Linux Containers - LXD - ニュース

7th of May 2021

はじめに¶

LXD チームは LXD 4.14 のリリースをお知らせできることにとてもワクワクしています!

私たちにとっては少し短い開発サイクルでしたが、スタンドアローンとクラスターユーザーにとってすばらしい改善が行えたかなり忙しいサイクルでした。

Enjoy!

新機能とハイライト ¶

マネージドブリッジでの ACL サポート ¶

従来から存在するマネージドなブリッジでネットワーク ACL が使えるようになりました。

この機能は OVN ネットワークで使う場合とは少し異なります。通常のブリッジでトラフィックラベリングを使ったポートベースの ACL を実行する実用的な方法がなかったためです。

代わりに、1 つ以上の ACL をマネージドブリッジに結びつけ、それらの ACL をブリッジの入出力（egress/ingress）に結びつけることができます。ブリッジ内部のトラフィックはこれらの ACL の影響を受けません。

クラスターメンバー証明書 ¶

LXDは、各クラスターメンバーが他とは異なる自身のサーバー証明書を持ち、このサーバー証明書がメンバー間の通信に使われていることを確認します。

クライアントが使う API には、クラスターワイドの証明書が常に提供されているので、これで何かが変わるわけではありません。代わりに、この変更により、どのクラスターメンバーが特定のリクエストを送ったのかを簡単に検証できるようになり、以前のクラスターが削除された場合に、それ以上の通信を防ぐこともできるようになります。

注意: server.crt を直接使って、それが公開 TLS API と一致することを期待していた場合、クラスターでは当てはまりません。代わりに cluster.crt を使ってください。

クラスターメンバーの説明 ¶

クラスターメンバーに説明を設定できるようになりました。これは lxc cluter edit で編集でき、lxc cluster list で表示できます。

stgraber@castiana:~$ lxc cluster list
+---------+-------------------------------------+----------+--------------+----------------+----------------------+--------+-------------------+
|  NAME   |                 URL                 | DATABASE | ARCHITECTURE | FAILURE DOMAIN |     DESCRIPTION      | STATE  |      MESSAGE      |
+---------+-------------------------------------+----------+--------------+----------------+----------------------+--------+-------------------+
| abydos  | https://[2602:fd23:8:200::100]:8443 | YES      | x86_64       | default        | HIVE - top server    | ONLINE | Fully operational |
+---------+-------------------------------------+----------+--------------+----------------+----------------------+--------+-------------------+
| langara | https://[2602:fd23:8:200::101]:8443 | YES      | x86_64       | default        | HIVE - middle server | ONLINE | Fully operational |
+---------+-------------------------------------+----------+--------------+----------------+----------------------+--------+-------------------+
| orilla  | https://[2602:fd23:8:200::102]:8443 | YES      | x86_64       | default        | HIVE - bottom server | ONLINE | Fully operational |
+---------+-------------------------------------+----------+--------------+----------------+----------------------+--------+-------------------+

クラスタートークンを使ったクラスターへの参加 ¶

事前に参加するサーバーの証明書をクラスターに追加しておいたり、共有のトラストパスワードに依存する必要がある代わりに、新しいクラスターメンバー用の使い捨てのトークンを生成できるようになりました。

lxc cluster add を使って次のように行います:

root@vm01:~# lxc cluster add vm02
Member vm02 join token: eyJzZXJ2ZXJfbmFtZSI6InZtMDIiLCJmaW5nZXJwcmludCI6IjkxYjE5MmEwZDBiZGRmZjdhYzI1NDE2NWMxNTI4N2Q2OWEyYmFmZDVhMTlhMjExYTc5ZjJiMDYzMTQ2NDZmNDYiLCJhZGRyZXNzZXMiOlsiMTcyLjE3LjE2LjgwOjg0NDMiXSwic2VjcmV0IjoiNThlMjlhZDc4MWI5NjRmN2UxMzMxNDgyMjVhNTc1ODNhMWEyNDY3YmRkMmE0MGVlZmU5ZDc3YWVmYzc0MzNhMiJ9

そして、参加時に、次のように指定します:

root@vm02:~# lxd init
Would you like to use LXD clustering? (yes/no) [default=no]: yes
What name should be used to identify this node in the cluster? [default=vm02]: 
What IP address or DNS name should be used to reach this node? [default=172.17.16.81]: 
Are you joining an existing cluster? (yes/no) [default=no]: yes
Do you have a join token? (yes/no) [default=no]: yes
Please provide join token: eyJzZXJ2ZXJfbmFtZSI6InZtMDIiLCJmaW5nZXJwcmludCI6IjkxYjE5MmEwZDBiZGRmZjdhYzI1NDE2NWMxNTI4N2Q2OWEyYmFmZDVhMTlhMjExYTc5ZjJiMDYzMTQ2NDZmNDYiLCJhZGRyZXNzZXMiOlsiMTcyLjE3LjE2LjgwOjg0NDMiXSwic2VjcmV0IjoiNTg1YzVhZDFhMzI4Mjg5YTkwYjc2NGMzMWM4MDdkNGViYTNiMDM3MDQ5OWNlMjA2MjgxNzQwYWQ4YWM2OWQ1MiJ9
All existing data is lost when joining a cluster, continue? (yes/no) [default=no] yes

サーバー警告 ¶

ログファイルに警告を入れるだけでなく、API を通して警告を提供できるようになりました。現時点では、cgroup の警告だけが提供されますが、将来のリリースで少しずつ使用されていくようになるでしょう。

警告はクラスターワイドで追跡され、（LXD が解決したことを検出できる場合は）解決されると自己解決できます。そして、警告を確認してそれを黙らせることもできます。

stgraber@castiana:~$ lxc warning list
+--------------------------------------+---------------------------------------+--------+----------+-------+---------+----------+-----------------------------+
|                 UUID                 |                 TYPE                  | STATUS | SEVERITY | COUNT | PROJECT | LOCATION |          LAST SEEN          |
+--------------------------------------+---------------------------------------+--------+----------+-------+---------+----------+-----------------------------+
| 51526df0-b71b-41ca-8936-5c8c9298111c | Couldn't find the CGroup blkio.weight | NEW    | LOW      | 1     |         |          | May 7, 2021 at 5:40pm (UTC) |
+--------------------------------------+---------------------------------------+--------+----------+-------+---------+----------+-----------------------------+

stgraber@castiana:~$ lxc warning ack 51526df0-b71b-41ca-8936-5c8c9298111c
stgraber@castiana:~$ lxc warning list
+------+------+--------+----------+-------+---------+----------+-----------+
| UUID | TYPE | STATUS | SEVERITY | COUNT | PROJECT | LOCATION | LAST SEEN |
+------+------+--------+----------+-------+---------+----------+-----------+

stgraber@castiana:~$ lxc warning list -a
+--------------------------------------+---------------------------------------+--------------+----------+-------+---------+----------+-----------------------------+
|                 UUID                 |                 TYPE                  |    STATUS    | SEVERITY | COUNT | PROJECT | LOCATION |          LAST SEEN          |
+--------------------------------------+---------------------------------------+--------------+----------+-------+---------+----------+-----------------------------+
| 51526df0-b71b-41ca-8936-5c8c9298111c | Couldn't find the CGroup blkio.weight | ACKNOWLEDGED | LOW      | 1     |         |          | May 7, 2021 at 5:40pm (UTC) |
+--------------------------------------+---------------------------------------+--------------+----------+-------+---------+----------+-----------------------------+

バックアップとスナップショットのプロジェクトでの制限 ¶

バックアップとスナップショットを制御するための新たなプロジェクトにおける制限のプロパティが追加されました。

バックアップとスナップショットは、CPU 時間とディスク容量の両方でリソースを消費するので、全プロジェクトユーザーに使用許可を与えたくない場合もあるでしょう。

restricted.snapshotsとrestricted.backupsという設定をこれらの制御に使えます。これらはインスタンスとカスタムボリュームのスナップショット・バックアップの両方に適用され、スケジュールされたスナップショットにも影響します。

デバイス設定のユーザー定義キー ¶

デバイス設定内に user.XYZ という形式の設定を直接使えるようになりました。

stgraber@castiana:~$ lxc config device set cgroup2 root user.foo bar
stgraber@castiana:~$ lxc config device get cgroup2 root user.foo bar

LXD の API で、まだ user の名前空間が許可されていなかったのはここだけだったと思います。これが追加されたので、サードパーティーのツールが LXD オブジェクトに直接メタデータを追加するのが容易になるはずです。

さらなる自動生成の REST-API ドキュメント ¶

API に swagger メタデータを追加する作業がさらに進みました。インスタンスのエンドポイントの半分以上がカバーされ、残りのエンドポイントも近日中に追加される予定です。これでドキュメント化の残りはストレージ API だけになりました。

これは LXD 4.15 で完了するでしょう。

仮で生成したものがこちらにあります: https://dl.stgraber.org/swag-lxd/

すべての変更点（翻訳なし） ¶

このリリースでの完全な変更点のリストは次のとおりです:

すべてのChangeLog を見る

lxd/firewwall/drivers/drivers/nftables: Changes nftables to use a single inet table rather than separate ip and ip6 tables
test: Updates proxy tests to check nftables inet table
tests: Fix failure on 5.11 kernel
lxd/network/acl/driver/common: Improve error messages in d.validateRuleSubjects
lxd/network/acl/driver/common: Allow single IP addresses in source/destination subjects
lxd/network/driver/ovn: Renames logName var to logPrefix
lxd/network/acl/acl/ovn: Handle single IP in source/destination subjects
lxd/network/acl/acl/ovn: Renames logName arg to logPrefix in OVNApplyInstanceNICDefaultRules
lxd/firewall/drivers/drivers/xtables: Don't check for existing rule in iptablesAdd
lxd/firewall/drivers/drivers/xtables: Updates d.iptablesChainExists to return if chain has any rules
shared/validate/validate: Check IsNetworkPortRange range starts lower than end
forkexec: log more failures
Revert "lxd/firewall/drivers/drivers/xtables: Don't check for existing rule in iptablesAdd"
lxd/daemon/images: Adds imageDownloadLock function
lxd/daemon/images: Use d.imageDownloadLock in ImageDownload
lxd/daemon/images: Improve error messages in ImageDownload
lxd/instance: Improve error messages in instanceCreateFromImage
lxd/instance: Use d.imageDownloadLock in instanceCreateFromImage
lxd/firewall/drivers/drivers/xtables: Only add multiple instance <> instance NAT rules for proxy if connect port range used in InstanceSetupProxyNAT
lxd/firewall/drivers/drivers/xtables: Don't look for existing rules in iptablesAdd
lxd/firewall/drivers/drivers/nftables: Only add multiple instance <> instance NAT rules for proxy if connect port range used in InstanceSetupProxyNAT
lxd/network/acl/driver/common: Add check for incorrect use of mixed IP family subjects in validateRule
lxd/network/acl/driver/common: Improve IP family validation for ICMP
lxd/networks: Updates doNetworksCreate to skip network validation during pre-join phase
lxd/network/acl/driver/common: Fix typo
lxd/project: Only consider syscall interception as low-level
lxd/network/driver/bridge: Validate ACL options
lxd/firewall/firewall/interface: Adds NetworkApplyACLRules function
lxd/firewall/drivers/drivers/consts: Adds ACL field to Opts to indicate we should ready firewall setup for ACL rules
lxd/firewall/drivers/drivers/consts: Define ACLRule type
lxd/network/acl/acl/firewall: Adds ACL firewall helper functions
lxd/network/acl/acl/interface: Adds clientType to Update
lxd/network/acl/acl/load: Add Config field to NetworkACLUsage
lxd/network/acl/acl/load: Update NetworkUsage to return bridge and ovn networks
lxd/network/acl/driver/common: Modifies Update to support clientType arg
lxd/network/acls: Pass clientType to netACL.Update
lxd/network/driver/ovn: Populate acl.NetworkACLUsage Config field
lxd/network/driver/bridge: Set ACL field in fwOpts if ACLs specified
lxd/network/driver/bridge: Apply ACLs on network start
lxd/firewall/drivers/drivers/xtables: Add ACL support
lxd/firewall/drivers/drivers/nftables: NetworkApplyACLRules WIP
test: Adds container_devices_nic_bridged_acl test for bridge ACL tests with iptables and nftables
api: Adds network_bridge_acl extension
doc/networks: Adds security.acls* config keys for bridge networks
doc: Adds network ACLs limitations section and links to it from bridge security.acls config key
shared/simplestreams: Improve error messages
lxd/daemon/images: Improve error messages
client/simplestreams/images: Improve error messages
test/godeps.list: Adds github.com/pkg/errors
Renames container_devices_nic_bridged_acl test file to align with other tests
test: Fix Udhcpc6 detection for nic bridged acl tests
lxd: don't set device cgroup values for unpriv containers
lxd/storage: Re-introduce cluster distributino of volume snapshots
lxc/remote: Only update URL in set-url
lxd/instance/drivers: Don't overwrite template triggers
lxd/daemon/images: Removes unnecessary imagesDownloadingLock mutex
lxc: Fix help for string arguments
tests: Fix apply_template check
lxd/cluster/membership: Updates Bootstrap to generate new cluster certificate
lxd/util/encryption: Comment on LoadCert
lxd/util/encryption: Adds LoadClusterCert function
test: load cluster.crt not server.crt when bootstrapping a cluster
lxc-to-lxd: Fix TestConvertNetworkConfig loopback only test
lxd/db: Add cluster ToAPI
lxd: Switch to using GetNodes
lxd/cluster: Drop List function
tests: Update for current cluster messages
lxd/lxd: Prevent multiple routed NIC devices from using "auto" gateway mode
lxd/db: Add node ID to StorageVolumeArgs
lxd/storage/volumes/snapshots: Updates autoCreateCustomVolumeSnapshotsTask to always snapshot local custom volumes
lxd/storage/volumes/snapshots: Update autoCreateCustomVolumeSnapshots return value
lxd/storage/volumes/snapshots: Adds comments to autoCreateCustomVolumeSnapshots
lxd: Move image-refresh to /internal/testing/
test/suites: Use /internal/testing/image-refresh
lxc/storage_volume: Properly use cluster target
lxc/storage_volume: Add missing target
vm/qemu: configure spice using -spice parameter
lxd/storage_volume_snapshots: Fix cluster redirection
lxd/db/storage: Properly increment snapshots
lxd/storage_pools: Fix ordering of pool delete
lxd/endpoint: Retry binding on startup
lxd/instance/qemu: Move to query-cpus-fast
shared/api/certificate: Adds certificate type constants
lxd/db/certificates: Adds CertificateAPITypeToDBType and ToAPIType functions
lxd/db/certificates: Comment on Certificate
lxc: Switch to CertificateTypeClient constant
lxd: Switch to CertificateTypeClient constant
lxd-p2c/utils: Switch to CertificateTypeClient constant
lxd/util/encryption: Adds LoadServerCert function
lxd/certificates: updateCertificateCache error quoting consistency
lxd/certificates: Store certificateCache by certificate type
lxd/certificates: db.CertificateAPITypeToDBType usage and set certificate type to server
lxd/certificates: Comment ending consistency
lxd/daemon: Adds getTrustedCertificates function
lxd/daemon: Update Authenticate to use d.getTrusterCertificates
lxd/daemon: Comment ending consistency in Authenticate
lxd/daemon: Ensure d.clientCerts.Projects isn't accessed without a lock
tests: Removes use of -v flag for nc inside busybox
lxd/network/driver/bridge: Don't attempt to setup ipv6 firewall when no ipv6.address
lxd/swagger: Add NotFound response
lxd/snapshots: Fix multiple schedules
lxd/images: Ignore intervals on manual refreshes
api: Add warnings
shared/api: Add warning structs
lxd/db/cluster: Create warnings table
lxd/db: Add operation type OperationWarningsPruneResolved
lxd/db: Allow object retrieval by ID
lxd/db: Add getURIFromEntity
lxd/db: Add warning severity
lxd/db: Add warning types
lxd/db: Add warning status
lxd/db: Add warning functions
lxd: Add warnings endpoints
lxd: Prune resolved warnings
lxd: Add internal /testing/warnings endpoint
client: Add warning functions
lxc: Add warning sub-command
test: Add warnings test
po: Update translations
lxd/db: Fix typo in error
doc/rest-api: Refresh swagger YAML
doc/rest-api: Add warnings
lxd: Add function to resolve warnings by their type code
lxd/db: Add GetWarningsByType
lxd/db: Add CGroup warning types
lxd/cgroup: Replace Log() with Warnings()
lxd: Handle CGroup logging and warnings in daemon
lxd/util/http: Fix CheckTrustState to block access for revoked certificates that were formerly trusted
lxd/certificates: Adds comment about the importance of a check related to CA mode in certificatesPost
test: Remove trusted remote before checking adding untrusted remote
test: Don't use CA PKI generated server certs for LXD
test/deps: Removes alternative pre-generated server cert and key
test: Remove LXD_ALT_CERT
test: Update PKI tests to comply with expectations of revocation behaviour
lxd/ip: Add ip package
lxd/device: Replace ip command with ip package
lxd: Replace ip command with ip package
lxd/network: Replace ip command with ip package
lxd/openvswitch: Replace ip command with ip package
tests: Add ip package to static_analysis test
lxd/networks/utils: Log forkdns refresh task starting in networkUpdateForkdnsServersTask
lxd/db/node: Adds certificates table to local database
lxd/db/certificates: Adds GetCertificates function
lxd/db/certificates: Adds ReplaceCertificates function
lxd/db/certificates: Adds DeleteCertificateByNameAndType function
lxd/certificates: Fix import ordering
lxd/certificates: Updates updateCertificateCache to handle per-certificate upgrade
Revert "lxd/instance/qemu: Move to query-cpus-fast"
lxd/certificates: Adds updateCertificateCacheFromLocal function
lxd/certificates: Notify other cluster members of certificate update in doCertificateUpdate
lxd/certificates: Notify other cluster members of certificate deletion in certificateDelete
lxd/certificates: Allow certificate type change in doCertificateUpdate
lxd/certificates: cluster.ErrCertificateExists and serverCert usage in certificatesPost
lxd/daemon: Adds serverCert and serverCertInt vars
lxd/daemon: Updates State to populate serverCert
lxd/daemon: Load trusted server certs from local DB on startup using updateCertificateCacheFromLocal
lxd/daemon: Refresh cached trusted certificates when heartbeat node count changes in NodeRefreshTask
lxd/daemon: Pass d.serverCert and networkCert to startClusterTasks Add
lxd/daemon: Updates Authenticate to check trusted server certs
lxd/state: Updates NewState to have a serverCert and updateCertificateCache arg
lxd/state: Update tests with NewState usage
lxd/util/http: Updates CheckTrustState to use networkCert argument
lxd/cluster/notify: Update NewNotifier to accept networkCert and serverCert args
lxd/cluster/tls: Update tlsClientConfig to accept networkCert and serverCert
lxd/cluster/tls: Updates tlsCheckCert to accept networkCert and serverCert
lxd/cluster/connect: Adds ErrCertificateExists var
lxd/cluster/connect: Updates Connect to accept networkCert and serverCert args
lxd/cluster/connect: Updates SetupTrust to accept serverName arg
lxd/cluster/connect: Adds UpdateTrust function
lxd/cluster/connect: Updates HasConnectivity to accept networkCert and serverCert
lxd/cluster/events: Updates events functions to accept networkCert and serverCert
lxd/cluster/gateway: Store networkCert and serverCert in Gateway and update NewGateway
lxd/cluster/gateway: Updates HandlerFuncs to accept trustedCerts function
lxd/cluster/gateway: HasConnectivity usage
lxd/cluster/gateway: Update Reset to handle networkCert
lxd/cluster/gateway: tlsClientConfig usage
lxd/cluster/gateway: loadInfo usage
lxd/cluster/heartbeat: tlsClientConfig in Send and Heartbeat
lxd/cluster/upgrade: Updates NotifyUpgradeCompleted with networkCert and serverCert args
lxd/cluster/membership: Adds EnsureServerCertificateTrusted function
lxd/cluster/membership: Updates Bootstrap to store serverCert in trusted certificates table
lxd/cluster/membership: Update Join to handle per-server certificates
lxd/cluster/membership: Updates notifyNodesUpdate to handle serverCert
lxd/cluster/membership: HasConnectivity usage
lxd/cluster/membership: Update Purge to remove trusted server certificate
lxd/cluster: Update tests to work with changes
lxd/api: d.gateway.HandlerFuncs usage
lxd/api/cluster: Updates clusterPutJoin to handle per server certificates
lxd/api/cluster: d.gateway.Reset usage
lxd/api/cluster: Call updateCertificateCache in clusterNodeDelete after certificate removed
lxd/api/cluster/test: server name as cert name
lxd/main/init: state.NewState usage
lxd/main/init/interactive: cluster.SetupTrust usage and serverCert naming for consistency
lxd: cluster.NewNotifier usage
lxd: cluster.Connect and related function usage
lxd/patches: Adds patchClusteringServerCertTrust
doc/clustering: Update guide to show that cluster.crt on bootstrap member should be used
test: Add check for trusted server certificate removal on cluster member removal
test: Update table count check to account for local certificates table
lxd/firewall/drivers/drivers/nftables: Require kernel version >= 5.2 to allow support for inet table NAT rules
test/suites: Update warning tests
lxd/images: Specify image type during distribution
client/connection: Correct HTTPs to HTTPS in ConnectPublicLXD
lxd/operations: Clarify return values in comment on Render
lxd/db/operations: Adds GetOnlineNodesWithRunningOperationsOfType function
lxd/operations: Adds operationCancel function
lxd/operations: Adds operationsGetByType function
lxd/images: Updates imageValidSecret to accept projectName and opType arguments
lxd/images: projectName argument in createTokenResponse
lxd/images: imageValidSecret usage
lxd/operations: Updates operationsGet to use projectName when retrieving remote operations
lxd/operations: Updates operationsGetByType to use projectName when retrieving remote operations
lxd/instances: Swagger for logs
lxd/instances: Update error message
lxd/instances: Swagger for files
doc/rest-api: Refresh swagger YAML
lxc/warning: Fix argument parsing
lxc/warning: Fix usage and comments
i18n: Update translation templates
lxd/project: Add AllowBackupCreation and AllowSnapshotCreation
lxd/projects: Add restricted.backups and restricted.snapshots
lxd: Support for restricted.backups and restricted.snapshots
api: projects_restricted_backups_and_snapshots
doc/projects: Add restricted.backups and restricted.snapshots
shared/api: Add swagger metadata for instance exec
lxd/instances: Swagger for exec
lxd/swagger: Fix json name of metadata
shared/api: Add swagger metadata for instance state
lxd/instances: Swagger for state
shared/api: Add swagger metadata for instance console
lxd/instances: Swagger for console
shared/api: Add swagger metadata for instances
lxd/instances: Swagger for instance
doc/rest-api: Refresh swagger YAML
lxd/instance/qmp: Switch to query-cpus-fast
lxd/apparmor: Respect LXD_OVMF_PATH
lxd/daemon: Improved logging in NodeRefreshTask
lxd/db/operations: Import ordering
lxd/db/operations/types: Adds OperationClusterJoinToken type
lxd/db/operations: Replace GetOnlineNodesWithRunningOperationsOfType with GetOperationsOfType
lxd/operations: Updates operationCancel with correct remote address
lxd/operations: Fixes operationsGetByType to filter operations by type correctly
lxd/node/raft/test: Corrects typo
api: Adds clustering_join_token extension
shared/api/cluster: Adds ClusterMembersPost type
shared/api/cluster: Adds ClusterMemberJoinToken type
lxd/api/cluster: Adds clusterNodesPost handler
client/interfaces: Adds CreateClusterMember function to interface
client/lxd/cluster: Adds CreateClusterMember function
lxc/cluster: Add lxc cluster add command
lxd/certificates: Adds clusterMemberJoinTokenValid and clusterMemberJoinTokenDecode functions
lxd/certificates: Updates certificatesPost to check supplied password against active cluster join token operations
lxd/main/init/interactive: Adds join token support to askClustering
lxc/cluster: Adds cluster list-tokens command
lxc/cluster: Adds clusterJoinTokenOperationToAPI function
lxd/operations: Updates OperationClass.String() to use constants from shared/api
shared/api/operations: Adds operation class name constants
doc/clustering: Adds details on using the join token during adding cluster members
i18n: Update translation templates
test: Adds overridable join secret to spawn_lxd_and_join_cluster
test: Adds join token tests to clustering_membership
test: Increase the offline thresholds to above 12 as heartbeat interval is hardcoded to 10
doc/rest-api: Refresh swagger YAML
Makefile: Set GO111MODULE=on for update-api swagger build
shared/api: Fix snapshot structs
lxc/config: Update following InstanceSnapshotPut fix
shared/api: Add swagger metadata for instance snapshots
lxd/instances: Swagger for snapshots
doc/rest-api: Refresh swagger YAML
i18n: Update translations from weblate
shared/units: Add GetByteSizeStringIEC
lxc/project: Use IEC units in info
api: clustering_description
shared/api: Add cluster member description
lxd: Expose cluster member description
lxc/cluster: Tweak cluster list, add description
Revert "test: Increase the offline thresholds to above 12 as heartbeat interval is hardcoded to 10"
api: Adds description back for clustering_join_token extension
lxd/images: Dont log error in autoSyncImagesTask when not clustered
lxd/images: Make logging consistent in autoSyncImagesTask
lxd/db/node: Display last heartbeat time in ToAPI
tests: Update for project info change
lxc: Add -f as shorthand for --format
lxd/devices: Allow user.XYZ
lxd/db/node: Updates SetNodeHeartbeat to return ErrNoSuchObject if row doesn't exist to be updated
lxd/db/query/retry: Use errors.Cause in Retry
lxd/cluster/heartbeat: Single call to time.Now() in heartbeat
lxd/cluster/heartbeat: Fixes bug in heartbeat that causes heartbeat round to be discarded if member removed during round
lxd/cluster/heartbeat: Keep error handling from g.currentRaftNodes together
lxd/cluster/heartbeat: Error logging consistency
lxd/cluster/heartbeat: Use contextual logging
lxd/cluster/events: Improve logging consistency in eventsUpdateListeners
lxd/task/group: Adds context arg to Start
lxd/task/start: Add context arg to Start
lxd/task: Start context usage
lxd/daemon: Updates Start functions usage by passing daemon context
lxd/images: Improve logging in imageSyncBetweenNodes
test: Add lxc cluster list before comparison in test_clustering_handover for visibility into cluster state
test: Separate stop and publish commands in test_clustering_image_replication

試用環境 ¶

この新しい LXD リリースは私たちのデモサービスで利用できます。

ダウンロード ¶

このリリースの tarball はダウンロードページから取得できます。

ビルド済みバイナリーは次のように使えます:

Linux: snap install lxd
MacOS: brew install lxc
Windows: choco install lxc

Contents

LXD 4.14 リリースのお知らせ

LXD 4.14 リリースのお知らせ ¶