Weekly status for the week of the 13th April to the 19th of April.
On the LXD front we have added several new features:
Support for using proxy ARP/NDP with custom policy routing tables on the host with
ipvlan (in the default
l3s mode) and
routed NIC types. This is achieved by specifying a host routing table to add the static routes on the instance’s NIC config. By adding the static routes to a custom routing table, this allows the proxy ARP/NDP responses to be generated by the kernel.
e.g. Using a
routed NIC with a custom routing table ID of 100.
lxc config device add c1 eth0 nic nictype=routed parent=eth0 ipv4.address=192.168.1.2 ipv4.host_table=100
Layer 2 mode support has been added to
ipvlan NICs. This allows
ipvlan NICs to specify their own default gateway rather than using the host’s default gateway config. It also allows limited DHCP support at layer 2, as long as the DHCP client supports using DUID client IDs rather than MAC address. This also doesn’t need to use proxy ARP/NDP on the host and allows containers to add additional IPs without notifying the host (this is also possible in
l3s mode, but due to the way proxy ARP/NDP is setup, only containers running on the same host will be able to use the new IPs added).
lxc config device add c1 eth0 nic nictype=ipvlan parent=eth0 mode=l2 ipv4.gateway=192.168.1.1
VMs can now have Ceph RBD block disk devices added to them, this uses the same
disk device configuration parameters as containers do. It uses the RBD support in Qemu, so the RBD support must be built into the version of Qemu being used.
An issue that prevented adding several NICs to a VM has been fixed. A VM can now have up to 8 NICs added to it.
We have removed the loading of the
br_netfilter kernel module when using the
security.ipv6_filtering option as this can cause unexpected traffic filtering on unrelated network connections (as the default behaviour when the
br_netfilter module is loaded is to pass all traffic through the netfilter framework). Instead we just check if the module is loaded and configured as needed and if not generate an error.
Finally, an issue affecting renaming instance backups has been fixed.
LXC and LXCFS
The focus for LXC and LXCFS last week was continuing to fix cgroupv2 related issues.
Some fixes related to Gentoo and OpenWRT source checksum matching were added. As well as a fix for Funtoo image and GPG key URLs.
Contribute to LXD
Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors
The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.
- Virtual machine support
- Distrobuilder virtual machine support
- Various kernel work
- Stable release work for LXC, LXCFS and LXD
The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.
- lxd/devices/disk: Prevent recursive & readonly
- Fix backup renaming
- VM: lxd_ device name prefix cannot be changed
- VM: Allow up to 8 NIC devices
- Documentation improvements
- lxd/instances: Better use userRequested on Update
- NIC Routed: Add custom policy routing table support
- NIC IPVLAN: Add custom policy routing table support
- Provide system information
- NIC IPVLAN: Adds l2 mode support
- test/clustering: increase timing to detect offline node
- shared/util: Never look into the snap
- lxd/resources: serial/uuid may not be accessible
- firewalld & lxd : how to let Firewalld control the LXD’s iptables rules
- VM: Disk ceph
- Update networks.md
- lxd/storage/ceph: Suppport alternate conf syntax
- lxd/init: Try to bind LXD network address when running interactively
- VM: PCIe addressing take two
- NIC Bridged: Dont load br_netfilter
- doc/instances: Fix swapped description
- index.md: add PATH env variable to sudo command example
- shared/simplestreams: Fix VM image preference
- Fix lxc-oci template with loop backingstore
- cgroup: fix wrong use of cgfd_con in cgroup_exit
- cgroups: adhere to boolean return
- travis: add back coverity
- conf: correctly cleanup memory in get_minimal_idmap()
- log: set GNU_SOURCE as it might help coverity along
- travis: coverity gets confused about the %m printf extension in glibc
- cgroups: fix cgroup limit braino
- relax init pid store locking a bit
- travis: enable coverity integration
- memory_utils: make it easier for Coverity
- bindings: use zalloc()
- cgroups: more cgroup2 fun
- cgroups: please Coverity
- cgroups: simplify cgroup_walkup_to_root()
- proc_fuse: improve swap calculation
This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.
- Uploaded LXCFS 4.0.3 to Ubuntu 20.04
- Uploaded LXC 4.0.2 to Ubuntu 20.04
- Uploaded a new LXD migration package to Ubuntu 20.04
- Rolled out
core18version of the LXD snap to
- Updated to LXC 4.0.2
- Updated to LXCFS 4.0.3
- Made log rotating less aggressive
- Hardened the migration logic
- Add Ceph RBD support to bundled QEMU
- Added getfattr/setfattr into the snap