The Incus team has just announced the release of Incus 6.8, marking the final update for 2024. Although this might be the last major release of the year, it certainly does not skimp on meaningful improvements.
One of the standout features introduced in this release is the ability to perform live storage migration of virtual machines (VMs). This capability makes it possible to seamlessly move a running VM between different storage pools, enhancing flexibility and resource optimization.
While doing so, the VM must also relocate to another server within the cluster to prevent simultaneous QEMU instances on a single server. As a result, administrators now have a more dynamic environment where resources can be balanced on the fly.
In addition, a new authorization scriptlet has been introduced. This feature permits the integration of custom authorization controls combined with TLS or OIDC authentication, paving the way for more sophisticated access management. Documentation is available for those looking to tailor their setup to meet complex security requirements.
To make remote management more intuitive, Incus 6.8 adds a straightforward method for capturing one-off console screenshots of VM VGA consoles.
This should be a real boon for developers working on graphical user interfaces or web-based clients, as it offers a quick way to inspect and debug VM states even when a user is currently connected to the VGA console. Simply issue a GET request to the VMโs console endpoint, and you will receive a PNG screenshotโno muss, no fuss.
Furthermore, the release introduces initial owner and mode settings for custom storage volumes, facilitating smoother workflows for those handling OCI containers.
You can now specify initial.uid, initial.gid, and initial.mode at volume creation time. This allows the volumeโs contents to start off with the right permissions and ownership, reducing the need for manual adjustments down the line.
The OpenFGA access model has received a slight but meaningful refinement. The previous user:* viewer server:incus permissionโproviding read-only access to global resourcesโhas been replaced by user:* authenticated server:incus.
Now, the viewer permission can be granted directly to users, granting full server-wide read-only access. In addition, a new can_view_sensitive entitlement offers admins a finer degree of control, ensuring that only authorized users can access sensitive configuration details.
Likewise, Incus 6.8 allows for image alias reuse on import. If you frequently cycle through images, you can now replace the image associated with an alias by using the --reuse option. This simplifies your image management process, ensuring you do not need to unnecessarily juggle multiple aliases or delete and recreate images.
For organizations running simplestreams image servers, the fresh incus-simplestreams prune command helps keep things tidy by cleaning up orphaned image files and index entries. By default, it retains the previous two images, giving you a curated set of resources while ensuring you are not holding onto needless data.
Lastly, console access has also received a sensible update. Rather than have latecomers automatically displace an existing session, Incus now locks console access when a user is connected.
Attempting to join when someone else is actively using the console will now yield an error, which can only be bypassed by using the --force flag. This small change helps prevent accidental interruptions and confusion.
For more information about the Incus 6.8 container and virtual machine manager changes, visit the release announcement or check out the full changelog.
Users are encouraged to try out these new features by visiting the Incus online platform, which provides a hands-on experience with the latest version.
