Introduction

The LXD team is very excited to announce the release of LXD 3.8!

This is the last release for 2018 and is a pretty feature packed one, improving on a lot of previously introduced features.

Enjoy!

New features

Automated container snapshots

Three configuration keys were introduced to control automated snapshots and configure how they will be named.

snapshots.schedule takes a CRON pattern to determine when to perform the snapshot

takes a CRON pattern to determine when to perform the snapshot snapshots.schedule.stopped is a boolean used to control whether to snapshot stopped containers too

is a boolean used to control whether to snapshot stopped containers too snapshots.pattern is a format string with pongo2 templating support used to set what the name of the snapshots should be when none is specified. This applies both to automated snapshots and to manually created snapshots where no name is provided.

Support for copy/move between projects

A new --target-project option has been added to both lxc copy and lxc move , making it possible to copy or move containers between projects.

stgraber@castiana:~$ lxc move test1 test1 --target-project blah stgraber@castiana:~$ lxc list --project blah +-------+---------+------+------+------------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +-------+---------+------+------+------------+-----------+ | test1 | STOPPED | | | PERSISTENT | | +-------+---------+------+------+------------+-----------+

cluster.https_address server option

Up till now, clustered LXD servers had to be configured to listen on a single IPv4 or IPv6 address with both internal cluster traffic and regular client traffic all using that same address.

LXD 3.8 changes that by introducing a new cluster.https_address option.

This write-once key holds the address used for cluster communication and cannot currently be changed without having to remove the node from the cluster.

With this separate key in place, it’s now possible to change the regular core.https_address on clustered nodes to any address you want, including to wildcard patterns like :8443 .

This makes it possible to use a completely different network for internal cluster communication, making it easy to prioritize and filter cluster traffic.

Cluster image replication

Another improvement for our cluster users is the introduction of automatic image replication.

Prior to LXD 3.8, images would only get copied to other cluster members as containers on those systems request them.

While good for performance, bandwidth and disk usage, this had the obvious downside that if the image is only present on a single system and that system goes offline, then there is no way for that image to be used until the system recovers.

LXD 3.8 changes this by having all manually created or imported images be replicated on at least 3 systems. Images that are stored in the image store only as a cache entry do not get replicated.

The behavior can be configured through cluster.images_minimal_replica with 3 being the new default behavior, 1 being the previous behavior and -1 used to replicate on all cluster members.

security.protection.shift container option

Until such time as we get shiftfs into Linux distributions and land support for it in LXD, LXD has to rely on slow rewriting of all uid/gid on the filesystem whenever the container’s idmap changes.

This can be a dangerous operation when run on systems that are prone to sudden power less or shutdown as this operation cannot be safely resumed if interrupted partway.

When set, the new security,protection.shift configuration option will prevent any such remapping, instead making any action that would result in one fail until the key is unset.

Support for passing all USB devices

Similar to how you can pass all GPUs to a container by not specifying any filter, it is now possible to do the same with USB devices by not specifying any vendorid or productid filter.

In such cases, every USB device will be made visible to the container, including any device hotplugged after the fact.

CLI override of default project

Many users reported that interacting with multiple projects can be tedious due to having to constantly use lxc project switch to switch the client between projects. This is especially true when all you want to do in a particular project is a simple action like starting a container.

LXD 3.8 now has a --project option available throughout the command line client, which lets you override the project for a particular operation.

stgraber@castiana:~$ lxc project list +-------------------+--------+----------+---------+ | NAME | IMAGES | PROFILES | USED BY | +-------------------+--------+----------+---------+ | blah | NO | NO | 2 | +-------------------+--------+----------+---------+ | default (current) | YES | YES | 14 | +-------------------+--------+----------+---------+ stgraber@castiana:~$ lxc list test +-------+---------+------+------+------------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +-------+---------+------+------+------------+-----------+ | test1 | STOPPED | | | PERSISTENT | 0 | +-------+---------+------+------+------------+-----------+ stgraber@castiana:~$ lxc list test --project blah +-------+---------+------+------+------------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +-------+---------+------+------+------------+-----------+ | test2 | STOPPED | | | PERSISTENT | 0 | +-------+---------+------+------+------------+-----------+

Bi-directional rsync negotiation

Recent LXD releases have introduced rsync feature negotiation where the source could tell the server what rsync features it’s using so that the server can match them on the receiving end.

LXD 3.8 introduces the reverse of that by having the LXD server indicate what it supports as part of the migration protocol, allowing for the source to restrict the features it uses.

This should provide very robust migration in the future where a newer LXD will be able to migrate containers out to an older LXD without running into rsync feature mismatches.

ZFS compression support

Another improvement to our migration protocol is the detection and use of ZFS compression support when available.

When combined with zpool compression, this can very significantly reduce the size of the migration stream.

Bugs fixed

client: convert EventListener to use api.Event

client: Fix crash on missing ProgressTracker

doc: Add kernel.keys.maxkeys to production-setup

doc: Add project documentation

doc: Updated documentation of /cluster/members/ to have correct keys

i18n: Update translations from weblate

i18n: Update translation templates

lxc/image: Fix rootfs file handling on snap

lxc/import: gzip is the default

lxc/project: Check existence on switch

lxd: Finish converting events to api.Event

lxd: Fix AppArmor cache policy version check

lxd: Handle AppArmor policy cache directory

lxd/cluster: Tweak error messages

lxd/containers: Drop needless function

lxd/containers: Fix snapshot URLs in projects

lxd/containers: Hide duplicate log entries

lxd/containers: Improve hwaddr retry logic

lxd/containers: Properly clear static leases

lxd/containers: Respect optional=true for disks

lxd/db: Avoid un-needed query on container move

lxd/db: Fix typo in existing docstring

lxd/db: Fix unit test not actually checking error

lxd/db: Make ContainerSetState use single query

lxd/images: Fix bad project handling

lxd/init: Better handle disk sizes

lxd/init: Checks if a zfs storage pool or dataset exists

lxd/init: Fix typo

lxd/migration: Cleanup feature negotiation

lxd/migration: Fix CRIU rsync option negotiation

lxd/migration: Fix rsync project prefix

lxd/migration: Fix shutdown race

lxd/migration: Remove leftover debugging

lxd/migration: Re-spawn proxy devices

lxd/migration: Simplify MigrationSink

lxd/migration: Simplify MigrationSource

lxd/migration: Simplify StorageMigrationSink

lxd/networks: Fix projects in dnsmasq.hosts

lxd/projects: Add config validation

lxd/projects: Fix copy of snapshots

lxd/proxy: Improve shutdown code

lxd/storage: Fix broken error handling

lxd/storage: Fix check for custom volume restore

lxd/storage: Fix custom volume copies

lxd/storage: Fix more project copy issues

lxd/storage: Fix snapshot migration with projects

lxd/storage: Freeze containers during rsync

lxd/storage: user_subvol_rm_allowed for btrfs

lxd/storage/btrfs: Fix project migrations

lxd/storage/btrfs: Tweak errors

lxd/storage/ceph: Fix copies within project

lxd/storage/ceph: Fix project migration

lxd/storage/dir: Don’t fail when quota are set

lxd/storage/dir: Fix project snapshot symlink

lxd/storage/lvm: Fix project handling

lxd/storage/lvm: Run pvremove on VG deletion

lxd/storage/zfs: Add zfsPoolVolumeExists

lxd/storage/zfs: Detect tool version on Ubuntu

lxd/storage/zfs: Fix missing dir on copy

lxd/storage/zfs: Fix project copies

lxd/storage/zfs: Fix project migrations

lxd/storage/zfs: Fix setting quotas on project

shared: Fix import order

shared: Fix windows cert handling

shared/idmap: Workaround Go tip change

shared/termios: Add shim for non-cgo builds

storage/zfs: Fix arguments in function call

tests: Always pass -w to iptables

tests: Bump size to 120MB for btrfs

tests: Fix leftover file

tests: Improve live-migration tests

tests: Test migration in projects

test: Support AppArmor policy cache directory

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.