Posts for: #virtualization

XCP-ng Unveils Version 8.3 Beta 2 of Virtualization Platform

XCP-ng Unveils Version 8.3 Beta 2 of Virtualization Platform

XCP-ng has announced the launch of the 8.3 Beta 2, marking the culmination of seven months of work on XCP-ng 8.3. This pre-release version is not recommended for production environments but is intended for users interested in testing and providing feedback on the new features. The release faced challenges with UEFI firmware emulation, but with community support, issues were resolved.

Changes in XCP-ng 8.3 Beta 2

Changes from XenServer

  • Completion of vTPM support for Windows 11 compatibility.
  • Various improvements in XAPI, Xen, and Linux kernel.

Changes from XCP-ng

  • Rebased packages on XenServer 8 preview.
  • Various installer enhancements.
  • IPv6 support updates.
  • Addition of XOSTOR and Debian 12 template.
  • Security fixes and new tests.
  • Removal of old experimental EXT4 driver.

Updates Since Beta 2

  • Integration of XenServer 8 advancements.
  • Various updates and fixes for enhanced stability.
  • Known issue with Xen Orchestra statistics, being addressed.

Xen 4.17

  • Opportunity to upgrade from Xen 4.13 to Xen 4.17 for testing.
  • Instructions provided for installation and feedback submission.


Incus 0.5.1 Release: Bug Fixes and Compatibility Updates for CentOS, AlmaLinux and Rocky Linux VMs

Incus 0.5.1 Release: Bug Fixes and Compatibility Updates for CentOS, AlmaLinux and Rocky Linux VMs

Incus 0.5.1 has been released. This release includes important bugfixes and a minor feature addition that caters to those running CentOS, AlmaLinux and Rocky Linux virtual machines.

One of the highlights of this release is the alternative way to get the VM agent. In the previous version, there was a single share named config that included both the instance-specific agent configuration and the incus-agent binary. However, this approach was wasteful and required a copy of the large incus-agent for every VM. With Incus 0.5.1, a separate share was introduced just for the binaries to avoid copying them for every VM. This change reduces resource usage on the host system.

Another important fix in this release is the handling of stopped instances during evacuation. In Incus 0.5, a bug caused stopped instances to be relocated to other systems during evacuation, even if they were configured to remain where they were. This bug has been corrected in Incus 0.5.1, ensuring that instances using stopped, force-stop, or stateful-stop will remain on their current server.

There are also some database performance fixes in this release. Improvements in Incus 0.5 unintentionally caused nested database transactions when fetching network information details for a large number of instances. This issue became visible when using an Incus cluster that serves DNS zones and has its metrics scraped by Prometheus. The fix removes the nested transactions and optimizes database interactions during command API interactions.

Here is the complete changelog for Incus 0.5.1:

  • Translated using Weblate (German)
  • Translated using Weblate (Dutch)
  • incus/action: Fix resume
  • Translated using Weblate (Japanese)
  • Translated using Weblate (Japanese)
  • Translated using Weblate (Japanese)
  • doc: Remove net_prio
  • incusd/cgroup: Fully remove net_prio
  • incusd/warningtype: Remove net_prio
  • incusd/cgroup: Look for full cgroup controllers list at the root
  • incusd/dns: Serialize DNS queries
  • incusd/network: Optimize UsedByInstanceDevices
  • incusd/backups: Simplify missing backup errors
  • tests: Update for current backup errors
  • incusd/cluster: Optimize ConnectIfInstanceIsRemote
  • incusd/instance/qemu/agent-loader: Fix to work with busybox
  • doc/ add a gentoo-wiki link under Gentoo section
  • Translated using Weblate (French)
  • Translated using Weblate (Dutch)
  • incusd/device/disk: Better cleanup cloud-init ISO
  • incusd/instance/qemu/qmp: Add Eject command
  • incusd/instance/qemu/qmp: Handle eject requests
  • api: agent_config_drive
  • doc/devices/disk: Add agent:config drive
  • incusd/device/disk: Add agent config drive
  • incusd/project: Add support for agent config drive
  • incusd/instance/qemu/agent-loader: Handle agent drive
  • incusd/db/warningtype: gofmt
  • incusd/loki: Sort lifecycle context keys
  • incusd/instance/qemu/agent-loader: Don’t hardcode paths
  • incusd/cluster: Fix evacuation of stopped instances

For more information, you can refer to the Incus documentation.

XCP-ng Releases Security Update for January 2024

XCP-ng Releases Security Update for January 2024

XCP-ng has released their January 2024 security update for their virtualization platform. The update is specifically for the 8.2 LTS release, which is currently the only supported release of XCP-ng.

The update addresses a security issue in the Linux kernel of XCP-ng’s control domain. This issue allowed a guest with limited privileges to send special network packets that could crash the network system in XCP-ng. While the crash only occurred in specific situations, several users reported the issue and it was discovered that others in the community were experiencing similar problems. This led to collaboration within the community to investigate and resolve the issue.

The vulnerability that was fixed is known as XSA-448 and is identified as CVE-2023-46838. This vulnerability allowed an unprivileged guest to launch a Denial of Service (DoS) attack on the host system by sending certain network packets to the backend, causing it to crash. This vulnerability was particularly observed when using pfSense with WireGuard, resulting in random crashes of the host system.

Linux Containers: Introducing Incus 0.5

Linux Containers: Introducing Incus 0.5

The Incus team has announced the release of Incus 0.5, the first release of 2024. This release brings several improvements to the Incus CLI, new virtual machine features, additional options for handling cluster evacuations and host shutdowns, and various bugfixes and performance improvements.

Highlights of the release include:

Ansible, Terraform/OpenTofu, and Packer
Incus now has support for Ansible, Terraform/OpenTofu, and Packer. This means that users can now find a connection plugin for Incus in Ansible, an official provider for Terraform and OpenTofu, and a Packer plugin for Incus.

Linux distribution packages Additional packages for Incus are now available for Arch Linux, Debian (testing/unstable), Ubuntu (noble), and Void Linux. Detailed installation instructions can be found in the Incus documentation.

The Incus team has spent time cleaning up translations and setting up Weblate for Incus. This makes it easier than ever for users to log into Weblate and translate the Incus CLI into their language.

New features
Some of the new features introduced in Incus 0.5 include:

  • New incus file create command: This command allows users to create empty files, symlinks, and directories without transferring an existing local directory tree.
  • New incus snapshot show command: This command allows users to view the configuration data included in an Incus instance snapshot.
  • More shell completion options: Incus is transitioning to a more dynamic way of handling shell completion, and users can now retrieve initial shell completion profiles for Bash, Fish, PowerShell, and Zsh.
  • Support for multiple VM agent binaries: Incus now supports providing multiple agent binaries to virtual machines, which is useful for handling multiple operating systems and architectures.
  • Support for virtio-blk as a disk io.bus: After adding NVME support in Incus 0.2, Incus now offers virtio-blk as a disk I/O bus option in virtual machines.
  • Support for USB network device pass-through in VMs: Incus now detects when the parent network device of a virtual machine is connected over the USB bus and converts it into a USB device pass-through.
  • New cluster evacuation options: Two new cluster evacuation options, force-stop and stateful-stop, have been added to Incus. These options can be selected on a per-instance basis and provide different ways to handle the evacuation of instances in a cluster.
  • Ability to configure the host instance shutdown action: Users can now configure the action to be taken when the host instance shuts down. The options include stop, force-stop, and stateful-stop.
  • Ability to start instances as part of creation: Instances can now be started as part of the creation request, saving an API call and making it easier for users scripting the Incus API.
  • Configurable Loki instance name: Incus now allows users to provide a cluster name to be used as the Loki event source instance, making it easier to filter events from multiple clusters using the same Loki instance.
  • Extended HEAD support on files: The HEAD method on the Incus instance file API now returns the file size, allowing for the display of file sizes in addition to names and types.
  • Use of /run/incus for runtime data: Incus now stores runtime data in /run/incus, keeping /var/log/incus only for actual log files.

For the complete list of changes in Incus 0.5, refer to the changelog.

To try Incus for yourself, visit the Incus documentation for installation instructions and more information.

Libvirt 10.0 Enhances QEMU VM Migration

Libvirt, a virtualization API managing virtualization on Linux, has released version 10.0. This update brings several new features, particularly in its QEMU support.

One notable addition in libvirt 10.0 is the postcopy-preempt migration capability. This feature allows for faster migration of memory pages by ensuring that the destination reads them before they are migrated from the source. Regarding QEMU, libvirt 10.0 introduces support for mapping I/O threads to virtqueues of virtio-blk devices. It also provides automatic resizing of block-device-backed disks to match the full size of the device. Additionally, libvirt 10.0 includes automatic selection and binding of VFIO variant drivers, as well as a runtime configuration option for nbdkit.

Other improvements in libvirt 10.0 include enhancements to the migration XML usage when persisting VM on the destination. It also simplifies non-shared storage migration to raw block devices, supports hotplug/unplug of PCI devices within the test driver, and includes various bug fixes.

Source: Phoronix.

KVM Enhancements in Linux 6.8

Changes to KVM virtualization in the upcoming 6.8 version of the Linux kernel include many new features and improvements. These changes are set to enhance the support for confidential VMs and bring various enhancements for KVM on different architectures.

Some of notable changes in the Linux 6.8 KVM include:

  • Improved support for confidential VMs: With the introduction of the KVM_SET_MEMORY_ATTRIBUTES ioctl, user-space can now specify per-page attributes for guest memory. This feature is particularly useful for confidential and secure VMs that utilize technologies such as AMD SEV-SNP, TDX, and ARM pKVM.
  • Software-protected VMs on x86: The KVM on x86 architecture now supports “software-protected VMs,” which allows for testing new interfaces related to guest_memfd and page attributes.
  • Flush-by-ASID support: KVM now unconditionally advertises flush-by-ASID support for nSVM, enabling the latest versions of VMware Workstation to run smoothly on KVM.
  • Linear Address Masking (LAM) for KVM guests: Linux 6.8 introduces support for LAM in KVM guests, enhancing the performance and security of virtualized environments.
  • CONFIG_KVM_HYPERV option: A new Kconfig option, CONFIG_KVM_HYPERV, allows users to disable KVM support for Microsoft Hyper-V emulation during the build process.
  • ARM64 LPA2 support: KVM now includes support for ARM64 LPA2, further expanding its capabilities on the ARM architecture.
  • LSX/LAX SIMD CPU instructions on LoongArch: KVM on LoongArch architecture now allows for the LSX/LAX SIMD CPU instructions within KVM guest VMs.

Source: Phoronix.