Introduction

The Incus team is pleased to announce the release of Incus 0.4!

This is going to be the last release of Incus to feature changes coming from LXD as Incus has now been forced into being fully independent.

Incus 0.4 comes with some exciting new features, like the built-in keep-alive mode in the client tool, improvements to certificate/trust store management, new OVN configuration keys and the ability to directly create CephFS filesystems.

It also comes with significant improvements to both the OpenFGA and OVN handling, putting infrastructure in place for upcoming new features!

You can try it for yourself online: Linux Containers - Incus - Try it online

The Incus team wishes you happy holidays and a happy new year, see you in 2024!

Enjoy!

Notices

Re-licensing and contributor agreement on the Canonical LXD project

Canonical has made the decision to re-license Canonical LXD under the AGPLv3 license as well as require all new contributions to come from individuals or organizations that have signed the Canonical Contributor License Agreement (CLA).

Incus will remain under the Apache 2.0 license and as a result will no longer import any changes from LXD. This also means that as Incus changes are not under the AGPLv3 license and are generally not from individuals or organizations that have signed Canonical’s legal agreement, those changes no longer qualify for inclusion into LXD.

You’ll find more details on this here: LXD has been re-licensed and is now under a CLA

Phasing out of image server access for LXD users

Related to the change above as well as Canonical’s decision to no longer put any resources into assisting with day to day operations of our image builds, access to the community image server (images: remote) is going to be phased out for LXD users.

This will occur over a period of around 5 months. We strongly recommend anyone using LXD to run non-Ubuntu images to start planning their migration to Incus.

You’ll find more details on this here: Important notice for LXD users (image server)

New features and highlights

Keep-alive support in CLI client

A new keepalive configuration key can be directly set on a remote in ~/.config/incus/config.yml.
This key, to be set to an integer number of seconds, defines how long to keep a background connection with the Incus server (time since last use).

The way this works is that the command line tool will automatically spawn a background process (incus remote proxy) which will connect to the target server, handle authentication and do some minimal caching, then provide a unix socket to communicate with the remote server.

Any new instance of the command line tool will then automatically detect and use that unix socket, bypassing all of the connection and authentication steps, leading to significantly lowered latency. We’ve measured this to provide up to 30% performance improvement for use cases that spawn a lot of incus commands like Ansible.

Description field for certificate entries

The certificate entries (/1.0/certificates) now have a Description field, aligning them with the vast majority of other Incus objects.

Reworked incus config trust list

incus config trust list has been reworked to show more useful columns by default, including the aforementioned description column. Those columns are also now configurable similar to a number of similar list commands in the Incus client.

stgraber@chulak:~$ incus config trust list
+--------------------+---------+----------------------------------------------+--------------+-------------------------------+
|        NAME        |  TYPE   |                 DESCRIPTION                  | FINGERPRINT  |          EXPIRY DATE          |
+--------------------+---------+----------------------------------------------+--------------+-------------------------------+
| ansible            | client  | Ansible access to all instances              | 58ea2754fe55 | Dec 14, 2030 at 3:07am (UTC)  |
+--------------------+---------+----------------------------------------------+--------------+-------------------------------+
| athos              | server  |                                              | fad46455a46b | Aug 13, 2033 at 11:11pm (UTC) |
+--------------------+---------+----------------------------------------------+--------------+-------------------------------+
| celestis           | server  |                                              | 903d3e69de2c | Aug 16, 2033 at 12:24am (UTC) |
+--------------------+---------+----------------------------------------------+--------------+-------------------------------+
| chulak             | server  |                                              | ab805a2bc6af | Aug 6, 2033 at 5:48am (UTC)   |
+--------------------+---------+----------------------------------------------+--------------+-------------------------------+
| delmak             | server  |                                              | 1f6be459e591 | Aug 14, 2033 at 10:39pm (UTC) |
+--------------------+---------+----------------------------------------------+--------------+-------------------------------+
| gh-actions-manager | client  | Github self-hosted test runners              | e5bc1b5df649 | Aug 11, 2033 at 8:47pm (UTC)  |
+--------------------+---------+----------------------------------------------+--------------+-------------------------------+
| maas-region01      | client  | MAAS controller access to lab VMs            | 9be434462768 | Dec 26, 2031 at 5:10pm (UTC)  |
+--------------------+---------+----------------------------------------------+--------------+-------------------------------+
| prometheus01       | metrics | Metrics gathering                            | ede97eae54df | Oct 30, 2031 at 8:57pm (UTC)  |
+--------------------+---------+----------------------------------------------+--------------+-------------------------------+
| try-it             | client  | incus-demo-server access to try-it instances | fff8465939e4 | Sep 16, 2033 at 4:54am (UTC)  |
+--------------------+---------+----------------------------------------------+--------------+-------------------------------+

OVN SSL keys as server configuration

A set of new configuration keys have been added to allow specifying the SSL certificates and keys to access OVN. When set, those take precedence over any keys found in /etc/ovn/.

• network.ovn.ca_cert
• network.ovn.client_cert
• network.ovn.client_key

CephFS filesystems can now be directly created

Until now, creating a cephfs storage pool required the particular filesystem instance defined through the source key to already exist in Ceph.

But now, the cephfs.create_missing config key can be set to true along with setting cephfs.data_pool and cephfs.meta_pool to indicate what OSD pool to consume which will result in Incus creating a new cephfs filesystem.

Documentation: CephFS - cephfs - Incus documentation

This feature was first introduced in LXD.

Complete changelog

Here is a complete list of all changes in this release:

Documentation

The Incus documentation can be found at:

Packages

There are no official Incus packages as Incus upstream only releases regular release tarballs. Below are some available options to get Incus up and running.

Zabbly packages for Debian and Ubuntu

Zabbly provides both daily and stable builds of Incus to Debian and Ubuntu users:

Homebrew package for the Incus client

The client tool is available through HomeBrew for both Linux and MacOS.

Chocolatey package for the Incus client

The client tool is available through Chocolatey for Windows users.

Support

At this early stage, each Incus release will only be supported up until the next release comes out. This will change in a few months as we are planning an LTS release to coincide with the LTS releases of LXC and LXCFS.

Community support is provided at: https://discuss.linuxcontainers.org
Bugs can be reported at: Issues · lxc/incus · GitHub

Video review of Incus 0.4 is up now!

Was there any change to qemu or spice related software? I just upgraded and a Linux VM is having some strange visual artifacts when I interact with it using remote-viewer program. Here’s some screenshots to illustrate what is happening. Right after I login into the gnome desktop, I open a terminal:

term011699×1394 49.5 KB

If I drag the window to the right, this is what I see:

term021699×1394 43 KB

If I move the window very slowly, the problem is mitigated to some extent (I still see some leftovers in the position the window was).

It is like there’s some issue with redrawing, no idea what could cause this, but I started seeing after the upgrade to 0.4

Hmm, the Incus 0.4 packages do come with the newer QEMU 8.2, no change to the spice libraries used by QEMU though.

Rather than a SPICE issue, this could also be a virtio-gpu issue. I don’t know if anyone else has seen this kind of artifacting with QEMU 8.2.

I’m going to move the package back to 8.1.3, there should be an available package update in the next 2-3 hours.

I also checked a windows 10 guest, but could only reproduce the issue once I installed the virtio drivers:

win101699×1394 70.4 KB

When I launched the VM from an image, it was still using “Microsoft Basic Display Adapter” generic driver and the issue was not reproducible.

Yeah, so that definitely suggests something is off with virtio-gpu in the new QEMU…

So looks like we should wait for 8.2.1 and will have a fix by then.

@tarruda the updated Incus package is now in the stable repository. You’re going to want to update to that and then restart your VM to get this fixed.

I’m currently translating. Let’s “sync-forum”!

Done!

FYI: I wanted to switch from zabbly-incus-stable to zabbly-incus-daily because of “USB device handover fix” (host is a Debian Bookworm) and I got a bit of troubles because apt thinks it’s a downgrade (0.4... → 0~...); is it done on purpose?

It’s not fully intentional, it’s mostly caused by it being slightly annoying to determine the correct version for a daily build, but it also makes it a bit more obvious that dailies are weird and something to only really use when required (primarily debugging, testing, development).