Weekly status for the week of the 3rd of May to the 9th of May.
Introduction
The highlight of the past week has been the bumper number of releases we’ve had. Please click on each one to see their specific release notes.
There is also a release video for LXD 4.14:
https://www.youtube.com/watch?v=heKQ2B-O5K8
The LXD team is hiring
Canonical Ltd. is expanding its investment into LXD with a total of 5 additional roles.
The primary focus of this effort is around scalability and clustering as well as developing compelling solutions using LXD for our customers.
All LXD positions are 100% remote with some travel for internal events and conferences.
LXD
Included in the 4.14 release and added in the last week was the new cluster join tokens feature.
This allows you to add a new member to a cluster by running lxc cluster add <new member name>
from an existing cluster member. This will then display a one-time join token that can be copied and pasted into the relevant question during lxd init
on the new joining member.
This feature provides the following benefits:
- Avoids needing to use a shared cluster trust password.
- Automatically verifies that the cluster certificate signature is valid (this is encoded inside the token).
- Avoids the need to specify the cluster address to join (this is encoded inside the token).
- Ensures that the joining member’s name matches the requested join-token’s name.
Also on the clustering front, we have been focusing on improving the reliability of the LXD heartbeat subsystem. Now that we are depending more on the last heartbeat time recorded by the regular heartbeat rounds (as we have recently fixed various operations to not trigger an on-demand heartbeat round) we need to ensure that these heartbeats are reliably recorded. Several issues have been fixed to ensure that if a member is removed during a heartbeat round that the other heartbeats are not lost, and we now retry saving the heartbeat round data if there are DB locks on earlier attempts.
We have also added the ability to set a free-text description on each cluster member.
Projects have gained support for restricting whether backups and snapshots can occur using the following new settings:
restricted.backups
(allow/deny)restricted.snapshots
(allow/deny)
This is useful as backups and snapshots can be expensive from a load and resource usage perspective, so it may be preferred to prevent restricted users from being able to perform these operations on instances and volumes within a project.
You may remember that recently we switched to using per-cluster-member certificates (included in 4.14) for intra-cluster communication. This change required the introduction of a type
field for trusted certificates in the LXD trust store. We are now exposing that field, as well as the specified certificate name, in the output of lxc config trust list
so that is is easier to differentiate server certificates from client certificates.
On the VM front, an issue with the recent switch to using QMP’s query-cpus-fast
command has been fixed, along with an improvement to now respect the LXD_OVNMF_PATH environment variable when using AppArmor.
There were several minor issues with the new persistent warnings feature around validation and user experience that have been fixed.
LXC
The lxc-monitor
log feature has now been removed as it is effectively unused and was causing log files to be needlessly created and endlessly written to.
Some compilations warnings when compiling on Fedora 34 have been fixed. There were also some fixes for Arch as well.
A regression in root pinning on ZFS has also been fixed.
Youtube channel
We’ve started a Youtube channel with live streams covering LXD releases and its use in the wider ecosystem.
You may want to give it a watch and/or subscribe for more content in the coming weeks.
https://www.youtube.com/lxd-live
Contribute to LXD
Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors
Upcoming events
- Nothing to report this week
Ongoing projects
The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.
- Distrobuilder Windows support
- Virtual networks in LXD
- Various kernel work
- Stable release work for LXC, LXCFS and LXD
Upstream changes
The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.
LXD
- Cluster: Add join token
- Operations: Ensure remote operations retrieval uses project
- Restricted snapshots and backups
- More swagger endpoints
- Fix warning CLI issues
- More swagger coverage
- lxd/instance/qmp: Switch to query-cpus-fast
- lxd/apparmor: Respect LXD_OVMF_PATH
- More swagger coverage (and snapshot struct fix)
- Add cluster member description
- Small CLI improvements
- Cluster: Fix issues with heartbeats now that we are relying on them more for accurate timings
- lxd/devices: Allow user.XYZ
- Cluster: Clear config.Cluster.ClusterPassword after setting up trust during interactive init
- Update
lxc config trust list
- doc/rest-api: Fix description of PATCH warning
- [Doc] Fix remove duplicated sentences in doc/network-acls.md
LXC
- conf: fix console chmod error log messages
- lxc_monitord: remove monitord log
- github: Run apt-get update in sanitizer test
- string_utils: get around GCC-11 false positives
- github: remove the dh-* packages
- lxc.arch fixes
- conf: handle kernels with CAP_SETFCAP
- doc: document new idmap= option for lxc.rootfs.options
- Skip rootfs pinning for ZFS roots.
- confile: re-add aarch64 architecture
LXCFS
- Nothing to report this week
Distrobuilder
- Nothing to report this week
Dqlite (RAFT library)
- Nothing to report this week
Dqlite (database)
Dqlite (Go bindings)
- Nothing to report this week
Distribution work
This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.
Ubuntu
- Nothing to report this week
Snap
- lxc: Bump to 4.0.9
- lxd: Bump to 4.14
- nvidia-container: Bump to 1.4.0
- spice: Bump to 0.15.0
- sqlite: Bump to 3.35.5
- lxd: Cherry-pick upstream bugfixes