LXD 4.15 has been released

4th of June 2021


The LXD team is very excited to announce the release of LXD 4.15!

This is an exciting release with new features for just about everyone.
The headline feature is no doubt the ability to hot add/remove network interfaces in LXD virtual machines, making it that much closer to our container experience.
But there are also various command line improvements, improved auditing capabilities and cluster features.


New features and highlights

Network interface hotplug in VMs

It's now possible to add up to 4 additional network interfaces to a running virtual machine.
Existing network interfaces can also be removed from a running virtual machine.

This relies on PCI hotplug and so requires the guest operating system to properly handle it.

Configurable shutdown timeout

A new configuration key core.shutdown_timeout that controls the number of minutes to wait for existing operations to complete when LXD is instructed to shutdown.

This allows to override the default of 5 minutes. It can be shortened in environments where interrupting long lasting lxc exec sessions isn't a problem. Or can be lengthened for environments where you do want all existing operations to complete prior to LXD exitting.

New persistent warnings (time skew, apparmor and virtiofsd)

Additional warnings have been added to the warnings API introduce in LXD 4.14.

Those are:

  • Cluster time skew detection (done through heartbeats)
  • Lack or broken AppArmor support
  • Lack or broken virtiofs support

The new warnings will show up in lxc warning list when appropriate and can be acknowledged with lxc warning ack. They will also clear once the source of the warning is gone (for example after running NTP on a system with a time skew).

Location field in /dev/lxd API

Guests with access to the /dev/lxd API can now find what server they're running on when running on top of a LXD cluster. This can be useful for the configuration of high availability services within the instance by allowing it to tell whether a peer is running on the same host or not (and so whether they would likely go down at the same time).

root@shell01:~# curl -s --unix-socket /dev/lxd/sock lxd/1.0 | jq .location

New type and name columns in lxc config trust list

Following the addition of the server certificate type in LXD 4.14. We've now reworked the output of lxc config trust list to show both the customizable name and type of each certificates.

stgraber@castiana:~$ lxc config trust list
|  TYPE  |        NAME        |  COMMON NAME   | FINGERPRINT  |          ISSUE DATE          |         EXPIRY DATE          |
| client | nsec-ansible01     | root@ansible01 | f256b2ab81a0 | Mar 21, 2021 at 6:50pm (UTC) | Mar 19, 2031 at 6:50pm (UTC) |
| client | stgraber-ansible01 | root@ansible01 | 58ea2754fe55 | Dec 16, 2020 at 3:07am (UTC) | Dec 14, 2030 at 3:07am (UTC) |
| server | abydos             | root@abydos    | 1a9ab6d52b76 | Dec 14, 2020 at 5:58pm (UTC) | Dec 12, 2030 at 5:58pm (UTC) |
| server | langara            | root@langara   | e3e4701ef455 | Dec 14, 2020 at 5:58pm (UTC) | Dec 12, 2030 at 5:58pm (UTC) |
| server | orilla             | root@orilla    | d015dc8484da | Dec 14, 2020 at 5:58pm (UTC) | Dec 12, 2030 at 5:58pm (UTC) |

Cluster members acting as database stand-by now visible

LXD clusters have the first 3 servers act as database servers, then the next 2 act as stand-by database servers with the remaining servers acting just as clients with the roles being dynamically switched in the cluster as machine go up and down.

None of that has changed but it's now possible to tell what servers are acting as stand-by database.
All servers that participate in the database now have the database flag set to YES in lxc cluster list, then running lxc cluster show will indicate either database or database-standby in the roles list.

lxc monitor --pretty now supported with lifecycle events

A compact version of lxc monitor --type=lifecycle is now available by using the --pretty flag, similar to what was already supported for --type=logging.

stgraber@castiana:~$ lxc monitor --type=lifecycle --pretty
INFO[06-04|13:34:46] Action: instance-restarted, Source: /1.0/instances/redoc

New --expire flag for lxc publish

A new --expire flag taking a timestamp is now available in lxc publish.
This is then used to override any expiry already present in the instance's image metadata.

Requestor now recorded in lifecycle events

Lifecycle events now have a new requestor section which provides the protocol and user information of whoever triggered the action.

location: none
  action: instance-restarted
    protocol: unix
    username: stgraber
  source: /1.0/instances/redoc
timestamp: "2021-06-04T13:33:05.33764627-04:00"
type: lifecycle

Proxy header support on main API endpoint

A new core.https_trusted_proxy configuration option was added which can be set to a comma separated list of IP addresses of reverse proxy servers fronting the LXD API.

With this, you can now have something like HAProxy in front of a LXD cluster, dispatching requests throughout the cluster while retaining the ability to see the client's IP address in LXD's logs.

Full swagger coverage of REST API

We're finally done adding metadata to our entire REST API and have deprecated the old markdown API documentation in favor of our Swagger specification.

The result can be seen here:

Complete changelog

Here is a complete list of all changes in this release:

Try it for yourself

This new LXD release is already available for you to try on our demo service.


The release tarballs can be found on our download page.

Binary builds are also available for:

  • Linux: snap install lxd
  • MacOS: brew install lxc
  • Windows: choco install lxc