LXD 4.6 has been released

Introduction

The LXD team is very excited to announce the release of LXD 4.6!

This was a shorter development cycle for us but still a pretty busy release.

The highlight is no doubt the ability to put networks in LXD projects, allowing for self-served network creation in shared LXD environments.

Enjoy!

New features and highlights

Networks in projects

Building on all the work that’s happened around OVN networks, it’s now possible to enable a new features.networks flag on a project. With that done, the project can then have its own networks invisible to other projects and based on OVN.

stgraber@castiana:~$ lxc network list
+---------+------+---------+-----------------+---------------------------+-------------------------------------+---------+---------+
|  NAME   | TYPE | MANAGED |      IPV4       |           IPV6            |             DESCRIPTION             | USED BY |  STATE  |
+---------+------+---------+-----------------+---------------------------+-------------------------------------+---------+---------+
| default | ovn  | YES     | 10.187.181.1/24 | fd42:bb2b:e7d1:f3ba::1/64 | Default OVN network for the project | 3       | CREATED |
+---------+------+---------+-----------------+---------------------------+-------------------------------------+---------+---------+

With that feature enabled, host interfaces and non-OVN networks all disappear, leaving only those networks owned directly by the project.

AppArmor profiles for qemu

Building onto the work done in past releases around AppArmor profile generation for a variety of our sub-processes, this release now introduces confinement for qemu as used by LXD virtual machines.

This also introduces raw.apparmor to virtual-machines. This should only really be relevant if used in conjunction with raw.qemu as all normal LXD configuration options should be handled by our generated profile (or else, it’s a bug).

Dqlite changes

Shortly after LXD 4.5 was released, a major change was made to upstream dqlite.

Rather than relying on our fork of sqlite3 which was adding some hooks used to intercept filesystem writes and replicating to other nodes, we are now using a different approach to get VFS access from a standard sqlite3.

While invisible to users, this should help packagers a fair bit by removing two custom dependencies of LXD, that custom sqlite3 and libco.

LXD with dqlite can now use any standard sqlite3 of version 3.25 or higher.

Complete changelog

Here is a complete list of all changes in this release:

Full commit list
  • shared/log15: Fix due to recent unix change
  • Handle signals in non-interactive sessions.
  • Fix hang when control is not provided in non-interactive mode.
  • lxd/db/cluster: Fix incorrect storage volume node IDs
  • lxd/db/cluster: Fix node id nil values
  • lxd/storage/volumes: Only apply config changes when restoring snapshot if non-nil config is supplied
  • lxd/network/driver/bridge: Exclude /32 underlay addresses from overlay address generation
  • lxd/network/driver/ovn: Removes unnecessary dnsmasq logic in deleteParentPortBridge
  • lxd/device/device/utils/network: Removes networkRandomDevName
  • lxd/network/network/utils: Adds RandomDevName function
  • lxd/device: network.RandomDevName usage
  • lxd/network: Adds Description function
  • api: Adds network_bridge_ovn_bridge API extension
  • lxd/network/driver/ovn: Updates parentPortBridgeVars to use ovn.ovs_bridge from parent network
  • lxd/network/driver/bridge: Adds ovn.ovs_bridge config key for OVN networks using bridge as parent
  • doc/api: Removes underscore escaping when used inside backticks
  • doc/networks: Adds ovn.ovs_bridge key to bridge networks
  • lxd/instance/drivers: Fixes crash when removing device that cant be loaded
  • lxd/db/cluster: Adds networks to project usage view
  • lxc/storage_volume: Fix usage string
  • po: Update translations
  • lxd/network/driver/ovn: Add and delete local chassis ID to HA chassis group on start/stop
  • lxd/network/openvswitch/ovn: Adds ChassisGroupChassisDelete function
  • lxd/network/driver/ovn: Adds ovn.name setting to store OVN logical network name
  • doc/networks: Adds ovn.name to OVN network doc
  • api: Adds network_ovn_name API extension
  • lxd/drivers/qemu: Use gic-version=max on aarch64
  • seccomp: fix compilation on kernels without proper bpf.h
  • lxc/config: Update wording for profile/config
  • i18n: Update translation templates
  • lxc/export: Support writing to stdout
  • Drop custom SQLite and libco
  • validate: Consider + as unsafe in URL
  • lxd/instance/snapshots: Restrict naming
  • db: Handle NULL storage_volume description column in patch 34
  • lxd/storage/drivers/utils: Corrects argument order of mkfs in makeFSType for wider compatibility
  • Revert “api: Adds network_ovn_name API extension”
  • Revert “doc/networks: Adds ovn.name to OVN network doc”
  • Revert “lxd/network/driver/ovn: Adds ovn.name setting to store OVN logical network name”
  • Revert “doc/networks: Adds ovn.ovs_bridge key to bridge networks”
  • Revert “lxd/network/driver/bridge: Adds ovn.ovs_bridge config key for OVN networks using bridge as parent”
  • Revert “lxd/network/driver/ovn: Updates parentPortBridgeVars to use ovn.ovs_bridge from parent network”
  • lxd/network/driver/ovn: Removes unused import
  • lxd/network/driver/ovn: Removes unnecessary network ID lookup
  • lxd/api/cluster: Start networks after cluster join
  • lxd/networks: Only call n.Start() during doNetworksCreate if client type isn’t joiner
  • lxd/network/driver/ovn: Adds pause between chassis group entry deletion and uplink port removal
  • lxd/network/driver/ovn: parentPortBridgeVars whitespace
  • Revert “api: Adds network_bridge_ovn_bridge API extension”
  • lxd/db/cluster/update: Adds features.networks to default project
  • lxd/project: Adds NetworkProject function
  • lxd/db/networks: Updates networkState and usage to support projects
  • lxd/db/networks: Updates getNetwork and usage to support projects
  • lxd/network/network/utils: Updates IsInUseByInstance to translate instance’s project to a network project
  • lxd/network/network/utils: Updates isInUseByDevices to support projects
  • lxd/network/network/utils: Updates IsInUseByProfile to accept a db.Profile rather than api.Profile
  • lxd/network/network/utils: Updates UpdateDNSMasqStatic to use default project
  • lxd/network/network/utils: Updates GetLeaseAddresses to use default project
  • lxd/network/network/utils: Adds UsedBy function and unexports related functions not used elsewhere
  • lxd/db/networks: Updates GetNonPendingNetworks to return a map of project networks
  • lxd/network/driver/ovn: Updates parentAllAllocatedIPs to use update GetNonPendingNetworks
  • lxd/network/network/utils: Adds network usage by other networks detection in UsedBy
  • lxd/network/driver/common: Updates IsUsed to use UsedBy
  • lxd/network/driver/bridge: Adds existing interface check as Create function
  • lxd/network/driver/bridge: Push down interface name conflict check to Rename
  • lxd/network/driver: Removes duplicated “in use” check that is now done at top level
  • lxd/profiles/utils: Renames project arg to projectName in doProfileUpdate
  • lxd/profiles: Updates usage of ValidDevices in profilesPost
  • lxd/patches: Updates to support network projects
  • lxd/networks/utils: Removes networkGetInterfaces function
  • lxd/networks/utils: Updates networkUpdateForkdnsServersTask to support projects
  • lxd/networks: Updates networkPost validation
  • lxd/networks: Updates networksGet to support projects
  • lxd/networks: Updates networksPost to support projects
  • lxd/networks: Updates networksPostCluster to support projects
  • lxd/networks: Updates doNetworksCreate to support projects
  • lxd/networks: Updates networkGet to support projects
  • lxd/networks: Updates doNetworkGet to support projects and to use network.UsedBy
  • lxd/networks: Updates networkDelete to support projects
  • lxd/networks: Updates networkPost to support projects
  • lxc/networks: Updates networkPut to support projects
  • lxd/networks: Updates doNetworkUpdate to support projects
  • lxd/networks: Updates networkLeasesGet to support network projects
  • lxd/networks: Updates networkStartup and networkShutdown to load networks from all projects
  • lxd/network/network/load: Updates load functions to support projects
  • lxd/network/network/interface: Adds project name to init function
  • lxd/network/driver/common: Adds project support
  • lxd/network/driver/ovn: Load parent network from default project
  • lxd/device/nictype: Adds conversion of device project to network project for NICType validation
  • lxd/instance/instance/utils: Project name is needed to validate instance devices
  • lxd/instance: instance.ValidDevices project argument usage
  • lxd/instance/drivers/driver/lxc: instance.ValidDevices project usage
  • lxd/instance/drivers/driver/lxc: Error quoting
  • lxc/instance/drivers/driver/lxc: nictype.NICType project usage
  • lxd/instance/drivers/driver/qemu: instance.ValidDevices project usage
  • lxd/instance/drivers/driver/qemu: nictype.NICType project usage
  • lxd/instance/drivers/load: Adds project support to validDevices
  • lxd/device/device/load: Adds project support to load function
  • lxd/device/device/utils/network: Use default project for veth route functions
  • lxd/device/nic/bridged: Use default project for bridge networks
  • lxd/device/nic/macvlan: Use default project for macvlan networks
  • lxd/device/nic/ovn: Load parent network’s project from instance’s project
  • lxd/device/nic/sriov: Use default project for parent network
  • lxd/device/proxy: NICType project usage
  • lxd/network/driver/common: Send project when notifying nodes of network changes
  • lxd/networks: Send project when creating network on remote node
  • lxd/db/migration/test: Add network project support
  • lxd/cluster/membership/test: Add network project support
  • lxd/api/cluster: Uses default project for networks during cluster join
  • lxd/networks: Updates networksPostCluster to use tx.GetNetworkID with project
  • lxd/db/networks: Adds project support to CreatePendingNetwork
  • lxd/db/networks: Adds project support to GetNetworkID
  • lxd/db/networks/test: Updates GetNetworkID usage with project
  • shift_linux: tweak ACL handling
  • tar_write: switch to PAXRecords to preserve ACLs too
  • doc/projects: Adds features.networks
  • lxc/project: Adds features.networks to project list output
  • lxd/api/project: Adds features.networks support but does not enable by default
  • lxd/init: Updates initDataNodeApply to return a revert function
  • lxd/main/init: Updates Run to use revert
  • lxd/api/cluster: Adds project support for networks
  • lxd/api/cluster: Updates clusterPutJoin to use revert
  • lxd/api/cluster: Updates clusterInitMember to return a revert function
  • lxd/api/cluster: Logging quoting
  • lxd/api/cluster: clusterPutJoin project support
  • lxd/api/cluster: clusterInitMember project support
  • lxd/api/cluster: Adds NetworksPost to internalClusterPostNetwork
  • lxd/api/cluster: Checks network types match in clusterCheckNetworksMatch
  • lxd/init: Adds internalClusterPostNetwork to initDataNode
  • lxd/init: initDataNodeApply project support
  • lxd/init: initDataNodeApply comment consistency
  • lxd/main/init/auto: Updates RunAuto to send internalClusterPostNetwork
  • lxd/main/init/dump: Updates RunDump to use internalClusterPostNetwork
  • lxd/main/init/interactive: Updates RunInteractive to use internalClusterPostNetwork
  • lxd/main/init/interactive: Updates askNetworking to use internalClusterPostNetwork
  • lxd/network: Adds Info struct and function
  • lxd/network/network/load: Renames ValidateName to ValidateNameAndProject
  • lxd/network/driver/ovn: Adds Info function
  • lxd: network.ValidateNameAndProject usage
  • lxd/network/driver/ovn: deleteParentPort fixed to allow deletion of network with no parent
  • lxd/project: Updates NetworkProject to return project config
  • doc/project: Adds limits.networks setting
  • lxd/api/project: Adds limits.networks setting
  • lxd/networks: Enforces limits.networks in networksPost
  • lxd: project.NetworkProject usage
  • lxd/networks: Don’t allow non-default network projects to access info about the physical interfaces in doNetworkGet
  • lxd/api/cluster: Create or update local node projects to sync with cluster in clusterInitMember
  • i18n: Update translation templates
  • shift_linux: handle ACL unshifting correctly
  • shift_linux: handle capability unshifting correctly
  • shift_linux: converty to CBytes not to CString
  • lxc/utils: Add usage function
  • lxc: Drop command name from translation
  • i18n: Update translation template
  • shared/subprocess: Set err on non-zero
  • lxd/instances/qemu: Use subprocess
  • lxd/instance: Add DevPaths
  • lxd/apparmor: Fix unload/delete
  • lxd/apparmor/instance: Sort context
  • lxd/apparmor: Prepare for qemu
  • lxd/apparmor: Add qemu profile
  • lxd/instance/drivers/driver/qemu: Switch to threads locking mode and writeback cache mode for BTRFS
  • doc/instance: raw.apparmor now implemented for VM
  • lxd/apparmor: Tweak qemu profile for non-snap
  • shared/idmap/shift/linux: Handle nil IdmapSet in UnshiftACL and UnshiftCaps
  • shared/instancewriter/instance/tar/writer: Handle nil idmapSet and log shifting errors in WriteFile
  • lxc: Better handle arguments
  • lxc: Unbundle sortorder
  • lxd/util/sys: Fixes GetExecPath when lxd binary has been removed/changed
  • lxd/db/images: Error message uppercase first letter
  • i18n: Update translations from weblate
  • lxd/instance: Adds instanceImageTransfer and updates instanceCreateFromImage to use it
  • lxd/daemon/images: Error quoting
  • lxd/daemon/image: Adds logic to download image from another cluster node into ImageDownload
  • lxd/db/images/test: Fixes tests for LocateImage
  • test/suites/clustering: Adds test for image transfer between cluster nodes
  • bash-completion: use “list --format=csv” consistently
  • bash-completion: use regex grouping for lxc start
  • lxd/instance/qemu: Fix mem device naming
  • proxy bind= should accept host|instance as the doc says
  • Valid proxy type= values are all lower case so fix doc
  • s/descriptros/descriptors/
  • Revert “lxd/network/driver/bridge: Exclude /32 underlay addresses from overlay address generation”
  • lxd/network/driver/bridge: Skip lo interface when generating fan overlay address in addressForSubnet

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

Binary builds are also available for:

  • Linux: snap install lxd
  • MacOS: brew install lxc
  • Windows: choco install lxc
7 Likes

:pray: Thank you so much for removing the custom sqlite dependency. I’ve submitted it to openSUSE Tumbleweed, but I’m having some trouble getting it to build on Leap (missing raft.h for some reason?). :thinking: I’ll figure it out later this week.

1 Like

Oh, that’s an odd one. Let us know if we’ve messed something up.
Kinda sounds like a missing file in a tarball but that should have tripped Gentoo and some other distros that also use the release tarball…

I just figured it out while packaging LXD 4.7, apparently some distribution change means that I have to set CPPFLAGS="-I$INSTALL_INCLUDEDIR" during build now – previously it would just use the $INSTALL_INCLUDEDIR path. :man_shrugging: