Introduction
The LXD team is very excited to announce the release of LXD 3.11!
As most of our current work is large features and refactoring, this release mostly contains bugfixes based on reported issues and bugs we found along the way.
It also features the same C hardening work which has been ongoing on the LXC side for a while now, which should reduce the chances of any mistakes being made in that sensitive code.
That’s not to say there isn’t anything new in this release, a number of small improvements to our user experience have been included, improving progress reporting, snapshot handling and centralized authentication.
Enjoy!
New features
Configurable snapshot expiry at creation time
Past releases introduced automated snapshots and then automated snapshot expiry.
As a configured default expiry applies to all snaphosts, not just automated ones and it’s a bit of a hassle to manually create snapshots just to then go and edit them to change their expiry, it’s now possible to set an expiry at snapshot creation time.
At the API level this can be done with an exact timestamp which if set to null
will make a persistent snapshot regardless of any configured auto-expiry.
At the CLI level, this can be used with the new --no-expiry
flag to lxc snapshot
.
Progress reporting for publish operations
When running lxc publish
against a container or snapshot, some progress information is now displayed. This is similar to image transfers and container migrations and should help confirm that something is indeed happening.
Improvements to Candid authentication
A few changes happened to how Candid authentication is handled by the CLI:
Per-remote authentication cookies
Prior to this release, a shared “cookie jar” was used for all remotes.
This would sometimes cause inconsistent behaviors when two remotes were using the same Candid authentication server as adding the second remote would re-use the existing cookie, potentially ignoring the authentication domain and not requiring a new authentication roundtrip.
Now every remote has its own “cookie jar” and LXD’s behavior when adding remotes is now always identical.
Candid preferred over TLS for new remotes
When using lxc remote add
to add a new remote, if that remote supports Candid for authentication, this will be used instead of TLS authentication.
The authentication type can always be overridden with --auth-type
.
Remote list now shows Candid domain
The remote list will now indicate what Candid domain is used, when one was specified during lxc remote add
:
stgraber@castiana:~$ lxc remote list
+-----------------+------------------------------------------+---------------+-----------------------+--------+--------+
| NAME | URL | PROTOCOL | AUTH TYPE | PUBLIC | STATIC |
+-----------------+------------------------------------------+---------------+-----------------------+--------+--------+
| images | https://images.linuxcontainers.org | simplestreams | none | YES | NO |
+-----------------+------------------------------------------+---------------+-----------------------+--------+--------+
| local (default) | unix:// | lxd | file access | NO | YES |
+-----------------+------------------------------------------+---------------+-----------------------+--------+--------+
| nuc01 | https://nuc01.maas.mtl.stgraber.net:8443 | lxd | candid (usso) | NO | NO |
+-----------------+------------------------------------------+---------------+-----------------------+--------+--------+
| nuc02 | https://nuc02.maas.mtl.stgraber.net:8443 | lxd | candid (stgraber.net) | NO | NO |
+-----------------+------------------------------------------+---------------+-----------------------+--------+--------+
| ubuntu | https://cloud-images.ubuntu.com/releases | simplestreams | none | YES | YES |
+-----------------+------------------------------------------+---------------+-----------------------+--------+--------+
| ubuntu-daily | https://cloud-images.ubuntu.com/daily | simplestreams | none | YES | YES |
+-----------------+------------------------------------------+---------------+-----------------------+--------+--------+
Bugs fixed
- client: Empty stdin channel on exec completion
- client: Fix goroutine leak in ExecContainer
- client: Revert “client: fix goroutine leak in ExecContainer”
- doc: Add first stab at FAQ
- doc: Fix typoes in faq.md
- doc: Update rest-api.md formatting
- i18n: Update translations from weblate
- i18n: Update translation templates
- lxc: Improve error handling in execIfAliases
- lxc: Update for per-remote candid domain/cookies
- lxc/cluster: Prompt for confirmation when using --delete to remove a server
- lxc/console: Remove unused code
- lxc/exec: Cleanup terminal logic
- lxc/exec: Don’t use Exit
- lxc/list: Fix multiple filters
- lxc/monitor: Don’t directly use Exit
- lxc/profile: Make json/yaml consistent
- lxc/remote: Tweak remote list
- lxd: Add username/fingerprint to request context
- lxd: Cleanup authentication code
- lxd: Copy C smarts from LXC into lxd/include/
- lxd: Fix duplicate scheduled snapshots
- lxd: Fix failing backup import
- lxd: Fix snapshot expiry for scheduled snapshots
- lxd: Fix variable in range
- lxd: Remove backup directory after creating tarball
- lxd: Set correct progress data for backup/publish
- lxd/checkfeature: Cleanup macros is_netnsid_aware
- lxd/checkfeature: Cleanup macros netns_set_nsid
- lxd/containers: Set liblxc env for CVE-2019-5736
- lxd/containers: Skip interface removal if missing
- lxd/containers: Validate ipv4/ipv6 address
- lxd/daemon: Move autoSyncImagesTask to clusterTasks
- lxd/daemon: When starting up, use the cluster.https_address as key for updating the nodes table
- lxd/db: A node with custom volumes is not empty
- lxd/db: Fix tests for current go-sqlite3
- lxd/db: Support to fetch a list of project for an image
- lxd/db: Use capital case in error messages returned by db.NodeInfo.IsEmpty()
- lxd/db: Use proper function names for the query of the image nodes
- lxd/devlxd: Initialize variable to 0
- lxd/forkfile: Cleanup macros manip_file_in_ns
- lxd/forkmount: Cleanup macros
- lxd/forkuevent: Cleanup macros
- lxd/images: Add a task that auto synchronize images across the cluster and run it on the background
- lxd/images: Associate image with the right project on the joined node
- lxd/images: Do not iterate all available nodes across the cluster for image synchronization
- lxd/images: Fetch the images fingerprints of the current online node
- lxd/images: Import all images from the leader node to the new node after it’s joined
- lxd/images: Only show the image auto-sync log when clustering
- lxd/main_nsexec: Fix type of length in file_to_buf
- lxd/network: Reword sysctl network functions
- lxd/network: Rework IP validation functions
- lxd/nsexec: Cleanup macros attach_userns
- lxd/nsexec: Cleanup macros do_setns
- lxd/nsexec: Cleanup macros file_to_buf
- lxd/nsexec: Cleanup macros in_same_namespace
- lxd/nsexec: Make cmdline parsing more reliable
- lxd/profiles: Fix project update when clustered
- lxd/proxy: Add locking around UDP timer
- lxd/storage/ceph: Rework df handling
- lxd/storage_cgo: Cleanup macros find_associated_[…]
- lxd/storage_cgo: Cleanup macros get_un[…]_legacy
- lxd/storage_cgo: Cleanup macros get_unused_loop_dev
- lxd/storage_cgo: Cleanup macros prepare_loop_dev
- lxd/storage_cgo: Include macro.h
- lxd/storage: Drop unused function
- lxd/storage/lvm: Call wipesignatures
- shared: Tweak progress metadata
- shared/network: Include macro.h
- shared/osarch: Add ArchLinux name for armv7
- shared/osarch: Add gentoo armhf variant
- shared/shift_linux: Cleanup macros shiftowner
- shared/util_linux_cgo: Cleanup macros lxc_abstract_[…]
- shared/util_linux_cgo: Restore old behavior
- tests: Add integration test checking that nodes with custom volumes can’t be removed
- tests: Add snapshot expiry configuration on create
- tests: avoid needless wait times during image synchronization when clustering
- tests: Update godeps
- tests: Update the test case to cover the image sync scenario for joined node
Try it for yourself
This new LXD release is already available for you to try on our demo service.
Downloads
The release tarballs can be found on our download page.