News¶

LXD 4.21 リリースのお知らせ ¶

10th of December 2021

はじめに ¶

LXD チームは LXD 4.21 のリリースをお知らせできることにとてもワクワクしています!

今年最後のリリースでは、多くの新機能に加えて、主にクラスタリング、イベントハンドリング、exec セッション、LXD データベース関係の多数の改良を行いました。

Enjoy!

新機能とハイライト ¶

クラスターメンバーグループ ¶

大きなクラスターのオペレーターは他とは異なるシステムをいくつか持っていることが多いです。
段階的に廃止される古いシステムや、珍しいアーキテクチャーの変わった開発ボードだったり、GPU を多数搭載したマシンだったりするかもしれません。

このようなケースでは、新しいインスタンスをこのようなマシングループの 1 つにターゲットにする方法があると非常に便利です。これは、これまでは --target=NAME でマニュアルで行えました。しかし、複数のシステムを扱う場合は、手作業でロードバランシングする必要があります。

LXD 4.21 ではクラスターグループが導入されました。
これは lxc cluster group で管理し、一度クラスター内の関連するサーバーに割り当てられると、特定のグループを --target=@group-name を使ってターゲットにできます。LXD はグループ内で一番負荷の低いサーバーを選択します。

これはプロジェクト内でも使用でき、restricted.cluster.groups にはプロジェクトが使用を許可されたグループのリストを指定できます。これにより、本番用と開発用の異なるハードウェアを簡単に扱うことができるようになり、どのプロジェクトとユーザーがどれとやりとりできるのかを調整できます。

加えて、最近導入された scheduler.instance クラスターメンバーオプションが拡張され、値として group が使えるようになりました。クラスターメンバー上でそのように設定されると、名前またはそのグループのひとつで直接ターゲットにされない限りは、LXD スケジューラーは常にそのクラスターメンバーに対するワークロードの自動割り当てを常にスキップするようになります。

stgraber@dakara:~$ lxc cluster group list
+---------+-----------------------+---------+
|  NAME   |      DESCRIPTION      | MEMBERS |
+---------+-----------------------+---------+
| core    | Core servers (HA)     | 4       |
+---------+-----------------------+---------+
| default | Default cluster group | 6       |
+---------+-----------------------+---------+
| lab     | Lab servers           | 2       |
+---------+-----------------------+---------+

仕様: https://discuss.linuxcontainers.org/t/lxd-cluster-server-grouping/12716
ドキュメント : https://linuxcontainers.org/lxd/docs/master/clustering#cluster-groups

cloud-init サポートの再実装 ¶

LXD はコンテナと仮想マシンでの cloud-init の使用をずっとサポートしてきました。
しかし、それは少しハック的で、user.user-data、user.vendor-data、user.network-config をイメージ固有のロジックと組み合わせ、cloud-init の静的設定ファイルを作成しました。そしてそれを cloud-init がピックアップします。

これはすべて、cloud-init が LXD をクラウドとして扱っておらず、そのため特定のデータソースを持っていなかったためです。

これは、cloud-init チームが LXD の /dev/lxd API を使った LXD データソースのサポートを開始したことで変化しています。その一環として、cloud-init をファーストクラスの LXD の機能に昇格させました。その最も目に見える変化は新しい設定キーです。

cloud-init.user-data
cloud-init.vendor-data
cloud-init.network-config

新しいイメージはこれらの新しい設定キーで問題なく動作します。しかし移行を容易にするために、しばらくの間、古いイメージがサポートされたままとなります。同様に、専用のデータソースをサポートする新しい cloud-init に移行する際、移行はシームレスに行われ、ユーザーは目に見える変化はありません。

今後はこれを前提に、ネットワーク設定を変更する際のライブでの設定変更のサポートの導入や、cloud-init clean を実行して再起動し、更新された設定で cloud-init を新たに実行するといった、cloud-init データソースの将来的な改良が期待できます。

仕様 : https://discuss.linuxcontainers.org/t/lxd-first-class-cloud-init-support/12559
ドキュメント : https://linuxcontainers.org/lxd/docs/master/cloud-init

信頼済み証明書の自己更新 ¶

lxc config trust editを使って、既存の信頼済み証明書の更新ができるようになりました。
これは、ユーザーが（プロジェクトの制限を通して）LXD へのアクセスを制限している場合でも有効です。

制限されているユーザーの場合、自身の証明書（現在 LXD との通信に使っている証明書）の更新のみが許可されます。

この機能は主に LXD の API と通信を行う自動化されたシステムのためのもので、証明書の有効期限が短く、したがって失効前に更新を行うために自身が必要かもしれません。

プロジェクトでのディスクパススルーの制限 ¶

新たに restricted.devices.disk.paths オプションがプロジェクトの設定に追加されました。
このオプションは restricted.devices.disk が allow に設定されているときに有効になります。設定されている場合、インスタンスに渡すホストのパスを制限することができます。

これはホストパスのコンマ区切りのリストです。そのパスとそれ以下のパスにあるものがマウントできるようになります。

lxc project set foo restricted=true
lxc project set foo restricted.devices.disk.paths=/home/foo
lxc project set foo restricted.devices.disk=allow

プロジェクト foo のインスタンスは、source プロパティが /home/foo かその内部であれば、ディスクエントリーを使用できます。

プロジェクトでの idmap uid/gid の制限 ¶

前の例に関連した問題で、ユーザーが自身の制限付きプロジェクト内のホームディレクトリーを渡せるようにしたあと、次に出てくる問題はファイルの所有権がコンテナや仮想マシン内のものと一致しないことです。

これに対応するために、新たに restricted.idmap.uid と restricted.idmap.gid 設定オプションを追加しました。

lxc project set foo restricted=true
lxc project set foo restricted.devices.disk.paths=/home/foo
lxc project set foo restricted.devices.disk=allow
lxc project set foo restricted.idmap.uid=1000
lxc project set foo restricted.idmap.gid=1000

この結果、同じ制限されたユーザーが raw.idmap を使って、インスタンス内で uid 1000/1000 をマッピングできるようになります。したがって、raw.idmap を both 1000 1000 のように設定して、インスタンス内の uid 1000 と gid 1000 をホスト上の実際の uid 1000 と gid 1000 にマッピングされるようにし、共有ディスク上のパーミッションが揃うようにします。

これに関連して、raw.idmap が仮想マシンでも有効になりました。制限付きプロジェクト内で共有ディスクへのアクセスが、コンテナで行うのと同じようにできるようになりました。

`lxc --sub-commands` によるすべてのコマンドのリスト表示 ¶

lxc は時間の経過とともにかなり大きくなり、たくさんのサブコマンドやサブサブコマンドが（そしてサブサブサブコマンドがいくつか）あります。多数のヘルプや man ページを見て回るのではなく、すべてのサブコマンドを lxc --sub-commands ですべてのサブコマンドの概要を見ることができ、lxc --all --sub-commands で、あまり一般的ではないコマンドも含めることができます。

`--all-projects` を使ったプロジェクトをまたいだインスタンスのリスト表示 ¶

LXD のプロジェクト機能が導入されて以来、かなり頻繁にリクエストのあった機能です。すべてのプロジェクトを一度にリスト表示する API と CLI のサポートを追加しました。

stgraber@dakara:~$ lxc list --all-projects status=running
+---------+---------------+---------+------------------------+---------------------------------------------+-----------------+-----------+
| PROJECT |     NAME      |  STATE  |          IPV4          |                    IPV6                     |      TYPE       | SNAPSHOTS |
+---------+---------------+---------+------------------------+---------------------------------------------+-----------------+-----------+
| default | lxd-build     | RUNNING | 172.17.250.23 (eth0)   | 2602:fc62:b:250:216:3eff:fece:d188 (eth0)   | CONTAINER       | 0         |
+---------+---------------+---------+------------------------+---------------------------------------------+-----------------+-----------+
| default | win11         | RUNNING |                        | 2602:fc62:b:250:216:3eff:fe16:48d6 (eth0)   | VIRTUAL-MACHINE | 0         |
|         |               |         |                        | 2602:fc62:b:250:203b:9725:cde5:ebca (eth0)  |                 |           |
+---------+---------------+---------+------------------------+---------------------------------------------+-----------------+-----------+
| demo    | impish        | RUNNING | 172.17.250.25 (enp5s0) | 2602:fc62:b:250:216:3eff:fe63:64be (enp5s0) | VIRTUAL-MACHINE | 0         |
+---------+---------------+---------+------------------------+---------------------------------------------+-----------------+-----------+

新しい `database-leader` クラスターロール ¶

クラスターには少し前から database と database-standby ロールがあり、内部的な dqlite のセットアップが見えるようになっていました。さらに、どのサーバーが現時点のデータベースリーダーに選出されているのかを確認できるようになりました。

stgraber@dakara:~$ lxc cluster list
+---------+-------------------------------------+------------------+--------------+----------------+---------------------------+--------+-------------------+
|  NAME   |                 URL                 |      ROLES       | ARCHITECTURE | FAILURE DOMAIN |        DESCRIPTION        | STATE  |      MESSAGE      |
+---------+-------------------------------------+------------------+--------------+----------------+---------------------------+--------+-------------------+
| asuras  | https://[2602:fc62:b:100::200]:8443 | database         | aarch64      | default        | APM X-Gene 2              | ONLINE | Fully operational |
+---------+-------------------------------------+------------------+--------------+----------------+---------------------------+--------+-------------------+
| athos   | https://[2602:fc62:b:100::204]:8443 | database-standby | x86_64       | default        | Intel Xeon E5-2695v2 (2x) | ONLINE | Fully operational |
+---------+-------------------------------------+------------------+--------------+----------------+---------------------------+--------+-------------------+
| delmak  | https://[2602:fc62:b:100::205]:8443 | database         | aarch64      | default        | Qualcomm Centriq 2400     | ONLINE | Fully operational |
+---------+-------------------------------------+------------------+--------------+----------------+---------------------------+--------+-------------------+
| entak   | https://[2602:fc62:b:100::201]:8443 | database-standby | aarch64      | default        | APM X-Gene 2              | ONLINE | Fully operational |
+---------+-------------------------------------+------------------+--------------+----------------+---------------------------+--------+-------------------+
| madrona | https://[2602:fc62:b:100::202]:8443 |                  | aarch64      | default        | APM X-Gene 2              | ONLINE | Fully operational |
+---------+-------------------------------------+------------------+--------------+----------------+---------------------------+--------+-------------------+
| vorash  | https://[2602:fc62:b:100::203]:8443 | database-leader  | aarch64      | default        | APM X-Gene 2              | ONLINE | Fully operational |
|         |                                     | database         |              |                |                           |        |                   |
+---------+-------------------------------------+------------------+--------------+----------------+---------------------------+--------+-------------------+

一貫性のある単位 ¶

LXD が表示するデフォルトの単位は、ディスクとメモリ使用量に対しては IEC (base 2)、ネットワークの使用量は Metric (base 10) となるように調整されています。

これは、LXD が報告するディスク・メモリ使用量が、ほとんどのディストリビューションで df と free のようなツールがデフォルトで使用する使用量と一致するように行われます。

この変更の結果は、lxc info、lxc list、lxc project usage、lxc storage info、lxc storage volume info で見ることができます。

stgraber@dakara:~$ lxc info lxd-build
Name: lxd-build
Status: RUNNING
Type: container
Architecture: x86_64
PID: 8891
Created: 2021/08/20 16:28 EDT
Last Used: 2021/11/21 17:29 EST

Resources:
  Processes: 44
  Disk usage:
    root: 4.43GiB
  CPU usage:
    CPU usage (in seconds): 670
  Memory usage:
    Memory (current): 550.27MiB
    Swap (current): 3.48MiB
  Network usage:
    eth0:
      Type: broadcast
      State: UP
      Host interface: vethb7314fa0
      MAC address: 00:16:3e:ce:d1:88
      MTU: 1500
      Bytes received: 205.19MB
      Bytes sent: 6.31MB
      Packets received: 273612
      Packets sent: 62221
      IP addresses:
        inet:  172.17.250.23/24 (global)
        inet6: 2602:fc62:b:250:216:3eff:fece:d188/64 (global)
        inet6: fe80::216:3eff:fece:d188/64 (link)
    lo:
      Type: loopback
      State: UP
      MTU: 65536
      Bytes received: 100.80kB
      Bytes sent: 100.80kB
      Packets received: 856
      Packets sent: 856
      IP addresses:
        inet:  127.0.0.1/8 (local)
        inet6: ::1/128 (local)

仮想マシンでの routed ネットワーク ¶

routed nictype オプションを仮想マシンでも動作するように拡張しました。

しかしコンテナとは違い、インスタンス内のデバイスをあらかじめ設定することができないので、VM 内に正しいアドレス、ルート、DNS を設定するために、ユーザーによる手動の設定が必要です。

`routed` タイプの NIC での `ipv4.routes` と `ipv6.routes` のサポート ¶

また、routed nictype に関連して、これらの NIC のエントリーに ipv4.routes と ipv6.routes を設定できるようになりました。

これは他の NIC タイプと同様に動作し、ホストは指定されたアドレスまたはサブネットに対するエントリーをルートテーブルに追加し、インスタンスに直接ルーティングします。

ネットワークゾーンで NAT されたアドレスをスキップするオプション ¶

ネットワークゾーンに network.nat オプションが新たに追加されました。false に設定すると、NAT されたレコードに対するすべてのレコードがゾーンから削除されます。

これにより、IPv4 は NAT されており、IPv6 はグローバルにルーティングされている環境で、グローバルにアクセスできるレコードだけを持つクリーンな DNS ゾーンを取得できます。

セキュリティフィルタリングオプションを使った IP アドレスファミリーのブロック ¶

アドレスに対する none エントリーとフィルタリングオプションを組み合わせることで、インスタンス内の IP ファミリーを完全に無効化できるようになりました。

IPv4 を無効化するには:

security.ipv4_filtering=true
ipv4.address=none

IPv6 を無効化するには:

security.ipv6_filtering=true
ipv6.address=none

遅い可能性のある `rbd du` を無効化する新たなストレージ設定オプション `ceph.rbd.du` ¶

Ceph ユーザーは停止したインスタンス、特に多数のスナップショットを持つインスタンスのディスク使用量のリスト表示が、非常に非常に遅いことに気づいているかもしれません。Ceph RBD のオプションをいくつか有効化（fast-diff が思い浮かびます）してスピードアップする方法があります。それでも理想的な方法とはいえず、かなりの負荷がかかる可能性があります。

インスタンスが停止しているときはディスク使用量を取得しないようにしたい場合は、ストレージプールで ceph.rbd.du=false が設定できるようになりました。

プロジェクト間のインスタンスとボリュームの移動の最適化 ¶

LXD は、プロジェクト間のインスタンスとストレージボリュームの移動を少し前からサポートしています。しかし移動する際の通常の方法は、クライアントがインスタンスやボリュームを新しいプロジェクトにコピーし、その後オリジナルを削除するというものでした。

これにより、一時的にデータが重複してしまい、かなりの負荷がかかることになります。

LXD 4.21 で、この操作がサーバーサイドでサポートされるようになり、ほとんどの場合で単純な名前の変更と同じくらいの速度で行えるようになりました。

クラスタメンバー間のカスタムボリュームのコピー・移動のサポート ¶

Ceph/CephFS 以外では、クラスター内のカスタムストレージボリュームは、それらを保存しているサーバー特有のものです。つまり、同じカスタムストレージボリューム名がクラスター内にいくつも存在でき、違うものを参照できます。

これは、2 つのクラスターメンバー間でこのようなボリュームをコピーや移動したい場合に問題を引き起こしていました。これに対応するため、lxc storage volume copy POOL VOLUME-NAME TARGET-VOLUME-NAME --target SOURCE-MEMBER --destination-target DESTINATION-MEMBER を実行できるようになりました。

--target は実質ソースを参照しているため、ネーミングが少し混乱する可能性があります（そのサーバーに対するリクエストをターゲットにしているため）。しかし、新たに追加された --destination-target は正しい移動先サーバーをターゲットにして、マイグレーションを完了できます。

すべての変更点（翻訳なし）¶

このリリースでの完全な変更点のリストは次の通りです:

すべてのChangeLogを見る

lxd/daemon: Adds systemdSocketActivated
lxd/api/cluster: Exit LXD after removal from cluster if systemd socket activated in clusterPutDisable
lxd/cluster/gateway: Don't restart gateway in Reset
lxd/api/cluster: Don't update certificate on endpoints during clusterPutDisable
lxd/db/images: Change nullable fields in Image to sql.NullTime type
lxd/db/images: Image sql.NullTime field usage
lxd/db/instances: Changes nullable datetime fields in Instance to sql.NullTime type
lxd/db/instances: Instance sql.NullTime field usage
lxd/db/snapshots: Updates InstanceSnapshot nullable datetime fields to sql.NullTime
lxd/db/snapshots: InstanceSnapshot sql.NullTime field usage
lxd/instance/instance/utils: InstanceSnapshot sql.NullTime field usage
lxd/instance: Instance sql.NullTime field usage
gomod: Upgade to go-dqlite v1.10.1
lxd/api/cluster: Adds clusterPutDisableMu to control daemon replace/stop until request finished in clusterNodeDelete
test/suites/clustering: Fix condition in test_clustering_remove_leader
lxd/api/internal: Updates internalShutdown to wait until request context is done before exiting
test/suites/clustering: Change test_clustering_remove_leader to test_clustering_remove_members
shared/api/error: Update StatusErrorf to not parse format to fmt.Sprintf if no replacement arguments
lxd/operations: Consistent comment endings
lxd/operations: Don't duplicate local operations in operationsGet when running in single member cluster
lxd/api/1.0: Prevent update of cluster.https_address in doApi10Update
lxd/api/cluster: Reformat clusterAcceptMember function
lxd/cluster/gateway: Change client loop logic in LeaderAddress
lxd/cluster/gateway: Comment cleanup
lxd/cluster/gateway: Error wrapping
lxd/cluster/gateway: Don't ever return an empty leader address in LeaderAddress
lxd/api/cluster: Add leader address check in internalClusterPostAccept
Doc: fix typo for hardware offload
Doc: fix remove non-existent anchor in link to network-peers.md
lxd/db/cluster/update: Fix upgrade from 2.0/3.0 when using go-dqlite v1.10.1 NULLable fields
lxd/instances: Use correct project in live migration
lxd/device: Clean up mdev vGPU on failure
lxd/device: Log error message on GPU mdev cleanup failure
lxd/network/openvswitch/ovn: Update LogicalRouterPortAdd to accept gatewayMTU arg
lxd/network/driver/ovn: client.LogicalRouterPortAdd usage
lxd/instances/qemu: fix usb pass-through with more than one device
lxd/device: Switch to github.com/jochenvg/go-udev
gomod: Update dependencies
doc: Elaborate on pongo2 date-time syntax for snapshots
lxc/info: Use consistent units
lxc/list: Use consistent units
lxc/storage: Use consistent units
lxc/storage_volume: Use consistent units
lxd/api_internal: Use consistent units
lxd/patches_utils: Use consistent units
lxd/projects: Use consistent units
tests/macaroon-identity: Switch to go-httprequest
gomod: Update dependencies
api: Add certificate_self_renewal API extension
shared/api: Allow cert modification
doc/rest-api: Refresh swagger YAML
lxd: Drop fingerprint in doCertificateUpdate
lxd/migrate: Only use pointers to migration.MigrationControl to avoid shallow copies
Update default volume.size from 10GB to 10GiB
Update default state volume size from 100MB to 100MiB
lxd/db/networks: Fix panic in networkConfigAdd
lxd/db/storage/pools: Fix panic in CreateStoragePool
lxd/db/storage/volumes: Fix panic in storageVolumeConfigAdd
lxd: Support certificate update
shared/util: Removes unused IsUnixDev function
lxd/project/permissions: Removes unnecessary wrapping
lxd/api/project: Standardises restricted.networks.uplinks validation
lxd/network/driver/ovn: Switch to n.state.Cluster.GetProject in InstanceDevicePortValidateExternalRoutes
lxd/device/proxy: Improve comment in proxy validateConfig
doc/projects: Improve doc on restricted key
lxd/device/device/utils/disk: Error quoting and wrapping in DiskMount
lxd/device/device/utils/disk: Remove block device filesystem detection from DiskMount
lxd/device/disk: Unify srcPath argument treatment in createDevice
lxd/device/disk: Clarify isFile logic in createDevice
lxd/device/disk: Removes duplicated source path exists check in createDevice
lxd/device/disk: Removes revert arg from createDevice
lxd/device/disk: Switch to using open file handle for createDevice mount
lxd/device/disk: Add block device filesystem detection to createDevice
lxd/device/disk: Updates createDevice to return isFile boolean indicator
lxd/device/disk: Updates d.createDevice usage now it returns isFile boolean
lxd/device/disk: Require local source paths to be absolute in validateConfig
lxd/device/disk: Stop using global logger
lxd/device/disk: Adds diskSourceNotFoundError type
lxd/device/disk: Replace calls to isRequired with returning diskSourceNotFoundError instead
lxd/device/disk: Remove duplicated source path exists check in startVM
lxd/device/disk: Add d.validateEnvironmentSourcePath function
lxd/device/disk: Update Start to handle diskSourceNotFoundError
seccomp: use stricter regexps when looking for Uid/Gid/Tgid in /proc/$pid/status
lxd/devlxd: stricter regexp
lxd/instance/drivers/driver/lxc: Fix liblxc handle leak in renderState
lxd/device/config/device/runconfig: Add Revert reverter field to RunConfig
lxd/instance/drivers/driver/lxc: Call runConf.Revert revert in startCommon
lxd/instance/drivers/driver/qemu: Call runConf.Revert revert in Start
lxd/device/disk: Switch to using file handles for local disk VM passthrough
lxd/instance/drivers/driver/qemu: Rework addDriveConfig to support file descriptors encoded into device paths
lxd/db: Add WarningInstanceTypeNotOperational warning
lxd: Add warning entry for missing instance driver
lxd/drivers: Add warning entry for missing instance driver
lxd/network/ovn: Support SSL
lxd/ip/neigh/proxy: Adds NeighProxy type for managing neighbour proxy entries
lxd/ip/neigh: Removes conflation of neighbour proxy functionality from Neigh type
lxd/device/nic/routed: Switch to ip.NeighProxy for neighbour proxy removal
lxd/ip/neigh: Rework Show to return a useful struct rather than just a raw string
lxd/network/network/utils: Update GetNeighbourIPs to use ip.Show()
lxd/device/nic/bridged: Updated network.GetNeighbourIPs and ip package constant usage
test: Add test_certificate_edit
lxd/device/nic/routed: Re-work NIC driver to not depend on liblxc router NIC type
test: Add routed NIC tests for neighbour proxy add/remove
test: Adds check for routed NIC MAC
test: Improves grep MAC test
lxd/device/nic/routed: Adds VM support
doc/instances: Updates routed NIC with VM support
doc: Fix misspelling in server.md
lxd/device/device/utils/disk: Change DiskMount mount options arg to []string
lxd/device/device/utils/disk: Update diskCephfsOptions to return []string for mount options
lxd/instance/drivers/driver/qemu: device.DiskMount usage
lxd/device/disk: Update createDevice to use []string for mount options
lxd/device/device/utils/unix: DiskMount usage
lxd/instance/drivers/driver/lxc: Align start error with VM type
lxd/device/disk: Readonly setting cleanup
shared/validate/validate: Adds IsAbsFilePath function
shared/validate/validate: Fixes comment on IsListOf
shared/validate/validate: Wraps item value in IsListOf error
doc/projects: Adds restricted.devices.disk.paths setting
lxd/api/project: Adds restricted.devices.disk.paths validation
lxd/project/permissions: Adds CheckRestrictedDevicesDiskPaths function
lxd/project/permissions: Check for valid disk source path in checkRestrictions using CheckRestrictedDevicesDiskPaths
lxd/device/disk: Update d.validateEnvironmentSourcePath to check for allowed paths from project
lxd/device/disk: Adds localSourceOpen function
lxd/device/disk: Use d.localSourceOpen in startVM
lxd/device/disk: Use d.localSourceOpen in createDevice
test: Add restricted dish tests
shared/api: Add Project to InstancePost and SourceProject to StorageVolumePost
client: Support for moving instances and custom volumes between projects
lxd: Support for moving instances and custom volumes between projects
lxc/move: Support for moving instances between projects
lxc/storage_volume: Support for moving custome volumes between projects
api: instance_project_move and storage_volume_project_move
tests: Add test for moving storage volume between projects
doc/rest-api: Refresh swagger YAML
i18n: Update translation templates
doc/instances: Clarify shift disk property is only for containers
lxd: switch main_nsexec to config.h
tests: Split cluster and standalone
lxd: add forkusernsexec()
lxd/main/daemon: Actually ignore shutdown request if shutdown ongoing
shared/subprocess/proc: Simplify process cleanup channel closure
lxd/instance/drivers/driver/qemu: Updates fdFiles to be slice of os.File
lxd/instance/drivers/driver/qemu: Improve error in addDriveConfig
lxd/instance/drivers/driver/qemu: Cancel operation on d.UpdateBackupFile error in Start
lxd/device/disk: Change mountPoolVolume to return a revert function
lxd/device/disk: Updates createDevice to return a revert function
lxd/device/disk: createDevice should always return a non-empty device path or an error now
lxd/device/device/utils/disk: Adds DiskVMVirtfsProxyStart function
lxd/device/device/utils/disk: Adds DiskVMVirtfsProxyStop function
lxd/device/disk: Switch to using DiskVMVirtfsProxyStart for VM 9p proxy
lxd/device/disk: DiskVMVirtfsProxyStop usage
lxd/device/device/utils/disk: Returns revert function from DiskVMVirtiofsdStart
lxd/device/disk: DiskVMVirtiofsdStart revert usage
lxd/instance/drivers/driver/qemu: device.DiskVMVirtiofsdStart revert usage
lxd/device/device/utils/disk: Updates DiskVMVirtiofsdStart to pass the listen socket via file descriptor
lxd/instance/drivers/driver/qemu: Remove openUnixSocket function
lxd/device/device/utils/disk: Updates DiskVMVirtiofsdStart to return unix listener
lxd/device/disk: Remove old virtiofsd log if needed
lxd/device/disk: Close virtiofsd unix listener after VM start
lxd/device/disk: Consistent comment line endings
lxd/instance/drivers/driver/qemu: Consistent comment line endings
lxd/instance/drivers/driver/qemu: Close virtiofsd unix listener after VM start
lxd/main/forkusernsexec: Return error if uid or gid map FDs not supplied
lxd/instance/drivers/driver/qemu: Make sure operation is cancelled in Stop
lxd/project/permissions: Updates AllowSnapshotCreation to accept a DB project record
lxd/storage/volumes/snapshot: project.AllowSnapshotCreation in storagePoolVolumeSnapshotsTypePost
lxd/storage/volumes/snapshot: project.AllowSnapshotCreation usage in autoCreateCustomVolumeSnapshotsTask
lxd/instance/snapshot: project.AllowSnapshotCreation usage in instanceSnapshotsPost
lxd/instance: project.AllowSnapshotCreation usage in autoCreateContainerSnapshotsTask
lxd/device/device/utils/disk: Close unnecessary file handles in DiskVMVirtfsProxyStart
lxd/device/device/utils/disk: Close unnecessary file handles in DiskVMVirtiofsdStart
lxd/device/disk: Add disk unmount call to createDevice reverter
util_linux: ensure that O_NOCTTY is raised when opening terminals
util_linux: ensure that pty fds are O_CLOEXEC too
forkusernsexec: close file descriptors before exec
forkusernsexec: add --keep-fd-up-to
lxd/project/permissions: Fix wrapping in checkRestrictions
lxd/project/permissions: Updates entity checkers to accept instancetype.Type
shared/validate/validate: Improve comment on IsListOf
shared/validate/validate: Improve error in IsInRange
shared/validate/validate: Adds ParseUint32Range and IsUint32Range functions
shared/validate/validate: Reworks IsNetworkPortRange to behave the same as IsUint32Range
lxd/network/acl/driver/common: validate.IsNetworkPortRange usage updated
lxd/instance/instance/utils: Removes ParseRawIdmap
shared/idmap/parse: Adds ParseRawIdmap function
lxd/instance/drivers/driver/lxc: idmap.ParseRawIdmap usage
lxd/instance/instance/utils: idmap.ParseRawIdmap usage
lxd/device/device/utils/disk: Uses fmt.Error for wrapping errors in DiskVMVirtfsProxyStart
forkusernsexec: parse command section correctly
forkusernsexec: log verbosely
forkusernsexec: allow for --arg= and --arg syntax
lxd/api/project: Ensure restricted projects have their own profiles
lxd: Move to cron/v3
gomod: Update dependencies
shared/validate/validate: Fix bug in ParseUint32Range
shared/idmap/idmapset/linux: Adds HostIDsCoveredBy function
shared/idmap/idmapset/linux/test: Adds tests for HostIDsCoveredBy
shared/instance: Add support for raw.idmap to VMs
lxd/project/permissions: Adds raw.idmap key to isVMLowLevelOptionForbidden
lxd/device/device/utils/disk: Adds diskAddRootUserNSEntry function
lxd/device/device/utils/disk/test: Adds tests for diskAddRootUserNSEntry
lxd/device/device/utils/disk: Adds forkusernsexecWriteIdmaps function
lxd/device/device/utils/disk: Adds forkusernsexec idmap support to DiskVMVirtfsProxyStart
lxd/device/device/utils/disk: Adds forkusernsexec idmap support to DiskVMVirtiofsdStart
lxd/device/disk: Adds raw.idmap support for DiskVMVirtfsProxyStart and DiskVMVirtiofsdStart
lxd/instance/drivers/driver/qemu: device.DiskVMVirtiofsdStart usage
lxd/api/project: Adds restricted.idmap.uid and restricted.idmap.gid config keys to projects
lxd/project/permissions: Adds restricted.devices.disk.paths to allRestrictions
lxd/project/permissions: Adds restricted.idmap.uid and restricted.idmap.gid to allRestrictions
lxd/project/permissions: Adds parseHostIDMapRange function
lxd/project/permissions/test: Fix import ordering
lxd/project/permission/internal/test: Adds tests for parseHostIDMapRange
doc/projects: Adds restricted.idmap.{u,g}id settings
lxd/project/permissions: Validate the raw.idmap setting uses only allowed host UID/GIDs when unrestricted low-level features not enabled in project.
test: Fix comment typo inn devices disk restricted tests
shared: Add context to DownloadFileHash
client: Pass empty context to DownloadFileHash
test: Adds tests of project restricted.idmap.{u,g}id settings with instance raw.idmap
client/lxd_storage_volumes: Add destination target flag; Respect target flag
lxc/storage_volume: Add destination target flag; Respect target flag
i18n: Update translation templates
doc: clean up headings in files
doc: update links to configuration.md
lxd/instance/drivers/driver/qemu: Return shutdown error to caller
lxd/instance/drivers/driver/lxc: Return shutdown error to caller
lxd/instance/drivers/driver/lxc: Return stop error to caller
lxd/instance/drivers/driver/qemu: Return stop error to caller
lxd/instance/drivers/driver/lxc: Make sure onStop unmount has full operation lock time
lxd/instance/drivers/driver/qemu: Handle unmount errors in onStop
lxd/storage/drivers/driver/zfs/volumes: Increase ZFS unmount wait time to operationlock.TimeoutSeconds
lxd/instance/drivers/driver/qemu: Moves readonly config volume mount to devices directory
lxd/storage/drivers/generic/vfs: Removes VMConfigDriveMountDir
lxd/db/networks: Adds getCreatedNetworks to support filtering created networks by project name
lxd/db/networks: Adds GetCreatedNetworksByProject function
lxd/network/driver/ovn: Fix allowedUplinkNetworks to return only compatible uplink networks
shared: Add cloud-init config keys
lxd: Expose cloud-init config keys through /dev/lxd
lxd: Expose instance type through /dev/lxd
lxd: Add /1.0/devices to devlxd
lxd/device: Use new cloud-init config keys
lxd/instance/drivers: Use new cloud-init config keys
lxd-agent: Expose instance type through /dev/lxd
lxd/instance/drivers: Remove cloud-init from config share
lxd/instance/drivers: Add devices to instance-data
lxd-agent: Add /1.0/devices
doc: Add cloud-init instance config keys
doc: Update cloud-init doc
scripts/bash/lxd-client: Update keys
api: Add cloud_init API extension
doc: Update devlxd
forkusernsexec: use unix.Stderr as standard --keep-fd-up-to value
lxd/network/driver/ovn: Rename getLogicRouterPeerPortName to getLogicalRouterPeerPortName
lxd/network/driver/ovn: Use fmt.Errorf error wrapping
lxd/network/driver/ovn: Fix bug with incorrect instance peer routes being added on NIC start
lxd/device/disk: Support snap packages when opening restricted disk paths
doc: Add initial sphinx support
github: Add a workflow to build the documentation
doc: Add sphinx navigation
doc/index: Fix header level
sphinx: Add substitutions
sphinx: Add example redirect
lxd/db/generate/db/mapping: Accept sql.NullTime in the generator
doc: Fix typo in ToC entry
test: Enable IPv4 forwarding for NIC routed
test: Remove duplicate ping tests from routed NIC
doc/instances: Remove unnecessary full stops from routed NIC table
shared/termios: manually copy termios settings between Go and C
shared/termios: actually copy the values not the index
doc: add a cheat sheet for documentation
Revert "shared/termios: actually copy the values not the index"
Revert "shared/termios: manually copy termios settings between Go and C"
shared/termios: Remove requirement on cgo when setting raw mode
shared/termios: Removes dependency on lxd package github.com/lxc/lxd/shared
test: Update test_concurrent_exec to also test with --force-noninteractive
test: Add non-concurrent exec test
lxc/exec: Always connect control websocket
lxd/instance/drivers/driver/lxc/cmd: Use exitErr.ExitCode functions
lxd/instance/drivers/driver/lxc: Close forkexec log file
lxd/instance/drivers/driver/lxc: release liblxc in DevptsFd function
lxd/instance/drivers/driver/lxc: Remove empty newline
shared/network: Use contextual logging for websocket proxy functions
test: Update test_concurrent_exec to also test with --force-noninteractive
test: Add non-concurrent exec test
lxd/instance/exec: Adds execWS constants for websocket numbers
lxd/instance/exec: Replace allConnected with requiredConnectedCtx
lxd/instance/exec: Replaces controlConnected with controlConnectedCtx
lxd/instance/exec: Rework Connect to make control connection required for interactive exec
lxd/instance/exec: Adds comment documenting variable use of connection number 0
lxd/instance/exec: Simplify connection slot secret setup loop
lxd/instance/exec: Add a timeout waiting for all required websockets to connect
lxd/instance/exec: Adds belt-and-braces websocket close defer
lxd/instance: Remove whitespace
lxd/instance/exec: Don't get lock to access same control connection on every message in control handler
lxd/instance/exec: Improve exec logger context
lxd/instance/exec: Remove duplication of interactive/non-interactive control handler go routines
lxd/instance/exec: Improve logging of websocket mirroring go routines
lxd/instance/exec: Remove duplication of connection locking code
lxd/instance/exec: Adds cmdKill and cmdKillOnce
lxd/instance/exec: Removes need for controlExit
lxd/instance/exec: Adds a check for remote stdout reader closing and kills command if no control connection
lxd/instance/exec: Fix container devpts FD leak in non-interactive exec requests
lxd/instance/exec: Log exit code of command
lxd/instance/exec: Only try to detect extra PATH locations for containers
doc: Increases recommended subuid and subgid ranges in machine setup.
lxd-agent/main/agent: Avoid duplicate log lines by only logging to stdout/stderr
lxd/instance/drivers/driver/qemu: Dont force WaitForWS
lxd-agent/exec: Adds execWS constants for websocket numbers
lxd-agent/exec: Replace allConnected with requiredConnectedCtx
lxd-agent/exec: Adds comment documenting variable use of connection number 0
lxd-agent/exec: Simplify connection slot secret setup loop
lxd-agent/exec: Add a timeout waiting for all required websockets to connect
lxd-agent/exec: Adds belt-and-braces websocket close defer
lxd-agent/exec: Remove whitespace
lxd-agent/exec: Improve exec logger context
lxd-agent/exec: Start command before websocket handler go routines
lxd-agent/exec: Capture command not found errors and convert them to 127 exit code
lxd-agent/exec: Log exit code and use exitErr.ExitCode()
lxd-agent/exec: Removs controlConnected channel and simplifies Connect function
lxd-agent/exec: Use same function for interactive/non-interactive control handler go routines
lxd-agent/exec: Removes controlExit
doc: split out installation instructions from doc start page
doc: split out FAQ from doc start page
doc: clean up support information on doc start page
doc: clean up doc start page
shared/util/linux: Adds ExitStatus function
lxd/instance/exec: Use exitStatus rather than exitCode
lxd/instance/drivers/driver/qemu/cmd: Use exitStatus rather than exitCode
lxd-agent/exec: Use exitStatus rather than exitCode and use shared.ExitStatus() helper
lxd/instance/drivers/driver/lxc/cmd: Use exitStatus rather than exitCode and use shared.ExitStatus() helper
lxd/instance/drivers/driver/qemu: Do not treat stdin as pty
lxd/instance/exec: Remove internal PTY/TTY emulation use on LXD side for VM exec
doc: css: temporary fixes for theme issues
doc: Update Ceph docs with details for erasure coded pools
Replace 18.04/Bionic Beaver by 20.04/Focal Fossa
i18n: Update translation templates
doc: add redirect to index.html
shared/util/linux: Remove empty line in ExitStatus
shared/validate/validate: Return nil error if OK in ParseUint32Range
lxd/device: Improves error message for custom storage volumes when shift is true.
lxd: log basic idmapped mount support
lxd/instance/exec: Simplify and add logging for non-websocket based exec
test: Adds tests for non-websocket based instance exec
lxd/device: Fix golint
lxd/db/certificates: remove UpdateCertificateProjects
lxd/db/generate/db/stmt: remove '-ref' support from stmt
lxd/db/generate/db/method: remove '-ref' support from method
lxd/db/generate/db/lex: remove indexType function
lxd/db/generate/db/method: add ifErrNotNil helper
lxd/db: remove unused generator comments
lxd/db/cluster/constants: format used-by uris to drop default project
lxd/db: update generated code
lxd/db: add URI generation and ID fields to entities with references
lxd/db:update generated code
lxd/db/generate/db/mapping: add TableType to Mapping
lxd/db/generate/db/parse: determine TableType on parse struct
lxd/db/generate/db/mapping: add Filterable field to Mapping
lxd/db/generate/db/parse: don't require filters ReferenceTable/MapTable
lxd/db/generate/db/stmt: support programmatic sql stmts
lxd/db/generate/db/method: add support for generating reference tables
lxd/db/generate/db/method: add support for filling reference fields from tables
lxd/db/devices: add Devices struct and generator comments
lxd/db/devices: Devices to/from API helpers
lxd/db/generate/db/mapping: add DeviceType to mapping
lxd/db/config: add Config struct and generator comments
lxd/db: add association table files
lxd/db: use Device type for Devices
lxd: convert between db.Devices and API map format
lxd/db/projects: use UpdateConfig to update project config
lxd/db/instances: replace addProfilesToInstance with non-generated UpdateInstanceProfiles method
lxd/db: add manual get-URI methods for networks/acls/storage volumes
lxd/db: add non-generated GetProjectUsedBy and GetProfileUsedBy
lxd/db: update generated code
lxd/db/generate: use fmt.Errorf for errors
lxd/db/snapshots.mapper: update generated code
doc/network-zones: Add default column
lxd/network/zone: Cleanup IPv4 logic
api: network_dns_nat
doc/network-zones: Add network.nat
lxd/network/zone: Add new config option
lxd/network/zone: Support network.nat
lxd-agent/exec: Detect invalid exec requests
lxd/instance/drivers/driver/qemu: Always send req.WaitForWS to lxd-agent exec
lxd/device/nic/ovn: Clear up OVS integration bridge port earlier in stop sequence
lxd/db: Add database-leaader role
lxd: Support for database-leader role
tests: Support for database-leader role
api: Add database_leader extension
lxc/cluster: Comma as delimeter for csv format
doc: added link between installing.md and doc/installing.md Signed-off-by: Dillon Samra dillonsamra9@utexas.edu
lxd/storage/backend/lxd: Restore VM filesystem size.state quota on backup restore
lxd/storage/drivers/generic/vfs: Improve logging during backup unpack
lxd/storage/drivers/driver/btrfs/volumes: Enable nodatacow on subvolume for block volumes
lxd/project/permissions: Separate limits.disk validate from other keys in getInstanceLimits
lxd/device/config/consts: Moves DefaultVMBlockFilesystemSize from storage/drivers package
lxd/storage/drivers/volume: Switch to deviceConfig.DefaultVMBlockFilesystemSize
lxd/storage/backend/lxd: Switch to deviceConfig.DefaultVMBlockFilesystemSize
lxd/events/events: Switch events heartbeat to counter rather than using absolute deadline times
lxd/project/permissions: Accounts for VM root disk size.state in getInstanceLimits
doc/storage: Add warning about using VMs on BTRFS storage pools
doc/storage: fix 2 typos
lxc/--sub-command: Added --sub-command flag
lxc/main: More depth in sub-commands
i18n: Update translation templates
lxd/storage: Switch to deviceConfig.DefaultVMBlockFilesystemSize
doc: add files requires for Swagger output
doc: include the Swagger API
doc: override Swagger UI CSS
doc: shallow clone of theme
lxc/copy: Replaces profiles when -p is set.
lxd/firewall/drivers: Adds util to convert port list to port ranges.
lxd/firewall/drivers: Optimises SNAT rules in Xtables.
doc: Clarify btrfs resize documentation
api: Add instance_all_projects extension
shared/api: Add Project field to Instance
lxd/instance/drivers: Fill Project field for instance
client: Add GetInstancesAllProjects, GetInstancesFullAllProjects, GetInstanceNamesAllProjects
lxc/list: Support for all-projects flag and PROJECT column
lxd/db: Support for retrieving data from multiple projects
tests: Support for retrieving instances for all projects
lxd: Ability to retrieve instances for all projects
doc/rest-api: Refresh swagger YAML
i18n: Update translation templates
lxd/firewall/drivers: Optimises SNAT rules in nftables.
lxd/ucred: Add connection functions
lxd/cluster: Require full admin for clusterNodesPost
tests: Make reboot test more reliable
doc: Add ipv{n}.routes to routed nic type config
lxd/ip/route: Add support for 'via' when creating routes
lxd/firewall/drivers: Adds util to calculate DNAT rule optimisations.
lxd/firewall/drivers: Optimises DNAT rules for xtables.
lxd/firewall/drivers: Optimises DNAT rules for nftables.
tests: Updates proxy device integration tests with port range optimisations.
doc: fix link to rest-api.yaml
api: Add clustering_groups API extension
lxd: Add restricted.cluster.groups config option
shared/api: Add cluster group structs
lxd/db/cluster: Add cluster group tables
lxd/db/cluster: Add cluster group constants
lxd/db: Add cluster groups
lxd/db: Fix node retrieval
lxd/db: Add Groups to NodeInfo
lxd/db: Add UpdateNodeClusterGroups
lxd/db/cluster: Add default cluster group on start
lxd/lifecycle: Add cluster groups
lxd: Add /1.0/cluster/groups endpoints
lxd: Add new node to default cluster group
lxd: Disallow node names starting with "@"
lxd: Update cluster groups on node update
lxd: Allow "group" value for scheduler.instance
lxd: Enable cluster group targeting
client: Add cluster group
lxc: Add cluster group
i18n: Update translation templates
doc/rest-api: Refresh swagger YAML
test: Add clustering groups
doc: Add cluster groups
doc: fixed typo in gpu_mig section. Signed-off-by: Dillon Samra dillonsamra9@utexas.edu
doc/storage: Split storage driver config tables
doc/storage: Add missing ceph keys under cephfs
doc/storage: Consistent line endings
lxd/storage: Add const LO_FLAGS_DIRECT_IO flag
lxd/storage: Check for kernel support and O_DIRECT flag before setting direct IO
lxd/storage: Enable direct IO for loop devices in lvm
lxd/storage: Enable direct IO for loop devices in btrfs
lxd/db: Make GetNonPendingNetworkIDs project aware
lxd/cluster: Update for GetNonPendingNetworkIDs changes
lxd/cluster: Modernize coding style
lxd/db: Properly initialize network map
lxd/db: Coding style
lxd/daemon: Ensure heartbeat member refresh task is only called with full state list
lxd/network/driver/bridge: Exclude offline peers in HandleHeartbeat
lxd/daemon: Update hasNodeListChanged to detect member state changes
lxd/daemon: Don't remove offline members from supplied heartbeat member list in NodeRefreshTask
lxd/daemon: Move calculation of member state metrics into leader-only section of NodeRefreshTask
lxd/daemon: Renames hasNodeListChanged to hasMemberStateChanged
lxd/daemon: Make heartbeat member state change task refresh failure retry more explicit in NodeRefreshTask
lxd/device/nic/routed: Add ipv{n}.routes setting for routed NIC type by routing via first static IP specified
test: Ensure routes are created for nictype routed
test: Give exec chance to finish before capturing output
lxd/device/nic/bridged: Allow ipv{n} filtering when ip is set to none
test: Add test for filtering with no ip assigned on an unmanaged bridge
doc: Add that ipv{n} address properties can be none when filtering is set
lxd/cluster/gateway: Include endpoint address in dqlite connect errors
client: Adds method to get events for all projects.
lxd/cluster: Use GetEventsAllProjects to monitor events in the cluster.
lxd/daemon: Rework how heartbeat member role rebalancing works to take into account online members
lxd/daemon: Improves NodeRefreshTask comments
lxd/daemon: Log when cluster member state changes as info level in NodeRefreshTask
lxd/cluster/heartbeat: Use node.IsOffline in heartbeat member data
lxd/db/node: Update nodeIsOffline to consider a node offline if time now is equal to offline threshold
lxd/request: Adds function to save connection to request context.
lxd: Adds save connection in context function to api and dev servers.
lxd/ucred: Refactors GetConnFromWriter to use request context.
test: Updates clustering_remove_raft_node to take into account updated offline threshold logic
lxd/cluster/events: Updates eventsUpdateListeners to accept a heartbeat member list
lxd/cluster/events: Load members from global DB if no heartbeat members provided in eventsUpdateListeners
lxd/cluster/events: Updates eventsUpdateListeners to use heartbeat members
lxd/cluster/events: Updates eventsUpdateListeners member handling
lxd: Remove running eventsUpdateListeners as a continuous task
lxd/cluster/events: Rename eventsUpdateListeners to EventsUpdateListeners
lxd/daemon: Call cluster.EventsUpdateListeners asynchronously from heartbeat NodeRefreshTask
lxd/api/cluster: Call cluster.EventsUpdateListeners asynchronously from internalClusterPostRebalance
lxd/api/cluster: Don't start clustering tasks until member has actually joined the cluster in clusterPutJoin
lxd/daemon: Call cluster.EventsUpdateListeners asynchronously from startClusterTasks
lxc/monitor: Use GetEventsAllProjects to monitor events with lxc monitor.
lxd: Accepts 'all-projects' query parameter on /1.0/events.
lxd/events: Adds allGroups field to listener.
lxd/storage: add ceph.rbd.du storage option
doc: add new ceph.rbd.du storage option to storage configuration docs
api: Add ceph_rbd_du
i18n: Update translations from weblate
gomod: Update dependencies
doc/cluster: Clarify join question handling
doc/clustering: Fix typo
doc/rest-api: Refresh swagger YAML

試用環境 ¶

この新しい LXD リリースは私たちのデモサービスで利用できます。

ダウンロード ¶

このリリースの tarball はダウンロードページから取得できます。

ビルド済みバイナリーは次のように使えます:

Linux: snap install lxd
MacOS: brew install lxc
Windows: choco install lxc

LXD 4.20 リリースのお知らせ ¶

6th of November 2021

はじめに ¶

LXD チームは LXD 4.20 のリリースをお知らせできることにとてもワクワクしています!

このリリースは、たくさんの新しい機能満載の非常に忙しいリリースでした。

VM ユーザーは、ライブマイグレーションの初期実装とコアスケジューリングのサポートを見てハッピーになるでしょう。コンテナユーザーは sysctl 関連の新しい設定ができるようになりました。

新機能の大部分はネットワークに関係したものです。ピアネットワークの関係、自動生成される DNS のネットワークゾーン、SR-IOV でアクセラレーションされる OVN ネットワークなどです。

そして最後に、クラスタリングの面では、どのサーバーが新しいワークロードを受け取るのかをコントロールできるようになりました。

Enjoy!

新機能とハイライト ¶

仮想マシンのライブマイグレーション ¶

LXD に仮想マシンのライブマイグレーションの初期実装がなされました。

この機能は、ふたつの独立したサーバー間を移動するためには lxc move を使うだけで、もしくはクラスター内での移動のためには lxc move --target を使うだけで動作します。

これを使うには、VM 上で migration.stateful を有効にする必要があります。この設定を有効にすると、GPU、USB、ホストの PCI デバイスが使用できなくなり、さらに virtiofs が無効化されます（ファイルシステムパススルーが 9p に制限されます）。

現時点の実装では、すぐにインスタンスのステートフルストップを実行したあと、（実行時の状態を含む）全データのマイグレーションが行われ、ターゲット上でリストアされます。

これは Ceph を使用している場合は 2-3 秒で済みますが、他のストレージバックエンドではかなり時間がかかる可能性があります。BTRFS と ZFS 上のボリュームを非常に手軽に素早くリフレッシュできるようになるように、今後 6 ヶ月 LXD の改良に取り組みます。これによりこれらのストレージバックエンドでも同じくらいのパフォーマンスが得られるようになるでしょう。

OVN 向けネットワークピアリング ¶

LXD のネットワーキングに OVN を使い、複数のネットワークが定義されている際に、現在は、あるネットワークから他のネットワークへのルーティングは OVN を出て、アップリンクのネットワークを通り、再度 OVN へ入ってきます。これはネットワークフローを完全にコントロールするために必要な場合もありますが、大きなボトルネックになる可能性があります。

これを解決するために、LXD でネットワークピアをサポートしました。ピアは一組のネットワークの両側に追加されます（プロジェクト間でも可能）。ピアが確立すると OVN は、トラフィックが OVN から出ないように、一方のネットワークから他方のネットワークへ直接ルーティングするように設定されます。

ピアの関係を使うことで ACL ルールを簡単にすることもできます。@some-network/some-peer をソースもしくはデスティネーションフィールドで使うことで、特定のピアネットワークに出入りするトラフィックに作用させることができます。

このようなピアを管理するには、新しい lxc network peer コマンドを使います。API レベルでは、すべて /1.0/networks/NAME/peers 配下となります。

仕様 : https://discuss.linuxcontainers.org/t/lxd-ovn-network-to-network-routing/12165
ドキュメント : https://linuxcontainers.org/lxd/docs/master/network-peers

ネットワークゾーン（DNS） ¶

多数のプロジェクトで多数のインスタンスを管理している方々は、すべてのインスタンスが有効な正引きと逆引きの DNS レコードが、ネットワーク全体で利用できることの真価を認めるでしょう。

これまでは、内蔵の dnsmasq DNS サーバーと、dnsmasq が自動生成する DNS ゾーンを使うしかありませんでした。しかし、この方法はひとつのプロジェクト内のひとつのネットワークにしか使えませんでした。そして、大規模なインフラ内では簡単に統合して機能させられませんでした。これを解決する別の方法として、完全に手動で準備した DNS サーバーを別に動作させる選択肢がありました。

今回のリリースで、LXD にネットワークゾーンの概念を導入しました。これは事実上、LXD ネットワークに結びついた DNS ゾーンです。そして、正引き DNS レコード、逆引き IPv4, IPv6 レコードに使用できます。

この機能を設定するには、最初にいくつかゾーンを作成します（lxc network zone create）。次に、次の設定のいずれかを設定し、適切なネットワーク上の適切なレコードタイプに割り当てます。

dns.zone.forward
dns.zone.reverse.ipv4
dns.zone.reverse.ipv6

最後に、ゾーンは少なくともひとつの対となる DNS サーバーに設定する必要があります。これは、ゾーン自体をキーとする次の設定を使って行います:

peers.NAME.address
peers.NAME.key

クライアントとなる DNS サーバーが LXD からゾーンを取得できるようにするためには、これらのいずれか、もしくは両方が設定されている必要があります。

これらがすべて設定されると、外部の DNS サーバーはそのゾーンに関して LXD からゾーン転送（AXFR）を行えるようになり、そのゾーンを提供できるようになります。LXD 自身はゾーン転送だけができ、直接問い合わせはできません。

仕様 : https://discuss.linuxcontainers.org/t/lxd-built-in-dns-server/12033
ドキュメント : https://linuxcontainers.org/lxd/docs/master/network-zones

OVN ネットワークでの SR-IOV アクセラレーション ¶

LXD での OVN ベースのネットワークでのパフォーマンス改良のために、SR-IOV アクセラレーションをサポートするようになりました。

これを動作させるには、switchdev モードをサポートする物理ネットワークカードを使用します。このようなカードはゲスト側の VF とホスト側の representor ポートの両方を提供します。適切なカードを持ったシステムが、カードをswitchdevモードに設定し、OVS ブリッジに PF を追加し、OVS を SR-IOV オフロード用に設定すると、LXD はコンテナや VM が使うために VF を自動的に割り当てます。

すべての前提条件を満たしたとき、行う必要があるのは LXD の NIC デバイスに acceleration=sriov を設定することだけで、残りは LXD がやってくれます。

特に 40G、100G、200G ネットワークでは、トラフィック処理の大部分を直接物理 NIC にオフロードすることになるので、パフォーマンスが大幅に向上します。このような環境では、ほとんどの接続では最初のパケットのみがホストシステムと OVS/OVN を経由し、残りのすべてのトラフィックはハードウェアで直接処理されます。

ドキュメント : https://linuxcontainers.org/lxd/docs/master/instances#nic-ovn

コンテナでの Linux sysctl 設定 ¶

新たな設定 linux.sysctl.* を導入しました。これによりコンテナ起動時に、直接特定の sysctl を特定の値に設定できるようになりました。

これはコンテナ内に sysctl.d エントリーを持つよりも柔軟性があります。LXD がホストから適用することで、適切にネームスペース化されているけれども、特権への昇格が必要な sysctl にアクセスできます。

ドキュメント : https://linuxcontainers.org/lxd/docs/master/instances#key/value-configuration

仮想マシンのコアスケジューリング ¶

LXD 4.19 でのコンテナに対するコアスケジューリングに続いて、コアスケジューリングを仮想マシンに拡張しました。コアスケジューリングをサポートしたカーネル上で LXD が動作している場合、LXD は、特定の VM 向けのすべての vCPU スレッドが、同じコアスケジューリンググループに属することを保証します。

コアスケジューリングは、Spectre 脆弱性のためにゲストからアタックされるリスクがある CPU で SMT を使えるように設計されています。コアスケジューリングは、ゲストが特定のコア・スレッドのペアを両方使うか、ゲストが関連するコアを使う間スレッドが使用されないことを保証します。

クラスターメンバーの設定 ¶

クラスターメンバーが設定キーをサポートするようになりました。

自由形式の user.KEY=VALUE に加えて、導入された設定キーは scheduler.instance です。この設定は、特定のクラスターメンバーには自動的にインスタンスは配置せず、CLI で --target オプションを直接指定した場合のみインスタンスを配置できます。

ドキュメント : https://linuxcontainers.org/lxd/docs/master/clustering#managing-a-cluster

ネットワークリースの改良 ¶

新しいネットワークゾーン機能は、ネットワークリースに大きく依存しているので、改良をいくつか行いました。

その改良は:

OVN ネットワークでのネットワークリースのサポートしました
リースのリスト内にアップリンクのネットワークが表示されるようになりました
リストに IPv6 EUI64 アドレスが含まれるようになりました（ステートフルな DHCPv6 が有効になっていないとき）

CLI では、これらのレコードは lxc network list-leases NETWORK-NAME で見ることができます。

すべての変更点（翻訳なし） ¶

このリリースでの完全な変更点のリストは次の通りです:

すべてのChangeLogを見る

lxd/certificates: remove explicit calls to UpdateCertificateProjects
lxd/db/certificates: remove Cluster.UpdateCertificateProjects
lxd/db/generate/db/method: fill entity id association tables on create/update
lxd/db/certificates.mapper: update generated code
lxd/checkfeature: check whether the kernel supports core scheduling
lxd/daemon: Fix crash on lxd start when another lxd already running
lxd/daemon: Don't fail shutdown if fail to close cluster DB
lxd/daemon: Don't use Infof and Errorf
lxd/metrics: Change ProcsTotal to gauge
lxd/instance/drivers: Log metrics failures
lxd-agent: Log metrics failures
lxd/instance/operationalock: Change lock from using instance ID to use project and instace name
lxd/instance/operationalock: Use %q for error quoting
lxd/instance/operationlock: Get lock after checking for non-nil operation
lxd/instance/drivers/driver/common: operationlock usage
lxd/instance/drivers/driver/lxc: operationlock usage
lxd/instance/drivers/driver/qemu: operationlock usage
lxd/instance/instance/utils: operationlock usage
lxd-agent: Drop aggregated cpu stats in metrics
test: Kill LXD process if doesn't start in time
lxd/main/shutdown: Fix shutdown regression when running in snap
lxc: suggest 20.04 as the first container to launch instead of 18.04
lxc: switch from 18.04 to 20.04 for examples of Ubuntu instances
i18n: Update translation templates
lxc: update wording when a cert is successfully trusted by a remote
i18n: Update translation templates
lxd/backup/backup/config: Adds ToInstanceDBArgs function
lxd/instance/instance/utils: Adds LoadFromBackup function
lxd/project/project: Update comment of InstanceParts
lxd/instances: Reworks instancesOnDisk to return slice of instance.Instance
lxd/instances: Updates instancesShutdown to use instancesOnDisk
lxd/patches: Updates patchUpdateFromV11 and patchUpdateFromV15 to use instancesOnDisk
lxd/api/internal: Use backupConf.ToInstanceDBArgs in internalImportFromBackup
lxd/api/internal/recover: Updates internalRecoverImportInstance to use backupConf.ToInstanceDBArgs
lxd/instances: Don't clear last power state of all instances in a cluster in instancesShutdown
lxd/db/instances: Removes ResetInstancesPowerState function
lxd/instances: Move shutdown timeout logic into per-instance go routine in instancesShutdown
lxd/instances: Reworks instancesShutdown to handle and log shutdown failures by forcefully stopping
lxd/instances: Updates instancesShutdown to accept a slice of instances
lxd/instances: Renames containerAutostartList to instanceAutostartList
lxd/instances: Renames instancesRestart to instancesStart
lxd/daemon: Updates init to use instancesStop and instancesStart with preloaded container list
lxd/daemon: Updates Ready to use updated instancesStart
lxd/daemon: Updates Stop to load instances once
lxd/daemon: Updates numRunningInstances to accept a list of instances to check
shared/osarch/architectures: Use ARCH_UNKNOWN rather than 0 in ArchitectureId
lxd/db/instances: Removes UpdateInstancePowerState function
lxd/instance/drivers/driver/common: Adds recordLastState function
lxd/instance/drivers: Use d.VolatileSet in onStop hook to record last power state
lxd/instance/drivers: d.recordLastState usage
lxd/instances/drivers: Call d.UpdateBackupFile just before starting instance process
lxd/daemon: Close global database after query failure in Stop
lxd/daemon: Use consistent terminology of global rather than remote database in Stop
lxd/api/internal: Update internalContainerHookLoadFromReference to try and load instance from backup if DB not available
lxd/instance/drivers/driver/qemu: Update getMonitorEventHandler to try and load instance from backup if DB not available
lxd/storage/drivers/driver/zfs/volumes: Log dev path in UnmountVolume
lxd/migration: Update protobuf config
lxd/migration: Update generated protobuf
gomod: Update dependencies
doc/network: Avoid referring to releases by name
lxd/apparmor: Allow remount using noatime
lxd/apparmor: remove mount options alternations
lxd/apparmor: remove another mount options alternations
lxd/apparmor: remove spaces between mount options for consistency
lxd/apparmor: remove duplicated mount rules (ro,remount,bind)
lxd/api/cluster: Fail on no leader in internalClusterPostHandover
lxd/instance: Fix image download race condition in instanceCreateFromImage
lxd/networks: Report uplink networks in leases
lxd/api/cluster: Fail on no leader in handoverMemberRole
lxd/cluster/gateway: Log partial and initial heartbeat as info
test: Adds better logging and removes handover sleeps in test_clustering_handover
lxd/cluster/heartbeat: No need to log heartbeat restart
test: Don't use pid files in test_clustering_shutdown_nodes
test: Actually ensure cluster DB isn't reachable after its lost quorum in test_clustering_shutdown_nodes
test: Use timeouts in kill_lxd
lxd/storage/drivers/driver/zfs/volumes: Use normal mount rather than zfs mount
tests: Unify how the instance's PID is looked up
tests: add missing --force-local to lxc stop
tests: use CSV format and column filtering where applicable
tests: use CSV format and column filtering to find the name of the newly created instance
tests: use grep -F when the match pattern contains regex/wildcard
tests: replace grep | cut by awk
lxd/instance/operationlock: Adds TimeoutSeconds constant
lxd/instance/drivers/driver/common: Error quoting in onStopOperationSetup
lxd/instance/drivers/driver/qemu: Updates onStop to be more like lxc driver
test/suites: Always provide project arg in volume test
lxd/sys/os: reorder kernel features
os: add separate entries for pure core scheduling kernel feature and container support
lxd: support core scheduling for virtual machines
test/suites: Fix cephfs backup test
lxd/instance/drivers/driver/qemu: Improve comments in Shutdown
lxd/instance/operationlock: Add ErrNonReusuableSucceeded error and Action type and action constants
lxd/instance/operationlock: Reworks Create to use Action type
lxd/instance/operationlock: Reworks CreateWaitGet
lxd/instance/drivers/driver/common: operationlock.Action usage
lxd/instance/drivers/driver/lxc: operationlock.CreateWaitGet and operationlock.Create usage
lxd/instance/drivers/driver/qemu: operationlock.CreateWaitGet and operationlock.Create usage
lxd/instance/drivers/driver/qemu: Add comment in Stop about operation lock
lxd/instance/drivers/driver/qemu: Keep operation alive in Shutdown
lxd/instance/drivers/driver/lxc: Keep operation alive in Shutdown
lxd/network: Move Leases to network package
lxd: support core scheduling for container even without LXC library support
lxd/instance/lxc: Properly report mapped memory
lxd/daemon: Updates NodeRefreshTask to accept an isLeader and unavailableMembers argument
lxd/api/cluster: Improves logging in internalClusterPostHandover
lxd/cluster/gateway: Adds shutdownCtx to NewGateway and return 503 in heartbeat if shutting down
lxd/storage/drivers/driver/zfs/volumes: Set mountpoint=none for filesystem volumes
lxd/storage/drivers/driver/zfs/patches: Update patches to set mountpoint=none
lxd/cluster/gateway: Adds HeartbeatHook type
lxd/cluster/gateway: Reject heartbeat if shutting down
lxd/cluster/gateway: Rework HandlerFuncs heartbeat handling
lxd/cluster/heartbeat: Update heartbeatRestart to return bool if heartbeat restarted
lxd/cluster/heartbeat: Pass non-updated heartbeat members as unavailable to heartbeat refresh task in heartbeat
lxd/cluster/membership: Add logging to notifyNodesUpdate
lxd/cluster/membership: Improve logging in Assign
lxd/cluster/membership: Adds unavailableMembers support to Rebalance and newRolesChanges
lxd/api/cluster: Adds unavailableMembers support to rebalanceMemberRoles
lxd/api/cluster: Improve logging in rebalanceMemberRoles
lxd/cluster/gateway/test: cluster.NewGateway usage
lxd/cluster/gateway: Remove unnecessary logging
lxd/cluster/gateway: Don't stop enrichhing raft nodes if one member name not found in currentRaftNodes
test: Reduce sleeps and offline threshold in clustering tests to speed them up
lxd/db/networks: Reworks GetNetworkInAnyState and its ilk to split the functionality out into separate functions
shared/api/error: Improve argument name in StatusErrorMatch
shared/api/error: Adds StatusErrorCheck helper function
lxd/networks: Use api.StatusErrorCheck to check for not found error from d.cluster.GetNetworkInAnyState
lxd/instance/drivers/driver/lxc: Fix restart locking
lxd/network/driver/ovn: Fix comment on getLoadBalancerName
lxd/cluster/heartbeat: Use api.StatusErrorf in error returned from HeartbeatNode
test: Improve test_clustering_remove_raft_node reliability
lxd/network/ovn: Add support for leases
api: Add image_source_project extension
shared/api: Add Project to ImagesPostSource
lxd/storage/drivers/volume: Adds IsCustomBlock function
lxd/storage/drivers/generic/vfs: Fixes regression in genericVFSBackupUnpack for VM config volume import
lxd/network/openvswitch/ovn: Adds OVNRouterRoute type
lxd/network/openvswitch/ovn: Updates LogicalRouterRouteAdd to accept multiple OVNRouterRoute args
lxd/network/openvswitch/ovn: Harmonise naming conventions in LogicalRouterRouteDelete with OVNRouterRoute type
lxd/network/network/utils: Removes unnecessary DB lookup via NICType function in isInUseByDevice
lxd/network/network/utils: Updates UsedBy to use usedByInstanceDevices
lxd/network/network/utils: Updates usedByInstanceDevices to use updated isInUseByDevice
lxd/network/network/utils: Updates isInUseByProfile to use updated isInUseByDevice
lxd/network/network/utils: Renames isInUseByProfile to usedByProfileDevices
lxd/network/openvswitch/ovn: Update LogicalRouterRouteDelete to accept net.IPNet rather than pointer
lxd/network/driver/ovn: Remove default routes and re-add as needed in setup
lxd/network/driver/ovn: Update InstanceDevicePortSetup to use static route port hints
lxd/network/driver/ovn: InstanceDevicePortDelete updated to handle non-pointer IPNets
client: Support source project in image copies
lxd/images: properly return project name in error
lxd: Support source project in image copies
lxc/image: Support source project in image copies
doc/rest-api: Refresh swagger YAML
lxd/db/config: rename UpdateConfig to UpdateClusterConfig
lxd/db/generate/lex/form: smarter pluralize function
lxd/db/generate/db/method: fix stmt type for generating URIs
lxd/db/generate/db/parse: check stmt and method for omitting fields
lxd/db/generate/db/mapping: pass table name to FieldColumnName
lxd/db/generate/db/stmt: pass variable name to register function
lxd/db/operations.mapper: remove ProjectID omission from operations
lxd/instance/drivers/qmp/monitor: Update run to accept an interace{} for args and JSON encode internally
lxd/instance/drivers/qmp/monitor: m.run usage
lxd/instance/drivers/qmp/commands: m.run usage
lxd/instance/drivers/qemu: Adds workaround for QEMU 6.x regression in handling memory object host-nodes setting
lxd/db/cluster/update: updateFromV50
lxd/db/cluster/schema: Update schema
lxd/db/node: add Config field to NodeInfo
lxd/db/node: populate config on Get
lxd/db/node: add UpdateNodeConfig method
lxd/db/node: add default config on Create
lxd/db/node: bootstrap nodes with BootstrapNode
lxd/db/node: skip database-standby in UpdateRoles
lxd/db/node: skip nodes with manual scheduler
lxd/device: Make sure vfio-pci is loaded
lxc/cluster: Add --yes to remove
tests: Update for change to cluster remove
shared/version/api: add clustering_config
shared/api/cluster: add Config to ClusterMemberPut
lxd/api/cluster: use updateClusterNode for PUT/PATCH
lxd/api/cluster: validate and update config on PUT/PATCH
lxc/cluster: add cluster member get/set/unset
doc/rest-api: Refresh swagger YAML
i18n: Update translation templates
doc/clustering: add clustering configuration docs
test/suites/clustering: add clustering_autotarget
lxd/db/config.mapper: placeholder config methods
lxd: Add fsmonitor package
lxd/state: Add DevMonitor to state
lxd: Initialize DevMonitor in daemon
lxd/device: Switch to DevMonitor
lxd/device: Check prefix path in source
lxd/device: Remove old inotify code
test/suites: Add fsmonitor to static analysis
lxd/db/networks: Fixes getStoragePool to support NULL description fields
lxd/api/cluster: fix comment on clusterGet clusterPut
lxd/device/nic/ovn: Improve error in Start
lxd/network/acl/acl/ovn: Adds OVNIntSwitchPortGroupAddressSetPrefix function
lxd/network/openvswitch/ovn: Adds address management functions
lxd/network/openvswitch/ovn: Adds router policy management function
lxd/network/driver/ovn: Move logical switch creation after internal network IP validation
lxd/network/driver/ovn: Add address set that represents internal switch subnets and NIC routes
lxd/network/driver/ovn: Adds instanceNICGetRoutes function
test: Set LXD_DEVMONITOR_DIR
doc/environment: Add LXD_DEVMONITOR_DIR
lxd/network/driver/ovn: Reworks Update to populate active NIC routes into internal switch's address set
api: Adds network_peer extension
lxd/network/acl/driver/common: ValidName usage
lxd/network/acl/acl/validation: Adds ValidName function
lxd/network/acl/driver/common: Adds ReservedNetworkSubects slice
shared/api/network/peer: Adds network peering API types
lxd/db/cluster: Adds networks_peers and networks_peers_config tables
lxd/db/network/peers: Peer management functions
doc/rest-api: Refresh swagger YAML
lxd/lifecycle/network/peer: Peer lifecycle type
lxd/network/network/utils: Updates UsedBy to check if the network has any created peers
lxd/networks: network.UsedBy usage
lxd/network/driver/common: UsedBy usage
lxd/network: Adds peer management function definitions and common not implemented implementation
lxd/network/driver/common: Adds Peering feature indicator
lxd/network/driver/common: Adds common peer validation function
lxd/network/openvswitch/ovn: Adds peer management functions
lxd/network/driver/ovn: Adds peering management functions
lxd/network/peer: Network peer API endpoints
client/interfaces: Adds network peer management function definitions
client/lxd/network/peer: Adds network peer management client functions
lxc/network/peer: Adds network peer CLI commands
i18n: Update translation templates
doc: Adds network peers documentation
lxd/network/driver/bridge: Fix leases
lxd-p2c: Allow passing existing certificate
client/connection: Typo in ConnectLXD
lxd/instance/post: Improve error in instancePostClusteringMigrate
lxd/move: Adds stateful migration support for cross-pool instance migrations
lxd/move: Consistent comment line endings in moveInstancePool
lxd/instance/post: Refactor how backward compat handling of Live field in instancePost
lxd/instance/post: Error quoting
lxd/instance/post: Comment typo in instancePostPoolMigration
lxd/instance/post: Adds stateful migration support to instancePostPoolMigration
i18n: Update translation templates
process_utils: move wait_for_pid_status_nointr() to common code
lxd: consolidate functions into common header
lxd: make C functions static
lxd: add config.h for common options
doc: Drop part about building LXC
doc: Add bind9-dnsutils to testsuite requirements
lxd: use argument struct for manip_file_in_ns()
forkfile: small coding style fixes
forkfile: decrease indendation level
lxd/fsmonitor/drivers: Add missing FAN_MARK_FILESYSTEM
doc/enviroment: Clarify that LXD_DEVMONITOR_DIR is for testing
lxd/fsmonitor: Ensure path is a mountpoint
lxd/instance/instance: Renames IsMigratable to CanMigrate
lxd/api/cluster: inst.CanMigrate usage
lxd/move: Add stateful move support to moveClusterInstance
lxd/instance/post: Adds stateful migration support to instancePostClusteringMigrate
i18n: Update translation templates
test: Use mountpoint for test devices
lxd/db/node: don't autofill node config
lxd/api/cluster: make scheduler.instance optional
lxd/db/query/transaction: Adds 10s timeout to Transaction
lxd/cluster/gateway: Add 30s idle timeout in dqliteProxy
lxd/cluster/gateway: Close remote connection in dqliteProxy
lxd/cluster/events: Disconnect event listeners for offline members in eventsUpdateListeners
lxd/events/events: Rework events.Listener to use websocket heartbeats
shared/instance: Add linux.sysctl.*
lxd: Support for linux.sysctl.* configuration keys
doc: Add linux.sysctl.*
api: Add linux_sysctl extension
lxd/device/nic/bridged: Prevent specifying ipv{n}.address when NIC is connected to unmanaged parent bridge
test: Add test for bridged NIC not able to specify static IPs when using unmanaged parent bridge
lxd/events/events: Moves blocking reader into heartbeat function
lxd: Removes blocking reader from event client
lxd-agent: Removes blocking reader from event client
lxd/fsmonitor/drivers: Log warning instead of failing
lxd/cluster/gateway: Removes dqliteProxy idle timeout
lxd/cluster/gateway: Update logging in dqliteProxy
lxd/cluster/gateway: Set 30s TCP_USER_TIMEOUT and keep alive timers in dqliteProxy
lxd/util/net: Adds SetTCPUserTimeout function
lxd/db/db: retry cluster transactions once if context deadline exceeded
seccomp: Pass the caller TGID to pidfd_open instead of TID
lxd/instance/drivers: Check swap for metrics
seccomp: verify retrieved fds when
shared/validate: Add IsListOf
doc: Move metrics under API
api: network_dns extension
doc/projects: Add restricted.networks.zones
lxd/projects: Add restricted.networks.zones
doc/networks: Add dns.zone
lxd/network: Add dns.zone
doc/server: Add core.dns_address
lxd/node: Add core.dns_address
shared: Add network zone API
client: Rename lxd_network_forwards for consistency
client: Add network zone functions
lxd/db: Add networks_zones schema
lxd/db: Add network zones helpers
lxd/network/zone: Initial package
lxd/lifecycle: Add network zones
lxd: Add network zone API
doc/rest-api: Refresh swagger YAML
lxc/network: Add zone sub-command
i18n: Update translation templates
lxd/dns: Add DNS server
lxd/daemon: Integrate DNS server
tests: Add DNS zone tests
doc: Add network zones documentation
lxd/instance/qemu: Fix host-nodes on multi-node
lxd/instance/drivers: Use existing DeviceTotalMemory
lxd/instance/drivers: Check memory limit value for metrics
lxd/migrate: Fix deadlock in sendControl
lxd/migrate: Time out when waiting for connections
lxd/storage/backend/lxd: Clarify errors in CreateInstanceFromCopy and CreateInstanceFromMigration
lxd/instances/post: Wrap error in createFromMigration
lxd/instances/post: Update comment in createFromMigration
lxd/instance/drivers/driver/qemu: Implements Migrate to support stateful start after migration
lxd/migrate/instance: Update new migration source and sink functions to detect container instance type for CRIU
lxd/migrate/instance: Move predump setup logic inside CRIU section
lxd/migrate/instance: Keep vol source arg setup logic together
lxd/migrate/instance: Make CRIU logic conditional on container instance type
lxd/migrate/instance: Statefully stop running VM for live migration in migrationSourceWs
lxd/migrate/instance: Code style tweak in migrationSink
lxd/migrate/instance: Update migrationSink Do to support VM stateful migration
lxd/migrate: Update critieria for live migration to detect container instance type
lxc/copy: Add comment clarifying post-migration start up logic in copyInstance
lxd/instance/post: Simplify arguments to instance migration functions
lxd: migrateInstance usage
lxd/instance/post: Remove container references in migrateInstance
lxd/instance/post: Improve comment in instancePostClusteringMigrateWithCeph
lxd/storage/drivers/driver/ceph/volumes: Improve comment in MigrateVolume
lxd/instance/post: Avoid loading storage pool twice in instancePostClusteringMigrateWithCeph
lxd/instance/post: Remove out of date comment from instancePostClusteringMigrateWithCeph
lxd/instance/post: Remove container reference in error in instancePostClusteringMigrateWithCeph
lxd/instance/post: Remove trailing newline in instancePostClusteringMigrateWithCeph
lxd/instance/post: Use http.StatusOK in instancePostClusteringMigrateWithCeph
lxd/instance/post: Switch to api.NewURL() in instancePostClusteringMigrateWithCeph
lxd/db/instances: Adds volumeType argument to UpdateInstanceNode
lxd/instance/post: Replace node in errors with member
lxd/instance/post: Rework instancePostClusteringMigrateWithCeph to support VM stateful migration
lxd/instance/post: Update instancePostCreateInstanceMountPoint to accept an instance
lxd/instance/post: Don't allow migration to same location of instance in migrateInstance
lxd/instances/post: Replace node with member in error in clusterCopyContainerInternal
lxd/storage/drivers/driver/ceph/volumes: Fix MigrateVolume to support VM cluster migration
lxd/instance/post: Update instancePostClusteringMigrate with support for starting instance during stateless migration
test: Update teardown_clustering_netns to succeed if process has already gone
lxd/device/nic/bridged: Allow static IP on unmanaged bridge when MAAS subnet specified
lxd/device/nic/ovn: Remove setting accept_ra sysctl unnecessarily as disable_ipv6 is set
Replace 'which' with 'command -v'
Use which to resolve lxc's path without resolving the shell function of the same name
lxc: better advertise support for VMs
i18n: Update translation templates
lxd/device/device/utils/network: Renames networkSnapshotPhysicalNic to networkSnapshotPhysicalNIC
lxd/device: networkSnapshotPhysicalNIC usage
lxd/device/device/utils/network: Renames networkRestorePhysicalNic to networkRestorePhysicalNIC
lxd/device: networkRestorePhysicalNIC usage
lxd/device/nic: Split up SR-IOV functions
lxd/device: Records SRIOV VF parent device in last_state.vf.parent
shared/instance: Add .last_state.vf.parent support to ConfigKeyChecker
lxd/device/device/utils/network: Adds useSpoofCheck arg to networkSRIOVSetupVF and networkSRIOVRestoreVF
lxd/device/device/utils/network: Add support for last_state.vf.parent in networkSRIOVRestoreVF
lxd/device/nic/sriov: useSpoofCheck argument usage
lxd/network/network/utils/sriov: Rename sriovFindFreeVirtualFunctionMutex to SRIOVVirtualFunctionMutex
lxd/network/network/utils/sriov: Remove use of lock from SRIOVFindFreeVirtualFunction
lxd/device/nic/sriov: Use network.SRIOVVirtualFunctionMutex.Lock
api: Add ovn_nic_acceleration extension
doc/instances: Add network acceleration config
lxd/network/openvswitch: Add HardwareOffloadingEnabled
lxd/network: Adds SRIOVFindFreeVFAndRepresentor
lxd/device/nic_ovn: Add SR-IOV support
lxd/device/nic/ovn: Remove incorrect call to networkSetupHostVethLimits
lxd/cluster: Fix forceful stop on restore
bash-completion: Add restore snapshots
lxd/operations: Updates waitForOperations to accept consoleShutdownTimeout arg
lxd/daemon: Load shutdown timeout from DB in Stop()
lxd/daemon: Only call waitForOperations during Stop if cluster DB is available
lxd/api/internal: Wait for daemon to finish starting up before shutting down in internalShutdown
forkuevent: minor fixes
forkuevent: fix "--" placement
lxd/instances/qemu: Enable topoext on x86_64 with SMT
lxc/import: read from stdin
doc/instances: Explain CPU topology in VMs
cleanup: remove subtest
Remove the last 'which' occurence.
lxc/file: Don't use HostPath on temp files
lxd/cluster: Log leader address on failure
lxd/api/cluster: Sleep for 100ms to allow http.Flush to render
lxd/fsmonitor: Don't crash on Walk errors
lxd/instance/lxc: Only mount for file operations if stopped
lxd/instance_exec: Improve and expand default PATH setting
lxd/network/driver/ovn: Comment typo
lxd/network/driver/ovn: Add external inbound peer address spoof protection to logicalRouterPolicySetup
lxd/network/driver/ovn: Update PeerDelete to remove security policy rules from local and target routers
lxd/network/acl/driver/common: Small optimisation in validateRule
lxd/network/acl/driver/common: Allow named peers starting with @ in validateRuleSubjects
lxd/db/network/peers: Adds GetNetworkPeersTargetNetworkIDs function
lxd/network/acl/acl/ovn: Adds support for peer subjects using @/ in OVNEnsureACLs
doc/network-acls: Adds concept of peer network subject selectors
lxd/instance/drivers/driver/lxc: Adds release function to reduce repetition of liblxc clearing logic
lxd/instance/drivers/driver/lxc: Release liblxc cache when stopping or shutting down
lxd/network/network/interface: Adds PeerUsedBy function
shared/api/network/peer: Adds UsedBy field to NetworkPeer
lxd/network/peer: Populate UsedBy field
lxd/network/driver/common: Adds peer used by functions
lxd/network/driver/ovn: Prevent peer from being deleted if in use
doc/rest-api: Refresh swagger YAML
gomod: Update dependencies
i18n: Update translations from weblate
lxd: Move to new protobuf when possible
gomod: Pin x/net to version supporting 1.13
lxd/storage/btrfs: Support 5.14.2
lxd/db: Use upstream context package
gomod: Update dependencies
gomod: Downgrade dqlite to 1.10.0
lxd/storage/ceph: Properly support pre-existing empty pools

試用環境 ¶

この新しい LXD リリースは私たちのデモサービスで利用できます。

ダウンロード ¶

このリリースの tarball はダウンロードページから取得できます。

ビルド済みバイナリーは次のように使えます:

Linux: snap install lxd
MacOS: brew install lxc
Windows: choco install lxc

LXD 4.0.8 リリースのお知らせ ¶

26th of October 2021

はじめに ¶

LXD チームが LXD 4.0.8 のリリースをお知らせします!

このリリースは、2025 年 6 月までサポートされる LXD 4.0 に対する 8 つめのバグフィックスリリースです。

バグ修正と改良 ¶

このリリースには、開発ブランチからの数カ月分のバグフィックスと細かな改善が含まれています。

主な変更点は次の通りです:

コードベースが Go モジュールと vendor ディレクトリーに切り替えられました
ディザスターリカバリーのための lxd import が lxc recover に置き換えられました
lxc monitor で --all-projects と --format が使えるようになりました
lxc cluster remove --force に --yes を追加しました
ネットワークステート API のネットワークカウンターの拡張
USB GPU の検出

これらはすべて LXD のフィーチャーリリースからバックポートされた改良です。これらの改良はデータベースの変更や、API の動きの変更が不要で、LTS リリースにバックポートするのに十分な操作性の改良になると考えられたものです。

コミットの全リストは次の通りです（翻訳なし）:

すべてのChangeLogを見る

lxd/db/generate/db/stmt: replace naturalKeyWhere with whereClause
lxd/db/generate/db/parse: use kind parameter for Filter generation
lxd/db/generate/db/method: pass query kind to Filter
lxd/db/generate/db/stmt: use delete-by statements with Filter instead of only by id
lxd/db/generate/db/method: use and handle Filter as paramter for Delete method
lxd/db/generate/db/method: make Delete into DeleteOne and DeleteMany
lxd/db/certificates: add new entries for code generation
lxd/db/certificates: add delete-by fields to CertificateFilter
lxd/db/certificates: remove old DeleteCertificateByNameAndType
lxd/db/certificates: use Filter as parameter for delete
lxd/cluster/membership: use Filter as parameter for delete
lxd/db/profiles: add new entries for code generation
lxd/db/profiles.mapper: add new generated code
lxd/api/project: use Filter as parameter for delete
lxd/instance/test: use Filter as parameter for delete
lxd/patches: use Filter as parameter for delete
lxd/profiles: use Filter as parameter for delete
lxd/db/snapshots: add new entries for code generation
lxd/db/snapshots.mapper: add new generated code
lxd/db/instances: add new entries for code generation
lxd/db/instances.mapper: add new generated code
lxd/db/instances: use Filter as parameter for delete
lxd/db/projects: add new entries for code generation
lxd/db/projects.mapper: add new generated code
lxd/api/project: use Filter as parameter for delete
lxd/db/certificates.mapper: add new generated code
shared/validate: Add IsListenAddress
lxd/lxd: Validate https address for config key core.https_address
lxd/db/operations: add OperationFilter and operation database fields
lxd/db/operations: add new entries for code generation
lxd/db/generate/db/mapping: add OperationType as valid type for mapping
lxd/db/generate/db/parse: support pointers
lxd/db/generate/db/stmt: add create-or-replace statement functionality
lxd/db/generate/db/method: add CreateOrReplace method functionality
lxd/db/operations: remove hard-coded functions
lxd/db/generate/db/parse: handle 'omit' tag
lxd/db/generate/db/method: pass mapping kind to Parse for 'omit' tag
lxd/db/generate/db/stmt: pass mapping kind to Parse for 'omit' tag
lxd/db/generate/db/parse/test: pass mapping kind to Parse for 'omit' tag
lxd/db/operations.mapper: add new generated code for operations
lxd/db/transaction: add GetNodeID
lxd/cluster/membership: use filter parameter for generated operation methods
lxd/db/db: use filter parameter for generated operation methods
lxd/db/operations/test: use filter parameter for generated operation methods
lxd/operations: use filter parameter for generated operation methods
lxd/operations/linux: use filter parameter for generated operation methods
Revert "lxd/device: Fix duplicate MAC test"
lxd/node: Relax constraint on cluster address
lxd/device/nic/bridged: Exclude NICs that are different type from MAC/IP duplicate checks
lxd/device/nic/bridge: Extend parent network exclusions for duplicate MAC/IP checks
test: Updates bridged duplicate MAC/IP tests
lxd/instance/drivers/qmp/commands: Fixes potential crash in QueryPCI
lxd/instance/lxc: Fix swappiness calculation
lxd/cluster/info: Increase loadInfo log level for starting local DB
lxd/daemon: Modify LXD is starting message to use contextual logging
lxd/daemon: Move to contextual logging in init
lxd/daemon: Use logger/Debug/Info/logger.Warn rather than logger.Debugf/Infof/Warnf
lxd/daemon: Increase some cluster startup/upgrade messages to Warn from Info in init
lxd/daemon: Upper case first letter in error in init
lxd/storage: Better logging and errors in setupStorageDriver
lxd/storage/utils: Removes VolumeDBTypeToTypeName as unused
lxd/storage/drivers/volume: Config comment improvement
lxd/storage/drivers/volume: Rename customMountPath to mountCustomPath
lxd/storage/drivers: vol.mountCustomPath usage
lxd/storage/drivers/volume: Adds mountFilesystemProbe and SetMountFilesystemProbe function
lxd/storage/drivers/utils: fsUUID simplification
lxd/storage/drivers/utils: Adds fsProbe function
lxd/storage/drivers/driver/lvm/volumes: Adds vol.mountFilesystemProbe support to MountVolume
lxd/storage/drivers/driver/ceph/volumes: Adds vol.mountFilesystemProbe support to MountVolume
lxd/instance/drivers/driver/lxc: Adds volumeConfig arg to lxcCreate
lxd/instance/drivers/driver/qemu: Adds volumeConfig arg to qemuCreate
lxd/instance/instance/utils: Updates Create signature for new create function
lxd/instance/drivers/load: Adds volumeConfig arg to create
lxd/instance/instance/utils: Adds volumeConfig arg to CreateInternal
lxd: instance.CreateInternal usage
lxd: instance.CreateInternal usage in tests
shared/api: Support for Requestor field in lifecycle event log
lxd/instance/drivers: Check instance is stopped, and not in an error state when stopping
shared/idmap: Use O_CLOEXEC
lxd/storage: Use O_CLOEXEC
client/connection: Log simplestreams URL in ConnectSimpleStreams
client/connection: Error quoting in ConnectSimpleStreams
lxc/config/config: Use DefaultConfig when defaults==true in NewConfig
lxc/config/file: Set DefaultRemote in LoadConfig if not specified by config file
lxc/config/file: Reference DefaultConfig.DefaultRemote in SaveConfig
lxc/monitor: Add --all-projects
lxc/monitor: Add --format
i18n: Update translation templates
test/godeps: Updates with github.com/lxc/lxd/shared/log15
lxd/instance/drivers/driver/qemu: Update start time volatile keys before backup file is written
lxd/instance: Pass instanceType to ValidConfig
lxd/instance: Pass instanceType to validConfigKey
shared/instance: Split the config keys in container/VM/Any
doc/instances: Mark security.devlxd as available for VMs
shared/instance: Re-format
shared/instance: Switch to the new maps
shared/instance: Pass instanceType to ConfigKeyChecker
lxc/list_test: Fix comments
lxc/list: Update for ConfigKeyChecker change
lxd/instance: Update for ConfigKeyChecker change
lxd/storage/drivers/driver/lvm/utils: Typo in comment on lvmBlockVolSuffix
lxd/storage/drivers/driver/zfs/utils: Adds zfsBlockVolSuffix const and uses it in dataset function
lxd/storage/drivers/driver/zfs/patches: Uses zfsBlockVolSuffix in patchStorageZFSMount function
lxd/storage/drivers/driver/ceph/utils: Add cephBlockVolSuffix constant
lxd/storage/drivers/driver/ceph/utils: Moves volume type to rbd volume prefix conversion out of getRBDVolumeName and into cephVolTypePrefixes
lxd/storage/drivers/driver/lvm/utils: Simplify lvmFullVolumeName
shared/api: Fix crash on missing event requestor
shared/cmd/ask: Add error handling to CLI question askers to avoid infinite loops with EOF
lxd/main/init/interactive: Update usage of CLI asker functions to handle errors
lxc/remote: Update usage of CLI askers to handle errors
lxc: Hide built-in completion command
shared/api: Add support for USB GPU
lxd/resources: Add support for USB GPU
api: resources_gpu_usb
lxd/resources: Reword errors
shared/validate: Change IsOneOf to return validator
lxd: Switch to new IsOneOf
shared: Switch to new IsOneOf
doc/cloud-init: Update for current images
lxd/db/storage/pools: CreateStoragePool comment improvement
lxd/storage/drivers/utils: Consistent error quoting and messaging in wipeDirectory
lxd/storage/drivers/driver/btrfs: Consistent error quoting and messaging in Delete
lxd/storage/drivers/driver/zfs: Add validation to Mount
lxd/storage/backend/lxd: Expand comment in EnsureImage about partial image volume handling
lxd/storage/backend/lxd: Don't try to load root disk config in MountInstance/UnmountInstance if instance not in DB
lxd/storage/backend/lxd: Remove support for lxd import from CheckInstanceBackupFileSnapshots
lxd/storage/backend/lxd: Clarify comment in CheckInstanceBackupFileSnapshots
lxd/storage/utils: Adds VolumeTypeToAPIInstanceType function
lxd/storage/load: Adds NewTemporary function
lxd/storage/drivers/interface: Adds ListVolumes definition
lxd/storage/drivers/generic/vfs: Adds genericVFSListVolumes function
lxd/storage/drivers/generic/vfs: Adds and uses constant genericVolumeBlockExtension
lxd/storage/drivers/driver/mock/volumes: Adds ListVolumes function
lxd/storage/drivers/driver/btrfs/volumes: Adds ListVolumes function
lxd/storage/drivers/driver/dir/volumes: Adds ListVolumes function
lxd/storage/drivers/driver/lvm/volumes: Adds ListVolumes function
lxd/storage/drivers/driver/zfs/volumes: Adds ListVolumes function
lxd/storage/drivers/driver/ceph/volumes: Adds ListVolumes function
lxd/storage/drivers/driver/cephfs/volumes: ListVolumes function
lxd/storage/pool/interface: Add ListUnknownVolumes definition
lxd/storage/pool/interface: Adds ImportInstance definition
lxd/storage/backend/mock: ListUnknownVolumes function placeholder
lxd/storage/backend/mock: Adds ImportInstance placeholder function
lxd/storage/backend/lxd: Adds ListUnknownVolumes function
lxd/storage/backend/lxd: Adds ImportInstance implementation function
lxd/storage/backend/lxd: Delete any left over image volumes in Delete
lxd/storage/drivers/volume: EnsurePath to create parent snapshot volume directory if needed
lxd/storage/drivers/utils: Consistent quoting of errors in createParentSnapshotDirIfMissing
lxd/db/profiles: Adds GetProjectProfileNames function
lxd/api/internal: Adds internalRecoverValidateCmd and internalRecoverImportCmd endpoint
lxd/main: Adds recover CLI command
test: Adds container recover tests
doc/backup: Newline tweaks for clarity
doc/backup: Updates disaster recover documentation describing the use of the lxd recover command
lxd/api/internal: Remove lxd import endpoint and internalImportFromRecovery function
lxd/api/internal: Remove recovery mode from internalImport
lxd/instances/post: internalImport usage in createFromBackup
lxd/instance/drivers/driver/lxc: Remove usage of storagePools.InstanceImportingFilePath
lxd/api/internal: Update internalImport to use instance name consistency and dont mangle the parsed backup yaml snapshot names
lxd/main/import: Modify lxd import to error with instructions to use lxd recover command
test: Remove lxd import tests
lxd/storage/storage: Delete GetContainerMountPoint as doesn't support VMs
lxd/patches/utils: Adds containerMountPoint as deprecated legacy function
lxd/patches: Switches to containerMountPoint
lxd/instance/post: Switch to storagePools.LoadByInstance() in instancePostClusteringMigrateWithCeph
lxd/instance/post: Renames internalClusterContainerMovedPost to internalClusterInstanceMovedPost
lxd/instance/post: Error consistency in instancePostClusteringMigrateWithCeph
lxd/instance/post: Renames instancePostCreateContainerMountPoint to instancePostCreateInstanceMountPoint
lxd/instance/post: Switch to instancePostCreateInstanceMountPoint
lxd/profiles/utils: Don't expose node concept in end user errors in doProfileUpdate and doProfileUpdateCluster
lxd/api/internal: Rename internalImport to internalImportFromBackup
lxd/instances/post: internalImportFromBackup usage in createFromBackup
lxd: Renames /internal/cluster/container-moved to /internal/cluster/instance-moved
i18n: Update translation template
lxd/db/generate/db/mapping: check Filter field in FilterFieldByName
lxd/db/generate/db/parse: fill Filter field for Mapping
lxd/db/generate/db/parse/test: use empty Filter for tests
lxd/db/projects: move api.Project to db.Project
lxd/api: use db.Project instead of api.Project
lxd/db: use db.Project instead of api.Project
lxd/device: use db.Project instead of api.Project
lxd/device: use db.Project instead of api.Project
lxd/patches: use db.Project instead of api.Project
lxd/project: use db.Project instead of api.Project
lxd/storage: use db.Project instead of api.Project
lxd/db/certificates: add CertificateType for type of certificate
lxd/certificates: use CertificateType instead of int
lxd/cluster: use CertificateType instead of int
lxd/daemon: use CertificateType instead of int
lxd/db/migration/test: use CertificateType instead of int
lxd/db/generate/db/mapping: support CertificateType
lxd/db/generate/db/method: add generator comment to generated methods
lxd/db/mapper: generated code
Added console and rename to lxd names auto complete
lxd/instance/drivers: Add ErrInstanceIsStopped
lxd/api_internal_recover: Update for stable-4.0
lxd/util/kernel: Renames HasFilesystem to SupportsFilesystem
lxd/daemon: util.SupportsFilesystem usage
lxd/storage/filesystem: Adds filesystem package and moves FilesystemDetect to it as just Detect
lxd/storage/drivers/utils: Removes hasFilesystem
lxd/storage/drivers/driver/btrfs: Replace hasFilesystem usage with filesystem.Detect
lxd/device: filesystem.Detect usage
lxd/instance/drivers: filesystem.Detect usage
lxd: filesystem.Detect usage
lxd/sys: filesystem.Detect usage
shared: Removes IsMountPoint and parseMountinfo
lxd/storage/filesystem/fs: Adds parseMountinfo and IsMountPoint
lxd/daemon: filesystem.IsMountPoint usage
lxd/device: filesystem.IsMountPoint usage
lxd/patches: filesystem.IsMountPoint usage
lxd/storage: filesystem.IsMountPoint usage
lxd/storage/filesystem: Adds StatVFS function
shared/util/linux: Removes Statvfs
lxd/storage/drivers/generic/vfs: filesystem.StatVFS usage
lxd/storage/filesystem/fs: Switch Detect to use StatVFS
lxd/storage/drivers: Error quoting
lxc: Provide more information on instance device actions
lxc: Update error message on non-existent device
po: Update translations
lxd/storage/drivers: Initialise an empty volume config in the volumes returned from ListVolumes
lxd/storage/pool/interface: Adds ImportCustomVolume definition
lxd/storage/backend/mock: Adds ImportCustomVolume placeholder
lxd/storage/backend/lxd: Adds ImportCustomVolume implementation
lxd/storage/backend/lxd: Add custom volume support to ListUnknownVolumes
lxd/api/internal/recover: Add custom volume support to recover feature
lxd/api/internal/recover: Improve instance recover error messages
lxd/instance/drivers/driver/qemu: Remove isImport TODO consideration as lxd import doesn't exist anymore
lxd/storage/drivers/driver/zfs/volumes: Fix ListVolumes to detect custom block volumes
lxd/storage/backend/lxd: Improve error and logging of removal of left over image volumes in Delete
lxd/storage/drivers: Update ListVolumes of block backed drivers to detect duplicate image volumes and only return the block type
shared/api/cluster: Add ClusterMemberStatePost
lxd: Add forwardedResponseToNode
lxd: Add migrateInstance function
client: Add UpdateClusterMemberState
test/suites: Clean up clustering_image_refresh
lxd/instance: Rename project to projectName
lxd/db/generate/db: mention interface signatures in cli help
lxd/db/generate/file/snippet: add GenerateSignature
lxd/cgroup: Fix handling of non-systemd cgroup2
lxd/db/generate/db/stmt: implement empty GenerateSignature
lxd/db/generate/db/method: implement GenerateSignature and signature
lxd/db/generate/db/method: add isInterface argument to begin
lxd/db/generate/db/method: use signature instead of begin
lxd/db/generate/file/write: add resetInterface and appendInterface
lxd/db/interface/mapper: add generated interface files
lxd/db/generate/db/method: use GetOne/GetMany instead of Get/List
lxd/db: use GetOne/GetMany for generator comments
lxd/db/mapper: new generated code
lxd/db/generate/db/lex: add -by- field parsing helpers
lxd/db/generate/db/mapping: add ActiveFilters
lxd/db/generate/db/mapping: make FieldArgs and FieldParams methods on Mapping
lxd/db/generate/db/method: use operations to parse method kind
lxd/db/generate/db/method: use new Field argument parsing
lxd/db/generate/db/method: implement parameter-based delete methods
lxd/db: use -by- fields for delete generation comments
lxd/db/mapper: update generated code
lxd/db: use explicit arguments for delete
lxd/api/project: use explicit arguments for delete
lxd/cluster/membership: use explicit arguments for delete
lxd/instance/test: use explicit arguments for delete
lxd/operations/linux: use explicit arguments for delete
lxd/patches: use explicit arguments for delete
lxd/profiles: use explicit arguments for delete
lxd/db/generate/lex/case: lowercase ID and UUID
lxd/db/operations/mapper: update generated code
lxd/api/internal/recover: Search unknown volumes list for any instance volume and use that for pool DB recovery
lxd/main/recover: Add some output when starting potentially log processes
test: Ensure custom user config is restored during pool recovery from instance config
lxd/db: Update generated functions
doc/rest-api: Refresh swagger YAML
lxd/db/generate/db/parse: rename (Ref)Filters to (Ref)FiltersFromStmt
lxd/db/generate/db/method: use FiltersFromStmt
lxd/db/generate/db/method: add if block for empty filters
lxd/db/certificates: remove comparison flag from Fingerprint
doc: Add events doc to navigation
test: Switch recover tests to use a non-default project
lxd/api/internal/recover: Recover custom volumes before instance volumes
test: Add recover custom volume tests
lxd/storage/drivers/driver/cephfs/volumes: Implements ListVolumes function
lxd/api/internal/recover: Removes check for skipping unsupported storage pools in internalRecoverScan
lxd/api/internal/recover: Don't allow storage pool record recovery if clustered
lxd/main/recover: Don't offer the option to enter additional storage pools when clustered
lxd/storage/drivers: Prevent custom block volume export
lxd/device/disk: Check path property for filesystem volumes
lxc/init: When using network flag support managed networks
lxd/init: Create NIC called eth0 with interface name eth0 when using --network flag
lxc/init: Improve errors so that it is clear what resource type isn't found
lxd/instance/drivers: Make volatile.uuid population code same for both drivers
lxd/instance/instance/utils: Populate volatile.uuid in CreateInternal if needed
lxd/instance/instance/utils: Adds MoveTemporaryName and IsSameLocgicalInstance functions
lxd/device/nic/bridged: Update duplicate validation to use instance.IsSameLocgicalInstance
test: Fix tests to use eth0 rather than attached network name
lxd: Hide built-in completion command
lxd/instance/instance/utils: Updates CreateInternal to create an operationlock as soon as its instance ID exists
lxd/api/internal: CreateInternal operationlock usage
lxd/instance: CreateInternal operationlock usage
lxd/instance/drivers/driver/common: CreateInternal operationlock usage
lxd/instances/post: CreateInternal operationlock usage
lxd/migrate/instance: CreateInternal operationlock usage
lxd: Update tests for CreateInternal usage
syscall_wrappers: don't conflict with glibc provided close_range()
lxd/db/certificates: add manual query for fingerprint with wildcard
lxd/db/certificates/test: remove wildcard from test
lxd/db/images: remove comparison flag from Fingerprint
lxd/db/images: add getImagesByFingerprintPrefix for wildcard querying
lxd/db/transaction: add prepare
Makefile: add goimports to update-schema
lxd/db/mapper: update generated code
lxd/db/generate/db/stmt: remove comparison tag handling
lxd/db/images/test: add TestGetImage
lxd/db/images: fingerprint to fingerprintPrefix and public to publicOnly
lxd/apparmor: Allow remount using strictatime
lxd/db: use pointers for filter fields
lxd/db/generate/db/method: remove Criteria and check filter fields directly
lxd/db/generate/db/lex: check filter for nil fields instead of criteria
lxd/db/generate/db/mapping: remove unused functions
lxd/db/generate/db/parse: remove unused functions
lxd/db/generate/db/parse: return active and ignored filters from (Ref)FiltersFromStmt
lxd/db/generate/db/lex: check ignored fields are nil in activeFilters
lxd/db/generate/db/method: check ignored filters and error out if invalid
lxd/firewall: Rename DHCPDNS to ICMPDHCPDNS
lxd/firewall/nftables: Allow ICMP
lxd/firewall/xtables: Allow ICMP
lxd/db/instances: omit InstanceType from -Ref methods
lxd/db/mapper: update generated code
images: use pointers for ImageFilter
operations: use pointers for OperationFilter
profiles: use pointers for ProfileFilter
snapshots: use pointers for InstanceSnapshotFilter
instances: use pointers for InstanceFilter
lxd/db/instances: remove InstanceFilterAllInstances
lxd/db/instances: add InstanceTypeFilter
lxd/db/instances: use InstanceFilter instead of optional args
lxd/use InstanceTypeFilter instead of optional args
lxd/db/instances: add empty string check for GetLocalNodeName
lxd/db/images: use ImageFilter for optional args
lxd/storage/pools: use ImageFilter for GetImages args
lxd/util: Add ceph config parser
lxd/storage/cephfs: Use new ceph parsing funtions
lxd/device/disk: Use new ceph parsing funtions
lxd/util: Make ceph.conf parser more tolerant
global: Disable the completion command
lxd/instance/lxc: Rework raw.lxc handling
lxd/storage/zfs: Fix bad key name
lxd/storage/zfs: Fix ListVolumes to use correct pool name
lxd/device: Add CanMigrate
lxd/instance/common: Fix error message
doc/instances: Clarifies expectation of uniqueness for volatile.uuid
lxd/instance/instance/utils: Allow cross-project same instance matching on volatile.uuid in IsSameLocgicalInstance
lxd: Fix typo in spelling of IsSameLogicalInstance
lxd/device/nic/routed: Specify zero broadcast address
test: Add test for routed NIC to ensure broadcast address isn't set by liblxc
lxd/init: Allow preseeding cluster_token
lxd/main: Replace cluster node with cluster member
lxd/device/device/utils/proxy: Improve error messages from ProxyParseAddr
lxd/device/proxy: Use validation helpers for clarity
lxd/device/proxy: Consistent error endings
lxd: Switch to new fsnotify
lxd/device/gpu_mdev: Switch to common UUID package
lxd/network/errors: ErrUnknownDriver comment ending
lxd/network/errors: Adds ErrNotImplemented error
lxd/project/permissions: Removes defaultRestrictionsValues and merges into allRestrictions
lxd/project/permissions: Add restricted.devices.{pci,proxy} defaulting to block
doc/projects: Adds restricted.devices.{pci,proxy} docs
lxd/api/project: Add restricted.devices.{pci,proxy} validation
scripts/bash/lxd-client: Adds restricted.devices.{pci,proxy} to bash completion
lad/project/permissions: Implement restricted.devices.{pci,proxy} restrictions
lxd/device/proxy: Don't allow NAT mode when used inside projects with networks feature
lxd/device/device/utils/network: Removes networkParsePortRange
lxd/network/network/utils: Adds ParsePortRange function
lxd/device/device/utils/proxy: network.ParsePortRange usage
global: Use shorter uuid generation syntax
lxd/init: Introduce --minimal
lxc: join tokens are removed by member name, not token
shared/validate: Fix IPv6 wildcard handling in IsListenAddress
lxd/device/gpu_mdev: Fix mdevUUID logic
lxd/response: Rework SmartError to handle wrapped errors from stdlib errors and github.com/pkg/errors
lxd/storage/pools: Use SmartError in storagePoolsPost
lxd/storage/pools/utils: Wrap errors in storagePoolDBCreate
lxd/db/transaction: Adds QueryScan helper function
test: Update tests with new error text
lxd/storage/backend/lxd: Allow removal of quota from VM filesystem volume if main quota is removed
lxd/storage/drivers/driver/btrfs/volumes: Add log for VM block file quota accounting in SetVolumeQuota
lxd/storage/drivers/driver/dir/volumes: Add log for VM block file quota accounting in SetVolumeQuota
lxd/storage/drivers/driver/btrfs/volumes: Consistently apply referenced limit only and remove exclusive limits in SetVolumeQuota
lxd/network/bridge: Comments
shared/validate: Add IsInRange
lxd/endpoints: Correct bad comment
lxd/endpoints: Rename serveHTTP to serve
lxd/network/network/utils: Check end port is higher than start port in ParsePortRange
lxd/network/network/utils: Adds SubnetContainsIP function
lxd/cluster/recover: add Recover
lxd/cluster/recover: add updateLocalAddress
shared/api/error: Adds StatusError type
lxd/response/smart: Updates SmartError to detect and use api.StatusError type errors
client/lxd: Updates lxdParseResponse to "interface smuggle" an api.StatusError type when getting an error response from API
lxd/storage/backend/lxd: Restore pool directory structure on mount if needed
test: Update container recovery tests to check for pool directory structure rebuild
lxd/db/db: add DqliteLatestSegment
lxd/main/cluster: add ClusterConfig and ToRaftNode
lxd/main/cluster: add 'lxd cluster edit' command
lxd/main/cluster: add validateNewConfig
test/suites/clustering: add test_clustering_edit_configuration
lxd/main/cluster: add 'lxd cluster show' command
lxd/rbac: Drop old API
lxd/api_1.0: Improve structure
lxd/daemon: Improve structure
gomod: Initial port
tests: Silence grep notices
doc/index: Clarify CRIU example
doc/index: Update for gomod
Makefile: Tweak PHONY targets
Makefile: Tweak static-analysis
Makefile: Switch to gomod
tests: Update for gomod
github: Update for gomod
gomod: Update dependencies
lxd/network/driver/common: Updates validate to use shared.IsUserConfig
Makefile: Cleanup if statements
Makefile: Add support for LXD_OFFLINE
client/util: Adds urlsToResourceNames function
client: Switch *Names functions to use urlsToResourceNames
doc/instances: Capitalize NIC
lxd/firewall/drivers/driver/consts: Adds AddressForward type
lxd/firewall/firewall/interface: Updates InstanceSetupProxyNAT to accept AddressForward
lxd/firewall/drivers/driver/xtables: Updates to support AddressForward
lxd/firewall/drivers/drivers/nftables: Updates to support AddressForward
lxd/firewall/drivers/drivers/nftables: Separate DNAT rules from SNAT rules in InstanceSetupProxyNAT
lxd/device/config/device/proxyaddress: Separate address and ports in ProxyAddress
lxd/device/device/utils/proxy: Updates ProxyParseAddr to support new ProxyAddress format
lxd/device/proxy: Updated to support firewallDrivers.AddressForward and ProxyAddress changes
lxd/main/forkproxy: Updates to support changed ProxyAddress
lxd/main/forkproxy/test: Updates tests to refect new ProxyAddress structure
Makefile: Use go env GOPATH command to get GOPATH rather than env var GOPATH
Makefile: Build lxd-generate directly to $(GOPATH)/bin/lxd-generate
lxd/db/generate/lex/parse: Remove github.com/pkg/errors dependency
lxd/db/generate/lex/parse: Updates Parse to take an absolute path to package directory
lxd/db/generate/lxd/parse/test: Updates TestParse
lxd/db/generate/db/parse: Updates Packages and defaultPackages to work relative to the LXD source tree
lxd: implement volume import/export for CephFS
lxd/main: Add setfattr to dependencies
lxc/info: Use local timezone
test/suites/clustering: use 'lxd cluster show' for tests
lxd/cluster/membership: make waitLeadership public
shared/api/error: Removes pointer receivers from StatusError functions
shared/api/error: Adds StatusErrorMatch helper function
lxd/response/smart: api.StatusErrorMatch usage in SmartError
Makefile: Set GO111MODULE=on for update-api
client/util: Update urlsToResourceNames to reduce allocations
lxd/network/network/utils: Adds ParseIPToNet and ParseIPCIDRToNet functions
shared/api/network/forward: Adds shared structs for network address forwards
doc/rest-api: Refresh swagger YAML
lxd/api/cluster: handover leadership when removing leader
test/suites/clustering: add test_clustering_remove_leader
lxd/util/sys: add ReplaceDaemon
lxd/api/cluster: replace daemon when disabling clustering
shared/api: Add Refresh to StorageVolumeSource
doc/rest-api: Refresh swagger YAML
client: Add Refresh flag to StoragePoolVolumeCopyArgs
lxd/storage: Improve errors
lxd/storage: Fix Refresh with CreateCustomVolumeFromMigration
doc/index: Update min packages required to operate LXD
doc/index: Add recommendation about min memory size needed
doc: Don't assume that Go's bin path is ~/go/bin
doc/requirements: Adds minimum memory requirements to build
lxd/util/net: add IsWildcardAddress
lxd/api/cluster: block core.https_address wildcard in cluster bootstrap
doc/clustering: add 'lxd cluster edit' documentation
lxd/endpoints/network: don't give up if no network listeners exist
lxd/endpoints/cluster: check for unset networkAddress before returning
lxd/endpoints/endpoints: fallback from network to cluster address
lxd/node/config: assign default port to listener addresses if none given
test/suites/clustering: expand tests to check listener addresses
lxc/main/aliases: Fix panic when empty argument passed to lxc command
test: Improve container devices proxy xtables tests
test: Fix tabbing in container devices proxy test
shared/api: Add Errors{Received,Sent} to network counters
shared/netutils: Fill Errors counters
doc: Update Rest API
test: Improve error checks for proxy device
lxd/firewall/drivers/drivers/nftables: Rework InstanceSetupProxyNAT to accomodate network forward support
lxd/firewall/drivers/drivers/xtables: Fix proxy NAT listen port in InstanceSetupProxyNAT
api: Add network_counters_errors extension
i18n: Update translation templates
lxd/device/proxy: Improve connect IP error messages
shared/api: Add PacketsDropped{Inbound,Outbound} to network counter
shared/netutils: Fill Dropped counters
doc: Update Rest API
api: Extend network_counters_errors API extension
lxd/device/proxy: Improve post-start error messages to include device name
Remove mkdocs.yml
.github/workflows: Update go versions
lxd/firewall/drivers/drivers/xtables: Updates iptablesClear to support removing rules by matching multiple comments
lxd/firewall/drivers/drivers/xtables: Adds iptablesCommentPrefix
lxc/copy: Don't allow --refresh and --no-profiles
i18n: Update translation templates
lxc/cluster: Comment improvement
lxd/api/cluster: Adds mutex to clusterNodesPost to prevent concurrent requests creating duplicates
lxd/util/net: Update CanonicalNetworkAddress to return canconical IP
lxd/util/net: Update IsAddressCovered to use net.IP when comparing IP equality
lxd/endpoints/cluster: Improve error message in ClusterUpdateAddress
lxd/endpoints/network: Improve error message in NetworkUpdateAddress
lxd/util/net: Improve comment in CanonicalNetworkAddress
lxd/main/init/interactive: Use util.CanonicalNetworkAddress in askClustering
lxd/main/init: Use util.CanonicalNetworkAddress when constructing address from join token
lxd/main/init: Ensure config.Cluster.ServerAddress and config.Cluster.ClusterAddress are in canonical form
lxd/endpoints/endpoints: require set network listener before checking coverage
test/suites/clustering: add enable clustering test on lxd reload
lxd/resources/network: send not-found error instead of internal error
shared/util: rename DefaultPort to HTTPSDefaultPort
lxd/util/net: specify default port to CanonicalNetworkAddress
lxd/util/net: specify default port to CanonicalNetworkAddressFromAddressAndPort
shared/util: add HTTPDefaultPort
lxd/endpoints/pprof: use HTTP port instead of HTTPS for debug address
lxd/node/config: Canonicalize core.debug_address
lxc: Fix aliases containing @ARGS@
doc/rest-api: Refresh swagger YAML
lxd/storage/driver/zfs: Fix ListVolumes with custom zpool
lxd/device/nic_bridged: Load network during validation
lxd/network/network/utils: Adds nicUsesNetwork function
lxd/network/driver/common: Moves externalSubnetUsage to common
lxd/network/network/utils: Adds BridgeNetfilterEnabled function
lxd/device/proxy: network.BridgeNetfilterEnabled usage
lxd/device/nic/bridged: network.BridgeNetfilterEnabled usage
lxd/network/network/utils: Exports NICUsesNetwork
lxd/device/nic/bridged: network.NICUsesNetwork usage in validate
lxd/db/raft: rename RemoteRaftNode to RemoveRaftNode
lxd/db/node/update: Add updateFromV41
lxd/db/node/schema: update schema
lxd/db/raft: add Name field to RaftNode
lxd/node/raft: use empty Name if not yet clustered
lxd/cluster: handle Name field for RaftNode
lxd/cluster/gateway: populate RaftNode Name from global database
lxd/api/cluster: add Name field to internalRaftNode struct
lxd/main/cluster: add name to 'lxd cluster show/edit'
lxd/test: add Name field to RaftNode tests
lxd/cluster/recover: append to patch.global.sql if exists
lxd/main/cluster: make segmentID a comment instead of struct field
doc/clustering: update 'lxd cluster edit' docs
lxd: Fix swagger definitions to avoid conflicts
doc/rest-api: Refresh swagger YAML
doc/instances: Clarify default CPU/RAM for VMs
lxd/network: Remove unused struct
lxd/networks: Handle stateful DHCPv6 leases
lxd/networks: Add EUI64 records to leases
lxd/device/nic: ensure instance device IP is different from parent network
lxd/daemon/storage: unmount all storage pools on shutdown
lxd/cluster/heartbeat: Adds Name field to APIHeartbeatMember
lxd/cluster/heartbeat: Preallocate raftNodeMap in Update
lxd/cluster/heartbeat: Populate Name in Update
lxd/cluster/gateway: Update currentRaftNodes to use a single query to get cluster member info
lxd/cluster/gateway: Preallocate raftNodes slice for efficiency
lxd/cluster/gateway: Do not query leader cluster DB to enrich raft member name in HandlerFuncs
lxd/cluster/recover: Preallocate nodes in Reconfigure
lxd/util: Respect modprobe configuration
shared/instance: don't allow 'limits.memory' to be 0
lxd/cgroup: Add GetMemoryStats
lxd/cgroup: Add GetIOStats
lxd/cgroup: Add GetCPUAcctUsageAll
lxd/cgroup: Add GetTotalProcesses
lxd/response: Add SyncResponsePlain
lxd/storage/filesystem: Add FSTypeToName
test: Remove restart tests that don't use --force
lxd/daemon/storage: Skip unmounting LVM pools in daemonStorageUnmount
lxc/config_trust: Support stdin and allow name override
i18n: Update translation templates
lxc: Cleanup LXD client imports
lxd: Cleanup LXD client imports
lxc-to-lxd: Cleanup LXD client imports
doc: update link to rest-api.yaml
Typo
lxd/instance: Fix response for patch
swagger: Fix return code for operations
doc/rest-api: Refresh swagger YAML
lxd/endpoints/network: Specify protocol version for 0.0.0.0 address
doc: Document recently added architectures
seccomp: Add riscv64 syscall mappings
shared/api: Add CertificateTypeMetrics
lxd/daemon/storage: Renames daemonStorageUnmount to daemonStorageVolumesUnmount
lxd/daemon: Rename numRunningContainers numRunningInstances
Fix documented HTTP return code in console POST
doc/rest-api: Refresh swagger YAML
lxd/main/daemon: Rework cmdDaemon shutdown process
lxd/storage/drivers/driver/lvm: Fix Unmount to be more reliable
lxd/storage/drivers/driver/lvm: Fix Mount to be more reliable
lxd/main/daemon: Removes LVM shutdown unmount workaround
doc/rest-api: Add missing entry for 112 (error)
lxd/instance/drivers: Move raw.lxc config load to separate function
lxd/instance/drivers: Fix raw.lxc handling for shutdown/stop
lxd/storage/filesystem: Removes duplicated constants from unix package
lxd/storage/filesystem/fs: Removes duplicated constants from unix package
lxd/storage/filesystem/fs: Update FSTypeToName to work on 32bit platforms
lxd/storage/drivers/driver/lvm: Skip unmount
lxd/cgroup: Implement CPU usage for cgroup v2
shared/json: Removes DebugJson from shared
lxd/cgroup: Fix logging in cgroup init
lxd/util/http: Adds DebugJSON function
lxd/util/http: Adds debugLogger arg to WriteJSON
lxd/main: Set response debug mode based on --debug flag
lxd/response/response: Reworks syncResponse to use util.WriteJSON
lxd/response/response: Adds util.DebugJSON support to errorResponse
lxd/operations/response: Adds util.WriteJSON support to operationResponse
lxd/operations/response: Adds util.WriteJSON support to forwardedOperationResponse
lxd/endpoints/endpoints/test: util.WriteJSON usage
lxd/cluster/notify/test: util.WriteJSON usage
lxd/devlxd: Adds util.WriteJSON support to hoistReq
lxd-agent/devlxd: Add util.WriteJSON support to hoistReq
lxd-agent/server: util.DebugJSON usage
lxd/daemon: Clearer logging of API requests in createCmd
lxd/daemon: util.DebugJSON usage in createCmd
lxd/cluster/gateway: util.WriteJSON usage
lxd/response/response: Use api.ResponseRaw in error response
client/lxd/network/forward: Adds network forwards functions
client/interfaces: Corrects typo in GetNetworkForward
lxd/instances: containerStopList -> instanceStopList
lxd/instances: Handle VMs in instancesOnDisk
lxd/instances: s/containers/instances/
lxd/instances: Rename old container variables
lxd/instances: Check DB before calling VolatileSet
lxd/util: Handle ':8443' syntax in ListenAddresses
lxd/util/http: Improve comment on ListenAddresses
lxd/util/http: Improve argument name in configListenAddress
lxd/util/http: Use net.JoinHostPort in ListenAddresses rather than wrapping IPv6 addresses in []
lxd/util/http: Improve ListenAddresses by breaking the parsing into phases
lxd/util/http/test: Adds ExampleListenAddresses function
shared/api/url: Adds URL builder type and functions
lxd/network/network/utils: Updates UsedBy to use api.URLBuild
lxc/file: use flagMkdir to create dirs on lxc pull
lxc/file: add DirMode constant for 'lxc file'
lxd/api/cluster: only change member role from leader
test/suites/clustering: wait for node shutdown to propagate to members
lxd/storage/drivers: Support generic custom block volume backup/restore
lxd/storage/drivers/zfs: Drop restriction on custom block volume backup/restore
lxd/storage/drivers/btrfs: Drop restriction on custom block volume backup/restore
lxd/main/shutdown: Updates cmdShutdown to handle /internal/shutdown being synchronous
lxd/api/internal: Updates shutdown request to wait for d.shutdownDoneCtx
lxd/main/daemon: Call d.shutdownDoneCancel when daemon function ends
lxd/daemon: Adds shutdownDoneCtx context to indicate shutdown has finished
lxd: d.shutdownCtx usage
lxd/main/daemon: d.shutdownCancel usage in daemon function
lxc/config_trust: Delete only works on fingerprints
i18n: Update translation templates
test: Log PID of process being killed
test: Require node removal to succeed in test_clustering_remove_leader
lxd/storage/drivers: Checks that mount refCount is zero in all drivers
lxd/storage/drivers/driver/cephfs/volumes: Adds mount ref counting
lxd/device/disk: Use errors.Is() when checking for storageDrivers.ErrInUse in Update
lxd/device/disk: Ignore storageDrivers.ErrInUse error from pool.UnmountCustomVolume in postStop
lxd/storage/drivers: Log volName in UnmountVolume
lxd: add core scheduling support
lxd/response/response: Adds manualResponse type
lxd/api/cluster: Removes arbitrary 3s wait in clusterPutDisable which was causing test issues
test: Wait for daemons to exit in test_clustering_remove_leader
lxd/api/cluster: Add logging to clusterPutDisable
test: Detect if clustering network needs removing
lxd/qemu: Disable large decrementor on ppc64le
lxd/daemon: Reworks shutdown sequence
lxd/daemon: Reworks Stop
lxd/api/cluster: d.shutdownCtx.Err usage
lxd/api/internal: d.shutdownCtx.Err usage
lxd: daemon.Stop usage
lxd/operations: Updates waitForOperations to accept context
lxd/main/shutdown: Require valid response from /internal/shutdown in cmdShutdown
lxd: db.OpenCluster usage
lxd/cluster/membership: Update notifyNodesUpdate to wait until all heartbeats have been sent
lxd/db/db: Replace clusterMu and closing with closingCtx in OpenCluster
lxd/api/cluster: Improves logging
lxd/api/internal: Rework internalShutdown to return valid response as LXD is shutdown
lxd/daemon: db.OpenCluster usage in init
lxd/daemon: Improved logging and error handling in init
lxd/main/daemon: Reworks cmdDaemon to use d.shutdownDoneCh and call d.Stop()
test: Increase timeouts on ping tests
lxd/daemon: Adds daemon started log
lxd/daemon: Whitespace in NodeRefreshTask
lxd/api/cluster: Improve logging in handoverMemberRole
lxd/api/cluster: Adds cluster logging
test: Addition test logging
lxd/cluster/membership: Improve logging in Rebalance
lxd/daemon: Stop clustering tasks during Stop
lxd/api/cluster: Improve logging in clusterNodeDelete
test: Try and kill LXD daemon that fails to start
lxd/dameon: Removes unnecessary go routines in NodeRefreshTask
lxd/db/db: Use db.PingContext in OpenCluster
lxd/db/db: Rework logging and error handling in OpenCluster
lxc/file: Fix file push help message
lxd/storage/drivers: Handle symlinks when walking file tree
i18n: Update translation templates
lxd/cgroup: Fix GetIOStats on cgroup2
lxd/endpoints/network/test: Test tcp4 interface and request via IPv6
lxd/endpoints/network/test: Test tcp4 connection with configured 0.0.0.0 network address
gomod: Update dependencies
lxd/checkfeature: check whether the kernel supports core scheduling
lxd/daemon: Fix crash on lxd start when another lxd already running
lxd/daemon: Don't fail shutdown if fail to close cluster DB
lxd/daemon: Don't use Infof and Errorf
lxd/instance/operationalock: Change lock from using instance ID to use project and instace name
lxd/instance/operationalock: Use %q for error quoting
lxd/instance/operationlock: Get lock after checking for non-nil operation
lxd/instance/drivers/driver/common: operationlock usage
lxd/instance/drivers/driver/lxc: operationlock usage
lxd/instance/drivers/driver/qemu: operationlock usage
lxd/instance/instance/utils: operationlock usage
test: Kill LXD process if doesn't start in time
lxd/main/shutdown: Fix shutdown regression when running in snap
lxc: suggest 20.04 as the first container to launch instead of 18.04
lxc: switch from 18.04 to 20.04 for examples of Ubuntu instances
i18n: Update translation templates
lxc: update wording when a cert is successfully trusted by a remote
i18n: Update translation templates
shared/api/network/forward: Fix api extension references
lxd/cluster: Drop unused import
lxd/certificates: remove explicit calls to UpdateCertificateProjects
lxd/db/generate/db/method: fill entity id association tables on create/update
lxd/db/certificates.mapper: update generated code
lxd/backup/backup/config: Adds ToInstanceDBArgs function
lxd/instance/instance/utils: Adds LoadFromBackup function
lxd/project/project: Update comment of InstanceParts
lxd/instances: Reworks instancesOnDisk to return slice of instance.Instance
lxd/instances: Updates instancesShutdown to use instancesOnDisk
lxd/patches: Updates patchUpdateFromV11 and patchUpdateFromV15 to use instancesOnDisk
lxd/api/internal: Use backupConf.ToInstanceDBArgs in internalImportFromBackup
lxd/api/internal/recover: Updates internalRecoverImportInstance to use backupConf.ToInstanceDBArgs
lxd/instances: Don't clear last power state of all instances in a cluster in instancesShutdown
lxd/db/instances: Removes ResetInstancesPowerState function
lxd/instances: Move shutdown timeout logic into per-instance go routine in instancesShutdown
lxd/instances: Reworks instancesShutdown to handle and log shutdown failures by forcefully stopping
lxd/instances: Updates instancesShutdown to accept a slice of instances
lxd/instances: Renames containerAutostartList to instanceAutostartList
lxd/instances: Renames instancesRestart to instancesStart
lxd/daemon: Updates init to use instancesStop and instancesStart with preloaded container list
lxd/daemon: Updates Ready to use updated instancesStart
lxd/certificates: Update for stable-4.0
lxd/daemon: Updates Stop to load instances once
lxd/daemon: Updates numRunningInstances to accept a list of instances to check
shared/osarch/architectures: Use ARCH_UNKNOWN rather than 0 in ArchitectureId
lxd/db/instances: Removes UpdateInstancePowerState function
lxd/instance/drivers/driver/common: Adds recordLastState function
lxd/instance/drivers: Use d.VolatileSet in onStop hook to record last power state
lxd/instance/drivers: d.recordLastState usage
lxd/instances/drivers: Call d.UpdateBackupFile just before starting instance process
lxd/daemon: Close global database after query failure in Stop
lxd/daemon: Use consistent terminology of global rather than remote database in Stop
lxd/api/internal: Update internalContainerHookLoadFromReference to try and load instance from backup if DB not available
lxd/instance/drivers/driver/qemu: Update getMonitorEventHandler to try and load instance from backup if DB not available
lxd/storage/drivers/driver/zfs/volumes: Log dev path in UnmountVolume
lxd/migration: Update protobuf config
lxd/migration: Update generated protobuf
lxd/apparmor: Allow remount using noatime
lxd/apparmor: remove mount options alternations
lxd/apparmor: remove another mount options alternations
lxd/apparmor: remove spaces between mount options for consistency
lxd/apparmor: remove duplicated mount rules (ro,remount,bind)
lxd/api/cluster: Fail on no leader in internalClusterPostHandover
lxd/instance: Fix image download race condition in instanceCreateFromImage
lxd/api/cluster: Fail on no leader in handoverMemberRole
lxd/cluster/gateway: Log partial and initial heartbeat as info
test: Adds better logging and removes handover sleeps in test_clustering_handover
lxd/cluster/heartbeat: No need to log heartbeat restart
test: Actually ensure cluster DB isn't reachable after its lost quorum in test_clustering_shutdown_nodes
test: Use timeouts in kill_lxd
lxd/storage/drivers/driver/zfs/volumes: Use normal mount rather than zfs mount
tests: add missing --force-local to lxc stop
tests: use CSV format and column filtering where applicable
tests: use CSV format and column filtering to find the name of the newly created instance
tests: use grep -F when the match pattern contains regex/wildcard
lxd/instance/operationlock: Adds TimeoutSeconds constant
lxd/instance/drivers/driver/common: Error quoting in onStopOperationSetup
lxd/instance/drivers/driver/qemu: Updates onStop to be more like lxc driver
test: Don't use pid files in test_clustering_shutdown_nodes
tests: Unify how the instance's PID is looked up
tests: replace grep | cut by awk
lxd/sys/os: reorder kernel features
os: add separate entries for pure core scheduling kernel feature and container support
lxd: support core scheduling for virtual machines
lxd/instance/drivers/driver/qemu: Improve comments in Shutdown
lxd/instance/operationlock: Add ErrNonReusuableSucceeded error and Action type and action constants
lxd/instance/operationlock: Reworks Create to use Action type
lxd/instance/operationlock: Reworks CreateWaitGet
lxd/instance/drivers/driver/common: operationlock.Action usage
lxd/instance/drivers/driver/lxc: operationlock.CreateWaitGet and operationlock.Create usage
lxd/instance/drivers/driver/qemu: operationlock.CreateWaitGet and operationlock.Create usage
lxd/instance/drivers/driver/qemu: Add comment in Stop about operation lock
lxd/instance/drivers/driver/qemu: Keep operation alive in Shutdown
lxd/instance/drivers/driver/lxc: Keep operation alive in Shutdown
lxd/network: Move Leases to network package
lxd: support core scheduling for container even without LXC library support
lxd/daemon: Updates NodeRefreshTask to accept an isLeader and unavailableMembers argument
lxd/api/cluster: Improves logging in internalClusterPostHandover
lxd/cluster/gateway: Adds shutdownCtx to NewGateway and return 503 in heartbeat if shutting down
lxd/storage/drivers/driver/zfs/volumes: Set mountpoint=none for filesystem volumes
lxd/storage/drivers/driver/zfs/patches: Update patches to set mountpoint=none
lxd/cluster/gateway: Adds HeartbeatHook type
lxd/cluster/gateway: Reject heartbeat if shutting down
lxd/cluster/gateway: Rework HandlerFuncs heartbeat handling
lxd/cluster/heartbeat: Update heartbeatRestart to return bool if heartbeat restarted
lxd/cluster/heartbeat: Pass non-updated heartbeat members as unavailable to heartbeat refresh task in heartbeat
lxd/cluster/membership: Add logging to notifyNodesUpdate
lxd/cluster/membership: Improve logging in Assign
lxd/cluster/membership: Adds unavailableMembers support to Rebalance and newRolesChanges
lxd/api/cluster: Adds unavailableMembers support to rebalanceMemberRoles
lxd/api/cluster: Improve logging in rebalanceMemberRoles
lxd/cluster/gateway/test: cluster.NewGateway usage
lxd/cluster/gateway: Remove unnecessary logging
lxd/cluster/gateway: Don't stop enrichhing raft nodes if one member name not found in currentRaftNodes
test: Reduce sleeps and offline threshold in clustering tests to speed them up
shared/api/error: Improve argument name in StatusErrorMatch
shared/api/error: Adds StatusErrorCheck helper function
lxd/instance/drivers/driver/lxc: Fix restart locking
lxd/cluster/heartbeat: Use api.StatusErrorf in error returned from HeartbeatNode
test: Improve test_clustering_remove_raft_node reliability
lxd/storage/drivers/volume: Adds IsCustomBlock function
lxd/storage/drivers/generic/vfs: Fixes regression in genericVFSBackupUnpack for VM config volume import
lxd/db/networks: Reworks GetNetworkInAnyState and its ilk to split the functionality out into separate functions
lxd/networks: Use api.StatusErrorCheck to check for not found error from d.cluster.GetNetworkInAnyState
lxd/network/network/utils: Removes unnecessary DB lookup via NICType function in isInUseByDevice
lxd/network/network/utils: Updates UsedBy to use usedByInstanceDevices
lxd/network/network/utils: Updates usedByInstanceDevices to use updated isInUseByDevice
lxd/network/network/utils: Updates isInUseByProfile to use updated isInUseByDevice
lxd/network/network/utils: Renames isInUseByProfile to usedByProfileDevices
test: Fix test_clustering_shutdown_nodes tests to check for case insensitive PID info field
lxd/db/networks: Fixes getStoragePool to support NULL description fields
api: Add image_source_project extension
shared/api: Add Project to ImagesPostSource
client: Support source project in image copies
lxd: Support source project in image copies
lxc/image: Support source project in image copies
doc/rest-api: Refresh swagger YAML
lxd/db/config: rename UpdateConfig to UpdateClusterConfig
lxd/db/generate/lex/form: smarter pluralize function
lxd/db/generate/db/method: fix stmt type for generating URIs
lxd/db/generate/db/parse: check stmt and method for omitting fields
lxd/db/generate/db/mapping: pass table name to FieldColumnName
lxd/db/generate/db/stmt: pass variable name to register function
lxd/db/operations.mapper: remove ProjectID omission from operations
lxd/instance/drivers/qmp/monitor: Update run to accept an interace{} for args and JSON encode internally
lxd/instance/drivers/qmp/monitor: m.run usage
lxd/instance/drivers/qmp/commands: m.run usage
lxd/instance/drivers/qemu: Adds workaround for QEMU 6.x regression in handling memory object host-nodes setting
lxd/device: Make sure vfio-pci is loaded
lxc/cluster: Add --yes to remove
tests: Update for change to cluster remove
shared/api/cluster: add Config to ClusterMemberPut
doc/rest-api: Refresh swagger YAML
lxd/db/config.mapper: placeholder config methods
lxd: Add fsmonitor package
lxd/state: Add DevMonitor to state
lxd: Initialize DevMonitor in daemon
lxd/device: Switch to DevMonitor
lxd/device: Check prefix path in source
lxd/device: Remove old inotify code
test/suites: Add fsmonitor to static analysis
lxd/api/cluster: fix comment on clusterGet clusterPut
test: Set LXD_DEVMONITOR_DIR
doc/environment: Add LXD_DEVMONITOR_DIR
shared/api/network/peer: Adds network peering API types
client/interfaces: Adds network peer management function definitions
client/lxd/network/peer: Adds network peer management client functions
lxd/network/driver/bridge: Fix leases
lxd-p2c: Allow passing existing certificate
client/connection: Typo in ConnectLXD
lxd/instance/post: Improve error in instancePostClusteringMigrate
doc/rest-api: Refresh swagger YAML
lxd/instance/post: Refactor how backward compat handling of Live field in instancePost
lxd/instance/post: Error quoting
process_utils: move wait_for_pid_status_nointr() to common code
lxd: consolidate functions into common header
lxd: make C functions static
lxd: add config.h for common options
doc: Drop part about building LXC
doc: Add bind9-dnsutils to testsuite requirements
lxd: use argument struct for manip_file_in_ns()
forkfile: small coding style fixes
forkfile: decrease indendation level
lxd/fsmonitor/drivers: Add missing FAN_MARK_FILESYSTEM
doc/enviroment: Clarify that LXD_DEVMONITOR_DIR is for testing
lxd/fsmonitor: Ensure path is a mountpoint
test: Use mountpoint for test devices

試用環境 ¶

最新の LXD リリースをデモサービスで試せます。

ダウンロード ¶

このリリースの tarball はダウンロードページから取得できます。

ビルド済みバイナリーは次のように使えます:

Linux: snap install lxd
MacOS: brew install lxc
Windows: choco install lxc

LXD 4.19 リリースのお知らせ ¶

1st of October 2021

はじめに ¶

LXD チームは LXD 4.19 のリリースをお知らせできることにとてもワクワクしています!

このリリースはバグ修正で非常に忙しいリリースで、それとともにシャットダウンロジックの改良、ディザスターリカバリーの容易化、改良されたロギング、さまざまなネットワーク設定処理の改善など、クラスタリングに関するたくさんの改良が行われています。

最近追加したネットワーク転送機能でもいくつかの修正と細かい改善を行い、BGP と新たな lxc network forward get コマンドと適切に統合されています。

このリリースの目玉機能は、インスタンスメトリクスの追加です。新しいエンドポイント（/1.0/metrics）が追加され、Prometheus のようなツールでスクレイプするのに適した、テキストの OpenMetrics エンドポイントが公開されるようになりました。

Enjoy!

新機能とハイライト ¶

インスタンスメトリクス ¶

インスタンスのリソース消費状況をトラッキングするための良い方法が、何年にもわたって頻繁にリクエストされてきました。これは、多数のプロジェクトや複数のクラスター化されたサーバーがある負荷の高いシステムで特に重要になります。

これを扱うために、LXD 4.19 では新たに /1.0/metrics API エンドポイントを導入しました。これは Prometheus や同様のツールで使うのに適した、テキストの OpenMetric エンドポイントを提供します。

現状、次のようなものに関連するさまざまなメトリクスを提供します:

CPU
メモリー
ディスク
ネットワーク
プロセス

全体的に、メトリクス名は node-exporter のものと合わせるようにしています。これにより、既存のダッシュボードやツールの導入がとてもに簡単になります。

このエンドポイントは認証済みユーザーが常に利用できるようになっています。一方で、core.metrics_address でリッスンする追加のアドレスを設定したり、メトリクスインターフェースのみに制限される追加の信頼済み証明書を追加したりすることもできます（lxc config trust add --type metrics）。

出力例 : https://gist.github.com/stgraber/ab7f204fb4bf53dbe134f6460bf41470

仕様 : https://discuss.linuxcontainers.org/t/lxd-metric-exporter-for-instances/11735
ドキュメント : https://linuxcontainers.org/lxd/docs/master/metrics

`lxc cluster list` の再実装 ¶

lxc cluster list の出力で、データベースのカラムに真偽値の YES/NO だけの表示から、ロールのテキストリストを表示するように変更されました。

現時点では、ロールは database か database-standby のどちらかですが、将来的にはさらに追加される予定です。これにより、クラスター化されたサーバーが何をしているのかが正確に理解しやすくなります。

stgraber@dakara:~$ lxc cluster list s-dcmtl-cluster:
+---------+-------------------------------------+----------+--------------+----------------+----------------------+--------+-------------------+
|  NAME   |                 URL                 |  ROLES   | ARCHITECTURE | FAILURE DOMAIN |     DESCRIPTION      | STATE  |      MESSAGE      |
+---------+-------------------------------------+----------+--------------+----------------+----------------------+--------+-------------------+
| abydos  | https://[2602:fd23:8:200::100]:8443 | database | x86_64       | default        | HIVE - top server    | ONLINE | Fully operational |
+---------+-------------------------------------+----------+--------------+----------------+----------------------+--------+-------------------+
| langara | https://[2602:fd23:8:200::101]:8443 | database | x86_64       | default        | HIVE - middle server | ONLINE | Fully operational |
+---------+-------------------------------------+----------+--------------+----------------+----------------------+--------+-------------------+
| orilla  | https://[2602:fd23:8:200::102]:8443 | database | x86_64       | default        | HIVE - bottom server | ONLINE | Fully operational |
+---------+-------------------------------------+----------+--------------+----------------+----------------------+--------+-------------------+

ブロックカスタムストレージボリュームのエクスポート ¶

ファイルシステムの場合と同様に、lxc storage volume export を使って、ブロックカスタムストレージボリュームをエクスポートできるようになりました。

しかし、ブロックカスタムストレージボリュームはファイルシステムのボリュームよりもかなり大きくなる傾向があります。ですので、エクスポートとインポートにはかなりのリソースが必要になることに注意してください。

すべての変更点（翻訳なし） ¶

Here is a complete list of all changes in this release:

すべてのChangeLog を見る

lxd/util/net: Update CanonicalNetworkAddress to return canconical IP
lxd/util/net: Update IsAddressCovered to use net.IP when comparing IP equality
lxd/endpoints/cluster: Improve error message in ClusterUpdateAddress
lxd/endpoints/network: Improve error message in NetworkUpdateAddress
lxd/util/net: Improve comment in CanonicalNetworkAddress
lxd/main/init/interactive: Use util.CanonicalNetworkAddress in askClustering
lxd/main/init: Use util.CanonicalNetworkAddress when constructing address from join token
lxd/main/init: Ensure config.Cluster.ServerAddress and config.Cluster.ClusterAddress are in canonical form
doc: Adds network forwards to left hand nav
doc/server: Fix incorrect default for routerid
lxd/endpoints/endpoints: require set network listener before checking coverage
test/suites/clustering: add enable clustering test on lxd reload
lxd/resources/network: send not-found error instead of internal error
shared/util: rename DefaultPort to HTTPSDefaultPort
lxd/util/net: specify default port to CanonicalNetworkAddress
lxd/util/net: specify default port to CanonicalNetworkAddressFromAddressAndPort
shared/util: add HTTPDefaultPort
lxd/endpoints/pprof: use HTTP port instead of HTTPS for debug address
lxd/node/config: Canonicalize core.debug_address
lxd/daemon: Move ahead startTime
lxd/warnings: Add ResolveWarningsOlderThan
lxd/daemon: Resolve warnings earlier than startTime
lxc: Fix aliases containing @ARGS@
lxd/db/raft: rename RemoteRaftNode to RemoveRaftNode
lxd/db/node/update: Add updateFromV41
lxd/db/node/schema: update schema
lxd/db/raft: add Name field to RaftNode
lxd/storage/driver/zfs: Fix ListVolumes with custom zpool
lxd/node/raft: use empty Name if not yet clustered
lxd/cluster: handle Name field for RaftNode
lxd/cluster/gateway: populate RaftNode Name from global database
lxd/api/cluster: add Name field to internalRaftNode struct
lxd/main/cluster: add name to 'lxd cluster show/edit'
lxd/test: add Name field to RaftNode tests
lxd/cluster/recover: append to patch.global.sql if exists
lxd/main/cluster: make segmentID a comment instead of struct field
doc/clustering: update 'lxd cluster edit' docs
lxd: Fix swagger definitions to avoid conflicts
doc/rest-api: Refresh swagger YAML
doc/instances: Clarify default CPU/RAM for VMs
lxd/networks: Handle stateful DHCPv6 leases
lxd/networks: Add EUI64 records to leases
lxd/device/nic: ensure instance device IP is different from parent network
lxd/network/driver/common: Adds bgpNextHopAddress function
lxd/network/driver/common: Reduce duplication of logic in bgpSetupPrefixes and uses bgpNextHopAddress
lxd/network/driver/common: Removes unnecessary function n.bgpClearPrefixes
lxd/network/driver/common: Improve errors in bgpSetup
lxd/network/driver/common: Clear address forward BGP prefixes in bgpClear
lxd/network/driver/bridge: Setup BGP prefix export in forwardsSetup
lxd/daemon/storage: unmount all storage pools on shutdown
lxd/project: Change restrictions check function in CheckClusterTargetRestriction
lxd/network/network/interface: Adds clientType arg to Forward management functions
lxd/network/driver: Add clientType to Forward management functions
lxd/network/driver/common: Remove empty newline
lxd/network/forwards: Pass clientType into Forward management functions
lxd/network/driver/ovn: Update Forward management functions to only apply changes for ClientTypeNormal requests
lxd/network/forwards: Removes duplicate record check from networkForwardsPost
lxd/network/driver: Moves duplicate forward record check into drivers
lxd/network/driver/ovn: Adds cluster member notification to Forward management functions
lxd/network/driver/ovn: Refresh BGP prefixes on Forward management
lxd/network/driver/common: Include exporting forward addresses in bgpSetup
lxd/network/driver/bridge: Remove BGP forward address refresh from forwardSetup
lxd/network/driver/bridge: Rename forwardsSetup to forwardSetupFirewall
test: Adds BGP prefix export checks to forward tests
lxd/cluster/heartbeat: Adds Name field to APIHeartbeatMember
lxd/cluster/heartbeat: Preallocate raftNodeMap in Update
lxd/cluster/heartbeat: Populate Name in Update
lxd/cluster/gateway: Update currentRaftNodes to use a single query to get cluster member info
lxd/cluster/gateway: Preallocate raftNodes slice for efficiency
lxd/cluster/gateway: Do not query leader cluster DB to enrich raft member name in HandlerFuncs
lxd/cluster/recover: Preallocate nodes in Reconfigure
lxd/util: Respect modprobe configuration
shared/instance: don't allow 'limits.memory' to be 0
lxd/cgroup: Add GetMemoryStats
lxd/cgroup: Add GetIOStats
lxd/cgroup: Add GetCPUAcctUsageAll
lxd/cgroup: Add GetTotalProcesses
lxd/response: Add SyncResponsePlain
lxd/storage/filesystem: Add FSTypeToName
lxd/network/openvswitch/ovn: Work around a bug in lr-nat-del in ovn-nbctl in LogicalRouterDNATSNATAdd
shared/api/network/forward: Fix api extension references
lxd/network/forwards: Use consistent terminology in network address forward swagger comments
doc/rest-api: Refresh swagger YAML
test: Remove restart tests that don't use --force
lxd/daemon/storage: Skip unmounting LVM pools in daemonStorageUnmount
lxc: Cleanup LXD client imports
lxd: Cleanup LXD client imports
lxc-to-lxd: Cleanup LXD client imports
lxc/cluster: Show roles instead of database column
tests: Support for showing roles by
i18n: Update translation templates
doc: update link to rest-api.yaml
Typo
lxd/device/tpm: Require path only for containers
lxd/instance: Fix response for patch
swagger: Fix return code for operations
doc/rest-api: Refresh swagger YAML
lxd/endpoints/network: Specify protocol version for 0.0.0.0 address
doc: Document recently added architectures
seccomp: Add riscv64 syscall mappings
shared/api: Add CertificateTypeMetrics
lxd/db: Add CertificateTypeMetrics
lxd: Check metrics certificates
lxc/config_trust: Allow adding metrics certificates
lxd/metrics: Add API types
lxd/metrics: Add types
lxd/metrics: Add helper functions
lxd: Add metrics related fields to daemon
lxd: Add /1.0/metrics endpoint
lxd/instance/drivers: Add Metrics function
lxd-agent: Add metrics endpoint
api: Add metrics API extension
i18n: Update translation templates
doc/rest-api: Refresh swagger YAML
doc: Add metrics.md
doc: Mention core.metrics_address
test/suites: Add lxd/metrics to static analysis
shared/util: Add HTTPSMetricsDefaultPort
lxd/node: Add core.metrics_address config key
lxd/endpoints: Add metrics endpoint
lxd: Handle metrics server
test: Add metrics test
lxd/daemon/storage: Renames daemonStorageUnmount to daemonStorageVolumesUnmount
lxd/daemon: Rename numRunningContainers numRunningInstances
Fix documented HTTP return code in console POST
doc/rest-api: Refresh swagger YAML
lxd/main/daemon: Rework cmdDaemon shutdown process
lxd/storage/drivers/driver/lvm: Fix Unmount to be more reliable
lxd/storage/drivers/driver/lvm: Fix Mount to be more reliable
lxd/main/daemon: Removes LVM shutdown unmount workaround
doc/rest-api: Add missing entry for 112 (error)
lxd/instance/drivers: Move raw.lxc config load to separate function
lxd/instance/drivers: Fix raw.lxc handling for shutdown/stop
lxd/storage/filesystem: Removes duplicated constants from unix package
lxd/storage/filesystem/fs: Removes duplicated constants from unix package
lxd/storage/filesystem/fs: Update FSTypeToName to work on 32bit platforms
lxd/instance/drivers/driver/lxc: filesystem.FSTypeToName usage
lxd-agent/metrics: filesystem.FSTypeToName usage
lxd/storage/drivers/driver/lvm: Skip unmount
lxd/cgroup: Implement CPU usage for cgroup v2
shared/json: Removes DebugJson from shared
lxd/cgroup: Fix logging in cgroup init
lxd/util/http: Adds DebugJSON function
lxd/util/http: Adds debugLogger arg to WriteJSON
lxd/main: Set response debug mode based on --debug flag
lxd/response/response: Reworks syncResponse to use util.WriteJSON
lxd/response/response: Adds util.DebugJSON support to errorResponse
lxd/operations/response: Adds util.WriteJSON support to operationResponse
lxd/operations/response: Adds util.WriteJSON support to forwardedOperationResponse
lxd/endpoints/endpoints/test: util.WriteJSON usage
lxd/cluster/notify/test: util.WriteJSON usage
lxd/devlxd: Adds util.WriteJSON support to hoistReq
lxd-agent/devlxd: Add util.WriteJSON support to hoistReq
lxd-agent/server: util.DebugJSON usage
lxd/daemon: Clearer logging of API requests in createCmd
lxd/daemon: util.DebugJSON usage in createCmd
lxd/cluster/gateway: util.WriteJSON usage
lxd/response/response: Use api.ResponseRaw in error response
client/interfaces: Corrects typo in GetNetworkForward
lxd/db/network/forwards: Fix error handling in GetNetworkForward
lxd/instances: containerStopList -> instanceStopList
lxd/instances: Handle VMs in instancesOnDisk
lxd/instances: s/containers/instances/
lxd/instances: Rename old container variables
lxd/instances: Check DB before calling VolatileSet
lxc/network/forward: Add lxc network forward get command
i18n: Update translation templates
lxd/util: Handle ':8443' syntax in ListenAddresses
lxd/util/http: Improve comment on ListenAddresses
lxd/util/http: Improve argument name in configListenAddress
lxd/util/http: Use net.JoinHostPort in ListenAddresses rather than wrapping IPv6 addresses in []
lxd/util/http: Improve ListenAddresses by breaking the parsing into phases
lxd/util/http/test: Adds ExampleListenAddresses function
lxd: Remove public facing errors that mention cluster "node"
shared/api/url: Adds URL builder type and functions
lxd/network/network/utils: Updates UsedBy to use api.URLBuild
doc/metrics: typo fix
lxc/file: use flagMkdir to create dirs on lxc pull
lxc/file: add DirMode constant for 'lxc file'
lxd/api/cluster: only change member role from leader
test/suites/clustering: wait for node shutdown to propagate to members
lxd/storage/drivers: Support generic custom block volume backup/restore
lxd/storage/drivers/zfs: Drop restriction on custom block volume backup/restore
lxd/storage/drivers/btrfs: Drop restriction on custom block volume backup/restore
lxd/main/shutdown: Updates cmdShutdown to handle /internal/shutdown being synchronous
lxd/api/internal: Updates shutdown request to wait for d.shutdownDoneCtx
lxd/main/daemon: Call d.shutdownDoneCancel when daemon function ends
lxd/daemon: Adds shutdownDoneCtx context to indicate shutdown has finished
lxd: d.shutdownCtx usage
lxd/main/daemon: d.shutdownCancel usage in daemon function
lxc/config_trust: Delete only works on fingerprints
i18n: Update translation templates
test: Log PID of process being killed
test: Require node removal to succeed in test_clustering_remove_leader
lxd/storage/drivers: Checks that mount refCount is zero in all drivers
lxd/storage/drivers/driver/cephfs/volumes: Adds mount ref counting
lxd/device/disk: Use errors.Is() when checking for storageDrivers.ErrInUse in Update
lxd/device/disk: Ignore storageDrivers.ErrInUse error from pool.UnmountCustomVolume in postStop
lxd/storage/drivers: Log volName in UnmountVolume
lxd/instance/drivers: Add instance type to metrics
lxd: add core scheduling support
lxd/response/response: Adds manualResponse type
lxd/api/cluster: Removes arbitrary 3s wait in clusterPutDisable which was causing test issues
test: Wait for daemons to exit in test_clustering_remove_leader
lxd/api/cluster: Add logging to clusterPutDisable
test: Detect if clustering network needs removing
lxd/qemu: Disable large decrementor on ppc64le
lxd/daemon: Reworks shutdown sequence
lxd/daemon: Reworks Stop
lxd/api/cluster: d.shutdownCtx.Err usage
lxd/api/internal: d.shutdownCtx.Err usage
lxd: daemon.Stop usage
lxd/operations: Updates waitForOperations to accept context
lxd/main/shutdown: Require valid response from /internal/shutdown in cmdShutdown
lxd: db.OpenCluster usage
lxd/cluster/membership: Update notifyNodesUpdate to wait until all heartbeats have been sent
lxd/db/db: Replace clusterMu and closing with closingCtx in OpenCluster
lxd/api/cluster: Improves logging
lxd/api/internal: Rework internalShutdown to return valid response as LXD is shutdown
lxd/daemon: db.OpenCluster usage in init
lxd/daemon: Improved logging and error handling in init
lxd/main/daemon: Reworks cmdDaemon to use d.shutdownDoneCh and call d.Stop()
test: Increase timeouts on ping tests
lxd/daemon: Adds daemon started log
lxd/daemon: Whitespace in NodeRefreshTask
lxd/api/cluster: Improve logging in handoverMemberRole
lxd/api/cluster: Adds cluster logging
test: Addition test logging
lxd/cluster/membership: Improve logging in Rebalance
lxd/daemon: Stop clustering tasks during Stop
lxd/api/cluster: Improve logging in clusterNodeDelete
test: Try and kill LXD daemon that fails to start
lxd/dameon: Removes unnecessary go routines in NodeRefreshTask
lxd/db/db: Use db.PingContext in OpenCluster
lxd/db/db: Rework logging and error handling in OpenCluster
lxc/file: Fix file push help message
lxd/storage/drivers: Handle symlinks when walking file tree
test/suites/backup: Add cephfs
test/suites/backup: Check file content for storage volume backups
i18n: Update translation templates
lxd/cgroup: Fix GetIOStats on cgroup2
lxd/endpoints/network/test: Test tcp4 interface and request via IPv6
lxd/endpoints/network/test: Test tcp4 connection with configured 0.0.0.0 network address
i18n: Update translations from weblate
gomod: Update dependencies

試用環境 ¶

この新しい LXD リリースは私たちのデモサービスで利用できます。

ダウンロード ¶

このリリースの tarball はダウンロードページから取得できます。

ビルド済みバイナリーは次のように使えます:

Linux: snap install lxd
MacOS: brew install lxc
Windows: choco install lxc

LXD 4.18 リリースのお知らせ ¶

3rd of September 2021

はじめに ¶

LXD チームは LXD 4.18 のリリースをお知らせできることにとてもワクワクしています!

今回のリリースは忙しいリリースで、多くの主要な新機能の追加や、さまざまな機能強化、修正が行われています。

Enjoy!

新機能とハイライト ¶

Go モジュールへの移行 ¶

LXD は完全に Go モジュールの使用へと移行しました。この変更はユーザーにはまったく見えないはずです。しかし、Go クライアントパッケージをインポートしたり、LXD のリリースをパッケージングする場合には影響があります。

この変更のために Makefile が更新され、期待通りに動作するはずです。リリース tarball で dist ディレクトリが廃止され、Go がネイティブにサポートする標準的な vendor ディレクトリに置き換えられました。

ネットワーク転送（フローティングIP） ¶

ブリッジと OVN の管理ネットワークでネットワーク転送がサポートされました。

この機能により、ネットワーク自身のサブネットや、（プロジェクトで制限されている場合）プロジェクト内で許可されている外部サブネットからいくつかアドレスを割り当て、ネットワーク内部の任意のアドレスに転送できます。

さらに、ネットワーク転送を使うと、プロトコルとポートをベースに、ひとつのアドレスを複数の内部アドレスに転送できます。

stgraber@dakara:~$ lxc list u1
+------+---------+-----------------------+--------------------------------------------+-----------+-----------+
| NAME |  STATE  |         IPV4          |                    IPV6                    |   TYPE    | SNAPSHOTS |
+------+---------+-----------------------+--------------------------------------------+-----------+-----------+
| u1   | RUNNING | 172.17.250.244 (eth0) | 2602:fc62:b:250:71c2:a0d8:4a72:e17a (eth0) | CONTAINER | 0         |
+------+---------+-----------------------+--------------------------------------------+-----------+-----------+
stgraber@dakara:~$ ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
From 170.39.196.149 icmp_seq=1 Destination Net Unreachable
--- 192.168.1.1 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms

stgraber@dakara:~$ lxc network forward create lxdbr0 192.168.1.1 target_address=172.17.250.244
Network forward 192.168.1.1 created
stgraber@dakara:~$ ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.110 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.049 ms
--- 192.168.1.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1027ms
rtt min/avg/max/mdev = 0.049/0.079/0.110/0.030 ms

stgraber@dakara:~$ nc -v 192.168.1.1 3389
nc: connect to 192.168.1.1 port 3389 (tcp) failed: Connection refused
stgraber@dakara:~$ lxc list win11
+-------+---------+-----------------------+--------------------------------------------+-----------------+-----------+
| NAME  |  STATE  |         IPV4          |                    IPV6                    |      TYPE       | SNAPSHOTS |
+-------+---------+-----------------------+--------------------------------------------+-----------------+-----------+
| win11 | RUNNING | 172.17.250.173 (eth0) | 2602:fc62:b:250:a7ad:46a9:82b6:50db (eth0) | VIRTUAL-MACHINE | 1         |
+-------+---------+-----------------------+--------------------------------------------+-----------------+-----------+
stgraber@dakara:~$ lxc network forward port add lxdbr0 192.168.1.1 tcp 3389 172.17.250.173
stgraber@dakara:~$ nc -v 192.168.1.1 3389
Connection to 192.168.1.1 3389 port [tcp/ms-wbt-server] succeeded!
stgraber@dakara:~$ lxc network forward show lxdbr0 192.168.1.1
description: ""
config:
  target_address: 172.17.250.244
ports:
- description: ""
  protocol: tcp
  listen_port: "3389"
  target_port: ""
  target_address: 172.17.250.173
listen_address: 192.168.1.1
location: none

この例では、外部アドレス（192.168.1.1）を転送アドレスとしてローカルブリッジネットワーク（lxdbr0）に追加し、すべてのトラフィックを u1 に流れるように設定しています。その後、3389 番ポートは win11 に送るように再設定しています。

仕様 : https://discuss.linuxcontainers.org/t/lxd-floating-ip-addresses/11801
ドキュメント : https://linuxcontainers.org/lxd/docs/master/network-forwards

ネイティブ BGP サポート ¶

LXD はたくさんのネットワーク設定をサポートしています。それらのいくつかは、インスタンスが直接パブリックアドレスを取得するために使えます。

このようなシナリオでは、個々のアドレスやサブネットを正しい LXD サーバーにルーティングし、サーバーはインスタンスへトラフィックを転送する必要があるでしょう。

これは、ルーターにスタティックなルーティングエントリーを設定して手動で行えます。しかし、多数のエントリーを扱う場合、これは非常にわずらわしく、エラーが発生しやすくなります。

ここでダイナミックルーティングと BGP の登場です。BGP をサポートすることで、LXD は関連する上流のルーターに直接接続でき、その後使用するすべての外部アドレスとサブネットのアナウンスを開始します。

これは一連の新しい設定オプションを使って設定します。
サーバーの設定レベルでは、これらは次の設定です。

core.bgp_address
core.bgp_asn
core.bgp_routerid

ネットワークレベルでは、次の設定です（ブリッジもしくは OVN アップリンクネットワーク）。

bgp.peers.NAME.address
bgp.peers.NAME.asn
bgp.peers.NAME.password (optional)
bgp.ipv4.nexthop (optional, bridge only)
bgp.ipv6.nexthop (optional, bridge only)

これにより、LXD はピアリングセッションを確立し、すべての外部（非NAT）IPv4 と IPv6 アドレスとサブネットを広告しはじめます!

fw-wan01# show bgp summary·
IPv4 Unicast Summary:
BGP router identifier 45.45.148.250, local AS number 399760 vrf-id 0
BGP table version 200
RIB entries 39, using 7488 bytes of memory
Peers 4, using 85 KiB of memory
Peer groups 4, using 256 bytes of memory

Neighbor                             V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt
45.45.148.251                        4     399760     19844     19843        0    0    0 4d22h57m            1        4
45.45.148.252                        4     399760     19850     19849        0    0    0 5d19h19m            1        4
45.45.148.254                        4      64600     19838     19838        0    0    0 01w6d18h            2        0
2602:fc62:b:1000:5436:5b25:64e4:d81a 4     399760     39020     38840        0    0    0 00:15:09            3        0

Total number of neighbors 4

IPv6 Unicast Summary:
BGP router identifier 45.45.148.250, local AS number 399760 vrf-id 0
BGP table version 197
RIB entries 47, using 9024 bytes of memory
Peers 4, using 85 KiB of memory
Peer groups 4, using 256 bytes of memory

Neighbor                             V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt
2602:fc62:b:101::251                 4     399760     19844     19843        0    0    0 4d22h56m            1        3
2602:fc62:b:101::252                 4     399760     19850     19849        0    0    0 5d19h19m            1        3
2602:fc62:b:101::254                 4      64600     19838     19839        0    0    0 01w6d18h            1        3
2602:fc62:b:1000:5436:5b25:64e4:d81a 4     399760     39020     38840        0    0    0 00:15:09            3        0

Total number of neighbors 4

これは 2602:fc62:b:1000:5436:5b25:64e4:d81a が LXD サーバーである場合の、私の BGP ルーターのひとつからのビューです。見てわかるように、3 つの IPv4 と IPv6 プレフィックスを BGP でアナウンスしています。

仕様 : https://discuss.linuxcontainers.org/t/lxd-bgp-address-route-advertisement/11567
ドキュメント : https://linuxcontainers.org/lxd/docs/master/networks#bgp-integration

OVN での NAT アドレスのカスタマイズ ¶

ovn タイプのネットワークで、IPv4.nat.address と ipv6.nat.address の両方がサポートされるようになりました。

これは、NAT が有効な場合、OVN で設定されたアドレスを、外向きの IPv4 と IPv6 のトラフィックのソースとして使用する場合に期待通りに動作します。

クラスターのディザスターリカバリーのための `lxd cluster edit` コマンド ¶

LXD クラスターを、高可用クラスターで操作するには、3 データーベースサーバー、2 クォーラムから構成されるクォーラムが必要です。これにより、サーバーがひとつ失われても、API とデータベース全体が維持できます。

もし、2 台のマシンがリカバリー不能なダメージを受けて復帰できなかった場合、LXD はクォーラムに到達できないために起動を拒否します。この場合、既存の lxd cluster recovery-from-quorum-loss コマンドにより、他のサーバーを除去するためにデータベースの設定を書き換えることで対処できます。

しかし、8 台からなるクラスターで、3 台がデータベースサーバー、2 台がスタンバイのデータベースサーバー、他の 3 台がシンプルなクライアントであるような、はるかに複雑なケースも考えられます。

同時に 2 台のデータベースサーバーが消滅した場合、LXD は機能しません。しかしこのような環境では、すべての他のサーバーを削除し、ひとつを残して、そこから回復させるようなことは望めません。

このようなシナリオでは、新しく追加された lxd cluster edit と lxd cluster show が役立ちます。これらのコマンドで、各サーバー上の内部的なクラスター設定を見て編集できます。これらを使って、手動でロールを再度シャッフルしたり、ネットワークアドレスを更新したりできます。クラスター内の全サーバーで変更が済むと、LXD を再び起動できます。

ドキュメント : https://linuxcontainers.org/lxd/docs/master/clustering#recover-cluster-members-with-changed-addresses

カスタムボリュームでの Refresh のサポート ¶

lxc storage volume copy コマンドで、lxc copy と同様に --refresh オプションが使えるようになりました。

これにより、足りないスナップショットを転送したり、現在のボリュームの状態を転送したりできます。そして、ボリュームの最新のバックアップを別のプールや別のサーバーに保持するために使えます。

プロジェクトでのデバイス制限の追加 ¶

プロジェクトに対する制限が更新され、これまで使えなかったデバイスタイプが 2 つ追加されました。

新しい設定オプションは次の通りです:

restricted.devices.pci
restricted.devices.proxy

両方とも、信頼できないユーザーにとっては安全ではないと考えられますので、デフォルト値は block です。

ドキュメント : https://linuxcontainers.org/lxd/docs/master/projects

`lxd init` の `--minimal` オプション ¶

lxd init に新たに --minimal オプションが追加されました。

これは、実際は lxd init --auto と同じですが、より正確な名前で追加の設定パラメーターを許可しないコマンドになっています。

これを使うと、default という名前の dir ストレージプールと、lxdbr0 という名前の bridge タイプのネットワークを使って動作する LXD サーバーになります。

インスタンスの状態へいくつかネットワークカウンターを追加 ¶

メトリクス（prometheus）エンドポイントの作業に備えて、インスタンス上のネットワークカウンターを少し拡張し、ドロップしたパケットとエラーの両方を含めるようにしました。

stgraber@dakara:~$ lxc query /1.0/instances/u1/state | jq .network.eth0.counters
{
  "bytes_received": 100946,
  "bytes_sent": 3404,
  "errors_received": 0,
  "errors_sent": 0,
  "packets_dropped_inbound": 0,
  "packets_dropped_outbound": 0,
  "packets_received": 467,
  "packets_sent": 32
}

すべての変更点（翻訳なし） ¶

このリリースでの完全な変更点のリストは次の通りです:

すべてのChangeLog を見る

global: Disable the completion command
lxd/instance/lxc: Rework raw.lxc handling
lxd/storage/zfs: Fix bad key name
lxd/storage/zfs: Fix ListVolumes to use correct pool name
lxd/instance: Don't allow state changes when evacuated
lxd/daemon: Don't auto-start instances when evacuated
lxd/instance: Rework IsMigratable
lxd/device: Add CanMigrate
lxd/instance: Move IsMigratable logic to devices
lxd/instance/common: Fix error message
lxd/cluster: Fix volatile race in restore
tests: Fix expected clustering evacuation result
i18n: Update translations from weblate
lxd/cluster/evacuation: Improve comments
lxd/cluster/evacuation: Use correct project in migration
lxd/cluster/evacuation: Don't start running instances
lxd/cluster/evacuation: Improve status messages
lxd/cluster/evacuation: Fix shutdown during restore
lxd/cluster/evacuation: Start with restoring local instances
doc/instances: Clarifies expectation of uniqueness for volatile.uuid
lxd/instance/instance/utils: Allow cross-project same instance matching on volatile.uuid in IsSameLocgicalInstance
lxd: Fix typo in spelling of IsSameLogicalInstance
lxd/device/nic/routed: Specify zero broadcast address
test: Add test for routed NIC to ensure broadcast address isn't set by liblxc
lxd/network/driver/ovn: Error quoting in Validate
lxd/network/driver/ovn: Adds externalSubnetUsage type
lxd/network/driver/ovn: Improve comments in Validate
lxd/network/driver/ovn: Update ovnNetworkExternalSubnets to return externalSubnetUsage
lxd/network/driver/ovn: Updates ovnNICExternalRoutes to return externalSubnetUsage
lxd/network/driver/ovn: Adds getExternalSubnetInUse function
lxd/network/driver/ovn: n.getExternalSubnetInUse usage in Validate
lxd/network/driver/ovn: n.getExternalSubnetInUse usage in InstanceDevicePortValidateExternalRoutes
api: Adds network_ovn_nat_address extension
lxd/network/driver/ovn: Adds network external NAT address detection to ovnNetworkExternalSubnets
lxd/network/driver/ovn: Adds ipv4.nat.address and ipv6.nat.address support to OVN networks
lxd/network/driver/ovn: Skip our own network's external NAT address during NIC validation of external routes
doc/networks: Adds ipv{n}.nat.address to ovn network
lxd/project/permissions: Removes defaultRestrictionsValues and merges into allRestrictions
lxd/project/permissions: Add restricted.devices.{pci,proxy} defaulting to block
doc/projects: Adds restricted.devices.{pci,proxy} docs
lxd/api/project: Add restricted.devices.{pci,proxy} validation
scripts/bash/lxd-client: Adds restricted.devices.{pci,proxy} to bash completion
lad/project/permissions: Implement restricted.devices.{pci,proxy} restrictions
lxd/device/device/utils/proxy: Improve error messages from ProxyParseAddr
lxd/device/proxy: Use validation helpers for clarity
lxd/device/proxy: Consistent error endings
lxd/device/proxy: Don't allow NAT mode when used inside projects with networks feature
lxd: Switch to new fsnotify
lxd/device/gpu_mdev: Switch to common UUID package
lxd/network/errors: ErrUnknownDriver comment ending
lxd/network/errors: Adds ErrNotImplemented error
lxd/device/device/utils/network: Removes networkParsePortRange
lxd/network/network/utils: Adds ParsePortRange function
lxd/device/device/utils/proxy: network.ParsePortRange usage
global: Use shorter uuid generation syntax
lxd/init: Introduce --minimal
lxc: join tokens are removed by member name, not token
i18n: Update translation template
lxd/init: Allow preseeding cluster_token
lxd/main: Replace cluster node with cluster member
shared/validate: Fix IPv6 wildcard handling in IsListenAddress
lxd/device/gpu_mdev: Fix mdevUUID logic
lxd/response: Rework SmartError to handle wrapped errors from stdlib errors and github.com/pkg/errors
lxd/storage/pools: Use SmartError in storagePoolsPost
lxd/storage/pools/utils: Wrap errors in storagePoolDBCreate
lxd/db/transaction: Adds QueryScan helper function
lxd/db/network/acls: Convert to use tx.QueryScan and tx.tx.QueryRow
test: Update tests with new error text
lxd/storage/backend/lxd: Allow removal of quota from VM filesystem volume if main quota is removed
lxd/storage/drivers/driver/btrfs/volumes: Add log for VM block file quota accounting in SetVolumeQuota
lxd/storage/drivers/driver/dir/volumes: Add log for VM block file quota accounting in SetVolumeQuota
lxd/storage/drivers/driver/btrfs/volumes: Consistently apply referenced limit only and remove exclusive limits in SetVolumeQuota
lxd/network/bridge: Comments
shared/validate: Add IsInRange
lxd/endpoints: Correct bad comment
lxd/endpoints: Rename serveHTTP to serve
doc/rest-api: Refresh swagger YAML
lxd/network/network/utils: Check end port is higher than start port in ParsePortRange
lxd/network/network/utils: Adds SubnetContainsIP function
lxc/network/acl: Fix typos in RunRemove
lxd/cluster/recover: add Recover
lxd/cluster/recover: add updateLocalAddress
shared/api/error: Adds StatusError type
lxd/response/smart: Updates SmartError to detect and use api.StatusError type errors
lxd/network/driver/ovn: Update validateExternalSubnet to use api.StatusErrorf()
client/lxd: Updates lxdParseResponse to "interface smuggle" an api.StatusError type when getting an error response from API
lxd/storage/backend/lxd: Restore pool directory structure on mount if needed
test: Update container recovery tests to check for pool directory structure rebuild
lxd/db/db: add DqliteLatestSegment
lxd/main/cluster: add ClusterConfig and ToRaftNode
lxd/cluster: Drop translated string
lxd/main/cluster: add 'lxd cluster edit' command
lxd/main/cluster: add validateNewConfig
test/suites/clustering: add test_clustering_edit_configuration
lxd/main/cluster: add 'lxd cluster show' command
lxd/rbac: Drop old API
lxd/api_1.0: Improve structure
lxd/daemon: Improve structure
lxd/network/physical: Align with bridged
gomod: Initial port
tests: Silence grep notices
doc/index: Clarify CRIU example
doc/index: Update for gomod
Makefile: Tweak PHONY targets
Makefile: Tweak static-analysis
Makefile: Switch to gomod
tests: Update for gomod
github: Update for gomod
gomod: Update dependencies
lxd/db/network/acls: Removes unnecessary function
lxd/db/network/acls: Removes networkACLConfig from Cluster type for consistency with networkACLConfigAdd
lxd/network/driver/common: Updates validate to use shared.IsUserConfig
Makefile: Cleanup if statements
Makefile: Add support for LXD_OFFLINE
client/util: Adds urlsToResourceNames function
client: Switch *Names functions to use urlsToResourceNames
doc/instances: Capitalize NIC
lxd/device/nic_bridged: Load network during validation
gomod: Update for gobgp
api: network_bgp
doc: Add new configuration keys for BGP
lxd/device/nic_bridged: Support ipv4.routes.external and ipv6.routes.external
scripts: Add BGP config keys
lxd/node: Add core.bgp_address and core.bgp_routerid
lxd/cluster: Add core.bgp_asn
lxd/bgp: Add BGP server
lxd/daemon: Integrate BGP server
lxd/network: Add BGP config keys
lxd/network: Add BGP helpers
lxd/network/physical: Add BGP support
lxd/network/bridge: Add BGP support
lxd/network/ovn: Add BGP support
lxd/device: Shared BGP functions
lxd/device/nic_bridged: Add BGP support
lxd/device/nic_ovn: Add BGP support
doc/networks: Add section on BGP
lxd/firewall/drivers/driver/consts: Adds AddressForward type
lxd/firewall/firewall/interface: Updates InstanceSetupProxyNAT to accept AddressForward
lxd/firewall/drivers/driver/xtables: Updates to support AddressForward
lxd/firewall/drivers/drivers/nftables: Updates to support AddressForward
lxd/firewall/drivers/drivers/nftables: Separate DNAT rules from SNAT rules in InstanceSetupProxyNAT
lxd/device/config/device/proxyaddress: Separate address and ports in ProxyAddress
lxd/device/device/utils/proxy: Updates ProxyParseAddr to support new ProxyAddress format
lxd/device/proxy: Updated to support firewallDrivers.AddressForward and ProxyAddress changes
lxd/main/forkproxy: Updates to support changed ProxyAddress
lxd/main/forkproxy/test: Updates tests to reflect new ProxyAddress structure
Makefile: Use go env GOPATH command to get GOPATH rather than env var GOPATH
Makefile: Build lxd-generate directly to $(GOPATH)/bin/lxd-generate
lxd/db/generate/lex/parse: Remove github.com/pkg/errors dependency
lxd/db/generate/lex/parse: Updates Parse to take an absolute path to package directory
lxd/db/generate/lxd/parse/test: Updates TestParse
lxd/db/generate/db/parse: Updates Packages and defaultPackages to work relative to the LXD source tree
lxd: implement volume import/export for CephFS
lxd/main: Add setfattr to dependencies
lxc/info: Use local timezone
test/suites/clustering: use 'lxd cluster show' for tests
lxd/cluster/membership: make waitLeadership public
shared/api/error: Removes pointer receivers from StatusError functions
shared/api/error: Adds StatusErrorMatch helper function
lxd/response/smart: api.StatusErrorMatch usage in SmartError
Makefile: Set GO111MODULE=on for update-api
client/util: Update urlsToResourceNames to reduce allocations
lxd/network/network/utils: Adds ParseIPToNet and ParseIPCIDRToNet functions
api: Adds network_forward extension
shared/api/network/forward: Adds shared structs for network address forwards
lxd/lifecycle/network/forward: Adds network forwards lifecycle helper
lxd/db/cluster/update: Adds updateFromV49 to create networks_forwards and networks_forwards_config table
lxd/db/network/forwards: Adds network forward management functions
lxd/db/network/forwards: Adds GetProjectNetworkForwardListenAddressesByUplink function
lxd/network/network/interface: Adds network forward management definitions
lxd/network/driver/common: Adds AddressForwards to Info
lxd/network/driver/common: Adds common network forward functions
lxd/network/openvswitch/ovn: Adds LoadBalancerApply function
lxd/network/openvswitch/ovn: Adds LoadBalancerDelete function
lxd/network/driver/ovn: Updates getExternalSubnetInUse to detect network forward listen addresses
lxd/network/driver/ovn: Adds network forward support
lxd/network/driver/ovn: Delete network forwards when network is deleted
lxd/network/driver/ovn: Check that any existing forward target addresses are within the network's subnet(s) in Validate
lxd/network/driver/ovn: Update Info to get common defaults and override as needed
lxd/network/forwards: Adds network forwards APIs
client/lxd/network/forward: Adds network forwards functions
lxc/network/forward: Adds network forward CLI commands
i18n: Update translation template
doc/rest-api: Refresh swagger YAML
doc: Adds network forward docs
lxd/api/cluster: handover leadership when removing leader
test/suites/clustering: add test_clustering_remove_leader
lxd/util/sys: add ReplaceDaemon
lxd/api/cluster: replace daemon when disabling clustering
api: custom_volume_refresh
shared/api: Add Refresh to StorageVolumeSource
doc/rest-api: Refresh swagger YAML
client: Add Refresh flag to StoragePoolVolumeCopyArgs
lxd/storage: Improve errors
lxd/storage/utils: Add SyncSnapshotsVolumeGet
lxd/storage: Fix Refresh with CreateCustomVolumeFromMigration
lxd/storage: Add RefreshCustomVolume method for lxdBackend
lxd/migrate: Add refresh for custom volumes
lxd/storage: Add Refresh support for custom volumes
lxc/storage/volume: Add refresh flag to copy
i18n: Update translation templates
tests: Add test cases for copy operation refresh flag
doc/index: Update min packages required to operate LXD
doc/index: Add recommendation about min memory size needed
doc: Don't assume that Go's bin path is ~/go/bin
doc/requirements: Adds minimum memory requirements to build
lxd/network/network/utils: Adds nicUsesNetwork function
lxd/network/driver/ovn: Parse multiple CIDR routes in ovnNICExternalRoutes
lxd/network/driver/common: Moves externalSubnetUsage to common
lxd/network/driver/ovn: Removes externalSubnetUsage
lxd/network/driver/ovn: externalSubnetUsage updated usage
lxd/network/driver/ovn: Updates ovnNetworkExternalSubnets to use nicUsesNetwork function
lxd/db/network/forwards: Corrects description of GetProjectNetworkForwardListenAddressesByUplink
lxd/db/network/forwards: Consistent formatting in GetProjectNetworkForwardListenAddressesByUplink
lxd/util/net: add IsWildcardAddress
lxd/api/cluster: block core.https_address wildcard in cluster bootstrap
doc/clustering: add 'lxd cluster edit' documentation
lxd/endpoints/network: don't give up if no network listeners exist
lxd/endpoints/cluster: check for unset networkAddress before returning
lxd/endpoints/endpoints: fallback from network to cluster address
lxd/node/config: assign default port to listener addresses if none given
test/suites/clustering: expand tests to check listener addresses
lxc/main/aliases: Fix panic when empty argument passed to lxc command
test: Improve container devices proxy xtables tests
test: Fix tabbing in container devices proxy test
shared/api: Add Errors{Received,Sent} to network counters
shared/netutils: Fill Errors counters
doc: Update Rest API
test: Improve error checks for proxy device
lxd/db/network/forwards: Improve comments
lxd/db/network/forwards: Adds memberSpecific arg to GetNetworkForwardListenAddresses
lxd/db/network/forwards: Adds memberSpecific arg to GetNetworkForwards
lxd/network/forwards: cluster.GetNetworkForwards usage
lxd/network/forwards: cluster.GetNetworkForwardListenAddresses
lxd/network/driver/ovn: n.state.Cluster.GetNetworkForwards usage
lxd/network/driver/ovn: n.state.Cluster.GetNetworkForwardListenAddresses usage
lxd/firewall/drivers/drivers/nftables: Rework InstanceSetupProxyNAT to accommodate network forward support
lxd/firewall/drivers/drivers/xtables: Fix proxy NAT listen port in InstanceSetupProxyNAT
api: Add network_counters_errors extension
lxd/network/network/utils: Adds BridgeNetfilterEnabled function
lxd/device/proxy: network.BridgeNetfilterEnabled usage
lxd/device/nic/bridged: network.BridgeNetfilterEnabled usage
lxd/device/proxy: Improve connect IP error messages
shared/api: Add PacketsDropped{Inbound,Outbound} to network counter
shared/netutils: Fill Dropped counters
doc: Update Rest API
api: Extend network_counters_errors API extension
lxd/device/proxy: Improve post-start error messages to include device name
lxd/device/proxy: Use structured logging for br_netfilter warning in setupNAT
Remove mkdocs.yml
.github/workflows: Update go versions
lxd/network/network/utils: Exports NICUsesNetwork
lxd/network/driver/ovn: NICUsesNetwork usage
lxd/device/nic/bridged: network.NICUsesNetwork usage in validate
lxd/firewall/firewall/interface: Add NetworkApplyForwards definition
lxd/firewall/drivers/drivers/nftables: Adds NetworkApplyForwards implementation
lxd/firewall/drivers/drivers/nftables: Updates NetworkClear to remove address forward chains
lxd/firewall/drivers/drivers/xtables: Updates iptablesClear to support removing rules by matching multiple comments
lxd/firewall/drivers/drivers/xtables: Adds networkForwardIPTablesComment and updates NetworkClear to remove rules with that comment
lxd/firewall/drivers/drivers/xtables: Adds iptablesCommentPrefix
lxd/firewall/drivers/drivers/xtables: Adds NetworkApplyForwards implementation
lxd/db/network/forwards: Adds GetProjectNetworkForwardListenAddressesOnMember function
lxd/network/driver/bridge: Adds network forward support
lxd/device/nic/bridged: Consistent comment ending
lxd/device/nic/bridged: Enable hairpin mode on NIC ports when network has forwards
doc: Add bridge network forwards docs
test: Adds network forward tests for bridge nftables and xtables
lxc/copy: Don't allow --refresh and --no-profiles
i18n: Update translation templates
lxc/cluster: Comment improvement
lxd/api/cluster: Adds mutex to clusterNodesPost to prevent concurrent requests creating duplicates
gomod: Update dependencies
i18n: Update translations from weblate

試用環境 ¶

この新しい LXD リリースは私たちのデモサービスで利用できます。

ダウンロード ¶

このリリースの tarball はダウンロードページから取得できます。

ビルド済みバイナリーは次のように使えます:

Linux: snap install lxd
MacOS: brew install lxc
Windows: choco install lxc

Older news¶

Contents

LXD 4.21 リリースのお知らせ
LXD 4.20 リリースのお知らせ
LXD 4.0.8 リリースのお知らせ
LXD 4.19 リリースのお知らせ
LXD 4.18 リリースのお知らせ
Older news

News¶

LXD 4.21 リリースのお知らせ¶

はじめに ¶

新機能とハイライト ¶

クラスターメンバーグループ ¶

cloud-init サポートの再実装 ¶

信頼済み証明書の自己更新 ¶

プロジェクトでのディスクパススルーの制限 ¶

プロジェクトでの idmap uid/gid の制限 ¶

lxc --sub-commands によるすべてのコマンドのリスト表示 ¶

--all-projects を使ったプロジェクトをまたいだインスタンスのリスト表示 ¶

新しい database-leader クラスターロール ¶

一貫性のある単位 ¶

仮想マシンでの routed ネットワーク ¶

routed タイプの NIC での ipv4.routes と ipv6.routes のサポート ¶

ネットワークゾーンで NAT されたアドレスをスキップするオプション ¶

セキュリティフィルタリングオプションを使った IP アドレスファミリーのブロック ¶

遅い可能性のある rbd du を無効化する新たなストレージ設定オプション ceph.rbd.du ¶

プロジェクト間のインスタンスとボリュームの移動の最適化 ¶

クラスタメンバー間のカスタムボリュームのコピー・移動のサポート ¶

すべての変更点（翻訳なし）¶

試用環境 ¶

ダウンロード ¶

LXD 4.20 リリースのお知らせ ¶

はじめに ¶

新機能とハイライト ¶

仮想マシンのライブマイグレーション ¶

OVN 向けネットワークピアリング ¶

ネットワークゾーン（DNS） ¶

OVN ネットワークでの SR-IOV アクセラレーション ¶

コンテナでの Linux sysctl 設定 ¶

仮想マシンのコアスケジューリング ¶

クラスターメンバーの設定 ¶

ネットワークリースの改良 ¶

すべての変更点（翻訳なし） ¶

試用環境 ¶

ダウンロード ¶

LXD 4.0.8 リリースのお知らせ¶

はじめに ¶

バグ修正と改良 ¶

試用環境 ¶

ダウンロード ¶

LXD 4.19 リリースのお知らせ¶

はじめに ¶

新機能とハイライト ¶

インスタンスメトリクス ¶

lxc cluster list の再実装 ¶

ブロックカスタムストレージボリュームのエクスポート ¶

すべての変更点（翻訳なし） ¶

試用環境 ¶

ダウンロード ¶

LXD 4.18 リリースのお知らせ¶

はじめに ¶

新機能とハイライト ¶

Go モジュールへの移行 ¶

ネットワーク転送（フローティングIP） ¶

ネイティブ BGP サポート ¶

OVN での NAT アドレスのカスタマイズ ¶

クラスターのディザスターリカバリーのための lxd cluster edit コマンド ¶

カスタムボリュームでの Refresh のサポート ¶

プロジェクトでのデバイス制限の追加 ¶

lxd init の --minimal オプション ¶

インスタンスの状態へいくつかネットワークカウンターを追加 ¶

すべての変更点（翻訳なし） ¶

試用環境 ¶

ダウンロード ¶

Older news¶

LXD 4.21 リリースのお知らせ ¶

`lxc --sub-commands` によるすべてのコマンドのリスト表示 ¶

`--all-projects` を使ったプロジェクトをまたいだインスタンスのリスト表示 ¶

新しい `database-leader` クラスターロール ¶

`routed` タイプの NIC での `ipv4.routes` と `ipv6.routes` のサポート ¶

遅い可能性のある `rbd du` を無効化する新たなストレージ設定オプション `ceph.rbd.du` ¶

LXD 4.0.8 リリースのお知らせ ¶

LXD 4.19 リリースのお知らせ ¶

`lxc cluster list` の再実装 ¶

LXD 4.18 リリースのお知らせ ¶

クラスターのディザスターリカバリーのための `lxd cluster edit` コマンド ¶

`lxd init` の `--minimal` オプション ¶