Weekly Update Templates (1)960×540 47.6 KB

Introduction

The highlight of the past week was the release of LXD 4.1 which is the first feature release since our 4.0 LTS series.

As such most of the changes that occurred this week are included in the LXD 4.1 release.

We have been focusing on storage layer improvements and database function consistency cleanups.

On the storage front several edge case issues have been fixed:

• When using custom volumes on a dir or btrfs storage pool, if the permissions on the root directory of the volume were changed inside the container then on container restart these permissions would be reset to the safe defaults. The permissions are now not reset on restart.
• Migrating containers on a btrfs storage pool that contain subvolumes is now supported (this includes copying/moving containers between BTRFS storage pools on the same node). This is the first part of a series of planned improvements to better support BTRFS subvolumes inside containers.
• On ZFS storage pools, we now use our internal TryUnmount function rather than using zfs unmount which retries the unmount several times to try and workaround kernel issues that prevent ZFS volumes from being unmounted immediately after instance stop in some circumstances.
• We now try to detect if the LXD directory is being stored on a mount that has the nodev mount option enabled, and if so we return an error to the user when trying to add unix devices to containers.

The resources API has seen several improvements:

• Added support for ETHTOOL_GLINKSETTINGS to expose additional link speeds and modes.
• Skip NVME multipath entries as we only care about the main mode.

On the LXC front, a new function userns_exec_mapped_root was introduced to allow executing commands in a user namespace without incurring the overhead of using lxc-usernsexec. And additional compiler hardening options were added.

LXCFS saw a fix for parsing the cpuacct.usage_all cgroup options.

Contribute to LXD

Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors

Upcoming events

• Container Camp
  • Dates: May 22nd
  • Location: online event
  • Attendees: @stgraber
  • Talks:
    • LXD - system containers and VMs made easy (@stgraber)
• Open Source Summit - North America
  • Dates: June 29 - July 2
  • Location: online event
  • Attendees: @brauner @stgraber
  • Talks:
    • Using Linux primitive to build your own containers (@stgraber @brauner)
    • 5 years of providing root shells to strangers on the internet (@stgraber)
    • Making unprivileged containers more usable (@brauner)
    • Container kernel development (@brauner)

Ongoing projects

The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.

• Virtual machine support
• Distrobuilder virtual machine support
• Various kernel work
• Stable release work for LXC, LXCFS and LXD

Upstream changes

The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.

LXD

• Consider all nodes when looking for the leader, not only voters
• Cleanup db function names (part 3)
• lxd/daemon: Detect nodev and improve errors
• Rename db function names (part 4)
• Storage: ZFS migration improvement
• Storage: Don’t reset custom volume root permissions on mount for DIR and BTRFS
• Storage: Removes Volume.keepDevice and updates Ceph to support shrink without it
• lxd/resources: Skip NVME multipath entries
• Rename db function names part 5
• Storage: BTRFS subvolume migration support
• lxd/storage/zfs: Use TryUnmount
• Support two-phase creation of a storage pool on single-node cluster
• Storage: Removes readonly option from snapshotSubvolume()
• ethtool: resources/ethtool: implement ETHTOOL_GLINKSETTINGS
• Rename db function names part 6
• client/lxd_images: Fix backward compatibility
• lxd/storage/btrfs: Fix migration from snapshot
• Database logic cleanup (part 1)
• shared: Rewrite OpenPty without cgo
• openpty: fixes + tweaks

LXC

• conf: introduce userns_exec_mapped_root()
• terminal: remove unneeded if condition
• compiler: more hardening
• fixes

LXCFS

• Fix https://github.com/lxc/lxcfs/issues/404

Distrobuilder

• Nothing to report this week

Distribution work

This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.

Ubuntu

• Nothing to report this week

Snap

• Setup the 4.0 branches as independent from latest
• Added /etc/pki for RedHat systems
• Added s390x qemu
• Bumped CRIU to 3.14
• Cherry-picked lxc bugfixes
• Bumped to LXD 4.1