Weekly status for the week of the 5th of October to the 11th of October.
Introduction
LXD
This past week there have been lots of improvements across many areas of LXD.
Networking has seen the bulk of the activity with several improvements to the OVN networking feature.
We now support connecting an OVN network to an external physical network (albeit still with all traffic from the OVN network being NATted to a single IP on the external network). In order to accommodate this a new managed network type of physical has been added, which allows an admin to designate an existing network interface for use as an OVN uplink network. The physical interface selected must not be configured with IPs or used by any service on the host as it will be connected to an OVS uplink bridge when used by OVN. When defining a physical network for use with OVN networks you need to specify the external gateway IP (and subnet size), as well as the range of IPs that LXD can use on the external network for the OVN gateway(s), and an optional list of nameservers that the OVN network should use with DHCP and IPv6 RA.
E.g.
lxc network create my-uplink --type=physical parent=enp3s0 ipv4.gateway=192.168.0.1/24 ipv4.ovn.ranges=192.168.0.50-192.168.0.59 dns.nameservers=192.168.0.1,192.168.0.2
lxc network create my-ovn --type=ovn network=my-uplink
OVN networks now also support changing their uplink network setting, allowing an existing network that is using a bridge network uplink to be switched to a physical network uplink.
An issue that prevented using the LXD nftables firewall driver when using composite types with nftables sets has been fixed so that we now ignore sets when looking at whether nftables is in use or not.
In order to support super jumbo Ethernet frames, we have increased then maximum supported MTU size from 9202 to 16384 bytes.
Forkproxy has seen several fixes to its AppAmor profile this week, to allow writing to its log path and to allow it to be used in Ubuntu Core systems.
An issue that caused dnsmasq to occasionally not restart successfully (and thus break DHCP, IPv6 RA and DNS) when changing settings on a managed bridge has been identified as a race between the OS cleaning up the sockets when the dnsmasq process ends and it starting up again and trying to listen on the same sockets. This was fixed by adding a 100ms sleep before trying to start dnsmasq again.
VMs have had two fixes, firstly a regression that prevented root disk resizing has been fixed, and the Qemu AppArmor profile has been improved to dereference symlinks for device paths. A bad event name in the life-cycle events has been changed from instance-shutdown to virtual-machine-shutdown.
We have also started to lay the groundwork for adding support for USB device pass-through for VMs.
On the storage front, we now detect when an instance that has local backups is being migrated and prevent it so that the backups are not left behind. We have also improved the error message given when a storage pool is being created with a name of an existing storage pool.
Also affecting instance migrations, when an image was present in the database but not cached locally on the target node, this could cause migration failures. We now check the target node for local image cache and if not present, skip the optimisation used to reduce the size of the instance transfer.
Finally on the storage front, an issue that crashed LXD when creating a container in very specific
circumstances has been fixed.
The events API been modified to handle project permissions and be restricted to admins only.
Finally an issue that prevents building LXD when certain C headers are missing or are too old has been fixed by bundling them in the LXD source.
Contribute to LXD
Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors
Upcoming events
- Nothing to report this week
Ongoing projects
The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.
- Distrobuilder Windows support
- Virtual networks in LXD
- Various kernel work
- Stable release work for LXC, LXCFS and LXD
Upstream changes
The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.
LXD
- nftables: Updates nft parser to handle nft sets with composite
typefield - validate: Increases IsNetworkMTU max MTU to 16384 to support super jumbo packets
- lxd: fix failing builds when C headers are missing or too old
- AppArmor tweaks for forkproxy
- lxc: Better handle copy/move between projects
- lxd: Prevent internal cluster migration of instances with backups
- Use Parse when parsing versions from external tools
- Network: OVN restructure to accommodate different uplink network types
- network: Adds support for multiple upstream DNS servers in OVN networks
- network: Adds physical network type and adds OVN support for using it as an uplink
- lxd/apparmor/forkproxy: Socket path fixes
- lxd/images: Fix crash when no “info” struct
- Network: Handle uplink network changes in OVN networks
- Storage: Gives clear error message when trying to create duplicate storage pool in single node
- Restrict events API
- Improve graceful shutdown
- lxd/instance/drivers: Add USB controller to VMs
- lxd/apparmor: Fix devPaths in QEMU profile
- Retry harder upon transient database errors
- More graceful shutdown fixes
- lxd/include: Relocate ifndef for NEWCGROUP
- doc: Remove stray _ escapes in security.md
- lxc-to-lxd: Handle snap better
- lxd/events: Handle default permissiosn in projects
- dnsmasq: Adds 100ms sleep to successful Kill() to allow sockets to be released by OS
- VM: Fixes disk resize regression
- lxd/instance/qemu: Fix bad event name
- lxd/storage: Check base image is available locally
LXC
- Nothing to report this week
LXCFS
- Nothing to report this week
Distrobuilder
Distribution work
This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.
Ubuntu
- Nothing to report this week
Snap
- Added
lzmasymlink to the snap - Cherry-picked upstream LXD bugfixes
- Reworked stop logic to work with graceful shutdown
- Updated
lxd.lxc-to-lxdto be more compatible with various systems - Started building qemu with
libusbsupport