Weekly status for the weeks of the 14th of December to the 3rd of January.
Introduction
Happy new year from the LXD team!
As the LXD team were on annual leave since 21st December, this update covers the week preceding and any changes that occurred during the annual leave.
LXD
We finished the year with several new networking features:
- Added support for port isolation for
bridgedNICs using thesecurity.port_isolation=trueNIC setting. This prevents the NIC from communicating with other NICs on the same network that also have this feature enabled. - Added limited support
proxydevices for VMs. Because VMs are more isolated from the host than containers, proxy devices can only be used in NAT mode with VMs. - OVN networks can now use existing bridge interfaces (both native and OVS) as physical uplink parents.
- VM NICs that use a TAP device on the host (e.g.
bridged,p2pandovn) now have multi-queue support to improve performance. The number of queues setup is based on the number of CPUs in the system, with a minimum of 2 configured. - The
no_proxyenvironment variable now supports CIDR ranges for exclusion from proxy usage.
We also added support for getting, modifying and removing image config properties using the new lxc image [get|set|unset] commands.
Bug fixes and improvements:
- Clustered network and storage pool mutli-stage creation process improvements to ensure that only DB changes are applied when a specific cluster member’s config is modified when network or storage pool is pending.
- Added a unique index to
storage_pools_configandnetworks_configtables to prevent possibility of duplicate config values for the same key being added. - Fixed the
volume.zfs.remove_snapshotsfeature for ZFS storage pools. - Fixed copying snapshot to new instance in different project.
- Improved
routedNIC host-side veth interface cleanup when instance stopped (sometimes it could be left behind and not cleaned up by kernel, which would prevent subsequent start of container). - Fixed deadlock in instance operation lock that was causing LXD hangs when force stopping an instance during an existing stop operation.
- Handle Qemu’s QMP event channel closure cleanly without spinning (the upstream Go package we use to interact with the QMP socket has changed and now closes the channel) which was causing hangs and high load when stopping a VM.
LXC
- Added support for unmounting
proc/sys/netby droppingCAP_NET_ADMINcapability. - Fixed regression in 4.0.5 for mounting block device based rootfs.
- Fixes config parsing issue to avoid accidentally modifying
lxc.cgroup.dir. - Fixed an issue that prevented use of
lxc.autodev=1with containers that don’t have a rootfs.
Youtube channel
We’ve started a Youtube channel with a couple of live streams so far.
You may want to give it a watch and/or subscribe for more content in the coming weeks.
Contribute to LXD
Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors
Upcoming events
- Nothing to report this week
Ongoing projects
The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.
- Distrobuilder Windows support
- Virtual networks in LXD
- Various kernel work
- Stable release work for LXC, LXCFS and LXD
Upstream changes
The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.
LXD
- lxd/device: Add support for bridge port isolation
- #7868:
proxydevice support for VMs (NAT-only) - Network: Clustering state avoid duplicate global config when doing re-create
- Storage: Clustering state avoid duplicate global config when doing re-create
- Fixes to code quality
- VM: Don’t spin when Qemu QMP event channel is closed.
- Instance: Fix deadlock in instance operationlock package
- lxd/network/driver/ovn: Detect IPv6 DHCP options correctly
- lxc/image: Add support for directly getting, setting and unsetting im…
- NIC: Remove host-side veth interface if exists on routed device stop
- Network: Adds support for OVN physical uplink interface to be a bridge
- DB: Corrects comment on GetCreatedNetworks
- Network: Clarify error when changing physical parent interface when in use
- Cluster: Don’t apply node changes when network/pool is in pending state
- Cluster: Don’t allow re-create attempts on errored networks and storage pools
- DB: Adds updateFromV43 patch that adds unique index to storage_pools_config and networks_config table
- doc: features.networks is not enabled by default for projects
- Device: Improves readability of disk device validation
- lxd/instance/qemu: Enable multiqueue on tap NICs
- lxd/instance/qemu: Use a minimum of 2 network queues
- Storage: Fix snapshot remove subsequent
- Instance: Fix copying snapshot to new instance in different project
- doc/image-handling: Fix typo
- shared/proxy: Support CIDR ranges in
no_proxy
LXC
- unmounted proc/sys/net by dropping CAP_NET_ADMIN
- conf: fix block-device based rootfs mounting
- confile: don’t accidently alter lxc.cgroup.dir
- bugfixes
LXCFS
Distrobuilder
- Nothing to report this week
Distribution work
This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.
Ubuntu
- Nothing to report this week
Snap
- Cherry-picked upstream bugfixes