LXD-Template.png1920×1080 112 KB

Weekly status for the week of the 5th to the 11th of June 2017.

Introduction

From now on, we’ll be publishing a weekly summary of the work that happened on LXC, LXD and LXCFS. Including links to the relevant Github issues, commits and pull requests.

This is meant as an easy way to keep track of what’s going on upstream and what can be expected in our upcoming releases.

Team sprint

The LXD team spent the week working together in Denver, Colorado.
Most of it was spent writing detailed specifications for new features. Those discussions will result in a number of Github issues to be updated with a more detailed plan of action and then getting scheduled for implementation.

Some of the topics we covered are:

• LXC and LXCFS release cadence (result of which can be seen below).
• Community feedback, collaboration and transparency.
  • Discussed the use of the forum and mailing-lists.
  • Planning on having the forum become the authoritative source for news and announcements with the website importing those posts automatically. Currently we’re doing things the other way around.
  • Publication of a weekly summary (this is the first one).
• Plan for LXC 3.0 (expected February 2018)
  • We’re considering splitting LXC 3.0 into 3 parts (liblxc, templates, tools).
  • Moving python3-lxc and lua-lxc out of tree (like the other bindings).
  • Focus on long term maintenance of the runtime (liblxc).
  • Complete rework of the template system to be more declarative and share more code and behavior between the various distribution templates.
• Plan for LXC 2.1 (expected July/August 2017)
  • Rename a whole lot of configuration keys to make things more consistent. LXC 2.1 will support both the old and new names and issue a warning for the old names. LXC 3.0 will completely drop support for the old configuration keys.
  • We’re considering marking lxc-monitor & lxc-monitord as deprecated, please let us know if you’re using this feature.
  • Drop all tools which were marked as deprecated in the LXC 2.0 release.
• Test infrastructure and defect analysis
  • We worked to root cause and fix a number of recent test regressions in LXD. A couple of bugs got fixed in LXD’s testsuite as a result and an upcoming change to LXC should take care of all remaining known failures.
  • Discussed some area of missing coverage like snap testing (covered below), performance testing and getting the dev team notifed of failures from scheduled tests.
• LXD external authentication (Github issue to be updated soon)
• LXD multi-user and multi-group (Github issue to be updated soon)
  • Talked through the desired user experience.
  • Did an early split of what resources would be tied to user/group and what will remain global (at least initially).
  • Made sure that our current plan will allow the addition of group quotas and group ACLs later on (as was requested by our users).
• Worked together on removing the need for lxc-monitord in the LXC API, introducing a new “wait” command in our internal API. This change is designed to be entirely backward compatible and will reduce the number of processes spawned by LXC, simplify the container spawning process and make things more reliable in general.
• Discussed a plan to have LXC support container-based pty allocation (rather than host-based as it currently does). This will very soon be possible to do safely thanks to a very recent kernel change. This would be completely transparent to LXC users and will avoid a number of issues that our users encounter today.
• Brainstormed on a number of ways to improve the unprivileged container experience, especially making it possible for more filesystems to be mountable in unprivileged containers as well as allowing some currently privileged syscalls. We hope to have a deeper discussion with this at the Linux Plumbers conference in September.

Release schedule

LXD has been mostly sticking to a monthly release schedule for a while now.
This seems to work well given the fast development pace of the project.

LXC and LXCFS don’t have such timed releases and haven’t seen a feature release since the 2.0 LTS, only getting the occasional bugfix and security updates.

We’ll now be changing that by having both LXC and LXCFS do a feature release (non-LTS) every 6 months, which we expect to support for about a year (unlike the LTS releases that we support for 5 years).

Here is our plan moving forward.

Feature releases

• LXD every month, supported until the next one is released (with additional support in some conditions).
• LXC every 6 months, supported for a year.
• LXCFS every 6 months, supported for a year.

LTS releases

• LXD, LXC and LXCFS release a new LTS every 2 years, supported for 5 years.
• Bugfix releases for all of those are released every 2-3 months.
• Security updates are pushed out as soon as a fix is available and distributions have been notified.

Upstream changes

The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release. Some of those may still be in progress as not everything can be done in a week.

LXD

• Published a minimal specification for “proxy” devices.
• Installed a new set of virtual machines in our infrastructure to run automated testing of the LXD snap package on all supported distributions. Once ready, a failure for any of the distribution below will be considered a blocker to package promotion:
• ArchLinux
• Debian (Stretch)
• Fedora (25)
• OpenSUSE (42.2)
• Ubuntu (14.04 LTS, 16.04 LTS, Core 16)
• Published a specification to deal with ID mapping for custom volumes.
• Switched LXD to use the new lxc.network.<n>.* liblxc syntax for network configuration.
• Bugfixes:
• Fixed a ZFS storage migration issue for those upgrading from < 2.9 to LXD 2.14.
• Fixed bad handling of snapshots during container copy when on ZFS.
• Change btrfs quotas to be enabled only when needed.
• Fixed a dir backend issue that could lead to missing symlinks.

LXC:

• Re-organized the configuration handling code and added more tests for it.
• Rewrote a significant part of the ID mapping code, added more tests for it and reduced the number of internally used maps to make one more map entry available to the user.
• Removed the obsolete mount handling code and move to the mount callback system.
• The output of all sub-processes is now recorded and logged.
• Added support for sending file descriptors in batches (optimization work).
• Added support for logging the loaded seccomp policy.
• Added support for OpenSUSE Tumbleweed.
• Updated the LXC manpages (fixed typos, structure, missing options, …).
• Updated lxc-checkconfig to show whether a module is loaded or not.
• Working on removing the need for lxc-monitord in normal container lifecycle.
• Working on exposing the LXC log functions in the API.
• Spec for container based pty allocation.

LXCFS

• Nothing to report this week

Distribution work

This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.

Ubuntu

• Updated Ubuntu docker.io autopkgtest to support LXD 2.14.
• Updated the LXD 2.14 package twice to include recent upstream bugfixes.
• Updated the LXCFS 2.0.8 package in artful to include fixes for recent systemd versions.
• LXD 2.14 will be released to Ubuntu 16.04, 16.10 and 17.04 backport users today.