Weekly status #170

tomp · October 19, 2020, 10:36am

Weekly status for the week of the 12th of October to the 18th of October.

Introduction

The highlight of the past week was the release of LXD 4.7.
Please see the release notes for more information.

LXD

In addition to the new features mentioned in the 4.7 release announcement above, there were also other improvements and fixes.

When removing an LVM storage pool that was created using lvm.vg.force_reuse=true we no longer try and remove the thin pool (if exists) and volume group, even if both are empty.

OVN networking has gained support for using an externally routed subnet as the main subnet address for the virtual network (in addition to the ability to route external subnets into an OVN network that was added in LXD 4.7). This is achieved by disabling NAT and then setting the network’s ipv4.address and/or ipv6.address to a subnet provided by the uplink’s routes.

E.g.

Create a physical network for use as uplink, and indicate which external subnets are routed into the physical network:

lxc network create my-uplink --type=physical \
    parent=enp4s0f0 \
    ipv4.gateway=192.0.2.1/24 \
    ipv6.gateway=2001:db8:1:1::1/64 \
    ipv4.ovn.ranges=192.0.2.10-192.0.2.19 \
    ipv4.routes=198.51.100.0/24 \
    ipv6.routes=2001:db8:1:2::/64 \
    dns.nameservers=192.0.2.53

Create an ovn network that uses 198.51.100.0/24 and 2001:db8:1:2::/64 for its addresses:

lxc network create my-ovn --type=ovn \
    network=my-uplink \
    ipv4.address=198.51.100.1/24 \
    ipv6.address=2001:db8:1:2::1/64 \
    ipv4.nat=false \
    ipv6.nat=false

Finally, add an ovn NIC to the network:

lxc init images:ubuntu/focal c1
lxc config device add c1 eth0 nic nictype=ovn network=my-ovn
lxc start c1
lxc ls c1
+------+---------+---------------------+----------------------------------------+-----------+-----------+
| NAME |  STATE  |        IPV4         |                  IPV6                  |   TYPE    | SNAPSHOTS |
+------+---------+---------------------+----------------------------------------+-----------+-----------+
| c1   | RUNNING | 198.51.100.2 (eth0) | 2001:db8:1:2:216:3eff:fe9f:18c1 (eth0) | CONTAINER | 0         |
+------+---------+---------------------+----------------------------------------+-----------+-----------+

This will cause the allocated IPs 198.51.100.2 and 2001:db8:1:2:216:3eff:fe9f:18c1 to be advertised to the physical uplink network interface (enp4s0f0) using proxy ARP/NDP.

An issue that prevented DNS AAAA records being created for OVN NICs when specifying a static stateful ipv4.address but leaving the IPv6 address as using EU64 has been fixed. This works around a limitation in OVN that doesn’t allow mixed static and dynamic address families to be used. Instead we specify the OVN NIC’s IPv6 address statically using EUI64 when an IPv4 address is statically defined.

An inconsistency between the docs and the code has been fixed for bridge networking in fan mode. The docs specified that if ipv4.nat was unspecified, that it would default to false, however when using fan mode this would default to true. This has now been fixed to match the docs.

A regression with a recent change to the seccomp mount emulation has been fixed.

LXC

There have been several improvements to the seccomp feature in LXC. Firstly a patch was added to check if syscall is supported on a compatible architecture. There was also several bug fixes around the seccomp default notification sending, and a fix that was preventing building on powerpc.

Youtube channel

We’ve started a Youtube channel with a couple of live streams so far.
You may want to give it a watch and/or subscribe for more content in the coming weeks.

Contribute to LXD

Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors

Upcoming events

Open Source Summit Europe (online) (October 26-29)
- A new mount API by @brauner on the 26th
- Running Your Own VM & Container Cluster at Home by @brauner and @stgraber on the 27th
- Syscall Supervision by @brauner on the 28th
Linux Security Summit Europe (online) (October 29-30)
- State of the User Namespace by @brauner and @stgraber on the 30th

Ongoing projects

The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.

Distrobuilder Windows support
Virtual networks in LXD
Various kernel work
Stable release work for LXC, LXCFS and LXD

Upstream changes

The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.

LXD

LXC

LXCFS

Nothing to report this week

Distrobuilder

Nothing to report this week

Distribution work

This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.

Ubuntu

Nothing to report this week

Snap

qemu: Cherry-pick USB bugfixes
snapcraft: Add support for USB redirection in qemu
lxd: Update to 4.7
nvidia-container: Bump to 1.3.0
zfs: Bump to 0.8.5
lxd: Cherry-pick upstream bugfixes
hooks: Fix removal cleanup logic