LXD 6.1, the first feature release in the new 6.x series, is released with significant improvements to container and virtual machine management. This update focuses on enhancing network functionality, VM performance, and overall system security.
Table of Contents
Automated IP Allocation for OVN Networks
One of the notable features in LXD 6.1 is the automatic IP allocation for OVN network forwards and load balancers.
In the previous versions, users had to manually specify the external listen address on the uplink network, which could be time-consuming and required sufficient access to see available IPs.
With the new --allocate
flag, users can instruct LXD to allocate an IPv4 or IPv6 address, and LXD will select an unused IP in the range(s) allocated for OVN network use on the uplink network.
Improved VM Performance with Automatic Core Pinning
Virtual machine performance receives a boost in this release with the introduction of automatic core pinning. LXD's instance scheduler now pins QEMU processes to load-balanced CPU cores for VMs that don't specify explicit core assignments.
This change aims to provide more predictable performance for latency-sensitive applications running in VMs. The scheduler dynamically rebalances CPU pinning configurations as instances are added, modified, or removed.
Enhanced Storage Options
LXD 6.1 introduces support for the Dell Powerflex Storage Data Client (SDC) kernel driver. This addition provides an alternative to NVME over TCP for Powerflex storage pools.
To use the SDC mode, users can set the powerflex.mode
to sdc
. If not specified, LXD will attempt to use NVME mode first before falling back to SDC mode.
Security Enhancements
In an effort to improve security, LXD 6.1 removes the trust password feature. This change eliminates the use of long-lived shared passwords for API access. Users must now add certificates directly to the trust store or use join tokens to add new clients.
The release also tightens container mknod syscall interception capability checks, aligning them with standard kernel behavior. Now, only users with CAP_MKNOD in the container's initial user namespace can use this feature.
Network Security Improvements
LXD 6.1 enhances network security by dropping DNS traffic to dnsmasq originating outside the bridge network. This prevents potential external access to the DNS service on bridges configured with routable subnets.
Additional Enhancements
The release includes several other improvements, such as support for running VMs on hosts with more than 64 CPUs, fixes for long TPM and disk directory share device names in VMs, and removal of armhf support for ceph.
For a complete list of changes, please refer to the changelog.
Download LXD 6.1
Users can download the latest tarballs from releases page.
Binary builds are also available through various channels, including Linux snap packages, Homebrew for macOS, and Chocolatey for Windows.
Linux:
snap install lxd
MacOS:
brew install lxc
Windows:
choco install lxc
Resource: