Weekly Update Templates960×540 47.9 KB

Introduction

LXD

This past week LXD has gained better support for BTRFS subvolumes inside containers. Now when copying snapshots (either in the same storage pool or different BTRFS storage pools via migration) subvolumes are maintained (including their readonly property if set). This has been achieved with a new migration feature that is required on both source and target node. If the new feature is not available on the destination node, and subvolumes are detected in the source, the migration will be rejected (to avoid losing data on the target). In addition to that, subvolumes are now supported when doing snapshots and optimized backup exports. When restoring an optimized backup that contains subvolumes, if it is restored onto an older version of LXD then the subvolumes will not be restored.

Also on the LXD storage front, LVM has seen some improvements to the way it parses logical volume snapshot names so that an issue with snapshot names conflicting with unrelated instance names (preventing instance deletion) has been fixed. In addition to that the LVM storage driver now only activates logical volumes when needed, meaning that the /dev/<volume group>/ directory is not populated with LV devices of volumes that are not in use (this brings the LVM driver inline with the behaviour of ZFS and Ceph drivers).

The resources API has gained the ability to report on physical memory available on the node rather than just memory available excluding the kernel memory. Only online RAM sticks are considered as ‘available’.

Work to make the VM lxd-agent statically compilable (so that it can be used inside Alpine VMs) has continued with fixes for openpty to avoid needing cgo.

An issue with seccomp policy conflicts between instances of the same name in different projects has been fixed too.

LXC

On the LXC front, an issue affecting macvlan, ipvlan and vlan type NICs where the .name property for the interface inside the container was not specified has been fixed. Previously it default to ethX where X was the ID of the network being configured. However for non-veth NIC types this had regressed to a random string used for the interface on the host side. Containers with the .name property set were not affected.

Also related to NIC configuration, the NIC mode flags have been made order independent, as previously if they were specified before the NIC type flag then the mode was set to the default value for the NIC type (resetting the earlier mode value specified).

An issue that caused a busy loop when rebooting a container started with lxc.log.syslog and lxc.log.level = 2 (or lower) has been fixed.

Work has also been done to use the new clone3 function when available in the kernel, and cgroupv2 improvements continue to be added.

Distrobuilder

Support for specifying uid, gid and mode have been added to the dump generators.

Contribute to LXD

Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors

Upcoming events

• Container Camp
  • Dates: May 22nd
  • Location: online event
  • Attendees: @stgraber
  • Talks:
    • LXD - system containers and VMs made easy (@stgraber)
• Open Source Summit - North America
  • Dates: June 29 - July 2
  • Location: online event
  • Attendees: @brauner @stgraber
  • Talks:
    • Using Linux primitive to build your own containers (@stgraber @brauner)
    • 5 years of providing root shells to strangers on the internet (@stgraber)
    • Making unprivileged containers more usable (@brauner)
    • Container kernel development (@brauner)

Ongoing projects

The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.

• Virtual machine support
• Distrobuilder virtual machine support
• Various kernel work
• Stable release work for LXC, LXCFS and LXD

Upstream changes

The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.

LXD

• Storage: LVM volume activation
• Storage: LVM snapshot parsing improvements
• lxd/firewall/drivers: Fix nft syntax
• lxc/project: Fix remote handling
• lxd/seccomp: Fix profile conflict between projects
• openpty: fix TIOCGPTPEER usage
• Storage: BTRFS subvolume support
• Make network address bind error fatal when clustered
• lxd/device/nic/bridged: Updates github.com/mdlayher/netx/eui64
• fix IPVLAN docs
• Storage: BTRFS backup subvolume support
• Don’t run a connection proxy when connecting with the Go dqlite client
• lxd/resources/memory: Fix memory calculation
• Improve error logging upon daemon shutdown
• lxd/instances/post: Delete restored instance on backup post hook failure
• Fix ‘how to mount home directory’ shiftfs FAQ

LXC

• network: fix key ordering independence
• reboot fixes
• console: only create detached mount when a console is requested
• clone3: add infrastructure and switch container creation to it
• Don’t busy loop on freeze with cgroupv2
• improve LXC_CMD_GET_CGROUP compatibility
• network: restore old behavior

LXCFS

• Nothing to report this week

Distrobuilder

• generators/dump: Allow changing mode, gid and uid
• generators/utils: Fix condition

Distribution work

This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.

Ubuntu

• Nothing to report this week

Snap

• Cherry-picked upstream lxc fixes
• Cherry-picked upstream lxd fixes
• Cherry-picked upstream lxcfs fixes
• Bumped ZFS to 0.8.4
• Worked around a Go plugin restriction
• Pushed LXD 4.1 to stable