Weekly status for the week of the 22nd of February to the 28th of February.
Introduction
This past week was primarily a bug fix and improvement week, however LXD did get two new project related features available in the CLI.
LXD
This past week LXD gained support for setting images.auto_update_cached
and images.auto_update_interval
config keys on a per-project basis.
Following on from last week’s feature to support assigning one or more projects to a trusted client certificate, with the effect of restricting that client certificate to the equivalent of the operator
role on those projects, and denying access to any other projects, we have now added support for using those options with lxc config trust add
command using the --restricted
and --projects
flags.
We have also continued converting our API documentation to automated builds using swagger.
The following bugs were fixed:
- Allow copy of instance within a non-default project.
- Allow using a published VM image that is >10GB in size with BTRFS (previously we were truncating BTRFS optimized image VM volumes to default volume size after image unpack with the effect of corrupting the newly created instance root drive).
LXC
We have continued our work on cgroup hardening using file description only container attaching.
Also an issue with the way that network interfaces were moved from the host into the container, before being renamed, meant that in certain scenarios (where one network interface was renamed to the name of another interface that was being moved in such that they conflicted) the container would refuse to start.
This has been fixed by renaming all network interfaces to a random name as they are moved into the container, and then renamed to the desired name after that.
Distrobuilder
An issue that was preventing Oracle and CentOS image builds (introduced by https://github.com/lxc/distrobuilder/commit/c429f89ec113ad226ae2294e5a8a0938a45caf49) has been fixed. In addition the Oracle images now have /bin symlinked to /usr/bin if missing.
Finally the source for Void Linux checksums has been updated.
Dqlite (RAFT library)
A memory leak when ignoring snapshot install has been fixed. Snapshot installation is now retried.
Youtube channel
We’ve started a Youtube channel with live streams covering LXD releases and its use in the wider ecosystem.
You may want to give it a watch and/or subscribe for more content in the coming weeks.
Contribute to LXD
Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors
Upcoming events
- Nothing to report this week
Ongoing projects
The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.
- Distrobuilder Windows support
- Virtual networks in LXD
- Various kernel work
- Stable release work for LXC, LXCFS and LXD
Upstream changes
The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.
LXD
- Images auto update
- doc/rest-api: Updates backup endpoint docs
- lxd/cluster: Don’t warn about pending nodes
- lxd/instances: Fix instance copy within project
- netutils: improve file descriptor retrieval and increase robustness
- Extend swagger coverage
- doc/projects: Projects aren’t restricted by default
- Storage: Stop truncating BTRFS optimized image VM volumes to default volume size after image unpack
- lxd: improve unix fd retrieval infrastructure
- Add restricting options to
lxc config trust add
- lxd/db: Don’t fail preparing statements for activateifneeded
- unixfd: vet all parameters
- lxd/internal: Don’t access undefined fields
LXC
- cgroups: rework cgroup initialization
- cgroups: introduce fd-only cgroup attach via LXC_CMD_GET_CGROUP_CTX
- attach: improve attaching of new clients to old servers
- Fix issues reported by Coverity
- build fix & cgroup braino
- commands: rework and add LXC_CMD_GET_CGROUP_FD and LXC_CMD_GET_LIMIT_CGROUP_FD
- commands: array hardening
- commands: improvements and fixes
- tree-wide: some more logging fixes
- network: fix networks with switched names
- small fixes
LXCFS
- Nothing to report this week
Distrobuilder
- sources/voidlinux: Fix checksum file names
- Fix bad calls to RunScript
- oracle: Symlink /bin to /usr/bin if missing
Dqlite (RAFT library)
Dqlite (database)
- Nothing to report this week
Dqlite (Go bindings)
- Nothing to report this week
Distribution work
This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.
Ubuntu
- Nothing to report this week
Snap
- lxd: Cherry-pick upstream bugfixes