LXD 4.8 has been released

12th of November 2020


The LXD team is very excited to announce the release of LXD 4.8!

This introduces vTPM and VirtioFS support, finishes our CGroup2 support and adds a few more useful features and improvements.

It also comes with much improved network and storage tracking and lifecycle to completely eliminate entire classes of race conditions as well as the usual pile of normal bugfixes.


New features and highlights

vTPM support

A new tpm device type was added with support for both containers and virtual-machines. This uses a persistent swtpm instance and exposes the usual /dev/tpmX device inside of the instance.

stgraber@castiana:~$ lxc config device add tpm1 tpm tpm path=/dev/tpm0
Device tpm added to tpm1
stgraber@castiana:~$ lxc config device add tpm2 tpm tpm path=/dev/tpm0
Device tpm added to tpm2
stgraber@castiana:~$ lxc start tpm1 tpm2

stgraber@castiana:~$ lxc list tpm
| NAME |  STATE  |          IPV4          |                      IPV6                       |      TYPE       | SNAPSHOTS |
| tpm1 | RUNNING | (eth0)    | fd42:4c81:5770:1eaf:216:3eff:fe95:4a5 (eth0)    | CONTAINER       | 0         |
| tpm2 | RUNNING | (enp5s0) | fd42:4c81:5770:1eaf:216:3eff:fe71:4323 (enp5s0) | VIRTUAL-MACHINE | 0         |

stgraber@castiana:~$ lxc exec tpm1 -- tpm2_gettestresult
status:   success
stgraber@castiana:~$ lxc exec tpm2 -- tpm2_gettestresult
status:   success

VirtioFS support for virtual machines

Until now LXD has been using 9p as the transport for both the agent config drive as well as for any additional path being exposed to the virtual machine using a disk device.

While reliable and generally well supported, 9p isn't exactly fast.
virtiofs is the new fast option for this and LXD is now exposing any attached drive through both 9p and virtiofs with the LXD agent using whichever is available inside the instance.

stgraber@castiana:~$ lxc init images:ubuntu/20.04/cloud vm1 --vm
Creating vm1
stgraber@castiana:~$ lxc config device add vm1 home disk source=/home/stgraber path=/mnt/virtiofs
Device home added to vm1
stgraber@castiana:~$ lxc start vm1
stgraber@castiana:~$ lxc exec vm1 bash
root@vm1:~# mkdir /mnt/9p
root@vm1:~# mount -t 9p lxd_home /mnt/9p/
root@vm1:~# dd if=/dev/zero of=/mnt/9p/test.img bs=4M count=100 conv=fdatasync
100+0 records in
100+0 records out
419430400 bytes (419 MB, 400 MiB) copied, 5.19642 s, 80.7 MB/s
root@vm1:~# dd if=/dev/zero of=/mnt/virtiofs/test.img bs=4M count=100 conv=fdatasync
100+0 records in
100+0 records out
419430400 bytes (419 MB, 400 MiB) copied, 0.831076 s, 505 MB/s

Full CGroup2 support

LXD has been functional on hybrid and full cgroup2 systems for quite some time but not all limits were necessarily applied when run under it. In fact most controllers would be reported as limited or unsupported on startup.

We have now improved this significantly by adding cgroup2 support for every one of the limits supported in LXD with the exception of:

  • swap priority and swap disabling (requires swappiness control)
  • network priority (requires net_prio controller)

As those two currently do not have a cgroup2 equivalent available in the latest Linux kernel. Once an equivalent solution is implemented, we'll be sure to use it.

We've also added daily tests on cgroup1, cgroup1 with swapaccount and cgroup2 to confirm that all our limits behave as expected:

rebase mode for zfs.clone_copy

This new option for ZFS storage pools tells LXD to track down the image the source instance was created from and use that as the origin of the new instance.

This means a larger disk usage as a result of the copy since it's effectively duplicating the on-disk delta that the source instance has with its image, however it also avoids tying the new instance with its source. This then allows deleting the source instance and reclaiming its disk usage rather than LXD having to keep the deleted dataset around because of the copy.

stgraber@castiana:~$ lxc launch images:ubuntu/20.04/cloud u1
Creating u1
Starting u1
stgraber@castiana:~$ sudo zfs list -t all -o name,origin castiana/lxd/containers/u1
NAME                        ORIGIN
castiana/lxd/containers/u1  castiana/lxd/images/0d8a2b851ecb4a2dfc6313cb8bae203f15c5ca51c3c80bc65b573224e7f59f59@readonly

stgraber@castiana:~$ lxc copy u1 u2
stgraber@castiana:~$ sudo zfs list -t all -o name,origin castiana/lxd/containers/u2
NAME                        ORIGIN
castiana/lxd/containers/u2  castiana/lxd/containers/u1@copy-e51ca348-32b5-4101-ac05-c656bf7c2a1e

stgraber@castiana:~$ lxc storage set default zfs.clone_copy false
stgraber@castiana:~$ lxc copy u1 u3
stgraber@castiana:~$ sudo zfs list -t all -o name,origin castiana/lxd/containers/u3
NAME                        ORIGIN
castiana/lxd/containers/u3  -

stgraber@castiana:~$ lxc storage set default zfs.clone_copy rebase
stgraber@castiana:~$ lxc copy u1 u4
stgraber@castiana:~$ sudo zfs list -t all -o name,origin castiana/lxd/containers/u4
NAME                        ORIGIN
castiana/lxd/containers/u4  castiana/lxd/images/0d8a2b851ecb4a2dfc6313cb8bae203f15c5ca51c3c80bc65b573224e7f59f59@readonly

In this example:

  • u1 is a normal container created as a copy from an image
  • u2 is a normal copy made from a snapshot of its source
  • u3 is a standalone copy, duplicating the entire data of u1 and the image
  • u4 is a rebased copy, duplicating the delta u1 has with the image

--reuse option in lxc snapshot and lxc storage volume snapshot

It's now possible to have lxc snapshot or lxc storage volume snapshot delete a pre-existing snapshot before creating a new snapshot with the same name.

stgraber@castiana:~$ lxc snapshot u1 foo
stgraber@castiana:~$ lxc snapshot u1 foo
Error: Add snapshot info to the database: This instance_snapshot already exists
stgraber@castiana:~$ lxc snapshot u1 foo --reuse

restarted lifecycle event

LXD logs lifecycle events as an easy way to track important state changes.
Up until now, an instance being restarted or getting restarted from within would log a stopped event followed by a started event.

This has now been replaced by a single restarted event, more accurately describing what's happened.

stgraber@castiana:~$ lxc monitor --type=lifecycle
location: none
  action: virtual-machine-restarted
  source: /1.0/virtual-machines/u2
timestamp: "2020-11-12T17:47:50.559795164-05:00"
type: lifecycle

Improved logging of user requests

LXD has been recording the requestor for all API calls in its log messages and in internal context data. However this was a bit limited due to not logging what protocol was used (unix, candid, tls) or being able to log the username when a request came over the unix socket.

This has now been fixed and a basic query will now log something like this:

  • DBUG[11-12|18:26:10] Handling method=GET url=/1.0 ip=@ protocol=unix username=stgraber
  • DBUG[11-12|23:26:59] Handling method=GET url=/1.0 ip=[2001:470:b0f8:1000:223:a4ff:fe01:16f]:48334 protocol=candid
  • DBUG[11-12|18:28:23] Handling method=GET url=/1.0 ip= protocol=tls username=390fdd27ed5dc2408edc11fe602eafceb6c025ddbad9341dfdcb1056a8dd98b1

Complete changelog

Here is a complete list of all changes in this release:

Try it for yourself

This new LXD release is already available for you to try on our demo service.


The release tarballs can be found on our download page.

Binary builds are also available for:

  • Linux: snap install lxd
  • MacOS: brew install lxc
  • Windows: choco install lxc