Incus 6.2 has been released

News
,
1

Introduction

The Incus team is pleased to announce the release of Incus 6.2!

This release contains the second wave of changes contributed by students of the University of Texas at Austin and a few other features and improvements.

image

As usual, you can try it for yourself online: Linux Containers - Incus - Try it online

Enjoy!

New features

New incus top command

A new incus top command was added. This builds on top of Incus’ built-in OpenMetrics endpoint and allows for a refreshing view of the instance list, including CPU, memory and disk usage.

+---------------+-------------+-----------+-----------+
| INSTANCE NAME | CPU TIME(S) |  MEMORY   |   DISK    |
+---------------+-------------+-----------+-----------+
| foo           | 6.73        | 12.44MiB  | 341.88MiB |
+---------------+-------------+-----------+-----------+
| speedtest     | 32.79       | 23.84MiB  | 373.50MiB |
+---------------+-------------+-----------+-----------+
| v1            | 67130.91    | 254.54MiB | 1.25GiB   |
+---------------+-------------+-----------+-----------+
Press 'd' + ENTER to change delay
Press 's' + ENTER to change sorting method
Press CTRL-C to exit

Delay: 5s
Sorting Method: Alphabetical

This work was contributed by University of Texas at Austin students.

System load information in resources API

A new section was added to the resources API to expose server load information (1min, 5min, 10min) as well as total process count.

This is particularly useful for placement and auto-balancing logic as it allows for getting a good glimpse at how busy the various servers are solely from the Incus API.

stgraber@castiana:~$ incus info --resources
System:
  UUID: 05006c9c-7863-ee11-9e1b-224425600022
  Vendor: Framework
  Product: Laptop 13 (AMD Ryzen 7040Series)
  Family: Laptop
  Version: A5
  SKU: FRANDGCP05
  Serial: FRANDGCPA5340500AZ
  Type: physical
  Chassis:
      Vendor: Framework
      Type: Notebook
      Version: A5
      Serial: FRANDGCPA5340500AZ
  Motherboard:
      Vendor: Framework
      Product: FRANMDCP05
      Serial: FRANMDCPA534040120
      Version: A5
  Firmware:
      Vendor: INSYDE Corp.
      Version: 03.05
      Date: 03/29/2024

Load:
  Processes: 519
  Average: 0.80 0.77 0.71

[snip...]

This work was contributed by University of Texas at Austin students.

Ability to query access information for instances and projects

Two new APIs were added to allow querying the access list of a project or even a specific instance.

This integrates with our OpenFGA support and provided a sufficiently recent version of OpenFGA, will show you exactly who can access an instance and what role they have.

stgraber@castiana:~$ incus info --show-access foo
- identifier: stgraber@stgraber.org
  role: admin
  provider: openfga

stgraber@castiana:~$ incus project info --show-access default
- identifier: stgraber@stgraber.org
  role: admin
  provider: openfga

This work was contributed by University of Texas at Austin students.

Forceful deletion of projects

When dealing with a lot of busy projects, deleting them can become rather frustrating due to having to track down and delete everything they contain in the right order.

To address that, we now have incus project delete --force which will instruct Incus itself to delete everything in the correct order before deleting the project itself.

This is obviously an extremely dangerous thing to do. The command line tool will always ask for confirmation that you indeed want this project fully gone.

stgraber@castiana:~$ incus project delete demo
Error: Only empty projects can be removed.

stgraber@castiana:~$ incus project delete demo --force
Remove demo and everything it contains (instances, images, volumes, networks, ...) (yes/no): yes
Project demo deleted

New get_project scriptlet function

For those using our scriplet instance placement feature (instances.placement.scriptlet), a new function has now been added, get_project.

This allows retrieving all the details (api.Project) for a specific project and is particularly useful if you want project restrictions or limits to impact the placement decision.

Documentation: About clustering - Incus documentation
This work was contributed by University of Texas at Austin students.

Querying objects across projects

Incus has long supported listing all instances regardless of projects.
Then recently this was extended to also cover storage volumes, images, profiles, network zones and operations.

With Incus 6.2, all remaining object collections now support this, adding:

  • Storage buckets
  • Networks
  • Network ACLs

The CLI was updated to match, so all list commands interacting with objects that can be project-specific now also support --all-projects.

This work was contributed by University of Texas at Austin students.

PCI devices in incus info --resources

All PCI devices are now included in the incus info --resources output.
In the past, only those devices that were included in the GPU or disk sections were readily available.

This work was contributed by University of Texas at Austin students.

Improved alias handling in incus-simplestreams

The initial incus-simplestreams implementation would automatically generate our standard looking alias, basically DISTRIBUTION/RELEASE/VARIANT but that’s not suitable for all environments and so you now have two new arguments to incus-simplestreams add:

  • --no-default-alias to disable the above alias
  • --alias to define a custom alias (can be passed multiple times)

Feeding YAML to create commands in the incus CLI

This work was started with Incus 6.1 and is now complete.

All create commands as well as incus init and incus launch now support reading an initial configuration as YAML from stdin.

This enables much easier scripting of complex deployments.

Customizable column lists in the CLI

Another piece of work which started with Incus 6.1 and is now complete.

All CLI commands that have a list function now support the --column/-c flag.

This work was contributed by University of Texas at Austin students.

More automatically generated documentation

Not something that should be generally noticeable to most users, but we’ve been slowly moving our documentation to be generated directly from comments in our code, limiting the risk of it getting outdated or out of sync.

With Incus 6.2, the following are now generated in that way:

  • Network zones
  • Image restrictions
  • Kernel limits
  • Devices
    • disk
    • unix-block
    • unix-char
    • unix-hotplug
    • usb

This work was contributed by University of Texas at Austin students.

Complete changelog

Here is a complete list of all changes in this release:

Full commit list
  • incusd/instance/lxc: Add gendoc comments for image restrictions
  • incusd/instance/qemu: Add gendoc comments for image restrictions
  • doc: Update configs
  • doc/image-handling: Use gendoc data
  • incus/storage_bucket: Add yaml support for key create
  • i18n: Update translation templates
  • incusd/instance/qemu: Fix StartedAt handling
  • incus/storage: Customizable columns in list
  • i18n: Update translation templates
  • incusd/network/ovn: Port LogicalRouterSNATAdd and LogicalRouterDNATSNATAdd to libovsdb
  • incusd/network: Update for OVN function changes
  • api: instances_scriptlet_get_project
  • doc/instances/scriptlet: Add get_project
  • incusd/scriptlet: Add get_project
  • api: networks_all_projects
  • shared/api: Add Project field to Network
  • client: Add GetNetworksAllProjects
  • incus/network: Add all-projects
  • incusd/db: Add GetNetworksAllProjects
  • incusd/networks: Add all-projects
  • internal/instance: Add gendoc for limits.kernel
  • doc: Update configs
  • doc: Use gendoc for limits.kernel
  • api: network_acls_all_projects
  • shared/api: Add Project field to NetworkACL
  • client: Add GetNetworkACLsAllProjects
  • incus/network/acl: Add all-projects
  • incusd/db: Add GetNetworkACLsAllProjects
  • incusd/network/acl: Set Project field
  • incusd/network_acls: Add all-projects
  • api: storage_buckets_all_projects
  • shared/api: Add Project field to StorageBucket
  • client: Add GetStoragePoolBucketsAllProjects
  • incus/storage/bucket: Add all-projects
  • incusd/db/storage_buckets: Fill Project field
  • incusd/storage_buckets: Add all-projects
  • i18n: Update translation templates
  • incusd/networks: Fix import shadowing
  • doc/rest-api: Refresh swagger YAML
  • client: Align GetProfilesAllProjects with GetProfiles
  • client: Align GetNetworkZonesAllProjects with GetNetworkZones
  • client: Standardize the GetNetworkAllocation functions
  • incus/network_allocations: Update for client changes
  • incusd/device/usb: Add gendoc for the USB device
  • doc: Update configs
  • doc: Use gendoc for USB devices
  • api: resources_load
  • shared/api: Add Load to resources API
  • doc/rest-api: Refresh swagger YAML
  • incusd/resources: Add load information
  • incus/info: Add load information
  • i18n: Update translation templates
  • incusd/device/unix: Add gendoc comments
  • doc: Update configs
  • doc/devices_unix_block.md: Use gendoc data
  • doc/devices_unix_char.md: Use gendoc data
  • doc/devices_unix_hotplug.md: Use gendoc data
  • incus/top: Add new command
  • i18n: Update translation templates
  • incusd/network/zone: add gendoc for network zone
  • doc: Update configs
  • doc: Use gen doc for network zones
  • incusd/device/unix: Run gofmt
  • incus/info: Add PCI devices to --resources
  • i18n: Update translation templates
  • incusd/device/disk: Add gendoc comments
  • doc: Update configs
  • doc/devices/disk: Use gendoc
  • incus/network: Customizable columns in list
  • i18n: Update translation templates
  • incusd/network_zones: Fix listing of zones within a project
  • incusd/instance/lxc: Fix handling of migration.stateful
  • gomod: Update dependencies
  • incusd/network/ovs: Fix bad VLANMode value
  • fix: close resources
  • incusd/instance: Fix building on 32bit architectures
  • incus/network_zone: Add example for network zone record create
  • i18n: Update translation template
  • incus/storage_volume: Add yaml support for create
  • i18n: Update translation templates
  • cmd/incus/info: Fix runtime error when chassis, motherboard and firwmare information is not available
  • Translated using Weblate (German)
  • incusd/instance/qemu: Allow setting protection.delete when running
  • doc/api-extension: Fix typo
  • shared/api: Introduce Access structs
  • api: instance_access
  • incusd/auth: Introduce GetInstanceAccess
  • incusd/instance: Add access endpoint
  • api: project_access
  • incusd/auth: Introduce GetProjectAccess
  • incusd/project: Add access endpoint
  • doc/rest-api: Refresh swagger YAML
  • client: Add GetInstanceAccess
  • client: Add GetProjectAccess
  • incus/info: Fix description of --show-log
  • incus/info: Add --show-access
  • incus/project: Add --show-access to info
  • i18n: Update translation templates
  • incusd/auth/fga: Rename manager by admin in model
  • incusd/auth/fga: Rework permission model
  • incusd/auth/fga: Rebuild model
  • tests: Fix for permission changes
  • incusd/instance/agent-loader: Support installing to /etc
  • incusd/apparmor/lxc: Fix rule syntax
  • incus-simplestreams add: added flags: --no-default-alias, --alias. #875
  • incus/storage_volume/snapshot: Support YAML for creation
  • i18n: Update translation templates
  • shared/idmap: Make get_userns_fd configure the userns
  • incus-migrate: Handle valid CA certificates
  • incusd/instances_post: Fix migrating into remote cluster
  • incusd/apparmor: Detect nosymfollow support
  • incusd: Set SELinux label on socket
  • incus/network: Align attach-profile with attach
  • create_detached_idmapped_mount: avoid double close
  • incusd/instance/qemu: Extend missing QEMU error
  • doc/installing: Mention extra packages for VMs
  • incusd/storage/btrfs: Fix btrfs argument order
  • incusd/seccomp/sysinfo: Handle 32bit on 64bit
  • api: projects_force_delete
  • incusd/api_project: Add force delete endpoint
  • doc/rest-api: Refresh swagger YAML
  • client: Introduce DeleteProjectForce
  • cmd/incus/project: Add --force to delete
  • i18n: Update translation templates
  • incusd/project: Simplify projectIsEmpty
  • incusd/db: Introduce GetNetworkZoneURIs
  • incusd/db: Introduce GetStorageBucketURIs
  • incusd/api_project: Fix UsedBy
  • incusd/api_project: Add force deletion logic
  • incus/completion: Reduce API calls
  • incus/publish: Complete snapshot names
  • incus/completion: Fix import shadowing
  • Translated using Weblate (French)
  • Makefile: Pin go-acme/lego for Go 1.21
  • Update dependencies
  • cmd/incus/console: Cleanup --show-log
  • incusd/instance_console: Remove old check
  • incusd/instance_console: Handle missing log file
  • incusd/instance_console: Don’t fail on empty logs
  • incusd/instance_console: Cleanup error message
  • i18n: Update translation templates
  • incusd/device/sriov: Line up code with comment

Documentation

The Incus documentation can be found at:

Packages

There are no official Incus packages as Incus upstream only releases regular release tarballs. Below are some available options to get Incus up and running.

Installing the Incus server on Linux

Incus is available for most common Linux distributions. You’ll find detailed installation instructions in our documentation.

Homebrew package for the Incus client

The client tool is available through HomeBrew for both Linux and MacOS.

Chocolatey package for the Incus client

The client tool is available through Chocolatey for Windows users.

Winget package for the Incus client

The client tool is also available through Winget for Windows users.

https://winstall.app/apps/LinuxContainers.Incus

Support

Monthly feature releases are only supported up until the next release comes out. Users needing a longer support length and less frequent changes should consider using Incus 6.0 LTS instead.

Community support is provided at: https://discuss.linuxcontainers.org
Commercial support is available through: Zabbly - Incus services
Bugs can be reported at: Issues · lxc/incus · GitHub

7 Likes
3
3 Likes
4

Thanks for this, these are useful features - I particularly like top.

Did I see you mention somewhere you’re looking at making OCI containers natively supported in Incus?

5

Yep, that’s in the plans for this year!

I’ve now opened a Github issue to track down the general idea: Add `OCI` image support · Issue #908 · lxc/incus · GitHub

2 Likes
6

What is an Incus project?

7
1 Like
8

Hi,
I think that, Fedora repository is not updated. dnf update command cant update the incus version.
Regards.

9

That’s pretty usual, we don’t handle packaging in the various distributions, so when those get updated completely depends on when the individual packagers get the time to do it.

The Zabbly repository for Debian/Ubuntu usually gets updated almost immediately as I’m the one handling that one, same goes for Homebrew and Chocolatey, but everything else is outside of my control and updated when the individuals in charge of those find the time.

10

Ohh, thanks for the definition Stephane.
Regards.

11

Hi Stg,

Thanks for the 1-release-by-1-month, cool.

I’ve experienced “ipv4 not shown” when running “incus list -c nsum4N” with kernel version 6.9.2 and 6.9.3 on Arch (this only occurs on containers but not on vms).
I believe I’ve seen some discussion somewhere on github, so is that resolved in this release 6.2?

12

It’s a kernel bug, not an Incus bug, so nothing we can do about it on our end.

@amikhalitsyn and myself have tracked down the exact kernel regression and sent a fix for it last week, but it will take some time before this makes it to a 6.9.x bugfix release.

My own 6.9.x kernel builds (currently 6.9.3) for Debian/Ubuntu already include the fix so that my users don’t get impacted, but I can’t do much about other distros.

https://lore.kernel.org/all/20240528203030.10839-1-aleksandr.mikhalitsyn@canonical.com/

13

Thanks for letting me know, which is interesting. And if it’s a kernel bug then it’s gonna be fixed anyway.
Before that, it bothers but not breaks anything.

14

I polluted your tidy issue on OCI support with some questions, sorry. :see_no_evil:

15

My own 6.9.x kernel builds (currently 6.9.3) for Debian/Ubuntu already include the fix so that my users don’t get impacted, but I can’t do much about other distros.

Update: The ipv4 addr can be correctly shown in incus 6.2 with Arch Linux kernel 6.9.4.