Weekly status for the week of the 7th of June to the 13th of June.
Introduction
This past week has mostly been a bug fix and improvement week, however Dqlite 1.8.0 also got a release with new snapshot control functionality.
The LXD latest/stable and 4.0/stable snaps are also going to be moving to the core20 base snap package this week which means the i386 variant will no longer receive updates. Please see
Moving our IRC presence to Libera Chat
Our IRC (live chat) channels have moved from Freenode over to Libera Chat.
You can now find us in #lxc and #lxc-dev on irc.libera.chat.
A web chat client can be found here: Kiwi IRC
The LXD team is hiring
The LXD team at Canonical is currently looking for a Go software engineer to join our distributed team of engineers. We’re looking for candidates anywhere in Europe or the Americas!
All LXD positions are 100% remote with some travel for internal events and conferences.
LXD
With the advent of cluster join tokens (which are more secure than using a single shared trust password to join members to a cluster), now when setting up a new LXD cluster using lxd init the question that asks “Setup password authentication on the cluster?” has had its default value changed from “yes” to “no”, so that we encourage users to use join tokens going forward.
The persistent warning feature has had several new warning scenarios added to it:
- Bridge network warning if AppArmor disabled on dnsmasq.
- Bridge network warning if IPv6 subnet prefix larger than /64.
- MAAS unable to connect warning.
- Network start up failure warning.
- Proxy device warning if netfilter is disabled.
There have been three instance import/export related bugs fixed in the past week:
- An issue that was preventing non-optimized VM exports from being started after they were restored (due to incorrectly exporting the “config.mount” directory used as a temporary mount for the config drive share) has been fixed.
- An issue that was causing problems starting VMs if there was a pending root drive resize scheduled after importing the VM has been fixed. This was caused when importing an optimized ZFS backup export because it was leaving an orphaned mount counter after the operation, which subsequently prevented the root disk from being resized on start.
- An issue that was preventing non-optimized LVM (and Ceph) container imports in cases where the instance’s root disk had a size specified and the underlying
resize2fstool used to resize the ext4 filesystem came to the conclusion in its pre-resize estimates that the volume would not have sufficient size to be shrunk to the requested size. It turns out that these checks can sometimes (not always) be wrong, and passing the-fargument toresize2fscan allow the import to succeed. This doesn’t work in all cases (where there is truly not enough room to shrink to the desired size), but as this still causes theresize2fscommand to fail and we will delete the volume on failure anyway, it is safe to pass the-fflag when importing backups without the risk of leaving the volume’s filesystem corrupted.
Still on the storage front, we have made the instance revert-on-failure logic be more careful when cleaning up the storage volume(s) it creates. Previously if you had manually removed the instance’s DB records and then tried to create a new instance which failed due to a conflicting storage volume then the instance revert clean up code would also remove the conflicting storage volume. This was undesirable as it could end up causing the unexpected removal of a storage volume on disk. We now only delete the underlying storage volume on failure if we succeeded in creating it in the first place (and thus know its LXD’s volume) during the instance create operation.
There has also been a fix to better detect the new idmapped mount support in liblxc. Some versions of liblxc come with support for idmapped rootfs but do not support idmapped mount entries. LXD will now only support those LXC versions that have full support.
To aid packagers of LXD there is a new build Makefile target that just performs the build and doesn’t attempt to pull any dependencies. It is then up to the packager to fulfil the dependencies however they see fit before running the build.
LXC
LXC will now actually report an error when failing to wire AppArmor.
An issue that was causing incorrect return values from lxc-autostart due to a miscalculated failed count has been fixed.
An API extension has been added so that LXD can detect full idmapped mount support.
Distrobuilder
We have added beta and rc support for AlmaLinux.
Work has continued on improving the systemd generator to fix networking issues in some images and to work towards ensuring that all our relevant images have a clean systemd start up process with no failed units.
Dqlite (database)
Dqlite 1.8.0 has been released with support for controlling node snapshot functionality. See the release notes for more details.
Youtube channel
We’ve started a Youtube channel with live streams covering LXD releases and its use in the wider ecosystem.
You may want to give it a watch and/or subscribe for more content in the coming weeks.
https://www.youtube.com/lxd-live
Contribute to LXD
Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors
Upcoming events
- Nothing to report this week
Ongoing projects
The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.
- Distrobuilder Windows support
- Virtual networks in LXD
- Various kernel work
- Stable release work for LXC, LXCFS and LXD
Upstream changes
The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.
LXD
- Add unable to connect to MAAS warning
- Storage: Disable filesystem resize safety checks when importing containers
- Add AppArmor disabled on network warning
- Makefile: Add “build” target
- Instance: Move MAAS handling functions to common
- Storage: Avoid deleting existing storage volume on conflict during create
- Revert "lxd/main_init_interactive: replace empty validator for choosi…
- lxd: check for new idmapped mounts extension in LXC
- Storage: Push instance import post hook resize into storage drivers
- Instance: Exclude VM config.mount directory from backup exports
- Add warning for networks with IPv6 prefix larger than /64
- Storage: Remove vol.allowUnsafeResize var in place of per-function bool arguments instead
- Network: Fix ipRange function due to net.ParseIP changes
- lxd/init: Update for token based join
- Pass original requestor around during forwards
- Storage: Fix bug with ZFS VM optimized import not returning filesystem volume post hook
- Cluster: Remove unnecessary argument from updateCertificateCacheFromLocal
- lxd/device/proxy: Warn if netfilter is disabled
- warnings: Network startup failure
LXC
- lsm/apparmor: actually report an error when we fail to wire AppArmor …
- tools/lxc_autostart: fix failed count
- api_extensions: introduce idmapped_mounts_v2 api extension
LXCFS
- Nothing to report this week
Distrobuilder
- AlmaLinux: clean up downloader code and add beta/rc images support
- main: Fix typo in systemd generator
- systemd: Mask more units
- main: Add fix for systemd-udev-trigger.service
- main: Add fix for systemd-sysctl
- sources/opensuse: Fix path to non-x86_64 tarballs
- sources/opensuse: Fix URL to tarballs
- main: Replace Sanity Checks with Quick Checks
- sources: Rework downloader
Dqlite (RAFT library)
Dqlite (database)
Dqlite (Go bindings)
- Nothing to report this week
Distribution work
This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.
Ubuntu
- Nothing to report this week
Snap
- lxd: Cherry-picked upstream bugfixes
- Switched the snap over to core20