LXD 5.21.0
·
3079 commits
to main
since this release
lxd-5.21.0
tomponline
Tom Parrott
This tag was signed with the committer’s verified signature.
tomponline
Tom Parrott
761d134
This commit was signed with the committer’s verified signature.
tomponline
Tom Parrott
Announcement
https://discourse.ubuntu.com/t/lxd-5-21-0-lts-has-been-released/42476
What's Changed
- github: add Canonical CLA check by @simondeziel in #12665
- doc: clarify some wording around the license by @ru-fu in #12673
- doc/backup: improve linking between pages and mention
--refreshby @ru-fu in #12697 - doc: small doc fixes by @ru-fu in #12676
- doc/security: include info on privileged/unprivileged containers by @ru-fu in #12695
- build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 by @dependabot in #12690
- build(deps): bump golang.org/x/crypto from 0.15.0 to 0.17.0 in /test/mini-oidc by @dependabot in #12689
- build(deps): bump actions/upload-artifact from 3 to 4 by @dependabot in #12683
- Clarify restricted.containers.privilege config option by @roosterfish in #12604
- doc: add sudo to set lxd ui.enable=true by @ggouzi in #12707
- Refer to licenses using their proper SPDX identifiers by @simondeziel in #12677
- Clarify optimized volume refresh by @roosterfish in #12720
- License Go SDK client as Apache-2.0 by @tomponline in #12731
- GitHub push event base ref by @markylaing in #12709
- lxc/move: Only use server-side move when dealing with a single server by @MusicDin in #12675
- lxd/instance/qemu: Start using seabios as CSM firmware by @mihalicyn in #12736
- Prevent live migration of instances with custom volumes by @MusicDin in #12733
- shared/idmap: handle "both" idmappings in raw.idmap properly by @mihalicyn in #12718
- test: Add exec exit code test by @MusicDin in #12714
- Task: Remove unnecessary calls to defer g.mu.Unlock() by @tomponline in #12710
- Allow configuring OVN SSL settings through server configuration by @simondeziel in #12638
- Use rsync flags consistently for local and remote copy by @roosterfish in #12715
- Stop dead client connection from blocking instance snapshot / remove by @gabrielmougard in #12702
- Tighten up QEMU Apparmor profile by @simondeziel in #12687
- lxd: Add support for apparmor unconfined profile mode by @alexmurray in #12713
- Remove deprecated instance config option limits.network.priority by @MusicDin in #12735
- doc: decode the objects.inv file by @ru-fu in #12701
- Fix typos in code comments and make it clear that
zfs.blocksizeis in bytes by @simondeziel in #12671 - doc/projects: clarify restricted.devices.disk by @ru-fu in #12613
- Make it clear that CCW devices (s390x) don't have device bus nor bus address by @simondeziel in #12669
- Use
cloud-initto enablelxd-agenton Ubuntu releases before20.04by @simondeziel in #12680 - Removes AGPL imports from shared package by @tomponline in #12740
- lxd/init: Add support for storage volumes in preseed init by @megheaiulian in #12426
- doc: Add paragraph on how to delete images by @ggouzi in #12711
- Makefile: stop pinning openfga/go-sdk by @simondeziel in #12688
- test/lint: Always fetch the target branch if it cannot be found. by @markylaing in #12741
- Add metrics for stopped instances by @simondeziel in #12639
- doc/api-extensions:
security.devlxdapplies to both containers and VMs by @simondeziel in #12747 - Apply the
snapshots.patternoption for manual custom volume snapshot by @gabrielmougard in #12717 - lxdmetadata: support for multiple entities comments by @gabrielmougard in #12642
- feat: annotate codebase for storage config options by @gabrielmougard in #12645
- Remove
images:remote by @MusicDin in #12748 - Indicate supported instance types when querying /1.0 by @MusicDin in #12662
- README: provide links to some recommended managements tools for LXD by @simondeziel in #12749
- Ceph RBD: Restore the filesystems UUID on the volume by @roosterfish in #12745
- Force SeaBIOS instead of OVMF-based firmware & some firmware lookup logic changes by @mihalicyn in #12750
- Show mounted status of disks and partitions by @masnax in #12537
- doc: enable multiprocessing for pyspelling by @ru-fu in #12751
- Improve
test/lint/golangciscript by @simondeziel in #12753 - doc: use all processors for spelling check by @ru-fu in #12757
- build(deps): bump actions/dependency-review-action from 3 to 4 by @dependabot in #12758
- test/lint: Treat GITHUB_BEFORE as a revision. by @markylaing in #12759
- Scrape interval by @ru-fu in #12763
- Replace deprecated HasExtension checks by @MusicDin in #12764
- shared: Add helper for obtaining a CertInfo struct by @masnax in #12767
- OIDC fixes (without encryption) by @markylaing in #12766
- lxc/cluster: update restore help text for --force by @simondeziel in #12772
- Doc improvements (config option index and build speedup) by @ru-fu in #12770
- github: Pin MinIO to the version before ServiceV2 API by @roosterfish in #12782
- lxdmetadata: connect a substitution database by @gabrielmougard in #12776
- Restore the VM's filesystem volume on LVM and Ceph RBD by @roosterfish in #12777
- github: Pin microceph to quincy edge by @tomponline in #12786
- Indicate LTS version in
lxc versionby @MusicDin in #12785 - github: exempts Apache-2.0 contributions from CLA signing by @simondeziel in #12790
- Fix in-cluster storage volume refreshes by @roosterfish in #12778
- Makefile: Removes unnecessary pins of go deps by @tomponline in #12794
- Golangci whole files by @markylaing in #12791
- doc/installing: 5.0 is the last LTS release shipping lxd.migrate by @simondeziel in #12783
- github: check DCO last as it fails on big PRs by @simondeziel in #12796
- golangci: Remove/update some overly-pedantic revive lint rules. by @markylaing in #12797
- Advertise snap sources by @simondeziel in #12798
- Ceph RBD: Regenerate the FS UUID for filesystem volumes only by @roosterfish in #12805
- github: consistently use set -eux in all script snippets by @simondeziel in #12793
- Revert database on joining node if cluster join fails by @masnax in #12811
- Document that the
certificatefield is base64 onPOST /1.0/certificatesby @markylaing in #12812 - doc: update minimum and recommended requirements by @simondeziel in #12819
- Encrypt OIDC cookies by @markylaing in #12628
- Convert the
certificatestable into anidentitiestable. by @markylaing in #12807 - simplestreams: Fix regression when parsing indexes that contain both combined and non-combined variants by @tomponline in #12829
- doc: additional options recommended for running Docker by @ru-fu in #12833
- Remove Candid authentication and RBAC authorization by @markylaing in #12830
- github: update CI to run most tests with Go 1.21 with build/compat test with 1.20 by @simondeziel in #12822
- Add patch to remove
block.*settings from LVM and Ceph RBD block volumes by @roosterfish in #12813 - Instance: fix linting issues in the instance drivers by @gabrielmougard in #12841
- lxd: Remove RBAC and Candid config keys (patch). by @markylaing in #12839
- github: drop DCO check now that we have the DCO app enabled by @simondeziel in #12842
- Doc: update versioning scheme and snap channels by @ru-fu in #12837
- doc: fix extraction of version number by @ru-fu in #12845
- Auth: TLS driver should return a false permission checker when client is restricted. by @markylaing in #12848
- Auth: Identity cache by @markylaing in #12816
- doc: no need to sudo for snap info by @sparkiegeek in #12851
- Various linter fixes by @roosterfish in #12852
- github: ask bug reporters to provide the list of relevant snaps by @simondeziel in #12857
- Hide read errors from proxies by @MusicDin in #12855
- test/suites: Ensure restricted certs cannot view storage pool config. by @markylaing in #12850
- Instance: Do not check for
size.stateduring live migration if VM is backed by shared storage by @gabrielmougard in #12821 - lxd/storage/drivers/generic_vfs: Return if the right file was found by @roosterfish in #12859
- Auth: Candid RBAC removal follow up. by @markylaing in #12860
- test/lint: Temporarily remove
--whole-filesflag. by @markylaing in #12861 - Auth: Add OIDC identities to identity cache and extract identity provider groups by @markylaing in #12827
- Auth: Add an "entity type" representation that can be used everywhere. by @markylaing in #12853
- Add support for
loki.instancefrom Incus by @simondeziel in #12876 - Add API instructions for the server/client section by @ru-fu in #12858
- Auth: Use email address as identifier for OIDC users. by @markylaing in #12875
- Smaller lxc and lxd-migrate binaries by @simondeziel in #12883
- Smaller clients bis by @simondeziel in #12886
- Storage: Support passing down extra information to drivers by @roosterfish in #12871
- Instance: Handle SELinux for VM LXD agent by @MusicDin in #12881
- Storage: Don't use storage name when creating source snapshots by @roosterfish in #12888
- gomod: Update dependencies by @tomponline in #12889
- Auth: Replace authorization objects with entity types and URLs. by @markylaing in #12872
- Doc: Add some device examples by @ru-fu in #12880
- Dependabot and labeler update by @simondeziel in #12890
- github: run tests (minus code-tests) with Go 1.22 by @simondeziel in #12878
- Instance: Temporarily host the instance type preset files on Github by @tomponline in #12896
- lxd-generate: Return helpful error instead of panicking. by @markylaing in #12897
- Storage: Populate custom volume snapshot creation date by @roosterfish in #12893
- doc/instances: update links to instance type lists by @ru-fu in #12898
- Storage: Set
volatile.uuidfor all volumes and snapshots by @roosterfish in #12840 - DB: Refactor entity URL methods by @markylaing in #12899
- doc/profiles: link to instance configuration by @ru-fu in #12901
- Replace
madminSDK withmcCLI shim by @masnax in #12879 - Storage: Fix regression when copying VMs by @roosterfish in #12902
- test: Check whole codebase for non-permissive imports by @tomponline in #12905
- Project: Don't panic on
StorageVolumePartsby @roosterfish in #12906 - Storage: Pass a
VolumeCopytogenericVFSCopyVolumeby @roosterfish in #12908 - Move entity package back to shared by @markylaing in #12911
- Storage: Move snapshot comparison logic into the driver by @roosterfish in #12910
- Remove more container runtimes from GitHub runners by @simondeziel in #12915
- Storage: Reuse the driver's snapshot comparison after import by @roosterfish in #12916
- Storage: Update instance volume config when saving file by @roosterfish in #12917
- Add device parameter for importing instance command by @Shu-Duan in #12144
- Storage: Set the volume UUIDs consistently by @roosterfish in #12904
- VM instance's UEFI variables manipulation support by @mihalicyn in #12870
- README: fix link to translations on Weblate by @simondeziel in #12918
- Add Dell PowerFlex storage driver by @roosterfish in #12304
- doc/requirements: ZFS 2.1 or higher is required by @simondeziel in #12922
- doc/getting started: update how to access the UI by @ru-fu in #12924
- Auth: Ensure the default config expiry interval is set. by @markylaing in #12925
- Storage: Clone PowerFlex volume copies by default by @roosterfish in #12923
- DB: Move db functions to ClusterTx by @masnax in #12754
- Qemu: Revert linter fix by @roosterfish in #12929
- Doc: Add API instructions to instances how-tos by @ru-fu in #12831
- Auth: Expand certificate/image fingerprints and handle effective projects in authorization check. by @markylaing in #12873
- Storage: Also use
VolumeCopystruct for migrations by @roosterfish in #12931 - scripts/bash/lxd-client: add bash completion for
lxc config uefiby @simondeziel in #12932 - Doc: small fixed to Powerflex documentation by @ru-fu in #12930
- Doc: Howto loki by @escabo in #12913
- Instance: Allow a stateful VM to be started even if its root disk
size.stateparameter is not set by @gabrielmougard in #12912 - doc/images: minify .png by @simondeziel in #12936
- lxd/rsync: Remove apparmor profile after finishing rsync send by @masnax in #12927
- Storage: Always use default block.filesysem for VM config volumes by @masnax in #12938
- Doc: add API instructions for images by @ru-fu in #12934
- lxd: Fix incorrect network device attach warnings by @tomponline in #12939
- Storage: Fix block volume patch by @roosterfish in #12941
- Instance: Fix device override issues during import by @tomponline in #12942
- Instance: Check if VM is running earlier to prevent etag errors when setting UEFI vars by @tomponline in #12943
- Doc: Mention that SVG/PNG are preferred in CONTRIBUTING by @simondeziel in #12937
- Storage: Pass right volume name when refreshing custom volumes by @roosterfish in #12946
- doc/images: quote command containing asterisk by @ru-fu in #12944
- client: Add API extension check for instance import with device override support by @tomponline in #12952
- Instance: Initialise UEFI vars NVRAM on first access if needed by @tomponline in #12954
- DB: Fix query for profile URLs by project name. by @markylaing in #12958
- DB: Adds database representation of
server,network_zone, andimage_aliasentity types. by @markylaing in #12959 - DB: Preemptively fix schema update unit test. by @markylaing in #12960
- CI improvements by @simondeziel in #12962
- github: switch to canonical/has-signed-canonical-cla@main by @simondeziel in #12963
- Instance: Set
migration.stateful=truebe default when creating a new VM by @gabrielmougard in #12832 - lxd/apparmor/pyuefivars: allow reading bin/ directory by @simondeziel in #12965
- doc: remove old reference to liblxc 4.0.0 being supported by @simondeziel in #12964
- Prepare for lxd-benchmark to not be shipped in the snap by @simondeziel in #12956
- Drop offending legacy config names for syscall filtering by @simondeziel in #12947
- test: Increase minio storage bucket test file size to 5MB by @tomponline in #12969
- Auth: Correctly return authentication error. by @markylaing in #12970
- doc/api: pin Swagger version by @ru-fu in #12973
- doc/instances: clarify how to override device options during creation by @ru-fu in #12972
- Auth: Notify cluster members of new or updated OIDC identities by @markylaing in #12966
- gomod: Update dependencies and switch minimum version to go 1.21 by @tomponline in #12971
- lxd/db: Don't propagate expected errors by @masnax in #12977
- Set minimum Go version to 1.21.5 to accomodate forthcoming openga package by @tomponline in #12979
- Auth: Authorization APIs by @markylaing in #12914
- DB: Clarify entity URL to ID SQL queries. by @markylaing in #12980
- VM: Don't leak file descriptor when probing for Direct I/O support by @tomponline in #12981
- API: Change
authorization_apisextension name toaccess_management. by @markylaing in #12987 - github: don't test against go-tip on push events by @simondeziel in #12991
- doc/howto/migrate_from_lxc: 5.0 is the last LTS release shipping lxd.lxc-to-lxd by @simondeziel in #12990
- DB: Add columns to identities table for auditing. by @markylaing in #12982
- Auth: Set OIDC relying party HTTP client to comply with proxy configuration. by @markylaing in #12985
- Storage: Pass custom storage volume snapshots in the right order by @roosterfish in #12983
- DB: Fix query for storage volume snaphot by @markylaing in #13006
- Images: Fix potential race condition, improve error message and context support by @tomponline in #13009
- API: Ensure request project name isn't passed to storage layer directly by @tomponline in #13014
- Storage: remove reference to "ceph.osd.force_reuse" by @hamistao in #13016
- API: Ensure source project name isn't passed to storage layer directly when copying/refreshing volumes by @tomponline in #13026
- Migration: Accept offered rsync features for
BLOCK_AND_RSYNCby @roosterfish in #13030 - build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 by @dependabot in #13025
- build(deps): bump github.com/minio/minio-go/v7 from 7.0.67 to 7.0.68 by @dependabot in #13024
- build(deps): bump github.com/osrg/gobgp/v3 from 3.23.0 to 3.24.0 by @dependabot in #13023
- Auth: Fix entitlement for group list request. by @markylaing in #13034
- Revert Migration: Accept offered rsync features for BLOCK_AND_RSYNC by @roosterfish in #13037
- Github: Pin minio to RELEASE.2024-02-24T17-11-14Z to unblock edge builds by @tomponline in #13039
- Auth: Handle dangling permissions by @markylaing in #12992
- Container: Remove LXD 3.7 rsync feature exception when doing live migration by @roosterfish in #13041
- Migration: Accept offered rsync features for BLOCK_AND_RSYNC (v2) by @roosterfish in #13040
- Use latest minio in test suite by @masnax in #13046
- Auth: Fix query when setting the IdP group mapping by @markylaing in #13043
- lxd-metadata: Annotate codebase for
pcidevice config keys by @gabrielmougard in #13013 - Set minimum Go version to 1.22.0 to accomodate OpenFGA. by @markylaing in #13042
- github: add codeql config to run on PRs by @simondeziel in #13015
- github: on push events, don't include additional tests to the matrix by @simondeziel in #13049
- github: Restore testing latest stable version of go rather than go tip by @tomponline in #13052
- lxd-metadata: Annotate codebase for
gpudevice config keys by @gabrielmougard in #13008 - lxd-metadata: Annotate codebase for
unix-{char,block,hotplug,usb}device config keys by @gabrielmougard in #13007 - github: Removes downloading go tip as not needed by @tomponline in #13055
- VM: Further fix linter fixes preventing copy to remote by @roosterfish in #13057
- lxd/db/cluster: Actually swap argument order in SQL statement. by @markylaing in #13058
- Storage: Use volume name from the database in RefreshCustomVolume and CreateCustomVolumeFromCopy by @tomponline in #13056
- Migration: Use volume name from DB in migrationSourceWs.DoStorage by @tomponline in #13059
- lxd-metadata: Annotate codebase for
diskdevice config keys by @gabrielmougard in #13005 - lxd-metadata: Annotate codebase for
nicdevice config keys by @gabrielmougard in #12984 - Auth: Add
GET /1.0/auth/identities/current. by @markylaing in #13045 - lxd-metadata: Annotate codebase for
infinibanddevice config keys by @gabrielmougard in #13010 - Auth: Filter out identities, groups and, IdP groups that the requestor cannot view by @markylaing in #13047
- API: Unembed Put structs from Get structs by @MusicDin in #13035
- Migration: Revert adding rsync features for BLOCK_AND_RSYNC by @roosterfish in #13061
- Storage: Add optimized volume refresh for Ceph RBD by @roosterfish in #12743
- lxd-metadata: Annotate codebase for
tpmdevice config keys by @gabrielmougard in #13012 - Storage: Ceph RBD followup by @roosterfish in #13064
- lxd-metadata: Annotate codebase for
sriovnetwork config keys by @gabrielmougard in #13032 - lxd-metadata: Annotate codebase for
proxydevice config keys by @gabrielmougard in #13011 - lxd-metadata: Annotate codebase for
macvlannetwork config keys by @gabrielmougard in #13029 - Auth: Identity cache improvements by @markylaing in #13067
- Auth: Improve error handling by @markylaing in #13066
- lxd-metadata: Annotate codebase for
bridgenetwork config keys by @gabrielmougard in #13027 - lxd-metadata: Annotate codebase for
physicalnetwork config keys by @gabrielmougard in #13031 - Network: Change protocol field for OVN ACL logs by @masnax in #13060
- lxd-metadata: Annotate codebase for instance properties by @gabrielmougard in #13033
- Auth: Filter UsedBy results outside of transactions by @markylaing in #13065
- build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.2 to 3.0.3 by @dependabot in #13071
- build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.2 to 3.0.3 in /test/mini-oidc by @dependabot in #13070
- lxd-metadata: Annotate codebase for
ovnnetwork config keys by @gabrielmougard in #13028 - Auth: Embedded OpenFGA authorization driver by @markylaing in #12976
- PowerFlex: Unmap the volume before performing resize by @roosterfish in #13073
- Auth: Openfga driver followup by @markylaing in #13077
- Instance: Reject
limits.kernel.*for VM config by @MggMuggins in #13051 - Incorrect integer conversion fixes by @tomponline in #13078
- Ceph: Send the actual block vol when migrating snapshot by @roosterfish in #13079
- VM: Add disk I/O limit support - from Incus by @simondeziel in #13002
- API: Documents all-projects parameter for storage volumes by @hamistao in #13086
- gomod: Dependency updates by @tomponline in #13084
- build(deps): bump github.com/minio/minio-go/v7 from 7.0.68 to 7.0.69 by @dependabot in #13094
- build(deps): bump github.com/go-acme/lego/v4 from 4.15.0 to 4.16.1 by @dependabot in #13093
- Storage: Ceph RBD lock concurrent snapshot migrations by @roosterfish in #13096
- Storage: Fix hang when BTRFS receive fails in RefreshVolume by @tomponline in #13095
- lxd/response: Use SmartError if SyncResponse success=false by @masnax in #13087
- lxd: Fallback to error response after setting headers by @masnax in #13098
- Indicate LTS version in LXD agent and useragent by @MusicDin in #13097
- Storage: Use volume name from VolumeDBGet in BackupCustomVolume by @tomponline in #13099
- Storage: Fix resize for pools with custom zfs.pool_name by @MggMuggins in #13101
- github: Add support for 5.21-stable branch (stable-5.21) by @tomponline in #13103
- github: Fix branches for 5.21 support (stable-5.21) by @tomponline in #13105
- Stable 5.21 backports (stable-5.21) by @tomponline in #13109
- github: fix branch target name/version extraction logic (stable-5.21) by @simondeziel in #13111
- Github: Update Tests badge to use correct branch (stable-5.21) by @tomponline in #13113
- Backports (stable-5.21) by @tomponline in #13122
- Backports (stable-5.21) by @tomponline in #13124
- Backports (stable-5.21) by @tomponline in #13127
New Contributors
- @ggouzi made their first contribution in #12707
- @alexmurray made their first contribution in #12713
- @megheaiulian made their first contribution in #12426
- @Shu-Duan made their first contribution in #12144
- @escabo made their first contribution in #12913
Full Changelog: lxd-5.20...lxd-5.21.0
Contributors
alexmurray, mihalicyn, and 16 other contributors