Weekly status #196

Weekly status for the week of the 26th of April to the 2nd of May.


This past week saw the release of Dqlite 1.7.0 and associated Dqlite Raft 0.10.1 release. Both of these are bug fix releases to improve the stability and performance of Dqlite.

LXD also gained a new persistent warnings feature.

The LXD team is hiring

Canonical Ltd. is expanding its investment into LXD with a total of 5 additional roles.
The primary focus of this effort is around scalability and clustering as well as developing compelling solutions using LXD for our customers.

All LXD positions are 100% remote with some travel for internal events and conferences.


Over the last week LXD gained a new persistent warnings API and associated lxc warning command set. The purpose of this feature is to allow LXD to record and expose structured warnings that it has detected.

These warnings will remain viewable with lxc warning ls and lxc warning show until they are acknowledged using lxc warning acknowledge, deleted using lxc warning delete or resolve themselves. Acknowledged warnings will not reappear in the list while they remain in the database. A deleted warning may reappear if the scenario that caused the original warning reoccurs. If a warning resolves itself it is automatically removed from the database after 24 hours. We will be adding more persistent warnings to this subsystem in the future.

We have also been working on improving cluster security. LXD uses mutual TLS to authenticate API requests from remote clients (including other LXD cluster members). Previously when LXD cluster members needed to communicate with each other they would use the same certificate that is used as the API service certificate (the so called “cluster certificate”) as their client certificate. Effectively this made all the LXD cluster members appear as the same client when performing intra-cluster operations. This doesn’t become an issue until a cluster member is removed from the cluster. At this point it remained possible for the member that left the cluster to continue to access the other cluster members using the cluster certificate and key it has. This was an undesirable scenario, and so we have modified LXD to have each cluster member use a unique certificate for intra-cluster communications (a so called "server certificate). Then each cluster member has its certificate added to the LXD global trust store when joining the cluster, and it is removed when a member is removed from the cluster. At this point the removed member can no longer access the other members as its certificate is no longer trusted.

We have also increased the minimum supported kernel version for nftables firewall from 5.0 to 5.2. This is in order to support NAT rules using the shared inet table type (for IPv4 and IPv6). LXD will fallback to using xtables for older kernel versions.

Dqlite (Go bindings)

As well as the releases for Dqlite and Dqlite (RAFT library), the Dqlite Go bindings has also had a .dump command added to the cli.

Youtube channel

We’ve started a Youtube channel with live streams covering LXD releases and its use in the wider ecosystem.

You may want to give it a watch and/or subscribe for more content in the coming weeks.

Contribute to LXD

Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors

Upcoming events

  • Nothing to report this week

Ongoing projects

The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.

  • Distrobuilder Windows support
  • Virtual networks in LXD
  • Various kernel work
  • Stable release work for LXC, LXCFS and LXD

Upstream changes

The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.




  • Nothing to report this week


Dqlite (RAFT library)

Dqlite (database)

Dqlite (Go bindings)

Distribution work

This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.


  • Nothing to report this week


  • lxd: Cherry-pick upstream bugfixes
  • lxc: Bump to 4.0.8
  • lxcfs: Bump to 4.0.8