LXD 4.2 has been released

Introduction

The LXD team is very excited to announce the release of LXD 4.2!

This release brings quite a few new features and a lot of background stability and speed improvements.

The networking improvements in this release mark the beginning of more work we’ve set for ourselves with the final goal of having per-project virtual networks implemented through OVN. As part of this, we’ve done some fixes in our existing OVS handling and added VLAN filtering and some useful config reporting to LXD.

Quite a bit of effort is also going in improving our database and clustering logic, fixing issues, improving test coverage and improving performance.

One last area of focus is security where we’ve now begun to reap the benefits from some upstream kernel work we’ve been doing for the past few months/years, using those features to avoid race conditions and speed up LXD in general.

Enjoy!

New features and highlights

VLAN filtering on bridges

Those familiar with physical network switches are no doubt used to configuring your untagged and tagged VLANs for your ports or bonds. Linux software switching allows for the exact same thing, per-port selection of your untagged VLAN and a list of tagged VLANs.

Now LXD exposes that with support for both native Linux bridging and OVS.

This is implemented through the vlan and vlan.tagged config keys on a bridged nic device. The vlan property controls the untagged VLAN while vlan.tagged is a comma separated list of tagged VLANs to let through.

Expanded network state information

The /1.0/networks/NAME/state API endpoint was expanded to show bond and bridge specific details. This makes it easier to remotely inspect a LXD host, particularly useful when in a cluster.

The bond details look like this:

stgraber@castiana:~$ lxc query /1.0/networks/bond0/state | jq .bond
{
  "down_delay": 500,
  "lower_devices": [
    "dum0",
    "dum1"
  ],
  "mii_frequency": 100,
  "mii_state": "up",
  "mode": "balance-rr",
  "transmit_policy": "layer2",
  "up_delay": 100
}

The bridge details look like this:

stgraber@castiana:~$ lxc query /1.0/networks/lxdbr0/state | jq .bridge
{
  "forward_delay": 1500,
  "id": "8000.06099e00b912",
  "stp": false,
  "upper_devices": [
    "tap1053b4fd",
    "tapef45d46d",
    "veth1651f83f",
    "veth8eb3fb1a"
  ],
  "vlan_default": 1,
  "vlan_filtering": true
}

Support for custom search domains

A new domain.search config key on networks can be used to set a comma-separate listed of search domains to advertise to the instances.

New IPv4 and IPv6 columns in network lists

The default output of lxc network list now shows the IPv4 and IPv6 subnets.
This makes it quite a bit easier to recognize your networks.

stgraber@castiana:~$ lxc network list
+--------+----------+---------+----------------+---------------------------+-------------+---------+
|  NAME  |   TYPE   | MANAGED |      IPV4      |           IPV6            | DESCRIPTION | USED BY |
+--------+----------+---------+----------------+---------------------------+-------------+---------+
| bond0  | bond     | NO      |                |                           |             | 0       |
+--------+----------+---------+----------------+---------------------------+-------------+---------+
| eth0   | physical | NO      |                |                           |             | 0       |
+--------+----------+---------+----------------+---------------------------+-------------+---------+
| eth1   | physical | NO      |                |                           |             | 0       |
+--------+----------+---------+----------------+---------------------------+-------------+---------+
| lxdbr0 | bridge   | YES     | 10.166.11.1/24 | fd42:4c81:5770:1eaf::1/64 |             | 16      |
+--------+----------+---------+----------------+---------------------------+-------------+---------+
| wlan0  | physical | NO      |                |                           |             | 0       |
+--------+----------+---------+----------------+---------------------------+-------------+---------+

mips & riscv64 support for containers and s390x support for VMs

Support for various MIPS variants has been added, allowing LXD to be built and run on MIPS systems.

RISC-V 64bit support was also added and confirmed to work with containers.

ubuntu@riscv64:~$ lxc list -cns46ta
+------+---------+----------------------+-----------------------------------------------+-----------+--------------+
| NAME |  STATE  |         IPV4         |                     IPV6                      |   TYPE    | ARCHITECTURE |
+------+---------+----------------------+-----------------------------------------------+-----------+--------------+
| b1   | RUNNING | 10.108.12.160 (eth0) | fd42:5832:5781:1eaf:216:3eff:fedd:884d (eth0) | CONTAINER | riscv64      |
+------+---------+----------------------+-----------------------------------------------+-----------+--------------+

In both cases, image selection is effectively non-existent, so you’re pretty much stuck with Busybox for now!

On the VM front, we’ve added support for s390x virtual machines.

Using pidfds for all container subprocesses

LXD frequently spawns subprocesses that are fed a PID coming from a container.
This can be racy in some situations, allowing for the process to exit and the PID be recycled before we interact with it, causing us to accidentally interact with the wrong thing.

That’s what @brauner’s work on pidfds in the Linux kernel is meant to fix and LXD and LXC now make us of those whenever possible, passing a file descriptor to a particular process rather than passing its PID.

LVM volumes only active when needed

LVM now behaves in the same way as ZFS and CEPH by keeping LVs inactive unless the instance is running. This reduces clutter in /dev and can lead to some small performance improvements.

DB query tracing support

A new trace option has been added for debugging database queries in LXD.
Starting the daemon with --debug --trace database will have all SQL queries logged.

Better cluster life-cycle handling

We’ve recently been expanding our automated testing for our external dqlite/raft/libco projects, fixed a number of issues found by other downstream users and moved some of LXD’s logic into the upstream codebases.

LXD’s clustering tests have also been expanded to test more cases of leadership changes, node restarts and handling of degraded setups.

A common source of issues with any clustered environment is time skew.
You get more than a few seconds and it can wreck havoc on scheduled tasks, events and more. To help with this, LXD now uses its internal heartbeats as a way to detect time skews and will log a warning in its log whenever one is detected or resolved.

Cleaned up database functions

Still on the database front, a lot more of the database logic has been moved over to our code generator, limiting the risk of mistakes when writing that code. A number of functions have been deprecated as a result and some codepaths optimized to run within a single transaction.

Complete changelog

Here is a complete list of all changes in this release:

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

Binary builds are also available for:

• Linux: snap install lxd
• MacOS: brew install lxc
• Windows: choco install lxc

LXD 4.2 is currently in the candidate channel with a release to stable planned for Monday.

After fighting with some Go packaging issues, I’ve packaged and sent LXD 4.2 to all the openSUSE distributions.