Hi!
Here is finally the first release candidate for the next feature
packed release of Linstor.
Biggest new feature of this release is API token authentication, if
enabled, it would restart the controller with a self-signed HTTPS
certificate and any further requests need to provide a HTTP Bearer
token in the headers. If setup through the client most of this will
automatically done in the background, to have all plugins (opennebula,
cloudstack, proxmox...) prepared to work with auth tokens, we will
have a longer rc phase and plan the final release for end of June.
Another "feature" is that we finally improved our timeout checks for
external commands.
As long as the external commands report some I/O usage, they will not
strictly time out after 45s.
Then we added a new Clone/BalanceAfterClone property, that allows the
controller to place an additional resource during cloning. This will
help distribute space in situation where you have a template that is
often cloned from so it doesn't always end up on the same nodes, in
the beginning it will take an additional resource, but as soon as the
BalanceResourceTask runs it will remove the excessive resource from
the most used node.
And finally Linstor now will detect blocked ports and add those ports
to a blocked range list property, it is now also possible to define
multiple TCP port ranges.
Also the linstor-controller is no longer started as root user, instead
we leverage the DynamicUser functionallity from systemd.
To mention it again, this build requires now java-21 AND we finally
removed ETCD support from this version on.
## [1.34.0-rc.1] - 2026-05-28
### Added
- Toggle-disk can now be retried or aborted.
- Added export-db API
- Satellites report platform and OS variant and Controller exposes
that on the REST API.
- Added property "ExtCmd/WaitTimeout"
- Added property "ExtCmd/TermTimeout"
- Added property "ExtCmd/KillTimeout"
- Added property "ExtCmd/IoStallTimeout"
- Added property "ExtCmd/IoPollInterval"
- Added "Linstor/Drbd/OutsideAddress" property for DRBD's
outside-address for setups using a NAT
- Added optional alternative suffixes for external files
- Added status check (current path + content as expected) for external files
- Added property "Rest/AutoHTTPs", if enabled will automatically
create a SSL certificate and re-start SSL server
- Added token authentication API and implementation, if enabled only
allows Authentication Bearer token access
- Added property "Clone/DdBlocksize" to configure the DD clone blocksize used
- Added "BalanceResourcesSkipDiskLimit" property to skip balancing
resources with more than X skipDisk resources (default 1)
- Added property "Autoplacer/MinThinFreeSpace" that disqualifies
storPools with less free space than specified
- Added linstor-config disable-token-auth command
- Property Clone/BalanceAfterClone to autoplace an extra diskful
resource after a clone operation
- Property Snapshot/BalanceAfterRestore to autoplace an extra diskful
resource after a snapshot restore
- Added property "Luks/AllowDiscards" to enable discard/TRIM
pass-through on LUKS volumes; when LUKS sits below DRBD,
rs-discard-granularity is also set automatically
- Added "Client" as DRBD state (non-voting diskless peer)
- Added property "TcpPortsBlocked" on node level
### Changed
- SOS report now uses export-db instead of non-JSON database dump
- Minimum java version is now java-21, please upgrade if you want to
continue building/running LINSTOR.
- DRBD: create-md now only times out if there was no IO for 45s
- mkfs: mkfs.ext4 and mkfs.xfs now only time out if there was no IO for 45s
- Moved old property "ExtCmdWaitTimeout" -> "ExtCmd/WaitTimeout"
- SOS report: 'tar' command now only times out if there was no IO for 45s
- Don't call shred on ZFS devices as those are guaranteed to always read 0
- Upated debian package compat version to 11
- linstor-controller.service: switch to DynamicUser (i.e., execute as
non-root user).
- Systemd-notify: Use SDNotify library instead of calling "systemd-notify"
- Thick LVM: New volumes are now placed on the least-used PVs by
default. This behavior can be customized via the new
"StorDriver/LvcreatePvSelection" property.
- Check for valid storage pool names on resource-group select filter
- Controller now ignores case when checking if a NetCom is enabled or not
- Default evict timeout was increased from 1h to 12h
- Property "TcpPortAutoRange" can now also be set on node level
### Removed
- ETCD database support is now removed, please convert to SQL or CRD
DB, before upgrade
- Removed K8s migrations older than 2023 / LINSTOR v1.21.0-rc1
- Removed SQL migrations older than 2023 / LINSTOR v1.21.0-rc1
### Fixed
- Fixed incorrect default LUKS2 header size calculation
- Parse errors during ctrl -> stlt authentication now result in
"AUTHENTICATION_ERROR" instead of "OFFLINE" (regression introduced in
1.32.0-rc.1)
- Fixed free space reporting of thin storage spaces (Windows) pool
- Fixed race condition where after a reconnect storage pools might not
show correct capacities and freespaces.
- Fixed PREPARE_SHIPPING backups didn't count as active shippings
- If a satellite cannot decrypt a LUKS key it no longer goes into
FULLSYNC_FAILED, but just marks the resource to have corrupted crypt
key
- Fixed auto-rs-discard-granularity staying set on devices that don't
support discards (e.g. LUKS without AllowDiscards)
- Throw a CriticalError(restart) if a JDK spawn helper exception was
caught (usually a JDK version mismatch)
- Fixed bug where taking a snapshot on a not-only-DRBD resource could
hang indefinitely
- Attempt to fix rare bug causing "shipping in progress" that can only
be cleared by restarting the controller
- Fixed rare race condition when changing the LUKS passphrase
- Fixed bug where trying to start a backup shipment of a rsc that
isn't UpToDate lead to an AccessToDeletedDataException
https://pkg.linbit.com//downloads/linstor/linstor-server-1.34.0-rc.1.tar.gz
Linstor PPA:
Cheers,
Rene