News¶
LXD 4.12 リリースのお知らせ¶
5th of March 2021
はじめに ¶
LXD チームは LXD 4.12 のリリースをお知らせできることにとてもワクワクしています!
このリリースの目玉機能は間違いなく、ネットワーク ACL を導入したことです。現時点では、この機能は OVN ネットワークでのみ使えますが、すぐに普通の LXD ブリッジでも使えるようになるでしょう。
さらに、このリリースでは仮想マシンのステートフルな停止とスナップショット、新しい Ceph の設定オプション、そしてプロジェクト向けのたくさんの新機能も追加されています。
最後に LXD チームは、このリリースでの多数の LXD の新機能に取り組んでくれた Piotr Resztak に感謝の意を表したいと思います。
Enjoy!
新機能とハイライト ¶
ネットワーク ACL の初期サポート(OVN のみ) ¶
LXD はネットワーク ACL (access control list) の仕組みを持つようになりました。これを使って、ACL をいくつでも作成でき、それをネットワーク全体や特定のインスタンス NIC に割り当てられるようになりました。
各 ACL は、入出力のルールの組や、いくつかの設定を含む場合があります。
ACL は、トラフィックのソースとディスティネーションとしてお互いを参照でき、アドレスですべてをトラッキングするのではなく、インスタンスをラベリングし、ルール内でそれらのラベルを使うことができます。
例えば、3 つの ACL を持つネットワークがあるとします:
- default(ネットワークに対して適用)、一般的な外部サービス向けの外向きの通信を許可します
- web(Web サーバーに対して適用)、TCP 80/443 番ポートに対する内向きの通信を許可します
- database(データベースサーバーに対して適用)、
web内のサーバーから TCP 5432 番ポートに対する内向きの通信を許可します
この機能はすべて lxc network acl コマンドで設定でき、設定すると security.acls を使ってネットワークやインスタンスに割り当てられます。
この機能は現時点では OVN ネットワークでのみ使えます。LXD 4.13 では、いくつかの制限はあるかもしれませんが、xtables と nft ファイアウォールドライバーを使った、マネージドな LXD ブリッジにも拡張する予定です。
仮想マシンでのステートフルな停止とスナップショット ¶
LXD が仮想マシンの実行中の状態をディスクにダンプできるようになりました。この機能は lxc stop --stateful と lxc snapshot --stateful コマンドで実行できます。
ステートフルな停止の場合、VM の状態はディスクに書き出され、その後エミュレーターは停止します。再度 VM を実行したい場合は、単に lxc start と実行すると、VM の状態がリストアされ、停止した時点から実行が再開されます。
同様に、ステートフルなスナップショットは、スナップショット時点の VM の実行状態を記録します。lxc restore --stateful コマンドを使って、VM 実行時の状態も含めて、その VM をその時間に戻すことができます。
この機能は、特にホストの再起動前に実行中の VM を限定的に中断できるので便利です。また、lxc move を使ってこのような VM を再配置し、他のシステム上で停止していた所から処理を再開することもできます(現時点では全く同じ CPU が必要です)。
これらと同じメカニズムは近い将来、VM のライブマイグレーション機能を実現するために拡張される予定です。そして、ダウンタイムをさらに短縮し、VM を少し違う CPU に移動できるようにいくつかの制限を追加する予定です。
これを可能にするために、VM では migration.stateful を true に設定し、size.state を root ディスクデバイスに設定し、実行状態を保存するための追加スペースを確保しなければなりません。このモードでは、PCI パススルーと virtiofs は無効化されます。
プロジェクト内に制限された証明書 ¶
LXD のトラストストア内の特定の証明書を、特定のプロジェクトでのみ有効にできるようになりました。このように設定すると、制限された証明書は制限されたロールとなり、グローバルな設定に影響を与えるのを防いだり、プロジェクトの再設定を防いだりできます。
これは LXD で Canonical の RBAC サービスを通して operator ロールを取得しているのとほぼ同等です。
このような管理を行うために、新しいコマンドである lxc config trust edit と lxc config trust show を追加しました。lxc config trust add は --restricted と --projects が使えるように拡張されました。
プロジェクトレベルのサーバーの設定オプションサポート ¶
多数のグローバルな設定オプションがプロジェクト特有の値を持てるようになりました:
- images.compression_algorithm
- backups.compression_algorithm
- images.remote_cache_expiry
- images.auto_update_cache
これらをプロジェクト内に設定すると、グローバル設定のそれぞれの値が上書きされます。
プロジェクトでクラスターのターゲット指定を制限可能 ¶
4.12 で追加されたもうひとつのプロジェクト設定キーは restricted.cluster.target です。
これを設定すると、制限のかかったプロジェクト内の管理者以外のユーザーは、クラスターメンバーのターゲット指定(--target)が使えなくなります。その際でも、管理者にはそれが許可されていますので、手動でのクラスターのリバランスやノードの退避操作を行えます。
Ceph 機能の設定オプション ¶
新たに Ceph ストレージプール用の設定オプションが追加されました。ceph.rbd.features は新たなボリュームで有効にする RBD 機能のカンマ区切りのリストです。これは、これまではハードコードされていたデフォルト値の layering を置き換えます。そして、すべてのシステムでサポートされている場合に、最新の Ceph の機能を有効にできます。
lxd init --dump と --preseed でのプロジェクトサポート ¶
lxd init --dump は YAML 出力の一部としてプロジェクトを含むようになりました:
projects:
- config:
features.images: "true"
features.networks: "true"
features.profiles: "true"
features.storage.volumes: "true"
description: Default LXD project
name: default
- config:
features.images: "true"
features.profiles: "true"
features.storage.volumes: "true"
description: ""
name: demo
そしてこれにより、当然 lxd init --preseed にフィードバックして新しいサーバーを設定できます。
Initial auto-generated REST-API documentation¶
LXD は手動で更新されている REST API documentation の代わりに、API ドキュメントをゆっくり Swagger に移行しています。
現在はいくつかのエンドポイントのみをサポートしており、LXD 4.13 でこの作業が終えるつもりです。プレビューは https://dl.stgraber.org/swag-lxd/ でご覧になれます。
すべての変更点(翻訳なし) ¶
このリリースでの完全な変更点のリストは次のとおりです:
- containers: simplify wstatus.Close() logic in Exec()
- containers: reap zombies on attach failure
- seccomp: block openat2()
- lxd/instance/qemu/qmp: Add SendFile, Migrate and MigrateIncoming
- lxd/instance/qemu/qmp: Add ping function
- lxd/instance/qemu/qmp: Re-shuffle functions
- lxd/instance/qemu/qmp: Rework run() function
- lxd/instance/qemu/qmp: Update commands to use run()
- lxd/network/network/utils: Fixes InterfaceExists to not return true if arg is empty string
- lxd/device/nic/routed: Dont give sysctl read error when invalid value
- lxd/device/nic/ipvlan: Dont give sysctl read error when invalid value
- lxd/device/nic/ipvlan: network.InterfaceExists usage
- lxd/device/nic/ipvlan: Detach ipvlan interface back to random host name on stop, then delete
- lxd/db/instances: Adds ErrInstanceListStop that can be returned from InstanceList to stop search
- shared/validate/validate: Adds IsNetworkRange and IsNetworkAddressCIDR functions
- shared/validate/validate: Adds IsNetworkPort and IsNetworkPortRange functions
- lxd/util/config: Adds SplitNTrimSpace function
- lxd/util/config: Avoid unnecessary allocations in CopyConfig
- api: Adds network_acl extension
- shared/api/network/acl: Adds shared struct types for Network ACLs
- shared/api/network/acl: Adds rule Normalise function
- lxd/db/cluster: Adds networks_acls and networks_acls_config tables
- lxd/db/network/acls: Adds GetNetworkACL function
- lxd/db/network/acls: Adds CreateNetworkACL function
- lxd/db/network/acls: Adds GetNetworkACLs function
- lxd/db/network/acls: Adds UpdateNetworkACL function
- lxd/db/network/acls: Adds RenameNetworkACL function
- lxd/db/network/acls: Adds DeleteNetworkACL function
- lxd/network/acl: Adds ACL package for managing Network ACLs
- lxd: Add network-acls API hooks
- lxd/network/acls: Implements networkACLGet function
- lxd/network/acls: Implements networkACLsPost function
- lxd/network/acls: Implements networkACLsGet function
- lxd/network/acls: Implements networkACLPut function
- lxd/network/acls: Adds PATCH support to networkACLPut
- lxd/network/acls: Implements networkACLPost function
- lxd/network/acls: Implements networkACLDelete function
- client/interfaces: Adds CreateNetworkACL
- client/interfaces: Adds GetNetworkACLs
- client/interfaces: Adds GetNetworkACL
- client/interfaces: Adds UpdateNetworkACL
- client/interfaces: Adds RenameNetworkACL
- client/interfaces: Adds DeleteNetworkACL
- client/interfaces: Adds GetNetworkACLNames
- client/lxd/network/acls: Implements CreateNetworkACL function
- client/lxd/network/acls: Implements GetNetworkACLs function
- client/lxd/network/acls: Implements GetNetworkACL function
- client/lxd/network/acls: Implements UpdateNetworkACL function
- client/lxc/network/acls: Implements RenameNetworkACL function
- client/lxd/network/acls: Implements DeleteNetworkACL function
- client/lxd/network/acls: Implements GetNetworkACLNames function
- lxc/network: Registers acl subcommand from network command
- lxc/network/acl: Add network acl command section
- lxc/network/acl: Adds cmdNetworkACLCreate command
- lxc/network/acl: Adds cmdNetworkACLList command
- lxc/network/acl: Adds cmdNetworkACLGet and cmdNetworkACLShow commands
- lxc/network/acl: Adds cmdNetworkACLSet command
- lxc/network/acl: Adds cmdNetworkACLUnset command
- lxc/network/acl: Adds cmdNetworkACLEdit command
- lxc/network/acl: Adds cmdNetworkACLRename command
- lxc/network/acl: Adds cmdNetworkACLDelete command
- lxc/network/acl: Adds cmdNetworkACLRule subcommand with add/remove rule commands
- doc/rest-api: Adds network ACL endpoint docs
- test: Adds network ACL tests
- doc/network-acls: Adds Network ACLs documentation
- i18n: Update translation templates
- lxd/network/driver/ovn: Uplink loading error improvements
- lxd/device/nic/sriov: network.InterfaceExists usage
- lxd/network/network/utils: InterfaceExists usage in InterfaceBindWait
- lxd/device/nic/sriov: Use random VF MAC if VF has no automatic MAC set
- lxd/instance/qemu: Rework lxd-agent startup
- lxd/device/disk: Validate that the pool is not pending
- api: migration_stateful
- shared: Add migration.stateful
- doc/instance: Add migration.stateful
- lxd/instance/qemu: Add migration.stateful support
- lxd/device: Add migration.stateful support
- lxd/instance/qemu: Add checks for migration.stateful
- api: disk_state_quota
- doc/instances: Add size.state
- lxd/storage: Add support for size.state
- lxd/api: Port to updated SetInstanceQuota
- lxd/device/disk: Add support for size.state
- lxd/instance: Prevent stateful snapshots of VMs
- lxd/instance/qemu: Add stateful stop/start
- doc: Drop API extension columns
- api: storage_ceph_features
- lxd/storage: Add ceph.rbd.features
- doc/storage: Add ceph.rbd.features
- scripts/bash: Add ceph.rbd.features
- doc: Fix bad Github action link
- lxd/instance/qemu/qmp: Switch back to upstream repo
- lxd/device/device/interface: Adds Type interface for accessing type specific functions of a device
- lxd/device/device/common: UpdatableFields signature change
- lxd/device/nic/bridged: UpdatableFields signature change
- lxd/device/nic/p2p: UpdatableFields signature change
- lxd/device/nic/routed: UpdatableFields signature change
- lxd/device/disk: UpdatableFields signature change
- lxd/device/device/load: Adds newByType and LoadByType functions
- lxd/instance/drivers: UpdatableFields usage
- lxd/device/device/utils/network: Changes veth route functions to not depend on device specific logic
- lxd/device/nic/bridged: Switches to use NIC type agnostic route helper functions
- lxd/device/nic/p2p: Switches to use NIC type agnostic route helper functions
- lxd/instance/drivers/driver/common: Update comment for deviceVolatileReset to match
- lxd/instance/drivers/driver/lxc: Removes deviceResetVolatile provided by common
- lxd/instance/drivers/driver/qemu: Removes deviceResetVolatile provided by common
- lxd/instance/drivers: d.deviceVolatileReset usage
- doc/preseed: LXD is pronounced lex-dee
- doc/api-extensions: LXD is pronounced lex-dee
- tests: Typo fix
- lxd/storage: LXD is pronounced lex-dee
- lxd/firewall: LXD is pronounced lex-dee
- lxd/network: LXD is pronounced lex-dee
- lxd/api: LXD is pronounced lex-dee
- lxd/device: LXD is pronounced lex-dee
- lxd/storage/utils: Updates VolumeUsedByExclusiveRemoteInstancesWithProfiles to use db.ErrInstanceListStop
- lxd/network/network/utils: Adds optimisation to UsedBy when firstOnly is true
- lxd/network/network/utils: Removes whitespace trimming from SubnetParseAppend
- lxd/api/project: Updates projectValidateRestrictedSubnets to use util.SplitNTrimSpace
- lxd/network/driver/ovn: Switch to util.SplitNTrimSpace
- lxd/device/nic/ovn: Updates usage of network.SubnetParseAppend to use util.SplitNTrimSpace
- lxd/network/acl/acl/load: Adds Exists function
- lxd/network/acl/acl/load: Adds UsedBy function
- lxd/network/acl/driver/common: Updates usedBy to use UsedBy
- lxd/network/driver/ovn: Adds OVNInstanceNICSetupOpts and OVNInstanceNICOpts types
- lxd/network/driver/ovn: InstanceDevicePortAdd updated arguments
- lxd/network/driver/ovn: InstanceDevicePortDelete updated arguments
- lxd/network/driver/ovn: n.InstanceDevicePortAdd usage
- lxd/device/nic/ovn: ovnNet update of arguments
- lxd/device/nic/ovn: d.network.InstanceDevicePortAdd and d.network.InstanceDevicePortDelete usage
- lxd/network/openvswitch/ovn: Converts LogicalSwitchPortExists to LogicalSwitchPortUUID
- lxd/network/openvswitch/ovn: Converts string UUID variables to their own dedicated types
- lxd/network/driver/ovn: Updates usage of OVN UUID types
- lxd/network/driver/ovn: client.LogicalSwitchPortUUID usage
- lxd/network/driver/ovn: Adds DNSName to OVNInstanceNICStartOpts
- lxd/network/driver/ovn: Updates InstanceDevicePortAdd with opts.DNSName field name change
- lxd/network/driver/ovn: Updates InstanceDevicePortAdd with opts.DNSName field name change in handleDependencyChange
- lxd/device/nic/ovn: Updates use of d.network.InstanceDevicePortAdd with DNSName
- utils: trim whitespace from block device UUID
- lxd/storage/drivers/btrfs: Add up fs and block quota for VMs
- lxd/storage/drivers/dir: Pass int64 size to setQuota
- lxd/storage/drivers/dir: Add up fs and block quota for VMs
- shared/validate/validate: Add IsCompressionAlgorithm
- lxd/projects: Add backups.compression_algorithm and images.compression_algorithm
- lxd/cluster: Update compression validation
- lxd/images: Add checks for images.compression_algorithm
- lxd/backup: Add checks for backups.compression_algorithm
- doc/projects: Add backups.compression_algorithm and images.compression_algorithm
- api: projects_compression
- lxd/instance: Move CreateInternal
- lxd/instance/drivers: Rename restart to restartCommon
- lxd/instance/drivers: Move snapshot creation to the driver
- lxd/network/network/utils: Converts UsedBy to use InstanceList function
- lxd/network/network/utils: Changes isInUseByDevices to isInUseByDevice
- lxd/network/network/utils: Adds usedByInstanceDevices function
- lxd/device/nic/ovn: Removes non-ovn related limit code, use network.InterfaceExist
- lxd/network/driver/ovn: Removes unnecessary calls to CloneNative in ovnNICExternalRoutes
- lxd/instance/qemu: Add restoreState
- lxd/instance/qemu: Add saveState
- lxd/instance/qemu: Add stateful snapshot
- lxd/db: Fix bad indent
- lxd/db: Fix projects_used_by_ref for remote storage
- lxd/cluster: Guarantee single hearbeat loop
- doc/rest-api: Fix and clarify backup API
- lxd/cluster: Improve heartbeat logging
- lxd/api: Don't use potentially nil struct
- lxd/init: Better error on invalid auto-detect fan underlays
- doc/rest-api: More fixes for backups
- lxd: Remove ReadToJSON
- lxd/db: Fix RenameCertificate
- lxd/certificate: Modernize DB handling
- lxd/certificate: Rework cache
- lxd/projects: Add images.remote_cache_expiry
- lxd/db/images: Changes GetExpiredImages to GetExpiredImagesInProject
- lxd/images: Support images.remote_cache_expiry per-project
- doc/projects: Add images.remote_cache_expiry
- api: projects_images_remote_cache_expiry
- doc/backup: Mention subuid/subgid
- lxd/db/certificates: Fix bad error handling
- api: certificate_project
- shared/api: Add restricted and projects to certificate
- lxd/db: Add support for restricted certificates
- lxd/certificates: Add support for restricted and projects
- lxd/daemon: Add TLS permission checks
- doc/security: Cover TLS restrictions
- lxc/config/trust: Add Edit
- lxc/config/trust: Add Show
- i18n: Update translation templates
- tests: Validate TLS restrictions
- lxd/instance/drivers/driver/lxc: Log when skipping volume delete in a recovery import scenario
- lxd/api/internal: Don't create .importing file when performing a backup import in internalImport
- lxd/api/internal: internalImport usage
- lxd/instance/instance/utils: CreateInternal usage of revert package
- lxd/instances/post: internalImport usage
- lxd/network/network/utils: Reorder UsedBy logic to do cheapest searches first
- lxd/db/network/acls: Makes slice allocation more efficient in GetNetworkACLs
- lxd/db/network/acls: Adds GetNetworkACLIDsByNames function
- lxd/network/openvswitch/ovn: Adds PortGroupUUID function
- lxd/network/openvswitch/ovn: Adds PortGroupAdd function
- lxd/network/openvswitch/ovn: Adds PortGroupMemberAdd function
- lxd/network/openvswitch/ovn: Adds OVNACLRule struct type
- lxd/network/openvswitch/ovn: Adds PortGroupSetACLRules function
- lxd/network/openvswitch/ovn: Adds PortGroupDelete function
- lxd/network/openvswitch/ovn: Adds LogicalSwitchSetACLRules function
- lxd/network/openvswitch/ovn: Adds PortGroupMemberDelete function
- lxd/network/acl/acl/ovn: Adds OVN ACL helper functions
- lxd/network/acl: Adds support for using state when creating ACL record
- lxd/network/acl/acl/load: Updates UsedBy to allow searching for multiple ACLs in one pass
- lxd/network/acl/driver/common: Updates usedBy to use updated UsedBy helper function
- lxd/network/acl/driver/common: Makes Update apply new ACL rules to OVN port groups and instance ports
- lxd/network/driver/ovn: Applies baseline network ACL rules in setup via acl.OVNApplyNetworkBaselineRules
- lxd/network/driver/ovn: Adds SecurityACLs and SecurityACLsRemove to OVNInstanceNICStartOpts
- lxd/network/driver/ovn: Adds Security ACL support to InstanceDevicePortAdd
- lxd/network/driver/ovn: Adds PortGroupDeleteIfUnused to remove unused ACL port groups
- lxc/network/driver/ovn: Adds support for security.acls assigned to OVN networks
- lxd/device/nic: Adds security.acls optional field
- lxd/device/nic/ovn: Adds security.acls support for OVN NICs
- doc/metadata: Adds Network ACL left menu item section
- api: Adds network_ovn_acl extension
- doc: Adds security.acls property to OVN networks and NICs
- tests: Reword deadcode
- lxd/db: Remove unused code
- shared/log15: Remove dead code
- lxd/network/acl: Remove unused code
- lxd/storage/drivers/driver/btrfs: Unset pool size setting during creation if not relevant
- lxd/storage/drivers/driver/btrfs: Consisent error quoting in Create
- lxd/storage/pools/config: Consistent error quoting in storagePoolValidateConfig
- driver_lxc: pass flags to shiftfs mount
- lxd/network/driver/bridge: Ensure that DHCP firewall rules are added in fan mode
- lxd/network/driver/ovn: Don't delete port groups if their associated ACLs are referenced by rules in other ACLs
- lxd/network/acl/acl/ovn: Adds OVNEnsureACLs function and unexports ovnApplyToPortGroup
- lxd/network/acl/driver/common: Switch Update to use OVNEnsureACLs
- lxd/network/driver/ovn: Switch setup to use OVNEnsureACLs
- lxd/network/driver/ovn: Switch InstanceDevicePortAdd to use OVNEnsureACLs
- Makefile: Add update-api
- shared/api: Label Server structs
- lxd: Setup API metadata
- lxd: Add / and /1.0 to swagger
- tests: Update deadcode for swagger
- doc: Include initial YAML version of rest-api
- lxd/certificates: Add to swagger
- shared/api: Label Certificate structs
- doc/rest-api/swagger: Update for certificates
- lxd/storage/drivers/utils: Comment clarify in BlockDiskSizeBytes
- lxd/network/openvswitch/ovn: Renames PortGroupUUID to PortGroupInfo
- lxd/network/acl/acl/ovn: client.PortGroupInfo usage
- lxd/network/driver/ovn: client.PortGroupInfo usage
- lxd/network/acl/acl/ovn: Refactors OVNEnsureACLs to be smarter in how it sets up referenced ACLs
- lxd/network/driver/ovn: Don't check if port group exists when removing port member in InstanceDevicePortAdd
- lxd/resources/storage: Rework block size handling
- Updated instanceLogDelete function
- lxd/device/disk: Tweak mkisofs flags
- lxd/init: Add projects to dump/init preseed
- lxd/network/driver/ovn: Consistently use aclNameIDs var name
- lxd/instance/post: Update instancePostClusteringMigrate to respect instance's project
- lxd/instance/backup: Makes returned containers resource conditional on instance type
- lxd/instance/console: Conditional containers resources
- lxd/instance/delete: Updates instanceDelete to use inst var and makes returned containers resources conditional on instance type
- lxd/instance/exec: Makes containers resources conditional on instance type
- lxd/instance/post: Renames c to inst and makes containers resources conditional on instance type
- lxd/instance/put: Renames c to inst and makes containers resources conditional on instance type
- lxd/instance/snapshot: Renames sc to snapInst and makes containers resources conditional on instance type
- lxd/instances/post: Makes containers resources conditional on instance type
- lxd/device/nic/ovn: Clearer error message in validateConfig
- lxd/network/openvswitch: Centralises DB OVN connection string retrieval in NewOVN
- lxd/network/driver/ovn: openvswitch.NewOVN usage
- lxd/network/acl/driver/common: openvswitch.NewOVN usage
- lxd/network/acl/acl/ovn: Adds OVNPortGroupDeleteIfUnused
- lxd/network/driver/ovn: Removes PortGroupDeleteIfUnused and acl.OVNPortGroupDeleteIfUnused usage
- lxd/device/nic/ovn: acl.OVNPortGroupDeleteIfUnused usage
- lxd/network/acl/driver/common: Calls OVNPortGroupDeleteIfUnused during Update
- lxd/network/acl/acl/load: Only return unique list of ACLs when matching on ACL rulesets in UsedBy
- lxd/network/acl/acl/ovn: Create referenced ACL port groups when reapplying rules from an existing ACL
- doc/rest-api: Updates backup endpoint docs
- lxd/cluster: Don't warn about pending nodes
- lxd/instances: Fix instance copy within project
- netutils: improve file descriptor retrieval and increase robustness
- lxd/cluster: Remove AutoUpdateInterval and RemoteCacheExpiry
- lxd/daemon: Add daemon startTime variable, remove taskAutoUpdate
- lxd/instances/post: Support images.auto_update_cached per-project
- lxd/api: Remove taskAutoUpdate reset
- lxd/projects: Add images.auto_update_cached and images.auto_update_interval
- lxd/images: Support images.auto_update_interval per-project
- api: projects_images_auto_update
- doc/projects: Add images.auto_update_cached and images.auto_update_interval
- Update for Go 1.17 go:build tags
- lxd/api: Add project and target arguments to doc
- shared/api: Add comments to certificate fields
- shared/api: Add comments to server fields
- lxd/resources: Add swagger documentation
- shared/api: Label Resources structs
- doc/rest-api: Refresh swagger YAML
- doc/projects: Projects aren't restricted by default
- lxc/config/trust: Allow restricting on add
- i18n: Update translation templates
- lxd/storage/drivers/util: Updates ensureVolumeBlockFile to add unsupportedResizeTypes argument
- lxd/storage/drivers/driver/btrfs/volumes: Updates CreateVolume with ensureVolumeBlockFile comments
- lxd/storage/drivers/driver/btrfs/volumes: Updates SetVolumeQuota to pass VolumeTypeImage to ensureVolumeBlockFile
- lxd/storage/drivers/driver/dir/volumes: Comment improvement in CreateVolume
- lxd: improve unix fd retrieval infrastructure
- lxd/db: Don't fail preparing statements for activateifneeded
- unixfd: vet all parameters
- lxd/internal: Don't access undefined fields
- tests: Fix project limits on arm64
- doc/README: Drop readthedocs
- lxd/network/acl/acl/load: Adds NetworkUsage function
- lxd/network/acl/driver/common: Adds ruleSubjectInternal and ruleSubjectExternal constants
- lxd/network/acl/driver/common: Updates validateRule to allow ruleSubjectInternal and ruleSubjectExternal values
- lxd/network/openvswitch/ovn: Updates LogicalSwitchDelete to delete associated port groups
- lxd/network/openvswitch/ovn: Adds setACLRules to more efficiently set multiple rules in one command
- lxd/network/openvswitch/ovn: Updates LogicalSwitchSetACLRules to use o.setACLRules
- lxd/network/openvswitch/ovn: Updates PortGroupAdd to support associating to a project and optionally another port group and/or logical switch
- lxd/network/openvswitch/ovn: Updates PortGroupDelete to support multiple specified port groups
- lxd/network/openvswitch/ovn: Updates PortGroupSetACLRules to use o.setACLRules
- lxd/network/openvswitch/ovn: Replaces PortGroupMemberAdd and PortGroupMemberDelete with PortGroupMemberChange
- lxd/network/openvswitch/ovn: Adds PortGroupListByProject function
- lxd/network/openvswitch/ovn: Use constants for OVN external IDs
- lxd/network/acl/acl/ovn: Adds ovnACLPortGroupPrefix constant
- lxd/network/acl/acl/ovn: Adds helper functions for entity name generation
- lxd/network/acl/acl/ovn: Updates ovnAddReferencedACLs to ignore ruleSubjectInternal and ruleSubjectExternal values
- lxd/network/acl/acl/ovn: Updates ovnApplyToPortGroup and associated functions to support network specific port group ACL rules
- lxd/network/acl/acl/ovn: Removes trailing space in generated rule in OVNApplyNetworkBaselineRules
- lxd/network/acl/acl/ovn: Comment improvements
- lxd/network/acl/acl/ovn: Updates OVNEnsureACLs to support applying network specific port group rules
- lxd/network/acl/acl/ovn: Adds OVNPortGroupInstanceNICSchedule helper function
- lxd/network/acl/acl/ovn: Updates OVNPortGroupDeleteIfUnused to delete unused per-ACL-per-network port groups
- lxd/network/acl/driver/common: Updates to use NetworkUsage and pass list of networks using ACL to OVNEnsureACLs
- lxd/network/driver/ovn: Updates OVN driver to use helper functions from ACL package rather than duplicate logic
- lxd/network/driver/ovn: Create internal port group for instance NICs on setup
- lxd/network/driver/ovn: acl.OVNEnsureACLs and client.PortGroupMemberChange usage
- lxd/network/driver/ovn: client.PortGroupAdd usage in setup
- lxd/network/acl/driver/common: Adds support for default.logged and default.action ACL config properties
- doc/network/acls: Documents default.logged and default.action ACL config properties
- lxd/network/acl/acl/ovn: Adds support for default.logged and default.action
- lxd/network/acl/driver/common: Adds reject support
- lxd/network/acl/acl/ovn: Allow IPv4 IGMP and IPv6 MLD reports in network baseline rules
- lxd/network/acl/acl/ovn: Add network baseline rules to allow reject packets from ACL reject rules
- lxc/remote: Update working to line up with project
- i18n: Update translation template
- lxd/profiles: Add to swagger
- shared/api: Label Profiles structs
- lxd/projects: Add to swagger
- shared/api: Label Projects structs
- lxd/events: Add to swagger
- shared/api: Label Events structs
- lxd/networks: Add to swagger
- shared/api: Label Networks structs
- shared/api: Hide API extensions from swagger
- doc/rest-api: Refresh swagger YAML
- lxd/device/gpu: Optimize setupSriovParent
- lxd/device: Save parent PCI address for GPU SR-IOV
- lxd/network/network/utils/sriov: Refactors SRIOVFindFreeVirtualFunction and sriovGetFreeVFInterface
- lxd/network/network/utils/sriov: Modifies sriovGetFreeVFInterface to check a VF is down and has no IPs before considering it available
- shared/validate/validate: Adds IsInterfaceName function
- lxd/network/network/utils: Removes validInterfaceName function
- lxd/network/driver: validate.IsInterfaceName usage
- lxd/device/nic: Validate that NIC name property is valid interface name
- lxd/device/nic: Adds nicCheckNamesUnique function
- lxd/device/nic: Updates nicValidationRules to accept a instance.ConfigReader argument and use nicCheckNamesUnique
- lxd/device: nicValidationRules usage
- lxd/device: Return -1 if all VFs are in use
- lxd/device: Support multiple GPUs for SR-IOV
- shared/api/cluster: Architecture is a read-only field
- lxd/network_acls: Add to swagger
- shared/api: Label Network ACLs structs
- lxd/cluster: Add to swagger
- shared/api: Label Cluster structs
- doc/rest-api: Refresh swagger YAML
- lxd/network/network/utils/sriov: Don't fail when missing vfListPath in sriovGetFreeVFInterface
- shared/util: Add GetStableRandomInt64FromList
- lxd/db/images: Add AutoUpdate filter
- lxd/vsock: Better handle errors
- lxd/db/images: Add helper functions
- docs: typo on JSON schema
- lxd/vsock: Retry timeouts once
- lxd/db: Set nodes.id to auto-increment
- lxd/images: Fix auto image updates
- lxd: Add internal endpoints for updates
- test/suites: Test image refresh in cluster
- i18n: Update translations from weblate
- lxd/images: Properly spread replicated images
- lxd/project: Add CheckClusterTargetRestriocion
- lxd/projects: Add restricted.cluster.target
- lxd: Support for restricted.cluster.target
- api: projects_restricted_cluster_target
- doc/projects: Add restricted.cluster.target
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.11 リリースのお知らせ¶
5th of February 2021
はじめに ¶
LXD チームは LXD 4.11 のリリースをお知らせできることにとてもワクワクしています!
このリリースはかなり機能的なリリースで、たくさんの新しい API 機能や、ネットワーク設定、仮想マシンで使用するための新しいデバイスが追加されました。
Enjoy!
新機能とハイライト ¶
インスタンスの状態を一括で変更する API ¶
新しい API が PUT /1.0/instances として追加されました。これによりターゲットのプロジェクト内のすべてのインスタンスの状態を更新できます。
簡単に、次のように行うと:
{"state": {
{"action": "restart"}
}
LXD は並列でプロジェクト内のすべてのインスタンスを再起動します。
これは、--all フラグを指定すると、コマンドラインユーティリティ自身に一括操作を行わせるのではなく、lxc start/stop/restart/pause コマンドで自動的に使われるようになりました。
ダイナミックな vlan 設定のための GVRP サポート ¶
physical、macvlan、ipvlan、routed ネットワークに、新たに gvrp プロパティを追加しました。有効にすると、親ポートの VLAN 設定を広報するように Linux に指示し、適切に設定されたスイッチがそれに応じて VLAN テーブルとポートのメンバーシップを更新できるようにします。
サーバーサイドのインスタンスストレージプールマイグレーション ¶
新たに pool フィールドを POST /1.0/instances/NAME のマイグレーション API に追加しました。
これでストレージプール間で完全にサーバーサイドでインスタンスの移行を行うことができます。
これまでは同じことを行うには、クライアントから一時的なコピー+削除操作が必要でした。
これは、最新の LXD サーバーで新しい API を自動的に使う lxc move NAME --storage TARGET とも統合されました。
ボリューム利用 API ¶
新たな API として GET /1.0/storage-pools/POOL/volumes/TYPE/VOLUME/state を追加しました。これはボリュームのディスク使用状況を取得します。
LXD はこれまでもずっとこの情報を持っていました。しかし、これまではインスタンスにボリュームがアタッチされているときのみ、インスタンスの状態を取得することで、この情報にアクセスできました。
新たな lxc storage volume info コマンドを、この API に問い合わせを行うために追加しました。
さらに、lxc storage volume list が拡張されました。カスタマイズできるカラムがサポートされ、ボリュームサイズを表示するための新たなオプションカラムが追加されました(一部のストレージドライバーでは、API 呼び出しのコストが高くなる可能性があるためです)。
この結果、このような表示になります:
stgraber@castiana:~$ lxc storage volume list default -ctncuU +-----------------+------------------------------------------------------------------+--------------+---------+----------+ | TYPE | NAME | CONTENT-TYPE | USED BY | USAGE | +-----------------+------------------------------------------------------------------+--------------+---------+----------+ | container | lxd-build | filesystem | 1 | 2.67GB | +-----------------+------------------------------------------------------------------+--------------+---------+----------+ | container | lxd-build-focal | filesystem | 1 | 1.32GB | +-----------------+------------------------------------------------------------------+--------------+---------+----------+ | container | metrics | filesystem | 1 | 709.67MB | +-----------------+------------------------------------------------------------------+--------------+---------+----------+ | container | snapcraft-lxd | filesystem | 1 | 6.61GB | +-----------------+------------------------------------------------------------------+--------------+---------+----------+ | container | snapcraft-lxd-bgp | filesystem | 1 | 1.49GB | +-----------------+------------------------------------------------------------------+--------------+---------+----------+ | container | steam | filesystem | 1 | 11.13GB | +-----------------+------------------------------------------------------------------+--------------+---------+----------+ | custom | backups | filesystem | 1 | 98.30kB | +-----------------+------------------------------------------------------------------+--------------+---------+----------+ | custom | images | filesystem | 1 | 5.83GB | +-----------------+------------------------------------------------------------------+--------------+---------+----------+ | image | b31b2d483586fd143e4081b292179330235d081e923db39f7f864db2e1f4045d | block | 1 | | +-----------------+------------------------------------------------------------------+--------------+---------+----------+ | image | bb0c2a5d24b424943154f0a16d909a84a394378c567f950159b2d58f06960cbe | block | 1 | | +-----------------+------------------------------------------------------------------+--------------+---------+----------+ | virtual-machine | cgroup2 | block | 1 | 2.96GB | +-----------------+------------------------------------------------------------------+--------------+---------+----------+ | virtual-machine | ubuntu-desktop | block | 1 | 2.40GB | +-----------------+------------------------------------------------------------------+--------------+---------+----------+ | virtual-machine | win10 | block | 1 | 9.14GB | +-----------------+------------------------------------------------------------------+--------------+---------+----------+
SR-IOV GPU のサポート(VM のみ) ¶
新たに sriov の gputype がサポートされました。
これは SR-IOV をサポートするいくつかのレアな GPU でのみ動きます。しかし、幸運にも適切なホストドライバーを持つ GPU を持っている場合は、次のように実行できます:
lxc config device add NAME my-gpu gpu gputype=sriov pci=ADDR
親 GPU のアドレスを使うと、LXD は自動的に未使用な VF を見つけ、GPU としてそれを VM に与えます。
PCI デバイスタイプ(VM のみ)¶
LXD に新しい pci デバイスタイプが追加されました。仮想マシンに任意の PCI デバイスを渡すことができるようになりました。
このようなデバイスを扱う場合は nic または gpu の SR-IOV を使う方が望ましいです。しかし、この機能により使いたい PCI ストレージデバイス、FPGA、その他の任意の PCI デバイスを渡すことができるようになりました。
ISO イメージを CD-ROM として公開(VM のみ) ¶
LXD の仮想マシン内に Windows をインストールする際の問題をいくつか回避するため、ISO イメージを検出し、自動的に仮想マシンに CD-ROM としてアタッチするロジックを追加しました。
これはインストールソースとターゲットが何であるのかという混乱を回避します。そして、最近 distrobuilder で Windows ISO イメージの再パッキングがサポートされましたので、それと組み合わせたときに LXD 仮想マシン内に Windows をインストールすることを格段に簡単にします。
lxc manpage コマンドの拡張 ¶
lxc manpage コマンドが --format オプションをサポートしました。これによりヘルプページを次のフォーマットでエクスポートできるようになりました:
- man(デフォルト、これまでの動き)
- md (markdown)
- rest (REStructured Text)
- yaml
私たちは、ヘルプページをウェブサイトで利用できるようにするために Markdown 出力を使う予定です。
すべての変更点(翻訳なし) ¶
このリリースでの完全な変更点のリストは次のとおりです:
- client: Fix output of GetClusterMemberNames
- openvswitch/ovs.go: Simplify return in Installed method
- rbac/server.go: Sleep for seconds instead of nanoseconds
- lxd/instance/drivers/driver/qemu: Updates SaveConfigFile to return nil
- lxd/api/internal: Updates internalImportFromRecovery to call inst.SaveConfigFile
- test/suites/backup: Adds test to check exec works after recovery of running container
- cluster/raft/file_snapshot.go: defer after checking error
- lxd/storage/drivers/driver/cephfs/volumes: Updates RenameVolume newName arg to newVolName to bring inline with other drivers
- lxd/storage/drivers/driver/ceph/volumes: Fix UnmountVolume to actually deactivate VM block volumes
- lxd/storage/drivers/driver/ceph/volumes: Fix RenameVolume to also rename FS volume for VM volumes
- test/suites/container/devices/nic/bridged: Adds port isolation feature test
- lxc/network: Adds support for attaching instance to a managed network using
networkproperty - test/suites/container/devices/proxy: Ensure ipv6 nat tests use a network with stateful DHCPv6 enabled
- test/suites/network: Updates static IPv6 allocation test to actually test stateful DHCPv6
- test/suites/container/devices/nic/bridged: Improve validation of DHCPv6 allocation
- lxc/query: Prevent using --project
- i18n: Update translation templates
- lxd/utils: Compare all addresses from lookup in IsAddressCovered, lxc#8340
- lxd/resources: Support DMI for CPU information
- lxd/device/nic/routed: Ensure IP neighbour proxy entries are removed on stop
- lxd/device/nic/routed: Adds duplicate address detection
- lxd/device/disk: Validate size field properly
- lxd/device/nic/bridged: Only attempt to release DHCP leases if bridge interface exists
- lxd/device/nic/bridged: Improve error context prefix in networkClearLease
- lxd/device/nic/bridged: Use %q for error quoting in networkClearLease
- lxd/device/nic/bridged: Improve error context prefix in State
- lxd/instance: Fix progress on ceph instance move
- lxd/storage/backend/lxd: Use volume config in UpdateInstanceBackupFile so that volume.block.filesystem setting is used
- lxd/storage/drivers/utils: Adds filesystem being used to TryMount error
- lxd: Smarter handling of volatile keys in projects
- lxd/project: Strip volatile on copy/migrate
- tests: Update project restrictions test
- lxd/instance/drivers/driver/lxc: Copy parent volume config to snapshot volume config in lxcCreate
- lxd/instance/drivers/driver/qemu: Copy parent volume config to snapshot volume config in qemuCreate
- lxd/instance/drivers/driver/lxc: Umount instance after CRIU state path check in Restore
- lxd/instance/drivers/driver/lxc: Avoid duplicated call to UpdateBackupFile in Restore
- lxd/instance/drivers/driver/lxc: Log instance restarting after snapshot restore
- lxd/instance/drivers/driver/lxc: Always run UpdateBackupFile in Update
- lxd/instance/drivers/driver/qemu: Removes unnecessary call to UnmountInstance in Restore
- lxd/instance/drivers/driver/qemu: Remove unnecessary call to UpdateBackupFile
- lxd/instance/drivers/driver/qemu: Log instance restarting after snapshot restore
- doc/rest-api: Fix typo
- doc/rest-api: Fix missing escaping
- lxd/instance: Tweak error and resource links
- api: Adds support for bulk instance state change.
- shared/api: Adds support for bulk instance state change.
- doc: Adds doc for bulk instance state change endpoint.
- lxd: Adds support for bulk instance state change.
- client: Adds support for bulk instance state change.
- lxc: Adds support for bulk instance state change.
- lxd: Process bulk action in parallel
- test/suites/snapshots: Adds snapshot block.filesystem config check for LVM & Ceph
- lxd/instances: Reduce code duplication
- shared/api: Change mass update API
- lxc/action: Update to new InstancesPut
- lxd/instances: Update to new bulk API
- doc/rest-api: Update for new bulk API
- client: Re-order functions
- lxd: Rename container functions
- lxd/instance_state: Simplify
- lxd/instance: Refactor state handling
- lxd/instances_state: Simplify logic
- lxd/instance/drivers: Move ephemeral restart logic
- lxd/vm: Expose ISO images as SCSI cdroms
- lxd/storage: Cleanup CreateInstanceFromCopy
- lxd/storage/utils: Updates VolumeDBCreate to accept volume and content type typed arguments
- lxd/storage/backend/lxd: Error quoting and wrapping
- lxd/storage/backend/lxd: Expand argument type in updateVolumeDescriptionOnly
- lxd/storage/backend/lxd: VolumeDBCreate updated usage
- api: Adds network_gvrp extension
- doc: Adds gvrp option for selected networks and instance NICs
- lxd/network/network/utils: Adds GVRP support to VLANInterfaceCreate
- lxd/network: Adds GVRP support to macvlan and physical networks
- lxd/device/device/utils/network: Adds GVRP support to networkCreateVlanDeviceIfNeeded
- lxd/device/nic: Adds GVRP support to ipvlan, macvlan, physical and routed NICs
- lxd/network: Add check for overlapping ovn.ranges and dhcp.ranges
- lxd/db/instances: Improve error message from CreateInstanceConfig
- lxd/instance/drivers/driver/common: Adds insertConfigkey function
- lxd/instance/drivers/driver/lxc: Updates FillNetworkDevice to use d.insertConfigkey
- lxd/instance/drivers/driver/qemu: Updates FillNetworkDevice to use d.insertConfigkey
- lxc/instance/drivers/driver/common: Removes empty value check from insertConfigkey
- lxd/instance/drivers: Detect failed volatile key generation
- lxd/instance/drivers/driver/lxc: Fix volatile config key scoping issue in FillNetworkDevice
- lxd/network/driver/bridge: Only validate non-overlapping DHCPv6 ranges with OVN ranges when stateful DHPCv6 being used
- lxd/instance/drivers/driver/common: Prevent existing row check from wiping out desired key value in insertConfigkey
- lxd/instance/drivers: More checks and error contexts in FillNetworkDevice
- lxd/instance/drivers/driver/qemu: Error alignment with container driver in Rename
- lxd/storage/utils: Improves error in VolumeDBCreate
- lxd/db/storage/volumes: Populates ProjectName field in GetLocalStoragePoolVolumeSnapshotsWithType
- lxd/instance/drivers/driver/lxc: Error context in Rename
- lxd/instances/post: Unwraps long error and using double quotes placeholder
- lxd/instance/instance/interface: Adds TemplateTrigger type and constants for template trigger types
- lxd/instance: Adds instanceCreateAsCopyOpts argument for instanceCreateAsCopy options
- lxd/instances/post: instanceCreateAsCopy updated usage
- lxd/instance/instance/interface: Updates DeferTemplateApply to accept TemplateTrigger type argument
- lxd/instance/drivers/driver/common: Updates DeferTemplateApply to accept a TemplateTrigger type argument
- lxd/storage/backend: inst.DeferTemplateApply usage
- lxd/instances/post: inst.DeferTemplateApply usage
- lxd/instance/drivers/driver/lxc: Updates templateApplyNow to accept a TemplateTrigger argument
- lxd/instance/drivers/driver/lxc: d.templateApplyNow usage
- lxd/instance/drivers/driver/qemu: Updates templateApplyNow to accept a TriggerTemplate type argument
- lxd/instance/drivers/driver/qemu: d.templateApplyNow usage
- lxd/instance/instance/interface: Adds applyTemplateTrigger argument to Rename
- lxd/instance/drivers/driver/lxc: Adds applyTemplateTrigger argument to Rename
- lxd/instance/drivers/driver/qemu: Adds applyTemplateTrigger argument to Rename
- lxd/instance/post: inst.Rename usage
- lxd/instance/snapshot: sc.Rename usage
- lxd/storage/backend/lxd: Removes call to deferred template apply in RenameInstance
- lxd/instance/test: c.Rename usage
- shared/api: Add Pool field to InstancePost
- api: instance_pool_move extension
- lxc/move: Support server-side pool migration
- client: Add extension check for pool migration
- lxd/instance: Implement pool migration API with instancePostPoolMigration
- test: Add tests for volatile.apply_template config during create, copy and move
- test: Adds check for volatile.apply_template state after rename
- i18n: Update translation templates
- test: Add test for moving instance between pools without renaming
- lxd/images: Skip keys with empty values
- lxd/instances_put: Limit to local server
- lxd/device: Fix instance type validations
- shared/instance: Adds ErrNoRootDisk error var and returns it from GetRootDiskDevice
- lxd/instance: Enforces that target instance should have valid root disk config after DB create in instanceCreateAsCopy
- lxd/instance: Don't assume root disk is called "root" when copying snapshots from a source instance
- lxd/db/query/retry: Adds detection of checkpoint in progress to IsRetriableError
- lxd/instances_put: Properly handle clusters
- lxd/instance/drivers/driver_qemu: attempt to kill qemu proc on stop
- lxd/instance/driver_qemu: Add check for qemu cmdline args to pid()
- forkproxy: prevent zombies
- lxd: Change some references of container to instance in comments
- lxd/instance/post: Change error message to instance from container in instancePost
- lxd/main/forkdns: Returns empty AAAA record response when equivalent A record exists
- lxd/main/forkdns: Fixes typo in comment
- test: Adds test for empty AAAA response when equivalent A record exist in clustering forkdns
- lxd/device/pci: Consider DeviceUnbind successful on missing driver
- shared/validate: Validate PCI addresses
- lxd/device/gpu: Validate PCI addresses
- lxd/device: Add function to validate PCI path
- lxd/device: Add support for GPU SR-IOV
- api: gpu_sriov extension
- doc: Add SR-IOV GPU
- lxd/device/gpu_mdev: Valdiate PCI address and path
- lxd/device/gpu_physical: Validate PCI address and path
- lxd/instance/qemu: Cleanup VGA ROM check
- lxd/network/driver/bridge: Update DHCPv4Subnet to return fan bridge address subnet when in fan mode
- lxd/device/nic/bridge: Updates validateConfig to use parent networks DHCP subnet functions when validating address
- shared/termios: Fix static builds
- shared/idmap: Fix shared/ build on non-cgo
- shared/instancewriter/: Fix shared/ build on non-cgo
- shared/eagain: Restrict to Linux
- shared/subprocess: Restrict to unix
- lxd/db/generate: Move DB generator
- github: Replace Travis and Appveyor with Actions
- lxc/manpage: Add markdown, reST and YAML output
- i18n: Update translation templates
- lxd/device/gpu: Skip nvidia directories
- api: pci_device_type extension
- doc/instance: Add pci device type
- lxd/device: Free up the pci name
- lxd/device: Support for both pci= and address= in checker
- lxd/device/config: Add PCIDevice
- lxd/device/pci: Add NormaliseAddress
- lxd/device: Have validatePCIDevice take an address
- lxd/device: Add PCI device type
- lxd/instance/qemu: Rename qemuNetDevPhysical to qemuPCIPhysical
- lxd/instance/qemu: Add PCI device support
- cgroup: fix cgroup2 device driver settings
- doc/instances: Tweaks to make device type linking work
- doc/storage: Add mention of zfs.remove_snapshots
- simplestreams: Review and sanitize urls join
- lxd/storage/volume: Snapshot PUT is supposed to be blocking
- lxd/storage: Fix snapshot edit routes
- lxc/storage_volume: Use correct API for snapshots
- lxd/storage: Cleanup volume API endpoints
- lxd/instance/metadata: Fix API to line up with files
- client: Drop UpdateInstanceTemplateFile
- client: Drop UpdateInstanceTemplateFile
- client: Fix legacy UpdateContainerTemplateFile
- client: Rename SetInstanceMetadata to UpdateInstanceMetadata
- lxc/config: Switch to UpdateInstanceMetadata
- lxc/config: Always use CreateInstanceTemplateFile
- lxd/instance/metadata: Modernize instanceMetadataPut
- lxd/instance/metadata: Implement PATCH
- lxd/instance/snapshots: Implement PATCH
- lxd/storage: Tweak volume snapshot etag
- lxd/storage/volume/snapshot: Implement PATCH
- api: storage_volume_state extension
- shared/api: Add StorageVolumeState
- client: Add GetStoragePoolVolumeState
- lxd/storage: Add storagePoolVolumeTypeStateGet
- doc/rest-api: Add storage volume state API
- lxc/storage_volume: Add support for column argument
- lxc/storage_volume: Add usage column
- lxc/storage_volume: Add info subcommand
- i18n: Update translation templates
- lxd/instance/qemu: Don't use the RAM backend
- lxd/db/images: Include remote storage pools in GetPoolsWithImage
- lxd/db: Export function IsRemoteStorage
- lxd/resources: More flexible PCI handling
- lxd/resources: Make usb address handling match PCI
- lxd/resources: Use %q when possible
- lxd/images: Remove images backed by remote storage
- i18n: Update translations from weblate
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.10 リリースのお知らせ¶
8th of January 2021
はじめに ¶
LXD チームは LXD 4.10 のリリースをお知らせできることにとてもワクワクしています!
このリリースは軽めのリリースです。それは、LXD チームは 12 月 18 日から 1 月 4 日までお休みをいただいていたためです。しかし、多くのバグフィックスといくつか新しい改良が行われました。
Enjoy!
新機能とハイライト ¶
ネットワークの状態表示内の VLAN 情報 ¶
ボンディングやブリッジの情報のように、新たに VLAN 構造をネットワーク状態のエンドポイントに追加しました。これは下位デバイスとインターフェースの VLAN ID を表示します。
root@abydos:~# lxc query /1.0/networks/bond-sw01.100/state
{
"addresses": [],
"bond": null,
"bridge": null,
"counters": {
"bytes_received": 213651991756,
"bytes_sent": 42453202,
"packets_received": 97607519,
"packets_sent": 431818
},
"hwaddr": "0a:0f:7c:6e:db:d9",
"mtu": 1500,
"state": "up",
"type": "broadcast",
"vlan": {
"lower_device": "bond-sw01",
"vid": 100
}
}
VM のプロキシーデバイスのサポート(NAT のみ) ¶
仮想マシンで proxy デバイスが使えるようになりました。
これは NAT モード(nat=true)でのみ機能するので、両サイドで同じプロトコルを使う必要があります。
ブリッジポートの隔離 ¶
ブリッジネットワークインターフェースに新たに security.port_isolation を追加しました。これによりインターフェース間の通信を制限できるようになりました。
イメージプロパティに関する新しいサブコマンド ¶
イメージプロパティへのアクセス、設定、解除のために、新たに lxc image コマンドに 3 つの新しいサブコマンドを追加しました。
- lxc image get-property
- lxc image set-property
- lxc image unset-property
例 :
stgraber@castiana:~$ lxc image get-property 305db7054652 os Ubuntu stgraber@castiana:~$ lxc image set-property 305db7054652 foo bar stgraber@castiana:~$ lxc image get-property 305db7054652 foo bar stgraber@castiana:~$ lxc image unset-property 305db7054652 foo stgraber@castiana:~$
VM 内のマルチキューネットワーキング ¶
仮想マシン上のネットワークインターフェースは、仮想マシンに割り当てられた仮想 CPU の数と一致するように RX キューおよび TX キューの数を自動的に設定するようになりました。
これにより、高速ネットワークを扱う場合には特にネットワークパフォーマンスが大幅に向上するはずです。
すべての変更点(翻訳なし) ¶
このリリースでの完全な変更点のリストは次のとおりです:
- lxd/network/network/interface: Adds Project function
- lxd/network/driver/common: Adds Project function
- lxd/network/driver/common: Remove cluster notification and DB record removal from delete() function
- lxd/network/driver: Always delete when requested, ignore LocalStatus() pending
- lxc/networks: Remove revert removal on failure of clustered network in networksPost
- lxd/networks: Allow re-create of pending network when pending nodes already exist in networksPost
- lxd/networks: Adds revert to doNetworksCreate
- lxd/networks: Moves cluster notification an DB record removal into networkDelete
- shared/api: Fix typo
- shared/api: Add NetworkStateVLAN
- lxd/resources: Add VLAN struct
- api: Add network_state_vlan
- lxd/instance/qmp: Update for go-qmp change
- lxd/backup: Fix URL in lifecycle events
- Add DeepSource config
- Use result of type assertion to simplify cases
- Replace .Sub(time.Now()) with time.Until() handler
- Remove unnecessary fmt.Sprintf() on string
- Omit comparison with boolean constant
- lxd/db/networks: Adds duplicate key detection to getNetworkConfig
- lxd/db/networks: Adds NetworkErrored function
- lxd/db/networks: Changes UpdateNetwork to not set created status
- lxd/network/driver/ovn: Reject instance port start if cannot find DHCP options
- lxd/networks: Updates doNetworksCreate to accept a Network rather than load its own
- lxd/networks: Debug log consistency in doNetworksCreate
- lxd/networks: doNetworksCreate usage
- lxd/networks: When auto creating pending nodes, don't pass global config into DB function in networksPost
- lxd/networks: Adds networkPartiallyCreated helper function
- lxd/networks: Updates networksPostCluster to detect existing global config and skip create if already exists
- lxd/api/cluster: Skip non-created networks when joining
- lxd/device/nic: Don't allow NICs to use networks that are not created
- lxd/db/networks: Renames ClusterTx GetNonPendingNetworks to GetCreatedNetworks
- lxd/db/networks: Renames Cluster GetNonPendingNetworks to GetCreatedNetworks
- lxd/api/cluster: cluster.GetCreatedNetworks usage
- lxd/network: tx.GetCreatedNetworks usage
- lxd/networks: s.Cluster.GetCreatedNetworks usage
- lxd/patches: tx.GetCreatedNetworks usage
- test/suites/clustering: More network clustering tests
- lxd/db/networks: Tighten restrictions in CreatePendingNetwork to only allow pending nodes to be added while network is pending
- lxd/networks: Allow single node cluster network create using --target
- lxd/db/cluster/update: Adds patch updateFromV41 function
- lxd/storage/pools/utils: Debug log consistency in storagePoolCreateLocal
- lxd/db/storage/pools: Adds duplicate key detection to getStoragePoolConfig
- lxd/storage/pools: storagePoolsPost comments line width
- lxd/db/storage/pools: Adds StoragePoolErrored function
- lxd/db/storage/pools: Renames GetNonPendingStoragePoolNames to GetCreatedStoragePoolNames
- lxd/api/cluster: cluster.GetCreatedStoragePoolNames usage
- lxd/storage/pools/utils: Renames id arg to poolID in storagePoolCreateLocal
- lxd/storage: s.Cluster.GetCreatedStoragePoolNames usage
- lxd/storage/pools: Restructures storagePoolsPost to align with networksPost
- lxd/storage/pools: Updates storagePoolsPostCluster to reject global config on re-create attempts
- lxd/storage/pools: Adds storagePoolPartiallyCreated function
- test/suites/clustering: Updates storage pool status tests
- lxd/db/storage/pools: Improve errors in CreatePendingStoragePool
- test/suites/clustering: Adds additional storage pool state tests
- lxd/db/cluster/update: Adds patch updateFromV42 function
- lxd/device: Add support for bridge port isolation
- api: Add instance_nic_port_isolation extension
- lxd/instance/drivers/qmp/monitor: Handle closed event channel from qmp package in run
- lxd/instance/drivers/driver/qemu: Logs when instance is stopped in getMonitorEventHandler
- lxd/instance/operationlock: Fixes deadlock caused by call to Reset in Create
- lxd/instance/operationlock: Store operation in instanceOperations before calling go routine
- lxd/instance/operationlock: Exit go routine started in Create when the operation is done
- lxd/network/driver/ovn: Detect IPv6 DHCP options correctly
- lxd/device: allow adding proxy device to VM instances
- lxd/instance/drivers: run device post-start hooks in QEMU driver
- doc: update
proxydoc to reflect VM support - lxd/device/nic/routed: Switches to network.InterfaceExists for clarity
- lxd/device/nic/routed: Remove host side veth interface if exists in postStop
- lxd/network/driver/ovn: Adds support for physical uplink interface to be a bridge
- lxd/db/networks: Corrects comment on GetCreatedNetworks
- lxd/network/driver/physical: Clarify error when changing parent interface when in use
- lxd/network/driver/bridge: Don't apply updates to node when network is pending
- lxd/network/driver: Don't apply changes to node if network is pending
- lxd/storage/backend/lxd: Only apply local node changes if both pool and node status are not pending
- lxc/image: Add support for directly getting, setting and unsetting image properties
- i18n: Update translation templates
- lxd/db/cluster/update: Modifies updateFromV43 and updateFromV42 to use IFNULL(node_id, -1) to avoid nodes with 0 ID
- lxd/db/cluster: Adds updateFromV43 patch that adds unique index to storage_pools_config and networks_config table
- doc: features.networks is not enabled by default for projects
- shared/util: Adds StringHasPrefix function
- lxd/device/disk: Adds sourceIsLocalPath function
- lxd/device/disk: Use shared.StringHasPrefix when validating ceph/cephfs prefixes
- lxd/device/disk: Use d.sourceIsLocalPath when validating source host path exists
- lxd/instance/qemu: Enable multiqueue on tap NICs
- lxd/instance/qemu: Use a minimum of 2 network queues
- lxd/storage/drivers/driver/zfs/volumes: Error quoting in RestoreVolume
- lxd/storage/backend/lxd: Don't fail in DeleteInstanceSnapshot if volume DB record already deleted
- lxd/storage/backend/lxd: Fix deleting subsequent snapshots for ZFS in RestoreInstanceSnapshot
- lxd/instances/post: Use source.Project when loading instance to get instance type in containersPost
- lxd/instances/post: Rename project to targetProject to differentiate between source.Project in containersPost
- lxd/instances/post: Error quoting in containersPost
- lxd/instances/post: Add comment about default instance type for migration in containersPost
- lxd/instances/project: Import project package normally and rename project var to projectName
- lxd/instances/post: Populate req.Source.Project with project.Default if not specified in containersPost
- test/suites/projects: Adds tests for copying snapshot to another project
- doc/image-handling: Fix typo
- shared/proxy: Support CIDR ranges in
no_proxy - simplestreams: Drop duplicated slash
- lxd/instance/drivers/qmp: Fix race in Disconnect
- test/suites/static/analysis: Fixes ineffassign usage due to upstream changes
- lxd/instance: Copy snapshot expiry in instanceCreateAsCopy
- lxd/migration: Rebuilds protobuf using protoc v3.14 and latest google.golang.org/protobuf/cmd/protoc-gen-go
- lxd/migration: Adds expiry_date field to snapshots protobuf
- lxd/migrate/instance: Populate expiry date in snapshotToProtobuf
- lxd/migrate/storage/volumes: Populate zero expiry date in volumeSnapshotToProtobuf
- lxd/storage/migration: Populate expiry date in snapshotProtobufToInstanceArgs
- lxd/migration/migration/volumes: Updates TypesToHeader and MatchTypes to use a pointer to MigrationHeader
- lxd/migrate/instance: Avoid copying migration.MigrationHeader due to new internal state lock added by protobuf
- lxd/migrate/storage/volumes: Avoid copying migration.MigrationHeader due to new internal state lock added by protobuf
- lxd/migrate/instance: Fix snapshotToProtobuf to not use loop pointer for device name
- lxd/storage/migration: Conistently use accessor functions in snapshotProtobufToInstanceArgs
- test/suites/snapshots: Adds test for local copy of snapshot expiry date
- test/suites/migration: Adds test for copying snapshot expiry date during migration
- test/suites/migration: Adds test to ensure snapshot devices are copied during migration
- lxd/storage/quota/projectquota: Consistent comment endings and error quoting
- lxd/storage/drivers/driver/dir/utils: Updates setQuota to remove old quota if volID has changed
- lxd/storage/drivers/driver/dir/utils: Modifies setupInitialQuota to not use initQuota
- lxd/api/internal: Updates internalImportFromRecovery to reinitialise root disk quota
- lxd/network/openvswitch/ovn: Adds mayExist argument to LogicalRouterAdd
- lxd/network/openvswitch/ovn: Adds mayExist argument to LogicalRouterSNATAdd
- lxd/network/openvswitch/ovn: Simplifies LogicalRouterRouteAdd
- lxd/network/openvswitch/ovn: Adds mayExist argument to LogicalRouterPortAdd
- lxd/network/openvswitch/ovn: Adds LogicalRouterSNATDeleteAll function
- lxd/network/openvswitch/ovn: Clear unused keys in LogicalSwitchSetIPAllocation
- lxd/network/openvswitch/ovn: Adds support for clearing unused settings in LogicalRouterPortSetIPv6Advertisements
- lxd/network/openvswitch/ovn: Adds LogicalRouterPortDeleteIPv6Advertisements function
- lxd/network/driver/ovn: Enforce that ipv6.address if specified is at least a /64 subnet
- lxd/network/driver/ovn: Pass update flag to mayExist where possible
- lxd/network/driver/ovn: Delete SNAT rules from route before adding new ones
- lxd/network/driver/ovn: Improve SNAT failure errors
- lxd/network/driver/ovn: Pass update to mayExists when setting up default routes
- lxd/network/driver/ovn: Create internal router port before DHCP option setup
- lxd/network/driver/ovn: Modifies IPv6 RA settings and removes them entirely when IPv6 disabled
- lxd/network/driver/ovn: Don't return DHCPv6 subnet if IPv6 prefix smaller than /64
- lxd: Rename Operation types
- lxd/db: Rename operation type descriptions
- lxd/network/network/interface: Adds handleDependencyChange function
- lxd/network/driver/common: Adds notifyDependentNetworks function and no-op placeholder handleDependencyChange function
- lxd/network/driver/ovn: Adds handleDependencyChange function
- lxd/network/driver/physical: Calls notifyDependentNetworks when config is updated
- lxd/network/openvswitch/ovn: Adds LogicalRouterDNATSNATDeleteAll function
- lxd/network/openvswitch/ovn: Clarifies DNAT_AND_SNAT related function comments
- lxd/network/openvswitch/ovn: Adds LogicalSwitchPortExists function
- lxd/network/driver/ovn: Moves instance NIC port config parsing into InstanceDevicePortConfigParse function
- lxd/network/driver/ovn: Updates InstanceDevicePortAdd to accept an uplinkConfig argument
- lxd/network/driver/ovn: Clarifies argument names in the context of an OVN dependent network in handleDependencyChange
- lxd/network/driver/ovn: Updates handleDependencyChange to handle changes to uplink network's ovn.ingress_mode setting
- lxd/device/nic/ovn: Updates NIC to use d.network.InstanceDevicePortConfigParse and updated d.network.InstanceDevicePortAdd
- lxd/resources: Always initialize lists
- lxd/storage/utils: Improves error message in VolumeUsedByExclusiveRemoteInstancesWithProfiles
- lxd/db/instances: Updates InstanceList to accept filter to pass to GetInstances()
- lxd/db/instances: Clarifies comment and arg name on GetLocalInstancesInProject
- lxd/db/instances/test: cluster.InstanceList usage
- lxd/storage/utils: s.Cluster.InstanceList usage
- lxd/network/driver/ovn: n.state.Cluster.InstanceList usage
- lxd/patches: InstanceList usage
- lxd/network/network/utils/sriov: Adds SR-IOV allocation functions
- lxd/network/network/utils/sriov: Updates SRIOVGetHostDevicesInUse to use InstanceList()
- lxd/network/network/utils/sriov: Adds network usage support to SRIOVGetHostDevicesInUse
- lxd/network/network/utils/sriov: SRIOVGetHostDevicesInUse usage
- lxd/network/network/utils/sriov: Updates SRIOVFindFreeVirtualFunction args to not need Device
- lxd/network/network/utils/sriov: Adds SRIOVGetVFDevicePCISlot function
- lxd/network/network/utils: Adds InterfaceBindWait function
- lxd/device/pci: Adds PCI device management package
- lxd/device/infiniband/sriov: SRIOV network function usage
- lxd/device/nic/physical: Use pci package
- lxd/device/gpu: Use pci package
- lxd/device/nic/sriov: network.InterfaceBindWait
- lxd/device/nic/sriov: Use pci package
- lxd/device/nic/sriov: SRIOV network function usage
- lxd/device/nic/sriov: Comment clarity in setupSriovParent
- lxd/device/nic/sriov: Removes networkGetVFDevicePCISlot function
- lxd/device/device/utils/generic: Removes pci functions
- lxd/device/device/utils/network: Removes networkInterfaceBindWait function
- lxd/device/device/utils/instance: Removes instanceGetReservedDevices function
- lxd/network/driver/bridge: Comment improvements
- lxd/network/driver/ovn: Updates addChassisGroupEntry to generate chassis priority using stable random value
- i18n: Update translations from weblate
- lxd/init: Clarify https listener question
- doc: Fixes typo in macvlan NIC section
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.9 リリースのお知らせ¶
11th of December 2020
はじめに ¶
LXD チームは LXD 4.9 のリリースをお知らせできることにとてもワクワクしています!
このリリースには、オースティンにあるテキサス大学の学生からの次のコントリビューションが含まれています:
- プロジェクトに対する
limits.instances設定 - サーバー情報に qemu ドライバーとバージョンを表示
- リソース API 内に
IOMMUグループを表示 - サーバー設定内の
user.設定
それに加えて、GPU の媒介(mediated)デバイスのパススルーが使えるようになり、ライフサイクルイベントにいくつか改良をほどこし、リソース API へいくつか追加を行い、zstd 圧縮が使えるようになり、OVN ユーザーのための様々な新しいオプションを追加しています。
Enjoy!
新機能とハイライト ¶
仮想マシンに対する GPU 媒介デバイス ¶
LXDで、媒介デバイス(mediated device)をサポートしているGPUから媒介デバイスを割り当てることができるようになり、それを仮想マシンにアタッチできるようになりました。
これは、新たに導入された gpu のための設定 gputype によって行います。設定値は現時点では次の値をサポートしています:
physical(全 GPU。従来のデフォルトの動作)mdevプロファイルを指定するための追加のmdevキーと組み合わせて使います
lxc info --resources でも mdev プロファイルが表示されるようになりました。
GPU:
NUMA node: 0
Vendor: Intel Corporation (8086)
Product: HD Graphics 620 (5916)
PCI address: 0000:00:02.0
Driver: i915 (5.8.0-29-generic)
DRM:
ID: 0
Card: card0 (226:0)
Control: controlD64 (226:0)
Render: renderD128 (226:128)
Mdev profiles:
- i915-GVTg_V5_4 (1 available)
low_gm_size: 128MB
high_gm_size: 512MB
fence: 4
resolution: 1920x1200
weight: 4
- i915-GVTg_V5_8 (2 available)
low_gm_size: 64MB
high_gm_size: 384MB
fence: 4
resolution: 1024x768
weight: 2
PCI デバイスの IOMMU グループ ¶
リソース API(/1.0/resources)の PCI セクションのデバイスそれぞれには、IOMMU グループの ID を示す iommu_group が表示されるようになりました。
これは、パススルーネットワークや GPU デバイスを仮想マシンに追加する前に IOMMU トポロジーを確認するのにとても役立ちます。
stgraber@castiana:~$ lxc query /1.0/resources | jq .pci.devices[-1]
{
"driver": "xhci_hcd",
"driver_version": "5.8.0-29-generic",
"iommu_group": 16,
"numa_node": 0,
"pci_address": "0000:3c:00.0",
"product": "JHL6540 Thunderbolt 3 USB Controller (C step) [Alpine Ridge 4C 2016]",
"product_id": "15d4",
"vendor": "Intel Corporation",
"vendor_id": "8086"
}
サーバ環境情報内の QEMU バージョン表示 ¶
次の lxc info の実行例に表示されているように、システムの QEMU のバージョンが driver と driver_version に含まれるようになりました。
stgraber@castiana:~$ lxc info | grep " driver" driver: lxc | qemu driver_version: 4.0.0 (devel) | 5.2.0
ライフサイクルイベントの改良 ¶
ライフサイクルイベントを実装しなおして拡張しました。
現時点の完全なリストは次のとおりです:
- instance-created
- instance-renamed
- instance-deleted
- instance-updated
- instance-started
- instance-stopped
- instance-shutdown
- instance-restarted
- instance-paused
- instance-resumed
- instance-snapshot-create
- instance-snapshot-renamed
- instance-snapshot-deleted
- instance-restored
- instance-backup-created (new)
- instance-backup-renamed (new)
- instance-backup-deleted (new)
- network-created (new)
- network-updated (new)
- network-renamed (new)
- network-deleted (new)
お気づきのように、従来の container と virtual-machine のプレフィックスが混じった状態ではなく、一貫して instance が使われるようになりました。バックアップのためにイベントが不足していた問題がいくつか解消され、ネットワークイベントの初期カバレッジも追加されました。
user. キーがすべてのオブジェクトで使用可能に¶
このリリースで、設定を保持するすべての LXD オブジェクト内で user. キーが使えるようになりました。これらのキーは、追加のコンテキストを保存する必要がある外部のオーケストレーションシステムやモニタリングシステムで特に役に立ちます。
最近、これらのキーはサーバ自身を除くすべてのオブジェクトで使えましたが、これが解決されました。
stgraber@castiana:~$ lxc config set user.foo bar stgraber@castiana:~$ lxc config get user.foo bar
USB・ネットワークリソースの usb_address と pci_address プロパティ ¶
usb_address フィールドが、新たにソース API 内のネットワークとストレージデバイスの両方に追加されました。USB 接続がなされた際、デバイスの <bus>:<dev> で表示されます。これは PCI デバイスの pci_address にとても似ています。
同時に、ストレージデバイスになかった pci_address フィールドも追加されました。
stgraber@castiana:~$ lxc query /1.0/resources | jq .storage.disks[-1]
{
"block_size": 512,
"device": "8:0",
"device_id": "usb-Kingston_DataTraveler_3.0_08606E6B6612BE50D7168119-0:0",
"device_path": "pci-0000:00:14.0-usb-0:1:1.0-scsi-0:0:0:0",
"firmware_version": "PMAP",
"id": "sda",
"model": "DataTraveler 3.0",
"numa_node": 0,
"partitions": [
{
"device": "8:1",
"id": "sda1",
"partition": 1,
"read_only": false,
"size": 7863254528
}
],
"read_only": false,
"removable": true,
"rpm": 0,
"serial": "08606E6B6612BE50D7168119",
"size": 7864320000,
"type": "usb",
"usb_address": "2:7"
}
OVN ネットワークの ipv4.dhcp と ipv6.dhcp ¶
OVN ネットワークで IPv4 と IPv6 の DHCP をそれぞれ無効化できるようになりました。
これは、従来のマネージドブリッジと同様に、ipv4.dhcp と ipv6.dhcp の設定により行います。
物理ネットワーク上の ovn.ingress_mode ¶
OVN ネットワークに外部アドレスもしくはサブネットを割り当てる場合、特定の OVN ルーターがそのトラフィックを取り扱っていることを上流のゲートウェイに知らせる必要があります。
これまでは、L2 プロキシーを使って行っており、事実上 OVN は、処理を行わなければいけないネットワークとインスタンス上で、アップリンクネットワーク上の ARP/NDP パケットに対して応答することになっています。
これは多くのケースでうまく機能し、外部でルートを設定する必要はなくなります。しかし、OVN 自体で個別のアドレスレコードが必要となり、特に大きなサブネットではスケールしません(IPv4 での /24 や IPv6 での /64 を考えてみてください)。
このようなケースのために、新たに ovn.ingress_mode という設定が追加され、routed と設定できるようになりました。これは上流のルーターが、どのサブネットがどの OVN ルーターにルーティングされるのかを知っているため、OVN が各単独のアドレスごとに個別に処理する必要がないことを示しています。
これを https://github.com/stgraber/lxd-bgp のようなものと組み合わせて、上流のルーターのダイナミックなルーティング・プロトコルを使って、関連する OVN ルーターに対する必要なルートを自動的に設定できます。
物理ネットワーク上の ipv4.routes.anycast と ipv6.routes.anycast ¶
前のエントリーに関連して、LXD がルーティングされたサブネットに対して実行するチェックをバイパスするために、2つの新しい設定が追加されました。
この設定だけで、ふたつのネットワークのバックで使われたり、同時にふたつのインスタンスに割り当てられたりするのを防ぎます。しかし、外部ルーティングとダイナミックルーティングをサポートすることで、anycast を行うことができるようになります。
これがサポートされている環境では、ipv4.routes.anycast と ipv6.routes.anycast を true に設定し、サブネットの重複チェックを回避し、ふたつのインスタンスが同じパブリックアドレスを保持できるようにし、トラフィックの取得の決定を上流ルーターに任せることができます。
limits.instances プロジェクトオプション ¶
プロジェクトに設定できた limits.containers と limits.virtual-machines という制限に加えて、新たな制限が設定できるようになりました。
limits.instances を使って、プロジェクト内でタイプに関係なくインスタンス数を全体的に制限できます。
これに従って、次のように設定できます:
- limits.instances: 5
- limits.containers: 5
- limits.virtual-machines: 2
これにより、設定したプロジェクトでは 5 インスタンスまで持つことができます。そのすべてをコンテナにできますが、仮想マシンにできるのは 2 つだけとなります。
イメージとバックアップの zstd 圧縮 ¶
イメージとバックアップで zstd が使えるようになりました。
これは images.compression_algorithmとbackups.compression_algorithmで設定するか、lxc publish や lxc export で直接 --compression を使って指定できます。
すべての変更点(翻訳なし)¶
このリリースでの完全な変更点のリストは次のとおりです:
- lxd/api/project: Reject quotes in project names
- lxd/instance/drivers/driver/lxc: Updates initLXC to use project and instance name in callhook hook commands
- lxd/instance/drivers/driver/lxc: Updates startCommon to quote hook command arguments
- lxd/main/callhook: Updates cmdCallhook to support using project name and instance name in arguments
- lxd/api/internal: Adds support for using instance name and project name in container hook routes
- lxd/storage: Apply rename template
- lxd/patches: Adds patchVMRenameUUIDKey patch to rename config key from volatile.vm.uuid to volatile.uuid
- shared/validate: Adds IsUUID function
- shared/instance: Adds volatile.uuid key to instance validation
- shared/instance: Removes vm.uuid from instance validation in ConfigKeyChecker
- doc/instances: Replaces volatile.vm.uuid with volatile.uuid
- lxd/instance/drivers/driver/qemu: Updates Start to use and populate volatile.uuid instead of volatile.vm.uuid
- lxd/instance/drivers/driver/lxc: Generate instance UUID if not set in startCommon
- lxd/instance/drivers/driver/qemu: Makes UUID generation terminology consistent with container
- lxc/list: Fix typo in help
- i18n: Update translation templates
- lxc/list: Add two new columns (memory % and CPU)
- i18n: Update translation templates
- doc: fix typos in instances.md
- lxd/storage/drivers/driver/zfs/volumes: Remove workarounds for snapshot volume mounting
- lxd/refcount: Adds ref counting package
- lxd/storage/drivers/volume: Adds ref counting functions
- lxd/storage/drivers/volume: Updates MountTask to use new MountVolume signature
- lxd/storage/pool/interface: Removes OurMount from MountInfo struct
- lxd/storage/pool/interface: Removes "our mount" bool return value from MountCustomVolume
- lxd/storage/drivers/interface: Removes "our mount" bool return value from MountVolume
- lxd/storage/drivers/errors: Adds ErrInUse error
- lxd/storage/drivers/drivers/mock: Updates MountVolume signature
- lxd/storage/drivers/utils: Error quoting in shrinkFileSystem
- lxd/storage/drivers/driver/btrfs/volumes: Updates MountVolume signature
- lxd/storage/drivers/driver/ceph/volumes: Adds ref counting to MountVolume and UnmountVolume
- lxd/storage/drivers/driver/cephfs/volumes: Updates MountVolume signature
- lxd/storage/drivers/driver/dir/volumes: Updates MountVolume signature
- lxd/storage/drivers/driver/lvm/volumes: Adds ref counting to MountVolume and UnmountVolume
- lxd/storage/drivers/driver/zfs/volumes: Adds ref counting to MountVolume and UnmountVolume
- lxd/storage/drivers/generic/vfs: Updates genericVFSBackupUnpack to use new MountVolume signature
- lxd/storage/utils: Adds InstanceMount and InstanceUnmount and updates InstanceDiskBlockSize to use them
- lxd/storage/backend/mock: Removes OurMount
- lxd/storage/backend/mock: Removes "our mount" bool return value from MountCustomVolume
- lxd/storage/backend/lxd: Updates mount functions to remove OurMount and use new MountVolume signature
- lxd/storage/backend/lxd/patches: b.driver.MountVolume usage
- lxd/instance/drivers/driver: Unexports common restart function
- lxd/instance/instance/interface: Removes deprecated StorageStart and StorageStop functions
- lxd/instance/drivers/driver/common: Import ordering
- lxd/instance/drivers/driver/lxc: Updates mount usage with ref counting in mind
- lxd/instance/drivers/driver/lxc: Removes deprecated StorageStart and StorageStop
- lxd/instance/drivers/driver/qemu: Updates mount usage with ref counting in mind
- lxd/instance/drivers/driver/qemu: Implements RegisterDevices
- lxd/instance/drivers/driver/qemu: Removes deprecated StorageStart and StorageStop
- lxd/patches: Updates instance mount usage
- lxd/instance/metadata: Removes use of c.StorageStart and c.StorageStop
- lxd/instance/test: Removes use of StorageStart
- lxd/instance: Updates instanceCreateAsSnapshot to use updated mount functions
- lxd/devices: Register devices on all instance types
- lxd/device/disk: Implements Register function
- lxd/device/disk: Updates mount function usage in mountPoolVolume
- lxd/instance/drivers/driver/qemu: mount fixes
- lxd/storage/backend/lxd: Adds revert to MountInstance
- lxd/storage/drivers/driver/ceph/volumes: Adds revert to MountVolume
- lxd/storage/drivers/driver/lvm/volumes: Adds revert to MountVolume
- lxd/storage/drivers/driver/zfs/volumes: Adds revert to CreateVolumeFromBackup
- lxd/storage/drivers/driver/zfs/volumes: Adds revert to MountVolume
- lxd/storage/drivers/driver/zfs/volumes: Simplifies MountVolumeSnapshot and adds revert for parent volume mount
- lxd/storage/drivers/generic/vfs: Adds revert to genericVFSBackupUnpack
- lxd/api/internal: Adds internalImportFromRecovery function for instance recovery import
- lxd/instances/post: Updates createFromBackup to use updated internalImport signature
- lxd/device/disk comments
- test/suites/backup: Updates lxd import tests to expect instance to be unmounted after import
- lxd/instance/drivers/driver/lxc: Moves instance mount before idmap related var loading
- lxd/instance/drivers/driver/lxc: Rotate log file same stage as VM for consistency
- lxd/instance/drivers/driver/qemu: Use instance.LoadByProjectAndName in getMonitorEventHandler
- test: Updates container_import tests to remove lxd import followed by kill and start test
- lxd/storage/backend/lxd: Detect unsupported live copy of VMs and fail with clear message
- lxd/instance/lxc: Add extra check for devpts_fd
- lxd/device/nic/ovn: Removes unused Add function
- lxd/device/nic/bridged: Clarifies when device's Add function is called
- lxd/migrate/instance: Improves comments when instantiating migration.VolumeTargetArgs
- lxd/storage/backend/lxd: Improves comments when instantiating migration.VolumeTargetArgs
- lxd/storage/backend/lxd: Reject custom volume config if supplied in CreateInstanceFromMigration
- lxd/storage/drivers/driver/zfs/volumes: Use srcVol.NewVMBlockFilesystemVolume in CreateVolumeFromCopy
- lxd/storage/drivers/driver/zfs/volumes: Apply filesystem quota in CreateVolumeFromMigration
- lxd/storage/drivers/driver/btrfs/volumes: Apply quota in CreateVolumeFromMigration
- lxd/storage/drivers/driver: Makes size update consistent with other drivers in UpdateVolume
- lxd/storage/drivers/driver/cephfs/volumes: Use vol.ConfigSize() rather than vol.ExpandedConfig("size") for consistency with other drivers
- lxd/storage/drivers/driver/cephfs/volumes: Makes CreateVolumeFromMigration volume quota setting consistent with other non-block-backed drivers
- lxd/ap/internal: Improved error messages from instanceCreateInternal
- lxd/instance: Improved error messages from instanceCreateInternal
- lxd/instances/post: Improved error messages from instanceCreateInternal
- lxd/migrate/instance: Improved error messages from instanceCreateInternal
- lxd/device/disk: Only validate external disk source paths when real instance is loaded
- lxd/instance/drivers/driver/lxc: Remove user facing reference to "common start logic" in error
- lxd/instance/drivers/driver: Just log device add failures when adding device in non-user requested context
- lxd/instance/drivers/driver/lxc: Pass existing isRunning to c.updateDevices to avoid extra call to IsRunning()
- shared: Allow volatile uuid config keys
- lxd/instance/drivers: Support vgpu in qemu template
- lxd/instance/drivers: Support vgpu in VMs
- lxd/device/nic/sriov: Don't fail when resetting VF MAC to 00:00:00:00:00:00
- lxd/device/config: Allow gputype property
- lxd/device: Support mdev GPUs
- doc: Document mdev config key
- api: Add gpu_mdev
- lxc/info: Show mdev profiles
- po: Update translation
- lxd/images: Replace fp with fingerprint in logs
- lxd/daemon/images: Add contextual logging and use "fingerprint" rather than "image" for consistency with other code areas
- lxd/profiles/utils: Remove container references, improve comments
- lxd/db/profiles: Updates GetInstancesWithProfile to return all instance types, not just containers
- shared/instance: Improves comments
- lxd/project/project: Adds ProfileProject and ProfileProjectFromRecord functions
- lxd/profiles: Use project.ProfileProject instead of tx.ProjectHasProfiles
- test/suites/projects: Fix bug in test that assumed project wasnt checked for existance
- lxd/profiles/utils: Updates doProfileUpdate and doProfileUpdateCluster to return project and instance name in error
- lxd/device/device/interface: Moves updatable fields from CanHotPlug() into UpdatableFields()
- lxd/device/errors: Adds ErrCannotUpdate error
- lxd/device/device/common: Updates common implementation of CanHotPlug() and UpdatableFields()
- lxd/device/disk: Adds UpdatableFields function based on instance type
- lxd/device/disk: Only apply running IO limits to containers in Update
- lxd/device/nic/bridged: Adds UpdatableFields function and removes custom CanHotPlug function
- lxd/device/nic/ipvlan: Updates CanHotPlug function
- lxd/device/nic/ovn: Removes custom CanHotPlug function
- lxd/device/nic/p2p: Removes custom CanHotPlug function and adds UpdatableFields function
- lxd/device/nic/routed: Splits CanHotPlug function into new CanHotPlug and UpdatableFields functions
- lxd/instance/drivers/driver/lxc: Updates device management functions to use new CanHotPlug and UpdatableFields functions
- lxd/instance/drivers/driver/qemu: Updates device management functions to use new CanHotPlug and UpdatableFields functions
- lxd/device/config/devices/sort: Improves comments in Less
- lxd/device/disk: Removes use of global logger and use device contextual logger
- lxd/device/disk: Rework volatile apply_quota key handling to support virtual machines
- lxd/refcount: Adds Get function
- lxd/storage/backend/lxd: Removes dependence on RunningQuotaResize in SetInstanceQuota
- lxd/storage/backend/lxd: Removes dependence on RunningQuotaResize in UpdateCustomVolume
- lxd/storage/errors: Removes ErrRunningQuotaResizeNotSupported
- lxd/storage/drivers/volume: Adds MountInUse function
- lxd/storage/drivers/utils: Adds vol.MountInUse usage to ensureVolumeBlockFile
- lxd/storage/drivers/utils: Adds filesystemTypeCanBeShrunk and updates shrinkFileSystem to use it
- lxd/storage/drivers/utils: Updates growFileSystem to use DefaultFilesystem
- lxd/storage/drivers/driver/types: Removes RunningQuotaResize
- lxd/storage/drivers: Renames drivers_mock.go to driver_mock.go to align with other driver naming
- lxd/storage/drivers/driver/mock: Removes RunningQuotaResize
- lxd/storage/drivers/driver/btrfs: Updates BTRFS to use ensureVolumeBlockFile's in-use detection
- lxd/storage/drivers/driver/dir: Updates to use ensureVolumeBlockFile's in-use detection
- lxd/storage/drivers/driver/ceph/utils: Adds resizeVolume function
- lxd/storage/drivers/driver/ceph: Removes RunningQuotaResize
- lxd/storage/drivers/driver/ceph/volumes: Reworks SetVolumeQuota to be more aligned with LVM driver structure
- lxd/storage/drivers/driver/cephfs: Removes RunningQuotaResize
- lxd/storage/drivers/driver/lvm: Removes RunningQuotaResize
- lxd/storage/drivers/driver/lvm/volumes: Updates SetVolumeQuota to use Volume's in-use detection
- lxd/storage/drivers/driver/zfs: Removes RunningQuotaResize
- lxd/storage/drivers/driver/zfs/volumes: Updates SetVolumeQuota to use Volume's in-use detection
- lxd/storage/utils: Updates validatePoolCommonRules to differentiate VM volumes and filesystem volumes
- lxd/instance: Error quoting and logging improvements in instanceCreateInternal
- lxd/instance/drivers/driver/lxc: Adds revert to lxcCreate
- lxd/instance/drivers/driver/qemu: Adds revert to qemuCreate
- lxd/storage/backend/lxd: Set the correct volume content type for custom volumes
- lxc/info: Extend mdev details
- i18n: Update translation templates
- lxd/device/disk: Ignore ErrNotRunning for virtfs-proxy-helper
- lxd/patches/utils: Adds legacy volumeFillDefault function for patches
- lxd/patches: Updates patches to switch from driver.VolumeFillDefault to volumeFillDefault
- lxd/storage/drivers/interface: Adds FillVolumeConfig
- lxd/storage/drivers/driver/common: Adds FillVolumeConfig no-op for common drivers
- lxd/storage/drivers/driver/{ceph,lvm}: Adds FillVolumeConfig function to populate default filesystem settings
- lxd/storage/utils: Updates VolumeDBCreate to accept a Pool and call driver.FillVolumeConfig
- lxd/storage/backend/lxd: VolumeDBCreate usage
- lxd/storage/utils: Removes VolumeFillDefault and VolumeValidateConfig
- lxd/storage/pool/interface: Adds FillInstanceConfig
- lxd/storage/backend/lxd: Implements FillInstanceConfig
- lxd/storage/backend/mock: Adds FillInstanceConfig
- lxd/instance/drivers/driver/lxc: Updates lxcCreate to use storagePool.FillInstanceConfig
- lxd/instance/drivers/driver/qemu: Updates qemuCreate to use storagePool.FillInstanceConfig
- lxd/instance/drivers: Better errors in instance create functions
- lxd/storage/backend/mock: Return storage pool ID 1 rather than -1 to allow tests to run
- lxd/network/openvswitch/ovs: Adds InterfaceAssociatedOVNSwitchPort function
- lxd/network/driver/ovn: Updates Instance port functions to use instance UUID rather than instance ID
- lxd/network/driver/ovn: Updates InstanceDevicePortDelete to accept an instance UUID and a ovsExternalOVNPort hint
- lxd/device/nic/ovn: Update ovnNet interface to use instance UUIDs.
- lxd/device/nic/ovn: Use volatile.uuid instance UUID rather than instance ID for OVN switch port name
- lxd/device/nic/ovn: No need for intermediate v variable
- lxd/device/nic/ovn: Updates Stop to pass instance UUID and an OVS external OVN switch port hint to InstanceDevicePortDelete
- lxd/instance/qemu: Always render disk
- Support zstd compression.
- api: add resources_pci_iommu extension
- lxd-agent: Don't rely on systemd for rebooting
- lxd/instance: Move id field to common
- lxd/instance/common: Use 'd' as main variable
- lxd/instance/qemu: Rename d to dev
- lxd/instance/qemu: Replace vm with d
- lxd/instance/lxc: Rename d to dev
- lxd/instance/lxc: Replace c with d
- lxd/isntance: Move most properties to common
- lxd/instance: Move common functions to drive_common
- shared/instance: golint fixes
- shared/instance: Adds ConfigVolatilePrefix constant
- shared/instance: ConfigVolatilePrefix usage
- shared/instance: Adds InstanceIncludeWhenCopying function
- lxd/copy: shared.InstanceIncludeWhenCopying usage in copyInstance
- lxc: shared.ConfigVolatilePrefix usage
- lxd: shared.ConfigVolatilePrefix usage
- lxd/instances/post: shared.InstanceIncludeWhenCopying usage in createFromCopy
- lxd/storage: Add volatile idmap setting debug log to resetContainerDiskIdmap
- lxd/device/disk: Include network-config in cidata
- lxd/resources: Add GetNetworkState and GetNetworkCounters
- shared/api: Add IOMMUGroup field to ResourcesPCIDevice
- Add IOMMU group value to PCI devices
- lxd/storage/pools/utils: Updates comment and error for storagePoolCreateLocal
- lxd/storage/pools: Error quoting
- lxd/db/cluster: Adds state column to networks_nodes table and set existing rows to state=1 (created)
- lxd/db/networks: Populate node state column in NetworkNodeJoin
- lxd/db/networks: Populate node state column in CreatePendingNetwork
- lxd/db/networks: Adds networkNodeState and NetworkNodeCreated functiond
- lxd/db/networks: Comments
- lxd/db/networks: Populate node state column in CreateNetwork
- lxd/network/driver: Remove check that prevents starting network in pending state
- lxd/networks: Whitespace
- lxd/network/network/interface: Updates init to take api.Network and network nodes map
- lxd/network/network/interface: Adds LocalStatus
- lxd/network/network/load: Updates LoadByName to pass network nodes from s.Cluster.GetNetworkInAnyState to init()
- lxd/db/networks: Adds NetworkState type and uses it in place of int
- lxd/db/networks: Renames networkFillStatus to NetworkStateToAPIStatus
- lxd/db/networks: Adds NetworkNode type
- lxd/db/networks: Exports NetworkNodes and updates to return map of NetworkNodes
- lxd/db/networks: Updates GetNonPendingNetworks usage of NetworkNodes()
- lxd/db/networks: Modifies getNetwork and GetNetworkInAnyState to return map of NetworkNodes for network
- lxd/db/networks: Exports NetworkNodes
- lxd/db/networks: c.GetNetworkInAnyState usage
- lxd/db/networks: Updates comments to reference state constants
- lxd/patches: d.cluster.GetNetworkInAnyState usage
- lxd/api/cluster: d.cluster.GetNetworkInAnyState usage
- lxd/api/project: s.Cluster.GetNetworkInAnyState usage
- lxd/device/nic: d.state.Cluster.GetNetworkInAnyState usage
- lxd/network/driver/ovn: n.state.Cluster.GetNetworkInAnyState usage
- lxd/network/driver/common: Adds LocalStatus function and store node info inside network via init()
- lxd/network/driver/bridge: Only perform local date if local status is api.NetworkStatusCreated
- lxd/network/driver/ovn: Only perform local date if local status is api.NetworkStatusCreated
- lxd/network/driver/physical: Only perform local date if local status is api.NetworkStatusCreated
- lxd/networks: Updates doNetworksCreate to skip creation if node is already marked created
- lxd/networks: d.cluster.GetNetworkInAnyState usage
- lxd/networks: Don't skip network clean up if network is pending in networkDelete()
- lxd/networks: d.cluster.GetNetworkInAnyState usage
- lxd/networks: Updates networksPostCluster to only mark global network states as created once all nodes created
- lxd/db/migration/test: cluster.GetNetworkInAnyState usage
- lxd/network/network/interface: Adds IsManaged function
- lxd/network/driver/common: Adds IsManaged function and associated internal variable
- lxd/networks: Prevent rename of pending networks
- lxd/networks: Reduce duplicate query loading network in networkPut and doNetworkUpdate
- lxd/networks: Prevent update of global network config when network is pending in networkPut
- lxd/network/driver/bridge: Adds some basic revert to setup()
- lxd/network/driver/bridge: Only initialise revert if config has changed
- lxd/network/driver: Only apply local DB change in Update() when local node is in pending state
- lxd/network/driver/bridge: Fix incorrect return value
- test/suites/clustering: Add network node state tests for bridge networking
- lxd/instance: Use revert package in instanceCreateFromImage
- lxd/storage/backend/lxd: Remove revert from CreateInstanceFromImage
- lxd/storage/drivers/driver/common: Enable unsafe resize mode in runFiller when unpacking into image volumes
- lxd/storage/drivers/driver/ceph/volume: Allow image resize when in unsafe mode in SetVolumeQuota
- lxd/storage/drivers/driver/zfs/volume: Allow image resize when in unsafe mode in SetVolumeQuota
- lxd/storage/backend/lxd: Log new volume size in CreateInstanceFromImage
- lxd/instance/qemu: Follow symlink to lxd-agent
- lxd/instance/qemu: Fix GPU passthrough
- lxd/instance/operations: Allow Wait/Done on nil struct
- lxd/instance/lxc: Improve use of operations
- lxd/instance/lxc: Improve locking on file ops
- lxd/instance/operations: Introduce CreateWaitGet
- lxd/instance: Introduce restart tracking
- Makefile: Fix golint URL
- lxd/network/driver/bridge: Improve IP parsing errors
- lxd/network/driver/bridge: Don't fill default config on update
- lxd/network/driver/ovn: Improve IP parsing errors
- lxd/network/driver/ovn: Don't fill default config on update
- lxd/network/driver/bridge: Regenerate auto values on update
- lxd/network/driver/ovn: Regenerate auto values on update
- test/suites/network: Adds test for unsetting ipv4.address and ipv6.address
- test/suites/network: Adds test for regeneration of auto values
- doc/networks: Clarify bridge default auto values
- doc/networks: Clarifies default values for ovn ranges settings
- doc/networks: Clarify ovn default auto values
- lxd/device/disk: Only validate disk source pool when an actual instance is set
- test/suites/migration: Adds tests for copying instance with snapshots containing invalid disk devices
- lxc-to-lxd: Fix handling on snap
- lxd/instance: Bypass delete protection for internal calls
- lxd/instance/qemu: Improve state handling
- lxd/instance/operationlock: Allow Reset
- lxd/instance/qemu: Stretch start/stop timeout
- lxd/instance/qemu: Increase virtiofsd timeout to 10s
- lxd/instance/qemu: Move more logic into qemuArchConfig
- lxd/instance: Add Info function
- lxd/instance: Add SupportedInstanceDrivers
- lxd/instance: Add driver cache
- lxd/api: Show all instance drivers
- lxd/qemu: Don't stop processing events on shutdown
- lxd/rbac: Improve access to user information
- lxd/daemon: Improve request context
- lxd/rbac: Move userIsAdmin and userHasPermission
- lxd: Move to new RBAC helpers
- lxd/storage/volumes: Replace hardcoded "filesystem" with db.StoragePoolVolumeContentTypeNameFS in storagePoolVolumesTypePost
- lxd/storage/volumes: Error quoting in storagePoolVolumesTypePost
- lxd/storage/volumes: Fixes misleading comment in storagePoolVolumesPost
- lxd/storage/volumes: Set default volume content type to filesystem in storagePoolVolumesPost
- lxd/storage/volumes: Error quoting in storagePoolVolumesPost
- lxd/storage/utils: Align error returned from VolumeContentTypeNameToContentType with similar functions
- lxd/storage/volumes: Removes stuttering in errors in storagePoolVolumesTypePost
- lxd/networks: Use SmartError for response when loading networks
- lxd/project: Add new FilterUsedBy helper
- lxd: Filter all UsedBy based on RBAC
- lxd/images: Fix incorrect RBAC on push
- lxc/file: Fix typo in fileGetWrapper
- i18n: Update translation templates
- lxc/restore: Fix typo in help
- i18n: Update translation templates
- lxd/networks: Fix bad logging level
- lxd/daemon: Fix bad permission check
- lxd/storage/drivers/generic: Fix VM rename with ZFS
- lxd/instance: Remove duplicate event
- lxd/instance/common: Implement lifecycle wrapper
- lxd/instance/lxc: Port to new wrapper
- lxd/instance/lxc: Lock restore operations
- lxd/instance/qemu: Port to new wrapper
- lxd/instance/qemu: Lock restore operations
- lxd/backup: Add lifecycle events
- lxd/network: Add lifecycle function
- lxd/network: Implement create wrapper
- lxd/network: Add lifecycle events
- lxd/cluster/request/clienttype: Moves client type constants and helper into own package
- lxd/cluster/connect: Removes client type constants and helper
- lxd: Updates use of ClientType now moved to cluster/request package
- lxd/networks: Ensure etag generation uses its own copy of config in networkPut
- lxd/network/driver: Takes NetworkStatus safety patch from stable-4.0 and applies to master
- lxd/networks: Comment in networksPostCluster
- lxd/networks: Corrects log level in networksPostCluster
- lxd/networks: golint fix
- lxd/db/networks: Removes unused NetworkErrored function
- lxd/db/networks: Updates network state comments to indicate node usage
- lxd/instance: Adds per-struct contextual logger.
- lxd/instance/drivers: Fixes instanceType in instance logger
- lxd/db/cluster: Adds state column to storage_pools_nodes table and set existing rows to state=1 (created)
- lxd/db/storage/pools: Updates storage pool state comments to indicate node usage
- lxd/db/storage/pools: Replace use of networkCreated with storagePoolCreated in getStoragePool
- lxd/db/storage/pools: Set storage pool node state to created in UpdateStoragePoolAfterNodeJoin
- lxd/db/storage/pools: Set storage pool node state to pending in CreatePendingStoragePool
- lxd/db/storage/pools: Adds StoragePoolNodeCreated and storagePoolNodeState functions
- lxd/db/storage/pools: Set storage pool node state to pending in CreateStoragePool
- lxd/storage/pools/utils: Consistent commnent endings
- lxd/storage/pools/utils: Fix comment in storagePoolCreateLocal
- lxd/storage/pools: Add logging for storage pool state updates in storagePoolsPostCluster
- lxd/storage/pools/utils: Updates storagePoolCreateLocal to mark local node state as created
- lxd/db/storage/pools: Removes unused function StoragePoolErrored
- lxd/db/storage/pools: Updates comment on StoragePoolCreated
- lxd/storage/pools: Fix copy paste error in comment
- lxd/storage/load: Updates GetPoolByName to use state.Cluster.GetStoragePoolInAnyState
- lxc/storage: Adds --target flag support to cmdStorageSet
- lxd/storage/pools: Adds doStoragePoolUpdate function
- lxd/db/storage/pools: Adds StoragePoolState type and updates state constants to be of that type
- lxd/db/storage/pools: Adds StoragePoolNode type
- lxd/db/storage/pools: StoragePoolState usage
- lxd/db/storage/pools: Adds storagePoolNodes function
- lxd/db/storage/pools: Updates storage pool load functions to return nodes
- lxd/db/storage/pools: Updates storagePoolNodes to return map of StoragePoolNode
- lxd/db/storage/pools: c.GetStoragePoolInAnyState usage
- shared/api/storage/pool: Adds storage pool status contants
- lxd/db/storage/pools: Adds StoragePoolStateToAPIStatus and updates getStoragePool to use it
- lxd/patches: d.cluster.GetStoragePoolInAnyState usage
- lxd/api/cluster: d.cluster.GetStoragePoolInAnyState usage
- lxd/backup/backup/config: c.GetStoragePool usage
- lxd/daemon/storage: s.Cluster.GetStoragePool usage
- lxd/device/disk: d.state.Cluster.GetStoragePool usage
- lxd/instance/post: d.cluster.GetStoragePool usage
- lxd/instances/post: d.cluster.GetStoragePoolInAnyState usage
- lxd/storage/pools: d.cluster.GetStoragePoolInAnyState usage
- lxd/storage/volumes: GetStoragePoolInAnyState usage
- lxd/storage/volumes/backup: d.cluster.GetStoragePool usage
- lxd/storage/volumes/snapshot: d.cluster.GetStoragePool usage
- lxd/storage/pool/interface: Adds Description, Status and LocalStatus functions to definition
- lxd/storage/backend/mock: Adds Description, Status and LocalStatus functions
- lxd/storage/backend/lxd: Adds Description, Status, LocalStatus functions and adds nodes property
- lxd/storage/load: state.Cluster.GetStoragePoolInAnyState usage and populates pool nodes in GetPoolByName
- lxd/storage/pool/interface: Adds IsUsed and Create functions
- lxd/storage/backend/lxd: Exports Create and adds IsUsed
- lxd/storage/backend/mock: Adds IsUsed and Create
- lxd/storage/load: Deprecates CreatePool
- lxd/storage/load: Updates CreatePool to initialise empty node list
- lxd/storage/pools/utils: Updates storagePoolCreateLocal to use GetPoolByName
- lxd/storage/pools: Reworks storagePoolDelete to only delete locally if node has created state
- lxd/db/migration/test: cluster.GetStoragePool usage
- lxd/storage/pools: Reworks storagePoolPut and calls storagePoolPut from storagePoolPatch
- lxd/storage/pools: Removes unused storagePoolValidateClusterConfig, storagePoolClusterConfigForEtag, storagePoolClusterFillWithNodeConfig functions
- lxd/storage/pools/utils: Removes unused storagePoolUpdate
- lxd/storage/backend/lxd: Reworks Update to only apply changes to local node if not pending
- lxd/api/cluster: Updates client type usage to new package
- lxd/storage/load: Updates deprecated CreatePool to use client type
- lxd/patches: storagePools.CreatePool usage
- lxd/storage/pool/interface: Replaces localOnly and driverOnly indicators with clientType
- lxd/storage/backend/lxd: Replace localOnly and driverOnly with clientType
- lxd/storage/backend/mock: Replace localOnly and driverOnly with clientType
- lxd/storage/drivers/driver/ceph: Simplify Delete logic
- lxd/storage/pools: Switch to clientType
- lxd/storage/pools/utils: Switch to clientType
- lxd/api/cluster: Removal special casing for ceph/cephfs
- lxd/storage/backend/lxd: Adds protection against using a pending pool
- lxd/storage: Adds target support to cmdStorageGet
- lxd/storage/pools: Updates storagePoolsPostCluster to only forward non-node specific config
- test/suites/clustering: Add pool node state tests
- lxd/apparmor/qemu: Allow some more files
- lxd/storage/drivers/drivers/zfs/volumes: Fixes 10s delay when using VMs with ZFS in snap
- shared: Add IsUserConfig() utility function
- lxd/config: Allow user keys in server config
- lxd/storage/backend/lxd: Comment typo fix
- lxd/storage/drivers/driver/btrfs/volumes: Enable allowUnsafeResize in CreateVolume when creating initial image volume
- lxd/storage/drivers/utils: Updates ensureVolumeBlockFile to return unsupported when trying to resize image volume without allowUnsafeResize enabled
- lxd/storage/utils: Ensure pool's volume.size is checked when unpacking images to pools that use file based images
- lxd/instance/qemu: Deref OVMF path
- lxc: Clarify --compression option
- doc/image-handling: Update compression details
- i18n: Update translation templates
- lxd/rbac: Fix checks by matching proper name
- api: Add resources_network_usb and resources_disk_address
- shared/api: Add PCIAddress/USBAddress on network and storage
- lxd/resources: Add PCIAddress/USBAddress for networks and disks
- lxd/storage/drivers/utils: Modifies roundVolumeBlockFileSizeBytes to round up
- lxd/storage/drivers/utils: roundVolumeBlockFileSizeBytes usage
- lxd/storage/drivers/driver/zfs/utils: Use roundVolumeBlockFileSizeBytes in createVolume
- lxd/storage/drivers/driver/zfs/volumes: Use roundVolumeBlockFileSizeBytes in CreateVolume
- lxd/storage/drivers/driver/zfs/volumes: Use roundVolumeBlockFileSizeBytes in SetVolumeQuota
- lxd/storage/backend/lxd: Use revert in CreateInstanceFromCopy
- lxd/storage/backend/lxd: Don't fail in DeleteInstance if DB record already removed
- lxd/instance: Use revert in instanceCreateAsCopy
- lxd/storage/drivers/driver/ceph/volumes: Whitespace
- lxd/storage/drivers/driver/ceph/volumes: Adds a hasVolume function that accepts an RBD volume name
- lxd/storage/drivers/driver/ceph/volumes: Fixes issue in DeleteVolume that prevented image volume deletion if no readonly snapshot existed
- lxd/storage/backend/lxd: Return error in EnsureImage when cannot delete orphaned volume
- lxd/network/driver/ovn: Improve error message
- lxd/network/driver/physical: Adds ovn.ingress_mode config key
- lxd/network/driver/ovn: Updates uplinkRoutes to accept an *api.Network argument
- lxd/network/driver/ovn: n.uplinkRoutes usage
- lxd/network/driver/ovn: Moves subnet size validation into InstanceDevicePortValidateExternalRoutes
- lxd/network/driver/ovn: Updates InstanceDevicePortAdd to only publish external IPs using DNAT when uplink l2proxy mode enabled
- lxd/device/nic/ovn: Removes external subnet validation
- doc/networks: Adds ovn.ingress_mode to physical networks
- api: Adds network_physical_ovn_ingress_mode extensions
- lxd/network/network/utils: Don't reference ourselves in UsedBy
- lxd/network/driver/ovn: Only delete DNAT rules in InstanceDevicePortDelete if ingress mode is l2proxy
- lxd/network/openvswitch/ovn: Exports LogicalSwitchDHCPOptionsDelete and adds optional UUID filter for deletion
- lxc/network/driver/ovn: Adds ipv4.dhcp and ipv6.dhcp boolean settings
- lxc/network/driver/ovn: Modifies setup to only activate DHCP/RA if its enabled on network
- lxd/network/driver/ovn: Updates InstanceDevicePortAdd to respect DHCP options on network
- lxd/network/driver/ovn: Updates DHCPv4Subnet and DHCPv6Subnet to use IP helper functions
- api: Adds network_ovn_dhcp extension
- doc/networks: Adds ipv4.dhcp and ipv6.dhcp docs for OVN networks
- doc/networks: Mention DNSSEC setting
- doc/networks: Adds ipv4.routes.anycast and ipv6.routes.anycast to physical networks
- lxd/network/driver/physical: Adds ipv4.routes.anycast and ipv6.routes.anycast options
- lxd/network/driver/ovn: Adds uplinkHasIngressRoutedAnycastIPv4 and uplinkHasIngressRoutedAnycastIPv6 functions
- lxc/network/driver/ovn: Skip overlap detection of networks external subnets when uplink is in anycast routed ingress mode
- lxd/network/driver/ovn: Skip NIC external route overlap detection when uplink is in anycast routed ingress mode
- api: Adds network_physical_routes_anycast extension
- tests: Add test for import after deleted snapshot
- lxd/instances: Update backup file when deleting a snapshot
- lxd/instance/lxc: Fix backup.yaml delete logic to trigger properly
- lxd/instance/qemu: Also update backup.yaml on snapshot delete
- lxd/instance/qemu: Update backup.yaml on startup
- lxd/db/storage/pools: Comment wrapping
- lxd/storage/backend/lxd: Prevent modification of source field on non-pending nodes
- lxd/storage/drivers/driver/lvm: Comment typo
- lxd/network/driver/ovn: Only add default route and SNAT rules to router after adding external router port
- i18n: Update translations from weblate
- doc/networks: Add missing escaping
- lxd/apparmor/qemu: Allow ceph snap paths
- doc: Adds limits.instances key description.
- lxd/project: Adds 'limits.instances' configuration key
- api: Add projects_limits_instances extension
- doc/api-extensions: Fix escaping
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.8 リリースのお知らせ¶
12th of November 2020
はじめに ¶
LXD チームは LXD 4.8 のリリースをお知らせできることにとてもワクワクしています!
このリリースでは vTPM と VirtioFS のサポートが追加されました。そして cgroup2 サポートの作業が終了し、いくつか有用な機能の追加と改良を行いました。
また、ネットワークとストレージのトラッキングとライフサイクルが大幅に改良され、競合状態のクラス全体と通常のバグ修正の山が完全に排除されました。
Enjoy!
新機能とハイライト ¶
vTPM のサポート ¶
新しい tpm デバイスタイプが追加されました。コンテナと仮想マシンの両方でサポートされます。これは永続的な swtpm インスタンスを使い、通常は /dev/tpmX デバイスをインスタンス内で公開します。
stgraber@castiana:~$ lxc config device add tpm1 tpm tpm path=/dev/tpm0 Device tpm added to tpm1 stgraber@castiana:~$ lxc config device add tpm2 tpm tpm path=/dev/tpm0 Device tpm added to tpm2 stgraber@castiana:~$ lxc start tpm1 tpm2 stgraber@castiana:~$ lxc list tpm +------+---------+------------------------+-------------------------------------------------+-----------------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +------+---------+------------------------+-------------------------------------------------+-----------------+-----------+ | tpm1 | RUNNING | 10.166.11.45 (eth0) | fd42:4c81:5770:1eaf:216:3eff:fe95:4a5 (eth0) | CONTAINER | 0 | +------+---------+------------------------+-------------------------------------------------+-----------------+-----------+ | tpm2 | RUNNING | 10.166.11.120 (enp5s0) | fd42:4c81:5770:1eaf:216:3eff:fe71:4323 (enp5s0) | VIRTUAL-MACHINE | 0 | +------+---------+------------------------+-------------------------------------------------+-----------------+-----------+ stgraber@castiana:~$ lxc exec tpm1 -- tpm2_gettestresult status: success stgraber@castiana:~$ lxc exec tpm2 -- tpm2_gettestresult status: success
仮想マシンに対する VirtioFS ¶
これまで、LXD はエージェントが構成するデバイスと disk デバイスを使って仮想マシンに対して公開される追加パスの両方のトランスポートとして 9p を使ってきました。
信頼性が高く、一般的に十分サポートされていますが、9p は高速ではありません。
virtiofs がこのための高速なオプションです。LXD エージェントがインスタンス内部で使用できる方を使用し、LXD は 9p と virtiofs の両方を通してアタッチしたデバイスを公開しています。
stgraber@castiana:~$ lxc init images:ubuntu/20.04/cloud vm1 --vm Creating vm1 stgraber@castiana:~$ lxc config device add vm1 home disk source=/home/stgraber path=/mnt/virtiofs Device home added to vm1 stgraber@castiana:~$ lxc start vm1 stgraber@castiana:~$ lxc exec vm1 bash root@vm1:~# mkdir /mnt/9p root@vm1:~# mount -t 9p lxd_home /mnt/9p/ root@vm1:~# dd if=/dev/zero of=/mnt/9p/test.img bs=4M count=100 conv=fdatasync 100+0 records in 100+0 records out 419430400 bytes (419 MB, 400 MiB) copied, 5.19642 s, 80.7 MB/s root@vm1:~# dd if=/dev/zero of=/mnt/virtiofs/test.img bs=4M count=100 conv=fdatasync 100+0 records in 100+0 records out 419430400 bytes (419 MB, 400 MiB) copied, 0.831076 s, 505 MB/s root@vm1:~#
cgroup2 のフルサポート ¶
LXD はかなり長い間、ハイブリッドとフル cgroup2 システム上で機能してきました。しかし、その環境で実行された場合、必ずしもすべての制限が適用されていたわけではありませんでした。実際、ほとんどのコントローラーが起動時に制限された状態、またはサポートされないとして報告されていました。
次のものをのぞいて、LXD でサポートされるすべての制限に cgroup2 サポートを追加することで、これを大幅に改善しました。
- スワップの優先度指定とスワップの無効化(swappinessコントロールが必要)
- ネットワークの優先度(net_prioコントローラーが必要)
これら2つは現在、最新の Linux カーネルで相当する機能が cgroup2 にないためです。同等のソリューションが実装された際には、必ずその機能を使います。
デイリーのテストに cgroup1, スワップのアカウンティング付きのcgroup1、cgroup2 のテストを追加し、すべての制限が期待通り動作していることを https://jenkins.linuxcontainers.org/job/lxd-test-cgroup/ で確認しました。
zfs.clone_copy の rebase モード ¶
ZFS ストレージプールに追加された新しいオプションは、ソースのインスタンスが作成された元のイメージを追跡し、新しいインスタンスのオリジンとしてそれを使うように LXD に指示します。
これは、ソースインスタンスがイメージとともに持っているディスク上の差分を効率的に複製するので、そのコピーの結果としてディスク使用量が増えることを意味します。しかし、新しいインスタンスがソースと結びつくことも防ぎます。これにより、LXD が削除されたコピーのために削除されたデータセットを保持する必要がなくなり、ソースインスタンスを削除し、そのディスク領域を再利用できるようになります。
stgraber@castiana:~$ lxc launch images:ubuntu/20.04/cloud u1 Creating u1 Starting u1 stgraber@castiana:~$ sudo zfs list -t all -o name,origin castiana/lxd/containers/u1 NAME ORIGIN castiana/lxd/containers/u1 castiana/lxd/images/0d8a2b851ecb4a2dfc6313cb8bae203f15c5ca51c3c80bc65b573224e7f59f59@readonly stgraber@castiana:~$ lxc copy u1 u2 stgraber@castiana:~$ sudo zfs list -t all -o name,origin castiana/lxd/containers/u2 NAME ORIGIN castiana/lxd/containers/u2 castiana/lxd/containers/u1@copy-e51ca348-32b5-4101-ac05-c656bf7c2a1e stgraber@castiana:~$ lxc storage set default zfs.clone_copy false stgraber@castiana:~$ lxc copy u1 u3 stgraber@castiana:~$ sudo zfs list -t all -o name,origin castiana/lxd/containers/u3 NAME ORIGIN castiana/lxd/containers/u3 - stgraber@castiana:~$ lxc storage set default zfs.clone_copy rebase stgraber@castiana:~$ lxc copy u1 u4 stgraber@castiana:~$ sudo zfs list -t all -o name,origin castiana/lxd/containers/u4 NAME ORIGIN castiana/lxd/containers/u4 castiana/lxd/images/0d8a2b851ecb4a2dfc6313cb8bae203f15c5ca51c3c80bc65b573224e7f59f59@readonly
この例では:
- u1 はイメージからコピーして作られた通常のコンテナです
- u2 はソースのスナップショットから作られた通常のコピーです
- u3 はスタンドアロンコピーで、u1 のデータ全体とイメージを複製します
- u4 はリベースコピーで、u1 の差分とイメージを複製します
lxc snapshot と lxc storage volume snapshot コマンドの --reuse オプション¶
lxc snapshot と lxc storage volume snapshot コマンドで、同じ名前で新しいスナップショットを作成する前に既存のスナップショットを削除できるようになりました。
stgraber@castiana:~$ lxc snapshot u1 foo stgraber@castiana:~$ lxc snapshot u1 foo Error: Add snapshot info to the database: This instance_snapshot already exists stgraber@castiana:~$ lxc snapshot u1 foo --reuse stgraber@castiana:~$
restarted ライフサイクルイベント ¶
LXD は重要な状態の変更を容易に追跡できるように lifecycle イベントをログに記録します。
これまで、インスタンスが再起動されたり内部から再起動されると、ログには stopped イベントとそれに続く started イベントが記録されていました。
これが、何が起こったかを正確に記述する単一の restarted イベントに置き換えられました。
stgraber@castiana:~$ lxc monitor --type=lifecycle location: none metadata: action: virtual-machine-restarted source: /1.0/virtual-machines/u2 timestamp: "2020-11-12T17:47:50.559795164-05:00" type: lifecycle
ユーザからのリクエストのロギングの改良 ¶
LXD はすべての API 呼び出しの要求元をログメッセージと内部コンテキストデータに記録しています。しかし、これには少し制限がありました。どのプロトコル(unix, candid, tls)が使われたのかをログに記録しない、unix ソケット経由のリクエストの場合はユーザー名をログに記録できると言ったようなことのためです。
この問題は修正され、基本的な要求は次のように記録を行うようになりました:
DBUG[11-12|18:26:10] Handling method=GET url=/1.0 ip=@ protocol=unix username=stgraberDBUG[11-12|23:26:59] Handling method=GET url=/1.0 ip=[2001:470:b0f8:1000:223:a4ff:fe01:16f]:48334 protocol=candid username=stgraber@stgraber.netDBUG[11-12|18:28:23] Handling method=GET url=/1.0 ip=127.0.0.1:47508 protocol=tls username=390fdd27ed5dc2408edc11fe602eafceb6c025ddbad9341dfdcb1056a8dd98b1
すべての変更点(翻訳なし) ¶
このリリースでの完全な変更点のリストは次のとおりです:
- lxd/device/usb: Fix check for required USB device
- seccomp: switch back to pread()
- nsexec: simplify userns attach
- forksyscall: preserve root and cwd fds for shifted mount emulation
- lxc/init.go: remove for-loop in create()
- lxd/device/nic/ovn: Improved error messages
- lxd/network/driver/ovn: Generates static EUI64 IPv6 address for instance switch ports in instanceDevicePortAdd
- lxd/network/openvswitch/ovn: Adds LogicalSwitchPortGetDNS to return switch port DNS info
- lxd/network/openvswitch/ovn: Updates LogicalSwitchPortDeleteDNS to only accept DNS UUID rather than port name
- lxd/network/openvswitch/ovn: Updates LogicalSwitchPortSetDNS to return the DNS UUID record ID
- lxc/network/driver/ovn: Adds validateExternalSubnet function
- lxd/network/driver/ovn: Updates Validate to ensure ipv4.address and ipv6.address are allowed external subnets
- lxd/network/driver/ovn: Adds support for publishing instance port IPs to uplink network
- revert/revert.go: remove a for-loop from Clone()
- doc/networks: Adds ipv4.nat and ipv6.nat to ovn network
- lxc/copy.go: Remove unneeded for-loop in c.Run()
- lxd/db/networks: Fix NULL description
- lxd/network/driver/ovn: Allows "none" as value for ipv4.address and ipv6.address
- lxd/network/driver/ovn: Re-run validation of auto generated address used in FillConfig
- lxd/network/driver/ovn: Modify setup() to support optional IP addresses
- lxd/network/driver/ovn: Updates instanceDevicePortAdd to support optional IP addresses
- lxd/network/driver/ovn: Only call Validate in FillConfig if state is set
- lxd/db/projects: Adds GetProject function
- lxd/network/driver/ovn: Converts instance port functions to exported
- lxd/network/driver/ovn: Removes ipv4.routes.external and ipv6.routes.external
- lxc/network/driver/ovn: Adds projectRestrictedSubnets and uplinkRoutes functions
- lxd/network/driver/ovn: Simplifies Validate by using separate data loader functions
- lxd/network/driver/ovn: Passes project into allowedUplinkNetworks
- lxd/network/driver/ovn: Passes project into validateUplinkNetwork
- lxd/network/driver/ovn: Load project in setup() to pass to n.validateUplinkNetwork()
- lxd/network/driver/ovn: Adds InstanceDevicePortValidateExternalRoutes function
- lxd/network/network/utils/ovn: Remvoes unused functions
- lxd/device/nic/ovn: Adds ovnNet interface and use OVN instance port functions directly from network
- lxd/device/nic/ovn: Removes validation of external routes against network's external routes
- lxd/device/nic/ovn: Validate NICs external routes using d.network.InstanceDevicePortValidateExternalRoutes
- doc/networks: Removes ipv4.routes.external and ipv6.routes.external from ovn network
- lxd/patches: Adds patch for removing ipv4.routes.external and ipv6.routes.external from ovn networks
- api: Adds network_ovn_external_routes_remove extension
- lxd/network/driver/ovn: Fix project restricted subnets check in validateExternalSubnet
- lxd/images: Fixes ineffectual assign warning
- lxd/resources/usb: Fixes ineffectual assign warning
- lxd/storage/drivers/driver/lvm/volumes: Fixes ineffectual assign warning
- lxd/instance: Use project aware inst.LogPath() function when clearing log dir in instanceCreateInternal
- lxd/instance/drivers/driver/lxc: Project aware rename of log path in Rename()
- lxd/instance/drivers/driver/qemu: Project aware rename of log path in Rename()
- lxd/instance/drivers/driver/lxc: Makes collectCRIULogFile project log path aware
- lxd/instance/logs: Makes containerLogsGet project aware
- lxd/main/init/interactive: Clarifies question about using an existing empty disk
- lxd/network/driver/bridge: Sets ipv4.nat=true when adding a new fan network with fan.underlay_subnet=auto
- lxd/patches: Adds patchNetworkFANEnableNAT to set ipv4.nat=true for fan networks missing the setting
- doc/networks: Clarifies comment defaults for bridge ipv4.nat when not specified during creation
- lxd/seccomp: Fix go vet
- lxd/instance: Add Architecture to common
- lxd/devices: Disable USB on s390x
- add new "restarted" event to reboot section of onStop in both lxc and qemu
- tests: Fix missing clustering cleanup
- lxd/storage/zfs: Properly recurse delete volumes
- tests: Fix cleanup in backup
- lxd/storage/backend/lxd: b.driver.UnmountVolume usage
- lxd/instance/drivers/driver/lxc: Moves log rotate and mount before devices start in startCommon
- lxd/storage/drivers/interface: Adds keepBlockDev arg to UnmountVolume
- lxf/storage/drivers/volume: v.driver.UnmountVolume usage
- lxd/storage/drivers/volume: Adds keepBlockDev arg to UnmountTask
- lxd/storage/drivers/utils: Passes true for keepBlockDev arg to UnmounTask in shrinkFileSystem
- lxd/storage/drivers/generic/vfs: d.UnmountVolume usage
- lxd/storage/drivers/drivers/mock: Adds keepBlockDev arg to UnmountVolume
- lxd/storage/drivers/driver/btrfs/volumes: Adds keepBlockDev arg to UnmountVolume
- lxd/storage/drivers/driver/dir/volumes: Adds keepBlockDev arg to UnmountVolume
- lxd/storage/drivers/driver/cephfs/volumes: Adds keepBlockDev arg to UnmountVolume
- lxd/storage/drivers/driver/lvm/volumes: UnmountVolume usage
- lxd/storage/drivers/driver/lvm/volumes: Adds keepBlockDev arg to UnmountVolume
- lxd/storage/drivers/driver/lvm/volumes: UnmountTask usage
- lxd/storage/drivers/driver/ceph/volumes: d.UnmountVolume usage
- lxd/storage/drivers/driver/ceph/volumes: Adds keepBlockDev arg to UnmountVolume
- lxd/storage/drivers/driver/zfs/volumes: Adds keepBlockDev arg to UnmountVolume
- lxd/storage/drivers/driver/zfs/volumes: d.UnmountVolume usage
- lxd/device/config/devices/sort: Sort disks between nics and other types of devices
- lxd/device/config/devices/sort: Comment improvement
- lxd/instance/drivers: Device lifecycle logging improvements
- lxd/instance/drivers: Stop devices in reverse order to how they were started
- lxd/instance/drivers/driver/lxc: Only use postStartHooks var where actually needed
- lxd/instance/drivers/driver/qemu: Adds log rotation to Start
- lxd/storage/zfs: Fix argument ordering
- lxd/device/config: Add TPMDevice to RunConfig
- lxd/cluster/connect: Renames project arg to projectName in ConnectIfInstanceIsRemote
- lxd/cluster/connect: Adds projectName arg to ConnectIfVolumeIsRemote
- lxd/response: Adds projectName argument to forwardedResponseIfVolumeIsRemote
- lxd/storage/volumes: forwardedResponseIfVolumeIsRemote projectName argument usage
- lxd/db/storage/volumes: Corrects mispelled argument name in GetStorageVolumeNodeAddresses
- lxc/move: Bypass security.protection.delete
- lxd/device: Add TPM device type
- lxd/db: Add device type "tpm"
- lxd/instance/drivers: Support TPM devices in VMs
- lxd/device: Fix typo
- api: Add tpm_device_type API extension
- doc: Add tpm device
- test: Add TPM device
- doc/instances: usb and gpu are available in VMs
- doc/instances: Add missing header in usb device
- extract restart logic to new instance interface function of lxc and qemu
- scripts/bash: Fix snap handling
- extract common restart code to driver_common.go
- lxd/storage: Rename RunningSnapshotFreeze to RunningCopyFreeze
- lxd/storage: Ensure source is frozen during copy
- lxd/instance/drivers: Write out updated backup.yaml after rename
- lxd: Switch to new candid URL
- lxd/storage/zfs: No need to remove dashes from UUID
- shared: Drop GroupId and UserId
- lxd: Port to os/user
- lxd/daemon: Log protocol
- lxd/daemon: Pass writer to Authenticate
- lxd/daemon: Record username on unix queries
- lxd/storage: Lock during the whole image replace
- lxd/db/errors: Adds ErrNoClusterMember var used to indicate no cluster member has been found for a resource
- lxd/db/storage/volumes: Modifies GetStorageVolumeNodeAddresses to detect volumes that are not bound to a single node
- lxd/db/storage/volumes: Removes StorageVolumeIsAvailable
- lxd/response: Updates forwardedResponseIfVolumeIsRemote to accept poolName rather than poolID
- lxd/storage/volumes: forwardedResponseIfVolumeIsRemote usage
- lxd/storage/volumes/backup: forwardedResponseIfVolumeIsRemote usage
- lxd/storage/volumes/snapshot: forwardedResponseIfVolumeIsRemote usage
- lxd: Replace use of tx.GetProject with cluster.GetProject
- lxd/project/project: Adds StorageVolumeProjectFromRecord function
- lxd/db/instances: Renames and reworks instanceListExpanded to InstanceList
- lxd/db/instances/export/test: Removes unused file
- lxd/db/instances/test: Renames TestInstanceListExpanded to TestInstanceList
- lxd/patches: driver.VolumeTypeNameToDBType usage
- lxd/profiles/utils: Comment on doProfileUpdateContainer for clarity
- lxd/response: cluster.ConnectIfVolumeIsRemote usage
- lxd/storage/drivers/driver/types: Adds VolumeMultiNode field to Info
- lxd/storage/drivers/driver/cephfs: Adds VolumeMultiNode=true to Info struct
- lxd/storage/utils: Renames VolumeTypeNameToType to VolumeTypeNameToDBType
- lxd/storage: VolumeTypeNameToDBType usage
- lxd/storage/utils: Adds VolumeDBTypeToTypeName function
- lxd/storage/utils: Comment consistency
- lxd/storage/utils: Renames and reworks VolumeUsedByRunningInstancesWithProfilesGet to VolumeUsedByInstances
- lxd/storage/utils: Adds VolumeUsedByExclusiveRemoteInstancesWithProfiles function
- lxd/cluster/connect: Reworks ConnectIfVolumeIsRemote to use storagePools.VolumeUsedByExclusiveRemoteInstancesWithProfiles
- lxd/device/disk: storagePools.VolumeUsedByExclusiveRemoteInstancesWithProfiles usage
- lxd/storage/volumes: storagePools.VolumeTypeNameToDBType usage
- lxd/storage/volumes: Updates storagePoolVolumeTypePost to use updated storagePools.VolumeUsedByInstances
- lxd/storage/backend/lxd: Updates UpdateCustomVolume to check for online resize support when resizing
- lxd/storage/backend/lxd: Updates RestoreCustomVolume with VolumeUsedByInstances
- lxd/storage/utils: Removes VolumeUsedByInstancesGet function as not properly project compliant
- lxd/storage/volumes/utils: Replaces storagePools.VolumeUsedByInstancesGet usage with storagePools.VolumeUsedByInstances in storagePoolVolumeUsedByGet
- lxd/device/disk: Replace storagePools.VolumeUsedByInstancesGet usage with storagePools.VolumeUsedByInstances in storagePoolVolumeAttachShift
- lxd/endpoints: Update error string in test
- shared/simplestreams: Record variant
- shared/simplestreams: Fix sorting of images
- lxd/project/project: Updates StorageVolumeProjectFromRecord to not return error (as never populated)
- lxd/project/project: Adds NetworkProjectFromRecord function
- lxd/storage/utils: project.StorageVolumeProjectFromRecord usage
- lxd/network/driver/ovn: Adds NIC external route overlap validation of other OVN external network subnets and OVN NIC external routes
- lxd/device/nic/ovn: Updates ovnNet interface's InstanceDevicePortValidateExternalRoutes to add instance argument
- lxd/device/nic/ovn: d.network.InstanceDevicePortValidateExternalRoutes usage
- lxd/instance/qmp: Merge Go routines
- shared/cancel: Close chDone on failure
- lxd: Only close doneCh on success
- i18n: Update translations from weblate
- lxd/network/driver/ovn: Adds ovnProjectNetworksWithUplink function
- lxd/network/driver/ovn: Updates ovnNetworkExternalSubnets to allow optional filtering of our own network's subnets
- lxd/network/driver/ovn: Updates ovnNICExternalRoutes to optionally filter our own NIC's external routes
- lxd/network/driver/ovn: Updates InstanceDevicePortValidateExternalRoutes to use new functions and signatures
- lxd/network/driver/ovn: Updates Validate to check external subnets dont overlap with other OVN networks or NICs sharing our uplink
- lxd/network/openvswitch/ovn: Return ErrOVNNoPortIPs in LogicalSwitchPortSetDNS when no port IPs found
- lxd/network/driver/ovn: Retry LogicalSwitchPortSetDNS up to 5 times to avoid missing dynamic IP allocation by OVN
- exec: make sure to only use TIOCGPTPEER if available
- lxd/instance/drivers: Change memory backend
- lxd/instance/drivers: Add virtio-fs config drive template
- lxd/instance/drivers: Handle virtio-fs config drive
- lxd/instance/drivers: Add system unit file for virtio-fs config drive
- lxd/device/disk: Support virtio-fs
- lxd/device/disk: Handle alternative virtfs-proxy-helper location
- lxd-agent: Prefer virtio-fs over 9p
- lxd/instances: Fix virtiofsd for config drive
- lxd/instance/drivers: Issue warning if virtiofsd is missing
- lxd/device: Issue warning if virtiofsd is missing
- lxd/instance/drivers: Fix lxd-agent systemd unit conditions
- lxd/storage: Only freeze if not frozen
- lxd/device/sriov: Harden calls to ip link vf
- api: Add storage_zfs_clone_copy_rebase extension
- doc/storage: Allow 'rebase' in zfs.clone_copy
- lxd/storage: Allow 'rebase' as value for zfs.clone_copy
- lxd/storage/zfs: Add support for clone_copy rebase
- lxd/qmp: Ensure checkbuffer is called
- lxd/network/driver/ovn: Adds support for using uplink bridge using bridge.driver=openvswitch
- lxd/virtiofs: Fix handling of config drive
- lxd/storage/lvm: Properly make lvm.thinpool_name node-specific
- lxd/instance/drivers/driver/qemu: Call MountInstanceSnapshot when mounting vm snapshots
- lxd/instance/drivers/driver/qemu: Ensure consistent mount state when restoring snapshot irrespective of whether instance was running
- lxd/instance/drivers/driver/lxc: Ensure consistent mount state when restoring snapshot irrespective of whether instance was running
- lxd/storage/drivers/volume: Comment clarification
- lxd/storage/drivers/driver/zfs/volumes: Only resurrect deleted image volume if same size in CreateVolume
- lxd/storage/drivers/driver/zfs/volumes: Improved logging
- lxd/storage/drivers/driver/zfs/volumes: Return ErrNotSupported in SetVolumeQuota when trying to resize an image block volume
- lxd/storage/drivers/driver/ceph/volumes: Only resurrect deleted image volume if same size in CreateVolume
- lxd/storage/drivers/driver/ceph/volumes: Improves logging in CreateVolume
- lxd/storage/drivers/driver/ceph/volumes: Don't allow image volume size in SetVolumeQuota
- lxd/storage/backend/lxd: Adds size to logging in SetInstanceQuota
- lxd/storage/backend/lxd: Update EnsureImage to resize/regenerate optimized image volumes if existing volume is different size than pool's volume.size setting
- lxd/storage/backend/lxd: Updates CreateInstanceFromImage to detect ErrCannotBeShrunk and create one-off non-optimized volume for instance
- lxd/storage/drivers/driver/ceph/utils: Updates getRBDMappedDevPath to allow control of mapping
- lxd/storage/drivers/driver/ceph/utils: d.rbdUnmapVolumeSnapshot on one line
- lxd/storage/drivers/driver/ceph/volumes: d.getRBDMappedDevPath usage
- lxd/storage/utils: Makes InstanceDiskBlockSize snapshot aware
- lxd/storage/drivers/driver/ceph/volumes: Removes extraneous comment
- lxd/storage/drivers/driver/ceph/volumes: Activate volume before genericVFSMigrateVolume in MigrateVolume
- lxd/storage/pool/interface: Adds MountInfo struct
- lxd/storage/pool/interface: Return MountInfo from MountInstance and MountInstanceSnapshot
- lxd/storage/backend/lxd: Populate MountInfo with OurMount and DiskPath in MountInstance
- lxd/storage/backend/lxd: Unexports getInstanceDisk
- lxd/storage/backend/lxd: Populates OurMount and DiskPath in MountInstanceSnapshot
- lxd/storage/utils: Updates InstanceDiskBlockSize to use MountInfo
- lxd/storage/backend/mock: Interface changes
- lxd/instance: Updates instanceCreateAsSnapshot to use MountInfo
- lxd/patches: Updates to use MountInfo
- lxd/instance/drivers/driver/lxc: Updates mount to return MountInfo and usage
- lxd/instance/drivers/driver/qemu: Updates mount to return MountInfo and usage
- lxd/storage/drivers/generic/vfs: Adds genericVolumeDiskFile constant for excluding generic disk block files
- lxd/storage/drivers/generic/vfs: Avoid using d.GetVolumeDiskPath in genericVFSMigrateVolume
- lxd/storage/drivers/generic/vfs: Use genericVolumeDiskFile in genericVFSGetVolumeDiskPath
- lxd/storage/drivers/driver/ceph/utils: Add logging to rbdMapVolume and rbdUnmapVolume
- lxd/storage/drivers/driver/ceph/utils: Updates getRBDMappedDevPath to support snapshots
- lxd/storage/drivers/driver/ceph/volumes: Updates MountVolume to return ourMount for block volumes
- lxd/storage/drivers/driver/ceph/volumes: Updates UnmountVolumeSnapshot to handle block volumes
- lxd/storage/drivers/driver/ceph/volumes: Renames RBDDevPath to devPath
- lxd/storage/utils: Improves logging and uses size value from vol.ConfigSizeFromSource in ImageUnpack
- lxd/storage/backend/lxd: Improves logging in CreateInstanceFromImage
- lxd/storage/backend/lxd: Improves logging and uses imgVol.ConfigSizeFromSource in EnsureImage
- doc/instances: Rephrase limits.memory.swap
- doc/instances: Typo fix
- lxd/storage: Use same defaults as "lxd init"
- lxd/instance/drivers/driver/qemu: Converts all supplied memory byte values to mebibytes for comparison
- lxd/rbac: Fix URL encoding
- lxd/cgroup: Fix V2 detection/handling
- lxd/cgroup: Add file read/writer
- lxd/cgroup: Fix controller detection
- lxd/cgroup: Add cpuset functions
- lxd/cgroup: Fix warning wording
- lxd/devices: Drop old workaround
- lxd/devices: Port to cgroup package
- lxd/instance: Replace CGroupGet/CGroupSet
- lxd/devices: Update to use cgroup abstraction
- lxd/cgroup: Implement proper typing
- lxd/cgroup: Change ParseCPU to return int64
- lxd/instance/lxc: Update for cgroup function changes
- lxd/cgroup: Improve naming
- lxd/instance: Update for new naming
- lxd/cgroup: Add V2 for GetBlkioWeight and SetBlkioWeight
- lxd/device: Move disk priority back to lxc
- lxd/cgroup: Fix get blkio weight
- lxd/cgroup: Add abstraction for SetBlkioLimit
- lxd/device: Port disk limits to abstraction
- lxd/db/storage/volumes: Adds workaround for old remote volume schema in GetStorageVolumeNodeAddresses
- lxd/db/storage/volumes: Renames GetStorageVolumeNodeAddresses to GetStorageVolumeNodes
- lxd/cluster/connect: Updates ConnectIfVolumeIsRemote to use tx.GetStorageVolumeNodes
- lxd/db/storage/volumes/test: Updates test for TestGetStorageVolumeNodes
- lxd/storage/utils: Updates VolumeUsedByInstances to accept an api.StorageVolume arg
- lxd/storage/utils: Updates VolumeUsedByExclusiveRemoteInstancesWithProfiles to use an api.StorageVolume arg
- lxd/storage/volumes/utils: Updates storagePoolVolumeUsedByGet to accept an api.StorageVolume arg
- lxd/cluster/connect: Updates ConnectIfVolumeIsRemote to use VolumeUsedByExclusiveRemoteInstancesWithProfiles with vol arg
- lxd/device/disk: Updates validateConfig to use storagePools.VolumeUsedByExclusiveRemoteInstancesWithProfiles with vol arg
- lxd/device/disk: Updates storagePoolVolumeAttachShift to use storagePools.VolumeUsedByInstances with vol arg
- lxd/storage/backend/lxd: Updates UpdateCustomVolume to use VolumeUsedByInstances with vol arg
- lxd/storage/backend/lxd: Updates RestoreCustomVolume to use VolumeUsedByInstances with vol arg
- lxd/storage/volumes: storagePoolVolumeUsedByGet usage
- lxd/storage/volumes: Updates storagePoolVolumeTypePost to use storagePools.VolumeUsedByInstances with a vol arg
- lxd/storage/volumes: Use db.StoragePoolVolumeTypeName constants
- lxd/storage/volumes: Updates storagePoolVolumeTypeGet to use storagePoolVolumeUsedByGet with a vol arg
- lxd/storage/volumes: Updates storagePoolVolumeTypeDelete to use storagePoolVolumeUsedByGet with a vol arg
- lxd/storage/volumes/snapshots: storagePoolVolumeUsedByGet usage
- lxd/storage/volumes/utils: Removes storagePoolVolumeAPI constants and converter functions
- lxd/patches: Recreates patchStoragePoolVolumeAPI constants and function for historical patches
- lxd/storage/volumes: Simplifies volume type in URL in storagePoolVolumes routes
- lxd/storage/volumes/snapshot: Simplifies volume type in URL generation
- lxd/storage/volumes: Updates storagePoolVolumeTypePostRename args
- lxd/storage/volumes: Removes unnecessary var init in storagePoolVolumeTypePostMove
- lxd/storage/drivers/driver/ceph/volumes: Fix rbd device leak in RenameVolume
- lxd/storage/drivers/generic/vfs: Use revert package in genericVFSRenameVolume
- lxd/storage/utils: Adds matching of instances on same node as local volume in VolumeUsedByInstances
- lxd/storage/volume: Removes need for loading storage volume when doing lxc storage volume attach
- lxd/device/disk: Reject path property for block disk devices
- lxd/storage/utils: Renames VolumeUsedByInstanceDevices and passes usedByDevices into callback function
- lxd/device/disk: storagePools.VolumeUsedByInstanceDevices usage
- lxd/storage/backend/lxd: VolumeUsedByInstanceDevices usage
- lxd/storage/utils: VolumeUsedByInstanceDevices usage
- lxd/storage/volumes/utils: storagePools.VolumeUsedByInstanceDevices usage
- lxd/storage/volumes: storagePools.VolumeUsedByInstanceDevices usage
- lxd/storage/volumes: Updates storagePoolVolumeTypePost to use updated storagePoolVolumeTypePostRename and storagePoolVolumeTypePostMove
- lxd/storage/volumes: Updates storagePoolVolumeTypePostRename to use updated storagePoolVolumeUpdateUsers
- lxd/storage/volumes: Updates storagePoolVolumeTypePostMove to use updated storagePoolVolumeUpdateUsers
- lxd/instance/drivers/driver/lxc: Removes common function LocalDevices implemented in LXC driver
- lxd/db/instances: Better errors in InstanceList
- lxd/storage/utils: Adds VolumeUsedByProfileDevices function
- lxd/storage/utils: Removes unused volume name matching logic in VolumeUsedByInstanceDevices
- lxd/storage/volumes/utils: Updates storagePoolVolumeUpdateUsers to use storagePools.VolumeUsedByProfileDevices and storagePools.VolumeUsedByInstanceDevices
- lxd/storage/volumes/utils: Updates storagePoolVolumeUsedByGet to use storagePools.VolumeUsedByProfileDevices
- lxd/storage/volumes/utils: Golint suggestions in storagePoolVolumeUsedByGet
- lxd/cluster/connect: Removes CLI command flag in error response in ConnectIfVolumeIsRemote
- lxd/db/storage/pools/test: Initialise db.StorageRemoteDriverNames in db_test package
- lxd/db: Removes duplicated db.StorageRemoteDriverNames init from tests
- lxd/locking/lock: Adds UnlockFunc type and updates Lock() signature
- lxd/storage/drivers/utils: Extends OperationLockName to take into account content type.
- lxd/storage/drivers/volume: Adds MountLock function
- lxd/storage/drivers/driver/lvm/utils: drivers.OperationLockName usage
- lxd/storage/backend/lxd: drivers.OperationLockName usage
- lxd/storage/drivers: Adds mount and unmount locking
- lxd/storage/drivers/volume: Removes locking from MountTask and UnmountTask
- lxd/instance/drivers/driver/lxc: Stop devices in two phases
- lxd/device/disk: Removes workaround for ceph disks now that disks are stopped after instance is stopped
- doc/rest-api: auth property is never set to guest
- lxd/apparmor: Workaround socket handling
- lxd/storage: Expand local config
- lxd/cgroup: Fix swap limits
- lxd/instance/lxc: Fix crash in cgroup function
- lxc/snapshot: Add reuse option
- lxc/storage: Add reuse option to snapshot
- i18n: Update translation templates
- lxd/instance: Removes instanceConfigureInternal
- lxd/instance: Replace instanceConfigureInternal usage with update backup file which was only relevant part
- lxd/storage/backend/lxd: Adds log to CreateInstanceFromMigration showing if migration volume size header not sent
- lxd/cgroup: Support SetCPUShare on V2
- lxd/cgroup: Implement SetCPUCfsLimit for V2
- lxd/instance/lxc: Port to SetCPUCfsLimit
- lxd/cgroup: Support CGroup V2 in ParseCPU
- lxd-agent: Don't allow connections when rebooting
- i18n: Update translations from weblate
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.7 リリースのお知らせ¶
16th of October 2020
はじめに ¶
LXD チームは LXD 4.7 のリリースをお知らせできることにとてもワクワクしています!
このリリースには、VM でとても歓迎すべきいくつかの改良(USB と Live メモリのアップデート)、バックアップ機能の充実、OVN 仮想ネットワークを使う場合の多数の改良が含まれています。
Enjoy!
新機能とハイライト ¶
カスタムストレージボリュームのバックアップ(export/import) ¶
新たにカスタムボリュームに対する backup API が追加されました。これにより、cli で lxc storage volume export と lxc storage volume import が使えるようになりました。
stgraber@castiana:~$ lxc storage volume create default foo Storage volume foo created stgraber@castiana:~$ lxc storage volume export default foo Backup exported successfully! stgraber@castiana:~$ lxc storage volume delete default foo Storage volume foo deleted stgraber@castiana:~$ lxc storage volume import default backup.tar.gz stgraber@castiana:~$ lxc storage volume list default +----------------------------+------------------------------------------------------------------+-------------+--------------+---------+ | TYPE | NAME | DESCRIPTION | CONTENT TYPE | USED BY | +----------------------------+------------------------------------------------------------------+-------------+--------------+---------+ | container | lxd-build | | filesystem | 1 | +----------------------------+------------------------------------------------------------------+-------------+--------------+---------+ | container | lxd-build-focal | | filesystem | 1 | +----------------------------+------------------------------------------------------------------+-------------+--------------+---------+ | container | steam | | filesystem | 1 | +----------------------------+------------------------------------------------------------------+-------------+--------------+---------+ | custom | backups | | filesystem | 1 | +----------------------------+------------------------------------------------------------------+-------------+--------------+---------+ | custom | foo | | filesystem | 0 | +----------------------------+------------------------------------------------------------------+-------------+--------------+---------+ | custom | images | | filesystem | 1 | +----------------------------+------------------------------------------------------------------+-------------+--------------+---------+
別の名前でのインスタンスのインポート ¶
ついに別の名前でインスタンスのバックアップをインポートできるようになりました!
stgraber@castiana:~$ lxc init images:alpine/edge a1 Creating a1 stgraber@castiana:~$ lxc export a1 Backup exported successfully! stgraber@castiana:~$ lxc import backup.tar.gz a2 stgraber@castiana:~$ lxc list a +------+---------+------+------+-----------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +------+---------+------+------+-----------+-----------+ | a1 | STOPPED | | | CONTAINER | 0 | +------+---------+------+------+-----------+-----------+ | a2 | STOPPED | | | CONTAINER | 0 | +------+---------+------+------+-----------+-----------+
仮想マシンのメモリの圧縮(と再増加) ¶
仮想マシン内のバルーンデバイスを制御できるようになりました。メモリ容量を縮小させ、その後で再度前の制限にまで戻すことができるようになりました(さらなるメモリの追加にはリブートが必要です)。
stgraber@castiana:~$ lxc config show ubuntu-desktop | grep memory
limits.memory: 2GiB
stgraber@castiana:~$ lxc exec ubuntu-desktop -- free -m
total used free shared buff/cache available
Mem: 1983 437 822 7 722 1386
Swap: 448 0 448
stgraber@castiana:~$ lxc config set ubuntu-desktop limits.memory 1500MiB
stgraber@castiana:~$ lxc exec ubuntu-desktop -- free -m
total used free shared buff/cache available
Mem: 1435 436 276 7 722 840
Swap: 448 0 448
stgraber@castiana:~$ lxc config set ubuntu-desktop limits.memory 2GiB
stgraber@castiana:~$ lxc exec ubuntu-desktop -- free -m
total used free shared buff/cache available
Mem: 1983 437 822 7 722 1387
Swap: 448 0 448
stgraber@castiana:~$
仮想マシンに対する USB デバイスのパススルー ¶
usb デバイスタイプが仮想マシンで使えるようになりました。
新しいデバイスを追加するには再起動が必要な点をのぞいては、コンテナと全く同じように動作します。
さらに、3 つの仮想ポートが LXD の VM に接続されており、lxc console --type=vga を使って、リモートの USB デバイスへのリダイレクションが使えます。
マイグレーション時の rsync 圧縮が設定可能に ¶
新たに真偽値の rsync.compression オプションがストレージプールに対して追加されました。
これにより、ネットワークが充分に高速でボトルネックにならず、圧縮が原因で CPU 使用率が問題となるような場合に、マイグレーション操作中の rsync 圧縮を無効にできるようになりました。
プロジェクトのネットワークで使えるアップリンクの制限 ¶
OVN ネットワーク機能を有効にしたプロジェクトを使っている場合、仮想マシンが使うアップリンクネットワークを制限できるようになりました。
アップリンクネットワークがひとつだけの場合、ユーザーが指定しなくても LXD は自動的にそのネットワークを使います。
これはプロジェクトに新たに追加された restricted.networks.uplinks オプションで行います。
新たに追加された管理 physical ネットワークタイプ ¶
新たに physical ネットワークタイプが追加されました。これは、現時点では OVN ネットワークに対するアップリンクとしてのみ使えます。設定には OVN ネットワークで使える IP アドレスのセットと、ゲートウェイ、DNS サーバが含まれています。
stgraber@castiana:~$ lxc network create external parent=eth0 ipv4.gateway=172.17.0.1/24 ipv4.ovn.ranges=172.17.0.100-172.17.0.150 dns.nameservers=1.1.1.1 --type=physical Network external created stgraber@castiana:~$ lxc network list +----------+----------+---------+----------------+---------------------------+-------------+---------+ | NAME | TYPE | MANAGED | IPV4 | IPV6 | DESCRIPTION | USED BY | +----------+----------+---------+----------------+---------------------------+-------------+---------+ | eth1 | physical | NO | | | | 0 | +----------+----------+---------+----------------+---------------------------+-------------+---------+ | external | physical | YES | | | | 0 | +----------+----------+---------+----------------+---------------------------+-------------+---------+ | lxdbr0 | bridge | YES | 10.166.11.1/24 | fd42:4c81:5770:1eaf::1/64 | | 15 | +----------+----------+---------+----------------+---------------------------+-------------+---------+ | virbr0 | bridge | NO | | | | 0 | +----------+----------+---------+----------------+---------------------------+-------------+---------+ | wlan0 | physical | NO | | | | 0 | +----------+----------+---------+----------------+---------------------------+-------------+---------+
OVN ネットワークでの外部ルーティングアドレス・サブネットのサポート ¶
新たな設定キー ipv4.routes.external と ipv6.routes.external を使って、外部の IP アドレスとサブネットを OVN ネットワーク上で実行中のインスタンスにルーティングできるようになりました。
プロジェクト設定の新たな restricted.networks.subnets キーと一緒に使用して、まずは外部の IPv4/IPv6 サブネットのセットを特定のプロジェクトに委任し、そのプロジェクト内でそれらのアドレスをインスタンスにルーティングできます。
すべての変更点(翻訳なし) ¶
このリリースでの完全な変更点のリストは次のとおりです:
- lxd/cluster: Changing "no heartbeat" language in membership.go "no heartbeat since
" changed to "no heartbeat for " - lxd/apparmor: Allow unix sockets binding
- doc/server: Fix escaping
- doc/server: Sort config keys
- lxd/backup: Adds WorkingDirPrefix constant
- lxd: backup.WorkingDirPrefix usage
- lxd/backup: Updates backupCreate to store backups in backups/instances
- lxd/backup: Updates Rename to support new backup location
- lxd/backup: Rename comment ending
- lxd/backup: Updates DoBackupDelete to handle new backup location
- lxd/backup: DoBackupDelete comment ending
- lxd/instance/backup: Updates containerBackupExportGet to support new backup location
- lxd/patches: Adds patchMoveBackupsInstances to move backups into backups/instances dir
- lxd/sys/fs: Adds backups/custom and backups/instances to initDirs()
- lxd/network/driver/ovn: Improve error message when parent 'network' option not specified
- lxd/network/network/interface: Adds Type interface and moves non-DB depedent functions into it
- lxd/network/network/load: Adds LoadByType function and removes ValidateNameAndProject function
- lxd/main/init/interactive: netType.ValidateName usage
- lxd/networks: Switch to network type validation in networksPost
- lxd/networks: Use ValidateName function on loaded DB network in networkPost
- lxd/network/network/interface: Exports FillConfig
- lxd/network/network/load: Removes FillConfig function
- lxd/networks: netType.FillConfig usage
- lxd/network/driver/common: Exports FillConfig
- lxd/network/driver/bridge: FillConfig usage
- lxd/network/driver/ovn: FillConfig usage
- lxd/network/driver/common: Removes common Type() and netType
- lxd/network: Adds Type() to each driver
- lxd/db/errors: Updates ErrAlreadyDefined text to be generic
- lxd/network/network/interface: Adds DBType function
- lxd/network/driver: Implements DBType()
- lxd/network/driver: Adds NodeSpecificConfig Info var
- lxd/networks: netType.DBType usage in networksPost
- lxd/networks: Create pending network node entries when network driver doesn't support per node config in networksPost
- lxd/networks: Comments in networksPostCluster
- lxd/networks: Comments in networkGet
- lxd/networks: Start parent networks before dependents in networkStartup
- lxd: Ensure all use of db.InstanceFilter defines instance type
- lxd/project/permissions: Fixes AllowInstanceCreation tests
- lxd/project/permissions: Error quoting
- api: Add projects_networks
- doc/storage: no need to escape underscore in bash examples
- seccomp: fix bpf support detection
- seccomp: improve bpf support detection
- shared/validate: Use ParseUint in IsNetworkMTU
- lxd/device/device/utils/network: Change argument for NetworkSetDevMTU to uint32
- lxd/device/device/utils/network: NetworkSetDevMTU usage
- lxd/network/network/utils: Changes GetDevMTU to return uint32
- lxd/network/openvswitch/ovs: Adds OVNEncapIP function
- lxd/network/driver/ovn: Removes ovnGeneveTunnelMTU constant
- lxd/network/network/utils/ovn: Removes OVNInstanceDeviceMTU function
- lxd/network/driver/ovn: Updates getBridgeMTU() to not depend on ovnGeneveTunnelMTU
- lxd/network/driver/ovn: Adds getOptimalBridgeMTU and getUnderlayInfo functions
- lxd/network/driver/ovn: Updates setup to generate an optimal bridge.mtu setting if not specified manually
- lxd/device/nic/ovn: Read mtu directly from parent network config bridge.mtu setting
- doc/projects: Sort config keys
- lxd/networks: Enforces manage-networks RBAC permission for managing networks
- lxd/network: Only adding pseudo pending node records when in cluster in networksPost
- lxd/project/permissions: Typo
- lxd/db/cluster/open: Adds features.networks to default project on new database
- lxd/storage/cephfs: Fix quota on new volumes
- lxd/networks: Allow network deletion in projects
- lxc/remote: Add project selection logic
- i18n: Update translation templates
- lxd/network: Removes client side default network type when creating network
- lxd/networks: Default to ovn network type when creating non-default network project
- lxd/network: Removes client side default network type when creating network
- lxd/networks: Default to ovn network type when creating non-default network project
- api: Adds projects_networks_restricted_uplinks extension
- doc/projects: Adds restricted.networks.uplinks
- lxd/networks: Updates doNetworkUpdate to use n.Validate so that project is available to validator
- lxd/network/network/load: Removes unused Validate
- lxd/network/network/load: Renames project arg to projectName for clarity
- lxd/api/project: Adds restricted.networks.uplinks to validation
- lxd/network/driver/ovn: Adds allowedUplinkNetworks function
- lxd/network/driver/ovn: Enforce project restricted.networks.uplinks setting
- lxd/instances: Fix ceph cluster target move
- lxd/cgroup: Fix memory.swappiness detection
- lxd/db: Adds boolean support to doDbQueryScan
- lxd/sys/fs: initDirs comment
- lxd/sys/fs: Removes backups/instances and backups/custom from pre-storage mount setup
- lxd/sys/fs: initDirs error quoting
- lxd/sys/fs: Adds initStorageDirs to be called after storage pools and daemon volumes are mounted
- lxd/sys/os: Adds InitStorage
- lxd/daemon: Call d.os.InitStorage after daemon storage volumes are mounted
- lxd/backup/instance/config: Renames InstanceConfig to Config
- lxd/backup/backup/config: Makes Config fields omitempty so custom volume's encoded yaml doesn't contain instance fields
- lxd/backup/backup/config: Adds comment to Container field explaining that VM backups use this too
- lxd/storage/pool/interface: backup.Config usage
- lxd/api/internal: backup.ParseConfigYamlFile usage
- lxd/storage/backend: backup.Config usage
- lxd/backup: Moves Instance interface into own file
- lxd/backup: Moves Info struct and GetInfo function into own file
- lxd/backup: Renames backup to backup_common
- lxd/backup/backup/common: Renames Backup to BackupCommon
- lxd/backup/backup/instance: Adds InstanceBackup using CommonBackup as basis
- lxd/backup: Changes pruneExpiredContainerBackups to use InstanceBackup.Delete() function
- lxd/instance/instance/utils: backup.InstanceBackup usage
- lxd/instance/instance/interface: backup.InstanceBackup usage
- lxd/instance/drivers: backup.InstanceBackup usage
- lxd/rbac: Avoid tight retry loop
- lxd/rbac: Directly handle re-tries on 504
- lxd/backup/backup/utils: Adds TarReader function
- lxd/backup/backup/info: Changes Type field from api.InstanceType to Type
- lxd/backup/backup/info: Updates GetInfo to use TarReader
- lxc/backup: Updates backupWriteIndex to use backup.Type
- lxd/backup/backup/info: GetInfo consistent comment endings
- lxd/backup/backup/info: Updates GetInfo to support backup.Type
- lxd/db/backups: InstanceBackup comment
- lxd/db/backups: projectName argument renaming
- lxd/db/storage/volumes: Set Snapshot: true in StorageVolumeArgs returned from GetLocalStoragePoolVolumeSnapshotsWithType
- lxd/instance: Spacing
- lxd/storage/drivers/driver/btrfs/utils: Switches to backup.TarReader
- lxd/storage/drivers/driver/btrfs: Consistent comment ending
- lxd/storage/drivers/driver/zfs/volumes: consistent comment ending
- lxd/storage/drivers/generic/vfs: Consistent comment ending
- lxd/backup/backup/info: Adds note about legacy container.bin optimized type check
- lxd/backup/backup/instance: Fix old parent directory removal in InstanceBackup.Rename()
- lxd/backup/backup/config: Adds VolumeSnapshots to Config struct
- lxd/backup/backup/info: Adds Config field to Info struct
- lxd/backup/backup/info: Adds TypeCustom backup type for custom volumes
- lxd/backup/backup/volume: Adds custom volume type
- lxd/storage/volumes/backup: Adds custom volume backup route handlers
- client/interfaces: Add custom volume backup functions
- client/interfaces: Adds StoragePoolVolumeBackupArgs struct
- client/lxd/storage/volumes: Add custom volume backup functions
- api: Adds custom_volume_backup extension
- doc/rest-api: Documents custom volume backup routes
- lxc/storage/volumes: Add import and export for custom volumes
- lxd/backup: Adds volumeBackupCreate and volumeBackupWriteIndex functions
- lxd/api/1/0: Registers custom volume backup route handlers
- lxd/db/backups: Adds StoragePoolVolumeBackup type
- lxd/db/backups: Adds custom volume backup lifecycle functions
- lxd/db/cluster: Adds storage_volumes_backups table
- lxd/db/operations/types: Adds custom volume backup operations types
- lxd/db/storage/volume/snapshots: Adds GetStorageVolumeSnapshotsNames function
- lxd/storage/backend: Adds BackupCustomVolume and CreateCustomVolumeFromBackup functions
- lxd/storage/backend/lxd: Renames custom volume backups in RenameCustomVolume
- lxd/storage/backend/lxd: Deletes custom volume backups in DeleteCustomVolume
- lxd/storage/drivers/driver/btrfs/volumes: Adds support for optimized custom volume backups
- lxd/storage/drivers/driver/dir/volumes: Adds support for custom volume backups nil post hooks
- lxd/storage/drivers/driver/zfs/volumes: Adds support for optimized custom volume backups
- lxd/storage/drivers/driver/zfs/volumes: Adds support for custom volume backups nil post hooks
- lxd/storage/drivers/generic/vfs: Adds support for custom volume backups to genericVFSBackupVolume
- lxd/storage/drivers/generic/vfs: Adds support for custom volume backups to genericVFSBackupUnpack
- lxd/storage/pool/interface: Adds BackupCustomVolume and CreateCustomVolumeFromBackup
- lxd/storage/volume: Adds createStoragePoolVolumeFromBackup and hook in storagePoolVolumesTypePost
- lxd/storage/volumes/utils: Adds storagePoolVolumeBackupLoadByName function
- shared/api/storage/pool/volume: Adds custom volume backup structs
- test/suites/backup: Adds tests for custom volume backups
- i18n: Update translation template
- i18n: Update translations from weblate
- lxc: Always use HostPathFollow
- lxd/storage/drivers/generic/vfs: Fixes custom volume root dir ownership issue in genericVFSBackupUnpack
- test/suites/backup: Use project argument in test_backup_import_with_project
- test/suites/backup: Use project argument in test_backup_export_with_project
- test/suites/backup: Use project argument in test_backup_volume_export_with_project
- test/suites/backup: Adds test for backup import into different project in test_backup_import_with_project
- test/suites/backup: Comment consistency
- test/suites/backup: Add test for custom volume import
- test/suites/backup: Add test for importing custom volume into other project
- lxd/api: Restrict access to daemon config
- lxd/storage: Allow ceph/cephfs for images/backups
- client/interfaces: Adds Name field to InstanceBackupArgs
- client/lxd/instances: Adds custom name restore support to CreateInstanceFromBackup
- lxd/instance/drivers/qmp/monitor: Adds GetBalloonSizeBytes and SetBalloonSizeBytes
- lxd/instance/drivers/driver/qemu: Adds live shrinking of memory
- lxd/devices/config/devices/utils: Adds doc block for deviceEquals and deviceEqualsDiffKeys
- lxd/device/config/devices: Comment clean up
- lxd/device/config/devices: Improves comments and variable naming in Update
- lxd/device/config/devices: Fixes bug in Update where allChangedKeys only contains changed keys from last device
- lxd/instance/drivers/driver/lxc: Whitespace
- lxd/device/config/devices: Handles nil updateFields function in Update
- lxd/instance/drivers/driver/qemu: Removes logic duplication in live update
- lxc/import: Adds optional instance name argument to lxc import command
- lxd/instances/post: Adds custom name support for backup import to createFromBackup
- lxd/instances/post: createFromBackup usage in containersPost for custom backup name restore
- lxd/api/internal: Adds AllowNameOverride to internalImportPost
- lxd/api/internal: Override instance name in internalImport when AllowNameOverride is set
- client/interfaces: Adds Name field to StoragePoolVolumeBackupArgs to bring in line with InstanceBackupArgs
- client/lxd/storage/volumes: Updates CreateStoragePoolVolumeFromBackup to accept volume name override via X-LXD-name header
- lxc/storage/volume: Adds optional volume name argument to lxc storage volume import
- lxd/storage/volumes: Adds volName arg to createStoragePoolVolumeFromBackup
- lxd/storage/volumes: createStoragePoolVolumeFromBackup usage in storagePoolVolumesTypePost
- lxd/storage/backend/lxd: Updates CreateCustomVolumeFromBackup to support custom volume import name
- api: Adds backup_override_name extension
- test/suites/backup: Adds tests for custom volume import name override
- test/suites/backup: Adds instance import name override tests
- i18n: Update translation template
- doc/networks: Simplifies OVN single node setup instructions
- lxd/device/nic/ovn: Improves error message in Start
- lxd/network/driver/ovn: Implements DHCPv4Subnet and DHCPv6Subnet to allow static IPs to be set
- lxd/network/openvswitch/ovn: Fix spelling of OVNIPv6AddressModeDHCPStateful and OVNIPv6AddressModeDHCPStateless values
- lxd/network/driver/ovn: Adds support for ipv6.dhcp.stateful
- doc/networks: Documents ipv6.dhcp.stateful option for OVN networks
- shared/api: Not all disks have a device path
- lxd/resources: Ignore rbd devices
- shared/simplestreams: Fix stream's index download url
- lxd/device/device/interface: Adds NICState interface for getting NIC state
- lxd/device/nic/bridged: Implements NICState interface by adding State function
- lxd/instance/drivers/driver/qemu: Refactors RenderState to support multiple NIC types in the future
- lxd/network/openvswitch/ovn: Adds LogicalSwitchPortDynamicIPs function
- lxd/network/openvswitch/ovn: Updates LogicalSwitchPortSetDNS to use LogicalSwitchPortDynamicIPs
- lxd/network/driver/ovn: Adds instanceDevicePortDynamicIPs function
- lxd/network/network/utils/ovn: Adds OVNInstanceDevicePortDynamicIPs function
- lxd/device/nic/ovn: Implements NICState interface by adding State function
- lxd/instance/drivers/qmp/monitor: Renames GetMemoryBalloonSizeBytes
- lxd/instance/drivers/qmp/monitor: Renames SetMemoryBalloonSizeBytes
- lxd/instance/drivers/qmp/monitor: Adds GetMemorySizeBytes function
- lxd/instance/drivers/driver/qemu: Adds qemuDefaultMemSize constant
- lxd/instance/drivers/driver/qemu: Updates updateMemoryLimit to allow memory resize back to boot time size
- lxd/instance/drivers/driver/qemu: Updates IsRunning to not check for BROKEN state
- lxd/instance/drivers/driver/qemu: Updates statusCode() to detect if monitor failure with running VM
- lxd/apparmor: Allow access to zoneinfo files
- lxd/apparmor: Add /etc/localtime to the list
- lxd/project: Always allow cloud-init:config drives
- doc/image-handling: Cover publishing
- lxd/network/network/utils: Adds GetNeighbourIPs function
- lxd/network/network/utils: Updates GetLeaseAddresses to return only net.IP list
- lxd/device/nic/bridged: Updates State() to return partial data
- refuse empty passwords
- lxd/storage: Adds rsync.compression config key
- doc: Adds rsync.compression
- api: storage_rsync_compression
- tests: Valid rsync.compression
- doc/index: Add libsqlite3-dev back to dependencies
- lxd/firewall/drivers/driver/nftables: Updates nft parser to handle nft sets with composite
typefield - shared/validate/validate: Increases max MTU to 16384 to support super jumbo packets
- lxd/apparmor/forkproxy: Fix bad profile name
- lxd/apparmor/forkproxy: Allow writing to log path
- lxc: Better handle copy/move between projects
- lxd/apparmor: Fix version parsing
- lxd/dnsmasq: Switch to Parse for version parsing
- lxd/firewall/drivers: Fix to Parse for version parsing
- lxd/rsync: Switch to Parse for version parsing
- shared/version: Make patch optional
- lxd/networks: Log error in doNetworksCreate after failed create if cleanup fails too
- lxd/network/driver: Improve missing parent network error message
- lxd/network/driver/ovn: Moves uplink type agnostic parent port allocation logic into allocateParentPortIPs()
- lxd/network/driver/ovn: Better error messages
- lxd/network/driver/ovn: Moves parent port lock into deleteParentPort
- lxd/network/driver/ovn: Moves parent port lock into startParentPort
- lxd/network/driver/ovn: deleteParentPortBridge comments
- lxd/network/driver/ovn: Don't setup SNAT if no external uplink IPs
- lxd/network/driver/ovn: Makes setting up external router port and switch conditional on having external IPs
- lxd/network/driver/ovn: Removes old comment
- lxd/network/driver/ovn: Fix sentence in startParentPortBridge error
- lxd/network/driver/ovn: Fixes error message in setupParentPortBridge
- lxd/network/network/utils: Moves bridge related functions into own file
- static_analysis: exclude vendored headers from spell checking
- static_analysis: exclude .git
- shift_linux: vendor posix_acl_xattr.h
- seccomp: vendor bpf headers
- shares/validate: Whitespace
- lxd/network/openvswitch/ovn: Updates RecursiveDNSServer to be list of IPs
- lxd/network/driver/ovn: Updates allocateParentPortIPs to detect the parent network IP address and DNS settings
- lxd/network/driver/ovn: Updates n.allocateParentPortIPs usage
- lxd/network/driver/ovn: Updates setup IPv6 RDNSS setting
- lxd/apparmor/forkproxy: Socket path fixes
- lxd/images: Fix crash when no "info" struct
- doc/networks: Clarifies use of ovn ranges settings in bridge network
- lxd/util/net: Updates SysctlSet to support setting multiple keys
- shared/validate: Adds IsNetworkAddressList function
- lxd/network/network/utils: Adds VLANInterfaceCreate function
- lxd/device/device/utils/network: network.VLANInterfaceCreate usage
- lxd/device/device/utils/network: Removes NetworkRemoveInterface function
- lxd/network/network/utils: Adds InterfaceRemove and InterfaceExists functions
- lxd/network/network/utils: InterfaceExists usage
- lxd/device/device/utils/network: network.InterfaceRemove usage
- lxd/device/nic: network.InterfaceRemove usage
- lxd/network/driver/bridge: InterfaceExists usage
- lxd/network/driver/ovn: InterfaceExists usage
- lxd/network/network/utils: Adds InterfaceSetMTU function
- lxd/device: network.InterfaceSetMTU usage
- lxd/network/driver/ovn: Inherit MTU from uplink bridge for OVS bridge and connecting veth pair
- lxd/network/driver/ovn: Remove dependency on sysctl command and use util.SysctlSet instead
- lxd/network/driver: Improves comments
- api: Adds network_type_physical extension
- doc/networks: Adds docs for physical network type
- lxd/db/networks: Adds physical network type constant
- lxd/network/driver/physical: Adds physical driver
- lxd/network/driver/ovn: Adds support for physical network as uplink
- lxd/network/driver/physical: Change checkParentUse to return a bool if in use
- lxd/network/driver/ovn: Changes uplink network in use check to look at LXD DB
- lxd/network/driver/ovn: Handle uplink network changing
- lxd/network/driver/ovn: Comment clarity
- lxd/storage/pools: Gives clear error message when trying to create duplicate storage pool in single node
- lxd/events: Validate type
- lxd/events: Prevent logging access to non-admin
- lxd/daemon: Clean shutdown on SIGPWR/SIGTERM
- lxd/operations: Don't directly trigger shutdown
- lxd: Prevent internal cluster migration of instances with backups
- lxd/instance/drivers: Enable USB for VMs
- lxd/instance/drivers: Add USB controller to QEMU config
- lxd/apparmor: Fix devPaths in QEMU profile
- db: Retry transient errors for longer
- db: Always retry driver.ErrBusy, regardless of the error message
- db: Retry failed rollbacks if they are due to transient errors
- db: Explicitly rollback leftover transactions when a new one can't be started
- db: Retry to begin a new transaction after an explicit rollback attempt
- lxd/operations: Fix timeout
- lxd/daemon: Allow more operations during shutdown
- lxd/include: Relocate ifndef for NEWCGROUP
- doc: Remove stray _ escapes in security.md
- lxc-to-lxd: Handle snap better
- lxd/device/usb: Allow USB devices for VMs
- lxd/device: Add bus and dev number to USBEvent
- lxd/apparmor: Allow USB specific paths
- lxd/device/config: Add USBDevice to RunConfig
- lxd/events: Handle default permissiosn in projects
- lxd/dnsmasq: Adds 100ms sleep to successful Kill() to allow sockets to be released by OS
- lxd/instance/drivers/driver/qemu: Restores ability to resize VM disks
- lxd/device/disk: Adds comment about VM instances depending on CanHotPlug fields for stopped disk resize
- lxd/instance/qemu: Fix bad event name
- lxd/storage: Check base image is available locally
- lxd/storage/drivers/driver/lvm: Don't remove empty thinpool and volume group if lvm.vg.force_reuse enabled
- shared/validate/validate: Removes inaccurate comments about optional values
- shared/validate/validate: Adds IsNetwork and IsNetworkList functions
- shared/validate/validate: Re-orders IP validation functions
- lxd/device/nic/ovn: Comment
- doc/api-extensions: Removes mention of "parent" from projects_networks_restricted_uplinks feature
- doc/networks: Switch to "uplink" terminology for external OVN network access
- lxd/network/driver/ovn: Replace parent terminology with uplink
- lxd/network/driver/common: Ban : char from network names in ValidateName()
- lxd/device: Handle USB devices for VMs
- lxd/instance/drivers: Add qemuUSBDev template
- lxd/instance/drivers: Add USB devices to qemu config
- Revert "lxd/instance/drivers: Enable USB for VMs"
- lxd/driver/qemu: Add spice usb ports
- lxd-agent: Fix defer in for loop
- forksyscall: use correct function
- shared/util.go: use string method with stdout and stderr
- simplestreams.go: remove unneeded fmt.Sprintf and simplify getImages()
- lxd/instance/drivers: Updates templateApplyNow to close files at end of each iteration
- lxd/network/network/utils: Adds SubnetContains function
- lxd/network/network/utils: Adds SubnetIterate function
- lxd/network/network/utils: Adds SubnetParseAppend function
- api: Adds network_ovn_external_subnets extension
- doc/networks: Adds ipv4.routes and ipv6.routes settings to physical network
- lxd/network/driver/physical: Adds ipv4.routes and ipv6.routes config keys
- doc/projects: Removes trailing full stop
- doc/projects: Adds restricted.networks.subnets
- lxd/api/project: Adds restricted.networks.subnets config key
- lxd/api/project: Moves projectConfigKeys inside projectValidateConfig and adds state
- lxd/api/project: projectValidateConfig usage
- lxd/api/project: Adds projectValidateRestrictedSubnets function
- lxd/api/project: Adds restricted.networks.subnets validation to projectValidateConfig
- doc/networks: Adds ipv4.routes.external and ipv6.routes.external to ovn networks
- lxd/network/openvswitch/ovn: Adds LogicalRouterRouteDelete function
- lxd/network/openvswitch/ovn: Updates LogicalSwitchPortSetDNS to return IPs used for DNS records
- lxd/network/openvswitch/ovn: Adds LogicalRouterDNATSNATAdd function
- lxd/network/openvswitch/ovn: Adds LogicalRouterDNATSNATDelete function
- lxd/network/openvswitch/ovn: Updates LogicalRouterRouteAdd to support mayExist argument
- lxd/network/network/utils/ovn: Updates OVNInstanceDevicePortAdd to take an externalRoutes argument
- lxd/network/network/utils/ovn: Updates OVNInstanceDevicePortDelete to accept an externalRoutes argument
- lxd/network/driver/ovn: Moves uplink network validation into validateUplinkNetwork function
- lxd/network/driver/ovn: Updates Validate to check network exists and checks external IP routes
- lxd/network/driver/ovn: Adds DNS revert to instanceDevicePortAdd
- lxd/network/driver/ovn: client.LogicalRouterRouteAdd usage
- lxd/network/driver/ovn: Adds externalRoutes support to instanceDevicePortAdd
- lxd/network/driver/ovn: Delete externalRoutes in instanceDevicePortDelete
- forkmount: improve
- seccomp: improve logging for the seccomp notifier
- seccomp: make sure that insertMountLXD() doesn't call into LXC
- lxd/device/nic: Adds ipv4.routes.external and ipv6.routes.external to nicValidationRules
- lxd/device/nic/ovn: Adds support for ipv4.routes.external and ipv6.routes.external
- doc/instances: Adds ovn NIC documentation
- doc/instances: Re-works NIC device docs to explain nictype and network fields
- lxd/network/driver/ovn: Adds support for OVN NIC internal routes
- lxd/network/network/utils/ovn: Adds OVN NIC internal route support to OVNInstanceDevicePortAdd and OVNInstanceDevicePortDelete
- lxd/device/nic/ovn: Adds ipv4.routes and ipv6.routes settings for internal route support
- lxd/network/driver/bridge: Fixes inconsistency between normal bridge and fan bridge default ipv4.nat value
- api: Adds network_ovn_nat extension
- doc/networks: Adds ipv4.nat and ipv6.nat to OVN networks
- lxd/network/driver/ovn: Adds ipv4.nat and ipv6.nat support
- lxd/patches: Adds patchNetworkOVNEnableNAT patch to enable NAT on OVN networks
- i18n: Update translations from weblate
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.6 リリースのお知らせ¶
18th of September 2020
はじめに ¶
LXD チームは LXD 4.6 のリリースをお知らせできることにとてもワクワクしています!
このリリースは短い開発サイクルでしたが、それでもかなり忙しいリリースでした。
このリリースのハイライトは、LXD プロジェクト内にネットワークを置くことができるようになったことに間違いありません。これで共有 LXD 環境内に自前のネットワークが作成できるようになりました。
Enjoy!
新機能とハイライト ¶
プロジェクト内のネットワーク ¶
OVN ネットワークに関するこれまでの作業をもとに、プロジェクト内に新たに features.networks が設定できるようになりました。これによりプロジェクトは OVN ベースで、他のプロジェクトから見えない自身のネットワークを持てるようになりました。
stgraber@castiana:~$ lxc network list +---------+------+---------+-----------------+---------------------------+-------------------------------------+---------+---------+ | NAME | TYPE | MANAGED | IPV4 | IPV6 | DESCRIPTION | USED BY | STATE | +---------+------+---------+-----------------+---------------------------+-------------------------------------+---------+---------+ | default | ovn | YES | 10.187.181.1/24 | fd42:bb2b:e7d1:f3ba::1/64 | Default OVN network for the project | 3 | CREATED | +---------+------+---------+-----------------+---------------------------+-------------------------------------+---------+---------+
この機能を有効にすると、ホストインタフェースと OVN 以外のネットワークは見えなくなり、プロジェクトが直接所有するネットワークだけが残ります。
qemu 用の AppArmor プロファイル ¶
過去のリリースでの色々なサブプロセスに対する AppArmor プロファイルの生成に加えて、このリリースでは LXD 仮想マシンで使う qemu の制約が設定されるようになりました。
このリリースで raw.apparmor を仮想マシンに導入します。これは raw.qemu と同時に使われるときのみ有効です。通常の LXD 設定オプションは LXD が生成したプロファイルによって処理されます(そうでなければバグです)。
Dqlite の変更 ¶
LXD 4.5 をリリースした直後に、dqlite に大きな変更が加えられました。
ファイルシステムへの書き込みをインターセプトして、他のノードへのレプリケーションを行うためのフックを追加した sqlite3 のフォークに頼るのでなく、標準の sqlite3 から VFS アクセスを取得するこれまでとは異なるアプローチを使用するようになりました。
これはユーザーからは見えませんが、カスタムの sqlite3 と libco というふたつの依存関係を削除することで、パッケージを作成する際の助けになるでしょう。
dqlite を使う LXD は、標準の sqlite3 3.25 以上を使えるようになりました。
すべての変更点(翻訳なし) ¶
このリリースでの完全な変更点のリストは次のとおりです:
- shared/log15: Fix due to recent unix change
- Handle signals in non-interactive sessions.
- Fix hang when control is not provided in non-interactive mode.
- lxd/db/cluster: Fix incorrect storage volume node IDs
- lxd/db/cluster: Fix node id nil values
- lxd/storage/volumes: Only apply config changes when restoring snapshot if non-nil config is supplied
- lxd/network/driver/bridge: Exclude /32 underlay addresses from overlay address generation
- lxd/network/driver/ovn: Removes unnecessary dnsmasq logic in deleteParentPortBridge
- lxd/device/device/utils/network: Removes networkRandomDevName
- lxd/network/network/utils: Adds RandomDevName function
- lxd/device: network.RandomDevName usage
- lxd/network: Adds Description function
- api: Adds network_bridge_ovn_bridge API extension
- lxd/network/driver/ovn: Updates parentPortBridgeVars to use ovn.ovs_bridge from parent network
- lxd/network/driver/bridge: Adds ovn.ovs_bridge config key for OVN networks using bridge as parent
- doc/api: Removes underscore escaping when used inside backticks
- doc/networks: Adds ovn.ovs_bridge key to bridge networks
- lxd/instance/drivers: Fixes crash when removing device that cant be loaded
- lxd/db/cluster: Adds networks to project usage view
- lxc/storage_volume: Fix usage string
- po: Update translations
- lxd/network/driver/ovn: Add and delete local chassis ID to HA chassis group on start/stop
- lxd/network/openvswitch/ovn: Adds ChassisGroupChassisDelete function
- lxd/network/driver/ovn: Adds ovn.name setting to store OVN logical network name
- doc/networks: Adds ovn.name to OVN network doc
- api: Adds network_ovn_name API extension
- lxd/drivers/qemu: Use gic-version=max on aarch64
- seccomp: fix compilation on kernels without proper bpf.h
- lxc/config: Update wording for profile/config
- i18n: Update translation templates
- lxc/export: Support writing to stdout
- Drop custom SQLite and libco
- validate: Consider + as unsafe in URL
- lxd/instance/snapshots: Restrict naming
- db: Handle NULL storage_volume description column in patch 34
- lxd/storage/drivers/utils: Corrects argument order of mkfs in makeFSType for wider compatibility
- Revert "api: Adds network_ovn_name API extension"
- Revert "doc/networks: Adds ovn.name to OVN network doc"
- Revert "lxd/network/driver/ovn: Adds ovn.name setting to store OVN logical network name"
- Revert "doc/networks: Adds ovn.ovs_bridge key to bridge networks"
- Revert "lxd/network/driver/bridge: Adds ovn.ovs_bridge config key for OVN networks using bridge as parent"
- Revert "lxd/network/driver/ovn: Updates parentPortBridgeVars to use ovn.ovs_bridge from parent network"
- lxd/network/driver/ovn: Removes unused import
- lxd/network/driver/ovn: Removes unnecessary network ID lookup
- lxd/api/cluster: Start networks after cluster join
- lxd/networks: Only call n.Start() during doNetworksCreate if client type isn't joiner
- lxd/network/driver/ovn: Adds pause between chassis group entry deletion and uplink port removal
- lxd/network/driver/ovn: parentPortBridgeVars whitespace
- Revert "api: Adds network_bridge_ovn_bridge API extension"
- lxd/db/cluster/update: Adds features.networks to default project
- lxd/project: Adds NetworkProject function
- lxd/db/networks: Updates networkState and usage to support projects
- lxd/db/networks: Updates getNetwork and usage to support projects
- lxd/network/network/utils: Updates IsInUseByInstance to translate instance's project to a network project
- lxd/network/network/utils: Updates isInUseByDevices to support projects
- lxd/network/network/utils: Updates IsInUseByProfile to accept a db.Profile rather than api.Profile
- lxd/network/network/utils: Updates UpdateDNSMasqStatic to use default project
- lxd/network/network/utils: Updates GetLeaseAddresses to use default project
- lxd/network/network/utils: Adds UsedBy function and unexports related functions not used elsewhere
- lxd/db/networks: Updates GetNonPendingNetworks to return a map of project networks
- lxd/network/driver/ovn: Updates parentAllAllocatedIPs to use update GetNonPendingNetworks
- lxd/network/network/utils: Adds network usage by other networks detection in UsedBy
- lxd/network/driver/common: Updates IsUsed to use UsedBy
- lxd/network/driver/bridge: Adds existing interface check as Create function
- lxd/network/driver/bridge: Push down interface name conflict check to Rename
- lxd/network/driver: Removes duplicated "in use" check that is now done at top level
- lxd/profiles/utils: Renames project arg to projectName in doProfileUpdate
- lxd/profiles: Updates usage of ValidDevices in profilesPost
- lxd/patches: Updates to support network projects
- lxd/networks/utils: Removes networkGetInterfaces function
- lxd/networks/utils: Updates networkUpdateForkdnsServersTask to support projects
- lxd/networks: Updates networkPost validation
- lxd/networks: Updates networksGet to support projects
- lxd/networks: Updates networksPost to support projects
- lxd/networks: Updates networksPostCluster to support projects
- lxd/networks: Updates doNetworksCreate to support projects
- lxd/networks: Updates networkGet to support projects
- lxd/networks: Updates doNetworkGet to support projects and to use network.UsedBy
- lxd/networks: Updates networkDelete to support projects
- lxd/networks: Updates networkPost to support projects
- lxc/networks: Updates networkPut to support projects
- lxd/networks: Updates doNetworkUpdate to support projects
- lxd/networks: Updates networkLeasesGet to support network projects
- lxd/networks: Updates networkStartup and networkShutdown to load networks from all projects
- lxd/network/network/load: Updates load functions to support projects
- lxd/network/network/interface: Adds project name to init function
- lxd/network/driver/common: Adds project support
- lxd/network/driver/ovn: Load parent network from default project
- lxd/device/nictype: Adds conversion of device project to network project for NICType validation
- lxd/instance/instance/utils: Project name is needed to validate instance devices
- lxd/instance: instance.ValidDevices project argument usage
- lxd/instance/drivers/driver/lxc: instance.ValidDevices project usage
- lxd/instance/drivers/driver/lxc: Error quoting
- lxc/instance/drivers/driver/lxc: nictype.NICType project usage
- lxd/instance/drivers/driver/qemu: instance.ValidDevices project usage
- lxd/instance/drivers/driver/qemu: nictype.NICType project usage
- lxd/instance/drivers/load: Adds project support to validDevices
- lxd/device/device/load: Adds project support to load function
- lxd/device/device/utils/network: Use default project for veth route functions
- lxd/device/nic/bridged: Use default project for bridge networks
- lxd/device/nic/macvlan: Use default project for macvlan networks
- lxd/device/nic/ovn: Load parent network's project from instance's project
- lxd/device/nic/sriov: Use default project for parent network
- lxd/device/proxy: NICType project usage
- lxd/network/driver/common: Send project when notifying nodes of network changes
- lxd/networks: Send project when creating network on remote node
- lxd/db/migration/test: Add network project support
- lxd/cluster/membership/test: Add network project support
- lxd/api/cluster: Uses default project for networks during cluster join
- lxd/networks: Updates networksPostCluster to use tx.GetNetworkID with project
- lxd/db/networks: Adds project support to CreatePendingNetwork
- lxd/db/networks: Adds project support to GetNetworkID
- lxd/db/networks/test: Updates GetNetworkID usage with project
- shift_linux: tweak ACL handling
- tar_write: switch to PAXRecords to preserve ACLs too
- doc/projects: Adds features.networks
- lxc/project: Adds features.networks to project list output
- lxd/api/project: Adds features.networks support but does not enable by default
- lxd/init: Updates initDataNodeApply to return a revert function
- lxd/main/init: Updates Run to use revert
- lxd/api/cluster: Adds project support for networks
- lxd/api/cluster: Updates clusterPutJoin to use revert
- lxd/api/cluster: Updates clusterInitMember to return a revert function
- lxd/api/cluster: Logging quoting
- lxd/api/cluster: clusterPutJoin project support
- lxd/api/cluster: clusterInitMember project support
- lxd/api/cluster: Adds NetworksPost to internalClusterPostNetwork
- lxd/api/cluster: Checks network types match in clusterCheckNetworksMatch
- lxd/init: Adds internalClusterPostNetwork to initDataNode
- lxd/init: initDataNodeApply project support
- lxd/init: initDataNodeApply comment consistency
- lxd/main/init/auto: Updates RunAuto to send internalClusterPostNetwork
- lxd/main/init/dump: Updates RunDump to use internalClusterPostNetwork
- lxd/main/init/interactive: Updates RunInteractive to use internalClusterPostNetwork
- lxd/main/init/interactive: Updates askNetworking to use internalClusterPostNetwork
- lxd/network: Adds Info struct and function
- lxd/network/network/load: Renames ValidateName to ValidateNameAndProject
- lxd/network/driver/ovn: Adds Info function
- lxd: network.ValidateNameAndProject usage
- lxd/network/driver/ovn: deleteParentPort fixed to allow deletion of network with no parent
- lxd/project: Updates NetworkProject to return project config
- doc/project: Adds limits.networks setting
- lxd/api/project: Adds limits.networks setting
- lxd/networks: Enforces limits.networks in networksPost
- lxd: project.NetworkProject usage
- lxd/networks: Don't allow non-default network projects to access info about the physical interfaces in doNetworkGet
- lxd/api/cluster: Create or update local node projects to sync with cluster in clusterInitMember
- i18n: Update translation templates
- shift_linux: handle ACL unshifting correctly
- shift_linux: handle capability unshifting correctly
- shift_linux: converty to CBytes not to CString
- lxc/utils: Add usage function
- lxc: Drop command name from translation
- i18n: Update translation template
- shared/subprocess: Set err on non-zero
- lxd/instances/qemu: Use subprocess
- lxd/instance: Add DevPaths
- lxd/apparmor: Fix unload/delete
- lxd/apparmor/instance: Sort context
- lxd/apparmor: Prepare for qemu
- lxd/apparmor: Add qemu profile
- lxd/instance/drivers/driver/qemu: Switch to threads locking mode and writeback cache mode for BTRFS
- doc/instance: raw.apparmor now implemented for VM
- lxd/apparmor: Tweak qemu profile for non-snap
- shared/idmap/shift/linux: Handle nil IdmapSet in UnshiftACL and UnshiftCaps
- shared/instancewriter/instance/tar/writer: Handle nil idmapSet and log shifting errors in WriteFile
- lxc: Better handle arguments
- lxc: Unbundle sortorder
- lxd/util/sys: Fixes GetExecPath when lxd binary has been removed/changed
- lxd/db/images: Error message uppercase first letter
- i18n: Update translations from weblate
- lxd/instance: Adds instanceImageTransfer and updates instanceCreateFromImage to use it
- lxd/daemon/images: Error quoting
- lxd/daemon/image: Adds logic to download image from another cluster node into ImageDownload
- lxd/db/images/test: Fixes tests for LocateImage
- test/suites/clustering: Adds test for image transfer between cluster nodes
- bash-completion: use "list --format=csv" consistently
- bash-completion: use regex grouping for
lxc start - lxd/instance/qemu: Fix mem device naming
- proxy bind= should accept host|instance as the doc says
- Valid proxy type= values are all lower case so fix doc
- s/descriptros/descriptors/
- Revert "lxd/network/driver/bridge: Exclude /32 underlay addresses from overlay address generation"
- lxd/network/driver/bridge: Skip lo interface when generating fan overlay address in addressForSubnet
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.5 リリースのお知らせ¶
29th of August 2020
はじめに ¶
LXD チームは LXD 4.5 のリリースをお知らせできることにとてもワクワクしています!
これは LXD の非常に忙しいリリースです。主なハイライトは、ネットワークオプションに OVN が加わったことであることは間違いありません。
さらに、bpf システムコールのインターセプトと pts デバイスの新たな割り当てロジックという、コンテナサポートで歓迎すべき改良がいくつか加わりました。
最後に、リモートストレージの改良と新しい AppArmor プロファイルに対する改良による、セキュリティとクラスタリングに対する素晴らしい改良が行われました。
Enjoy!
新機能とハイライト ¶
OVN 仮想ネットワークの初期サポート ¶
LXD 4.5 には OVN 仮想ネットワークのサポートが含まれます。
これは通常の LXD が管理するネットワークとして定義でき、これまでのブリッジと非常に似ています。しかし、クラスターノードをまたぐことができますし、サブネットが重複したり競合したりできます。
これは OVN を使って実現されています。そして、次の LXD リリースでは LXD プロジェクト内部のネットワークの基礎となります。LXD の OVN ネットワークは、親となる管理されたネットワークが必要です。現状では管理されたブリッジのみがサポートされます(SR-IOV と macvlan は 4.6 で対応予定)。
現時点では、ホスト上で OVN と Open vSwitch がセットアップされていれば、LXD で仮想ネットワークを作成できますし、通常のブリッジに対する方法と同じようにインスタンスに接続できます。
(4.5 の snap を使った Ubuntu 20.04 LTS での実行例です)
root@nuc01:~# apt install ovn-host ovn-central --yes [snip] root@nuc01:~# snap install lxd --channel=latest/candidate lxd (candidate) 4.5 from Canonical✓ installed root@nuc01:~# ovs-vsctl set open_vswitch . \ > external_ids:ovn-remote=unix:/var/run/ovn/ovnsb_db.sock \ > external_ids:ovn-encap-type=geneve \ > external_ids:ovn-encap-ip=172.17.16.139 root@nuc01:~# lxd init --auto root@nuc01:~# lxc network list +--------+----------+---------+----------------+---------------------------+-------------+---------+ | NAME | TYPE | MANAGED | IPV4 | IPV6 | DESCRIPTION | USED BY | +--------+----------+---------+----------------+---------------------------+-------------+---------+ | br0 | bridge | NO | | | | 0 | +--------+----------+---------+----------------+---------------------------+-------------+---------+ | br-int | bridge | NO | | | | 0 | +--------+----------+---------+----------------+---------------------------+-------------+---------+ | eno1 | physical | NO | | | | 0 | +--------+----------+---------+----------------+---------------------------+-------------+---------+ | lxdbr0 | bridge | YES | 10.19.114.1/24 | fd42:56de:74c7:40f5::1/64 | | 1 | +--------+----------+---------+----------------+---------------------------+-------------+---------+ root@nuc01:~# lxc network set lxdbr0 ipv4.dhcp.ranges=10.19.114.2-10.19.114.199 root@nuc01:~# lxc network set lxdbr0 ipv4.ovn.ranges=10.19.114.200-10.19.114.254 root@nuc01:~# lxc network set lxdbr0 ipv6.ovn.ranges=fd42:56de:74c7:40f5::200-fd42:56de:74c7:40f5::254 root@nuc01:~# lxc network create my-virtual-01 network=lxdbr0 --type=ovn Network my-virtual-01 created root@nuc01:~# lxc network create my-virtual-02 network=lxdbr0 --type=ovn Network my-virtual-02 created root@nuc01:~# lxc network list +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | NAME | TYPE | MANAGED | IPV4 | IPV6 | DESCRIPTION | USED BY | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | br0 | bridge | NO | | | | 0 | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | br-int | bridge | NO | | | | 0 | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | eno1 | physical | NO | | | | 0 | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | lxdbr0 | bridge | YES | 10.19.114.1/24 | fd42:56de:74c7:40f5::1/64 | | 1 | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | lxdovn1 | bridge | NO | | | | 0 | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | my-virtual-01 | ovn | YES | 10.178.251.1/24 | fd42:39c7:797c:7977::1/64 | | 0 | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | my-virtual-02 | ovn | YES | 10.82.211.1/24 | fd42:5045:b316:b251::1/64 | | 0 | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ root@nuc01:~# lxc network create my-virtual-03 network=lxdbr0 ipv4.address=10.82.211.1/24 ipv6.address=fd42:5045:b316:b251::1/64 --type=ovn Network my-virtual-03 created root@nuc01:~# lxc network list +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | NAME | TYPE | MANAGED | IPV4 | IPV6 | DESCRIPTION | USED BY | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | br0 | bridge | NO | | | | 0 | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | br-int | bridge | NO | | | | 0 | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | eno1 | physical | NO | | | | 0 | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | lxdbr0 | bridge | YES | 10.19.114.1/24 | fd42:56de:74c7:40f5::1/64 | | 1 | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | lxdovn1 | bridge | NO | | | | 0 | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | my-virtual-01 | ovn | YES | 10.178.251.1/24 | fd42:39c7:797c:7977::1/64 | | 0 | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | my-virtual-02 | ovn | YES | 10.82.211.1/24 | fd42:5045:b316:b251::1/64 | | 0 | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+ | my-virtual-03 | ovn | YES | 10.82.211.1/24 | fd42:5045:b316:b251::1/64 | | 0 | +---------------+----------+---------+-----------------+---------------------------+-------------+---------+
このセットアップでは、3 つの OVN ネットワークが存在します。そのうち 2 つは意図的に全く同じ IPv4/IPv6 サブネットを共有しており、分離された状態を見ることができます。
root@nuc01:~# lxc init images:ubuntu/20.04 u1 Creating u1 root@nuc01:~# lxc init images:ubuntu/20.04 u2 Creating u2 root@nuc01:~# lxc init images:ubuntu/20.04 u3 Creating u3 root@nuc01:~# lxc config device add u1 eth0 nic name=eth0 network=my-virtual-01 Device eth0 added to u1 root@nuc01:~# lxc config device add u2 eth0 nic name=eth0 network=my-virtual-02 Device eth0 added to u2 root@nuc01:~# lxc config device add u3 eth0 nic name=eth0 network=my-virtual-03 Device eth0 added to u3 root@nuc01:~# lxc start u1 u2 u3 root@nuc01:~# lxc list +------+---------+---------------------+-----------------------------------------------+-----------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +------+---------+---------------------+-----------------------------------------------+-----------+-----------+ | u1 | RUNNING | 10.178.251.2 (eth0) | fd42:39c7:797c:7977:216:3eff:fe3a:6498 (eth0) | CONTAINER | 0 | +------+---------+---------------------+-----------------------------------------------+-----------+-----------+ | u2 | RUNNING | 10.82.211.2 (eth0) | fd42:5045:b316:b251:216:3eff:fe7d:7826 (eth0) | CONTAINER | 0 | +------+---------+---------------------+-----------------------------------------------+-----------+-----------+ | u3 | RUNNING | 10.82.211.2 (eth0) | fd42:5045:b316:b251:216:3eff:fe9d:52af (eth0) | CONTAINER | 0 | +------+---------+---------------------+-----------------------------------------------+-----------+-----------+
bpf システムコールインターセプションの初期実装 ¶
bpf システムコールに対するシステムコールインターセプションを有効化できるようになりました。これはコンテナの security.syscalls.intercept.bpf を使ってコントロールできます。
この機能を有効にした場合、特定のタイプの bpf プログラムを有効にしなければなりません。現時点では、security.syscalls.intercept.bpf.devices のみをサポートします。この機能は、device cgroup に紐付けられたプログラムをコンテナ内から読み込めるようにしています。
警告: 実際のプログラムで行われるバリデーションは、ホストからの明確な DoS を避けるための単純なサイズチェックのみです。この機能を有効にしたコンテナでは、かなり複雑な bpf プログラムをロードできます。そしてコンテナのスコープ外の情報を取得する可能性があります。信用できないコンテナに対しては許可するべきではありません。
ネイティブなターミナルデバイスの割り当てのサポート ¶
これまで、lxc exec のような操作のためのデバイス割り当てはホストシステムの devpts を通して行われていました。これは、コンテナのファイルシステムにアクセスしたり、ユーザーがコンテナ内の /dev/pts を何か悪意のあるものでマスクしたりすることを防ぐためのセキュリティの手段として行われていました。しかし、このアプローチには問題があります。コンテナ内部で見える制御デバイスは(外部に属するため)解決できないからです。
カーネルと LXC の作業で、コンテナ起動時に最初にマウントされる devpts インスタンスを安全に追跡できるようになりました。そして、コンテナ内の現在のマウントテーブルとやりとりすることなく、デバイスを割り当てできるようになりました。
これによる目に見える効果には次のようなものがあります。stdin/stdout/stderr 上で何かをリダイレクトする時に AppArmor ポリシーが混乱しにくくなったり、他の様々なソフトウェアが is-a-tty タイプのチェックを行うようなことがより通常の方法で動作するようになったりしました。
VGA コンソールが Windows 上で動くようになりました ¶
Windows ユーザーは、virt-viewer を Chocolatey 経由かマニュアルでインストールできるようになりました。インストールすると、仮想マシンで lxc console --type=VGA を実行した場合に自動的にそれを検出し、使います。
リモートのストレージプールの扱いの改良 ¶
これまで、リモートのストレージプールにあるカスタムボリュームの処理方法は、クラスターメンバーごとにひとつのレコードを持つことで行われていました。これは、特にスナップショットを考慮すると、多数の重複するデータが生じていました。
スナップショットについては、ボリュームの重複のために、自動化されたスナップショットが各クラスターメンバーごとに発生し、意図したよりも多くのスナップショットと全体的な負荷につながっていました。
新たなデータベースの設計でこれはすべて解決しました。この設計では、シングルボリュームのエントリーが保持され、クラスター化されているとマークされます。したがって、特定のクラスターメンバーに結び付けられることはなくなりましたし、スケジュールされたスナップショットは、安定したハッシュメカニズムを使ってクラスター全体に分散するようになり、現在オンラインのクラスターメンバーがそれをどのように処理するかを決定します。
forkdns と forkproxy が AppArmor の制限のもとで実行されるようになりました ¶
LXD 4.4 での dnsmasq の制限に続き、LXD 4.5 では forkdns も制限するようになりました。このプロセスは、LXD クラスター上で Fan ベースのネットワークが実行されているときに使います。その名前のとおり、forkdns はすべてのクラスターメンバーに対するクエリを効果的に複製することで DNS 処理を行います。この制限により、重要なデータへのアクセスによる攻撃の可能性を防ぐことができます。
同様に、NAT ではない proxy デバイスで使われる forkproxy も、自身の AppArmor プロファイルを持っています。これは、アクセスする前提であるソケットと、プロキシーを行うのに必要なカーネルインフラストラクチャーの部分のみに制限をします。
lxc move でクラスターのターゲットを指定できるようになりました ¶
クラスター外部からクラスターにインスタンスを移動する際、--target を与えることで、インスタンスをホストするクラスターメンバーを指定できるようになりました。
すべての変更点(翻訳なし) ¶
このリリースでの完全な変更点のリストは次のとおりです:
- lxc/move: Allow --target with cluster destination
- i18n: Update translation templates
- lxd/networks: Validate network config before starting networks on startup
- lxd/network/driver/common: Call init() in update() to consistency apply new internal state
- lxd/device/device/utils/network: Removes networkDHCPValidIP
- lxd/dnsmasq/dhcpalloc: Adds static DHCP allocation package for dnsmasq
- lxd/dnsmasq: Renames DHCPStaticIPs to DHCPStaticAllocation
- lxd/dnsmasq: Renames DHCPAllocatedIPs to DHCPAllAllocations
- lxd/network/network/utils: Removes GetIP
- lxd/network/network/utils: dhcpalloc.GetIP usage
- lxd/network/network/utils: dnsmasq.DHCPStaticAllocation usage
- lxd/network/network/interface: Changes of functions to accomodate dhcpalloc package
- lxd/network/driver/common: Implements default no-op function for non-dhcp enabled networks
- lxd/network/driver/common: dhcpalloc.DHCPRange usage
- lxd/network/driver/bridge: dhcpalloc package function usage
- lxd/network/driver/bridge: DHCPv4Subnet and DHCPv6Subnet implementations
- lxd/device/nic/bridged: Comment correction
- lxd/device/nic/bridged: n.DHCPv4Subnet and n.DHCPv6Subnet usage
- lxd/device/nic/bridged: dnsmasq.DHCPStaticAllocation usage
- lxd/device/nic/bridged: dhcpalloc.DHCPValidIP usage
- lxd/device/nic/bridged: Switches static DHCP allocation for IP filtering to dnsmasq/dhcpalloc
- lxd/main_activateifneeded: Clarify 'No DB' debug statements
- lxd/cluster: Fix failure domain updates
- tests: Fix failure domain test
- doc: s/container/instance/g
- doc/backup: Add note about the snap mntns
- lxd/apparmor: Don't fail on missing apparmor
- shared/validate: Makes IsUint32 non-optional
- lxd: Wraps validate.IsUint32 in validate.Optional
- shared/instance: Wraps validate.IsUint32 in validate.Optional
- shared/validate: Makes IsUint8 non-optional
- lxd/network/driver/bridge: Wraps validate.IsUint8 in validate.Optional
- shared/validate: Makes IsPriority non-optional
- shared/instance: Wraps validate.IsPriority in validate.Optional
- shared/validate: Makes IsBool non-optional
- lxd: Wraps validate.IsBool in validate.Optional
- shared/instance: Wraps validate.IsBool in validate.Optional
- shared/validate: Makes IsSize non-optional
- lxd: Wraps validate.IsSize in validate.Optional
- shared/instance: Wraps validate.IsSize in validate.Optional
- shared/validate: Makes IsNetworkAddress non-optional
- lxd: Wraps validate.IsNetworkAddress in validate.Optional
- shared/validate: Makes IsNetworkV4 non-optional
- lxd/network/driver/bridge: Wraps validate.IsNetworkV4 in shared.Optional
- shared/validate: Makes IsNetworkAddressV4 non-optional
- lxd/device/nic: Wraps validate.IsNetworkAddressV4 in validate.Optional
- lxd/device/nic/ipvlan: Wraps validate.IsNetworkAddressV4 in validate.Optional
- lxd/device/nic/ipvlan: Fixes incorrect IPv4 address check in IPv6 context
- lxd/network/driver/bridge: Wraps validate.IsNetworkAddressV4 in validate.Optional
- shared/validate: Makes IsNetworkAddressCIDRV4 non-optional
- lxd: Wraps validate.IsNetworkAddressCIDRV4 in validate.Optional
- shared/validate: Makes IsDeviceID non-optional
- lxd/device: Wraps validate.IsDeviceID in validate.Optional
- shared/validate: Makes IsNetworkV6 non-optional
- shared/validate: Makes IsNetworkAddressCIDRV6 non-optional
- lxd: Wraps validate.IsNetworkAddressCIDRV6 in validate.Optional
- shared/validate: Makes IsNetworkAddressV6 non-optional
- lxd: Wraps validate.IsNetworkAddressV6 in validate.Optional
- lxd/device/nic/ipvlan: validate.IsNetworkAddressVX tweaks
- lxd/device/nic/routed: Wraps validate.IsNetworkAddressV4List in validate.Optional
- lxd: Wraps validate.IsNetworkV4List and validate.IsNetworkV6List in validate.Optional
- shared/validate: Tweaks IsNetworkVLAN error message ordering
- shared/validate: comment spacing
- daemon: check whether shiftfs is useable
- lxd/network/network/utils: Renames ValidNetworkName to validInterfaceName
- lxd/network/network/utils: Adds validVirtualNetworkName
- lxd/network/network/interfaces: Adds ValidateName
- lxd/network/driver/bridge: Implements ValidateName
- lxd/network/driver/macvlan: Implements ValidateName
- lxd/network/driver/sriov: Implements ValidateName
- lxd/network/network/load: Adds ValidateName helper function
- lxd/main/init/interactive: Switches to network.ValidateName for bridge validation
- lxd/networks: Switches to network.ValidateName
- lxd/storage/utils: Simplifies error message from ValidName
- doc/networks: Fixes typo in bridge docs
- lxd/cluster/config: Fix import ordering of external package
- lxd/network/openvswitch: Name functions consistently using ObjectAction format
- lxd/network/driver/bridge: OVS function naming usage
- lxd/network/network/utils: OVS function naming usage
- lxd/device/nic/bridged: OVS function naming usage
- lxd/storage/locking: Moves package to lxd/locking
- lxd/locking: Renames variables to make them generic
- lxd/storage/drivers/utils: Adds OperationLockName function
- lxd/network/network/interface: Adds ID() function
- lxd/network/driver/common: Implements ID() function
- lxd/storage: locking.Lock usage with OperationLockName wrapper
- lxd/resources: Fix total memory for per NUMA node
- lxd: enable safe native container terminal allocation
- lxd/rsync: Don't pass --bwlimit when no limits set
- exec: fix OpenPtyInDevpts()
- test/suites/storage: LVM size tweaks
- lxd/instance/drivers/driver/lxc: Adds nil check in getLxcState
- client/operations: Fixes race conditions
- lxd/operations: Fixes race conditions
- client: More races fixed
- Makefile: Adds race target for enabling race detector
- Makefile: Correctly builds lxd-p2c and lxd-agent in debug and nocache targets
- client/operations: Race fix
- lxd/db: Adds mutex to fix races
- lxd/operations: Fixes races
- shared/validate: Adds IsURLSegmentSafe function
- lxd/network/driver/common: Adds common ValidateName function
- lxd/network/driver/bridge: Changes ValidateName to use common validation too
- lxd/network/driver: Removes ValidateName from sriov and macvlan
- lxd/network/network/load: Adds field name context to name validation errors
- lxd/network/network/utils: Removes validVirtualNetworkName
- lxd/networks: Returns network context on network startup failure
- shared/validate: Adds Required() and makes Optional() accept multiple validators
- lxd/network/driver/bridge: Don't allow stable volatile MAC with fan network
- lxd/network/driver/bridge: Don't allow hwaddr to be set in fan mode
- seccomp: update comment about blocking the new mount api
- syscall_numbers: fix pidfd_open() definition
- lxd_seccomp: add SECCOMP_IOCTL_NOTIF_ADDFD definitions and types
- checkfeature: check for seccomp notify fd injection feature
- syscall_numbers: add pidfd_getfd()
- syscall_numbers: add bpf()
- seccomp: report helpful errors when determining support for features
- seccomp: handle liblxc sending the notify fd as part of the seccomp message
- seccomp: enable bpf in unprivileged containers
- doc: add security.syscalls.intercept.bpf and security.syscalls.intercept.bpf.prog.devices
- api: add container_syscall_intercept_bpf_devices extension
- lxd-client: add security.syscalls.intercept.bpf security.syscalls.intercept.bpf.devices to completion
- production-setup: mention bpf-specific memlock settings
- seccomp: check the return value of pwrite()
- syscall_numbers: add close_range()
- exec: switch to close_range() syscall
- process_utils: remove faulty license
- lxd/apparmor/dnsmasq: Add binary for nesting
- lxd/storage/drivers/ceph: Fix volume deletion
- lxd/instance/drivers/driver/qemu: Fix race in onStop getting operation
- lxd/db: Fix premature failure when listing cluster volumes
- lxd/db/storage_volumes: Add comments regarding behaviour
- doc/production-setup: Fix escaping
- doc/production-setup: Update introduction
- lxd: Fix automatic storage volume snapshots
- cluster: Don't upgrade nodes without raft role concurrently
- lxd/network/network/load: Moves fillAuto logic into per-driver fillConfig function
- lxd/network/utils: Moves fillAuto into bridge's fillConfig function
- lxd/network/network/utils: Adds randomHwaddr function
- lxd/patches: Adds patch to remove volatile.bridge.hwaddr network key
- lxd/network/bridge/driver: Removes volatile.bridge.hwaddr and adds stable MAC generation
- shared/usbid: Don't auto-load
- lxd/resources: Load USB database
- lxd/apparmor: Move dnsmasq functions
- lxd/apparmor: forkdns profile
- lxd/sys: Add unpriv uid/group
- lxd/instances: Update for OS type change
- shared/subprocess: s/Pid/PID/
- shared/subprocess: Add credentials
- lxd/network: forkdns and creds drop for forkdns
- lxd/network: Run dnsmasq as unpriv group
- lxd/device/device/common: Adds common contextual logger
- doc/networks: dns.search clarification
- lxd/network/driver/bridge: Validates bridge.external_interfaces using validate.Optional() helper
- shared/validate: Adds network IP range validators
- lxd/network/driver/bridge: Adds DHCP IP range validation
- shared/network/ip: Defines IPRange struct
- lxd/dnsmasq/dhcpalloc: Removes DHCPRange and switches to shared.IPRange
- lxd/network: Replaces dhcpalloc.DHCPRange with shared.IPRange
- lxd/storage: Fix delete of remote pools
- lxd/storage/ceph: Allow for small size variation
- seccomp: cap instruction limit and log buffer to reasonable sizes
- seccomp: initialize almost everything
- main_checkfeature: remove logging failed shiftfs mounts
- seccomp: log errors to convert unix connection to file
- unixfd: improve SCM_RIGHTs file descriptor retrieval
- seccomp: simplify the seccomp message retrieval
- api: Adds API extension network_type_ovn
- doc/server: Documents global OVN networking config keys
- lxd/cluster/config: Adds OVN networking global config keys
- lxd/network/network/utils: Updates isInUseByDevices to support ovn
- lxd/db/networks: Adds OVN network type
- lxd/network/network/load: Adds ovn network type to loader
- lxd/networks: Adds ovn network type
- lxd/device/device/load: Adds OVN nic type support
- lxd/device/nictype: Adds ovn support
- lxd/network/network/utils: Adds OVN instance device port helpers
- lxd/network/openvswitch/ovs: Adds InterfaceAssociateOVNSwitchPort
- lxd/network/openvswitch/ovs: Adds ChassisID function
- lxd/network/openvswitch/ovs: Adds OVN bridge mapping functions
- lxd/network/openvswitch/ovs: Adds BridgePortList function
- lxd/network/openvswitch/ovs: Adds OVNBridgeMappingDelete function
- lxd/network/openvswitch/ovn: Adds OVN command wrapper
- lxd/network/network/utils: Adds parseIPRange functions
- lxd/network/driver/bridge: Adds OVN ranges keys
- lxd/network/driver/ovn: Adds OVN network driver
- lxd/device/nic/ovn: Adds OVN nic type
- doc/networks: Adds initial OVN doc
- doc/networks: Add OVN range keys
- doc/networks: Fix key ordering
- bash: Update completion profile
- lxd/apparmor: Disable cgroup2 on legacy hosts
- lxc/manpage: Fix behavior in snap
- shared/subprocess: Add StartWithFiles
- lxd/forkproxy: Switch to using subprocess
- daemon: check namespace management support through pidfds
- nsexec: remove unused dosetns() function
- nsexec: add new change_namespace() helper
- forksyscall: use pidfds to attach to namespaces
- forknet: use pidfds to attach to namespaces
- forkmount: use pidfds to attach to namespaces
- forkproxy: use pidfds to attach to namespaces
- forkfile: use pidfds to attach to namespaces
- nsexec: remove unused setnsat()
- lxd/db/networks: Separates network type and status conversion into separate functions
- lxd/db/networks: Adds ClusterTx.GetNonPendingNetworks function
- lxd/db/networks: Adds ClusterTx.UpdateNetwork function
- lxd/network/driver/ovn: Use DB transactions to safely allocate OVN external IPs on parent network
- lxd/network/driver/ovn: Include last IP in OVN range for allocatable IPs
- lxd/db/networks: Populates network nodes in ClusterTx.GetNonPendingNetworks
- lxd/db/networks: Populate description col with empty string in CreatePendingNetwork
- shared/validate: Adds IsNetworkMTU function
- lxd/network/driver: validates mtu using IsNetworkMTU
- lxd/device/nic: Validates mtu using IsNetworkMTU
- lxd/network/network/utils: Removes OVN specific helper functions
- lxd/network/network/utils/ovn: Adds OVNInstanceDeviceMTU function
- lxd/network/openvwitch/ovn: Adds MTU support for DHCP and IPv6 RA
- lxd/network/driver/ovn: Adds bridge.mtu config option and passes to DHCP/RA setup
- lxd/device/nic/ovn: Use parent network's bridge.mtu setting for setting device MTU
- lxd/network/driver/common: Moves notifier for delete into common
- lxd/networks: Moves cluster notification and storage clean up for networkDelete into common
- shared/validate: Use consistent quoting for outputting input value when there is an error
- lxc: Bundle sortorder
- lxd/network/ovn: Use snap path
- doc/networks: Adds link to OVN network
- lxd/network/network/utils: Adds pingIP function
- lxd/network/driver/ovn: Pings OVN external IPv6 router IP on bridge port start
- lxd/network/openvswitch/dns: Adds LogicalSwitchPortSetDNS and LogicalSwitchPortDeleteDNS functions
- lxd/network/openvswitch/ovn: Updates LogicalSwitchDelete to clear any remaining DNS records
- lxd/network/network/utils/ovn: Updates OVNInstanceDevicePortAdd to take instanceName for DNS records
- lxd/network/driver/ovn: Updates instance port functions to setup and remove DNS records
- lxd/device/nic/ovn: Updates usage of network.OVNInstanceDevicePortAdd to supply instance name for DNS records
- lxd/storage/drivers/utils: Fixes shrinkFileSystem to detect e2fsck filesystem modifications
- lxd/db/instances: Ensure correct pool name is returned in GetInstancePool
- shared/cert: Fix on Windows
- lxc/console: Support remote-viewer on Windows
- lxc/export: Use HostPathFollow
- lxd/cluster: Re-try listening for a minute
- lxd/init: Don't fail on existing address
- lxd/storage/zfs: Fix bad transfer logic on block
- lxd/storage/zfs: Always discard mountpoint on recv
- lxd/db/projects: go imports order
- lxd/db/projects: Removes unnecessary whitespace
- lxd/db/cluster: Adds patch for adding project_id to networks table
- lxd/db/networks: Adds project support to CreatePendingNetwork
- lxd/db/networks: Adds project support to CreateNetwork
- lxd/networks: Pass project.Default when creating networks
- lxd/instance/test: Updates tests to use project.Default for new networks
- lxd/db/networks/test: Updates tests to use project.Default for new networks
- lxd/storage/zfs: Don't filter mountpoint on block
- lxd/db/instances: Removes instancePoolSnapshot function
- lxc/network: Fix usage
- i18n: Update translation templates
- lxd/apparmor/dnsmasq: drop dup rule, /snap/lxd/*/ includes /snap/lxd/current/
- lxd/apparmor/forkdns: drop dup rule, /snap/lxd/*/ includes /snap/lxd/current/
- lxd/instance: Always put snapshots on same pool as parent
- doc/security: Adds note about non-IP ethernet frame filtering to stop VLAN QinQ bypass
- lxd/db/cluster: Update tables to allow null value for node ID
- shared/util: Converts DefaultPort from string to int
- lxd/util/net: Updates CanonicalNetworkAddress to use net.JoinHostPort rather than manual fmt.Sprintf
- lxd/util/net: Adds CanonicalNetworkAddressFromAddressAndPort function
- lxd/device/device/utils/proxy: Use net.JoinHostPort rather than manual fmt.Sprintf
- lxd/main/init/interactive: Error wrapping
- lxd/main/init/interactive: Use canonical address after port has been added for comparison
- lxd/main/init/auto: util.CanonicalNetworkAddressFromAddressAndPort usage
- lxc/remote: shared.DefaultPort usage
- lxd-agent/main/agent: shared.DefaultPort usage
- lxd-p2c/utils: shared.DefaultPort usage
- lxd/vsock: shared.DefaultPort usage
- lxd/util/http: shared.DefaultPort usage
- lxd/main/init: shared.DefaultPort usage
- lxd/db: Handle null value for nodeID
- lxd/daemon: Make db aware of remote storage drivers
- lxd/daemon: Perform automatic snapshots on random node
- lxd/storage: Refuse BLOCK_AND_RSYNC with running instance
- lxd/apparmor: Simplify profile name generation
- lxd/device: Export Name and Config
- lxd/apparmor: Shrink instance interface
- lxd/apparmor/forkdns: Alignment
- lxd/apparmor/forkdns: Support LD_LIBRARY_PATH
- lxd/api/cluster: Makes ServerAddress field required for clusterPutJoin
- lxd/network/driver/ovn: Makes ping test in startParentPortBridge async
- lxd/init: Updates initDataNodeApply to use revert package and to revert itself on error
- lxd/cluster/connect: Adds UserAgentNotifier constant
- lxd/cluster/connect: Adds UserAgentJoiner constant
- lxd/cluster/connect: Adds ClientType type and UserAgentClientType function
- lxd/api: Updates isClusterNotification to use cluster.UserAgentNotifier
- lxd/api/cluster: clusterInitMember comments
- lxd/api/cluster: initDataNodeApply usage
- lxd/main/init: initDataNodeApply usage
- lxd/api/cluster: Updates clusterPutJoin to use cluster.UserAgentJoiner when sending requests to local node
- lxd/network/network/interfaces: Replaces clusterNotification bool with cluster.ClientType
- lxd/network/driver/common: cluster.ClientType usage
- lxd/network/driver: cluster.ClientType usage
- lxd/network/driver/ovn: cluster.ClientType usage
- lxd/networks: cluster.ClientType usage
- lxd/apparmor/dnsmasq: Add /proc/self/fd
- lxd/apparmor/forkdns: Allow reading/mapping the binary
- lxd/apparmor: Add forkproxy
- lxd/device/forkproxy: Add apparmor
- lxd/instance/instance/interface: Moves Project() function into ConfigReader interface
- lxd/instance/drivers/driver/common: Adds Project function
- lxd/instance/drivers/driver/lxc: Updates lxc to use common fields
- lxd/instance/drivers/driver/lxc: Removes driver specific Project function
- lxd/instance/drivers/driver/qemu: Removes driver specific Project function
- lxd/network/network/utils: Improves UpdateDNSMasqStatic error message
- lxd/daemon: db.StorageRemoteDriverNames usage
- lxd/db: StorageRemoteDriverNames usage
- lxd/db/storage/pools: Renames GetRemoteDrivers to StorageRemoteDriverNames for clarity
- lxd/storage/drivers/load: Cache supported drivers
- lxd/storage/drivers/load: Remove references to "support" in AllDriverNames
- lxd/apparmor/forkproxy: Fix running on i386
- lxd/storage/drivers/interface: Adds isRemote function
- lxd/storage/drivers/driver/common: Adds isRemote() function that returns false
- lxd/storage/drivers/driver: Updates driver's Info() function to call d.isRemote()
- lxd/storage/drivers/ceph: Implements isRemote function for ceph and cephfs
- lxd/storage/drivers/load: Removes SupportedDrivers caching and updates comment
- lxd/storage/drivers/load: Simplifies RemoteDriverNames to use the isRemote function
- lxd/daemon: storageDrivers.RemoteDriverNames usage simplifcation
- doc/networks: Rename OVN parent to network
- lxd/networks/ovn: Rename parent to network
- scripts/bash: Add network config key
- i18n: Update translations from weblate
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 2.0.12 リリースのお知らせ ¶
14th of August 2020
はじめに ¶
LXD チームが LXD 2.0.12 のリリースをお知らせします!
このリリースは、2021 年 6 月までサポートされる LXD 2.0 に対する 12 個目のバグフィックスリリースです。
バグ修正と改良点 ¶
一番古い LTS リリースである LXD 2.0 は 2017 年 10 月以来リリースがありませんでした。
この 2.0 系の LTS ブランチはセキュリティフィックスのみが行われるモードに入っています。このリリースは 2.0.11 に入らなかった古いバグ修正のいくつかと、LXD のこのブランチをビルドできるようにするための修正のみを含んでいます。
この一部として、LXD の依存関係のいくつかが、古いバージョンの Go でビルドできなくなり、LXD 2.0.11 が Go 1.13, 1.14, 1.15 で実行でき、少なくとも 1.11 ではビルドできないことを確認しました。
重要な修正やセキュリティ上の修正はないため、古い Go のバージョンを必要とするディストリビューションは 2.0.11 を維持するべきです。
最後に、LXD 2.0 LTS をまだ使っているユーザーは、このブランチでは重要なセキュリティ上の問題のみが修正され、1 年以内にサポートが終了しますので、より新しいバージョンにアップグレードすることをおすすめします。2.0 LTS から直接 4.0 LTS へアップグレードすることがサポートされています。
コミットの全リストは次のとおりです(翻訳なし):
- Fix file transfers to/from stdin/stdout in snap
- If running as root in the snap, use /proc/1/root
- Fix failure due to bind-mount through /proc
- all: move to bakery.v2
- Update the "lxc list" help to match stable-2.0
- tests: Don't use godeps for import check
- Make current gofmt happy
- Make current gofmt happy (stable-2.0 specific)
- liblxc: detect version at runtime
- Update for newer ZFS releases
- zfs: try pool import
- Revert most of the macaroon support in client
- client: Add GetOperationUUIDs and GetOperations
- lxd/logs: Don't allow removing lxc.conf or lxc.log
- shared/api: Add API extension label to AuthMethods
- Drop logging setup in Daemon.Init()
- Add helper to redirect the global logger to the testing logger
- Add a shared.KeyPairAndCA function to get coventionally named certs
- Add new debug sub-package with support for memory profiling
- Add lxd/task sub-package for running functions periodically
- Fix output of --print-goroutines-every
- Add cpu profiling and goroutines printing to the debug sub-package
- Move execPath global variable to sys.OS.ExecPath
- Move global aaAvailable global variable to sys.OS
- Move global aaStacking global variable to sys.OS
- Move global runningInUserns global variable to sys.OS
- Move global aaAdmin global variable to sys.OS
- Move global aaConfined global variable to sys.OS
- Move global cgBlkioController global variable to sys.OS
- Move global cgCpuController global variable to sys.OS
- Move remaining global cgXXX global variables to sys.OS
- Move directory initialization to sys.OS.
- Drop unnecessary checks on MockMode
- Vendor a copy of log15 in shared/log15
- Revert "Temporary workaround for log15 API breakage"
- Switch to the built-in log15
- Add a endpoints.Endpoints class for managing HTTP endpoints
- Wire endpoints.Endpoints into Daemon
- lxd/daemon: Fix unsetting https address
- Move optional Daemon config values to DaemonConfig
- Don't skip Daemon.Ready() in tests, it can be run unconditionally
- Wire debug utilities into main_daemon.go
- Track the lifecycle of the goroutine performing log expiration
- Streamline Daemon init and shutdownn
- Control all goroutines spawned in Daemon.Ready() using task.Task
- Don't use global path variables in sys.OS
- Switch to the built-in log15
- Return the initial schema version in Schema.Ensure()
- Add a Schema.Fresh() method to set a "bootstrap" SQL statement
- Complete moving schema creation logic to schema.Schema
- Rename Daemon.db to Daemon.nodeDB
- Convert a few call sites of sql.DB.Begin to db.DB.Begin
- Rename State.DB to State.NodeDB
- Convert remaining call sites of the low-level db.Begin function
- Rename db.QueryScan to db.queryScan, making it unexported
- Remove direct use of the low-level db.Exec() func outside of lxd/db/
- Rename db.Exec to db.exec, making it unexported
- Move certificate db APIs to the db.Node facade
- Move container db APIs to the db.Node facade
- zfs: Fix slowdown because of mountpoint check
- tests: Deal with missing ttyS0/ttyS1 (on s390x)
- Move profile db APIs to the db.Node facade
- Move patches db APIs to the db.Node facade
- Move image db APIs to the db.Node facade
- Move devices db APIs to the db.Node facade
- Drop all references to Daemon.nodeDB
- Use instance-level cache dir variable instead of the environment one
- Use instance-level log dir variable instead of the environment one
- Use instance-level var dir variable instead of the environment one
- Add initial Go-level daemon integration-like test
- Add lxd/config sub-package implementing structured config maps
- Rename db_test.go to db_internal_test.go, since it's white box
- Add db.NewTestNode helper for database-related unit tests
- Add a db.NodeTx structure to abstract away low-level transactions
- Add low-level query helpers for changing config tables
- Add db APIs for fetching and changing node-local config values
- Add node.Config high-level API for modifying node-level config
- Cleanup test state at every test, to improve isolation.
- Move node-level schema updates to their own db/local/ sub-package.
- Add Schema.ExerciseUpdate() for testing a individual update
- Fix spurious tx.Exec argument in lxd/db/schema/query.go
- Extract the APIExtensions list from api10Get
- Add error messages to lxdTestSuite setup and teardown
- Add query.Count utility
- Switch to the built-in log15
- Setup mock storage driver
- Extract initialization of the REST and /dev/lxd http Server
- Add support for gracefully aborting schema.Ensure
- Drop the containerLXC.OS() convenience
- Rename container.StateObject() to container.DaemonObject()
- Drop the storageShared.OS() convenience
- Move util.AppArmorCanStack to a private appArmorCanStack in lxd/sys
- Drop trailing slash from cgroup paths definitions
- Drop pointless comments about function calls being no-op
- Rename variable "code" to "kind" for consistency
- Drop logging message when retrying to listen to a network port
- Fixed typos in the task sub-package
- Fix docstring in shared.KeyPairAndCA
- Drop unused import in lxd/db/certificates.go
- Rename Cert to Certificate in API names of lxd/db/certificates.go
- Fix import formatting in lxd/db/patches.go
- Split version declarations in shared/version into several files
- shared/logging: Add freebsd build conditional to log_posix.go
- Switch to the built-in log15
- Gracefully cancel tasks on daemon shutdown
- Fixed wording in comment
- Tweak schedule function for pruning images
- Expose task.Task instead of returning an integer handle
- client: Name all the return values in interfaces
- Fix some typos
- Fix some typos
- tests: Check for typos
- tests: Add test for unused variables
- api: add console structs
- client: add client API ConsoleContainer()
- container_lxc: add lxcParseRawLXC()
- client: add client API GetContainerConsoleLog()
- client: add client API DeleteContainerConsoleLog()
- container_exec: check for OpenPty() error
- client: add "ConsoleDisconnect" argument
- shared/idmap: Fix handling of hardlinks
- lxd/containers: Skip sockets in tarballs
- lxd/dameon: Add LXD_EXEC_PATH to override execPath
- Fix a number of unchecked variables
- lxd/containers: Only init the config if needed
- lxc/file: Log downloads/uploads
- lxd/init: Re-add missing ZFS pool name question
- lxd/init: Fix bad handling of dir backend
- Added documentation about shell env to lxc exec
- lxd-benchmark: Change the default count of containers from 100 to 1
- shared/util: add EscapePathFstab()
- devlxd: Properly lock the internal struct
- migrate.proto: silence protobuf compiler warning
- migrate: older than lxc 2.0.4 will fail
- Makefile: Better detect sqlite3.h
- client: URL escape all user input
- devlxd: Cleanup in preparation for events
- lxd/certificates: Add missing name value
- Makefile: Don't hardcode gcc
- container_lxc: actually return an error
- i18n: Update translation templates
- travis: Bump Go versions
- shared/utils: deal with symlinks
- travis: Limit to just Go 1.9
- Update LVM documentation
- zfs: fix argument order of zfs get commands.
- network: fix insertNetworkDevice()
- container_lxc: escape paths fstab style
- migrate: prepare for pre-copy migration
- Fixed typo in comment about SubCommands in lxd/main.go KishanRPatel katiewasnothere dinopanda jialin-li kianaalcala
- lxd/containers: Fix race condition in shutdown
- lxd/containers: Log auto-start errors
- lxc/exec: Fix typo
- lxd/containers: Fix tc egress rules
- lxd/events: Cleanup event listener setup
- Update issue template
- doc: Add /images/
/secret to API list - lxd/containers: No slahses in snapshot names
- lxd/init: Strip leading and trailing spaces
- change “your first time using LXD” to something less confusing
- doc/README: Update source build instructions
- doc/containers: Document CPU limits
- i18n: Update translation template
- scripts/vagrant: The LXD PPA is gone
- allow arbitrary users to read idmaps
- drop \n from IdmapSet's ToLxcString
- lxd/containers: Fix container shutdown on exit
- lxd/main: Don't mention --preseed on 2.0
- i18n: Fix bad japanese translation
- fix parsing for container name tab-completion
- lxc/file: Fix edit in a snap environment
- shared/idmap:DefaultIdmapSet(): take a user argument
- *: move download function to shared
- shared/hostpath: Also check SNAP_NAME
- shared/hostpath: Properly handle prefix check
- termios: Workaround vet on go tip
- test: fix shellcheck complaints
- lxd,shared: move archive functions to shared
- containers: Default to pids cgroup for fork bomb mitigation
- tests: Check for mixed tabs/spaces and trailing whitespaces
- tests: Fix mixed tabs/spaces
- api: Include message format for events
- events: Use api message type
- api: Add NetworkLease struct
- client: Add network leases handling
- lxc: Properly handle the --version flag
- lxd-benchmark: Fix new go vet warnings
- lxc: Make the
/ syntax work - i18n: Update translation templates
- Make the test suite use lxc.apparmor.profile instead of lxc.aa_profile
- Check for LXC version to decide which apparmor profile config key to use
- setup-lvm: Fix pyflakes warnings
- shared/cancel: Properly lock map
- shared/cancel: Make the cancel code golint clean
- lxd: Rework listening logic
- lxd-benchmark: Fix golint
- lxd/types: Make golint clean
- client: Check API extension for storage
- client: Check API extension for network
- shared/api: add local storage volume {copy,move}
- client: add {Copy,Move}StoragePoolVolume()
- api: Add description field on operation
- shared/eagain: Make our EAGAIN code a new package
- lxd/netcat: Port to using shared/eagain
- lxd/daemon: Cleanup startup code a bit
- tests: Wait up to 20s for image to expire
- tests: Consistency
- fuidshift: Drop specific Makefile
- shared/version: Include storage backends in agent
- lxc: Fix golint
- lxd/util: Fix golint
- tests: Update list of golint clean packages
- i18n: Look at all lxc files
- lxc: Introduce a new utils package
- lxd: Move migration code to own package
- shared: Remove dead code
- lxd: Restrict pongo2 file functions
- tests: Fix recent Go test breakages
- lxc/utils: Sync stringList with master
- scripts/bash: tweak complete line for snaps
- Add some missing "Return:" headings to make sample return values formatting right
- container_lxc: keep full capability set
- Fix version parsing of LXC betas
- Ignore io.EOF errors when performing PUT /internal/shutdown
- lxd/shutdown: Fix error string check
- lxd/shutdown: Fix typo in error handling
- lxd/init: Prevent non-root execution
- lxd/init: Don't fail test when non-root
- memory: fix format string
- db: Fix bad format string
- client: Remove debug statements
- db: Fix more format issues
- lxd/migration: Update protocol
- i18n: Update message catalogs and Japanese translation
- shared/api: Don't re-define fields
- doc: add the appropriate titles to some documents
- lxc: Fix manpage subcommand
- shared/idmap: Workaround Go tip change
- lxc: Remove dead code
- Manually release the liblxc structs
- lxd/containers: Adapt to go-lxc Release
- tests: Bump LV size to 50MB
- lxd/util: Fix formatting
- tests: Tweak fdleak test
- lxd/util: Add missing import
- travis: Sync with current
- Release LXD 2.0.12
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.0.3 リリースのお知らせ¶
12th of August 2020
Introduction¶
LXD チームが LXD 4.0.3 のリリースをお知らせします!
このリリースは、2025 年 6 月までサポートされる LXD 4.0 に対する 3 つめのバグフィックスリリースです。
バグ修正と改良 ¶
このリリースには、開発ブランチからの数カ月分のバグフィックスと細かな改善が含まれています。
このリリースでは、VGA コンソール(LXD API 内の SPICE)とプロジェクトのディスク制限が含まれており、少し拡張された「マイナーな改良」となっています。4.0 リリースの主要な機能のいくつかのギャップを埋めるには、これが重要で(そして簡単だ)と思ったのです。
これらの機能は、データベーススキーマの更新を必要とせず、ダウングレードを防止したり、ディスク上の構造を変更したりすることもありませんので、変更を行うことは安全で重要であると感じました。
主な変更点は次のとおりです:
lxc launchに新たに--consoleフラグが追加されました- 仮想マシン内の
/dev/lxdAPI のサポート /1.0/resourcesAPI 内で GPU 媒介(mediated)デバイスのサポート- 仮想マシンに対する VGA コンソールのサポートの追加。クライアントで
--console=vga(lxc launchもしくはlxc start)や--type=vga(lxc console)を指定します dnsmasqとforkdnsに対する自動的な AppArmor プロファイルの生成- プロジェクトに対するディスク制限(
limits.disk設定オプション)
コミットの全リストは次のとおりです(翻訳なし):
- lxd/storage: Better handle broken volumes
- client: Handle unknown image sizes
- lxd/response: Stream multi-part responses
- lxd/device/disk: Fixes cloud-init errors for VMs
- lxc/action: Show usage on missing target
- lxd/storage: Rely on UsedBy for deletion error
- lxd/instances/qemu: Use images dir during compression
- lxd/storage/drivers: Rename fs to filesystem
- shared/api: Add ContentType to storage volume structs
- client: Support custom block volumes
- lxd/util: Detect hugetlbfs mount point
- lxd/cluster: Always check for dqlite protocol version mismatches
- lxd/cluster: Don't run unncessary HEAD probe upon dqlite connections
- forksyscall: use nsids for shiftfs syscall intercepts
- lxd/db: Drop ClusterRoleDatabase records from the database
- lxd/cluster: Fetch database role information directly from raft
- lxd/storage: Fix regression in truncate handling
- lxd/cluster: Only look up raft_nodes for resolving the address of node 1
- lxd/cluster: Leverage RolesChanges.Handover() to choose handover target
- lxd: Increase timeout of go unit tests when ran from Emacs
- lxd/cluster: Skip unncessary loading of nodes from database in Rebalance()
- lxd/cluster: Leverage RolesChanges.Adjust() to choose rebalance target
- lxd/cluster: Increase time budget of client.Assign() when assigning voter role
- lxd/cluster: When demoting to Spare only transition to StandBy if Voter
- lxd/project: Add more name checks
- doc/server: Cover listen + authentication
- lxd/qemu: Don't do file lock on custom volumes
- shared/api: Add FailureDomain field to ClusterMemberPut
- client: Check clustering_failure_domains extension when updating a member
- instance: update terminology I
- lxd/network: Validate ipv4/ipv6 routes
- lxd/proxy: Fix govet
- lxd/rsync: Add AtLeast
- lxd/rsync: Filter out security.selinux
- lxd-p2c: Filter out security.selinux
- lxc-to-lxd: Filter out security.selinux
- lxc/launch: Add --console
- instance: introduce container_syscall_filtering_allow_deny extension
- tests: remove trailing comma
- lxd/instance/drivers: Provide instance-data file
- lxd-agent: Support /dev/lxd
- lxd/instance/drivers: Allow updating running VMs
- tests: Fix bad ipv6.routes value
- lxc/instance/drivers/qemu: Support ephemeral VMs
- lxd/qemu: Use memory backend ram/file
- lxc/image: Fix dir handling on snap
- lxd/qemu: Fix crash on non-pinned VM
- lxc/image: Fix more dir handling on snap
- terminals: update terminology again
- doc/instances: Improves proxy docs
- lxc/main_alias: Handle leading arguments
- lxd/storage: Fix block volume migration
- lxd/rbac: Always allow internal cluster traffic
- units: handle multiplication integer overflow
- lxd/rsync: Untangle from daemon package
- lxd/qemu: Don't use file.locking with rbd
- lxd/storage/zfs: Use autotrim when available
- lxd: Add clustering_fix_raft_address_zero patch to fix node with "0" as address
- Revert "lxd/storage: Fix block volume migration"
- lxd/resources: Use udev model data if available
- Decode error
- doc/api-extensions: Fix escaping
- share/api: Add GPU mdev
- lxd/resources: Add GPU mdev
- api: Add GPU mdev
- lxd/qemu: Fix unbound hugepages
- lxd/qemu: Properly connect memory
- api: console_vga_type
- doc/rest-api: Add type field to console
- shared/api: Add Type field to InstanceConsolePost
- lxd/instance: Add protocol argument to Instance.Console()
- lxd/instance/drivers: Support VGA output in qemu.Console()
- lxd: Handle "vga" type in console API handler
- client: Add ConsoleInstanceDynamic() to support multiple websocket connections
- lxc: Add --type flag to "lxc console"
- i18n: Update translation templates
- lxc/console: Missing error handling
- lxc/console: Prefer remote-viewer
- lxc: Populate cmdConsole.flagType also when ran manually
- lxc/console: Short argument for type
- lxc: Allow using --console=TYPE
- lxd/images: Rename imgPostContInfo to imgPostInstanceInfo
- lxd/instances: Return and set image properties
- lxd/qemu: Add support for spice agent
- lxc/console: Disconnect on shutdown
- lxd/db: Drive-by removal of leftover fmt.Printf's
- lxd/main_daemon: s/containers/instances/
- lxd: s/containersShutdown/instancesShutdown/
- lxd: Add context to daemon
- lxd/operations: Add db operation type to Operation
- lxd: Add waitForOperations()
- lxd: Shut down gracefully
- lxd/operations/operations: Fix hanging cancelation
- lxd/instance_post: Pass cancel function to websocket operation
- client/lxd_instances: Cancel websocket op if needed
- lxd/daemon: Return 503 when shutting down
- doc/api-extensions: Fix over-escaping
- lxd: Add --force flag to lxd shutdown
- shared/instance: Move network validation functions to shared
- lxd/db/networks: Adds internal network type constants
- lxd/db/networks: Updates CreateNetwork to accept a network type
- lxd/db/networks: Updates CreatePendingNetwork to accept a network type
- lxd/network/network/interface: Adds network interface
- lxd/network/network/load: LoadByName to use Network interface, add Validate
- lxd/network/errors: Adds error constants
- lxd/network/network/utils: Moved validation functions from main package
- lxd/network/driver/common: Adds common driver
- lxd/network/driver/bridge: Renames network to driver_bridge
- lxd/networks/utils: Remove unused network validation functions in main
- lxd/device/device/utils/network: Removes unused validation functions
- lxd/device/device/utils/proxy: shared.IsNetworkAddress usage
- lxd/device/nic: shared validation function usage
- lxd/device/nic/bridged: Support Network interface
- lxd/device/nic/ipvlan: shared validation function usage
- lxd/device/nic/routed: shared validation function usage
- lxd/main/init/interactive: Uses network name validation from network package
- lxd/networks: ValidNetworkName usage in networkPost
- lxd/networks: Updates doNetworkUpdate to use network package validation
- lxd/networks: Updates networksPost to support network type
- lxd/networks: Remove use of network.IsRunning in networkShutdown
- lxd/networks/config: Removed
- lxd/networks/utils: Updates usage of n.RefreshForkdnsServerAddresses to generic n.HandleHearbeat
- lxd: Updates network tests to pass netType
- lxd/network/network/utils: Unexports usesIPv4Firewall and usesIPv6Firewall
- lxd/network/driver/bridge: usesIPv4Firewall and usesIPv6Firewall usage
- lxd/apparmor: Use templating
- lxd/apparmor: Use proper version parsing
- lxd/network/driver/common: Adds config diff and db update common functions
- lxd/network/driver/common: Adds contextual logger
- lxd/network/driver/common: Removes stuttering on "common" in validation rules function
- lxd/network/driver/bridge: Updates to use contextual logger
- lxd/network/driver/bridge: Simplifies Update function to use common update functions
- lxc/networks: Renames notify to clusterNotification in doNetworkUpdate
- lxd/network/network/interface: Clarifies Update arguments
- lxd/network/network/interface: Renames Delete withDatabase arg to clusterNotification
- lxd/network/driver/common: Adds common delete function
- lxd/networks: Cleans up networksPost to use clusterNotification argument correctly
- lxd/networks: Log quoting in networksPostCluster
- lxd/networks: Cleans up doNetworksCreate to use clusterNotification argument
- lxd/network/driver/bridge: Updates Delete to use common delete function
- lxd/network/driver/bridge: Adds logging to Update
- lxd/networks: Removes bridge specific logic in doNetworkUpdate
- lxd/network/driver/bridge: Adds fan auto detection logic to Update
- lxd/network/driver/common: Adds rename common function
- lxd/network/driver/bridge: Updates Rename to use common rename function
- lxd/networks: networkPost logging quoting
- lxc/network/driver/bridge: isRunning comment
- lxd/network/driver/bridge: Unexports hasIPv4Firewall and hasIPv6Firewall
- lxd/networks: Detect unknown network type in networksPost, dont assume bridge
- lxd/networks: comment fix in networksPostCluster
- lxd/networks: Allow for different managed network types in doNetworkGet
- lxd/network/network/interface: Adds fillConfig to interface
- lxd/network/driver/common: Adds default fillConfig function
- lxd/network/driver/common: Adds default HandleHeartbeat function
- lxd/network/network/load: Adds per-driver FillConfig wrapper
- lxd/network/network/utils: Removes generic FillConfig
- lxd/network/driver/bridge: fillConfig implementation
- lxd/network/driver/bridge: Exposes error message from ValidNetworkName in Validate
- shared/version: Add projects_limits_disk extension
- doc: Document limits.disk project configuration key
- lxd: Add "limits.disk" to supported project config keys
- lxd/project: Check that root disk sizes are within limits.disk
- lxd/project: Add projectInfo struct to hold together project's extra info
- lxd/db: Add GetCustomVolumesInProject() to fetch custom volumes in a project
- lxd/project: Fetch the project's custom volumes
- lxd/project: Consider custom volumes sizes in checkAggregateLimits
- lxd/project: Add AllowVolumeCreation() to check limits upon volume creation
- lxd: Call project.AllowVolumeCreation() before creating custom volumes
- lxd/project: Add AllowVolumeUpdate() to check custom volumes config updates
- lxd: Call project.AllowVolumeUpdate() before modifying a custom volume
- shared: Add QuotaWriter
- lxd/project: Add GetImageSpaceBudget() returning image disk space budget
- lxd: Possibly limit the disk space that can be used by POST /1.0/images
- lxd: Check available project budget when publishing an instance as image
- lxd/project: Fill missing fields when checking instance creation
- lxd/project: Skip checks when unsetting limits
- lxd: Honor project disk budget when downloading images
- test: Add tests for the "limits.disk" project config key
- lxd/sys: Create apparmor/seccomp paths
- lxd/apparmor: Split and rename instance functions
- lxd/resources/storage: Use ID_MODEL_ENC when possible
- shared: Add InSnap
- shared/subprocess: Add AppArmor support
- lxd/apparmor: Rename template
- lxd/apparmor: Add dnsmasq profile
- lxd/networks: Use AppArmor when available
- tests: Delete leftover storage volume
- lxd/operations/operations: Renames Operations to Clone
- lxd-agent/operations: operations.Clone() usage
- lxd: operations.Clone() usage
- Drop from .travis.yaml Go versions we don't support anymore
- shared/api/network: Adds network status constants
- lxd/networks: API constant usage in networkDelete
- lxd/network/network/load: Adds status
- lxd/network/network/interface: Adds status function
- lxd/network/driver/common: Adds status field and function
- lxd/network/driver/bridge: Don't allow starting a pending network
- lxd/device/nic/bridged: Usage of d.state.Cluster.GetNetworkInAnyState in rebuildDnsmasqEntry
- lxd/api/cluster: Usage of api.NetworkStatusPending
- lxd/db/networks: Usage of api package's NetworkStatus constants in getNetwork
- lxd/db/networks: Removes unused GetNetwork
- lxd/db/networks: GetNonPendingNetworks comment
- lxd/db/networks: Allow pending nodes to be added to errored networks in CreatePendingNetwork
- lxd/db/networks: CreatePendingNetwork comments and line spacing
- lxd/networks/utils: Skip network load error in networkUpdateForkdnsServersTask
- lxd/device/nic/bridged: Validates network is type bridge
- lxc/device/nic/bridged: Only allow using non-Pending networks
- lxd/networks: Various comment and error quoting consistency fixes
- lxd/networks: Validate network name earlier in networksPost
- lxc/networks: Validate config in doNetworksCreate
- lxd/db/networks: Ensure that network type matches existing pending network in CreatePendingNetwork
- lxd/db/networks: Remove errored state on successful update in UpdateNetwork
- lxd/network/driver/bridge: Adds targetNode arg to Update
- lxd/network/network/interface: Adds targetNode arg to Update
- lxd/network/driver/common: Tweaks to update function in cluster environment
- lxd/networks: networksPost error response tweaks
- lxd/networks: Updates networksPostCluster
- lxd/networks: Unifies networkPut and networkPatch
- lxd/device/nictype: Adds small package to resolve NIC device nictype from network
- lxd/device/config/devices: Removes NICType
- lxd/device/config/devices: Improves comment on Update
- lxd/device/device/load: Removes devTypes map and updates load to use NICType function
- lxd/device: Removes device load helpers
- lxd/device/device/utils/network: nictype.NICType usage
- lxd/device/nic/bridged: Updates usage of functions whos signatures changed due to NICType
- lxd/device/nic/p2p: Updates usage of functions that changed signature due to NICType
- lxd/device/proxy: nictype.NICType usage
- lxd/instance/drivers/driver/lxc: nictype.NICType usage
- lxd/instance/drivers/driver/qemu: nictype.NICType usage
- lxd/network/driver/bridge: Usage of functions that changed signature due to NICType
- lxd/network/driver/common: Updates IsUsed for NICType signature changes and checks for profile usage
- lxd/network/network/interface: Signature change of IsUsed to accomodate NICType
- lxd/network/network/utils: Usage of nictype.NICType and signature changes to accomodate it
- lxd/networks: nictype.NICType usage and comment improvements
- lxd/networks: Comment ending consistency
- test: Updates tests to delete profiles before networks
- lxd/networks: Remove database record on error in networksPost
- test: sriov NIC comment ending consistency
- doc/networks: Re-arranges network docs to support different types
- doc/networks: Fixes typo
- lxd/network/openvswitch/ovs: Adds OVS wrapper
- lxd/network/driver/bridge: ovs usage
- lxd/network/network/utils: ovs usage
- lxd/networks: ovs.BridgeExists usage
- tree-wide: add dummy include package for cgo
- doc/images: Cover the various image servers
- doc: Typo fix
- lxd/networks: Fixes bug in doNetworkUpdate that prevents removal of non-node specific keys
- lxd/network/driver/bridge: Consistent comment ending in setup()
- lxd/network/network/interface: fillConfig signature
- lxd/network/driver/common: Updates fillConfig signature
- lxd/network/driver/bridge: Updates fillConfig signature
- lxd/network/network/load: Updates FillConfig to use new signature
- lxd/network/driver/bridge: Fixes Update to regenerate default values if missing
- test/suites/container/devices/nic/bridged: Fixes DHCP disable by setting IP address none
- lxd/network/driver/bridge: Dont fail start if cannot restore third party route
- lxd/migrate: Fix crash in sendControl when no active connection
- lxd/operations: Fix typo
- lxc/export: Plug in cancelable wait
- i18n: Update translation templates
- lxd/devices/device/utils/network: Removes networkValidMAC
- shared/instance: Adds IsNetworkMAC for use in network and device packages
- lxd/device/nic: shared.IsNetworkMAC usage
- lxd/network/driver/bridge: Adds volatile.bridge.hwaddr key
- shared/validate: Adds validate helper package
- lxd: Updates use of validate helper functions now in validate package
- shared: Removes validate helper functions
- lxd/device/device/utils/infiniband: Changes infinibandValidMAC to use net.ParseMAC
- lxd/device/device/utils/infiniband/test: Changes test name for linter
- lxd/networks: Allow update/removal of node-specific key in non-clustered mode
- lxd/network/driver/bridge: Adds safety check for volatile MAC address usage
- lxd/device: fix empty error message when tc fails
- test: Wait for operations to be removed from the database
- shared/validate: Adds Optional() validate wrapper
- shared/validate: Makes IsInt64 non-optional
- lxd/network/driver/bridge: Add validate.Optional() wrapper for validate.IsInt64 usage
- lxd/storage/utils: Adds validate.Optional() wrapper for validate.IsInt64 usage
- shared/instance: Adds validate.Optional() wrapper for validate.IsInt64 usage
- lxd/device/device/utils/network: Removes networkValidVLAN
- shared/validate: Adds IsNetworkVLAN
- lxd/device/nic: validate.IsNetworkVLAN usage
- seccomp: switch from individual pread() to process_vm_readv()
- seccomp: fix i386 builds
- seccomp: ensure that target process is still valid
- client: Move proxyMigration
- lxd: Port remaining calls to instance
- lxd/network/driver/common: Adds Create function no-op
- lxd/network/network/interface: Adds Create function
- lxd/networks: Adds call to network Create in doNetworksCreate
- lxd/device/device/utils/network: Adds networkDHCPValidIP
- lxd/device/nic/bridged: Removes networkDHCPValidIP
- lxd/device/device/utils/networks: Splits networkSetupHostVethDevice into multiple functions
- lxd/device/nic/bridged: networkVethFillFromVolatile usage and other host-veth functions
- lxd/device/nic/p2p: networkVethFillFromVolatile usage and other host-veth helper functions
- lxd/device/nic/routed: networkVethFillFromVolatile usage and other host-veth helper functions
- lxd/network/network/utils: Updates isInUseByDevices to support networks that don't match their physical parent
- lxd/device: Add missing sriov type
- lxc/move: Allow --target with cluster destination
- i18n: Update translation templates
- lxd/networks: Validate network config before starting networks on startup
- lxd/network/driver/common: Call init() in update() to consistency apply new internal state
- lxd/device/device/utils/network: Removes networkDHCPValidIP
- lxd/dnsmasq/dhcpalloc: Adds static DHCP allocation package for dnsmasq
- lxd/dnsmasq: Renames DHCPStaticIPs to DHCPStaticAllocation
- lxd/dnsmasq: Renames DHCPAllocatedIPs to DHCPAllAllocations
- lxd/network/network/utils: Removes GetIP
- lxd/network/network/utils: dhcpalloc.GetIP usage
- lxd/network/network/utils: dnsmasq.DHCPStaticAllocation usage
- lxd/network/network/interface: Changes of functions to accomodate dhcpalloc package
- lxd/network/driver/common: Implements default no-op function for non-dhcp enabled networks
- lxd/network/driver/common: dhcpalloc.DHCPRange usage
- lxd/network/driver/bridge: dhcpalloc package function usage
- lxd/network/driver/bridge: DHCPv4Subnet and DHCPv6Subnet implementations
- lxd/device/nic/bridged: Comment correction
- lxd/device/nic/bridged: n.DHCPv4Subnet and n.DHCPv6Subnet usage
- lxd/device/nic/bridged: dnsmasq.DHCPStaticAllocation usage
- lxd/device/nic/bridged: dhcpalloc.DHCPValidIP usage
- lxd/device/nic/bridged: Switches static DHCP allocation for IP filtering to dnsmasq/dhcpalloc
- lxd/main_activateifneeded: Clarify 'No DB' debug statements
- doc: s/container/instance/g
- doc/backup: Add note about the snap mntns
- lxd/apparmor: Don't fail on missing apparmor
- shared/validate: Makes IsUint32 non-optional
- lxd: Wraps validate.IsUint32 in validate.Optional
- shared/instance: Wraps validate.IsUint32 in validate.Optional
- shared/validate: Makes IsUint8 non-optional
- lxd/network/driver/bridge: Wraps validate.IsUint8 in validate.Optional
- shared/validate: Makes IsPriority non-optional
- shared/instance: Wraps validate.IsPriority in validate.Optional
- shared/validate: Makes IsBool non-optional
- lxd: Wraps validate.IsBool in validate.Optional
- shared/instance: Wraps validate.IsBool in validate.Optional
- shared/validate: Makes IsSize non-optional
- lxd: Wraps validate.IsSize in validate.Optional
- shared/instance: Wraps validate.IsSize in validate.Optional
- shared/validate: Makes IsNetworkAddress non-optional
- lxd: Wraps validate.IsNetworkAddress in validate.Optional
- shared/validate: Makes IsNetworkV4 non-optional
- lxd/network/driver/bridge: Wraps validate.IsNetworkV4 in shared.Optional
- shared/validate: Makes IsNetworkAddressV4 non-optional
- lxd/device/nic: Wraps validate.IsNetworkAddressV4 in validate.Optional
- lxd/network/driver/bridge: Wraps validate.IsNetworkAddressV4 in validate.Optional
- shared/validate: Makes IsNetworkAddressCIDRV4 non-optional
- lxd: Wraps validate.IsNetworkAddressCIDRV4 in validate.Optional
- shared/validate: Makes IsDeviceID non-optional
- lxd/device: Wraps validate.IsDeviceID in validate.Optional
- shared/validate: Makes IsNetworkV6 non-optional
- shared/validate: Makes IsNetworkAddressCIDRV6 non-optional
- lxd: Wraps validate.IsNetworkAddressCIDRV6 in validate.Optional
- shared/validate: Makes IsNetworkAddressV6 non-optional
- lxd: Wraps validate.IsNetworkAddressV6 in validate.Optional
- lxd/device/nic/routed: Wraps validate.IsNetworkAddressV4List in validate.Optional
- lxd: Wraps validate.IsNetworkV4List and validate.IsNetworkV6List in validate.Optional
- shared/validate: Tweaks IsNetworkVLAN error message ordering
- shared/validate: comment spacing
- daemon: check whether shiftfs is useable
- lxd/network/network/utils: Renames ValidNetworkName to validInterfaceName
- lxd/network/network/utils: Adds validVirtualNetworkName
- lxd/network/network/interfaces: Adds ValidateName
- lxd/network/driver/bridge: Implements ValidateName
- lxd/network/network/load: Adds ValidateName helper function
- lxd/main/init/interactive: Switches to network.ValidateName for bridge validation
- lxd/networks: Switches to network.ValidateName
- lxd/storage/utils: Simplifies error message from ValidName
- lxd/cluster/config: Fix import ordering of external package
- lxd/network/openvswitch: Name functions consistently using ObjectAction format
- lxd/network/driver/bridge: OVS function naming usage
- lxd/network/network/utils: OVS function naming usage
- lxd/network/network/interface: Adds ID() function
- lxd/network/driver/common: Implements ID() function
- lxd/resources: Fix total memory for per NUMA node
- lxd/rsync: Don't pass --bwlimit when no limits set
- client/operations: Fixes race conditions
- lxd/operations: Fixes race conditions
- client: More races fixed
- Makefile: Adds race target for enabling race detector
- Makefile: Correctly builds lxd-p2c and lxd-agent in debug and nocache targets
- client/operations: Race fix
- lxd/db: Adds mutex to fix races
- lxd/operations: Fixes races
- shared/validate: Adds IsURLSegmentSafe function
- lxd/network/driver/common: Adds common ValidateName function
- lxd/network/driver/bridge: Changes ValidateName to use common validation too
- lxd/network/network/load: Adds field name context to name validation errors
- lxd/network/network/utils: Removes validVirtualNetworkName
- lxd/networks: Returns network context on network startup failure
- shared/validate: Adds Required() and makes Optional() accept multiple validators
- test/suites/storage: LVM size tweaks
- lxd: enable safe native container terminal allocation
- exec: fix OpenPtyInDevpts()
- lxd/instance/drivers/driver/lxc: Adds nil check in getLxcState
- lxd/storage/locking: Moves package to lxd/locking
- lxd/locking: Renames variables to make them generic
- lxd/storage/drivers/utils: Adds OperationLockName function
- lxd/storage: locking.Lock usage with OperationLockName wrapper
- lxd/network/driver/bridge: Don't allow stable volatile MAC with fan network
- lxd/network/driver/bridge: Don't allow hwaddr to be set in fan mode
- seccomp: update comment about blocking the new mount api
- syscall_numbers: fix pidfd_open() definition
- lxd_seccomp: add SECCOMP_IOCTL_NOTIF_ADDFD definitions and types
- checkfeature: check for seccomp notify fd injection feature
- syscall_numbers: add pidfd_getfd()
- syscall_numbers: add bpf()
- seccomp: report helpful errors when determining support for features
- seccomp: handle liblxc sending the notify fd as part of the seccomp message
- syscall_numbers: add close_range()
- exec: switch to close_range() syscall
- process_utils: remove faulty license
- lxd/apparmor/dnsmasq: Add binary for nesting
- lxd/storage/drivers/ceph: Fix volume deletion
- lxd/instance/drivers/driver/qemu: Fix race in onStop getting operation
- lxd/db: Fix premature failure when listing cluster volumes
- lxd/db/storage_volumes: Add comments regarding behaviour
- doc/production-setup: Fix escaping
- doc/production-setup: Update introduction
- lxd: Fix automatic storage volume snapshots
- cluster: Don't upgrade nodes without raft role concurrently
- lxd/network/network/load: Moves fillAuto logic into per-driver fillConfig function
- lxd/network/utils: Moves fillAuto into bridge's fillConfig function
- lxd/network/network/utils: Adds randomHwaddr function
- lxd/patches: Adds patch to remove volatile.bridge.hwaddr network key
- lxd/network/bridge/driver: Removes volatile.bridge.hwaddr and adds stable MAC generation
- shared/usbid: Don't auto-load
- lxd/resources: Load USB database
- lxd/apparmor: Move dnsmasq functions
- lxd/apparmor: forkdns profile
- lxd/sys: Add unpriv uid/group
- lxd/instances: Update for OS type change
- shared/subprocess: s/Pid/PID/
- shared/subprocess: Add credentials
- lxd/network: forkdns and creds drop for forkdns
- lxd/network: Run dnsmasq as unpriv group
- lxd/device/device/common: Adds common contextual logger
- lxd/network/driver/bridge: Validates bridge.external_interfaces using validate.Optional() helper
- shared/validate: Adds network IP range validators
- lxd/network/driver/bridge: Adds DHCP IP range validation
- shared/network/ip: Defines IPRange struct
- lxd/dnsmasq/dhcpalloc: Removes DHCPRange and switches to shared.IPRange
- lxd/network: Replaces dhcpalloc.DHCPRange with shared.IPRange
- lxd/storage: Fix delete of remote pools
- lxd/storage/ceph: Allow for small size variation
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.4 リリースのお知らせ¶
31st of July 2020
はじめに ¶
LXD チームは LXD 4.4 のリリースをお知らせできることにワクワクしています!
このリリースは、ユーザーの方々すべてに新しい機能を提供する非常に忙しいリリースのひとつになりました。クラスタリングとマルチユーザーのデプロイメントを大幅に改良し、今後さらにエキサイティングな機能を追加するための基盤になっています。
Enjoy!
新機能とハイライト ¶
仮想マシン向けの VGA コンソール ¶
LXD 4.3 では、QEMU の設定に、デフォルトの virtio-gpu デバイスと SPICE 通信チャンネルのサポートを追加しました。
このリリースでは、実際に仮想 GPU にアタッチして操作するための通信メカニズムとクライアントロジックが追加されました。
lxc launch もしくは lxc start に --console=vga を指定するか、lxc console に --type=vga を指定できます。これを使うには、クライアントシステム上で remote-viewer か spicy が利用できる必要があります。もしどちらもない場合は、SPICE ソケットがクライアント上にマッピングされ、パスが提供されます。
この API は LXD 自身の websocket コンソール API に基づいていますが、spice-html5 と互換性があるため、LXD にアクセスする Web インターフェースに使用できます。
クラスタリングの failure domain ¶
LXD はクラスターメンバーに対する failure domain のコンセプトを公開するようになりました。
これにより、どのシステムが同時にオフラインになりそうかを LXD データベースに伝えることができますので、リーダーを選出する際や、クラスターメンバーを別のデータベースロールに昇格させたりするときに、より良い決定を下せるようになります。
failure domain の例としては、物理システムの電源回路、仮想マシン上で LXD が実行されている場合のホストシステム、クラウドインスタンス上で LXD が実行されている場合のクラウドアベイラビリティゾーンやリージョンがあります。
root@nuc01:~# lxc cluster list +-------+----------------------------+----------+--------+-------------------+--------------+----------------+ | NAME | URL | DATABASE | STATE | MESSAGE | ARCHITECTURE | FAILURE DOMAIN | +-------+----------------------------+----------+--------+-------------------+--------------+----------------+ | nuc01 | https://172.17.16.140:8443 | YES | ONLINE | fully operational | x86_64 | pdu01 | +-------+----------------------------+----------+--------+-------------------+--------------+----------------+ | nuc02 | https://172.17.16.139:8443 | NO | ONLINE | fully operational | x86_64 | pdu02 | +-------+----------------------------+----------+--------+-------------------+--------------+----------------+
仮想マシンの /dev/lxd ¶
/dev/lxd API(英語サイト)が仮想マシンでも利用できるようになりました。
これはコンテナ内の場合と同じように動作します。しかし、イメージダウンロードの転送機能は利用できません。
デーモンの graceful シャットダウン ¶
これまでは、システムがシャットダウンされる際や LXD がアップデートされる際に、LXD がシャットダウンの指示を受けたときは、実行中のすべての操作が即座に中断されていました。
これはいくつかの不具合を引き起こしていました:
- いかなる lxc exec/console コマンドも即座に切断されていた
- イメージの更新が中断され、イメージが壊れたり失われたりする可能性があった
- マイグレーション中のインスタンスが、移行元サーバー上で停止したままの状態になっている可能性があった
新しいロジックは次のように処理しようとします:
- キャンセルできる操作はクリーンにキャンセルする
- 新しい操作の開始を防ぐ
- シャットダウン中のいかなる API 操作も防ぐ
- (exec/console のような)キャンセルできない操作を最大で 5 分待機する
残念ながら、lxc exec や lxc console のユーザーに数分後に切断されることを通知する良い方法はありません。どんな出力でも、その操作を妨げる可能性があるからです。しかし、5 分間の猶予時間は多くの場合で充分であり、現在の動作に比べて大きな改善になると考えています。
管理ネットワークの macvlan タイプと sriov タイプ ¶
管理ネットワークに、すでにある bridged に加えて新たにふたつのネットワークタイプが加わりました。
これは、macvlan もしくは sriov を使った管理ネットワークを定義し、(管理されたネットワークしか使えない)制限されたプロジェクトで使用できるようにすることができるようになったということです。
このように定義すると、MAAS サブネット、MTU、VLAN を事前に定義することができ、インスタンスごとに定義を繰り返し行う必要がありません。
これは、今後実装される仮想ネットワーク(OVN 経由)の外部レイヤーの基盤となります。これによりプロジェクトユーザーは、許可された管理ネットワークを使った独自のネットワークを、ホストシステムとコンフリクトする危険性なく構築できます。
root@lantea:~# lxc network create my-macvlan parent=enp11s0 --type=macvlan Network my-macvlan created root@lantea:~# lxc network create my-sriov parent=enp7s0 vlan=1017 --type=sriov Network my-sriov created root@lantea:~# lxc init images:ubuntu/20.04/cloud c1 Creating c1 root@lantea:~# lxc config device add c1 eth0 nic network=my-macvlan name=eth0 Device eth0 added to c1 root@lantea:~# lxc init images:ubuntu/20.04/cloud c2 Creating c2 root@lantea:~# lxc config device add c2 eth0 nic network=my-sriov name=eth0 Device eth0 added to c2 root@lantea:~# lxc start c1 c2 root@lantea:~# lxc list +------+---------+----------------------+-----------------------------------+-----------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +------+---------+----------------------+-----------------------------------+-----------+-----------+ | c1 | RUNNING | 172.17.16.224 (eth0) | 2001:470:b0f8:1016:1::dcba (eth0) | CONTAINER | 0 | +------+---------+----------------------+-----------------------------------+-----------+-----------+ | c2 | RUNNING | 172.17.17.241 (eth0) | 2001:470:b0f8:1017:1::c36d (eth0) | CONTAINER | 0 | +------+---------+----------------------+-----------------------------------+-----------+-----------+ root@lantea:~#
プロジェクト内のディスク使用量制限 ¶
最近、プロジェクトに対する制限(limit)と制約(restriction)が設定できるようになり、信頼できないユーザーが LXD を安全に使えるようになりました。その後、プロジェクトに欠けていた機能として、プロジェクトがディスクスペースのないホストシステムを実行できていたことがあります。
これは、新たに追加された limits.disk 設定キーがプロジェクトで利用可能になり、プロジェクトに対してトータルのディスク使用量を制限できるようになったことで問題ではなくなりました。
これはすべてのプロジェクトのインスタンス、イメージ、カスタムストレージボリュームに対して適用されます。
dnsmasq に対する AppArmor 制限 ¶
AppArmor サポートが拡張され、インスタンスに対する保護だけでなく、LXD が操作する他のサービスも保護するようになりました。
最初のこのような外部サービスは dnsmasq です。ネットワークごとの AppArmor プロファイルで実行されるようになりました。
LXD が起動する、長時間実行しつづけるプロセスのすべてをカバーするように、forkdns、forkproxy、qemu についても同様のプロファイルを追加する予定です。
リソース API の GPU 媒介(mediated)デバイス ¶
LXD は GPU の媒介デバイスを検出するようになりました。
これは Intel と NVIDIA の一部のデバイスでサポートされています。そして複数のプロファイルから選択できる物理デバイス上に仮想デバイスを作成できます。作成したデバイスは、仮想マシンの VFIO として使用できます。
現時点では、LXD は媒介デバイスを検出して表示するだけで、まだ仮想マシンでそれらを使用できません。
stgraber@castiana:~$ lxc query /1.0/resources | jq .gpu.cards
[
{
"driver": "i915",
"driver_version": "5.4.0-42-generic",
"drm": {
"card_device": "226:0",
"card_name": "card0",
"control_device": "226:0",
"control_name": "controlD64",
"id": 0,
"render_device": "226:128",
"render_name": "renderD128"
},
"mdev": {
"i915-GVTg_V5_4": {
"api": "vfio-pci",
"available": 0,
"description": "low_gm_size: 128MB\nhigh_gm_size: 512MB\nfence: 4\nresolution: 1920x1200\nweight: 4",
"devices": []
},
"i915-GVTg_V5_8": {
"api": "vfio-pci",
"available": 1,
"description": "low_gm_size: 64MB\nhigh_gm_size: 384MB\nfence: 4\nresolution: 1024x768\nweight: 2",
"devices": [
"7c43babb-cf2a-403c-ae5a-7c45aeb5fb2f"
]
}
},
"numa_node": 0,
"pci_address": "0000:00:02.0",
"product": "HD Graphics 620",
"product_id": "5916",
"vendor": "Intel Corporation",
"vendor_id": "8086"
}
]
lxc launch の --console オプション ¶
LXD 4.3 で lxc start と lxc restart に --console オプションが追加されました。このバージョンで、lxc launch でもインスタンスのコンソールにすばやくアクセスできるようになりました。
すべての変更点(翻訳なし) ¶
このリリースでのすべての変更点のリストは次のとおりです:
- lxd/cluster: Leverage RolesChanges.Handover() to choose handover target
- lxd: Increase timeout of go unit tests when ran from Emacs
- lxd/cluster: Skip unncessary loading of nodes from database in Rebalance()
- lxd/cluster: Leverage RolesChanges.Adjust() to choose rebalance target
- lxd/cluster: Increase time budget of client.Assign() when assigning voter role
- lxd/cluster: When demoting to Spare only transition to StandBy if Voter
- lxd/project: Add more name checks
- doc/server: Cover listen + authentication
- lxd/db: Add failure_domains table and nodes column reference
- lxd/qemu: Don't do file lock on custom volumes
- lxd/db: Add UpdateNodeFailureDomain() and GetNodesFailureDomains()
- lxd/cluster: Honor failure domains when changing roles
- shared/version: Add clustering_failure_domains extension
- shared/api: Add FailureDomain field to ClusterMemberPut
- lxd/cluster: Populate FailureDomain field when listing cluster members
- lxd: Support changing failure domain in PUT /1.0/cluster/
- client: Check clustering_failure_domains extension when updating a member
- doc: Add documentation about failure domains
- lxc: Add failure domain column in "lxc cluster list" output
- make i18n
- test: Add new clustering_failure_domains test case
- instance: update terminology I
- lxd/network: Validate ipv4/ipv6 routes
- lxd/proxy: Fix govet
- lxd/rsync: Add AtLeast
- lxd/rsync: Filter out security.selinux
- lxd-p2c: Filter out security.selinux
- lxc-to-lxd: Filter out security.selinux
- lxc/launch: Add --console
- instance: introduce container_syscall_filtering_allow_deny extension
- tests: remove trailing comma
- lxd/instance/drivers: Provide instance-data file
- lxd-agent: Support /dev/lxd
- lxd/instance/drivers: Allow updating running VMs
- tests: Fix bad ipv6.routes value
- lxc/instance/drivers/qemu: Support ephemeral VMs
- lxd/qemu: Use memory backend ram/file
- lxc/image: Fix dir handling on snap
- lxd/qemu: Fix crash on non-pinned VM
- lxc/image: Fix more dir handling on snap
- terminals: update terminology again
- doc/instances: Improves proxy docs
- lxc/main_alias: Handle leading arguments
- lxd/storage: Fix block volume migration
- lxd/rbac: Always allow internal cluster traffic
- units: handle multiplication integer overflow
- lxd/rsync: Untangle from daemon package
- lxd/qemu: Don't use file.locking with rbd
- lxd/storage/zfs: Use autotrim when available
- lxd: Add clustering_fix_raft_address_zero patch to fix node with "0" as address
- lxd/resources: Use udev model data if available
- Decode error
- doc/api-extensions: Fix escaping
- share/api: Add GPU mdev
- lxd/resources: Add GPU mdev
- api: Add GPU mdev
- lxd/qemu: Fix unbound hugepages
- lxd/qemu: Properly connect memory
- api: console_vga_type
- doc/rest-api: Add type field to console
- shared/api: Add Type field to InstanceConsolePost
- lxd/instance: Add protocol argument to Instance.Console()
- lxd/instance/drivers: Support VGA output in qemu.Console()
- lxd: Handle "vga" type in console API handler
- client: Add ConsoleInstanceDynamic() to support multiple websocket connections
- lxc: Add --type flag to "lxc console"
- i18n: Update translation templates
- lxc/console: Missing error handling
- i18n: Update translations from weblate
- lxc/console: Prefer remote-viewer
- lxc: Populate cmdConsole.flagType also when ran manually
- lxc/console: Short argument for type
- lxc: Allow using --console=TYPE
- lxd/images: Rename imgPostContInfo to imgPostInstanceInfo
- lxd/instances: Return and set image properties
- lxd/qemu: Add support for spice agent
- lxd/main_daemon: s/containers/instances/
- lxd: s/containersShutdown/instancesShutdown/
- lxd: Add context to daemon
- lxd/operations: Add db operation type to Operation
- lxd: Add waitForOperations()
- lxd: Shut down gracefully
- lxd/operations/operations: Fix hanging cancelation
- lxd/instance_post: Pass cancel function to websocket operation
- client/lxd_instances: Cancel websocket op if needed
- lxc/console: Disconnect on shutdown
- lxd/daemon: Return 503 when shutting down
- lxd/db: Drive-by removal of leftover fmt.Printf's
- doc/api-extensions: Fix over-escaping
- lxc/network: Adds flagType to cmdNetwork
- shared/instance: Move network validation functions to shared
- lxd/db/cluster: Adds type field to networks table
- lxd/db/networks: Adds internal network type constants
- lxd/db/networks: Updates CreateNetwork to accept a network type
- lxd/db/networks: Updates CreatePendingNetwork to accept a network type
- lxd/db/networks: Populate network type in getNetwork
- lxd/network/network/interface: Adds network interface
- lxd/network/network/load: LoadByName to use Network interface, add Validate
- lxd/network/errors: Adds error constants
- lxd/network/network/utils: Moved validation functions from main package
- lxd/network/driver/common: Adds common driver
- lxd/network/driver/bridge: Renames network to driver_bridge
- lxd/networks/utils: Remove unused network validation functions in main
- lxd/device/device/utils/network: Removes unused validation functions
- lxd/device/device/utils/proxy: shared.IsNetworkAddress usage
- lxd/device/nic: shared validation function usage
- lxd/device/nic/bridged: Support Network interface
- lxd/device/nic/ipvlan: shared validation function usage
- lxd/device/nic/routed: shared validation function usage
- lxd/main/init/interactive: Uses network name validation from network package
- lxd/networks: ValidNetworkName usage in networkPost
- lxd/networks: Updates doNetworkUpdate to use network package validation
- lxd/networks: Updates networksPost to support network type
- lxd/networks: Remove use of network.IsRunning in networkShutdown
- lxd/networks/config: Removed
- lxd/networks/utils: Updates usage of n.RefreshForkdnsServerAddresses to generic n.HandleHearbeat
- i18n: Update translation templates
- lxd: Updates network tests to pass netType
- lxd/network/network/utils: Unexports usesIPv4Firewall and usesIPv6Firewall
- lxd/network/driver/bridge: usesIPv4Firewall and usesIPv6Firewall usage
- lxd: Add --force flag to lxd shutdown
- lxd/apparmor: Use templating
- lxd/apparmor: Use proper version parsing
- shared/version: Add projects_limits_disk extension
- doc: Document limits.disk project configuration key
- lxd: Add "limits.disk" to supported project config keys
- lxd/project: Check that root disk sizes are within limits.disk
- lxd/project: Add projectInfo struct to hold together project's extra info
- lxd/db: Add GetCustomVolumesInProject() to fetch custom volumes in a project
- lxd/project: Fetch the project's custom volumes
- lxd/project: Consider custom volumes sizes in checkAggregateLimits
- lxd/project: Add AllowVolumeCreation() to check limits upon volume creation
- lxd: Call project.AllowVolumeCreation() before creating custom volumes
- lxd/project: Add AllowVolumeUpdate() to check custom volumes config updates
- lxd: Call project.AllowVolumeUpdate() before modifying a custom volume
- shared: Add QuotaWriter
- lxd/project: Add GetImageSpaceBudget() returning image disk space budget
- lxd: Possibly limit the disk space that can be used by POST /1.0/images
- lxd/network/driver/common: Adds config diff and db update common functions
- lxd/network/driver/common: Adds contextual logger
- lxd/network/driver/common: Removes stuttering on "common" in validation rules function
- lxd/network/driver/bridge: Updates to use contextual logger
- lxd/network/driver/bridge: Simplifies Update function to use common update functions
- lxc/networks: Renames notify to clusterNotification in doNetworkUpdate
- lxd/network/network/interface: Clarifies Update arguments
- lxd/network/network/interface: Renames Delete withDatabase arg to clusterNotification
- lxd/network/driver/common: Adds common delete function
- lxd/networks: Cleans up networksPost to use clusterNotification argument correctly
- lxd/networks: Log quoting in networksPostCluster
- lxd/networks: Cleans up doNetworksCreate to use clusterNotification argument
- lxd/network/driver/bridge: Updates Delete to use common delete function
- lxd/network/driver/bridge: Adds logging to Update
- lxd: Check available project budget when publishing an instance as image
- lxd/project: Fill missing fields when checking instance creation
- lxd/project: Skip checks when unsetting limits
- lxd/networks: Removes bridge specific logic in doNetworkUpdate
- lxd: Honor project disk budget when downloading images
- lxd/network/driver/bridge: Adds fan auto detection logic to Update
- lxd/network/driver/common: Adds rename common function
- lxd/network/driver/bridge: Updates Rename to use common rename function
- lxd/networks: networkPost logging quoting
- test: Add tests for the "limits.disk" project config key
- lxc/network/driver/bridge: isRunning comment
- lxd/network/driver/bridge: Unexports hasIPv4Firewall and hasIPv6Firewall
- lxd/networks: Detect unknown network type in networksPost, dont assume bridge
- lxd/networks: comment fix in networksPostCluster
- lxd/db/network: Provide way to identifty unknown network type in getNetwork
- lxd/networks: Allow for different managed network types in doNetworkGet
- lxd/network/network/interface: Adds fillConfig to interface
- lxd/network/driver/common: Adds default fillConfig function
- lxd/network/driver/common: Adds default HandleHeartbeat function
- lxd/network/network/load: Adds per-driver FillConfig wrapper
- lxd/network/network/utils: Removes generic FillConfig
- lxd/network/driver/bridge: fillConfig implementation
- lxd/network/driver/bridge: Exposes error message from ValidNetworkName in Validate
- lxd/sys: Create apparmor/seccomp paths
- lxd/apparmor: Split and rename instance functions
- lxd/resources/storage: Use ID_MODEL_ENC when possible
- shared: Add InSnap
- shared/subprocess: Add AppArmor support
- lxd/apparmor: Rename template
- lxd/apparmor: Add dnsmasq profile
- lxd/networks: Use AppArmor when available
- tests: Delete leftover storage volume
- lxd/operations/operations: Renames Operations to Clone
- lxd-agent/operations: operations.Clone() usage
- lxd: operations.Clone() usage
- Drop from .travis.yaml Go versions we don't support anymore
- shared/api/network: Adds network status constants
- lxd/networks: API constant usage in networkDelete
- lxd/network/network/load: Adds status
- lxd/network/network/interface: Adds status function
- lxd/network/driver/common: Adds status field and function
- lxd/network/driver/bridge: Don't allow starting a pending network
- lxd/device/nic/bridged: Usage of d.state.Cluster.GetNetworkInAnyState in rebuildDnsmasqEntry
- lxd/api/cluster: Usage of api.NetworkStatusPending
- lxd/db/networks: Usage of api package's NetworkStatus constants in getNetwork
- lxd/db/networks: Removes unused GetNetwork
- lxd/db/networks: GetNonPendingNetworks comment
- lxd/db/networks: Allow pending nodes to be added to errored networks in CreatePendingNetwork
- lxd/db/networks: CreatePendingNetwork comments and line spacing
- lxd/networks/utils: Skip network load error in networkUpdateForkdnsServersTask
- lxd/device/nic/bridged: Validates network is type bridge
- lxc/device/nic/bridged: Only allow using non-Pending networks
- lxd/networks: Various comment and error quoting consistency fixes
- lxd/networks: Validate network name earlier in networksPost
- lxc/networks: Validate config in doNetworksCreate
- lxd/db/networks: Ensure that network type matches existing pending network in CreatePendingNetwork
- lxd/db/networks: Remove errored state on successful update in UpdateNetwork
- lxd/network/driver/bridge: Adds targetNode arg to Update
- lxd/network/network/interface: Adds targetNode arg to Update
- lxd/network/driver/common: Tweaks to update function in cluster environment
- lxd/networks: networksPost error response tweaks
- lxd/networks: Updates networksPostCluster
- lxd/networks: Unifies networkPut and networkPatch
- lxd/device/nictype: Adds small package to resolve NIC device nictype from network
- lxd/device/config/devices: Removes NICType
- lxd/device/config/devices: Improves comment on Update
- lxd/device/device/load: Removes devTypes map and updates load to use NICType function
- lxd/device: Removes device load helpers
- lxd/device/device/utils/network: nictype.NICType usage
- lxd/device/nic/bridged: Updates usage of functions whos signatures changed due to NICType
- lxd/device/nic/p2p: Updates usage of functions that changed signature due to NICType
- lxd/device/proxy: nictype.NICType usage
- lxd/instance/drivers/driver/lxc: nictype.NICType usage
- lxd/instance/drivers/driver/qemu: nictype.NICType usage
- lxd/network/driver/bridge: Usage of functions that changed signature due to NICType
- lxd/network/driver/common: Updates IsUsed for NICType signature changes and checks for profile usage
- lxd/network/network/interface: Signature change of IsUsed to accomodate NICType
- lxd/network/network/utils: Usage of nictype.NICType and signature changes to accomodate it
- lxd/networks: nictype.NICType usage and comment improvements
- lxd/networks: Comment ending consistency
- test: Updates tests to delete profiles before networks
- doc: Updates clustering docs with network parent optional per-node key
- lxd/db/networks: Adds parent as optional per-node network key
- lxd/db/networks: Adds constant for NetworkTypeMacvlan
- lxd/network/network/load: Adds macvlan driver as supported network type
- lxd/networks: Adds macvlan support to networksPost
- lxd/network/driver/macvlan: macvlan driver implementation
- lxd/device/nic/macvlan: Adds support for network config key
- lxd/device/nic/macvlan: Only allow non-pending networks to be used
- test: Adds macvlan network test
- lxd: Adds NetworkTypeSriov constant and conversion handling
- lxd/network: Adds sriov driver
- lxd/networks: Remove database record on error in networksPost
- lxd/device/nic/sriov: Adds network key support
- lxd/device/nictype: Adds sriov support
- test: sriov NIC comment ending consistency
- test: sriov network test
- doc/networks: Re-arranges network docs to support different types
- doc/networks: Adds doc for macvlan and sriov networks
- doc/instances: Updates macvlan and sriov NIC to indicate network support
- doc/networks: Fixes typo
- doc/networks: Adds example usage of --type flag
- lxd/network/openvswitch/ovs: Adds OVS wrapper
- lxd/device/nic/bridged: ovs.PortSet usage
- lxd/network/driver/bridge: ovs usage
- lxd/network/network/utils: ovs usage
- lxd/networks: ovs.BridgeExists usage
- api: Adds network_type_macvlan extension
- api: Adds network_type_sriov extension
- tree-wide: add dummy include package for cgo
- doc/images: Cover the various image servers
- doc: Typo fix
- lxd/networks: Fixes bug in doNetworkUpdate that prevents removal of non-node specific keys
- lxd/network/driver/bridge: Consistent comment ending in setup()
- lxd/network/network/interface: fillConfig signature
- lxd/network/driver/common: Updates fillConfig signature
- lxd/network/driver/bridge: Updates fillConfig signature
- lxd/network/network/load: Updates FillConfig to use new signature
- lxd/network/driver/bridge: Fixes Update to regenerate default values if missing
- test/suites/container/devices/nic/bridged: Fixes DHCP disable by setting IP address none
- lxd/network/driver/bridge: Dont fail start if cannot restore third party route
- lxd/migrate: Fix crash in sendControl when no active connection
- lxd/operations: Fix typo
- lxc/export: Plug in cancelable wait
- i18n: Update translation templates
- lxd/devices/device/utils/network: Removes networkValidMAC
- shared/instance: Adds IsNetworkMAC for use in network and device packages
- lxd/device/nic: shared.IsNetworkMAC usage
- lxd/network/driver/bridge: Adds volatile.bridge.hwaddr key
- shared/validate: Adds validate helper package
- lxd: Updates use of validate helper functions now in validate package
- shared: Removes validate helper functions
- lxd/device/device/utils/infiniband: Changes infinibandValidMAC to use net.ParseMAC
- lxd/device/device/utils/infiniband/test: Changes test name for linter
- lxd/networks: Allow update/removal of node-specific key in non-clustered mode
- lxd/network/driver/bridge: Adds safety check for volatile MAC address usage
- lxd/device: fix empty error message when tc fails
- test: Wait for operations to be removed from the database
- shared/validate: Adds Optional() validate wrapper
- shared/validate: Makes IsInt64 non-optional
- lxd/network/driver/bridge: Add validate.Optional() wrapper for validate.IsInt64 usage
- lxd/storage/utils: Adds validate.Optional() wrapper for validate.IsInt64 usage
- shared/instance: Adds validate.Optional() wrapper for validate.IsInt64 usage
- lxd/device/device/utils/network: Removes networkValidVLAN
- shared/validate: Adds IsNetworkVLAN
- lxd/device/device/utils/network: validate.IsNetworkVLAN usage
- lxd/device/nic: validate.IsNetworkVLAN usage
- lxd/network/driver: Adds mtu and vlan support for macvlan and sriov network types
- lxd/device/nic: Inherit mtu and vlan settings from network for macvlan and sriov NICs
- doc/networks: Adds mtu and vlan options for macvlan and sriov network types
- seccomp: switch from individual pread() to process_vm_readv()
- seccomp: fix i386 builds
- seccomp: ensure that target process is still valid
- client: Move proxyMigration
- lxd: Port remaining calls to instance
- lxd/network/driver/common: Adds Create function no-op
- lxd/network/network/interface: Adds Create function
- lxd/networks: Adds call to network Create in doNetworksCreate
- lxd/device/device/utils/network: Adds networkDHCPValidIP
- lxd/device/nic/bridged: Removes networkDHCPValidIP
- lxd/device/device/utils/networks: Splits networkSetupHostVethDevice into multiple functions
- lxd/device/nic/bridged: networkVethFillFromVolatile usage and other host-veth functions
- lxd/device/nic/p2p: networkVethFillFromVolatile usage and other host-veth helper functions
- lxd/device/nic/routed: networkVethFillFromVolatile usage and other host-veth helper functions
- lxd/network/network/utils: Updates isInUseByDevices to support networks that don't match their physical parent
- i18n: Update translations from weblate
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.3 リリースのお知らせ¶
1st of July 2020
はじめに ¶
LXD チームは LXD 4.3 のリリースをお知らせできることにワクワクしています!
このリリースは、特に仮想マシンの使用における多数の改良を行っています。また、クラスターユーザー向けのかなりの数のバグ修正と一般的なパフォーマンスの改良が含まれています。
Enjoy!
新機能とハイライト ¶
カスタムのブロックストレージボリューム ¶
これまで、カスタムストレージボリュームはすべてファイルシステムでした。それをサポートするストレージバックエンド上のディレクトリ・サブボリューム・データセット、または他のバックエンド上のフォーマットされたブロックのいずれかでした。
LXD が仮想マシンをサポートするようになりましたので、(以前から可能であった 9p を使った)従来のボリューム上のファイルシステムを仮想マシンにアタッチできるのと同様に、追加の RAW ディスクを仮想マシンにアタッチできるようにする必要性がでてきました。
これによりブロックのカスタムストレージボリュームが使えるようになりました。
stgraber@castiana:~$ lxc storage volume create default my-fs size=10GiB Storage volume my-fs created stgraber@castiana:~$ lxc storage volume create default my-block size=10GiB --type=block Storage volume my-block created stgraber@castiana:~$ lxc storage volume list default +-----------------+------------------------------------------------------------------+-------------+--------------+---------+ | TYPE | NAME | DESCRIPTION | CONTENT TYPE | USED BY | +-----------------+------------------------------------------------------------------+-------------+--------------+---------+ | custom | my-block | | block | 0 | +-----------------+------------------------------------------------------------------+-------------+--------------+---------+ | custom | my-fs | | filesystem | 0 | +-----------------+------------------------------------------------------------------+-------------+--------------+---------+ | image | a4dc839edd35d50158d57818938775669265a3af004bd93b8281115ee0abd29d | | block | 1 | +-----------------+------------------------------------------------------------------+-------------+--------------+---------+ | virtual-machine | f1 | | block | 1 | +-----------------+------------------------------------------------------------------+-------------+--------------+---------+ stgraber@castiana:~$ lxc config device add f1 my-fs disk source=my-fs pool=default path=/srv/my-fs Device my-fs added to f1 stgraber@castiana:~$ lxc config device add f1 my-block disk source=my-block pool=default Device my-block added to f1 stgraber@castiana:~$ lxc start f1 stgraber@castiana:~$ lxc exec f1 bash root@f1:~# gdisk -l /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_lxd_my-block GPT fdisk (gdisk) version 1.0.5 Partition table scan: MBR: not present BSD: not present APM: not present GPT: not present Creating new GPT entries in memory. Disk /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_lxd_my-block: 20971520 sectors, 10.0 GiB Sector size (logical/physical): 512/512 bytes Disk identifier (GUID): EA616112-9C49-4809-AA68-53895E752A34 Partition table holds up to 128 entries Main partition table begins at sector 2 and ends at sector 33 First usable sector is 34, last usable sector is 20971486 Partitions will be aligned on 2048-sector boundaries Total free space is 20971453 sectors (10.0 GiB) Number Start (sector) End (sector) Size Code Name root@f1:~# df -h /srv/my-fs/ Filesystem Size Used Avail Use% Mounted on lxd_my-fs 10G 128K 10G 1% /srv/my-fs root@f1:~#
VM: グラフィカルコンソールの初期作業 ¶
すべての LXD VM で virtio-gpu と virtio-input デバイスがすぐに使える状態になりました。同様にローカルの Unix ソケットに接続されている spice チャンネルも使える状態になっています。
現状、spicy のようなクライアントを使ってソケットに直接接続できます。しかし、すぐに LXD で lxc console を使った websocket 経由でリモートアクセスできるようになるでしょう。
VM: PCIe レイアウトの見直し ¶
VM に公開している全 virtio デバイスが確実に PCIe バス上にあるようにし、スロットの数を節約するために可能な限りデバイスはファンクションにマージするようにしました。
また、ネットワークデバイスは常に同じスロットに表示され、ハードウェアベースのネーミングが有効なときは一定の名前が得られるようなロジックが導入されています。
VM: GPU パススルー ¶
gpu タイプのデバイスを VM にアタッチし、VFIO 経由で物理 GPU を与えることができるようになりました。ホストと GPU を共有できるコンテナとは違い、VM では共有できないことに注意してください。
lxc start と lxc restart での直接のコンソールアタッチ ¶
単一のインスタンスを扱う場合、lxc start と lxc restart で --console オプションを指定できるようになりました。これにより、コマンドラインからすぐにコンソールにアタッチできるようになり、インスタンスのブートシーケンスを見ることができるようになります。
リソース API での Isolated CPU の表示 ¶
新たに、/1.0/resources API の全 CPU スレッドに isolated フィールドが追加されました。もし特定のスレッドが isolated な CPU と設定されている場合、このフィールドが true に設定されます。
これは通常はカーネルのコマンドラインで isolcpus= を指定してシステムを起動した場合に起こります。
すべての変更点(翻訳なし) ¶
このリリースでのすべての変更点のリストは次のとおりです:
- lxd/instance/drivers/driver/lxc: Adds debug logging to deviceStop
- lxd/instance/drivers/driver/lxc: Adds driver revert on failed start in startCommon
- lxd/instance/drivers/driver/qemu: Adds debug logging to deviceStop
- lxd/instance/drivers/driver/qemu: Simplifies failed start device cleanup in Start
- lxd/storage/drivers/driver/ceph/utils: Removes getRBDFilesystem
- lxd/storage/drivers/driver/ceph: Replaces use of d.getRBDFilesystem with vol.ConfigBlockFilesystem
- lxd/storage/drivers/volume: Adds ConfigBlockMountOptions function
- lxd/storage/drivers/driver/ceph/utils: Removes getRBDMountOptions in place of vol.ConfigBlockMountOptions()
- lxd/storage/drivers/driver/lvm/utils: Removes volumeMountOptions in place of vol.ConfigBlockMountOptions()
- lxd/storage/drivers: Replaces driver specific mount options resolution with vol.ConfigBlockMountOptions()
- lxd/rbac: Don't close body when missing
- doc/storage: Cover host/disk/loop setups
- lxd/init: Tweak default loop sizing
- lxd/vm: Rename some functions
- client: Expand snap path in ConnectLXDUnix
- lxd/vm: Add virtio-vga card
- lxd/vm: Add spice channel
- client: Fix ConnectLXDUnix regression
- lxd/vm: Fix PCIe slot for physical/sriov nic
- lxd/network: Make setting bridge VLAN filtering & default PVID optional
- lxd/instance/drivers/driver/qemu: Integrates built in GPU device PCI range with future passthrough GPU devices
- lxd/instance/drivers/driver/qemu/templates: Updates built in GPU device to use GPU address range prefix
- lxd/vm: Move to separate devices
- lxd/vm: Remove tiny wrapper functions
- lxd/vm: Per-architecture bus type
- add type to specify the instance type on creation Signed-off-by: Salem Yaslem s@sy.sa
- lxd/vm: Centralize port generation
- lxd/device: Sort nic devices ahead of others
- lxd/device/device/utils/generic: Adds PCI management functions for overriding driver
- lxd/device/device/utils/network: Removes network specific PCI bind/unbind functions
- lxd/device/nic/physical: Updates to use generic PCI management functions
- lxd/device/nic/sriov: Updates to use generic PCI management functions
- lxd/vm: Separate template keys in global/local
- lxd/vm: Use virtio-gpu-pci on non-x86
- lxd/vm: Rename qemuVGA to qemuGPU
- lxd/vm: Add virtio-input keyboard/mouse
- lxd/vm: Move bus allocator to own file
- lxc/volume: Fix typo in help message
- i18n: Update translation templates
- lxc/snapshot: Allow using snapshot delimiter
- i18n: Update translation templates
- doc/instances: Updates GPU device docs to show VM support
- lxd/device/gpu: Updates validation for VM support
- lxd/device/config/device/runconfig: Adds GPU field to RunConfig
- lxd/device/device/utils/generic: pciDeviceDriverOverride only check for driver binding if specified
- lxd/device/gpu: Adds VM GPU passthrough support
- lxd/instance/drivers/driver/qemu/templates: Consistent naming and casing for net dev templates
- lxd/instance/drivers/driver/qemu: Consistent net dev naming usage
- lxd/instance/drivers/driver/qemu/templates: Adds qemuGPUDevPhysical template
- lxd/instance/drivers/driver/qemu: Adds GPU passthrough support
- lxd/instance/drivers/driver/qemu/bus: Adds comments, clarifies var names, and constants for defined multi-function groups
- lxd/instance/drivers/driver/qemu: Switches to multi-function group constants and adds comments
- lxd/instance/drivers/qmp/monitor: Allow serial char device name to be passed in
- lxd/instance/drivers/driver/qemu: Defines qemuSerialChardevName to share with qemu and qmp
- lxd/instance/drivers/driver/qemu: qemuSerialChardevName usage
- lxd/instance/drivers/driver/qemu/templates: Add serial chardev name injection
- lxd/storage/quota/projectquota: Only set quota on directories and regular files
- lxd/db: Automatically strip ?project=default
- lxc/action: Properly handle --all with remotes
- lxd/projects: Properly clear empty keys
- lxd/db: Add missing feature to default project
- lxd/instance/drivers/driver/qemu: Pass-through GPU VGA mode status from host
- lxd/storage/drivers/driver/zfs/volumes: Remove snapshot when migrating as main volume
- lxd/cluster/heartbeat: Fix race in HeartbeatNode
- lxc/console: Split Console to own function
- lxc/start: Allow direct console attach
- i18n: Update translation templates
- lxd/instance/drivers/driver/qemu: Only enable GPU vga mode on x86_64 systems
- lxd/resources: Fix golint warning
- doc/api-extensions: Fix escaping
- api: resource_cpu_isolated
- lxd/resources: Add Isolated property
- lxd/resources: Don't use shared
- lxd/devices: Use resources for cpuset parsing
- lxc: Don't over-escape URLs
- lxd: Don't over-escape URLs
- lxd/db/storage: Rework UsedBy for pools
- lxd/instance/drivers/driver/qemu: Adds trans=virtio to 9p mounts
- lxc/action: Also add --console to restart
- lxd/resources/net: More flexible PCI detection
- lxc/query: Add path check
- i18n: Update translation templates
- tests: Fix bad lxc query call
- lxd/storage-pools: Tweak UsedBy URLs
- lxd/networks: Reports profiles in UsedBy
- lxd/db: Tweak joins
- lxd/db: Fix UsedBy on projects
- lxd/storage_volumes: Fix UsedBy
- api: usedby_consistency
- lxd-agent/main/agent: Fix 9p mount when relative target path is supplied
- test: Updates udhcpd args to ensure process quits one lease acquired
- util_linux: update terminology
- lxd: Fix snapshot index retrieval
- lxd/backups: Use backups dir for unpack
- lxd/vm: Add udev rule fallback
- lxd/images: Set arch names when downloading
- lxd: More flexible compression algorithms
- tests: Add test for compression options
- doc/rest-api: Rename rootfs to root
- doc/rest-api: Fix instance PATCH example
- lxd: Fix building with clang
- lxd/db: Add missing criteria for querying a specific public image
- lxd/db: Add the Errored storage state when rendering the Status field
- lxd/cluster: If raft node 1 gets remove during recovery, add it back
- lxd/db: Make GetNework() return an error if the network is pending
- lxd/db: Rename NetworkCreatePending to CreatePendingNetwork
- lxd/db: Make GetStoragePool() return an error if the pool is pending
- lxd/db: Rename StoragePoolCreatePending to CreatePendingStoragePool
- lxd/firewall: Filter unwanted ethernet frame types when IP filtering is enabled
- lxd/storage/drivers: Bump VM fs size to 100MB
- lxd/db: Fix UsedBy for profiles on storage pools
- lxd/storage: Use Truncate to create/grow VM files
- lxd/db: Consider personalities in GetNodeWithLeastInstances
- lxd/db: Avoid test failure in arch matching
- lxd/storage: Better handle broken volumes
- client: Handle unknown image sizes
- lxd/response: Stream multi-part responses
- lxd/device/disk: Fixes cloud-init errors for VMs
- lxc/action: Show usage on missing target
- lxd/storage: Rely on UsedBy for deletion error
- lxd/instances/qemu: Use images dir during compression
- lxd/storage/drivers: Rename fs to filesystem
- api: custom_block_volumes
- shared/api: Add ContentType to storage volume structs
- lxd/migration: Add ContentType to structs
- lxd/db/cluster: Add content type to storage volumes
- lxd/db: Add content type constants
- lxd/db: Add content type to storage volumes
- lxd/storage/utils: Add content type conversion functions
- lxd: Support custom block volumes
- lxd/storage: Show type in error
- lxd/device/disk: Handle custom block volumes
- client: Support custom block volumes
- lxc/storage_volume: Support custom block volumes
- test/suites: Add tests for custom block volumes
- po: Update translations
- lxd/storage: Backward compatibility for content types
- doc/storage: Document block storage volumes
- lxd/util: Detect hugetlbfs mount point
- lxd/cluster: Always check for dqlite protocol version mismatches
- lxd/cluster: Don't run unncessary HEAD probe upon dqlite connections
- forksyscall: use nsids for shiftfs syscall intercepts
- lxd/db: Drop ClusterRoleDatabase records from the database
- lxd/cluster: Fetch database role information directly from raft
- lxd/storage: Fix regression in truncate handling
- lxd/cluster: Only look up raft_nodes for resolving the address of node 1
- i18n: Update translations from weblate
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.0.2 リリースのお知らせ¶
25th of June 2020
はじめに ¶
LXD チームは LXD 4.0.2 のリリースを発表します!
このリリースは、2025 年 6 月までサポートされる LXD 4.0 に対するふたつめのバグフィックスリリースです。
バグ修正と改良 ¶
このリリースには、開発ブランチからの数カ月分のバグフィックスと細かな改善が含まれています。
その主なものは次の通りです:
- VM での CPU NUMA レイアウトの自動マッチング
- VM で PCIe レイアウトの更新(入力デバイスと仮想GPUを含む)
- zsys ZFS レイアウトのサポートと自動検出
lxc config getに--expandedオプションを追加- image/backup時の圧縮ツールの引数のサポート
lxc listに新たにdiskとmemory(オプション)カラムを追加- VM での GPU パススルーのサポート
lxc startとlxc restartに--consoleオプションを追加
コミットの全リストは次のとおりです(翻訳なし):
- lxd-agent: Support systemd-notify
- lxd/qemu: Switch default unit type to notify
- lxd/storage/backend/lxd: Updates CreateInstanceFromImage to use reverter
- lxd/storage/drivers/errors: Adds ErrCannotBeShrunk error
- lxd/storage/drivers/utils: Updates to shrinkFileSystem ErrCannotBeShrunk error
- lxd/storage/backend/lxd: Updates CreateInstanceFromImage to detect ErrCannotBeShrunk
- lxd/storage/drivers: Returns ErrCannotBeShrunk when block volume cannot be shrunk
- lxd/device/proxy: Dont allow proxy_protocol to be set when in nat mode
- lxd/device/proxy: Dont wrap lines
- lxd/device/proxy: Improves validation
- test/suites/container/devices/proxy: Updates tests with new validation rules
- lxd: Updates snapshotProtobufToInstanceArgs to support instance type
- lxd/qemu: Match basic NUMA layout
- lxd/storage/drivers/driver/zfs/volumes: Delete volume on error in CreateVolumeFromCopy
- lxd-agent/main/agent: Adds comment about reason for systemd-notify usage
- lxd/cgroup: Fix memory controller detection
- lxd/migration/migrate/proto: Fix alignment
- lxd/migration: Adds volumeSize field to MigrationHeader
- lxd/migrate: Adds VolumeSize to MigrationSinkArgs
- lxd/migration/migration/volumes: Adds VolumeSize to VolumeTargetArgs
- lxd/migrate/instance: Use VolumeSize from offer header in Do()
- lxd/storage/backend/lxd: Use VolumeSize from migration header in CreateInstanceFromMigration
- lxd/storage/drivers: Exports BlockDevSizeBytes function
- lxd/storage/utils: Adds InstanceDiskBlockSize
- lxd/migrate/instance: Populate offerHeader.VolumeSize for VMs
- lxd/storage/backend/lxd: Adds VM volume size hint to CreateInstanceFromCopy
- lxd/device/utils: Do not add the Ceph mon port if already present in /etc/ceph config file
- lxd/instance/qemu: Add comment on cpuTopology
- lxd/storage/ceph: Support port in URL
- lxd/storage/drivers/utils: Makes minBlockBoundary available to other functions
- lxd/storage/drivers/driver/zfs/utils: Updates createVolume to use minBlockBoundary
- lxd/storage/drivers/driver/zfs/volumes: Updates SetVolumeQuota to use minBlockBoundary
- lxd/storage/drivers/zfs/volumes: Updates CreateVolume to allow regeneration of deleted image volumes
- lxd/storage/drivers/driver/zfs/volumes: Dont revert on rename success
- lxd/daemon: Remove duplicated logic
- lxd/instance/qemu: Announce LXD in SMBIOS
- share/usbid: Don't print error when missing
- lxd/init: Auto-detect and use Ubuntu ZFS setup
- lxc/config: Add --expanded to get
- client/interfaces: Add Mode to ImageCopyArgs
- shared/api/image: Add ImageExportPost
- client/lxd_images: Set fingerprint and secret headers
- i18n: Update translation templates
- client: Add relay mode for image copy
- client: Add ExportImage to ImageServer
- client: Add push mode for image copy
- client: Add GetOperationWaitSecret
- Resolve both core.https_address and cluster.https_address when comparing IPs
- lxd/storage/drivers/generic/vfs: Skip missing files during export
- lxd/images: Fixes hang in export when invalid --compression argument passed
- lxd/storage/drivers/driver/btrfs/volumes: CreateVolumeFromCopy only use expanded volume size when source is image
- lxd/storage/drivers/driver/ceph/volumes: Allow cached volume regeneration in CreateVolume
- lxd/storage/drivers/driver/ceph/utils: Uses defaultBlockSize rather than hardcoded 10GB
- lxd/storage/drivers/driver/ceph/volumes: Adds getVolumeSize function
- lxd/storage/drivers/driver/ceph/volumes: Removes unnecessary mount/unmount
- lxd/storage/drivers/driver/zfs/volumes: Clarify clone comments
- lxd/storage/drivers/driver/ceph/volumes: Dont wrap lines
- lxd/storage/drivers/driver/ceph/volumes: Dont use clone mode when creating volume from cached image when it is disabled
- lxd/storage/utils: VolumeDBCreate comment formatting
- lxd/storage/drivers/driver/lvm/volumes: CreateVolumeFromCopy only set volume size from expanded config when source is image
- lxd/storage/drivers/driver/zfs/volumes: CreateVolumeFromCopy only set volume size from expanded config when source is image
- lxc/storage/drivers/driver/ceph/utils: Reworks parseParent to return a Volume struct
- lxd/storage/drivers/driver/ceph/utils: Adds tests for parseParent
- lxd/storage/drivers/driver/ceph/utils: Adds cephVolumeTypeZombieImage constant
- lxd/storage/drivers/driver/ceph/utils: Updates rbdCreateVolume to accept string size
- lxd/storage/drivers/driver/ceph/utils: Pass volume config in rbdMarkVolumeDeleted
- lxd/storage/drivers/driver/ceph/utils: Pass volume config in rbdRenameVolume
- lxd/storage/drivers/driver/ceph/utils: Replaces getRBDSize with volumeSize
- lxd/storage/drivers/driver/ceph/utils: Dont wrap lines
- lxd/storage/drivers/driver/ceph/utils: Updates usage of d.parseParent in deleteVolume
- lxd/storage/drivers/driver/ceph/utils: Updates RBD naming logic in getRBDVolumeName
- lxd/storage/drivers/driver/ceph/volumes: Ensures CreateVolumeFromCopy correctly sizes new volume
- lxd/storage/drivers/driver/ceph/volumes: If volume doesnt exist in DeleteVolume do nothing
- lxd/storage/drivers/driver/ceph/utils: Dont wrap lines
- lxd/db: Rename CertificatesGet to GetCertificates
- lxd/db: Rename CertificateGet to GetCertificate
- lxd/db: Rename CertSave to CreateCertificate
- lxd/db: Rename CertDelete to DeleteCertificate
- lxd/db: Rename CertUpdate to UpdateCertificate
- lxd/db: Drop unused ConfigValueSet
- lxd/instances/post: Fix revert in createFromBackup
- lxd/storage/drivers/volume: Adds allowUnsafeResize bool to Volume struct
- lxd/storage/backend/lxd: Adds cannot shrink error handling in CreateInstanceFromBackup
- lxd/storage/drivers/generic/vfs: Sets block volume size to file size of volume in tarball in genericVFSBackupUnpack
- lxd/storage/drivers/driver/btrfs/volumes: No need to move GPT header if no filler used in CreateVolume
- lxd/storage/drivers/driver/btrfs/volumes: Skip GPT header move in SetVolumeQuota when allowUnsafeResize is enabled
- lxd/storage/drivers/driver/dir/volumes: Skip GPT header move in SetVolumeQuota when allowUnsafeResize is enabled
- lxd/storage/drivers/driver/lvm/volumes: Allow unsafe shrinking when allowUnsafeResize is enabled
- lxd/storage/drivers/driver/zfs/volumes: Allow unsafe shrinking when allowUnsafeResize is enabled
- lxd/storage/drivers/driver/ceph/volumes: Allow unsafe shrinking when allowUnsafeResize is enabled
- lxd/db: Rename InstanceNames to GetInstanceNames
- lxd/db: Rename ContainerNodeAddress to GetNodeAddressOfInstance
- lxd/db: Rename ContainersListByNodeAddress to GetInstanceNamesByNodeAddress
- lxd/db: Rename ContainersByNodeName to GetInstanceToNodeMap
- lxd/db: Rename ContainerNodeMove to UpdateInstanceNode
- lxd/db: Rename ContainerNodeProjectList to GetLocalInstancesInProject
- lxd/db: Rename ContainerConfigInsert to CreateInstanceConfig
- lxd/db: Rename ContainerConfigUpdate to UpdateInstanceConfig
- lxd/db: Rename InstanceRemove to RemoveInstance
- lxd/db: Rename ContainerProjectAndName to GetInstanceProjectAndName
- lxd/db: Rename ContainerConfigClear to DeleteInstanceConfig
- lxd/db: Rename ContainerConfigGet to GetInstanceConfig
- lxd/db: Rename ContainerConfigRemove to DeleteInstanceConfigKey
- lxd/db: Rename ContainerSetStateful to UpdateInstanceStatefulFlag
- lxd/db: Rename ContainerProfilesInsert to AddProfilesToInstance
- lxd/db: Drop unused ContainerProfiles
- lxd/db: Drop unused ContainerConfig
- lxd/db: Remove unused ContainersNodeList
- lxd/db: Rename ContainersResetState to ResetInstancesPowerState
- lxd/db: Rename ContainerSetState to UpdateInstancePowerState
- lxd/db: Rename ContainerUpdate to UpdateInstance
- lxd/db: Rename InstanceSnapshotCreationUpdate to UpdateInstanceSnapshotCreationDate
- lxd/db: Rename ContainerLastUsedUpdate to UpdateInstanceLastUsedDate
- lxd/db: Rename ContainerGetSnapshots to GetInstanceSnapshotsNames
- lxd/db: Rename ContainerNextSnapshot to GetNextInstanceSnapshotIndex
- lxd/db: Rename InstancePool to GetInstancePool
- lxd/db: Rename ContainerBackupID to getInstanceBackupID
- Rename ContainerGetBackup to GetInstanceBackup
- lxd/db: Rename InstanceCreateBackup to CreateInstanceBackup
- lxd/db: Rename InstanceBackupRemove to DeleteInstanceBackup
- lxd/db: ContainerBackupRename to RenameInstanceBackup
- lxd/db: Rename ContainerBackupsGetExpired to GetExpiredInstanceBackups
- lxd/storage/drivers/utils: Updates roundVolumeBlockFileSizeBytes and ensureVolumeBlockFile to take size as bytes
- lxd/storage/drivers/generic/vfs: Updates genericVFSResizeBlockFile to accept size as bytes
- lxd/storage/drivers/driver/btrfs/utils: Adds volumeSize function
- lxd/storage/drivers/driver/btrfs/volumes: Updates CreateVolume to use volumeSize()
- lxd/storage/drivers/driver/btrfs/volumes: Updates SetVolumeQuota to be byte oriented internally
- lxd/storage/drivers/driver/ceph/utils: Updates volumeSize comment for consistency
- lxd/storage/drivers/driver/ceph/volumes: Updates CreateVolumeFromCopy to use volumeSize()
- lxd/storage/drivers/driver/ceph/volumes: Updates SetVolumeQuota to be byte oriented internally
- lxd/storage/drivers/driver/dir/utils: Adds volumeSize function
- lxd/storage/drivers/driver/dir/volumes: Updates CreateVolume to use volumeSize
- lxd/storage/drivers/driver/dir/volumes: Updates SetVolumeQuota to be byte oriented internally
- lxd/storage/drivers/driver/lvm/utils: Updates copyThinpoolVolume to use volumeSize()
- lxd/storage/drivers/driver/lvm/volumes: Updates SetVolumeQuota variables and comments
- lxd/storage/drivers/driver/zfs/utils: Adds volumeSize function
- lxd/storage/drivers/driver/zfs/volumes: Updates CreateVolume to use volumeSize()
- lxd/storage/drivers/driver/zfs/volumes: Updates CreateVolumeFromCopy to use volumeSize()
- lxd/storage/drivers/driver/zfs/volumes: Updates SetVolumeQuota to be byte oriented internally
- lxd/db: Rename DevicesAdd to AddDevicesToEntity
- lxd/storage/backend/lxd: Detect cached image filesystem changes for VM images too
- lxd/db: Remove unused Devices
- lxd/db: Rename ImagesGetLocal to GetLocalImages
- lxd/db: Rename ImagesGet to GetImages
- lxd/db: Rename ImagesGetExpired to GetExpiredImages
- lxd/db: Rename ImageSourceInsert to CreateImageSource
- lxd/db: Rename ImageSourceGet to GetImageSource
- lxd/db: Rename ImageGetFromAnyProject to GetImageFromAnyProject
- lxd/db: Rename ImageLocate to LocateImage
- lxd/db: Rename ImageDelete to DeleteImage
- lxd/db: Rename ImageAliasesGet GetImageAliases
- lxd/db: Rename ImageAliasGet to GetImageAlaias
- lxd/db: Rename ImageAliasRename to RenameImageAlias
- lxd/db: Rename ImageAliasDelete to DeleteImageAlias
- lxd/db: Rename ImageAliasesMove to MoveImageAlias
- lxd/db: Rename ImageAliasAdd to CreateImageAlias
- lxd/db: Rename ImageAliasUpdate to UpdateImageAlias
- lxd/db: Rename ImageCopyDefaultProfiles to CopyDefaultImageProfiles
- lxd/db: Rename ImageLastAccessUpdate to UpdateImageLastUseDate
- lxd/db: Rename ImageLastAccessInit to InitImageLastUseDate
- lxd/db: Rename ImageUpdate to UpdateImage
- lxd/db: Rename ImageInsert to CreateImage
- lxd/db: Rename ImageGetPools to GetPoolsWithImage
- lxd/db: Rename ImageGetPoolNamesFromIDs to GetPoolNamesFromIDs
- lxd/db: Rename ImageUploadedAt to UpdateImageUploadDate
- lxd/db: Rename ImagesGetOnCurrentNode to GetImagesOnLocalNode
- lxd/db: Rename ImagesGetByNodeID to GetImagesOnNode
- lxd/db: Replace ImageGetNodesWithImage with GetNodesWithImage
- lxd/db: Rename ImageGetNodesWithoutImage to GetNodesWithoutImage
- lxc/image: Actually refresh multiple images
- lxd/resources: Use permanent MAC when available
- lxd/qemu: Restrict NUMA layout to x86_64
- Consider all nodes when looking for the leader, not only voters
- Only attempt to transfer leadership if we are not standalone
- lxd/db: Rename NetworksNodeConfig to GetNetworksLocalConfig
- lxd/db: Rename NetworkIDsNotPending to GetNonPendingNetworkIDs
- lxd/db: Rename NetworkID to GetNetworkID
- lxd/db: Rename NetworkConfigAdd to CreateNetworkConfig
- lxd/db: Rename Networks to GetNetworks
- lxd/db: Rename NetworksNotPending to GetNonPendingNetworks
- lxd/db: Rename NetworksNotPending to GetNonNetworks
- lxd/db: Rename NetworkGetInterface to GetNetworkWithInterface
- lxd/db: Rename NetworkConfig to getNetworkConfig
- lxd/db: Rename NetworkCreate to CreateNetwork
- lxd/db: Rename NetworkUpdate to UpdateNetwork
- lxd/db: Rename NetworkConfigClear to clearNetworkConfig
- lxd/db: Rename NetworkDelete to DeleteNetwork
- lxd/db: Rename NetworkRename to RenameNetwork
- lxd/db: Rename NetworkNodeConfigKeys to NodeSpecificNetworkNodeConfig
- lxd/db: Rename ImageGet to GetImage
- lxd/db: Rename ImageAssociateNode to AddImageToLocalNode
- lxd/daemon: Detect nodev and improve errors
- lxd/db: Rename NodeByAddress to GetNodeByAddress
- lxd/db: Rename NodePendingByAddress to GetPendingNodeByAddress
- lxd/db: Rename NodeByName to GetNodeByName
- lxd/db: Rename NodeName to GetLocalNodeName
- lxd/db: Rename NodeAddress to GetLocalNodeAddress
- lxd/db: Rename Nodes to GetNodes
- lxd/db: Rename NodesCount to GetNodesCount
- lxd/db: Rename NodeRename to RenameNode
- lxd/db: Rename NodeAdd to CreateNode
- lxd/db: Rename NodeAddWithArch to CreateNodeWithArch
- lxd/db: Rename NodePending to SetNodePendingFlag
- lxd/db: Rename NodeUpdate to UpdateNode
- lxd/db: Rename NodeAddRole to CreateNodeRole
- lxd/db: Rename NodeRemoveRole to RemoveNodeRole
- lxd/db: Rename NodeUpdateRoles to UpdateNodeRoles
- lxd/db: Rename NodeRemove to RemoveNode
- lxd/db: Rename NodeHeartbeat to SetNodeHeartbeat
- lxd/db: Rename NodeOfflineThreshold to GetNodeOfflineThreshold
- lxd/db: Rename NodeClear to ClearNode
- lxd/db: Rename NodeWithLeastContainers to GetNodeWithLeastInstances
- lxd/db: Rename NodeUpdateVersion to SetNodeVersion
- lxd/db: Rename Operations to GetLocalOperations
- lxd/db: Rename OperationsUUIDs to GetLocalOperationsUUIDs
- lxd/db: Rename OperationNodes to GetNodesWithRunningOperations
- lxd/db: Rename OperationByUUID to GetOperationByUUID
- lxd/db: Rename OperationAdd to CreateOperation
- lxd/db: Rename OperationRemove to RemoveOperation
- lxd/db: Rename OperationFlush to removeNodeOperations
- lxd/db: Rename Patches to GetAppliedPatches
- lxd/db: Rename PatchesMarkApplied to MarkPatchAsApplied
- lxd/db: Rename Profiles to GetProfileNames
- lxd/db: Rename ProfileGet to GetProfile
- lxd/db: Rename ProfilesGet to GetProfiles
- lxd/db: Drop ProfileConfig
- lxd/db: Rename ProfileDescriptionUpdate to UpdateProfileDescription
- lxd/db: Rename ProfileConfigClear to ClearProfileConfig
- lxd/db: Rename ProfileConfigAdd to CreateProfileConfig
- lxd/db: Rename ProfileContainersGet to GetInstancesWithProfile
- lxd/db: Rename ProfileCleanupLeftover to RemoveUnreferencedProfiles
- lxd/db: Rename ProfilesExpandConfig to ExpandInstanceConfig
- lxd/db: Rename ProfilesExpandDevices to ExpandInstanceDevices
- lxd/storage/drivers/generic/vfs: Dont require access to block device when excluding root image file from rsync in genericVFSMigrateVolume
- lxd/storage/drivers/driver/zfs/volumes: Updates MigrateVolume to avoid need to premount snapshot volume
- test/suites/storage/volume/attach: Adds test for custom volume root perm persistence
- lxd/storage/drivers: Fixes custom volume root mount perm issue for BTRFS and DIR
- lxc/storage/drivers/volume: Removes keepDevice from Volume
- lxd/storage/drivers/driver/ceph/volumes: Removes keepDevice usage
- lxc/storage/drivers/driver/ceph/volumes: Mount changes
- lxd/storage/drivers/driver/ceph/volumes: UnmountVolume modifications
- lxd/storage/drivers/driver/ceph/volumes: Esnure permission on volume root set in CreateVolume
- lxd/resources: Skip NVME multipath entries
- lxd/db: Rename ProjectNames to GetProjectNames
- lxd/db: Rename ProjectMap to GetProjectIDsToNames
- lxd/db: Rename ProjectUpdate to UpdateProject
- lxd/db: Rename ProjectLaunchWithoutImages to InitProjectWithoutImages
- lxd/db: Rename RaftNodes to GetRaftNodes
- lxd/db: Rename RaftNodeAddresses to GetRaftNodeAddresses
- lxd/db: Rename RaftNodeAddress to GetRaftNodeAddress
- lxd/db: Rename RaftNodeFirst to CreateFirstRaftNode
- lxd/db: Rename RaftNodeAdd to CreateRaftNode
- lxd/db: Rename RaftNodeDelete to RemoveRaftNode
- lxd/db: Rename RaftNodesReplace to ReplaceRaftNodes
- lxd/db: Rename InstanceSnapshotConfigUpdate to UpdateInstanceSnapshotConfig
- lxd/db: Rename InstanceSnapshotID to GetInstanceSnapshotID
- lxd/db: Rename StoragePoolsNodeConfig to GetStoragePoolsLocalConfig
- lxd/db: Rename StoragePoolID to GetStoragePoolID
- lxd/db: Rename StoragePoolDriver to GetStoragePoolDriver
- lxd/db: Rename StoragePoolIDsNotPending to GetNonPendingStoragePoolsNamesToIDs
- lxd/db: Rename StoragePoolNodeJoin to UpdateStoragePoolAfterNodeJoin
- lxd/db: Rename StoragePoolConfigAdd to CreateStoragePoolConfig
- lxd/db: Rename StoragePoolNodeConfigs to GetStoragePoolNodeConfigs
- lxd/db: Rename StoragePools to GetStoragePoolNames
- lxd/db: Rename StoragePoolsNotPending to GetNonPendingStoragePoolNames
- lxd/db: Rename StoragePoolsGetDrivers to GetStoragePoolDrivers
- lxd/db: Rename StoragePoolGetID to GetStoragePoolID
- lxd/db: Rename StoragePoolGet to GetStoragePool
- lxd/db: Rename StoragePoolConfigGet to getStoragePoolConfig
- lxd/db: Rename StoragePoolCreate to CreateStoragePool
- lxd/db: Rename StoragePoolUpdate to UpdateStoragePool
- lxd/db: Rename StoragePoolConfigClear to clearStoragePoolConfig
- lxd/db: Rename StoragePoolDelete to RemoveStoragePool
- lxd/db: Rename StoragePoolVolumesGetNames to GetStoragePoolVolumesNames
- lxd/db: Rename StoragePoolVolumesGetAllByType to GetStoragePoolVolumesWithType
- lxd/db: Rename StoragePoolVolumesGet to GetStoragePoolVolumes
- lxd/db: Rename StoragePoolNodeVolumesGet to GetLocalStoragePoolVolumes
- lxd/db: Rename StoragePoolVolumeSnapshotsGetType to GetLocalStoragePoolVolumeSnapshotsWithType
- lxd/db: Rename StoragePoolNodeVolumesGetType to GetLocalStoragePoolVolumesWithType
- lxd/db: Rename StoragePoolNodeVolumeGetTypeByProject to GetLocalStoragePoolVolume
- lxd/db: Rename StoragePoolVolumeUpdateByProject to UpdateStoragePoolVolume
- lxd/db: Rename StoragePoolVolumeDelete to RemoveStoragePoolVolume
- lxd/db: Rename StoragePoolVolumeRename to RenameStoragePoolVolume
- lxd/db: Rename StoragePoolVolumeCreate to CreateStoragePoolVolume
- lxd/db: Rename StoragePoolNodeVolumeGetTypeIDByProject to GetStoragePoolNodeVolumeID
- lxd/db: Rename StoragePoolInsertZfsDriver to FillMissingStoragePoolDriver
- lxd/storage/zfs: Use TryUnmount
- ethtool: add ethtoolGset() helper
- Support two-phase creation of a storage pool on single-node cluster
- lxd/storage/drivers/driver/btrfs/utils: Adds setSubvolumeReadonlyProperty function
- lxd/storag/drivers/driver/btrfs/volumes: Removes readonly argument from snapshotSubvolume
- lxd/storage/drivers/driver/btrfs: d.setSubvolumeReadonlyProperty and d.snapshotSubvolume usage
- lxd/db: Rename StoragePoolVolumeGetType to GetStoragePoolVolume
- lxd/db: Rename StoragePoolVolumeSnapshotCreate to CreateStorageVolumeSnapshot
- lxd/db: Rename StoragePoolVolumeSnapshotUpdateByProject to UpdateStoragePoolVolumeSnapshot
- lxd/db: Rename StorageVolumeSnapshotExpiryGet to GetStorageVolumeSnapshotExpiry
- lxd/db: Rename StorageVolumeSnapshotsGetExpired to GetExpiredStorageVolumeSnapshots
- resources/ethtool: implement ETHTOOL_GLINKSETTINGS
- lxd/storage/drivers/driver/btrfs/utils: Adds getSubvolumesMetaData function
- lxd/storage/drivers/driver/btrfs/volumes: Maintain subvolume readonly state in snapshot
- lxd/storage/driversr/driver/btrfs/utils: Allow ro subvolumes to be deleted in deleteSubvolume
- lxd/storag/drivers/driver/btrfs/volumes: Updates MigrateVolume to send subvolumes
- lxd/storage/drivers/driver/btrfs/volumes: Fail backup when cleanup fails in BackupVolume
- lxd/storage/drivers/driver/btrfs/volumes: Better naming of variables in unpackVolume
- lxd/migration/migrate/proto: Adds BTRFS Features to offer header
- lxd/migration/utils: Adds GetBtrfsFeaturesSlice function
- lxd/migration/migration/volumes: Adds BTRFS feature support to TypesToHeader
- lxd/migration/migration/volumes: Adds BTRFS feature support to MatchTypes
- lxd/storage/drivers/driver/btrfs: Adds BTRFS features to MigrationTypes
- lxd/storage/memorypipe: Dont make ioutil.ReadAll panic on cancel
- lxd/storage/drivers/driver/btrfs/utils: Kill btrfs send on error in sendSubvolume
- lxd/storage/drivers/driver/btrfs/utils: Support subvolumes in receiveSubvolume
- lxd/storage/drivers/driver/btrfs/utils: Adds metadataHeader function
- lxd/storage/drivers/driver/btrfs/volumes: Updates CreateVolumeFromMigration to receive subvolumes
- lxd/db: Rename StorageVolumeNodeAddresses to GetStorageVolumeNodeAddresses
- lxd/db: Rename StorageVolumeDescriptionGet to GetStorageVolumeDescription
- lxd/db: Rename StorageVolumeNextSnapshot to GetNextStorageVolumeSnapshotIndex
- lxd/db: Rename StorageVolumeCleanupImages to RemoveStorageVolumeImages
- lxd/db: Rename StorageVolumeMoveToLVMThinPoolNameKey to UpgradeStorageVolumConfigToLVMThinPoolNameKey
- lxd/db: Update naming pattern for generated database code
- client/lxd_images: Fix backward compatibility
- lxd/storage/btrfs: Fix migration from snapshot
- shared/generate/db: Fix generation of Exists method
- lxd/db: Make generated code stable across "make update-schema" runs
- lxd/db: Leverage code-generation for certificates
- shared: Rewrite OpenPty without cgo
- openpty: use O_CLOEXEC directly
- openpty: use fchown()
- openpty: first unlock the master, then get a slave fd
- openpty: use TIOCGPTPEER if available
- lxd/storage/drivers/driver/lvm/utils: Adds lvmSnapshotSeparator constant and updates lvmFullVolumeName to use it
- lxd/storage/drivers/driver/lvm/utils: Adds lvmEscapedHyphen and updates lvmFullVolumeName usage
- lxd/storage/drivers/driver/lvm/utils: Adds parseLogicalVolumeSnapshot function
- lxd/storage/drivers/driver/lvm/utils: Adds tests for parseLogicalVolumeSnapshot
- lxd/storage/drivers/driver/lvm/volumes: Updates VolumeSnapshots to use parseLogicalVolumeSnapshot
- test: Adds tests for snapshot naming conflicts
- lxd/firewall/drivers: Fix nft syntax
- lxc/project: Fix remote handling
- tests: Fix bad project switch call
- lxd/seccomp: Fix profile conflict between projects
- lxd/storage/drivers/driver/lvm/utils: Adds activateVolume and deactivateVolume functions
- lxd/storage/drivers/driver/lvm/utils: Set --setactivationskip on in createLogicalVolume
- lxd/storage/drivers/driver/lvm/utils: Set --setactivationskip on in createLogicalVolumeSnapshot
- lxd/storage/drivers/driver/lvm/utils: Activate volume in copyThinpoolVolume when regeneration FS UUID
- lxd/storage/drivers/driver/lvm: Dont activate all volumes on pool mount
- lxd/storage/drivers/driver/lvm/volumes: Activate volume before generic copy in CreateVolumeFromCopy
- lxd/storage/drivers/driver/lvm/volumes: Activate volume in SetVolumeQuota
- lxd/storage/drivers/driver/lvm/volumes: Activate volume in MountVolume
- lxd/storage/drivers/driver/lvm/volumes: Deactivate volume in UnmountVolume
- lxd/storage/drivers/driver/lvm/volumes: Acticate volume before generic migrate in MigrateVolume
- lxd/storage/drivers/driver/lvm/volumes: Activate volume in MountVolumeSnapshot
- lxd/storage/drivers/driver/lvm/volumes: Deactivate volume in UnmountVolumeSnapshot
- lxd/storage/drivers/driver/lvm/volumes: Activate volume before FS UUID regen in RestoreVolume
- openpty: fix TIOCGPTPEER usage
- Make network address bind error fatal when clustered
- lxd/storage/drivers/driver/btrfs/utils: Renames metadatHeader to restorationHeader
- lxd/storage/drivers/driver/btrfs/volumes: d.restorationHeader usage
- lxd/storage/drivers/driver/btrfs/volumes: Clarifies comments in MigrateVolume
- lxd/storage/drivers/driver/btrfs/volumes: Adds safety net against failed matching of subvolumes
- lxd/storage/drivers/driver/btrfs/utils: Fix deleteSubvolume to support recursive delete with intermediate ro subvols
- lxd/storage/drivers/utils: Mark BTRFSSubVolumeMakeRo and BTRFSSubVolumeMakeRw deprecated
- lxd/storage/drivers/driver/btrfs/volumes: Updates RestoreVolume to restore subvolume ro property
- test: Adds BTRFS subvolume tests
- lxd/storage/memorypipe: Fixes issue with partial reads losing data
- lxd/storage/drivers/driver/btrfs/volumes: Restores subvolumes ro property in CreateVolumeFromCopy
- lxd/storage/drivers/driver/btrfs/utils: Adds marshal tags to BTRFSSubVolume and BTRFSMetaDataHeader
- lxd/device/nic/bridged: Updates github.com/mdlayher/netx/eui64
- fix IPVLAN docs
- lxd/cluster: Don't run a connection proxy when connecting with the Go dqlite client
- lxd/cluster: Extract dqlite network proxy logic to standalone function and support cancellation
- lxd/cluster: Use dqliteProxy in raftDial
- lxd/cluster: Use ReadClose() to gracefully stop the dqlite proxy
- lxd/device/device/utils/generic: Removes deviceNameEncode and deviceNameDecode
- lxd/storage/drivers/utils: Adds PathNameEncode and PathNameDecode
- lxd/device/device: PathNameEncode and PathNameDecode usage
- lxd/storage/drivers/driver/types: Adds OptimizedBackupHeader field to Info
- lxd/backup/backup: Adds OptimizedHeader field to Info struct
- lxd/backup: Updates backupWriteIndex to populate the OptimizedHeader field
- lxd/storage/drivers/driver/btrfs: Sets OptimizedBackupHeader to true in Info struct response
- lxd/storage/drivers/driver/btrfs/utils: Adds warning to BTRFSSubVolume and BTRFSMetaDataHeader about shared usage
- lxd/storage/drivers/driver/btrfs/volumes: Updates BackupVolume to add subvolumes to optimized backup file
- lxd/storage/drivers/interface: Update CreateVolumeFromBackup to pass srcBackup backup.Info
- lxd/storage/backend/lxd: Pass srcBackup in CreateInstanceFromBackup
- lxd/storage/drivers: CreateVolumeFromBackup srcBackup backup.Info usage
- lxd/backup/backup: Updates GetInfo to set optimizedHeaderFalse false if not present in yaml file
- lxd/storage/drivers/driver/btrfs/utils: Adds loadOptimizedBackupHeader
- lxd/storage/drivers/driver/btrfs/volumes: Updates CreateVolumeFromBackup to restore subvolumes using optimized header file
- lxd/storage/drivers/driver/btrfs/volumes: Simplifies parent volume logic in BackupVolume
- lxd/storage/drivers/driver/btrfs/volumes: Simplifies parent volume logic for MigrateVolume
- test: Adds BTRFS backup subvolume tests
- lxd/storage/drivers/driver/btrfs/utils: Removes receiveSubvolume
- lxd/storage/drivers/driver/btrfs/utils: Adds receiveSubVolume function
- lxd/storage/drivers/driver/btrfs/volumes: Updates CreateVolumeFromMigration to use receiveSubVolume
- lxd/resources/memory: Fix memory calculation
- lxd: Improve logging of shutdown errors
- lxd/instances/post: Delete restored instance on backup post hook failure
- Fix 'how to mount home directory' shiftfs FAQ
- shared: build fs_{32,64}bit.go on mips*
- lxd/util: build fs_{32,64}bit.go on mips*
- lxd/rsync: Adds optional rsync arguments to LocalCopy
- lxd/storage/utils: Fixes ImageUnpack to not erase generated rootfs block file when doing rsync
- ethtool: don't report -1 for speed in ethtoolLink()
- lxd/storage/quota/projectquota: Fixes leaking file handles in quota_set_path and quota_get_path
- lxd/storage/quota/projectquota: Adds inherit argument to quota_set_path
- lxd/storage/quota/projectquota: Updates SetProject to recursively set project and support non-directory files
- lxd/storage/drivers/driver/dir/utils: Updates deleteQuota to use DeleteProject
- lxd/storage/drivers/driver/dir/volumes: Adds quota revert in CreateVolumeFromBackup post hook
- Always skip offline servers when rebalancing
- When demoting a voter to spare, transition to stand-by first
- test/clustering: Make sure that a killed voter can't dsirupt current leader
- lxd/cluster: Use a dedicated channel to stop the dqlite proxy
- lxd: Call Deamon.Kill() also when receiving signals (so db transactions won't be retried)
- lxd/db: Add Cluster.Kill() method to prevent retrying upon shutdown
- lxd/firewall/drivers/driver/nftables/templates: Fixes proxy nat rule dynamic family
- shared/util_linux.go: cast Rdev uint64 for mips
- lxd/storage/quota/projectquota.go: cast Rdev uint64 for mips
- lxd/device/device_utils_unix.go: cast Rdev uint64 for mips
- lxd/device/gpu.go: cast Rdev uint64 for mips
- shared: Reimplement GetPollRevents without cgo
- lxd-agent: Build statically
- Drop gccgo
- lxd-p2c: Drop cgo
- shared/ucred: Cleanup package
- lxd/api: Don't strip double slashes
- lxd/operations: Improve error message when database insertion fails
- lxd/db: Change UpdateCertificate to RenameCertificate (only renaming supported)
- lxd/db: Rename containers.go to instances.go
- shared/generate/db: Statement for deleting references (config and devices)
- lxd/db: Generate delete stements for profile config and devices
- shared/generate/db: update statement: take ID instead of natural key
- shared/generate/db: Handle config and devices in Update method
- lxd/db: Generate Update method for profiles
- lxd: Plug new UpdateProfile() db method into doProfileUpdate
- lxd: Plug new UpdateProfile() db method into updatePoolPropertyForAllObjects
- lxd/db: Generate delete statements for instance config, devices and profiles
- lxd/db: Generate UpdateInstance method
- lxd/instance: Plug the new UpdateInstance method and replace legacy logic
- lxd/db: Drop AddDevicesToEntity
- lxd/storage/drivers/driver/common: Logging quoting consistency
- lxd/storage/drivers: Adds storage_lvm_skipactivation patch
- test: Drive-by fix for flaky clustering rebalance test
- Recommend to increase the value of aio-max-nr for production use
- lxd/firewall/firewall/interface: Change definition of Compat() to return compat issue error
- lxd/firewall/drivers/driver/nftables: Updates Compat() to return compat issues as error
- lxd/firewall/drivers/drivers/xtables: Updates Compat() to return compat issues as error
- shared/simplestreams: Support uefi1.img
- lxd/firewall/firewall/load: Updates driver detection to warn when falling back to non-compatible xtables
- lxd/storage/pools: Improves delete pool error info
- instance_exec: don't panic
- lxd/qemu: Handle quoted raw.qemu
- lxd/main_forkproxy: Reduce logging
- lxd/networks: Warn on small IPv6 subnets
- lxd/network: Force DHCP custom gateway
- lxc/list: Add disk and memory columns
- i18n: Update translation template
- lxd/storage/drivers: Make sure tar reader context is cancelled before defer
- lxc/list: Fix test
- shared/archive: Wraps cancelFunc to wait until unpacker process has finished in CompressedTarReader
- lxd/cluster: Transfer leadership before adjusting roles, not after
- lxd/cluster: Add time skew detection
- test: Wait a few more seconds for the rebalance to happen
- lxd/daemon.go: Don't try to rebalance after shutdown sequence has started
- lxd/cluster: Don't try to rebalance a standalone node
- lxc/ucred: Simplify logic
- lxd/qemu: Cleanup arch checks
- lxd/qemu: Add s390x support
- lxd/api: Fail /internal/ready requests made after shutdown has started
- lxc/config: Add -e shorthand
- forkfile: port to using pidfds
- forkmount: port to using pidfds
- forkproxy: port to using pidfds
- syscall_numbers: update
- forknet: port to pidfds
- forkuevent: port to pidfds
- forksyscall: port to pidfds
- daemon: record "pidfd" extension
- lxd/storage/lvm: Correct bad VG name in patch
- shared/subprocess: Better handle slow systems
- tests: Don't assume bridge MTU can be forced up
- fork*: add "--" to not misinterpret negative integers as flags
- lxd/storage/utils: Removes unused name arg from VolumeFillDefault
- lxd/instance/drivers: storagePools.VolumeFillDefault usage
- lxd/patches: driver.VolumeFillDefault usage
- lxd/storage/utils: VolumeFillDefault usage
- lxd/storage/utils: Updates VolumeValidateConfig to require volume type
- lxd/storage/utils: Adds VolumeDBTypeToType function
- lxd/storage/utils: Updates VolumeDBCreate to pass volume type
- lxd/storage/drivers/utils: Updates ensureVolumeBlockFile to reject unsafe volume shrinking
- lxd/storage/drivers/geneirc/vfs: Removes genericVFSResizeBlockFile
- lxd/storage/drivers: ensureVolumeBlockFile usage
- lxd/storage/drivers/volume: Adds SetQuota function
- lxd/storage/drivers/volume: Adds config functions
- lxd/storage/drivers/driver/lvm/utils: Removes functions moved into Volume struct
- lxd/storage/drivers/driver/lvm/utils: Usage of volume config functions
- lxd/storage/drivers/driver/lvm/volumes: Volume config function usage
- lxd/storage/drivers: Replace volumeSize() with vol.ConfigSize()
- forknet: add missing "--" to forknet invocation on detach
- process_utils: remove a bunch of unused functions
- lxd: Make use of ExitCode
- share/subprocess: Reduce sleep back to 5
- lxd/instances/lxc: Fix calls to forknet
- forkmount: prevent interpreting negative numbers as flags
- shared/subprocess: Ensure monitor routine exits
- shared/subprocess: Properly reset state
- tests: Fix btrfs test on non-shiftfs
- tests: Old kernels don't let you rmdir btrfs
- lxd/db: Use query.SelectString helper in GetLocalImages()
- lxd/db: Use query.SelectString helper in GetImagesFingerprints()
- shared/generate/db: Support int64 fields
- lxd/db: Initial code generation for images (without references)
- lxd/db: Use the generated GetImages code to implement GetExpiredImages
- lxd/db: Use query.SelectObjects helper in GetImageSource
- lxd/db: Use query.SelectStrings helper in ImageSourceGetCachedFingerprint
- lxd/db: Use query.Count helper in ImageExists
- lxd/db: Use query.Count helper in ImageIsReferencedByOtherProjects
- lxd/db: Use query.UpsertObject helper in CreateImageSource
- lxd/cluster: Drive-by fix for flaky rebalance test
- lxd/db: Usage query.DeleteObject to implement DeleteImage
- lxd/db: Use query.SelectStrings to implement GetImageAliases
- lxd/db: Use a single transaction in GetImageAlias
- lxd/db: Use a single transaction in DeleteImageAlias
- lxd/db: Use single transaction in CreateImageAlias
- lxd/db: Usage single transaction in CreateImage
- lxd/db: Use query.SelectIntegers helper in GetPoolsWithImage
- lxd/db: Use a single transaction in GetPoolNamesFromIDs
- lxd/db: Use explicit transaction in GetInstanceProjectAndName
- lxd/db: Drop unused DeleteInstanceConfig
- shared/subprocess: Fix Stop handling
- lxd/storage/utils: Updates ImageUnpack to detect too small volume for qcow2 image and increase size before unpack
- lxd/storage/utils: Adds checks to ImageUnpack before enlarging volume
- lxd/storage/drivers/driver/types: Updates VolumeFiller Fill function to take a Volume
- lxd/storage: Updates volume filler usage to supply Volume rather than mount path
- lxd/storage/drivers/volume: Adds ConfigSizeFromSource function
- lxd/storage/drivers/driver/lvm/utils: Updates copyThinpoolVolume to only use vol.config["size"] for resizing
- lxd/storage/drivers/driver/lvm/utils: Updates Volume type in createLogicalVolumeSnapshot definition
- lxd/storage/drivers/driver/common: Adds runFiller function
- lxd/storage/backend/lxd: Updates imageFiller to return volume size
- lxd/storage/backend/lxd: Updates CreateInstanceFromImage to load image vol DB record
- lxd/storage/backend/lxd: Updates EnsureImage to record volatile.rootfs.size for block images
- lxd/storage/drivers/driver/types: Updates VolumeFiller definition to store size
- lxd/storage/utils: Validates volatile.rootfs.size key for image volumes in validateVolumeCommonRules
- lxd/storage/utils: Updates ImageUnpack to return image virtual size
- lxd/storage/drivers/driver/btrfs/volumes: d.runFiller usage
- lxd/storage/drivers/driver/ceph/volumes: d.runFiller usage
- lxd/storage/drivers/driver/cephfs/volumes: d.runFiller usage
- lxd/storage/drivers/driver/dir/volumes: d.runFiller usage
- lxd/storage/drivers/driver/lvm/volumes: d.runFiller usage
- lxd/storage/drivers/driver/zfs/volumes: d.runFiller usage
- lxd/storage/drivers/volume: Adds SetConfigSize function
- lxd/storage/backend/lxd: Updates CreateInstanceFromImage to use vol.ConfigSizeFromSource to dervice volume size
- lxd/storage/drivers: Updates CreateVolumeFromCopy to only use vol.config["size"] for resizing
- lxd: Reduce number of transactions in containerPostClusteringMigrate
- lxd/db: Use query.SelectStrings helper in LegacyContainersList
- lxd/db: Rename dbDeviceTypeToString to deviceTypeToString
- lxd/storage/drivers/utils: ensureVolumeBlockFile comment clarification
- lxd/storage/drivers/utils: Renames BlockDevSizeBytes to BlockDiskSizeBytes
- lxd/storage/utils: drivers.BlockDiskSizeBytes usage
- lxd/storage/utils: Simplifies InstanceDiskBlockSize with drivers.BlockDiskSizeBytes usage
- lxd/storage/drivers/generic/vfs: Simplifies genericVFSBackupVolume with drivers.BlockDiskSizeBytes usage
- lxd/storage/backend/lxd: Whitespace in CreateInstanceFromBackup
- lxd/storage/drivers/driver/ceph/volumes: BlockDiskSizeBytes usage in SetQuota
- lxd/storage/drivers: Updates dir and btrfs to support filler volume enlargement
- lxd/db: Group ClusterTx instance methods together
- lxd/db: Rename AddProfilesToInstance to addProfilesToInstance
- lxd/db: Move instance backup methods to backups.go
- lxd/db: Rename InstanceBackupArgs to InstanceBackup
- lxd/db: Remove unused profile functions
- lxd/db: Move storage volumes methods to storage_volumes.go
- lxd/storage/drivers/volume/test: Adds tests for Volume.ConfigSizeFromSource()
- forkuevent: fix slice allocation
- unix-hotplug: fix uevent injection
- lxd/db: Use auto-generated GetImages() to implement GetImage()
- lxd/db: Use auto-generated GetImages to implement GetImageFromAnyProject
- lxd/db: Group ClusterTx image methods together
- lxd/db: Rename ImageSourceGetCachedFingerprint to GetCachedImageSourceFingerprint
- lxd/images: Set CreatedAt on publish
- lxd: New command line option to trace SQL statements
- lxd/firewall/drivers/drivers/xtables: Updates iptablesInUse to kill process once first rule found
- lxd/backup: Fixes hang in backupCreate when invalid compression argument supplied
- lxd/storage/utils: Removes duplicated qemu-img call in ImageUnpack
- lxd/storage/utils: Switch to qemu-img dd mode in ImageUnpack
- lxd/storage/drivers/utils: Exports MinBlockBoundary
- lxd/storage/drivers: MinBlockBoundary usage
- lxd/resources: Handle missing cache size/type
- Update documentation with backup compression
- lxd/rbac: New notification API
- lxd/firewall/nft: Enhance support detection
- Fix regression in GetImageFromAnyProject
- doc/security: Adds notes about IPv6 router advertisement security
- lxd/device/nic: Changes nicValidationRules to properly validation vlan
- lxd/device/nic/bridged: Adds revert for veth pair cleanup on error
- lxd/firewall/drivers/drivers/xtables: Drops tagged vlan frames when using IP filtering
- lxd/firewall/drivers/drivers/nftables: Drops tagged vlan frames when using IP filtering
- lxd/network/network/utils: Improve comments on ovs switch attach/detach
- lxd/network/network/utils: Improves arg name in network attach/detach functions
- lxd/device/bic/bridged: Fixes openvswitch port leak when device is stopped
- lxd/network/utils: Adds IsNativeBridge function
- lxd/maas: Fix support for multiple subnets
- lxd/maas: Support projects
- lxd/dnsmasq: Add project suffix
- Remove incorrect statement about supported network devices with virtual machines According documentation supported types with virtual machines are physical, bridged, macvlan, p2p, sriov
- lxd/rbac: Fix auth for non-RBAC trusted clients
- global: Add riscv64 to build tags
- Stop using Driver.SetContextTimeout() which is a no-op
- use the coreos fork of boltdb since the original is archived/abandoned
- lxd/device/device/utils/network: Adds networkValidVLAN and networkValidVLANList functions
- lxd/device/device/utils/network: Allow VLAN ID 0 in networkValidVLAN
- lxd/instance/drivers/driver/lxc: Adds debug logging to deviceStop
- lxd/instance/drivers/driver/lxc: Adds driver revert on failed start in startCommon
- lxd/instance/drivers/driver/qemu: Adds debug logging to deviceStop
- lxd/instance/drivers/driver/qemu: Simplifies failed start device cleanup in Start
- lxd/storage/drivers/driver/ceph/utils: Removes getRBDFilesystem
- lxd/storage/drivers/driver/ceph: Replaces use of d.getRBDFilesystem with vol.ConfigBlockFilesystem
- lxd/storage/drivers/volume: Adds ConfigBlockMountOptions function
- lxd/storage/drivers/driver/ceph/utils: Removes getRBDMountOptions in place of vol.ConfigBlockMountOptions()
- lxd/storage/drivers/driver/lvm/utils: Removes volumeMountOptions in place of vol.ConfigBlockMountOptions()
- lxd/storage/drivers: Replaces driver specific mount options resolution with vol.ConfigBlockMountOptions()
- shared/api: Extend NetworkState for bridge/bond
- lxd/rbac: Don't close body when missing
- doc/storage: Cover host/disk/loop setups
- lxd/init: Tweak default loop sizing
- lxd/vm: Rename some functions
- client: Expand snap path in ConnectLXDUnix
- client: Fix ConnectLXDUnix regression
- lxd/vm: Fix PCIe slot for physical/sriov nic
- lxd/vm: Add virtio-vga card
- lxd/vm: Add spice channel
- lxd/instance/drivers/driver/qemu: Integrates built in GPU device PCI range with future passthrough GPU devices
- lxd/instance/drivers/driver/qemu/templates: Updates built in GPU device to use GPU address range prefix
- lxd/vm: Move to separate devices
- lxd/vm: Remove tiny wrapper functions
- lxd/vm: Per-architecture bus type
- add type to specify the instance type on creation Signed-off-by: Salem Yaslem s@sy.sa
- lxd/vm: Centralize port generation
- lxd/device: Sort nic devices ahead of others
- lxd/device/device/utils/generic: Adds PCI management functions for overriding driver
- lxd/device/device/utils/network: Removes network specific PCI bind/unbind functions
- lxd/device/nic/physical: Updates to use generic PCI management functions
- lxd/device/nic/sriov: Updates to use generic PCI management functions
- lxd/vm: Separate template keys in global/local
- lxd/vm: Use virtio-gpu-pci on non-x86
- lxd/vm: Rename qemuVGA to qemuGPU
- lxd/vm: Add virtio-input keyboard/mouse
- lxd/vm: Move bus allocator to own file
- lxc/volume: Fix typo in help message
- lxc/snapshot: Allow using snapshot delimiter
- doc/instances: Updates GPU device docs to show VM support
- lxd/device/gpu: Updates validation for VM support
- lxd/device/config/device/runconfig: Adds GPU field to RunConfig
- lxd/device/device/utils/generic: pciDeviceDriverOverride only check for driver binding if specified
- lxd/device/gpu: Adds VM GPU passthrough support
- lxd/instance/drivers/driver/qemu/templates: Consistent naming and casing for net dev templates
- lxd/instance/drivers/driver/qemu: Consistent net dev naming usage
- lxd/instance/drivers/driver/qemu/templates: Adds qemuGPUDevPhysical template
- lxd/instance/drivers/driver/qemu: Adds GPU passthrough support
- lxd/instance/drivers/driver/qemu/bus: Adds comments, clarifies var names, and constants for defined multi-function groups
- lxd/instance/drivers/driver/qemu: Switches to multi-function group constants and adds comments
- lxd/instance/drivers/qmp/monitor: Allow serial char device name to be passed in
- lxd/instance/drivers/driver/qemu: Defines qemuSerialChardevName to share with qemu and qmp
- lxd/instance/drivers/driver/qemu: qemuSerialChardevName usage
- lxd/instance/drivers/driver/qemu/templates: Add serial chardev name injection
- lxd/storage/quota/projectquota: Only set quota on directories and regular files
- lxd/db: Automatically strip ?project=default
- lxc/action: Properly handle --all with remotes
- lxd/projects: Properly clear empty keys
- lxd/db: Add missing feature to default project
- lxd/instance/drivers/driver/qemu: Pass-through GPU VGA mode status from host
- i18n: Update translation templates
- lxd/storage/drivers/driver/zfs/volumes: Remove snapshot when migrating as main volume
- lxd/cluster/heartbeat: Fix race in HeartbeatNode
- lxc/console: Split Console to own function
- lxc/start: Allow direct console attach
- i18n: Update translation templates
- lxd/instance/drivers/driver/qemu: Only enable GPU vga mode on x86_64 systems
- lxd/resources: Fix golint warning
- doc/api-extensions: Fix escaping
- api: resource_cpu_isolated
- lxd/resources: Add Isolated property
- lxd/resources: Don't use shared
- lxd/devices: Use resources for cpuset parsing
- lxc: Don't over-escape URLs
- lxd: Don't over-escape URLs
- lxd/db/storage: Rework UsedBy for pools
- lxd/instance/drivers/driver/qemu: Adds trans=virtio to 9p mounts
- lxc/action: Also add --console to restart
- lxd/resources/net: More flexible PCI detection
- lxc/query: Add path check
- i18n: Update translation templates
- tests: Fix bad lxc query call
- lxd/storage-pools: Tweak UsedBy URLs
- lxd/db: Tweak joins
- lxd/db: Fix UsedBy on projects
- lxd/storage_volumes: Fix UsedBy
- api: usedby_consistency
- lxd-agent/main/agent: Fix 9p mount when relative target path is supplied
- test: Updates udhcpd args to ensure process quits one lease acquired
- util_linux: update terminology
- lxd/networks: Reports profiles in UsedBy
- lxd: Fix snapshot index retrieval
- lxd/backups: Use backups dir for unpack
- lxd/vm: Add udev rule fallback
- lxd/images: Set arch names when downloading
- lxd: More flexible compression algorithms
- tests: Add test for compression options
- doc/rest-api: Rename rootfs to root
- doc/rest-api: Fix instance PATCH example
- lxd: Fix building with clang
- lxd/db: Add missing criteria for querying a specific public image
- lxd/db: Add the Errored storage state when rendering the Status field
- lxd/cluster: If raft node 1 gets remove during recovery, add it back
- lxd/db: Make GetNework() return an error if the network is pending
- lxd/db: Rename NetworkCreatePending to CreatePendingNetwork
- lxd/db: Make GetStoragePool() return an error if the pool is pending
- lxd/db: Rename StoragePoolCreatePending to CreatePendingStoragePool
- lxd/firewall: Filter unwanted ethernet frame types when IP filtering is enabled
- lxd/storage/drivers: Bump VM fs size to 100MB
- lxd/db: Fix UsedBy for profiles on storage pools
- lxd/storage: Use Truncate to create/grow VM files
- lxd/db: Consider personalities in GetNodeWithLeastInstances
- lxd/db: Avoid test failure in arch matching
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.2 リリースのお知らせ¶
5th of June 2020
はじめに ¶
LXD チームは、LXD 4.2 のリリースをお知らせすることにとてもワクワクしています!
このリリースでは、完全に新しい機能の導入と、多数のバックグラウンドの安定性の向上と速度の改良を行っています。
このリリースでのネットワークの改良は、プロジェクトごとの仮想ネットワークを OVN を使って実装するという最終的なゴールへ向かって設定した作業の始まりを示しています。この一環として、既存の OVS の扱いをいくつか修正し、VLAN フィルタリングと設定レポートをいくつか LXD に追加しました。
データベースやクラスタリングロジックの改良、問題の修正、テストカバレッジの改良、パフォーマンスの改善にもかなりの努力が払われています。
最後の注目点はセキュリティです。我々がここ数ヶ月〜数年の間に行ってきたアップストリームのカーネルでの作業から利益が得られるようになっています。このような機能を使って競合状態を避けながら、全体的に LXD をスピードアップしています。
Enjoy!
新機能とハイライト ¶
ブリッジでの VLAN フィルタリング ¶
物理的なネットワークスイッチに精通している人は、ポートやボンディングにタグなしやタグ付きの VLAN を設定するのに慣れているでしょう。Linux のソフトウェアスイッチでも、タグなし VLAN のポートごとの選択や、タグ付き VLAN のリストを全く同じように扱えます。
今回のリリースで、LXD はネイティブな Linux のブリッジと OVS の両方をサポートするようになりました。
ブリッジされた nic での vlan と vlan.tagged 設定キーを通して実装されます。vlan プロパティはタグなし VLAN を制御します。一方で、vlan.tagged は通過させるカンマ区切りのタグ付き VLAN のリストです。
ネットワーク状態情報の拡張 ¶
/1.0/networks/NAME/state API エンドポイントが拡張され、ボンディングとブリッジ固有の詳細が表示できるようになりました。これにより、LXD ホストをリモートから調査するのが容易になりました。特にクラスターの場合に役に立ちます。
ボンディングの詳細は次のように見えます:
stgraber@castiana:~$ lxc query /1.0/networks/bond0/state | jq .bond
{
"down_delay": 500,
"lower_devices": [
"dum0",
"dum1"
],
"mii_frequency": 100,
"mii_state": "up",
"mode": "balance-rr",
"transmit_policy": "layer2",
"up_delay": 100
}
ブリッジの詳細は次のように見えます:
stgraber@castiana:~$ lxc query /1.0/networks/lxdbr0/state | jq .bridge
{
"forward_delay": 1500,
"id": "8000.06099e00b912",
"stp": false,
"upper_devices": [
"tap1053b4fd",
"tapef45d46d",
"veth1651f83f",
"veth8eb3fb1a"
],
"vlan_default": 1,
"vlan_filtering": true
}
カスタムの検索ドメインのサポート ¶
新たにネットワークで domain.search 設定キーが設定でき、これを使ってインスタンスに広告する検索のためのドメインのリストをカンマ区切りで設定するために使えます。
ネットワークリストの新たな IPv4 と IPv6 カラム ¶
lxc network list のデフォルト出力で新たに IPv4 と IPv6 のサブネットを表示するようになりました。
ネットワークを識別するのがかなり簡単になりました。
stgraber@castiana:~$ lxc network list +--------+----------+---------+----------------+---------------------------+-------------+---------+ | NAME | TYPE | MANAGED | IPV4 | IPV6 | DESCRIPTION | USED BY | +--------+----------+---------+----------------+---------------------------+-------------+---------+ | bond0 | bond | NO | | | | 0 | +--------+----------+---------+----------------+---------------------------+-------------+---------+ | eth0 | physical | NO | | | | 0 | +--------+----------+---------+----------------+---------------------------+-------------+---------+ | eth1 | physical | NO | | | | 0 | +--------+----------+---------+----------------+---------------------------+-------------+---------+ | lxdbr0 | bridge | YES | 10.166.11.1/24 | fd42:4c81:5770:1eaf::1/64 | | 16 | +--------+----------+---------+----------------+---------------------------+-------------+---------+ | wlan0 | physical | NO | | | | 0 | +--------+----------+---------+----------------+---------------------------+-------------+---------+
コンテナで mips と riscv64 の VM で s390x のサポート ¶
色々な MIPS バリアントのサポートが追加され、LXD で MIPS システムをビルドして実行できるようになりました。
RISC-V 64bit のサポートも追加され、コンテナで動作することを確認しました。
ubuntu@riscv64:~$ lxc list -cns46ta +------+---------+----------------------+-----------------------------------------------+-----------+--------------+ | NAME | STATE | IPV4 | IPV6 | TYPE | ARCHITECTURE | +------+---------+----------------------+-----------------------------------------------+-----------+--------------+ | b1 | RUNNING | 10.108.12.160 (eth0) | fd42:5832:5781:1eaf:216:3eff:fedd:884d (eth0) | CONTAINER | riscv64 | +------+---------+----------------------+-----------------------------------------------+-----------+--------------+
両方とも、事実上イメージが存在しないので、今の所は Busybox を使うしかありません。
VM 側では、s390x 仮想マシンのサポートを追加しました。
すべてのコンテナのサブプロセスで pidfd を使用 ¶
LXD はコンテナ由来の PID を受け取るサブプロセスを頻繁に生成します。 これは状況次第では競合状態になる可能性があります。プロセスが終了し、我々がそれを検知する前に PID がリサイクルされる可能性があり、偶然間違った相手とやりとりしてしまう可能性があります。
Linux カーネルの pidfd に関する @brauner 氏の作業はこれを修正することを目的としています。LXD と LXC は PID を渡すのではなく、可能な限りファイルディスクリプタを特定のプロセスに渡すようにしています。
LVM ボリュームは必要なときのみアクティブに ¶
LVM はインスタンスが実行されていない限り、LV を非アクティブに保つことにより、ZFS や CEPH と同じように動作します。これにより /dev が乱雑さが減少し、小さなパフォーマンスの向上につながる可能性があります。
DB クエリのトレースサポート ¶
LXD のデータベースクエリをデバッグするために、新たに trace オプションが追加されました。
デーモンを --debug --trace database オプション付きで起動すると、すべての SQL クエリがログに記録されます。
より良いクラスターライフサイクルの扱い ¶
最近、外部の dqlite/raft/libco プロジェクトに対する自動テストを拡張し、他のダウンストリームユーザーが発見した多数の問題を修正し、LXD のロジックの一部をアップストリームのコードベースに移動しました。
LXD のクラスタリングテストは、リーダーシップの変更、ノードの再起動、デグレードのセットアップのより多くのケースをテストするために拡張されました。
クラスター化された環境でよくある問題の原因は時間のズレ(Time skew)です。数秒以上ずれると、スケジュールされたタスクやイベントなどで大混乱が引き起こされる可能性があります。これを解決するために、LXD は時間のズレを検出する方法として内部的なハートビートを使います。そして検出されたり解決された場合にログに警告を出力するようになりました。
データベース関数のクリーンアップ ¶
データベースの面では、データベースロジックのより多くがコードジェネレーターに移動され、コードを書く際にミスをするリスクを制限しています。その結果、多数の関数が非推奨となり、コードパスの一部が単一のトランザクション内で実行されるように最適化されました。
すべての変更点(翻訳なし)¶
Here is a complete list of all changes in this release:
- shared/generate/db: Fix generation of Exists method
- lxd/db: Make generated code stable across "make update-schema" runs
- lxd/db: Leverage code-generation for certificates
- shared: Rewrite OpenPty without cgo
- openpty: use O_CLOEXEC directly
- openpty: use fchown()
- openpty: first unlock the master, then get a slave fd
- openpty: use TIOCGPTPEER if available
- lxd/storage/drivers/driver/lvm/utils: Adds lvmSnapshotSeparator constant and updates lvmFullVolumeName to use it
- lxd/storage/drivers/driver/lvm/utils: Adds lvmEscapedHyphen and updates lvmFullVolumeName usage
- lxd/storage/drivers/driver/lvm/utils: Adds parseLogicalVolumeSnapshot function
- lxd/storage/drivers/driver/lvm/utils: Adds tests for parseLogicalVolumeSnapshot
- lxd/storage/drivers/driver/lvm/volumes: Updates VolumeSnapshots to use parseLogicalVolumeSnapshot
- test: Adds tests for snapshot naming conflicts
- lxd/firewall/drivers: Fix nft syntax
- lxc/project: Fix remote handling
- tests: Fix bad project switch call
- lxd/seccomp: Fix profile conflict between projects
- lxd/storage/drivers/driver/lvm/utils: Adds activateVolume and deactivateVolume functions
- lxd/storage/drivers/driver/lvm/utils: Set --setactivationskip on in createLogicalVolume
- lxd/storage/drivers/driver/lvm/utils: Set --setactivationskip on in createLogicalVolumeSnapshot
- lxd/storage/drivers/driver/lvm/utils: Activate volume in copyThinpoolVolume when regeneration FS UUID
- lxd/storage/drivers/driver/lvm: Dont activate all volumes on pool mount
- lxd/storage/drivers/driver/lvm/volumes: Activate volume before generic copy in CreateVolumeFromCopy
- lxd/storage/drivers/driver/lvm/volumes: Activate volume in SetVolumeQuota
- lxd/storage/drivers/driver/lvm/volumes: Activate volume in MountVolume
- lxd/storage/drivers/driver/lvm/volumes: Deactivate volume in UnmountVolume
- lxd/storage/drivers/driver/lvm/volumes: Acticate volume before generic migrate in MigrateVolume
- lxd/storage/drivers/driver/lvm/volumes: Activate volume in MountVolumeSnapshot
- lxd/storage/drivers/driver/lvm/volumes: Deactivate volume in UnmountVolumeSnapshot
- lxd/storage/drivers/driver/lvm/volumes: Activate volume before FS UUID regen in RestoreVolume
- openpty: fix TIOCGPTPEER usage
- Make network address bind error fatal when clustered
- lxd/storage/drivers/driver/btrfs/utils: Renames metadatHeader to restorationHeader
- lxd/storage/drivers/driver/btrfs/volumes: d.restorationHeader usage
- lxd/storage/drivers/driver/btrfs/volumes: Clarifies comments in MigrateVolume
- lxd/storage/drivers/driver/btrfs/volumes: Adds safety net against failed matching of subvolumes
- lxd/storage/drivers/driver/btrfs/utils: Fix deleteSubvolume to support recursive delete with intermediate ro subvols
- lxd/storage/drivers/utils: Mark BTRFSSubVolumeMakeRo and BTRFSSubVolumeMakeRw deprecated
- lxd/storage/drivers/driver/btrfs/volumes: Updates RestoreVolume to restore subvolume ro property
- test: Adds BTRFS subvolume tests
- lxd/storage/memorypipe: Fixes issue with partial reads losing data
- lxd/storage/drivers/driver/btrfs/volumes: Restores subvolumes ro property in CreateVolumeFromCopy
- lxd/storage/drivers/driver/btrfs/utils: Adds marshal tags to BTRFSSubVolume and BTRFSMetaDataHeader
- lxd/device/nic/bridged: Updates github.com/mdlayher/netx/eui64
- fix IPVLAN docs
- lxd/cluster: Don't run a connection proxy when connecting with the Go dqlite client
- lxd/cluster: Extract dqlite network proxy logic to standalone function and support cancellation
- lxd/cluster: Use dqliteProxy in raftDial
- lxd/cluster: Use ReadClose() to gracefully stop the dqlite proxy
- lxd/device/device/utils/generic: Removes deviceNameEncode and deviceNameDecode
- lxd/storage/drivers/utils: Adds PathNameEncode and PathNameDecode
- lxd/device/device: PathNameEncode and PathNameDecode usage
- lxd/storage/drivers/driver/types: Adds OptimizedBackupHeader field to Info
- lxd/backup/backup: Adds OptimizedHeader field to Info struct
- lxd/backup: Updates backupWriteIndex to populate the OptimizedHeader field
- lxd/storage/drivers/driver/btrfs: Sets OptimizedBackupHeader to true in Info struct response
- lxd/storage/drivers/driver/btrfs/utils: Adds warning to BTRFSSubVolume and BTRFSMetaDataHeader about shared usage
- lxd/storage/drivers/driver/btrfs/volumes: Updates BackupVolume to add subvolumes to optimized backup file
- lxd/storage/drivers/interface: Update CreateVolumeFromBackup to pass srcBackup backup.Info
- lxd/storage/backend/lxd: Pass srcBackup in CreateInstanceFromBackup
- lxd/storage/drivers: CreateVolumeFromBackup srcBackup backup.Info usage
- lxd/backup/backup: Updates GetInfo to set optimizedHeaderFalse false if not present in yaml file
- lxd/storage/drivers/driver/btrfs/utils: Adds loadOptimizedBackupHeader
- lxd/storage/drivers/driver/btrfs/volumes: Updates CreateVolumeFromBackup to restore subvolumes using optimized header file
- lxd/storage/drivers/driver/btrfs/volumes: Simplifies parent volume logic in BackupVolume
- lxd/storage/drivers/driver/btrfs/volumes: Simplifies parent volume logic for MigrateVolume
- test: Adds BTRFS backup subvolume tests
- lxd/storage/drivers/driver/btrfs/utils: Removes receiveSubvolume
- lxd/storage/drivers/driver/btrfs/utils: Adds receiveSubVolume function
- lxd/storage/drivers/driver/btrfs/volumes: Updates CreateVolumeFromMigration to use receiveSubVolume
- lxd/resources/memory: Fix memory calculation
- lxd: Improve logging of shutdown errors
- lxd/instances/post: Delete restored instance on backup post hook failure
- Fix 'how to mount home directory' shiftfs FAQ
- shared: build fs_{32,64}bit.go on mips*
- lxd/util: build fs_{32,64}bit.go on mips*
- lxd/rsync: Adds optional rsync arguments to LocalCopy
- lxd/storage/utils: Fixes ImageUnpack to not erase generated rootfs block file when doing rsync
- ethtool: don't report -1 for speed in ethtoolLink()
- lxd/storage/quota/projectquota: Fixes leaking file handles in quota_set_path and quota_get_path
- lxd/storage/quota/projectquota: Adds inherit argument to quota_set_path
- lxd/storage/quota/projectquota: Updates SetProject to recursively set project and support non-directory files
- lxd/storage/drivers/driver/dir/utils: Updates deleteQuota to use DeleteProject
- lxd/storage/drivers/driver/dir/volumes: Adds quota revert in CreateVolumeFromBackup post hook
- Always skip offline servers when rebalancing
- When demoting a voter to spare, transition to stand-by first
- test/clustering: Make sure that a killed voter can't dsirupt current leader
- lxd/cluster: Use a dedicated channel to stop the dqlite proxy
- lxd: Call Deamon.Kill() also when receiving signals (so db transactions won't be retried)
- lxd/db: Add Cluster.Kill() method to prevent retrying upon shutdown
- lxd/firewall/drivers/driver/nftables/templates: Fixes proxy nat rule dynamic family
- shared/util_linux.go: cast Rdev uint64 for mips
- lxd/storage/quota/projectquota.go: cast Rdev uint64 for mips
- lxd/device/device_utils_unix.go: cast Rdev uint64 for mips
- lxd/device/gpu.go: cast Rdev uint64 for mips
- shared: Reimplement GetPollRevents without cgo
- lxd-agent: Build statically
- Drop gccgo
- lxd-p2c: Drop cgo
- shared/ucred: Cleanup package
- lxd/api: Don't strip double slashes
- lxd/operations: Improve error message when database insertion fails
- lxd/db: Change UpdateCertificate to RenameCertificate (only renaming supported)
- lxd/db: Rename containers.go to instances.go
- shared/generate/db: Statement for deleting references (config and devices)
- lxd/db: Generate delete stements for profile config and devices
- shared/generate/db: update statement: take ID instead of natural key
- shared/generate/db: Handle config and devices in Update method
- lxd/db: Generate Update method for profiles
- lxd: Plug new UpdateProfile() db method into doProfileUpdate
- lxd: Plug new UpdateProfile() db method into updatePoolPropertyForAllObjects
- lxd/db: Generate delete statements for instance config, devices and profiles
- lxd/db: Generate UpdateInstance method
- lxd/instance: Plug the new UpdateInstance method and replace legacy logic
- lxd/db: Drop AddDevicesToEntity
- lxd/storage/drivers/driver/common: Logging quoting consistency
- lxd/storage/drivers: Adds storage_lvm_skipactivation patch
- test: Drive-by fix for flaky clustering rebalance test
- Recommend to increase the value of aio-max-nr for production use
- lxd/firewall/firewall/interface: Change definition of Compat() to return compat issue error
- lxd/firewall/drivers/driver/nftables: Updates Compat() to return compat issues as error
- lxd/firewall/drivers/drivers/xtables: Updates Compat() to return compat issues as error
- shared/simplestreams: Support uefi1.img
- lxd/firewall/firewall/load: Updates driver detection to warn when falling back to non-compatible xtables
- lxd/storage/pools: Improves delete pool error info
- instance_exec: don't panic
- lxd/qemu: Handle quoted raw.qemu
- lxd/main_forkproxy: Reduce logging
- lxd/networks: Warn on small IPv6 subnets
- lxd/network: Force DHCP custom gateway
- api: Add network_dns_search
- lxd/network: Support specifying search domain
- lxc/list: Add disk and memory columns
- i18n: Update translation template
- lxd/storage/drivers: Make sure tar reader context is cancelled before defer
- lxc/list: Fix test
- shared/archive: Wraps cancelFunc to wait until unpacker process has finished in CompressedTarReader
- lxd/cluster: Transfer leadership before adjusting roles, not after
- lxd/cluster: Add time skew detection
- test: Wait a few more seconds for the rebalance to happen
- lxd/daemon.go: Don't try to rebalance after shutdown sequence has started
- lxd/cluster: Don't try to rebalance a standalone node
- lxc/ucred: Simplify logic
- lxd/qemu: Cleanup arch checks
- lxd/qemu: Add s390x support
- lxd/api: Fail /internal/ready requests made after shutdown has started
- lxc/config: Add -e shorthand
- lxc/network: Add IPv4/IPv6 columns
- forkfile: port to using pidfds
- forkmount: port to using pidfds
- forkproxy: port to using pidfds
- syscall_numbers: update
- forknet: port to pidfds
- forkuevent: port to pidfds
- forksyscall: port to pidfds
- daemon: record "pidfd" extension
- api: Add container_nic_routed_limits
- lxd/device/nic/routed: Add limits support
- lxd/storage/lvm: Correct bad VG name in patch
- shared/subprocess: Better handle slow systems
- tests: Don't assume bridge MTU can be forced up
- lxd/db: Use query.SelectString helper in GetLocalImages()
- lxd/db: Use query.SelectString helper in GetImagesFingerprints()
- shared/generate/db: Support int64 fields
- lxd/db: Initial code generation for images (without references)
- lxd/db: Use the generated GetImages code to implement GetExpiredImages
- lxd/db: Use query.SelectObjects helper in GetImageSource
- lxd/db: Use query.SelectStrings helper in ImageSourceGetCachedFingerprint
- lxd/db: Use query.Count helper in ImageExists
- lxd/db: Use query.Count helper in ImageIsReferencedByOtherProjects
- lxd/db: Use query.UpsertObject helper in CreateImageSource
- lxd/db: Use auto-generated GetImages() to implement GetImage()
- lxd/cluster: Drive-by fix for flaky rebalance test
- lxd/db: Use auto-generated GetImages to implement GetImageFromAnyProject
- lxd/db: Usage query.DeleteObject to implement DeleteImage
- lxd/db: Use query.SelectStrings to implement GetImageAliases
- lxd/db: Use a single transaction in GetImageAlias
- lxd/db: Use a single transaction in DeleteImageAlias
- lxd/db: Use single transaction in CreateImageAlias
- lxd/db: Usage single transaction in CreateImage
- lxd/db: Use query.SelectIntegers helper in GetPoolsWithImage
- lxd/db: Use a single transaction in GetPoolNamesFromIDs
- lxd/db: Use explicit transaction in GetInstanceProjectAndName
- lxd/db: Drop unused DeleteInstanceConfig
- fork*: add "--" to not misinterpret negative integers as flags
- lxd/storage/utils: Removes unused name arg from VolumeFillDefault
- lxd/instance/drivers: storagePools.VolumeFillDefault usage
- lxd/patches: driver.VolumeFillDefault usage
- lxd/storage/utils: VolumeFillDefault usage
- lxd/storage/utils: Updates VolumeValidateConfig to require volume type
- lxd/storage/utils: Adds VolumeDBTypeToType function
- lxd/storage/utils: Updates VolumeDBCreate to pass volume type
- lxd/storage/drivers/utils: Updates ensureVolumeBlockFile to reject unsafe volume shrinking
- lxd/storage/drivers/geneirc/vfs: Removes genericVFSResizeBlockFile
- lxd/storage/drivers: ensureVolumeBlockFile usage
- lxd/storage/drivers/volume: Adds SetQuota function
- lxd/storage/drivers/volume: Adds config functions
- lxd/storage/drivers/driver/lvm/utils: Removes functions moved into Volume struct
- lxd/storage/drivers/driver/lvm/utils: Usage of volume config functions
- lxd/storage/drivers/driver/lvm/volumes: Volume config function usage
- lxd/storage/drivers: Replace volumeSize() with vol.ConfigSize()
- forknet: add missing "--" to forknet invocation on detach
- process_utils: remove a bunch of unused functions
- lxd: Make use of ExitCode
- share/subprocess: Reduce sleep back to 5
- lxd/instances/lxc: Fix calls to forknet
- forkmount: prevent interpreting negative numbers as flags
- shared/subprocess: Ensure monitor routine exits
- shared/subprocess: Properly reset state
- tests: Fix btrfs test on non-shiftfs
- tests: Old kernels don't let you rmdir btrfs
- shared/subprocess: Fix Stop handling
- lxd/storage/utils: Updates ImageUnpack to detect too small volume for qcow2 image and increase size before unpack
- lxd/storage/utils: Adds checks to ImageUnpack before enlarging volume
- lxd/storage/drivers/driver/types: Updates VolumeFiller Fill function to take a Volume
- lxd/storage: Updates volume filler usage to supply Volume rather than mount path
- lxd/storage/drivers/volume: Adds ConfigSizeFromSource function
- lxd/storage/drivers/driver/lvm/utils: Updates copyThinpoolVolume to only use vol.config["size"] for resizing
- lxd/storage/drivers/driver/lvm/utils: Updates Volume type in createLogicalVolumeSnapshot definition
- lxd/storage/drivers/driver/common: Adds runFiller function
- lxd/storage/backend/lxd: Updates imageFiller to return volume size
- lxd/storage/backend/lxd: Updates CreateInstanceFromImage to load image vol DB record
- lxd/storage/backend/lxd: Updates EnsureImage to record volatile.rootfs.size for block images
- lxd/storage/drivers/driver/types: Updates VolumeFiller definition to store size
- lxd/storage/utils: Validates volatile.rootfs.size key for image volumes in validateVolumeCommonRules
- lxd/storage/utils: Updates ImageUnpack to return image virtual size
- lxd/storage/drivers/driver/btrfs/volumes: d.runFiller usage
- lxd/storage/drivers/driver/ceph/volumes: d.runFiller usage
- lxd/storage/drivers/driver/cephfs/volumes: d.runFiller usage
- lxd/storage/drivers/driver/dir/volumes: d.runFiller usage
- lxd/storage/drivers/driver/lvm/volumes: d.runFiller usage
- lxd/storage/drivers/driver/zfs/volumes: d.runFiller usage
- lxd/storage/drivers/volume: Adds SetConfigSize function
- lxd/storage/backend/lxd: Updates CreateInstanceFromImage to use vol.ConfigSizeFromSource to dervice volume size
- lxd/storage/drivers: Updates CreateVolumeFromCopy to only use vol.config["size"] for resizing
- lxd: Reduce number of transactions in containerPostClusteringMigrate
- lxd/db: Use query.SelectStrings helper in LegacyContainersList
- lxd/db: Rename dbDeviceTypeToString to deviceTypeToString
- lxd/db: Group ClusterTx image methods together
- lxd/db: Rename ImageSourceGetCachedFingerprint to GetCachedImageSourceFingerprint
- lxd/storage/drivers/utils: ensureVolumeBlockFile comment clarification
- lxd/storage/drivers/utils: Renames BlockDevSizeBytes to BlockDiskSizeBytes
- lxd/storage/utils: drivers.BlockDiskSizeBytes usage
- lxd/storage/utils: Simplifies InstanceDiskBlockSize with drivers.BlockDiskSizeBytes usage
- lxd/storage/drivers/generic/vfs: Simplifies genericVFSBackupVolume with drivers.BlockDiskSizeBytes usage
- lxd/storage/backend/lxd: Whitespace in CreateInstanceFromBackup
- lxd/storage/drivers/driver/ceph/volumes: BlockDiskSizeBytes usage in SetQuota
- lxd/storage/drivers: Updates dir and btrfs to support filler volume enlargement
- lxd/db: Group ClusterTx instance methods together
- lxd/db: Rename AddProfilesToInstance to addProfilesToInstance
- lxd/db: Move instance backup methods to backups.go
- lxd/db: Rename InstanceBackupArgs to InstanceBackup
- lxd/db: Remove unused profile functions
- lxd/db: Move storage volumes methods to storage_volumes.go
- lxd/storage/drivers/volume/test: Adds tests for Volume.ConfigSizeFromSource()
- forkuevent: fix slice allocation
- lxd/images: Set CreatedAt on publish
- unix-hotplug: fix uevent injection
- lxd: New command line option to trace SQL statements
- lxd/firewall/drivers/drivers/xtables: Updates iptablesInUse to kill process once first rule found
- lxd/backup: Fixes hang in backupCreate when invalid compression argument supplied
- lxd/storage/utils: Removes duplicated qemu-img call in ImageUnpack
- lxd/storage/utils: Switch to qemu-img dd mode in ImageUnpack
- lxd/storage/drivers/utils: Exports MinBlockBoundary
- lxd/storage/drivers: MinBlockBoundary usage
- lxd/resources: Handle missing cache size/type
- Update documentation with backup compression
- lxd/rbac: New notification API
- lxd/firewall/nft: Enhance support detection
- lxd/device/device/utils/network: Adds networkValidVLAN and networkValidVLANList functions
- lxd/network/network/utils: Adds linux bridge VLAN management functions
- lxd/network: Enable VLAN filtering for managed Linux bridges
- lxd/device/nic: Changes nicValidationRules to properly validation vlan
- lxd/device/nic/bridged: Adds vlan validation
- lxd/device/nic/bridged: Adds revert for veth pair cleanup on error
- lxd/device/nic/bridged: Adds support for untagged and tagged vlan membership
- doc: Documents NIC bridged vlan and vlan.tagged settings
- api: Adds API extension instance_nic_bridged_vlan
- lxd/firewall/drivers/drivers/xtables: Drops tagged vlan frames when using IP filtering
- lxd/firewall/drivers/drivers/nftables: Drops tagged vlan frames when using IP filtering
- test: Adds bridged VLAN tests
- Fix regression in GetImageFromAnyProject
- doc/security: Adds notes about IPv6 router advertisement security
- lxd/device/nic/bridged: Corrects vlan comment
- lxd/network/network/utils: Improve comments on ovs switch attach/detach
- lxd/network/network/utils: Improves arg name in network attach/detach functions
- lxd/device/bic/bridged: Fixes openvswitch port leak when device is stopped
- lxd/network/utils: Adds IsNativeBridge function
- lxd/device/device/utils/network: Allow VLAN ID 0 in networkValidVLAN
- test: Updates bridged vlan ID range tests
- lxd/device/nic/bridged: Adds openvswitch vlan support
- test: Adds LXD_NIC_BRIDGED_DRIVER test environment variable
- lxd/maas: Fix support for multiple subnets
- lxd/maas: Support projects
- lxd/dnsmasq: Add project suffix
- Remove incorrect statement about supported network devices with virtual machines According documentation supported types with virtual machines are physical, bridged, macvlan, p2p, sriov
- lxd/rbac: Fix auth for non-RBAC trusted clients
- global: Add riscv64 to build tags
- Stop using Driver.SetContextTimeout() which is a no-op
- use the coreos fork of boltdb since the original is archived/abandoned
- i18n: Update translations from weblate
- api: Add network_state_bond_bridge
- shared/api: Extend NetworkState for bridge/bond
- lxd/networks: Add bridge/bond details
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.1 リリースのお知らせ¶
8th of May 2020
はじめに ¶
LXD チームは、LXD 4.1 のリリースをお知らせすることにとてもワクワクしています!
このリリースは 4.0 LTS リリースに続く初めてのフィーチャーリリースです。 通常のフィーチャーリリースですので、LXD 4.1 は、通常は約 1 ヶ月後にリリースされる 4.2 リリースまでのみサポートされます。
変更の大部分は、4.0 リリース以来行ってきたバグフィックスとリファクタリングです。しかし、多数の小さい機能の追加や改良が多数あります。
Enjoy!
新機能とハイライト ¶
イメージのプッシュとリレーのサポート ¶
インスタンスのコピー・移動と同様に、ソースサーバーが直接ターゲットサーバーにイメージをプッシュしたり、クライアントツールがサーバー間を中継したりできるようになりました。
これにより、サーバー間に存在するファイアウォールに対応するのが容易になります。
lxc image copy source:some-image target: --mode=push lxc image copy source:some-image target: --mode=relay
routed NIC デバイスのルーティングテーブルサポート ¶
routed NIC デバイスに新たにオプションがふたつ追加されました:
- ipv4.host_table
- ipv6.host_table
このオプションは、どのルーティングテーブルにルーティングルールを挿入するかをコントロールします。 デフォルトでは、これはメインのルーティングテーブルですが、これを有効にすることで代替のルーティングテーブルを使いたいというユーザーがいました。
ipvlan NIC デバイスの L2 モード ¶
LXD の ipvlan デバイスはデフォルトでは Layer 3 シンメトリックモード(l3s)です。しかし、新たな mode オプションが導入され、Layer 2 モード(l2)も使えるようになりました。
リソース API の調整 ¶
新たに system セクションが追加され、多数の DMI フィールドと LXD を実行するのに使っているシステムのタイプ(物理、仮想、コンテナ)が表示されるようになりました。
加えて、NUMA ノードが CPU スレッドレベルでトラッキングされるようになり、CPU ダイの情報もコアレベルで記録されるようになりました。
次は CPU 出力の例です:
stgraber@castiana:~$ lxc query /1.0/resources | jq .cpu
{
"architecture": "x86_64",
"sockets": [
{
"cache": [
{
"level": 1,
"size": 32768,
"type": "Data"
},
{
"level": 1,
"size": 32768,
"type": "Instruction"
},
{
"level": 2,
"size": 262144,
"type": "Unified"
},
{
"level": 3,
"size": 3145728,
"type": "Unified"
}
],
"cores": [
{
"core": 0,
"die": 0,
"frequency": 639,
"threads": [
{
"id": 0,
"numa_node": 0,
"online": true,
"thread": 0
},
{
"id": 2,
"numa_node": 0,
"online": true,
"thread": 1
}
]
},
{
"core": 1,
"die": 0,
"frequency": 658,
"threads": [
{
"id": 1,
"numa_node": 0,
"online": true,
"thread": 0
},
{
"id": 3,
"numa_node": 0,
"online": true,
"thread": 1
}
]
}
],
"frequency": 648,
"frequency_minimum": 400,
"frequency_turbo": 3500,
"name": "Intel(R) Core(TM) i5-7300U CPU @ 2.60GHz",
"socket": 0,
"vendor": "GenuineIntel"
}
],
"total": 4
}
次はシステム出力の例です:
stgraber@castiana:~$ lxc query /1.0/resources | jq .system
{
"chassis": {
"serial": "PF0QD1U7",
"type": "Notebook",
"vendor": "LENOVO",
"version": "None"
},
"family": "ThinkPad X1 Carbon 5th",
"firmware": {
"date": "02/17/2020",
"vendor": "LENOVO",
"version": "N1MET60W (1.45 )"
},
"motherboard": {
"product": "20HRCTO1WW",
"serial": "L1HF6CX006Y",
"vendor": "LENOVO",
"version": "Not Defined"
},
"product": "20HRCTO1WW",
"serial": "PF0QD1U7",
"sku": "LENOVO_MT_20HR_BU_Think_FM_ThinkPad X1 Carbon 5th",
"type": "physical",
"uuid": "7fa1c0cc-2271-11b2-a85c-aab32a05d71a",
"vendor": "LENOVO",
"version": "ThinkPad X1 Carbon 5th"
}
サーバー情報への OS データの追加 ¶
OS 情報が /1.0 と lxc info で出力されるようになりました:
stgraber@castiana:~$ lxc info | grep os_ os_name: Ubuntu os_version: "20.04"
新たな lxd cluster remove-raft-node コマンド ¶
この新たに追加されたコマンドは、LXD がデータベースのクオラムの不足で起動できない場合に、強制的にデータベースメンバーを削除するのに使えます。
コマンドラインツールの表のソートの改良 ¶
リストは自然な順序でソートされるようになり、番号付きのアイテムが適切にソートされるようになりました。 加えて、ボリュームのリストでは、スナップショットが親のすぐ後に表示されるようになりました。
すべての変更点(翻訳なし)¶
以下はこのリリースでの全変更の完全なリストです:
- doc/instances: Fix escaping
- lxc/network: Updates network detach checks to use bridged network property
- lxd/network/network/utils: Updates network setting detection in IsInUse
- lxd/instance/drivers/driver/qemu: Adds host_name info to RenderState when lxd-agent is running
- Merge pull request #7115 from tomponline/tp-bridged-network
- lxd/networks: Fix clustered configs
- Merge pull request #7114 from stgraber/master
- shared/api: Move NUMANode to thread
- lxd/resources: Set NUMANode on a per-thread basis
- lxc/info: Update for NUMANode on thread
- i18n: Update translation templates
- api: resources_cpu_threads_numa
- Merge pull request #7118 from stgraber/master
- api: resources_cpu_core_die
- lxd/resources: Parse and report die_id
- lxd/storage/drivers/driver/lvm/volumes: Mount xfs snapshot with nouuid option
- Merge pull request #7120 from stgraber/master
- lxd/storage/drivers/driver/ceph/volumes: Adds mounting logging
- lxd/instance/drivers/driver/lxc: Updates Render() to accept options arguments
- lxd/instance/drivers/driver/qemu: Updates Render() to accept options arguments
- lxd/instance/instance/interface: Updates Render() to accept options arguments
- lxd/storage/drivers/utils: Zeros btrfs transaction log in regenerateFilesystemBTRFSUUID
- lxd/storage/utils: Removes unused functions and constants
- lxd/storage/utils: Adds RenderSnapshotUsage function
- lxd/instance/snapshot: Adds storagePools.RenderSnapshotUsage to Render() in containerSnapshotsGet and snapshotGet
- lxd/instance/drivers/driver/lxc: Use storagePools.RenderSnapshotUsage in RenderFull()
- lxd/instance/drivers/driver/qemu: Use storagePools.RenderSnapshotUsage in RenderFull()
- lxd/instance/instance/utils: Removes unused WriteBackupFile
- lxd/storage/drivers/utils: Changes regenerateFilesystemUUID to use expanded arg definitions
- lxd/storage/drivers/driver/ceph/utils: Changes generateUUID to not map device
- lxd/storage/drivers/driver/ceph/volumes: d.generateUUID updated signature usage
- lxd/storage/drivers/driver/ceph/volumes: Adds BTRFS UUID regeneration to MountVolumeSnapshot
- lxd/storage/drivers/driver/zfs/volumes: Comment clarification
- lxd/storage/drivers/volume: Adds support for setting custom mount path
- lxd/storage/drivers/driver/btrfs/volumes: Create temporary snapshot in BackupVolume()
- lxd/storage/drivers/driver/btrfs/volumes: Renames container vars to instance
- lxd/storage/drivers/driver/btrfs/volumes: Consistent quoting of error message variables
- Merge pull request #7117 from tomponline/tp-storage-mountsnapshots-uuid
- Merge pull request #7122 from tomponline/tp-storage-export-snapshots
- lxd/main_activateifneeded: s/container/instance/
- lxd/instance/drivers: Removes storagePools.RenderSnapshotUsage from RenderFull()
- lxd/storage/drivers/driver/zfs/volumes: Create temporary snapshot in BackupVolume()
- lxd/storage/backend/lxd: Checks for existance of volume before deleting
- lxd/instance: Switches to revert package for instanceCreateAsSnapshot
- lxd/storage/backend/lxd: Comment tweak
- lxd/storage/drivers/driver/ceph/volumes: Tweaks HasVolume detection
- Merge pull request #7129 from tomponline/tp-storage-renderfull
- Merge pull request #7131 from tomponline/tp-storage-export-snapshots-zfs
- shared/subprocess/proc: Fixes race in process stopping
- Merge pull request #7132 from tomponline/tp-storage-delete-volume-checks
- lxd/main_activateifneeded: Retrieve all instances
- lxd/main_activateifneeded: Check for scheduled instance snapshots
- lxd/main_activateifneeded: Check for scheduled volume snapshots
- test/suites/basic: Update activateifneeded tests
- lxd/main_activateifneeded: Use defer statement to close db
- Merge pull request #7128 from monstermunchkin/issues/7126
- lxd/storage/btrfs: Workaround permission issue
- Merge pull request #7134 from stgraber/master
- lxd/cluster: add RemoveRaftNode() to force removing a raft node
- api: Add "DELETE /internal/cluster/raft/" endpoint
- Increase timeout when calling dqlite.Client.Add() to join the cluster
- Merge pull request #7139 from freeekanayaka/increase-join-timeout
- lxd/storage/drivers/driver/zfs/volumes: Comment
- lxd/storage/drivers/driver/lvm/volumes: Always return -1/ErrNotSupported for snapshot usage
- lxd/storage/drivers/driver/dir/volumes: Always return -1/ErrNotSupported for snapshot usage
- lxd/storage/drivers/driver/zfs/volumes: Always used 'used' property for ZFS snapshot usage
- lxd/storage/drivers/driver/cephfs/volumes: Always return -1/ErrNotSupported for snapshot usage
- lxd/storage/drivers/driver/btrfs/volumes: Return -1/ErrNotSupported when no quota available
- lxd/instance: Fix typo in comment
- lxc/action: Fix typo in help message
- i18n: Update translation templates
- Merge pull request #7142 from stgraber/master
- lxd: Add "lxd cluster remove-raft-node" recovery command
- doc: Add paragraph about "lxd cluster remove-raft-node"
- test: Add test exercising "lxd cluster remove-raft-node"
- Merge pull request #7141 from tomponline/tp-storage-snapshot-usage
- Merge pull request #7138 from freeekanayaka/remove-raft-node
- lxd/storage/lvm: Always call vgchange on mount
- Merge pull request #7146 from stgraber/master
- lxd/patches: Fix snapshot migration
- tests: Fix btrfs storage usage
- Merge pull request #7147 from stgraber/master
- lxd/storage/drivers/volume: Only chmod if needed in EnsureMountPath
- lxd/storage/drivers/volume: Removes unnecessary variable
- lxd/storage/drivers/driver/zfs/volumes: Ensure volumes created from copy have correct perms
- lxd/storage/drivers: Call EnsureMountPath() in MountVolume()
- lxd/storage/drivers: Call EnsureMountPath() in MountVolumeSnapshot()
- lxd/storage/drivers/driver/btrfs/volumes: Adds revert to CreateVolume
- lxd/storage/drivers/driver/btrfs/volumes: Comment in CreateVolumeFromCopy
- lxd/storage/drivers/driver/lvm/utils: EnsureMountPath after copying thin volume
- lxd/storage/drivers/driver/cephfs/volumes: typo
- lxd/storage/drivers/driver/cephfs/volumes: Calls vol.EnsureMountPath after filling
- lxd/storage/drivers/driver/ceph/volumes: Calls EnsureMountPath to fix perms after copying volume
- lxd/storage/drivers/driver/lvm/volumes: Fixes temporary snapshot volume cleanup for VMs
- Merge pull request #7144 from tomponline/tp-storage-snapshot-mnt-create
- lxd/storagr/drivers/driver/ceph/volumes: Adds support for snapshot usage reporting
- lxd/storage/drivers/driver/lvm/volumes: Clarifies comments on LVM volume usage reporting
- Merge pull request #7151 from tomponline/tp-storage-ceph-snapshot-usage
- shared/osarch: Coding style
- shared/osarch: Don't fail on missing os-release
- shared/api: Add OS information
- lxd/api: Add OS information
- api: Add api_os
- lxc: Use natural string sorting
- lxc: Group snapshot and parent
- lxd/main: Move forkzfs mntns to cgo
- Merge pull request #7154 from stgraber/master
- Merge pull request #7155 from stgraber/cli
- Merge pull request #7156 from stgraber/zfs
- doc/networks: Adds note about firewalld and DHCP/DNS
- Merge pull request #7158 from tomponline/tp-bridged-firewalld
- lxd/device/nic/routed: Improves validation of sysctl settings when using vlan option
- lxd/device/nic/routed: Corrects misleading error message when setting sysctls
- Merge pull request #7159 from tomponline/tp-nic-routed-validation
- lxd/storage/drivers/generic/vfs: Log when creating snapshots
- lxd/storage/drivers/driver/zfs/volumes: Fix migrating VM block volumes in MigrateVolume
- lxd/storage/memorypipe: Adds context support for cancellation
- lxd/storage/backend/lxd: memorypipe cancellation usage
- lxd/device/nic/sriov: Updates networkGetVirtFuncInfo to use json output from ip tool
- Merge pull request #7160 from tomponline/tp-storage-vm-migration
- doc: Add missing os_api extension
- Merge pull request #7165 from stgraber/master
- Merge pull request #7163 from tomponline/tp-nic-sriov
- lxd/storage/drivers/driver/dir/utils: Removes default project quota
- Merge pull request #7166 from tomponline/tp-storage-dir-quota
- forkexec: mark fd cloexec so the attaching process doesn't inherit it
- Merge pull request #7167 from brauner/2020-04-10/fixes
- forkexec: close all inherited fds
- Merge pull request #7168 from brauner/2020-04-10/fixes
- forkexec: log unexpected fds
- Merge pull request #7169 from brauner/2020-04-10/fixes
- lxd/daemon: Ignore .zfs in volumes
- Merge pull request #7170 from stgraber/master
- lxd/network: Push MTU over DHCP
- Merge pull request #7171 from stgraber/master
- shared/api: Drop invalid Managed key in NetworksPost
- lxd: Drop invalid use of Managed property
- Merge pull request #7173 from stgraber/network
- lxd/devices/disk: Prevent recursive & readonly
- Merge pull request #7177 from stgraber/master
- lxc/instance/drivers: Set new name before renaming backups
- test: Extend backup rename
- lxd/instance/drivers: Add revert steps when renaming instance
- Merge pull request #7182 from monstermunchkin/issues/7176
- lxd/instance/drivers/driver/qemu: Allow up to 8 NIC devices
- lxd/instance/drivers/driver/qemu/templates: Note that lxd_ disk device name prefix should not be changed
- Merge pull request #7185 from tomponline/tp-vm-pci
- Merge pull request #7183 from tomponline/tp-vm-device-comment
- doc/instances: Clarify config conditions
- doc/index: Clarify bind-mount in FAQ
- Merge pull request #7186 from stgraber/master
- lxd/instances: Better use userRequested on Update
- Merge pull request #7190 from stgraber/master
- lxd/device/nic: Adds host_table setting validation rule
- lxd/device/nic/routed: Fix sysctl command suggestion when using vlans
- lxd/device/nic/routed: Add host_table support
- api: Adds container_nic_routed_host_table extension
- doc: Adds documentation for routed NIC host_table setting
- suites/container/devices/nic/routed: Adds tests for custom routing tables
- Merge pull request #7192 from tomponline/tp-nic-routed-hosttable
- lxd/device/nic/ipvlan: Improve validation of sysctl settings when vlan setting used
- lxd/device/nic/ipvlan: Adds host_table setting support
- api: Adds container_nic_ipvlan_host_table extension
- doc: Adds documentation for ipvlan NIC host_table setting
- test/suites/container/devices/nic/ipvlan: Adds tests for custom routing tables
- test/clustering: increase timing to detect offline node
- Merge pull request #7193 from tomponline/tp-nic-ipvlan-hosttable
- api: Adds container_nic_ipvlan_mode extension
- lxd/device/nic/ipvlan: Adds support for l2 mode
- doc/instances: Documents ipvlan l2 mode
- test/suites/container/devices/nic/ipvlan: Adds l2 mode tests
- Merge pull request #7197 from freeekanayaka/tweak-clustering-membership-test-timings
- Merge pull request #7196 from tomponline/tp-nic-ipvlan-l2
- shared/version/api: Add resources_system API extension
- doc/api-extensions: Add resources_system
- shared/api/resource: Add system resources
- lxd/resources: Add new system resources
- lxd/resources: Retrieve system information
- shared/util: Never look into the snap
- Merge pull request #7194 from monstermunchkin/issues/7189
- Merge pull request #7198 from stgraber/master
- lxd/resources: serial/uuid may not be accessible
- Merge pull request #7201 from stgraber/master
- doc/instances: Fixes default ceph.cluster_name value
- lxd/device/disk: Adds support to use ceph: prefix for disk source for VMs
- Merge pull request #7206 from tomponline/tp-vm-disk-ceph
- firewalld & lxd : how to let Firewalld control the LXD's iptables rules this is related to https://github.com/lxc/lxd/pull/7195 but this a bit more generic
- Update networks.md
- Merge pull request #7204 from kerphi/patch-2
- doc/networks: Fix typo
- i18n: Update translations from weblate
- Update networks.md
- Merge pull request #7210 from ckd/patch-1
- lxd/storage/ceph: Suppport alternate conf syntax
- Merge pull request #7211 from stgraber/master
- lxd/init: Try to bind LXD network address when running interactively
- lxd/instance/drivers/driver/qemu/templates: Use static PCIe address prefix for 9p devices
- lxd/instance/drivers/drivers/qemu: Adds support for 9p disk device PCIe indexes
- Merge pull request #7213 from freeekanayaka/validate-listen-address
- Merge pull request #7214 from tomponline/tp-vm-pcie
- lxd/device/nic/bridged: Dont load br_netfilter
- Merge pull request #7217 from tomponline/tp-nic-bridged-brnetfilter
- doc/instances: Fix swapped description
- Merge pull request #7219 from stgraber/master
- index.md: add PATH env variable to sudo command example
- Merge pull request #7220 from rafaeldtinoco/master
- shared/simplestreams: Fix VM image preference
- Merge pull request #7225 from stgraber/master
- lxd/devoce/device/utils/disk: Comment on diskCephfsOptions
- lxd/device/disk: Adds cephfs support for VMs
- lxd/device/proxy: Check for br_netfilter enabled and log warning if not
- lxd/firewall/drivers/driver/xtables: Adds MASQUERADE hairpin proxy NAT rule
- lxd/firewall/drivers/drivers/xtables: comments
- Merge pull request #7226 from tomponline/tp-vm-disk-cephfs
- lxd/device/proxy: Sets bridge port hairpin mode on when br_netfilter loaded
- lxd/firewall/drivers/drivers/xtables: Renames toDest to connectDest
- lxd/firewall/drivers/drivers/nftables: Renames toDest to connectDest
- lxd/init: Improve error messages when failing to bind an address
- lxd/firewall/drivers/drivers/nftables: Adds MASQUERADE hairpin proxy NAT rule
- Merge pull request #7227 from freeekanayaka/improve-cant-listen-error-message
- test/suites/container/devices/proxy: Updates tests for checking hairpin rule
- Merge pull request #7228 from tomponline/tp-nic-bridged-nat-hairpin
- lxd/instance/drivers/driver/qemu: Wait for onStop when restarting
- lxd/instance/drivers/driver/qemu: Makes onStop unexported
- lxd/instance/drivers/driver/qemu: Comment
- Merge pull request #7229 from tomponline/tp-vm-restart
- lxd/instance/lxc: Don't crash in setNetworkPriority
- Merge pull request #7230 from stgraber/master
- lxd/instances: Export type to templates
- lxd-agent: Reboot after cloud-init seed
- lxd/util: Tweak NetworkInterfaceAddress to only return global
- Merge pull request #7231 from stgraber/master
- Merge pull request #7232 from stgraber/net
- lxd/net/util: Updates comment on NetworkInterfaceAddress behaviour change
- Merge pull request #7234 from tomponline/tp-util-networkinterfaceaddress
- shared/usbid: Use system database
- Merge pull request #7235 from stgraber/master
- lxd-agent: Support systemd-notify
- lxd/qemu: Switch default unit type to notify
- Merge pull request #7236 from stgraber/master
- lxd/storage/backend/lxd: Updates CreateInstanceFromImage to use reverter
- lxd/storage/drivers/errors: Adds ErrCannotBeShrunk error
- lxd/storage/drivers/utils: Updates to shrinkFileSystem ErrCannotBeShrunk error
- lxd/storage/backend/lxd: Updates CreateInstanceFromImage to detect ErrCannotBeShrunk
- lxd/storage/drivers: Returns ErrCannotBeShrunk when block volume cannot be shrunk
- lxd/device/proxy: Dont allow proxy_protocol to be set when in nat mode
- lxd/device/proxy: Dont wrap lines
- lxd/device/proxy: Improves validation
- test/suites/container/devices/proxy: Updates tests with new validation rules
- Merge pull request #7238 from tomponline/tp-storage-cached-size
- lxd: Updates snapshotProtobufToInstanceArgs to support instance type
- Merge pull request #7240 from tomponline/tp-proxy-validation
- Merge pull request #7241 from tomponline/tp-migration-inst-type
- lxd/qemu: Match basic NUMA layout
- Merge pull request #7243 from stgraber/master
- lxd/storage/drivers/driver/zfs/volumes: Delete volume on error in CreateVolumeFromCopy
- lxd-agent/main/agent: Adds comment about reason for systemd-notify usage
- Merge pull request #7245 from tomponline/tp-vm-agentstart
- lxd/cgroup: Fix memory controller detection
- Merge pull request #7244 from tomponline/tp-storage-zfz-revert
- lxd/migration/migrate/proto: Fix alignment
- lxd/migration: Adds volumeSize field to MigrationHeader
- lxd/migrate: Adds VolumeSize to MigrationSinkArgs
- lxd/migration/migration/volumes: Adds VolumeSize to VolumeTargetArgs
- lxd/migrate/instance: Use VolumeSize from offer header in Do()
- lxd/storage/backend/lxd: Use VolumeSize from migration header in CreateInstanceFromMigration
- lxd/storage/drivers: Exports BlockDevSizeBytes function
- lxd/storage/utils: Adds InstanceDiskBlockSize
- lxd/migrate/instance: Populate offerHeader.VolumeSize for VMs
- lxd/storage/backend/lxd: Adds VM volume size hint to CreateInstanceFromCopy
- Merge pull request #7248 from stgraber/master
- Merge pull request #7246 from tomponline/tp-migration-volsize
- lxd/device/utils: Do not add the Ceph mon port if already present in /etc/ceph config file
- Merge pull request #7249 from leopaul36/master
- lxd/instance/qemu: Add comment on cpuTopology
- lxd/storage/ceph: Support port in URL
- Merge pull request #7251 from stgraber/master
- lxd/storage/drivers/utils: Makes minBlockBoundary available to other functions
- lxd/storage/drivers/driver/zfs/utils: Updates createVolume to use minBlockBoundary
- lxd/storage/drivers/driver/zfs/volumes: Updates SetVolumeQuota to use minBlockBoundary
- lxd/storage/drivers/zfs/volumes: Updates CreateVolume to allow regeneration of deleted image volumes
- lxd/storage/drivers/driver/zfs/volumes: Dont revert on rename success
- Merge pull request #7250 from tomponline/tp-storage-image-regeneration
- shared/version/api: Add API extension images_push_relay
- doc: Add images_push_relay
- client/interfaces: Add Mode to ImageCopyArgs
- lxc/image: Add mode flag to image copy
- client: Add relay mode for image copy
- lxd/images: Return token response in push mode
- lxd/images: Allow authentication using secret
- shared/api/image: Add ImageExportPost
- client: Add ExportImage to ImageServer
- lxd/images: Add POST /1.0/images/fingerprint/export
- client: Add push mode for image copy
- client: Add GetOperationWaitSecret
- lxd/images: Use metadata from the client
- lxd/images: Return operation on token validation
- lxd/images: Add secret metadata on image create
- client/lxd_images: Set fingerprint and secret headers
- lxd/operations: Allow untrusted clients for /1.0/operations/{id}/wait
- doc/rest-api: Add POST /1.0/images/
/export - test/suites/remote: Add image copy push and relay mode
- po: Update translations
- lxd/daemon: Remove duplicated logic
- Merge pull request #7130 from monstermunchkin/issues/6805
- lxd/instance/qemu: Announce LXD in SMBIOS
- Merge pull request #7255 from stgraber/master
- share/usbid: Don't print error when missing
- Merge pull request #7257 from stgraber/master
- lxd/init: Auto-detect and use Ubuntu ZFS setup
- Merge pull request #7261 from stgraber/master
- lxc/config: Add --expanded to get
- i18n: Update translation templates
- Merge pull request #7267 from stgraber/master
- Resolve both core.https_address and cluster.https_address when comparing IPs
- Merge pull request #7269 from freeekanayaka/allow-using-hostnames-as-cluster-addresses
- lxd/storage/drivers/generic/vfs: Skip missing files during export
- Merge pull request #7271 from tomponline/tp-backup-walk-missing
- lxd/images: Fixes hang in export when invalid --compression argument passed
- Merge pull request #7272 from tomponline/tp-export-hang
- lxd/storage/drivers/driver/btrfs/volumes: CreateVolumeFromCopy only use expanded volume size when source is image
- Merge pull request #7276 from tomponline/tp-storage-createfromcopy-size-btrfs
- lxd/storage/drivers/driver/ceph/volumes: Allow cached volume regeneration in CreateVolume
- lxd/storage/drivers/driver/ceph/utils: Uses defaultBlockSize rather than hardcoded 10GB
- lxd/storage/drivers/driver/ceph/volumes: Adds getVolumeSize function
- lxd/storage/drivers/driver/ceph/volumes: Removes unnecessary mount/unmount
- lxd/storage/drivers/driver/zfs/volumes: Clarify clone comments
- lxd/storage/drivers/driver/ceph/volumes: Dont wrap lines
- lxd/storage/drivers/driver/ceph/volumes: Dont use clone mode when creating volume from cached image when it is disabled
- lxd/storage/utils: VolumeDBCreate comment formatting
- lxd/storage/drivers/driver/lvm/volumes: CreateVolumeFromCopy only set volume size from expanded config when source is image
- lxd/storage/drivers/driver/zfs/volumes: CreateVolumeFromCopy only set volume size from expanded config when source is image
- lxc/storage/drivers/driver/ceph/utils: Reworks parseParent to return a Volume struct
- lxd/storage/drivers/driver/ceph/utils: Adds tests for parseParent
- lxd/storage/drivers/driver/ceph/utils: Adds cephVolumeTypeZombieImage constant
- lxd/storage/drivers/driver/ceph/utils: Updates rbdCreateVolume to accept string size
- lxd/storage/drivers/driver/ceph/utils: Pass volume config in rbdMarkVolumeDeleted
- lxd/storage/drivers/driver/ceph/utils: Pass volume config in rbdRenameVolume
- lxd/storage/drivers/driver/ceph/utils: Replaces getRBDSize with volumeSize
- lxd/storage/drivers/driver/ceph/utils: Dont wrap lines
- lxd/storage/drivers/driver/ceph/utils: Updates usage of d.parseParent in deleteVolume
- lxd/storage/drivers/driver/ceph/utils: Updates RBD naming logic in getRBDVolumeName
- lxd/storage/drivers/driver/ceph/volumes: Ensures CreateVolumeFromCopy correctly sizes new volume
- lxd/storage/drivers/driver/ceph/volumes: If volume doesnt exist in DeleteVolume do nothing
- lxd/storage/drivers/driver/ceph/utils: Dont wrap lines
- lxd/db: Rename CertificatesGet to GetCertificates
- lxd/db: Rename CertificateGet to GetCertificate
- lxd/db: Rename CertSave to CreateCertificate
- lxd/db: Rename CertDelete to DeleteCertificate
- lxd/db: Rename CertUpdate to UpdateCertificate
- lxd/db: Drop unused ConfigValueSet
- lxd/instances/post: Fix revert in createFromBackup
- lxd/storage/drivers/volume: Adds allowUnsafeResize bool to Volume struct
- lxd/storage/backend/lxd: Adds cannot shrink error handling in CreateInstanceFromBackup
- lxd/storage/drivers/generic/vfs: Sets block volume size to file size of volume in tarball in genericVFSBackupUnpack
- lxd/storage/drivers/driver/btrfs/volumes: No need to move GPT header if no filler used in CreateVolume
- lxd/storage/drivers/driver/btrfs/volumes: Skip GPT header move in SetVolumeQuota when allowUnsafeResize is enabled
- lxd/storage/drivers/driver/dir/volumes: Skip GPT header move in SetVolumeQuota when allowUnsafeResize is enabled
- lxd/storage/drivers/driver/lvm/volumes: Allow unsafe shrinking when allowUnsafeResize is enabled
- lxd/storage/drivers/driver/zfs/volumes: Allow unsafe shrinking when allowUnsafeResize is enabled
- Merge pull request #7280 from tomponline/tp-storage-createfromcopy
- lxd/storage/drivers/driver/ceph/volumes: Allow unsafe shrinking when allowUnsafeResize is enabled
- Merge pull request #7282 from tomponline/tp-storage-backuprestore-size
- Merge pull request #7270 from tomponline/tp-storage-image-regeneration-ceph
- lxd/db: Rename InstanceNames to GetInstanceNames
- lxd/db: Rename ContainerNodeAddress to GetNodeAddressOfInstance
- lxd/db: Rename ContainersListByNodeAddress to GetInstanceNamesByNodeAddress
- lxd/db: Rename ContainersByNodeName to GetInstanceToNodeMap
- lxd/db: Rename ContainerNodeMove to UpdateInstanceNode
- lxd/db: Rename ContainerNodeProjectList to GetLocalInstancesInProject
- lxd/db: Rename ContainerConfigInsert to CreateInstanceConfig
- lxd/db: Rename ContainerConfigUpdate to UpdateInstanceConfig
- lxd/db: Rename InstanceRemove to RemoveInstance
- lxd/db: Rename ContainerProjectAndName to GetInstanceProjectAndName
- lxd/db: Rename ContainerConfigClear to DeleteInstanceConfig
- lxd/db: Rename ContainerConfigGet to GetInstanceConfig
- lxd/db: Rename ContainerConfigRemove to DeleteInstanceConfigKey
- lxd/db: Rename ContainerSetStateful to UpdateInstanceStatefulFlag
- lxd/db: Rename ContainerProfilesInsert to AddProfilesToInstance
- lxd/db: Drop unused ContainerProfiles
- lxd/db: Drop unused ContainerConfig
- lxd/db: Remove unused ContainersNodeList
- lxd/db: Rename ContainersResetState to ResetInstancesPowerState
- lxd/db: Rename ContainerSetState to UpdateInstancePowerState
- lxd/db: Rename ContainerUpdate to UpdateInstance
- lxd/db: Rename InstanceSnapshotCreationUpdate to UpdateInstanceSnapshotCreationDate
- lxd/db: Rename ContainerLastUsedUpdate to UpdateInstanceLastUsedDate
- lxd/db: Rename ContainerGetSnapshots to GetInstanceSnapshotsNames
- lxd/db: Rename ContainerNextSnapshot to GetNextInstanceSnapshotIndex
- lxd/db: Rename InstancePool to GetInstancePool
- lxd/db: Rename ContainerBackupID to getInstanceBackupID
- Rename ContainerGetBackup to GetInstanceBackup
- lxd/db: Rename InstanceCreateBackup to CreateInstanceBackup
- lxd/db: Rename InstanceBackupRemove to DeleteInstanceBackup
- lxd/db: ContainerBackupRename to RenameInstanceBackup
- lxd/db: Rename ContainerBackupsGetExpired to GetExpiredInstanceBackups
- lxd/storage/drivers/utils: Updates roundVolumeBlockFileSizeBytes and ensureVolumeBlockFile to take size as bytes
- lxd/storage/drivers/generic/vfs: Updates genericVFSResizeBlockFile to accept size as bytes
- lxd/storage/drivers/driver/btrfs/utils: Adds volumeSize function
- lxd/storage/drivers/driver/btrfs/volumes: Updates CreateVolume to use volumeSize()
- lxd/storage/drivers/driver/btrfs/volumes: Updates SetVolumeQuota to be byte oriented internally
- lxd/storage/drivers/driver/ceph/utils: Updates volumeSize comment for consistency
- lxd/storage/drivers/driver/ceph/volumes: Updates CreateVolumeFromCopy to use volumeSize()
- lxd/storage/drivers/driver/ceph/volumes: Updates SetVolumeQuota to be byte oriented internally
- lxd/storage/drivers/driver/dir/utils: Adds volumeSize function
- lxd/storage/drivers/driver/dir/volumes: Updates CreateVolume to use volumeSize
- lxd/storage/drivers/driver/dir/volumes: Updates SetVolumeQuota to be byte oriented internally
- lxd/storage/drivers/driver/lvm/utils: Updates copyThinpoolVolume to use volumeSize()
- lxd/storage/drivers/driver/lvm/volumes: Updates SetVolumeQuota variables and comments
- lxd/storage/drivers/driver/zfs/utils: Adds volumeSize function
- lxd/storage/drivers/driver/zfs/volumes: Updates CreateVolume to use volumeSize()
- lxd/storage/drivers/driver/zfs/volumes: Updates CreateVolumeFromCopy to use volumeSize()
- lxd/storage/drivers/driver/zfs/volumes: Updates SetVolumeQuota to be byte oriented internally
- Merge pull request #7281 from freeekanayaka/cleanup-db-function-names
- lxd/db: Rename DevicesAdd to AddDevicesToEntity
- lxd/storage/backend/lxd: Detect cached image filesystem changes for VM images too
- lxd/db: Remove unused Devices
- lxd/db: Rename ImagesGetLocal to GetLocalImages
- lxd/db: Rename ImagesGet to GetImages
- lxd/db: Rename ImagesGetExpired to GetExpiredImages
- lxd/db: Rename ImageSourceInsert to CreateImageSource
- lxd/db: Rename ImageSourceGet to GetImageSource
- lxd/db: Rename ImageGet to GetImage
- lxd/db: Rename ImageGetFromAnyProject to GetImageFromAnyProject
- lxd/db: Rename ImageLocate to LocateImage
- lxd/db: Rename ImageAssociateNode to AddImageToLocalNode
- lxd/db: Rename ImageDelete to DeleteImage
- lxd/db: Rename ImageAliasesGet GetImageAliases
- lxd/db: Rename ImageAliasGet to GetImageAlaias
- lxd/db: Rename ImageAliasRename to RenameImageAlias
- lxd/db: Rename ImageAliasDelete to DeleteImageAlias
- lxd/db: Rename ImageAliasesMove to MoveImageAlias
- lxd/db: Rename ImageAliasAdd to CreateImageAlias
- lxd/db: Rename ImageAliasUpdate to UpdateImageAlias
- lxd/db: Rename ImageCopyDefaultProfiles to CopyDefaultImageProfiles
- lxd/db: Rename ImageLastAccessUpdate to UpdateImageLastUseDate
- lxd/db: Rename ImageLastAccessInit to InitImageLastUseDate
- lxd/db: Rename ImageUpdate to UpdateImage
- lxd/db: Rename ImageInsert to CreateImage
- lxd/db: Rename ImageGetPools to GetPoolsWithImage
- lxd/db: Rename ImageGetPoolNamesFromIDs to GetPoolNamesFromIDs
- lxd/db: Rename ImageUploadedAt to UpdateImageUploadDate
- lxd/db: Rename ImagesGetOnCurrentNode to GetImagesOnLocalNode
- lxd/db: Rename ImagesGetByNodeID to GetImagesOnNode
- lxd/db: Replace ImageGetNodesWithImage with GetNodesWithImage
- lxd/db: Rename ImageGetNodesWithoutImage to GetNodesWithoutImage
- lxc/image: Actually refresh multiple images
- Merge pull request #7286 from freeekanayaka/cleanup-db-function-names-part-2
- Merge pull request #7288 from stgraber/master
- Merge pull request #7285 from tomponline/tp-storage-filesystem-regen
- Merge pull request #7283 from tomponline/tp-storage-volsize-consistency
- lxd/resources: Use permanent MAC when available
- Merge pull request #7290 from stgraber/master
- lxd/qemu: Restrict NUMA layout to x86_64
- Merge pull request #7293 from stgraber/master
- Consider all nodes when looking for the leader, not only voters
- Only attempt to transfer leadership if we are not standalone
- Merge pull request #7297 from freeekanayaka/try-all-nodes-when-looking-for-leader
- lxd/db: Rename NetworksNodeConfig to GetNetworksLocalConfig
- lxd/db: Rename NetworkIDsNotPending to GetNonPendingNetworkIDs
- lxd/db: Rename NetworkID to GetNetworkID
- lxd/db: Rename NetworkConfigAdd to CreateNetworkConfig
- lxd/db: Rename Networks to GetNetworks
- lxd/db: Rename NetworksNotPending to GetNonPendingNetworks
- lxd/db: Rename NetworksNotPending to GetNonNetworks
- lxd/db: Rename NetworkGetInterface to GetNetworkWithInterface
- lxd/db: Rename NetworkConfig to getNetworkConfig
- lxd/db: Rename NetworkCreate to CreateNetwork
- lxd/db: Rename NetworkUpdate to UpdateNetwork
- lxd/db: Rename NetworkConfigClear to clearNetworkConfig
- lxd/db: Rename NetworkDelete to DeleteNetwork
- lxd/db: Rename NetworkRename to RenameNetwork
- lxd/db: Rename NetworkNodeConfigKeys to NodeSpecificNetworkNodeConfig
- Merge pull request #7299 from freeekanayaka/cleanup-db-function-names-part-3
- lxd/daemon: Detect nodev and improve errors
- Merge pull request #7300 from stgraber/master
- lxd/db: Rename NodeByAddress to GetNodeByAddress
- lxd/db: Rename NodePendingByAddress to GetPendingNodeByAddress
- lxd/db: Rename NodeByName to GetNodeByName
- lxd/db: Rename NodeName to GetLocalNodeName
- lxd/db: Rename NodeAddress to GetLocalNodeAddress
- lxd/db: Rename Nodes to GetNodes
- lxd/db: Rename NodesCount to GetNodesCount
- lxd/db: Rename NodeRename to RenameNode
- lxd/db: Rename NodeAdd to CreateNode
- lxd/db: Rename NodeAddWithArch to CreateNodeWithArch
- lxd/db: Rename NodePending to SetNodePendingFlag
- lxd/db: Rename NodeUpdate to UpdateNode
- lxd/db: Rename NodeAddRole to CreateNodeRole
- lxd/db: Rename NodeRemoveRole to RemoveNodeRole
- lxd/db: Rename NodeUpdateRoles to UpdateNodeRoles
- lxd/db: Rename NodeRemove to RemoveNode
- lxd/db: Rename NodeHeartbeat to SetNodeHeartbeat
- lxd/db: Rename NodeOfflineThreshold to GetNodeOfflineThreshold
- lxd/db: Rename NodeClear to ClearNode
- lxd/db: Rename NodeWithLeastContainers to GetNodeWithLeastInstances
- lxd/db: Rename NodeUpdateVersion to SetNodeVersion
- lxd/db: Rename Operations to GetLocalOperations
- lxd/db: Rename OperationsUUIDs to GetLocalOperationsUUIDs
- lxd/db: Rename OperationNodes to GetNodesWithRunningOperations
- lxd/db: Rename OperationByUUID to GetOperationByUUID
- lxd/db: Rename OperationAdd to CreateOperation
- lxd/db: Rename OperationRemove to RemoveOperation
- lxd/db: Rename OperationFlush to removeNodeOperations
- lxd/db: Rename Patches to GetAppliedPatches
- lxd/db: Rename PatchesMarkApplied to MarkPatchAsApplied
- lxd/db: Rename Profiles to GetProfileNames
- lxd/db: Rename ProfileGet to GetProfile
- lxd/db: Rename ProfilesGet to GetProfiles
- lxd/db: Drop ProfileConfig
- lxd/db: Rename ProfileDescriptionUpdate to UpdateProfileDescription
- lxd/db: Rename ProfileConfigClear to ClearProfileConfig
- lxd/db: Rename ProfileConfigAdd to CreateProfileConfig
- lxd/db: Rename ProfileContainersGet to GetInstancesWithProfile
- lxd/db: Rename ProfileCleanupLeftover to RemoveUnreferencedProfiles
- lxd/db: Rename ProfilesExpandConfig to ExpandInstanceConfig
- lxd/db: Rename ProfilesExpandDevices to ExpandInstanceDevices
- Merge pull request #7302 from freeekanayaka/rename-db-function-names-part4
- lxd/storage/drivers/generic/vfs: Dont require access to block device when excluding root image file from rsync in genericVFSMigrateVolume
- lxd/storage/drivers/driver/zfs/volumes: Updates MigrateVolume to avoid need to premount snapshot volume
- Merge pull request #7304 from tomponline/tp-storage-zfs-migration
- ethtool: add ethtoolGset() helper
- test/suites/storage/volume/attach: Adds test for custom volume root perm persistence
- lxd/storage/drivers: Fixes custom volume root mount perm issue for BTRFS and DIR
- lxc/storage/drivers/volume: Removes keepDevice from Volume
- lxd/storage/drivers/driver/ceph/volumes: Removes keepDevice usage
- lxc/storage/drivers/driver/ceph/volumes: Mount changes
- lxd/storage/drivers/driver/ceph/volumes: UnmountVolume modifications
- lxd/storage/drivers/driver/ceph/volumes: Esnure permission on volume root set in CreateVolume
- lxd/resources: Skip NVME multipath entries
- lxd/db: Rename ProjectNames to GetProjectNames
- lxd/db: Rename ProjectMap to GetProjectIDsToNames
- lxd/db: Rename ProjectUpdate to UpdateProject
- Merge pull request #7310 from tomponline/tp-storage-customvol-chmod
- lxd/db: Rename ProjectLaunchWithoutImages to InitProjectWithoutImages
- lxd/db: Rename RaftNodes to GetRaftNodes
- lxd/db: Rename RaftNodeAddresses to GetRaftNodeAddresses
- lxd/db: Rename RaftNodeAddress to GetRaftNodeAddress
- lxd/db: Rename RaftNodeFirst to CreateFirstRaftNode
- lxd/db: Rename RaftNodeAdd to CreateRaftNode
- lxd/db: Rename RaftNodeDelete to RemoveRaftNode
- lxd/db: Rename RaftNodesReplace to ReplaceRaftNodes
- lxd/db: Rename InstanceSnapshotConfigUpdate to UpdateInstanceSnapshotConfig
- lxd/db: Rename InstanceSnapshotID to GetInstanceSnapshotID
- lxd/db: Rename StoragePoolsNodeConfig to GetStoragePoolsLocalConfig
- lxd/db: Rename StoragePoolID to GetStoragePoolID
- lxd/db: Rename StoragePoolDriver to GetStoragePoolDriver
- lxd/db: Rename StoragePoolIDsNotPending to GetNonPendingStoragePoolsNamesToIDs
- lxd/db: Rename StoragePoolNodeJoin to UpdateStoragePoolAfterNodeJoin
- lxd/db: Rename StoragePoolConfigAdd to CreateStoragePoolConfig
- lxd/db: Rename StoragePoolNodeConfigs to GetStoragePoolNodeConfigs
- lxd/db: Rename StoragePools to GetStoragePoolNames
- lxd/db: Rename StoragePoolsNotPending to GetNonPendingStoragePoolNames
- lxd/db: Rename StoragePoolsGetDrivers to GetStoragePoolDrivers
- lxd/db: Rename StoragePoolGetID to GetStoragePoolID
- lxd/db: Rename StoragePoolGet to GetStoragePool
- lxd/db: Rename StoragePoolConfigGet to getStoragePoolConfig
- lxd/db: Rename StoragePoolCreate to CreateStoragePool
- lxd/db: Rename StoragePoolUpdate to UpdateStoragePool
- Merge pull request #7314 from stgraber/master
- lxd/db: Rename StoragePoolConfigClear to clearStoragePoolConfig
- lxd/db: Rename StoragePoolDelete to RemoveStoragePool
- lxd/db: Rename StoragePoolVolumesGetNames to GetStoragePoolVolumesNames
- lxd/db: Rename StoragePoolVolumesGetAllByType to GetStoragePoolVolumesWithType
- lxd/db: Rename StoragePoolVolumesGet to GetStoragePoolVolumes
- lxd/db: Rename StoragePoolNodeVolumesGet to GetLocalStoragePoolVolumes
- lxd/db: Rename StoragePoolVolumeSnapshotsGetType to GetLocalStoragePoolVolumeSnapshotsWithType
- lxd/db: Rename StoragePoolNodeVolumesGetType to GetLocalStoragePoolVolumesWithType
- lxd/db: Rename StoragePoolNodeVolumeGetTypeByProject to GetLocalStoragePoolVolume
- lxd/db: Rename StoragePoolVolumeUpdateByProject to UpdateStoragePoolVolume
- lxd/db: Rename StoragePoolVolumeDelete to RemoveStoragePoolVolume
- lxd/db: Rename StoragePoolVolumeRename to RenameStoragePoolVolume
- lxd/db: Rename StoragePoolVolumeCreate to CreateStoragePoolVolume
- lxd/db: Rename StoragePoolNodeVolumeGetTypeIDByProject to GetStoragePoolNodeVolumeID
- lxd/db: Rename StoragePoolInsertZfsDriver to FillMissingStoragePoolDriver
- Merge pull request #7312 from tomponline/tp-storage-ceph-shrink
- Merge pull request #7315 from freeekanayaka/rename-db-function-names-part-5
- lxd/storage/zfs: Use TryUnmount
- Merge pull request #7317 from stgraber/master
- Support two-phase creation of a storage pool on single-node cluster
- Merge pull request #7325 from freeekanayaka/storage-creation-on-single-node
- lxd/storage/drivers/driver/btrfs/utils: Adds setSubvolumeReadonlyProperty function
- lxd/storag/drivers/driver/btrfs/volumes: Removes readonly argument from snapshotSubvolume
- lxd/storage/drivers/driver/btrfs: d.setSubvolumeReadonlyProperty and d.snapshotSubvolume usage
- lxd/db: Rename StoragePoolVolumeGetType to GetStoragePoolVolume
- lxd/db: Rename StoragePoolVolumeSnapshotCreate to CreateStorageVolumeSnapshot
- lxd/db: Rename StoragePoolVolumeSnapshotUpdateByProject to UpdateStoragePoolVolumeSnapshot
- lxd/db: Rename StorageVolumeSnapshotExpiryGet to GetStorageVolumeSnapshotExpiry
- lxd/db: Rename StorageVolumeSnapshotsGetExpired to GetExpiredStorageVolumeSnapshots
- resources/ethtool: implement ETHTOOL_GLINKSETTINGS
- lxd/storage/drivers/driver/btrfs/utils: Adds getSubvolumesMetaData function
- lxd/storage/drivers/driver/btrfs/volumes: Maintain subvolume readonly state in snapshot
- lxd/storage/driversr/driver/btrfs/utils: Allow ro subvolumes to be deleted in deleteSubvolume
- lxd/storag/drivers/driver/btrfs/volumes: Updates MigrateVolume to send subvolumes
- lxd/storage/drivers/driver/btrfs/volumes: Fail backup when cleanup fails in BackupVolume
- lxd/storage/drivers/driver/btrfs/volumes: Better naming of variables in unpackVolume
- lxd/migration/migrate/proto: Adds BTRFS Features to offer header
- lxd/migration/utils: Adds GetBtrfsFeaturesSlice function
- lxd/migration/migration/volumes: Adds BTRFS feature support to TypesToHeader
- lxd/migration/migration/volumes: Adds BTRFS feature support to MatchTypes
- lxd/storage/drivers/driver/btrfs: Adds BTRFS features to MigrationTypes
- lxd/storage/memorypipe: Dont make ioutil.ReadAll panic on cancel
- lxd/storage/drivers/driver/btrfs/utils: Kill btrfs send on error in sendSubvolume
- lxd/storage/drivers/driver/btrfs/utils: Support subvolumes in receiveSubvolume
- lxd/storage/drivers/driver/btrfs/utils: Adds metadataHeader function
- lxd/storage/drivers/driver/btrfs/volumes: Updates CreateVolumeFromMigration to receive subvolumes
- Merge pull request #7327 from brauner/2020-05-06/ethtool
- Merge pull request #7326 from tomponline/tp-storage-btrfs-snapshot
- lxd/db: Rename StorageVolumeNodeAddresses to GetStorageVolumeNodeAddresses
- lxd/db: Rename StorageVolumeDescriptionGet to GetStorageVolumeDescription
- lxd/db: Rename StorageVolumeNextSnapshot to GetNextStorageVolumeSnapshotIndex
- lxd/db: Rename StorageVolumeCleanupImages to RemoveStorageVolumeImages
- lxd/db: Rename StorageVolumeMoveToLVMThinPoolNameKey to UpgradeStorageVolumConfigToLVMThinPoolNameKey
- lxd/db: Update naming pattern for generated database code
- Merge pull request #7316 from tomponline/tp-storage-btrfs-subvols
- Merge pull request #7328 from freeekanayaka/rename-db-function-names-part-6
- client/lxd_images: Fix backward compatibility
- Merge pull request #7329 from stgraber/master
- lxd/storage/btrfs: Fix migration from snapshot
- Merge pull request #7330 from stgraber/master
- i18n: Update translations from weblate
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.0.1 LTS リリースのお知らせ¶
21st of April 2020
はじめに ¶
LXD チームは、LXD 4.0.1 のリリースをお知らせできてとてもうれしいです!
このリリースは、2025 年 6 月までサポートされる LXD 4.0 に対する最初のバグフィックスリリースです。
バグ修正と改良点 ¶
このリリースでは、4.0.0 のリリース後に報告された多数の問題を修正しています。
主なものは次の通りです:
- resources API の調整と改良
- NUMA ノードのコアごとの表示
die_idカーネル属性を使った CPU のサポートsystemセクションで DMI インフォメーションが提供されるようになりました
/1.0内の環境データーにosとos_versionを追加- ディザスターリカバリー機能
lxd cluster remove-raft-nodeの追加 - VM とスケジュールされたスナップショットを考慮した
activateifneededの改良 - コマンドラインツールのソート順を改良し、番号付きエントリーを改良
- Ceph rbd/fs
diskデバイスが実装され、仮想マシンにアタッチできるようになりました - 3.0 未満から 4.0 へ直接アップグレードしたユーザーのデーター移行の問題をいくつか修正しました
execでファイルディスクリプターがリークする問題を修正しました
コミットの全リストは次の通りです(翻訳なし):
- doc/instances: Fix escaping
- lxc/network: Updates network detach checks to use bridged network property
- lxd/network/network/utils: Updates network setting detection in IsInUse
- lxd/instance/drivers/driver/qemu: Adds host_name info to RenderState when lxd-agent is running
- lxd/networks: Fix clustered configs
- shared/api: Move NUMANode to thread
- lxd/resources: Set NUMANode on a per-thread basis
- lxc/info: Update for NUMANode on thread
- i18n: Update translation templates
- api: resources_cpu_threads_numa
- api: resources_cpu_core_die
- lxd/resources: Parse and report die_id
- lxd/storage/drivers/driver/lvm/volumes: Mount xfs snapshot with nouuid option
- lxd/storage/drivers/driver/ceph/volumes: Adds mounting logging
- lxd/instance/drivers/driver/lxc: Updates Render() to accept options arguments
- lxd/instance/drivers/driver/qemu: Updates Render() to accept options arguments
- lxd/instance/instance/interface: Updates Render() to accept options arguments
- lxd/storage/drivers/utils: Zeros btrfs transaction log in regenerateFilesystemBTRFSUUID
- lxd/storage/utils: Removes unused functions and constants
- lxd/storage/utils: Adds RenderSnapshotUsage function
- lxd/instance/snapshot: Adds storagePools.RenderSnapshotUsage to Render() in containerSnapshotsGet and snapshotGet
- lxd/instance/drivers/driver/lxc: Use storagePools.RenderSnapshotUsage in RenderFull()
- lxd/instance/drivers/driver/qemu: Use storagePools.RenderSnapshotUsage in RenderFull()
- lxd/instance/instance/utils: Removes unused WriteBackupFile
- lxd/storage/drivers/utils: Changes regenerateFilesystemUUID to use expanded arg definitions
- lxd/storage/drivers/driver/ceph/utils: Changes generateUUID to not map device
- lxd/storage/drivers/driver/ceph/volumes: d.generateUUID updated signature usage
- lxd/storage/drivers/driver/ceph/volumes: Adds BTRFS UUID regeneration to MountVolumeSnapshot
- lxd/storage/drivers/driver/zfs/volumes: Comment clarification
- lxd/storage/drivers/volume: Adds support for setting custom mount path
- lxd/storage/drivers/driver/btrfs/volumes: Create temporary snapshot in BackupVolume()
- lxd/storage/drivers/driver/btrfs/volumes: Renames container vars to instance
- lxd/storage/drivers/driver/btrfs/volumes: Consistent quoting of error message variables
- lxd/instance/drivers: Removes storagePools.RenderSnapshotUsage from RenderFull()
- lxd/storage/drivers/driver/zfs/volumes: Create temporary snapshot in BackupVolume()
- lxd/storage/backend/lxd: Checks for existance of volume before deleting
- lxd/instance: Switches to revert package for instanceCreateAsSnapshot
- lxd/storage/backend/lxd: Comment tweak
- lxd/storage/drivers/driver/ceph/volumes: Tweaks HasVolume detection
- shared/subprocess/proc: Fixes race in process stopping
- lxd/main_activateifneeded: s/container/instance/
- lxd/main_activateifneeded: Retrieve all instances
- lxd/main_activateifneeded: Check for scheduled instance snapshots
- lxd/main_activateifneeded: Check for scheduled volume snapshots
- test/suites/basic: Update activateifneeded tests
- lxd/main_activateifneeded: Use defer statement to close db
- lxd/storage/btrfs: Workaround permission issue
- lxd/cluster: add RemoveRaftNode() to force removing a raft node
- api: Add "DELETE /internal/cluster/raft/" endpoint
- Increase timeout when calling dqlite.Client.Add() to join the cluster
- lxd/storage/drivers/driver/zfs/volumes: Comment
- lxd/storage/drivers/driver/lvm/volumes: Always return -1/ErrNotSupported for snapshot usage
- lxd/storage/drivers/driver/dir/volumes: Always return -1/ErrNotSupported for snapshot usage
- lxd/storage/drivers/driver/zfs/volumes: Always used 'used' property for ZFS snapshot usage
- lxd/storage/drivers/driver/cephfs/volumes: Always return -1/ErrNotSupported for snapshot usage
- lxd/storage/drivers/driver/btrfs/volumes: Return -1/ErrNotSupported when no quota available
- lxd/instance: Fix typo in comment
- lxc/action: Fix typo in help message
- i18n: Update translation templates
- lxd: Add "lxd cluster remove-raft-node" recovery command
- doc: Add paragraph about "lxd cluster remove-raft-node"
- test: Add test exercising "lxd cluster remove-raft-node"
- lxd/storage/lvm: Always call vgchange on mount
- lxd/patches: Fix snapshot migration
- tests: Fix btrfs storage usage
- lxd/storage/drivers/volume: Only chmod if needed in EnsureMountPath
- lxd/storage/drivers/volume: Removes unnecessary variable
- lxd/storage/drivers/driver/zfs/volumes: Ensure volumes created from copy have correct perms
- lxd/storage/drivers: Call EnsureMountPath() in MountVolume()
- lxd/storage/drivers: Call EnsureMountPath() in MountVolumeSnapshot()
- lxd/storage/drivers/driver/btrfs/volumes: Adds revert to CreateVolume
- lxd/storage/drivers/driver/btrfs/volumes: Comment in CreateVolumeFromCopy
- lxd/storage/drivers/driver/lvm/utils: EnsureMountPath after copying thin volume
- lxd/storage/drivers/driver/cephfs/volumes: typo
- lxd/storage/drivers/driver/cephfs/volumes: Calls vol.EnsureMountPath after filling
- lxd/storage/drivers/driver/ceph/volumes: Calls EnsureMountPath to fix perms after copying volume
- lxd/storage/drivers/driver/lvm/volumes: Fixes temporary snapshot volume cleanup for VMs
- lxd/storagr/drivers/driver/ceph/volumes: Adds support for snapshot usage reporting
- lxd/storage/drivers/driver/lvm/volumes: Clarifies comments on LVM volume usage reporting
- shared/osarch: Coding style
- shared/osarch: Don't fail on missing os-release
- shared/api: Add OS information
- lxd/api: Add OS information
- api: Add api_os
- lxc: Use natural string sorting
- lxc: Group snapshot and parent
- lxd/main: Move forkzfs mntns to cgo
- doc/networks: Adds note about firewalld and DHCP/DNS
- lxd/device/nic/routed: Improves validation of sysctl settings when using vlan option
- lxd/device/nic/routed: Corrects misleading error message when setting sysctls
- lxd/storage/drivers/generic/vfs: Log when creating snapshots
- lxd/storage/drivers/driver/zfs/volumes: Fix migrating VM block volumes in MigrateVolume
- lxd/storage/memorypipe: Adds context support for cancellation
- lxd/storage/backend/lxd: memorypipe cancellation usage
- lxd/device/nic/sriov: Updates networkGetVirtFuncInfo to use json output from ip tool
- doc: Add missing os_api extension
- lxd/storage/drivers/driver/dir/utils: Removes default project quota
- forkexec: mark fd cloexec so the attaching process doesn't inherit it
- forkexec: close all inherited fds
- forkexec: log unexpected fds
- lxd/daemon: Ignore .zfs in volumes
- lxd/network: Push MTU over DHCP
- shared/api: Drop invalid Managed key in NetworksPost
- lxd: Drop invalid use of Managed property
- lxd/devices/disk: Prevent recursive & readonly
- lxc/instance/drivers: Set new name before renaming backups
- test: Extend backup rename
- lxd/instance/drivers: Add revert steps when renaming instance
- lxd/instance/drivers/driver/qemu: Allow up to 8 NIC devices
- lxd/instance/drivers/driver/qemu/templates: Note that lxd_ disk device name prefix should not be changed
- doc/instances: Clarify config conditions
- doc/index: Clarify bind-mount in FAQ
- lxd/instances: Better use userRequested on Update
- lxd/device/nic/routed: Fix sysctl command suggestion when using vlans
- lxd/device/nic/ipvlan: Improve validation of sysctl settings when vlan setting used
- test/clustering: increase timing to detect offline node
- shared/version/api: Add resources_system API extension
- doc/api-extensions: Add resources_system
- shared/api/resource: Add system resources
- lxd/resources: Add new system resources
- lxd/resources: Retrieve system information
- shared/util: Never look into the snap
- lxd/resources: serial/uuid may not be accessible
- doc/instances: Fixes default ceph.cluster_name value
- lxd/device/disk: Adds support to use ceph: prefix for disk source for VMs
- firewalld & lxd : how to let Firewalld control the LXD's iptables rules this is related to https://github.com/lxc/lxd/pull/7195 but this a bit more generic
- Update networks.md
- doc/networks: Fix typo
- i18n: Update translations from weblate
- Update networks.md
- lxd/storage/ceph: Suppport alternate conf syntax
- lxd/init: Try to bind LXD network address when running interactively
- lxd/instance/drivers/driver/qemu/templates: Use static PCIe address prefix for 9p devices
- lxd/instance/drivers/drivers/qemu: Adds support for 9p disk device PCIe indexes
- lxd/device/nic/bridged: Dont load br_netfilter
- doc/instances: Fix swapped description
- index.md: add PATH env variable to sudo command example
- shared/simplestreams: Fix VM image preference
- lxd/devoce/device/utils/disk: Comment on diskCephfsOptions
- lxd/device/disk: Adds cephfs support for VMs
- lxd/device/proxy: Check for br_netfilter enabled and log warning if not
- lxd/firewall/drivers/driver/xtables: Adds MASQUERADE hairpin proxy NAT rule
- lxd/firewall/drivers/drivers/xtables: comments
- lxd/device/proxy: Sets bridge port hairpin mode on when br_netfilter loaded
- lxd/firewall/drivers/drivers/xtables: Renames toDest to connectDest
- lxd/firewall/drivers/drivers/nftables: Renames toDest to connectDest
- lxd/init: Improve error messages when failing to bind an address
- lxd/firewall/drivers/drivers/nftables: Adds MASQUERADE hairpin proxy NAT rule
- test/suites/container/devices/proxy: Updates tests for checking hairpin rule
- lxd/instance/drivers/driver/qemu: Wait for onStop when restarting
- lxd/instance/drivers/driver/qemu: Makes onStop unexported
- lxd/instance/drivers/driver/qemu: Comment
- lxd/instance/lxc: Don't crash in setNetworkPriority
- lxd/instances: Export type to templates
- lxd-agent: Reboot after cloud-init seed
- lxd/util: Tweak NetworkInterfaceAddress to only return global
- lxd/net/util: Updates comment on NetworkInterfaceAddress behaviour change
- shared/usbid: Use system database
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 4.0 LTS リリースのお知らせ¶
31st of March 2020
はじめに ¶
LXD チームは、LXD 4.0 LTS のリリースをお知らせすることにとてもワクワクしています!
これは LXD の 3 つめの LTS リリースです。とても忙しく、そしてエキサイティングです! あとの ChangeLog は、LXD 3.23 ユーザーと 3.0 ユーザーの両方が私たちが準備したものを見れるように分けています。
私たちの他の LTS リリースと同様に、このリリースも 5 年間(2025 年 6 月まで)サポートされます。その間に多数のバグフィックスとセキュリティのポイントリリースが行われます。
LXD 3.0 に関しては、残り 3 年間のセキュリティ fix のみのメンテナンスモードに入る前の近いうちに、最後のバグフィックスリリースを 3.0.5 としてリリースしたいと思っています。
Enjoy!
互換性のない変更 ¶
--container-only の削除と、--instance-only への置き換え ¶
このリリースでの CLI の互換性のない変更は --container-only を --instance-only に置き換えるものだけです。フィーチャーリリースでは数ヶ月の間は両方をサポートします。4.0 リリースでは、非推奨の機能は削除されます。
3.23 ユーザー向けのハイライト ¶
virtual machines: バックアップサポート(import/export)¶
lxc export と lxc import が仮想マシンで使えるようになりました。
しかし、注意点があります。仮想マシンはコンテナとは異なり、大きなブロックデバイスとしてしかアクセスできません。これは、VM 内で実際にどれだけの容量が使われていたとしても、数 GB のデーターを読み込み圧縮する必要があるということです。
つまりエクスポートもインポートも長い時間がかかる可能性があるということです。
ZFS のようなバックエンドで --optimized オプションを使うと、同じタイプのストレージプールにインポートするなら、エクスポートの時間を大幅に短縮できるでしょう。
resources: リソース API の PCI、USB デバイス ¶
リソース API(/1.0/resources)が拡張され、システム上の PCI、USB デバイスが表示されるようになりました。これは特に、仮想マシンで VFIO パススルーや、コンテナで USB デバイスを扱う場合に有用です。
stgraber@castiana:~$ lxc query /1.0/resources | jq .pci
{
"devices": [
{
"driver": "skl_uncore",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:00:00.0",
"product": "Xeon E3-1200 v6/7th Gen Core Processor Host Bridge/DRAM Registers",
"product_id": "5904",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "i915",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:00:02.0",
"product": "HD Graphics 620",
"product_id": "5916",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "",
"driver_version": "",
"numa_node": 0,
"pci_address": "0000:00:08.0",
"product": "Xeon E3-1200 v5/v6 / E3-1500 v5 / 6th/7th/8th Gen Core Processor Gaussian Mixture Model",
"product_id": "1911",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "xhci_hcd",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:00:14.0",
"product": "Sunrise Point-LP USB 3.0 xHCI Controller",
"product_id": "9d2f",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "intel_pch_thermal",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:00:14.2",
"product": "Sunrise Point-LP Thermal subsystem",
"product_id": "9d31",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "mei_me",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:00:16.0",
"product": "Sunrise Point-LP CSME HECI #1",
"product_id": "9d3a",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "pcieport",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:00:1c.0",
"product": "Sunrise Point-LP PCI Express Root Port #1",
"product_id": "9d10",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "pcieport",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:00:1c.2",
"product": "Sunrise Point-LP PCI Express Root Port #3",
"product_id": "9d12",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "pcieport",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:00:1c.4",
"product": "Sunrise Point-LP PCI Express Root Port #5",
"product_id": "9d14",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "pcieport",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:00:1d.0",
"product": "Sunrise Point-LP PCI Express Root Port #9",
"product_id": "9d18",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "",
"driver_version": "",
"numa_node": 0,
"pci_address": "0000:00:1f.0",
"product": "Sunrise Point LPC Controller/eSPI Controller",
"product_id": "9d4e",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "",
"driver_version": "",
"numa_node": 0,
"pci_address": "0000:00:1f.2",
"product": "Sunrise Point-LP PMC",
"product_id": "9d21",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "snd_hda_intel",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:00:1f.3",
"product": "Sunrise Point-LP HD Audio",
"product_id": "9d71",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "i801_smbus",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:00:1f.4",
"product": "Sunrise Point-LP SMBus",
"product_id": "9d23",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "e1000e",
"driver_version": "3.2.6-k",
"numa_node": 0,
"pci_address": "0000:00:1f.6",
"product": "Ethernet Connection (4) I219-LM",
"product_id": "15d7",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "rtsx_pci",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:02:00.0",
"product": "RTS525A PCI Express Card Reader",
"product_id": "525a",
"vendor": "Realtek Semiconductor Co., Ltd.",
"vendor_id": "10ec"
},
{
"driver": "iwlwifi",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:04:00.0",
"product": "Wireless 8265 / 8275",
"product_id": "24fd",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "nvme",
"driver_version": "1.0",
"numa_node": 0,
"pci_address": "0000:05:00.0",
"product": "SSD 600P Series",
"product_id": "f1a5",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "pcieport",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:06:00.0",
"product": "JHL6540 Thunderbolt 3 Bridge (C step) [Alpine Ridge 4C 2016]",
"product_id": "15d3",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "pcieport",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:07:00.0",
"product": "JHL6540 Thunderbolt 3 Bridge (C step) [Alpine Ridge 4C 2016]",
"product_id": "15d3",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "pcieport",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:07:01.0",
"product": "JHL6540 Thunderbolt 3 Bridge (C step) [Alpine Ridge 4C 2016]",
"product_id": "15d3",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "pcieport",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:07:02.0",
"product": "JHL6540 Thunderbolt 3 Bridge (C step) [Alpine Ridge 4C 2016]",
"product_id": "15d3",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "pcieport",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:07:04.0",
"product": "JHL6540 Thunderbolt 3 Bridge (C step) [Alpine Ridge 4C 2016]",
"product_id": "15d3",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "thunderbolt",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:08:00.0",
"product": "JHL6540 Thunderbolt 3 NHI (C step) [Alpine Ridge 4C 2016]",
"product_id": "15d2",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "pcieport",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:09:00.0",
"product": "JHL6540 Thunderbolt 3 Bridge (C step) [Alpine Ridge 4C 2016]",
"product_id": "15d3",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "pcieport",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:0a:00.0",
"product": "JHL6540 Thunderbolt 3 Bridge (C step) [Alpine Ridge 4C 2016]",
"product_id": "15d3",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "pcieport",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:0a:01.0",
"product": "JHL6540 Thunderbolt 3 Bridge (C step) [Alpine Ridge 4C 2016]",
"product_id": "15d3",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "pcieport",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:0a:02.0",
"product": "JHL6540 Thunderbolt 3 Bridge (C step) [Alpine Ridge 4C 2016]",
"product_id": "15d3",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "pcieport",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:0a:04.0",
"product": "JHL6540 Thunderbolt 3 Bridge (C step) [Alpine Ridge 4C 2016]",
"product_id": "15d3",
"vendor": "Intel Corporation",
"vendor_id": "8086"
},
{
"driver": "ahci",
"driver_version": "3.0",
"numa_node": 0,
"pci_address": "0000:0b:00.0",
"product": "",
"product_id": "0622",
"vendor": "ASMedia Technology Inc.",
"vendor_id": "1b21"
},
{
"driver": "xhci_hcd",
"driver_version": "5.4.0-18-generic",
"numa_node": 0,
"pci_address": "0000:0c:00.0",
"product": "FL1100 USB 3.0 Host Controller",
"product_id": "1100",
"vendor": "Fresco Logic",
"vendor_id": "1b73"
},
{
"driver": "atlantic",
"driver_version": "5.4.0-18-generic-kern",
"numa_node": 0,
"pci_address": "0000:0d:00.0",
"product": "AQC107 NBase-T/IEEE 802.3bz Ethernet Controller [AQtion]",
"product_id": "87b1",
"vendor": "Aquantia Corp.",
"vendor_id": "1d6a"
}
],
"total": 32
}
stgraber@castiana:~$ lxc query /1.0/resources | jq .usb
{
"devices": [
{
"bus_address": 1,
"device_address": 4,
"interfaces": [
{
"class": "Wireless",
"class_id": 224,
"driver": "btusb",
"driver_version": "0.8",
"number": 0,
"subclass": "Radio Frequency",
"subclass_id": 1
},
{
"class": "Wireless",
"class_id": 224,
"driver": "btusb",
"driver_version": "0.8",
"number": 1,
"subclass": "Radio Frequency",
"subclass_id": 1
}
],
"product": "",
"product_id": "0a2b",
"speed": 12,
"vendor": "Intel Corp.",
"vendor_id": "8087"
},
{
"bus_address": 1,
"device_address": 3,
"interfaces": [
{
"class": "Video",
"class_id": 14,
"driver": "uvcvideo",
"driver_version": "1.1.1",
"number": 0,
"subclass": "Video Control",
"subclass_id": 1
},
{
"class": "Video",
"class_id": 14,
"driver": "uvcvideo",
"driver_version": "1.1.1",
"number": 1,
"subclass": "Video Streaming",
"subclass_id": 2
}
],
"product": "Integrated Camera",
"product_id": "b5ce",
"speed": 480,
"vendor": "Chicony Electronics Co., Ltd",
"vendor_id": "04f2"
},
{
"bus_address": 3,
"device_address": 2,
"interfaces": [
{
"class": "Audio",
"class_id": 1,
"driver": "snd-usb-audio",
"driver_version": "5.4.0-18-generic",
"number": 0,
"subclass": "Control Device",
"subclass_id": 1
},
{
"class": "Audio",
"class_id": 1,
"driver": "snd-usb-audio",
"driver_version": "5.4.0-18-generic",
"number": 1,
"subclass": "Streaming",
"subclass_id": 2
},
{
"class": "Audio",
"class_id": 1,
"driver": "snd-usb-audio",
"driver_version": "5.4.0-18-generic",
"number": 2,
"subclass": "Streaming",
"subclass_id": 2
},
{
"class": "Human Interface Device",
"class_id": 3,
"driver": "usbhid",
"driver_version": "5.4.0-18-generic",
"number": 3,
"subclass": "",
"subclass_id": 0
}
],
"product": "TX42C500",
"product_id": "4933",
"speed": 12,
"vendor": "Realtek Semiconductor Corp.",
"vendor_id": "0bda"
},
{
"bus_address": 3,
"device_address": 13,
"interfaces": [
{
"class": "Video",
"class_id": 14,
"driver": "uvcvideo",
"driver_version": "1.1.1",
"number": 0,
"subclass": "Video Control",
"subclass_id": 1
},
{
"class": "Video",
"class_id": 14,
"driver": "uvcvideo",
"driver_version": "1.1.1",
"number": 1,
"subclass": "Video Streaming",
"subclass_id": 2
},
{
"class": "Audio",
"class_id": 1,
"driver": "snd-usb-audio",
"driver_version": "5.4.0-18-generic",
"number": 2,
"subclass": "Control Device",
"subclass_id": 1
},
{
"class": "Audio",
"class_id": 1,
"driver": "snd-usb-audio",
"driver_version": "5.4.0-18-generic",
"number": 3,
"subclass": "Streaming",
"subclass_id": 2
}
],
"product": "HD Pro Webcam C920",
"product_id": "082d",
"speed": 480,
"vendor": "Logitech, Inc.",
"vendor_id": "046d"
},
{
"bus_address": 3,
"device_address": 16,
"interfaces": [
{
"class": "Human Interface Device",
"class_id": 3,
"driver": "usbhid",
"driver_version": "5.4.0-18-generic",
"number": 0,
"subclass": "",
"subclass_id": 0
},
{
"class": "Chip/SmartCard",
"class_id": 11,
"driver": "usbfs",
"driver_version": "5.4.0-18-generic",
"number": 1,
"subclass": "",
"subclass_id": 0
}
],
"product": "YubiKey FIDO+CCID",
"product_id": "0406",
"speed": 12,
"vendor": "Yubico.com",
"vendor_id": "1050"
},
{
"bus_address": 3,
"device_address": 17,
"interfaces": [
{
"class": "Human Interface Device",
"class_id": 3,
"driver": "usbhid",
"driver_version": "5.4.0-18-generic",
"number": 0,
"subclass": "Boot Interface Subclass",
"subclass_id": 1
},
{
"class": "Human Interface Device",
"class_id": 3,
"driver": "usbhid",
"driver_version": "5.4.0-18-generic",
"number": 1,
"subclass": "Boot Interface Subclass",
"subclass_id": 1
}
],
"product": "ThinkPad Compact USB Keyboard with TrackPoint",
"product_id": "6047",
"speed": 12,
"vendor": "Lenovo",
"vendor_id": "17ef"
}
],
"total": 6
}
network: 複数の ipvlan NIC デバイスのサポート ¶
複数の ipvlan デバイスの ipv4.gateway と ipv6.gateway の両方もしくは片方が none に設定されている場合、複数の ipvlan デバイスを同じコンテナに追加できるようになりました。
network: routed NIC のホスト側アドレス設定のサポート ¶
routed NIC のホスト側のアドレスは ipv4.host_address と ipv6.host_address プロパティで設定できるようになりました。
clustering: クラスターロール編集のサポート ¶
新たに lxc cluster edit コマンドでクラスターのロールを編集できるようになりました。
現時点では書き込みできるロールがないので意味がないのですが、近いうちにいくつかロールを追加し、API とコマンドで管理できるようになるにする予定です。
instances: カスタムボリュームのディスク使用量 ¶
カスタムボリュームをアタッチしているコンテナが、state API (と lxc info)経由でボリュームの使用量をレポートするようになりました。
stgraber@castiana:~$ lxc launch images:ubuntu/bionic c1
Creating c1
Starting c1
stgraber@castiana:~$ lxc storage volume create default vol1
Storage volume vol1 created
stgraber@castiana:~$ lxc storage volume create default vol2
Storage volume vol2 created
stgraber@castiana:~$ lxc storage volume attach default vol1 c1 vol1 /mnt/vol1
stgraber@castiana:~$ lxc storage volume attach default vol2 c1 vol2 /mnt/vol2
stgraber@castiana:~$ lxc info c1
Name: c1
Location: none
Remote: unix://
Architecture: x86_64
Created: 2020/04/01 00:00 UTC
Status: Running
Type: container
Profiles: default
Pid: 1439012
Ips:
eth0: inet 10.166.11.66 veth12c5ea18
eth0: inet6 fd42:4c81:5770:1eaf:216:3eff:fee2:43b6 veth12c5ea18
eth0: inet6 fe80::216:3eff:fee2:43b6 veth12c5ea18
lo: inet 127.0.0.1
lo: inet6 ::1
Resources:
Processes: 14
Disk usage:
root: 1.11MB
vol1: 98.30kB
vol2: 98.30kB
CPU usage:
CPU usage (in seconds): 0
Memory usage:
Memory (current): 46.94MB
Network usage:
eth0:
Bytes received: 3.06kB
Bytes sent: 2.93kB
Packets received: 22
Packets sent: 28
lo:
Bytes received: 0B
Bytes sent: 0B
Packets received: 0
Packets sent: 0
instances: スナップショットのディスク使用量 ¶
API でスナップショットごとのそれぞれのサイズを取得できるようになりました。
stgraber@castiana:~$ lxc snapshot c1 stgraber@castiana:~$ lxc query /1.0/instances/c1/snapshots/snap0 | jq .size 61440
これは再設計が済むとすぐに lxc info で表示されるようになるでしょう。
auth: パスワード不要の PKI モードのサポート ¶
管理された PKI を使って LXD を使う場合、その CA が署名したクライアント証明書であれば自動的に信頼するように LXD を設定できるようになりました。
これは core.trust_ca_certificates で設定します。
revoke を扱うため、server.ca と同時に設定する server.crl を CRL として受け入れます。
3.0 ユーザー向けのハイライト ¶
上記の機能と変更点に加えて、LXD 3.0 ブランチのユーザーは、以下の「新しい」機能が期待できるでしょう:
仮想マシン ¶
LXD はコンテナと仮想マシンの両方を実行できるようになりました。
デバイスや設定オプションによっては仮想マシンではまだ設定できないものがありますが、使い方や設定方法は同じように動作します。
操作によっては仮想マシン内で動作するエージェントが実行します(lxc exec と lxc file)。プロジェクトで作成したイメージのほとんどはエージェントがあらかじめインストールされています。
コンテナではなく仮想マシンを作成するのであれば、シンプルに lxc launch に --vm オプションを指定します。
VM イメージは主要なよく使われる Linux ディストリビューションのものが準備されており、将来的にも更に追加する予定です。
stgraber@castiana:~$ lxc launch images:centos/8 centos-8 --vm
Creating centos-8
Starting centos-8
stgraber@castiana:~$ lxc info centos-8
Name: centos-8
Location: none
Remote: unix://
Architecture: x86_64
Created: 2020/03/31 23:48 UTC
Status: Running
Type: virtual-machine
Profiles: default
Pid: 1426453
Ips:
enp5s0: inet 10.166.11.125
enp5s0: inet6 fd42:4c81:5770:1eaf:1c5b:d0a1:d892:5464
enp5s0: inet6 fe80::9bbf:7460:2ad0:6a9
lo: inet 127.0.0.1
lo: inet6 ::1
Resources:
Processes: 12
Disk usage:
root: 6.65MB
CPU usage:
CPU usage (in seconds): 5
Memory usage:
Memory (current): 123.94MB
Memory (peak): 115.95MB
Network usage:
enp5s0:
Bytes received: 2.55kB
Bytes sent: 2.32kB
Packets received: 21
Packets sent: 20
lo:
Bytes received: 0B
Bytes sent: 0B
Packets received: 0
Packets sent: 0
stgraber@castiana:~$ lxc exec centos-8 bash
[root@centos-8 ~]# cat /etc/redhat-release
CentOS Linux release 8.1.1911 (Core)
[root@centos-8 ~]# uname -a
Linux centos-8 4.18.0-147.5.1.el8_1.centos.plus.x86_64 #1 SMP Thu Feb 6 10:31:58 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
[root@centos-8 ~]#
プロジェクト ¶
プロジェクトは LXD サーバーを分割する方法です。 プロジェクトはそれぞれ自身のインスタンス、イメージ、プロファイル、ストレージボリュームを持つことができます。
これらのさまざまな機能はプロジェクトごとに有効化・無効化できます。無効にした場合、プロジェクトは default プロジェクトから継承します。
これに加え、プロジェクトは制約(restriction / 特定のデバイスタイプや特権コンテナの無効化など)と制限(limit / CPU、メモリー、インスタンス数の制限)をサポートしています。
インスタンス ¶
- コンテナ上でのシステムコールインターセプション
- 限られた
mknodがコンテナ内で可能 - 限られた
setxattrがコンテナ内で可能 - 特権が必要なファイルシステムのマウントを許可するために使用可能
- 一部のファイルシステムマウントを FUSE にリダイレクトするために使用可能
- バックアップ・リストア機能の追加(
lxc exportとlxc import) - ストレージプール間のインスタンスのコピー・移動
lxc copy --refreshを使った(ローカル、リモートの)インスタンスコピーのリフレッシュ(訳注: 差分コピー)- 予想外の削除や id シフトからの保護(
security.protection.deleteとsecurity.protection.shift) shiftfsのサポート追加。可能な場合にはshiftfsを使用し従来の id シフトを置き換える- 自動化されたスナップショットと expire
- 新しい
unix-hotplugデバイスタイプ(unix-charやunix-blockと同様のもの) usbデバイスの改良:- 追加・削除の uevent がコンテナに転送されるようになりました
- すべての USB デバイスを渡すことができます
proxyデバイスの改良:- 特権を落とすオプション(
security.uidandsecurity.gid) - ソケットの所有権のオプション(
uid,gid,mode) - HAProxy タイプヘッダーのサポート(
proxy_protocol) - 使用可能な場合 NAT を使った高速なプロキシー(
nat) - UDP、UNIX ソケットのサポート。UDP、TCP を使っている場合のポートの範囲
diskデバイスの改良:- Ceph rbd/fs ディスクの直接コンテナへのアタッチ
- カスタムのマウントオプション
- コンテナが読めるものへの uid/gid の変換のための
shiftプロパティ nicデバイスの改良:- 新しい
ipvlannic タイプ - 新しい
routednic タイプ ipv4.routesとipv6.routesプロパティ- 簡単に LXD が管理するネットワークに接続するための
networkプロパティ - セキュリティフィルタリングオプション
- SR-IOV デバイスでの VLAN と MAC フィルタリング
ネットワーク ¶
- 設定可能な NAT ソースアドレス(
ipv4.nat.addressandipv6.nat.address) - DHCP リース API と
lxc network list-leasesコマンド - ネットワーク状態に関する API と
lxc network infoコマンド - LXD が管理するネットワークでの設定可能な MAC アドレス(
bridge.hwaddr) - ファイアウォールのルール順がコントロール可能に(
ipv4.nat.orderandipv6.nat.order)
ストレージ ¶
- スクラッチから書き直した新しい内部ストレージレイヤー
- 新しい
cephfsストレージバックエンド - バックアップとイメージをストレージプール内に保存可能に
- カスタムストレージボリュームのスナップショット(スケジューリングと expire 処理を含む)
- LVM ストライピングサポート
- Ceph でメタデータとデータプールの分離
dirバックエンドで ext4/xfs の "project quotas" 機能を使ったクォータ- カスタムストレージボリュームの
security.shiftedプロパティ
イメージ ¶
- ネストした LXD でホストからイメージを取得するための API(
security.devlxd.images) - 新たに作成するイメージで
squashfs圧縮のサポート - プロファイルをイメージに結びつけることが可能に
- イメージの expire 時期を変更できるように
クラスターの改良 ¶
- スタンバイデータベースノードのサポート
- データベース数とスタンバイノードの数が設定可能
- アーキテクチャー混在のクラスターリング
- クラスターリングのロール
- 新たな簡素化されたクラスター追加 API
- クライアントとクラスター用トラフィックのアドレスの分離
- 自動イメージレプリケーション
CLI¶
lxc listとlxc image listの新しいカラム- 新たに
lxc aliasコマンドを追加 listコマンド全体を通して--formatオプションをサポート- すべての
setコマンドで複数のkey=valueを受け付けるように execコマンドが--uidと--gidと--cwdオプションを受け付けるようにlxc copyとlxc moveでの設定の上書き- クラスターリングに対してより多くのコマンドでの
--targetサポート
将来的な保証 ¶
- xtables の代替として nftables をサポート
- cgroup v2 を使った制限のサポート
API¶
- Canonical RBAC 経由の RBAC (Role Based Access Control) サポート
- デフォルトの TLS キーの EC384 化
/1.0/containersの置き換えとして/1.0/instancesエンドポイントの新設/1.0/instancesと/1.0/imagesでのサーバーサイドのコレクションフィルタリングを追加/1.0/resourcesでのより広範囲のリソース API- カーネルの機能が
/1.0で取得可能に - LXC の機能が
/1.0で取得可能に core.debug_address経由でのビルトインデバッグサーバー(pprof)設定- 高需要エンドポイントでのバルククエリー(再帰)オプションの追加
- クラスター環境内のイベントとオペレーションが
Locationフィールドを持つように
完全な ChangeLog(翻訳なし) ¶
Here is a complete list of all changes in this release:
- shared/version/api: Add trust_ca_certificates
- doc: Add core.trust_ca_certificates
- lxd/cluster/config: Add core.trust_ca_certificates
- *: Add parameters to CheckTrustState
- shared/cert: Add CRL to CertInfo
- lxd/util/http: Check CRL for revoked clients
- test: Extend PKI test
- lxd/etag: Quote generated etag values
- lxd/apparmor: Apparently the order matters
- shared/version/api: Add snapshot_disk_usage API extension
- doc: Add snapshot_disk_usage
- lxd/storage/drivers/btrfs: Fix quota
- lxd/backup: Removes Privileged field from backup.Info struct
- lxd/backup: Adds new fields in index.yaml
- lxd/instances/post: bInfo.OptimizedStorage pointer usage
- lxd/storage/backend/lxd: CreateInstanceFromBackup OptimizedStorage pointer usage
- lxd/backup: Updates backupWriteIndex index.yaml fields
- lxd/backup: Removes Project field from index.yaml
- test/suites/storage: Add btrfs quota tests
- shared/api: Add size to InstanceSnapshot
- lxd/instance/drivers: Get snapshot usage
- lxd/storage/drivers/btrfs: Don't destroy qgroups
- lxd/storage/drivers: Moves functions from generic.go to generic_vfs.go
- lxd/storage/drivers: Generic VFS function usage after move &rename
- lxd/instance/drivers: Add custom volumes to disk state
- lxd/instance/drivers: Fix lxd-agent running order
- lxc: Deprecate --container-only
- i18n: Update translation templates
- tests: Move away from container-only
- lxc: Drop flagContainerOnly
- lxd/storage/zfs: Fix deleted VM images restoration
- lxc/storage/drivers/driver/btrfs/volumes: CreateVolumeFromBackup to use tar reader for optimized volume restore
- lxc/storage/drivers/driver/zfs/volumes: CreateVolumeFromBackup to use tar reader for optimized volume restore
- shared/archive: Adds CompressedTarReader function
- lxd/backup/backup: shared.CompressedTarReader usage
- test/suites/static/analysis: Reinstates checks for shared/instancewriter
- lxd/instance/post: InstanceID usage
- lxd/db/containers: Renames ContainerID to InstanceID
- lxd/instances/post: Logging in createFromBackup
- lxd/instances/post: Logging message change from container to instance
- lxd/instances/post: Switches to revert package in createFromBackup
- lxd: Merges instanceCreateFromBackup into createFromBackup
- lxd/storage/drivers/utils: Adds blockDevSizeBytes function
- lxd/storage/drivers/driver/ceph/volumes: Updates SetVolumeQuota to use blockDevSizeBytes
- shared/instancewriter/instance/file/info: Adds FileInfo for os.FileInfo implementation
- shared/instancewriter/instance/tar/writer: Adds WriteFileFromReader function
- lxd/backup: Switches index.yaml file generation to use WriteFileFromReader in backupCreate
- lxd/api/internal: d.cluster.InstanceID usage
- lxd/storage/backend/lxd: Better error msg context in CreateInstanceFromBackup
- lxd/backup: Removes volume type restriction in backupCreate
- lxd/storage/drivers/generic/vfs: Adds VM support to genericVFSBackupVolume
- lxd/storage/drivers: Uses sourcePath logging for consistency in BackupVolume
- lxd/storage/drivers/driver/zfs/volumes: Adds optimised VM backup to BackupVolume
- lxd/storage/drivers/driver/btrfs/volumes: Adds optimised VM backup to BackupVolume
- lxd/storage/backend/lxd: Adds volume type logic for VMs to CreateInstanceFromBackup
- lxd/api/internal: makes internalImport VM aware
- lxd/storage/drivers/generic/vfs: Adds VM support to genericVFSBackupUnpack
- lxd/storage/drivers/driver/zfs/volumes: MountVolume comment improvements
- lxd/storage/drivers/driver/zfs/volumes: UnmountVolume improvements
- lxd/storage/drivers/driver/zfs/volumes: Adds VM support to generic mode in MigrateVolume
- lxd/storage/drivers/driver/zfs/volumes: Adds VM support to MountVolumeSnapshot
- lxd/storage/drivers/driver/zfs/volumes: Adds VM support to UnmountVolumeSnapshot
- lxd/storage/drivers/driver/zfs/volumes: Adds support for VM optimized backup restore
- lxd/storage/drivers: Adds existing volume check to optimized backup restore
- lxd/storage/drivers/driver/btrfs/volumes: Adds support for VM optimized backup restore
- lxd/storage/backend/lxd: Updates CheckInstanceBackupFileSnapshots to be VM aware
- lxd/storage/backend/lxd/patches: Ignores snapshots when retrieving list of custom volumes to be renamed
- lxd/containers: Emit lifecycle event on user shutdown
- lxd/storage/drivers: Adds OptimizedBackups driver Info flag
- lxd/backup: Ignore requests for optimized backups when pool driver doesn't support it
- lxd/instances/post: Ensure optimized backup imports only import into same storage driver pools
- lxd/instance/exec: Adds protection against clients reconnecting after exec has started
- doc: Fix escaping
- lxd/cluster: Tweak errors
- api: clustering_edit_roles
- shared/api: Add ClusterMemberPut
- lxd/cluster: Make ClusterMember editable
- client: Add UpdateClusterMember
- lxc/cluster: Add edit sub-command
- i18n: Update translation templates
- lxd/firewall/drivers/drivers/consts: Adds FilterIPv6All constant
- cgroup/init: close controllers file
- doc/networks: Add missing maas.subnet.ipv4/maas.subnet.ipv6
- scripts/bash: Add maas.subnet.ipv4/maas.subnet/ipv6 to network
- client: Fix bad description for UpdateClusterMember
- lxd/device/nic/bridged: Allow security.ipv6_filtering to be used on networks without IPv6
- lxd/firewall/drivers/drivers/xtables: Adds FilterIPv6All support
- lxd/firewall: Dont use compact function arg definitions
- lxd/firewall/drivers/drivers/nftables: Adds FilterIPv6All support
- lxd/network/network/utils: Adds support for bridged NIC network property when rebuilding dnsmasq static config
- lxd/network/network/utils: Comment consistency
- lxd/device/nic/bridged: Allow security.ipv4_filtering to be used on networks without IPv4
- lxd/firewall/drivers/drivers/consts: Adds FilterIPv4All constant
- lxd/firewall/drivers/drivers/xtables: Adds Adds FilterIPv4All support
- lxd/firewall/drivers/drivers/nftables: Adds FilterIPv4All support
- test: Adds bridged NIC tests for total protocol filtering
- lxd/device/nic: Adds ipv4.host_address and ipv6.host_address keys
- lxd/device/nic/routed: Adds ability to specify host-side veth interface IP address
- api: Adds container_nic_routed_host_address API extension
- doc/instances: Updates routed nic doc with ipv4.host_address and ipv6.host_address keys
- scripts/bash/lxd-client: Updates bash device keys for routed NIC
- lxd/device/nic/ipvlan: Adds ipv4.gateway and ipv6.gateway support
- api: Adds container_nic_ipvlan_gateway API extension
- doc/instances: Adds ipvlan ipv4.gateway and ipv6.gateway docs
- lxd/device/nic/routed: Sets accept_ra=0 on host interface
- lxc: Fix for current cobra
- lxd/device/nic_routed: Don't fail on missing IPv6
- lxd/device/nic_routed: Set rp_filter=1
- forkexec: rework
- forkexec: tweak
- lxd/firewall/firewall/interface: Adds InstanceSetupRPFilter and InstanceClearRPFilter
- lxd/firewall/drivers/drivers/xtables: Improves proxy NAT rule removal errors
- lxd/firewall/drivers/drivers/xtables: Renames iptablesConfig to iptablesAdd
- lxd/firewall/drivers/drivers/xtables: Implements reverse path filters
- lxd/device/nic/routed: Applies firewall based reverse path filter for IPv4 and IPv6
- lxd/storage/drivers/ceph: Re-create image snapshot
- lxd/storage/drivers: Update comment on readonly snapshot
- lxd/firewall/drivers/drivers/nftables: Implements reverse path filters
- shared/instancewriter/instance/tar/writer: Adds ignoreGrowth arg to WriteFile
- lxd/storage/drivers/generic/vfs: Sets ignoreGrowth arg true in WriteFile usage
- lxd: Existing WriteFile usage updated to set ignoreGrowth to false
- lxd/device/nic/bridged: Disables IPv6 on bridged host side interface
- lxd/exec: Fix forwarding for VMs
- lxd: Rename forwarding functions
- i18n: Update translations from weblate
- lxd/networks: Fix network leases list for instances using "network" option
- lxd/instance/drivers/driver/qemu: Restart on failure
- shared/idmap: Better root fallback
- lxd/instance/drivers/driver/qemu: Fixes dependencies for lxd-agent
- lxd-agent/main/agent: Better logging
- shared/version/api: Add resources_usb_pci API extension
- doc: Add resources_usb_pci
- shared/api: Add USB and PCI resources
- shared/usbid: Add USB vendor and devices
- lxd/resources: Add USB resource
- lxd/resources: Add PCI resource
- test/suites/static_analysis: Skip shared/usbid/load_data.go
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 3.23 リリースのお知らせ¶
20th of March 2020
はじめに ¶
LXD チームは、LXD 3.23 のリリースをお知らせすることにとてもワクワクしています!
このリリースは最後の 3.x シリーズのリリースです。来週リリース予定の LXD 4.0 に少しの変更(いくつかの後方互換性のない CLI の調整)を加えています。
このリリースは、カスタムストレージボリューム、プロジェクト、仮想マシンを使うユーザーに特に機能が詰まったリリースです。
Enjoy!
ハイライト ¶
プロジェクトのカスタムストレージボリューム ¶
features.storage-volumes という新しいプロジェクトの機能が、すべての新しいプロジェクトで使えるようになりました。プロジェクトにカスタムボリュームを関連付けることができます。
この機能により、コンフリクトのリスクなしで専用のカスタムストレージボリュームのセットが作成できます。Canonical RBAC と組み合わせて、異なるプロジェクト間でストレージを適切に分離できるようになりました。
stgraber@castiana:~$ lxc storage volume list default | grep custom +--------+----------+-------------+---------+ | TYPE | NAME | DESCRIPTION | USED BY | +--------+----------+-------------+---------+ | custom | backups | | 1 | +--------+----------+-------------+---------+ | custom | blah | | 0 | +--------+----------+-------------+---------+ | custom | images | | 1 | +--------+----------+-------------+---------+ stgraber@castiana:~$ lxc project create blah Project blah created stgraber@castiana:~$ lxc project switch blah stgraber@castiana:~$ lxc storage volume create default foo Storage volume foo created stgraber@castiana:~$ lxc storage volume list default | grep custom +--------+------+-------------+---------+ | TYPE | NAME | DESCRIPTION | USED BY | +--------+------+-------------+---------+ | custom | foo | | 0 | +--------+------+-------------+---------+ stgraber@castiana:~$
カスタムストレージボリュームのスナップショットのスケジューリング ¶
インスタンスと同じように、snapshots.schedule と snapshots.pattern 設定がカスタムボリュームでも使えるようになりました。
これらは lxc storage volume set POOL VOL KEY VALUE を使って直接設定できます。
カスタムストレージボリュームの有効期限 ¶
カスタムストレージボリュームで自動スナップショットが使えるようになったので、同時に有効期限の設定を行うのが良いでしょう。インスタンスで使えるものと合わせて、snapshots.expiry を使って設定できます。
既存のスナップショットの有効期限の編集は lxc storage volume edit POOL VOL/SNAP コマンドを使って行えます。
プロジェクトに対する制限値 ¶
プロジェクトごとに制限値をいくつか加えることができるようになりました。 現時点で使える制限値は次のものです:
limits.containers作成できるコンテナの総数limits.virtual-machines作成できる仮想マシンの総数limits.cpu使用できる仮想 CPU の数limits.memory与えられるメモリーの総量limits.processes起動できるプロセスの総数
最後の 3 つの設定は、プロジェクト内の全インスタンスで一致する設定を持つ必要があります。制限は実際の使用量ではなく、インスタンスに設定する制限値のトータルに対して適用されます。
プロジェクトに対する制約 ¶
(制限値に)加えて、いくつかの機能に対する制約もプロジェクトに適用できるようになりました。
オプションの全リストは https://linuxcontainers.org/lxd/docs/master/projects でご覧いただけます。
この機能は、restricted=true を使って制約をプロジェクトに適用すると、信頼できないユーザーに対して安全となるようにデフォルト設定されるようにデザインされています。その後制約を、潜在的により危険だったり、より制限の少ない設定やデバイスを許可するように緩めることができます。
Canonical RBAC とこの機能を組み合わせて、あまり信用できないユーザーに対してホスト上の完全な特権を与える必要なしに、共有 LXD サーバーやクラスターを実行できます。
バックアップ・エクスポートロジックの改良 ¶
lxc export が使うバックアップ・エクスポートロジックが更新されました。エクスポート中のディスクスペース量が減少しました。コンテナファイルは、ディスク上に作成される中間コピーファイルなしに直接圧縮した tarball に書き込まれます。
これによりエクスポートで使うディスクの使用量を大幅に減らすだけでなく、処理のスピードも向上しました。
VM: マイグレーションのサポート ¶
仮想マシンをローカルストレージプール間やリモートの LXD サーバー間でコピーできるようになりました。
この機能は "cold" マイグレーションのみであることに注意してください。仮想マシンは移動の間は停止していなければなりません。ライブマイグレーションは今後実装が予定されています。
VM: publish のサポート ¶
仮想マシンが lxc publish できるようになりました。より多くの仮想マシンを起動したり、他のサーバーに転送するのに使えるイメージが作成できます。
この機能はコンテナと完全に同じように動作しますが、仮想マシンのディスクはコンテナよりかなり大きいという事実を強調しておく必要があります。publish プロセス中にイメージを qcow2 に再度パックする必要がありますので、大きな仮想マシンを扱うためには、システム上にかなりの量のディスクの空き容量が必要になります。
完全な ChangeLog(翻訳なし)¶
Here is a complete list of all changes in this release:
- lxd/storage/zfs: Fix usage calculation
- Add go 1.14.x check
- lxd: Cleanup error messages
- lxd: Rename container files to instance
- tests: Update for rename
- production-setup: add net.core.bpf_jit_limit and kernel.keys.maxbytes
- doc/instances: Adds missing host_name key on routed nic device
- doc/instances: Documents ipv4.gateway and ipv6.gateway routed NIC keys
- lxd/device/device/utils/network: Adds NetworkValidGateway helper
- lxd/device/nic: Adds ipv4.gateway and ipv6.gateway validation
- lxd/device/nic/routed: Adds support for not adding automatic default gateway
- api: Adds extension container_nic_routed_gateway
- lxd/util/fs: Fixes go vet conversion from int64 to string yields a string of one rune error
- lxd/device/disk: Only unmounts non-root volumes attached
- lxd/daemon: Adds comment to AllowAuthenticated
- lxc/storage/volumes: Adds API permission check for permission "manage-storage-volumes"
- lxd/project/project: Comment tweak to Instance()
- lxd/project/project: Adds StorageVolume()
- lxd/project/project/test: Adds StorageVolume() test
- lxd/project/project: Adds StorageVolumeParts function
- lxd/project/project: Adds StorageVolumeProject function
- lxc/project: Adds STORAGE VOLUMES col to projects list
- doc/projects: Documents features.storage.volumes flag
- lxd/api/project: Adds features.storage.volumes to API
- lxd/db/migration: Adds features.storage.volumes true to default project on importPreClusteringData
- lxd/db/cluster/open: Adds features.storage.volumes true to default project in EnsureSchema
- scripts/bash/lxd-client: Adds features.storage.volumes to bash autocomplete
- lxd/daemon/storage: Error message quoting
- lxd/daemon/storage: Updates storage custom volume functions to pass project.Default
- lxd/daemon/storage: Adds support for custom volume projects
- lxd/device/disk: Updates custom volume disks to support projects
- lxd/patches: Updates patchStorageApiPermissions to use project.Default for custom volumes
- lxd/storage/backend/mock: Updates custom volume signatures to support projectName
- lxd/storage/pool/interface: Updates custom volume functions to support projectName
- lxd/storage/volumes: Error message quoting and comment tweaks
- lxd/storage/volumes: Improve volume type checks
- lxd/storage/volumes: Add custom volume project support
- lxd/storage/volumes: Migration project aware
- lxd/storage/volumes/snapshots: Improve volume type validation
- lxd/storage/volumes/snapshot: Error message quoting
- lxd/storage/volumes/snapshot: Adds project support for custom volumes
- lxd/storage/backend/lxd: Updates custom volume functions to support projects
- lxd/db/storage/pools: Removes incorrect assumption about custom vol projects in storagePoolVolumeGetType
- lxd/db/storage/pools: Comment and error msg tweaks
- lxd/db/storage/pools: Removes incorrect filter for project default when vol type is StoragePoolVolumeTypeCustom
- lxd/db/storage/pools: Updates StoragePoolVolumeSnapshotsGetType to filter by project
- lxd/db/storage: Removes StoragePoolNodeVolumeGetType
- lxd/db/storage: Fixes StoragePoolVolumeSnapshotsGetType to be project aware
- lxd/patches: Switches to using storageDrivers.GetVolumeMountPath
- lxd/storage/storage: Removes unused GetStoragePoolVolumeMountPoint
- lxd/api: Updates projectParam to use project.Default
- lxd: project.Default usage
- lxd/images: Comment weaks
- lxd/images: golint fixes
- lxd/project/limits: Default const usage
- lxd/storage/load: Adds support for custom vol projects to volIDFuncMake
- lxd/storage/load: Error msg quoting tweaks
- lxd/storage/volumes/utils: Error msg tweaks
- lxd/storage/volumes/utils: Removes unused supportedVolumeTypesExceptImages
- lxd/storage/volumes/utils: Updates storagePoolVolumeUpdateUsers to be project aware
- lxd/storage/volumes/utils: Removes storagePoolVolumeUsedByRunningInstancesWithProfilesGet and old link var
- lxd/container: Removes unused function instanceLoadAll
- lxd/storage/backend/lxd: Updates use of database functions to use projectName
- lxd/storage/utils: Adds VolumeUsedByRunningInstancesWithProfilesGet and removes old link var
- lxd/storage/utils: Makes VolumeSnapshotsGet project aware
- lxd/storage/utils: Makes VolumeUsedByInstancesGet project aware
- lxd/migrate/storage/volumes: Makes custom volume project aware
- lxd/storage/backend/lxd: b.state.Cluster.StoragePoolNodeVolumeGetTypeByProject usage
- lxd/storage/backend/lxd: Updates migration functions to be project aware
- lxd/storage/backend/mock: Updates migration functions to be storage aware
- lxd/storage/pool/interface: Updates migration functions to be project aware
- test: Updates tests for custom storage volume projects
- lxd/db/storage/pools: Makes StoragePoolNodeVolumesGetType project aware
- lxd/db/storage/pools: Removes StoragePoolNodeVolumeGetTypeID function
- lxd/patches: StoragePoolNodeVolumeGetTypeIDByProject usage
- lxd/patches: Improves error messages context
- lxd/storage/backend/lxd/patches: Adds custom volume rename patch to add project prefix
- lxd/storage/drivers/utils: Captures error context from e2fsck
- lxd/storage/drivers/utils: Dont use TryCommand when resizing
- i18n: Update translation templates
- lxd: Replaces == "true" with shared.IsTrue() for projects and profiles
- lxc: Replaces == "true" with shared.IsTrue() for project features
- lxd/firewall: Don't create zombies
- lxd/patches: Adds concept of stage to patch system
- lxd/daemon: Applies pre daemon storage patches
- lxd/storage/backend/lxd/patches: Skip already renamed volumes
- lxd/db/images: Removes unnecessary whitespace
- lxd/db/images: Updates ImagesGetExpired to return ExpireImage struct with projectName
- lxd/images: Updates pruneExpiredImages to support removing expired images from non-default projects
- driver_qemu: delete vm id from vmConsole
- ExecReaderToChannel: Prevent endless loops
- lxd/daemon/storage: Removes daemonStorageUsed function
- lxd/storage/utils: Adds VolumeUsedByDaemon function
- lxd: storagePools.VolumeUsedByDaemon usage
- lxd/storage/backend/lxd/patches: Adds daemon storage symlink update to lxdPatchStorageRenameCustomVolumeAddProject
- lxd/firewall/nft: Flush chain on delete
- lxd/firewall/nft: Handle json errors
- lxd/firewall/nft: Refuse to run on old kernels
- lxd/project: Rename limits.go to permissions.go
- shared/util/linux: Updates ExecReaderToChannel to accept a finisher chan as struct{}
- lxd-agent/exec: Updates usage of ExecReaderToChannel channel definitions
- shared/network: Removes logging internal state of websocket in WebsocketRecvStream
- shared/netutils/network/linux: Updates WebsocketExecMirror to use struct{} exited indicator channel
- lxd/instance/exec: Fixes VM read loop when agent not started
- lxd/project: Rename CheckLimitsUponInstanceCreation to AllowInstanceCreation
- lxd/project: Rename CheckLimitsUponInstanceUpdate to AllowInstanceUpdate
- lxd/project: Rename CheckLimitsUponProfileUpdate to AllowProfileUpdate
- lxd/project: Rename ValidateLimitsUponProjectUpdate to AllowProjectUpdate
- lxd/project: Rename checkAggregateInstanceLimits to checkRestrictionsAndAggregateLimits
- lxd/project: Extract checkAggregateLimits from checkRestrictionsAndAggregateLimits
- lxd/project: Honor the "restricted.containers.nesting" config
- lxd/project: Prevent using low-level container options
- lxd/project: Check if restrictions are consistent when updating a project config
- lxd/project: Honor the "restricted.containers.lowlevel" config
- lxd/project: Honor the "restricted.containers.privilege" config
- lxd/project: Also expand instance devices
- lxd/project: Add machinery to perform checks on instance devices
- lxc/project: Honor the "restricted.devices.unix-char" config
- lxd/project: Perform restrictions checks also on profiles config and devices
- lxc/project: Honor the "restricted.devices.unix-block" config
- lxc/project: Honor the "restricted.devices.unix-hotplug" config
- lxc/project: Honor the "restricted.devices.infiniband" config
- lxc/project: Honor the "restricted.devices.nic" config
- lxd/project: Honor the "restricted.devices.disk" config
- lxc/project: Honor the "restricted.devices.gpu" config
- lxc/project: Honor the "restricted.devices.usb" config
- lxc/project: Honor the "restricted.virtual-machines.lowlevel" config
- lxd/project: Pass current configuration to AllowInstanceUpdate
- lxd/project: Check restrictions for volatile config keys
- lxd/project: Adjust import order
- lxd/project: Drive-by lint fixes
- api: Add new restrict.* config keys to projects
- shared/version: Add "projects_restrictions" API extension
- doc/projects.md: Document project restrictions
- test: Add projects restrictions tests
- scripts: Update bash completion profile with new project config keys
- lxd/images: Allow virtual-machine and instance as source
- lxd/images: Set right image type on publish
- lxd/vm: Implement Export
- lxd/instance: Fix expiry check
- lxd/storage: Unpack unified VM images
- lxd/migration: Rebuilds migrate.pb.go
- lxd/migration: Adds BLOCK_AND_RSYNC migration transport type
- lxd/instances/post: Adds VM support to createFromMigration
- lxd/migrate/instance: Adds VM support to migrationSourceWs.Do
- lxd/rsync: Adds support for passing arguments to rsync send command
- lxd/storage/drivers/utils: Error quoting
- lxd/storage/drivers/driver/common: Updates MigrationTypes to support block volumes for VMs
- lxd/storage/drivers/driver/dir/volumes: Updates migration to support VMs
- lxd/storage/drivers/driver/dir/utils: Skips initial quota for VM block migration
- lxd/storage/drivers: Switches to ErrNotSupported for non-block volume paths
- lxd/storage/drivers/generic/vfs: Adds VM migration support to genericVFSMigrateVolume
- lxd/storage/drivers/generic: Adds VM migration support to genericCreateVolumeFromMigration
- lxd/storage/drivers: Removes dupe checks using genericVFSMigrateVolume
- lxd/storage/drivers/generic: Adds volume type specific migration transport type checks
- lxd/storage/drivers/driver/lvm/volumes: Removes dupe check done in genericCreateVolumeFromMigration
- lxd/migrate/storage/volumes: whitespace
- lxd/storage/drivers/driver/btrfs: Adds block migration negotiation
- lxd/storage/drivers/driver/btrfs/volumes: Adds VM migration support
- lxd/storage/backend/lxd: Improve delete error messages
- lxd/storage/utils: Adds FallbackMigrationType function
- lxd: Replaces hardcoded instances of migration.MigrationFSType_RSYNC
- lxd/storage/drivers/driver/zfs: Adds block migration negotiation
- lxd/storage/drivers/driver/zfs/volumes: Adds VM migration support
- lxd/storage/drivers/driver/ceph: Adds block migration negotiation support
- lxd/storage/drivers/driver/ceph/volumes: Adds VM migration support
- lxd/migrate/instance: Prevent live migrations for VMs
- lxd: Add "instance" string where necessary
- lxd/instances/snapshot: Fix expiration in profiles
- lxd/images: Fix source type handling
- lxc/export: Make API call more correct
- lxd/storage/drivers/driver/btrfs/volumes: Dont activate quotas if not used
- lxd/storage/drivers/driver/ceph/volumes: Adds VM block resize support
- doc/security: Adds network security section
- lxd: Unexport NewMigrationSource
- lxd/storage: Fix crash on VM unpack
- lxd: Unexport NewDaemon
- lxd: Unexport RestServer
- lxd: Unexport DefaultDaemonConfig and DefaultDaemon
- lxd: Unexports AllowAuthenticated and AllowProjectPermission
- lxd: Unexports DevLxdServer
- lxd: Unexports daemon feature functions
- lxd: Unexports migration setup functions
- lxd: Unexports forwarded response helpers
- client: Removes nullReadWriteCloser
- client: Removes unused proxyInstanceMigration function
- lxc-to-lxd: Removes unused vars
- lxc-to-lxd: Removes unused connectTarget
- lxc-to-lxd: Removes unused setupSource
- lxd/cluster: Removes unused flagForce
- lxc: Removes unused profile
- lxc/console: Removes unused getStdout
- lxd-agent: Removes unused rootUID and rootGID
- lxc: Removes unused func showByDefault
- lxd/cgroup: Removes unused cgCgroup2SuperMagic
- lxd-agent: Unexports NewDaemon
- memory_utils: align lxc + lxd
- tree-wide: consistently initialize raw fds to -EBADF instead of -1 in cgo
- lxd/storage/ceph: Fix ext4 shrinking
- lxc/remote: Use helpers
- lxc/remote: Validate remote name
- i18n: Update translation templates
- doc: Update requirements
- lxd/init: Don't offer dir as a remote backend
- lxc/config: Fix behaviour of instance snapshot expiry
- db/cluster: Bump the value of sqlite_sequence for storage_volumes
- po: Update translations
- shared/version/api: Add custom_volume_snapshot_expiry extension
- doc: Add custom_volume_snapshot_expiry
- lxd/db: Add expiry_date to storage_volumes_snapshots
- shared/api: Add expiry fields to StorageVolumeSnapshot*
- lxd/storage: Add expiry to volume snapshot pool functions
- lxd: Add snapshots.expiry config key for storage volumes
- lxd/db: Add custom volume snapshot functions
- lxd: Handle volume snapshot expiry
- lxd/storage: Add expiry date to VolumeDBCreate
- lxd/storage: Update expiry date when updating volume snapshots
- lxd/db: Add ProjectName to StorageVolumeArgs
- lxd/db: Add new OperationCustomVolumeSnapshotsExpire
- lxd/db: Add StorageVolumeSnapshotsGetExpired
- lxd: Remove expired custom volume snapshots
- *: Remove snapshot code from StoragePoolVolumeCreate
- lxc: Add --no-expiry for volume snapshots
- test: Add volume snapshot expiry test
- doc: Add keys to volume config
- po: Update translations
- lxd/storage/drivers/driver/lvm/volumes: Fixes LVM VM snapshot list
- lxd/cluster: Ignore CEPH custom volumes on removal
- shared/version: Add volume_snapshot_scheduling API extension
- lxd/storage: Add snapshots.* config keys
- lxd/db: Extend StorageVolumeArgs
- lxd: Support patterns in StorageVolumeNextSnapshot
- lxd/db: Add StoragePoolVolumesGetAllByType
- lxd: Add volume snapshot scheduling
- doc: Add volume snapshot scheduling
- lxd: Clean up logging for expired volume snapshots
- doc/networks: describe how to notify systemd-resolved of lxd nameserver
- lxd/storage/utils: Add missing comments
- lxd/storage/utils: Add forceRemoveAll
- lxd/storage/dir: Use forceRemoveAll
- lxd/api/cluster/test: Removes unused DISABLED_TestCluster_Failover
- lxd/api/cluster/test: Removes unused FLAKY_TestCluster_LeaveAndPromote
- lxd/cluster/gateway: Removes unused cachedRaftNodes
- lxd/cluster/heartbeat/test: Removes unused DISABLE_TestHeartbeat_MarkAsDown
- lxd/cluster/membership/test: Removes unused FLAKY_TestPromote
- lxd/db/containers: Removes unused snapshotIDsAndNames
- lxd/db/db/internal/test: Removes unused dir var
- lxd/db/testing: Removes unused var
- lxd/device/device/utils/unix: Removes unused unixDeviceInstanceAttributes
- lxd/device/nic/bridged: Removes unused dhcpAllocation
- lxd/firewall: Removes unused constants
- lxd/instance/drivers/driver/lxc: Removes unused cgroup2 var
- lxd/main/forkproxy: Removes unused udpConn var
- lxd/storage/drivers/driver/common: Removes unused load
- shared/generate/file/buffer: Removes unused varDeclSliceToString
- shared/generate/db/parse: Removes unused simpleTypeNames
- shared/generated/file/path: Removes unused absPath
- lxd/db/node: Tweaks LEFT JOIN to just JOIN in NodeIsEmpty()
- lxd/sys: Don't fail chmod on unresolvable symlinks
- shared/containerwriter: Renames to instancewriter
- lxd/instance/drivers: instancetarwriter usage
- shared/instancewriter/instance/tar/writer: Modifies WriteFile to accept a file name arg
- shared/instancewriter/instance/tar/writer: Adds ResetHardLinkMap function
- lxd/instance/drivers: instancetarwriter.WriteFile name arg usage
- lxd/db/containers: Renames ContainerBackupCreate and ContainerBackupRemove
- i18n: Update translations from weblate
- lxd/backup: Removes backupCreateTarball function
- lxd/backup: Updates instance backup to use tar writer rather than tar cmd
- lxd/backup: InstanceBackupRemove usage
- lxd/storage/drivers/utils: Minor tweak to copyDevice error message
- lxd/stroage/drivers/generic: Tweak error message of genericCreateVolumeFromMigration
- lxd/storage/drivers/generic/vfs: Switches genericVFSBackupVolume to tar writer
- lxd/images: Fixes unhandled error
- lxd/storage/backend/lxd: Adds tarWriter to BackupInstance function
- lxd/storage/backend/mock: Adds tarWriter to BackupInstance function
- lxd/storage/drivers/driver/ceph/volumes: Adds tarWriter arg to BackupVolume
- lxd/storage/drivers/driver/cephfs/volumes: Adds tarWriter arg to BackupVolume
- lxd/storage/drivers/driver/dir/volumes: Adds tarWriter arg to BackupVolume
- lxd/storage/drivers/driver/lvm/volumes: Adds tarWriter arg to BackupVolume
- lxd/storage/drivers/drivers/mock: Adds tarWriter arg to BackupVolume
- lxd/storage/drivers/interface: Adds tarWriter arg to BackupVolume
- lxd/storage/pool/interace: Adds tarWriter arg to BackupInstance
- lxd/storage/drivers/driver/btrfs/volumes: Adds tarWriter arg to BackupVolume
- lxd/storage/drivers/driver/zfs/volumes: Adds tarWriter arg to BackupVolume
- lxd/internal: Log some memory stats
- shared: Drop Pipe function
- lxd/containers: Add configfs and tracefs
- btrfs quota to simulate total disk size
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 3.22 リリースのお知らせ¶
6th of March 2020
はじめに ¶
LXD チームは、LXD 3.22 のリリースをお知らせすることにとてもワクワクしています!
このリリースでは、コンテナと仮想マシン両方にかなりの数の改良が加えられています。nftables サポートを追加し、xtables から切り替えられた一部の新しい Linux ディストリビューションに対する互換性が大きく向上しています。
このリリースとは別に、かなりの新しい VM イメージをイメージサーバーに追加しました。Ubuntu、Debian、Fedora、CentOS、OpenSUSE、ArchLinux の VM イメージを見つけられるでしょう。
Enjoy!
ハイライト ¶
プロジェクトに対するリソース制限 ¶
プロジェクトのリソース量を制限するのに使える新しい設定項目を追加しました:
- limits.containers
- limits.virtual-machines
- limits.cpu
- limits.memory
- limits.processes
CPU、メモリ、プロセスの制限を使う際に適用される制限がいくつかあります。詳しくは公式ドキュメントをご覧ください: プロジェクトの制限
ファイアウォールの nftables バックエンド ¶
最近の LXD リリースで、ファイアウォールのリクエストに対する内部抽象化レイヤーが導入されました。 これは、LXD ネットワークのファイアウォール、NAT、コンテナに対するプロキシーデバイス、IP や MAC フィルタリングなど、あらゆるものに対応しています。
このリリースの LXD で、新しいバックエンドとして、nft が既存の xtables 実装に加わりました。 起動時に LXD はシステムでどちらが現在使用されているかを検出し、以降はそれを使い続けます。
既存のバックエンドは lxc info で次のように参照できます:
stgraber@castiana:~$ lxc info | grep firewall: firewall: nftables
コンテナ: 非特権コンテナの Hugepages ¶
非特権コンテナで hugepages にアクセスできるようになりました。
hugetlbfsファイルシステムのマウントインターセプション- hugepages に対して新たに制限を適用可能
x86_64 の設定例は次のようになります:
- security.syscalls.intercept.mount=true
- security.syscalls.intercept.mount.allowed=hugetlbfs
- limits.hugepages.1MB=1GB
hugepages の割り当ては、コンテナがすでに使っている通常のメモリに追加されることに注意してください。また、他の制限と同様に、制限を設定しないと無制限に hugepages を使えることに注意してください。
root@edfu:~# lxc init ubuntu:18.04 c1 Creating c1 root@edfu:~# lxc config set c1 security.syscalls.intercept.mount true root@edfu:~# lxc config set c1 security.syscalls.intercept.mount.allowed hugetlbfs root@edfu:~# lxc config set c1 limits.hugepages.2MB 1GB root@edfu:~# lxc start c1 root@edfu:~# lxc exec c1 bash root@c1:~# mkdir /dev/hugepages ; mount -t hugetlbfs hugetlbfs /dev/hugepages root@c1:~# ls -lh /dev/hugepages/ total 0
VM: 9p ディスクデバイスのサポート ¶
LXD の仮想マシンに長く待望されていた機能のひとつが、ホストから仮想マシンに任意のパスを渡す機能でした。
LXD 3.22 で LXD 自身とエージェントのロジックを組み合わせることでこれを可能にしました。
これがプロファイルを通してコンテナと仮想マシンの両方で使えるようになりました。
root@edfu:~# lxc profile create shared-data Profile shared-data created root@edfu:~# lxc profile device add shared-data home disk source=/home path=/mnt/home Device home added to shared-data root@edfu:~# lxc profile device add shared-data srv disk source=/srv path=/mnt/srv Device srv added to shared-data root@edfu:~# lxc launch images:fedora/31 f31-ctn -p default -p shared-data Creating f31-ctn Starting f31-ctn root@edfu:~# lxc launch images:fedora/31 f31-vm -p default -p shared-data --vm Creating f31-vm Starting f31-vm root@edfu:~# lxc exec f31-ctn -- df -ah | grep /mnt /dev/sdb1 220G 12G 197G 6% /mnt/home /dev/sdb1 220G 12G 197G 6% /mnt/srv root@edfu:~# lxc exec f31-vm -- df -ah | grep /mnt lxd_home 220G 12G 197G 6% /mnt/home lxd_srv 220G 12G 197G 6% /mnt/srv
VM: ファイルテンプレートのサポート ¶
イメージ内のテンプレートファイルが仮想マシンにも使えるようになりました。 テンプレートは、設定内で使用可能なメタデータを使ってホスト上の LXD が設定を読み込み、読み込まれたファイルは仮想マシンにインストールするためにエージェントに渡されます。
カスタムイメージへのテンプレートの追加がコンテナと同様に動作するようになり、LXD のイメージサーバー images: (https://images.linuxcontainers.org/)でも使われています。
完全な ChangeLog(翻訳なし) ¶
Here is a complete list of all changes in this release:
- lxc-to-lxd: golint fix
- lxd/cluster: golint fixes
- lxd/migration: golint fixes
- shared/containerwriter: golint fixes
- shared/generate: golint fixes
- shared/netutils: golint fixes
- tests: Update golint list
- shared: Fix HostPathFollow for stdin/stdout
- Allow build with GNU Make 4.3
- add mips architectures
- doc: tweak markdown format
- lxd/vm: Use -sandbox
- lxd/firewall/firewall/interface: Adds String() and Compat()
- lxd/network/network: Handle errors during firewall setup
- lxd/firewall/drivers/drivers/xtables: Changes XTables to Xtables for consistency
- lxd/firewall/drivers/drivers/xtables: Better validation in InstanceSetupProxyNAT
- lxd/firewall/drivers/drivers/xtables: Adds String() and Compat()
- lxd/firewall/firewall/load: Detect which firewall driver to use
- lxd/daemon: Log which firewall driver as selected
- api: API extension firewall_driver
- lxd/firewall/drivers/drivers/nftables: Adds nftables driver
- test: Updates container devices nic bridged filtering tests for nftables
- test: Updates proxy tests for nftables
- add riscv architecture definitions
- rv->riscv
- correct mips names (le->el), no aliases required
- lxd/storage/backend/lxd: Adds logging for CreateInstanceFromBackup post hook
- lxd/storage/backend/lxd: Refuse to create storage pool if dir exists on disk
- as the kernel only reports mips/mips64, specify 32 and 64bit arch and el as aliases
- lxd/main/import: Adds --project flag support to lxd import
- lxd/api/internal: Updates error messages in internalImport
- shared/util: Fix relative paths in HostPathFollow
- lxd/api/internal: Removes duplicate storage package import
- lxd/storage: Adds InstanceImportingFilePath function
- lxd/api/internal: storagePools.InstanceImportingFilePath usage
- lxd/container/lxc: storagePools.InstanceImportingFilePath usage
- lxd/api: projectParam comments
- lxd/api/internal: Uses StoragePoolNodeVolumeGetTypeByProject for project support
- lxd/storage/drivers/driver/lvm: Adds lvm.vg.force_reuse config option
- lxd/storage/pools/config: Adds lvm.vg.force_reuse option
- doc/api: Adds API extension storage_lvm_vg_force_reuse
- doc/storage: Adds lvm.vg.force_reuse option to storage pool config
- lxd/images: Removes hardcoded default project arg for ImageGet in autoUpdateImage
- lxd/images: Golint and comments
- lxd/instances: Pick correct default type from URL
- lxd/db: Set ceph.user.name if missing
- lxd/vm: Fix disk files and snap
- lxd/db: Fix ceph username in patch
- lxd/db: Revert 3da5aea1 fix, since in turn testify reverted the change
- lxd/db: un-export StorageVolumeNodeGet
- lxd/db: un-export StoragePoolVolumesGetType
- lxd/db: un-export StoragePoolVolumeGetTypeID
- lxd/db: un-export StoragePoolVolumeGetType
- lxd/db: un-export StorageVolumeConfigGet
- lxd/db: un-export StoragePoolVolumeTypeToName
- lxd/db: un-export StorageVolumeDescriptionUpdate
- lxd/db: un-export StorageVolumeConfigAdd
- lxd/db: un-export StorageVolumeConfigClear
- lxd/db/cluster: add new storage volume snapshots table
- lxd/db/cluster: drop snapshot column from storage_volumes table
- lxd/db/cluster: add storage_volumes_all view
- lxd/db/schema: include triggers when generating SQL for fresh schemas
- lxd/db/cluster: add triggers to check that volume IDs don't overlap
- lxd/db: change StoragePoolVolumeSnapshotsGetType to query the snapshots table
- lxd/db: change StorageVolumeNextSnapshot to query the snapshot table
- lxd/db: update StorageVolumeNodeAddresses to use storage_volumes_all
- lxd/db: update storagePoolVolumeGetTypeID to use storage_volumes_all
- lxd/db: update storageVolumeNodeGet to use storage_volumes_all
- lxd/db: update StorageVolumeDescriptionGet to use storage_volumes_all
- lxd/db: update storageVolumeIDsGet to use storage_volumes_all
- lxd/db: update StoragePoolVolumesGetNames to use storage_volumes_all
- lxd/db: update StoragePoolVolumesGet to use storage_volumes_all
- lxd/db: update storagePoolVolumesGetType to use storage_volumes_all
- lxd/db: update InstancePool to use storage_volumes_all
- lxd/db: update instancePoolSnapshot to use storage_volumes_all
- lxd/db: make StoragePoolVolumeDelete differentiate between regular volumes and snapshots
- lxd/db: make storageVolumeConfigGet differentiate between regular volumes and snapshots
- lxd/db: make storageVolumeDescriptionUpdate differentiate between regular volumes and snapshots
- lxd/db: make storageVolumeConfigAdd differentiate between regular volumes and snapshots
- lxd/db: make storageVolumeConfigClear differentiate between regular volumes and snapshots
- lxd/db: make StoragePoolVolumeRename differentiate between regular volumes and snapshots
- lxd/db: consider snapshots in StorageVolumeMoveToLVMThinPoolNameKey
- lxd/db: add ClusterTx.storagePoolVolumeGetTypeID() method
- lxd/db: make StoragePoolVolumeCreate differentiate between regular volumes and snapshots
- lxd/db: no need to update snapshot names in ContainerNodeMove
- lxd/db: copy volume snapshots in StoragePoolNodeJoinCeph
- lxd: no need to rename snapshot volumes when renaming a container
- lxd/db/cluster: migrate existing volume snapshots to the new table
- tests: some runs of "lxd import" don't fail anymore due to improved data integrity
- lxd/logging: Handle projects in log expiry
- doc: Fix escaping
- shared/api: Fix ServerEnvironment ordering
- lxd/vm: Fix snapshots
- lxd/storage/ceph: Fix leftover rbd
- lxd/storage/ceph: Fix zombie handling
- lxd/init: Use new network syntax
- tests: Check UUIDs while running
- Increase timeout of standalone SQL statements
- lxd/storage/ceph: Improve error reporting on map
- lxd/containers: Have findIdmap look at projects
- lxd/storage: Remove legacy dir implementation
- lxd/storage: Remove legacy btrfs implementation
- lxd/storage: Remove legacy zfs implementation
- lxd/storage: Remove legacy lvm implementation
- lxd/storage: Removes unused getPoolMountLockID
- lxd/storage/pools/utils: Comment on storagePoolDBCreate
- lxd/api/internal: Removes legacy storage pool loading
- lxd/api/internal: Consistent comment style
- lxd/api/internal: Stops using backup pkg name as variable
- lxd/api/internal: Switches internalImport to use pool.CheckInstanceBackupFileSnapshots
- lxd/storage/pool/interface: Adds CheckInstanceBackupFileSnapshots
- lxd/storage/errors: Adds ErrBackupSnapshotsMismatch error
- lxd/storage/backend/mock: Adds CheckInstanceBackupFileSnapshots
- lxd/storage/backend/lxd: Adds CheckInstanceBackupFileSnapshots implementation
- lxd/patches/utils: Removes unused functions
- lxd/api/internal: Adds sanity check for instance name in internalImport
- lxd/backup: Have tar not transform symlink targets
- lxd/storage/drivers/driver/lvm/volumes: Updates VolumeSnapshots to use lvs for snapshot list
- lxd/backup: Removes old storage loader
- lxd/container/lxc: Removes old storage loader
- lxd/storage: Removes unused storagePoolVolumeContainerCreateInit
- lxd/container: Removes old storage loader
- lxd/containers/post: Removes old storage loader
- lxd/daemon/storage: Consistent comment ending
- lxd/daemon/storage: Removes old storage loader
- lxd/images: Removes old storage loader
- lxd/migrate/container: Removes old storage loader
- lxd/migrate/storage/volumes: Removes old storage loader
- lxd/resources: Removes old storage loader
- lxd/storage/pools/utils: Removes old storage loader
- lxd/storage/pools: Removes old storage loader
- lxd/storage/volumes/snapshot: Removes old storage loader
- lxd/storage/volumes: Removes old storage loader
- lxd/storage: Removes old storage loader
- lxd/instance/drivers/driver/qemu: Removes storage layer transition workaround
- lxd/container/lxc: Makes Delete pool load logic same as VM type
- lxd: Storage loader comments
- lxd/storage: Removes unused functions
- lxd/storage/drivers/drivers/mock: Adds mock driver
- lxd/storage: Adds mock driver loading
- lxd/storage: Additional error checking
- lxd/storage/zfs: Set volmode=none for VM datasets
- lxd/logging: Updates log rotate to only remove .log files
- lxd/db: Rename ContainerListExpanded to instanceListExpanded
- lxd/db: Make instanceListExpanded account for projects without "features.profiles" enabled
- Removed Erroneous Space
- i18n: Update translation templates
- scripts: Update Project Tab Complete Script
- lxd/storage/drivers/driver/zfs/volumes: Create block volumes with volmode=none
- lxd/storage/drivers/driver/zfs/volumes: Use MountTask with CreateVolume
- lxd/storage/drivers/zfs/volumes: Makes MountVolume and UnmountVolume more thorough in detecting mounts
- lxd/storage/drivers/driver/lvm/volumes: Always ensure mount path after mount in CreateVolume
- lxd/storage/drivers/driver/common: Adds moveGPTAltHeader
- lxd/storage/drivers/driver/lvm/volumes: Adds moveGPTAltHeader usage
- lxd/storage/drivers/driver/zfs/volumes: Adds moveGPTAltHeader usage
- lxd/storage/drivers/driver/dir/volumes: Adds moveGPTAltHeader usage
- lxd/storage/drivers/driver/btrfs/volumes: Adds moveGPTAltHeader usage
- lxd/storage/drivers/driver/ceph/volumes: Adds moveGPTAltHeader usage
- lxd/storage/drivers/utils: Separates block file rounding logic into own function
- lxd/storage/drivers/generic/vfs: Adds genericVFSResizeBlockFile
- lxd/storage/drivers/driver/btrfs/volumes: ensureVolumeBlockFile usage
- lxd/storage/drivers/driver/dir/volumes: Adds block resize support to SetVolumeQuota
- lxd/storage/drivers/driver/btrfs/volumes: Adds block resize support to SetVolumeQuota
- lxd/storage/drivers/driver/zfs/volumes: Call SetVolumeQuota from CreateVolumeFromCopy
- lxd/storage/drivers/driver/zfs/volumes: Apply block size changes in SetVolumeQuota
- lxd/storage/drivers/driver/btrfs/volumes: Calls SetVolumeQuota when creating/updating volumes
- lxd/storage/drivers: SetVolumeQuota falls back to defaultBlockSize
- lxd/patches: Updates patches to use new storage driver mount/unmount
- lxd/patches: Replaces s.StoragePoolCreate with new storage framework
- lxd/storage: Removes storagePoolInit
- scripts: Fix syntax errror
- lxd/main/init: Removes legacy storage drivers from availableStorageDrivers
- lxd/patches: Updates patchStorageApiPermissions to use new storage drivers
- lxd/storage: Removes storageCoreInit function
- lxd/storage: Removes legacy drivers from storagePoolDriversCacheUpdate
- lxd/db: Start-up check ignores pending nodes with out-of-date schema
- lxd/patches: Removes old storage layer from upgradeFromStorageTypeLvm
- lxd/container/lxc: Removes some calls to the old storage layer
- lxd/migrate/container: Removes calls to old storage layer
- lxd/migrate/storage/volumes: Removes calls to old storage layer
- lxd/patches: Switches upgradeFromStorageTypeLvm to use new storage layer
- lxd/storage/migration: Removes unused functions
- lxd/instance: Extract LoadInstanceDatabaseObject from fetchInstanceDatabaseObject
- lxd/project: Add initial CheckLimitsUponInstanceCreation
- lxd/project: Check that the project's "limits.memory" is honored when creating an instance
- lxd/project: Add CheckLimitsUponInstanceUpdate
- lxd/project: Add initial ValidateLimitsUponProjectUpdate
- lxd/project: Validate changes to the project's "limits.memory" value
- lxd/project: Add CheckLimitsUponProfileUpdate
- lxd/project: Check that the project's "limits.processes" config is honored
- lxd/project: Don't allow percentage values for limits.memory
- lxd/project: Skip limit checks if the project has no limits configured
- lxd/project: Check that the project's "limits.cpu" config is honored
- api: Use project.Config as etag field, without specifiying individual keys.
- api: Properly detect which project config keys were specified in a PATCH request
- api: Add helper logic to detect if a project config key has changed
- api: Add new "limits.*" project configuration keys
- api: Plug ValidateLimitsUponProjectUpdate into projectChange
- api: Plug CheckLimitsUponInstanceCreation into containersPost
- api: Plug CheckLimitsUponInstanceUpdate into containerPut and containerPatch
- api: Plug CheckLimitsUponProfileUpdate into profilePut and profilePatch
- test: Add project limits tests
- shared/version: Add "projects_limits" API extension
- doc: Add documentation about projects limits
- lxd/storage/drovers/driver/lvm/utils: Dont format block volumes with filesystem
- lxd/storage/zfs: Skip volmode on 0.6
- lxd/storage: Removes unused files
- lxd/container: Removes containerCreateEmptySnapshot
- lxd/container/lxc: Removes legacy storage functions
- lxd/main/init: Refactors availableStorageDrivers to not use old storage layer
- lxd/main/init/auto: Removes dep on supportedStoragePoolDrivers
- lxd/migrate: Removes old storage type reference
- lxd/migrate/storage/volumes: Removes reference to old storage type
- lxd/storage: Removes legacy storage interface and unused functions
- lxd/storage/drivers/load: Adds AllDriverNames
- lxd/storage/migration: Removes unused functions
- lxd/storage/pools/config: Removes ref to supportedStoragePoolDrivers
- lxd/storage/utils: Remove unused functions
- lxd/storage/volumes/utils: Removes unused function
- lxd/storage: Removes unused files
- lxd/main/test: Removes legacy mock storage references
- lxd/migrate: Removes unused struct
- lxd/storage: Removes unused functions
- lxc/containers: Fix cgns-less fallback
- lxd/storage/drivers/driver/ceph/volume: Don't format block volumes with a filesystem
- lxd/storage/drivers: Don't use named temporary dirs
- lxd/instance/drivers/driver/lxc: Removes temporary lxc placeholder
- lxd/container/lxc: Moves to instance/drivers package
- lxd/container/lxc/exec/cmd: Moves to instance/drivers package
- lxd/api/internal: instance.Container usage
- lxd/container: instance.CriuMigrationArgs, inst.Migrate() and instance.Container usage
- lxd/container/console: instance.Container usage
- lxd/container/exec: instance.Container usage
- lxd/container/lxc/utils: Removes idmapsetFromString
- lxd/container/test: instance.Container usage
- lxd/devices: inst.RegisterDevices usage
- lxd/devlxd: Removes devlxdEventSend
- lxd/devlxd: instance.Container usage
- lxd/instance/drivers/driver/lxc: Renames containerLXC to lxc
- lxd/instance/drivers/driver/lxc: Removes temporary loader placeholders
- lxd/instance/drivers/driver/lxc: Renames lxc to liblxc
- lxd/instance/drivers/driver/lxc: db.StoragePoolVolumeTypeContainer usage
- lxd/instance/drivers/driver/lxc: Adds devLxdSendEvent
- lxd/instance/drivers/driver/lxc: Updates use of instance.CriuMigrationArgs
- lxd/instance/drivers/driver/lxc: Adds RegisterDevices function
- lxd/instance/drivers/driver/lxc: Moves storage util functions and updates usage
- lxd/instance/drivers/driver/lxc: Adds SaveConfigFile function
- lxd/instance/drivers/driver/lxc/cmd: Renames ContainerLXCCmd to lxcCmd
- lxd/instance/drivers/driver/qemu: Adds RegisterDevices as a no-op
- lxd/instance/instance/interface: Adds RegisterDevices
- lxd/instance/drivers/load: LXC loader functions renamed
- lxd/migrate/container: instance.CriuMigrationArgs and instance.Container usage
- lxd/patches: Updates patchContainerConfigRegen to use LXC.SaveConfigFile()
- lxd/patches: BTRFS storage functions usage
- lxd/patches/utils: storageDrivers.BTRFSSubVolumesGet and removes unused functions
- lxd/storage: instance.Container usage
- lxd/storage: storageDrivers util functions usage
- lxd/storage/drivers/utils: Adds util functions moved from main pkg
- lxd/apparmor/apparmor: Removes dependency on c.DaemonState()
- lxd/container/snapshot: Removes dependency on sc.DaemonState()
- lxd/instance/drivers/driver/test/utils: Adds PrepareEqualTest function
- lxd/container/test: instanceDrivers.PrepareEqualTest usage to fix crash
- lxd/instance/drivers/driver/lxc: golint fixes
- lxd/instance/drivers/driver/lxc: Removes DaemonState function
- lxd/instance/drivers/driver/qemu: Removes DaemonState function
- lxd/instance/instance/interface: Removes DaemonState function
- lxd/instance/instance/interface: Adds SaveConfigFile
- lxd/migrate/container: Removes s.instance.DaemonState dependency
- lxd/profiles/utils: Removes use of containerLXC type
- lxd/seccomp/seccomp: Removes c.DaemonState dependency
- lxd/storage/drivers/utils: golint fixes
- lxd/instance/instance/interface: Adds Container interface
- lxd/instance/instance/interface: Adds CriuMigrationArgs type
- lxd/backup/backup: Comment clarifying existence of Instance interface
- lxd/seccomp/seccomp: Comment clarifying existence of Instance interface
- lxd/daemon: Moves shared mount state to use daemon.SharedMountsSetup var
- lxd/instance/drivers/driver/lxc: Updates to use daemon.SharedMountsSetup var
- lxd/instance/instance/interface: Adds Migrate function
- lxd/instance/drivers/qemu: Adds Migrate placeholder function
- lxd: Ensure gopkg.in/lxc/go-lxc.v2 is consistently imported as liblxc
- lxd/instanc/instance/errors: Adds ErrNotImplemented error
- lxd/instance/drivers/driver/qemu: instance.ErrNotImplemented usage
- lxd/instance/drivers/driver/qemu: Adds SaveConfigFile placeholder
- lxd/instance/instance/interface: Adds OnHook function to interface and adds hook constants
- lxd/instance/drivers/driver/lxc: Implements OnHook function
- lxd/instance/drivers/driver/qemu: Implements OnHook placeholder function
- lxd/api/internal: Updates hook usage to OnHook
- shared/idmap/idmapset/linux: Adds JSONUnmarshal function
- lxd/storage: idmap.JSONUnmarshal usage
- lxd/daemon: Import instance/drivers package so init() function runs
- lxd/vm: Generate the template files
- lxd-agent: Put templates in place
- doc: Typo and formatting improvements
- shared/idmap: Adds JSONMarshal function
- lxd/device/disk: Replaces call to StorageVolumeMount with functions on disk device
- lxd/storage: Removes storageVolumeMount and storagePoolVolumeAttachPrepare
- lxd/storage/utils: Adds VolumeUsedByInstancesGet
- lxd/storage/volumes/utils: storagePools.VolumeUsedByInstancesGet usage
- lxd/storage: Removes unused functions
- lxd/device: Removes usage of StorageRootFSApplyQuota, StorageVolumeMount and StorageVolumeUmount
- lxd: Removes old storagePoolVolumeType constants
- lxd: Removes storagePoolVolumeType constants
- lxd/container/lxc/utils: Removes unused file
- lxd/instance: Removes CGroupGet as is unused
- seccomp: handle hugetlbfs mount syscall interception
- lxd/device/disk: Validation error message quoting consistency
- Promote nodes if for whatever reason the n of voters drop below 3
- api: add container_syscall_intercept_hugetlbfs
- cgroup: add support for the hugetlb controller
- containers: add support for hugepage limits
- api: add limits_hugepages api extension
- doc: add limits.hugepages.* keys
- lxd/vm: Set gic-version on arm64
- lxd/device/disk: Adds support for adding directory source for VM 9p sharing
- lxd/device/disk: Adds support for disk 9p directory share
- lxd/instance/instance/type: Adds VMAgentMount type
- lxd/instance/drivers/driver/qemu: Removes unused architecture var
- lxd/instance/drivers/driver/qemu: Adds support for passing through unix socket FD to qemu
- lxd/instance/drivers/driver/qemu: Adds openUnixSocket function
- lxd/instance/drivers/driver/qemu: Adds addFileDescriptor function
- lxd/instance/drivers/driver/qemu: Adds addDriveDirConfig function
- lxd/instance/drivers/driver/qemu/templates: Adds 9p directory disk device template
- lxd-agent/main/agent: Adds support for mounting 9p shares
- lxd/instance/drivers/driver/qemu: Tweaks template whitespace removal to leave newline between sections
- lxd/project/project: Renames Prefix() to Instance()
- lxd: project.Instance() usage
- lxd/project/project/test: Updates for project.Instance rename
- lxd/instance/drivers: Add trans=virtio to 9p mount
- Missing bootstrap error check
- lxd-agent: Load vhost module
- lxd/storage/zfs: Fix default VM size
- lxd/vm: Tweak to mount field names
- lxd-agent: Create mount path if missing
- doc: Tweak markdown format for itemization
- lxd/storage/ceph: Implement GetVolumeUsage
- lxd/device/disk: Adds mountPoolVolume function
- lxd/device/disk: Error message quoting
- lxd/device/disk: Adds pool volume support for VMs
- lxd/device/disk: Switches createDevice to use d.mountPoolVolume for containers
- lxd/device/disk: Renames storagePoolVolumeAttachPrepare to storagePoolVolumeAttachShift
- lxd/device/disk: Ensures custom pool volumes are unmounted on VM device stop
- unix-hotplug: fix device removal and zero padding
- i18n: Update translations from weblate
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 3.21 リリースのお知らせ¶
13th of February 2020
はじめに ¶
LXD チームは、LXD 3.21 のリリースをお知らせすることにとてもワクワクしています!
このリリースは、これまでと同様の 2 週間の短い開発サイクルのリリースで、多数のストレージ、VM、ネットワークのバグフィックスとリファクタリングを含んでいます。
機能的には、ネットワークインターフェースを接続する新たな簡単な方法、新たなクラスタリングデータベースの設定、多数の仮想マシンの改良があります。
Enjoy!
ハイライト¶
LXD が管理するネットワークに対する新たな接続方法 ¶
LXD が直接管理しているブリッジインターフェースを使う場合(lxc network list 参照)、次のように直接そのブリッジにインスタンスを接続できるようになりました:
eth0:
type: nic
network: lxdbr0
name: eth0
もしくは lxc config device add c1 eth0 nic network=lxdbr0 name=eth0 のように実行します。
nictype: bridged や parent: lxdbr0 というプロパティは設定する必要がありません。代わりに network に LXD ネットワークを設定すれば、すべて完了です。
このモードでは、ブリッジの MTU は自動的にネットワークインターフェースから継承します。IPv4/IPv6 アドレスは、ネットワークに設定されたサブネットに対して検証されます。そして、MAAS IPv4, IPv6 サブネットは、個別のインターフェースでなくネットワークを通して設定されるようになりました。
Ceph ドライバーの新しいストレージドライバーインフラストラクチャーへの移植 ¶
Ceph ストレージドライバーが、新しいストレージインフラストラクチャーに移植される最新で最後のドライバーです。ユーザーに見えない変更がありますが、LXD で Ceph をお使いのユーザーは、まずは重要ではないシステムで 3.21 へのアップグレードを試し、ストレージに関連する問題をすみやかに報告することをおすすめします。
この最後のドライバーの移植で、LXD のコードベースからすべての古いストレージインフラストラクチャーを削除する作業を始められるようになりました。これにより、今後の保守が大幅に容易になります。
クラスタリング: アクティブとスタンバイのメンバーの数を設定できるようになりました ¶
クラスターに対する設定オプションをふたつ追加しました。
cluster.max_votersは、期待するアクティブデータベースクラスターのメンバー数を設定します(投票 (voting))cluster.max_standbyは、期待するスタンバイデータベースクラスターのメンバー数を設定します(非投票 (non-voting))
デフォルトの設定は 3 台の投票 (voting) メンバーと、2 台のスタンバイメンバーです。投票 (voting) メンバーがダウンした場合、スタンバイは速やかに投票 (voting) に昇格し、予備の待機メンバーがスタンバイに昇格するかもしれません。
投票 (voting) メンバーの数を増やすとデータベースのパフォーマンスが低下するでしょう。これは、変更に同意するメンバーの数が増えるからです。スタンバイメンバーの数を増やしてもデータベースのパフォーマンスに影響は与えませんが、データベースバイナリストリームを取得する必要のあるメンバーが増えるので、ネットワーク負荷が増加するでしょう。
ほとんど間髪を入れずに 2, 3 のメンバーを失う可能性があるクラスターでのみ、これらのデフォルト値を増やすことを検討すべきです。
VM: CPU ピンニングとトポロジー ¶
limits.cpu で、コンテナでサポートされているように、特定の CPU ID を設定できるようになりました。例: limits.cpu: 0,2、limits.cpu: 0-3。
リストで指定された物理 CPU(やスレッド)への VM の仮想 CPU のピンニングに加えて、LXD は VM の CPU トポロジーを一致させようとします。
先の例の limits.cpu: 0,2 は、デュアルコアのハイパースレッドサポートの Intel システムでは、最初のコアとそのハイパースレッドを指します。その結果、仮想マシンではシングルソケット、シングルコア、ハイパースレッド CPU で構成され、物理ハードウェアと一致するように両方のスレッドが固定されます。
同じロジックが、ハイパースレッディングサポートの有無に関わらず、マルチソケット、マルチコアのシステムをサポートします。limits.cpu で指定された CPU が実際のハードウェア構成(各ソケットの同じ数のコア、すべてのコア上の同じ数のスレッド、…)と一致する限り、LXD は VM 設定を一致させ、ピンニングも一致するように設定することを保証します。
要求された設定が正しくない場合(ハードウェアと一致しない場合)、LXD はフォールバックし、シングルソケットのハイパースレッディングなしのマルチコア VM を提供し、設定した CPU ID それぞれをコアとして扱います。これは明らかに理想的な状況ではありませんので、このような状況になれば、警告が LXD ログに記録されます。
VM: ネットワークとストレージの最適化 ¶
ネットワークパフォーマンスを改良するため、LXD はネットワークデバイスに vhost_net を使います。
ストレージフロントでは、virtio-scsi ドライブで discard が有効になり、ブロックを破棄したり、ベースのファイルストレージを縮小したり、バックのドライブがブロックをより適切に管理できるようになったりしました。
VM: IPv6 アドレスのエージェントレスのレポーティング ¶
これまでは、仮想マシンの IP アドレスは LXD の DHCP サーバからのみ取得していました。 これは IPv4 では確実に動作しますが、ほとんどの IPv6 デプロイで使う SLAAC では、DHCPv6 リースが付属していないので、LXD では取得されません。
これを回避する方法のひとつは、VM 内で実行する LXD エージェントに頼ることでした。このエージェントは仮想マシン向けにネットワーク情報を取得するのに使います。
しかし、それが不可能な場合でも、LXD は一致する IPv6 アドレスの近傍レコードも参照するようになりました。
stgraber@castiana:~$ lxc list win10 +-------+---------+----------------------+----------------------------------------------+-----------------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +-------+---------+----------------------+----------------------------------------------+-----------------+-----------+ | win10 | RUNNING | 10.166.11.118 (eth0) | 2001:470:b368:4242:9dff:908:98a9:c0c3 (eth0) | VIRTUAL-MACHINE | 0 | +-------+---------+----------------------+----------------------------------------------+-----------------+-----------+
完全な ChangeLog(翻訳なし) ¶
Here is a complete list of all changes in this release:
- lxd/migrate/container: Fixes migrate refresh final sync snapshot bug
- lxd/migration/migration/volumes: Comment on Data property of VolumeSourceArgs
- lxd/storage/drivers/driver/zfs/volumes: Explain use of volSrcArgs.Data for migration
- lxd/instance/drivers/load: Pass copy of device config to device.Validate
- lxd/device/nic/bridged: Updates use of network pkg functions
- lxd/device/nic/bridged: Uses network.LoadByName to access n.HasDHCPvX() helpers
- lxd/device: networkRandomDevName usage
- lxd/network/network/load: Adds LoadByName function
- lxd/network: Adds network type in network pkg
- lxd/network/network/utils: Moves network utils from main pkg
- lxd/instance/instance/utils: Removes NetworkUpdateStatic function link
- lxd/instance/instance/utils: Adds more instance load functions
- lxd/container: Removes instance load functions moved to instance pkg
- container/lxc: network.UpdateDNSMasqStatic usage
- lxd: instance.LoadNodeAll usage
- lxd: instance.LoadByProject usage
- lxd: instance.LoadByProjectAndName usage
- lxd/device/device/utils/network: Updates network package usage
- lxd/device/device/utils/network: Unexports some non-shared functions
- lxd/network/utils: Removes network utils functions used by network type
- lxd/networks/config: Removes networkFillAuto function
- lxd/networks: Removes network type and networkLoadByName function
- lxd/device: networkCreateVlanDeviceIfNeeded and networkRandomDevName usage
- lxd: network package usage
- test: static analysis of network pkg
- lxd/instance/drivers/driver/qemu: network.GetLeaseAddresses usage
- lxd/instance/instance/utils: Removes linked function NetworkGetLeaseAddresses var
- lxd/network/network/utils: Adds GetMACSlice and GetLeaseAddresses functions
- lxd/networks: Removes networkGetLeaseAddresses functions
- lxd/networks/utils: Removes networkGetMacSlice function
- lxd/instances: Fix URLs to use /1.0/instances
- seccomp: make device number checking more robust
- Define MS_LAZYTIME for compatibility with old glibc
- lxd/vm: Use vhost_net
- lxd/vm: Enable block discard
- shared/archive: Fix out of space logic
- lxd/vm: Set Documentation in systemd units
- lxd/vm: Silence writeback warning for config drive
- lxd/device/nic/bridged: Load br_netfilter kernel module when using IPv6 filtering
- lxd/networks/configs: Adds maas.subnet.ipv{4,6} to allowed network keys
- lxd: Device name quoting in device errors
- lxd/device/nic: Adds network as valid nic property
- lxd/networks: Uses HasDHCPv6 function and updates comment
- lxd/network: Adds DHCP range parsing functions
- lxd/device/nic/bridged: Updates to use network type DHCP ranges functions and types
- lxd/device/nic/bridged: Adds support for network property
- doc: Adds API extension for instance_nic_network
- shared/version/api: Adds API extension for instance_nic_network
- test/suites/container/devices/nic/bridged: Adds network property tests
- doc: Adds network property to instance NIC bridged device
- lxd/storage/zfs: Fix argument ordering
- unix hotplug: skip devices without associated devpath or major/minor
- lxd: Switches to simpler conn.WriteMessage function
- lxd/storage/drivers: Add MountedRoot to Info
- lxd/storage: Honor MountedRoot in pool actions
- lxd/networks: Consider IPv6 neighborhood entries
- lxd: Uses gorilla WriteJSON where possible
- lxd/storage/drivers: Set MountedRoot option
- lxd/main_checkfeature: add explicit _exit() even if it's not needed
- lxd/main_checkfeature: s/exit()/_exit()/g
- cgo: export wait_for_pid() helper
- lxd/main_checkfeature: close listener
- lxd/main_checkfeature: don't depend on kcmp header
- lxd/device: Async CEPH unmap
- lxd/storage/drivers/driver/lvm: Uses d.thinpoolName() rather than d.config["lvm.thinpool_name"]
- lxd/patches: setupStorageDriver usage
- lxd/storage: Renames SetupStorageDriver to setupStorageDriver for consistency
- lxd/storage/drivers/driver/zfs: Adds zfs kernel module load fail detection
- lxd/daemon: setupStorageDriver usage
- lxd/daemon: Comment consistency
- lxd/storage/drivers/driver/lvm: Makes lvm.vg_name required for mounting
- lxd/db/cluster/update: Adds updateFromV23 for ensuring lvm.vg_name key is set
- lxd/db/cluster/update: Superfluous trailing whitespace
- lxd/db/cluster/schema: v24 update
- lxd/device/config/devices: Adds NICType function on Device type
- lxd: Device.NICType usage
- lxd/device/nic/bridged: Bans use of nictype when using network property
- test: Updates nic bridged tests for NICType logic
- lxd/network/network/utils: Fix network in use detection
- lxd-agent/exec: Logs signal forwarding as info rather than error
- lxd/container/exec: Only log finished mirror websocket when go routine exits
- lxd/instance/drivers/driver/qemu: Fix go routine leak and hanging lxc clients
- shared: Upper case first character of some debug messages
- lxd/device/nic/bridged: Switches to dnsmasq.DHCPAllocatedIPs()
- lxd/device/nic/bridged: Switches to dnsmasq.DHCPStaticIPs()
- test/suites/container/devices/nic/bridged: Adds test to detect leaked filters
- lxd/device/nic/bridged: Fixes bug that leaks ebtables filters
- lxd/project: Adds InstanceParts() function for separating project prefixed Instance name
- lxd/storage/load: Updates volIDFuncMake to use project.InstanceParts()
- lxd/util: Fix IP/host tests on other distros
- lxd/storage/drivers: Add Ceph driver
- lxd: Use new storage code for Ceph clustering
- Unlock when isLeader failure
- lxd/storage/ceph: Function ordering and comments
- lxd/storage/ceph: Properly handle os.Remove
- lxd/storage/ceph: Comment consistency
- lxd/storage/ceph: Set DirectIO
- lxd/storage/ceph: Unwrap if statement
- lxd/storage/ceph: Unwrap function signatures
- lxd/storage/ceph: Rework MountVolume
- lxd/patches: Re-run VM path creation
- tests: Add ceph to list of new drivers
- lxd/firewall: Moves iptables/xtables implementation into firewall/drivers package
- Consider the default port when checking address overlap
- lxd/firewall: Updates interface and loader for new pkg
- lxd: firewall/drivers pkg usage
- lxd/device/config/device/proxyaddress: Moves ProxyAddress type
- lxd/main/forkproxy: Updates use of ProxyAddress type
- lxd/device/proxy: Switches to use firewall.InstanceSetupProxyNAT()
- lxd/firewall/firewall/interface: Reworks firewall interface
- Re-disable clustering upgrade test
- lxd: Fix error message when deleting storage pools
- lxd/firewall/drivers/drivers/xtables: Implements xtables driver
- lxd/network/network/utils: Adds UsesIPv4Firewall and UsesIPv6Firewall functions
- lxd/device/nic/bridged: Switches to firewall.InstanceSetupBridgeFilter and InstanceClearBridgeFilter
- lxd/network/network: firewall.NetworkSetupForwardingPolicy usage
- lxd/network: firewall.NetworkSetupOutboundNAT usage
- lxd/network: Updates firewall DHCP/DNS function usage
- lxd/firewall/drivers/consts: Removes unused constants
- lxd/network: Updates to use firewall helper functions
- lxd/dnsmasq: Makes DHCPStaticIPs project aware
- lxd/device/nic/bridged: dnsmasq.DHCPStaticIPs project usage
- lxd/network/network/utils: dnsmasq.DHCPStaticIPs project usage
- test: Removes old iptables package from static analysis
- test: Fixes iptables rule leak in clustering test
- shared: Add HostPathFollow
- lxc/file: Follow symlinks on individual file transfers
- lxd/container: Protect file push/pull from shift
- Add cluster.n_voters and cluster.n_standby configuration keys
- Load configuration keys when checking for n of voters/stand-by
- doc/clustering.md: describe usage of clustering size config keys
- Drive-by: fix check for degraded cluster
- doc/server.md: add cluster.max_voters/max_standby
- api: Add clustering_sizing extension
- Revert "lxd/instance/drivers/driver/qemu: Fix go routine leak and hanging lxc clients"
- lxd/instance: Move ParseCpuset
- lxd/vm/qmp: Allow retrieving vCPU pids
- lxd/vm: Implement CPU pinning
- shared: get_poll_revents(): handle EAGAIN in addition to EINTR
- lxc: send SIGTERM when there's no controlling terminal
- shared: Add Uint64InSlice
- lxd/vm: Template sockets/cores/threads config
- lxd/vm: Attempt to line up CPU topology
- lxd init: Don't allow empty strings for the cluster host name
- node/config.go: Don't allow wild card addresses for cluster.https_address
- idmap:acl: don't add but update the acls
- shared/util: Tweak HostPathFollow to use readlink
- lxc/file: Expand complex symlink chains
- i18n: Update translations from weblate
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 3.20 リリースのお知らせ¶
30th of January 2020
はじめに ¶
LXD チームは、LXD 3.20 のリリースをお知らせすることにとてもワクワクしています!
私たちは、LXD 3.19 のリリースのあとに行われた多数の機能強化とバグ修正をすばやくまとめるために、通常の 1 ヶ月ごとのリリースから 2 週間のリリースに短縮しました。LXD 4.0 のリリースまでこのペースを保つつもりで、その後通常の 1 ヶ月ごとのリリースに戻る予定です。
このリリースは、オースティンのテキサス大学の学生のコントリビュートによる、3 つの機能追加・改良を含みます。
- API コレクションのサーバ側でのサポート
- 新しい unix-hotplug デバイスタイプ
- バックグラウンドプロセス管理の見直し
これらのインテグレーションに加えて、私たちが考える VM ストーリーの現在存在するギャップを埋めることにもフォーカスを当てており、3.19 リリース以来の多数のバグを修正し、ネットワークインターフェースの処理を完了し、ppc64le サポートを追加し、ブートデバイスの順序設定をサポートしました。
Enjoy!
ハイライト ¶
API コレクションのサーバー側でのサポート ¶
ユーザーが扱うインスタンスやイメージがますます大きくなるにつれ、それらのすべてのレコードをクライアント側でフィルタリングすることは非常にコストが高くなる可能性があります。このリリースでは、サーバー側でのフィルタリングのインフラストラクチャと初期実装を追加しました。
これは次のようになります:
stgraber@castiana:~/data/code/lxc/lxd (lxc/master)$ lxc query '/1.0/instances?filter=config.image.os%20eq%20ubuntu'
[
"/1.0/instances/snapcraft",
"/1.0/instances/ups-monitor",
"/1.0/instances/v1",
"/1.0/instances/maas01",
"/1.0/instances/steam",
"/1.0/instances/lxd-build"
]
これは、URL エンコーディングを使って、フィルターとして config.image.os eq ubuntu を使っています。フィルタリングオプションの詳しくはこちら をご参照ください。
新しい unix-hotplug デバイスタイプ ¶
このデバイスタイプは usb と unix-char と unix-block のちょうど中間のようなものです。
特定の vendorid/productid を指定でき、その結果として unix-char/unix-block デバイスを自動的にコンテナに渡すことができます。
USB デバイスの例です:
stgraber@castiana:~$ lxc config device add c1 kingston unix-hotplug vendorid=0951 productid=1666 Device kingston added to c1 stgraber@castiana:~$ lxc exec c1 bash root@c1:~# ls -lh /dev/ total 0 crw--w---- 1 root tty 136, 0 Jan 30 23:00 console lrwxrwxrwx 1 root root 11 Jan 30 22:59 core -> /proc/kcore lrwxrwxrwx 1 root root 13 Jan 30 22:59 fd -> /proc/self/fd crw-rw-rw- 1 nobody nogroup 1, 7 Jan 13 03:59 full crw-rw-rw- 1 nobody nogroup 10, 229 Jan 30 22:59 fuse lrwxrwxrwx 1 root root 25 Jan 30 22:59 initctl -> /run/systemd/initctl/fifo lrwxrwxrwx 1 root root 28 Jan 30 22:59 log -> /run/systemd/journal/dev-log drwxr-xr-x 2 nobody nogroup 60 Jan 30 22:46 lxd drwxrwxrwt 2 nobody nogroup 40 Jan 13 03:59 mqueue drwxr-xr-x 2 root root 60 Jan 30 22:59 net crw-rw-rw- 1 nobody nogroup 1, 3 Jan 13 03:59 null crw-rw-rw- 1 root root 5, 2 Jan 30 22:59 ptmx drwxr-xr-x 2 root root 0 Jan 30 22:59 pts crw-rw-rw- 1 nobody nogroup 1, 8 Jan 13 03:59 random drwxrwxrwt 2 root root 40 Jan 30 22:59 shm lrwxrwxrwx 1 root root 15 Jan 30 22:59 stderr -> /proc/self/fd/2 lrwxrwxrwx 1 root root 15 Jan 30 22:59 stdin -> /proc/self/fd/0 lrwxrwxrwx 1 root root 15 Jan 30 22:59 stdout -> /proc/self/fd/1 crw-rw-rw- 1 nobody nogroup 5, 0 Jan 30 21:23 tty crw-rw-rw- 1 nobody nogroup 1, 9 Jan 13 03:59 urandom crw-rw-rw- 1 nobody nogroup 1, 5 Jan 13 03:59 zero root@c1:~# ls -lh /dev/ total 1.0K drwxr-xr-x 3 root root 60 Jan 30 23:01 bus crw--w---- 1 root tty 136, 0 Jan 30 23:00 console lrwxrwxrwx 1 root root 11 Jan 30 22:59 core -> /proc/kcore lrwxrwxrwx 1 root root 13 Jan 30 22:59 fd -> /proc/self/fd crw-rw-rw- 1 nobody nogroup 1, 7 Jan 13 03:59 full crw-rw-rw- 1 nobody nogroup 10, 229 Jan 30 22:59 fuse lrwxrwxrwx 1 root root 25 Jan 30 22:59 initctl -> /run/systemd/initctl/fifo lrwxrwxrwx 1 root root 28 Jan 30 22:59 log -> /run/systemd/journal/dev-log drwxr-xr-x 2 nobody nogroup 60 Jan 30 22:46 lxd drwxrwxrwt 2 nobody nogroup 40 Jan 13 03:59 mqueue drwxr-xr-x 2 root root 60 Jan 30 22:59 net crw-rw-rw- 1 nobody nogroup 1, 3 Jan 13 03:59 null crw-rw-rw- 1 root root 5, 2 Jan 30 22:59 ptmx drwxr-xr-x 2 root root 0 Jan 30 22:59 pts crw-rw-rw- 1 nobody nogroup 1, 8 Jan 13 03:59 random brw-rw---- 1 root root 8, 0 Jan 30 23:01 sda brw-rw---- 1 root root 8, 1 Jan 30 23:01 sda1 drwxrwxrwt 2 root root 40 Jan 30 22:59 shm lrwxrwxrwx 1 root root 15 Jan 30 22:59 stderr -> /proc/self/fd/2 lrwxrwxrwx 1 root root 15 Jan 30 22:59 stdin -> /proc/self/fd/0 lrwxrwxrwx 1 root root 15 Jan 30 22:59 stdout -> /proc/self/fd/1 crw-rw-rw- 1 nobody nogroup 5, 0 Jan 30 21:23 tty crw-rw-rw- 1 nobody nogroup 1, 9 Jan 13 03:59 urandom crw-rw-rw- 1 nobody nogroup 1, 5 Jan 13 03:59 zero root@c1:~# exit
上記で、USB キーを挿すと sda と sda1 が現れています。
Yubikey では:
stgraber@castiana:~$ lxc config device add c1 yubikey unix-hotplug vendorid=1050 Device yubikey added to c1 stgraber@castiana:~$ lxc exec c1 bash root@c1:~# ykman info Device type: YubiKey 5C Serial number: 11576019 Firmware version: 5.2.4 Form factor: Keychain (USB-C) Enabled USB interfaces: FIDO+CCID Applications OTP Disabled FIDO U2F Enabled OpenPGP Enabled PIV Enabled OATH Disabled FIDO2 Enabled root@c1:~#
スタンバイクラスターメンバーのサポート ¶
dqlite ベースのクラスターデータベースロジックが拡張され、新たに dqlite でサポートされた standby ロールと idle ロールが使えるようになりました。
この変更で、すべてのクラスターメンバーは dqlite に統合され、それぞれが次の 3 つのロールをひとつを持つようになりました:
- voting メンバー
- standby メンバー
- idle メンバー
設定は 3 つの voting メンバー、5 つの standby メンバーと、残りのメンバーが idle となります。voting メンバーが失われると、短いタイムアウトの後、voting メンバーでないメンバーが自動的に voting に昇格します。idle メンバーは voting と standby メンバーの必要数を維持するために、voting メンバー以外に昇格します。
その結果、はるかに回復力のある LXD クラスターになり、メンテナンスや電源障害のためにオフラインになるクラスターメンバーを適切に処理します。
VM: NIC サポートの拡張 ¶
このリリースで、仮想マシンの nic デバイスがサポートされました:
- macvlan (
macvtapを使用) - sriov
- physical
- p2p
SR-IOV と物理 NIC のパススルーは、仮想マシンへの PCI パススルーを使っています。これには適切な IOMMU セットアップと適切な PCI セットアップが必要です。
VM: ブートの優先度 ¶
仮想マシンで使う disk と nic タイプのデバイスすべてに boot.priority オプションが新たに存在するようになりました。優先度が高いほど、VM がそのデバイスからブートする可能性が高くなります。
root ディスクからブートするデフォルトの動作でなく、常にネットワークから VM をブートしたい場合に特に役に立ちます。
VM: ppc64le ホストのサポート ¶
ppc64le ホストの初期サポートを追加しました。これは、PCIe でなく通常の PCI バスが使われ、ファームウェアが UEFI でなく SLOF であるという点を除いて、x86_64 と aarch64 とほぼ同じように動作します。
完全な Changelog (翻訳なし)¶
Here is a complete list of all changes in this release:
- Fix typo
- Add role column to raft_nodes table
- Make db.RaftNode an alias for dqlite.NodeInfo, which has a Role field
- lxd/cluster: rename raft.go to info.go
- Drop legacy newRaft() function, leftover from the hashicorp/raft time
- Replace raftAddressProvider intefrace with a simple raftAddress() method
- Gateway.currentRaftNodes(): return only voting nodes
- Use the ID from the cluster nodes table as raft ID
- Make RaftNodesReplace() skip non-voters
- Include role when exchanging nodes in join/rebalance internal APIs
- Always join the dqlite cluster, possibly as non-voter
- Attempt to probe to a member which is considered offline
- Connect to the target node before spanwing the image replication goroutine
- Only contact voter nodes when searching for the cluster leader
- Configure the dqlite client store to only connect to voter nodes
- Load the role column of raft_nodes in db.RaftNodes()
- Store the role of a node in RaftNodesReplace
- Only start the dqlite engine for voter nodes
- Include role information in heartbeat messages
- Return also non-voter nodes in currentRaftNodes
- Fix ineffective heartbeat upon join
- Drop unused target variable in Join/Promote/Leave cluster functions
- Start the dqlite engine also on non-voter nodes
- Add cluster.Handover which finds a node eligible to become voter
- Extract logic to POST a promote request into a new changeMemberRole() function
- Attempt to transfer leadership to another member when shutting down
- Add /internal/cluster/handover endpoint to transfer voter role
- Add handoverMemberRole() helper to transfer the responsibilities of a member
- Update gateway's identify info upon role change
- Rename cluster.Promote to cluster.Assign
- Rename /internal/cluster/promote to /internal/cluster/assign
- Remove database role when demoting
- When a voter is shutdown, handover the role to another member
- Assign up to 2 StandBy roles beyond the initial 3 voters
- Return only voter nodes in cluster.ListDatabaseNodes()
- When leaving, use currentRaftNodes() instead of querying the raft_nodes table
- Redirect member delete requests to the leader
- Serialize membership-related requests on the leader
- Drop clusterRebalance helper, since it is used only once
- Drop ineffective post-join heartbeat
- Add rebalanceMemberRoles() helper and use it in the delete member API handler
- Drop unused tryClusterRebalance()
- Test shutting down two members concurrently
- Close dqlite clients after use
- Automatically demote offline nodes when running cluster.Rebalance
- Automatically promote spare nodes if a voter goes offline
- Assign roles to members not part of the raft configuration
- Export MaxVoters and MaxStandBys
- Trigger rebalance also if there are not enough voters or standbys
- Downgrade rebalance error to warning, it should not block node removal
- lxd/container: Improves error messages in instanceValidDevices
- lxd/container: instance.ValidDevices usage
- lxd/container/lxc: instance.ValidDevices usage
- lxd/device/config/devices: Improves error messages
- lxd/device/disk: Adds support for VM disk devices
- lxd/instance/instance/interface: Comment ending consistency
- lxd/instance/qemu/vm/qemu: Fixes driver index loop bug
- lxd/instance/instance/utils: Introduces constant to indicate profile validation in instance name
- lxd/profiles: Switches to use instance.ProfileValidationName during profile validation
- lxd/device/disk: Updates Stop device to understand VM disks
- Make cluster.Rebalance fail immediately if not leader
- Export cluster.ErrNotLeader
- Silence warning about failing to rebalance when not leader
- lxd/storage/drivers/driver/common: Removes generic vfs functions as not common to all driver types
- Re-enable clustering upgrade test
- lxd/storage/drivers/generic/vfs: Moves generic VFS drivers into standalone file
- lxd/storage/drivers: Updates usage of generic VFS functions
- Add upgrade test for an 8-member cluster
- Make upgrade notifications more robust
- Wait for leadership to settle before running lxc cluster list
- lxd/instance: Moves vm qemu pkg into instance/drivers pkg
- lxd/instance/drivers/container/lxc: Adds placeholder for future lxc implementation
- lxd/instance/drivers/load: Adds instance load functions
- lxd/container: Removes unused functions
- lxd/db/containers: Renames ContainerToArgs to InstanceToArgs
- lxd/container: db.InstanceToArgs usage
- lxd/profiles/utils: db.InstanceToArgs usage
- lxd/profiles/utils: Updates use of containerLXCInstantiate
- lxd/container/lxc: Push containerLXC load functions into instance/drivers package
- lxd/container/lxc: containerLXCInstantiate usage
- lxd/container/lxc: Makes containerLXCInstantiate compatiable with generic instance load functions
- lxd/containers: instance.Load usage
- lxd/containers/post: instance.Load usage
- lxd/instance/drivers/vm/qemu: Unexport and rename load functions
- lxd/instance/instance/utils: Load function comments
- lxd/instance/instance/utils: Adds Create instance function placeholder
- lxd/instance/instance/utils: db.InstanceToArgs usage
- lxd/instance/drivers/vm/qemu: Unexports qemu implementation
- lxd/exec: Pass full req through
- lxd/exec: Forward control messages
- lxd/containers: Fix error handling on stop
- lxd/vm: Fix stop race condition
- lxd/vm: Add locking for stop and shutdown
- lxd/vm: Don't crash on vm-initiated reboots
- lxd/storage: Remove legacy volume.size check
- lxc/init: Consider image type for instance type
- i18n: Update translation templates
- tests: Update volume.size tests
- lxd/vm: Store qemu log
- [Makefiles] Whitelist ldflags in libcap pkgconfig
- lxd/vm: Fix incorrect bootindex
- lxd/vm: Implement snapshot restore
- lxd/instance: Move LoadAllInternal
- lxd/vm: Implement Snapshots
- lxd/storage/drivers/utils: Updates ensureVolumeBlockFile to use minimum block boundary size of 8192 bytes
- lxd/storage/drivers/driver/lvm/utils: Avoid repetition of 512 bytes in roundedSizeBytesString
- doc: Corrects lvm striping options
- lxd/instance: Renames driver files for consistency
- lxd/instance: Comment clarification
- lxd-agent: Fixes bug when agent not seen as started if LXD restarted
- lxd/device/device/utils/network: Adds host MTU support for VM tap devices
- lxd/device/nic/bridged: Makes VM host side TAP interface name prefixed with "tap"
- lxd/instance/drivers/qemu: Switch to template pkg to generate qemu conf
- doc/api-extensions: Fix syntax
- api: vm_boot_priority
- lxd/vm: Add boot.priority
- lxd/container/logs: Makes log file retrieval project aware
- lxd/container/lxc: Adds devName skipping for startCommon
- lxd/device/config/device/runconfig: Adds DevName to MountEntryItem
- lxd/device/disk: Adds DevName to MountEntryItem
- lxd/device: Adds devName property to network interface run config
- lxd/instance/drivers/driver/qemu: Adds support for Disk and NIC device boot.priority setting
- Use a light TCP/TLS connection attempt instead of a client request
- lxd/container/exec: Removes duplication of env map now its being stored back into post data
- Revert "lxd/exec: Forward control messages"
- lxd/instance/drivers/driver/qemu/cmd: Makes qemu cmd struct qemu specific
- lxd/instance/drivers/driver/qemu: Simplifies Exec with revert
- lxd/container/exec: Cleaned up logging
- lxd/container/exec: Switches to use instance command for resizing window
- lxd/container/lxc/exec/cmd: Adds WindowResize
- lxd/instance/instance/exec/cmd: Adds WindowResize function to signature
- lxd/instance/drivers/driver/qemu: Reworks command control
- lxd/instance/drivers/driver/qemu/cmd: Adds WindowResize support
- lxd/instance/drivers/driver/qemu: Sets PID to 0 for VM commands
- lxd/instance/drivers/driver/qemu: comment on forwardControlCommand
- lxd/device/nic/p2p: Adds VM support
- Fix translation of hard-coded address of first node
- Close http transports since they might keep connections around
- lxd/daemon: Ignore SIGHUP
- lxd/instance/drivers/driver/qemu: Switch to unsafe async I/O mode on ZFS pools backed by loop files
- lxd/storage: Improves pool init failure messages
- lxd/storage/drivers: Indicates DirectIO support for most storage drivers
- lxd/storage/drivers/driver/types: Adds DirectIO indicator to driver info struct
- shared/version/version: Quotes malformed version string in error message
- lxd/storage/drivers/driver/zfs: Adds DirectIO detection based on version
- lxd/instance/drivers/driver/qemu: Unmounts volume on start failure if needed
- lxd/device: Relaxes requirement for name property when not using containers
- lxd/device/nic/macvlan: Clean up valid fields
- lxd/device/nic/macvlan: Adds VM support and improves revert
- lxd/instance/drivers/driver/qemu: Adds macvtap support
- lxd/instance/drivers/driver/qemu/templates: Moves templates to separate file
- lxd/instance/drivers/driver/qemu: Updates template usage
- lxd/storage/drivers/driver/dir: Adds HostPath support
- storage: Fix xfs_growfs command for older versions
- shared/simplestreams: Fix architecture filtering
- lxd/patches: Reset ZFS mountpoint/canmount
- shared/simplestreams: Fix inconsistent sorting
- lxd/instances: Don't rquire type on copy
- lxc/config: Tweak argument processing
- lxd/vm: Prevent attaching directory as disk
- lxd/storage/zfs: Ignore bookmarks
- lxd/storage/btrfs: Skip missing quota
- doc/instance: Clarifies disk path not available for VMs
- lxd/instance/drivers/qmp/monitor: Prevent crashes with races closing closed channel
- lxd/instance/drivers/driver/qemu: Improve clean up on start failure
- Fix request redirect when removing a cluster member
- lxd/storage/backend/lxd: Only detect volume.block.filesystem changes on block backed pool FS volumes
- lxd/migration/migration/volumes: Adds support for pre-bidirectional negotiation targets
- lxd/container/lxc: Removes VM specific NIC config ignoring
- lxd/device: Only return devName NIC config item for VMs
- lxd/device/nic/physical: Improves revert and deletion of created VLAN devices
- lxd/instance/drivers/driver/qemu/templates: Clarifies qemuNetdevPhysical variables
- lxd/device/nic/macvlan: Differentiates config parent from actual parent
- lxd/device/device/utils/network: Adds networkGetDevicePCIDevice function
- lxd/device/nic/sriov: Updates networkGetVFDevicePCISlot to use networkGetDevicePCIDevice
- lxd/instance/drivers/driver/qemu: Adds physical NIC passthrough support
- shared/instance: Updates config key checker to allow ".driver" keys
- doc/instance: Documents which device types can be used with which instance types
- lxd/device/device/utils/network: Adds generic PCI device bind/unbind functions
- lxd/device/device/utils/network: Adds networkVFIOPCIRegister
- lxd/device/nic/sriov: Switches PCI device bind/unbind to generic functions
- lxd/device/nic/physical: Adds VM PCI passthrough support
- lxd/device: Unexports NetworkRemoveInterfaceIfNeeded
- lxd/instance: Add NetworkUpdateStatic
- Add maasRename to VM
- lxd/storage/generic: Don't fail rename on missing path
- lxd/storage/zfs: Fix block mounts
- lxd/storage/zfs: Fix renames
- lxd/vm: Implement Rename
- lxd/device/nic/sriov: Adds VM support
- lxd/instance/drivers/driver/qemu: Mount VM config vol before generating NVRAM file
- lxd/device: Add unix_hotplug device type
- lxd/device: Add support for listening to unix char and block udev events
- lxd/storage: Pass config when deleting images
- lxd/devices: Remove dead xtables code
- lxd/iptables: Fix matching of IPv6 link-local
- lxd: Updates usage of migration.MatchTypes
- lxd/migration/migration/volumes: Updates MatchTypes to return all supported migration types
- lxd/migration/migration/volumes: Break after first rsync transport features extracted
- shared/subprocess: Cleanup test script
- shared/subprocess: Fix Wait, tty and ignore stdin
- shared/subprocess: Better handle not running
- lxd/networks: Avoid dnsmasq reload on start
- lxd: Switch to using the new subprocess module
- lxd/patches: Convert PID files
- shared/subprocess: Cleanup tests
- shared/subprocess: Use channel for Wait
- lxd/apparmor: Allow ro,remount,noatime,bind
- lxd/storage/drivers: Pass mountPath to xfs_growfs
- lxd/container: Removes containerValidName function
- lxd/container: Switches to instance.ValidName
- lxd/instance/instance/utils: Adds ValidName function
- shared/util: Modifies ValidHostname to return specific error
- shared/instance: InstanceGetParentAndSnapshotName comments
- lxd/storgage/locking/lock: Fixes concurrent access race to map
- global: Replace Fatalf by Errorf in tests
- shared/generate: Fix regression caused by Fatalf fix
- devices: retrieve vendor and product for hidraw devices
- lxd/db: Fix for new testify
- lxd/main: Adds cmdGlobal.rawArgs function
- lxd: Adds forklimits command
- lxd/instance/drivers/driver/qemu: Switches to launching qemu via forklimits
- devices: substract libudev header
- lxd/db: adds unix-hotplug device type to database
- lxd/instance/drivers/driver/qemu: Adds qemu binary path lookup
- lxd/main/forklimits: Switches forklimits to use syscall.Exec
- shared/cert: Replace default IPs with localhost
- shared/subprocess: Improve error in test
- spelling: yaml should be YAML
- spelling: Busybox should be BusyBox
- i18n: Update translation templates
- doc/storage: Update for snap package
- api: Add extension for new device type unix hotplug
- doc/instances: added new device type unix hotplug
- doc: Add libudev-dev dependency
- lxd/vm: Record architecture name
- lxd/vm: Cleanup qemu config
- lxd/vm: Add ppc64el support
- lxd/device/device/common: Splits device common into own file
- lxd/device/device: Removes original device.go file
- lxd/device/device/interface: Splits device interfaces into own file
- lxd/device/device/load: Separates device load functions into own file
- lxd/instance/drivers/driver/common: Adds common driver type
- lxd/instance/instance/interface: Adds ConfigRead interface
- lxd/instance/drivers/load: Updates validDevices() to use device.Validate function
- lxd/instance/instance/utils: Removes instanceName from validateDevices function
- lxd/instance/drivers/driver/qemu: Embeds common type and removes dupe functionality
- lxd: instance.ValidDevices usage
- lxd/device/device/utils/instance: Adds instanceSupported function
- lxd/device: Updates device validateConfig to support instance.ConfigReader argument
- api: Add api_filtering extension
- lxd/filter: Add API filtering package
- lxd/instance: Add instance list filtering functions
- lxd: Make use of filtering for instances and images
- doc/rest-api: Document filtering
- tests: Add tests for API filtering
- lxd/filter: Workaround gofmt bug
- lxd/device/disk: Adds a check for mkisofs tool for qemu config drive
- lxd/device/nic/sriov: Loads vfio-pci module
- tests: Fix BusyBox spelling for filtering
- lxd/vm: Fix bad bus name on ppc64el
- lxd/vm: Don't specify addresses for pci on ppc64
- i18n: Update translations from weblate
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 3.19 リリースのお知らせ¶
16th of January 2020
はじめに ¶
LXD チームは、LXD 3.19 のリリースをお知らせすることにとてもワクワクしています!
このリリースは、私たちがここ数ヶ月取り組んできた大きな機能である仮想マシンサポートを含む、盛りだくさんのリリースです! システム上で LXD を実行し、まったく同じ CLI や API を通して、そしてクラスターデプロイの一部としても、コンテナと仮想マシンの両方を管理できるようになりました!
このリリースでは、多数の他の機能、ユーザ体験の改良、修正を行っており、今までで最も精力的なリリースになっています。
Enjoy!
PS: このリリースは、通常の月ごとの開発サイクルより少し長い時間がかかりました。この遅れはストレージレイヤーの再実装の大部分を完成させただけでなく、それをベースに仮想マシンサポートを行いたいと思ったからです。次の数回の LXD リリースは、3/4 月の大物リリースである 4.0 を前にペースを早めて行う予定です。
ハイライト ¶
仮想マシンサポート ¶
このリリースのメインのハイライトは LXD を使って仮想マシンを実行するための初期サポートであることは間違いありません。
まさしくその通りです。システムコンテナと仮想マシンを組み合わせられるようになりました。 仮想マシンもイメージから作成され、コンテナと同じストレージプールに格納され、コンテナと同じネットワークに接続され、プロファイルを通して同じ設定を共有できます。
仮想マシン内部で LXD エージェントを実行すると、通常の exec、file、info 機能が使えるので、仮想マシンの操作がコンテナの操作とほとんど同じに行えます。
これは初期の作業であり、まだ実装されていない部分が多数ありませすが、現状、仮想マシンが Ubuntu イメージ(今後は他のディストリビューションでも)から、もしくは PXE ブートから作成できます。
すべての仮想マシンはセキュアブート有効の UEFI を実行し、コア数とメモリ割り当て、メモリに専用の Hugepage を使うかどうかの設定をサポートします。 cloud-init は設定されたドライブを通して、もしくはイメージ内に存在するエージェントを使うことで VM で使用できます。
Ubuntu 18.04 VM の作成し、エージェントをインストールし、詳細を問い合わせ、内部でシェルを取得する基本的な例を示します:
stgraber@castiana:~$ lxc profile create vm
stgraber@castiana:~$ lxc profile edit vm
stgraber@castiana:~$ lxc profile show vm
config:
user.user-data: |
#cloud-config
ssh_pwauth: yes
apt_mirror: http://us.archive.ubuntu.com/ubuntu/
users:
- name: ubuntu
passwd: "$6$s.wXDkoGmU5md$d.vxMQSvtcs1I7wUG4SLgUhmarY7BR.5lusJq1D9U9EnHK2LJx18x90ipsg0g3Jcomfp0EoGAZYfgvT22qGFl/"
lock_passwd: false
groups: lxd
shell: /bin/bash
sudo: ALL=(ALL) NOPASSWD:ALL
description: VM specific configuration
devices:
config:
source: cloud-init:config
type: disk
name: vm
used_by:
stgraber@castiana:~$ lxc launch ubuntu:18.04 v1 --vm --profile default --profile vm
Creating v1
Starting v1
stgraber@castiana:~$ lxc console v1
To detach from the console, press: <ctrl>+a q
Ubuntu 18.04.3 LTS v1 ttyS0
v1 login: ubuntu
Password:
Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 4.15.0-74-generic x86_64)
ubuntu@v1:~$ sudo -i
root@v1:~# mount -t 9p config /mnt/
root@v1:~# cd /mnt/
root@v1:/mnt# ./install.sh
Created symlink /etc/systemd/system/multi-user.target.wants/lxd-agent.service → /lib/systemd/system/lxd-agent.service.
Created symlink /etc/systemd/system/multi-user.target.wants/lxd-agent-9p.service → /lib/systemd/system/lxd-agent-9p.service.
LXD agent has been installed, reboot to confirm setup.
To start it now, unmount this filesystem and run: systemctl start lxd-agent-9p lxd-agent
root@v1:/mnt# reboot
stgraber@castiana:~$ lxc info v1
Name: v1
Location: none
Remote: unix://
Architecture: x86_64
Created: 2020/01/17 02:23 UTC
Status: Running
Type: virtual-machine
Profiles: default, vm
Pid: 2490333
Ips:
enp5s0: inet 10.166.11.3
enp5s0: inet6 2001:470:b368:4242:216:3eff:fed2:cd5
enp5s0: inet6 fe80::216:3eff:fed2:cd5
lo: inet 127.0.0.1
lo: inet6 ::1
Resources:
Processes: 22
Disk usage:
root: 23.51MB
CPU usage:
CPU usage (in seconds): 6
Memory usage:
Memory (current): 179.20MB
Memory (peak): 201.19MB
Network usage:
enp5s0:
Bytes received: 1.71kB
Bytes sent: 1.94kB
Packets received: 14
Packets sent: 18
lo:
Bytes received: 6.19kB
Bytes sent: 6.19kB
Packets received: 84
Packets sent: 84
stgraber@castiana:~$ lxc exec v1 bash
root@v1:~# ps aux | grep lxd
root 787 1.5 1.6 747700 16300 ? Ssl 02:25 0:00 /run/lxd_config/9p/lxd-agent
root 1024 0.0 0.0 14856 1004 pts/0 S+ 02:26 0:00 grep --color=auto lxd
ストレージレイヤーの再実装 ¶
仮想マシンサポートの作業の一環として、ストレージレイヤーを完全に書き直しました。 これにより、仮想マシン向けのブロックデバイスの保存サポートを追加し、長年に渡って蓄積してきた多くの問題を解決し、ストレージレイヤーの進化のために行われました。
これにはユーザーに見える影響はありません。適切に動作すれば、新しいロジックは以前のロジックと全く同じように動作するはずですが、バグがある可能性はあります。
以降は、新しいストレージドライバーサポートの追加が容易になりました。そして、優れた抽象化が導入されたおかげで、ストレージ操作の大部分が共通のロジックを使うようになり、コードの重複とコードベース全体でのバグの重複リスクが大幅に減少しました。
これだけの膨大な作業であればバグがあることが予想されます。私たちは報告があった問題に可能な限り対処するために素早く対応するようにします。そして、安定する前に candidate チャンネルを通して、あまり重要でないシステム上で LXD 3.19 をテストすることを強くおすすめします。
テキサス大学の学生による貢献 ¶
オースティンのテキサス大学のたくさんの学生グループが、仮想化クラスの課題の一部として LXD 機能への貢献を行ってきています。
このリリースでは、次のものを含みます:
- 複数アーキテクチャのクラスタリング
- Ceph rbd/fs ボリュームのダイレクトアタッチ
- イメージへのプロファイルのアタッチ
- ディスクデバイスのカスタムなマウントオプション
- LVM ストライピング(ストレージレイヤーの再実装により一部の作業は置き換えられました)
現在、さらに多くの機能が行われ、次の LXD リリースに含まれる予定です。
LXD チームは、これらの貢献とプロジェクトへの新しいコントリビューターとのやりとりを本当に楽しんでおり、参加の学生の実りが多くなることを願っています。
その他の新機能 ¶
lxc list カラムのデバイスキー ¶
lxc list に、デバイスの設定値を表示する追加カラムの定義ができるようになりました。
例:
stgraber@castiana:~$ lxc list -c nst,config:image.os:OS,devices:eth0.parent:BRIDGE +--------+---------+-----------------+--------+--------+ | NAME | STATE | TYPE | OS | BRIDGE | +--------+---------+-----------------+--------+--------+ | maas01 | STOPPED | CONTAINER | ubuntu | lxdbr0 | +--------+---------+-----------------+--------+--------+ | v1 | STOPPED | VIRTUAL-MACHINE | ubuntu | lxdbr0 | +--------+---------+-----------------+--------+--------+ | v2 | STOPPED | VIRTUAL-MACHINE | ubuntu | lxdbr0 | +--------+---------+-----------------+--------+--------+ | v3 | STOPPED | VIRTUAL-MACHINE | | lxdbr0 | +--------+---------+-----------------+--------+--------+
routed ネットワークモード ¶
新たにネットワークインターフェースの nictype に routed モードを追加しました。
routedモードには下層の liblxc につい最近追加された機能が必要です。そして、このモードは実質的にコンテナとホスト間のポイント・ツー・ポイントのリンクを設定し、そのリンクを使って IP をコンテナへルーティングします。
stgraber@castiana:~$ lxc config device add c1 eth0 nic nictype=routed ipv4.address=10.255.243.155 Device eth0 added to c1 stgraber@castiana:~$ lxc start c1 stgraber@castiana:~$ lxc list c1 +------+---------+-----------------------+------+-----------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +------+---------+-----------------------+------+-----------+-----------+ | c1 | RUNNING | 10.255.243.155 (eth0) | | CONTAINER | 0 | +------+---------+-----------------------+------+-----------+-----------+
コンテナへの Ceph RBD と FS のダイレクトアタッチ ¶
LXD が管理していない Ceph 上の既存の RBD もしくは FS ボリュームを持っており、従来のディスクデバイス経由でアタッチできないユーザーは、そのようなボリュームを直接コンテナにアタッチできるようになりました。
これは disk デバイスの source に特別な値を設定して行います。
例: - source=ceph-rbd:pool/volume - source=ceph-fs:fs/path
さらに、Ceph クラスターとユーザーを設定するために、設定項目が追加されました。
- ceph.cluster_name
- ceph.user_name
ディスクデバイスのカスタムマウントオプション ¶
新たに disk デバイスに対して raw.mount_options の設定が追加されました。
これは任意に設定可能なリストで、コンテナにディスクをアタッチする際に使うマウントオプションをカンマ区切りで指定します。
イメージへのプロファイルのアタッチ ¶
複数プロファイルのセット(組み合わせ)をプロファイルに設定できるようになりました。イメージから作られた新しいインスタンスは、デフォルトプロファイルの代わりにプロファイルのセットを使います。
これは lxc image edit 経由で設定し、イメージの自動更新でも維持されます。
stgraber@castiana:~$ lxc image show a722a8eb4d31 auto_update: true properties: architecture: amd64 description: Alpine 3.8 amd64 (20200116_13:00) os: Alpine release: "3.8" serial: "20200116_13:00" type: squashfs public: false expires_at: 1969-12-31T19:00:00-05:00 profiles: - default stgraber@castiana:~$ lxc image edit a722a8eb4d31 stgraber@castiana:~$ lxc image show a722a8eb4d31 auto_update: true properties: architecture: amd64 description: Alpine 3.8 amd64 (20200116_13:00) os: Alpine release: "3.8" serial: "20200116_13:00" type: squashfs public: false expires_at: 1969-12-31T19:00:00-05:00 profiles: - blah stgraber@castiana:~$ lxc launch a722a8eb4d31 a1 Creating a1 Starting a1 stgraber@castiana:~$ lxc info a1 | grep Profiles Profiles: blah
mount システムコールのインターセプト ¶
システムコールのインターセプトのためのレイヤーが拡張され、mount システムコールのインターセプトをサポートしました。
これは、通常は非特権コンテナ内でのマウントが制限されているファイルシステムをマウントできるようにするために使えます。しかし、もっと重要な事は、FUSE ドライバーへのマウント呼び出しの透過的なリダイレクションを可能にすることです。
新しい設定オプションは次の通りです:
- security.syscalls.intercept.mount (機能の有効・無効を設定 )
- security.syscalls.intercept.mount.allowed (マウントを許可するファイルシステムのリスト )
- security.syscalls.intercept.mount.fuse (FUSE へのリダイレクトをするファイルシステムリスト )
- security.syscalls.intercept.mount.shift (ShiftFS レイヤーの設定を自動的に行うかどうか )
完全に信頼していないコンテナに対して allowed パーミッションを決して与えないでください。この設定は、カーネルのスーパーブロックパーサーにコンテナを直接公開します。カーネルを攻撃したり、ホストをクラッシュさせたり、コンテナから脱出したりすることに使えます。
次の例は、ext4 を許可する例と、より安全な代替手段として FUSE を使う場合の例です:
root@vm02:~# lxc launch ubuntu:18.04 c1
Creating c1
Starting c1
root@vm02:~# mkfs.ext4 /dev/sdb
mke2fs 1.44.1 (24-Mar-2018)
Discarding device blocks: done
Creating filesystem with 2621440 4k blocks and 655360 inodes
Filesystem UUID: 134bc6d4-e7d3-4db1-a3aa-a398c1acff85
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632
Allocating group tables: done
Writing inode tables: done
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done
root@vm02:~# lxc config device add c1 sdb unix-block path=/dev/sdb
Device sdb added to c1
root@vm02:~# lxc exec c1 -- mount /dev/sdb /mnt
mount: /mnt: permission denied.
root@vm02:~# lxc config set c1 security.syscalls.intercept.mount true
root@vm02:~# lxc config set c1 security.syscalls.intercept.mount.shift true
root@vm02:~# lxc config set c1 security.syscalls.intercept.mount.allowed ext4
root@vm02:~# lxc restart c1
root@vm02:~# lxc exec c1 -- mount /dev/sdb /mnt
root@vm02:~# lxc exec c1 -- ls -lh /mnt
total 16K
drwx------ 2 root root 16K Jan 17 01:56 lost+found
root@vm02:~# lxc exec c1 -- apt-get install -y fuse2fs
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following package was automatically installed and is no longer required:
libfreetype6
Use 'apt autoremove' to remove it.
The following NEW packages will be installed:
fuse2fs
0 upgraded, 1 newly installed, 0 to remove and 4 not upgraded.
Need to get 28.8 kB of archives.
After this operation, 143 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 fuse2fs amd64 1.44.1-1ubuntu1.2 [28.8 kB]
Fetched 28.8 kB in 0s (117 kB/s)
Selecting previously unselected package fuse2fs.
(Reading database ... 28654 files and directories currently installed.)
Preparing to unpack .../fuse2fs_1.44.1-1ubuntu1.2_amd64.deb ...
Unpacking fuse2fs (1.44.1-1ubuntu1.2) ...
Setting up fuse2fs (1.44.1-1ubuntu1.2) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
root@vm02:~# lxc config unset c1 security.syscalls.intercept.mount.allowed
root@vm02:~# lxc config set c1 security.syscalls.intercept.mount.fuse ext4=/usr/sbin/fuse2fs
root@vm02:~# lxc restart c1
root@vm02:~# lxc exec c1 -- mount /dev/sdb /mnt
root@vm02:~# lxc exec c1 -- ls -lh /mnt
total 128K
drwx------ 2 root root 16K Jan 17 01:56 lost+found
root@vm02:~# lxc exec c1 -- ps aux | grep fuse
root 304 0.0 0.0 170172 788 ? Ssl 02:00 0:00 /usr/sbin/fuse2fs /dev/sdb /mnt -o dev,suid
root@vm02:~#
リソース API の追加 ¶
リソース API のディスクエントリーに、新たにふたつのフィールドが追加されました。
- FirmwareVersion はネットワークカードのファームウェアリビジョンを公開します
- DeviceID は
/dev/disk/by-id以下での検索に適したデバイスの識別子を示します
NVME ドライブの例は次のようになります:
stgraber@castiana:~$ lxc query /1.0/resources | jq .storage.disks[0]
{
"block_size": 512,
"device": "259:0",
"device_id": "nvme-eui.0000000001000000e4d25cafae2e4c00",
"device_path": "pci-0000:05:00.0-nvme-1",
"firmware_version": "PSF121C",
"id": "nvme0n1",
"model": "INTEL SSDPEKKW256G7",
"numa_node": 0,
"partitions": [
{
"device": "259:1",
"id": "nvme0n1p1",
"partition": 1,
"read_only": false,
"size": 52428800
},
{
"device": "259:2",
"id": "nvme0n1p2",
"partition": 2,
"read_only": false,
"size": 1073741824
},
{
"device": "259:3",
"id": "nvme0n1p3",
"partition": 3,
"read_only": false,
"size": 254933278208
}
],
"read_only": false,
"removable": false,
"rpm": 0,
"serial": "BTPY63440ARH256D",
"size": 256060514304,
"type": "nvme",
"wwn": "eui.0000000001000000e4d25cafae2e4c00"
}
マルチアーキテクチャークラスタリング ¶
クラスターメンバーに異なるアーキテクチャのメンバーを混在させることができるようになりました。 LXD はイメージのアーキテクチャーに基づいた正しいシステム上にコンテナを配置します。
極端な例として、3 つの異なる Intel 以外のアーキテクチャーで作られるクラスタを示します:
root@cluster:~# lxc cluster list +---------------+----------------------------+----------+--------+-------------------+--------------+ | NAME | URL | DATABASE | STATE | MESSAGE | ARCHITECTURE | +---------------+----------------------------+----------+--------+-------------------+--------------+ | bos01-arm64 | https://240.0.200.92:8443 | YES | ONLINE | fully operational | aarch64 | +---------------+----------------------------+----------+--------+-------------------+--------------+ | bos01-ppc64el | https://240.0.202.246:8443 | YES | ONLINE | fully operational | ppc64le | +---------------+----------------------------+----------+--------+-------------------+--------------+ | bos01-s390x | https://240.0.203.11:8443 | YES | ONLINE | fully operational | s390x | +---------------+----------------------------+----------+--------+-------------------+--------------+ | bos02-arm64 | https://240.0.204.139:8443 | NO | ONLINE | fully operational | aarch64 | +---------------+----------------------------+----------+--------+-------------------+--------------+ | bos02-ppc64el | https://240.0.206.145:8443 | NO | ONLINE | fully operational | ppc64le | +---------------+----------------------------+----------+--------+-------------------+--------------+ | bos02-s390x | https://240.0.207.35:8443 | NO | ONLINE | fully operational | s390x | +---------------+----------------------------+----------+--------+-------------------+--------------+
クラスターセットアップロジックの改良 ¶
このリリース以降、LXD クラスターを構築する場合、クラスターの一部である最初の 3 つのサーバーはデータベースノードとして機能し、データベースの完全なコピーを受信し、データベーストランザクションの投票を始めます。
この動作により、2 サーバーからなるクラスターがデータベースメンバーの数が偶数であっても安全に動作し、適切なクオラムを防ぎ、どちらかのサーバーがオフラインになっても全データーベースが効率的に停止すると考えられるようになりました。
新しい動作では、3 つめのサーバーが加わるまでは単一のデータベースで動作し続け、3 つめのサーバーが参加した時点で、3 つのサーバすべてがデータベースサーバーとなります。
LXD 3.20 ではスタンバイデータベースノードの導入で、クラスター自身をオフラインにすることなしに複数のデータベースノードをオフラインにできるようになり、この点がさらに改善されます。
未管理ブリッジの MAC フィルタリング ¶
security.mac_filtering が、LXD が管理していないネットワークブリッジに接続された nic デバイスで使えるようになりました。
設定可能な Ceph データプール名 ¶
データとメタデータ用に別々の OSD プールが必要な場合、データを保存する場所をコントロールできる ceph.osd.data_pool_name が新たに追加されました。メタデータは ceph.osd.pool_name で参照するプールに保存されます。
LVM ストライピングサポート ¶
LVM ストライピングがサポートされるようになりました。volume.lvm.stripes と volume.lvm.stripes.size で設定できます。
cgroup2 リソース制限の初期サポート ¶
新しい cgroup 抽象レイヤーが LXD に追加され、v2 リソースコントローラーの初期マッピングも追加されました。これに最近の liblxc の改良を組み合わせて、ほとんどのリソース制限が cgroup v2 環境で機能するようになりました。
作成時のバックアップ圧縮の設定 ¶
backups.compression_algorithm を設定することで、バックアップで使う圧縮アルゴリズムが設定できます。これはすべての新しいバックアップに適用されるグローバルな設定です。
インスタンスの publish コマンド(lxc publish)で、バックアップの作成時に圧縮アルゴリズムを上書きできるようになりました。これは lxc export --compression-algorithm で公開されます。
squashfs を使った圧縮されたバックアップとイメージのサポート ¶
圧縮アルゴリズムとして、イメージとバックアップの両方で squashfs を選択できるようになりました。
これ以前は、LXD は squashfs で圧縮されたイメージを使うことはできましたが、LXD 自身で squashfs イメージを作成できませんでした。
完全な changelog (翻訳なし)¶
Here is a complete list of all changes in this release:
- lxd/cgroup: Adds cgroup package with CPU task balancing functions
- lxd: Updates to use cgroup package
- lxd: Changes instance and containerLXC function Id() to ID()
- lxd: Updates error handling of MakeFSType after stderr split of RunCommand
- api: Add resources_network_firmware extension
- shared/api: Add FirmwareVersion to ResourcesNetworkCard
- lxd/resources/network: Add FirmwareVersion retrieval
- lxd/container: Adds instanceLoad function
- lxd: Replaces use of containerLXCLoad with instanceLoad
- lxc: Changes lxc list and lxc info Type field to show instance type
- i18n: Update translation templates
- lxc/{list,info}: Fix type on older LXD
- lxd/device/disk: Apply limits through post hook
- lxd/main_migratedumpsuccess: Use fast connection
- lxd/main_sql: Use fast connection
- lxd/daemon: Allow internal queries during startup
- test: Adds host-side MTU veth checks
- lxd/device/disk: Improvements in disk limits
- lxd: Fix backup expiry
- lxd: Fix backup expiry check
- api: Add backup_compression_algorithm API extension
- shared/api: Add CompressionAlgorithm to InstanceBackupsPost
- lxc/export: Add --compression option
- i18n: Update translation templates
- lxd/backups: Add support for CompressionAlgorithm
- lxd: Fix container restore with projects in Ceph
- test: Add container restore with projects
- lxd/daemon: Adds daemon package
- lxd: Updates use of debug and verbose vars in daemon pkg
- lxd/rsync: Moves rsync functions to own package
- lxd: Updates usage of moved rsync functions
- doc: Add ceph.osd.data_pool_name
- storage/ceph: Implement --data-pool argument
- scripts: Add ceph.osd.data_pool_name to bash completion
- api: Add ceph_data_pool_name extension
- doc: Add commit structure to contributing.md
- lxd/cluster: Process upgrade notifications on all members
- lxd/cluster: Relax upgrade notification target
- lxd/db: Export GetNodeID
- lxd/daemon: Skip heartbeat processing during startup
- lxd/db: Backward compat code for Nodes()
- lxd/daemon: Set gateway.Cluster during WaitUpgradeNotification
- lxd/storage/ceph: Fix to work on older releases
- lxd: Move backup to separate package
- test: Add backup package to static analysis
- test: Add project testing to backup
- lxd/device/nic: Pass --concurrent to ebtables
- tests: Update ebtables calls
- fix debugging.md rendering
- lxd/sys: Enforce directory permissions
- lxd/daemon: Bump NOFILE to max on startup
- lxd/list: Modify parseColumns to allow for the config:KEY:NAME:WIDTH syntax
- lxd/list: Modify TestColumns to allow for the config:KEY:NAME:WIDTH syntax
- lxd/cluster: Tweak joining error messages
- lxd/cluster: Fix already-clustered test
- lxd/list: Add support for devices:KEY:NAME:WIDTH to parseColumns
- lxd/list: Add tests to check support for devices:KEY:NAME:WIDTH and config:KEY:NAME:WIDTH in parseColumns
- lxd/list: Add description in command help section about devices:KEY:NAME:WIDTH and config:KEY:NAME:WIDTH support
- i18n: Update translation templates
- lxc/storage/volume: Fix panic when invalid snapshot rename argument supplied
- shared/util: Removes ExtractSnapshotName
- lxd: Changes use of ExtractSnapshotName to ContainerGetParentAndSnapshotName
- lxd/storage/volumes: Removes unused snapshot logic from storagePoolVolumeTypePost
- seccomp: test for syscall continuation support
- seccomp: implement syscall continuation for mknod(), mknodat(), and setxattr()
- unixfd: split into unixfd.{c,h}
- unixfd: hide symbols
- Makefile: Switch to tsenart/deadcode
- lxd/include: Don't include missing file
- Revert "unixfd: hide symbols"
- tree-wide: handle _GNU_SOURCE ifdefs correctly
- Makefile: add "nocache" target
- tree-wide: rework cgo compilation
- Add step to trigger reread on loopback device when resizing BTRFS storage pool.
- lxd/db/storage/pools: StoragePoolVolumeSnapshotsGetType returns StorageVolumeArgs slice
- lxd/db/storage/pools: Makes StoragePoolVolumeSnapshotsGetType return in volume ID order
- lxd: Updates use of StoragePoolVolumeSnapshotsGetType return type change
- seccomp: log syscall arguments
- package: lxd: add cgo.go
- package: lxd-p2c: add cgo.go
- package: seccomp: add cgo.go
- package: quota: add cgo.go
- package: storage: add cgo.go
- package: ucred: add cgo.go
- package: idmap: add cgo.go
- package: netutils: add cgo.go
- package: termios: add cgo.go
- package: shared: add cgo.go
- lxd: add cgo hardening flags and fix minor bugs found by them
- lxd/storage/utils: Add common helpers to utils
- lxd/storage/volumes/config: Removes functions moved to storage package
- lxd: Updates use of funcs/vars moved to storage pkg
- lxd/storage/drivers/utils: Add common functions
- lxd/storage/drivers/utils: Adds GetVolumeMountPoint and GetPoolMountPoint functions
- lxd/storage/drivers/utils: Adds DeleteParentSnapshotDirIfEmpty
- lxd/storage/drivers/utils: Add GetVolumeSnapshotDir
- lxd/storage/drivers/volume: Adds VolumeType and ContentType definitions
- lxd/storage/storage: Deprecates pool path function
- lxd/storage/drivers/errors: Adds storage drivers errors
- lxd/storage/errors: Adds shared errors for storage
- lxd/db/storage/pools: Improves comments on StoragePoolVolumeSnapshotsGetType
- tests: Fixes zfs snapshot restore bug in tests
- lxd/migration/migration/volumes: Adds migration volume arg types
- lxd/storage: Removes progress wrapper functions
- lxd: Update use of migration progress functions
- seccomp: protect against syscall supervision override
- client/lxd/storage/volumes: Fixes bug where migration errors were ignored
- lxc/storage/volume: Adds volume snapshot rename check for same parent volume
- lxd/storage/quota: Fix bad typing
- lxd/containers: Return disk usage when stopped
- lxd/storage/utils: Removes default empty "size" property for dir volumes
- lxd/storage/utils: Makes dir driver allowed to translate the size property
- tree-wide: cgo: add -Wunused and fix errors detected by this option
- tree-wide: cgo: mark some global variables ro
- lxc/config: Handle config/profile in examples
- i18n: Update translation templates
- forksyscall: add acquire_final_creds()
- seccomp: implement mount syscall interception
- api: add container_syscall_intercept_mount extension
- doc: add security.syscalls.intercept.mount
- scripts: add security.syscalls.intercept.mount to bash completion
- client: Ignore unresolvable addresses
- lxd/include: Fix definition of SECCOMP_USER_NOTIF_FLAG_CONTINUE
- api: Add compression_squashfs extension
- lxd/cluster: Validate squashfs-tools-ng executables
- lxd: Modify compressFile() to support SquashFS
- lxd/networks: Nicer error on misisng IPv6
- global: Drop -Wcast-align (breaks armhf)
- lxd: Support SquashFS compressed backup imports
- lxd: Add SquashFS compressed image publish/export support
- lxd/device/nic/bridged: Allow MAC filtering on unmanaged bridges
- test: Adds test for using security.mac_filtering with unmanaged parent
- doc: fix link to security.md from README.md
- doc: use HTTPS links for criu and #lxcontainers (they have STS preload)
- lxd/rsync: Switch to using io.ReadWriteCloser
- shared: Implement a WebsocketIO ReadWriteCloser abstraction
- lxd/migration: Introduce ProgressTracker
- lxd/migration: Switch over to ReadWriteCloser for rsync
- lxd/devlxd: Fixes event socket close on client disconnect during wait
- lxd/events/events: Adds context to event listener Wait() function
- lxd/events: Fixes event socket close on client disconnect during wait
- lxd/migrate: Close control web socket on disconnect()
- lxd/migrate/storage/volunes: Always close web socket after migration
- lxd/storage: Adds interfaces
- lxd/storage/load: Adds storage pool loader functions
- lxd/storage/drivers/driver: Adds storage driver load functions
- lxd/storage/backend/lxd: Adds lxd backend implementation
- lxd/storage/backend/mock: Adds mock backend implementation
- lxd/storage/drivers/driver/common: Adds common driver
- lxd/storage/drivers/driver/dir: Add dir backend
- lxd/storage/volumes: Links doVolumeCreateOrCopy to use storage pkg
- test/suites/static/analysis: Updates to recurse storage package
- lxd/storage/volumes: Links volume delete function to use new storage pkg
- lxd/storage/utils: Adds VolumeTypeToDBType function
- lxd/storage/utils: Modifies VolumeValidateConfig to hook into new storage API
- lxd/storage/utils: Deprecates SupportedPoolTypes
- lxd/storage/drivers/volume: Adds Volume struct type
- lxd/storage/volumes: Re-works storagePoolVolumeTypePost into sub-actions
- lxd/storage/volumes/snapshot: Renames driver import to storagePools
- lxd/storage/volumes/snapshot: Links rename snapshot volume to new storage pkg
- lxd/storage/volumes/snapshot: Links snapshot delete to new storage pkg
- lxd/storage/volumes/snapshot: Links create custom snapshot to new storage pkg
- lxd/storage/volumes: Moves DB lookup into migration function
- lxd/migrate/storage/volumes: Links volume migrate functions to new storage pkg
- lxd/storage/volumes: Linking volume move to new storage pkg
- lxd/storage/volumes: Adds existing volume checks to storagePoolVolumeTypePost and storagePoolVolumesTypePost
- lxd/storage/drivers/utils: Adds GetSnapshotVolumeName function
- lxd/storage/drivers/utils: Renames GetVolumeMountPath and GetPoolMountPath
- lxd/storage: Updates deprecation notice
- lxd/storage/drivers/utils/test: Updates tests
- lxd/storage/utils: Adds validateVolumeCommonRules
- lxd/migration/migration/volumes: Updates MatchTypes to log offered and our types on mismatch
- lxd/storage/memorypipe: Adds in-memory bidirectional pipe
- lxd/migrate/storage/volumes: Updates use of migrate TrackProgress args
- lxd/storage/backend/lxd: Updates CreateCustomVolumeFromCopy to use migration logic
- lxd/storage/drivers/driver/common: Improves comment
- lxd/migration/migration/volumes: Adds TrackProgress bool to MigrationSourceArgs and MigrationTargetArgs
- lxd/storage/drivers/driver/dir: Updates migration functions to use TrackProgress bool
- lxd/containers: Push MAAS entry after dev creation
- lxd/storage/drivers/interface: Modifies ValidateVolume definition
- lxd/storage/utils: Updates ValidateVolume usage
- lxd/storage/backend/lxd: Updates use of validate function
- lxd/storage/drivers/driver/common: Updates validate function
- lxd/storage/drivers/driver/dir: Updates validation function
- forksyscall: remove left-over advance_arg() call
- lxd/migration/migration/volumes: Updates MatchTypes to accept fallback type
- lxd/migration/storage/volumes: Updates MatchTypes usage
- lxd/storage/backend/lxd: Updates MatchTypes usage
- lxc/storage/volumes: Links storagePoolVolumeTypePatch to new storage pkg
- lxd/storage/volumes/utils: Links storagePoolVolumeUsedByRunningContainersWithProfilesGet to storage pkg
- lxd/storage/utils: Adds VolumeUsedByInstancesWithProfiles
- lxd/storage/volumes: Links storagePoolVolumeTypePut to storage pkg
- lxd/storage/drivers/interface: Updates function definitions
- lxd/storage/backend: UpdateCustomVolume and RestoreCustomVolume
- lxd/storage/drivers/driver/dir: Adds UpdateVolume function
- lxd/storage/volumes: Consistent casing on error messages
- lxd/storage/utils: Consistent casing on error messages
- lxd/storage/interfaces: Adds RestoreCustomVolume
- lxd/storage/drivers/interface: Adds RestoreVolume
- lxd/storage/drivers/driver/dir: Implements RestoreVolume
- lxd/storage/backend/mock: Adds RestoreCustomVolume
- lxd/storage/volumes: Makes storagePoolVolumeTypePut logic consistent with storagePoolVolumeSnapshotTypePut
- lxd/storage/volumes/snapshot: Moves storagePoolVolumeSnapshotTypePut DB logic
- lxd/storage/volumes/utils: Removes unused storagePoolVolumeSnapshotUpdate
- lxd/storage: Use correct operation type
- lxd/storage/backend/lxd: Adds basic debug logging
- lxd/storage/backend/mock: Adds logger support
- lxd/storage/load: Initialises logger
- lxd/storage/drivers/driver/common: Adds driver logger with pool context
- lxd/storage/drivers/interface: Updates with pool context logger
- lxd/storage/utils: Updates VolumeValidateConfig to use update driver loader
- lxd/storage/load: Updates loaders to support contextual loggers
- lxd/storage/drivers/load: Updates loaders to support contextual loggers
- container/lxc: Hooks up root device usage to new storage package
- lxd/storage/backend/lxd: Updates name of instance arg to inst from i
- lxd/storage/backend/lxd: Implements GetInstanceUsage
- lxd/storage/backend/mock: Changes GetInstanceUsage signature
- lxd/storage/drivers/driver/dir: Implements GetVolumeUsage
- lxd/storage/drivers/interface: Adds GetVolumeUsage
- lxd/storage/interfaces: Changes GetInstanceUsage signature
- lxd/images: Links imageCreateInPool to new storage package
- lxd/storage/backend/lxd: Implements CreateImage
- lxd/storage/backend/mock: Updates CreateImage definition
- lxd/storage/interfaces: Updates CreateImage definition
- lxd/resources/storage: Improve cdrom handling
- Bring Go current in Travis
- lxd/storage/drivers/driver/dir: Adds warnings of ext4 project quota not supported
- lxd/storage/load: Adds GetPoolByInstanceName
- lxd/container: Links containerCreateFromImage to new storage layer
- lxd/containers/post: Moves progress tracker into containerCreateFromImage
- lxd/images: Removes old unpackImage
- lxd/storage/backend/lxd: Implements CreateInstanceFromImage
- lxd/storage/drivers/driver/dir: Switches to using volume.CreateMounthPath()
- lxd/storage/drivers/volume: Adds CreateMountPath
- lxd/storage/load: Improves getVolID error when volume not found
- lxd/storage/utils: Adds InstanceTypeToVolumeType
- lxd/storage/utils: Adds ImageUnpack
- test/suites/basic: Updates tests to take into account more secure volume perms
- lxd: Updates use of driver.ImageUnpack
- lxd/storage/load: Makes volIDFuncMake project aware
- lxd/storage/drivers/driver/dir: Ensures old snapshor dir removed in RenameVolume
- lxd/storage/drivers: Expose BlockBacking property
- lxd/storage: Pass BlockBacking to ImageUnpack
- lxd/storage: Change default container permissions to 0100
- lxd/storage: Implement CreateImage
- lxd/storage/dir: Don't fail/complain about missing quotas
- lxd/devices/nic: Handle recent ebtables
- lxd/rsync: Tweaks Recv's internal synchronisation to avoid race
- lxd: Minor changes
- lxd/storage: Fix custom volume with underscores
- lxd/images: Updates imageCreateInPool to use EnsureImage
- lxd/storage/backend/lxd: Updates EnsureImage usage and adds more comments
- lxd/storage/backend/mock: Updates with EnsureImage
- lxd/storage/interfaces: Renames CreateImage to EnsureImage
- lxd/storage/load: Adds comments
- lxd/cluster: add Recover() and ListDatabaseNodes() utilities
- lxd/storage/drivers: Add mountReadOnly helper
- lxd/storage/dir: Make snapshot mounts read-only
- lxd/storage/dir: Only log project quota failures when relevant
- lxd/container/lxc: Links container Delete() to new storage package
- lxd/container/lxc: Improves error logging in diskState
- lxd/storage/backend/lxd: Removes duplicated code from DeleteCustomVolume
- lxd/storage/backend/lxd: Adds symlink management functions
- lxd/storage/backend/lxd: Adds Instance and Instance Snapshot delete functions
- lxd/storage/drivers/driver/dir: Reinstates DeleteParentSnapshotDirIfEmpty for volume and snapshot deletion
- lxd/storage/drivers/utils: Updates DeleteParentSnapshotDirIfEmpty to also remove symlink
- lxd/storage/interfaces: Adds IsSnapshot to Instance interface
- lxd/storage/dir: Don't write to snapshots
- lxd/container: Fix apply_quota
- lxd/storage/lvm: Fix version parsing
- lxd/storage/drivers/driver/dir: Comment grammar consistency
- lxd/storage/load: Renames GetPoolByInstanceName to GetPoolByInstance
- lxd/container: Updates use of storagePools.GetPoolByInstance and fallback for container types
- lxd/storage/drivers/errors: Removes unused error
- lxc/init: Properly handle errors with --empty
- lxd/container: Links containerCreateAsEmpty to new storage package
- lxd/container: Adds revert to containerCreateFromImage
- lxd/container: containerCreateFromImage comment
- lxd/storage/drivers/utils: Makes GetVolumeSnapshotDir work with either snapshot or parent vol name
- lxd/storage/drivers/utils: Removes symlink removal from DeleteParentSnapshotDirIfEmpty
- lxd/storage/backend/lxd: CreateInstance
- lxd/storage/backend/lxd: Updates instance snapshot symlink removal
- lxd/storage/backend/lxd: Updates instance snapshot symlink management functions
- lxd/container/lxc: Removes TemplateApply() and adds DeferTemplateApply()
- lxd/containers/post: DeferTemplateApply usage
- lxd/instance/interface: DeferTemplateApply usage
- lxd/storage/interfaces: DeferTemplateApply signature
- lxd/storage: DeferTemplateApply usage
- lxd/storage/interfaces: Updates instance mount function definitions
- lxd/storage/backend/mock: Updates instance mount function definitions
- lxd/storage/backend/lxd: Implements instance mount and unmount functions
- lxd/operations: Fix remote Wait
- lxc/query: Fix handling of ?project=
- lxd/storage/backend/lxd: Instance function comment consistency
- lxd/device/device/utils/disk: Changes signature of StorageRootFSApplyQuota
- lxd/device/disk: Updates applyQuota to use error from storage package
- lxd/storage: Links storageRootFSApplyQuota to new storage package
- lxd/storage/backend/lxd: SetInstanceQuota
- lxd/storage/backend/mock: SetInstanceQuota
- lxd/storage/drivers/dir: Adds SetVolumeQuota and RunningQuotaResize info flag
- lxd/storage/drivers/interface: SetVolumeQuota signature
- lxd/storage/drivers/load: Adds RunningQuotaResize to driver Info struct
- lxd/storage/errors: Adds ErrRunningQuotaResizeNotSupported error
- lxd/storage/interfaces: SetInstanceQuota signature
- lxd/container: Links containerConfigureInternal to new storage package
- lxd/db: Cover all combinations of instance filters
- lxd/db: Re-generate DB code
- lxd/storage/drivers: Add locking
- lxd/storage/drivers: Add cephfs
- lxd/storage/drivers: Make locks per-pool
- lxd/storage/cephfs: Fill remaining Info fields
- lxd/storage/cephfs: Use SetVolumeQuota in UpdateVolume
- lxd/storage/cephfs: Don't run RemoveAll on snapshots
- lxd/container/lxc: Links Rename to new storage package
- lxd/storage/backend/lxd: Reworks symlink functions
- lxd/storage/cephfs: Simplify rename logic
- lxd/storage/cephfs: Comment consistency
- lxd/storage/backend/lxd: RenameInstance
- lxd/storage/interfaces: Removes unused Path function in Instance interface
- lxc/move: Fixes instance snapshot rename validation and crash
- lxd/storage/backend/lxd: RenameInstanceSnapshot
- lxd/storage/cephfs: Implement GetVolumeUsage
- lxd/storage/dir: Properly revert snapshots
- lxd/storage/cephfs: Fix SetVolumeQuota
- lxd/storage/cephfs: Fix ordering in Copy/Migration
- Move renderTable to utils.RenderTable()
- Add new "lxd cluster" sub-command
- Add clustering_recover integration test
- clustering.md: add documentation about disaster recovery
- lxd/storage/dir: Add check for bad source path
- lxd/storage: Add localOnly handling of create/delete
- lxd/operations: Support nil state
- lxd/storage: Switch Create to new logic
- lxd/storage/utils: Only create needed directories
- lxd/storage/cephfs: Fix bad config keys
- lxd/storage: Switch Delete to new logic
- lxd/storage: Switch Mount to new logic
- lxd/storage/cephfs: Don't fail if already mounted
- lxd/api/internal: Updates use of renamed functions
- lxd/container: Updates return values of instance create and load functions
- lxc/container: Renames containerCreateFromImage to instanceCreateFromImage
- lxd/container: Renames containerCreateInternal to instanceCreateInternal
- lxd/container/lxc: Updates use of renamed c.state.Cluster.InstanceRemove
- lxd/containers/post: Adds VM support to createFromImage
- lxd/db/containers: Renames ContainerRemove to InstanceRemove
- lxd/container: Renames containerCreateAsEmpty to containerCreateAsEmpty
- lxd/containers/post: Updates use of instanceCreateAsEmpty
- lxd/storage/backend/lxd: Pass correct content type to storage drivers for VMs
- lxd/storage/drivers/utils: Unexports deleteParentSnapshotDirIfEmpty
- lxd/storage/drivers/driver/dir: Updates use of deleteParentSnapshotDirIfEmpty
- lxd/container/lxc: Updating DB usage to be instance type agnostic
- lxd/container/post: Updates usage of InstancePool
- lxd/container/test: Updates instanceCreateInternal usage
- lxd/api/internal: InstancePath usage
- lxd/container/lxc: InstancePath usage
- lxd/storage/backend/lxd: InstancePath usage
- lxd/storage/storage: Renames ContainerPath to InstancePath
- lxd/storage/dir: InstancePath usage
- lxd/storage/zfs: InstancePath usage
- lxd/container/test: InstancePath usage
- lxd/db/storage/pools: Adds VM instance type constant and conversion codes
- lxd/db/containers: Updates pool lookup functions to be instance type agnostic
- lxd/storage/load: InstancePool usage
- lxd/db/containers/test: InstancePool usage
- lxd/storage: InstancePool usage
- lxd/storage/dir: Don't apply quotas on snapshots
- lxd/device/nic: Fix race in vlan creation
- lxd/device/nic: Fix handling of shared vlans
- lxd/storage/cephfs: Store version globally
- lxd/storage/drivers: Drop Usable field
- lxd/storage/drivers: Implement load function
- lxd/storage/cephfs: Implement load
- lxc/init: Adds vm flag to init command
- lxc/copy: copyContainer tweaks
- lxd/container: Adds support for VM creation to instanceCreateInternal
- lxd/container: Adds VM support to instanceLoad
- lxd/storage/drivers/utils: Adds createSparseFile
- lxd/storage/backend/lxd: Signature and comment tweaks for filler function
- lxd/storage/drivers/driver/cephfs: filler usage update
- lxd/storage/drivers/driver/dir: Adds VM support to CreateVolume
- lxd/storage/drivers/driver/dir: Adds content type checking to some functions
- lxd/storage/drivers/interface: CreateVolume signature update for filler change
- lxd/storage/utils: Adds VM type conversion
- lxd/storage/utils: Updates ImageUnpack to support VM images
- lxd/storage: Updates ImageUnpack usage
- lxd/sys/fs: Adds VM dirs
- lxd/containers: Renames containerDeleteSnapshots to instanceDeleteSnapshots
- lxd/container/lxc: instanceDeleteSnapshots usage
- lxd/device/device/utils/network: Adds networkCreateTap
- lxd/device/nic/bridged: Adds initial support for VM
- lxd/device/disk: Initial VM support
- lxd/storage/backend/lxd: GetInstanceDisk implementation
- lxd/storage/drivers/driver/ceph: GetVolumeDiskPath placeholder
- lxd/storage/drivers/driver/dir: GetVolumeDiskPath implementation
- lxd/storage/drivers/interface: Adds GetVolumeDiskPath
- lxd/container/console: Improves resilience of console checking
- shared/container: Adds support for vm.uuid volatile key
- lxd/container: progress meta data
- lxd/containers/post: createFromImage instances created field
- lxd/storage/backend/lxd: CreateInstanceFromCopy qcow2 comment
- i18n: Update translation templates
- lxd/containers/post: createFromNone VM support
- lxd: Move IsJSONRequest to util package
- client: Add vsock support
- client: Add ConnectLXDHTTP function
- lxd/vsock: Add vsock HTTP client
- lxd-agent: Add basic structure
- lxd-agent: Add state command
- lxd-agent: Add operations command
- lxd-agent: Add exec command
- lxd-agent: Add file command
- shared/idmap: Fix build tags
- lxd/util: Restrict sys.go to LXD itself
- lxd/sys: Restrict to LXD itself
- lxd/state: Use empty struct when not LXD
- lxd/response: Split SmartError into LXD/non-LXD
- lxd/operations: Disconnect from DB on non-LXD
- lxd/endpoints: Allow building on non-Linux
- lxd/db: Allow external use without dqlite
- Fix golint warnings
- lxd/container: Improves create from imate type mismatch error
- lxd/container/console: Makes console logic instance type agnostic
- lxd/container/lxc: Updates Console to return an os.File
- lxd/instance/interface: Updates Console signature
- lxd/db/images: Fixes bug in ImageSourceGetCachedFingerprint not applying image type filter
- shared/cert: Useful comment about cert type on FindOrGenCert
- lxd/vm/qemu: Initial implementation of VM Qemu instance type
- client/connection: Simplifies ConnectLXDHTTP
- lxd/vm/qemu: Adds agent connection setup
- lxd/vsock: Simplifies HTTPClient
- lxd/vm/qemu: Implement FilePush for VMs
- lxd/vm/qemu: Implement FilePull for VMs
- lxc/storage: Add support for virtual-machine volumes
- lxd/storage: Add support for virtual-machine volumes
- lxd/vm: Set WorkingDirectory in unit
- lxd/vm: Fix TLS authentication to agent
- lxd-agent: Fix golint
- lxd-agent: Remove dead code
- lxd-agent: Function name consistency
- lxd-agent: Avoid global variables
- lxd-agent: Load certs from current dir
- Makefile: Have default build static lxd-p2c
- Makefile: Add lxd-agent
- lxd-agent: Port to cobra
- lxd-agent: Re-order imports
- lxd/vsock: Switch to single implementation
- api: Add extention for passing in raw mount options
- doc/container: added raw_mount_options to disk options
- lxd/device add support for raw_mount_options for disk device mounts
- tests: Add test for raw.mount.options for disk device mounts
- lxc/image: Truncate image files down to size
- lxd/images: Truncate image files down to size
- client: Add Disconnect function
- lxd/vm: Fix UEFI secure boot
- lxd/vm: Use filepath rather than manual joining
- lxd/device/nic/ipvlan: removes unused optional "host_name" config field.
- lxd/device/nic/routed: Adds veth routed NIC device
- shared/version/api: Adds container_nic_routed API extension
- doc/containers: Adds routed nic type docs
- test: Adds routed nic tests
- seccomp: implement redirection to fuse
- api: add container_syscall_intercept_mount_fuse extension
- doc: add security.syscalls.intercept.mount.fuse
- scripts: add security.syscalls.intercept.mount.fuse
- lxd/vm: Cleanup config layout
- lxd/vm: Add an identifying serial device
- lxd/vm/qemu: Adds missing secure boot EFI firmware error
- seccomp: only apply shift when it is needed
- shared/simplestreams: Support disk-kvm.img
- shared/cert: Make adding of ip/names optional
- lxc/config: Update to changed cert functions
- lxd/util: Update to changed cert functions
- lxd/vm: Update to changed cert functions
- lxd-agent: Update to changed cert functions
- lxd-p2c: Update to changed cert functions
- lxc-to-lxd: Update to changed cert functions
- seccomp: test flag parsing and log ignored flags
- shared: Update to changed cert functions
- seccomp: attach to pid namespace when mounting through fuse
- lxd-agent: Generate the cloud-init configuration
- lxd/vm: Use 9p for agent drive
- lxd/storage: Only use raw images
- lxd/storage/drivers: Don't return disk type
- lxd/storage: Don't return disk type
- lxd: Use raw disk images only
- lxd/vm: Add install script in 9p
- lxd/device/disk: Adds support for generating VM config drive
- lxd/device/nic/bridged: Adds hwaddr to runConf when instance type is VM
- lxd/vm/qemu: Modifies qemu config generation to support dynamic devices
- lxd/container: Renames containerValidDevices to instanceValidDevices
- lxd/device/device/instance: Adds Path() to Instance interface
- lxd/device/disk: Adds support for generating VM cloud-init config drive
- lxd: Updates instanceValidDevices usage
- lxd: Fixes bug in fillNetworkDevice volatile hwaddr generation
- lxd/vm/qemu: Fix root disk path in device
- lxd/vm/qemu: Only connect to VM agent to get state if VM is running
- lxd/vm/qemu: Comment about generateConfigShare meta-data generation
- lxd/device/unix/common: Device naming functions usage
- lxd/device/device/utils/generic: Adds generic device naming functions
- lxd/device/gpu: Device naming functions usage
- lxd/device/disk: Uses generic device name path functions
- lxd/device/device/utils/unix: Device naming functions usage
- lxd/device/device/utils/unix: Removes unused device naming functions
- lxd/include: Fix SECCOMP_GET_ACTION_AVAIL define
- lxd/vm: Update systemd units
- lxd: Cleanup storage volumes properly for VMs
- lxd/instances: Add /1.0/virtual-machines
- lxd/storage: Fix GetVolumeSnapshotDir return value
- lxd/vm: Implement Exec for VMs
- lxd-agent: Proper logger
- lxd/container/exec: Don't require cmd to be returned from inst.Exec()
- lxd-agent/exec: Add buffered channel to prevent deadlock on cmd exit
- client/lxd: log websocket URL
- client/lxd/events: Fixes /events connect bug
- lxd-agent/exec: Fixes go routine leak
- lxd-agent/daemon: Adds daemon for storing event server to agent
- lxd-agent/events: Adds /events websocket route to agent
- lxd/state/notlinux: Adds Events field to non-linux/agent State struct
- lxd/operations/operations: Adds SetEventServer function
- lxd/operations: Reinstates sending events when no state
- lxd-agent/exec: Links daemon's event server to operation
- lxd-agent: Adds daemon to request
- lxd: More event socket logging
- lxd/vm/qemu: Disconnects VM agent after use
- lxd/vm/qemu: Interactive unbuffered exec console
- lxd-agent: Add missing setsid call on exec
- lxd-agent: Fix uid/gid/cwd in exec
- lxd/agent/exec: More debug status messages for exec handler
- lxd/container/exec: Updates exec handler to use new inst.Exec signature
- lxd/container/lxc: Updates Exec() to return a instance.Cmd
- lxd/instance/interface: Updates Exec() function to be local or remote command agnostic
- lxd/vm/qemu: Updates Exec() to return instance.Cmd
- lxd/container/lxc/exec/cmd: Implementation of instance.Cmd for containerLXC
- lxd/vm/qemu/cmd: Implementation of instance.Cmd for vmQemu
- lxd/instance/instance/exec/cmd: Cmd interface
- lxd-agent/exec: Removes \n from logging
- lxd/vm/qemu: Better error message to users when failing to connect to lxd-agent
- lxd-agent/exec: Makes the terminal the controlling terminal of the calling process
- lxd/vm: Make OVMF path configurable
- lxd/vm/qemu: Comment ending consistency
- lxd/vm/qemu: Handle deletion of storage volume DB record when reverting VM create
- lxd/storage/backend/lxd: Adds same pool optimisation to CreateCustomVolumeFromCopy
- lxd/container: container to instance renames, comment improvements
- lxd/containers/post: Adds instances field to response from createFromCopy
- lxd/container: instanceCreateAsCopy rename and revertion logic
- lxd/container: instanceCreateInternal comment
- lxd/containers/post: instanceCreateAsCopy usage
- scripts/bash: Refresh list of commands
- api: Add container_disk_ceph API extension
- lxd: Add support for CEPH FS backed disks and CEPH RBD backed disks
- tests: Add test for CEPH backed disks
- doc: Add support for CEPH backed disks
- lxd: Fixing srcPath check for cephs
- lxd: Correct srcPath check for cephs
- lxd: Fixing single quote on ceph check
- lxd/device/disk: Fix mounting cephfs
- lxd/device/disk: Format blocks a bit
- tests: Fix typo in cephfs test
- lxd: Fix ceph_rbd volatile key
- lxd/storage: Rename storagePoolVolumeUsedByContainersGet
- lxd/storage: Rename storagePoolVolumeUsedByRunningInstancesWithProfilesGet
- lxd: Have instanceLoadByProject return all instances
- lxd/vm: Use leases to get IP
- lxd/storage/zfs: Fix migration on zfs 0.6
- lxd/vm/qemu: Removes deprecated Storage() function
- lxd/instance/instance/interface: Moves Instance interface into instance pkg
- lxd/instance/interface: Removes old Instance interface
- lxd: Updates references to Instance interface
- lxd/storage: Fix DeleteImage return value
- lxd/storage/cephfs: Properly handle root path
- lxd/vm: Reverse interface counters
- lxd/container: Adds operation arg to instanceCreateAsCopy
- lxd/containers/post: Passes operation to instanceCreateAsCopy
- lxd/container: Links instanceCreateAsCopy to new storage pkg
- lxd/container: source snapshot var naming for clarity
- lxd/storage/interfaces: Exposes ExpandedDevices() on Instance interface
- lxd/storage/interfaces: Updates Instance migration signatures
- lxd/storage/interfaces: Changes i arg var to inst to represent Instance
- lxd/storage/backend/mock: Updates instance migration signatures
- lxd/db/containers: Removes unused ContainerCreationUpdate replaces with InstanceSnapshotCreationUpdate
- lxd/migrate/storage/volumes: Fixes typo
- lxd/migration/interfaces: Removes unused definitions
- lxd/storage/backend/lxd: Updates CreateInstance to use root disk device config
- lxd/storage/backend/lxd: Implements CreateInstanceFromCopy
- lxd/storage/backend/lxd: Updates CreateInstanceFromImage to use instance root disk config
- lxd/storage/backend/lxd: Implements CreateInstanceFromMigration
- lxd/storage/backend/lxd: Implements MigrateInstance
- lxd/storage/backend/lxd: Adds comment to EnsureImage explaining for volume config not needed
- lxd/storage/backend/lxd: Comment consistency in CreateCustomVolumeFromCopy
- lxd/storage/backend/lxd: Add comment to MigrateCustomVolume explaining volume config not needed
- lxd/storage/backend/lxd: Close migration connection on error in CreateCustomVolumeFromMigration
- lxd/device/device/runconfig: Moves to device/config pkg
- lxd/instance/instance/interface: Removes device pkg import
- lxd: Updates use of deviceConfig.RunConfig
- Use the node ID from the nodes ID table, not the raft one
- lxd/patches: Fix database roles
- lxd/container/lxc: Reorders containerLXC Delete() stages
- lxd/vm/qemu: Makes Delete() aligned with containerLXC's Delete()
- lxd/container: Removes instanceCompareSnapshots
- lxd/instance/instance/utils: Adds CompareSnapshots function
- lxd/container: Updates instance.CompareSnapshots usage
- lxd/container: Links instanceCreateAsCopy refresh instance to new storage pkg
- lxd/storage/interfaces: RefreshInstance signature
- lxd/storage/backend/lxd: Implements RefreshInstance
- lxd/storage/backend/mock: RefreshInstance placeholder
- lxd/storage/drivers/interface: Adds RefreshVolume
- lxd/storage/drivers/driver/cephfs: Adds RefreshVolume placeholder
- lxd/migration/migration/volumes: Adds Refresh property to VolumeTargetArgs
- lxd/storage/drivers/driver/dir: RefreshVolume implementation
- lxd/storage/drivers/volume: Adds Name() function
- lxd/storage/backend/lxd: Adds HasVolume checks to CreateInstanceFromMigration and CreateInstanceFromCopy
- lxd/cluster: Only promote to database role if >= 3 members
- doc/clustering: Document database role during cluster scaling
- lxd/vm/qemu: Adds storage pool Mount/Unmount calls
- lxd/device/disk: Prevents error logs about unsupported disk drive on VM stop
- lxd/vm: Add support for aarch64
- api: Add virtual-machines API extension
- shared: Rename ContainerAction to InstanceAction
- shared: Rename KnownContainerConfigKeys to KnownInstanceConfigKeys
- shared: Rename ContainerGetParentAndSnapshotName to InstanceGetParentAndSnapshotName
- lxc: Update for ContainerGetParentAndSnapshotName rename
- lxd/containers: Update for ContainerAction rename
- lxd: Update for ContainerGetParentAndSnapshotName rename
- doc/api-extensions: Fix escaping
- doc: Rename containers to instances
- doc/instances: Description consistency
- doc/instances: Fix escaping and alignment
- doc/profiles: Update for instances
- doc: Add containers/virtual-machines pages
- lxc: Update for KnownInstanceConfigKeys
- doc/instances: Remove API extensions
- doc/instances: Add missing volatile keys
- doc: Add new pages to metadata
- tests: Update unit and integration tests for cluster join
- lxd: Add raw.qemu
- shared: Add raw.qemu
- doc: Add raw.qemu
- scripts/bash: Add raw.qemu
- lxd: Add security.secureboot
- shared: Add security.secureboot
- doc: Add security.secureboot
- scripts/bash: Add security.secureboot
- lxd: Instance is not container type error consistency
- lxd/container: Removes container type
- lxd: Removes use of container type
- lxd: Renames containerCreateAsSnapshot to instanceCreateAsSnapshot
- lxd/container/snaphot: Returns instances property in response
- lxd/container/snapshot: Removes duplicated instance type check
- lxd/storage: Changes CreateInstanceSnapshot signature to accept source instance
- lxd: Hooks instanceCreateAsSnapshot up to new storage pkg
- lxd/storage/drivers/load: Adds RunningSnapshotFreeze to driver Info struct
- shared/generate: Insert build tag
- lxd/storage/drivers/driver/dir: Defines dir driver needs freeze during snapshot
- lxd/storage/backend/lxd: Adds snapshot check to ensureInstanceSymlink
- lxd/storage/backend/lxd: Implements CreateInstanceSnapshot
- doc: Documents the VM cloud-init:config drive option
- lxd-agent: Put /snap/bin in PATH
- lxd/storage/btrfs: Fix StorageEntitySetQuota
- seccomp: block new mount API when mount interception is requested
- lxd/networks: Merge clsuter config on create
- lxd/networks: Forward config updates
- lxd/storage: Renames interfaces.go to pool_interface.go
- lxd/storage/pool/interface: Removes Instance interface
- lxd/storage: Switches to use instance.Instance interface
- lxd/container/put: Renames containerSnapRestore to instanceSnapRestore
- lxd/container/lxc: Links snapshot Restore() to new storage pkg
- lxd/storage/interfaces: RestoreInstanceSnapshot signature
- lxd/storage/backend/mock: RestoreInstanceSnapshot signature
- lxd/storage/backend/lxd: Implements RestoreInstanceSnapshot
- lxd/container/backup: Comment tweaks and inst var rename
- lxd/backup: Links backupCreate to new storage pkg
- lxd/storage/drivers/driver/dir: rsync.LocalCopy return value consistency
- lxd/storage/backend/lxd: Ensures all instance functions use project aware storage names
- lxd/storage/backend/lxd: Implements BackupInstance
- lxd/storage/drivers/interface: Adds BackupVolume
- lxd/storage/drivers/driver/cephfs: Adds BackupVolume placeholder
- lxd/storage/drivers/driver/dir: Adds BackupVolume
- shared/archive/linux: Adds some explanation to DetectCompressionFile
- lxd/images: Adds more output detail when tar2sqfs fails in compressFile
- lxd/container: instanceCreateFromBackup restructure so as not to return storage
- lxd/containers/post: Updates createFromBackup to not need storage returned from instanceCreateFromBackup
- lxd/images: Fix image pruning with projects
- lxd/images: Fix VM image export
- client: Fix VM image export
- shared: Un-restrict archive.go
- shared: Add qcow2
- client: Fix VM image import
- lxc/image: Detect type on import
- Rename containers to instances in db views
- Drive-by fix of UsedBy for networks
- lxd/vm: Add limits.memory.hugepages
- shared: Add limits.memory.hugepages
- doc: Add limits.memory.hugepages
- scripts/bash: Add limits.memory.hugepages
- doc/instances: Indicate VM support when applicable
- shared: Cleanup console on error
- lxd: Cleanup console on error
- lxd/console: Improve disconnection handling
- lxd/vm: Add locking around console
- Remove accidentally committed testimage.tar.xz
- Add arch column to nodes table
- Add NodeAddWithArch() method to add a node with a specific arch
- lxd/backup/backup/instance/config: Adds instance config backup.yml tools
- lxd/api/internal: Removes slurpBackupFile and switches to backup.ParseInstanceConfigYamlFile
- lxd/backup: Removes backupFixStoragePool
- lxd/containers/post: Updates instanceCreateFromBackup usage
- lxd/container: Updates instanceCreateFromBackup signature
- lxd/backup/backup/instance/config: UpdateInstanceConfigStoragePool no longer updates snapshots backup.yaml
- lxd: Comment improvements
- lxd/containers/post: Adds storage pool check to createFromBackup
- lxd/container: Removes storage pool check from instanceCreateFromBackup
- lxd/backup/backup: Removes squashfs handling from GetInfo
- lxd/container: Removes squashfs handling from instanceCreateBackup
- lxd/containers/post: Moves backup restore squashfs handling to createFromBackup
- Document container launch algorithm on cluster
- lxd/storage/utils: Adds InstanceContentType
- lxd/container/post: Cleans up createFromMigration
- lxd/storage/zfs: Fix pool import
- lxd/container/lxc: Updates use of backupFile to backup.InstanceConfig
- lxd/storage/backend/lxd: Implements CreateInstanceFromBackup
- lxd/storage: Updates CreateInstanceFromBackup signature
- lxd/container: Updates instanceCreateFromBackup to use new storage pkg
- lxd/containers/post: Updates instanceCreateFromBackup usage with hooks
- lxd/backup/backup/instance/config: Updates UpdateInstanceConfigStoragePool to take mount path
- lxd/container: Updates backup.UpdateInstanceConfigStoragePool usage
- lxd/storage/backend/lxd: Switches to InstanceContentType function
- lxd/storage/drivers/interface: RestoreBackupVolume signature
- lxd/storage/drivers/driver/cephfs: RestoreBackupVolume placeholder
- lxd/storage/drivers/driver/dir: Moves initial project quota setup to own function
- lxd/storage/drivers/driver/dir: Implements RestoreBackupVolume
- lxd/containers/post: Pass state to migration Do function
- lxd/migrate/container: Restructure of migrationSink.Do()
- lxd/migrate/storage/volumes: Comment restructure
- lxd: Pass instance type to instanceLoadNodeAll
- lxd/vm: Tweak default memory
- lxd/vm: Add a virtio graphics card
- lxd/vm: Add ringbuffer on vserial
- lxd-agent: Add vserial state notification
- lxd/qmp: Introduce new QMP wrapper
- tests: Add lxd/qmp to golint
- lxd/vm: Port to new qmp package
- lxd/vm: Don't start or reboot the VM
- lxd/vm: Use agent detection from QMP
- lxd/vm: Restart monitor on startup
- lxd/vm: Use shared ringbuf size definition
- lxd/vm: Implement freeze/unfreeze
- lxd/vm: Privileged mode doesn't apply
- client: Add agent version of DeleteInstanceFile
- lxd/vm: Add FileRemove support
- lxd/seccomp: Fix golint
- lxd/daemon: Don't block on RBAC
- lxd/storage/backend/lxd: Fixes comments
- lxd/storage/backend/lxd: Adds symlink and revert support to CreateInstanceFromMigration
- lxd/storage/backend/lxd: Adds optimised migration over image support to CreateInstanceFromMigration
- lxd/migrate/container: Links migrationSink.Do to new storage pkg
- lxd/containers/post: Links createFromMigration to new storage pkg
- lxd/cluster: More reliable event delivery
- lxd/response: Coding style
- lxd/operations: Use ForwardedResponse
- lxd/images: Coding style
- lxd/cluster: Coding style
- lxd: Tweak cluster.Connect calls
- lxd/container/post: Returns instances resources from containerPost
- lxd/migrate/container: Removes duplicated instance type checks from migrationSourceWs.Do
- lxd: Removes dependency on instance.DaemonState() from migrationSourceWs
- lxd/storage: Removes DaemonState() from pool interface
- lxd/migrate/storage/volumes: Removes unrelated comment
- lxd/migrate/container: Restructures migrationSourceWs.Do() ready for new storage layer.
- lxd/storage: Properly handle driver config changes
- lxd/storage/backend/lxd: Comment typos
- lxd/storage/drivers/drive/dir: Add support for 2-phase migration
- lxd/migration/migration/volumes: Adds Live property to VolumeTargetArgs
- lxd/migrate/container: Add support for 2-phase sync in migrationSink.Do()
- lxd/migrate/container: Sends refresh request indicator in migration response header
- lxd/rsync/rsync: Adds more info to error returned in sendSetup
- lxd/storage/drivers: Adds Config() function to return read-only copy of pool config
- lxd/container/post: Minor cleanup and instance info output in containerPost
- lxd/migrate/container: Links migrationSourceWs.Do to new storage pkg
- lxd/migration/migration/volumes: Adds FinalSync bool to VolumeSourceArgs
- lxd/storage/backend/lxd: Adds sanity check to MigrateInstance during FinalSync
- lxc/copy: Updates copyContainer to not modify volatile.idmap.next
- lxd/util: Add HasFilesystem
- lxd: Detect built-in shiftfs too
- api: Add image_profiles extension
- shared/api: Add image profiles
- lxc/image: Add support for image profiles
- lxd/db: Add images_profiles table
- lxd/images: Add support for image profiles
- doc/image-handling: Add image profiles
- lxd/cluster: Fix handling of ceph/cephfs on join
- tests: Always use force with stop/restart
- tests: Tighten sleep calls
- lxc/storage: Fix template apply on cross-pool copy
- tests: Add tests for image profiles
- tests: Respect projects in ensure_import_testimage
- i18n: Update translation template
- lxd/storage/drivers/driver/types: Moves Info definition and adds VolumeFiller type
- lxd/storage/drivers/load: Removes non-load related types from this file
- lxd/storage/drivers/interface: Updates CreateVolumeFromMigration and CreateVolume to use VolumeFiller
- lxd/storage/drivers/driver/cephfs: Updates CreateVolumeFromMigration and CreateVolume to use VolumeFiller
- lxd/storage/drivers/driver/dir: Updates CreateVolume to use VolumeFiller
- lxd/storage/drivers/driver/dir: Updates CreateVolumeFromMigration to accept a pre-VolumeFiller argument
- lxd/storage/backend/lxd: Updates to use VolumeFillers
- lxd/backup: Comment consistency
- lxd/daemon: Adds LXD_SHIFTFS_DISABLE env var to disable shiftfs
- doc/environment: Documents LXD_SHIFTFS_DISABLE env var
- lxd/container/lxc: Updates Export to use new storage pkg for mounting
- shared/containerwriter/container/tar/writer: Fixes bug with rootfs dir not being unshifted
- lxd/vm: Remove default GPU
- lxd/vm: Update comment
- lxd/vm: Record power state
- lxd/container/lxc: Unexport storageStartSensitive
- lxd/vm/qemu: Makes mount and unmount functions behave the same as containerLXC's
- lxd/storage/backend/lxd: Fixes MountInstanceSnapshot/UnmountInstanceSnapshot functions
- lxd/container/lxc: Links to new storage pkg
- lxd/container/lxc: Updates containerLXCCreate to init new storage layer
- lxd/container/lxc: Updates initStorage to warn if init old storage layer when new layer is running
- lxd/container/lxc: Updates Delete to not use old storage layer when using new storage layer
- lxd/container/lxc: Updates Update() to detect whether to write backup file without using old storage layer
- lxd/container/lxc: Updates Migrate to access PreservesInodes from old and new storage layers
- lxd/vm: Don't use named return variables
- lxd/resources: Port to new storage API
- lxd/storage: Fix new storage API handling for snapshots
- lxd/storage: Remove legacy cephfs implementation
- lxd/storage/cephfs: Use all monitors on mount
- lxd/storage: List VM volumes in UsedBy
- lxd/storage: Fix UsedBy with projects
- Enable SQLITE_CONFIG_MULTITHREAD
- tests: Don't use fixed timestamp
- lxd/forkdns: Fix help message
- lxd/forkdns: Fix logging
- lxd/forkdns: Use clean request messages
- tests: Fix security test on non-shiftfs
- lxd/vmqemu: Moves vmqemu files into sub folder for their own package
- lxd/instance/vmqemu/vm/qemu: Updates VMQemu to exist in own package
- lxd/instance/vqemu/vm/qemu/cmd: Updates to be in own package
- lxd/networks: networkGetLeaseAddresses into instance package
- lxd/backup/backup: Adds New() function
- lxd: Moves instance load and instance validation functions into instance pkg
- lxd/vm: Rename vmqemu to qemu
- lxd/vm: Move qmp under qemu
- lxd/container: Fix comment
- lxd/vm: Remove reference to container
- lxd/networks: Simplify instance hwaddr logic
- tests: Really fix non-shiftfs security test
- lxc/image: Rename ARCH to ARCHITECTURE
- i18n: Update translation templates
- lxd/instance/qemu: Sets log file to qemu.log
- lxd/storage/cephfs: Fix rsync migration
- lxd/container: Cleanup mount logic
- lxd/container: Remove unused initStorage
- lxd/import: Fix handling of new drivers
- lxd/backup: Fix backup creation on new drivers
- lxd/storage/zfs: Use StoragePool to get pool name
- tests: Remove pointless loop/check
- tests: Test copy on cephfs
- Rename database_update.sh to database.sh
- Don't retry in case of generic I/O errors
- Add test_database_no_disk_space
- lxd: Fix backup handling with hyphenated names
- test/suites/backup: Test hyphenated instance names
- lxd/cgroup: Add basic cgroup abstraction
- lxd/container: Add wrapper for cgroup abstraction
- lxd/container: Port pids.max to cgroup abstraction
- tests: Always pass --force
- tests: Use lazy unmount in DB test
- lxd/instance: Split instance image resolving
- lxd/state: Expose proxy function
- lxd/container: Don't crash test on differing state
- shared/simplestreams: Implement GetAliasArchitectures
- client: Add arch-dependent aliases
- client: Add caching options
- lxd/instance: Implement SuitableArchitectures
- shared/simplestreams: Implement caching support
- client: Setup caching for simplestreams
- lxd/daemon: Remove custom cache implementation
- lxd/daemon: Port daemon storage to new functions
- Improve build-from-source instructions to be clearer and also cover building a specific release of LXD.
- lxd/{device,networks,util}: Move Sysctl to util from device and change usage
- lxd/{firewall,iptables}: Introduce firewall interface and xtables implementation, add firewall interface to static analysis
- lxd/{daemon,state}: Firewall struct added to daemon and state
- lxd/{device,networks}: Switch from iptables to xtables through firewall interface
- tests: Don't leak storage in ENOSPC test
- lxd/db: Rename ContainerNames to InstanceNames
- cgroups: pre-mount on pure-cgroup2 systems with cgroup namespaces
- lxd/iptables: Fix ebtables handling regression
- lxd/storage: Port volume attach/detach
- lxd/storage: Store pool db entry in backend
- lxd/storage/drivers: Implement Update/Validate
- lxd/storage: Implement pool updates
- lxd/storage: Port pool update to new functions
- lxd/main/forkdns: Adds recursion desired comment that got removed during refactor
- lxd/instance/qemu/vm/qemu: Adds -no-user-config to qemu start flags
- lxd/instance/qemu/vm/qemu: Adds chroot flag to qemu start up command
- lxd/{test,cgroup}: Add cgroup package to static analysis tests
- daemon: log cgroup layout on startup
- lxd/instance/qemu/vm/qemu: Implements deviceAdd and deviceRemove
- shared/simplestreams: Only write cache if configured
- lxd/vm: Reduce 9p mount access
- lxd/sys: Expose UnprivUser/UnprivUID
- lxd/networks: Port to os.UnprivUser
- lxd/instance/qemu/vm/qemu: Adds -runas flag to qemu
- lxd/db: Add missing unique key
- lxd/db: Add upgrade logic for UNIQUE fix
- lxc/cgroup: Fix bad error handling
- lxd/storage: Create image volume DB entry
- lxd/images: Port to new storage functions
- lxd/storage: Move storage_cgo.go to drivers package
- lxd/storage/drivers: Add FS and mount functions
- lxd: Use FS and mount functions from drivers package
- lxd/storage: Remove FS and mount functions
- Add basic bridge documentation
- lxd: Mark container snapshots as such
- lxd/storage/locking: New storage locking package
- lxd/storage: Lock image creation
- lxd/backup: Rename HasBinaryFormat to OptimizedStorage
- lxd/storage/drivers: Update RestoreBackupVolume signature
- lxd/storage: Update call to RestoreBackupVolume
- test/suites: Satisfy shellcheck
- lxd/storage: Add refresh to MigrationTypes
- lxd/storage/drivers: Add refresh to MigrationTypes
- lxd: Update call to MigrationTypes
- shared: Implemented Background Process Manager
- shared: Implemented Background Process Manager tests
- lxd/storage/drivers: Always pass Volume argument
- lxd/storage/drivers: Use new driver interface
- lxd/storage: Always pass Volume to drivers
- lxd/storage: Removes unnecessary argument in backendLXD.create()
- lxd/storage/backend/lxd: Comment on function description
- lxd/storage/backend/lxd: Implements UpdateInstance
- lxd/storage/backend/lxd: Implements UpdateImage
- lxd/storage/backend/lxd: Adds detectChangedConfig and updates usage
- lxd/storage/backend/lxd: Switches to StoragePoolVolumeUpdateByProject
- lxd/db/storage/pools: Replaces StoragePoolVolumeUpdate with StoragePoolVolumeUpdateByProject
- lxd/storage/volumes: Updates storagePoolVolumeTypePut to be project aware
- lxd/storage/pool/interface: Adds Update functions for volumes
- lxd/storage/drivers/driver/common: Only allow size property on custom volumes
- lxd/storage/backend/mock: Adds Update functions for volumes
- lxd: Updates StoragePoolVolumeUpdateByProject usage
- lxd/storage/backend/lxd: Updates Update() to use detectChangedConfig()
- lxd/storage/backend/lxd: Implements UpdateInstanceSnapshot
- lxd/storage/backend/lxd: Adds updateVolumeDescriptionOnly
- lxd/storage/backend/lxd: Adds UpdateCustomVolumeSnapshot
- lxd/storage/volumes/snapshot: Updates storagePoolVolumeSnapshotTypePut to use new storage pkg
- lxd/cgroup: Additional resource get/set functions through cgroup abstraction layer
- lxd/{container_lxc, cgroup}: Use abstraction layer functions for cgroup V1 functionality
- lxd/cgroup: Return ErrControllerMissing on incomplete V2
- lxd/storage/dir: Use MountPath
- lxd/storage/dir: Move vfsResources
- lxd/storage/common: Add vfsRenameVolume
- lxd/storage/common: Add vfsVolumeSnapshots
- lxd/storage/common: Add vfsRenameVolumeSnapshot
- lxd/storage/common: Simplify vfsRenameVolume
- lxd/storage: Add createParentSnapshotDirIfMissing
- doc: Add new developer guide to contributing.md
- lxd/storage/cephfs: Cleanup driver
- lxd/storage: Rename RestoreBackupVolume to CreateVolumeFromBackup
- lxd/storage/dir: Cleanup driver
- lxc/storage/utils: Updates validateVolumeCommonRules to accept volume argument
- lxd/storage/drivers/volume: Exposes BlockBacking property from storage driver via IsBlockBacked()
- lxd/storage: Updates commonVolRulesFunc usage
- lxd: Fix order of cgroup initialization
- lxd/storage/backend/lxd: Adds protection against updating volume properties that cant be changed
- lxd/storage/drivers/volume: Exposes volume type and content type of Volume
- lxd/storage/utils: Improves common volume validation
- lxd/db/storage/pools: Adds StoragePoolNodeVolumeGetTypeIDByProject
- lxd/storage/utils: Makes VolumeDBCreate project aware
- lxd/storage/volumes/utils: Updates usage of VolumeDBCreate
- lxd/storage/backend/lxd: Updates usage of VolumeDBCreate
- lxd/storage/backend/lxd: Adds instanceRootVolumeConfig
- lxd/storage/backend/lxd: Updates to use instanceRootVolumeConfig
- lxd/storage/backend/lxd: Switches to use StoragePoolNodeVolumeGetTypeByProject
- lxd/storage/backend/lxd: Fixed UpdateInstance's incorrect used volStorageName for DB queries
- lxd/storage/drivers: Re-order utils
- lxd/storage: Move BaseDirectories to drivers
- lxd/storage/cephfs: Don't hardcode directory names
- lxd/storage/cephfs: Simplify Delete
- shared: Handle btrfs in IsMountPoint
- lxd/storage: Allow deletion of missing pools
- lxd/storage/dir: Move MigrateVolume to common
- lxd/storage/drivers/interface: Changes load() definition as no longer returns error
- lxd/storage/drivers/common: Removes calling driver's load() func from init()
- lxd/storage/drivers/load: Calls driver's load() function from main loader
- lxd/storage/drivers/driver/cephfs: Fix typo in tool detection
- lxd/storage/cephfs: Use common functions
- lxd/storage/common: Add vfsHasVolume
- lxd/storage/common: Add vfsGetVolumeDiskPath
- lxd/storage: Always init driver with state/logger
- lxd/storage: Replace CreateMountPath with EnsureMountPath
- lxd/storage/cephfs: Use helper functions
- lxd/storage/dir: Use helper functions
- lxd/cgroups: enable cgroup2 limit support
- lxd/storage: Pass state to SupportedDrivers
- lxd/storage: Expand volume config in newVolume
- lxd/storage/drivers: Use expanded config
- lxd/storage/drivers: Don't hardcode default block size
- lxd/storage/drivers/interface: Comments on pool mount/unmount definitions
- shared/util: Adds comment to TryRunCommand
- lxd/storage/backend/lxd: Fixes bug with non-project aware vol storage name in RenameInstance
- lxd/storage/drivers/utils: Removes implication of project awareness from driver mount point helpers
- lxd/storage/drivers: Move ensureVolumeBlockFile to utils
- lxd/storage: Split out backup unpack logic
- lxd/storage/dir: Fix for consistency
- lxd/storage/utils: Removes mount helper functions
- lx/storage/utils: Adds legacy mount functions to main pkg
- lxd/storage/drivers/utils: Unexports mount helper funcs except TryMount/TryUnmount
- lxd/patches: Updates to use TryMount/TryUnmount from storage/drivers pkg
- lxd/storage/drivers/driver/cephfs: TryMount usage
- lxd/storage/drivers/driver/dir: TryMount usage
- lxd/storage/btrfs: Updates to use unexported legacy mount functions
- lxd/storage/ceph: Updates to use legacy unexported mount functions, except TryMount/TryUnmount
- lxd/storage/lvm: Updates to use legacy unexported mount functions, except TryMount/TryUnmount
- lxd/storage/zfs/utils: Consistent import name for storage/drivers pkg
- lxd/storage/drivers: Export Name and Logger
- lxd/storage/drivers: Introduce genericCopyVolume
- lxd/storage/drivers: Introduce genericCreateVolumeFromMigration
- lxd/storage/drivers: Simplify genericBackupUnpack
- lxd/backup: Adds check for supported instance type when loading storage pool
- lxd/container: Adds check for supported instance type when restoring backup
- lxd/container/lxc: Adds check for supported instance type when loading storage pool
- lxd/migrate/container: Adds check for supported instance type when loading storage pool
- lxd/storage/drivers: Introduce vfsBackupVolume
- lxd/storage/drivers: Rename driver_cgo to utils_cgo
- lxd/storage/drivers: Add releaseLoopDev
- lxd/storage/utils: Improve error handling in forceUnmount
- lxd/storage/utils: Add fsUUID
- lxd/storage/utils: Add tryExists
- lxd/storage/utils: Add hasFilesystem
- lxd/storage/drivers: Add btrfs
- tests: Update exclusion for btrfs
- Update /operations endpoint API doc
- lxd/revert: Adds revert helper package for running revert functions in reverse order
- lxd/revert/revert/test: Adds revert tests
- lxd/storage/backend/lxd: Updates to use revert pkg rather than custom revertFuncs slice
- lxd/storage/drivers/driver/dir: Updates to use revert pkg rather than custom revertFuncs slice
- lxd/storage/drivers/driver/btrfs/volumes: Switches to revert pkg for CreateVolumeFromBackup
- lxd/storage/drivers/generic: Switches to revert pkg for genericBackupUnpack
- lxd/storage/utils: Clarifies comment on ImageUnpack
- lxd/storage/backend/lxd: Typo in error
- lxd/storage/memorypipe: Increases channel buffer size to allow Close() cleanup
- lxd/storage/backend/lxd: Close migration send end when error occurs
- lxd/storage/drivers/volume: Differentiates between volume config and pool config
- lxd/storage/backend/lxd: Removes expansion of pool's volume config into volume config in newVolume()
- lxd/storage/backend/lxd: Updates CreateCustomVolumeFromMigration to use Volume.Config() to create DB record
- lxd/storage/utils: drivers.NewVolume usage
- lxd/storage/drivers/driver/cephfs/volumes: drivers.NewVolume usage
- lxd/storage/drivers/driver/cephfs/volumes: vol.ExpandedConfig usage
- lxd/storage/drivers/driver/cephfs/volumes: Comments
- lxd/storage/drivers/driver/dir/utils: vol.ExpandedConfig usage
- lxd/storage/drivers/driver/dir/volumes: Comments
- lxd/storage/drivers/generic: NewVolume usage
- lxd/storage/drivers/utils: vol.ExpandedConfig usage
- lxd/storage/backend/lxd: Ensures VolumeDBCreate uses config from the Volume and not the request
- lxd/storage/drivers/driver/btrfs/volumes: Fixes usage of NewVolume
- Use JSON markdown blocks in docs
- cgroup: shortcut cgroup2 only layouts
- cgroups: detect blkio.bfq.weight knob
- lxd/instances: Export FillNetworkDevice
- doc/networks: Clarify raw.dnsmasq
- lxc-to-lxd: Set useragent
- lxd-p2c: Set useragent
- lxd: Always set user agent
- shared: Set user-agent in GetRemoteCertificate
- lxd/storage/drivers: Rename applyQuota to initVolume
- lxd/storage/drivers: Fix bad ExpandedConfig
- lxd/storage: Include size in instance update
- lxd/device/nic/routed: Improves IPv6 forwarding and proxy_ndp sysctl detection
- doc/instances: Updates routed nic sysctl requirements
- tests: Updates routed nic tests to enable proxy_ndp on all interfaces
- lxd/storage/backend/lxd: Switches create to use revert package
- lxd/storage/drivers/generic: Uses revert package on genericCreateVolumeFromMigration
- lxd/storage/drivers/generic: Adds refresh arg to genericCopyVolume
- lxd/storage/drivers: genericCopyVolume updated usage for refresh arg
- lxd/storage/drivers/driver/dir/volumes: Use SetVolumeQuota from UpdateVolume
- lxd/storage/backend/lxd: Makes specific lock name for volume EnsureImage action
- lxd/storage/drivers/volume: Adds UnmountTask function
- lxd/storage/drivers/utils: Adds volume filesystem shrink and grow functions
- lxd/storage/drivers/errors: Adds "not supported" error type
- lxd/container/lxc: Detects storage drivers that dont support volume usage stats
- tests: Don't leak CEPH pools
- lxd/storage: Set contentType during image deletion
- lxd/storage/drivers/generic: Improves genericBackupUnpack
- lxd/revert: Adds Clone function to revert
- lxd/storage/drivers/utils: Comments on wipeDirectory
- lxd/containers/post: Improves comment in createFromBackup
- lxd/storage/backend/lxd: Adds error checking to MountTask in CreateInstanceFromBackup
- lxd/storage/pool/interface: Adds UpdateInstanceBackupFile
- lxd/storage/backend/mock: Adds UpdateInstanceBackupFile
- lxd/storage/backend/lxd: Implements UpdateInstanceBackupFile
- lxd/instance/instance/interface: Adds UpdateBackupFile
- lxd/instance/qemu/vm/qemu: Implements UpdateBackupFile
- lxd/container/lxc: Implements UpdateBackupFile
- lxd/container: Switches to inst.UpdateBackupFile()
- lxd/container/lxc: Switches to inst.UpdateBackupFile()
- lxd/instance/instance/utils: Deprecates WriteBackupFile function
- lxd/instance/qemu/vm/qemu: UpdateBackupFile usage
- lxd/storage: Support deleting snapshots during restore
- lxd/images: Fix clustering handling on delete
- tests: Remove un-needed image volume delete
- lxd/storage: Update driver cache for new drivers
- Improve websocket doc in container exec
- lxd/qemu: Fix multiple NICs
- lxd/storage/drivers/volume: Adds DefaultFilesystem constant of ext4
- lxd/storage/utils: Uses DefaultFilesystem in VolumeFillDefault
- lxd/storage/backend/lxd: Updates EnsureImage to detech filesystem changes and regenerate
- lxd/storage/drivers/utils: Comment on shrinkFileSystem
- lxd/storage/drivers/utils: Mounts btrfs filesystems during shrinkFileSystem
- lxd/storage/drivers/utils: Adds regenerateFilesystemUUID functions
- lxd/storage/drivers: Use standard errors
- lxd/storage/btrfs: Disable send/receive inside containers
- lxd/init: Support new storage drivers
- lxd/storage/drivers: Use standard errors
- lxd/storage/btrfs: Disable send/receive inside containers
- lxd/init: Support new storage drivers
- lxd/migration: Improve multi-pass transfers
- lxd/storage: Pass VolumeSourceArgs as pointer
- lxd/storage: Port "zfs" to new driver logic
- tests: Add zfs to list of new drivers
- lxd/storage/backend/lxd: Applies root disk quota as part of backup import post hook
- lxd/storage/backend/lxd: Adds errors.Wrapf around os. and unix. function errors
- lxd/storage/drivers/driver/btrfs/volumes: tmpVolSuffix usage
- lxd/storage/drivers/volume: Adds tmpVolSuffix const
- lxd/storage/drivers/utils: Adds errors.Wrapf to mount/unmount functions
- lxd/storage/drivers/utils: Adds renegerateFilesystemUUIDNeeded
- lxd/storage/backend/lxd: Triggers backup file update in BackupInstance and and RenameInstanceSnapshot
- lxd/storage/backend/lxd: Improves revert in RenameInstance
- lxd/storage/drivers: Fix comments
- tests: Fix storage_compatible for zfs
- lxd/storage/drivers/generic: Adds EnsureMount path calls after mounting volumes
- lxd/device/disk: Defer instance type check until start time for cloud-init config drive
- lxd/migrate/container: Merges duplicate multi sync logic and adds comments
- lxd/storage/drivers/volume: Adds NewVMBlockFilesystemVolume and IsVMBlock functions
- lxd/storage/drivers/driver/zfs/volumes: VM block function usage
- lxd/storage/drivers/driver/zfs/utils: Removes unused checkVMBlock
- lxd/storage/pools: Support non-default project in storagePoolDelete
- lxd/device/device/instance: Removes interface in place of instance.Instance
- lxd/container: Replaces device.Instance with instance.Instance
- lxd/storage: Replaces device.Instance with instance.Instance
- lxd/device: Replaces device.Instance with instance.Instance
- lxd/device: Renames d.instance to d.inst to avoid conflicts with instance package
- lxd/storage: Updates storageRootFSApplyQuota to support VMs
- lxd/device/disk: Allow VM disks to be updated
- lxd/storage/drivers/utils: Adds copyDevice function
- lxd/storage/drivers: Filler logging
- lxd/storage/drivers/generic: Updates genericCopyVolume to be VM block aware using copyDevice
- client/lxd/instances: Sends instance type when copying instances
- lxc: Don't use instance when referring to server
- lxc: Rename container to instance
- lxc/info: Fix VM support
- i18n: Update translation templates
- lxd/storage/zfs: Fix set on 0.6
- lxd/storage/drivers: Use errors.Wrap
- lxd/storage/drivers: Wrap os/ioutil calls
- api: Add clustering_architecture extension
- shared/api: Add Architecture to ClusterMember
- lxd/db: Add Architecture to NodeInfo
- lxd/cluster: Track member architecture
- lxc/cluster: Add architecture column in list
- lxd/storage/backend/lxd: Add project support to GetInstanceUsage
- lxd/storage/utils: Removes default volume size from VolumeFillDefault
- test/suites/storage: Updates LVM quota tests to take into account new SI units conversion
- test/suites/backup: Fixes issue with import testing with LVM
- tests: Add lvm to list of new drivers
- lxd/storage/ceph: Fix volume size handling
- lxd/storage/drivers/utils: Adds loopFilePath function
- lxd/storage/drivers: Replace repetitive loop path generation with call to loopFilePath
- lxd/storage/drivers/load: Enables LVM driver
- lxd/db: Silence normal sql errors
- lxd/db: Fix image profile copying logic
- lxd/util: IsAddressCovered takes into account host names
- lxd/db: Add archs filter to ClusterTx.NodeWithLeastContainers()
- lxd/instance: make SuitableArchitectures handle snapshots too
- lxd/containers_post.go: Use cluster architecture in placement
- lxd/db: Ensure zfs.pool_name is set
- lxd/storage/drivers/lvm: LVM driver implementation
- lxd/containers: Use 'instance' key in templates
- lxc: Fix typo
- lxc: Bump examples to 18.04
- i18n: Update translation templates
- doc: s/container/instance/
- doc: Bump releases in examples
- doc/rest-api: Cover the three instance endpoints
- lxd/instance/qemu/vm/qemu: Adds running disk usage stats to disk state
- lxd/storage/backend/lxd: Adds VM support to GetInstanceUsage
- lxd/container: Adds VM support to instanceCreateAsSnapshot
- lxd/container/snapshot: Adds VM support to containerSnapshotHandler
- lxd/migration/migration/volumes: Fixes crash when storage driver has no transfer methods
- lxd/storage/drivers/driver/common: Adds VM support for migration types
- lxd/storage/drivers/driver/lvm: Adds VM support
- lxd/storage/drivers/drivers/lvm/utils: VM support
- lxd/storage/drivers/drivers/lvm/volumes: VM support
- lxd/instances: Fix creation from simplestreams
- lxd/db: Fix multi-arch cached images
- lxd/storage/drivers: Rename drivers_ to driver_
- lxd/storage/drivers: Implement patch mechanism
- lxd/storage: Add patch mechanism to backend
- lxd/patches: Add storage_create_vm
- Skip updating instances and profiles not using a volume being renamed
- i18n: Update translations from weblate
- lxd/storage/btrfs: Fix usage inside containers
- lxd/storage/backend/lxd: Validate config on pool create
- shared/instance: Adds IsSize to validate size strings
- lxd/storage/pools/config: Removes old LVM validation from storagePoolValidateConfig
- lxd/storage/utils: shared.IsSize usage
- lxd/storage/load: commonRules usage
- lxd/storage/utils: commonRules usage
- lxd/storage/drivers/load: Adds Validators type for common rules
- lxd/storage/drivers/interface: commonRules usage
- lxd/storage/drivers: Call d.validatePool in Validate function
- lxd/storage/drivers/drivers/common: Updates for commonRules
- lxd/storage/drivera/driver/common: Adds validatePool function
- lxd/storage/drivers/driver/dir/utils: commonRules usage
- lxd/storage/drivers/driver/btrfs: pool validation
- lxd/storage/drivers/driver/zfs: pool validation
- lxd/storage/drivers/driver/cephfs: pool validation
- lxd/storage/drivers/driver/common: Improved error messages in validatePool and validateVolume
- lxd/storage/pools: Fixes empty values for non-compat pools in storagePoolClusterConfigForEtag
- lxd/storage/pools/config: shared.IsSize usage
- lxd/storage/pools/config: comment
- lxd/storage/drivers/driver/lvm: Adds validation
- doc/api-extension: Fix formatting
- api: Add resources_disk_id extension
- shared/api: Add device_id to resources
- lxd/resources: Add device_id
- lxd/storage/drivers/driver/lvm: Adds stripe validation
- lxd/storage/pools/config: Adds volume.lvm.stripes and volume.lvm.stripes.size to pool validation
- lxd/storage/drivers/driver/lvm/utils: Updates createDefaultThinPool to support stripes
- lxd/storage/drivers/driver/lvm/utils: Updates createLogicalVolume to support stripes
- doc/storage: Documents storage_lvm_stripes options
- doc/api-extensions: trim whitespace
- doc/api-extensions: Adds storage_lvm_stripes
- shared/version/api: Adds storage_lvm_stripes extension
- lxd/storage/btrfs: Fix bad check
- lxd/containers: Properly setup cgroup writer
- lxd/cgroup: Fix memory limit handling
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 3.18 リリースのお知らせ¶
2nd of October 2019
はじめに ¶
LXD チームは、LXD 3.18 のリリースをお知らせすることにとてもワクワクしています!
このリリースには、今後の LXD リリースでコンテナと同時に仮想マシンをサポートするための実装に必要な多数の事前作業が含まれています。LXD 3.18 には、仮想マシンを扱えるように、多数の API の追加と Go クライアントと cli ツールへの変更が含まれています。
この変更のほとんどは、API と内部コードベース内の containers を、コンテナと仮想マシンの両方を包含する、より一般的な instances へゆっくり置き換えていくものです。
この作業の大部分は、現在の普通のユーザーには見えないものです。すべて完全に下位互換性をもたせるために行っており、古い API クライアントは通常通り動作し続けます。
すぐに使える改良点としては、このリリースでは、より多くのディスク情報を公開できるようにリソース API を拡張しました。また、イメージの有効期限を変更する機能を追加し、新しいクラスタリングのロールメカニズムに変更し、Fan ネットワークを使っている場合により多くの設定ができるようになりました。
Enjoy!
新機能 ¶
新しい /1.0/instances エンドポイント ¶
仮想マシンサポートへの一環で、現在の /1.0/containers API は /1.0/instances API への置き換えを行い、コンテナと仮想マシンの両方を返すようにしました。この新しい API エンドポイントの構造は(従来と)同じで、以前のエンドポイントは新しいものの上にある単なるタイプのフィルターになっています(訳注: コンテナタイプのインスタンスのみを返すフィルター)。
一貫性を保つため、仮想マシンサポートの準備ができた際には、/1.0/virtual-machine エンドポイントも提供します。これも同様に /1.0/instances に対するタイプフィルターとし、仮想マシンのみを返すようにします。
この作業の一環として、Go クライアントパッケージも変更され、すべて /1.0/instances エンドポイントに対する新しい関数が含まれるように変更されました。そして新しい API が使えるかどうかも検出し、古い LXD サーバーと通信する際には古い API にフォールバックします。
コマンドラインツール(lxc)は、これらの新しい関数を使用するように更新されました。
VM イメージ保存のサポート ¶
LXD のこのバージョンのリリースで、既に仮想マシンイメージが利用可能になっている他の LXD サーバーや simplestream サーバーの仮想マシンイメージを検索できるようになりました。
現時点で、このようなイメージを持つサーバはふたつだけで ubuntu: と ubuntu-daily: です。
stgraber@castiana:~$ lxc image list ubuntu: serial=20190918 release=bionic architecture=amd64 +-------------+--------------+--------+---------------------------------------------+--------+-----------------+----------+-------------------------------+ | ALIAS | FINGERPRINT | PUBLIC | DESCRIPTION | ARCH | TYPE | SIZE | UPLOAD DATE | +-------------+--------------+--------+---------------------------------------------+--------+-----------------+----------+-------------------------------+ | b (11 more) | 8d1e0577b1d1 | yes | ubuntu 18.04 LTS amd64 (release) (20190918) | x86_64 | VIRTUAL-MACHINE | 328.25MB | Sep 18, 2019 at 12:00am (UTC) | +-------------+--------------+--------+---------------------------------------------+--------+-----------------+----------+-------------------------------+ | b (11 more) | 9ff5784302bf | yes | ubuntu 18.04 LTS amd64 (release) (20190918) | x86_64 | CONTAINER | 177.98MB | Sep 18, 2019 at 12:00am (UTC) | +-------------+--------------+--------+---------------------------------------------+--------+-----------------+----------+-------------------------------+ | | be760b6a51a0 | yes | ubuntu 18.04 LTS amd64 (release) (20190918) | x86_64 | CONTAINER | 141.19MB | Sep 18, 2019 at 12:00am (UTC) | +-------------+--------------+--------+---------------------------------------------+--------+-----------------+----------+-------------------------------+
上の例で、3 つの同じバージョンのイメージがあります。最初のイメージは qcow2 の仮想マシンイメージ、ふたつめは squashfs 形式のコンテナイメージ、3 つめは tar.xz 形式のコンテナイメージです。
VM イメージをローカルの LXD サーバーにコピーできます:
stgraber@castiana:~$ lxc image copy ubuntu:b local: --vm --alias b-vm Image copied successfully! stgraber@castiana:~$ lxc image list +-------+--------------+--------+---------------------------------------------+--------+-----------------+----------+-----------------------------+ | ALIAS | FINGERPRINT | PUBLIC | DESCRIPTION | ARCH | TYPE | SIZE | UPLOAD DATE | +-------+--------------+--------+---------------------------------------------+--------+-----------------+----------+-----------------------------+ | b-vm | 8d1e0577b1d1 | no | ubuntu 18.04 LTS amd64 (release) (20190918) | x86_64 | VIRTUAL-MACHINE | 328.25MB | Oct 2, 2019 at 8:22pm (UTC) | +-------+--------------+--------+---------------------------------------------+--------+-----------------+----------+-----------------------------+ | | 0c3ce5efa22e | no | Ubuntu bionic amd64 (20191002_07:42) | x86_64 | CONTAINER | 93.79MB | Oct 2, 2019 at 5:51pm (UTC) | +-------+--------------+--------+---------------------------------------------+--------+-----------------+----------+-----------------------------+
ここで紹介した機能はすでに動作していますが、LXD で仮想マシンが実行できなければ、現時点ではこの機能が特別役に立つとは思っていません。
より多くのディスクリソース情報の提供 ¶
/1.0/resources API の storage セクションが拡張され、ディスクのさまざまな情報を提供できるようになりました。次のような情報を含みます:
- ファームウェアバージョン
- デバイスパス
- シリアルナンバー
- RPM
- より詳細な
type、CD-ROM ドライブの検出を含みます
システム上の色々なドライブ情報の出力例です:
root@lantea:~# lxc query /1.0/resources | jq .storage
{
"disks": [
{
"block_size": 512,
"device": "8:0",
"device_path": "pci-0000:05:00.0-sas-phy0-lun-0",
"firmware_version": "05.00K05",
"id": "sda",
"model": "WDC WD1001FALS-0",
"numa_node": 0,
"partitions": [],
"read_only": false,
"removable": false,
"rpm": 7200,
"serial": "WD-WMATV0861474",
"size": 1000204886016,
"type": "sata"
},
{
"block_size": 512,
"device": "8:16",
"device_path": "pci-0000:05:00.0-sas-phy1-lun-0",
"firmware_version": "05.00K05",
"id": "sdb",
"model": "WDC WD1001FALS-0",
"numa_node": 0,
"partitions": [],
"read_only": false,
"removable": false,
"rpm": 7200,
"serial": "WD-WMATV0724608",
"size": 1000204886016,
"type": "sata"
},
{
"block_size": 512,
"device": "8:32",
"device_path": "pci-0000:05:00.0-sas-phy2-lun-0",
"firmware_version": "CC45",
"id": "sdc",
"model": "ST33000651AS",
"numa_node": 0,
"partitions": [],
"read_only": false,
"removable": false,
"rpm": 7200,
"serial": "Z2912RXB",
"size": 3000592982016,
"type": "sata"
},
{
"block_size": 4096,
"device": "8:48",
"device_path": "pci-0000:05:00.0-sas-phy3-lun-0",
"firmware_version": "CC27",
"id": "sdd",
"model": "ST3000DM001-1CH1",
"numa_node": 0,
"partitions": [],
"read_only": false,
"removable": false,
"rpm": 7200,
"serial": "W1F46QP2",
"size": 3000592982016,
"type": "sata"
},
{
"block_size": 512,
"device": "8:64",
"device_path": "pci-0000:00:1f.2-ata-1",
"firmware_version": "EXT0CB6Q",
"id": "sde",
"model": "Samsung SSD 840",
"numa_node": 0,
"partitions": [],
"read_only": false,
"removable": false,
"rpm": 0,
"serial": "S1D5NSCF560605W",
"size": 120034123776,
"type": "sata"
},
{
"block_size": 512,
"device": "8:80",
"device_path": "pci-0000:00:1f.2-ata-2",
"firmware_version": "300i",
"id": "sdf",
"model": "INTEL SSDSC2CT12",
"numa_node": 0,
"partitions": [
{
"device": "8:81",
"id": "sdf1",
"partition": 1,
"read_only": false,
"size": 120033058304
}
],
"read_only": false,
"removable": false,
"rpm": 0,
"serial": "CVMP213200L8120BGN",
"size": 120034123776,
"type": "sata"
},
{
"block_size": 0,
"device": "11:0",
"device_path": "pci-0000:00:1f.2-ata-3",
"firmware_version": "C108",
"id": "sr0",
"model": "DVD+-RW GSA-H73N",
"numa_node": 0,
"partitions": [],
"read_only": false,
"removable": true,
"rpm": 0,
"size": 1073741312,
"type": "cdrom"
}
],
"total": 8
}
イメージ有効期限の変更 ¶
Austin の The University of Texas の学生からのコントリビューションにより、LXD イメージストア内のイメージの有効期限を編集できるようになりました。
この機能は lxc image edit コマンドから使え、expires_at のタイムスタンプを変更します。
クラスタリングロール ¶
将来的なクラスタリングの作業に備えて、クラスターメンバーのロールをレポートする新しい方法を追加しました。これはメンバーに直接与えられているロールのリストです。現在サポートされている唯一のロールは database であり、クラスターメンバーがデータベースサーバのひとつであることを示しています。
root@lantea:~# lxc cluster show lantea server_name: lantea url: https://[2001:470:b0f8:1016:d250:99ff:fec2:9263]:8443 database: true status: Online message: fully operational roles: - database
この機能は、まもなくふたつの新しいロールの基盤として使われます:
eventhub¶
このロールに属するクラスターメンバーは、他のクラスターメンバーからのイベントを受け取ります。そして、他のイベントハブにイベントを同期します。これにより、各クラスターメンバーが他のすべてのクラスターメンバーに通知するという現在のイベント処理のアプローチが置き換えられます。イベント送信時の CPU 使用率と帯域幅を削減できるでしょう。
database_standby¶
このロールに属するクラスターメンバーは、通常のデータベースメンバーと同様に、ライブデータベースストリームを受け取ります。通常のデータベースメンバーとの違いは、Raft コンセンサスアルゴリズム(分散合意アルゴリズム)の投票メンバーにはならないことです。つまり、データベーストランザクションのコミットに必要な時間を増加させることなく、このようなメンバーを増やせるということです。
このようなスタンバイデータベースノードは、非常にすばやく投票メンバーに昇格できるので、クラスターの耐障害性を増加させ、クラスターデータベースの停止リスクなしでローリングアップデートのようなメンテナンス作業ができるようになります。
Fan モードでの IPv4 設定 ¶
Fan モードのネットワークで次の項目が設定できるようになりました:
- ipv4.dhcp.expiry
- ipv4.firewall
- ipv4.nat
- ipv4.nat.order
バグ修正(翻訳なし) ¶
- api: Add instances extension
- client: Rename ContainerServer to InstanceServer
- client/interfaces: Populate InstanceServer with rest of functions
- client/instances: Add instance related functions
- doc: Initial Github code of conduct
- doc: Initial Github security policy
- doc: Update remaining reference to readthedocs
- doc/index: Point to https://linuxcontainers.org/lxd/docs/master/
- doc/storage: Typo and example fix
- i18n: Update translations from weblate
- i18n: Update translation templates
- lxc: Don't print first-use on init/launch
- lxc: Switch cli tool to use InstanceServer
- lxc: Switch to using client Instance functions
- lxc/exec: Fix usage for --cwd
- lxc/remote: Trailing space in translatable string
- lxd: Add instance interface
- lxd: Add instance-type query param filter to LXD API
- lxd: Add support for InstanceOnly in API requests
- lxd: Add type field to instance API output
- lxd: Make import alias of device config package consistent throughout codebase
- lxd: Migrate storage references to container interface to instance interface
- lxd: Move events to new events package
- lxd: Move operations to its own package
- lxd: Move response to its own package
- lxd: Remove unix cred functions/types and updates usage to ucred package
- lxd: Rename containerLoadByID to instanceLoadById and returns Instance type
- lxd: Rename containerLoadByProjectAndName to instanceLoadByProjectAndName
- lxd: Rename containerLoadNodeAll to instanceLoadNodeAll
- lxd: Rename use of instance package to instancetype package
- lxd: Replace CType with instance.Type
- lxd: Require "ip" be installed
- lxd: Switch over to Instance types
- lxd: Switch to new event structure
- lxd: Update to use seccomp package
- lxd: Update usage of ContainerArgs to InstanceArgs
- lxd: Update usage of ContainerBackupArgs to InstanceBackupArgs
- lxd: Update use of device.Instance interface
- lxd: Update use of ForwardedResponseIfContainerIsRemote to supply instanceType
- lxd: Update use of string instance.Type to int type
- lxd/api: Contructs endpoint alias routes
- lxd/api: Rename container endpoint vars to instance prefix
- lxd/apparmor: Move apparmor into its own package
- lxd/backup: Change container field to instance type
- lxd/cluster/connect: Add instanceType filter to ConnectIfContainerIsRemote
- lxd/cluster/upgrade: Prevent crash if heartbeat occurs before dqlite init
- lxd/config: Allow modifying cluster.https_address
- lxd/containers: Embed the Instance interface into the container interface
- lxd/containers: Remove lxcSupportSeccompNotify
- lxd/containers: Update use of apparmor package
- lxd/containers: Fix comment
- lxd/containers: Migrate container_lxc to use operationlock package
- lxd/containers: Respect raw.lxc on stop/shutdown
- lxd/containers: Tigthen directory ownership
- lxd/containers: Update containerLoadNodeProjectAll to support Type filtering
- lxd/containers: Validate POST instance type field and stores in DB
- lxd/daemon: Add Name and Aliases support to APIEndpoint
- lxd/daemon: Fix logging events
- lxd/daemon: Update to use seccomp package
- lxd/db: Band aid for https://github.com/canonical/dqlite/issues/163
- lxd/db: Flush any leftover operation on startup
- lxd/db: Use consts for cluster roles
- lxd/db/containers: Add db:ignore tag to Instance.Snapshot field
- lxd/db/containers: Add instanceType filter to ContainerNodeAddress
- lxd/db/containers: Fix tests
- lxd/db/containers: Remove ContainerType, CTypeRegular and CTypeSnapshot
- lxd/db/containers: Rename ContainerArgs to InstanceArgs
- lxd/db/containers: Rename ContainerBackupArgs to InstanceBackupArgs
- lxd/db/containers: Update container filtering functions for instance.Type
- lxd/db/instances: Re-run db generate
- lxd/db/instances: Update InstanceList to use instance.TypeAny
- lxd/devices: Allow uppercase in MACs
- lxd/devices: Update instance interface inline with others
- lxd/devices/disk: Properly return error messages
- lxd/devices/network: Fix typo in comment
- lxd/devices/nic: Set MTU on both side of veth
- lxd/devlxd: Fix handling of projects
- lxd/dnsmasq: Support uppercase MACs in UpdateStaticEntry
- lxd/events: Support multiple servers
- lxd/images: Fix image type during refresh
- lxd/images: Tweak wrapping
- lxd/images: Use native tar parser for metadata
- lxd/main_forkdns: Don't setup event logger
- lxd/main_init: Properly handle ceph/cephfs
- lxd/instance: Add functions to convert to/from instance.Type and string
- lxd/instance: Change instance types to own int type
- lxd/instance: Add operationlock package
- lxd/instance: Rename instance to instancetype
- lxd/instance: Use API instance types for string comparison
- lxd/networks: Allow ipv6.dhcp=true with ipv6.firewall=false
- lxd/networks: Properly return error messages
- lxd/networks: Reduce calls to iptables clear
- lxd/networks: Split functions and pass oldConfig
- lxd/operations: Fix operation events
- lxd/operations: Use state struct
- lxd/patches: Properly return error messages
- lxd/resources: Implement NVIDIA device fallback
- lxd/response: Add instanceType filter to ForwardedResponseIfContainerIsRemote
- lxd/seccomp: Add seccomp package
- lxd/state: Carry event server instances
- lxd/storage: Consistent error messages
- lxd/storage/btrfs: Fix bug with BTRFS snapshot copy
- lxd/storage/btrfs: Properly return error messages
- lxd/storage/ceph: Fix volume snapshot handling
- lxd/storage/cephfs: Fix querying volume on cluster
- lxd/storage/dir: Don't hide error message
- lxd/storage/lvm: Properly return error messages
- lxd/storage/zfs: Better handle broken images
- lxd/storage/zfs: Fix error handling in ImageCreate
- lxd/storage/zfs: Tweak destroy logic
- lxd/ucred: Add ucred package for ucred functions and types
- shared: Use Lchown when copying symlinks
- shared/api: Add new instance types
- shared/api: Add InstanceOnly field to InstancePost and InstanceSource
- shared/api: Location field of Event as omitempty
- shared/api: Make some NVIDIA fields omitempty
- shared/generate: Add support for
db:"ignore"tag on fields - shared/generate: Re-run update-schema
- shared/generate: Support instance.Type
- shared/netutils: Update NetnsGetifaddrs to use Instance types
- tests: Add apparmor to static analysis
- tests: Add events package to static analysis test
- tests: Add operations package to static analysis
- tests: Add response package to static analysis
- tests: Add seccomp package to static analysis
- tests: Add unixcred to static analysis
- tests: Fix static analysis for ucred package
- tests: Switch to instance.Type
- tests: Tunes ZFS quota tests after intermittent failures
- tests: Update devlxd tests to use ucred package
- tests: Update security test
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 3.17 リリースのお知らせ¶
6th of September 2019
はじめに ¶
LXD チームは、LXD 3.17 のリリースをお知らせすることにとてもワクワクしています!
このリリースの主な新機能は、ホストのルートファイルシステムではなく、LXD のストレージプールにコンテナの tarball やイメージを保存できるようになったことです。
このリリースの変更点の残りのほとんどは、新しい内部 API のリファクタリングと新しい内部 API への既存のコードの移植です。この作業はユーザーには見えませんが、多数の長期間の問題を発見し、テストを改善し、多数の複雑なロジックを単純化しました。
Enjoy!
新機能 ¶
イメージの tarball とバックアップのストレージプールへの保存 ¶
新しいサーバー設定項目をふたつ追加しました:
storage.backups_volumestorage.images_volume
このふたつは POOL-NAME/VOLUME-NAME という形式を使って、未使用のストレージボリュームを設定できます。それぞれ異なる値を設定できます。システムのルートファイルシステムに保存されているデータがある場合は、指定したストレージボリュームに移動されます。
この機能により、ルートファイルシステムの空き容量が非常に限られているシステム上で、ほぼすべてのデータを LXD が管理するストレージプールに保存して LXD を実行できます。
stgraber@castiana:~$ lxc storage volume create default backups Storage volume backups created stgraber@castiana:~$ lxc storage volume create default images Storage volume images created stgraber@castiana:~$ lxc config set storage.backups_volume default/backups stgraber@castiana:~$ lxc config set storage.images_volume default/images
lxc init と lxc launch での YAML のコンテナ設定 ¶
YAML ファイルに保存した設定を標準入力から読み込ませることで、コンテナの作成時に複雑な設定やデバイスを lxc init と lxc launch に渡せるようになりました。
stgraber@castiana:~$ cat gui.yaml
config:
environment.DISPLAY: :0
environment.PULSE_LATENCY_MSEC: "30"
environment.PULSE_SERVER: /mnt/.pulse-native
environment.QT_X11_NO_MITSHM: "1"
devices:
gpu:
type: gpu
pulse:
bind: container
connect: unix:/run/user/1000/pulse/native
listen: unix:/mnt/.pulse-native
mode: "0666"
security.gid: "1000"
security.uid: "1000"
type: proxy
x11:
bind: container
connect: unix:@/tmp/.X11-unix/X0
listen: unix:@/tmp/.X11-unix/X0
security.gid: "1000"
security.uid: "1000"
type: proxy
stgraber@castiana:~$ lxc launch ubuntu:18.04 gui-steam < gui.yaml
Creating gui-steam
Starting gui-steam
stgraber@castiana:~$ lxc config show gui-steam
architecture: x86_64
config:
environment.DISPLAY: :0
environment.PULSE_LATENCY_MSEC: "30"
environment.PULSE_SERVER: /mnt/.pulse-native
environment.QT_X11_NO_MITSHM: "1"
image.architecture: amd64
image.description: ubuntu 18.04 LTS amd64 (release) (20190813.1)
image.label: release
image.os: ubuntu
image.release: bionic
image.serial: "20190813.1"
image.version: "18.04"
volatile.base_image: 2dd611e2689a8efc45807bd2a86933cf2da0ffc768f57814724a73b5db499eac
volatile.eth0.host_name: vethe8c1ff8b
volatile.eth0.hwaddr: 00:16:3e:65:36:88
volatile.idmap.base: "0"
volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}, {"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}, {"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
volatile.last_state.idmap: '[]'
volatile.last_state.power: RUNNING
devices:
gpu:
type: gpu
pulse:
bind: container
connect: unix:/run/user/1000/pulse/native
listen: unix:/mnt/.pulse-native
mode: "0666"
security.gid: "1000"
security.uid: "1000"
type: proxy
x11:
bind: container
connect: unix:@/tmp/.X11-unix/X0
listen: unix:@/tmp/.X11-unix/X0
security.gid: "1000"
security.uid: "1000"
type: proxy
ephemeral: false
profiles:
- default
stateful: false
description: ""
変更点 ¶
バックアップ API の一貫性 ¶
このリリースには小さな API の非互換性が含まれています。しかし、既存のツールで使われている LXD API の一部ではないため、ユーザーに影響を与える可能性は非常に低いです。
次のようなリネームがされています:
creation_dateがcreated_atに(Go バインディングでCreateAt)expiry_dateがexpires_atに(Go バインディングでExpiresAt)
これにより、タイムスタンプを公開する他のエンドポイントとの API の一貫性が保たれます。
新しいドキュメントサイト ¶
新しいドキュメントサイトが公開されました: https://linuxcontainers.org/lxd/docs/master/
LXD を使いやすくするために、より良いタイトルとトピックのグルーピングに取り組みました。
すべてのコンテンツは、開発リポジトリの doc ディレクトリから直接生成されているので、誰でも Github 上で更新を簡単に送れます。
Windows/MacOS ユーザーの使い勝手の改良 ¶
Windows と MacOS では LXD デーモンが動かないにもかかわらず、LXD クライアントの Windows と MacOS ビルドはデフォルトでリモートが local を向いています。
これまでは、これが原因でユーザーが混乱する場合がありました。このため、このような Unix ソケットに関する混乱するエラーを表示するのではなく、次のような表示をするようになりました:
C:\Users\stgraber>lxc list This client hasn't been configured to use a remote LXD server yet. As your platform can't run native Linux containers, you must connect to a remote LXD server. If you already added a remote server, make it the default with "lxc remote switch NAME". To easily setup a local LXD server in a virtual machine, consider using: https://multipass.run
final dqlite 1.0 への移植 ¶
dqlite 1.0 final がリリースされました。リリース作業の一部で、多数の改良と小さなデザインの変更が行われました。 LXD 3.17 はこの final 1.0 バージョンをベースにしています。
データベースの見直し ¶
このリリースでは、内部的なデータベースの再編成がいくつか行われています。
containers テーブルはすべて instances にリネームされ、スナップショットは独自の instances_snapshots テーブルに分割されました。これにより、スキーマを通して一貫性を強制するのが容易になりました。
もし、直接データベースを見るカスタムスクリプトがあるのであれば、これに対応した更新が必要になるでしょう。
コンテナデバイスの再実装 ¶
LXD 3.17 で、すべてのデバイスを扱うコードを分割し、よりモジュール構造とし、コーディングパターンとテストを改良する取組を終了します。LXD 3.16 には nic、infiniband、proxy デバイスが移植され、3.17 には unix-char、unix-block、usb、gpu、disk が移植され、完成しました。
ストレージの再実装 ¶
このリリースには、ストレージバックエンドの一部をクリーンアップする最初のコミットセットが含まれています。そして、デバイスの再実装と同様に、すべてのストレージバックエンドを新しいクリーンな構造に移行し始めます。
バグ修正(翻訳なし) ¶
- client: Use PathEscape rather than QueryEscape for URL part parts
- doc: Add documentation metadata
- doc: Add required property to disk device type
- doc: Update infiniband hwaddr docs
- doc: Update NIC MTU descriptions
- doc/server: Add missing key namespaces
- doc/server: Add scope column
- doc/server: Fix defaults for rbac
- doc/storage: Clarify defaults for size
- global: Remove accidentally included lxc.exe
- i18n: Update translations from weblate
- i18n: Update translation templates
- lxc: Better error handling on non-Linux
- lxc: Don't show header in CSV output
- lxc: Just show help on missing subcommand
- lxc: Update for fixed backup fields
- lxc/config: Detect non-Linux systems
- lxc/copy: Really always strip volatile.last_state.power
- lxc/file: Fix error handling
- lxc/file: Intercept user cancelation
- lxc/init: Fix usage with no args
- lxc/remote: Add basic auth example
- lxc-to-lxd: Remove dependency of lxd/device/config package
- lxc-to-lxd: Remove dependency on deviceConfig package
- lxd: Add call to devicesRegister function on startup
- lxd: Add unit test for creating a snapshot
- lxd: Check RemoveAll() error properly
- lxd: Remove MS_LAZYTIME definition
- lxd: Reorganised the uevent and inotify event handler startup
- lxd/apparmor: Prevent writes to /proc/acpi/**
- lxd/backup: Call tar with --numeric-owner
- lxd/containers: Add DeviceEventHandler
- lxd/containers: Add DeviceEventHandler to interface
- lxd/containers: Add deviceHandleMounts to handle mount and unmount
- lxd/containers: Add safety net for deviceStop() in case no device returned
- lxd/containers: Fix description
- lxd/containers: Fix inotify dynamic hotplug on existing container start
- lxd/containers: Further switchover to lxd/device/config Device types
- lxd/containers: Improve error messages
- lxd/containers: Modify deviceStop and deviceRemove to skip validation errors
- lxd/containers: Move device folder creation before device setup during boot
- lxd/containers: Move disk device to use device package
- lxd/containers: Move missing device type validation into device package
- lxd/containers: Remove deviceAttachMounts
- lxd/containers: Remove device Register() after device start
- lxd/containers: Remove gpu validation as moved to device package
- lxd/containers: Remove old moved rootfs quota code
- lxd/containers: Remove reference to non-existent infiniband nictype
- lxd/containers: Remove unused arg from deviceAddCgroupRules
- lxd/containers: Remove unused setupUnixDevice()
- lxd/containers: Remove unused unix-char and unix-block code
- lxd/containers: Remove unused unix-char and unix-block validation
- lxd/containers: Remove unused USB code
- lxd/containers: Remove unused USB related code
- lxd/containers: Remove volatile device keys when device is actually removed
- lxd/containers: Rename runConfig vars to runConf for consistency
- lxd/containers: Simplify device validation now all devices are ported
- lxd/containers: Supply all old devices to device Update() function
- lxd/containers: Update all device major/minor parsing to use uint32
- lxd/containers: Update deviceShiftMounts to ignore unmount requests
- lxd/containers: Update deviceStart to call device's Register() function
- lxd/containers: Update gpu device support to use device package
- lxd/containers: Update use of shared.RunCommandSplit
- lxd/containers: Use shared.GetRootDiskDevice for dup root device detection
- lxd/db: Adapt lxd/cluster to new dqlite sub-packages
- lxd/db: Adapt lxd/cluster to Server -> Node rename
- lxd/db: Adapt lxd/db/cluster to Server -> Node rename
- lxd/db: Adapt lxd/db package to new dqlite driver import
- lxd/db: Adapt lxd/db to new dqlite driver package
- lxd/db: Adapt lxd/db to Server -> Node rename
- lxd/db: Adapt main package to new dqlite sub packages
- lxd/db: Adapt main package to Server -> Node rename
- lxd/db: Adapt to changed dqlite.New() signature, not requiring NodeInfo
- lxd/db: Adapt to new Server.Leader() API
- lxd/db: Add basic unit tests for generated snapshot code
- lxd/db: Add copy of cluster schema version 14
- lxd/db: Add Delete and Rename methods to Snapshot db model
- lxd/db: Add Dump parameter to db.OpenCluster()
- lxd/db: Add initial Snapshot db model
- lxd/db: Add project column to views
- lxd/db: Add schema update 16 adding the instances_snapshots table
- lxd/db: Add schema update function to rename containers-related tables
- lxd/db: Add type column to images table
- lxd/db: Amend InstanceFilter docstring
- lxd/db: At shutdown, wait a bit for the in-flight force request to settle
- lxd/db: Change container special-casing in db code generator
- lxd/db: Change db code generator to comply with Go naming standards
- lxd/db: Convert containerCreateInternal to use InstanceSnapshotCreate()
- lxd/db: Convert dump to new client API
- lxd/db: Create instances_snapshots_config in schema update 16
- lxd/db: Create instances_snapshots_config_ref view
- lxd/db: Create instances_snapshots_devices_config in schema update 16
- lxd/db: Create instances_snapshots_devices in schema update 16
- lxd/db: Create instances_snapshots_devices_ref view
- lxd/db: Detect possible leadership change through ougoing dqlite connections
- lxd/db: Drop obsolete snapshot-related tests
- lxd/db: Drop Parent filter from Instance
- lxd/db: Drop unneeded logic to relink snapshots to new nodes
- lxd/db: Drop unused Container and ContainerFilter structs
- lxd/db: Extract configUpdate method from ContainerConfigUpdate
- lxd/db: Fix failing unit test
- lxd/db: Fix selecting NULL description columns
- lxd/db: Generate Snapshot db mapping code
- lxd/db: Improve dqlite proxy error messages and abort both sides on error
- lxd/db: Invoke data migration from db.OpenCluster, before schema updates
- lxd/db: Make the db code generator handle indirect foreign key
- lxd/db: Migrate snapshots to the new tables
- lxd/db: No need to manually bootstrap
- lxd/db: Pass a context to server.Cluster()
- lxd/db: Properly account for project when moving ceph-based containers
- lxd/db: Regenerate db code
- lxd/db: Re-generate db mapper code
- lxd/db: Regenerate db mappers code
- lxd/db: Regenerate db schema
- lxd/db: Regenerate global db schema
- lxd/db: Remove legacy unit test making use of old snapshot apis
- lxd/db: Replace references to the "containers" table with "instances"
- lxd/db: Skip clustering-related unit tests, see issue #6122
- lxd/db: Update db code generator to handle composite entity names
- lxd/db: Update top-level daemon package to new auto-generated method names
- lxd/db: Update unit tests after containers -> instances conversion
- lxd/db: Use Client.Add() API
- lxd/db: Use Client.Cluster() API
- lxd/db: Use Client.Leader() API
- lxd/db: Use Client.Remove() API
- lxd/db: Use correct db APIs depending on the container type
- lxd/db: Use new LeaderAddress() api
- lxd/db: Use new snapshot db APIs in ClusterTx.SnapshotIDsAndNames()
- lxd/db: Use new snapshots APIs in ContainerGetSnapshotsFull
- lxd/db: Use new snapshots tables in ContainerNextSnapshot()
- lxd/db: Use new snapshot tables in Cluster.ContainerGetSnapshots()
- lxd/db: Use new snapshot tables in daemon patches
- lxd/db: Use query.Transaction instead of manual tx management
- lxd/db: Use WithServerBindAddress
- lxd/devices: Add Register function and links USB implementation
- lxd/devices: Change Update() to accept all old devices
- lxd/devices: Fix dynamic hotplug of unix devices when they exist on startup
- lxd/devices: Link gpu device
- lxd/devices: Link up disk device
- lxd/devices: Link up unix-char and unix-block devices
- lxd/devices: Modify New function to return device even if validation fails
- lxd/devices: Move empty device type validation into device package
- lxd/devices: Move USB event handling into device package
- lxd/devices: Remove disk related functions
- lxd/devices: Remove gpu related code moved to device package
- lxd/devices: Remove inotify code
- lxd/devices: Rename USBDevice to USBEvent
- lxd/devices: Update sorted devices usage
- lxd/devices: Update use of Device type
- lxd/devices/config: Change Devices type to map[string]Device
- lxd/devices/config: Make device set sorting exported
- lxd/devices/config: Replace DeviceNames() with Sorted() and Reversed()
- lxd/devices/config/validate: Move function to be attached to Device type
- lxd/devices/device: Link up none device type
- lxd/devices/device/utils/usb/events: Add USB event handler functions
- lxd/devices/device/utils/usb: Move bits into usb and device_utils_usb_events
- lxd/devices/disk: Add disk device implementation
- lxd/devices/disk: Add StorageVolumeMount and StorageVolumeUmount functions
- lxd/devices/disk: Add validation for root disk having a pool property
- lxd/devices/disk: Link StorageRootFSApplyQuota
- lxd/devices/gpu: Add gpu implementation
- lxd/devices/gpu: Move nvidia device loading to use resources package
- lxd/devices/gpu: Update all device major/minor parsing to use uint32
- lxd/devices/gpu: Update unix function usage
- lxd/devices/gpu: Use device package validation functions
- lxd/devices/gpu: Validate vendorid and productid
- lxd/devices/infiniband: Add IB MAC functions
- lxd/devices/infiniband: Remove unused code after switch to resources package
- lxd/devices/infiniband: Update use of unix functions
- lxd/devices/infiniband: Workaround weird sysfs behavior
- lxd/devices/infiniband/physical: Improve MAC address support
- lxd/devices/infiniband/physical: Switch to use resources package
- lxd/devices/infiniband/physical: Update unix function usage
- lxd/devices/infiniband/physical: Update use of unix device functions
- lxd/devices/infiniband/sriov: Improve MAC address support
- lxd/devices/infiniband/sriov: Switches to use resources package
- lxd/devices/infiniband/sriov: Update unix function usage
- lxd/devices/infiniband/sriov: Update use of unix device functions
- lxd/devices/inotify: Move inotify functions to device package
- lxd/devices/instance: Add DeviceEventHandler function
- lxd/devices/instance: Add LocalDevices() to interface
- lxd/devices/instance: Add RootfsPath() to InstanceIdentifier interface
- lxd/devices/network: Add networkValidMAC
- lxd/devices/network: MTU inheriting from parent on bridged devices
- lxd/devices/network: Remove NetworkSRIOVGetFreeVFInterface
- lxd/devices/nic: Update bridged and p2p types to new Update signature
- lxd/devices/nic: Update nic validation of hwaddr
- lxd/devices/nic/bridged: DHCP release fixes
- lxd/devices/nic/sriov: Add getFreeVFInterface after moving from shared utils
- lxd/devices/none: Add none device type
- lxd/devices/proxy: Update validation to use d.instance.ExpandedDevices()
- lxd/devices/proxy: Use device package validation functions
- lxd/devices/runconfig: Add RootFS support
- lxd/devices/runconfig: Add Uevents slice
- lxd/devices/runconfig: Change mount Shift to OwnerShift
- lxd/devices/runconfig: Fix typo in comment
- lxd/devices/unix: Add implementation for unix-char and unix-block devices
- lxd/devices/unix: Add unix event handling functions
- lxd/devices/unix: Clarify required property logic
- lxd/devices/unix: Comment clarification
- lxd/devices/unix: Device management function rework
- lxd/devices/unix: Ensure unix devices are mounted with MountOwnerShiftStatic
- lxd/devices/unix: Fix double device name encoding in file name
- lxd/devices/unix: Make unixDeviceAttributes unexported
- lxd/devices/unix: Move some config validation functions into device package
- lxd/devices/unix: Update all device major/minor parsing to uin32
- lxd/devices/unix: Update device removal functions to accept file filter
- lxd/devices/unix: Update use of unixDeviceAttributes
- lxd/devices/unix: Various small improvements
- lxd/devices/usb: Add unexported usbIsOurDevice and switch to USBEvent
- lxd/devices/usb: Add USB device implementation
- lxd/devices/usb: Add USB event handling functions
- lxd/devices/usb: Clarify required property logic
- lxd/devices/usb: Remove unused function
- lxd/devices/usb: Update Register() to be called by post start hook
- lxd/dnsmasq: Update version check to use shared.RunCommandCLocale
- lxd/main_forkuevent: Fix error when >3 arguments used (normal case)
- lxd/migration: Remove unused Snapshots() function from interface
- lxd/networks: Handle error from dnsmasq version check
- lxd/networks: Remove old dnsmasq.leases file on network start
- lxd/patches: Update sorted devices usage
- lxd/projects: Remove dependency on deviceConfig package
- lxd/response: Show wrapped errors
- lxd/seccomp: Update use of shared.RunCommandSplit
- lxd/storage: Add storageRootFSApplyQuota
- lxd/storage: Add storageVolumeMount and storageVolumeUmount
- lxd/storage: Fix bad UsedBy check
- lxd/storage: Move btrfs migration code
- lxd/storage: Move ceph migration code
- lxd/storage: Move ContainerGetParentAndSnapshotName to shared
- lxd/storage: Move ContainerPath() to storage package
- lxd/storage: Move Create{Container,Snapshot}Mountpoint to storage
- lxd/storage: Move get*MountPoint() to storage package
- lxd/storage: Move storage cgo to storage package
- lxd/storage: Move storage_utils to storage/utils
- lxd/storage: Move zfs migration code
- lxd/storage: Remove ContainerCanRestore from storage interface
- lxd/storage: Remove Image{Umount,Mount} from storage interface
- lxd/storage: Remove shared code from backends
- lxd/storage/lvm: Log actual error
- lxd/storage/quota: Move use of Major and Minor functions to unix package
- lxd/storage/zfs: Fix error reporting
- lxd/sys: Add CGroupBlkioWeightController check
- lxd: Update for fixed backup fields
- lxd: Update tests to use updated Devices type
- lxd: Update top-level unit-tests for DB changes
- lxd: Update use of Devices type
- lxd: Use unix.MS_LAZYTIME
- Makefile: Fix sqlite manifest path
- Makefile: Fix update-schema target
- shared: Handle symlinks in FileCopy()
- shared/api: Fix backup timestamps
- shared/container: Add IsDeviceID validation
- shared/container: Improve comments on IsRootDiskDevice
- shared/container: Move global hex regex into specific function
- shared/container: Remove device related validation functions
- shared/containerwriter: Updates use of GetFileStat
- shared/simplestreams: Make golint clean
- shared/simplestreams: Record all images
- shared/simplestreams: Remove dead code
- shared/simplestreams: Rename index structs
- shared/simplestreams: Rename internal functions
- shared/simplestreams: Rename product structs
- shared/simplestreams: Rename SimpleStreamsFile
- shared/simplestreams: Rename ssDefaultOS
- shared/simplestreams: Split index/manifest out
- shared/simplestreams: Split out sortedImages
- shared/util: Add RunCommandCLocale() and update RunCommandSplit()
- shared/util: Remove Major and Minor functions
- tests: Add golint for storage package
- tests: Add infiniband MAC tests
- tests: Add more bridged DHCP release tests
- tests: Add proxy tests for invalid config
- tests: Add GPU tests
- tests: Add simplestreams to golint
- tests: Add storage quota tests
- tests: Add test for bridged MTU parent inheritance
- tests: Add test for ipvlan MTU parent inheritance
- tests: Add test for macvlan MTU parent inheritance
- tests: Add tests for unix-char and unix-block devices
- tests: Enable quota checks for ceph engine
- tests: Fix broken lxd import integration test
- tests: Fix CEPH RBD leakage
- tests: Fix typo in comment
- tests: Remove MAC tests from infiniband tests
- tests: Remove the attached testvolume
- tests: Remove tmpfs references from gpu tests
- tests: Remove use of uppercase chars in MAC tests
- tests: Split server tests
- tests: Update backup test for new error
- tests: Update integration tests for DB changes
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 3.16 リリースのお知らせ¶
9th of August 2019
はじめに ¶
LXD チームは、LXD 3.16 のリリースをお知らせすることにとてもワクワクしています!
このリリースではたくさんの新機能、設定オプション、コマンドラインツールの改良が行われました。
水面下では、インフラの再構築に多くの作業が費やされました。それはコンテナデバイスで使われるもので、nic、infiniband、proxyといったデバイスが新しいロジックに切り替わりました。この結果、これまでよりずっとクリーンなコードになり、デバッグがしやすくなり、テストも改善され、エラーハンドリングと設定のバリデーションもより網羅的になりました。
Enjoy!
新機能 ¶
disk デバイスの shift プロパティ ¶
任意の disk デバイスで LXD に対して shiftfs オーバーレイを設定するようにリクエストできるようになりました。
これにより、非特権コンテナで所有権を取得するために ACL/chown と言ったトリックに頼ることなく、ホストシステムのディスクやディレクトリをコンテナに提供できます。
stgraber@castiana:~$ lxc config device add c1 home disk path=/home source=/home Device home added to c1 stgraber@castiana:~$ lxc exec c1 -- ls -lh /home total 537K drwxr-xr-x 14 nobody nogroup 18 Mar 13 20:32 blah drwx--x--x 33 nobody nogroup 86 Aug 9 22:25 stgraber stgraber@castiana:~$ lxc config device remove c1 home Device home removed from c1 stgraber@castiana:~$ lxc config device add c1 home disk path=/home source=/home shift=true Device home added to c1 stgraber@castiana:~$ lxc exec c1 -- ls -lh /home total 537K drwxr-xr-x 14 ubuntu ubuntu 18 Mar 13 20:32 blah drwx--x--x 33 201105 200512 86 Aug 9 22:25 stgraber stgraber@castiana:~$
注意: この機能は 5.0 以上の Ubuntu カーネルの shiftfs 機能が必要です。snap ユーザーは、snap の設定を通して、この機能を許可しなければいけません。詳しくは こちら を参照してください。
カスタムストレージボリューム向けの security.shifted プロパティ ¶
新たに追加された disk デバイス用の shift ロジックを使い、shiftfs を使って、カスタムストレージボリュームをコンテナにアタッチできるようになりました。
これにより、共有カスタムボリュームを特権、非特権、(id マッピングが他と)分離されたコンテナの組み合わせにアタッチできるようになりました。
stgraber@castiana:~$ lxc launch ubuntu:18.04 c1 Creating c1 Starting c1 stgraber@castiana:~$ lxc launch ubuntu:18.04 c2 -c security.privileged=true Creating c2 Starting c2 stgraber@castiana:~$ lxc launch ubuntu:18.04 c3 -c security.idmap.isolated=true Creating c3 Starting c3 stgraber@castiana:~$ lxc storage volume create default demo security.shifted=true Storage volume demo created stgraber@castiana:~$ lxc storage volume attach default demo c1 demo /demo stgraber@castiana:~$ lxc storage volume attach default demo c2 demo /demo stgraber@castiana:~$ lxc storage volume attach default demo c3 demo /demo stgraber@castiana:~$ lxc exec c1 -- touch /demo/blah stgraber@castiana:~$ lxc exec c1 -- chown 123:456 /demo/blah stgraber@castiana:~$ lxc exec c2 -- ls -lh /demo total 512 -rw-r--r-- 1 123 456 0 Aug 9 23:17 blah stgraber@castiana:~$ lxc exec c3 -- ls -lh /demo total 512 -rw-r--r-- 1 123 456 0 Aug 9 23:17 blah stgraber@castiana:~$
注意: この機能は 5.0 以上の Ubuntu カーネルの shiftfs 機能が必要です。snap ユーザーは、snap の設定を通して、この機能を許可しなければいけません。詳しくは こちら を参照してください。
空のコンテナの作成 ¶
これまで、デフォルトのコマンドラインツールを使って新しいコンテナを作成する唯一の方法は、ローカルであれリモートであれ、既存のイメージを使うことでした。
LXD はこれまでも空のコンテナ作成をサポートしてきました。しかし、そのメカニズムは API 経由で直接使えるだけであり、多数のデーターマイグレーションツールが使っていました。
ユーザーからの要求に応じて、lxc init コマンドに --empty を追加しました。これで空のコンテナが作れるようになりました。このように作ったコンテナは起動できません。コンテナのファイルシステムは、ホストシステム上で直接設定するか、lxc file コマンドを通して設定するかのいずれかで、手動で設定する必要があります。
stgraber@castiana:~$ lxc init --empty c1 Creating c1 stgraber@castiana:~$ lxc list c1 +------+---------+------+------+------------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +------+---------+------+------+------------+-----------+ | c1 | STOPPED | | | PERSISTENT | 0 | +------+---------+------+------+------------+-----------+
システムコールインターセプションの設定 ¶
システムコールインターセプションのロジックが拡張され、既存の mknod に加えて setxattr のサポートが追加されました。同時に、この機能は設定キー配下に移動し、各システムコールは個別に切り替えできるようになりました。
ふたつの新しいオプションは次のものです:
- security.syscall.intercept.mknod
- security.syscall.intercept.setxattr
どちらもデフォルトは false に設定されており、この機能を有効にするには 5.0 カーネル、LXC 3.2、libseccomp の最新のスナップショットが必要です。
リソース API に infiniband データを追加 ¶
LXD 3.15 からのリソース API の再作業により、Infiniband デバイスの情報が少し多くレポートされるようになりました。特にそれを動かすのに使うキャラクターデバイスについてレポートするようになりました。
lxc info --resources の関連部分は次のようになります:
Card 0:
NUMA node: 1
Vendor: Mellanox Technologies (15b3)
Product: MT27500 Family [ConnectX-3] (1003)
PCI address: 0000:82:00.0
Driver: mlx4_core (4.0-0)
Ports:
- Port 1 (ethernet)
ID: enp130s0d1
Address: 00:02:c9:a0:00:91
Supported modes: 1000baseKX/Full, 10000baseKX4/Full, 10000baseKR/Full
Supported ports: fibre
Port type: fibre
Transceiver type: internal
Auto negotiation: false
Link detected: false
- Port 0 (infiniband)
ID: ib0
Address: 80:00:0a:80:fe:80:00:00:00:00:00:00:00:02:c9:03:00:a0:00:91
Auto negotiation: false
Link detected: false
Infiniband:
IsSM: issm0 (231:64)
MAD: umad0 (231:0)
Verb: uverbs0 (231:192)
SR-IOV information:
Current number of VFs: 4
Maximum number of VFs: 31
VFs: 31
- NUMA node: 1
Vendor: Mellanox Technologies (15b3)
Product: MT27500/MT27520 Family [ConnectX-3/ConnectX-3 Pro Virtual Function] (1004)
PCI address: 0000:82:00.1
Driver: mlx4_core (4.0-0)
Ports:
- Port 1 (ethernet)
ID: enp130s0f1d1
Address: 5e:93:07:c6:ae:4c
Auto negotiation: false
Link detected: false
- Port 0 (infiniband)
ID: ib1
Address: 80:00:0a:81:fe:80:00:00:00:00:00:00:6a:fc:bc:b5:23:4f:ba:c9
Auto negotiation: false
Link detected: false
Infiniband:
IsSM: issm2 (231:66)
MAD: umad2 (231:2)
Verb: uverbs1 (231:193)
- NUMA node: 1
Vendor: Mellanox Technologies (15b3)
Product: MT27500/MT27520 Family [ConnectX-3/ConnectX-3 Pro Virtual Function] (1004)
PCI address: 0000:82:00.2
Driver: mlx4_core (4.0-0)
Ports:
- Port 1 (ethernet)
ID: enp130s0f2d1
Address: c2:21:28:88:3a:00
Auto negotiation: false
Link detected: false
- Port 0 (infiniband)
ID: ib2
Address: 80:00:0a:82:fe:80:00:00:00:00:00:00:ae:12:68:fa:cd:db:53:f1
Auto negotiation: false
Link detected: false
Infiniband:
IsSM: issm4 (231:68)
MAD: umad4 (231:4)
Verb: uverbs2 (231:194)
- NUMA node: 1
Vendor: Mellanox Technologies (15b3)
Product: MT27500/MT27520 Family [ConnectX-3/ConnectX-3 Pro Virtual Function] (1004)
PCI address: 0000:82:00.3
Driver: mlx4_core (4.0-0)
Ports:
- Port 1 (ethernet)
ID: enp130s0f3d1
Address: c6:f0:fb:b2:0b:81
Auto negotiation: false
Link detected: false
- Port 0 (infiniband)
ID: ib3
Address: 80:00:0a:83:fe:80:00:00:00:00:00:00:0a:94:39:75:2d:fe:6e:19
Auto negotiation: false
Link detected: false
Infiniband:
IsSM: issm6 (231:70)
MAD: umad6 (231:6)
Verb: uverbs3 (231:195)
- NUMA node: 1
Vendor: Mellanox Technologies (15b3)
Product: MT27500/MT27520 Family [ConnectX-3/ConnectX-3 Pro Virtual Function] (1004)
PCI address: 0000:82:00.4
Driver: mlx4_core (4.0-0)
Ports:
- Port 1 (ethernet)
ID: enp130s0f4d1
Address: fa:4a:c2:9d:f0:2d
Auto negotiation: false
Link detected: false
- Port 0 (infiniband)
ID: ib4
Address: 80:00:0a:84:fe:80:00:00:00:00:00:00:0a:73:ab:6d:2c:c6:62:df
Auto negotiation: false
Link detected: false
Infiniband:
IsSM: issm8 (231:72)
MAD: umad8 (231:8)
Verb: uverbs4 (231:196)
GPU の DRM や NVIDIA デバイスノードの情報と同様のレポートになります。
クライアントの set コマンドの変更 ¶
コマンドラインツールでより一貫性を持たせるため、set コマンドはすべて複数の key=value オプションを受け付けるようになりました。これにより、edit コマンドを使ったり、インタラクティブなテキストエディタを使うことなしに、同時に複数のキーの値を変更する必要がある設定をより簡単に行えるようになりました。
新しい形式も古い形式もどちらも動作し、現在は key=value 形式の方が推奨です。
stgraber@castiana:~$ lxc config set c1 user.foo 1 stgraber@castiana:~$ lxc config get c1 user.foo 1 stgraber@castiana:~$ lxc config set c1 user.foo=2 user.bar=3 stgraber@castiana:~$ lxc config get c1 user.foo 2 stgraber@castiana:~$ lxc config get c1 user.bar 3
クライアントのすべてのリスト表示に対する --format オプション ¶
コマンドラインのもうひとつの改良点は、すべての list コマンドが同じように動作するようになり、同じ --format オプションが追加されました。次の形式での出力ができます:
- table (default)
- csv
- json
- yaml
このようなコマンドの一覧:
- lxc alias list
- lxc cluster list
- lxc config template list
- lxc config trust list
- lxc image list
- lxc image alias list
- lxc list
- lxc network list
- lxc network list-leases
- lxc operation list
- lxc profile list
- lxc project list
- lxc remote list
- lxc storage list
- lxc storage volume list
Simplestream での combined イメージのサポート ¶
ファイルタイプ lxd_combined.tar.gz を使って、simplestream イメージサーバー上で LXD combined イメージ(単一の tarball)を公開できるようになりました。
これは、より一般的なメタデータ(lxd.tar.xz)と rootfs(root.tar.xz もしくは squashfs)の個別のファイルから構成される split イメージの代替となるものです。
バグ修正(翻訳なし) ¶
- bash: Update contain er options
- bash: Update device options
- bash: Update network options
- bash: Update server options
- bash: Update storage options
- doc: Update Github URLs
- doc/containers: Fix markdown escaping
- doc/containers: Remove incorrect host_name setting from ipvlan and macvlan
- doc/containers: Update container volatile keys for host_name
- doc/containers/: Update proxy bind settings to host or guest
- doc/containers: Update proxy default mode value to 0644
- doc/storage: Make descriptions consistent
- doc/userns: Update to match current behavior
- i18n: Update translations from weblate
- i18n: Update translation templates
- lxc/list: If no snapshots, show 0
- lxd: Update Github URLs
- lxd/cluster: Use hook for initial heartbeat
- lxd/cluster: Workaround watchFunc kicking heartbeat a bit too early
- lxd/cluster/hearbeat: Add new RaftID field to heartbeat Members struct
- lxd/cluster/membership: Fix new DB server id
- lxd/containers: Add access to containerLoadByProjectAndName from device
- lxd/containers: Add DevicesPath() function to interface
- lxd/containers: Add InstanceLoadNodeAll link to device package
- lxd/containers: Add state to containerValidDevices and updates references
- lxd/containers: Add Type function
- lxd/containers: Add Type() function to interface
- lxd/containers: Delete on creation failure
- lxd/containers: Don't validate liblxc version during config parsing
- lxd/containers: Fix infiniband support
- lxd/containers: Link device interface into LXD, removes unused functions
- lxd/containers: Move fillNetworkDevice into startInfiniband
- lxd/containers: NIC device validation to device interface
- lxd/containers: Remove migrated infiniband validation
- lxd/containers: Remove old infiniband logic
- lxd/containers: Remove proxy validation
- lxd/containers: Restore update of disk limit options
- lxd/containers: Restructure deviceStop to support post stop hooks
- lxd/containers: Rework MAAS calls
- lxd/containers: Update infiniband to use device package
- lxd/containers: Update references for proxy to use device package
- lxd/containers: Update references to deviceGetAttributes to device package
- lxd/containers: Update references to proxy functions and vars after move
- lxd/containers: Update use of device.New with device name
- lxd/containers: Update use of device.New() with device name
- lxd/daemon: Check for non-empty members list from heartbeat
- lxd/device: Add device interface and common device implementation
- lxd/device: Add device name to device structure
- lxd/device: Hook up proxy device
- lxd/device: Link up infiniband device
- lxd/device: Move device related functions into device package
- lxd/device: Remove single line if assignments
- lxd/device: Remove old static update fields list
- lxd/device: Update interface for Stop() to return RunConfig
- lxd/device/config: Move types. to device.config.
- lxd/device/errors: Add errors file for device error definitions
- lxd/device/infiniband: Add infiniband device loader
- lxd/device/infiniband/physical: Add new infiniband physical implementation
- lxd/device/infiniband/sriov: Add infiniband sriov device implementation
- lxd/device/instance/id: Add DevicesPath() function
- lxd/device/instance/id: Add functions to interface to expose config
- lxd/device/instance/id: Add instanceIdentifier interface
- lxd/device/instance/id: Add LogPath() to instance identifier interface
- lxd/device/nic: Add NIC device loader, nic type map and validation
- lxd/device/nic: Rename runConfig to runConf for consistency
- lxd/device/nic: Update comments to remove "container" references
- lxd/device/nic: Update nic devices to use new RunConfig format
- lxd/device/nic/bridged: Add bridged NIC device implementation
- lxd/device/nic/bridged: Add checks for DHCP being enabled if no static IP
- lxd/device/nic/bridged: Fix issue with non-dhcp, non-addressed parent device
- lxd/device/nic/bridged: Update for post stop hooks
- lxd/device/nic/ipvlan: Add IPVLAN NIC device implementation
- lxd/device/nic/macvlan: Add MACVLAN NIC device implementation
- lxd/device/nic/macvlan: Update for post stop hooks
- lxd/device/nic/p2p: Add P2P NIC device implementation
- lxd/device/nic/p2p: Update for post stop hooks
- lxd/device/nic/physical: Add physical NIC device implementation
- lxd/device/nic/physical: Update for post stop hooks
- lxd/device/nic/sriov: Add SR-IOV NIC device implementation
- lxd/device/nic/sriov: Fix mac_filtering when no hwaddr specified
- lxd/device/nic/sriov: Switch to use shared instanceGetReservedDevices
- lxd/device/nic/sriov: Update for post stop hooks
- lxd/device/nic/vlan: Update for post stop hooks
- lxd/device/proxy: Add proxy device implementation
- lxd/device/proxy: Implement default listen file mode of 0644
- lxd/device/proxy: Remove unnecessary CanHotPlug function
- lxd/device/proxy: Update for post stop hooks
- lxd/device/runconfig: Add CGroups slice to RunConfig
- lxd/device/runconfig: Add MountEntryItem struct definition for mounts
- lxd/device/runconfig: Add PostStartHooks and simplifies NetworkInterface
- lxd/device/runconfig: Add the struct types returned when a device is started
- lxd/device/runconfig: Rename PostStartHooks to PostHooks
- lxd/device/utils: Add cidr list validation functions
- lxd/device/utils: Add InstanceLoadNodeAll var
- lxd/device/utils: Add network{Snapshot,Restore}PhysicalNic and networkRestorePhysicalNic functions
- lxd/device/utils: Add NetworkSRIOVGetFreeVFInterface function
- lxd/device/utils: Add veth management functions
- lxd/device/utils: Bring VLAN parent interface up
- lxd/device/utils: Move IP validation functions from network_utils
- lxd/device/utils: Move NetworkAttachInterface to device_utils
- lxd/device/utils: Move networkGetDevMAC and networkSetDevMAC to device_utils
- lxd/device/utils: Move networkGetDevMTU and networkSetDevMTU to device_utils
- lxd/device/utils: Move networkGetHostDevice to device_utils
- lxd/device/utils: Move networkSysctlGet to device_utils
- lxd/device/utils: Move networkSysctlSet to device_utils
- lxd/device/utils: Rename createVlanDeviceIfNeeded to NetworkCreateVlanDeviceIfNeeded
- lxd/device/utils: Rename deviceNextVeth to NetworkRandomDevName
- lxd/device/utils: Rename deviceRemoveInterface to NetworkRemoveInterface
- lxd/device/utils/disk: Add disk management utils file
- lxd/device/utils/infiniband: Add infiniband utils file
- lxd/device/utils/instance: Add access to InstanceLoadByProjectAndName function
- lxd/device/utils/instance: Add instanceGetReservedDevices function
- lxd/device/utils/network: Move proxy related network functions into device package
- lxd/device/utils/proxy: Add proxy specific shared functions
- lxd/device/utils/unix: Add unix device utils file
- lxd/device/validate: Add device config validation framework
- lxd/device/validate: Update validation to understand infiniband has nictype
- lxd/dnsmasq: Adds dnsmasq package and updates usage
- lxd/dnsmasq: Adds RemoveStaticEntry function
- lxd/dnsmasq: Don't fail file deletion if missing
- lxd/dnsmasq: Removes RebuildConfig function link to networkUpdateStatic
- lxd/images: Fix crash on refresh error
- lxd/instance: Add new type instance
- lxd/internal: Remove OnNetworkUp hook command
- lxd/iptables: Moves iptables helper functions into own package
- lxd/maas: Do more configuration validation
- lxd/main_checkfeature: Add ifdef SECCOMP_GET_ACTION_AVAIL
- lxd/main_forkmount: Error on invalid calls
- lxd/main_forkmount: Fix cobra parsing
- lxd/main_forkmount: Properly exit on success
- lxd/main_forkproxy: Fix crash when listener cannot be setup
- lxd/main_forkproxy: Rework log messages to better define the different types
- lxd/main_forkproxy: Update references to shared types in device package
- lxd/main_forksyscall: Add and use setnsat()
- lxd/main_forksyscall: Add chdirchroot()
- lxd/main_forksyscall: Avoid calling close on garbage fd
- lxd/main_forksyscall: Don't break chdirchroot() with setns(CLONE_NEWNS)
- lxd/main_forksyscall: Fix variable declarations
- lxd/main_forksyscall: Harden open()-calls via O_PATH and O_DIRECTORY
- lxd/main_forksyscall: Introduce acquire_basic_creds()
- lxd/main_forksyscall: Protect CLONE_NEWCGROUP with ifdef
- lxd/main_forksyscall: Re-introduce setns(CLONE_NEWNS) properly
- lxd/main_forksyscall: Remove same_fsinfo() logic completely
- lxd/main_forksyscall: Remove st_ino check from same_fsinfo()
- lxd/main_forksyscall: Replace target_fd with cwd_fd
- lxd/main_forksyscall: Switch chdirchroot() and setns() order
- lxd/main_forksyscall: Use correct error handling for chdirchroot()
- lxd/networks/config: Update references to NetworkValidAddress
- lxd/networks/config: Update to use IP validation in device_utils
- lxd/networks/utils: Remove functions that are moved to device implementations
- lxd/networks/utils: Remove networkUpdateStaticContainer
- lxd/networks/utils: Remove networkValidAddress
- lxd/networks/utils: Remove unused IP validation functions
- lxd/project: Adds project package and updates references to it
- lxd/proxy: Remove unused code
- lxd/response: Fix SmartError
- lxd/seccomp: Abstract syscall handling
- lxd/seccomp: Always use setfattr
- lxd/seccomp: Bugfix, cleanup, and simplify
- lxd/seccomp: Don't hardcode ns type
- lxd/seccomp: Don't mask errors
- lxd/seccomp: Fix broken setxattr
- lxd/seccomp: Fix setattr of directories
- lxd/seccomp: Fix whiteout detection
- lxd/seccomp: Handle setxattr syscall
- lxd/seccomp: Only define Go arch (and include elf)
- lxd/seccomp: Remove shiftfs special-casing
- lxd/seccomp: Rename getSeccompProfileContent to seccompGetPolicyContent
- lxd/seccomp: Retrieve fs{g,u}id for mknod{at}() syscalls
- lxd/seccomp: Retrieve fs{g,u}id for setxattr() syscalls
- lxd/seccomp: Use int64 for uid/gid
- lxd/seccomp: Use LXD uidmap functions
- lxd/storage: Fix hangs on volume migration failures
- lxd/storage/ceph: Handle EBUSY on unmap
- lxd/storage/ceph: Slightly speed up creation
- lxd/storage/zfs: Fix transfer on encrypted pool
- lxd/storage/zfs: Properly wrap mount error
- lxd/storage/zfs: Properly wrap mount error
- lxd/task: Attempt to run tasks on schedule
- lxd/task/group: Move wait group Done() after g.running update to avoid race on task end
- Makefile: Include libraft and libco
- Makefile: Make it easier to build from tarball
- Makefile: Rename dist to _dist to avoid Go recursion
- Makefile: Update Github URLs
- shared: Don't open files to get their mode
- shared/container: Add IsNotEmpty to help with validation required fields
- shared/container: Add IsUnixUserID and IsOctalFileMode functions
- shared/osarch: Add more aliases
- shared/util: Remove BlockFsDetect as moved into device package
- tests: Add basic infiniband tests
- tests: Add nic bridged filtering tests for when DHCP is disabled
- tests: Add sleep for DHCP release tests for slower machines
- tests: Always pass -f to stop
- tests: Always use pg_num=1 during tests
- tests: Avoid ceph pool conflict
- tests: Avoid event forwarding race condition
- tests: Ensure SR-IOV tests remove all containers
- tests: Fix bridge tests detection of busybox udhcpc6 presence
- tests: Fix CEPH pool names
- tests: Fix proxy device unix tests on Ubuntu Eoan
- tests: Make shellcheck happy
- tests: Rename ct_name to ctName for consistent naming in NIC tests
- tests: Rename the proxy device tests to fit with other device tests
- tests: Update forkproxy tests
- tests: Update nic bridged filtering tests for non-IP addressed parent
- tests: Update NIC SR-IOV test to check for device reservation
- tests: Update NIC tests to check for volatile key cleanup
- tests: Update static_analysis.sh
- tests: Workaround race condition in image import event listener
試用環境 ¶
この新しい LXD リリースは私たちの デモサービス で利用できます。
ダウンロード ¶
このリリースの tarball は ダウンロードページ から取得できます。
ビルド済みバイナリーは次のように使えます:
- Linux: snap install lxd
- MacOS: brew install lxc
- Windows: choco install lxc
LXD 3.15 リリースのお知らせ¶
11th of July 2019
はじめに ¶
LXD チームは、LXD 3.15 のリリースをお知らせすることにとてもワクワクしています!
このリリースには、たくさんの重要な新機能と、LXD の色々な部分に渡る重要な内部的な実装の変更が含まれています。
大きなハイライトのひとつは、dqlite 1.0 ブランチへの移行で、クラスターとスタンドアローンユーザーの両方に、パフォーマンスと信頼性の向上をもたらすでしょう。この変更は、低レベルのデーターベース・レプリケーションロジックの多くが専用の C ライブラリに移動し、C と Go の間で行われるやりとりの量が大幅に削減されます。
ネットワーク面では、このリリースでは、ブリッジでの IPv4/IPv6 フィルタリングサポートの追加、SR-IOV デバイスでの MAC と VLAN フィルタリング、DHCP サーバ管理での大きな改善といった大きな改善がなされています。
また、既存の CPU、メモリ、GPU のレポート機能に加えて、ネットワークデバイスやストレージディスクの詳細を提供するリソース API の新バージョンを公開します。
このリリースで行われた多数のパフォーマンスの改良、小さな機能追加、バグフィックス以外ではこれですべてです。
Windows ユーザにとっては、Chocolatey パッケージマネージャー経由で入手できる最初の LXD リリースでもあります: choco install lxc
Enjoy!
主要な改良点 ¶
dqlite 1.0 への変更 ¶
分散 SQLite データーベースでの元の実装ですべての LXD サーバが稼働して 1 年以上経ちました。ついに LXD はその 1.0 ブランチに移行します。
これはユーザーにとってすぐに目に見える改善ではありませんが、外部依存性の数、データーベースの CPU とメモリ使用量を減少させます。また、クラスター実行時の問題のデバッグ、より複雑なデーターベース操作との統合も大幅に容易になります。
LXD 3.15 にアップグレードすると、ディスク上のデーターベースは自動バックアップの後に自動的に変換され、フォーマットが変更されます。クラスターユーザは、クラスターノード間のデーターベースクエリーに使われるプロトコルも変わります。このため、クラスターノードすべてが同時に更新され、新しいデーターベースに移行します。
DHCP リース処理の変更 ¶
これまで、LXD の DHCP 処理は非常に限定的でした。静的なリースのエントリを設定に書き、dnsmasq が実行されてそれを読み取ります。静的なリースを変更と削除を行うためには、かなりコストのかかる dnsmasq プロセスの再起動が必要です。
LXD 3.15 ではこの代わりに、現在の DHCP リーステーブルにの内容に基づいて、LXD 自身が DHCP リクエストを dnsmasq サーバーに投げます。これは、dnsmasq を再起動する必要なしに、コンテナの設定が変更されたときや、コンテナが削除されたときに、手動でリースを解放するのに使えます。
クラスターのハートビート処理の変更 ¶
これまで、クラスターリーダーは 10 秒間隔で全クラスターメンバーにメッセージを送り、時間とともにこれらのハートビートを拡散していました。ハートビートデーター自体は単なるデーターベースノードのリストであるため、全クラスターメンバーはデーターベースクエリーの送り先を認識できるようになっていました。
このメカニズムとは別に、全クラスターメンバーがバックグラウンドタスクを持ち、保留中の更新を検出するためにメンバー間のバージョンのミスマッチを定期的に探したり、クラスター化 DNS の再設定のためにメンバーリストや IP アドレスの変更を検出したりしていました。
大きなクラスターでは、これらの繰り返し行うタスクはコストが増大したり、不要なものだったりしました。
LXD 3.15 では、この内部ハートビートを拡張し、データーベースメンバーだけでなく、クラスターからの最新のバージョン情報と、全クラスターメンバーのステータスも含めるようにしました。これは、クラスターリーダーだけがそのデータを取得する必要があり、他の全メンバーは数分以内ではなく、10 秒以内にすべての一貫したデーターを持つことを意味します(更新チェックの場合のように)。
より良いシステムコールインターセプションフレームワーク ¶
LXD のシステムコールインターセプション機能では多くの作業が行われています。現在、liblxc と libseccomp 両方の git スナップショットと 5.0 以上のカーネルで実行しているシステムでは、mknod と mknodat をカバーしています。
この変更には、LXC 3.2 に先立って liblxc で API を変更するだけでなく、ShiftFS 上で動くコンテナの処理を修正し、近い将来に追加されるシステムコールをより簡単にインターセプトできるように共通ロジックを整理しました。
より信頼性の高い UNIX ソケットプロキシ ¶
proxy デバイスの追跡困難なバグが修正され、UNIX ソケットの転送が適切に処理されるようになりました。これは、接続検出の終了と切断イベントの転送に関係していました。
X11 や pulseaudio に対する proxy デバイスのユーザーは、過去に終了時に閉じないウィンドウや、その UNIX ソケットを使った新しいソフトウェアが起動できなくなることに気づいたかもしれません。この問題は解決したので、LXD でグラフィカルアプリケーションを実行する人たちの作業がずっと楽になるはずです。
新機能 ¶
SR-IOV 上のハードウェア VLAN, MAC フィルタリング ¶
security.mac_filtering と vlan プロパティが SR-IOV デバイス上で指定できるようになりました。これは、SR-IOV の Virtual Function(VF) 上の対応するオプションを直接コントロールするため、コンテナからの MAC スプーフィングを完全に防ぎます。VLAN の場合は、VF レベルでハードウェアフィルタリングを実行します。
root@athos:~# lxc init ubuntu:18.04 c1 Creating c1 root@athos:~# lxc config device add c1 eth0 nic nictype=sriov parent=eth0 vlan=1015 security.mac_filtering=true Device eth0 added to c1 root@athos:~# lxc start c1 root@athos:~# lxc list c1 +------+---------+------+-----------------------------------------------+------------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +------+---------+------+-----------------------------------------------+------------+-----------+ | c1 | RUNNING | | 2001:470:b0f8:1015:7010:a0ff:feca:e7e1 (eth0) | PERSISTENT | 0 | +------+---------+------+-----------------------------------------------+------------+-----------+
lxd-p2c に新たに storage-size オプションを追加 ¶
--storage-size オプションが追加されました。これは --storage オプションと一緒に使うと、コンテナが使うボリュームサイズを指定できます。
root@mosaic:~# ./lxd-p2c 10.166.11.1 p2c / --storage btrfs --storage-size 10GB
Generating a temporary client certificate. This may take a minute...
Certificate fingerprint: fd200419b271f1dc2a5591b693cc5774b7f234e1ff8c6b78ad703b6888fe2b69
ok (y/n)? y
Admin password for https://10.166.11.1:8443:
Container p2c successfully created
stgraber@castiana:~/data/code/go/src/github.com/lxc/lxd (lxc/master)$ lxc config show p2c
architecture: x86_64
config:
volatile.apply_template: copy
volatile.eth0.hwaddr: 00:16:3e:12:39:c8
volatile.idmap.base: "0"
volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
volatile.last_state.idmap: '[]'
devices:
root:
path: /
pool: btrfs
size: 10GB
type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""
カスタムボリュームに対する Ceph FS ストレージバックエンド ¶
Ceph FS が LXD のストレージドライバとして追加されました。使用はカスタムストレージボリュームに限定されていますので、Ceph FS 上にコンテナを置くことはできません。コンテナには Ceph RBD を使うことをおすすめします。
Ceph FS では、サーバー、サーバーの設定、クライアントのカーネルがサポートする場合は、サイズ制限(quota)とネイティブスナップショットサポートが使えます。
Ceph FS は、異なるホストにコンテナが配置されていても、同じカスタムボリュームを複数のコンテナに同時にアタッチできますので、Ceph を使っている LXD クラスターユーザーには最適です(RBD の場合はそうではありません)。
stgraber@castiana:~$ lxc storage create test cephfs source=persist-cephfs/castiana Storage pool test created stgraber@castiana:~$ lxc storage volume create test my-volume Storage volume my-volume created stgraber@castiana:~$ lxc storage volume attach test my-volume c1 data /data stgraber@castiana:~$ lxc exec c1 -- df -h Filesystem Size Used Avail Use% Mounted on /var/lib/lxd/storage-pools/default/containers/c1/rootfs 142G 420M 141G 1% / none 492K 4.0K 488K 1% /dev udev 7.7G 0 7.7G 0% /dev/tty tmpfs 100K 0 100K 0% /dev/lxd tmpfs 100K 0 100K 0% /dev/.lxd-mounts tmpfs 7.8G 0 7.8G 0% /dev/shm tmpfs 7.8G 156K 7.8G 1% /run tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 7.8G 0 7.8G 0% /sys/fs/cgroup [2001:470:b0f8:1015:5054:ff:fe5e:ea44]:6789:/castiana 47G 0 47G 0% /data
IPv4, IPv6 フィルタリング(スプーフィング防止)¶
頻繁に要求されていた機能として、MAC スプーフィングに加えて、適切に IPv4 と IPv6 フィルタリングも行うことがあります。
これにより、あるコンテナの root が他のアドレスを詐称したり、トラフィックをハイジャックしたり、接続の問題を引き起こすことなく、複数のコンテナが同じブリッジを共有できます。
他のコンテナの MAC アドレス、IP アドレスを詐称させないように、次のようなプロパティを nic デバイスに設定できます:
- security.mac_filtering=true
- security.ipv4_filtering=true
- security.ipv6_filtering=true
注意: このような設定を行うことは、単一のコンテナに複数の MAC アドレスを与えないとできないような、内部的なブリッジング・ネスティングを防ぎます。
stgraber@castiana:~$ lxc config device add c1 eth0 nic nictype=bridged name=eth0 parent=lxdbr0 security.mac_filtering=true security.ipv4_filtering=true security.ipv6_filtering=true Device eth0 added to c1 stgraber@castiana:~$ lxc start c1 stgraber@castiana:~$ lxc list c1 +------+---------+----------------------+----------------------------------------------+------------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +------+---------+----------------------+----------------------------------------------+------------+-----------+ | c1 | RUNNING | 10.166.11.178 (eth0) | 2001:470:b368:4242:216:3eff:fefa:e5f8 (eth0) | PERSISTENT | 0 | +------+---------+----------------------+----------------------------------------------+------------+-----------+
リソース API の変更(ホストハードウェア) ¶
リソース API(/1.0/resources)に多数の改良と既存のものの再設計を行いました。変更点は次の通りです:
- CPU
- NUMA ノードの報告の改良(コアごとになりました)
- 周波数レポートの改良(最小、現在値、ターボ周波数)
- キャッシュ情報のレポートの追加
- すべてのコア・スレッドトポロジーの追加
- ID の追加(pinning に使用)
- アーキテクチャー名の追加
- メモリー
- NUMA ノードのレポートの追加
- Hugepage トラッキングの追加
- GPU
- DRM 情報用のサブセクションの追加
- DRM ドライバーにバインドされていないカードの検出をするようになりました
- GPU SR-IOV レポートのサポート
- NIC
- イーサネットとインフィニバンドカードのレポートの追加
- SR-IOV のサポート
- ポートごとのリンク情報
- Disks
- ディスクレポートの追加
- バスタイプのレポート
- パーティションリスト
- ディスク識別子(ベンダー、WWN、...)
これに合わせて lxc info --resources コマンドを更新しました。
注意: このバージョンのリソース API は前のバージョンと互換性がありません。より複雑な(AMD Epyc のような)CPU トポロジーを適切に扱うために変更しなければならず、適切に後方互換性を保つようには行えませんでした。その結果、コマンドラインクライアントは resources_v2 API を検出し、それをサポートしないサーバーでは失敗します。
root@athos:~# lxc info --resources
CPUs (x86_64):
Socket 0:
Vendor: GenuineIntel
Name: Intel(R) Xeon(R) CPU E5-2695 v2 @ 2.40GHz
Caches:
- Level 1 (type: Data): 33kB
- Level 1 (type: Instruction): 33kB
- Level 2 (type: Unified): 262kB
- Level 3 (type: Unified): 31MB
Cores:
- Core 0
Frequency: 2814Mhz
NUMA node: 0
Threads:
- 0 (id: 0, online: true)
- 1 (id: 24, online: true)
- Core 1
Frequency: 2800Mhz
NUMA node: 0
Threads:
- 0 (id: 1, online: true)
- 1 (id: 25, online: true)
- Core 2
Frequency: 2652Mhz
NUMA node: 0
Threads:
- 0 (id: 2, online: true)
- 1 (id: 26, online: true)
- Core 3
Frequency: 2840Mhz
NUMA node: 0
Threads:
- 0 (id: 27, online: true)
- 1 (id: 3, online: true)
- Core 4
Frequency: 2613Mhz
NUMA node: 0
Threads:
- 0 (id: 28, online: true)
- 1 (id: 4, online: true)
- Core 5
Frequency: 2811Mhz
NUMA node: 0
Threads:
- 0 (id: 29, online: true)
- 1 (id: 5, online: true)
- Core 8
Frequency: 2710Mhz
NUMA node: 0
Threads:
- 0 (id: 30, online: true)
- 1 (id: 6, online: true)
- Core 9
Frequency: 2807Mhz
NUMA node: 0
Threads:
- 0 (id: 31, online: true)
- 1 (id: 7, online: true)
- Core 10
Frequency: 2805Mhz
NUMA node: 0
Threads:
- 0 (id: 32, online: true)
- 1 (id: 8, online: true)
- Core 11
Frequency: 2874Mhz
NUMA node: 0
Threads:
- 0 (id: 33, online: true)
- 1 (id: 9, online: true)
- Core 12
Frequency: 2936Mhz
NUMA node: 0
Threads:
- 0 (id: 10, online: true)
- 1 (id: 34, online: true)
- Core 13
Frequency: 2819Mhz
NUMA node: 0
Threads:
- 0 (id: 11, online: true)
- 1 (id: 35, online: true)
Frequency: 2790Mhz (min: 1200Mhz, max: 3200Mhz)
Socket 1:
Vendor: GenuineIntel
Name: Intel(R) Xeon(R) CPU E5-2695 v2 @ 2.40GHz
Caches:
- Level 1 (type: Data): 33kB
- Level 1 (type: Instruction): 33kB
- Level 2 (type: Unified): 262kB
- Level 3 (type: Unified): 31MB
Cores:
- Core 0
Frequency: 1762Mhz
NUMA node: 1
Threads:
- 0 (id: 12, online: true)
- 1 (id: 36, online: true)
- Core 1
Frequency: 2440Mhz
NUMA node: 1
Threads:
- 0 (id: 13, online: true)
- 1 (id: 37, online: true)
- Core 2
Frequency: 1845Mhz
NUMA node: 1
Threads:
- 0 (id: 14, online: true)
- 1 (id: 38, online: true)
- Core 3
Frequency: 2899Mhz
NUMA node: 1
Threads:
- 0 (id: 15, online: true)
- 1 (id: 39, online: true)
- Core 4
Frequency: 2727Mhz
NUMA node: 1
Threads:
- 0 (id: 16, online: true)
- 1 (id: 40, online: true)
- Core 5
Frequency: 2345Mhz
NUMA node: 1
Threads:
- 0 (id: 17, online: true)
- 1 (id: 41, online: true)
- Core 8
Frequency: 1931Mhz
NUMA node: 1
Threads:
- 0 (id: 18, online: true)
- 1 (id: 42, online: true)
- Core 9
Frequency: 1959Mhz
NUMA node: 1
Threads:
- 0 (id: 19, online: true)
- 1 (id: 43, online: true)
- Core 10
Frequency: 2137Mhz
NUMA node: 1
Threads:
- 0 (id: 20, online: true)
- 1 (id: 44, online: true)
- Core 11
Frequency: 3065Mhz
NUMA node: 1
Threads:
- 0 (id: 21, online: true)
- 1 (id: 45, online: true)
- Core 12
Frequency: 2603Mhz
NUMA node: 1
Threads:
- 0 (id: 22, online: true)
- 1 (id: 46, online: true)
- Core 13
Frequency: 2543Mhz
NUMA node: 1
Threads:
- 0 (id: 23, online: true)
- 1 (id: 47, online: true)
Frequency: 2354Mhz (min: 1200Mhz, max: 3200Mhz)
Memory:
Hugepages:
Free: 0B
Used: 171.80GB
Total: 171.80GB
NUMA nodes:
Node 0:
Hugepages:
Free: 0B
Used: 85.90GB
Total: 85.90GB
Free: 119.93GB
Used: 150.59GB
Total: 270.52GB
Node 1:
Hugepages:
Free: 0B
Used: 85.90GB
Total: 85.90GB
Free: 127.28GB
Used: 143.30GB
Total: 270.58GB
Free: 250.14GB
Used: 290.96GB
Total: 541.10GB
GPUs:
Card 0:
NUMA node: 0
Vendor: Matrox Electronics Systems Ltd. (102b)
Product: MGA G200eW WPCM450 (0532)
PCI address: 0000:08:03.0
Driver: mgag200 (5.0.0-20-generic)
DRM:
ID: 0
Card: card0 (226:0)
Control: controlD64 (226:0)
Card 1:
NUMA node: 1
Vendor: NVIDIA Corporation (10de)
Product: GK208B [GeForce GT 730] (1287)
PCI address: 0000:82:00.0
Driver: vfio-pci (0.2)
Card 2:
NUMA node: 1
Vendor: NVIDIA Corporation (10de)
Product: GK208B [GeForce GT 730] (1287)
PCI address: 0000:83:00.0
Driver: vfio-pci (0.2)
NICs:
Card 0:
NUMA node: 0
Vendor: Intel Corporation (8086)
Product: I350 Gigabit Network Connection (1521)
PCI address: 0000:02:00.0
Driver: igb (5.4.0-k)
Ports:
- Port 0 (ethernet)
ID: eth0
Address: 00:25:90:ef:ff:31
Supported modes: 10baseT/Half, 10baseT/Full, 100baseT/Half, 100baseT/Full, 1000baseT/Full
Supported ports: twisted pair
Port type: twisted pair
Transceiver type: internal
Auto negotiation: true
Link detected: true
Link speed: 1000Mbit/s (full duplex)
SR-IOV information:
Current number of VFs: 7
Maximum number of VFs: 7
VFs: 7
- NUMA node: 0
Vendor: Intel Corporation (8086)
Product: I350 Ethernet Controller Virtual Function (1520)
PCI address: 0000:02:10.0
Driver: igbvf (2.4.0-k)
Ports:
- Port 0 (ethernet)
ID: enp2s16
Address: 72:10:a0:ca:e7:e1
Auto negotiation: false
Link detected: false
- NUMA node: 0
Vendor: Intel Corporation (8086)
Product: I350 Ethernet Controller Virtual Function (1520)
PCI address: 0000:02:10.4
Driver: igbvf (2.4.0-k)
Ports:
- Port 0 (ethernet)
ID: enp2s16f4
Address: 3e:fa:1d:b2:17:5e
Auto negotiation: false
Link detected: false
- NUMA node: 0
Vendor: Intel Corporation (8086)
Product: I350 Ethernet Controller Virtual Function (1520)
PCI address: 0000:02:11.0
Driver: igbvf (2.4.0-k)
Ports:
- Port 0 (ethernet)
ID: enp2s17
Address: 36:33:bf:74:89:8e
Auto negotiation: false
Link detected: false
- NUMA node: 0
Vendor: Intel Corporation (8086)
Product: I350 Ethernet Controller Virtual Function (1520)
PCI address: 0000:02:11.4
Driver: igbvf (2.4.0-k)
Ports:
- Port 0 (ethernet)
ID: enp2s17f4
Address: 86:a4:f0:b5:2f:e1
Auto negotiation: false
Link detected: false
- NUMA node: 0
Vendor: Intel Corporation (8086)
Product: I350 Ethernet Controller Virtual Function (1520)
PCI address: 0000:02:12.0
Driver: igbvf (2.4.0-k)
Ports:
- Port 0 (ethernet)
ID: enp2s18
Address: 56:0a:5a:0c:e7:ff
Auto negotiation: false
Link detected: false
- NUMA node: 0
Vendor: Intel Corporation (8086)
Product: I350 Ethernet Controller Virtual Function (1520)
PCI address: 0000:02:12.4
Driver: igbvf (2.4.0-k)
Ports:
- Port 0 (ethernet)
ID: enp2s18f4
Address: 0a:a9:b3:21:13:8c
Auto negotiation: false
Link detected: false
- NUMA node: 0
Vendor: Intel Corporatio