LXD, a system container and virtual machine manager, is a project under the Canonical wing, the company behind Ubuntu. It offers a user-friendly and secure way to manage Linux containers and has just released its latest version, 6.1.
For those unfamiliar, LXD extends LXC (Linux Containers) by adding a more powerful and easier-to-use management layer to LXCโs existing functionalities.
LXC, for its part, provides a machine-like experience, supporting full operating system functionality within containers while leveraging containerizationโs lightweight, scalable benefits.
New Features in LXD 6.1
LXD 6.1 marks the first feature release of the 6.x series, introducing enhancements that improve functionality and user experience. One notable feature is the automatic IP allocation for OVN (Open Virtual Network) network forwards and load balancers.
It simplifies setting up network components by automatically assigning IP addresses, eliminating the need to select available IPs manually. This automation saves time and reduces complexity, particularly in environments with restricted visibility of network resources.
The new release also optimizes virtual machine performance through automatic core pinning. This process ensures that VMs that do not specify CPU cores have their QEMU processes automatically assigned to balanced CPU cores.
However, itโs worth noting that on systems with mixed performance and efficiency cores, users might experience a slight dip in performance, which can be mitigated by using explicit CPU pinning.
Another novelty of the update is the support for the Dell PowerFlex Storage Data Client kernel driver, which can now be used with LXDโs PowerFlex storage pools. This provides an alternative to NVMe over TCP and requires a Dell Metadata Manager connection.
From a security perspective, LXD 6.1 removes the core.trust_password server setting, enhancing security by discouraging the use of long-lived shared passwords. Instead, new clients must be added to the LXD API through certificates or join tokens.
Additionally, the release tightens the container mknod syscall interception capability checks, aligning them more closely with host kernel behavior.
It should also be mentioned that LXD 6.1 introduces measures to secure DNS services within managed bridge networks by preventing DNS traffic from external networks to the dnsmasq service, enhancing network isolation and security.
It also resolves issues related to running VMs on hosts with more than 64 CPUs and supports longer and special character-containing device names in VMs, which improves compatibility and flexibility in system configurations.
Lastly, the release phases out support for the armhf architecture in preparation for future updates and raises the minimum Go version required to build LXD to 1.22.4, ensuring compatibility with contemporary development environments.
For more information about all LXD 6.1 container manager changes, visit the release announcement or view the full changelog. It is available for download on Linux, MacOS, and Windows platforms.
