Weekly status for the week of the 30th March to the 5th of April.
Introduction
The highlight of the past week was the release of LXD 4.0 LTS!
Also on the LXD front, the resources API has gained the ability to report on USB and PCI devices. It has also been updated to support reporting on per-thread NUMA domains and multiple CPU sockets with multiple dies (and cores per die).
The instance export feature has also been improved to take consistent backups when using BTRFS or ZFS storage drivers. It does this by taking a temporary snapshot of the active volume and uses that as the source of the backup. In addition to this the old behaviour of allowing inconsistent backups to be taken when exporting a running instance from other storage drivers was reinstated, as this was previously allowed before we reworked the export mechanism to use Go’s tar writer for LXD 4.0.
The lxc network list-leases
command has been updated to work properly with instances with bridged
NIC devices that use the recently added network
property.
The VM agent lxd-agent
has had two issues fixed. Firstly the systemd units used to start up the lxd-agent
have been improved so as not to conflict with cloud-init startup, as this was intermittently causing systemd to skip starting some units. Secondly support for running lxc exec
from a remote node to a VM running on a different node is now supported.
On the LXD storage front, pre-mount filesystem UUID regeneration (required when mounting snapshots that use BTRFS of XFS on block drivers such as LVM and Ceph in order to perform instance backups) has been improved so that both LVM and Ceph use the same approaches. An issue that caused snapshotted BTRFS volumes on block devices to not be mountable if the snapshot was taken when the instance was running has also been fixed by rolling back any outstanding BTRFS transactions before performing the UUID regeneration.
Also related to snapshots, an issue that left orphaned snapshot database entries when taking a snapshot failed (such as when the underlying storage driver rejects the snapshot name used) has been fixed. An issue with the recently introduced snapshot usage feature was fixed that was slowing down lxc list
. And scheduled snapshots have been added as a criteria for the LXD auto activation feature.
A issue that was preventing deletion of nested BTRFS volumes has been fixed too.
LXC has gained the ability to run the lxc-monitord
as a system daemon. In addition to that there has been continued work on improving cgroup configuration compatibility with various compiler and kernel flavours.
Distrobuilder has added the ability to use custom APT repo keys. If the full public key is provided, it just gets imported by apt-key
. If the key ID is provided, gpg retrieves the public key before passing it to apt-key
. In order for the latter to succeed, gpg needs to be installed early.
The same systemd unit fix for lxd-agent
above was added to distrobuilder so that images it builds also have the fix. An issue with /dev/shm missing from the chroot was also fixed. Finally, an issue with the openwrt snapshot release source was fixed.
Contribute to LXD
Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: https://github.com/lxc/lxd/labels/Easy
You can also find a slightly longer, more detailed list here: Contributing to LXD
Ongoing projects
The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.
- Virtual machine support
- Distrobuilder virtual machine support
- Storage database cleanup/rework
- Various kernel work
- Stable release work for LXC, LXCFS and LXD
Upstream changes
The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.
LXD
- Add USB and PCI devices to resources API
- lxd/storage/drivers/ceph: Re-create image snapshot
- NIC Routed: Adds firewall based reverse path filtering for IPv4 and IPv6
- Backup: Only read up to original size of file during export
- NIC Bridged: Disables IPv6 on bridged host side interface
- Fix remote VM exec
- shared/idmap: Skip empty subuid/subgid
- Network: Fix network leases list for instances using “network” option
- VM: lxd-agent systemd dependency conflicts
- Fix local configs in clustered networks
- NIC Bridged: Use of network argument when detecting parent
- Storage: UUID regeneration unification
- Per-thread NUMA domains
- Properly handle sockets with multiple dies (and cores per die)
- Storage: Take snapshot when backing up BTRFS volumes
- Extend checks for
activateifneeded
- Storage: Removes storagePools.RenderSnapshotUsage from RenderFull()
- Storage: Take snapshot when backing up ZFS volumes
- Storage: Improve failed snapshot create revert cleanup
- lxd/storage/btrfs: Workaround permission issue
LXC
- verify cgroup controller name
- cgroups: handle older kernels (e.g. v4.9)
- init: add ExecReload to lxc.service to only reload profiles
- allow running lxc-monitord as a system daemon
- apparmor: generate ro,bind,remount rule list
- fix non-root user cannot write /dev/stdout
- fixes
- systemd: Add Documentation key
- cgroups: fix “uninitialized transient_len” warning
- fixes
- cgroups: fix build warning on GCC 7
- lxccontainer: poll takes millisecond not seconds
- Revert “start: remove unnecessary check for valid cgroup_ops”
- introduce lxc.cgroup.dir.{monitor,container,container.inner}
- api-extensions: add and document cgroup_advanced_isolation
- doc: Add lxc.cgroup.dir.{monitor,container,container.inner} to Japanese man
- Cgroup isolation fixes
LXCFS
- Nothing to report this week
Distrobuilder
- managers/apt: Handle repo keys
- generators/lxd-agent: Fixes ordering issue with lxd-agent
- shared/chroot: Create /dev/shm
- sources/openwrt: Fix snapshot release
- shared/chroot: Fix /dev/shm file mode
Distribution work
This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.
Ubuntu
- LXCFS 4.0.0 in Ubuntu 20.04
- LXC 4.0.0 in Ubuntu 20.04
Snap
- Cherry-picked upstream LXC fixes
- Cherry-picked upstream LXD fixes
- Updated to LXD 4.0.0
- Cherry-picked upstream LXD fixes
- Improved shutdown logging
- Fixed
lxd-migrate
with mis-matched ZFS release