Weekly status for the week of the 16th March to the 22nd of March.
Introduction
The past week saw the release of LXD 3.23, so many of the changes in this week’s report are included in that release. Please see the release notes for more details.
On the LXD storage front several bugs have been fixed. The ceph driver saw two improvements, firstly VM volumes can now be resized, secondly, when shrinking ceph volumes we no longer unmap the block device, which was preventing shrinking from working. An issue preventing removal of nodes from a cluster when using ceph volumes has also been fixed.
A bug preventing the lvm driver from correctly reporting VM volume snapshots has been fixed, and a crash when unpacking some VM images has also been fixed.
The btrfs driver no longer activates BTRFS quota system on the volume if no quota has been specified. A bug has been fixed that allowed circumvention of the BTRFS quota when using snapshots has also been fixed.
A recent database table structure change has caused some users issues with creating snapshots. This was related to the sequence number table used for generating volume IDs. A patch has been added to increase the sequence number to avoid any conflicts with existing snapshots.
We have changed how one can remove a snapshot expiry time in the API. The expiry can now be removed by simply not providing the expires_at field. Previously, one had to explicitly set zero time to disable it.
We have added a feature to allow password-less PKI authentication when communicating between the lxc tool and lxd. This allows certificates generated from the same certificate authority to be trusted using the shared CA certificate rather than needing passwords.
Also in the API, a small change was made to the way the the Etag header value was returned. It is now quoted to increase compatibility with different HTTP clients. We accept both quoted and unquoted values.
On the LXC front we have been focusing on closing outstanding issues, code hardening and fixing bugs ready for the LXC 4.0 release soon.
In addition to that, several busybox template improvements have been added.
On the LXCFS front, a new release to the 4.0 series was released addressing several bugs that were in the 4.0 release, please see the release notes for more details.
Finally, on the distrobuilder front, an issue with OpenSUSE image verification has been fixed due to an upstream change.
Contribute to LXD
Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: https://github.com/lxc/lxd/labels/Easy
You can also find a slightly longer, more detailed list here: Contributing to LXD
Ongoing projects
The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.
- Virtual machine support
- Distrobuilder virtual machine support
- Storage database cleanup/rework
- Various kernel work
- Stable release work for LXC, LXCFS and LXD
Upstream changes
The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.
LXD
- Add custom volume snapshot expiry
- lxd/network/network: tell systemd-resolved we can resolve .lxd
- cgo: fixes
- Storage: Dont activate BTRFS quotas if not used
- Storage: Adds Ceph VM block resize support
- doc/security: Adds network security section
- Unexport some functions in main package
- lxd/storage: Fix crash on VM unpack
- lxd/storage/ceph: Fix ext4 shrinking
- Add scheduled volume snapshots
- lxc/remote: Better handle remotes with no name
- doc: Update requirements
- lxd/init: Don’t offer dir as a remote backend
- db/cluster: Bump the value of sqlite_sequence for storage_volumes
- Fix instance snapshot expiry
- Storage: Fixes LVM VM snapshot list
- lxd/cluster: Ignore CEPH custom volumes on removal
- lxd: Clean up logging for expired volume snapshots
- Handle immutable/append-only files on removal
- Unused code removal
- DB: Tweaks LEFT JOIN to just JOIN in NodeIsEmpty()
- lxd/sys: Don’t fail chmod on unresolvable symlinks
- Tarwriter: Renames to instancetarwriter
- Container: tar writer backup
- os.Pipe and memory stats
- lxd/containers: Add configfs and tracefs
- btrfs quota to simulate total disk size
- Passwordless PKI mode
- lxd/etag: Quote generated etag values
- lxd/apparmor: Apparently the order matters
LXC
- Trigger the mounting of shm file system
- Fix build
- Auto-create /dev/shm and /dev/mqueue
- lxc_user_nic: don’t depend on MAP_FIXED
- tools: fix -g and -u parameters for lxc-execute and lxc-attach and fix pidfd detection logic
- tree-wide: introduce and use syscall number header
- lxc-unshare: add syscall_wrappers.h to build requirements
- Makefile: fix typo
- network: fixes
- conf: flatten logic in mount_entry()
- tree-wide: logging fixes and hardening
- network: fix ovs removal
- network: use cleanup macros
- network: fixes
- start: move reading seccomp profile after pre-start hook
- log: add missing backslash
- log: fixes
- mainloop, ringbuf: cleanup
- log: fix cmd logging
- network: fixes
- overlay: rewrite
LXCFS
- cgroup_fuse: fix cgroupfs virtualization needed on non-cgns systems
- fixes
- cgroups: remove unused function
- utils: shut up compiler
- proc_loadvg: fixes
- tree-wide: add and use must_make_path_relative()
- tree-wide: fixes
- cgroup_fuse: actually make asz check mean something
- tests: Silence build output
- tree-wide: add and use syscall_numbers.h
Distrobuilder
Distribution work
This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.
Ubuntu
- lxd-agent-loader has been included in the Ubuntu 20.04 archive
Snap
- lxd: Cherry-picked some bugfixes
- lxcfs: Cherry-picked some bugfixes
- lxcfs: Updated to 4.0.1
- lxd: Updated to 3.23
- lxcfs: Cherry-picked more bugfixes