Weekly status #197


Weekly status for the week of the 3rd of May to the 9th of May.

Introduction

The highlight of the past week has been the bumper number of releases we’ve had. Please click on each one to see their specific release notes.

There is also a release video for LXD 4.14:

The LXD team is hiring

Canonical Ltd. is expanding its investment into LXD with a total of 5 additional roles.
The primary focus of this effort is around scalability and clustering as well as developing compelling solutions using LXD for our customers.

All LXD positions are 100% remote with some travel for internal events and conferences.

LXD

Included in the 4.14 release and added in the last week was the new cluster join tokens feature.
This allows you to add a new member to a cluster by running lxc cluster add <new member name> from an existing cluster member. This will then display a one-time join token that can be copied and pasted into the relevant question during lxd init on the new joining member.

This feature provides the following benefits:

  • Avoids needing to use a shared cluster trust password.
  • Automatically verifies that the cluster certificate signature is valid (this is encoded inside the token).
  • Avoids the need to specify the cluster address to join (this is encoded inside the token).
  • Ensures that the joining member’s name matches the requested join-token’s name.

Also on the clustering front, we have been focusing on improving the reliability of the LXD heartbeat subsystem. Now that we are depending more on the last heartbeat time recorded by the regular heartbeat rounds (as we have recently fixed various operations to not trigger an on-demand heartbeat round) we need to ensure that these heartbeats are reliably recorded. Several issues have been fixed to ensure that if a member is removed during a heartbeat round that the other heartbeats are not lost, and we now retry saving the heartbeat round data if there are DB locks on earlier attempts.

We have also added the ability to set a free-text description on each cluster member.

Projects have gained support for restricting whether backups and snapshots can occur using the following new settings:

  • restricted.backups (allow/deny)
  • restricted.snapshots (allow/deny)

This is useful as backups and snapshots can be expensive from a load and resource usage perspective, so it may be preferred to prevent restricted users from being able to perform these operations on instances and volumes within a project.

You may remember that recently we switched to using per-cluster-member certificates (included in 4.14) for intra-cluster communication. This change required the introduction of a type field for trusted certificates in the LXD trust store. We are now exposing that field, as well as the specified certificate name, in the output of lxc config trust list so that is is easier to differentiate server certificates from client certificates.

On the VM front, an issue with the recent switch to using QMP’s query-cpus-fast command has been fixed, along with an improvement to now respect the LXD_OVNMF_PATH environment variable when using AppArmor.

There were several minor issues with the new persistent warnings feature around validation and user experience that have been fixed.

LXC

The lxc-monitor log feature has now been removed as it is effectively unused and was causing log files to be needlessly created and endlessly written to.

Some compilations warnings when compiling on Fedora 34 have been fixed. There were also some fixes for Arch as well.

A regression in root pinning on ZFS has also been fixed.

Youtube channel

We’ve started a Youtube channel with live streams covering LXD releases and its use in the wider ecosystem.

You may want to give it a watch and/or subscribe for more content in the coming weeks.

Contribute to LXD

Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors

Upcoming events

  • Nothing to report this week

Ongoing projects

The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.

  • Distrobuilder Windows support
  • Virtual networks in LXD
  • Various kernel work
  • Stable release work for LXC, LXCFS and LXD

Upstream changes

The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.

LXD

LXC

LXCFS

  • Nothing to report this week

Distrobuilder

  • Nothing to report this week

Dqlite (RAFT library)

  • Nothing to report this week

Dqlite (database)

Dqlite (Go bindings)

  • Nothing to report this week

Distribution work

This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.

Ubuntu

  • Nothing to report this week

Snap

  • lxc: Bump to 4.0.9
  • lxd: Bump to 4.14
  • nvidia-container: Bump to 1.4.0
  • spice: Bump to 0.15.0
  • sqlite: Bump to 3.35.5
  • lxd: Cherry-pick upstream bugfixes