Weekly status for the weeks of the 25th of January to the 31st of January.
Introduction
LXD gained support for two new device types for VMs this past week; GPU SR-IOV and PCI. As well as the usual raft of improvements and fixes.
LXD
Two new device types; GPU SR-IOV and PCI were added to LXD. Both of these devices are only usable with VM type instances. databaseEndpoint
The GPU SR-IOV device type allows passing through part of a GPU card (if the card supports SR-IOV). See https://linuxcontainers.org/lxd/docs/master/instances#gpu-sriov for more information.
The PCI device type allows passing an arbitrary PCI device into a VM using its PCI address. See https://linuxcontainers.org/lxd/docs/master/instances#type-pci for more information.
The recently added bulk state change API for starting/stopping all instances on a host has now been extended to support applying the request to all instances in a cluster.
There were also the following fixes and improvements:
- Added support for newer nvidia drivers that were preventing GPU passthrough into containers.
- Added support for killing a hung VM qemu process when doing
lxc stop <instance> --force. - Fixed some non-retried queries when hitting database contention in a busy LXD test environment.
- Fixed an issue that was causing forkproxy (used with
proxydevice type) to create zombie processes. - Fixed an issue with
forkdns(used with fan bridge) that was returning NXDOMAIN for AAAA queries. Although AAAA records are not supported (as fan bridge doesn’t support IPv6), the NXDOMAIN response for DNS names that did have a valid A record meant thatnslookupin busybox was returning an error exist status (as it queried AAAA records as well). We now return an empty non-error response for AAAA records when an equivalent A record exists. - The LXC driver saw improvements for CgroupV2 device support.
LXC
LXC also saw some cgroupv2 and attach improvements this past week. In addition LXC now ensures that /proc and /sys exist inside containers, and if not creates them. This way container images that don’t create them don’t cause issues with programs that expect them to exist.
LXCFS
An issue that was causing lockups of ps u run inside a LXD container was fixed by ensuring the lock on proc_cpuview was released.
Youtube channel
We’ve started a Youtube channel with a couple of live streams so far.
You may want to give it a watch and/or subscribe for more content in the coming weeks.
Contribute to LXD
Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors
Upcoming events
Ongoing projects
The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.
- Distrobuilder Windows support
- Virtual networks in LXD
- Various kernel work
- Stable release work for LXC, LXCFS and LXD
Upstream changes
The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.
LXD
- Instance: attempt to kill qemu proc in Stop() when qemu monitor is unreachable
- lxd/device: Add support for GPU SR-IOV
- Instance: Don’t assume root disk is called “root” when copying snapshots to a new instance
- DB: Make checkpoint in progress a candidate for IsRetriableError (stable 4.0)
- DB: Make checkpoint in progress a candidate for IsRetriableError
- lxd/instances_put: Properly handle clusters
- forkproxy: prevent zombies
- Instance: Container references change to Instance
- Network: Bridge forkdns return empty AAAA record response when equivalent A record exists
- Network: Allow static IPs to be assigned to NICs when using fan bridge mode
- Transition to Github Actions and fix tests on non-cgo
- Extend
lxc manpage - lxd/device/gpu: Skip nvidia directories
- Add the PCI device type
- cgroup: fix cgroup2 device driver settings
LXC
- tree-wide: fix compilation with-Wstrict-prototypes -Wold-style-defini…
- autotools: update build
- cgroups: fixes and cgroup2 improvements
- mkdir -p /proc /sys on container startup
- conf: proc and sys mountpoint creation fixes
- attach: fixes
- attach: improve attach codepaths
- cgroups: fixes and improvements
- attach: pidfd-based hardening and file-descriptor-only LSM interactions
LXCFS
Distrobuilder
Distribution work
This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.
Ubuntu
- Nothing to report this week
Snap
- scripts: Fixed support for nesting under cgroup2
- lxc: Cherry-picked upstream bugfixes
- lxd: Cherry-picked upstream bugfixes
- lxcfs: Cherry-picked upstream bugfixes
- Updated 4.0 track to LXD 4.0.5