LXD 4.9 has been released

Introduction

The LXD team is very excited to announce the release of LXD 4.9!

This comes with a few contributions from students of the University of Texas in Austin:

• limits.instances project config key
• qemu driver and version listed in server environment
• IOMMU groups listed in the resources API
• user. config keys in the server config

On top of that, we’re adding support for mediated devices GPU passthrough, some major improvements on lifecycle events, a few more additions to the resources API, zstd compression support and a variety of new options for those using OVN.

Enjoy!

New features and highlights

Mediated GPU devices for Virtual Machines

LXD now supports allocating mediated devices from GPUs supporting it and attaching the resulting device to a virtual machine.

This is done through the introduction of a new gputype key for gpu devices which currently supports:

• physical (entire GPU, pre-existing default behavior)
• mdev compined with the additional mdev key to specify the profile

lxc info --resources also now lists mdev profiles.

GPU:
  NUMA node: 0
  Vendor: Intel Corporation (8086)
  Product: HD Graphics 620 (5916)
  PCI address: 0000:00:02.0
  Driver: i915 (5.8.0-29-generic)
  DRM:
    ID: 0
    Card: card0 (226:0)
    Control: controlD64 (226:0)
    Render: renderD128 (226:128)
  Mdev profiles:
    - i915-GVTg_V5_4 (1 available)
        low_gm_size: 128MB
        high_gm_size: 512MB
        fence: 4
        resolution: 1920x1200
        weight: 4
    - i915-GVTg_V5_8 (2 available)
        low_gm_size: 64MB
        high_gm_size: 384MB
        fence: 4
        resolution: 1024x768
        weight: 2

IOMMU groups for PCI devices

Each device in the PCI section of the resource API (/1.0/resources) now has an iommu_group key to indicate the ID of its IOMMU group.

This is quite useful to look at the IOMMU topology prior to adding passthrough network or GPU devices to a virtual machine.

stgraber@castiana:~$ lxc query /1.0/resources | jq .pci.devices[-1]
{
  "driver": "xhci_hcd",
  "driver_version": "5.8.0-29-generic",
  "iommu_group": 16,
  "numa_node": 0,
  "pci_address": "0000:3c:00.0",
  "product": "JHL6540 Thunderbolt 3 USB Controller (C step) [Alpine Ridge 4C 2016]",
  "product_id": "15d4",
  "vendor": "Intel Corporation",
  "vendor_id": "8086"
}

QEMU version in server environment information

The version of QEMU on the system is now included in the driver and driver_version fields as is visible in lxc info.

stgraber@castiana:~$ lxc info | grep " driver"
  driver: lxc | qemu
  driver_version: 4.0.0 (devel) | 5.2.0

Improved lifecycle events

The set of lifecycle events has been reworked and expanded.

The complete list supported at this point is:

• instance-created
• instance-renamed
• instance-deleted
• instance-updated
• instance-started
• instance-stopped
• instance-shutdown
• instance-restarted
• instance-paused
• instance-resumed
• instance-snapshot-create
• instance-snapshot-renamed
• instance-snapshot-deleted
• instance-restored
• instance-backup-created (new)
• instance-backup-renamed (new)
• instance-backup-deleted (new)
• network-created (new)
• network-updated (new)
• network-renamed (new)
• network-deleted (new)

As you may notice, instance is now used consistently rather than mixing in legacy container and virtual-machine prefixes. Some gaps were filled around the lack of events for backups and initial coverage for network events was added too.

user. keys allowed on all objects

With this release, user. keys can now be used in every LXD object which holds configuration. Those keys are particularly useful for external orchestration or monitoring systems that need to store some additional context.

We had recently made those keys allowed on all objects except for the server itself, this has now been resolved.

stgraber@castiana:~$ lxc config set user.foo bar
stgraber@castiana:~$ lxc config get user.foo
bar

usb_address and pci_address properties in USB/network resources

A new usb_address field has now been added to both network and storage devices in the sources API. It will be populated by the <bus>:<dev> of the device when it’s USB attached. This is very similar to pci_address for PCI devices.

At the same time, the missing pci_address field was added to storage devices.

stgraber@castiana:~$ lxc query /1.0/resources | jq .storage.disks[-1]
{
  "block_size": 512,
  "device": "8:0",
  "device_id": "usb-Kingston_DataTraveler_3.0_08606E6B6612BE50D7168119-0:0",
  "device_path": "pci-0000:00:14.0-usb-0:1:1.0-scsi-0:0:0:0",
  "firmware_version": "PMAP",
  "id": "sda",
  "model": "DataTraveler 3.0",
  "numa_node": 0,
  "partitions": [
    {
      "device": "8:1",
      "id": "sda1",
      "partition": 1,
      "read_only": false,
      "size": 7863254528
    }
  ],
  "read_only": false,
  "removable": true,
  "rpm": 0,
  "serial": "08606E6B6612BE50D7168119",
  "size": 7864320000,
  "type": "usb",
  "usb_address": "2:7"
}

ipv4.dhcp and ipv6.dhcp on OVN networks

It’s now possible to disable IPv4 and/or IPv6 DHCP on an OVN network.

This is done through the same ipv4.dhcp and ipv6.dhcp keys as used on traditional managed bridges.

ovn.ingress_mode on physical networks

When allocating external addresses or subnets to an OVN network, something needs to tell the upstream gateway that the particular OVN router is responsible for that traffic.

Up until now, we have been using an L2 proxy, effectively causing OVN to respond to ARP/NDP packets on the uplink network for any address that it is responsible for on its network and instances.

This works great in many cases and avoids having to externally setup routes, but it requires individual address records in OVN itself which doesn’t scale particularly well on large subnets (think /24 IPv4 or /64 IPv6).

For those cases, a new config key called ovn.ingress_mode has been added and can now be set to routed, indicating that the upstream router knows what subnet goes to what OVN router and OVN can therefore skip having to individually handle every single address.

This can then be combined with something like https://github.com/stgraber/lxd-bgp to use a dynamic routing protocol with the upstream router to automatically setup the needed routes to the relevant OVN routers.

ipv4.routes.anycast and ipv6.routes.anycast on physical networks

Somewhat related to the previous entry, two new keys have been added to allow bypassing a check that LXD performs on routed subnets.

Out of the box, we prevent a given subnet being used to back two networks or to be assigned to two instances at once. However, with support for external routing and dynamic routing comes the ability to do anycast.

In environment where this is supported, the ipv4.routes.anycast and ipv6.routes.anycast keys may now be set to true, bypassing the duplicate subnet check and allowing two instances to hold the same public address, leaving it up to the upstream router to decide which gets the traffic.

limits.instances project option

A new limit now joins limits.containers and limits.virtual-machines on projects.
limits.instances allows setting an overall limit on the number of instances in a project, regardless of type.

You can therefore now use:

• limits.instances: 5
• limits.containers: 5
• limits.virtual-machines: 2

To allow a given project to have only up to 5 instances, all of which can be containers but only 2 of which can be virtual machines.

zstd compression for images and backups

The zstd is now supported for both images and backups.

This can be set through images.compression_algorithm, backups.compression_algorithm or be directly specified through --compression to lxc publish or lxc export.

Complete changelog

Here is a complete list of all changes in this release:

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

Binary builds are also available for:

• Linux: snap install lxd
• MacOS: brew install lxc
• Windows: choco install lxc

https://www.youtube.com/watch?v=C6VU8qRzp40
Goes over the new features.

Question: Running Ubuntu Focal + all updates. Using SNAP LXD.

net14 # lsb_release -a

No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.1 LTS
Release: 20.04
Codename: focal

Just looking at versions…

net14 # snap list
Name     Version   Rev    Tracking       Publisher     Notes
certbot  1.10.1    793    latest/stable  certbot-eff*  classic
core18   20200929  1932   latest/stable  canonical*    base
core20   20201027  875    latest/stable  canonical*    base
lxd      4.0.4     18150  4.0/stable/…   canonical*    -
snapd    2.48.1    10492  latest/stable  canonical*    snapd

Let me know the correct… snap incantation/conjuration to refresh/update to latest LXD stable, which 4.9 appears to be latest stable.

Thanks!

4.9 will hit stable later today.
Normally we push it on the Monday after the release, but we caught a few issues we wanted to address and include in the initial push. Tests are running now so shouldn’t be too much longer.

Thanks.

And… I’m thinking something’s a bit odd, as I show 4.0.4 installed, rather than 4.8 which seems the version which should be installed.

Let me know you’re thinking about the… version oddity I’m seeing…

20.04 LTS ships with the 4.0 LTS track for the LXD snap, so you’re getting the latest bugfix release of the 4.0 track (4.0.4).

To switch to the monthly releases, do snap refresh lxd --channel=latest/stable
That will get you 4.8 and later today, 4.9.

Perfect!

Thanks!

That did the trick!

LXD 4.9 is now in the stable channel

Forgot to reply – packaged and released for openSUSE.

Thanks!

Hi!

I’m ready to post the translation of LXD 4.9 release announcement to official site!!

Oops, forgot to push the commit I had for the English version… done now.