Weekly status for the week of the 15th of March to the 21st of March.

Introduction

This past week saw the release of Dqlite Raft library 0.10.0, and LXD’s OVN feature saw the removal of the default ACL action concept for ACLs replaced with per-network and per-NIC default actions, as well as a change in the generated rule priorities, which will require existing ACLs to be reapplied to the OVN northbound database.

The LXD team is hiring

Canonical Ltd. is expanding its investment into LXD with a total of 5 additional roles.
The primary focus of this effort is around scalability and clustering as well as developing compelling solutions using LXD for our customers.

All LXD positions are 100% remote with some travel for internal events and conferences.

LXD

The OVN networking ACL feature in LXD saw some significant (and non-backwards compatible changes) this week. Firstly, a change to the generated rule priorities (to workaround an issue caused by OVN adding reject rules with a higher priority than specified causing priority overlaps) means that existing ACLs will need to be reapplied to the OVN northbound database. The easiest way to do this is to modify the description of the ACL, as this will trigger a refresh.

Secondly, the default.action and default.logged settings have been removed from ACLs. These have been replaced with per-network and per-NIC security.acls.default.{in,e}gress.action and security.acls.default.{in,e}gress.logged settings. The NIC settings will override those on the associated network. This was changed to improve the user experience of controlling the default behaviours for unmatched traffic when multiple ACLs have been applied (as ACLs do not have ordering and so reasoning about which ACL’s default behaviours would take effect was not predictable).

An issue that was causing manually created images inside projects to be deleted has been fixed. This was caused by a regression in the way that auto expiring of cached images for projects was handled.

On the storage front, an issue accessing the BTRFS device used on top of LVM when using the SNAP package has been worked around.

LXC

An issue that prevented lxc exec working in LXD when a cgroup was created after a container has been started has been fixed in LXC.

LXCFS

An issue that was causing /proc/cpuinfo and /proc/stat to be truncated to 4096 bytes which was limiting the output for systems that have >4 CPUs has been fixed.

Distrobuilder

Distrobuilder has been updated to support gomod and has had proper logging support added. Additionally an issue that prevented the --cleanup flag from working when there were build errors has been fixed.

Dqlite (RAFT library)

Dqlite 0.10.0 has been released which adds the raft_set_install_snapshot_timeout call to the API.

Dqlite (database)

Support for compiling on MacOS using clang has been added.

Youtube channel

We’ve started a Youtube channel with live streams covering LXD releases and its use in the wider ecosystem.

You may want to give it a watch and/or subscribe for more content in the coming weeks.

Contribute to LXD

Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors

Upcoming events

• Nothing to report this week

Ongoing projects

The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.

• Distrobuilder Windows support
• Virtual networks in LXD
• Various kernel work
• Stable release work for LXC, LXCFS and LXD

Upstream changes

The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.

LXD

• test: Run test_clustering_image_refresh
• doc: Add a Table of content and a small addition to doc/index.md (Readme.md)
• In-cluster progress information
• doc: improve wording of network ACLs
• doc/instances: Adds ipv4.routes and ipv6.routes for OVN NICs
• test/main: Fix clustering test typo
• Device: Fallback to using disk mount device path for major/minor number extraction for BTRFS
• Instance: Ensure instances are stopped if their post start hooks fail
• Network: Optimises detection of active OVN switch ports when updating multiple instance NICs
• tests: Don’t block on /dev/random
• Network: OVN ACL cleanup
• lxd/db/images: Fix incorrect cached attribute handling
• Images: Improve error logging in autoUpdateImages
• Network: Remove default.action and default.logged ACL settings
• Device: Check bridge NIC’s security.ipv6_filtering support before wiping existing rules
• Network: OVN detect scenario where there are multiple DHCP option sets for a specific subnet
• lxd/images: Skip update if image cannot be found

LXC

• cgroups: ignore unused controllers
• macro: define __aligned_u64 to handle kernels without such support
• Switch to Github actions
• github: Fix invalid syntax for coverity
• rexec: don’t close stderr
• string_utils: provide a version of strchrnul() in case it’s not avail…
• include: fix typo
• configure: fix strchrnul conditiona compilation

LXCFS

• Determine the file size from the current system file size
• Switch to Github Actions

Distrobuilder

• Add proper logging
• Support go modules
• Ensure cleanup

Dqlite (RAFT library)

• release: 0.10.0

Dqlite (database)

• Support compile with clang on MacOS

Dqlite (Go bindings)

• Nothing to report this week

Distribution work

This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.

Ubuntu

• Nothing to report this week

Snap

• lxd: Cherry-pick upstream bugfixes
• go: Workaround for gomod issues