Weekly status for the week of the 25th May to the 31st of May.
Introduction
LXD
For LXD, this past week has seen several new features added.
Firstly the routed NIC type has gained support for the limits configuration keys that have previously only been available for bridged and p2p NIC types. The following keys can now be set on the NIC:
limits.ingress string - no I/O limit in bit/s for incoming traffic (various suffixes supported, see below)
limits.egress string - no I/O limit in bit/s for outgoing traffic (various suffixes supported, see below)
limits.max string - no Same as modifying both limits.ingress and limits.egress
The lxc network list command now outputs the IPv4 and IPv6 address of each network in the list where available.
For those using LXD with the RBAC service, LXD now supports using RBAC’s notification API to flush the cache when something has changed, meaning that changes are reflected in LXD sooner than using the previous polling approach.
A database query trace tool has been added which can be enabled by starting LXD with --debug --trace database which will then log all queries being executed.
We have also started changing LXD’s internal fork processes to using pidfs where available to remove the change of operating on the incorrect process when the system is under heavy contention. This week has seen the internal forkfile process moved over to using pidfs.
There have also been the usual bug fixes and resilience improvements.
Starting with storage, LXD now supports using VM images that are larger than the default 10GB block volume size (if volume.size is not set). However we will still refuse to unpack a VM image that is larger than the specified volume.size on a pool, as this setting provides protection against unpacking unexpectedly large images and filling your storage pool. Additionally when unpacking a VM image we now use qemu-img dd rather than qemu-img convert to convert the qcow2 image to raw. This is because we have found that using qemu-img convert can cause kernel instabilities when using ZFS or LVM ontop of a loopback file.
On the network side, several improvements to the way that we detect whether to use iptables or nftables for firewalling have been added. First, a bug that caused a hang when starting LXD when using iptables with a large ruleset has been fixed. We have also improved detection for nftables when running on systems that appear to support nftables at first, but when you actually try to create an nftable rule it fails. We now detect this scenario and treat it as nftables not supported.
The subprocess package has also had a go routine leak fixed. And a hang when backing up an instance and specifying an invalid compression method has been fixed as well.
The uevent injection feature has been fixed to work properly with udev for hotplugging devices.
Finally, the resources API has gained additional support for some aarch64 systems.
LXCFS
On the LXCFS front, a memory leak has been fixed which was primarily affecting users who have set lxcfs.loadavg=true.
Contribute to LXD
Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors
Upcoming events
- Open Source Summit - North America
Ongoing projects
The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.
- Virtual machine support
- Distrobuilder Windows support
- Various kernel work
- Stable release work for LXC, LXCFS and LXD
Upstream changes
The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.
LXD
- forkfile: port to using pidfds
- Storage: Support VM image unpack size greater than volume size
- Database logic cleanup (part 3)
- lxd/api: Fail /internal/ready requests made after shutdown has started
- lxc/config: Add -e shorthand
- Add limits to routed & tweak network list
- lxd/storage/lvm: Correct bad VG name in patch
- tests: Don’t assume bridge MTU can be forced up
- shared/subprocess: Better handle slow systems
- forknet: add “–” to not misinterpret negative integers as flags
- Storage: Removes unused name arg from VolumeFillDefault
- Storage: Updates VolumeValidateConfig to accept a volume type argument
- Storage: ensure volume block file
- Storage: Replaces per-driver volumeSize() with unified Volume.ConfigSize()
- forknet: add missing “–” to forknet invocation on detach
- process_utils: remove a bunch of unused functions
- Fix
forknet info - forkmount: prevent interpreting negative numbers as flags
- i386/old kernel fixes
- shared/subprocess: Fix Stop handling
- Database logic cleanup part 4
- forkuevent: fix slice allocation
- unix-hotplug: fix uevent injection
- Firewall: Updates iptablesInUse to kill process once first rule found
- lxd/backup: Fixes hang in backupCreate when invalid compression argument supplied
- lxd: New command line option to trace SQL statements
- VM: Removes duplicated qemu-img call in ImageUnpack
- VM: Use qemu-img dd mode instead of convert
- Update documentation with backup compression
- Fix resources API on some aarch64 and drive-by fix to images
- lxd/rbac: New notification API
- lxd/firewall/nft: Enhance support detection
LXC
LXCFS
Distrobuilder
- Nothing to report this week
Distribution work
This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.
Ubuntu
- Nothing to report this week
Snap
- Cherry-picked upstream LXD bugfixes
- Cherry-picked upstream LXC bugfixes
- Cherry-picked upstream LXCFS bugfixes