": 400,
"frequency_turbo": 3500,
"name": "Intel(R) Core(TM) i5-7300U CPU @ 2.60GHz",
"socket": 0,
"vendor": "GenuineIntel"
}
],
"total": 4
}
次はシステム出力の例です:
stgraber@castiana:~$ lxc query /1.0/resources | jq .system
{
"chassis": {
"serial": "PF0QD1U7",
"type": "Notebook",
"vendor": "LENOVO",
"version": "None"
},
"family": "ThinkPad X1 Carbon 5th",
"firmware": {
"date": "02/17/2020",
"vendor": "LENOVO",
"version": "N1MET60W (1.45 )"
},
"motherboard": {
"product": "20HRCTO1WW",
"serial": "L1HF6CX006Y",
"vendor": "LENOVO",
"version": "Not Defined"
},
"product": "20HRCTO1WW",
"serial": "PF0QD1U7",
"sku": "LENOVO_MT_20HR_BU_Think_FM_ThinkPad X1 Carbon 5th",
"type": "physical",
"uuid": "7fa1c0cc-2271-11b2-a85c-aab32a05d71a",
"vendor": "LENOVO",
"version": "ThinkPad X1 Carbon 5th"
}
サーバー情報への OS データの追加 ¶
OS 情報が /1.0 と lxc info で出力されるようになりました:
stgraber@castiana:~$ lxc info | grep os_ os_name: Ubuntu os_version: "20.04"
新たな lxd cluster remove-raft-node コマンド ¶
この新たに追加されたコマンドは、LXD がデータベースのクオラムの不足で起動できない場合に、強制的にデータベースメンバーを削除するのに使えます。
コマンドラインツールの表のソートの改良 ¶
リストは自然な順序でソートされるようになり、番号付きのアイテムが適切にソートされるようになりました。 加えて、ボリュームのリストでは、スナップショットが親のすぐ後に表示されるようになりました。
すべての変更点(翻訳なし)¶
以下はこのリリースでの全変更の完全なリストです:
- doc/instances: Fix escaping
- lxc/network: Updates network detach checks to use bridged network property
- lxd/network/network/utils: Updates network setting detection in IsInUse
- lxd/instance/drivers/driver/qemu: Adds host_name info to RenderState when lxd-agent is running
- Merge pull request #7115 from tomponline/tp-bridged-network
- lxd/networks: Fix clustered configs
- Merge pull request #7114 from stgraber/master
- shared/api: Move NUMANode to thread
- lxd/resources: Set NUMANode on a per-thread basis
- lxc/info: Update for NUMANode on thread
- i18n: Update translation templates
- api: resources_cpu_threads_numa
- Merge pull request #7118 from stgraber/master
- api: resources_cpu_core_die
- lxd/resources: Parse and report die_id
- lxd/storage/drivers/driver/lvm/volumes: Mount xfs snapshot with nouuid option
- Merge pull request #7120 from stgraber/master
- lxd/storage/drivers/driver/ceph/volumes: Adds mounting logging
- lxd/instance/drivers/driver/lxc: Updates Render() to accept options arguments
- lxd/instance/drivers/driver/qemu: Updates Render() to accept options arguments
- lxd/instance/instance/interface: Updates Render() to accept options arguments
- lxd/storage/drivers/utils: Zeros btrfs transaction log in regenerateFilesystemBTRFSUUID
- lxd/storage/utils: Removes unused functions and constants
- lxd/storage/utils: Adds RenderSnapshotUsage function
- lxd/instance/snapshot: Adds storagePools.RenderSnapshotUsage to Render() in containerSnapshotsGet and snapshotGet
- lxd/instance/drivers/driver/lxc: Use storagePools.RenderSnapshotUsage in RenderFull()
- lxd/instance/drivers/driver/qemu: Use storagePools.RenderSnapshotUsage in RenderFull()
- lxd/instance/instance/utils: Removes unused WriteBackupFile
- lxd/storage/drivers/utils: Changes regenerateFilesystemUUID to use expanded arg definitions
- lxd/storage/drivers/driver/ceph/utils: Changes generateUUID to not map device
- lxd/storage/drivers/driver/ceph/volumes: d.generateUUID updated signature usage
- lxd/storage/drivers/driver/ceph/volumes: Adds BTRFS UUID regeneration to MountVolumeSnapshot
- lxd/storage/drivers/driver/zfs/volumes: Comment clarification
- lxd/storage/drivers/volume: Adds support for setting custom mount path
- lxd/storage/drivers/driver/btrfs/volumes: Create temporary snapshot in BackupVolume()
- lxd/storage/drivers/driver/btrfs/volumes: Renames container vars to instance
- lxd/storage/drivers/driver/btrfs/volumes: Consistent quoting of error message variables
- Merge pull request #7117 from tomponline/tp-storage-mountsnapshots-uuid
- Merge pull request #7122 from tomponline/tp-storage-export-snapshots
- lxd/main_activateifneeded: s/container/instance/
- lxd/instance/drivers: Removes storagePools.RenderSnapshotUsage from RenderFull()
- lxd/storage/drivers/driver/zfs/volumes: Create temporary snapshot in BackupVolume()
- lxd/storage/backend/lxd: Checks for existance of volume before deleting
- lxd/instance: Switches to revert package for instanceCreateAsSnapshot
- lxd/storage/backend/lxd: Comment tweak
- lxd/storage/drivers/driver/ceph/volumes: Tweaks HasVolume detection
- Merge pull request #7129 from tomponline/tp-storage-renderfull
- Merge pull request #7131 from tomponline/tp-storage-export-snapshots-zfs
- shared/subprocess/proc: Fixes race in process stopping
- Merge pull request #7132 from tomponline/tp-storage-delete-volume-checks
- lxd/main_activateifneeded: Retrieve all instances
- lxd/main_activateifneeded: Check for scheduled instance snapshots
- lxd/main_activateifneeded: Check for scheduled volume snapshots
- test/suites/basic: Update activateifneeded tests
- lxd/main_activateifneeded: Use defer statement to close db
- Merge pull request #7128 from monstermunchkin/issues/7126
- lxd/storage/btrfs: Workaround permission issue
- Merge pull request #7134 from stgraber/master
- lxd/cluster: add RemoveRaftNode() to force removing a raft node
- api: Add "DELETE /internal/cluster/raft/" endpoint
- Increase timeout when calling dqlite.Client.Add() to join the cluster
- Merge pull request #7139 from freeekanayaka/increase-join-timeout
- lxd/storage/drivers/driver/zfs/volumes: Comment
- lxd/storage/drivers/driver/lvm/volumes: Always return -1/ErrNotSupported for snapshot usage
- lxd/storage/drivers/driver/dir/volumes: Always return -1/ErrNotSupported for snapshot usage
- lxd/storage/drivers/driver/zfs/volumes: Always used 'used' property for ZFS snapshot usage
- lxd/storage/drivers/driver/cephfs/volumes: Always return -1/ErrNotSupported for snapshot usage
- lxd/storage/drivers/driver/btrfs/volumes: Return -1/ErrNotSupported when no quota available
- lxd/instance: Fix typo in comment
- lxc/action: Fix typo in help message
- i18n: Update translation templates
- Merge pull request #7142 from stgraber/master
- lxd: Add "lxd cluster remove-raft-node" recovery command
- doc: Add paragraph about "lxd cluster remove-raft-node"
- test: Add test exercising "lxd cluster remove-raft-node"
- Merge pull request #7141 from tomponline/tp-storage-snapshot-usage
- Merge pull request #7138 from freeekanayaka/remove-raft-node
- lxd/storage/lvm: Always call vgchange on mount
- Merge pull request #7146 from stgraber/master
- lxd/patches: Fix snapshot migration
- tests: Fix btrfs storage usage
- Merge pull request #7147 from stgraber/master
- lxd/storage/drivers/volume: Only chmod if needed in EnsureMountPath
- lxd/storage/drivers/volume: Removes unnecessary variable
- lxd/storage/drivers/driver/zfs/volumes: Ensure volumes created from copy have correct perms
- lxd/storage/drivers: Call EnsureMountPath() in MountVolume()
- lxd/storage/drivers: Call EnsureMountPath() in MountVolumeSnapshot()
- lxd/storage/drivers/driver/btrfs/volumes: Adds revert to CreateVolume
- lxd/storage/drivers/driver/btrfs/volumes: Comment in CreateVolumeFromCopy
- lxd/storage/drivers/driver/lvm/utils: EnsureMountPath after copying thin volume
- lxd/storage/drivers/driver/cephfs/volumes: typo
- lxd/storage/drivers/driver/cephfs/volumes: Calls vol.EnsureMountPath after filling
- lxd/storage/drivers/driver/ceph/volumes: Calls EnsureMountPath to fix perms after copying volume
- lxd/storage/drivers/driver/lvm/volumes: Fixes temporary snapshot volume cleanup for VMs
- Merge pull request #7144 from tomponline/tp-storage-snapshot-mnt-create
- lxd/storagr/drivers/driver/ceph/volumes: Adds support for snapshot usage reporting
- lxd/storage/drivers/driver/lvm/volumes: Clarifies comments on LVM volume usage reporting
- Merge pull request #7151 from tomponline/tp-storage-ceph-snapshot-usage
- shared/osarch: Coding style
- shared/osarch: Don't fail on missing os-release
- shared/api: Add OS information
- lxd/api: Add OS information
- api: Add api_os
- lxc: Use natural string sorting
- lxc: Group snapshot and parent
- lxd/main: Move forkzfs mntns to cgo
- Merge pull request #7154 from stgraber/master
- Merge pull request #7155 from stgraber/cli
- Merge pull request #7156 from stgraber/zfs
- doc/networks: Adds note about firewalld and DHCP/DNS
- Merge pull request #7158 from tomponline/tp-bridged-firewalld
- lxd/device/nic/routed: Improves validation of sysctl settings when using vlan option
- lxd/device/nic/routed: Corrects misleading error message when setting sysctls
- Merge pull request #7159 from tomponline/tp-nic-routed-validation
- lxd/storage/drivers/generic/vfs: Log when creating snapshots
- lxd/storage/drivers/driver/zfs/volumes: Fix migrating VM block volumes in MigrateVolume
- lxd/storage/memorypipe: Adds context support for cancellation
- lxd/storage/backend/lxd: memorypipe cancellation usage
- lxd/device/nic/sriov: Updates networkGetVirtFuncInfo to use json output from ip tool
- Merge pull request #7160 from tomponline/tp-storage-vm-migration
- doc: Add missing os_api extension
- Merge pull request #7165 from stgraber/master
- Merge pull request #7163 from tomponline/tp-nic-sriov
- lxd/storage/drivers/driver/dir/utils: Removes default project quota
- Merge pull request #7166 from tomponline/tp-storage-dir-quota
- forkexec: mark fd cloexec so the attaching process doesn't inherit it
- Merge pull request #7167 from brauner/2020-04-10/fixes
- forkexec: close all inherited fds
- Merge pull request #7168 from brauner/2020-04-10/fixes
- forkexec: log unexpected fds
- Merge pull request #7169 from brauner/2020-04-10/fixes
- lxd/daemon: Ignore .zfs in volumes
- Merge pull request #7170 from stgraber/master
- lxd/network: Push MTU over DHCP
- Merge pull request #7171 from stgraber/master
- shared/api: Drop invalid Managed key in NetworksPost
- lxd: Drop invalid use of Managed property
- Merge pull request #7173 from stgraber/network
- lxd/devices/disk: Prevent recursive & readonly
- Merge pull request #7177 from stgraber/master
- lxc/instance/drivers: Set new name before renaming backups
- test: Extend backup rename
- lxd/instance/drivers: Add revert steps when renaming instance
- Merge pull request #7182 from monstermunchkin/issues/7176
- lxd/instance/drivers/driver/qemu: Allow up to 8 NIC devices
- lxd/instance/drivers/driver/qemu/templates: Note that lxd_ disk device name prefix should not be changed
- Merge pull request #7185 from tomponline/tp-vm-pci
- Merge pull request #7183 from tomponline/tp-vm-device-comment
- doc/instances: Clarify config conditions
- doc/index: Clarify bind-mount in FAQ
- Merge pull request #7186 from stgraber/master
- lxd/instances: Better use userRequested on Update
- Merge pull request #7190 from stgraber/master
- lxd/device/nic: Adds host_table setting validation rule
- lxd/device/nic/routed: Fix sysctl command suggestion when using vlans
- lxd/device/nic/routed: Add host_table support
- api: Adds container_nic_routed_host_table extension
- doc: Adds documentation for routed NIC host_table setting
- suites/container/devices/nic/routed: Adds tests for custom routing tables
- Merge pull request #7192 from tomponline/tp-nic-routed-hosttable
- lxd/device/nic/ipvlan: Improve validation of sysctl settings when vlan setting used
- lxd/device/nic/ipvlan: Adds host_table setting support
- api: Adds container_nic_ipvlan_host_table extension
- doc: Adds documentation for ipvlan NIC host_table setting
- test/suites/container/devices/nic/ipvlan: Adds tests for custom routing tables
- test/clustering: increase timing to detect offline node
- Merge pull request #7193 from tomponline/tp-nic-ipvlan-hosttable
- api: Adds container_nic_ipvlan_mode extension
- lxd/device/nic/ipvlan: Adds support for l2 mode
- doc/instances: Documents ipvlan l2 mode
- test/suites/container/devices/nic/ipvlan: Adds l2 mode tests
- Merge pull request #7197 from freeekanayaka/tweak-clustering-membership-test-timings
- Merge pull request #7196 from tomponline/tp-nic-ipvlan-l2
- shared/version/api: Add resources_system API extension
- doc/api-extensions: Add resources_system
- shared/api/resource: Add system resources
- lxd/resources: Add new system resources
- lxd/resources: Retrieve system information
- shared/util: Never look into the snap
- Merge pull request #7194 from monstermunchkin/issues/7189
- Merge pull request #7198 from stgraber/master
- lxd/resources: serial/uuid may not be accessible
- Merge pull request #7201 from stgraber/master
- doc/instances: Fixes default ceph.cluster_name value
- lxd/device/disk: Adds support to use ceph: prefix for disk source for VMs
- Merge pull request #7206 from tomponline/tp-vm-disk-ceph
- firewalld & lxd : how to let Firewalld control the LXD's iptables rules this is related to https://github.com/lxc/lxd/pull/7195 but this a bit more generic
- Update networks.md
- Merge pull request #7204 from kerphi/patch-2
- doc/networks: Fix typo
- i18n: Update translations from weblate
- Update networks.md
- Merge pull request #7210 from ckd/patch-1
- lxd/storage/ceph: Suppport alternate conf syntax
- Merge pull request #7211 from stgraber/master
- lxd/init: Try to bind LXD network address when running interactively
- lxd/instance/drivers/driver/qemu/templates: Use static PCIe address prefix for 9p devices
- lxd/instance/drivers/drivers/qemu: Adds support for 9p disk device PCIe indexes
- Merge pull request #7213 from freeekanayaka/validate-listen-address
- Merge pull request #7214 from tomponline/tp-vm-pcie
- lxd/device/nic/bridged: Dont load br_netfilter
- Merge pull request #7217 from tomponline/tp-nic-bridged-brnetfilter
- doc/instances: Fix swapped description
- Merge pull request #7219 from stgraber/master
- index.md: add PATH env variable to sudo command example
- Merge pull request #7220 from rafaeldtinoco/master
- shared/simplestreams: Fix VM image preference
- Merge pull request #7225 from stgraber/master
- lxd/devoce/device/utils/disk: Comment on diskCephfsOptions
- lxd/device/disk: Adds cephfs support for VMs
- lxd/device/proxy: Check for br_netfilter enabled and log warning if not
- lxd/firewall/drivers/driver/xtables: Adds MASQUERADE hairpin proxy NAT rule
- lxd/firewall/drivers/drivers/xtables: comments
- Merge pull request #7226 from tomponline/tp-vm-disk-cephfs
- lxd/device/proxy: Sets bridge port hairpin mode on when br_netfilter loaded
- lxd/firewall/drivers/drivers/xtables: Renames toDest to connectDest
- lxd/firewall/drivers/drivers/nftables: Renames toDest to connectDest
- lxd/init: Improve error messages when failing to bind an address
- lxd/firewall/drivers/drivers/nftables: Adds MASQUERADE hairpin proxy NAT rule
- Merge pull request #7227 from freeekanayaka/improve-cant-listen-error-message
- test/suites/container/devices/proxy: Updates tests for checking hairpin rule
- Merge pull request #7228 from tomponline/tp-nic-bridged-nat-hairpin
- lxd/instance/drivers/driver/qemu: Wait for onStop when restarting
- lxd/instance/drivers/driver/qemu: Makes onStop unexported
- lxd/instance/drivers/driver/qemu: Comment
- Merge pull request #7229 from tomponline/tp-vm-restart
- lxd/instance/lxc: Don't crash in setNetworkPriority
- Merge pull request #7230 from stgraber/master
- lxd/instances: Export type to templates
- lxd-agent: Reboot after cloud-init seed
- lxd/util: Tweak NetworkInterfaceAddress to only return global
- Merge pull request #7231 from stgraber/master
- Merge pull request #7232 from stgraber/net
- lxd/net/util: Updates comment on NetworkInterfaceAddress behaviour change
- Merge pull request #7234 from tomponline/tp-util-networkinterfaceaddress
- shared/usbid: Use system database
- Merge pull request #7235 from stgraber/master
- lxd-agent: Support systemd-notify
- lxd/qemu: Switch default unit type to notify
- Merge pull request #7236 from stgraber/master
- lxd/storage/backend/lxd: Updates CreateInstanceFromImage to use reverter
- lxd/storage/drivers/errors: Adds ErrCannotBeShrunk error
- lxd/storage/drivers/utils: Updates to shrinkFileSystem ErrCannotBeShrunk error
- lxd/storage/backend/lxd: Updates CreateInstanceFromImage to detect ErrCannotBeShrunk
- lxd/storage/drivers: Returns ErrCannotBeShrunk when block volume cannot be shrunk
- lxd/device/proxy: Dont allow proxy_protocol to be set when in nat mode
- lxd/device/proxy: Dont wrap lines
- lxd/device/proxy: Improves validation
- test/suites/container/devices/proxy: Updates tests with new validation rules
- Merge pull request #7238 from tomponline/tp-storage-cached-size
- lxd: Updates snapshotProtobufToInstanceArgs to support instance type
- Merge pull request #7240 from tomponline/tp-proxy-validation
- Merge pull request #7241 from tomponline/tp-migration-inst-type
- lxd/qemu: Match basic NUMA layout
- Merge pull request #7243 from stgraber/master
- lxd/storage/drivers/driver/zfs/volumes: Delete volume on error in CreateVolumeFromCopy
- lxd-agent/main/agent: Adds comment about reason for systemd-notify usage
- Merge pull request #7245 from tomponline/tp-vm-agentstart
- lxd/cgroup: Fix memory controller detection
- Merge pull request #7244 from tomponline/tp-storage-zfz-revert
- lxd/migration/migrate/proto: Fix alignment
- lxd/migration: Adds volumeSize field to MigrationHeader
- lxd/migrate: Adds VolumeSize to MigrationSinkArgs
- lxd/migration/migration/volumes: Adds VolumeSize to VolumeTargetArgs
- lxd/migrate/instance: Use VolumeSize from offer header in Do()
- lxd/storage/backend/lxd: Use VolumeSize from migration header in CreateInstanceFromMigration
- lxd/storage/drivers: Exports BlockDevSizeBytes function
- lxd/storage/utils: Adds InstanceDiskBlockSize
- lxd/migrate/instance: Populate offerHeader.VolumeSize for VMs
- lxd/storage/backend/lxd: Adds VM volume size hint to CreateInstanceFromCopy
- Merge pull request #7248 from stgraber/master
- Merge pull request #7246 from tomponline/tp-migration-volsize
- lxd/device/utils: Do not add the Ceph mon port if already present in /etc/ceph config file
- Merge pull request #7249 from leopaul36/master
- lxd/instance/qemu: Add comment on cpuTopology
- lxd/storage/ceph: Support port in URL
- Merge pull request #7251 from stgraber/master
- lxd/storage/drivers/utils: Makes minBlockBoundary available to other functions
- lxd/storage/drivers/driver/zfs/utils: Updates createVolume to use minBlockBoundary
- lxd/storage/drivers/driver/zfs/volumes: Updates SetVolumeQuota to use minBlockBoundary
- lxd/storage/drivers/zfs/volumes: Updates CreateVolume to allow regeneration of deleted image volumes
- lxd/storage/drivers/driver/zfs/volumes: Dont revert on rename success
- Merge pull request #7250 from tomponline/tp-storage-image-regeneration
- shared/version/api: Add API extension images_push_relay
- doc: Add images_push_relay
- client/interfaces: Add Mode to ImageCopyArgs
- lxc/image: Add mode flag to image copy
- client: Add relay mode for image copy
- lxd/images: Return token response in push mode
- lxd/images: Allow authentication using secret
- shared/api/image: Add ImageExportPost
- client: Add ExportImage to ImageServer
- lxd/images: Add POST /1.0/images/fingerprint/export
- client: Add push mode for image copy
- client: Add GetOperationWaitSecret
- lxd/images: Use metadata from the client
- lxd/images: Return operation on token validation
- lxd/images: Add secret metadata on image create
- client/lxd_images: Set fingerprint and secret headers
- lxd/operations: Allow untrusted clients for /1.0/operations/{id}/wait
- doc/rest-api: Add POST /1.0/images/
/export - test/suites/remote: Add image copy push and relay mode
- po: Update translations
- lxd/daemon: Remove duplicated logic
- Merge pull request #7130 from monstermunchkin/issues/6805
- lxd/instance/qemu: Announce LXD in SMBIOS
- Merge pull request #7255 from stgraber/master
- share/usbid: Don't print error when missing
- Merge pull request #7257 from stgraber/master
- lxd/init: Auto-detect and use Ubuntu ZFS setup
- Merge pull request #7261 from stgraber/master
- lxc/config: Add --expanded to get
- i18n: Update translation templates
- Merge pull request #7267 from stgraber/master
- Resolve both core.https_address and cluster.https_address when comparing IPs
- Merge pull request #7269 from freeekanayaka/allow-using-hostnames-as-cluster-addresses
- lxd/storage/drivers/generic/vfs: Skip missing files during export
- Merge pull request #7271 from tomponline/tp-backup-walk-missing
- lxd/images: Fixes hang in export when invalid --compression argument passed
- Merge pull request #7272 from tomponline/tp-export-hang
- lxd/storage/drivers/driver/btrfs/volumes: CreateVolumeFromCopy only use expanded volume size when source is image
- Merge pull request #7276 from tomponline/tp-storage-createfromcopy-size-btrfs
- lxd/storage/drivers/driver/ceph/volumes: Allow cached volume regeneration in CreateVolume
- lxd/storage/drivers/driver/ceph/utils: Uses defaultBlockSize rather than hardcoded 10GB
- lxd/storage/drivers/driver/ceph/volumes: Adds getVolumeSize function
- lxd/storage/drivers/driver/ceph/volumes: Removes unnecessary mount/unmount
- lxd/storage/drivers/driver/zfs/volumes: Clarify clone comments
- lxd/storage/drivers/driver/ceph/volumes: Dont wrap lines
- lxd/storage/drivers/driver/ceph/volumes: Dont use clone mode when creating volume from cached image when it is disabled
- lxd/storage/utils: VolumeDBCreate comment formatting
- lxd/storage/drivers/driver/lvm/volumes: CreateVolumeFromCopy only set volume size from expanded config when source is image
- lxd/storage/drivers/driver/zfs/volumes: CreateVolumeFromCopy only set volume size from expanded config when source is image
- lxc/storage/drivers/driver/ceph/utils: Reworks parseParent to return a Volume struct
- lxd/storage/drivers/driver/ceph/utils: Adds tests for parseParent
- lxd/storage/drivers/driver/ceph/utils: Adds cephVolumeTypeZombieImage constant
- lxd/storage/drivers/driver/ceph/utils: Updates rbdCreateVolume to accept string size
- lxd/storage/drivers/driver/ceph/utils: Pass volume config in rbdMarkVolumeDeleted
- lxd/storage/drivers/driver/ceph/utils: Pass volume config in rbdRenameVolume
- lxd/storage/drivers/driver/ceph/utils: Replaces getRBDSize with volumeSize
- lxd/storage/drivers/driver/ceph/utils: Dont wrap lines
- lxd/storage/drivers/driver/ceph/utils: Updates usage of d.parseParent in deleteVolume
- lxd/storage/drivers/driver/ceph/utils: Updates RBD naming logic in getRBDVolumeName
- lxd/storage/drivers/driver/ceph/volumes: Ensures CreateVolumeFromCopy correctly sizes new volume
- lxd/storage/drivers/driver/ceph/volumes: If volume doesnt exist in DeleteVolume do nothing
- lxd/storage/drivers/driver/ceph/utils: Dont wrap lines
- lxd/db: Rename CertificatesGet to GetCertificates
- lxd/db: Rename CertificateGet to GetCertificate
- lxd/db: Rename CertSave to CreateCertificate
- lxd/db: Rename CertDelete to DeleteCertificate
- lxd/db: Rename CertUpdate to UpdateCertificate
- lxd/db: Drop unused ConfigValueSet
- lxd/instances/post: Fix revert in createFromBackup
- lxd/storage/drivers/volume: Adds allowUnsafeResize bool to Volume struct
- lxd/storage/backend/lxd: Adds cannot shrink error handling in CreateInstanceFromBackup
- lxd/storage/drivers/generic/vfs: Sets block volume size to file size of volume in tarball in genericVFSBackupUnpack
- lxd/storage/drivers/driver/btrfs/volumes: No need to move GPT header if no filler used in CreateVolume
- lxd/storage/drivers/driver/btrfs/volumes: Skip GPT header move in SetVolumeQuota when allowUnsafeResize is enabled
- lxd/storage/drivers/driver/dir/volumes: Skip GPT header move in SetVolumeQuota when allowUnsafeResize is enabled
- lxd/storage/drivers/driver/lvm/volumes: Allow unsafe shrinking when allowUnsafeResize is enabled
- lxd/storage/drivers/driver/zfs/volumes: Allow unsafe shrinking when allowUnsafeResize is enabled
- Merge pull request #7280 from tomponline/tp-storage-createfromcopy
- lxd/storage/drivers/driver/ceph/volumes: Allow unsafe shrinking when allowUnsafeResize is enabled
- Merge pull request #7282 from tomponline/tp-storage-backuprestore-size
- Merge pull request #7270 from tomponline/tp-storage-image-regeneration-ceph
- lxd/db: Rename InstanceNames to GetInstanceNames
- lxd/db: Rename ContainerNodeAddress to GetNodeAddressOfInstance
- lxd/db: Rename ContainersListByNodeAddress to GetInstanceNamesByNodeAddress
- lxd/db: Rename ContainersByNodeName to GetInstanceToNodeMap
- lxd/db: Rename ContainerNodeMove to UpdateInstanceNode
- lxd/db: Rename ContainerNodeProjectList to GetLocalInstancesInProject
- lxd/db: Rename ContainerConfigInsert to CreateInstanceConfig
- lxd/db: Rename ContainerConfigUpdate to UpdateInstanceConfig
- lxd/db: Rename InstanceRemove to RemoveInstance
- lxd/db: Rename ContainerProjectAndName to GetInstanceProjectAndName
- lxd/db: Rename ContainerConfigClear to DeleteInstanceConfig
- lxd/db: Rename ContainerConfigGet to GetInstanceConfig
- lxd/db: Rename ContainerConfigRemove to DeleteInstanceConfigKey
- lxd/db: Rename ContainerSetStateful to UpdateInstanceStatefulFlag
- lxd/db: Rename ContainerProfilesInsert to AddProfilesToInstance
- lxd/db: Drop unused ContainerProfiles
- lxd/db: Drop unused ContainerConfig
- lxd/db: Remove unused ContainersNodeList
- lxd/db: Rename ContainersResetState to ResetInstancesPowerState
- lxd/db: Rename ContainerSetState to UpdateInstancePowerState
- lxd/db: Rename ContainerUpdate to UpdateInstance
- lxd/db: Rename InstanceSnapshotCreationUpdate to UpdateInstanceSnapshotCreationDate
- lxd/db: Rename ContainerLastUsedUpdate to UpdateInstanceLastUsedDate
- lxd/db: Rename ContainerGetSnapshots to GetInstanceSnapshotsNames
- lxd/db: Rename ContainerNextSnapshot to GetNextInstanceSnapshotIndex
- lxd/db: Rename InstancePool to GetInstancePool
- lxd/db: Rename ContainerBackupID to getInstanceBackupID
- Rename ContainerGetBackup to GetInstanceBackup
- lxd/db: Rename InstanceCreateBackup to CreateInstanceBackup
- lxd/db: Rename InstanceBackupRemove to DeleteInstanceBackup
- lxd/db: ContainerBackupRename to RenameInstanceBackup
- lxd/db: Rename ContainerBackupsGetExpired to GetExpiredInstanceBackups
- lxd/storage/drivers/utils: Updates roundVolumeBlockFileSizeBytes and ensureVolumeBlockFile to take size as bytes
- lxd/storage/drivers/generic/vfs: Updates genericVFSResizeBlockFile to accept size as bytes
- lxd/storage/drivers/driver/btrfs/utils: Adds volumeSize function
- lxd/storage/drivers/driver/btrfs/volumes: Updates CreateVolume to use volumeSize()
- lxd/storage/drivers/driver/btrfs/volumes: Updates SetVolumeQuota to be byte oriented internally
- lxd/storage/drivers/driver/ceph/utils: Updates volumeSize comment for consistency
- lxd/storage/drivers/driver/ceph/volumes: Updates CreateVolumeFromCopy to use volumeSize()
- lxd/storage/drivers/driver/ceph/volumes: Updates SetVolumeQuota to be byte oriented internally
- lxd/storage/drivers/driver/dir/utils: Adds volumeSize function
- lxd/storage/drivers/driver/dir/volumes: Updates CreateVolume to use volumeSize
- lxd/storage/drivers/driver/dir/volumes: Updates SetVolumeQuota to be byte oriented internally
- lxd/storage/drivers/driver/lvm/utils: Updates copyThinpoolVolume to use volumeSize()
- lxd/storage/drivers/driver/lvm/volumes: Updates SetVolumeQuota variables and comments
- lxd/storage/drivers/driver/zfs/utils: Adds volumeSize function
- lxd/storage/drivers/driver/zfs/volumes: Updates CreateVolume to use volumeSize()
- lxd/storage/drivers/driver/zfs/volumes: Updates CreateVolumeFromCopy to use volumeSize()
- lxd/storage/drivers/driver/zfs/volumes: Updates SetVolumeQuota to be byte oriented internally
- Merge pull request #7281 from freeekanayaka/cleanup-db-function-names
- lxd/db: Rename DevicesAdd to AddDevicesToEntity
- lxd/storage/backend/lxd: Detect cached image filesystem changes for VM images too
- lxd/db: Remove unused Devices
- lxd/db: Rename ImagesGetLocal to GetLocalImages
- lxd/db: Rename ImagesGet to GetImages
- lxd/db: Rename ImagesGetExpired to GetExpiredImages
- lxd/db: Rename ImageSourceInsert to CreateImageSource
- lxd/db: Rename ImageSourceGet to GetImageSource
- lxd/db: Rename ImageGet to GetImage
- lxd/db: Rename ImageGetFromAnyProject to GetImageFromAnyProject
- lxd/db: Rename ImageLocate to LocateImage
- lxd/db: Rename ImageAssociateNode to AddImageToLocalNode
- lxd/db: Rename ImageDelete to DeleteImage
- lxd/db: Rename ImageAliasesGet GetImageAliases
- lxd/db: Rename ImageAliasGet to GetImageAlaias
- lxd/db: Rename ImageAliasRename to RenameImageAlias
- lxd/db: Rename ImageAliasDelete to DeleteImageAlias
- lxd/db: Rename ImageAliasesMove to MoveImageAlias
- lxd/db: Rename ImageAliasAdd to CreateImageAlias
- lxd/db: Rename ImageAliasUpdate to UpdateImageAlias
- lxd/db: Rename ImageCopyDefaultProfiles to CopyDefaultImageProfiles
- lxd/db: Rename ImageLastAccessUpdate to UpdateImageLastUseDate
- lxd/db: Rename ImageLastAccessInit to InitImageLastUseDate
- lxd/db: Rename ImageUpdate to UpdateImage
- lxd/db: Rename ImageInsert to CreateImage
- lxd/db: Rename ImageGetPools to GetPoolsWithImage
- lxd/db: Rename ImageGetPoolNamesFromIDs to GetPoolNamesFromIDs
- lxd/db: Rename ImageUploadedAt to UpdateImageUploadDate
- lxd/db: Rename ImagesGetOnCurrentNode to GetImagesOnLocalNode
- lxd/db: Rename ImagesGetByNodeID to GetImagesOnNode
- lxd/db: Replace ImageGetNodesWithImage with GetNodesWithImage
- lxd/db: Rename ImageGetNodesWithoutImage to GetNodesWithoutImage
- lxc/image: Actually refresh multiple images
- Merge pull request #7286 from freeekanayaka/cleanup-db-function-names-part-2
- Merge pull request #7288 from stgraber/master
- Merge pull request #7285 from tomponline/tp-storage-filesystem-regen
- Merge pull request #7283 from tomponline/tp-storage-volsize-consistency
- lxd/resources: Use permanent MAC when available
- Merge pull request #7290 from stgraber/master
- lxd/qemu: Restrict NUMA layout to x86_64
- Merge pull request #7293 from stgraber/master
- Consider all nodes when looking for the leader, not only voters
- Only attempt to transfer leadership if we are not standalone
- Merge pull request #7297 from freeekanayaka/try-all-nodes-when-looking-for-leader
- lxd/db: Rename NetworksNodeConfig to GetNetworksLocalConfig
- lxd/db: Rename NetworkIDsNotPending to GetNonPendingNetworkIDs
- lxd/db: Rename NetworkID to GetNetworkID
- lxd/db: Rename NetworkConfigAdd to CreateNetworkConfig
- lxd/db: Rename Networks to GetNetworks
- lxd/db: Rename NetworksNotPending to GetNonPendingNetworks
- lxd/db: Rename NetworksNotPending to GetNonNetworks
- lxd/db: Rename NetworkGetInterface to GetNetworkWithInterface
- lxd/db: Rename NetworkConfig to getNetworkConfig
- lxd/db: Rename NetworkCreate to CreateNetwork
- lxd/db: Rename NetworkUpdate to UpdateNetwork
- lxd/db: Rename NetworkConfigClear to clearNetworkConfig
- lxd/db: Rename NetworkDelete to DeleteNetwork
- lxd/db: Rename NetworkRename to RenameNetwork
- lxd/db: Rename NetworkNodeConfigKeys to NodeSpecificNetworkNodeConfig
- Merge pull request #7299 from freeekanayaka/cleanup-db-function-names-part-3
- lxd/daemon: Detect nodev and improve errors
- Merge pull request #7300 from stgraber/master
- lxd/db: Rename NodeByAddress to GetNodeByAddress
- lxd/db: Rename NodePendingByAddress to GetPendingNodeByAddress
- lxd/db: Rename NodeByName to GetNodeByName
- lxd/db: Rename NodeName to GetLocalNodeName
- lxd/db: Rename NodeAddress to GetLocalNodeAddress
- lxd/db: Rename Nodes to GetNodes
- lxd/db: Rename NodesCount to GetNodesCount
- lxd/db: Rename NodeRename to RenameNode
- lxd/db: Rename NodeAdd to CreateNode
- lxd/db: Rename NodeAddWithArch to CreateNodeWithArch
- lxd/db: Rename NodePending to SetNodePendingFlag
- lxd/db: Rename NodeUpdate to UpdateNode
- lxd/db: Rename NodeAddRole to CreateNodeRole
- lxd/db: Rename NodeRemoveRole to RemoveNodeRole
- lxd/db: Rename NodeUpdateRoles to UpdateNodeRoles
- lxd/db: Rename NodeRemove to RemoveNode
- lxd/db: Rename NodeHeartbeat to SetNodeHeartbeat
- lxd/db: Rename NodeOfflineThreshold to GetNodeOfflineThreshold
- lxd/db: Rename NodeClear to ClearNode
- lxd/db: Rename NodeWithLeastContainers to GetNodeWithLeastInstances
- lxd/db: Rename NodeUpdateVersion to SetNodeVersion
- lxd/db: Rename Operations to GetLocalOperations
- lxd/db: Rename OperationsUUIDs to GetLocalOperationsUUIDs
- lxd/db: Rename OperationNodes to GetNodesWithRunningOperations
- lxd/db: Rename OperationByUUID to GetOperationByUUID
- lxd/db: Rename OperationAdd to CreateOperation
- lxd/db: Rename OperationRemove to RemoveOperation
- lxd/db: Rename OperationFlush to removeNodeOperations
- lxd/db: Rename Patches to GetAppliedPatches
- lxd/db: Rename PatchesMarkApplied to MarkPatchAsApplied
- lxd/db: Rename Profiles to GetProfileNames
- lxd/db: Rename ProfileGet to GetProfile
- lxd/db: Rename ProfilesGet to GetProfiles
- lxd/db: Drop ProfileConfig
- lxd/db: Rename ProfileDescriptionUpdate to UpdateProfileDescription
- lxd/db: Rename ProfileConfigClear to ClearProfileConfig
- lxd/db: Rename ProfileConfigAdd to CreateProfileConfig
- lxd/db: Rename ProfileContainersGet to GetInstancesWithProfile
- lxd/db: Rename ProfileCleanupLeftover to RemoveUnreferencedProfiles
- lxd/db: Rename ProfilesExpandConfig to ExpandInstanceConfig
- lxd/db: Rename ProfilesExpandDevices to ExpandInstanceDevices
- Merge pull request #7302 from freeekanayaka/rename-db-function-names-part4
- lxd/storage/drivers/generic/vfs: Dont require access to block device when excluding root image file from rsync in genericVFSMigrateVolume
- lxd/storage/drivers/driver/zfs/volumes: Updates MigrateVolume to avoid need to premount snapshot volume
- Merge pull request #7304 from tomponline/tp-storage-zfs-migration
- ethtool: add ethtoolGset() helper
- test/suites/storage/volume/attach: Adds test for custom volume root perm persistence
- lxd/storage/drivers: Fixes custom volume root mount perm issue for BTRFS and DIR
- lxc/storage/drivers/volume: Removes keepDevice from Volume
- lxd/storage/drivers/driver/ceph/volumes: Removes keepDevice usage
- lxc/storage/drivers/driver/ceph/volumes: Mount changes
- lxd/storage/drivers/driver/ceph/volumes: UnmountVolume modifications
- lxd/storage/drivers/driver/ceph/volumes: Esnure permission on volume root set in CreateVolume
- lxd/resources: Skip NVME multipath entries
- lxd/db: Rename ProjectNames to GetProjectNames
- lxd/db: Rename ProjectMap to GetProjectIDsToNames
- lxd/db: Rename ProjectUpdate to UpdateProject
- Merge pull request #7310 from tomponline/tp-storage-customvol-chmod
- lxd/db: Rename ProjectLaunchWithoutImages to InitProjectWithoutImages
- lxd/db: Rename RaftNodes to GetRaftNodes
- lxd/db: Rename RaftNodeAddresses to GetRaftNodeAddresses
- lxd/db: Rename RaftNodeAddress to GetRaftNodeAddress
- lxd/db: Rename RaftNodeFirst to CreateFirstRaftNode
- lxd/db: Rename RaftNodeAdd to CreateRaftNode
- lxd/db: Rename RaftNodeDelete to RemoveRaftNode
- lxd/db: Rename RaftNodesReplace to ReplaceRaftNodes
- lxd/db: Rename InstanceSnapshotConfigUpdate to UpdateInstanceSnapshotConfig
- lxd/db: Rename InstanceSnapshotID to GetInstanceSnapshotID
- lxd/db: Rename StoragePoolsNodeConfig to GetStoragePoolsLocalConfig
- lxd/db: Rename StoragePoolID to GetStoragePoolID
- lxd/db: Rename StoragePoolDriver to GetStoragePoolDriver
- lxd/db: Rename StoragePoolIDsNotPending to GetNonPendingStoragePoolsNamesToIDs
- lxd/db: Rename StoragePoolNodeJoin to UpdateStoragePoolAfterNodeJoin
- lxd/db: Rename StoragePoolConfigAdd to CreateStoragePoolConfig
- lxd/db: Rename StoragePoolNodeConfigs to GetStoragePoolNodeConfigs
- lxd/db: Rename StoragePools to GetStoragePoolNames
- lxd/db: Rename StoragePoolsNotPending to GetNonPendingStoragePoolNames
- lxd/db: Rename StoragePoolsGetDrivers to GetStoragePoolDrivers
- lxd/db: Rename StoragePoolGetID to GetStoragePoolID
- lxd/db: Rename StoragePoolGet to GetStoragePool
- lxd/db: Rename StoragePoolConfigGet to getStoragePoolConfig
- lxd/db: Rename StoragePoolCreate to CreateStoragePool
- lxd/db: Rename StoragePoolUpdate to UpdateStoragePool
- Merge pull request #7314 from stgraber/master
- lxd/db: Rename StoragePoolConfigClear to clearStoragePoolConfig
- lxd/db: Rename StoragePoolDelete to RemoveStoragePool
- lxd/db: Rename StoragePoolVolumesGetNames to GetStoragePoolVolumesNames
- lxd/db: Rename StoragePoolVolumesGetAllByType to GetStoragePoolVolumesWithType
- lxd/db: Rename StoragePoolVolumesGet to GetStoragePoolVolumes
- lxd/db: Rename StoragePoolNodeVolumesGet to GetLocalStoragePoolVolumes
- lxd/db: Rename StoragePoolVolumeSnapshotsGetType to GetLocalStoragePoolVolumeSnapshotsWithType
- lxd/db: Rename StoragePoolNodeVolumesGetType to GetLocalStoragePoolVolumesWithType
- lxd/db: Rename StoragePoolNodeVolumeGetTypeByProject to GetLocalStoragePoolVolume
- lxd/db: Rename StoragePoolVolumeUpdateByProject to UpdateStoragePoolVolume
- lxd/db: Rename StoragePoolVolumeDelete to RemoveStoragePoolVolume
- lxd/db: Rename StoragePoolVolumeRename to RenameStoragePoolVolume
- lxd/db: Rename StoragePoolVolumeCreate to CreateStoragePoolVolume
- lxd/db: Rename StoragePoolNodeVolumeGetTypeIDByProject to GetStoragePoolNodeVolumeID
- lxd/db: Rename StoragePoolInsertZfsDriver to FillMissingStoragePoolDriver
- Merge pull request #7312 from tomponline/tp-storage-ceph-shrink
- Merge pull request #7315 from freeekanayaka/rename-db-function-names-part-5
- lxd/storage/zfs: Use TryUnmount
- Merge pull request #7317 from stgraber/master
- Support two-phase creation of a storage pool on single-node cluster
- Merge pull request #7325 from freeekanayaka/storage-creation-on-single-node
- lxd/storage/drivers/driver/btrfs/utils: Adds setSubvolumeReadonlyProperty function
- lxd/storag/drivers/driver/btrfs/volumes: Removes readonly argument from snapshotSubvolume
- lxd/storage/drivers/driver/btrfs: d.setSubvolumeReadonlyProperty and d.snapshotSubvolume usage
- lxd/db: Rename StoragePoolVolumeGetType to GetStoragePoolVolume
- lxd/db: Rename StoragePoolVolumeSnapshotCreate to CreateStorageVolumeSnapshot
- lxd/db: Rename StoragePoolVolumeSnapshotUpdateByProject to UpdateStoragePoolVolumeSnapshot
- lxd/db: Rename StorageVolumeSnapshotExpiryGet to GetStorageVolumeSnapshotExpiry
- lxd/db: Rename StorageVolumeSnapshotsGetExpired to GetExpiredStorageVolumeSnapshots
- resources/ethtool: implement ETHTOOL_GLINKSETTINGS
- lxd/storage/drivers/driver/btrfs/utils: Adds getSubvolumesMetaData function
- lxd/storage/drivers/driver/btrfs/volumes: Maintain subvolume readonly state in snapshot
- lxd/storage/driversr/driver/btrfs/utils: Allow ro subvolumes to be deleted in deleteSubvolume
- lxd/storag/drivers/driver/btrfs/volumes: Updates MigrateVolume to send subvolumes
- lxd/storage/drivers/driver/btrfs/volumes: Fail backup when cleanup fails in BackupVolume
- lxd/storage/drivers/driver/btrfs/volumes: Better naming of variables in unpackVolume
- lxd/migration/migrate/proto: Adds BTRFS Features to offer header
- lxd/migration/utils: Adds GetBtrfsFeaturesSlice function
- lxd/migration/migration/volumes: Adds BTRFS feature support to TypesToHeader
- lxd/migration/migration/volumes: Adds BTRFS feature support to MatchTypes
- lxd/storage/drivers/driver/btrfs: Adds BTRFS features to MigrationTypes
- lxd/storage/memorypipe: Dont make ioutil.ReadAll panic on cancel
- lxd/storage/drivers/driver/btrfs/utils: Kill btrfs send on error in sendSubvolume
- lxd/storage/drivers/driver/btrfs/utils: Support subvolumes in receiveSubvolume
- lxd/storage/drivers/driver/btrfs/utils: Adds metadataHeader function
- lxd/storage/drivers/driver/btrfs/volumes: Updates CreateVolumeFromMigration to receive subvolumes
- Merge pull request #7327 from brauner/2020-05-06/ethtool
- Merge pull request #7326 from tomponline/tp-storage-btrfs-snapshot
- lxd/db: Rename StorageVolumeNodeAddresses to GetStorageVolumeNodeAddresses
- lxd/db: Rename StorageVolumeDescriptionGet to GetStorageVolumeDescription
- lxd/db: Rename StorageVolumeNextSnapshot to GetNextStorageVolumeSnapshotIndex
- lxd/db: Rename StorageVolumeCleanupImages to RemoveStorageVolumeImages
- lxd/db: Rename StorageVolumeMoveToLVMThinPoolNameKey to UpgradeStorageVolumConfigToLVMThinPoolNameKey
- lxd/db: Update naming pattern for generated database code
- Merge pull request #7316 from tomponline/tp-storage-btrfs-subvols
- Merge pull request #7328 from freeekanayaka/rename-db-function-names-part-6
- client/lxd_images: Fix backward compatibility
- Merge pull request #7329 from stgraber/master
- lxd/storage/btrfs: Fix migration from snapshot
- Merge pull request #7330 from stgraber/master
- i18n: Update translations from weblate
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.0.1 LTS リリースのお知らせ¶
21st of April 2020
はじめに ¶
LXD チームは、LXD 4.0.1 のリリースをお知らせできてとてもうれしいです!
このリリースは、2025 年 6 月までサポートされる LXD 4.0 に対する最初のバグフィックスリリースです。
バグ修正と改良点 ¶
このリリースでは、4.0.0 のリリース後に報告された多数の問題を修正しています。
主なものは次の通りです:
- resources API の調整と改良
- NUMA ノードのコアごとの表示
die_idカーネル属性を使った CPU のサポートsystemセクションで DMI インフォメーションが提供されるようになりました
/1.0内の環境データーにosとos_versionを追加- ディザスターリカバリー機能
lxd cluster remove-raft-nodeの追加 - VM とスケジュールされたスナップショットを考慮した
activateifneededの改良 - コマンドラインツールのソート順を改良し、番号付きエントリーを改良
- Ceph rbd/fs
diskデバイスが実装され、仮想マシンにアタッチできるようになりました - 3.0 未満から 4.0 へ直接アップグレードしたユーザーのデーター移行の問題をいくつか修正しました
execでファイルディスクリプターがリークする問題を修正しました
コミットの全リストは次の通りです(翻訳なし):
- doc/instances: Fix escaping
- lxc/network: Updates network detach checks to use bridged network property
- lxd/network/network/utils: Updates network setting detection in IsInUse
- lxd/instance/drivers/driver/qemu: Adds host_name info to RenderState when lxd-agent is running
- lxd/networks: Fix clustered configs
- shared/api: Move NUMANode to thread
- lxd/resources: Set NUMANode on a per-thread basis
- lxc/info: Update for NUMANode on thread
- i18n: Update translation templates
- api: resources_cpu_threads_numa
- api: resources_cpu_core_die
- lxd/resources: Parse and report die_id
- lxd/storage/drivers/driver/lvm/volumes: Mount xfs snapshot with nouuid option
- lxd/storage/drivers/driver/ceph/volumes: Adds mounting logging
- lxd/instance/drivers/driver/lxc: Updates Render() to accept options arguments
- lxd/instance/drivers/driver/qemu: Updates Render() to accept options arguments
- lxd/instance/instance/interface: Updates Render() to accept options arguments
- lxd/storage/drivers/utils: Zeros btrfs transaction log in regenerateFilesystemBTRFSUUID
- lxd/storage/utils: Removes unused functions and constants
- lxd/storage/utils: Adds RenderSnapshotUsage function
- lxd/instance/snapshot: Adds storagePools.RenderSnapshotUsage to Render() in containerSnapshotsGet and snapshotGet
- lxd/instance/drivers/driver/lxc: Use storagePools.RenderSnapshotUsage in RenderFull()
- lxd/instance/drivers/driver/qemu: Use storagePools.RenderSnapshotUsage in RenderFull()
- lxd/instance/instance/utils: Removes unused WriteBackupFile
- lxd/storage/drivers/utils: Changes regenerateFilesystemUUID to use expanded arg definitions
- lxd/storage/drivers/driver/ceph/utils: Changes generateUUID to not map device
- lxd/storage/drivers/driver/ceph/volumes: d.generateUUID updated signature usage
- lxd/storage/drivers/driver/ceph/volumes: Adds BTRFS UUID regeneration to MountVolumeSnapshot
- lxd/storage/drivers/driver/zfs/volumes: Comment clarification
- lxd/storage/drivers/volume: Adds support for setting custom mount path
- lxd/storage/drivers/driver/btrfs/volumes: Create temporary snapshot in BackupVolume()
- lxd/storage/drivers/driver/btrfs/volumes: Renames container vars to instance
- lxd/storage/drivers/driver/btrfs/volumes: Consistent quoting of error message variables
- lxd/instance/drivers: Removes storagePools.RenderSnapshotUsage from RenderFull()
- lxd/storage/drivers/driver/zfs/volumes: Create temporary snapshot in BackupVolume()
- lxd/storage/backend/lxd: Checks for existance of volume before deleting
- lxd/instance: Switches to revert package for instanceCreateAsSnapshot
- lxd/storage/backend/lxd: Comment tweak
- lxd/storage/drivers/driver/ceph/volumes: Tweaks HasVolume detection
- shared/subprocess/proc: Fixes race in process stopping
- lxd/main_activateifneeded: s/container/instance/
- lxd/main_activateifneeded: Retrieve all instances
- lxd/main_activateifneeded: Check for scheduled instance snapshots
- lxd/main_activateifneeded: Check for scheduled volume snapshots
- test/suites/basic: Update activateifneeded tests
- lxd/main_activateifneeded: Use defer statement to close db
- lxd/storage/btrfs: Workaround permission issue
- lxd/cluster: add RemoveRaftNode() to force removing a raft node
- api: Add "DELETE /internal/cluster/raft/" endpoint
- Increase timeout when calling dqlite.Client.Add() to join the cluster
- lxd/storage/drivers/driver/zfs/volumes: Comment
- lxd/storage/drivers/driver/lvm/volumes: Always return -1/ErrNotSupported for snapshot usage
- lxd/storage/drivers/driver/dir/volumes: Always return -1/ErrNotSupported for snapshot usage
- lxd/storage/drivers/driver/zfs/volumes: Always used 'used' property for ZFS snapshot usage
- lxd/storage/drivers/driver/cephfs/volumes: Always return -1/ErrNotSupported for snapshot usage
- lxd/storage/drivers/driver/btrfs/volumes: Return -1/ErrNotSupported when no quota available
- lxd/instance: Fix typo in comment
- lxc/action: Fix typo in help message
- i18n: Update translation templates
- lxd: Add "lxd cluster remove-raft-node" recovery command
- doc: Add paragraph about "lxd cluster remove-raft-node"
- test: Add test exercising "lxd cluster remove-raft-node"
- lxd/storage/lvm: Always call vgchange on mount
- lxd/patches: Fix snapshot migration
- tests: Fix btrfs storage usage
- lxd/storage/drivers/volume: Only chmod if needed in EnsureMountPath
- lxd/storage/drivers/volume: Removes unnecessary variable
- lxd/storage/drivers/driver/zfs/volumes: Ensure volumes created from copy have correct perms
- lxd/storage/drivers: Call EnsureMountPath() in MountVolume()
- lxd/storage/drivers: Call EnsureMountPath() in MountVolumeSnapshot()
- lxd/storage/drivers/driver/btrfs/volumes: Adds revert to CreateVolume
- lxd/storage/drivers/driver/btrfs/volumes: Comment in CreateVolumeFromCopy
- lxd/storage/drivers/driver/lvm/utils: EnsureMountPath after copying thin volume
- lxd/storage/drivers/driver/cephfs/volumes: typo
- lxd/storage/drivers/driver/cephfs/volumes: Calls vol.EnsureMountPath after filling
- lxd/storage/drivers/driver/ceph/volumes: Calls EnsureMountPath to fix perms after copying volume
- lxd/storage/drivers/driver/lvm/volumes: Fixes temporary snapshot volume cleanup for VMs
- lxd/storagr/drivers/driver/ceph/volumes: Adds support for snapshot usage reporting
- lxd/storage/drivers/driver/lvm/volumes: Clarifies comments on LVM volume usage reporting
- shared/osarch: Coding style
- shared/osarch: Don't fail on missing os-release
- shared/api: Add OS information
- lxd/api: Add OS information
- api: Add api_os
- lxc: Use natural string sorting
- lxc: Group snapshot and parent
- lxd/main: Move forkzfs mntns to cgo
- doc/networks: Adds note about firewalld and DHCP/DNS
- lxd/device/nic/routed: Improves validation of sysctl settings when using vlan option
- lxd/device/nic/routed: Corrects misleading error message when setting sysctls
- lxd/storage/drivers/generic/vfs: Log when creating snapshots
- lxd/storage/drivers/driver/zfs/volumes: Fix migrating VM block volumes in MigrateVolume
- lxd/storage/memorypipe: Adds context support for cancellation
- lxd/storage/backend/lxd: memorypipe cancellation usage
- lxd/device/nic/sriov: Updates networkGetVirtFuncInfo to use json output from ip tool
- doc: Add missing os_api extension
- lxd/storage/drivers/driver/dir/utils: Removes default project quota
- forkexec: mark fd cloexec so the attaching process doesn't inherit it
- forkexec: close all inherited fds
- forkexec: log unexpected fds
- lxd/daemon: Ignore .zfs in volumes
- lxd/network: Push MTU over DHCP
- shared/api: Drop invalid Managed key in NetworksPost
- lxd: Drop invalid use of Managed property
- lxd/devices/disk: Prevent recursive & readonly
- lxc/instance/drivers: Set new name before renaming backups
- test: Extend backup rename
- lxd/instance/drivers: Add revert steps when renaming instance
- lxd/instance/drivers/driver/qemu: Allow up to 8 NIC devices
- lxd/instance/drivers/driver/qemu/templates: Note that lxd_ disk device name prefix should not be changed
- doc/instances: Clarify config conditions
- doc/index: Clarify bind-mount in FAQ
- lxd/instances: Better use userRequested on Update
- lxd/device/nic/routed: Fix sysctl command suggestion when using vlans
- lxd/device/nic/ipvlan: Improve validation of sysctl settings when vlan setting used
- test/clustering: increase timing to detect offline node
- shared/version/api: Add resources_system API extension
- doc/api-extensions: Add resources_system
- shared/api/resource: Add system resources
- lxd/resources: Add new system resources
- lxd/resources: Retrieve system information
- shared/util: Never look into the snap
- lxd/resources: serial/uuid may not be accessible
- doc/instances: Fixes default ceph.cluster_name value
- lxd/device/disk: Adds support to use ceph: prefix for disk source for VMs
- firewalld & lxd : how to let Firewalld control the LXD's iptables rules this is related to https://github.com/lxc/lxd/pull/7195 but this a bit more generic
- Update networks.md
- doc/networks: Fix typo
- i18n: Update translations from weblate
- Update networks.md
- lxd/storage/ceph: Suppport alternate conf syntax
- lxd/init: Try to bind LXD network address when running interactively
- lxd/instance/drivers/driver/qemu/templates: Use static PCIe address prefix for 9p devices
- lxd/instance/drivers/drivers/qemu: Adds support for 9p disk device PCIe indexes
- lxd/device/nic/bridged: Dont load br_netfilter
- doc/instances: Fix swapped description
- index.md: add PATH env variable to sudo command example
- shared/simplestreams: Fix VM image preference
- lxd/devoce/device/utils/disk: Comment on diskCephfsOptions
- lxd/device/disk: Adds cephfs support for VMs
- lxd/device/proxy: Check for br_netfilter enabled and log warning if not
- lxd/firewall/drivers/driver/xtables: Adds MASQUERADE hairpin proxy NAT rule
- lxd/firewall/drivers/drivers/xtables: comments
- lxd/device/proxy: Sets bridge port hairpin mode on when br_netfilter loaded
- lxd/firewall/drivers/drivers/xtables: Renames toDest to connectDest
- lxd/firewall/drivers/drivers/nftables: Renames toDest to connectDest
- lxd/init: Improve error messages when failing to bind an address
- lxd/firewall/drivers/drivers/nftables: Adds MASQUERADE hairpin proxy NAT rule
- test/suites/container/devices/proxy: Updates tests for checking hairpin rule
- lxd/instance/drivers/driver/qemu: Wait for onStop when restarting
- lxd/instance/drivers/driver/qemu: Makes onStop unexported
- lxd/instance/drivers/driver/qemu: Comment
- lxd/instance/lxc: Don't crash in setNetworkPriority
- lxd/instances: Export type to templates
- lxd-agent: Reboot after cloud-init seed
- lxd/util: Tweak NetworkInterfaceAddress to only return global
- lxd/net/util: Updates comment on NetworkInterfaceAddress behaviour change
- shared/usbid: Use system database
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.0 LTS リリースのお知らせ¶
31st of March 2020
はじめに ¶
LXD チームは、LXD 4.0 LTS のリリースをお知らせすることにとてもワクワクしています!
これは LXD の 3 つめの LTS リリースです。とても忙しく、そしてエキサイティングです! あとの ChangeLog は、LXD 3.23 ユーザーと 3.0 ユーザーの両方が私たちが準備したものを見れるように分けています。
私たちの他の LTS リリースと同様に、このリリースも 5 年間(2025 年 6 月まで)サポートされます。その間に多数のバグフィックスとセキュリティのポイントリリースが行われます。
LXD 3.0 に関しては、残り 3 年間のセキュリティ fix のみのメンテナンスモードに入る前の近いうちに、最後のバグフィックスリリースを 3.0.5 としてリリースしたいと思っています。
Enjoy!
互換性のない変更 ¶
--container-only の削除と、--instance-only への置き換え ¶
このリリースでの CLI の互換性のない変更は --container-only を --instance-only に置き換えるものだけです。フィーチャーリリースでは数ヶ月の間は両方をサポートします。4.0 リリースでは、非推奨の機能は削除されます。
3.23 ユーザー向けのハイライト ¶
virtual machines: バックアップサポート(import/export)¶
lxc export と lxc import が仮想マシンで使えるようになりました。
しかし、注意点があります。仮想マシンはコンテナとは異なり、大きなブロックデバイスとしてしかアクセスできません。これは、VM 内で実際にどれだけの容量が使われていたとしても、数 GB のデーターを読み込み圧縮する必要があるということです。
つまりエクスポートもインポートも長い時間がかかる可能性があるということです。
ZFS のようなバックエンドで --optimized オプションを使うと、同じタイプのストレージプールにインポートするなら、エクスポートの時間を大幅に短縮できるでしょう。
resources: リソース API の PCI、USB デバイス ¶
リソース API(/1.0/resources)が拡張され、システム上の PCI、USB デバイスが表示されるようになりました。これは特に、仮想マシンで VFIO パススルーや、コンテナで USB デバイスを扱う場合に有用です。
stgraber@castiana:~$ lxc query /1.0/resources | jq .pci
{
"devices": [
{
"driver": "skl_uncore",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:00:00.0",
"product": "Xeon E3-1200 v6/7th Gen Core Processor Host Bridge/DRAM Registers",
"product_id": "5904",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "i915",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:00:02.0",
"product": "HD Graphics 620",
"product_id": "5916",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "",
"driver_version": "",
"numa_node": 0,
"pci_address": "0000:00:08.0",
"product": "Xeon E3-1200 v5/v6 / E3-1500 v5 / 6th/7th/8th Gen Core Processor Gaussian Mixture Model",
"product_id": "1911",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "xhci_hcd",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:00:14.0",
"product": "Sunrise Point-LP USB 3.0 xHCI Controller",
"product_id": "9d2f",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "intel_pch_thermal",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:00:14.2",
"product": "Sunrise Point-LP Thermal subsystem",
"product_id": "9d31",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "mei_me",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:00:16.0",
"product": "Sunrise Point-LP CSME HECI #1",
"product_id": "9d3a",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "pcieport",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:00:1c.0",
"product": "Sunrise Point-LP PCI Express Root Port #1",
"product_id": "9d10",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "pcieport",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:00:1c.2",
"product": "Sunrise Point-LP PCI Express Root Port #3",
"product_id": "9d12",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "pcieport",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:00:1c.4",
"product": "Sunrise Point-LP PCI Express Root Port #5",
"product_id": "9d14",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "pcieport",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:00:1d.0",
"product": "Sunrise Point-LP PCI Express Root Port #9",
"product_id": "9d18",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "",
"driver_version": "",
"numa_node": 0,
"pci_address": "0000:00:1f.0",
"product": "Sunrise Point LPC Controller/eSPI Controller",
"product_id": "9d4e",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "",
"driver_version": "",
"numa_node": 0,
"pci_address": "0000:00:1f.2",
"product": "Sunrise Point-LP PMC",
"product_id": "9d21",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "snd_hda_intel",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:00:1f.3",
"product": "Sunrise Point-LP HD Audio",
"product_id": "9d71",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "i801_smbus",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:00:1f.4",
"product": "Sunrise Point-LP SMBus",
"product_id": "9d23",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "e1000e",
"driver_version": "3.2.6-k",
"numa_node": 0,
"pci_address": "0000:00:1f.6",
"product": "Ethernet Connection (4) I219-LM",
"product_id": "15d7",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "rtsx_pci",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:02:00.0",
"product": "RTS525A PCI Express Card Reader",
"product_id": "525a",
"vendor": "Realtek Semiconductor Co., Ltd.",
"vendor_id": "10ec"
},
{
"driver": "iwlwifi",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:04:00.0",
"product": "Wireless 8265 / 8275",
"product_id": "24fd",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "nvme",
"driver_version": "1.0",
"numa_node": 0,
"pci_address": "0000:05:00.0",
"product": "SSD 600P Series",
"product_id": "f1a5",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "pcieport",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:06:00.0",
"product": "JHL6540 Thunderbolt 3 Bridge (C step) [Alpine Ridge 4C 2016]",
"product_id": "15d3",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "pcieport",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:07:00.0",
"product": "JHL6540 Thunderbolt 3 Bridge (C step) [Alpine Ridge 4C 2016]",
"product_id": "15d3",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "pcieport",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:07:01.0",
"product": "JHL6540 Thunderbolt 3 Bridge (C step) [Alpine Ridge 4C 2016]",
"product_id": "15d3",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "pcieport",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:07:02.0",
"product": "JHL6540 Thunderbolt 3 Bridge (C step) [Alpine Ridge 4C 2016]",
"product_id": "15d3",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "pcieport",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:07:04.0",
"product": "JHL6540 Thunderbolt 3 Bridge (C step) [Alpine Ridge 4C 2016]",
"product_id": "15d3",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "thunderbolt",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:08:00.0",
"product": "JHL6540 Thunderbolt 3 NHI (C step) [Alpine Ridge 4C 2016]",
"product_id": "15d2",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "pcieport",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:09:00.0",
"product": "JHL6540 Thunderbolt 3 Bridge (C step) [Alpine Ridge 4C 2016]",
"product_id": "15d3",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "pcieport",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:0a:00.0",
"product": "JHL6540 Thunderbolt 3 Bridge (C step) [Alpine Ridge 4C 2016]",
"product_id": "15d3",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "pcieport",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:0a:01.0",
"product": "JHL6540 Thunderbolt 3 Bridge (C step) [Alpine Ridge 4C 2016]",
"product_id": "15d3",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "pcieport",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:0a:02.0",
"product": "JHL6540 Thunderbolt 3 Bridge (C step) [Alpine Ridge 4C 2016]",
"product_id": "15d3",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "pcieport",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:0a:04.0",
"product": "JHL6540 Thunderbolt 3 Bridge (C step) [Alpine Ridge 4C 2016]",
"product_id": "15d3",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "ahci",
"driver_version": "3.0",
"numa_node": 0,
"pci_address": "0000:0b:00.0",
"product": "",
"product_id": "0622",
"vendor": "ASMedia Technology Inc.",
"vendor_id": "1b21"
},
{
"driver": "xhci_hcd",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:0c:00.0",
"product": "FL1100 USB 3.0 Host Controller",
"product_id": "1100",
"vendor": "Fresco Logic",
"vendor_id": "1b73"
},
{
"driver": "atlantic",
"driver_version": "5.4.0-18-generic-kern",
"numa_node": 0,
"pci_address": "0000:0d:00.0",
"product": "AQC107 NBase-T/IEEE 802.3bz Ethernet Controller [AQtion]",
"product_id": "87b1",
"vendor": "Aquantia Corp.",
"vendor_id": "1d6a"
}
],
"total": 32
}
stgraber@castiana:~$ lxc query /1.0/resources | jq .usb
{
"devices": [
{
"bus_address": 1,
"device_address": 4,
"interfaces": [
{
"class": "Wireless",
"class_id": 224,
"driver": "btusb",
"driver_version": "0.8",
"number": 0,
"subclass": "Radio Frequency",
"subclass_id": 1
},
{
"class": "Wireless",
"class_id": 224,
"driver": "btusb",
"driver_version": "0.8",
"number": 1,
"subclass": "Radio Frequency",
"subclass_id": 1
}
],
"product": "",
"product_id": "0a2b",
"speed": 12,
"vendor": "Intel Corp.",
"vendor_id": "8087"
},
{
"bus_address": 1,
"device_address": 3,
"interfaces": [
{
"class": "Video",
"class_id": 14,
"driver": "uvcvideo",
"driver_version": "1.1.1",
"number": 0,
"subclass": "Video Control",
"subclass_id": 1
},
{
"class": "Video",
"class_id": 14,
"driver": "uvcvideo",
"driver_version": "1.1.1",
"number": 1,
"subclass": "Video Streaming",
"subclass_id": 2
}
],
"product": "Integrated Camera",
"product_id": "b5ce",
"speed": 480,
"vendor": "Chicony Electronics Co., Ltd",
"vendor_id": "04f2"
},
{
"bus_address": 3,
"device_address": 2,
"interfaces": [
{
"class": "Audio",
"class_id": 1,
"driver": "snd-usb-audio",
"driver_version": "5.4.0-18-generic",
"number": 0,
"subclass": "Control Device",
"subclass_id": 1
},
{
"class": "Audio",
"class_id": 1,
"driver": "snd-usb-audio",
"driver_version": "5.4.0-18-generic",
"number": 1,
"subclass": "Streaming",
"subclass_id": 2
},
{
"class": "Audio",
"class_id": 1,
"driver": "snd-usb-audio",
"driver_version": "5.4.0-18-generic",
"number": 2,
"subclass": "Streaming",
"subclass_id": 2
},
{
"class": "Human Interface Device",
"class_id": 3,
"driver": "usbhid",
"driver_version": "5.4.0-18-generic",
"number": 3,
"subclass": "",
"subclass_id": 0
}
],
"product": "TX42C500",
"product_id": "4933",
"speed": 12,
"vendor": "Realtek Semiconductor Corp.",
"vendor_id": "0bda"
},
{
"bus_address": 3,
"device_address": 13,
"interfaces": [
{
"class": "Video",
"class_id": 14,
"driver": "uvcvideo",
"driver_version": "1.1.1",
"number": 0,
"subclass": "Video Control",
"subclass_id": 1
},
{
"class": "Video",
"class_id": 14,
"driver": "uvcvideo",
"driver_version": "1.1.1",
"number": 1,
"subclass": "Video Streaming",
"subclass_id": 2
},
{
"class": "Audio",
"class_id": 1,
"driver": "snd-usb-audio",
"driver_version": "5.4.0-18-generic",
"number": 2,
"subclass": "Control Device",
"subclass_id": 1
},
{
"class": "Audio",
"class_id": 1,
"driver": "snd-usb-audio",
"driver_version": "5.4.0-18-generic",
"number": 3,
"subclass": "Streaming",
"subclass_id": 2
}
],
"product": "HD Pro Webcam C920",
"product_id": "082d",
"speed": 480,
"vendor": "Logitech, Inc.",
"vendor_id": "046d"
},
{
"bus_address": 3,
"device_address": 16,
"interfaces": [
{
"class": "Human Interface Device",
"class_id": 3,
"driver": "usbhid",
"driver_version": "5.4.0-18-generic",
"number": 0,
"subclass": "",
"subclass_id": 0
},
{
"class": "Chip/SmartCard",
"class_id": 11,
"driver": "usbfs",
"driver_version": "5.4.0-18-generic",
"number": 1,
"subclass": "",
"subclass_id": 0
}
],
"product": "YubiKey FIDO+CCID",
"product_id": "0406",
"speed": 12,
"vendor": "Yubico.com",
"vendor_id": "1050"
},
{
"bus_address": 3,
"device_address": 17,
"interfaces": [
{
"class": "Human Interface Device",
"class_id": 3,
"driver": "usbhid",
"driver_version": "5.4.0-18-generic",
"number": 0,
"subclass": "Boot Interface Subclass",
"subclass_id": 1
},
{
"class": "Human Interface Device",
"class_id": 3,
"driver": "usbhid",
"driver_version": "5.4.0-18-generic",
"number": 1,
"subclass": "Boot Interface Subclass",
"subclass_id": 1
}
],
"product": "ThinkPad Compact USB Keyboard with TrackPoint",
"product_id": "6047",
"speed": 12,
"vendor": "Lenovo",
"vendor_id": "17ef"
}
],
"total": 6
}
network: 複数の ipvlan NIC デバイスのサポート ¶
複数の ipvlan デバイスの ipv4.gateway と ipv6.gateway の両方もしくは片方が none に設定されている場合、複数の ipvlan デバイスを同じコンテナに追加できるようになりました。
network: routed NIC のホスト側アドレス設定のサポート ¶
routed NIC のホスト側のアドレスは ipv4.host_address と ipv6.host_address プロパティで設定できるようになりました。
clustering: クラスターロール編集のサポート ¶
新たに lxc cluster edit コマンドでクラスターのロールを編集できるようになりました。
現時点では書き込みできるロールがないので意味がないのですが、近いうちにいくつかロールを追加し、API とコマンドで管理できるようになるにする予定です。
instances: カスタムボリュームのディスク使用量 ¶
カスタムボリュームをアタッチしているコンテナが、state API (と lxc info)経由でボリュームの使用量をレポートするようになりました。
stgraber@castiana:~$ lxc launch images:ubuntu/bionic c1
Creating c1
Starting c1
stgraber@castiana:~$ lxc storage volume create default vol1
Storage volume vol1 created
stgraber@castiana:~$ lxc storage volume create default vol2
Storage volume vol2 created
stgraber@castiana:~$ lxc storage volume attach default vol1 c1 vol1 /mnt/vol1
stgraber@castiana:~$ lxc storage volume attach default vol2 c1 vol2 /mnt/vol2
stgraber@castiana:~$ lxc info c1
Name: c1
Location: none
Remote: unix://
Architecture: x86_64
Created: 2020/04/01 00:00 UTC
Status: Running
Type: container
Profiles: default
Pid: 1439012
Ips:
eth0: inet 10.166.11.66 veth12c5ea18
eth0: inet6 fd42:4c81:5770:1eaf:216:3eff:fee2:43b6 veth12c5ea18
eth0: inet6 fe80::216:3eff:fee2:43b6 veth12c5ea18
lo: inet 127.0.0.1
lo: inet6 ::1
Resources:
Processes: 14
Disk usage:
root: 1.11MB
vol1: 98.30kB
vol2: 98.30kB
CPU usage:
CPU usage (in seconds): 0
Memory usage:
Memory (current): 46.94MB
Network usage:
eth0:
Bytes received: 3.06kB
Bytes sent: 2.93kB
Packets received: 22
Packets sent: 28
lo:
Bytes received: 0B
Bytes sent: 0B
Packets received: 0
Packets sent: 0
instances: スナップショットのディスク使用量 ¶
API でスナップショットごとのそれぞれのサイズを取得できるようになりました。
stgraber@castiana:~$ lxc snapshot c1 stgraber@castiana:~$ lxc query /1.0/instances/c1/snapshots/snap0 | jq .size 61440
これは再設計が済むとすぐに lxc info で表示されるようになるでしょう。
auth: パスワード不要の PKI モードのサポート ¶
管理された PKI を使って LXD を使う場合、その CA が署名したクライアント証明書であれば自動的に信頼するように LXD を設定できるようになりました。
これは core.trust_ca_certificates で設定します。
revoke を扱うため、server.ca と同時に設定する server.crl を CRL として受け入れます。
3.0 ユーザー向けのハイライト ¶
上記の機能と変更点に加えて、LXD 3.0 ブランチのユーザーは、以下の「新しい」機能が期待できるでしょう:
仮想マシン ¶
LXD はコンテナと仮想マシンの両方を実行できるようになりました。
デバイスや設定オプションによっては仮想マシンではまだ設定できないものがありますが、使い方や設定方法は同じように動作します。
操作によっては仮想マシン内で動作するエージェントが実行します(lxc exec と lxc file)。プロジェクトで作成したイメージのほとんどはエージェントがあらかじめインストールされています。
コンテナではなく仮想マシンを作成するのであれば、シンプルに lxc launch に --vm オプションを指定します。
VM イメージは主要なよく使われる Linux ディストリビューションのものが準備されており、将来的にも更に追加する予定です。
stgraber@castiana:~$ lxc launch images:centos/8 centos-8 --vm
Creating centos-8
Starting centos-8
stgraber@castiana:~$ lxc info centos-8
Name: centos-8
Location: none
Remote: unix://
Architecture: x86_64
Created: 2020/03/31 23:48 UTC
Status: Running
Type: virtual-machine
Profiles: default
Pid: 1426453
Ips:
enp5s0: inet 10.166.11.125
enp5s0: inet6 fd42:4c81:5770:1eaf:1c5b:d0a1:d892:5464
enp5s0: inet6 fe80::9bbf:7460:2ad0:6a9
lo: inet 127.0.0.1
lo: inet6 ::1
Resources:
Processes: 12
Disk usage:
root: 6.65MB
CPU usage:
CPU usage (in seconds): 5
Memory usage:
Memory (current): 123.94MB
Memory (peak): 115.95MB
Network usage:
enp5s0:
Bytes received: 2.55kB
Bytes sent: 2.32kB
Packets received: 21
Packets sent: 20
lo:
Bytes received: 0B
Bytes sent: 0B
Packets received: 0
Packets sent: 0
stgraber@castiana:~$ lxc exec centos-8 bash
[root@centos-8 ~]# cat /etc/redhat-release
CentOS Linux release 8.1.1911 (Core)
[root@centos-8 ~]# uname -a
Linux centos-8 4.18.0-147.5.1.el8_1.centos.plus.x86_64 #1 SMP Thu Feb 6 10:31:58 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
[root@centos-8 ~]#
プロジェクト ¶
プロジェクトは LXD サーバーを分割する方法です。 プロジェクトはそれぞれ自身のインスタンス、イメージ、プロファイル、ストレージボリュームを持つことができます。
これらのさまざまな機能はプロジェクトごとに有効化・無効化できます。無効にした場合、プロジェクトは default プロジェクトから継承します。
これに加え、プロジェクトは制約(restriction / 特定のデバイスタイプや特権コンテナの無効化など)と制限(limit / CPU、メモリー、インスタンス数の制限)をサポートしています。
インスタンス ¶
- コンテナ上でのシステムコールインターセプション
- 限られた
mknodがコンテナ内で可能 - 限られた
setxattrがコンテナ内で可能 - 特権が必要なファイルシステムのマウントを許可するために使用可能
- 一部のファイルシステムマウントを FUSE にリダイレクトするために使用可能
- バックアップ・リストア機能の追加(
lxc exportとlxc import) - ストレージプール間のインスタンスのコピー・移動
lxc copy --refreshを使った(ローカル、リモートの)インスタンスコピーのリフレッシュ(訳注: 差分コピー)- 予想外の削除や id シフトからの保護(
security.protection.deleteとsecurity.protection.shift) shiftfsのサポート追加。可能な場合にはshiftfsを使用し従来の id シフトを置き換える- 自動化されたスナップショットと expire
- 新しい
unix-hotplugデバイスタイプ(unix-charやunix-blockと同様のもの) usbデバイスの改良:- 追加・削除の uevent がコンテナに転送されるようになりました
- すべての USB デバイスを渡すことができます
proxyデバイスの改良:- 特権を落とすオプション(
security.uidandsecurity.gid) - ソケットの所有権のオプション(
uid,gid,mode) - HAProxy タイプヘッダーのサポート(
proxy_protocol) - 使用可能な場合 NAT を使った高速なプロキシー(
nat) - UDP、UNIX ソケットのサポート。UDP、TCP を使っている場合のポートの範囲
diskデバイスの改良:- Ceph rbd/fs ディスクの直接コンテナへのアタッチ
- カスタムのマウントオプション
- コンテナが読めるものへの uid/gid の変換のための
shiftプロパティ nicデバイスの改良:- 新しい
ipvlannic タイプ - 新しい
routednic タイプ ipv4.routesとipv6.routesプロパティ- 簡単に LXD が管理するネットワークに接続するための
networkプロパティ - セキュリティフィルタリングオプション
- SR-IOV デバイスでの VLAN と MAC フィルタリング
ネットワーク ¶
- 設定可能な NAT ソースアドレス(
ipv4.nat.addressandipv6.nat.address) - DHCP リース API と
lxc network list-leasesコマンド - ネットワーク状態に関する API と
lxc network infoコマンド - LXD が管理するネットワークでの設定可能な MAC アドレス(
bridge.hwaddr) - ファイアウォールのルール順がコントロール可能に(
ipv4.nat.orderandipv6.nat.order)
ストレージ ¶
- スクラッチから書き直した新しい内部ストレージレイヤー
- 新しい
cephfsストレージバックエンド - バックアップとイメージをストレージプール内に保存可能に
- カスタムストレージボリュームのスナップショット(スケジューリングと expire 処理を含む)
- LVM ストライピングサポート
- Ceph でメタデータとデータプールの分離
dirバックエンドで ext4/xfs の "project quotas" 機能を使ったクォータ- カスタムストレージボリュームの
security.shiftedプロパティ
イメージ ¶
- ネストした LXD でホストからイメージを取得するための API(
security.devlxd.images) - 新たに作成するイメージで
squashfs圧縮のサポート - プロファイルをイメージに結びつけることが可能に
- イメージの expire 時期を変更できるように
クラスターの改良 ¶
- スタンバイデータベースノードのサポート
- データベース数とスタンバイノードの数が設定可能
- アーキテクチャー混在のクラスターリング
- クラスターリングのロール
- 新たな簡素化されたクラスター追加 API
- クライアントとクラスター用トラフィックのアドレスの分離
- 自動イメージレプリケーション
CLI¶
lxc listとlxc image listの新しいカラム- 新たに
lxc aliasコマンドを追加 listコマンド全体を通して--formatオプションをサポート- すべての
setコマンドで複数のkey=valueを受け付けるように execコマンドが--uidと--gidと--cwdオプションを受け付けるようにlxc copyとlxc moveでの設定の上書き- クラスターリングに対してより多くのコマンドでの
--targetサポート
将来的な保証 ¶
- xtables の代替として nftables をサポート
- cgroup v2 を使った制限のサポート
API¶
- Canonical RBAC 経由の RBAC (Role Based Access Control) サポート
- デフォルトの TLS キーの EC384 化
/1.0/containersの置き換えとして/1.0/instancesエンドポイントの新設/1.0/instancesと/1.0/imagesでのサーバーサイドのコレクションフィルタリングを追加/1.0/resourcesでのより広範囲のリソース API- カーネルの機能が
/1.0で取得可能に - LXC の機能が
/1.0で取得可能に core.debug_address経由でのビルトインデバッグサーバー(pprof)設定- 高需要エンドポイントでのバルククエリー(再帰)オプションの追加
- クラスター環境内のイベントとオペレーションが
Locationフィールドを持つように
完全な ChangeLog(翻訳なし) ¶
Here is a complete list of all changes in this release:
- shared/version/api: Add trust_ca_certificates
- doc: Add core.trust_ca_certificates
- lxd/cluster/config: Add core.trust_ca_certificates
- *: Add parameters to CheckTrustState
- shared/cert: Add CRL to CertInfo
- lxd/util/http: Check CRL for revoked clients
- test: Extend PKI test
- lxd/etag: Quote generated etag values
- lxd/apparmor: Apparently the order matters
- shared/version/api: Add snapshot_disk_usage API extension
- doc: Add snapshot_disk_usage
- lxd/storage/drivers/btrfs: Fix quota
- lxd/backup: Removes Privileged field from backup.Info struct
- lxd/backup: Adds new fields in index.yaml
- lxd/instances/post: bInfo.OptimizedStorage pointer usage
- lxd/storage/backend/lxd: CreateInstanceFromBackup OptimizedStorage pointer usage
- lxd/backup: Updates backupWriteIndex index.yaml fields
- lxd/backup: Removes Project field from index.yaml
- test/suites/storage: Add btrfs quota tests
- shared/api: Add size to InstanceSnapshot
- lxd/instance/drivers: Get snapshot usage
- lxd/storage/drivers/btrfs: Don't destroy qgroups
- lxd/storage/drivers: Moves functions from generic.go to generic_vfs.go
- lxd/storage/drivers: Generic VFS function usage after move &rename
- lxd/instance/drivers: Add custom volumes to disk state
- lxd/instance/drivers: Fix lxd-agent running order
- lxc: Deprecate --container-only
- i18n: Update translation templates
- tests: Move away from container-only
- lxc: Drop flagContainerOnly
- lxd/storage/zfs: Fix deleted VM images restoration
- lxc/storage/drivers/driver/btrfs/volumes: CreateVolumeFromBackup to use tar reader for optimized volume restore
- lxc/storage/drivers/driver/zfs/volumes: CreateVolumeFromBackup to use tar reader for optimized volume restore
- shared/archive: Adds CompressedTarReader function
- lxd/backup/backup: shared.CompressedTarReader usage
- test/suites/static/analysis: Reinstates checks for shared/instancewriter
- lxd/instance/post: InstanceID usage
- lxd/db/containers: Renames ContainerID to InstanceID
- lxd/instances/post: Logging in createFromBackup
- lxd/instances/post: Logging message change from container to instance
- lxd/instances/post: Switches to revert package in createFromBackup
- lxd: Merges instanceCreateFromBackup into createFromBackup
- lxd/storage/drivers/utils: Adds blockDevSizeBytes function
- lxd/storage/drivers/driver/ceph/volumes: Updates SetVolumeQuota to use blockDevSizeBytes
- shared/instancewriter/instance/file/info: Adds FileInfo for os.FileInfo implementation
- shared/instancewriter/instance/tar/writer: Adds WriteFileFromReader function
- lxd/backup: Switches index.yaml file generation to use WriteFileFromReader in backupCreate
- lxd/api/internal: d.cluster.InstanceID usage
- lxd/storage/backend/lxd: Better error msg context in CreateInstanceFromBackup
- lxd/backup: Removes volume type restriction in backupCreate
- lxd/storage/drivers/generic/vfs: Adds VM support to genericVFSBackupVolume
- lxd/storage/drivers: Uses sourcePath logging for consistency in BackupVolume
- lxd/storage/drivers/driver/zfs/volumes: Adds optimised VM backup to BackupVolume
- lxd/storage/drivers/driver/btrfs/volumes: Adds optimised VM backup to BackupVolume
- lxd/storage/backend/lxd: Adds volume type logic for VMs to CreateInstanceFromBackup
- lxd/api/internal: makes internalImport VM aware
- lxd/storage/drivers/generic/vfs: Adds VM support to genericVFSBackupUnpack
- lxd/storage/drivers/driver/zfs/volumes: MountVolume comment improvements
- lxd/storage/drivers/driver/zfs/volumes: UnmountVolume improvements
- lxd/storage/drivers/driver/zfs/volumes: Adds VM support to generic mode in MigrateVolume
- lxd/storage/drivers/driver/zfs/volumes: Adds VM support to MountVolumeSnapshot
- lxd/storage/drivers/driver/zfs/volumes: Adds VM support to UnmountVolumeSnapshot
- lxd/storage/drivers/driver/zfs/volumes: Adds support for VM optimized backup restore
- lxd/storage/drivers: Adds existing volume check to optimized backup restore
- lxd/storage/drivers/driver/btrfs/volumes: Adds support for VM optimized backup restore
- lxd/storage/backend/lxd: Updates CheckInstanceBackupFileSnapshots to be VM aware
- lxd/storage/backend/lxd/patches: Ignores snapshots when retrieving list of custom volumes to be renamed
- lxd/containers: Emit lifecycle event on user shutdown
- lxd/storage/drivers: Adds OptimizedBackups driver Info flag
- lxd/backup: Ignore requests for optimized backups when pool driver doesn't support it
- lxd/instances/post: Ensure optimized backup imports only import into same storage driver pools
- lxd/instance/exec: Adds protection against clients reconnecting after exec has started
- doc: Fix escaping
- lxd/cluster: Tweak errors
- api: clustering_edit_roles
- shared/api: Add ClusterMemberPut
- lxd/cluster: Make ClusterMember editable
- client: Add UpdateClusterMember
- lxc/cluster: Add edit sub-command
- i18n: Update translation templates
- lxd/firewall/drivers/drivers/consts: Adds FilterIPv6All constant
- cgroup/init: close controllers file
- doc/networks: Add missing maas.subnet.ipv4/maas.subnet.ipv6
- scripts/bash: Add maas.subnet.ipv4/maas.subnet/ipv6 to network
- client: Fix bad description for UpdateClusterMember
- lxd/device/nic/bridged: Allow security.ipv6_filtering to be used on networks without IPv6
- lxd/firewall/drivers/drivers/xtables: Adds FilterIPv6All support
- lxd/firewall: Dont use compact function arg definitions
- lxd/firewall/drivers/drivers/nftables: Adds FilterIPv6All support
- lxd/network/network/utils: Adds support for bridged NIC network property when rebuilding dnsmasq static config
- lxd/network/network/utils: Comment consistency
- lxd/device/nic/bridged: Allow security.ipv4_filtering to be used on networks without IPv4
- lxd/firewall/drivers/drivers/consts: Adds FilterIPv4All constant
- lxd/firewall/drivers/drivers/xtables: Adds Adds FilterIPv4All support
- lxd/firewall/drivers/drivers/nftables: Adds FilterIPv4All support
- test: Adds bridged NIC tests for total protocol filtering
- lxd/device/nic: Adds ipv4.host_address and ipv6.host_address keys
- lxd/device/nic/routed: Adds ability to specify host-side veth interface IP address
- api: Adds container_nic_routed_host_address API extension
- doc/instances: Updates routed nic doc with ipv4.host_address and ipv6.host_address keys
- scripts/bash/lxd-client: Updates bash device keys for routed NIC
- lxd/device/nic/ipvlan: Adds ipv4.gateway and ipv6.gateway support
- api: Adds container_nic_ipvlan_gateway API extension
- doc/instances: Adds ipvlan ipv4.gateway and ipv6.gateway docs
- lxd/device/nic/routed: Sets accept_ra=0 on host interface
- lxc: Fix for current cobra
- lxd/device/nic_routed: Don't fail on missing IPv6
- lxd/device/nic_routed: Set rp_filter=1
- forkexec: rework
- forkexec: tweak
- lxd/firewall/firewall/interface: Adds InstanceSetupRPFilter and InstanceClearRPFilter
- lxd/firewall/drivers/drivers/xtables: Improves proxy NAT rule removal errors
- lxd/firewall/drivers/drivers/xtables: Renames iptablesConfig to iptablesAdd
- lxd/firewall/drivers/drivers/xtables: Implements reverse path filters
- lxd/device/nic/routed: Applies firewall based reverse path filter for IPv4 and IPv6
- lxd/storage/drivers/ceph: Re-create image snapshot
- lxd/storage/drivers: Update comment on readonly snapshot
- lxd/firewall/drivers/drivers/nftables: Implements reverse path filters
- shared/instancewriter/instance/tar/writer: Adds ignoreGrowth arg to WriteFile
- lxd/storage/drivers/generic/vfs: Sets ignoreGrowth arg true in WriteFile usage
- lxd: Existing WriteFile usage updated to set ignoreGrowth to false
- lxd/device/nic/bridged: Disables IPv6 on bridged host side interface
- lxd/exec: Fix forwarding for VMs
- lxd: Rename forwarding functions
- i18n: Update translations from weblate
- lxd/networks: Fix network leases list for instances using "network" option
- lxd/instance/drivers/driver/qemu: Restart on failure
- shared/idmap: Better root fallback
- lxd/instance/drivers/driver/qemu: Fixes dependencies for lxd-agent
- lxd-agent/main/agent: Better logging
- shared/version/api: Add resources_usb_pci API extension
- doc: Add resources_usb_pci
- shared/api: Add USB and PCI resources
- shared/usbid: Add USB vendor and devices
- lxd/resources: Add USB resource
- lxd/resources: Add PCI resource
- test/suites/static_analysis: Skip shared/usbid/load_data.go
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 3.23 リリースのお知らせ¶
20th of March 2020
はじめに ¶
LXD チームは、LXD 3.23 のリリースをお知らせすることにとてもワクワクしています!
このリリースは最後の 3.x シリーズのリリースです。来週リリース予定の LXD 4.0 に少しの変更(いくつかの後方互換性のない CLI の調整)を加えています。
このリリースは、カスタムストレージボリューム、プロジェクト、仮想マシンを使うユーザーに特に機能が詰まったリリースです。
Enjoy!
ハイライト ¶
プロジェクトのカスタムストレージボリューム ¶
features.storage-volumes という新しいプロジェクトの機能が、すべての新しいプロジェクトで使えるようになりました。プロジェクトにカスタムボリュームを関連付けることができます。
この機能により、コンフリクトのリスクなしで専用のカスタムストレージボリュームのセットが作成できます。Canonical RBAC と組み合わせて、異なるプロジェクト間でストレージを適切に分離できるようになりました。
stgraber@castiana:~$ lxc storage volume list default | grep custom +--------+----------+-------------+---------+ | TYPE | NAME | DESCRIPTION | USED BY | +--------+----------+-------------+---------+ | custom | backups | | 1 | +--------+----------+-------------+---------+ | custom | blah | | 0 | +--------+----------+-------------+---------+ | custom | images | | 1 | +--------+----------+-------------+---------+ stgraber@castiana:~$ lxc project create blah Project blah created stgraber@castiana:~$ lxc project switch blah stgraber@castiana:~$ lxc storage volume create default foo Storage volume foo created stgraber@castiana:~$ lxc storage volume list default | grep custom +--------+------+-------------+---------+ | TYPE | NAME | DESCRIPTION | USED BY | +--------+------+-------------+---------+ | custom | foo | | 0 | +--------+------+-------------+---------+ stgraber@castiana:~$
カスタムストレージボリュームのスナップショットのスケジューリング ¶
インスタンスと同じように、snapshots.schedule と snapshots.pattern 設定がカスタムボリュームでも使えるようになりました。
これらは lxc storage volume set POOL VOL KEY VALUE を使って直接設定できます。
カスタムストレージボリュームの有効期限 ¶
カスタムストレージボリュームで自動スナップショットが使えるようになったので、同時に有効期限の設定を行うのが良いでしょう。インスタンスで使えるものと合わせて、snapshots.expiry を使って設定できます。
既存のスナップショットの有効期限の編集は lxc storage volume edit POOL VOL/SNAP コマンドを使って行えます。
プロジェクトに対する制限値 ¶
プロジェクトごとに制限値をいくつか加えることができるようになりました。 現時点で使える制限値は次のものです:
limits.containers作成できるコンテナの総数limits.virtual-machines作成できる仮想マシンの総数limits.cpu使用できる仮想 CPU の数limits.memory与えられるメモリーの総量limits.processes起動できるプロセスの総数
最後の 3 つの設定は、プロジェクト内の全インスタンスで一致する設定を持つ必要があります。制限は実際の使用量ではなく、インスタンスに設定する制限値のトータルに対して適用されます。
プロジェクトに対する制約 ¶
(制限値に)加えて、いくつかの機能に対する制約もプロジェクトに適用できるようになりました。
オプションの全リストは https://linuxcontainers.org/lxd/docs/master/projects でご覧いただけます。
この機能は、restricted=true を使って制約をプロジェクトに適用すると、信頼できないユーザーに対して安全となるようにデフォルト設定されるようにデザインされています。その後制約を、潜在的により危険だったり、より制限の少ない設定やデバイスを許可するように緩めることができます。
Canonical RBAC とこの機能を組み合わせて、あまり信用できないユーザーに対してホスト上の完全な特権を与える必要なしに、共有 LXD サーバーやクラスターを実行できます。
バックアップ・エクスポートロジックの改良 ¶
lxc export が使うバックアップ・エクスポートロジックが更新されました。エクスポート中のディスクスペース量が減少しました。コンテナファイルは、ディスク上に作成される中間コピーファイルなしに直接圧縮した tarball に書き込まれます。
これによりエクスポートで使うディスクの使用量を大幅に減らすだけでなく、処理のスピードも向上しました。
VM: マイグレーションのサポート ¶
仮想マシンをローカルストレージプール間やリモートの LXD サーバー間でコピーできるようになりました。
この機能は "cold" マイグレーションのみであることに注意してください。仮想マシンは移動の間は停止していなければなりません。ライブマイグレーションは今後実装が予定されています。
VM: publish のサポート ¶
仮想マシンが lxc publish できるようになりました。より多くの仮想マシンを起動したり、他のサーバーに転送するのに使えるイメージが作成できます。
この機能はコンテナと完全に同じように動作しますが、仮想マシンのディスクはコンテナよりかなり大きいという事実を強調しておく必要があります。publish プロセス中にイメージを qcow2 に再度パックする必要がありますので、大きな仮想マシンを扱うためには、システム上にかなりの量のディスクの空き容量が必要になります。
完全な ChangeLog(翻訳なし)¶
Here is a complete list of all changes in this release:
- lxd/storage/zfs: Fix usage calculation
- Add go 1.14.x check
- lxd: Cleanup error messages
- lxd: Rename container files to instance
- tests: Update for rename
- production-setup: add net.core.bpf_jit_limit and kernel.keys.maxbytes
- doc/instances: Adds missing host_name key on routed nic device
- doc/instances: Documents ipv4.gateway and ipv6.gateway routed NIC keys
- lxd/device/device/utils/network: Adds NetworkValidGateway helper
- lxd/device/nic: Adds ipv4.gateway and ipv6.gateway validation
- lxd/device/nic/routed: Adds support for not adding automatic default gateway
- api: Adds extension container_nic_routed_gateway
- lxd/util/fs: Fixes go vet conversion from int64 to string yields a string of one rune error
- lxd/device/disk: Only unmounts non-root volumes attached
- lxd/daemon: Adds comment to AllowAuthenticated
- lxc/storage/volumes: Adds API permission check for permission "manage-storage-volumes"
- lxd/project/project: Comment tweak to Instance()
- lxd/project/project: Adds StorageVolume()
- lxd/project/project/test: Adds StorageVolume() test
- lxd/project/project: Adds StorageVolumeParts function
- lxd/project/project: Adds StorageVolumeProject function
- lxc/project: Adds STORAGE VOLUMES col to projects list
- doc/projects: Documents features.storage.volumes flag
- lxd/api/project: Adds features.storage.volumes to API
- lxd/db/migration: Adds features.storage.volumes true to default project on importPreClusteringData
- lxd/db/cluster/open: Adds features.storage.volumes true to default project in EnsureSchema
- scripts/bash/lxd-client: Adds features.storage.volumes to bash autocomplete
- lxd/daemon/storage: Error message quoting
- lxd/daemon/storage: Updates storage custom volume functions to pass project.Default
- lxd/daemon/storage: Adds support for custom volume projects
- lxd/device/disk: Updates custom volume disks to support projects
- lxd/patches: Updates patchStorageApiPermissions to use project.Default for custom volumes
- lxd/storage/backend/mock: Updates custom volume signatures to support projectName
- lxd/storage/pool/interface: Updates custom volume functions to support projectName
- lxd/storage/volumes: Error message quoting and comment tweaks
- lxd/storage/volumes: Improve volume type checks
- lxd/storage/volumes: Add custom volume project support
- lxd/storage/volumes: Migration project aware
- lxd/storage/volumes/snapshots: Improve volume type validation
- lxd/storage/volumes/snapshot: Error message quoting
- lxd/storage/volumes/snapshot: Adds project support for custom volumes
- lxd/storage/backend/lxd: Updates custom volume functions to support projects
- lxd/db/storage/pools: Removes incorrect assumption about custom vol projects in storagePoolVolumeGetType
- lxd/db/storage/pools: Comment and error msg tweaks
- lxd/db/storage/pools: Removes incorrect filter for project default when vol type is StoragePoolVolumeTypeCustom
- lxd/db/storage/pools: Updates StoragePoolVolumeSnapshotsGetType to filter by project
- lxd/db/storage: Removes StoragePoolNodeVolumeGetType
- lxd/db/storage: Fixes StoragePoolVolumeSnapshotsGetType to be project aware
- lxd/patches: Switches to using storageDrivers.GetVolumeMountPath
- lxd/storage/storage: Removes unused GetStoragePoolVolumeMountPoint
- lxd/api: Updates projectParam to use project.Default
- lxd: project.Default usage
- lxd/images: Comment weaks
- lxd/images: golint fixes
- lxd/project/limits: Default const usage
- lxd/storage/load: Adds support for custom vol projects to volIDFuncMake
- lxd/storage/load: Error msg quoting tweaks
- lxd/storage/volumes/utils: Error msg tweaks
- lxd/storage/volumes/utils: Removes unused supportedVolumeTypesExceptImages
- lxd/storage/volumes/utils: Updates storagePoolVolumeUpdateUsers to be project aware
- lxd/storage/volumes/utils: Removes storagePoolVolumeUsedByRunningInstancesWithProfilesGet and old link var
- lxd/container: Removes unused function instanceLoadAll
- lxd/storage/backend/lxd: Updates use of database functions to use projectName
- lxd/storage/utils: Adds VolumeUsedByRunningInstancesWithProfilesGet and removes old link var
- lxd/storage/utils: Makes VolumeSnapshotsGet project aware
- lxd/storage/utils: Makes VolumeUsedByInstancesGet project aware
- lxd/migrate/storage/volumes: Makes custom volume project aware
- lxd/storage/backend/lxd: b.state.Cluster.StoragePoolNodeVolumeGetTypeByProject usage
- lxd/storage/backend/lxd: Updates migration functions to be project aware
- lxd/storage/backend/mock: Updates migration functions to be storage aware
- lxd/storage/pool/interface: Updates migration functions to be project aware
- test: Updates tests for custom storage volume projects
- lxd/db/storage/pools: Makes StoragePoolNodeVolumesGetType project aware
- lxd/db/storage/pools: Removes StoragePoolNodeVolumeGetTypeID function
- lxd/patches: StoragePoolNodeVolumeGetTypeIDByProject usage
- lxd/patches: Improves error messages context
- lxd/storage/backend/lxd/patches: Adds custom volume rename patch to add project prefix
- lxd/storage/drivers/utils: Captures error context from e2fsck
- lxd/storage/drivers/utils: Dont use TryCommand when resizing
- i18n: Update translation templates
- lxd: Replaces == "true" with shared.IsTrue() for projects and profiles
- lxc: Replaces == "true" with shared.IsTrue() for project features
- lxd/firewall: Don't create zombies
- lxd/patches: Adds concept of stage to patch system
- lxd/daemon: Applies pre daemon storage patches
- lxd/storage/backend/lxd/patches: Skip already renamed volumes
- lxd/db/images: Removes unnecessary whitespace
- lxd/db/images: Updates ImagesGetExpired to return ExpireImage struct with projectName
- lxd/images: Updates pruneExpiredImages to support removing expired images from non-default projects
- driver_qemu: delete vm id from vmConsole
- ExecReaderToChannel: Prevent endless loops
- lxd/daemon/storage: Removes daemonStorageUsed function
- lxd/storage/utils: Adds VolumeUsedByDaemon function
- lxd: storagePools.VolumeUsedByDaemon usage
- lxd/storage/backend/lxd/patches: Adds daemon storage symlink update to lxdPatchStorageRenameCustomVolumeAddProject
- lxd/firewall/nft: Flush chain on delete
- lxd/firewall/nft: Handle json errors
- lxd/firewall/nft: Refuse to run on old kernels
- lxd/project: Rename limits.go to permissions.go
- shared/util/linux: Updates ExecReaderToChannel to accept a finisher chan as struct{}
- lxd-agent/exec: Updates usage of ExecReaderToChannel channel definitions
- shared/network: Removes logging internal state of websocket in WebsocketRecvStream
- shared/netutils/network/linux: Updates WebsocketExecMirror to use struct{} exited indicator channel
- lxd/instance/exec: Fixes VM read loop when agent not started
- lxd/project: Rename CheckLimitsUponInstanceCreation to AllowInstanceCreation
- lxd/project: Rename CheckLimitsUponInstanceUpdate to AllowInstanceUpdate
- lxd/project: Rename CheckLimitsUponProfileUpdate to AllowProfileUpdate
- lxd/project: Rename ValidateLimitsUponProjectUpdate to AllowProjectUpdate
- lxd/project: Rename checkAggregateInstanceLimits to checkRestrictionsAndAggregateLimits
- lxd/project: Extract checkAggregateLimits from checkRestrictionsAndAggregateLimits
- lxd/project: Honor the "restricted.containers.nesting" config
- lxd/project: Prevent using low-level container options
- lxd/project: Check if restrictions are consistent when updating a project config
- lxd/project: Honor the "restricted.containers.lowlevel" config
- lxd/project: Honor the "restricted.containers.privilege" config
- lxd/project: Also expand instance devices
- lxd/project: Add machinery to perform checks on instance devices
- lxc/project: Honor the "restricted.devices.unix-char" config
- lxd/project: Perform restrictions checks also on profiles config and devices
- lxc/project: Honor the "restricted.devices.unix-block" config
- lxc/project: Honor the "restricted.devices.unix-hotplug" config
- lxc/project: Honor the "restricted.devices.infiniband" config
- lxc/project: Honor the "restricted.devices.nic" config
- lxd/project: Honor the "restricted.devices.disk" config
- lxc/project: Honor the "restricted.devices.gpu" config
- lxc/project: Honor the "restricted.devices.usb" config
- lxc/project: Honor the "restricted.virtual-machines.lowlevel" config
- lxd/project: Pass current configuration to AllowInstanceUpdate
- lxd/project: Check restrictions for volatile config keys
- lxd/project: Adjust import order
- lxd/project: Drive-by lint fixes
- api: Add new restrict.* config keys to projects
- shared/version: Add "projects_restrictions" API extension
- doc/projects.md: Document project restrictions
- test: Add projects restrictions tests
- scripts: Update bash completion profile with new project config keys
- lxd/images: Allow virtual-machine and instance as source
- lxd/images: Set right image type on publish
- lxd/vm: Implement Export
- lxd/instance: Fix expiry check
- lxd/storage: Unpack unified VM images
- lxd/migration: Rebuilds migrate.pb.go
- lxd/migration: Adds BLOCK_AND_RSYNC migration transport type
- lxd/instances/post: Adds VM support to createFromMigration
- lxd/migrate/instance: Adds VM support to migrationSourceWs.Do
- lxd/rsync: Adds support for passing arguments to rsync send command
- lxd/storage/drivers/utils: Error quoting
- lxd/storage/drivers/driver/common: Updates MigrationTypes to support block volumes for VMs
- lxd/storage/drivers/driver/dir/volumes: Updates migration to support VMs
- lxd/storage/drivers/driver/dir/utils: Skips initial quota for VM block migration
- lxd/storage/drivers: Switches to ErrNotSupported for non-block volume paths
- lxd/storage/drivers/generic/vfs: Adds VM migration support to genericVFSMigrateVolume
- lxd/storage/drivers/generic: Adds VM migration support to genericCreateVolumeFromMigration
- lxd/storage/drivers: Removes dupe checks using genericVFSMigrateVolume
- lxd/storage/drivers/generic: Adds volume type specific migration transport type checks
- lxd/storage/drivers/driver/lvm/volumes: Removes dupe check done in genericCreateVolumeFromMigration
- lxd/migrate/storage/volumes: whitespace
- lxd/storage/drivers/driver/btrfs: Adds block migration negotiation
- lxd/storage/drivers/driver/btrfs/volumes: Adds VM migration support
- lxd/storage/backend/lxd: Improve delete error messages
- lxd/storage/utils: Adds FallbackMigrationType function
- lxd: Replaces hardcoded instances of migration.MigrationFSType_RSYNC
- lxd/storage/drivers/driver/zfs: Adds block migration negotiation
- lxd/storage/drivers/driver/zfs/volumes: Adds VM migration support
- lxd/storage/drivers/driver/ceph: Adds block migration negotiation support
- lxd/storage/drivers/driver/ceph/volumes: Adds VM migration support
- lxd/migrate/instance: Prevent live migrations for VMs
- lxd: Add "instance" string where necessary
- lxd/instances/snapshot: Fix expiration in profiles
- lxd/images: Fix source type handling
- lxc/export: Make API call more correct
- lxd/storage/drivers/driver/btrfs/volumes: Dont activate quotas if not used
- lxd/storage/drivers/driver/ceph/volumes: Adds VM block resize support
- doc/security: Adds network security section
- lxd: Unexport NewMigrationSource
- lxd/storage: Fix crash on VM unpack
- lxd: Unexport NewDaemon
- lxd: Unexport RestServer
- lxd: Unexport DefaultDaemonConfig and DefaultDaemon
- lxd: Unexports AllowAuthenticated and AllowProjectPermission
- lxd: Unexports DevLxdServer
- lxd: Unexports daemon feature functions
- lxd: Unexports migration setup functions
- lxd: Unexports forwarded response helpers
- client: Removes nullReadWriteCloser
- client: Removes unused proxyInstanceMigration function
- lxc-to-lxd: Removes unused vars
- lxc-to-lxd: Removes unused connectTarget
- lxc-to-lxd: Removes unused setupSource
- lxd/cluster: Removes unused flagForce
- lxc: Removes unused profile
- lxc/console: Removes unused getStdout
- lxd-agent: Removes unused rootUID and rootGID
- lxc: Removes unused func showByDefault
- lxd/cgroup: Removes unused cgCgroup2SuperMagic
- lxd-agent: Unexports NewDaemon
- memory_utils: align lxc + lxd
- tree-wide: consistently initialize raw fds to -EBADF instead of -1 in cgo
- lxd/storage/ceph: Fix ext4 shrinking
- lxc/remote: Use helpers
- lxc/remote: Validate remote name
- i18n: Update translation templates
- doc: Update requirements
- lxd/init: Don't offer dir as a remote backend
- lxc/config: Fix behaviour of instance snapshot expiry
- db/cluster: Bump the value of sqlite_sequence for storage_volumes
- po: Update translations
- shared/version/api: Add custom_volume_snapshot_expiry extension
- doc: Add custom_volume_snapshot_expiry
- lxd/db: Add expiry_date to storage_volumes_snapshots
- shared/api: Add expiry fields to StorageVolumeSnapshot*
- lxd/storage: Add expiry to volume snapshot pool functions
- lxd: Add snapshots.expiry config key for storage volumes
- lxd/db: Add custom volume snapshot functions
- lxd: Handle volume snapshot expiry
- lxd/storage: Add expiry date to VolumeDBCreate
- lxd/storage: Update expiry date when updating volume snapshots
- lxd/db: Add ProjectName to StorageVolumeArgs
- lxd/db: Add new OperationCustomVolumeSnapshotsExpire
- lxd/db: Add StorageVolumeSnapshotsGetExpired
- lxd: Remove expired custom volume snapshots
- *: Remove snapshot code from StoragePoolVolumeCreate
- lxc: Add --no-expiry for volume snapshots
- test: Add volume snapshot expiry test
- doc: Add keys to volume config
- po: Update translations
- lxd/storage/drivers/driver/lvm/volumes: Fixes LVM VM snapshot list
- lxd/cluster: Ignore CEPH custom volumes on removal
- shared/version: Add volume_snapshot_scheduling API extension
- lxd/storage: Add snapshots.* config keys
- lxd/db: Extend StorageVolumeArgs
- lxd: Support patterns in StorageVolumeNextSnapshot
- lxd/db: Add StoragePoolVolumesGetAllByType
- lxd: Add volume snapshot scheduling
- doc: Add volume snapshot scheduling
- lxd: Clean up logging for expired volume snapshots
- doc/networks: describe how to notify systemd-resolved of lxd nameserver
- lxd/storage/utils: Add missing comments
- lxd/storage/utils: Add forceRemoveAll
- lxd/storage/dir: Use forceRemoveAll
- lxd/api/cluster/test: Removes unused DISABLED_TestCluster_Failover
- lxd/api/cluster/test: Removes unused FLAKY_TestCluster_LeaveAndPromote
- lxd/cluster/gateway: Removes unused cachedRaftNodes
- lxd/cluster/heartbeat/test: Removes unused DISABLE_TestHeartbeat_MarkAsDown
- lxd/cluster/membership/test: Removes unused FLAKY_TestPromote
- lxd/db/containers: Removes unused snapshotIDsAndNames
- lxd/db/db/internal/test: Removes unused dir var
- lxd/db/testing: Removes unused var
- lxd/device/device/utils/unix: Removes unused unixDeviceInstanceAttributes
- lxd/device/nic/bridged: Removes unused dhcpAllocation
- lxd/firewall: Removes unused constants
- lxd/instance/drivers/driver/lxc: Removes unused cgroup2 var
- lxd/main/forkproxy: Removes unused udpConn var
- lxd/storage/drivers/driver/common: Removes unused load
- shared/generate/file/buffer: Removes unused varDeclSliceToString
- shared/generate/db/parse: Removes unused simpleTypeNames
- shared/generated/file/path: Removes unused absPath
- lxd/db/node: Tweaks LEFT JOIN to just JOIN in NodeIsEmpty()
- lxd/sys: Don't fail chmod on unresolvable symlinks
- shared/containerwriter: Renames to instancewriter
- lxd/instance/drivers: instancetarwriter usage
- shared/instancewriter/instance/tar/writer: Modifies WriteFile to accept a file name arg
- shared/instancewriter/instance/tar/writer: Adds ResetHardLinkMap function
- lxd/instance/drivers: instancetarwriter.WriteFile name arg usage
- lxd/db/containers: Renames ContainerBackupCreate and ContainerBackupRemove
- i18n: Update translations from weblate
- lxd/backup: Removes backupCreateTarball function
- lxd/backup: Updates instance backup to use tar writer rather than tar cmd
- lxd/backup: InstanceBackupRemove usage
- lxd/storage/drivers/utils: Minor tweak to copyDevice error message
- lxd/stroage/drivers/generic: Tweak error message of genericCreateVolumeFromMigration
- lxd/storage/drivers/generic/vfs: Switches genericVFSBackupVolume to tar writer
- lxd/images: Fixes unhandled error
- lxd/storage/backend/lxd: Adds tarWriter to BackupInstance function
- lxd/storage/backend/mock: Adds tarWriter to BackupInstance function
- lxd/storage/drivers/driver/ceph/volumes: Adds tarWriter arg to BackupVolume
- lxd/storage/drivers/driver/cephfs/volumes: Adds tarWriter arg to BackupVolume
- lxd/storage/drivers/driver/dir/volumes: Adds tarWriter arg to BackupVolume
- lxd/storage/drivers/driver/lvm/volumes: Adds tarWriter arg to BackupVolume
- lxd/storage/drivers/drivers/mock: Adds tarWriter arg to BackupVolume
- lxd/storage/drivers/interface: Adds tarWriter arg to BackupVolume
- lxd/storage/pool/interace: Adds tarWriter arg to BackupInstance
- lxd/storage/drivers/driver/btrfs/volumes: Adds tarWriter arg to BackupVolume
- lxd/storage/drivers/driver/zfs/volumes: Adds tarWriter arg to BackupVolume
- lxd/internal: Log some memory stats
- shared: Drop Pipe function
- lxd/containers: Add configfs and tracefs
- btrfs quota to simulate total disk size
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 3.22 リリースのお知らせ¶
6th of March 2020
はじめに ¶
LXD チームは、LXD 3.22 のリリースをお知らせすることにとてもワクワクしています!
このリリースでは、コンテナと仮想マシン両方にかなりの数の改良が加えられています。nftables サポートを追加し、xtables から切り替えられた一部の新しい Linux ディストリビューションに対する互換性が大きく向上しています。
このリリースとは別に、かなりの新しい VM イメージをイメージサーバーに追加しました。Ubuntu、Debian、Fedora、CentOS、OpenSUSE、ArchLinux の VM イメージを見つけられるでしょう。
Enjoy!
ハイライト ¶
プロジェクトに対するリソース制限 ¶
プロジェクトのリソース量を制限するのに使える新しい設定項目を追加しました:
- limits.containers
- limits.virtual-machines
- limits.cpu
- limits.memory
- limits.processes
CPU、メモリ、プロセスの制限を使う際に適用される制限がいくつかあります。詳しくは公式ドキュメントをご覧ください: プロジェクトの制限
ファイアウォールの nftables バックエンド ¶
最近の LXD リリースで、ファイアウォールのリクエストに対する内部抽象化レイヤーが導入されました。 これは、LXD ネットワークのファイアウォール、NAT、コンテナに対するプロキシーデバイス、IP や MAC フィルタリングなど、あらゆるものに対応しています。
このリリースの LXD で、新しいバックエンドとして、nft が既存の xtables 実装に加わりました。 起動時に LXD はシステムでどちらが現在使用されているかを検出し、以降はそれを使い続けます。
既存のバックエンドは lxc info で次のように参照できます:
stgraber@castiana:~$ lxc info | grep firewall: firewall: nftables
コンテナ: 非特権コンテナの Hugepages ¶
非特権コンテナで hugepages にアクセスできるようになりました。
hugetlbfsファイルシステムのマウントインターセプション- hugepages に対して新たに制限を適用可能
x86_64 の設定例は次のようになります:
- security.syscalls.intercept.mount=true
- security.syscalls.intercept.mount.allowed=hugetlbfs
- limits.hugepages.1MB=1GB
hugepages の割り当ては、コンテナがすでに使っている通常のメモリに追加されることに注意してください。また、他の制限と同様に、制限を設定しないと無制限に hugepages を使えることに注意してください。
root@edfu:~# lxc init ubuntu:18.04 c1 Creating c1 root@edfu:~# lxc config set c1 security.syscalls.intercept.mount true root@edfu:~# lxc config set c1 security.syscalls.intercept.mount.allowed hugetlbfs root@edfu:~# lxc config set c1 limits.hugepages.2MB 1GB root@edfu:~# lxc start c1 root@edfu:~# lxc exec c1 bash root@c1:~# mkdir /dev/hugepages ; mount -t hugetlbfs hugetlbfs /dev/hugepages root@c1:~# ls -lh /dev/hugepages/ total 0
VM: 9p ディスクデバイスのサポート ¶
LXD の仮想マシンに長く待望されていた機能のひとつが、ホストから仮想マシンに任意のパスを渡す機能でした。
LXD 3.22 で LXD 自身とエージェントのロジックを組み合わせることでこれを可能にしました。
これがプロファイルを通してコンテナと仮想マシンの両方で使えるようになりました。
root@edfu:~# lxc profile create shared-data Profile shared-data created root@edfu:~# lxc profile device add shared-data home disk source=/home path=/mnt/home Device home added to shared-data root@edfu:~# lxc profile device add shared-data srv disk source=/srv path=/mnt/srv Device srv added to shared-data root@edfu:~# lxc launch images:fedora/31 f31-ctn -p default -p shared-data Creating f31-ctn Starting f31-ctn root@edfu:~# lxc launch images:fedora/31 f31-vm -p default -p shared-data --vm Creating f31-vm Starting f31-vm root@edfu:~# lxc exec f31-ctn -- df -ah | grep /mnt /dev/sdb1 220G 12G 197G 6% /mnt/home /dev/sdb1 220G 12G 197G 6% /mnt/srv root@edfu:~# lxc exec f31-vm -- df -ah | grep /mnt lxd_home 220G 12G 197G 6% /mnt/home lxd_srv 220G 12G 197G 6% /mnt/srv
VM: ファイルテンプレートのサポート ¶
イメージ内のテンプレートファイルが仮想マシンにも使えるようになりました。 テンプレートは、設定内で使用可能なメタデータを使ってホスト上の LXD が設定を読み込み、読み込まれたファイルは仮想マシンにインストールするためにエージェントに渡されます。
カスタムイメージへのテンプレートの追加がコンテナと同様に動作するようになり、LXD のイメージサーバー images: (https://images.linuxcontainers.org/)でも使われています。
完全な ChangeLog(翻訳なし) ¶
Here is a complete list of all changes in this release:
- lxc-to-lxd: golint fix
- lxd/cluster: golint fixes
- lxd/migration: golint fixes
- shared/containerwriter: golint fixes
- shared/generate: golint fixes
- shared/netutils: golint fixes
- tests: Update golint list
- shared: Fix HostPathFollow for stdin/stdout
- Allow build with GNU Make 4.3
- add mips architectures
- doc: tweak markdown format
- lxd/vm: Use -sandbox
- lxd/firewall/firewall/interface: Adds String() and Compat()
- lxd/network/network: Handle errors during firewall setup
- lxd/firewall/drivers/drivers/xtables: Changes XTables to Xtables for consistency
- lxd/firewall/drivers/drivers/xtables: Better validation in InstanceSetupProxyNAT
- lxd/firewall/drivers/drivers/xtables: Adds String() and Compat()
- lxd/firewall/firewall/load: Detect which firewall driver to use
- lxd/daemon: Log which firewall driver as selected
- api: API extension firewall_driver
- lxd/firewall/drivers/drivers/nftables: Adds nftables driver
- test: Updates container devices nic bridged filtering tests for nftables
- test: Updates proxy tests for nftables
- add riscv architecture definitions
- rv->riscv
- correct mips names (le->el), no aliases required
- lxd/storage/backend/lxd: Adds logging for CreateInstanceFromBackup post hook
- lxd/storage/backend/lxd: Refuse to create storage pool if dir exists on disk
- as the kernel only reports mips/mips64, specify 32 and 64bit arch and el as aliases
- lxd/main/import: Adds --project flag support to lxd import
- lxd/api/internal: Updates error messages in internalImport
- shared/util: Fix relative paths in HostPathFollow
- lxd/api/internal: Removes duplicate storage package import
- lxd/storage: Adds InstanceImportingFilePath function
- lxd/api/internal: storagePools.InstanceImportingFilePath usage
- lxd/container/lxc: storagePools.InstanceImportingFilePath usage
- lxd/api: projectParam comments
- lxd/api/internal: Uses StoragePoolNodeVolumeGetTypeByProject for project support
- lxd/storage/drivers/driver/lvm: Adds lvm.vg.force_reuse config option
- lxd/storage/pools/config: Adds lvm.vg.force_reuse option
- doc/api: Adds API extension storage_lvm_vg_force_reuse
- doc/storage: Adds lvm.vg.force_reuse option to storage pool config
- lxd/images: Removes hardcoded default project arg for ImageGet in autoUpdateImage
- lxd/images: Golint and comments
- lxd/instances: Pick correct default type from URL
- lxd/db: Set ceph.user.name if missing
- lxd/vm: Fix disk files and snap
- lxd/db: Fix ceph username in patch
- lxd/db: Revert 3da5aea1 fix, since in turn testify reverted the change
- lxd/db: un-export StorageVolumeNodeGet
- lxd/db: un-export StoragePoolVolumesGetType
- lxd/db: un-export StoragePoolVolumeGetTypeID
- lxd/db: un-export StoragePoolVolumeGetType
- lxd/db: un-export StorageVolumeConfigGet
- lxd/db: un-export StoragePoolVolumeTypeToName
- lxd/db: un-export StorageVolumeDescriptionUpdate
- lxd/db: un-export StorageVolumeConfigAdd
- lxd/db: un-export StorageVolumeConfigClear
- lxd/db/cluster: add new storage volume snapshots table
- lxd/db/cluster: drop snapshot column from storage_volumes table
- lxd/db/cluster: add storage_volumes_all view
- lxd/db/schema: include triggers when generating SQL for fresh schemas
- lxd/db/cluster: add triggers to check that volume IDs don't overlap
- lxd/db: change StoragePoolVolumeSnapshotsGetType to query the snapshots table
- lxd/db: change StorageVolumeNextSnapshot to query the snapshot table
- lxd/db: update StorageVolumeNodeAddresses to use storage_volumes_all
- lxd/db: update storagePoolVolumeGetTypeID to use storage_volumes_all
- lxd/db: update storageVolumeNodeGet to use storage_volumes_all
- lxd/db: update StorageVolumeDescriptionGet to use storage_volumes_all
- lxd/db: update storageVolumeIDsGet to use storage_volumes_all
- lxd/db: update StoragePoolVolumesGetNames to use storage_volumes_all
- lxd/db: update StoragePoolVolumesGet to use storage_volumes_all
- lxd/db: update storagePoolVolumesGetType to use storage_volumes_all
- lxd/db: update InstancePool to use storage_volumes_all
- lxd/db: update instancePoolSnapshot to use storage_volumes_all
- lxd/db: make StoragePoolVolumeDelete differentiate between regular volumes and snapshots
- lxd/db: make storageVolumeConfigGet differentiate between regular volumes and snapshots
- lxd/db: make storageVolumeDescriptionUpdate differentiate between regular volumes and snapshots
- lxd/db: make storageVolumeConfigAdd differentiate between regular volumes and snapshots
- lxd/db: make storageVolumeConfigClear differentiate between regular volumes and snapshots
- lxd/db: make StoragePoolVolumeRename differentiate between regular volumes and snapshots
- lxd/db: consider snapshots in StorageVolumeMoveToLVMThinPoolNameKey
- lxd/db: add ClusterTx.storagePoolVolumeGetTypeID() method
- lxd/db: make StoragePoolVolumeCreate differentiate between regular volumes and snapshots
- lxd/db: no need to update snapshot names in ContainerNodeMove
- lxd/db: copy volume snapshots in StoragePoolNodeJoinCeph
- lxd: no need to rename snapshot volumes when renaming a container
- lxd/db/cluster: migrate existing volume snapshots to the new table
- tests: some runs of "lxd import" don't fail anymore due to improved data integrity
- lxd/logging: Handle projects in log expiry
- doc: Fix escaping
- shared/api: Fix ServerEnvironment ordering
- lxd/vm: Fix snapshots
- lxd/storage/ceph: Fix leftover rbd
- lxd/storage/ceph: Fix zombie handling
- lxd/init: Use new network syntax
- tests: Check UUIDs while running
- Increase timeout of standalone SQL statements
- lxd/storage/ceph: Improve error reporting on map
- lxd/containers: Have findIdmap look at projects
- lxd/storage: Remove legacy dir implementation
- lxd/storage: Remove legacy btrfs implementation
- lxd/storage: Remove legacy zfs implementation
- lxd/storage: Remove legacy lvm implementation
- lxd/storage: Removes unused getPoolMountLockID
- lxd/storage/pools/utils: Comment on storagePoolDBCreate
- lxd/api/internal: Removes legacy storage pool loading
- lxd/api/internal: Consistent comment style
- lxd/api/internal: Stops using backup pkg name as variable
- lxd/api/internal: Switches internalImport to use pool.CheckInstanceBackupFileSnapshots
- lxd/storage/pool/interface: Adds CheckInstanceBackupFileSnapshots
- lxd/storage/errors: Adds ErrBackupSnapshotsMismatch error
- lxd/storage/backend/mock: Adds CheckInstanceBackupFileSnapshots
- lxd/storage/backend/lxd: Adds CheckInstanceBackupFileSnapshots implementation
- lxd/patches/utils: Removes unused functions
- lxd/api/internal: Adds sanity check for instance name in internalImport
- lxd/backup: Have tar not transform symlink targets
- lxd/storage/drivers/driver/lvm/volumes: Updates VolumeSnapshots to use lvs for snapshot list
- lxd/backup: Removes old storage loader
- lxd/container/lxc: Removes old storage loader
- lxd/storage: Removes unused storagePoolVolumeContainerCreateInit
- lxd/container: Removes old storage loader
- lxd/containers/post: Removes old storage loader
- lxd/daemon/storage: Consistent comment ending
- lxd/daemon/storage: Removes old storage loader
- lxd/images: Removes old storage loader
- lxd/migrate/container: Removes old storage loader
- lxd/migrate/storage/volumes: Removes old storage loader
- lxd/resources: Removes old storage loader
- lxd/storage/pools/utils: Removes old storage loader
- lxd/storage/pools: Removes old storage loader
- lxd/storage/volumes/snapshot: Removes old storage loader
- lxd/storage/volumes: Removes old storage loader
- lxd/storage: Removes old storage loader
- lxd/instance/drivers/driver/qemu: Removes storage layer transition workaround
- lxd/container/lxc: Makes Delete pool load logic same as VM type
- lxd: Storage loader comments
- lxd/storage: Removes unused functions
- lxd/storage/drivers/drivers/mock: Adds mock driver
- lxd/storage: Adds mock driver loading
- lxd/storage: Additional error checking
- lxd/storage/zfs: Set volmode=none for VM datasets
- lxd/logging: Updates log rotate to only remove .log files
- lxd/db: Rename ContainerListExpanded to instanceListExpanded
- lxd/db: Make instanceListExpanded account for projects without "features.profiles" enabled
- Removed Erroneous Space
- i18n: Update translation templates
- scripts: Update Project Tab Complete Script
- lxd/storage/drivers/driver/zfs/volumes: Create block volumes with volmode=none
- lxd/storage/drivers/driver/zfs/volumes: Use MountTask with CreateVolume
- lxd/storage/drivers/zfs/volumes: Makes MountVolume and UnmountVolume more thorough in detecting mounts
- lxd/storage/drivers/driver/lvm/volumes: Always ensure mount path after mount in CreateVolume
- lxd/storage/drivers/driver/common: Adds moveGPTAltHeader
- lxd/storage/drivers/driver/lvm/volumes: Adds moveGPTAltHeader usage
- lxd/storage/drivers/driver/zfs/volumes: Adds moveGPTAltHeader usage
- lxd/storage/drivers/driver/dir/volumes: Adds moveGPTAltHeader usage
- lxd/storage/drivers/driver/btrfs/volumes: Adds moveGPTAltHeader usage
- lxd/storage/drivers/driver/ceph/volumes: Adds moveGPTAltHeader usage
- lxd/storage/drivers/utils: Separates block file rounding logic into own function
- lxd/storage/drivers/generic/vfs: Adds genericVFSResizeBlockFile
- lxd/storage/drivers/driver/btrfs/volumes: ensureVolumeBlockFile usage
- lxd/storage/drivers/driver/dir/volumes: Adds block resize support to SetVolumeQuota
- lxd/storage/drivers/driver/btrfs/volumes: Adds block resize support to SetVolumeQuota
- lxd/storage/drivers/driver/zfs/volumes: Call SetVolumeQuota from CreateVolumeFromCopy
- lxd/storage/drivers/driver/zfs/volumes: Apply block size changes in SetVolumeQuota
- lxd/storage/drivers/driver/btrfs/volumes: Calls SetVolumeQuota when creating/updating volumes
- lxd/storage/drivers: SetVolumeQuota falls back to defaultBlockSize
- lxd/patches: Updates patches to use new storage driver mount/unmount
- lxd/patches: Replaces s.StoragePoolCreate with new storage framework
- lxd/storage: Removes storagePoolInit
- scripts: Fix syntax errror
- lxd/main/init: Removes legacy storage drivers from availableStorageDrivers
- lxd/patches: Updates patchStorageApiPermissions to use new storage drivers
- lxd/storage: Removes storageCoreInit function
- lxd/storage: Removes legacy drivers from storagePoolDriversCacheUpdate
- lxd/db: Start-up check ignores pending nodes with out-of-date schema
- lxd/patches: Removes old storage layer from upgradeFromStorageTypeLvm
- lxd/container/lxc: Removes some calls to the old storage layer
- lxd/migrate/container: Removes calls to old storage layer
- lxd/migrate/storage/volumes: Removes calls to old storage layer
- lxd/patches: Switches upgradeFromStorageTypeLvm to use new storage layer
- lxd/storage/migration: Removes unused functions
- lxd/instance: Extract LoadInstanceDatabaseObject from fetchInstanceDatabaseObject
- lxd/project: Add initial CheckLimitsUponInstanceCreation
- lxd/project: Check that the project's "limits.memory" is honored when creating an instance
- lxd/project: Add CheckLimitsUponInstanceUpdate
- lxd/project: Add initial ValidateLimitsUponProjectUpdate
- lxd/project: Validate changes to the project's "limits.memory" value
- lxd/project: Add CheckLimitsUponProfileUpdate
- lxd/project: Check that the project's "limits.processes" config is honored
- lxd/project: Don't allow percentage values for limits.memory
- lxd/project: Skip limit checks if the project has no limits configured
- lxd/project: Check that the project's "limits.cpu" config is honored
- api: Use project.Config as etag field, without specifiying individual keys.
- api: Properly detect which project config keys were specified in a PATCH request
- api: Add helper logic to detect if a project config key has changed
- api: Add new "limits.*" project configuration keys
- api: Plug ValidateLimitsUponProjectUpdate into projectChange
- api: Plug CheckLimitsUponInstanceCreation into containersPost
- api: Plug CheckLimitsUponInstanceUpdate into containerPut and containerPatch
- api: Plug CheckLimitsUponProfileUpdate into profilePut and profilePatch
- test: Add project limits tests
- shared/version: Add "projects_limits" API extension
- doc: Add documentation about projects limits
- lxd/storage/drovers/driver/lvm/utils: Dont format block volumes with filesystem
- lxd/storage/zfs: Skip volmode on 0.6
- lxd/storage: Removes unused files
- lxd/container: Removes containerCreateEmptySnapshot
- lxd/container/lxc: Removes legacy storage functions
- lxd/main/init: Refactors availableStorageDrivers to not use old storage layer
- lxd/main/init/auto: Removes dep on supportedStoragePoolDrivers
- lxd/migrate: Removes old storage type reference
- lxd/migrate/storage/volumes: Removes reference to old storage type
- lxd/storage: Removes legacy storage interface and unused functions
- lxd/storage/drivers/load: Adds AllDriverNames
- lxd/storage/migration: Removes unused functions
- lxd/storage/pools/config: Removes ref to supportedStoragePoolDrivers
- lxd/storage/utils: Remove unused functions
- lxd/storage/volumes/utils: Removes unused function
- lxd/storage: Removes unused files
- lxd/main/test: Removes legacy mock storage references
- lxd/migrate: Removes unused struct
- lxd/storage: Removes unused functions
- lxc/containers: Fix cgns-less fallback
- lxd/storage/drivers/driver/ceph/volume: Don't format block volumes with a filesystem
- lxd/storage/drivers: Don't use named temporary dirs
- lxd/instance/drivers/driver/lxc: Removes temporary lxc placeholder
- lxd/container/lxc: Moves to instance/drivers package
- lxd/container/lxc/exec/cmd: Moves to instance/drivers package
- lxd/api/internal: instance.Container usage
- lxd/container: instance.CriuMigrationArgs, inst.Migrate() and instance.Container usage
- lxd/container/console: instance.Container usage
- lxd/container/exec: instance.Container usage
- lxd/container/lxc/utils: Removes idmapsetFromString
- lxd/container/test: instance.Container usage
- lxd/devices: inst.RegisterDevices usage
- lxd/devlxd: Removes devlxdEventSend
- lxd/devlxd: instance.Container usage
- lxd/instance/drivers/driver/lxc: Renames containerLXC to lxc
- lxd/instance/drivers/driver/lxc: Removes temporary loader placeholders
- lxd/instance/drivers/driver/lxc: Renames lxc to liblxc
- lxd/instance/drivers/driver/lxc: db.StoragePoolVolumeTypeContainer usage
- lxd/instance/drivers/driver/lxc: Adds devLxdSendEvent
- lxd/instance/drivers/driver/lxc: Updates use of instance.CriuMigrationArgs
- lxd/instance/drivers/driver/lxc: Adds RegisterDevices function
- lxd/instance/drivers/driver/lxc: Moves storage util functions and updates usage
- lxd/instance/drivers/driver/lxc: Adds SaveConfigFile function
- lxd/instance/drivers/driver/lxc/cmd: Renames ContainerLXCCmd to lxcCmd
- lxd/instance/drivers/driver/qemu: Adds RegisterDevices as a no-op
- lxd/instance/instance/interface: Adds RegisterDevices
- lxd/instance/drivers/load: LXC loader functions renamed
- lxd/migrate/container: instance.CriuMigrationArgs and instance.Container usage
- lxd/patches: Updates patchContainerConfigRegen to use LXC.SaveConfigFile()
- lxd/patches: BTRFS storage functions usage
- lxd/patches/utils: storageDrivers.BTRFSSubVolumesGet and removes unused functions
- lxd/storage: instance.Container usage
- lxd/storage: storageDrivers util functions usage
- lxd/storage/drivers/utils: Adds util functions moved from main pkg
- lxd/apparmor/apparmor: Removes dependency on c.DaemonState()
- lxd/container/snapshot: Removes dependency on sc.DaemonState()
- lxd/instance/drivers/driver/test/utils: Adds PrepareEqualTest function
- lxd/container/test: instanceDrivers.PrepareEqualTest usage to fix crash
- lxd/instance/drivers/driver/lxc: golint fixes
- lxd/instance/drivers/driver/lxc: Removes DaemonState function
- lxd/instance/drivers/driver/qemu: Removes DaemonState function
- lxd/instance/instance/interface: Removes DaemonState function
- lxd/instance/instance/interface: Adds SaveConfigFile
- lxd/migrate/container: Removes s.instance.DaemonState dependency
- lxd/profiles/utils: Removes use of containerLXC type
- lxd/seccomp/seccomp: Removes c.DaemonState dependency
- lxd/storage/drivers/utils: golint fixes
- lxd/instance/instance/interface: Adds Container interface
- lxd/instance/instance/interface: Adds CriuMigrationArgs type
- lxd/backup/backup: Comment clarifying existence of Instance interface
- lxd/seccomp/seccomp: Comment clarifying existence of Instance interface
- lxd/daemon: Moves shared mount state to use daemon.SharedMountsSetup var
- lxd/instance/drivers/driver/lxc: Updates to use daemon.SharedMountsSetup var
- lxd/instance/instance/interface: Adds Migrate function
- lxd/instance/drivers/qemu: Adds Migrate placeholder function
- lxd: Ensure gopkg.in/lxc/go-lxc.v2 is consistently imported as liblxc
- lxd/instanc/instance/errors: Adds ErrNotImplemented error
- lxd/instance/drivers/driver/qemu: instance.ErrNotImplemented usage
- lxd/instance/drivers/driver/qemu: Adds SaveConfigFile placeholder
- lxd/instance/instance/interface: Adds OnHook function to interface and adds hook constants
- lxd/instance/drivers/driver/lxc: Implements OnHook function
- lxd/instance/drivers/driver/qemu: Implements OnHook placeholder function
- lxd/api/internal: Updates hook usage to OnHook
- shared/idmap/idmapset/linux: Adds JSONUnmarshal function
- lxd/storage: idmap.JSONUnmarshal usage
- lxd/daemon: Import instance/drivers package so init() function runs
- lxd/vm: Generate the template files
- lxd-agent: Put templates in place
- doc: Typo and formatting improvements
- shared/idmap: Adds JSONMarshal function
- lxd/device/disk: Replaces call to StorageVolumeMount with functions on disk device
- lxd/storage: Removes storageVolumeMount and storagePoolVolumeAttachPrepare
- lxd/storage/utils: Adds VolumeUsedByInstancesGet
- lxd/storage/volumes/utils: storagePools.VolumeUsedByInstancesGet usage
- lxd/storage: Removes unused functions
- lxd/device: Removes usage of StorageRootFSApplyQuota, StorageVolumeMount and StorageVolumeUmount
- lxd: Removes old storagePoolVolumeType constants
- lxd: Removes storagePoolVolumeType constants
- lxd/container/lxc/utils: Removes unused file
- lxd/instance: Removes CGroupGet as is unused
- seccomp: handle hugetlbfs mount syscall interception
- lxd/device/disk: Validation error message quoting consistency
- Promote nodes if for whatever reason the n of voters drop below 3
- api: add container_syscall_intercept_hugetlbfs
- cgroup: add support for the hugetlb controller
- containers: add support for hugepage limits
- api: add limits_hugepages api extension
- doc: add limits.hugepages.* keys
- lxd/vm: Set gic-version on arm64
- lxd/device/disk: Adds support for adding directory source for VM 9p sharing
- lxd/device/disk: Adds support for disk 9p directory share
- lxd/instance/instance/type: Adds VMAgentMount type
- lxd/instance/drivers/driver/qemu: Removes unused architecture var
- lxd/instance/drivers/driver/qemu: Adds support for passing through unix socket FD to qemu
- lxd/instance/drivers/driver/qemu: Adds openUnixSocket function
- lxd/instance/drivers/driver/qemu: Adds addFileDescriptor function
- lxd/instance/drivers/driver/qemu: Adds addDriveDirConfig function
- lxd/instance/drivers/driver/qemu/templates: Adds 9p directory disk device template
- lxd-agent/main/agent: Adds support for mounting 9p shares
- lxd/instance/drivers/driver/qemu: Tweaks template whitespace removal to leave newline between sections
- lxd/project/project: Renames Prefix() to Instance()
- lxd: project.Instance() usage
- lxd/project/project/test: Updates for project.Instance rename
- lxd/instance/drivers: Add trans=virtio to 9p mount
- Missing bootstrap error check
- lxd-agent: Load vhost module
- lxd/storage/zfs: Fix default VM size
- lxd/vm: Tweak to mount field names
- lxd-agent: Create mount path if missing
- doc: Tweak markdown format for itemization
- lxd/storage/ceph: Implement GetVolumeUsage
- lxd/device/disk: Adds mountPoolVolume function
- lxd/device/disk: Error message quoting
- lxd/device/disk: Adds pool volume support for VMs
- lxd/device/disk: Switches createDevice to use d.mountPoolVolume for containers
- lxd/device/disk: Renames storagePoolVolumeAttachPrepare to storagePoolVolumeAttachShift
- lxd/device/disk: Ensures custom pool volumes are unmounted on VM device stop
- unix-hotplug: fix device removal and zero padding
- i18n: Update translations from weblate
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 3.21 リリースのお知らせ¶
13th of February 2020
はじめに ¶
LXD チームは、LXD 3.21 のリリースをお知らせすることにとてもワクワクしています!
このリリースは、これまでと同様の 2 週間の短い開発サイクルのリリースで、多数のストレージ、VM、ネットワークのバグフィックスとリファクタリングを含んでいます。
機能的には、ネットワークインターフェースを接続する新たな簡単な方法、新たなクラスタリングデータベースの設定、多数の仮想マシンの改良があります。
Enjoy!
ハイライト¶
LXD が管理するネットワークに対する新たな接続方法 ¶
LXD が直接管理しているブリッジインターフェースを使う場合(lxc network list 参照)、次のように直接そのブリッジにインスタンスを接続できるようになりました:
eth0:
type: nic
network: lxdbr0
name: eth0
もしくは lxc config device add c1 eth0 nic network=lxdbr0 name=eth0 のように実行します。
nictype: bridged や parent: lxdbr0 というプロパティは設定する必要がありません。代わりに network に LXD ネットワークを設定すれば、すべて完了です。
このモードでは、ブリッジの MTU は自動的にネットワークインターフェースから継承します。IPv4/IPv6 アドレスは、ネットワークに設定されたサブネットに対して検証されます。そして、MAAS IPv4, IPv6 サブネットは、個別のインターフェースでなくネットワークを通して設定されるようになりました。
Ceph ドライバーの新しいストレージドライバーインフラストラクチャーへの移植 ¶
Ceph ストレージドライバーが、新しいストレージインフラストラクチャーに移植される最新で最後のドライバーです。ユーザーに見えない変更がありますが、LXD で Ceph をお使いのユーザーは、まずは重要ではないシステムで 3.21 へのアップグレードを試し、ストレージに関連する問題をすみやかに報告することをおすすめします。
この最後のドライバーの移植で、LXD のコードベースからすべての古いストレージインフラストラクチャーを削除する作業を始められるようになりました。これにより、今後の保守が大幅に容易になります。
クラスタリング: アクティブとスタンバイのメンバーの数を設定できるようになりました ¶
クラスターに対する設定オプションをふたつ追加しました。
cluster.max_votersは、期待するアクティブデータベースクラスターのメンバー数を設定します(投票 (voting))cluster.max_standbyは、期待するスタンバイデータベースクラスターのメンバー数を設定します(非投票 (non-voting))
デフォルトの設定は 3 台の投票 (voting) メンバーと、2 台のスタンバイメンバーです。投票 (voting) メンバーがダウンした場合、スタンバイは速やかに投票 (voting) に昇格し、予備の待機メンバーがスタンバイに昇格するかもしれません。
投票 (voting) メンバーの数を増やすとデータベースのパフォーマンスが低下するでしょう。これは、変更に同意するメンバーの数が増えるからです。スタンバイメンバーの数を増やしてもデータベースのパフォーマンスに影響は与えませんが、データベースバイナリストリームを取得する必要のあるメンバーが増えるので、ネットワーク負荷が増加するでしょう。
ほとんど間髪を入れずに 2, 3 のメンバーを失う可能性があるクラスターでのみ、これらのデフォルト値を増やすことを検討すべきです。
VM: CPU ピンニングとトポロジー ¶
limits.cpu で、コンテナでサポートされているように、特定の CPU ID を設定できるようになりました。例: limits.cpu: 0,2、limits.cpu: 0-3。
リストで指定された物理 CPU(やスレッド)への VM の仮想 CPU のピンニングに加えて、LXD は VM の CPU トポロジーを一致させようとします。
先の例の limits.cpu: 0,2 は、デュアルコアのハイパースレッドサポートの Intel システムでは、最初のコアとそのハイパースレッドを指します。その結果、仮想マシンではシングルソケット、シングルコア、ハイパースレッド CPU で構成され、物理ハードウェアと一致するように両方のスレッドが固定されます。
同じロジックが、ハイパースレッディングサポートの有無に関わらず、マルチソケット、マルチコアのシステムをサポートします。limits.cpu で指定された CPU が実際のハードウェア構成(各ソケットの同じ数のコア、すべてのコア上の同じ数のスレッド、…)と一致する限り、LXD は VM 設定を一致させ、ピンニングも一致するように設定することを保証します。
要求された設定が正しくない場合(ハードウェアと一致しない場合)、LXD はフォールバックし、シングルソケットのハイパースレッディングなしのマルチコア VM を提供し、設定した CPU ID それぞれをコアとして扱います。これは明らかに理想的な状況ではありませんので、このような状況になれば、警告が LXD ログに記録されます。
VM: ネットワークとストレージの最適化 ¶
ネットワークパフォーマンスを改良するため、LXD はネットワークデバイスに vhost_net を使います。
ストレージフロントでは、virtio-scsi ドライブで discard が有効になり、ブロックを破棄したり、ベースのファイルストレージを縮小したり、バックのドライブがブロックをより適切に管理できるようになったりしました。
VM: IPv6 アドレスのエージェントレスのレポーティング ¶
これまでは、仮想マシンの IP アドレスは LXD の DHCP サーバからのみ取得していました。 これは IPv4 では確実に動作しますが、ほとんどの IPv6 デプロイで使う SLAAC では、DHCPv6 リースが付属していないので、LXD では取得されません。
これを回避する方法のひとつは、VM 内で実行する LXD エージェントに頼ることでした。このエージェントは仮想マシン向けにネットワーク情報を取得するのに使います。
しかし、それが不可能な場合でも、LXD は一致する IPv6 アドレスの近傍レコードも参照するようになりました。
stgraber@castiana:~$ lxc list win10 +-------+---------+----------------------+----------------------------------------------+-----------------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +-------+---------+----------------------+----------------------------------------------+-----------------+-----------+ | win10 | RUNNING | 10.166.11.118 (eth0) | 2001:470:b368:4242:9dff:908:98a9:c0c3 (eth0) | VIRTUAL-MACHINE | 0 | +-------+---------+----------------------+----------------------------------------------+-----------------+-----------+
完全な ChangeLog(翻訳なし) ¶
Here is a complete list of all changes in this release:
- lxd/migrate/container: Fixes migrate refresh final sync snapshot bug
- lxd/migration/migration/volumes: Comment on Data property of VolumeSourceArgs
- lxd/storage/drivers/driver/zfs/volumes: Explain use of volSrcArgs.Data for migration
- lxd/instance/drivers/load: Pass copy of device config to device.Validate
- lxd/device/nic/bridged: Updates use of network pkg functions
- lxd/device/nic/bridged: Uses network.LoadByName to access n.HasDHCPvX() helpers
- lxd/device: networkRandomDevName usage
- lxd/network/network/load: Adds LoadByName function
- lxd/network: Adds network type in network pkg
- lxd/network/network/utils: Moves network utils from main pkg
- lxd/instance/instance/utils: Removes NetworkUpdateStatic function link
- lxd/instance/instance/utils: Adds more instance load functions
- lxd/container: Removes instance load functions moved to instance pkg
- container/lxc: network.UpdateDNSMasqStatic usage
- lxd: instance.LoadNodeAll usage
- lxd: instance.LoadByProject usage
- lxd: instance.LoadByProjectAndName usage
- lxd/device/device/utils/network: Updates network package usage
- lxd/device/device/utils/network: Unexports some non-shared functions
- lxd/network/utils: Removes network utils functions used by network type
- lxd/networks/config: Removes networkFillAuto function
- lxd/networks: Removes network type and networkLoadByName function
- lxd/device: networkCreateVlanDeviceIfNeeded and networkRandomDevName usage
- lxd: network package usage
- test: static analysis of network pkg
- lxd/instance/drivers/driver/qemu: network.GetLeaseAddresses usage
- lxd/instance/instance/utils: Removes linked function NetworkGetLeaseAddresses var
- lxd/network/network/utils: Adds GetMACSlice and GetLeaseAddresses functions
- lxd/networks: Removes networkGetLeaseAddresses functions
- lxd/networks/utils: Removes networkGetMacSlice function
- lxd/instances: Fix URLs to use /1.0/instances
- seccomp: make device number checking more robust
- Define MS_LAZYTIME for compatibility with old glibc
- lxd/vm: Use vhost_net
- lxd/vm: Enable block discard
- shared/archive: Fix out of space logic
- lxd/vm: Set Documentation in systemd units
- lxd/vm: Silence writeback warning for config drive
- lxd/device/nic/bridged: Load br_netfilter kernel module when using IPv6 filtering
- lxd/networks/configs: Adds maas.subnet.ipv{4,6} to allowed network keys
- lxd: Device name quoting in device errors
- lxd/device/nic: Adds network as valid nic property
- lxd/networks: Uses HasDHCPv6 function and updates comment
- lxd/network: Adds DHCP range parsing functions
- lxd/device/nic/bridged: Updates to use network type DHCP ranges functions and types
- lxd/device/nic/bridged: Adds support for network property
- doc: Adds API extension for instance_nic_network
- shared/version/api: Adds API extension for instance_nic_network
- test/suites/container/devices/nic/bridged: Adds network property tests
- doc: Adds network property to instance NIC bridged device
- lxd/storage/zfs: Fix argument ordering
- unix hotplug: skip devices without associated devpath or major/minor
- lxd: Switches to simpler conn.WriteMessage function
- lxd/storage/drivers: Add MountedRoot to Info
- lxd/storage: Honor MountedRoot in pool actions
- lxd/networks: Consider IPv6 neighborhood entries
- lxd: Uses gorilla WriteJSON where possible
- lxd/storage/drivers: Set MountedRoot option
- lxd/main_checkfeature: add explicit _exit() even if it's not needed
- lxd/main_checkfeature: s/exit()/_exit()/g
- cgo: export wait_for_pid() helper
- lxd/main_checkfeature: close listener
- lxd/main_checkfeature: don't depend on kcmp header
- lxd/device: Async CEPH unmap
- lxd/storage/drivers/driver/lvm: Uses d.thinpoolName() rather than d.config["lvm.thinpool_name"]
- lxd/patches: setupStorageDriver usage
- lxd/storage: Renames SetupStorageDriver to setupStorageDriver for consistency
- lxd/storage/drivers/driver/zfs: Adds zfs kernel module load fail detection
- lxd/daemon: setupStorageDriver usage
- lxd/daemon: Comment consistency
- lxd/storage/drivers/driver/lvm: Makes lvm.vg_name required for mounting
- lxd/db/cluster/update: Adds updateFromV23 for ensuring lvm.vg_name key is set
- lxd/db/cluster/update: Superfluous trailing whitespace
- lxd/db/cluster/schema: v24 update
- lxd/device/config/devices: Adds NICType function on Device type
- lxd: Device.NICType usage
- lxd/device/nic/bridged: Bans use of nictype when using network property
- test: Updates nic bridged tests for NICType logic
- lxd/network/network/utils: Fix network in use detection
- lxd-agent/exec: Logs signal forwarding as info rather than error
- lxd/container/exec: Only log finished mirror websocket when go routine exits
- lxd/instance/drivers/driver/qemu: Fix go routine leak and hanging lxc clients
- shared: Upper case first character of some debug messages
- lxd/device/nic/bridged: Switches to dnsmasq.DHCPAllocatedIPs()
- lxd/device/nic/bridged: Switches to dnsmasq.DHCPStaticIPs()
- test/suites/container/devices/nic/bridged: Adds test to detect leaked filters
- lxd/device/nic/bridged: Fixes bug that leaks ebtables filters
- lxd/project: Adds InstanceParts() function for separating project prefixed Instance name
- lxd/storage/load: Updates volIDFuncMake to use project.InstanceParts()
- lxd/util: Fix IP/host tests on other distros
- lxd/storage/drivers: Add Ceph driver
- lxd: Use new storage code for Ceph clustering
- Unlock when isLeader failure
- lxd/storage/ceph: Function ordering and comments
- lxd/storage/ceph: Properly handle os.Remove
- lxd/storage/ceph: Comment consistency
- lxd/storage/ceph: Set DirectIO
- lxd/storage/ceph: Unwrap if statement
- lxd/storage/ceph: Unwrap function signatures
- lxd/storage/ceph: Rework MountVolume
- lxd/patches: Re-run VM path creation
- tests: Add ceph to list of new drivers
- lxd/firewall: Moves iptables/xtables implementation into firewall/drivers package
- Consider the default port when checking address overlap
- lxd/firewall: Updates interface and loader for new pkg
- lxd: firewall/drivers pkg usage
- lxd/device/config/device/proxyaddress: Moves ProxyAddress type
- lxd/main/forkproxy: Updates use of ProxyAddress type
- lxd/device/proxy: Switches to use firewall.InstanceSetupProxyNAT()
- lxd/firewall/firewall/interface: Reworks firewall interface
- Re-disable clustering upgrade test
- lxd: Fix error message when deleting storage pools
- lxd/firewall/drivers/drivers/xtables: Implements xtables driver
- lxd/network/network/utils: Adds UsesIPv4Firewall and UsesIPv6Firewall functions
- lxd/device/nic/bridged: Switches to firewall.InstanceSetupBridgeFilter and InstanceClearBridgeFilter
- lxd/network/network: firewall.NetworkSetupForwardingPolicy usage
- lxd/network: firewall.NetworkSetupOutboundNAT usage
- lxd/network: Updates firewall DHCP/DNS function usage
- lxd/firewall/drivers/consts: Removes unused constants
- lxd/network: Updates to use firewall helper functions
- lxd/dnsmasq: Makes DHCPStaticIPs project aware
- lxd/device/nic/bridged: dnsmasq.DHCPStaticIPs project usage
- lxd/network/network/utils: dnsmasq.DHCPStaticIPs project usage
- test: Removes old iptables package from static analysis
- test: Fixes iptables rule leak in clustering test
- shared: Add HostPathFollow
- lxc/file: Follow symlinks on individual file transfers
- lxd/container: Protect file push/pull from shift
- Add cluster.n_voters and cluster.n_standby configuration keys
- Load configuration keys when checking for n of voters/stand-by
- doc/clustering.md: describe usage of clustering size config keys
- Drive-by: fix check for degraded cluster
- doc/server.md: add cluster.max_voters/max_standby
- api: Add clustering_sizing extension
- Revert "lxd/instance/drivers/driver/qemu: Fix go routine leak and hanging lxc clients"
- lxd/instance: Move ParseCpuset
- lxd/vm/qmp: Allow retrieving vCPU pids
- lxd/vm: Implement CPU pinning
- shared: get_poll_revents(): handle EAGAIN in addition to EINTR
- lxc: send SIGTERM when there's no controlling terminal
- shared: Add Uint64InSlice
- lxd/vm: Template sockets/cores/threads config
- lxd/vm: Attempt to line up CPU topology
- lxd init: Don't allow empty strings for the cluster host name
- node/config.go: Don't allow wild card addresses for cluster.https_address
- idmap:acl: don't add but update the acls
- shared/util: Tweak HostPathFollow to use readlink
- lxc/file: Expand complex symlink chains
- i18n: Update translations from weblate
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 3.20 リリースのお知らせ¶
30th of January 2020
はじめに ¶
LXD チームは、LXD 3.20 のリリースをお知らせすることにとてもワクワクしています!
私たちは、LXD 3.19 のリリースのあとに行われた多数の機能強化とバグ修正をすばやくまとめるために、通常の 1 ヶ月ごとのリリースから 2 週間のリリースに短縮しました。LXD 4.0 のリリースまでこのペースを保つつもりで、その後通常の 1 ヶ月ごとのリリースに戻る予定です。
このリリースは、オースティンのテキサス大学の学生のコントリビュートによる、3 つの機能追加・改良を含みます。
- API コレクションのサーバ側でのサポート
- 新しい unix-hotplug デバイスタイプ
- バックグラウンドプロセス管理の見直し
これらのインテグレーションに加えて、私たちが考える VM ストーリーの現在存在するギャップを埋めることにもフォーカスを当てており、3.19 リリース以来の多数のバグを修正し、ネットワークインターフェースの処理を完了し、ppc64le サポートを追加し、ブートデバイスの順序設定をサポートしました。
Enjoy!
ハイライト ¶
API コレクションのサーバー側でのサポート ¶
ユーザーが扱うインスタンスやイメージがますます大きくなるにつれ、それらのすべてのレコードをクライアント側でフィルタリングすることは非常にコストが高くなる可能性があります。このリリースでは、サーバー側でのフィルタリングのインフラストラクチャと初期実装を追加しました。
これは次のようになります:
stgraber@castiana:~/data/code/lxc/lxd (lxc/master)$ lxc query '/1.0/instances?filter=config.image.os%20eq%20ubuntu'
[
"/1.0/instances/snapcraft",
"/1.0/instances/ups-monitor",
"/1.0/instances/v1",
"/1.0/instances/maas01",
"/1.0/instances/steam",
"/1.0/instances/lxd-build"
]
これは、URL エンコーディングを使って、フィルターとして config.image.os eq ubuntu を使っています。フィルタリングオプションの詳しくはこちら をご参照ください。
新しい unix-hotplug デバイスタイプ ¶
このデバイスタイプは usb と unix-char と unix-block のちょうど中間のようなものです。
特定の vendorid/productid を指定でき、その結果として unix-char/unix-block デバイスを自動的にコンテナに渡すことができます。
USB デバイスの例です:
stgraber@castiana:~$ lxc config device add c1 kingston unix-hotplug vendorid=0951 productid=1666 Device kingston added to c1 stgraber@castiana:~$ lxc exec c1 bash root@c1:~# ls -lh /dev/ total 0 crw--w---- 1 root tty 136, 0 Jan 30 23:00 console lrwxrwxrwx 1 root root 11 Jan 30 22:59 core -> /proc/kcore lrwxrwxrwx 1 root root 13 Jan 30 22:59 fd -> /proc/self/fd crw-rw-rw- 1 nobody nogroup 1, 7 Jan 13 03:59 full crw-rw-rw- 1 nobody nogroup 10, 229 Jan 30 22:59 fuse lrwxrwxrwx 1 root root 25 Jan 30 22:59 initctl -> /run/systemd/initctl/fifo lrwxrwxrwx 1 root root 28 Jan 30 22:59 log -> /run/systemd/journal/dev-log drwxr-xr-x 2 nobody nogroup 60 Jan 30 22:46 lxd drwxrwxrwt 2 nobody nogroup 40 Jan 13 03:59 mqueue drwxr-xr-x 2 root root 60 Jan 30 22:59 net crw-rw-rw- 1 nobody nogroup 1, 3 Jan 13 03:59 null crw-rw-rw- 1 root root 5, 2 Jan 30 22:59 ptmx drwxr-xr-x 2 root root 0 Jan 30 22:59 pts crw-rw-rw- 1 nobody nogroup 1, 8 Jan 13 03:59 random drwxrwxrwt 2 root root 40 Jan 30 22:59 shm lrwxrwxrwx 1 root root 15 Jan 30 22:59 stderr -> /proc/self/fd/2 lrwxrwxrwx 1 root root 15 Jan 30 22:59 stdin -> /proc/self/fd/0 lrwxrwxrwx 1 root root 15 Jan 30 22:59 stdout -> /proc/self/fd/1 crw-rw-rw- 1 nobody nogroup 5, 0 Jan 30 21:23 tty crw-rw-rw- 1 nobody nogroup 1, 9 Jan 13 03:59 urandom crw-rw-rw- 1 nobody nogroup 1, 5 Jan 13 03:59 zero root@c1:~# ls -lh /dev/ total 1.0K drwxr-xr-x 3 root root 60 Jan 30 23:01 bus crw--w---- 1 root tty 136, 0 Jan 30 23:00 console lrwxrwxrwx 1 root root 11 Jan 30 22:59 core -> /proc/kcore lrwxrwxrwx 1 root root 13 Jan 30 22:59 fd -> /proc/self/fd crw-rw-rw- 1 nobody nogroup 1, 7 Jan 13 03:59 full crw-rw-rw- 1 nobody nogroup 10, 229 Jan 30 22:59 fuse lrwxrwxrwx 1 root root 25 Jan 30 22:59 initctl -> /run/systemd/initctl/fifo lrwxrwxrwx 1 root root 28 Jan 30 22:59 log -> /run/systemd/journal/dev-log drwxr-xr-x 2 nobody nogroup 60 Jan 30 22:46 lxd drwxrwxrwt 2 nobody nogroup 40 Jan 13 03:59 mqueue drwxr-xr-x 2 root root 60 Jan 30 22:59 net crw-rw-rw- 1 nobody nogroup 1, 3 Jan 13 03:59 null crw-rw-rw- 1 root root 5, 2 Jan 30 22:59 ptmx drwxr-xr-x 2 root root 0 Jan 30 22:59 pts crw-rw-rw- 1 nobody nogroup 1, 8 Jan 13 03:59 random brw-rw---- 1 root root 8, 0 Jan 30 23:01 sda brw-rw---- 1 root root 8, 1 Jan 30 23:01 sda1 drwxrwxrwt 2 root root 40 Jan