Weekly Update Templates (7)960×540 47.6 KB

Introduction

In the past week we have released LXC 4.0.2 and LXCFS 4.0.3. These were bug fix releases in our 4.x LTS release line.

LXD
On the LXD front we have added several new features:

Support for using proxy ARP/NDP with custom policy routing tables on the host with ipvlan (in the default l3s mode) and routed NIC types. This is achieved by specifying a host routing table to add the static routes on the instance’s NIC config. By adding the static routes to a custom routing table, this allows the proxy ARP/NDP responses to be generated by the kernel.

e.g. Using a routed NIC with a custom routing table ID of 100.

lxc config device add c1 eth0 nic nictype=routed parent=eth0 ipv4.address=192.168.1.2 ipv4.host_table=100

Layer 2 mode support has been added to ipvlan NICs. This allows ipvlan NICs to specify their own default gateway rather than using the host’s default gateway config. It also allows limited DHCP support at layer 2, as long as the DHCP client supports using DUID client IDs rather than MAC address. This also doesn’t need to use proxy ARP/NDP on the host and allows containers to add additional IPs without notifying the host (this is also possible in l3s mode, but due to the way proxy ARP/NDP is setup, only containers running on the same host will be able to use the new IPs added).

e.g.

lxc config device add c1 eth0 nic nictype=ipvlan parent=eth0 mode=l2 ipv4.gateway=192.168.1.1

Additional system information has been added to the resources API.

VMs can now have Ceph RBD block disk devices added to them, this uses the same disk device configuration parameters as containers do. It uses the RBD support in Qemu, so the RBD support must be built into the version of Qemu being used.

An issue that prevented adding several NICs to a VM has been fixed. A VM can now have up to 8 NICs added to it.

We have removed the loading of the br_netfilter kernel module when using the bridged NIC security.ipv6_filtering option as this can cause unexpected traffic filtering on unrelated network connections (as the default behaviour when the br_netfilter module is loaded is to pass all traffic through the netfilter framework). Instead we just check if the module is loaded and configured as needed and if not generate an error.

Finally, an issue affecting renaming instance backups has been fixed.

LXC and LXCFS
The focus for LXC and LXCFS last week was continuing to fix cgroupv2 related issues.

Please see the LXC 4.0.2 and LXCFS 4.0.3 release notes for more details.

Distrobuilder
Some fixes related to Gentoo and OpenWRT source checksum matching were added. As well as a fix for Funtoo image and GPG key URLs.

Contribute to LXD

Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors

Ongoing projects

The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.

• Virtual machine support
• Distrobuilder virtual machine support
• Various kernel work
• Stable release work for LXC, LXCFS and LXD

Upstream changes

The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.

LXD

• lxd/devices/disk: Prevent recursive & readonly
• Fix backup renaming
• VM: lxd_ device name prefix cannot be changed
• VM: Allow up to 8 NIC devices
• Documentation improvements
• lxd/instances: Better use userRequested on Update
• NIC Routed: Add custom policy routing table support
• NIC IPVLAN: Add custom policy routing table support
• Provide system information
• NIC IPVLAN: Adds l2 mode support
• test/clustering: increase timing to detect offline node
• shared/util: Never look into the snap
• lxd/resources: serial/uuid may not be accessible
• firewalld & lxd : how to let Firewalld control the LXD’s iptables rules
• VM: Disk ceph
• Update networks.md
• lxd/storage/ceph: Suppport alternate conf syntax
• lxd/init: Try to bind LXD network address when running interactively
• VM: PCIe addressing take two
• NIC Bridged: Dont load br_netfilter
• doc/instances: Fix swapped description
• index.md: add PATH env variable to sudo command example
• shared/simplestreams: Fix VM image preference

LXC

• Fix lxc-oci template with loop backingstore
• cgroup: fix wrong use of cgfd_con in cgroup_exit
• cgroups: adhere to boolean return
• travis: add back coverity
• fixes
• fixes
• conf: correctly cleanup memory in get_minimal_idmap()
• log: set GNU_SOURCE as it might help coverity along
• travis: coverity gets confused about the %m printf extension in glibc
• cgroups: fix cgroup limit braino

LXCFS

• relax init pid store locking a bit
• travis: enable coverity integration
• memory_utils: make it easier for Coverity
• fixes
• bindings: use zalloc()
• cgroups: more cgroup2 fun
• cgroups: please Coverity
• cgroups: simplify cgroup_walkup_to_root()
• proc_fuse: improve swap calculation

Distrobuilder

• sources/funtoo: Fix image and gpg URLs
• Fix checksum matching
• Fix checksum matching

Distribution work

This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.

Ubuntu

• Uploaded LXCFS 4.0.3 to Ubuntu 20.04
• Uploaded LXC 4.0.2 to Ubuntu 20.04
• Uploaded a new LXD migration package to Ubuntu 20.04

Snap

• Rolled out core18 version of the LXD snap to stable
• Updated to LXC 4.0.2
• Updated to LXCFS 4.0.3
• Made log rotating less aggressive
• Hardened the migration logic
• Add Ceph RBD support to bundled QEMU
• Added getfattr/setfattr into the snap