Weekly status for the weeks of the 1st to the 7th of July.
Introduction
This last week saw the addition of support for dynamic IP allocation when using IP filtering in LXD. This means that when using the bridge NIC device type with security.ipv4_filtering or security.ipv6_filtering you now no longer have to specify a static IP for the security filters to be applied. Instead an available IP is picked from the DHCP range (or IPv6 EUI64 address) and used for the filtering and DHCP assignment. This IP is then statically allocated to the container.
The new LXD resources API has been merged too. This complete rework now exposes a lot more information about CPU and CPU topology, exposes NUMA information for memory, adds support for SR-IOV and exposes DRM information for graphics card, adds reporting of network devices (ethernet & infiniband) and reporting of disks/partitions.
Additionally there have been some networking fixes and re-organisations to support the forthcoming LXD devices rework. There were also some bugs fixed related to LVM thinpool usage reporting and ephemeral snapshot restoration.
On the LXC side, networking code has been unified between privileged and unprivileged containers, allowing the LXC_PID environment variable to be exposed to lxc.net.[i].script.up hook scripts in both cases. This allows hook scripts to enter the namespaces of the containers if needed.
On the distrobuilder side, a first pass on adding support for Ubuntu Core was merged, and work continues on improving this so that it works on more build environments.
We are also planning to release LXD 3.15 later this week, and are preparing releases for LXC 3.2 and LXCFS 3.1 in the next couple of weeks.
Upcoming events
- Linux Security Summit - San Diego
- Open Source Summit - San Diego
- Linux Plumbers Conference - Lisbon
-
Kernel Recipes - Paris
- Dates: September 25-27, 2019
- Attendees: @brauner
- Talks:
Ongoing projects
The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.
- Rework of internal LXD device handling
- Rework of internal LXD storage handling
- Ubuntu Core support
- Various kernel work
- Stable release work for LXC, LXCFS and LXD
Upstream changes
The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.
LXD
- IP Filtering with dynamic IPs
- storage/lvm: Adds spaced used reporting for LVM thinpools
- forknet: Cleans up forknet detach error logging and output
- Move units functions to separate package
- container/lxc: Moves on stop device detach into single place
- networks/utils: Remove unused state.State from networkClearLease()
- container/lxc: Moves NIC hotplugging into own functions
- Resources API v2
- Clean up old DHCPv6 leases when IPv6 static IP changed.
- lxd/containers: Fix snapshot restore on ephemeral
- lxd/containers: Fix template handling
- tests: Re-order tests a bit
LXC
- lxccontainer: rework seccomp notify api function
- bugfixes
- start: unify network creation
- network: remove faulty restriction
- cgroups: hande cpuset initialization race
- network: fixes after unifying network creation
- network: simplify lxc_network_move_created_netdev_priv()
- start: call lxc_find_gateway_addresses early
- lxccontainer: properly cleanup on mount injection failure
LXCFS
- Nothing to report this week
Distrobuilder
Distribution work
This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.
Ubuntu
- Nothing to report this week
Snap
- Cherry-picked some cgroup fixes for LXC 3.0.4.