LXD 6.9 release notes

This is a feature release and is not recommended for production use.

Release notes content

These release notes cover updates in the core LXD repository and the LXD snap package. For a tour of LXD UI updates, please see the release announcement in our Discourse forum.

Highlights

This section highlights new and improved features in this release.

Network load balancer pools

Load balancer pools have been introduced for OVN networks, allowing instances to be grouped together as targets for load balancer traffic distribution.

Pools provide a way to manage collections of backend instances that receive forwarded traffic from load balancers, with health checking support and dynamic membership based on instance availability.

New lxc network load-balancer pool subcommands have been added to manage these pools.

PowerStore storage driver

A new powerstore storage driver has been added, enabling the use of Dell PowerStore storage arrays with LXD.

The driver supports iSCSI and Fibre Channel (FC) connectivity modes, providing flexible options for connecting to PowerStore volumes.

Fibre Channel storage connector

A new Fibre Channel (FC) storage connector has been added, enabling FC-based connectivity for remote storage drivers.

This allows supporting storage drivers like PowerStore to use FC transport for volume attachment, in addition to the existing iSCSI and NVMe/TCP options.

PowerFlex 5 support

The PowerFlex storage driver has been updated to support Dell PowerFlex version 5, including thin clone support and updated API compatibility.

The driver now automatically detects the PowerFlex version and adapts its behavior accordingly, maintaining backwards compatibility with PowerFlex 4.

Security events

A new security event type has been added, providing OWASP-compliant audit logging for security-relevant operations.

Security events cover authentication (login failures, token operations, certificate changes), authorization (permission denials, admin actions), and system events (startup, shutdown, monitoring changes).

These events can be routed to Grafana Loki by adding security to the loki.types server configuration.

OIDC device client ID

A new oidc.device.client.id configuration key has been added to support separate OAuth clients for CLI authentication.

This allows administrators to configure a dedicated device authorization grant client for the lxc CLI, separate from the main OIDC client used by the LXD UI, enabling different authentication flows and security requirements for each.

Optimized ZFS instance creation with image variants

The ZFS storage driver now supports optimized instance creation through image variants.

When creating instances, LXD can now cache and reuse ZFS clones that match the instance’s configuration (such as initial block mode or filesystem type), significantly improving creation time for subsequent instances using the same image variant.

Stale image variants are automatically cleaned up when pool configuration changes.

Project replica mode

Projects now have an explicit replica_mode field that indicates whether a project is in leader or standby mode for replication purposes.

New lxc project promote-replica and lxc project demote-replica commands have been added to manage project replication state, and instances in standby projects are prevented from starting.

Switch to Go standard library HTTP router

The LXD daemon has switched from gorilla/mux to the Go standard library’s http.ServeMux for HTTP routing.

This reduces external dependencies and leverages the improved routing capabilities added in Go 1.22.

OIDC verifier background initialization

The OIDC verifier is now initialized in the background on daemon startup, with automatic retry on failure.

This prevents LXD startup from being blocked by unavailable identity providers and adds a warning when OIDC authentication is unavailable.

Cluster evacuation quorum protection and raft rebalancing

Cluster member evacuation now validates the raft quorum before proceeding and refuses to evacuate an online voter when doing so would drop the remaining online voters below the required majority.

During evacuation, LXD transfers leadership first when needed, marks the member as evacuated, and triggers an immediate raft rebalance so that evacuated members are demoted and excluded from promotion candidacy before workloads are migrated. Restore reverses this by prioritizing networks and instances before triggering a raft rebalance.

The quorum safety check can be bypassed by passing force to the evacuate action.

UI updates

This release introduces replicator management, load balancer support, and an initial file explorer for instances, alongside cluster link enhancements, identity improvements, and a range of user-driven refinements.

Replicators

  • Added full replicator management, including:

    • Project configuration page to set up replicators and cluster links

    • Replicator list page

    • Detailed replicator view

    • Create and edit workflows

    • Run modal for manual execution

    • Rich status chips and visual indicators

    • Instance usage visibility per project

  • Improved replicator validation, permissions handling, and overall user experience.

Load balancers

  • Added load balancer management for OVN networks to the UI.

  • Added support for managing load balancer instances.

Storage

  • Improved Dell PowerStore support with updates to PowerStore configuration and management workflows.

  • Improved storage-related form behavior and validation.

Instance experience

  • Introduced the initial Instance File Explorer implementation.

  • Added support for file and directory deletion within the File Explorer.

  • Improved instance creation workflow by automatically focusing newly added profiles.

  • Fixed image tab state handling in the All Projects view.

Identity and access management

  • OIDC configuration can now be accessed directly from Settings when managing identities and permissions.

  • Improved identity page header controls and alignment.

Cluster management

  • Enhanced cluster links with:

    • Rich chips for improved visibility

    • Better creation and confirmation workflows

    • Improved copy and guidance throughout the UI

    • Protection against deleting cluster links that are currently in use

  • Cluster links are now displayed on single-node servers where applicable.

  • Improved handling of cluster link tokens and redirects.

  • The “Same for all members” option is now hidden when a cluster contains only a single member.

User-driven improvements

  • Improved cluster link onboarding and setup guidance.

  • Standardized navigation and redirection behavior across cluster-linked environments.

  • Replaced Monaco Editor with CodeMirror for YAML and configuration editing.

Bug fixes

  • Fixed issues with image registry renaming when rename permissions are unavailable.

  • Fixed sorting of modified timestamps.

  • Fixed several cluster link validation, token handling, and UX issues.

Bug fixes

The following bug fixes are included in this release.

Backwards-incompatible changes

These changes are not compatible with older versions of LXD or its clients.

NVMe/TCP storage pool mode renamed

The storage pool NVMe/TCP mode has been renamed from nvme to nvme/tcp for clarity and consistency with other transport modes.

Existing pools using the nvme mode are automatically migrated to use nvme/tcp on upgrade.

Image import from client-specified URL removed

Support for importing images from a client-specified URL (the direct protocol) has been removed.

Images should be imported using the standard image server protocols (simplestreams or LXD). Existing images using this deprecated source type will no longer auto-update.

lxc cluster evacuate and restore flag changes

The --force flag of lxc cluster evacuate and lxc cluster restore no longer acts as a confirmation bypass. It now bypasses the server-side raft quorum safety check instead.

Use the new --yes flag to skip the interactive confirmation prompt, matching the convention used elsewhere in the lxc CLI.

Known issues

This section covers known temporary limitations and integration regressions in this release.

CDI GPU passthrough failure on Ubuntu Core 26

Users attempting to pass through GPUs to containers on Ubuntu Core 26 environments using the gpu-2604 interface (provided by the mesa-2604 snap) will encounter a container startup failure:

Error: Failed starting device "gpu0": Failed generating CDI spec: Failed determining NVIDIA driver root path: Failed running: /snap/lxd/<revision>/gpu-2604/bin/gpu-2604-provider-wrapper printenv NVIDIA_DRIVER_ROOT: exit status 1

This is caused by an upstream architectural mismatch on the Core 26 track between the pc-kernel snap and the mesa-2604 graphics provider snap. The pc-kernel snap exposes NVIDIA driver files using new interfaces, but the mesa-2604 wrapper script is still looking for legacy kernel-gpu-2604 directory paths.

There is currently no native LXD configuration workaround.

Updated minimum Go version

If you are building LXD from source instead of using a package manager, the minimum version of Go required to build LXD is now 1.26.4.

Snap packaging changes

  • LXCFS: Reverted partial backport of PSI functionality that prevented host machine suspend (#17983).

  • libnvidia-container bumped to v1.19.1.

  • AMD ROCm container toolkit bumped to v1.3.0.

  • ZFS 2.2 bumped to 2.2.10.

  • ZFS 2.3 bumped to 2.3.8.

  • ZFS 2.4 bumped to 2.4.3.

  • Removed unused arptables binary.

  • Removed libcephfs from the snap due to unusable missing dependencies.

  • Removed unneeded Python dependencies from Ceph.

  • Various snap size optimizations (removed unused QEMU keymaps, LXD UI localization files, uefivars bloat).

Change log

View the complete list of all changes in this release.

Downloads

The source tarballs and binary clients can be found on our download page.

Binary packages are also available for:

  • Linux: snap install lxd --channel=6/stable

  • MacOS client: brew install lxc

  • Windows client: choco install lxc