Skip to content

Cluster links API and CLI#14884

Closed
kadinsayani wants to merge 37 commits intocanonical:mainfrom
kadinsayani:lxd-remotes
Closed

Cluster links API and CLI#14884
kadinsayani wants to merge 37 commits intocanonical:mainfrom
kadinsayani:lxd-remotes

Conversation

@kadinsayani
Copy link
Copy Markdown
Member

@kadinsayani kadinsayani commented Jan 29, 2025
edited
Loading

Depends on #16165.

Introduces LXD cluster links, allowing for secure interaction between separate LXD clusters.

@github-actions github-actions bot added Documentation Documentation needs updating API Changes to the REST API labels Jan 29, 2025
@kadinsayani kadinsayani force-pushed the lxd-remotes branch 3 times, most recently from 06209b4 to 0bfbd6f Compare January 29, 2025 23:32
@kadinsayani
Copy link
Copy Markdown
Member Author

kadinsayani commented Jan 29, 2025
edited
Loading

The failing CodeQL security check is due to the join token being passed in as user input to the POST /1.0/site/join request - we use the addresses from the join token when calling GetRemoteCertificate. We do the same in lxd init interactive: https://github.com/canonical/lxd/blob/main/lxd/main_init_interactive.go#L175-L190.

@kadinsayani kadinsayani force-pushed the lxd-remotes branch 5 times, most recently from 7cbdfa6 to 3783d48 Compare February 4, 2025 21:30
@kadinsayani kadinsayani changed the title LXD: Server side remotes and remote clusters LXD: Sites Feb 4, 2025
@kadinsayani kadinsayani force-pushed the lxd-remotes branch 3 times, most recently from ed12163 to fa78411 Compare February 5, 2025 22:54
MusicDin
MusicDin reviewed Feb 6, 2025
View reviewed changes
@kadinsayani kadinsayani force-pushed the lxd-remotes branch 10 times, most recently from a43ad68 to b5cd7ef Compare February 11, 2025 18:55
@kadinsayani kadinsayani force-pushed the lxd-remotes branch 2 times, most recently from ad2b200 to 64e9639 Compare February 11, 2025 19:24
@kadinsayani
lxd/lifecycle: Add cluster link lifecycle events
45dfa0f 
Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>
@kadinsayani
lxd/auth/drivers: Add cluster link permissions to openfga model
e1fe617 
Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>
@kadinsayani
lxd/auth: Update auth
5535a40 
Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>
@kadinsayani
tests: Update permission inspection auth tests to check for cluster l…
90dfce6 
…ink permissions

Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>
@kadinsayani
lxd/cluster: Add CheckClusterLinkCertificate function for cluster l…
89eb7f5 
…ink validation

Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>
@kadinsayani
lxd/cluster: Add ConnectClusterLink function
0125e71 
Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>
@kadinsayani
lxd/cluster: Add RefreshClusterLinkVolatileAddresses
51e08f2 
Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>
@kadinsayani
lxd: Add cluster link APIs
a3d823d 
Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>

This adds the cluster link API handlers and their associated functions.

Includes:
- `clusterLinksPost` handler
- `clusterLinkPost` handler
- `clusterLinkPut` handler
- `clusterLinkPatch` handler
- `clusterLinkDelete` handler
- `clusterLinksGet` handler
- `clusterLinkGet` handler
- `clusterLinkValidateConfig` function
- `updateClusterLink` function

Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>
@kadinsayani
lxd/db/operationtype: Add RefreshClusterLinkVolatileAddresses opera…
4a0e710 
…tion

Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>
@kadinsayani
lxd: Add refresh cluster link volatile addresses daily cluster task
26aeea2 
Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>
@kadinsayani
client: Add cluster link client methods
898d0e5 
Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>
@kadinsayani
lxd: Add cluster link state API
203410a 
Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>
@kadinsayani
lxc/cluster_link: Add cluster link command
8c2ffc0 
Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>
@kadinsayani
lxc/cluster_link: Add cluster link create command
d5989f3 
Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>
@kadinsayani
lxc/cluster_link: Add cluster link list command
7a292c3 
Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>
@kadinsayani
lxc/completion: Add cluster link completions
d428770 
Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>
@kadinsayani
lxc/completion: Add cmpClusterLinkConfig function
4fcfbae 
Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>
@kadinsayani
lxc/cluster_link: Add cluster link delete command
0a72635 
Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>
@kadinsayani
lxc/cluster_link: Add cluster link edit command
a764444 
Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>
@kadinsayani
lxc/cluster_link: Add cluster link show command
4f934da 
Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>
@kadinsayani
lxc/cluster_link: Add cluster link info command
483f4f1 
Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>
@kadinsayani
lxc/cluster_link: Add cluster link get/set/unset commands
660a07d 
Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>
@kadinsayani
tests: Add clustering_link test
2d27adf 
Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>
@kadinsayani
doc: Add cluster links documentation
74c440a 
Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>
@kadinsayani
github: Increase allowed lxc binary size (16MiB->17MiB)
14b348c 
With the addition of the new cluster link commands we're exceeding the
current limit.

Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>
@kadinsayani
doc: Update metadata
874c812 
Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>
@kadinsayani
doc/rest-api: Refresh swagger YAML
24c7808 
Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>
@kadinsayani
i18n: Update translation templates.
0412dd7 
Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>
@kadinsayani
i18n: Update translations.
71617ec 
Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>
@kadinsayani
Copy link
Copy Markdown
Member Author

kadinsayani commented Aug 19, 2025

Closing until we are ready to revisit this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tomponline tomponline tomponline requested changes

@simondeziel simondeziel simondeziel left review comments

@minaelee minaelee minaelee requested changes

@roosterfish roosterfish roosterfish requested changes

@MusicDin MusicDin Awaiting requested review from MusicDin

@markylaing markylaing Awaiting requested review from markylaing

Assignees

No one assigned

Labels

API Changes to the REST API Documentation Documentation needs updating

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@kadinsayani @tomponline @simondeziel @minaelee @roosterfish @markylaing @MusicDin @github-advanced-security