Weekly Update Templates (1).png960×540 47.8 KB

Weekly status for the weeks of the 24th to the 30th of June.

Introduction

This last week saw the addition of 2 new features in LXD.

Firstly a new storage driver has been added that provides CEPHFS as an option for container custom storage volumes. This is in addition to the existing CEPH storage driver that LXD has. The difference between CEPH and CEPHFS is that the former uses block level access to the CEPH cluster whereas CEPHFS uses a higher level POSIX filesystem API to CEPH.
For more info see https://lxd.readthedocs.io/en/latest/storage/#cephfs

The second new feature is a preliminary release of the isolated networking feature. This preliminary release provides IP filtering for containers with statically assigned IPs when using the bridged NIC type. This prevents containers from spoofing packets from IPs other then the ones assigned to them statically. It can be controlled by 2 new container configuration keys; security.ipv4_filtering and security.ipv6_filtering respectively.
For more info see https://lxd.readthedocs.io/en/latest/containers/#nictype-bridged

LXD master also transitioned from our old implementation of dqlite (mostly in Go) to dqlite 1.0 which is mostly based on C libraries and re-designed to improve performance and debug-ability of our clustering logic. This will ship in LXD 3.15 and then make it to LXD 3.0.5.

There were also several bug fixes in LXD and LXC.

Upcoming events

• Linux Security Summit - San Diego
  • Dates: August 19-21
  • Attendees: @brauner, @hallyn, @stgraber and @tych0
  • Talks:
    • Making Containers Safer
• Open Source Summit - San Diego
  • Dates: August 21-23
  • Attendees: @brauner, @hallyn, @stgraber and @tych0
  • Talks:
    • Getting started with LXD and system containers (workshop)
    • New container kernel features
• Linux Plumbers Conference - Lisbon
  • Dates: August 21-23
  • Attendees: @brauner and @stgraber
  • Talks:
    • Containers micro-conference
    • Writing a Kernel Driver in Rust
• Kernel Recipes - Paris
  • Dates: September 25-27, 2019
  • Attendees: @brauner
  • Talks:
    • pidfds: Process file descriptors on Linux

Ongoing projects

The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.

• Isolated networking
• Rework of internal LXD storage handling
• Dqlite 1.0
• Various kernel work
• Stable release work for LXC, LXCFS and LXD

Upstream changes

The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.

LXD

• Add CEPHFS support
• Bridged IP Filtering
• main/daemon: Fixes test runner by allowing empty command arg
• Fix volume snapshot renaming
• Ignore missing WAL files when reproducing snapshots
• lxd/storage/cephfs: Cleanups
• lxd/networks: Allow querying state on non-managed
• seccomp: ensure correct owner on __NR_mknod{at}
• Fixes dnsmasq host file cleanup
• Refreshes dnsmasq config on NIC add/remove

LXC

• cgfsng: fix memory leak in lxc_cpumask_to_cpulist
• fix memory leak in do_storage_create
• Move code/variable in smaller scope

LXCFS

• Nothing to report this week

Distrobuilder

• Nothing to report this week

Distribution work

This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.

Ubuntu

• Nothing to report this week

Snap

• Updated edge snap for dqlite 1.0