LXD 6.1

-

 

LXD 6.1 Improves Network and Resource Management

Canonical has announced via Ubuntu’s dedicated Discourse instance the release of LXD 6.1, the latest stable version of its container and virtual machine manager. This update introduces several interesting new features.

The first major improvement in LXD 6.1 is that OVN load balancers and network forwarding now support automatic IP allocation. Previously, when creating an OVN load balancer or network forward, users had to manually specify the external listening address on the link network, which could take extra time to determine which IP addresses were available. Additionally, if an OVN network was part of a project, the user creating the network forward or load balancer might not have had sufficient access to view the available IPs on the link. With the new --allocate flag, LXD will now automatically search for unused IP addresses within the assigned ranges for OVN network usage.

The second enhancement addresses cases where the number of CPU cores for a virtual machine has not been explicitly specified. Moving forward, LXD will automatically set the number of QEMU processes to allocate processor cores based on its instance scheduler. Additionally, LXD’s scheduler will periodically rebalance the CPU pinning configuration whenever instances are added, modified, or deleted. This feature aims to make virtual machine performance more predictable for latency-sensitive applications.

Another key improvement is support for using the kernel driver for Dell PowerFlex’s storage data client (SDC) with the LXD PowerFlex storage pool. This provides an alternative to NVMe over TCP, which is also supported by the manager.

By default, LXD bridge networks are configured with NAT enabled and automatic allocation of private RFC1918/ULA subnets. However, if a bridge network is set up with a routable subnet, it would be possible to access the dnsmasq DNS service from outside the bridge network. To prevent this, LXD-managed bridge networks now add firewall rules to the host system, blocking DNS traffic directed to dnsmasq if it originates from outside the bridge network or the host system itself.

LXD 6.1 has also removed several features. These include the concept of hidden API configuration to ensure all configuration fields behave consistently, support for the armhf architecture in Ceph (as it is not available in Ubuntu 24.04 LTS), and the core.trust_password feature at the server level, which prevents the use of long-term shared passwords. Lastly, the minimum required version of Go has been updated to 1.22.4.

Overall, it seems that Canonical is ramping up the development of LXD, which has recently been competing with a fork called Incus. Incus was created after Linux Containers transferred ownership of LXD to Canonical a move that did not sit well with the community and ultimately led to the resignation of a veteran employee from the company behind Ubuntu.

Comments

Post a Comment

Popular posts from this blog

systemd 256 arrives with run0, the ‘sudo clone’ that aims to improve security

-
Image
systemd 256 arrives with run0, the ‘sudo clone’ that aims to improve security systemd 256 is now a reality, featuring an interesting innovation that could represent a significant change in Linux in the not-too-distant future, although this will ultimately depend on the decisions made by various distributions. Without further delay, let’s go over the main new features. First, we have the introduction of run0, a kind of clone of sudo that aims to enhance security by reducing the attack surface. According to Lennart Poettering, the creator of systemd, this is achieved by ensuring “the target command is invoked in an isolated execution context, freshly forked from PID 1, without inheriting any context from the client,” making its behavior more akin to SSH. And since we’ve mentioned SSH, there’s the systemd-ssh-generator , which has been added to detect if the SSHD binary (the SSH daemon) is present and then link it through socket activation per connection to various sockets depending on ...
Read more
-
Image
Canonical Announces Everything LTS Canonical, the company behind Ubuntu, has announced Everything LTS , a new service aimed at providing distroless Docker container images with twelve years of security updates and compatibility across a wide range of hosts, including Ubuntu itself, Red Hat Enterprise Linux (RHEL), VMware, and public Kubernetes-based clouds. Canonical states that Everything LTS "extends Ubuntu Pro with thousands of new open-source components, including the latest AI/ML dependencies and tools for machine learning, training, and inference, maintained as a source alongside Ubuntu rather than as Deb packages. Customers hire Canonical to design a Docker image of an open-source application, or a base image that includes all the open-source dependencies needed to host their proprietary application." In addition to container images based on Ubuntu, Canonical will also offer distroless Docker images. While the former needs no explanation as it is the default paradigm,...
Read more

Microsoft Releases Patch for Actively Exploited Windows Zero-Day Vulnerability

-
Image
    A day after Apple and Google rolled out urgent security updates, Microsoft has pushed software fixes as part of its monthly Patch Tuesday release cycle to plug 66 security holes affecting Windows and other components such as Azure, Office, BitLocker, and Visual Studio, including an actively exploited zero-day in its MSHTML Platform that came to light last week. Of the 66 flaws, three are rated Critical, 62 are rated Important, and one is rated Moderate in severity. This is aside from the 20 vulnerabilities in the Chromium-based Microsoft Edge browser that the company addressed since the start of the month. The most important of the updates concerns a patch for CVE-2021-40444 (CVSS score: 8.8), an actively exploited remote code execution vulnerability in MSHTML that leverages malware-laced Microsoft Office documents, with EXPMON researchers noting "the exploit uses logical flaws so the exploitation is perfectly reliable." Also addressed is a publicly d...
Read more